net/shadowsocks-libev/files/shadowsocks-libev.init

   1 #!/bin/sh /etc/rc.common
   2 #
   3 # Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
   4 #
   5 # This is free software, licensed under the GNU General Public License v3.
   6 # See /LICENSE for more information.
   7 #
   8
   9 USE_PROCD=1
  10 START=99
  11
  12 ss_confdir=/var/etc/shadowsocks-libev
  13 ss_bindir=/usr/bin
  14 q='"'
  15
  16 ss_mkjson() {
  17         echo "{" >"$confjson"
  18         if ss_mkjson_ "$@" >>$confjson; then
  19                 sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson"
  20                 echo "}" >>"$confjson"
  21         else
  22                 rm -f "$confjson"
  23                 return 1
  24         fi
  25 }
  26
  27 ss_mkjson_() {
  28         local func
  29
  30         for func in "$@"; do
  31                 if ! "$func"; then
  32                         return 1
  33                 fi
  34         done
  35 }
  36
  37 ss_mkjson_server_conf() {
  38         local cfgserver
  39
  40         config_get cfgserver "$cfg" server
  41         [ -n "$cfgserver" ] || return 1
  42         eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
  43         validate_server_section "$cfgserver" || return 1
  44         [ "$disabled" = 0 ] || return 1
  45         ss_mkjson_server_conf_ "$cfgserver"
  46 }
  47
  48 ss_mkjson_server_conf_() {
  49         [ -n "$server_port" ] || return 1
  50         cat <<-EOF
  51                 ${server:+${q}server${q}: ${q}$server${q},}
  52                 "server_port": $server_port,
  53                 ${method:+${q}method${q}: ${q}$method${q},}
  54                 ${key:+${q}key${q}: ${q}$key${q},}
  55                 ${password:+${q}password${q}: ${q}$password${q},}
  56         EOF
  57 }
  58
  59 ss_mkjson_common_conf() {
  60         [ "$fast_open" = 0 ] && fast_open=false || fast_open=true
  61         [ "$reuse_port" = 0 ] && reuse_port=false || reuse_port=true
  62         cat <<-EOF
  63                 "use_syslog": true,
  64                 "fast_open": $fast_open,
  65                 "reuse_port": $reuse_port,
  66                 ${local_address:+${q}local_address${q}: ${q}$local_address${q},}
  67                 ${local_port:+${q}local_port${q}: $local_port,}
  68                 ${mode:+${q}mode${q}: ${q}$mode${q},}
  69                 ${mtu:+${q}mtu${q}: $mtu,}
  70                 ${timeout:+${q}timeout${q}: $timeout,}
  71                 ${user:+${q}user${q}: ${q}$user${q},}
  72         EOF
  73 }
  74
  75 ss_mkjson_ss_local_conf() {
  76         ss_mkjson_server_conf
  77 }
  78
  79 ss_mkjson_ss_redir_conf() {
  80         ss_mkjson_server_conf
  81 }
  82
  83 ss_mkjson_ss_server_conf() {
  84         ss_mkjson_server_conf_
  85 }
  86
  87 ss_mkjson_ss_tunnel_conf() {
  88         ss_mkjson_server_conf || return 1
  89         [ -n "$tunnel_address" ] || return 1
  90         cat <<-EOF
  91                 ${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},}
  92         EOF
  93 }
  94
  95 ss_xxx() {
  96         local cfg="$1"
  97         local cfgtype="$2"
  98         local bin="$ss_bindir/${cfgtype/_/-}"
  99         local confjson="$ss_confdir/$cfgtype.$cfg.json"
 100
 101         [ -x "$bin" ] || return
 102         eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
 103         "validate_${cfgtype}_section" "$cfg"
 104         [ "$disabled" = 0 ] || return
 105
 106         if ss_mkjson \
 107                         ss_mkjson_common_conf \
 108                         ss_mkjson_${cfgtype}_conf \
 109                         ; then
 110                 procd_open_instance "$cfgtype.$cfg"
 111                 procd_set_param command "$bin" -c "$confjson"
 112                 [ "$verbose" = 0 ] || procd_append_param command -v
 113                 [ -z "$bind_address" ] || procd_append_param command -b "$bind_address"
 114                 [ -z "$manager_address" ] || procd_append_param command --manager-address "$manager_address"
 115                 procd_set_param file "$confjson"
 116                 procd_set_param respawn
 117                 procd_close_instance
 118                 ss_rules_cb "$cfg"
 119         fi
 120 }
 121
 122 ss_rules_cb() {
 123         local cfgserver
 124         local server
 125
 126         [ "$cfgtype" != ss_server ] || return
 127         config_get cfgserver "$cfg" server
 128         config_get server "$cfgserver" server
 129
 130         ss_rules_servers="$ss_rules_servers $server"
 131         if [ "$cfgtype" = ss_redir ]; then
 132                 if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
 133                         eval "ss_rules_redir_tcp_$cfg=$local_port"
 134                 fi
 135                 if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
 136                         eval "ss_rules_redir_udp_$cfg=$local_port"
 137                         eval "ss_rules_redir_server_udp_$cfg=$server"
 138                 fi
 139         fi
 140 }
 141
 142 ss_rules() {
 143         local cfg="ss_rules"
 144         local bin="$ss_bindir/ss-rules"
 145         local cfgtype
 146         local args local_port_tcp local_port_udp server_udp
 147         local i a_args d_args
 148
 149         [ -x "$bin" ] || return 1
 150         config_get cfgtype "$cfg" TYPE
 151         [ "$cfgtype" = ss_rules ] || return 1
 152
 153         eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
 154         validate_ss_rules_section "$cfg"
 155         [ "$disabled" = 0 ] || return 1
 156
 157         eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
 158         eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
 159         eval server_udp="\$ss_rules_redir_server_udp_$redir_udp"
 160         [ -z "$local_port_udp" ] || args="$args -U"
 161         case "$local_default" in
 162                 forward) args="$args -O" ;;
 163                 checkdst) args="$args -o" ;;
 164         esac
 165         case "$src_default" in
 166                 bypass) d_args=RETURN ;;
 167                 forward) d_args=SS_SPEC_WAN_FW ;;
 168                 checkdst) d_args=SS_SPEC_WAN_AC ;;
 169         esac
 170         ss_rules_servers="$(echo "$ss_rules_servers" | tr ' ' '\n' | sort -u)"
 171         for i in $src_ips_bypass; do a_args="b,$i $a_args"; done
 172         for i in $src_ips_forward; do a_args="g,$i $a_args"; done
 173         for i in $src_ips_checkdst; do a_args="n,$i $a_args"; done
 174
 175         "$bin" \
 176                         -s "$ss_rules_servers" \
 177                         -l "$local_port_tcp" \
 178                         -S "$server_udp" \
 179                         -L "$local_port_udp" \
 180                         -B "$dst_ips_bypass_file" \
 181                         -W "$dst_ips_forward_file" \
 182                         -b "$dst_ips_bypass" \
 183                         -w "$dst_ips_forward" \
 184                         -e "$ipt_args" \
 185                         -a "$a_args" \
 186                         -d "$d_args" \
 187                         $args \
 188                 || "$bin" -f
 189 }
 190
 191 start_service() {
 192         local cfgtype="$1"
 193
 194         mkdir -p "$ss_confdir"
 195         config_load shadowsocks-libev
 196         for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
 197                 config_foreach ss_xxx "$cfgtype" "$cfgtype"
 198         done
 199         ss_rules
 200 }
 201
 202 stop_service() {
 203         local bin="$ss_bindir/ss-rules"
 204
 205         [ -x "$bin" ] && "$bin" -f
 206         rm -rf "$ss_confdir"
 207 }
 208
 209 service_triggers() {
 210         procd_add_reload_interface_trigger wan
 211         procd_add_reload_trigger shadowsocks-libev
 212         procd_open_validate
 213         validate_server_section
 214         validate_ss_local_section
 215         validate_ss_redir_section
 216         validate_ss_rules_section
 217         validate_ss_server_section
 218         validate_ss_tunnel_section
 219         procd_close_validate
 220 }
 221
 222 ss_validate_mklocal() {
 223         local tuple opts
 224
 225         shift 2
 226         for tuple in "$@"; do
 227                 opts="${tuple%%:*} $opts"
 228         done
 229         [ -z "$opts" ] || echo "local $opts"
 230 }
 231
 232 ss_validate() {
 233         uci_validate_section shadowsocks-libev "$@"
 234 }
 235
 236 validate_common_server_options_() {
 237         local cfgtype="$1"; shift
 238         local cfg="$1"; shift
 239         local func="$1"; shift
 240         local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
 241         local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm"'
 242
 243         "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
 244                 'disabled:bool:false' \
 245                 'server:host' \
 246                 'server_port:port' \
 247                 'password:string' \
 248                 'key:string' \
 249                 "method:or($stream_methods, $aead_methods)"
 250 }
 251
 252 validate_common_client_options_() {
 253         validate_common_options_ "$@" \
 254                 'server:uci("shadowsocks-libev", "@server")' \
 255                 'local_address:host:0.0.0.0' \
 256                 'local_port:port'
 257 }
 258
 259 validate_common_options_() {
 260         local cfgtype="$1"; shift
 261         local cfg="$1"; shift
 262         local func="$1"; shift
 263
 264         "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
 265                 'disabled:bool:false' \
 266                 'verbose:bool:false' \
 267                 'fast_open:bool:false' \
 268                 'reuse_port:bool:false' \
 269                 'mode:or("tcp_only", "udp_only", "tcp_and_udp")' \
 270                 'mtu:uinteger' \
 271                 'timeout:uinteger' \
 272                 'user:string'
 273 }
 274
 275 validate_server_section() {
 276         validate_common_server_options_ server "$1" "${2}"
 277 }
 278
 279 validate_ss_local_section() {
 280         validate_common_client_options_ ss_local "$1" "${2}"
 281 }
 282
 283 validate_ss_redir_section() {
 284         validate_common_client_options_ ss_redir "$1" "${2}"
 285 }
 286
 287 validate_ss_rules_section() {
 288         "${2:-ss_validate}" ss_rules "$1" \
 289                 'disabled:bool:false' \
 290                 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
 291                 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
 292                 'src_ips_bypass:list(ipaddr)' \
 293                 'src_ips_forward:list(ipaddr)' \
 294                 'src_ips_checkdst:list(ipaddr)' \
 295                 'dst_ips_bypass_file:file' \
 296                 'dst_ips_bypass:list(ipaddr)' \
 297                 'dst_ips_forward_file:file' \
 298                 'dst_ips_forward:list(ipaddr)' \
 299                 'src_default:or("bypass", "forward", "checkdst")' \
 300                 'local_default:or("bypass", "forward", "checkdst")' \
 301                 'ipt_args:string'
 302 }
 303
 304 validate_ss_server_section() {
 305         validate_common_server_options_ ss_server "$1" \
 306                 validate_common_options_ \
 307                 "${2}" \
 308                 'bind_address:ipaddr' \
 309                 'manager_address:host'
 310 }
 311
 312 validate_ss_tunnel_section() {
 313         validate_common_client_options_ ss_tunnel "$1" \
 314                 "${2}" \
 315                 'tunnel_address:regex(".+\:[0-9]+")'
 316 }