1 #!/bin/sh /etc/rc.common
3 # Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
5 # This is free software, licensed under the GNU General Public License v3.
6 # See /LICENSE for more information.
12 ss_confdir
=/var
/etc
/shadowsocks-libev
18 if ss_mkjson_
"$@" >>$confjson; then
19 sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson"
20 echo "}" >>"$confjson"
37 ss_mkjson_server_conf
() {
40 config_get cfgserver
"$cfg" server
41 [ -n "$cfgserver" ] ||
return 1
42 eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
43 validate_server_section
"$cfgserver" ||
return 1
44 [ "$disabled" = 0 ] ||
return 1
45 ss_mkjson_server_conf_
"$cfgserver"
48 ss_mkjson_server_conf_
() {
49 [ -n "$server_port" ] ||
return 1
50 password
="${password//\"/\\\"}"
52 ${server:+${q}server${q}: ${q}$server${q},}
53 "server_port": $server_port,
54 ${method:+${q}method${q}: ${q}$method${q},}
55 ${key:+${q}key${q}: ${q}$key${q},}
56 ${password:+${q}password${q}: ${q}$password${q},}
60 ss_mkjson_common_conf
() {
61 [ "$ipv6_first" = 0 ] && ipv6_first
=false || ipv6_first
=true
62 [ "$fast_open" = 0 ] && fast_open
=false || fast_open
=true
63 [ "$reuse_port" = 0 ] && reuse_port
=false || reuse_port
=true
66 "ipv6_first": $ipv6_first,
67 "fast_open": $fast_open,
68 "reuse_port": $reuse_port,
69 ${local_address:+${q}local_address${q}: ${q}$local_address${q},}
70 ${local_port:+${q}local_port${q}: $local_port,}
71 ${mode:+${q}mode${q}: ${q}$mode${q},}
72 ${mtu:+${q}mtu${q}: $mtu,}
73 ${timeout:+${q}timeout${q}: $timeout,}
74 ${user:+${q}user${q}: ${q}$user${q},}
78 ss_mkjson_ss_local_conf
() {
82 ss_mkjson_ss_redir_conf
() {
83 ss_mkjson_server_conf ||
return 1
84 [ "$disable_sni" = 0 ] && disable_sni
=false || disable_sni
=true
86 ${q}disable_sni${q}: $disable_sni,
90 ss_mkjson_ss_server_conf
() {
91 ss_mkjson_server_conf_
94 ss_mkjson_ss_tunnel_conf
() {
95 ss_mkjson_server_conf ||
return 1
96 [ -n "$tunnel_address" ] ||
return 1
98 ${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},}
105 local bin
="$ss_bindir/${cfgtype/_/-}"
106 local confjson
="$ss_confdir/$cfgtype.$cfg.json"
108 [ -x "$bin" ] ||
return
109 eval "$("validate_
${cfgtype}_section
" "$cfg" ss_validate_mklocal)"
110 "validate_${cfgtype}_section" "$cfg" ||
return 1
111 [ "$disabled" = 0 ] ||
return
114 ss_mkjson_common_conf \
115 ss_mkjson_
${cfgtype}_conf \
117 procd_open_instance
"$cfgtype.$cfg"
118 procd_set_param
command "$bin" -c "$confjson"
119 [ "$verbose" = 0 ] || procd_append_param
command -v
120 [ -z "$bind_address" ] || procd_append_param
command -b "$bind_address"
121 [ -z "$manager_address" ] || procd_append_param
command --manager-address "$manager_address"
122 procd_set_param
file "$confjson"
123 procd_set_param respawn
130 local cfgserver server
132 if [ "$cfgtype" = ss_redir
]; then
133 config_get cfgserver
"$cfg" server
134 config_get server
"$cfgserver" server
135 ss_redir_servers
="$ss_redir_servers $server"
136 if [ "$mode" = tcp_only
-o "$mode" = "tcp_and_udp" ]; then
137 eval "ss_rules_redir_tcp_$cfg=$local_port"
139 if [ "$mode" = udp_only
-o "$mode" = "tcp_and_udp" ]; then
140 eval "ss_rules_redir_udp_$cfg=$local_port"
147 local bin
="$ss_bindir/ss-rules"
149 local local_port_tcp local_port_udp
152 [ -x "$bin" ] ||
return 1
153 config_get cfgtype
"$cfg" TYPE
154 [ "$cfgtype" = ss_rules
] ||
return 1
156 eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
157 validate_ss_rules_section
"$cfg" ||
return 1
158 [ "$disabled" = 0 ] ||
return 1
160 eval local_port_tcp
="\$ss_rules_redir_tcp_$redir_tcp"
161 eval local_port_udp
="\$ss_rules_redir_udp_$redir_udp"
162 [ -n "$local_port_tcp" -o -n "$local_port_udp" ] ||
return 1
163 ss_redir_servers
="$(echo "$ss_redir_servers" | tr ' ' '\n' | sort -u)"
164 [ "$dst_forward_recentrst" = 0 ] || args
="$args --dst-forward-recentrst"
167 -s "$ss_redir_servers" \
168 -l "$local_port_tcp" \
169 -L "$local_port_udp" \
170 --src-default "$src_default" \
171 --dst-default "$dst_default" \
172 --local-default "$local_default" \
173 --dst-bypass-file "$dst_ips_bypass_file" \
174 --dst-forward-file "$dst_ips_forward_file" \
175 --dst-bypass "$dst_ips_bypass" \
176 --dst-forward "$dst_ips_forward" \
177 --src-bypass "$src_ips_bypass" \
178 --src-forward "$src_ips_forward" \
179 --src-checkdst "$src_ips_checkdst" \
180 --ifnames "$ifnames" \
181 --ipt-extra "$ipt_args" \
189 mkdir
-p "$ss_confdir"
190 config_load shadowsocks-libev
191 for cfgtype
in ss_local ss_redir ss_server ss_tunnel
; do
192 config_foreach ss_xxx
"$cfgtype" "$cfgtype"
198 local bin
="$ss_bindir/ss-rules"
200 [ -x "$bin" ] && "$bin" -f
205 procd_add_reload_interface_trigger wan
206 procd_add_reload_trigger shadowsocks-libev
208 validate_server_section
209 validate_ss_local_section
210 validate_ss_redir_section
211 validate_ss_rules_section
212 validate_ss_server_section
213 validate_ss_tunnel_section
217 ss_validate_mklocal
() {
221 for tuple
in "$@"; do
222 opts
="${tuple%%:*} $opts"
224 [ -z "$opts" ] ||
echo "local $opts"
228 uci_validate_section shadowsocks-libev
"$@"
231 validate_common_server_options_
() {
232 local cfgtype
="$1"; shift
233 local cfg
="$1"; shift
234 local func
="$1"; shift
235 local stream_methods
='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
236 local aead_methods
='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305"'
238 "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
244 "method:or($stream_methods, $aead_methods)"
247 validate_common_client_options_
() {
248 validate_common_options_
"$@" \
249 'server:uci("shadowsocks-libev", "@server")' \
250 'local_address:host:0.0.0.0' \
254 validate_common_options_
() {
255 local cfgtype
="$1"; shift
256 local cfg
="$1"; shift
257 local func
="$1"; shift
259 "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
262 'ipv6_first:bool:0' \
263 'reuse_port:bool:0' \
265 'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
271 validate_server_section
() {
272 validate_common_server_options_ server
"$1" "${2}"
275 validate_ss_local_section
() {
276 validate_common_client_options_ ss_local
"$1" "${2}"
279 validate_ss_redir_section
() {
280 validate_common_client_options_ ss_redir
"$1" \
285 validate_ss_rules_section
() {
286 "${2:-ss_validate}" ss_rules
"$1" \
288 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
289 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
290 'src_ips_bypass:list(or(ip4addr,cidr4))' \
291 'src_ips_forward:list(or(ip4addr,cidr4))' \
292 'src_ips_checkdst:list(or(ip4addr,cidr4))' \
293 'dst_ips_bypass_file:file' \
294 'dst_ips_bypass:list(or(ip4addr,cidr4))' \
295 'dst_ips_forward_file:file' \
296 'dst_ips_forward:list(or(ip4addr,cidr4))' \
297 'src_default:or("bypass", "forward", "checkdst"):checkdst' \
298 'dst_default:or("bypass", "forward"):bypass' \
299 'local_default:or("bypass", "forward", "checkdst"):bypass' \
300 'dst_forward_recentrst:bool:0' \
301 'ifnames:list(maxlength(15))' \
305 validate_ss_server_section
() {
306 validate_common_server_options_ ss_server
"$1" \
307 validate_common_options_ \
309 'bind_address:ipaddr' \
310 'manager_address:host'
313 validate_ss_tunnel_section
() {
314 validate_common_client_options_ ss_tunnel
"$1" \
316 'tunnel_address:regex(".+\:[0-9]+")'