#!/bin/sh /etc/rc.common # # Copyright (C) 2017 Yousong Zhou # # This is free software, licensed under the GNU General Public License v3. # See /LICENSE for more information. # USE_PROCD=1 START=99 ss_confdir=/var/etc/shadowsocks-libev ss_bindir=/usr/bin q='"' ss_mkjson() { echo "{" >"$confjson" if ss_mkjson_ "$@" >>$confjson; then sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson" echo "}" >>"$confjson" else rm -f "$confjson" return 1 fi } ss_mkjson_() { local func for func in "$@"; do "$func" || return 1 done } ss_mkjson_server_conf() { local cfgserver config_get cfgserver "$cfg" server [ -n "$cfgserver" ] || return 1 eval "$(validate_server_section "$cfg" ss_validate_mklocal)" validate_server_section "$cfgserver" || return 1 [ "$disabled" = 0 ] || return 1 ss_mkjson_server_conf_ "$cfgserver" } ss_mkjson_server_conf_() { [ -n "$server_port" ] || return 1 password="${password//\"/\\\"}" cat <<-EOF ${server:+${q}server${q}: ${q}$server${q},} "server_port": $server_port, ${method:+${q}method${q}: ${q}$method${q},} ${key:+${q}key${q}: ${q}$key${q},} ${password:+${q}password${q}: ${q}$password${q},} EOF } ss_mkjson_common_conf() { [ "$ipv6_first" = 0 ] && ipv6_first=false || ipv6_first=true [ "$fast_open" = 0 ] && fast_open=false || fast_open=true [ "$reuse_port" = 0 ] && reuse_port=false || reuse_port=true cat <<-EOF "use_syslog": true, "ipv6_first": $ipv6_first, "fast_open": $fast_open, "reuse_port": $reuse_port, ${local_address:+${q}local_address${q}: ${q}$local_address${q},} ${local_port:+${q}local_port${q}: $local_port,} ${mode:+${q}mode${q}: ${q}$mode${q},} ${mtu:+${q}mtu${q}: $mtu,} ${timeout:+${q}timeout${q}: $timeout,} ${user:+${q}user${q}: ${q}$user${q},} EOF } ss_mkjson_ss_local_conf() { ss_mkjson_server_conf } ss_mkjson_ss_redir_conf() { ss_mkjson_server_conf || return 1 [ "$disable_sni" = 0 ] && disable_sni=false || disable_sni=true cat <<-EOF ${q}disable_sni${q}: $disable_sni, EOF } ss_mkjson_ss_server_conf() { ss_mkjson_server_conf_ } ss_mkjson_ss_tunnel_conf() { ss_mkjson_server_conf || return 1 [ -n "$tunnel_address" ] || return 1 cat <<-EOF ${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},} EOF } ss_xxx() { local cfg="$1" local cfgtype="$2" local bin="$ss_bindir/${cfgtype/_/-}" local confjson="$ss_confdir/$cfgtype.$cfg.json" [ -x "$bin" ] || return eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)" "validate_${cfgtype}_section" "$cfg" || return 1 [ "$disabled" = 0 ] || return if ss_mkjson \ ss_mkjson_common_conf \ ss_mkjson_${cfgtype}_conf \ ; then procd_open_instance "$cfgtype.$cfg" procd_set_param command "$bin" -c "$confjson" [ "$verbose" = 0 ] || procd_append_param command -v [ -z "$bind_address" ] || procd_append_param command -b "$bind_address" [ -z "$manager_address" ] || procd_append_param command --manager-address "$manager_address" procd_set_param file "$confjson" procd_set_param respawn procd_close_instance ss_rules_cb "$cfg" fi } ss_rules_cb() { local cfgserver server if [ "$cfgtype" = ss_redir ]; then config_get cfgserver "$cfg" server config_get server "$cfgserver" server ss_redir_servers="$ss_redir_servers $server" if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then eval "ss_rules_redir_tcp_$cfg=$local_port" fi if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then eval "ss_rules_redir_udp_$cfg=$local_port" fi fi } ss_rules() { local cfg="ss_rules" local bin="$ss_bindir/ss-rules" local cfgtype local local_port_tcp local_port_udp local args [ -x "$bin" ] || return 1 config_get cfgtype "$cfg" TYPE [ "$cfgtype" = ss_rules ] || return 1 eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)" validate_ss_rules_section "$cfg" || return 1 [ "$disabled" = 0 ] || return 1 eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp" eval local_port_udp="\$ss_rules_redir_udp_$redir_udp" [ -n "$local_port_tcp" -o -n "$local_port_udp" ] || return 1 ss_redir_servers="$(echo "$ss_redir_servers" | tr ' ' '\n' | sort -u)" [ "$dst_forward_recentrst" = 0 ] || args="$args --dst-forward-recentrst" "$bin" \ -s "$ss_redir_servers" \ -l "$local_port_tcp" \ -L "$local_port_udp" \ --src-default "$src_default" \ --dst-default "$dst_default" \ --local-default "$local_default" \ --dst-bypass-file "$dst_ips_bypass_file" \ --dst-forward-file "$dst_ips_forward_file" \ --dst-bypass "$dst_ips_bypass" \ --dst-forward "$dst_ips_forward" \ --src-bypass "$src_ips_bypass" \ --src-forward "$src_ips_forward" \ --src-checkdst "$src_ips_checkdst" \ --ifnames "$ifnames" \ --ipt-extra "$ipt_args" \ $args \ || "$bin" -f } start_service() { local cfgtype mkdir -p "$ss_confdir" config_load shadowsocks-libev for cfgtype in ss_local ss_redir ss_server ss_tunnel; do config_foreach ss_xxx "$cfgtype" "$cfgtype" done ss_rules } stop_service() { local bin="$ss_bindir/ss-rules" [ -x "$bin" ] && "$bin" -f rm -rf "$ss_confdir" } service_triggers() { procd_add_reload_interface_trigger wan procd_add_reload_trigger shadowsocks-libev procd_open_validate validate_server_section validate_ss_local_section validate_ss_redir_section validate_ss_rules_section validate_ss_server_section validate_ss_tunnel_section procd_close_validate } ss_validate_mklocal() { local tuple opts shift 2 for tuple in "$@"; do opts="${tuple%%:*} $opts" done [ -z "$opts" ] || echo "local $opts" } ss_validate() { uci_validate_section shadowsocks-libev "$@" } validate_common_server_options_() { local cfgtype="$1"; shift local cfg="$1"; shift local func="$1"; shift local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"' local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305"' "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \ 'disabled:bool:0' \ 'server:host' \ 'server_port:port' \ 'password:string' \ 'key:string' \ "method:or($stream_methods, $aead_methods)" } validate_common_client_options_() { validate_common_options_ "$@" \ 'server:uci("shadowsocks-libev", "@server")' \ 'local_address:host:0.0.0.0' \ 'local_port:port' } validate_common_options_() { local cfgtype="$1"; shift local cfg="$1"; shift local func="$1"; shift "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \ 'disabled:bool:0' \ 'fast_open:bool:0' \ 'ipv6_first:bool:0' \ 'reuse_port:bool:0' \ 'verbose:bool:0' \ 'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \ 'mtu:uinteger' \ 'timeout:uinteger' \ 'user:string' } validate_server_section() { validate_common_server_options_ server "$1" "${2}" } validate_ss_local_section() { validate_common_client_options_ ss_local "$1" "${2}" } validate_ss_redir_section() { validate_common_client_options_ ss_redir "$1" \ "${2}" \ 'disable_sni:bool:0' } validate_ss_rules_section() { "${2:-ss_validate}" ss_rules "$1" \ 'disabled:bool:0' \ 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \ 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \ 'src_ips_bypass:or(ip4addr,cidr4)' \ 'src_ips_forward:or(ip4addr,cidr4)' \ 'src_ips_checkdst:or(ip4addr,cidr4)' \ 'dst_ips_bypass_file:file' \ 'dst_ips_bypass:or(ip4addr,cidr4)' \ 'dst_ips_forward_file:file' \ 'dst_ips_forward:or(ip4addr,cidr4)' \ 'src_default:or("bypass", "forward", "checkdst"):checkdst' \ 'dst_default:or("bypass", "forward"):bypass' \ 'local_default:or("bypass", "forward", "checkdst"):bypass' \ 'dst_forward_recentrst:bool:0' \ 'ifnames:maxlength(15)' \ 'ipt_args:string' } validate_ss_server_section() { validate_common_server_options_ ss_server "$1" \ validate_common_options_ \ "${2}" \ 'bind_address:ipaddr' \ 'manager_address:host' } validate_ss_tunnel_section() { validate_common_client_options_ ss_tunnel "$1" \ "${2}" \ 'tunnel_address:regex(".+\:[0-9]+")' }