init: reuse builtin mode in custom scripts

2024-09-22 09:42:51 +05:00 · 2022-02-23 22:39:49 +03:00 · 2022-02-23 22:39:49 +03:00 · 3a4bf75ce6
commit 3a4bf75ce6
parent 09416dee64
5 changed files with 138 additions and 32 deletions
--- a/common/ipt.sh
+++ b/common/ipt.sh
@ -244,27 +244,10 @@ fw_nfqws_post()
 }


-zapret_do_firewall_ipt()
+zapret_do_firewall_rules_ipt()
 {
-	# $1 - 1 - add, 0 - del
-
-	if [ "$1" = 1 ]; then
-		echo Applying iptables
-	else
-		echo Clearing iptables
-	fi
-
 	local mode="${MODE_OVERRIDE:-$MODE}"

-	[ "$mode" = "tpws-socks" ] && return 0
-
-	local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
-	local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
-	local f4 f6 qn qns qn6 qns6
-
-	# always create ipsets. ip_exclude ipset is required
-	[ "$1" = 1 ] && create_ipset no-update
-
 	case "$mode" in
 		tpws)
 			if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
@ -321,6 +304,30 @@ zapret_do_firewall_ipt()
 	    		existf zapret_custom_firewall && zapret_custom_firewall $1
 			;;
 	esac
+}
+
+zapret_do_firewall_ipt()
+{
+	# $1 - 1 - add, 0 - del
+
+	if [ "$1" = 1 ]; then
+		echo Applying iptables
+	else
+		echo Clearing iptables
+	fi
+
+	local mode="${MODE_OVERRIDE:-$MODE}"
+
+	[ "$mode" = "tpws-socks" ] && return 0
+
+	local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
+	local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
+	local f4 f6 qn qns qn6 qns6
+
+	# always create ipsets. ip_exclude ipset is required
+	[ "$1" = 1 ] && create_ipset no-update
+
+	zapret_do_firewall_rules_ipt "$@"

 	if [ "$1" = 1 ] ; then
 		existf flow_offloading_exempt && flow_offloading_exempt
--- a/common/linux_iphelper.sh
+++ b/common/linux_iphelper.sh
@ -91,7 +91,6 @@ _set_route_localnet()
 {
 	# $1 - 1 = enable, 0 = disable
 	# $2,$3,... - interface names
-
 	[ "$DISABLE_IPV4" = "1" ] || {
 		local enable="$1"
 		shift
--- a/common/nft.sh
+++ b/common/nft.sh
@ -437,22 +437,10 @@ zapret_list_table()
 	return 0
 }

-zapret_apply_firewall_nft()
+zapret_apply_firewall_rules_nft()
 {
-	echo Applying nftables
-
 	local mode="${MODE_OVERRIDE:-$MODE}"

-	[ "$mode" = "tpws-socks" ] && return 0
-
-	local first_packet_only="ct original packets 1-4"
-	local desync="mark and $DESYNC_MARK == 0"
-	local f4 f6 qn qns qn6 qns6
-
-	create_ipset no-update
-	nft_create_firewall
-	nft_fill_ifsets_overload
-
 	case "$mode" in
 		tpws)
 			if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
@ -508,6 +496,25 @@ zapret_apply_firewall_nft()
 	    		existf zapret_custom_firewall_nft && zapret_custom_firewall_nft
 			;;
 	esac
+}
+
+zapret_apply_firewall_nft()
+{
+	echo Applying nftables
+
+	local mode="${MODE_OVERRIDE:-$MODE}"
+
+	[ "$mode" = "tpws-socks" ] && return 0
+
+	local first_packet_only="ct original packets 1-4"
+	local desync="mark and $DESYNC_MARK == 0"
+	local f4 f6 qn qns qn6 qns6
+
+	create_ipset no-update
+	nft_create_firewall
+	nft_fill_ifsets_overload
+
+	zapret_apply_firewall_rules_nft

 	[ "$FLOWOFFLOAD" = 'software' -o "$FLOWOFFLOAD" = 'hardware' ] && nft_apply_flow_offloading

--- a/init.d/openwrt/custom-reuse-builtin-mode
+++ b/init.d/openwrt/custom-reuse-builtin-mode
@ -0,0 +1,46 @@
+# this custom script demonstrates how to reuse built-in modes and add something from yourself
+
+MY_TPPORT=$(($TPPORT + 1))
+MY_TPWS_OPT="--methodeol --hostcase"
+MY_DPORT=81
+
+zapret_custom_daemons()
+{
+	# stop logic is managed by procd
+	local MODE_OVERRIDE=tpws
+	local opt
+
+	start_daemons_procd
+
+	opt="--port=$MY_TPPORT $MY_TPWS_OPT"
+	filter_apply_hostlist_target opt
+	run_tpws 100 "$opt"
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	local MODE_OVERRIDE=tpws
+	local f4 f6
+
+	zapret_do_firewall_rules_ipt $1
+
+	f4="--dport $MY_DPORT"
+	f6=$f4
+	filter_apply_ipset_target f4 f6
+	fw_tpws $1 "$f4" "$f6" $MY_TPPORT
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	local MODE_OVERRIDE=tpws
+	local f4 f6
+
+	zapret_apply_firewall_rules_nft
+
+	f4="tcp dport $MY_DPORT"
+	f6=$f4
+	nft_filter_apply_ipset_target f4 f6
+	nft_fw_tpws "$f4" "$f6" $MY_TPPORT
+}
--- a/init.d/sysv/custom-reuse-builtin-mode
+++ b/init.d/sysv/custom-reuse-builtin-mode
@ -0,0 +1,47 @@
+# this custom script demonstrates how to reuse built-in modes and add something from yourself
+
+MY_TPPORT=$(($TPPORT + 1))
+MY_TPWS_OPT="--methodeol --hostcase"
+MY_DPORT=81
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	local MODE_OVERRIDE=tpws
+	local opt
+
+	zapret_do_daemons $1
+
+	opt="--port=$MY_TPPORT $MY_TPWS_OPT"
+	filter_apply_hostlist_target opt
+	do_tpws $1 100 "$opt"
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	local MODE_OVERRIDE=tpws
+	local f4 f6
+
+	zapret_do_firewall_rules_ipt $1
+
+	f4="--dport $MY_DPORT"
+	f6=$f4
+	filter_apply_ipset_target f4 f6
+	fw_tpws $1 "$f4" "$f6" $MY_TPPORT
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	local MODE_OVERRIDE=tpws
+	local f4 f6
+
+	zapret_apply_firewall_rules_nft
+
+	f4="tcp dport $MY_DPORT"
+	f6=$f4
+	nft_filter_apply_ipset_target f4 f6
+	nft_fw_tpws "$f4" "$f6" $MY_TPPORT
+}