diff --git a/docs/readme.eng.txt b/docs/readme.eng.txt index ef310b0..5c017f1 100644 --- a/docs/readme.eng.txt +++ b/docs/readme.eng.txt @@ -398,8 +398,12 @@ It needs to be viewed and edited if necessary. Main mode : -tpws - use tpws -tpws - use nfqws +tpws - tpws transparent mode +tpws-socks - tpws socks mode + binds to localhost and LAN interface (if IFACE_LAN is specified or the system is OpenWRT). port 988 +nfqws - nfqws +nfqws - use nfqws + filter - only fill ipset or load hostlist custom - use custom script for running daemons and establishing firewall rules diff --git a/docs/readme.txt b/docs/readme.txt index beb16da..d30bb23 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -619,8 +619,10 @@ tpws и nfqws решают нужно ли применять дурение в Основной режим : -tpws - использовать tpws -tpws - использовать nfqws +tpws - tpws в режиме transparent +tpws-socks - tpws в режиме socks. + вешается на localhost и LAN интерфейс (если задан IFACE_LAN или если система - OpenWRT). порт 988 +nfqws - nfqws filter - только заполнить ipset или загрузить hostlist custom - нужно самому запрограммировать запуск демонов в init скрипте и правила iptables diff --git a/init.d/macos/functions b/init.d/macos/functions index a572df2..f5ecca7 100644 --- a/init.d/macos/functions +++ b/init.d/macos/functions @@ -9,6 +9,7 @@ HOSTLIST="$ZHOSTLIST.gz" PIDDIR=/var/run TPPORT=988 +TPWS_USER=daemon TPWS_WAIT="--bind-wait-ip=60" TPWS="$ZAPRET_BASE/tpws/tpws" @@ -85,6 +86,7 @@ filter_apply_hostlist_target() # $1 - var name of tpws or nfqws params [ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\"" } + tpws_apply_binds() { local o @@ -96,6 +98,20 @@ tpws_apply_binds() } eval $1="\"\$$1 $o\"" } +tpws_apply_socks_binds() +{ + local o + + [ "$DISABLE_IPV4" = "1" ] || { + o="--bind-addr=127.0.0.1" + [ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT" + } + [ "$DISABLE_IPV6" = "1" ] || { + o="$o --bind-addr=::1" + [ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT" + } + eval $1="\"\$$1 $o\"" +} wait_interface_ll() { @@ -374,6 +390,8 @@ zapret_do_firewall() pf_anchors_clear fi ;; + tpws-socks) + ;; *) echo "unsupported MODE=$MODE" return 1 @@ -416,6 +434,16 @@ zapret_do_daemons() opt="$opt $TPWS_OPT" do_daemon $1 1 "$TPWS" "$opt" ;; + tpws-socks) + [ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && { + echo "both ipv4 and ipv6 are disabled. nothing to do" + return 0 + } + opt="--socks --user=$TPWS_USER --port=$TPPORT" + tpws_apply_socks_binds opt + filter_apply_hostlist_target opt + do_daemon $1 1 "$TPWS" "$opt" + ;; filter) ;; custom) diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret index 805a776..d469f9b 100755 --- a/init.d/openwrt/zapret +++ b/init.d/openwrt/zapret @@ -34,8 +34,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz" TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT" TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4" TPWS_OPT_BASE6="--bind-addr=::1" +TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30" # first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case -TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3" +TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3" run_daemon() { @@ -64,11 +65,11 @@ run_tpws() network_get_device DEVICE lan [ -n "$DEVICE" ] && OPT="$OPT --bind-iface6=$DEVICE $TPWS_OPT_BASE6_PRE" } - run_daemon $1 $TPWS "$OPT $2" + run_daemon $1 "$TPWS" "$OPT $2" } stop_tpws() { - stop_daemon $1 $TPWS + stop_daemon $1 "$TPWS" } @@ -78,6 +79,23 @@ filter_apply_hostlist_target() [ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\"" } +tpws_apply_socks_binds() +{ + local o + + network_get_device DEVICE lan + + [ "$DISABLE_IPV4" = "1" ] || { + o="--bind-addr=127.0.0.1" + [ -n "$DEVICE" ] && o="$o --bind-iface4=$DEVICE $TPWS_WAIT" + } + [ "$DISABLE_IPV6" = "1" ] || { + o="$o --bind-addr=::1" + [ -n "$DEVICE" ] && o="$o --bind-iface6=$DEVICE $TPWS_WAIT" + } + eval $1="\"\$$1 $o\"" +} + start_service() { local opt @@ -88,10 +106,16 @@ start_service() { filter_apply_hostlist_target opt run_tpws 1 "$opt" ;; + tpws-socks) + opt="$TPWS_OPT_BASE --socks $TPWS_OPT" + tpws_apply_socks_binds opt + filter_apply_hostlist_target opt + run_daemon 1 "$TPWS" "$opt" + ;; nfqws) opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC" filter_apply_hostlist_target opt - run_daemon 1 $NFQWS "$opt" + run_daemon 1 "$NFQWS" "$opt" ;; custom) existf zapret_custom_daemons && zapret_custom_daemons $1 diff --git a/init.d/sysv/functions b/init.d/sysv/functions index 1c5535a..5d9d23a 100644 --- a/init.d/sysv/functions +++ b/init.d/sysv/functions @@ -24,8 +24,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz" TPWS_OPT_BASE="--user=$WS_USER --port=$TPPORT" TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4" TPWS_OPT_BASE6="--bind-addr=::1" +TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30" # first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case -TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3" +TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3" [ -n "$IFACE_WAN" ] && IPT_OWAN="-o $IFACE_WAN" [ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN" @@ -383,7 +384,7 @@ do_tpws() [ -n "$IFACE_LAN" ] && OPT="$OPT --bind-iface6=$IFACE_LAN $TPWS_OPT_BASE6_PRE" } - do_daemon $1 $2 $TPWS "$OPT $3" + do_daemon $1 $2 "$TPWS" "$OPT $3" } do_nfqws() { @@ -392,7 +393,7 @@ do_nfqws() # $3 : daemon args [ "$1" = "1" ] && prepare_user - do_daemon $1 $2 $NFQWS "$NFQWS_OPT_BASE $3" + do_daemon $1 $2 "$NFQWS" "$NFQWS_OPT_BASE $3" } @@ -425,6 +426,20 @@ filter_apply_hostlist_target() # $1 - var name of tpws or nfqws params [ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\"" } +tpws_apply_socks_binds() +{ + local o + + [ "$DISABLE_IPV4" = "1" ] || { + o="--bind-addr=127.0.0.1" + [ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT" + } + [ "$DISABLE_IPV6" = "1" ] || { + o="$o --bind-addr=::1" + [ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT" + } + eval $1="\"\$$1 $o\"" +} create_ipset() @@ -511,6 +526,12 @@ zapret_do_daemons() filter_apply_hostlist_target opt do_tpws $1 1 "$opt" ;; + tpws-socks) + opt="$TPWS_OPT_BASE --socks $TPWS_OPT" + tpws_apply_socks_binds opt + filter_apply_hostlist_target opt + do_daemon $1 1 "$TPWS" "$opt" + ;; nfqws) opt="$NFQWS_OPT_DESYNC" filter_apply_hostlist_target opt diff --git a/install_easy.sh b/install_easy.sh index 389b7e9..9d1dcd3 100755 --- a/install_easy.sh +++ b/install_easy.sh @@ -291,8 +291,8 @@ write_config_var() select_mode_mode() { - local MODES="tpws nfqws filter custom" - [ "$SYSTEM" = "macos" ] && MODES="tpws filter custom" + local MODES="tpws tpws-socks nfqws filter custom" + [ "$SYSTEM" = "macos" ] && MODES="tpws tpws-socks filter custom" echo echo select MODE : ask_list MODE "$MODES" tpws && write_config_var MODE @@ -311,7 +311,7 @@ select_mode_mode() } select_mode_http() { - [ "$MODE" != "filter" ] && { + [ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && { echo ask_yes_no_var MODE_HTTP "enable http support" write_config_var MODE_HTTP @@ -329,7 +329,7 @@ select_mode_keepalive() } select_mode_https() { - [ "$MODE" != "filter" ] && { + [ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && { echo ask_yes_no_var MODE_HTTPS "enable https support" write_config_var MODE_HTTPS @@ -337,9 +337,11 @@ select_mode_https() } select_mode_filter() { + local filter="none ipset hostlist" + [ "$MODE" = "tpws-socks" ] && filter="none hostlist" echo echo select filtering : - ask_list MODE_FILTER "none ipset hostlist" none && write_config_var MODE_FILTER + ask_list MODE_FILTER "$filter" none && write_config_var MODE_FILTER } select_mode() { @@ -1180,7 +1182,7 @@ service_stop_macos() macos_fw_reload_trigger_clear() { case "$MODE" in - tpws|custom) + tpws|tpws-socks|custom) LISTS_RELOAD= write_config_var LISTS_RELOAD ;;