init,install_easy: socks mode

docs/readme.eng.txt

@@ -398,8 +398,12 @@ It needs to be viewed and edited if necessary.
 
 
 Main mode :
-tpws - use tpws
+tpws - tpws transparent mode
-tpws - use nfqws
+tpws-socks - tpws socks mode
+ binds to localhost and LAN interface (if IFACE_LAN is specified or the system is OpenWRT). port 988
+nfqws - nfqws
+nfqws - use nfqws
+
 filter - only fill ipset or load hostlist
 custom - use custom script for running daemons and establishing firewall rules
 

docs/readme.txt

@@ -619,8 +619,10 @@ tpws и nfqws решают нужно ли применять дурение в
 
 
 Основной режим :
-tpws - использовать tpws
+tpws - tpws в режиме transparent
-tpws - использовать nfqws
+tpws-socks - tpws в режиме socks.
+ вешается на localhost и LAN интерфейс (если задан IFACE_LAN или если система - OpenWRT). порт 988
+nfqws - nfqws
 filter - только заполнить ipset или загрузить hostlist
 custom - нужно самому запрограммировать запуск демонов в init скрипте и правила iptables
 

init.d/macos/functions

@@ -9,6 +9,7 @@ HOSTLIST="$ZHOSTLIST.gz"
 
 PIDDIR=/var/run
 TPPORT=988
+TPWS_USER=daemon
 TPWS_WAIT="--bind-wait-ip=60"
 TPWS="$ZAPRET_BASE/tpws/tpws"
 
@@ -85,6 +86,7 @@ filter_apply_hostlist_target()
 	# $1 - var name of tpws or nfqws params
 	[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
 }
+
 tpws_apply_binds()
 {
 	local o
@@ -96,6 +98,20 @@ tpws_apply_binds()
 	}
 	eval $1="\"\$$1 $o\""
 }
+tpws_apply_socks_binds()
+{
+	local o
+
+	[ "$DISABLE_IPV4" = "1" ] || {
+		o="--bind-addr=127.0.0.1"
+		[ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT"
+	}
+	[ "$DISABLE_IPV6" = "1" ] || {
+		o="$o --bind-addr=::1"
+		[ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT"
+	}
+	eval $1="\"\$$1 $o\""
+}
 
 wait_interface_ll()
 {
@@ -374,6 +390,8 @@ zapret_do_firewall()
 				pf_anchors_clear
 			fi
 			;;
+		tpws-socks)
+			;;
 		*)
 			echo "unsupported MODE=$MODE"
 			return 1
@@ -416,6 +434,16 @@ zapret_do_daemons()
 			opt="$opt $TPWS_OPT"
 			do_daemon $1 1 "$TPWS" "$opt"
 			;;
+		tpws-socks)
+			[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
+				echo "both ipv4 and ipv6 are disabled. nothing to do"
+				return 0
+			}
+			opt="--socks --user=$TPWS_USER --port=$TPPORT"
+			tpws_apply_socks_binds opt
+			filter_apply_hostlist_target opt
+			do_daemon $1 1 "$TPWS" "$opt"
+			;;
 		filter)
 			;;
 		custom)

init.d/openwrt/zapret

@@ -34,8 +34,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
 TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT"
 TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
 TPWS_OPT_BASE6="--bind-addr=::1"
+TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
 # first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
-TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3"
+TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
 
 run_daemon()
 {
@@ -64,11 +65,11 @@ run_tpws()
 		network_get_device DEVICE lan
 		[ -n "$DEVICE" ] && OPT="$OPT --bind-iface6=$DEVICE $TPWS_OPT_BASE6_PRE"
 	}
-	run_daemon $1 $TPWS "$OPT $2"
+	run_daemon $1 "$TPWS" "$OPT $2"
 }
 stop_tpws()
 {
-	stop_daemon $1 $TPWS
+	stop_daemon $1 "$TPWS"
 }
 
 
@@ -78,6 +79,23 @@ filter_apply_hostlist_target()
 	[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
 }
 
+tpws_apply_socks_binds()
+{
+	local o
+
+	network_get_device DEVICE lan
+
+	[ "$DISABLE_IPV4" = "1" ] || {
+		o="--bind-addr=127.0.0.1"
+		[ -n "$DEVICE" ] && o="$o --bind-iface4=$DEVICE $TPWS_WAIT"
+	}
+	[ "$DISABLE_IPV6" = "1" ] || {
+		o="$o --bind-addr=::1"
+		[ -n "$DEVICE" ] && o="$o --bind-iface6=$DEVICE $TPWS_WAIT"
+	}
+	eval $1="\"\$$1 $o\""
+}
+
 
 start_service() {
 	local opt
@@ -88,10 +106,16 @@ start_service() {
 			filter_apply_hostlist_target opt
 			run_tpws 1 "$opt"
 			;;
+		tpws-socks)
+			opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
+			tpws_apply_socks_binds opt
+			filter_apply_hostlist_target opt
+			run_daemon 1 "$TPWS" "$opt"
+			;;
 		nfqws)
 			opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
 			filter_apply_hostlist_target opt
-			run_daemon 1 $NFQWS "$opt"
+			run_daemon 1 "$NFQWS" "$opt"
 			;;
 		custom)
 	    		existf zapret_custom_daemons && zapret_custom_daemons $1

init.d/sysv/functions

@@ -24,8 +24,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
 TPWS_OPT_BASE="--user=$WS_USER --port=$TPPORT"
 TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
 TPWS_OPT_BASE6="--bind-addr=::1"
+TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
 # first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
-TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3"
+TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
 
 [ -n "$IFACE_WAN" ] && IPT_OWAN="-o $IFACE_WAN"
 [ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN"
@@ -383,7 +384,7 @@ do_tpws()
 		[ -n "$IFACE_LAN" ] && OPT="$OPT --bind-iface6=$IFACE_LAN $TPWS_OPT_BASE6_PRE"
 	}
 
-	do_daemon $1 $2 $TPWS "$OPT $3"
+	do_daemon $1 $2 "$TPWS" "$OPT $3"
 }
 do_nfqws()
 {
@@ -392,7 +393,7 @@ do_nfqws()
 	# $3 : daemon args
 
 	[ "$1" = "1" ] && prepare_user
-	do_daemon $1 $2 $NFQWS "$NFQWS_OPT_BASE $3"
+	do_daemon $1 $2 "$NFQWS" "$NFQWS_OPT_BASE $3"
 }
 
 
@@ -425,6 +426,20 @@ filter_apply_hostlist_target()
 	# $1 - var name of tpws or nfqws params
 	[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
 }
+tpws_apply_socks_binds()
+{
+	local o
+
+	[ "$DISABLE_IPV4" = "1" ] || {
+		o="--bind-addr=127.0.0.1"
+		[ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT"
+	}
+	[ "$DISABLE_IPV6" = "1" ] || {
+		o="$o --bind-addr=::1"
+		[ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT"
+	}
+	eval $1="\"\$$1 $o\""
+}
 
 
 create_ipset()
@@ -511,6 +526,12 @@ zapret_do_daemons()
 			filter_apply_hostlist_target opt
 			do_tpws $1 1 "$opt"
 			;;
+		tpws-socks)
+			opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
+			tpws_apply_socks_binds opt
+			filter_apply_hostlist_target opt
+			do_daemon $1 1 "$TPWS" "$opt"
+			;;
 		nfqws)
 			opt="$NFQWS_OPT_DESYNC"
 			filter_apply_hostlist_target opt

install_easy.sh

@@ -291,8 +291,8 @@ write_config_var()
 
 select_mode_mode()
 {
-	local MODES="tpws nfqws filter custom"
+	local MODES="tpws tpws-socks nfqws filter custom"
-	[ "$SYSTEM" = "macos" ] && MODES="tpws filter custom"
+	[ "$SYSTEM" = "macos" ] && MODES="tpws tpws-socks filter custom"
 	echo
 	echo select MODE :
 	ask_list MODE "$MODES" tpws && write_config_var MODE
@@ -311,7 +311,7 @@ select_mode_mode()
 }
 select_mode_http()
 {
-	[ "$MODE" != "filter" ] && {
+	[ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && {
 		echo
 		ask_yes_no_var MODE_HTTP "enable http support"
 		write_config_var MODE_HTTP
@@ -329,7 +329,7 @@ select_mode_keepalive()
 }
 select_mode_https()
 {
-	[ "$MODE" != "filter" ] && {
+	[ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && {
 		echo
 		ask_yes_no_var MODE_HTTPS "enable https support"
 		write_config_var MODE_HTTPS
@@ -337,9 +337,11 @@ select_mode_https()
 }
 select_mode_filter()
 {
+	local filter="none ipset hostlist"
+	[ "$MODE" = "tpws-socks" ] && filter="none hostlist"
 	echo
 	echo select filtering :
-	ask_list MODE_FILTER "none ipset hostlist" none && write_config_var MODE_FILTER
+	ask_list MODE_FILTER "$filter" none && write_config_var MODE_FILTER
 }
 select_mode()
 {
@@ -1180,7 +1182,7 @@ service_stop_macos()
 macos_fw_reload_trigger_clear()
 {
 	case "$MODE" in
-		tpws|custom)
+		tpws|tpws-socks|custom)
 			LISTS_RELOAD=
 			write_config_var LISTS_RELOAD
 			;;