mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-27 11:50:34 +05:00
init.d: unitfy custom scripts for linux
This commit is contained in:
parent
9bd65e0c1d
commit
ebb22dfa3f
@ -8,7 +8,7 @@ alloc_qnum QNUM_DHT4ALL
|
|||||||
|
|
||||||
zapret_custom_daemons()
|
zapret_custom_daemons()
|
||||||
{
|
{
|
||||||
# stop logic is managed by procd
|
# $1 - 1 - add, 0 - stop
|
||||||
|
|
||||||
local opt="--qnum=$QNUM_DHT4ALL $NFQWS_OPT_DESYNC_DHT"
|
local opt="--qnum=$QNUM_DHT4ALL $NFQWS_OPT_DESYNC_DHT"
|
||||||
do_nfqws $1 $DNUM_DHT4ALL "$opt"
|
do_nfqws $1 $DNUM_DHT4ALL "$opt"
|
@ -8,7 +8,7 @@ alloc_qnum QNUM_WG4ALL
|
|||||||
|
|
||||||
zapret_custom_daemons()
|
zapret_custom_daemons()
|
||||||
{
|
{
|
||||||
# stop logic is managed by procd
|
# $1 - 1 - add, 0 - stop
|
||||||
|
|
||||||
local opt="--qnum=$QNUM_WG4ALL $NFQWS_OPT_DESYNC_WG"
|
local opt="--qnum=$QNUM_WG4ALL $NFQWS_OPT_DESYNC_WG"
|
||||||
do_nfqws $1 $DNUM_WG4ALL "$opt"
|
do_nfqws $1 $DNUM_WG4ALL "$opt"
|
@ -1,38 +0,0 @@
|
|||||||
# this custom script runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
|
|
||||||
|
|
||||||
# can override in config :
|
|
||||||
NFQWS_OPT_DESYNC_DHT="${NFQWS_OPT_DESYNC_DHT:---dpi-desync=tamper}"
|
|
||||||
|
|
||||||
alloc_dnum DNUM_DHT4ALL
|
|
||||||
alloc_qnum QNUM_DHT4ALL
|
|
||||||
|
|
||||||
zapret_custom_daemons()
|
|
||||||
{
|
|
||||||
# stop logic is managed by procd
|
|
||||||
|
|
||||||
local opt="--qnum=$QNUM_DHT4ALL $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
|
|
||||||
run_daemon $DNUM_DHT4ALL $NFQWS "$opt"
|
|
||||||
}
|
|
||||||
zapret_custom_firewall()
|
|
||||||
{
|
|
||||||
# $1 - 1 - run, 0 - stop
|
|
||||||
|
|
||||||
local f uf4 uf6
|
|
||||||
local first_packet_only="$ipt_connbytes 1:1"
|
|
||||||
|
|
||||||
f='-p udp -m length --length 109:407 -m u32 --u32'
|
|
||||||
uf4='0>>22&0x3C@8>>16=0x6431'
|
|
||||||
uf6='48>>16=0x6431'
|
|
||||||
fw_nfqws_post $1 "$f $uf4 $first_packet_only" "$f $uf6 $first_packet_only" $QNUM_DHT4ALL
|
|
||||||
|
|
||||||
}
|
|
||||||
zapret_custom_firewall_nft()
|
|
||||||
{
|
|
||||||
# stop logic is not required
|
|
||||||
|
|
||||||
local f
|
|
||||||
local first_packet_only="$nft_connbytes 1"
|
|
||||||
|
|
||||||
f="meta length 109-407 meta l4proto udp @th,64,16 0x6431"
|
|
||||||
nft_fw_nfqws_post "$f $first_packet_only" "$f $first_packet_only" $QNUM_DHT4ALL
|
|
||||||
}
|
|
File diff suppressed because one or more lines are too long
@ -1,89 +0,0 @@
|
|||||||
# this custom script demonstrates how to launch extra tpws instance limited by ipset
|
|
||||||
|
|
||||||
# can override in config :
|
|
||||||
TPWS_MY1_OPT="${TPWS_MY1_OPT:---oob --split-pos=midsld}"
|
|
||||||
TPWS_MY1_PORTS=${TPWS_MY1_PORTS:-$TPWS_PORTS}
|
|
||||||
TPWS_MY1_SUBNETS4="${TPWS_MY1_SUBNETS4:-142.250.0.0/15 64.233.160.0/19 172.217.0.0/16 173.194.0.0/16 108.177.0.0/17 74.125.0.0/16 209.85.128.0/17 216.58.192.0/19}"
|
|
||||||
TPWS_MY1_SUBNETS6="${TPWS_MY1_SUBNETS6:-2607:F8B0::/32 2a00:1450:4000::/37}"
|
|
||||||
|
|
||||||
TPWS_MY1_IPSET_SIZE=${TPWS_MY1_IPSET_SIZE:-4096}
|
|
||||||
TPWS_MY1_IPSET_OPT="${TPWS_MY1_IPSET_OPT:-hash:net hashsize 8192 maxelem $TPWS_MY1_IPSET_SIZE}"
|
|
||||||
|
|
||||||
alloc_dnum DNUM_TPWS_MY1
|
|
||||||
alloc_tpws_port PORT_TPWS_MY1
|
|
||||||
TPWS_MY1_NAME4=my1tpws4
|
|
||||||
TPWS_MY1_NAME6=my1tpws6
|
|
||||||
|
|
||||||
zapret_custom_daemons()
|
|
||||||
{
|
|
||||||
# stop logic is managed by procd
|
|
||||||
|
|
||||||
local opt="--port=$PORT_TPWS_MY1 $TPWS_MY1_OPT"
|
|
||||||
run_tpws $DNUM_TPWS_MY1 "$opt"
|
|
||||||
}
|
|
||||||
|
|
||||||
zapret_custom_firewall()
|
|
||||||
{
|
|
||||||
# $1 - 1 - run, 0 - stop
|
|
||||||
|
|
||||||
local f4 f6 subnet
|
|
||||||
local PORTS_IPT=$(replace_char - : $TPWS_MY1_PORTS)
|
|
||||||
local dest_set="-m set --match-set $TPWS_MY1_NAME4 dst"
|
|
||||||
|
|
||||||
[ "$1" = 1 -a "$DISABLE_IPV4" != 1 ] && {
|
|
||||||
ipset create $TPWS_MY1_NAME4 $TPWS_MY1_IPSET_OPT family inet 2>/dev/null
|
|
||||||
ipset flush $TPWS_MY1_NAME4
|
|
||||||
for subnet in $TPWS_MY1_SUBNETS4; do
|
|
||||||
echo add $TPWS_MY1_NAME4 $subnet
|
|
||||||
done | ipset -! restore
|
|
||||||
}
|
|
||||||
[ "$1" = 1 -a "$DISABLE_IPV6" != 1 ] && {
|
|
||||||
ipset create $TPWS_MY1_NAME6 $TPWS_MY1_IPSET_OPT family inet6 2>/dev/null
|
|
||||||
ipset flush $TPWS_MY1_NAME6
|
|
||||||
for subnet in $TPWS_MY1_SUBNETS6; do
|
|
||||||
echo add $TPWS_MY1_NAME6 $subnet
|
|
||||||
done | ipset -! restore
|
|
||||||
}
|
|
||||||
|
|
||||||
f4="-p tcp -m multiport --dports $PORTS_IPT -m set --match-set"
|
|
||||||
f6="$f4 $TPWS_MY1_NAME6 dst"
|
|
||||||
f4="$f4 $TPWS_MY1_NAME4 dst"
|
|
||||||
fw_tpws $1 "$f4" "$f6" $PORT_TPWS_MY1
|
|
||||||
|
|
||||||
[ "$1" = 1 ] || {
|
|
||||||
ipset destroy $TPWS_MY1_NAME4 2>/dev/null
|
|
||||||
ipset destroy $TPWS_MY1_NAME6 2>/dev/null
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
zapret_custom_firewall_nft()
|
|
||||||
{
|
|
||||||
local f4 f6 subnet
|
|
||||||
|
|
||||||
[ "$DISABLE_IPV4" != 1 ] && {
|
|
||||||
make_comma_list subnets $TPWS_MY1_SUBNETS4
|
|
||||||
nft_create_set $TPWS_MY1_NAME4 "type ipv4_addr; size $TPWS_MY1_IPSET_SIZE; auto-merge; flags interval;"
|
|
||||||
nft_flush_set $TPWS_MY1_NAME4
|
|
||||||
nft_add_set_element $TPWS_MY1_NAME4 "$subnets"
|
|
||||||
}
|
|
||||||
[ "$DISABLE_IPV6" != 1 ] && {
|
|
||||||
make_comma_list subnets $TPWS_MY1_SUBNETS6
|
|
||||||
nft_create_set $TPWS_MY1_NAME6 "type ipv6_addr; size $TPWS_MY1_IPSET_SIZE; auto-merge; flags interval;"
|
|
||||||
nft_flush_set $TPWS_MY1_NAME6
|
|
||||||
nft_add_set_element $TPWS_MY1_NAME6 "$subnets"
|
|
||||||
}
|
|
||||||
|
|
||||||
f4="tcp dport {$TPWS_MY1_PORTS}"
|
|
||||||
f6="$f4 ip6 daddr @$TPWS_MY1_NAME6"
|
|
||||||
f4="$f4 ip daddr @$TPWS_MY1_NAME4"
|
|
||||||
nft_fw_tpws "$f4" "$f6" $PORT_TPWS_MY1
|
|
||||||
}
|
|
||||||
|
|
||||||
zapret_custom_firewall_nft_flush()
|
|
||||||
{
|
|
||||||
# this function is called after all nft fw rules are deleted
|
|
||||||
# however sets are not deleted. it's desired to clear sets here.
|
|
||||||
|
|
||||||
nft_del_set $TPWS_MY1_NAME4 2>/dev/null
|
|
||||||
nft_del_set $TPWS_MY1_NAME6 2>/dev/null
|
|
||||||
}
|
|
@ -1,30 +0,0 @@
|
|||||||
# this custom script runs desync to all wireguard handshake initiation packets
|
|
||||||
|
|
||||||
# can override in config :
|
|
||||||
NFQWS_OPT_DESYNC_WG="${NFQWS_OPT_DESYNC_WG:---dpi-desync=fake}"
|
|
||||||
|
|
||||||
alloc_dnum DNUM_WG4ALL
|
|
||||||
alloc_qnum QNUM_WG4ALL
|
|
||||||
|
|
||||||
zapret_custom_daemons()
|
|
||||||
{
|
|
||||||
# stop logic is managed by procd
|
|
||||||
|
|
||||||
local opt="--qnum=$QNUM_WG4ALL $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_WG"
|
|
||||||
run_daemon $DNUM_WG4ALL $NFQWS "$opt"
|
|
||||||
}
|
|
||||||
# size = 156 (8 udp header + 148 payload) && payload starts with 0x01000000
|
|
||||||
zapret_custom_firewall()
|
|
||||||
{
|
|
||||||
# $1 - 1 - run, 0 - stop
|
|
||||||
|
|
||||||
local f='-p udp -m u32 --u32'
|
|
||||||
fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=0x9c&&0>>22&0x3C@8=0x01000000" "$f 44>>16=0x9c&&48=0x01000000" $QNUM_WG4ALL
|
|
||||||
}
|
|
||||||
zapret_custom_firewall_nft()
|
|
||||||
{
|
|
||||||
# stop logic is not required
|
|
||||||
|
|
||||||
local f="udp length 156 @th,64,32 0x01000000"
|
|
||||||
nft_fw_nfqws_post "$f" "$f" $QNUM_WG4ALL
|
|
||||||
}
|
|
@ -81,6 +81,10 @@ run_tpws()
|
|||||||
}
|
}
|
||||||
run_daemon $1 "$TPWS" "$OPT $2"
|
run_daemon $1 "$TPWS" "$OPT $2"
|
||||||
}
|
}
|
||||||
|
do_tpws()
|
||||||
|
{
|
||||||
|
[ "$1" = 0 ] || { shift; run_tpws "$@"; }
|
||||||
|
}
|
||||||
run_tpws_socks()
|
run_tpws_socks()
|
||||||
{
|
{
|
||||||
[ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && return 0
|
[ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && return 0
|
||||||
@ -90,13 +94,10 @@ run_tpws_socks()
|
|||||||
tpws_apply_socks_binds opt
|
tpws_apply_socks_binds opt
|
||||||
run_daemon $1 "$TPWS" "$opt $2"
|
run_daemon $1 "$TPWS" "$opt $2"
|
||||||
}
|
}
|
||||||
|
do_tpws_socks()
|
||||||
stop_tpws()
|
|
||||||
{
|
{
|
||||||
stop_daemon $1 "$TPWS"
|
[ "$1" = 0 ] || { shift; run_tpws_socks "$@"; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
tpws_apply_socks_binds()
|
tpws_apply_socks_binds()
|
||||||
{
|
{
|
||||||
local o
|
local o
|
||||||
@ -105,14 +106,25 @@ tpws_apply_socks_binds()
|
|||||||
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-addr=::1"
|
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-addr=::1"
|
||||||
|
|
||||||
for lan in $OPENWRT_LAN; do
|
for lan in $OPENWRT_LAN; do
|
||||||
network_get_device DEVICE $lan
|
network_get_device DEVICE $lan
|
||||||
[ -n "$DEVICE" ] || continue
|
[ -n "$DEVICE" ] || continue
|
||||||
[ "$DISABLE_IPV4" = "1" ] || o="$o --bind-iface4=$DEVICE $TPWS_WAIT"
|
[ "$DISABLE_IPV4" = "1" ] || o="$o --bind-iface4=$DEVICE $TPWS_WAIT"
|
||||||
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-iface6=$DEVICE --bind-linklocal=unwanted $TPWS_WAIT_SOCKS6"
|
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-iface6=$DEVICE --bind-linklocal=unwanted $TPWS_WAIT_SOCKS6"
|
||||||
done
|
done
|
||||||
eval $1="\"\$$1 $o\""
|
eval $1="\"\$$1 $o\""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
run_nfqws()
|
||||||
|
{
|
||||||
|
run_daemon $1 "$NFQWS" "$NFQWS_OPT_BASE $2"
|
||||||
|
}
|
||||||
|
do_nfqws()
|
||||||
|
{
|
||||||
|
[ "$1" = 0 ] || { shift; run_nfqws "$@"; }
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
standard_mode_daemons()
|
standard_mode_daemons()
|
||||||
{
|
{
|
||||||
@ -137,7 +149,7 @@ standard_mode_daemons()
|
|||||||
start_daemons_procd()
|
start_daemons_procd()
|
||||||
{
|
{
|
||||||
standard_mode_daemons
|
standard_mode_daemons
|
||||||
custom_runner zapret_custom_daemons
|
custom_runner zapret_custom_daemons 1
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user