From 2b178173de00067f8bf1e52c76e7d73b3f0a2a01 Mon Sep 17 00:00:00 2001 From: remittor Date: Fri, 15 Nov 2024 21:55:02 +0300 Subject: [PATCH] Add many new scripts for manage service --- .../resources/view/zapret/service.js | 34 ++-- .../resources/view/zapret/tools.js | 2 +- .../share/luci/menu.d/luci-app-zapret.json | 1 + .../usr/share/rpcd/acl.d/luci-app-zapret.json | 2 +- zapret/Makefile | 43 +++-- zapret/comfunc.sh | 124 ++++++++++++++ zapret/def-cfg.sh | 66 ++++++++ zapret/init.d.sh | 71 ++++++++ zapret/renew-cfg.sh | 16 ++ zapret/restore-def-cfg.sh | 11 ++ zapret/sync_config.sh | 36 +---- zapret/uci-def-cfg.sh | 151 ++---------------- 12 files changed, 348 insertions(+), 209 deletions(-) create mode 100755 zapret/comfunc.sh create mode 100755 zapret/def-cfg.sh create mode 100755 zapret/init.d.sh create mode 100755 zapret/renew-cfg.sh create mode 100755 zapret/restore-def-cfg.sh diff --git a/luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js b/luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js index a6bbc66..8bd552e 100644 --- a/luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js +++ b/luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js @@ -43,9 +43,10 @@ return view.extend({ getAppStatus: function() { return Promise.all([ - tools.getInitState(tools.appName), // svc_state - fs.exec(tools.execPath, [ 'info' ]), // svc_info - fs.exec('/bin/ps'), // process list + tools.getInitState(tools.appName), // svc_boot + fs.exec(tools.execPath, [ 'enabled' ]), // svc_en + fs.exec(tools.execPath, [ 'info' ]), // svc_info + fs.exec('/bin/ps'), // process list fs.exec('/bin/opkg', [ 'list-installed', '*zapret*' ]), // installed packages uci.load(tools.appName), // config ]).catch(e => { @@ -65,10 +66,15 @@ return view.extend({ this.disableButtons(true, -1, elems); return; } - let svc_autorun = status_array[0] ? true : false; - let svc_info = status_array[1]; // stdout: JSON as text - let proc_list = status_array[2]; // stdout: multiline text - let pkg_list = status_array[3]; // stdout: installed packages + let svc_boot = status_array[0] ? true : false; + let svc_en = status_array[1]; // stdout: empty or error text + let svc_info = status_array[2]; // stdout: JSON as text + let proc_list = status_array[3]; // stdout: multiline text + let pkg_list = status_array[4]; // stdout: installed packages + + console.log('svc_en: ' + svc_en.code); + svc_en = (svc_en.code == 0) ? true : false; + if (svc_info.code != 0) { ui.addNotification(null, E('p', _('Unable to read the service info') + ': setAppStatus()')); this.disableButtons(true, -1, elems); @@ -88,7 +94,7 @@ return view.extend({ if (force_app_status) { svcinfo = force_app_status; } else { - svcinfo = tools.decode_svc_info(svc_autorun, svc_info, proc_list, cfg); + svcinfo = tools.decode_svc_info(svc_en, svc_info, proc_list, cfg); } let btn = this.get_svc_buttons(elems); btn.update.disabled = true; // TODO @@ -99,8 +105,8 @@ return view.extend({ + ' %s: return code = %s'.format('decode_svc_info', svcinfo + ' '))); this.disableButtons(true, -1, elems); } else { - btn.enable.disabled = (svc_autorun) ? true : false; - btn.disable.disabled = (svc_autorun) ? false : true; + btn.enable.disabled = (svc_en) ? true : false; + btn.disable.disabled = (svc_en) ? false : true; if (!svcinfo.dmn.inited) { btn.start.disabled = false; btn.restart.disabled = true; @@ -158,8 +164,8 @@ return view.extend({ } else if (action == 'reset') { exec_cmd = tools.defaultCfgPath; - exec_arg = [ '-fs' ]; // force + sync - errmsg = _('Unable to run uci-def-cfg.sh script.'); + exec_arg = [ 'sync' ]; // restore config + sync configs + errmsg = _('Unable to run restore-def-cfg.sh script.'); action = null; } else { ui.addNotification(null, E('p', 'ERROR: unknown action')); @@ -231,7 +237,7 @@ return view.extend({ 'class': btn_style_action, }, _('Reset settings')); resetcfg_btn.onclick = ui.createHandlerFn(this, () => { - cancel_button.disabled = true; + //cancel_button.disabled = true; return this.serviceActionEx('reset', resetcfg_btn, true); }); @@ -257,7 +263,7 @@ return view.extend({ } let cfg = uci.get(tools.appName, 'config'); - let pkg_list = status_array[3]; + let pkg_list = status_array[4]; if (pkg_list === undefined || typeof(pkg_list) !== 'object' || pkg_list.code != 0) { ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()')); return; diff --git a/luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js b/luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js index c853887..2d03d7f 100644 --- a/luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js +++ b/luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js @@ -38,7 +38,7 @@ return baseclass.extend({ appName : 'zapret', execPath : '/etc/init.d/zapret', syncCfgPath : '/opt/zapret/sync_config.sh', - defaultCfgPath : '/opt/zapret/uci-def-cfg.sh', + defaultCfgPath : '/opt/zapret/restore-def-cfg.sh', hostsGoogleFN : '/opt/zapret/ipset/zapret-hosts-google.txt', hostsUserFN : '/opt/zapret/ipset/zapret-hosts-user.txt', diff --git a/luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json b/luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json index 463c89d..8fc21f4 100644 --- a/luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json +++ b/luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json @@ -10,6 +10,7 @@ "acl": [ "luci-app-zapret" ], "fs": { "/opt/zapret/sync_config.sh": "executable", + "/opt/zapret/restore-def-cfg.sh": "executable", "/etc/init.d/zapret": "executable" }, "uci": { "zapret": true } diff --git a/luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json b/luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json index 3ba5e44..b6caa7b 100644 --- a/luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json +++ b/luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json @@ -10,7 +10,7 @@ "/etc/init.d/zapret*": [ "exec" ], "/bin/ps*": [ "exec" ], "/bin/opkg*": [ "exec" ], - "/opt/zapret/uci-def-cfg.sh*": [ "exec" ], + "/opt/zapret/restore-def-cfg.sh*": [ "exec" ], "/opt/zapret/sync_config.sh*": [ "exec" ] }, "uci": [ "zapret", "network" ], diff --git a/zapret/Makefile b/zapret/Makefile index 992d65e..a41d903 100644 --- a/zapret/Makefile +++ b/zapret/Makefile @@ -76,15 +76,19 @@ define Package/$(PKG_NAME)/install $(INSTALL_DIR) $(1)/etc/hotplug.d/iface $(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret + $(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret $(INSTALL_CONF) ./config.default $(1)/opt/zapret/config.default $(INSTALL_CONF) ./ipset/zapret-hosts-google.txt $(1)/opt/zapret/ipset/zapret-hosts-google.txt $(INSTALL_CONF) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt $(INSTALL_CONF) ./ipset/zapret-ip-exclude.txt $(1)/opt/zapret/ipset/zapret-ip-exclude.txt - $(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh $(INSTALL_DIR) $(1)/etc/uci-defaults - $(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh - $(INSTALL_BIN) ./uci-def-cfg.sh $(1)/opt/zapret/uci-def-cfg.sh + $(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh + $(INSTALL_BIN) ./uci-def-cfg.sh $(1)/opt/zapret/uci-def-cfg.sh + $(INSTALL_BIN) ./comfunc.sh $(1)/opt/zapret/comfunc.sh + $(INSTALL_BIN) ./def-cfg.sh $(1)/opt/zapret/def-cfg.sh + $(INSTALL_BIN) ./renew-cfg.sh $(1)/opt/zapret/renew-cfg.sh + $(INSTALL_BIN) ./restore-def-cfg.sh $(1)/opt/zapret/restore-def-cfg.sh + $(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh endef define Package/$(PKG_NAME)/preinst @@ -132,15 +136,6 @@ if [ -z "$${IPKG_INSTROOT}" ]; then echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}" cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}" fi - # create empty txt files into ipset directory - [ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt" - #[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt" - [ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt" - [ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" - #[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt" - [ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt" - [ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt" - [ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt" # check existing uci-config [ -f "/etc/config/zapret" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0 # create or merge uci-config @@ -150,13 +145,15 @@ if [ -z "$${IPKG_INSTROOT}" ]; then rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh # copy (sync) all params from uci-config to main config /opt/zapret/sync_config.sh + # check service status + [ "$$( /etc/init.d/zapret status 2>/dev/null )" = "running" ] && ZAPRET_RUNNING=1 || ZAPRET_RUNNING=0 + if [ "$${ZAPRET_RUNNING}" = "0" ]; then + ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9 + exit 0 + fi # check main config - sh -n "$$ZAPRET_CONFIG" - ZAPRET_CONFIG_ERRCODE=$$? - [ "$$ZAPRET_CONFIG_ERRCODE" != "0" ] && cp -f "$$ZAPRET_CONFIG_DEF" "$$ZAPRET_CONFIG" - sh -n "$$ZAPRET_CONFIG" - ZAPRET_CONFIG_ERRCODE=$$? - [ "$$ZAPRET_CONFIG_ERRCODE" != "0" ] && exit 58 + sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}" + sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58 # enable main service /etc/init.d/zapret enable # stop all @@ -181,12 +178,8 @@ if [ -z "$${IPKG_INSTROOT}" ]; then ZAPRET_CONFIG_DEF="/opt/zapret/config.default" OPENWRT_FW_INCLUDE=/etc/firewall.zapret # check main config - sh -n "$$ZAPRET_CONFIG" - ZAPRET_CONFIG_ERRCODE=$$? - [ "$$ZAPRET_CONFIG_ERRCODE" != "0" ] && cp -f "$$ZAPRET_CONFIG_DEF" "$$ZAPRET_CONFIG" - sh -n "$$ZAPRET_CONFIG" - ZAPRET_CONFIG_ERRCODE=$$? - if [ "$$ZAPRET_CONFIG_ERRCODE" != "0" ]; then + sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}" + if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9 exit 0 fi diff --git a/zapret/comfunc.sh b/zapret/comfunc.sh new file mode 100755 index 0000000..13702e4 --- /dev/null +++ b/zapret/comfunc.sh @@ -0,0 +1,124 @@ +#!/bin/sh +# Copyright (c) 2024 remittor + +EXEDIR=/opt/zapret +ZAPRET_BASE=/opt/zapret + +ZAPRET_INITD=/etc/init.d/zapret +ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret" + +ZAPRET_CONFIG="$ZAPRET_BASE/config" +ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new" +ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default" + +ZAPRET_CFG=/etc/config/zapret +ZAPRET_CFG_NAME=zapret +ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_NAME.config )" + +. $ZAPRET_BASE/def-cfg.sh + +function adapt_for_sed +{ + local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 ) + echo "$str" +} + +function is_valid_config +{ + local fname=${1:-$ZAPRET_CONFIG} + sh -n "$fname" &>/dev/null + return $? +} + +function get_ppid_by_pid +{ + local pid=$1 + local ppid="$( cat /proc/$pid/status 2>/dev/null | grep '^PPid:' | awk '{print $2}' )" + echo "$ppid" +} + +function get_proc_path_by_pid +{ + local pid=$1 + local path=$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' | head -n1 ) + echo "$path" +} + +function get_proc_cmd_by_pid +{ + local pid=$1 + local delim="$2" + local cmdline + if [ "$delim" = "" ]; then + cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' )" + else + cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' "$delim" )" + fi + echo "$cmdline" +} + +function is_run_via_procd +{ + local pname + [ "$$" = "1" ] && return 0 + pname="$( get_proc_path_by_pid $$ )" + [ "$pname" = "/sbin/procd" ] && return 0 + [ "$PPID" = "1" ] && return 0 + pname="$( get_proc_path_by_pid $PPID )" + [ "$pname" = "/sbin/procd" ] && return 0 + return 1 +} + +function is_run_on_boot +{ + local cmdline="$( get_proc_cmd_by_pid $$ ' ' )" + if echo "$cmdline" | grep -q " /etc/rc.d/S" ; then + if echo "$cmdline" | grep -q " boot $" ; then + return 0 + fi + fi + return 1 +} + +function get_run_on_boot_option +{ + if [ "$( uci -q get $ZAPRET_CFG_NAME.config.run_on_boot )" = "1" ]; then + echo 1 + else + echo 0 + fi +} + +function create_default_cfg +{ + local cfgname=${1:-$ZAPRET_CFG_NAME} + local cfgfile=/etc/config/$cfgname + rm -f $cfgfile + touch $cfgfile + uci set $cfgname.config=main + set_cfg_default_values $cfgname + return 0 +} + +function merge_cfg_with_def_values +{ + local cfgname=${1:-$ZAPRET_CFG_NAME} + local force=$2 + local cfgfile=/etc/config/$cfgname + local NEWCFGNAME="zapret-default" + local NEWCFGFILE="/etc/config/$NEWCFGNAME" + + local cfg_sec_name="$( uci -q get $ZAPRET_CFG_NAME.config )" + [ -z "$cfg_sec_name" ] && create_default_cfg + + create_default_cfg "$NEWCFGNAME" + [ ! -f "$NEWCFGFILE" ] && return 1 + + uci -m -f $cfgfile import "$NEWCFGNAME" + uci commit "$NEWCFGNAME" + uci -m -f "$NEWCFGFILE" import $cfgname + uci commit $cfgname + rm -f "$NEWCFGFILE" + return 0 +} + diff --git a/zapret/def-cfg.sh b/zapret/def-cfg.sh new file mode 100755 index 0000000..06c7c89 --- /dev/null +++ b/zapret/def-cfg.sh @@ -0,0 +1,66 @@ +#!/bin/sh +# Copyright (c) 2024 remittor + +function set_cfg_default_values +{ + local cfgname=${1:-$ZAPRET_CFG_NAME} + local TAB="$( echo -n -e '\t' )" + uci batch <<-EOF + set $cfgname.config.run_on_boot='0' + # settings for zapret service + set $cfgname.config.FWTYPE='nftables' + set $cfgname.config.POSTNAT='1' + set $cfgname.config.FLOWOFFLOAD='none' + set $cfgname.config.INIT_APPLY_FW='1' + set $cfgname.config.DISABLE_IPV4='0' + set $cfgname.config.DISABLE_IPV6='1' + set $cfgname.config.MODE_FILTER='hostlist' + # autohostlist options + set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3' + set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3' + set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60' + set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0' + # nfqws options + set $cfgname.config.NFQWS_ENABLE='1' + set $cfgname.config.DESYNC_MARK='0x40000000' + set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000' + set $cfgname.config.NFQWS_PORTS_TCP='80,443' + set $cfgname.config.NFQWS_PORTS_UDP='443' + set $cfgname.config.NFQWS_TCP_PKT_OUT='9' + set $cfgname.config.NFQWS_TCP_PKT_IN='3' + set $cfgname.config.NFQWS_UDP_PKT_OUT='9' + set $cfgname.config.NFQWS_UDP_PKT_IN='0' + set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0' + set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0' + set $cfgname.config.NFQWS_OPT=" + --filter-tcp=80 + --dpi-desync=fake,split2 + --dpi-desync-autottl=2 + --dpi-desync-fooling=md5sig + --new + --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt + --dpi-desync=fake,split2 + --dpi-desync-repeats=11 + --dpi-desync-fooling=md5sig + --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin + --new + --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt + --dpi-desync=fake + --dpi-desync-repeats=11 + --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin + --new + --filter-udp=443 + --dpi-desync=fake + --dpi-desync-repeats=11 + --new + --filter-tcp=80,443 + --dpi-desync=fake,disorder2 + --dpi-desync-repeats=6 + --dpi-desync-autottl=2 + --dpi-desync-fooling=md5sig + " + # save changes + commit $cfgname + EOF + return 0 +} diff --git a/zapret/init.d.sh b/zapret/init.d.sh new file mode 100755 index 0000000..4e957cb --- /dev/null +++ b/zapret/init.d.sh @@ -0,0 +1,71 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2024 remittor + +USE_PROCD=1 +# after network +START=21 + +SCRIPT_FILENAME=$1 + +. /opt/zapret/comfunc.sh + +if ! is_valid_config ; then + logger -p err -t ZAPRET "Wrong main config: $ZAPRET_CONFIG" + exit 91 +fi + +. $ZAPRET_ORIG_INITD + +EXEDIR=/opt/zapret +ZAPRET_BASE=/opt/zapret + +is_run_on_boot && IS_RUN_ON_BOOT=1 || IS_RUN_ON_BOOT=0 + + +function enable +{ + local run_on_boot="" + if [ "$IS_RUN_ON_BOOT" = "1" ]; then + if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then + run_on_boot=$( get_run_on_boot_option ) + if [ $run_on_boot != 1 ]; then + logger -p notice -t ZAPRET "Attempt to enable service, but service blocked!" + return 61 + fi + fi + fi + if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then + uci set $ZAPRET_CFG_NAME.config.run_on_boot=1 + uci commit + fi + /bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enable +} + +function enabled +{ + local run_on_boot="" + if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then + run_on_boot=$( get_run_on_boot_option ) + if [ $run_on_boot != 1 ]; then + logger -p notice -t ZAPRET "Service is blocked!" + return 61 + fi + fi + /bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enabled +} + +function boot +{ + local run_on_boot="" + if [ "$IS_RUN_ON_BOOT" = "1" ]; then + if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then + run_on_boot=$( get_run_on_boot_option ) + if [ $run_on_boot != 1 ]; then + logger -p notice -t ZAPRET "Attempt to run service on boot! Service is blocked!" + return 61 + fi + fi + fi + /bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@" +} + diff --git a/zapret/renew-cfg.sh b/zapret/renew-cfg.sh new file mode 100755 index 0000000..a250067 --- /dev/null +++ b/zapret/renew-cfg.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Copyright (c) 2024 remittor + +. /opt/zapret/comfunc.sh + +merge_cfg_with_def_values + +CONFIGS_SYNC=0 + +[ ! -f "$ZAPRET_CONFIG" ] && CONFIGS_SYNC=1 +[ "$1" = "sync" ] && CONFIGS_SYNC=1 + +if [ "$CONFIGS_SYNC" = "1" ]; then + # renew main config + /opt/zapret/sync_config.sh +fi diff --git a/zapret/restore-def-cfg.sh b/zapret/restore-def-cfg.sh new file mode 100755 index 0000000..53f30c9 --- /dev/null +++ b/zapret/restore-def-cfg.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# Copyright (c) 2024 remittor + +. /opt/zapret/comfunc.sh + +create_default_cfg + +if [ "$1" = "sync" ]; then + # renew main config + /opt/zapret/sync_config.sh +fi diff --git a/zapret/sync_config.sh b/zapret/sync_config.sh index 55b137f..84ac621 100755 --- a/zapret/sync_config.sh +++ b/zapret/sync_config.sh @@ -1,32 +1,7 @@ #!/bin/sh # Copyright (c) 2024 remittor -EXEDIR=/opt/zapret -ZAPRET_BASE=/opt/zapret -ZAPRET_CONFIG="$ZAPRET_BASE/config" -ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new" -ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default" -ZAPRET_CFG=/etc/config/zapret - -ZAPRET_CFG_SEC_NAME="$( uci -q get zapret.config )" - -if [ -z "$ZAPRET_CFG_SEC_NAME" ]; then - # wrong uci-config - return 96 -fi - -function get_sed_compat -{ - local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 ) - echo "$str" -} - -function is_valid_sh_syntax -{ - local fname=${1:-$ZAPRET_CONFIG} - sh -n "$fname" &>/dev/null - return $? -} +. /opt/zapret/comfunc.sh function uncomment_param { @@ -49,7 +24,7 @@ function append_param function set_param_value { local param=$1 - local value=$( get_sed_compat "$2" ) + local value=$( adapt_for_sed "$2" ) local fname=${3:-$ZAPRET_CONFIG} sed -i "s/^$param=.*/$param=$value/g" $fname } @@ -57,7 +32,7 @@ function set_param_value function set_param_value_str { local param=$1 - local value=$( get_sed_compat "$2" ) + local value=$( adapt_for_sed "$2" ) local fname=${3:-$ZAPRET_CONFIG} sed -i "s/^$param=.*/$param=\"$value\"/g" $fname } @@ -90,6 +65,7 @@ fi cp -f "$ZAPRET_CONFIG" "$ZAPRET_CONFIG_NEW" +ZAPRET_CONFIG__SAVED="$ZAPRET_CONFIG" ZAPRET_CONFIG="$ZAPRET_CONFIG_NEW" sync_param FWTYPE @@ -118,9 +94,9 @@ sync_param NFQWS_PORTS_TCP_KEEPALIVE sync_param NFQWS_PORTS_UDP_KEEPALIVE sync_param NFQWS_OPT str -ZAPRET_CONFIG="$ZAPRET_BASE/config" +ZAPRET_CONFIG="$ZAPRET_CONFIG__SAVED" -if is_valid_sh_syntax "$ZAPRET_CONFIG_NEW" ; then +if is_valid_config "$ZAPRET_CONFIG_NEW" ; then cp -f "$ZAPRET_CONFIG_NEW" "$ZAPRET_CONFIG" rm -f "$ZAPRET_CONFIG_NEW" else diff --git a/zapret/uci-def-cfg.sh b/zapret/uci-def-cfg.sh index 0a15325..6354852 100755 --- a/zapret/uci-def-cfg.sh +++ b/zapret/uci-def-cfg.sh @@ -1,143 +1,18 @@ #!/bin/sh # Copyright (c) 2024 remittor -SCRIPT_SOURCED=0 -case ${0##*/} in ash|-ash) SCRIPT_SOURCED=1;; esac -#[[ $_ != $0 ]] && echo "Script is being sourced" || echo "Script is a subshell" +. /opt/zapret/comfunc.sh -ZAPRET_BASE=/opt/zapret -ZAPRET_CONFIG="$ZAPRET_BASE/config" -ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default" -ZAPRET_CFG_FILE=/etc/config/zapret -ZAPRET_CFG_NAME=zapret +# create empty txt files into ipset directory +[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt" +#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt" +[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt" +[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" +#[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt" +[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt" +[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt" +[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt" -CFG_OPT_FORCE=0 -CFG_OPT_MERGE=0 -CFG_OPT_SYNC_CFG=0 - - -function set_default_values -{ - local cfgname=${1:-$ZAPRET_CFG_NAME} - local TAB="$( echo -n -e '\t' )" - uci batch <<-EOF - set $cfgname.config.autostart='0' - # settings for zapret service - set $cfgname.config.FWTYPE='nftables' - set $cfgname.config.POSTNAT='1' - set $cfgname.config.FLOWOFFLOAD='none' - set $cfgname.config.INIT_APPLY_FW='1' - set $cfgname.config.DISABLE_IPV4='0' - set $cfgname.config.DISABLE_IPV6='1' - set $cfgname.config.MODE_FILTER='hostlist' - # autohostlist options - set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3' - set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3' - set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60' - set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0' - # nfqws options - set $cfgname.config.NFQWS_ENABLE='1' - set $cfgname.config.DESYNC_MARK='0x40000000' - set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000' - set $cfgname.config.NFQWS_PORTS_TCP='80,443' - set $cfgname.config.NFQWS_PORTS_UDP='443' - set $cfgname.config.NFQWS_TCP_PKT_OUT='9' - set $cfgname.config.NFQWS_TCP_PKT_IN='3' - set $cfgname.config.NFQWS_UDP_PKT_OUT='9' - set $cfgname.config.NFQWS_UDP_PKT_IN='0' - set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0' - set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0' - set $cfgname.config.NFQWS_OPT=" - --filter-tcp=80 - --dpi-desync=fake,split2 - --dpi-desync-autottl=2 - --dpi-desync-fooling=md5sig - --new - --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt - --dpi-desync=fake,split2 - --dpi-desync-repeats=11 - --dpi-desync-fooling=md5sig - --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin - --new - --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt - --dpi-desync=fake - --dpi-desync-repeats=11 - --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin - --new - --filter-udp=443 - --dpi-desync=fake - --dpi-desync-repeats=11 - --new - --filter-tcp=80,443 - --dpi-desync=fake,disorder2 - --dpi-desync-repeats=6 - --dpi-desync-autottl=2 - --dpi-desync-fooling=md5sig - " - # save changes - commit $cfgname - EOF - return 0 -} - -function create_default_config -{ - local cfgname=${1:-$ZAPRET_CFG_NAME} - local cfgfile=/etc/config/$cfgname - rm -f $cfgfile - touch $cfgfile - uci set $cfgname.config=main - set_default_values $cfgname - return 0 -} - -function merge_config_with_def_values -{ - local cfgname=${1:-$ZAPRET_CFG_NAME} - local force=$2 - local cfgfile=/etc/config/$cfgname - local NEWCFGNAME="zapret-default" - local NEWCFGFILE="/etc/config/$NEWCFGNAME" - - create_default_config "$NEWCFGNAME" - [ ! -f "$NEWCFGFILE" ] && return 1 - - uci -m -f $cfgfile import "$NEWCFGNAME" - uci commit "$NEWCFGNAME" - uci -m -f "$NEWCFGFILE" import $cfgname - uci commit $cfgname - rm -f "$NEWCFGFILE" - return 0 -} - - -if [ "$SCRIPT_SOURCED" != "1" ]; then - while getopts "fms" SCRIPT_OPT; do - case $SCRIPT_OPT in - f) CFG_OPT_FORCE=1;; - m) CFG_OPT_MERGE=1;; - s) CFG_OPT_SYNC_CFG=1;; - esac - done - - if [ ! -f "$ZAPRET_CFG_FILE" ]; then - CFG_OPT_FORCE=1 - fi - - if [ "$CFG_OPT_FORCE" = "1" ]; then - create_default_config - [ "$CFG_OPT_SYNC_CFG" = "1" ] && /opt/zapret/sync_config.sh - return 0 - fi -fi - - -CFG_OPT_MERGE=1 -merge_config_with_def_values - -if [ ! -f "$ZAPRET_CONFIG" ]; then - # create main config - /opt/zapret/sync_config.sh -fi - -return 0 +# create or merge uci-config +$ZAPRET_BASE/renew-cfg.sh + \ No newline at end of file