mirror of
https://github.com/bol-van/zapret.git
synced 2025-01-19 12:42:21 +03:00
init,install_easy: socks mode
This commit is contained in:
parent
5228b91ea5
commit
ae9a72f5b0
@ -398,8 +398,12 @@ It needs to be viewed and edited if necessary.
|
||||
|
||||
|
||||
Main mode :
|
||||
tpws - use tpws
|
||||
tpws - use nfqws
|
||||
tpws - tpws transparent mode
|
||||
tpws-socks - tpws socks mode
|
||||
binds to localhost and LAN interface (if IFACE_LAN is specified or the system is OpenWRT). port 988
|
||||
nfqws - nfqws
|
||||
nfqws - use nfqws
|
||||
|
||||
filter - only fill ipset or load hostlist
|
||||
custom - use custom script for running daemons and establishing firewall rules
|
||||
|
||||
|
@ -619,8 +619,10 @@ tpws и nfqws решают нужно ли применять дурение в
|
||||
|
||||
|
||||
Основной режим :
|
||||
tpws - использовать tpws
|
||||
tpws - использовать nfqws
|
||||
tpws - tpws в режиме transparent
|
||||
tpws-socks - tpws в режиме socks.
|
||||
вешается на localhost и LAN интерфейс (если задан IFACE_LAN или если система - OpenWRT). порт 988
|
||||
nfqws - nfqws
|
||||
filter - только заполнить ipset или загрузить hostlist
|
||||
custom - нужно самому запрограммировать запуск демонов в init скрипте и правила iptables
|
||||
|
||||
|
@ -9,6 +9,7 @@ HOSTLIST="$ZHOSTLIST.gz"
|
||||
|
||||
PIDDIR=/var/run
|
||||
TPPORT=988
|
||||
TPWS_USER=daemon
|
||||
TPWS_WAIT="--bind-wait-ip=60"
|
||||
TPWS="$ZAPRET_BASE/tpws/tpws"
|
||||
|
||||
@ -85,6 +86,7 @@ filter_apply_hostlist_target()
|
||||
# $1 - var name of tpws or nfqws params
|
||||
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
||||
}
|
||||
|
||||
tpws_apply_binds()
|
||||
{
|
||||
local o
|
||||
@ -96,6 +98,20 @@ tpws_apply_binds()
|
||||
}
|
||||
eval $1="\"\$$1 $o\""
|
||||
}
|
||||
tpws_apply_socks_binds()
|
||||
{
|
||||
local o
|
||||
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
o="--bind-addr=127.0.0.1"
|
||||
[ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT"
|
||||
}
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
o="$o --bind-addr=::1"
|
||||
[ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT"
|
||||
}
|
||||
eval $1="\"\$$1 $o\""
|
||||
}
|
||||
|
||||
wait_interface_ll()
|
||||
{
|
||||
@ -374,6 +390,8 @@ zapret_do_firewall()
|
||||
pf_anchors_clear
|
||||
fi
|
||||
;;
|
||||
tpws-socks)
|
||||
;;
|
||||
*)
|
||||
echo "unsupported MODE=$MODE"
|
||||
return 1
|
||||
@ -416,6 +434,16 @@ zapret_do_daemons()
|
||||
opt="$opt $TPWS_OPT"
|
||||
do_daemon $1 1 "$TPWS" "$opt"
|
||||
;;
|
||||
tpws-socks)
|
||||
[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
|
||||
echo "both ipv4 and ipv6 are disabled. nothing to do"
|
||||
return 0
|
||||
}
|
||||
opt="--socks --user=$TPWS_USER --port=$TPPORT"
|
||||
tpws_apply_socks_binds opt
|
||||
filter_apply_hostlist_target opt
|
||||
do_daemon $1 1 "$TPWS" "$opt"
|
||||
;;
|
||||
filter)
|
||||
;;
|
||||
custom)
|
||||
|
@ -34,8 +34,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
|
||||
TPWS_OPT_BASE="--user=$TPWS_USER --port=$TPPORT"
|
||||
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
||||
TPWS_OPT_BASE6="--bind-addr=::1"
|
||||
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
|
||||
# first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
|
||||
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3"
|
||||
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
|
||||
|
||||
run_daemon()
|
||||
{
|
||||
@ -64,11 +65,11 @@ run_tpws()
|
||||
network_get_device DEVICE lan
|
||||
[ -n "$DEVICE" ] && OPT="$OPT --bind-iface6=$DEVICE $TPWS_OPT_BASE6_PRE"
|
||||
}
|
||||
run_daemon $1 $TPWS "$OPT $2"
|
||||
run_daemon $1 "$TPWS" "$OPT $2"
|
||||
}
|
||||
stop_tpws()
|
||||
{
|
||||
stop_daemon $1 $TPWS
|
||||
stop_daemon $1 "$TPWS"
|
||||
}
|
||||
|
||||
|
||||
@ -78,6 +79,23 @@ filter_apply_hostlist_target()
|
||||
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
||||
}
|
||||
|
||||
tpws_apply_socks_binds()
|
||||
{
|
||||
local o
|
||||
|
||||
network_get_device DEVICE lan
|
||||
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
o="--bind-addr=127.0.0.1"
|
||||
[ -n "$DEVICE" ] && o="$o --bind-iface4=$DEVICE $TPWS_WAIT"
|
||||
}
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
o="$o --bind-addr=::1"
|
||||
[ -n "$DEVICE" ] && o="$o --bind-iface6=$DEVICE $TPWS_WAIT"
|
||||
}
|
||||
eval $1="\"\$$1 $o\""
|
||||
}
|
||||
|
||||
|
||||
start_service() {
|
||||
local opt
|
||||
@ -88,10 +106,16 @@ start_service() {
|
||||
filter_apply_hostlist_target opt
|
||||
run_tpws 1 "$opt"
|
||||
;;
|
||||
tpws-socks)
|
||||
opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
|
||||
tpws_apply_socks_binds opt
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 1 "$TPWS" "$opt"
|
||||
;;
|
||||
nfqws)
|
||||
opt="$NFQWS_OPT_BASE $NFQWS_OPT_DESYNC"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 1 $NFQWS "$opt"
|
||||
run_daemon 1 "$NFQWS" "$opt"
|
||||
;;
|
||||
custom)
|
||||
existf zapret_custom_daemons && zapret_custom_daemons $1
|
||||
|
@ -24,8 +24,9 @@ HOSTLIST="$ZAPRET_BASE/ipset/zapret-hosts.txt.gz"
|
||||
TPWS_OPT_BASE="--user=$WS_USER --port=$TPPORT"
|
||||
TPWS_OPT_BASE4="--bind-addr=$TPWS_LOCALHOST4"
|
||||
TPWS_OPT_BASE6="--bind-addr=::1"
|
||||
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
|
||||
# first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
|
||||
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer --bind-wait-ifup=30 --bind-wait-ip=30 --bind-wait-ip-linklocal=3"
|
||||
TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
|
||||
|
||||
[ -n "$IFACE_WAN" ] && IPT_OWAN="-o $IFACE_WAN"
|
||||
[ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN"
|
||||
@ -383,7 +384,7 @@ do_tpws()
|
||||
[ -n "$IFACE_LAN" ] && OPT="$OPT --bind-iface6=$IFACE_LAN $TPWS_OPT_BASE6_PRE"
|
||||
}
|
||||
|
||||
do_daemon $1 $2 $TPWS "$OPT $3"
|
||||
do_daemon $1 $2 "$TPWS" "$OPT $3"
|
||||
}
|
||||
do_nfqws()
|
||||
{
|
||||
@ -392,7 +393,7 @@ do_nfqws()
|
||||
# $3 : daemon args
|
||||
|
||||
[ "$1" = "1" ] && prepare_user
|
||||
do_daemon $1 $2 $NFQWS "$NFQWS_OPT_BASE $3"
|
||||
do_daemon $1 $2 "$NFQWS" "$NFQWS_OPT_BASE $3"
|
||||
}
|
||||
|
||||
|
||||
@ -425,6 +426,20 @@ filter_apply_hostlist_target()
|
||||
# $1 - var name of tpws or nfqws params
|
||||
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
|
||||
}
|
||||
tpws_apply_socks_binds()
|
||||
{
|
||||
local o
|
||||
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
o="--bind-addr=127.0.0.1"
|
||||
[ -n "$IFACE_LAN" ] && o="$o --bind-iface4=$IFACE_LAN $TPWS_WAIT"
|
||||
}
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
o="$o --bind-addr=::1"
|
||||
[ -n "$IFACE_LAN" ] && o="$o --bind-iface6=$IFACE_LAN $TPWS_WAIT"
|
||||
}
|
||||
eval $1="\"\$$1 $o\""
|
||||
}
|
||||
|
||||
|
||||
create_ipset()
|
||||
@ -511,6 +526,12 @@ zapret_do_daemons()
|
||||
filter_apply_hostlist_target opt
|
||||
do_tpws $1 1 "$opt"
|
||||
;;
|
||||
tpws-socks)
|
||||
opt="$TPWS_OPT_BASE --socks $TPWS_OPT"
|
||||
tpws_apply_socks_binds opt
|
||||
filter_apply_hostlist_target opt
|
||||
do_daemon $1 1 "$TPWS" "$opt"
|
||||
;;
|
||||
nfqws)
|
||||
opt="$NFQWS_OPT_DESYNC"
|
||||
filter_apply_hostlist_target opt
|
||||
|
@ -291,8 +291,8 @@ write_config_var()
|
||||
|
||||
select_mode_mode()
|
||||
{
|
||||
local MODES="tpws nfqws filter custom"
|
||||
[ "$SYSTEM" = "macos" ] && MODES="tpws filter custom"
|
||||
local MODES="tpws tpws-socks nfqws filter custom"
|
||||
[ "$SYSTEM" = "macos" ] && MODES="tpws tpws-socks filter custom"
|
||||
echo
|
||||
echo select MODE :
|
||||
ask_list MODE "$MODES" tpws && write_config_var MODE
|
||||
@ -311,7 +311,7 @@ select_mode_mode()
|
||||
}
|
||||
select_mode_http()
|
||||
{
|
||||
[ "$MODE" != "filter" ] && {
|
||||
[ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && {
|
||||
echo
|
||||
ask_yes_no_var MODE_HTTP "enable http support"
|
||||
write_config_var MODE_HTTP
|
||||
@ -329,7 +329,7 @@ select_mode_keepalive()
|
||||
}
|
||||
select_mode_https()
|
||||
{
|
||||
[ "$MODE" != "filter" ] && {
|
||||
[ "$MODE" != "filter" ] && [ "$MODE" != "tpws-socks" ] && {
|
||||
echo
|
||||
ask_yes_no_var MODE_HTTPS "enable https support"
|
||||
write_config_var MODE_HTTPS
|
||||
@ -337,9 +337,11 @@ select_mode_https()
|
||||
}
|
||||
select_mode_filter()
|
||||
{
|
||||
local filter="none ipset hostlist"
|
||||
[ "$MODE" = "tpws-socks" ] && filter="none hostlist"
|
||||
echo
|
||||
echo select filtering :
|
||||
ask_list MODE_FILTER "none ipset hostlist" none && write_config_var MODE_FILTER
|
||||
ask_list MODE_FILTER "$filter" none && write_config_var MODE_FILTER
|
||||
}
|
||||
select_mode()
|
||||
{
|
||||
@ -1180,7 +1182,7 @@ service_stop_macos()
|
||||
macos_fw_reload_trigger_clear()
|
||||
{
|
||||
case "$MODE" in
|
||||
tpws|custom)
|
||||
tpws|tpws-socks|custom)
|
||||
LISTS_RELOAD=
|
||||
write_config_var LISTS_RELOAD
|
||||
;;
|
||||
|
Loading…
Reference in New Issue
Block a user