init.d: multiple customs

2025-05-24 22:32:58 +03:00 · 2024-10-12 12:33:06 +03:00
parent bd80daad97
commit e8012ee67f
34 changed files with 436 additions and 272 deletions
--- a/init.d/openwrt/custom-reuse-builtin-mode
+++ b/init.d/openwrt/custom-reuse-builtin-mode
@@ -1,47 +0,0 @@
-# this custom script demonstrates how to reuse built-in modes and add something from yourself
-
-MY_TPPORT=$(($TPPORT + 1))
-MY_TPWS_OPT="--methodeol --hostcase"
-MY_DPORT=81
-
-zapret_custom_daemons()
-{
-	# stop logic is managed by procd
-
-	local MODE_OVERRIDE=tpws
-	local opt
-
-	start_daemons_procd
-
-	opt="--port=$MY_TPPORT $MY_TPWS_OPT"
-	filter_apply_hostlist_target opt
-	run_tpws 100 "$opt"
-}
-zapret_custom_firewall()
-{
-	# $1 - 1 - run, 0 - stop
-
-	local MODE_OVERRIDE=tpws
-	local f4 f6
-
-	zapret_do_firewall_rules_ipt $1
-
-	f4="-p tcp --dport $MY_DPORT"
-	f6=$f4
-	filter_apply_ipset_target f4 f6
-	fw_tpws $1 "$f4" "$f6" $MY_TPPORT
-}
-zapret_custom_firewall_nft()
-{
-	# stop logic is not required
-
-	local MODE_OVERRIDE=tpws
-	local f4 f6
-
-	zapret_apply_firewall_rules_nft
-
-	f4="tcp dport $MY_DPORT"
-	f6=$f4
-	nft_filter_apply_ipset_target f4 f6
-	nft_fw_tpws "$f4" "$f6" $MY_TPPORT
-}
--- a/init.d/openwrt/custom.d.examples/10-inherit-nfqws
+++ b/init.d/openwrt/custom.d.examples/10-inherit-nfqws
@@ -0,0 +1,22 @@
+# this custom script applies nfqws mode as it would be with MODE=nfqws
+
+OVERRIDE=nfqws
+
+zapret_custom_daemons()
+{
+        # stop logic is managed by procd
+
+	MODE_OVERRIDE=$OVERRIDE start_daemons_procd
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}
--- a/init.d/openwrt/custom.d.examples/10-inherit-tpws
+++ b/init.d/openwrt/custom.d.examples/10-inherit-tpws
@@ -0,0 +1,22 @@
+# this custom script applies tpws mode as it would be with MODE=tpws
+
+OVERRIDE=tpws
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE start_daemons_procd
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}
--- a/init.d/openwrt/custom.d.examples/10-inherit-tpws-socks
+++ b/init.d/openwrt/custom.d.examples/10-inherit-tpws-socks
@@ -0,0 +1,22 @@
+# this custom script applies tpws-socks mode as it would be with MODE=tpws-socks
+
+OVERRIDE=tpws-socks
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE start_daemons_procd
+}
+zapret_custom_firewall()
+{
+	# $1 - 1 - run, 0 - stop
+
+	MODE_OVERRIDE=$OVERRIDE zapret_do_firewall_rules_ipt $1
+}
+zapret_custom_firewall_nft()
+{
+	# stop logic is not required
+
+	MODE_OVERRIDE=$OVERRIDE zapret_apply_firewall_rules_nft
+}
--- a/init.d/openwrt/custom.d.examples/50-dht4all
+++ b/init.d/openwrt/custom.d.examples/50-dht4all
@@ -1,47 +1,39 @@
-# this custom script in addition to MODE=nfqws runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
+# this custom script runs desync to DHT packets with udp payload length 101..399 , without ipset/hostlist filtering
 # need to add to config : NFQWS_OPT_DESYNC_DHT="--dpi-desync=fake --dpi-desync-ttl=5"

-QNUM2=$(($QNUM+20))
+DNUM=101
+QNUM2=$(($DNUM * 5))

 zapret_custom_daemons()
 {
        # stop logic is managed by procd

-        local MODE_OVERRIDE=nfqws
-        local opt
-
-        start_daemons_procd
-
-        opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
-        run_daemon 100 $NFQWS "$opt"
+        local opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_DHT"
+	run_daemon $DNUM $NFQWS "$opt"
 }
 zapret_custom_firewall()
 {
        # $1 - 1 - run, 0 - stop

-        local MODE_OVERRIDE=nfqws
        local f uf4 uf6
        local first_packet_only="$ipt_connbytes 1:1"
        local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"

-        zapret_do_firewall_rules_ipt $1
-
        f='-p udp -m length --length 109:407 -m u32 --u32'
 	uf4='0>>22&0x3C@8>>16=0x6431'
 	uf6='48>>16=0x6431'
        fw_nfqws_post $1 "$f $uf4 $desync $first_packet_only"  "$f $uf6 $desync $first_packet_only" $QNUM2
+
 }
 zapret_custom_firewall_nft()
 {
        # stop logic is not required

-        local MODE_OVERRIDE=nfqws
        local f
        local first_packet_only="$nft_connbytes 1"
        local desync="mark and $DESYNC_MARK == 0"

-        zapret_apply_firewall_rules_nft
-
        f="meta length 109-407 meta l4proto udp @th,64,16 0x6431"
        nft_fw_nfqws_post "$f $desync $first_packet_only" "$f $desync $first_packet_only" $QNUM2
 }
+
--- a/init.d/openwrt/custom.d.examples/50-discord
+++ b/init.d/openwrt/custom.d.examples/50-discord
--- a/init.d/openwrt/custom.d.examples/50-quic4all
+++ b/init.d/openwrt/custom.d.examples/50-quic4all
@@ -1,32 +1,25 @@
-# this custom script in addition to MODE=nfqws runs desync to all QUIC initial packets, without ipset/hostlist filtering
+# this custom script runs desync to all QUIC initial packets, without ipset/hostlist filtering
 # need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
 # NOTE : do not use TTL fooling. chromium QUIC engine breaks sessions if TTL expired in transit received

-QNUM2=$(($QNUM+10))
+DNUM=102
+QNUM2=$(($DNUM * 5))

 zapret_custom_daemons()
 {
-	# stop logic is managed by procd
+	# $1 - 1 - run, 0 - stop

-	local MODE_OVERRIDE=nfqws
-	local opt
-
-	start_daemons_procd
-
-	opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
-	run_daemon 100 $NFQWS "$opt"
+	local opt="--qnum=$QNUM2 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_QUIC"
+	run_daemon $DNUM $NFQWS "$opt"
 }
 zapret_custom_firewall()
 {
 	# $1 - 1 - run, 0 - stop

-	local MODE_OVERRIDE=nfqws
 	local f
 	local first_packets_only="$ipt_connbytes 1:3"
 	local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"

-	zapret_do_firewall_rules_ipt $1
-
 	f="-p udp -m multiport --dports $QUIC_PORTS_IPT"
 	fw_nfqws_post $1 "$f $desync $first_packets_only" "$f $desync $first_packets_only" $QNUM2

@@ -35,13 +28,10 @@ zapret_custom_firewall_nft()
 {
 	# stop logic is not required

-	local MODE_OVERRIDE=nfqws
 	local f
 	local first_packets_only="$nft_connbytes 1-3"
 	local desync="mark and $DESYNC_MARK == 0"

-	zapret_apply_firewall_rules_nft
-
 	f="udp dport {$QUIC_PORTS}"
 	nft_fw_nfqws_post "$f $desync $first_packets_only" "$f $desync $first_packets_only" $QNUM2
 }
--- a/init.d/openwrt/custom.d.examples/50-tpws4http-nfqws4https
+++ b/init.d/openwrt/custom.d.examples/50-tpws4http-nfqws4https
@@ -3,7 +3,7 @@

 zapret_custom_daemons()
 {
-	# stop logic is managed by procd
+	# $1 - 1 - run, 0 - stop

 	local opt

@@ -15,7 +15,7 @@ zapret_custom_daemons()
 	}

 	[ "$MODE_HTTPS" = "1" ] && {
-		opt="--qnum=$QNUM $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
+		opt="--qnum=$QNUM $NFQWS_OPT_DESYNC_HTTPS"
 		filter_apply_hostlist_target opt
 		filter_apply_suffix opt "$NFQWS_OPT_DESYNC_HTTPS_SUFFIX"
 		run_daemon 2 $NFQWS "$opt"
@@ -41,6 +41,8 @@ zapret_custom_firewall()
 		f6=$f4
 		filter_apply_ipset_target f4 f6
 		fw_nfqws_post $1 "$f4 $desync" "$f6 $desync" $QNUM
+		# for modes that require incoming traffic
+		fw_reverse_nfqws_rule $1 "$f4" "$f6" $QNUM
 	}
 }
 zapret_custom_firewall_nft()
--- a/init.d/openwrt/custom.d/.keep
+++ b/init.d/openwrt/custom.d/.keep
--- a/init.d/openwrt/custom.default
+++ b/init.d/openwrt/custom.default
@@ -1,33 +0,0 @@
-# this script contain your special code to launch daemons and configure firewall
-# use helpers from "functions" file and "zapret" init script
-# in case of upgrade keep this file only, do not modify others
-
-zapret_custom_daemons()
-{
-	# stop logic is managed by procd
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Start daemon\(s\)
-	echo Study how other sections work
-
-	run_daemon 1 /bin/sleep 20
-}
-zapret_custom_firewall()
-{
-	# $1 - 1 - run, 0 - stop
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Configure iptables for required actions
-	echo Study how other sections work
-}
-zapret_custom_firewall_nft()
-{
-	# stop logic is not required
-
-	# PLACEHOLDER
-	echo !!! NEED ATTENTION !!!
-	echo Configure nftables for required actions
-	echo Study how other sections work
-}
--- a/init.d/openwrt/functions
+++ b/init.d/openwrt/functions
@@ -12,6 +12,8 @@ ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
 . "$ZAPRET_BASE/common/nft.sh"
 . "$ZAPRET_BASE/common/linux_fw.sh"
 . "$ZAPRET_BASE/common/list.sh"
+. "$ZAPRET_BASE/common/custom.sh"
+CUSTOM_DIR="$ZAPRET_RW/init.d/openwrt"

 [ -n "$QNUM" ] || QNUM=200
 [ -n "$TPPORT" ] || TPPORT=988
@@ -27,9 +29,6 @@ LINKLOCAL_WAIT_SEC=5

 IPSET_CR="$ZAPRET_BASE/ipset/create_ipset.sh"

-CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/openwrt/custom"
-[ -f "$CUSTOM_SCRIPT" ] && . "$CUSTOM_SCRIPT"
-
 IPSET_EXCLUDE="-m set ! --match-set nozapret"
 IPSET_EXCLUDE6="-m set ! --match-set nozapret6"

--- a/init.d/openwrt/zapret
+++ b/init.d/openwrt/zapret
@@ -173,7 +173,7 @@ start_daemons_procd()
 			}
 			;;
 		custom)
-	    		existf zapret_custom_daemons && zapret_custom_daemons $1
+	    		custom_runner zapret_custom_daemons $1
 			;;
 	esac