zapret/init.d/macos/functions

215 lines
4.4 KiB
Plaintext
Raw Normal View History

2022-02-15 14:15:36 +00:00
# init script functions library for macos
2021-03-04 11:30:38 +00:00
[ -n "$ZAPRET_BASE" ] || ZAPRET_BASE=/opt/zapret
2022-02-15 14:15:36 +00:00
. "$ZAPRET_BASE/config"
. "$ZAPRET_BASE/common/base.sh"
. "$ZAPRET_BASE/common/pf.sh"
2021-03-04 11:30:38 +00:00
IPSET_DIR=$ZAPRET_BASE/ipset
. "$IPSET_DIR/def.sh"
HOSTLIST="$ZHOSTLIST.gz"
[ -f "$HOSTLIST" ] || HOSTLIST="$ZHOSTLIST"
[ -f "$HOSTLIST" ] || HOSTLIST="$ZUSERLIST"
PIDDIR=/var/run
2021-03-06 08:20:25 +00:00
[ -n "$TPPORT" ] || TPPORT=988
2021-11-06 08:24:54 +00:00
[ -n "$WS_USER" ] || WS_USER=daemon
2021-03-08 19:34:12 +00:00
TPWS_WAIT="--bind-wait-ifup=30 --bind-wait-ip=30"
TPWS_WAIT_SOCKS6="$TPWS_WAIT --bind-wait-ip-linklocal=30"
[ -n "$TPWS" ] || TPWS="$ZAPRET_BASE/tpws/tpws"
2021-03-04 11:30:38 +00:00
2021-03-04 14:36:56 +00:00
CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/macos/custom"
[ -f "$CUSTOM_SCRIPT" ] && . "$CUSTOM_SCRIPT"
2021-03-04 11:30:38 +00:00
run_daemon()
{
# $1 - daemon number : 1,2,3,...
# $2 - daemon
# $3 - daemon args
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local DAEMONBASE="$(basename $2)"
local PIDFILE="$PIDDIR/$DAEMONBASE$1.pid"
local ARGS="--daemon --pidfile=$PIDFILE $3"
[ -f "$PIDFILE" ] && pgrep -qF "$PIDFILE" && {
echo Already running $1: $2
return 0
}
echo "Starting daemon $1: $2 $ARGS"
"$2" $ARGS
}
stop_daemon()
{
# $1 - daemon number : 1,2,3,...
# $2 - daemon
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local PID
local DAEMONBASE="$(basename $2)"
local PIDFILE="$PIDDIR/$DAEMONBASE$1.pid"
[ -f "$PIDFILE" ] && read PID <"$PIDFILE"
[ -n "$PID" ] && {
echo "Stopping daemon $1: $2 (PID=$PID)"
kill $PID
rm -f "$PIDFILE"
}
return 0
}
do_daemon()
{
# $1 - 1 - run, 0 - stop
on_off_function run_daemon stop_daemon "$@"
}
filter_apply_hostlist_target()
{
# $1 - var name of tpws or nfqws params
[ "$MODE_FILTER" = "hostlist" ] && eval $1="\"\$$1 --hostlist=$HOSTLIST\""
}
2021-03-04 18:03:26 +00:00
2021-03-04 11:30:38 +00:00
tpws_apply_binds()
{
local o
[ "$DISABLE_IPV4" = "1" ] || o="--bind-addr=127.0.0.1"
[ "$DISABLE_IPV6" = "1" ] || {
for i in lo0 $IFACE_LAN; do
o="$o --bind-iface6=$i --bind-linklocal=force $TPWS_WAIT"
done
}
eval $1="\"\$$1 $o\""
}
2021-03-04 18:03:26 +00:00
tpws_apply_socks_binds()
{
local o
[ "$DISABLE_IPV4" = "1" ] || o="--bind-addr=127.0.0.1"
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-addr=::1"
for lan in $IFACE_LAN; do
[ "$DISABLE_IPV4" = "1" ] || o="$o --bind-iface4=$lan $TPWS_WAIT"
[ "$DISABLE_IPV6" = "1" ] || o="$o --bind-iface6=$lan --bind-linklocal=unwanted $TPWS_WAIT_SOCKS6"
done
2021-03-04 18:03:26 +00:00
eval $1="\"\$$1 $o\""
}
2021-03-04 11:30:38 +00:00
wait_interface_ll()
{
echo waiting for an ipv6 link local address on $1 ...
"$TPWS" --bind-wait-only --bind-iface6=$1 --bind-linklocal=force $TPWS_WAIT
}
wait_lan_ll()
{
[ "$DISABLE_IPV6" != "1" ] && {
for lan in $IFACE_LAN; do
wait_interface_ll $lan >&2 || {
echo "wait interface failed on $lan"
return 1
}
done
2021-03-04 11:30:38 +00:00
}
return 0
}
get_ipv6_linklocal()
{
ifconfig $1 | sed -nEe 's/^.*inet6 (fe80:[a-f0-9:]+).*/\1/p'
}
zapret_do_firewall()
{
# $1 - 1 - add, 0 - del
case "${MODE_OVERRIDE:-$MODE}" in
2021-03-04 14:36:56 +00:00
tpws|filter|custom)
2021-03-04 11:30:38 +00:00
if [ "$1" = "1" ] ; then
pf_anchor_root || return 1
pf_anchors_create
pf_anchors_load || return 1
pf_enable
else
pf_anchors_clear
fi
;;
2021-03-04 18:03:26 +00:00
tpws-socks)
;;
2021-03-04 11:30:38 +00:00
*)
echo "unsupported MODE=$MODE"
return 1
;;
esac
2021-03-04 11:30:38 +00:00
return 0
}
zapret_apply_firewall()
{
zapret_do_firewall 1 "$@"
}
zapret_unapply_firewall()
{
zapret_do_firewall 0 "$@"
}
zapret_restart_firewall()
{
zapret_unapply_firewall "$@"
zapret_apply_firewall "$@"
}
zapret_do_daemons()
{
# $1 - 1 - run, 0 - stop
local opt
case "${MODE_OVERRIDE:-$MODE}" in
2021-03-04 11:30:38 +00:00
tpws)
[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
echo "both ipv4 and ipv6 are disabled. nothing to do"
return 0
}
# MacOS requires root. kernel hardcoded requirement for /dev/pf ioctls
opt="--user=root --port=$TPPORT"
filter_apply_hostlist_target opt
tpws_apply_binds opt
opt="$opt $TPWS_OPT"
do_daemon $1 1 "$TPWS" "$opt"
;;
2021-03-04 18:03:26 +00:00
tpws-socks)
[ "$1" = "1" ] && [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && {
echo "both ipv4 and ipv6 are disabled. nothing to do"
return 0
}
2021-11-06 08:24:54 +00:00
opt="--socks --user=$WS_USER --port=$TPPORT"
2021-03-04 18:03:26 +00:00
tpws_apply_socks_binds opt
filter_apply_hostlist_target opt
opt="$opt $TPWS_OPT"
2021-03-04 18:03:26 +00:00
do_daemon $1 1 "$TPWS" "$opt"
;;
2021-03-04 11:30:38 +00:00
filter)
;;
2021-03-04 14:36:56 +00:00
custom)
existf zapret_custom_daemons && zapret_custom_daemons $1
;;
2021-03-04 11:30:38 +00:00
*)
echo "unsupported MODE=$MODE"
return 1
;;
esac
return 0
2021-03-04 11:30:38 +00:00
}
zapret_run_daemons()
{
zapret_do_daemons 1 "$@"
}
zapret_stop_daemons()
{
zapret_do_daemons 0 "$@"
}
zapret_restart_daemons()
{
zapret_stop_daemons "$@"
zapret_run_daemons "$@"
}