mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-23 14:53:18 +00:00
init: check MODE_HTTP/MODE_HTTPS to minimize nfqws processes
This commit is contained in:
parent
79a984b607
commit
32f9fbecae
@ -329,7 +329,7 @@ get_nfqws_qnums()
|
||||
# $2 - var name for ipv4 https
|
||||
# $3 - var name for ipv6 http
|
||||
# $4 - var name for ipv6 https
|
||||
local _qn=x _qns=x _qn6=x _qns6=x
|
||||
local _qn _qns _qn6 _qns6
|
||||
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
_qn=$QNUM
|
||||
@ -353,10 +353,14 @@ get_nfqws_qnums()
|
||||
}
|
||||
[ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6;
|
||||
}
|
||||
eval $1=$_qn
|
||||
eval $2=$_qns
|
||||
eval $3=$_qn6
|
||||
eval $4=$_qns6
|
||||
[ "$MODE_HTTP" = 1 ] && {
|
||||
eval $1=$_qn
|
||||
eval $3=$_qn6
|
||||
}
|
||||
[ "$MODE_HTTPS" = 1 ] && {
|
||||
eval $2=$_qns
|
||||
eval $4=$_qns6
|
||||
}
|
||||
}
|
||||
|
||||
create_ipset()
|
||||
@ -461,45 +465,41 @@ zapret_apply_firewall()
|
||||
|
||||
nfqws)
|
||||
# quite complex but we need to minimize nfqws processes to save RAM
|
||||
if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
|
||||
echo both http and https are disabled. not applying redirection.
|
||||
get_nfqws_qnums qn qns qn6 qns6
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn" ] && [ "$qn" = "$qns" ]; then
|
||||
filter_apply_port_target f4
|
||||
f4="$f4 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 "$f4 $desync" $qn
|
||||
else
|
||||
get_nfqws_qnums qn qns qn6 qns6
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn = $qns ]; then
|
||||
filter_apply_port_target f4
|
||||
f4="$f4 $first_packet_only"
|
||||
if [ -n "$qn" ]; then
|
||||
f4="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 "$f4 $desync" $qn
|
||||
else
|
||||
if [ "$MODE_HTTP" = "1" ]; then
|
||||
f4="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 "$f4 $desync" $qn
|
||||
fi
|
||||
if [ "$MODE_HTTPS" = "1" ]; then
|
||||
f4="--dport 443 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 "$f4 $desync" $qns
|
||||
fi
|
||||
fi
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn6 = $qns6 ]; then
|
||||
filter_apply_port_target f6
|
||||
f6="$f6 $first_packet_only"
|
||||
if [ -n "$qns" ]; then
|
||||
f4="--dport 443 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 "$f4 $desync" $qns
|
||||
fi
|
||||
fi
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn6" ] && [ "$qn6" = "$qns6" ]; then
|
||||
filter_apply_port_target f6
|
||||
f6="$f6 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 "$f6 $desync" $qn6
|
||||
else
|
||||
if [ -n "$qn6" ]; then
|
||||
f6="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 "$f6 $desync" $qn6
|
||||
else
|
||||
if [ "$MODE_HTTP" = "1" ]; then
|
||||
f6="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 "$f6 $desync" $qn6
|
||||
fi
|
||||
if [ "$MODE_HTTPS" = "1" ]; then
|
||||
f6="--dport 443 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 "$f6 $desync" $qns6
|
||||
fi
|
||||
fi
|
||||
if [ -n "$qns6" ]; then
|
||||
f6="--dport 443 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 "$f6 $desync" $qns6
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
|
@ -121,27 +121,25 @@ start_service() {
|
||||
nfqws)
|
||||
# quite complex but we need to minimize nfqws processes to save RAM
|
||||
get_nfqws_qnums qn qns qn6 qns6
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
[ -z "$qn" ] || {
|
||||
opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 1 "$NFQWS" "$opt"
|
||||
[ "$qns" = "$qn" ] || {
|
||||
opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 2 "$NFQWS" "$opt"
|
||||
}
|
||||
}
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
[ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 3 "$NFQWS" "$opt"
|
||||
}
|
||||
[ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
|
||||
opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 4 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
|
||||
opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 2 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 3 "$NFQWS" "$opt"
|
||||
}
|
||||
[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
|
||||
opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6"
|
||||
filter_apply_hostlist_target opt
|
||||
run_daemon 4 "$NFQWS" "$opt"
|
||||
}
|
||||
;;
|
||||
custom)
|
||||
|
@ -556,7 +556,7 @@ get_nfqws_qnums()
|
||||
# $2 - var name for ipv4 https
|
||||
# $3 - var name for ipv6 http
|
||||
# $4 - var name for ipv6 https
|
||||
local _qn=x _qns=x _qn6=x _qns6=x
|
||||
local _qn _qns _qn6 _qns6
|
||||
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
_qn=$QNUM
|
||||
@ -580,10 +580,14 @@ get_nfqws_qnums()
|
||||
}
|
||||
[ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6;
|
||||
}
|
||||
eval $1=$_qn
|
||||
eval $2=$_qns
|
||||
eval $3=$_qn6
|
||||
eval $4=$_qns6
|
||||
[ "$MODE_HTTP" = 1 ] && {
|
||||
eval $1=$_qn
|
||||
eval $3=$_qn6
|
||||
}
|
||||
[ "$MODE_HTTPS" = 1 ] && {
|
||||
eval $2=$_qns
|
||||
eval $4=$_qns6
|
||||
}
|
||||
}
|
||||
|
||||
tpws_apply_socks_binds()
|
||||
@ -637,37 +641,37 @@ zapret_do_firewall()
|
||||
echo both http and https are disabled. not applying redirection.
|
||||
else
|
||||
get_nfqws_qnums qn qns qn6 qns6
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn = $qns ]; then
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn" ] && [ "$qn" = "$qns" ]; then
|
||||
filter_apply_port_target f4
|
||||
f4="$f4 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 $1 "$f4 $desync" $qn
|
||||
else
|
||||
if [ "$MODE_HTTP" = "1" ]; then
|
||||
if [ -n "$qn" ]; then
|
||||
f4="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 $1 "$f4 $desync" $qn
|
||||
fi
|
||||
if [ "$MODE_HTTPS" = "1" ]; then
|
||||
if [ -n "$qns" ]; then
|
||||
f4="--dport 443 $first_packet_only"
|
||||
filter_apply_ipset_target4 f4
|
||||
fw_nfqws_post4 $1 "$f4 $desync" $qns
|
||||
fi
|
||||
fi
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn6 = $qns6 ]; then
|
||||
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn6" ] && [ "$qn6" = "$qns6" ]; then
|
||||
filter_apply_port_target f6
|
||||
f6="$f6 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 $1 "$f6 $desync" $qn6
|
||||
else
|
||||
if [ "$MODE_HTTP" = "1" ]; then
|
||||
if [ -n "$qn6" ]; then
|
||||
f6="--dport 80"
|
||||
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 $1 "$f6 $desync" $qn6
|
||||
fi
|
||||
if [ "$MODE_HTTPS" = "1" ]; then
|
||||
if [ -n "$qns6" ]; then
|
||||
f6="--dport 443 $first_packet_only"
|
||||
filter_apply_ipset_target6 f6
|
||||
fw_nfqws_post6 $1 "$f6 $desync" $qns6
|
||||
@ -711,27 +715,25 @@ zapret_do_daemons()
|
||||
;;
|
||||
nfqws)
|
||||
get_nfqws_qnums qn qns qn6 qns6
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
[ -z "$qn" ] || {
|
||||
opt="--qnum=$qn $NFQWS_OPT_DESYNC_HTTP"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 1 "$opt"
|
||||
[ "$qns" = "$qn" ] || {
|
||||
opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 2 "$opt"
|
||||
}
|
||||
}
|
||||
[ "$DISABLE_IPV6" = "1" ] || {
|
||||
[ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 3 "$opt"
|
||||
}
|
||||
[ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
|
||||
opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 4 "$opt"
|
||||
}
|
||||
[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
|
||||
opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 2 "$opt"
|
||||
}
|
||||
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
|
||||
opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 3 "$opt"
|
||||
}
|
||||
[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
|
||||
opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6"
|
||||
filter_apply_hostlist_target opt
|
||||
do_nfqws $1 4 "$opt"
|
||||
}
|
||||
;;
|
||||
custom)
|
||||
|
Loading…
Reference in New Issue
Block a user