gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

init: check MODE_HTTP/MODE_HTTPS to minimize nfqws processes

pull/81/head
bol-van 3 years ago
parent
79a984b607
commit
32f9fbecae
3 changed files with 83 additions and 83 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 76
      init.d/openwrt/functions
  2. 32
      init.d/openwrt/zapret
  3. 58
      init.d/sysv/functions

76
init.d/openwrt/functions
View File

@ -329,7 +329,7 @@ get_nfqws_qnums()
# $2 - var name for ipv4 https
# $3 - var name for ipv6 http
# $4 - var name for ipv6 https
local _qn=x _qns=x _qn6=x _qns6=x
local _qn _qns _qn6 _qns6
[ "$DISABLE_IPV4" = "1" ] || {
_qn=$QNUM
@ -353,10 +353,14 @@ get_nfqws_qnums()
}
[ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6;
}
eval $1=$_qn
eval $2=$_qns
eval $3=$_qn6
eval $4=$_qns6
[ "$MODE_HTTP" = 1 ] && {
eval $1=$_qn
eval $3=$_qn6
}
[ "$MODE_HTTPS" = 1 ] && {
eval $2=$_qns
eval $4=$_qns6
}
}
create_ipset()
@ -461,45 +465,41 @@ zapret_apply_firewall()
nfqws)
# quite complex but we need to minimize nfqws processes to save RAM
if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
echo both http and https are disabled. not applying redirection.
get_nfqws_qnums qn qns qn6 qns6
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn" ] && [ "$qn" = "$qns" ]; then
filter_apply_port_target f4
f4="$f4 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 "$f4 $desync" $qn
else
get_nfqws_qnums qn qns qn6 qns6
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn = $qns ]; then
filter_apply_port_target f4
f4="$f4 $first_packet_only"
if [ -n "$qn" ]; then
f4="--dport 80"
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 "$f4 $desync" $qn
else
if [ "$MODE_HTTP" = "1" ]; then
f4="--dport 80"
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 "$f4 $desync" $qn
fi
if [ "$MODE_HTTPS" = "1" ]; then
f4="--dport 443 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 "$f4 $desync" $qns
fi
fi
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn6 = $qns6 ]; then
filter_apply_port_target f6
f6="$f6 $first_packet_only"
if [ -n "$qns" ]; then
f4="--dport 443 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 "$f4 $desync" $qns
fi
fi
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn6" ] && [ "$qn6" = "$qns6" ]; then
filter_apply_port_target f6
f6="$f6 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 "$f6 $desync" $qn6
else
if [ -n "$qn6" ]; then
f6="--dport 80"
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 "$f6 $desync" $qn6
else
if [ "$MODE_HTTP" = "1" ]; then
f6="--dport 80"
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 "$f6 $desync" $qn6
fi
if [ "$MODE_HTTPS" = "1" ]; then
f6="--dport 443 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 "$f6 $desync" $qns6
fi
fi
if [ -n "$qns6" ]; then
f6="--dport 443 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 "$f6 $desync" $qns6
fi
fi
;;

32
init.d/openwrt/zapret
View File

@ -121,27 +121,25 @@ start_service() {
nfqws)
# quite complex but we need to minimize nfqws processes to save RAM
get_nfqws_qnums qn qns qn6 qns6
[ "$DISABLE_IPV4" = "1" ] || {
[ -z "$qn" ] || {
opt="--qnum=$qn $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP"
filter_apply_hostlist_target opt
run_daemon 1 "$NFQWS" "$opt"
[ "$qns" = "$qn" ] || {
opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
filter_apply_hostlist_target opt
run_daemon 2 "$NFQWS" "$opt"
}
}
[ "$DISABLE_IPV6" = "1" ] || {
[ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6"
filter_apply_hostlist_target opt
run_daemon 3 "$NFQWS" "$opt"
}
[ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6"
filter_apply_hostlist_target opt
run_daemon 4 "$NFQWS" "$opt"
}
[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
opt="--qnum=$qns $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS"
filter_apply_hostlist_target opt
run_daemon 2 "$NFQWS" "$opt"
}
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
opt="--qnum=$qn6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTP6"
filter_apply_hostlist_target opt
run_daemon 3 "$NFQWS" "$opt"
}
[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
opt="--qnum=$qns6 $NFQWS_OPT_BASE $NFQWS_OPT_DESYNC_HTTPS6"
filter_apply_hostlist_target opt
run_daemon 4 "$NFQWS" "$opt"
}
;;
custom)

58
init.d/sysv/functions
View File

@ -556,7 +556,7 @@ get_nfqws_qnums()
# $2 - var name for ipv4 https
# $3 - var name for ipv6 http
# $4 - var name for ipv6 https
local _qn=x _qns=x _qn6=x _qns6=x
local _qn _qns _qn6 _qns6
[ "$DISABLE_IPV4" = "1" ] || {
_qn=$QNUM
@ -580,10 +580,14 @@ get_nfqws_qnums()
}
[ "$NFQWS_OPT_DESYNC_HTTPS6" = "$NFQWS_OPT_DESYNC_HTTP6" ] && _qns6=$_qn6;
}
eval $1=$_qn
eval $2=$_qns
eval $3=$_qn6
eval $4=$_qns6
[ "$MODE_HTTP" = 1 ] && {
eval $1=$_qn
eval $3=$_qn6
}
[ "$MODE_HTTPS" = 1 ] && {
eval $2=$_qns
eval $4=$_qns6
}
}
tpws_apply_socks_binds()
@ -637,37 +641,37 @@ zapret_do_firewall()
echo both http and https are disabled. not applying redirection.
else
get_nfqws_qnums qn qns qn6 qns6
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn = $qns ]; then
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn" ] && [ "$qn" = "$qns" ]; then
filter_apply_port_target f4
f4="$f4 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 $1 "$f4 $desync" $qn
else
if [ "$MODE_HTTP" = "1" ]; then
if [ -n "$qn" ]; then
f4="--dport 80"
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f4="$f4 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 $1 "$f4 $desync" $qn
fi
if [ "$MODE_HTTPS" = "1" ]; then
if [ -n "$qns" ]; then
f4="--dport 443 $first_packet_only"
filter_apply_ipset_target4 f4
fw_nfqws_post4 $1 "$f4 $desync" $qns
fi
fi
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ $qn6 = $qns6 ]; then
if [ "$MODE_HTTP_KEEPALIVE" != "1" ] && [ -n "$qn6" ] && [ "$qn6" = "$qns6" ]; then
filter_apply_port_target f6
f6="$f6 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 $1 "$f6 $desync" $qn6
else
if [ "$MODE_HTTP" = "1" ]; then
if [ -n "$qn6" ]; then
f6="--dport 80"
[ "$MODE_HTTP_KEEPALIVE" = "1" ] || f6="$f6 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 $1 "$f6 $desync" $qn6
fi
if [ "$MODE_HTTPS" = "1" ]; then
if [ -n "$qns6" ]; then
f6="--dport 443 $first_packet_only"
filter_apply_ipset_target6 f6
fw_nfqws_post6 $1 "$f6 $desync" $qns6
@ -711,27 +715,25 @@ zapret_do_daemons()
;;
nfqws)
get_nfqws_qnums qn qns qn6 qns6
[ "$DISABLE_IPV4" = "1" ] || {
[ -z "$qn" ] || {
opt="--qnum=$qn $NFQWS_OPT_DESYNC_HTTP"
filter_apply_hostlist_target opt
do_nfqws $1 1 "$opt"
[ "$qns" = "$qn" ] || {
opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS"
filter_apply_hostlist_target opt
do_nfqws $1 2 "$opt"
}
}
[ "$DISABLE_IPV6" = "1" ] || {
[ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6"
filter_apply_hostlist_target opt
do_nfqws $1 3 "$opt"
}
[ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6"
filter_apply_hostlist_target opt
do_nfqws $1 4 "$opt"
}
[ -z "$qns" ] || [ "$qns" = "$qn" ] || {
opt="--qnum=$qns $NFQWS_OPT_DESYNC_HTTPS"
filter_apply_hostlist_target opt
do_nfqws $1 2 "$opt"
}
[ -z "$qn6" ] || [ "$qn6" = "$qn" ] || [ "$qn6" = "$qns" ] || {
opt="--qnum=$qn6 $NFQWS_OPT_DESYNC_HTTP6"
filter_apply_hostlist_target opt
do_nfqws $1 3 "$opt"
}
[ -z "$qns6" ] || [ "$qns6" = "$qn" ] || [ "$qns6" = "$qns" ] || [ "$qns6" = "$qn6" ] || {
opt="--qnum=$qns6 $NFQWS_OPT_DESYNC_HTTPS6"
filter_apply_hostlist_target opt
do_nfqws $1 4 "$opt"
}
;;
custom)

Write Preview
Loading…
Cancel
Save