huawei: more scripts

5 years ago · 4b11a6fb3f
4 changed files with 119 additions and 0 deletions
--- a/files/huawei/E8372/run-zapret-hostlist
+++ b/files/huawei/E8372/run-zapret-hostlist
@ -0,0 +1,35 @@
+#!/system/bin/busybox sh
+
+# download hostlist from http(s) (need curl, its absent by default),
+# feed it to zapret. save flash write cycles
+
+u="https://your.host.com/censorship/hoslist.txt"
+
+SCRIPT=$(readlink -f "$0")
+EXEDIR=$(dirname "$SCRIPT")
+
+d=/data/censorship
+[ -d $d ] || mkdir $d
+f=$d/hostlist.txt
+t=/hostlist.txt
+
+curl -k --fail --max-time 10 -o "$t" "$u" && {
+ if [ -s "$t" ]; then
+  m1=$(md5sum "$t" | cut -d ' ' -f 1)
+  m2=$(md5sum "$f" | cut -d ' ' -f 1)
+  echo $m1 $m2
+  if [ -z "$m2" ] || [ "$m1" != "$m2" ]; then
+   echo updating hostlist
+   cp -f "$t" "$f"
+  else
+   echo hostlist was not changed. keeping old copy
+  fi
+ else
+  echo downloaded hostlist is empty. disabling zapret
+  rm "$f"
+ fi
+}
+
+rm -f "$t"
+"$EXEDIR/unzapret"
+[ -s "$f" ] && exec "$EXEDIR/zapret" "--hostlist=$f"
--- a/files/huawei/E8372/run-zapret-ip
+++ b/files/huawei/E8372/run-zapret-ip
@ -0,0 +1,39 @@
+#!/system/bin/busybox sh
+
+# download hostlist from http(s) (need curl, its absent by default),
+# resolve to ip list, feed to zapret-ip. save flash write cycles
+
+u="https://your.host.com/censorship/hoslist.txt"
+
+SCRIPT=$(readlink -f "$0")
+EXEDIR=$(dirname "$SCRIPT")
+
+d=/data/censorship
+[ -d $d ] || mkdir $d
+f=$d/hostlist.txt
+t=/hostlist.txt
+i=/iplist.txt
+
+curl -k --fail --max-time 10 -o "$t" "$u" && {
+ if [ -s "$t" ]; then
+  m1=$(md5sum "$t" | cut -d ' ' -f 1)
+  m2=$(md5sum "$f" | cut -d ' ' -f 1)
+  echo $m1 $m2
+  if [ -z "$m2" ] || [ "$m1" != "$m2" ]; then
+   echo updating hostlist
+   cp -f "$t" "$f"
+  else
+   echo hostlist was not changed. keeping old copy
+  fi
+ else
+  echo downloaded hostlist is empty. disabling zapret
+  rm "$f"
+ fi
+}
+
+rm -f "$t"
+"$EXEDIR/unzapret-ip"
+[ -s "$f" ] && {
+ mdig --threads=10 --family=4 <"$f" >"$i"
+ [ -s "$i" ] && exec "$EXEDIR/zapret-ip" "$i"
+}
--- a/files/huawei/E8372/unzapret-ip
+++ b/files/huawei/E8372/unzapret-ip
@ -0,0 +1,11 @@
+#!/system/bin/busybox sh
+
+rule="PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80,443 -j tpws"
+iptables -C $rule 2>/dev/null && iptables -D $rule
+iptables -F tpws -t nat
+iptables -X tpws -t nat
+killall tpws
+
+rule="OUTPUT -t mangle -o wan0 -p tcp -m multiport --dports 80,443  -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass"
+iptables -C $rule 2>/dev/null && iptables -D $rule
+killall nfqws
--- a/files/huawei/E8372/zapret-ip
+++ b/files/huawei/E8372/zapret-ip
@ -0,0 +1,34 @@
+#!/system/bin/busybox sh
+
+# $1 - ip list file. create individual rules for tpws redirection. ipset is not available
+
+[ -z "$1" ] && {
+ echo need iplist file as parameter
+ exit 1
+}
+
+insmod /online/modules/unfuck_nfqueue.ko  2>/dev/null
+
+tpws --maxconn=1024 --uid 1:3003 --port=1 --daemon
+
+
+REDIR="-j REDIRECT --to-port 1"
+
+iptables -F tpws -t nat
+iptables -X tpws -t nat
+iptables -N tpws -t nat
+iptables -A tpws -t nat -d 192.168.0.0/16 -j RETURN
+
+while read ip; do
+ echo redirecting $ip
+ iptables -A tpws -t nat -d $ip -p tcp $REDIR
+done <"$1"
+
+
+rule="PREROUTING -t nat -i br0 -p tcp -m multiport --dports 80,443 -j tpws"
+iptables -C $rule 2>/dev/null || iptables -I $rule
+
+nfqws --uid 2 --qnum=200 --dpi-desync=disorder --dpi-desync-ttl=8 --dpi-desync-fooling=md5sig --daemon
+
+rule="OUTPUT -t mangle -o wan0 -p tcp -m multiport --dports 80,443  -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass"
+iptables -C $rule 2>/dev/null || iptables -I $rule