gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

nfqws,tpws: add support for systemd readiness notifications

pull/1237/head
Ivan Trubach 3 weeks ago
parent
8b73e2ea8e
commit
756603338b
8 changed files with 104 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      Makefile
  2. 48
      init.d/systemd/nfqws.service
  3. 2
      ip2net/Makefile
  4. 2
      mdig/Makefile
  5. 5
      nfq/Makefile
  6. 15
      nfq/nfqws.c
  7. 5
      tpws/Makefile
  8. 14
      tpws/tpws.c

13
Makefile
View File

@ -15,6 +15,19 @@ all: clean
done \ done \
done done
systemd: clean
@mkdir -p "$(TGT)"; \
for dir in $(DIRS); do \
find "$$dir" -type f \( -name "*.c" -o -name "*.h" -o -name "*akefile" \) -exec chmod -x {} \; ; \
$(MAKE) -C "$$dir" systemd || exit; \
for exe in "$$dir/"*; do \
if [ -f "$$exe" ] && [ -x "$$exe" ]; then \
mv -f "$$exe" "${TGT}" ; \
ln -fs "../${TGT}/$$(basename "$$exe")" "$$exe" ; \
fi \
done \
done
android: clean android: clean
@mkdir -p "$(TGT)"; \ @mkdir -p "$(TGT)"; \
for dir in $(DIRS); do \ for dir in $(DIRS); do \

48
init.d/systemd/nfqws.service
View File

@ -0,0 +1,48 @@
# Example systemd service unit for nfqws. Adjust for your installation.
[Unit]
After=network.target
[Service]
Type=notify
Restart=on-failure
ExecSearchPath=/opt/zapret/binaries/my
ExecStart=nfqws @${CONFIG_FILE}
Environment=CONFIG_FILE=/etc/zapret/nfqws.config
StateDirectory=nfqws
StateDirectoryMode=0700
WorkingDirectory=%S/nfqws
DynamicUser=true
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
RestrictAddressFamilies=AF_NETLINK AF_UNIX AF_INET6 AF_INET
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateMounts=true
PrivateTmp=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=true
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
UMask=0077
[Install]
WantedBy=multi-user.target

2
ip2net/Makefile
View File

@ -11,6 +11,8 @@ all: ip2net
ip2net: $(SRC_FILES) ip2net: $(SRC_FILES)
$(CC) -s $(CFLAGS) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS) $(CC) -s $(CFLAGS) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS)
systemd: ip2net
android: ip2net android: ip2net
bsd: $(SRC_FILES) bsd: $(SRC_FILES)

2
mdig/Makefile
View File

@ -12,6 +12,8 @@ all: mdig
mdig: $(SRC_FILES) mdig: $(SRC_FILES)
$(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS) $(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS)
systemd: mdig
android: $(SRC_FILES) android: $(SRC_FILES)
$(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS_ANDROID) $(LDFLAGS) $(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS_ANDROID) $(LDFLAGS)

5
nfq/Makefile
View File

@ -1,8 +1,10 @@
CC ?= gcc CC ?= gcc
CFLAGS += -std=gnu99 -Os -flto=auto CFLAGS += -std=gnu99 -Os -flto=auto
CFLAGS_SYSTEMD = -DUSE_SYSTEMD
CFLAGS_BSD = -Wno-address-of-packed-member CFLAGS_BSD = -Wno-address-of-packed-member
CFLAGS_CYGWIN = -Wno-address-of-packed-member -static CFLAGS_CYGWIN = -Wno-address-of-packed-member -static
LIBS_LINUX = -lnetfilter_queue -lnfnetlink -lz LIBS_LINUX = -lnetfilter_queue -lnfnetlink -lz
LIBS_SYSTEMD = -lsystemd
LIBS_BSD = -lz LIBS_BSD = -lz
LIBS_CYGWIN = -lz -Lwindows/windivert -Iwindows -lwlanapi -lole32 -loleaut32 LIBS_CYGWIN = -lz -Lwindows/windivert -Iwindows -lwlanapi -lole32 -loleaut32
LIBS_CYGWIN32 = -lwindivert32 LIBS_CYGWIN32 = -lwindivert32
@ -16,6 +18,9 @@ all: nfqws
nfqws: $(SRC_FILES) nfqws: $(SRC_FILES)
$(CC) -s $(CFLAGS) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LDFLAGS) $(CC) -s $(CFLAGS) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LDFLAGS)
systemd: $(SRC_FILES)
$(CC) -s $(CFLAGS) $(CFLAGS_SYSTEMD) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LIBS_SYSTEMD) $(LDFLAGS)
android: nfqws android: nfqws
bsd: $(SRC_FILES) bsd: $(SRC_FILES)

15
nfq/nfqws.c
View File

@ -35,6 +35,10 @@
#include "win.h" #include "win.h"
#endif #endif
#ifdef USE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
#ifdef __linux__ #ifdef __linux__
#include <libnetfilter_queue/libnetfilter_queue.h> #include <libnetfilter_queue/libnetfilter_queue.h>
#define NF_DROP 0 #define NF_DROP 0
@ -271,6 +275,15 @@ exiterr:
return false; return false;
} }
static void notify_ready(void)
{
#ifdef USE_SYSTEMD
int r = sd_notify(0, "READY=1");
if (r < 0)
DLOG_ERR("sd_notify: %s\n", strerror(-r));
#endif
}
static int nfq_main(void) static int nfq_main(void)
{ {
uint8_t buf[16384] __attribute__((aligned)); uint8_t buf[16384] __attribute__((aligned));
@ -291,6 +304,8 @@ static int nfq_main(void)
if (!nfq_init(&h,&qh)) if (!nfq_init(&h,&qh))
return 1; return 1;
notify_ready();
fd = nfq_fd(h); fd = nfq_fd(h);
do do
{ {

5
tpws/Makefile
View File

@ -1,7 +1,9 @@
CC ?= gcc CC ?= gcc
CFLAGS += -std=gnu99 -Os -flto=auto CFLAGS += -std=gnu99 -Os -flto=auto
CFLAGS_SYSTEMD = -DUSE_SYSTEMD
CFLAGS_BSD = -Wno-address-of-packed-member CFLAGS_BSD = -Wno-address-of-packed-member
LIBS = -lz -lpthread LIBS = -lz -lpthread
LIBS_SYSTEMD = -lz -lsystemd
LIBS_ANDROID = -lz LIBS_ANDROID = -lz
SRC_FILES = *.c SRC_FILES = *.c
SRC_FILES_ANDROID = $(SRC_FILES) andr/*.c SRC_FILES_ANDROID = $(SRC_FILES) andr/*.c
@ -11,6 +13,9 @@ all: tpws
tpws: $(SRC_FILES) tpws: $(SRC_FILES)
$(CC) -s $(CFLAGS) -o tpws $(SRC_FILES) $(LIBS) $(LDFLAGS) $(CC) -s $(CFLAGS) -o tpws $(SRC_FILES) $(LIBS) $(LDFLAGS)
systemd: $(SRC_FILES)
$(CC) -s $(CFLAGS) $(CFLAGS_SYSTEMD) -o tpws $(SRC_FILES) $(LIBS_SYSTEMD) $(LDFLAGS)
android: $(SRC_FILES) android: $(SRC_FILES)
$(CC) -s $(CFLAGS) -o tpws $(SRC_FILES_ANDROID) $(LIBS_ANDROID) $(LDFLAGS) $(CC) -s $(CFLAGS) -o tpws $(SRC_FILES_ANDROID) $(LIBS_ANDROID) $(LDFLAGS)

14
tpws/tpws.c
View File

@ -30,6 +30,10 @@
#include <ifaddrs.h> #include <ifaddrs.h>
#endif #endif
#ifdef USE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
#include "tpws.h" #include "tpws.h"
#ifdef BSD #ifdef BSD
@ -1688,6 +1692,15 @@ static const char *bindll_s[] = { "unwanted","no","prefer","force" };
#define PRINT_VER printf("self-built version %s %s\n\n", __DATE__, __TIME__) #define PRINT_VER printf("self-built version %s %s\n\n", __DATE__, __TIME__)
#endif #endif
static void notify_ready(void)
{
#ifdef USE_SYSTEMD
int r = sd_notify(0, "READY=1");
if (r < 0)
DLOG_ERR("sd_notify: %s\n", strerror(-r));
#endif
}
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
int i, listen_fd[MAX_BINDS], yes = 1, retval = 0, if_index, exit_v=EXIT_FAILURE; int i, listen_fd[MAX_BINDS], yes = 1, retval = 0, if_index, exit_v=EXIT_FAILURE;
@ -1964,6 +1977,7 @@ int main(int argc, char *argv[])
signal(SIGHUP, onhup); signal(SIGHUP, onhup);
signal(SIGUSR2, onusr2); signal(SIGUSR2, onusr2);
notify_ready();
retval = event_loop(listen_fd,params.binds_last+1); retval = event_loop(listen_fd,params.binds_last+1);
exit_v = retval < 0 ? EXIT_FAILURE : EXIT_SUCCESS; exit_v = retval < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
DLOG_CONDUP("Exiting\n"); DLOG_CONDUP("Exiting\n");

Write Preview
Loading…
Cancel
Save