#!/bin/sh /etc/rc.common
# Copyright (C) 2014-2099 SanLiuHuo
START=99
STOP=99

APP=ss-redir
appname=ssgoabroad
ss_getconfig() {
	lan_ip=$(uci get network.lan.ipaddr)
	source /lib/functions/network.sh
	network_get_ipaddr wanip wan
	local_ip=127.0.0.1
	mode=$(uci get $APP.$appname.mode)
	antixxx_dns_server_ip=$(uci get $APP.$appname.antixxx_dns_server_ip)
	ss_server_name=$(uci get $APP.$appname.ss_server_name)
	ss_server_ip=$(uci get $APP.$ss_server_name.ss_server_ip)
	ss_server_port=$(uci get $APP.$ss_server_name.ss_server_port)
	ss_server_password=$(uci get $APP.$ss_server_name.ss_password)
	ss_local_port=$(uci get $APP.ssgoabroad.ss_local_port)
	ss_server_method=$(uci get $APP.$ss_server_name.ss_method)
}

CreatSsConfigFile(){
	rm -rf /etc/shadowsocks.json
	touch /etc/shadowsocks.json
	echo '{' >> /etc/shadowsocks.json
	echo '"server":"'$ss_server_ip'",' >> /etc/shadowsocks.json
	echo '"server_port":'$ss_server_port',' >> /etc/shadowsocks.json
	echo '"local_port":'$ss_local_port',' >> /etc/shadowsocks.json
        echo '"local_addr":"'$local_ip'",' >> /etc/shadowsocks.json
	echo '"password":"'$ss_server_password'",' >> /etc/shadowsocks.json
	echo '"timeout":600,' >> /etc/shadowsocks.json
	echo '"method":"'$ss_server_method'"' | tr A-Z a-z >> /etc/shadowsocks.json
	echo '}' >> /etc/shadowsocks.json
}

	
rs_iptables_add() {
	iptables -t nat -N $appname
	iptables -t nat -A PREROUTING -i br-lan -j $appname
	iptables -t nat -A $appname -m salist --salist local --match-dip -j RETURN
	iptables -t nat -A $appname -m salist --salist hiwifi --match-dip -j RETURN
	iptables -t nat -A $appname -d $lan_ip/24 -j RETURN
	iptables -t nat -A $appname -d $wanip/24 -j RETURN
	iptables -t nat -A $appname -d $ss_server_ip/32 -j RETURN
	
 	iptables -t nat -N $appname-ppp
        iptables -t nat -A PREROUTING -i ppp+ -j $appname-ppp
        iptables -t nat -A $appname-ppp -i pppoe-wan -j RETURN
	iptables -t nat -A $appname-ppp -m salist --salist local --match-dip -j RETURN
        iptables -t nat -A $appname-ppp -m salist --salist hiwifi --match-dip -j RETURN
        iptables -t nat -A $appname-ppp -d $lan_ip/24 -j RETURN
        iptables -t nat -A $appname-ppp -d $wanip/24 -j RETURN
        iptables -t nat -A $appname-ppp -d $ss_server_ip/32 -j RETURN
	
	iptables -t nat -N $appname-OUTPUT
	iptables -t nat -A OUTPUT -p tcp -j $appname-OUTPUT
	iptables -t nat -A $appname-OUTPUT -m salist --salist local --match-dip -j RETURN
	iptables -t nat -A $appname-OUTPUT -m salist --salist hiwifi --match-dip -j RETURN
	iptables -t nat -A $appname-OUTPUT -d $lan_ip/24 -j RETURN
	iptables -t nat -A $appname-OUTPUT -d $wanip/24 -j RETURN
	iptables -t nat -A $appname-OUTPUT -d $ss_server_ip/32 -j RETURN
	iptables -t nat -A $appname-OUTPUT -d $antixxx_dns_server_ip -p tcp --dport 53 -j DNAT --to-destination $lan_ip:$ss_local_port
case $mode in
	game)
		iptables -t nat -A $appname -m salist --salist china --match-dip -j RETURN
		iptables -t nat -A $appname -p tcp -j DNAT --to-destination $lan_ip:$ss_local_port

                iptables -t nat -A $appname-ppp -m salist --salist china --match-dip -j RETURN
                iptables -t nat -A $appname-ppp -p tcp -j DNAT --to-destination $lan_ip:$ss_local_port

	        iptables -t nat -A $appname-OUTPUT -m salist --salist china --match-dip -j RETURN
		iptables -t nat -A $appname-OUTPUT -p tcp -j DNAT --to-destination $lan_ip:$ss_local_port
	;;
	whole)
		iptables -t nat -A $appname -p tcp -j DNAT --to-destination $lan_ip:$ss_local_port
		
		iptables -t nat -A $appname-ppp -p tcp -j DNAT --to-destination $lan_ip:$ss_local_port
		
		iptables -t nat -A $appname-OUTPUT -p tcp -j DNAT --to-destination $lan_ip:$ss_local_port
	;;
	china)
		iptables -t nat -A $appname -p tcp --dport 80 -m salist --salist china --match-dip -j DNAT --to-destination $lan_ip:$ss_local_port
		iptables -t nat -A $appname -p tcp --dport 443 -m salist --salist china --match-dip -j DNAT --to-destination $lan_ip:$ss_local_port
		
		iptables -t nat -A $appname-ppp -p tcp --dport 80 -m salist --salist china --match-dip -j DNAT --to-destination $lan_ip:$ss_local_port
                iptables -t nat -A $appname-ppp -p tcp --dport 443 -m salist --salist china --match-dip -j DNAT --to-destination $lan_ip:$ss_local_port

		iptables -t nat -A $appname-OUTPUT -p tcp --dport 80 -m salist --salist china --match-dip -j DNAT --to-destination $lan_ip:$ss_local_port
		iptables -t nat -A $appname-OUTPUT -p tcp --dport 443 -m salist --salist china --match-dip -j DNAT --to-destination $lan_ip:$ss_local_port
		;;
	*)
		iptables -t nat -A $appname -m salist --salist china --match-dip -j RETURN
		iptables -t nat -A $appname -p tcp --dport 80 -j DNAT --to-destination $lan_ip:$ss_local_port
		iptables -t nat -A $appname -p tcp --dport 443 -j DNAT --to-destination $lan_ip:$ss_local_port
		
		iptables -t nat -A $appname-ppp -m salist --salist china --match-dip -j RETURN
                iptables -t nat -A $appname-ppp -p tcp --dport 80 -j DNAT --to-destination $lan_ip:$ss_local_port
                iptables -t nat -A $appname-ppp -p tcp --dport 443 -j DNAT --to-destination $lan_ip:$ss_local_port

		iptables -t nat -A $appname-OUTPUT -m salist --salist china --match-dip -j RETURN
		iptables -t nat -A $appname-OUTPUT -p tcp --dport 53 -j DNAT --to-destination $lan_ip:$ss_local_port
		iptables -t nat -A $appname-OUTPUT -p tcp --dport 80 -j DNAT --to-destination $lan_ip:$ss_local_port
		iptables -t nat -A $appname-OUTPUT -p tcp --dport 443 -j DNAT --to-destination $lan_ip:$ss_local_port
	;;
	esac
}

rs_iptables_del() {
	iptables -t nat -D PREROUTING -i br-lan -j $appname
	iptables -t nat -F $appname
	iptables -t nat -X $appname
	iptables -t nat -D PREROUTING -i ppp+ -j $appname-ppp
        iptables -t nat -F $appname-ppp
        iptables -t nat -X $appname-ppp
        iptables -t nat -D OUTPUT -p tcp -j $appname-OUTPUT
        iptables -t nat -F $appname-OUTPUT
        iptables -t nat -X $appname-OUTPUT
}


ss_getconfig

start() {
	touch /tmp/ss-redir.error
        echo `date +%Y-%m-%d-%H:%M:%S`" ss-redir begin start " >> /tmp/ss-redir.log
	awk '{print "server=/."$1"/127.0.0.1#1053"}' /etc/SSdiyDNS.conf > /tmp/dnsmasq.d/0.conf
	cp -a /etc/ThirdFlameDNS.conf /tmp/dnsmasq.d/1.conf
	pdnsdconfigmodify=`cat /etc/pdnsd.conf | grep -c ThirdFlameModify141124`
	if [ ! -f /etc/pdnsd.conf.bak ];
	then
	     cp -a /etc/pdnsd.conf /etc/pdnsd.conf.bak
	fi
        cat /etc/THPdnsd-part.conf > /etc/pdnsd.conf
        echo "        ip = "$antixxx_dns_server_ip";" >> /etc/pdnsd.conf
        echo "}" >> /etc/pdnsd.conf
        echo "#ThirdFlameModify141124" >> /etc/pdnsd.conf	
	/etc/init.d/dnsmasq restart 1>/dev/null 2>&1
	/etc/init.d/pdnsd restart 1>/dev/null 2>&1
	echo `date +%Y-%m-%d-%H:%M:%S`" restart pdnsd " >> /tmp/ss-redir.log
	CreatSsConfigFile
	/usr/bin/ss-redir -c /etc/shadowsocks.json -f /var/run/shadowsocks.pid
	rs_iptables_add
        if [ "`ps | grep pdnsd | grep -c -v grep`" != "1" ]; then
		echo `date +%Y-%m-%d-%H:%M:%S`" pdnsd process not exist" >> /tmp/ss-redir.log
                sleep 3
		echo `date +%Y-%m-%d-%H:%M:%S`" restart pdnsd" >> /tmp/ss-redir.log
                /etc/init.d/pdnsd restart 1>/dev/null 2>&1
		sleep 2
        else
		echo `date +%Y-%m-%d-%H:%M:%S`" pdnsd is running" >> /tmp/ss-redir.log
	fi
        if [ "`ps | grep pdnsd | grep -c -v grep`" != "1" ]; then
            echo `date +%Y-%m-%d-%H:%M:%S`" pdnsd start faulty" >> /tmp/ss-redir.log
        fi                     
	echo `date +%Y-%m-%d-%H:%M:%S`" ss-redir end start " >> /tmp/ss-redir.log
}
	
stop() {
	echo `date +%Y-%m-%d-%H:%M:%S`" ss-redir begin stop " >> /tmp/ss-redir.log
	rm -rf /tmp/dnsmasq.d/ThirdFlameDNS.conf
	rm -rf /tmp/dnsmasq.d/SSdiyDNS.conf
	/etc/init.d/dnsmasq restart 1>/dev/null 2>&1
	/etc/init.d/pdnsd stop 1>/dev/null 2>&1 
	rs_iptables_del 1>/dev/null 2>&1
	rm -rf /etc/shadowsocks.json
	kill -9 `ps | grep "/usr/bin/ss-redir -c /etc/shadowsocks.json" | grep -v grep | awk '{print $1}'` 1>/dev/null 2>&1
	rs_iptables_del 1>/dev/null 2>&1
	kill -9 `ps | grep "/usr/bin/ss-redir -c /etc/shadowsocks.json"  | grep -v grep | awk '{print $1}'` 1>/dev/null 2>&1
	echo `date +%Y-%m-%d-%H:%M:%S`" ss-redir end stop " >> /tmp/ss-redir.log
}

