Improve mask parsing algorithm, now allowed all subnets divisible by 4. Resolve #10

Theodikes · Theodikes · commit 78afe591978f · 2023-11-14T19:22:33.000-08:00
diff --git a/README.md b/README.md
@@ -43,11 +43,11 @@ Proxy server will stopped, all configuration files, firewalls, shedulers and so
 
 **Command line arguments:**
 
-- `-s` or `--subnet` - IPv6 [subnet](https://docs.netgate.com/pfsense/en/latest/network/ipv6/subnets.html), fully dedicated for your server. `16`, `32`, `48`, `64`, `80`, `96` or `112`, default `64`
+- `-s` or `--subnet` - IPv6 [subnet](https://docs.netgate.com/pfsense/en/latest/network/ipv6/subnets.html), fully allocated on your server. Any subnet divisible by 4 (for example, `48` or `56`), default `64`
 - `-c` or `--proxy-count` - The total number of proxies you want to have (from 1 to 10000)
 - `-t` or `--proxies-type` - Proxies type - `http` or `socks5`. Default `http`, if no value provided
 - `-u` or `--username` - All proxies auth login
-- `-p` or `--password` - All proxies auth password (if you specify neither username not password, proxy will run without authentification)
+- `-p` or `--password` - All proxies auth password (if you specify neither username not password, proxy will run without authentication)
 - `--random` - bool parameter without value, if used, each backconnect proxy will have random username and password, that will be written in backconnect proxies file (`-f` argument)
 - `--start-port` - backconnect IPv4 start port. If you create 1500 proxies and `start-port` is `20000`, and server external IPv4 is, e.g,`180.113.14.28` you can connect to proxies using `180.113.14.28:20000`, `180.113.14.28:20001` and so on until `180.113.14.28:21500`
 - `-r` or `--rotating-interval` - rotation interval of entire proxy pool in minutes. At the end of each interval, output (external IPv6) addresses of all proxies are changed and proxy server is restarted, which breaks existing connections for a few seconds. From 0 to 59, default value - `0` (rotating disabled)
diff --git a/ipv6-proxy-server.sh b/ipv6-proxy-server.sh
@@ -93,15 +93,6 @@ function is_auth_used(){
   if [ -z $user ] && [ -z $password] && [ $use_random_auth = false ]; then false; return; else true; return; fi;
 }
 
-function get_subnet_mask(){
-  if [ -z $subnet_mask ]; then 
-    blocks_count=$((($subnet / 16) - 1));
-    subnet_mask="$(ip -6 addr|awk '{print $2}'|grep -m1 -oP '^(?!fe80)([0-9a-fA-F]{1,4}:){'$blocks_count'}[0-9a-fA-F]{1,4}'|cut -d '/' -f1)";
-  fi;
-
-  echo $subnet_mask;
-}
-
 function check_startup_parameters(){
   # Check validity of user provided arguments
   re='^[0-9]+$'
@@ -125,8 +116,8 @@ function check_startup_parameters(){
     usage;
   fi;
 
-  if [ $(expr $subnet % 16) != 0 ]; then
-    echo_log_err "Error: invalid value of '-s' (subnet) parameter";
+  if [ $(expr $subnet % 4) != 0 ]; then
+    echo_log_err "Error: invalid value of '-s' (subnet) parameter, must be divisible by 4";
     usage;
   fi;
 
@@ -194,6 +185,45 @@ function create_random_string(){
   tr -dc A-Za-z0-9 </dev/urandom | head -c $1 ; echo ''
 }
 
+function kill_3proxy(){
+  ps -ef | awk '/[3]proxy/{print $2}' | while read -r pid; do
+    kill $pid
+  done;
+}
+
+function remove_ipv6_addresses_from_iface(){
+  if test -f $random_ipv6_list_file; then
+    # Remove old ips from interface
+    for ipv6_address in $(cat $random_ipv6_list_file); do ip -6 addr del $ipv6_address dev $interface_name; done;
+    rm $random_ipv6_list_file; 
+  fi;
+}
+
+function get_subnet_mask(){
+  if [ -z $subnet_mask ]; then
+    # If we parse addresses from iface and want to use lower subnets, we need to clean existing proxy from interface before parsing
+    if is_proxyserver_running; then kill_3proxy; fi;
+    if is_proxyserver_installed; then remove_ipv6_addresses_from_iface; fi;
+    
+    full_blocks_count=$(($subnet / 16));
+    # Full external ipv6 address, allocated to the interface
+    ipv6=$(ip -6 addr | awk '{print $2}' | grep -m1 -oP '^(?!fe80)([0-9a-fA-F]{1,4}:)+[0-9a-fA-F]{1,4}' | cut -d '/' -f1);
+
+    subnet_mask=$(echo $ipv6 | grep -m1 -oP '^(?!fe80)([0-9a-fA-F]{1,4}:){'$(($full_blocks_count-1))'}[0-9a-fA-F]{1,4}');
+    if [ $(expr $subnet % 16) -ne 0 ]; then
+      # Get last "uncomplete" block: if we want /68 subnet, get block from 64 to 80
+      block_part=$(echo $ipv6 | awk -v block=$(($full_blocks_count + 1)) -F ':' '{print $block}' | tr -d ' ');
+      # Because leading zeros can be skipped in the block, we need to add them if needed
+      while ((${#block_part} < 4)); do block_part="0$block_part"; done;
+      # Get part of block needed for subnet mask: if we want /72 subnet, we get 2 symbols - (72 (subnet) - 64 (full 4 blocks)) / 4 (2^4) in one hex digit
+      symbols_to_include=$(echo $block_part | head -c $(($(expr $subnet % 16) / 4)));
+      subnet_mask="$subnet_mask:$symbols_to_include";
+    fi;
+  fi;
+
+  echo $subnet_mask;
+}
+
 function delete_file_if_exists(){
   if test -f $1; then rm $1; fi;
 }
@@ -296,7 +326,7 @@ function configure_ipv6(){
   required_options=("conf.$interface_name.proxy_ndp" "conf.all.proxy_ndp" "conf.default.forwarding" "conf.all.forwarding" "ip_nonlocal_bind");
   for option in ${required_options[@]}; do
     full_option="net.ipv6.$option=1";
-    if ! cat /etc/sysctl.conf | grep -v "#" | grep $full_option; then echo $full_option >> /etc/sysctl.conf; fi;
+    if ! cat /etc/sysctl.conf | grep -v "#" | grep -q $full_option; then echo $full_option >> /etc/sysctl.conf; fi;
   done;
   sysctl -p &>> $script_log_file;
 
@@ -352,20 +382,6 @@ function generate_random_users_if_needed(){
   done;
 }
 
-function kill_3proxy(){
-  ps -ef | awk '/[3]proxy/{print $2}' | while read -r pid; do
-    kill $pid
-  done;
-}
-
-function remove_ipv6_addresses_from_iface(){
-  if test -f $random_ipv6_list_file; then
-    # Remove old ips from interface
-    for ipv6_address in $(cat $random_ipv6_list_file); do ip -6 addr del $ipv6_address dev $interface_name; done;
-    rm $random_ipv6_list_file; 
-  fi;
-}
-
 function create_startup_script(){
   delete_file_if_exists $startup_script_path;
 
