shadowsocks-libev: ss-rules: nft rule cleanup on reload

Remove nft rules file generated by ss-rules if ss-rules was or should be
turned off for by configuration.  Use "fw4 restart" instead of "fw4
reload" to force the runtime rule reloading

Ref: https://github.com/openwrt/packages/pull/17937#issuecomment-1207357037
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

diff --git a/net/shadowsocks-libev/Makefile b/net/shadowsocks-libev/Makefile
index 4fa49a956de22368e86e883826429a2421acc16c..d5072e51e035945d587030b8c51165f02c29ae32 100644 (file)
--- a/net/shadowsocks-libev/Makefile
+++ b/net/shadowsocks-libev/Makefile
@@ -14,7 +14,7 @@ include $(TOPDIR)/rules.mk
 #
 PKG_NAME:=shadowsocks-libev
 PKG_VERSION:=3.3.5
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)

diff --git a/net/shadowsocks-libev/files/shadowsocks-libev.init b/net/shadowsocks-libev/files/shadowsocks-libev.init
index d0bfde71f4ab8bee7865f47e20d64257b9744be4..f9aee76a78e985aef55612d42982dfea217d9127 100644 (file)
--- a/net/shadowsocks-libev/files/shadowsocks-libev.init
+++ b/net/shadowsocks-libev/files/shadowsocks-libev.init
@@ -112,7 +112,7 @@ ss_rules_cb() {
        fi
 }
 
-ss_rules() {
+ss_rules_nft_gen() {
        local cfg="ss_rules"
        local cfgtype
        local local_port_tcp local_port_udp
@@ -125,7 +125,7 @@ ss_rules() {
 
        eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
        validate_ss_rules_section "$cfg" || return 1
-       [ "$disabled" = 0 ] || return 0
+       [ "$disabled" = 0 ] || return 2
 
        eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
        eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
@@ -161,7 +161,7 @@ ss_rules() {
                echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
                if nft -f "$tmp.nft.chk" -c; then
                        mv "$tmp.nft" "$ssrules_nft"
-                       fw4 reload
+                       fw4 restart
                fi
                rm -f "$tmp.nft.chk"
        fi
@@ -169,6 +169,19 @@ ss_rules() {
        rm -f "$tmp.nft"
 }
 
+ss_rules_nft_reset() {
+       if [ -f "$ssrules_nft" ]; then
+               rm -f "$ssrules_nft"
+               fw4 restart
+       fi
+}
+
+ss_rules() {
+       if ! ss_rules_nft_gen; then
+               ss_rules_nft_reset
+       fi
+}
+
 start_service() {
        local cfgtype
 
@@ -181,10 +194,7 @@ start_service() {
 }
 
 stop_service() {
-       if [ -f "$ssrules_nft" ]; then
-               rm -f "$ssrules_nft"
-               fw4 reload
-       fi
+       ss_rules_nft_reset
        rm -rf "$ss_confdir"
 }