#!/bin/sh /etc/rc.common
# shellcheck disable=SC2034,SC3043

USE_PROCD=1
START=99

NAME="ua3f"
PROG="/usr/bin/$NAME"

start_service() {
    config_load "$NAME"

    local enabled
    config_get_bool enabled "enabled" "enabled" "0"
    [ "$enabled" -eq "1" ] || return 0

    local server_mode port bind ua log_level ua_regex partial_replace
    local rewrite_mode header_rewrite body_rewrite url_redirect
    config_get server_mode "main" "server_mode" "TPROXY"
    config_get port "main" "port" "1080"
    config_get bind "main" "bind" "127.0.0.1"
    config_get ua "main" "ua" "FFF"
    config_get ua_regex "main" "ua_regex" ""
    config_get_bool partial_replace "main" "partial_replace" 0
    config_get log_level "main" "log_level" "WARN"
    config_get rewrite_mode "main" "rewrite_mode" "GLOBAL"
    config_get header_rewrite "main" "header_rewrite" ""
    config_get body_rewrite "main" "body_rewrite" ""
    config_get url_redirect "main" "url_redirect" ""

    local l3_rewrite_ttl l3_rewrite_ipid l3_rewrite_tcpts l3_rewrite_tcpwin l3_rewrite_block_quic l3_rewrite_bpf_offload
    config_get_bool l3_rewrite_ttl "main" "l3_rewrite_ttl" 0
    config_get_bool l3_rewrite_ipid "main" "l3_rewrite_ipid" 0
    config_get_bool l3_rewrite_tcpts "main" "l3_rewrite_tcpts" 0
    config_get_bool l3_rewrite_tcpwin "main" "l3_rewrite_tcpwin" 0
    config_get_bool l3_rewrite_block_quic "main" "l3_rewrite_block_quic" 0
    config_get_bool l3_rewrite_bpf_offload "main" "l3_rewrite_bpf_offload" 0

    local desync_reorder desync_reorder_bytes desync_reorder_packets desync_ports
    config_get_bool desync_reorder "main" "desync_reorder" 0
    if [ "$desync_reorder" -eq "1" ]; then
        config_get desync_reorder_bytes "main" "desync_reorder_bytes" "1500"
        config_get desync_reorder_packets "main" "desync_reorder_packets" "8"
    fi
    local desync_inject desync_inject_ttl
    config_get_bool desync_inject "main" "desync_inject" 0
    if [ "$desync_inject" -eq "1" ]; then
        config_get desync_inject_ttl "main" "desync_inject_ttl" "3"
    fi
    config_get desync_ports "main" "desync_ports" ""

    procd_open_instance "$NAME"
    procd_set_param command "$PROG"
    procd_append_param command -m "$server_mode"
    procd_append_param command -p "$port"
    procd_append_param command -b "$bind"
    procd_append_param command -f "$ua"
    procd_append_param command -r "$ua_regex"
    procd_append_param command -l "$log_level"
    procd_append_param command -x "$rewrite_mode"
    procd_append_param command --header-rewrite "$header_rewrite"
    procd_append_param command --body-rewrite "$body_rewrite"
    procd_append_param command --url-redirect "$url_redirect"
    [ "$partial_replace" = "1" ] && procd_append_param command -s

    procd_append_param env UA3F_L3_REWRITE_TTL="$l3_rewrite_ttl"
    procd_append_param env UA3F_L3_REWRITE_IPID="$l3_rewrite_ipid"
    procd_append_param env UA3F_L3_REWRITE_TCPTS="$l3_rewrite_tcpts"
    procd_append_param env UA3F_L3_REWRITE_TCPWIN="$l3_rewrite_tcpwin"
    procd_append_param env UA3F_L3_REWRITE_BLOCK_QUIC="$l3_rewrite_block_quic"
    procd_append_param env UA3F_L3_REWRITE_BPF_OFFLOAD="$l3_rewrite_bpf_offload"

    procd_append_param env UA3F_DESYNC_REORDER="$desync_reorder"
    procd_append_param env UA3F_DESYNC_REORDER_BYTES="$desync_reorder_bytes"
    procd_append_param env UA3F_DESYNC_REORDER_PACKETS="$desync_reorder_packets"
    procd_append_param env UA3F_DESYNC_INJECT="$desync_inject"
    procd_append_param env UA3F_DESYNC_INJECT_TTL="$desync_inject_ttl"
    procd_append_param env UA3F_DESYNC_PORTS="$desync_ports"

    local mitm_enabled mitm_ca_p12_base64 mitm_ca_passphrase mitm_hostname mitm_skip_verify
    config_get_bool mitm_enabled "main" "mitm_enabled" 0
    if [ "$mitm_enabled" -eq "1" ]; then
        config_get mitm_ca_p12_base64 "main" "mitm_ca_p12_base64" ""
        config_get mitm_ca_passphrase "main" "mitm_ca_passphrase" ""
        config_get mitm_hostname "main" "mitm_hostname" ""
        config_get_bool mitm_skip_verify "main" "mitm_skip_verify" 0
        procd_append_param command --mitm
        [ -n "$mitm_ca_p12_base64" ] && procd_append_param command --mitm-ca-p12-base64 "$mitm_ca_p12_base64"
        [ -n "$mitm_ca_passphrase" ] && procd_append_param command --mitm-ca-passphrase "$mitm_ca_passphrase"
        [ -n "$mitm_hostname" ] && procd_append_param command --mitm-hostname "$mitm_hostname"
        [ "$mitm_skip_verify" = "1" ] && procd_append_param command --mitm-insecure-skip-verify
    fi

    procd_set_param respawn
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_set_param limits nproc="unlimited" as="unlimited" memlock="unlimited" nofile="65535 65535"
    procd_set_param pidfile "/var/run/$NAME.pid"

    procd_close_instance
}

reload_service() {
    stop
    start
}

service_triggers() {
    procd_add_reload_trigger "$NAME"
}