if ! [ -d "/data/adb/zapret" ]; then
    echo "Creating directory for zapret...";
    mkdir -p "/data/adb/zapret";
    cat > "/data/adb/zapret/DPI_list.txt" << EOL
rutracker.org
ntc.party
prostovpn.org
discord.com
discord.gg
discordapp.com
discordapp.net
discord.app
discord.media
discordcdn.com
discord.dev
discord.new
discord.gift
discordstatus.com
dis.gd
discord.co
discord-attachments-uploads-prd.storage.googleapis.com
EOL
    chmod 666 "/data/adb/zapret/DPI_list.txt";
fi;

if ! [ -e "/data/adb/zapret/DPI_ignore.txt" ]; then echo -n "" > "/data/adb/zapret/DPI_ignore.txt"; chmod 666 "/data/adb/zapret/DPI_ignore.txt"; fi;

if [ "$1" == "start" ]; then

    check_iptables_support() {
        if iptables -t mangle -A POSTROUTING -p tcp -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -j ACCEPT 2>/dev/null; then
            iptables -t mangle -D POSTROUTING -p tcp -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -j ACCEPT 2>/dev/null
            echo "2"
        else
            echo "3"
        fi
    }
    use_iptables=$(check_iptables_support)

    echo "Starting zapret..."; 
    hostlist="--hostlist-auto=/data/adb/zapret/DPI_list.txt --hostlist-exclude=/data/adb/zapret/DPI_ignore.txt";
    config="--filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig $hostlist --new";
    config="$config --filter-tcp=443 --hostlist=/etc/list-youtube.txt --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls=/etc/tls_clienthello_www_google_com.bin --new"
    config="$config --filter-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-repeats=6 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig $hostlist --new";
    config="$config --filter-udp=50000-50099 --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-fake-quic=0xC30000000108 --new";
    config="$config --filter-udp=443 --hostlist=/etc/list-youtube.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/etc/quic_initial_www_google_com.bin --new";
    config="$config --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 $hostlist";

    sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1 > /dev/null;
    cbOrig="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:12 -m mark ! --mark 0x40000000/0x40000000";
    cbReply="-m connbytes --connbytes-dir=reply --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000";

    iptAdd() {
        if [[ "$use_iptables" == "3" ]]; then cbOrig=""; cbReply=""; fi;
        iptDPort="--dport $2"; iptSPort="--sport $2";
        iptables -t mangle -I POSTROUTING -p $1 $iptDPort $cbOrig -j NFQUEUE --queue-num 200 --queue-bypass;
        iptables -t mangle -I PREROUTING -p $1 $iptSPort $cbReply -j NFQUEUE --queue-num 200 --queue-bypass;
    }

    iptMultiPort() {
        for current_port in $2; do
            if [[ $current_port == *-* ]]; then
                for i in $(seq ${current_port%-*} ${current_port#*-}); do 
                    iptAdd "$1" "$i"; 
                done
            else 
                iptAdd "$1" "$current_port"; 
            fi
        done
    }

    tcp_ports="$(echo $config | grep -oE 'filter-tcp=[0-9,-]+' | sed -e 's/.*=//g' -e 's/,/\n/g' -e 's/ /,/g' | sort -un)";
    udp_ports="$(echo $config | grep -oE 'filter-udp=[0-9,-]+' | sed -e 's/.*=//g' -e 's/,/\n/g' -e 's/ /,/g' | sort -un)";
    iptMultiPort "tcp" "$tcp_ports";
    iptMultiPort "udp" "$udp_ports";

    nfqws --uid=0:0 --qnum=200 $config > /dev/null & 
    echo "zapret service started!"; return 0; fi

if [ "$1" == "stop" ]; then
iptables -t mangle -F PREROUTING; iptables -t mangle -F POSTROUTING;
kill "$(pidof nfqws)";
echo "zapret service stopped!"; return 0; fi;


if [ -z "$1" ]; then
echo "Usage: zapret start or zapret stop. Based on https://github.com/bol-van/zapret/nfqws"; fi;
