luci-app-ssr-plus: add redirect to tunnel support

2025-04-16 04:13:31 +00:00 · 2020-03-05 01:45:20 -08:00 · 2020-03-05 01:45:20 -08:00 · 15e72a7500
commit 15e72a7500
parent 869b8aad0a
7 changed files with 176 additions and 22 deletions
--- a/package/lean/luci-app-ssr-plus/Makefile
+++ b/package/lean/luci-app-ssr-plus/Makefile
@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ssr-plus
-PKG_VERSION:=161
-PKG_RELEASE:=1
+PKG_VERSION:=162
+PKG_RELEASE:=5

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)

@ -44,7 +44,7 @@ define Package/$(PKG_NAME)
 	SUBMENU:=3. Applications
 	TITLE:=SS/SSR/V2Ray/Trojan LuCI interface
 	PKGARCH:=all
-	DEPENDS:=+shadowsocksr-libev-alt +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +pdnsd-alt +wget +lua +ipt2socks +microsocks +dns2socks \
+	DEPENDS:=+shadowsocksr-libev-alt +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +pdnsd-alt +wget +lua +redsocks2 +microsocks +dns2socks \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-redir \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Simple_obfs:simple-obfs \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_plugin:v2ray-plugin \
--- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@ -131,20 +131,38 @@ end
 if nixio.fs.access("/usr/sbin/trojan") then
 o:value("trojan", translate("Trojan"))
 end
-if nixio.fs.access("/usr/bin/ipt2socks") then
+if nixio.fs.access("/usr/sbin/redsocks2") then
 o:value("socks5", translate("Socks5"))
+o:value("tun", translate("Network Tunnel"))
 end
 o.description = translate("Using incorrect encryption mothod may causes service fail to start")

 o = s:option(Value, "alias", translate("Alias(optional)"))

+o = s:option(ListValue, "iface", translate("Network interface to use"))
+for _, e in ipairs(sys.net.devices()) do
+		if e ~= "lo" then o:value(e) end
+end
+o:depends("type", "tun")
+o.description = translate("Redirect traffic to this network interface")
+
 o = s:option(Value, "server", translate("Server Address"))
 o.datatype = "host"
 o.rmempty = false
+o:depends("type", "ssr")
+o:depends("type", "ss")
+o:depends("type", "v2ray")
+o:depends("type", "trojan")
+o:depends("type", "socks5")

 o = s:option(Value, "server_port", translate("Server Port"))
 o.datatype = "port"
 o.rmempty = false
+o:depends("type", "ssr")
+o:depends("type", "ss")
+o:depends("type", "v2ray")
+o:depends("type", "trojan")
+o:depends("type", "socks5")

 o = s:option(Flag, "auth_enable", translate("Enable Authentication"))
 o.rmempty = false
--- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
+++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
@ -100,7 +100,7 @@ end

 o = s:option(DummyValue, "server_port", translate("Server Port"))
 function o.cfgvalue(...)
-	return Value.cfgvalue(...) or "?"
+	return Value.cfgvalue(...) or "N/A"
 end

 o = s:option(DummyValue, "switch_enable", translate("Auto Switch"))
--- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@ -401,7 +401,7 @@ msgid "GFW List"
 msgstr "GFW列表"

 msgid "ShadowSocksR Plus+ Settings"
-msgstr "ShadowSocksR Plus+ 设置（支持SS/SSR/V2RAY/TROJAN/SOCKS5）"
+msgstr "ShadowSocksR Plus+ 设置（支持SS/SSR/V2RAY/TROJAN/SOCKS5/TUN）"

 msgid "Main Server"
 msgstr "主服务器"
@ -630,3 +630,6 @@ msgstr "启用 用户名/密码 认证"

 msgid "SOCKS5 Proxy Server"
 msgstr "SOCKS5 代理服务端"
+
+msgid "Redirect traffic to this network interface"
+msgstr "分流到这个网络接口"
--- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -287,7 +287,9 @@ start_redir() {
 	elif [ "$stype" == "trojan" ]; then
 		sscmd="/usr/sbin/trojan"
 	elif [ "$stype" == "socks5" ]; then
-		sscmd="/usr/bin/ipt2socks"
+		sscmd="/usr/sbin/redsocks2"
+	elif [ "$stype" == "tun" ]; then
+		sscmd="/usr/sbin/redsocks2"
 	fi
 	local utype=$(uci_get_by_name $UDP_RELAY_SERVER type)
 	if [ "$utype" == "ss" ]; then
@ -300,7 +302,9 @@ start_redir() {
 	elif [ "$utype" == "trojan" ]; then
 		ucmd="/usr/sbin/trojan"
 	elif [ "$stype" == "socks5" ]; then
-		ucmd="/usr/bin/ipt2socks"
+		ucmd="/usr/sbin/redsocks2"
+	elif [ "$stype" == "tun" ]; then
+		ucmd="/usr/sbin/redsocks2"
 	fi
 	if [ "$(uci_get_by_type global threads 0)" == "0" ]; then
 		threads=$(cat /proc/cpuinfo | grep 'processor' | wc -l)
@ -324,15 +328,18 @@ start_redir() {
 	done
 	echo "$(date "+%Y-%m-%d %H:%M:%S") $($sscmd --version 2>&1 | head -1) , $threads Threads Started!" >>/tmp/ssrplus.log
 	elif [ "$stype" == "socks5" ]; then
+	/usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-retcp.conf" socks5 tcp $(uci_get_by_name $GLOBAL_SERVER local_port) $(uci_get_by_name $GLOBAL_SERVER server) $(uci_get_by_name $GLOBAL_SERVER server_port) \
+	$(uci_get_by_name $GLOBAL_SERVER auth_enable 0) $(uci_get_by_name $GLOBAL_SERVER username) $(uci_get_by_name $GLOBAL_SERVER password)
 	for i in $(seq 1 $threads); do
-    if [ "$(uci_get_by_name $GLOBAL_SERVER auth_enable 0)" == "0" ]; then
-      $sscmd -T -4 -b 0.0.0.0 -s $(uci_get_by_name $GLOBAL_SERVER server) -p $(uci_get_by_name $GLOBAL_SERVER server_port) -l $(uci_get_by_name $GLOBAL_SERVER local_port) -R ssr-retcp >/dev/null 2>&1 &
-    else
-      $sscmd -T -4 -b 0.0.0.0 -s $(uci_get_by_name $GLOBAL_SERVER server) -p $(uci_get_by_name $GLOBAL_SERVER server_port) -a $(uci_get_by_name $GLOBAL_SERVER username) \
-      -k $(uci_get_by_name $GLOBAL_SERVER password) -l $(uci_get_by_name $GLOBAL_SERVER local_port) -R ssr-retcp >/dev/null 2>&1 &
-    fi
+      $sscmd -c /var/etc/redsocks-ssr-retcp.conf >/dev/null 2>&1
  done
-  echo "$(date "+%Y-%m-%d %H:%M:%S") Socks5 REDIRECT/TPROXY, $threads Threads Started!" >>/tmp/ssrplus.log
+  echo "$(date "+%Y-%m-%d %H:%M:%S") Socks5 REDIRECT/TPROXY $threads Threads Started!" >>/tmp/ssrplus.log
+  elif [ "$stype" == "tun" ]; then
+  /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-retcp.conf" vpn $(uci_get_by_name $GLOBAL_SERVER iface "br-lan") $(uci_get_by_name $GLOBAL_SERVER local_port)
+  for i in $(seq 1 $threads); do
+      $sscmd -c /var/etc/redsocks-ssr-retcp.conf >/dev/null 2>&1
+  done
+  echo "$(date "+%Y-%m-%d %H:%M:%S") Network Tunnel REDIRECT $threads Threads Started!" >>/tmp/ssrplus.log
 	fi
 	if [ -n "$UDP_RELAY_SERVER" ]; then
 		redir_udp=1
@ -353,14 +360,15 @@ start_redir() {
 			lua /usr/share/shadowsocksr/gentrojanconfig.lua $GLOBAL_SERVER client 10801 >/var/etc/trojan-ssr-reudp.json
 			sed -i 's/\\//g' /var/etc/trojan-ssr-reudp.json
 			$ucmd --config /var/etc/trojan-ssr-reudp.json >/dev/null 2>&1 &
-			ipt2socks -U -4 -b 0.0.0.0 -s 127.0.0.1 -p 10801 -l $(uci_get_by_name $UDP_RELAY_SERVER local_port) >/dev/null 2>&1 &
+			/usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-reudp.conf" socks5 udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) 127.0.0.1 10801 0
+			/usr/sbin/redsocks2 -c /var/etc/redsocks-ssr-reudp.conf >/dev/null 2>&1
 		elif [ "$utype" == "socks5" ]; then
-      if [ "$(uci_get_by_name $GLOBAL_SERVER auth_enable 0)" == "0" ]; then
-        $ucmd -4 -b 0.0.0.0 -s $(uci_get_by_name $UDP_RELAY_SERVER server) -p $(uci_get_by_name $UDP_RELAY_SERVER server_port) -l $(uci_get_by_name $UDP_RELAY_SERVER local_port) -U ssr-reudp >/dev/null 2>&1 &
-      else
-        $ucmd -4 -b 0.0.0.0 -s $(uci_get_by_name $UDP_RELAY_SERVER server) -p $(uci_get_by_name $UDP_RELAY_SERVER server_port) -a $(uci_get_by_name $GLOBAL_SERVER username) \
-        -k $(uci_get_by_name $GLOBAL_SERVER password) -l $(uci_get_by_name $UDP_RELAY_SERVER local_port) -U ssr-reudp >/dev/null 2>&1 &
-      fi
+      	/usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-reudp.conf" socks5 udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) $(uci_get_by_name $UDP_RELAY_SERVER server) $(uci_get_by_name $UDP_RELAY_SERVER server_port) \
+      	$(uci_get_by_name $UDP_RELAY_SERVER auth_enable 0) $(uci_get_by_name $UDP_RELAY_SERVER username) $(uci_get_by_name $UDP_RELAY_SERVER password)
+      	$ucmd -c /var/etc/redsocks-ssr-reudp.conf >/dev/null 2>&1
+		elif [ "$stype" == "tun" ]; then
+			redir_udp=0
+			echo "$(date "+%Y-%m-%d %H:%M:%S") Network Tunnel UDP TPROXY Relay not supported!" >>/tmp/ssrplus.log
 		fi
 	fi
 	#deal with dns
@ -554,6 +562,7 @@ stop() {
 	killall -q -9 kcptun-client
 	killall -q -9 dns2socks
 	killall -q -9 microsocks
+	killall -q -9 redsocks2
 	if [ -f /var/run/pdnsd.pid ]; then
 		kill $(cat /var/run/pdnsd.pid) >/dev/null 2>&1
 	else
--- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh
+++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh
@ -0,0 +1,72 @@
+#!/bin/sh
+
+cat <<-EOF >$1
+base {
+	log_debug = off;
+	log_info = off;
+	log = stderr;
+	daemon = on;
+	redirector = iptables;
+	reuseport = on;
+}
+EOF
+
+if [ "$2" == "socks5" ]; then
+  if [ "$3" == "tcp" ]; then
+    if [ "$7" == "0" ]; then
+    cat <<-EOF >>$1
+redsocks {
+  bind = "0.0.0.0:$4";
+  relay = "$5:$6";
+  type = socks5;
+  autoproxy = 0;
+  timeout = 10;
+}
+EOF
+  else
+    cat <<-EOF >>$1
+redsocks {
+  bind = "0.0.0.0:$4";
+  relay = "$5:$6";
+  type = socks5;
+  autoproxy = 0;
+  timeout = 10;
+  login = "$8";
+  password = "$9";
+}
+EOF
+    fi
+  else
+   if [ "$7" == "0" ]; then
+    cat <<-EOF >>$1
+redudp {
+  bind = "0.0.0.0:$4";
+  relay = "$5:$6";
+  type = socks5;
+  udp_timeout = 10;
+}
+EOF
+  else
+    cat <<-EOF >>$1
+redudp {
+  bind = "0.0.0.0:$4";
+  relay = "$5:$6";
+  type = socks5;
+  udp_timeout = 10;
+  login = "$8";
+  password = "$9";
+}
+EOF
+    fi
+  fi
+else
+    cat <<-EOF >>$1
+redsocks {
+  bind = "0.0.0.0:$4";
+  type = direct;
+  interface = $3;
+  autoproxy = 0;
+  timeout = 10;
+}
+EOF
+fi
--- a/package/lean/redsocks2/Makefile
+++ b/package/lean/redsocks2/Makefile
@ -0,0 +1,52 @@
+#
+# Copyright (C) 2014 OpenWrt-dist
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+
+PKG_NAME:=redsocks2
+PKG_VERSION:=0.67
+PKG_RELEASE:=3
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/semigodking/redsocks.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=2b8fe69e4faba9b256808bc664d4c9daedd76f70
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MAINTAINER:=semigodking  <semigodking@gmail.com>
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/redsocks2
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=Redirect any TCP connection to a SOCKS or HTTPS proxy server
+	URL:=https://github.com/semigodking/redsocks
+	DEPENDS:=+libevent2 +libopenssl
+endef
+
+define Package/redsocks2/description
+This is a modified version of original redsocks. \
+The name is changed to be REDSOCKS2 since this release to distinguish with original redsocks. \
+This variant is useful for anti-GFW (Great Fire Wall).
+endef
+
+define Package/redsocks2/conffiles
+/etc/config/redsocks2
+endef
+
+define Build/Compile
+	$(call Build/Compile/Default,DISABLE_SHADOWSOCKS=true)
+endef
+
+define Package/redsocks2/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/redsocks2 $(1)/usr/sbin
+endef
+
+$(eval $(call BuildPackage,redsocks2))