diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile index aaef6b01a..edf07317d 100644 --- a/package/lean/luci-app-ssr-plus/Makefile +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -1,8 +1,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ssr-plus -PKG_VERSION:=175 -PKG_RELEASE:=5 +PKG_VERSION:=176 +PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) @@ -38,10 +38,10 @@ define Package/$(PKG_NAME) SECTION:=luci CATEGORY:=LuCI SUBMENU:=3. Applications - TITLE:=SS/SSR/V2Ray/Trojan LuCI interface + TITLE:=SS/SSR/V2Ray/Trojan/Socks5/Tun LuCI interface PKGARCH:=all DEPENDS:=+shadowsocksr-libev-alt +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +pdnsd-alt +wget +lua +libuci-lua \ - +microsocks +dns2socks +shadowsocks-libev-ss-local +shadowsocksr-libev-ssr-local +shadowsocks-libev-ss-redir +simple-obfs +tcpping \ + +microsocks +dns2socks +shadowsocks-libev-ss-local +shadowsocksr-libev-ssr-local +shadowsocks-libev-ss-redir +simple-obfs +tcpping +resolveip \ +PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_plugin:v2ray-plugin \ +PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray \ +PACKAGE_$(PKG_NAME)_INCLUDE_Trojan:trojan \ @@ -58,23 +58,17 @@ define Build/Compile endef define Package/$(PKG_NAME)/conffiles -/etc/ssr_ip -/etc/china_ssr.txt /etc/config/shadowsocksr -/etc/config/white.list -/etc/config/black.list -/etc/config/netflix.list -/etc/dnsmasq.ssr/ad.conf -/etc/dnsmasq.ssr/gfw_list.conf +/etc/ssr/netflix.list +/etc/ssr/netflixip.list endef define Package/$(PKG_NAME)/install - $(INSTALL_DIR) $(1)/etc - $(INSTALL_DATA) ./root/etc/china_ssr.txt $(1)/etc/china_ssr.txt + $(INSTALL_DIR) $(1)/etc/ssr + $(INSTALL_DATA) ./root/etc/ssr/* $(1)/etc/ssr/ $(INSTALL_DIR) $(1)/etc/config $(INSTALL_CONF) ./root/etc/config/shadowsocksr $(1)/etc/config/shadowsocksr - $(INSTALL_DATA) ./root/etc/config/*.list $(1)/etc/config/ $(INSTALL_DIR) $(1)/etc/dnsmasq.oversea $(INSTALL_DATA) ./root/etc/dnsmasq.oversea/* $(1)/etc/dnsmasq.oversea/ @@ -110,8 +104,8 @@ endef define Package/$(PKG_NAME)/postrm #!/bin/sh -rm -rf /etc/china_ssr.txt /etc/dnsmasq.ssr /etc/dnsmasq.oversea /etc/config/shadowsocksr /etc/config/black.list \ - /etc/config/gfw.list /etc/config/white.list /etc/config/netflix.list /etc/config/netflixip.list 2>/dev/null +rm -rf /etc/ssl/private /etc/dnsmasq.ssr /etc/dnsmasq.oversea /etc/ssr /etc/config/shadowsocksr /etc/china_ssr.txt /etc/config/black.list /etc/config/white.list \ +/etc/config/netflix.list /etc/config/netflixip.list endef $(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua b/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua index 3176ad456..dfe74557f 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua @@ -1,6 +1,5 @@ -- Copyright (C) 2017 yushi studio -- Licensed to the public under the GNU General Public License v3. - module("luci.controller.shadowsocksr", package.seeall) function index() @@ -74,105 +73,50 @@ function refresh_data() local set = luci.http.formvalue("set") local uci = luci.model.uci.cursor() local icount = 0 - if set == "gfw_data" then - refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'gfwlist_url', 'https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt') .. ' > /tmp/gfw.b64' + local retstring = 0 + local function update(url, file, type, file2) + local Num = 1 + refresh_cmd = "wget-ssl --no-check-certificate -t 3 -T 10 -O- " .. url .. " > /tmp/ssr-update." .. type sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") if sret == 0 then - luci.sys.call("/usr/bin/ssr-gfw") - icount = luci.sys.exec("cat /tmp/gfwnew.txt | wc -l") - if tonumber(icount) > 1000 then - if nixio.fs.access("/etc/dnsmasq.ssr/gfw_list.conf") then - oldcount = luci.sys.exec("cat /etc/dnsmasq.ssr/gfw_list.conf | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/gfwnew.txt /etc/dnsmasq.ssr/gfw_list.conf") - luci.sys.exec("cp -f /tmp/gfwnew.txt /tmp/dnsmasq.ssr/gfw_list.conf") - luci.sys.call("/etc/init.d/dnsmasq restart") - retstring = tostring(tonumber(icount)/2) - else - retstring = "0" - end - else - retstring = "-1" + if type == "gfw_data" then + luci.sys.call("/usr/bin/ssr-gfw " .. type) + Num = 2 + end + if type == "ad_data" then + luci.sys.call("/usr/bin/ssr-ad " .. type) + end + local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/ssr-update." .. type .. "' ] && md5sum /tmp/ssr-update." .. type .. " | awk '{print $1}')") + local old_md5 = luci.sys.exec("echo -n $([ -f '" .. file .. "' ] && md5sum " .. file .. " | awk '{print $1}')") + if new_md5 == old_md5 then + retstring = "0" + else + icount = luci.sys.exec("cat /tmp/ssr-update." .. type .. " | wc -l") + luci.sys.exec("cp -f /tmp/ssr-update." .. type .. " " .. file) + if file2 then luci.sys.exec("cp -f /tmp/ssr-update." .. type .. " " .. file2) end + retstring = tostring(tonumber(icount)/Num) + if type == "gfw_data" or type == "ad_data" then + luci.sys.exec("/usr/share/shadowsocksr/gfw2ipset.sh gfw_data") + else + luci.sys.exec("/etc/init.d/shadowsocksr restart &") + end end - luci.sys.exec("rm -f /tmp/gfwnew.txt") else retstring = "-1" end + luci.sys.exec("rm -f /tmp/ssr-update." .. type) + end + if set == "gfw_data" then + update(uci:get_first("shadowsocksr", "global", "gfwlist_url", "https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt"), "/etc/dnsmasq.ssr/gfw_list.conf", set, "/tmp/dnsmasq.ssr/gfw_list.conf") end if set == "ip_data" then - refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'chnroute_url', 'https://ispip.clang.cn/all_cn.txt') .. " > /tmp/china_ssr.txt" - sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") - icount = luci.sys.exec("cat /tmp/china_ssr.txt | wc -l") - if sret == 0 and tonumber(icount) > 1000 then - if nixio.fs.access("/etc/china_ssr.txt") then - oldcount = luci.sys.exec("cat /etc/china_ssr.txt | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/china_ssr.txt /etc/china_ssr.txt") - luci.sys.exec("/etc/init.d/shadowsocksr restart &") - retstring = tostring(tonumber(icount)) - else - retstring = "0" - end - else - retstring = "-1" - end - luci.sys.exec("rm -f /tmp/china_ssr.txt") - end - if set == "nfip_data" then - refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'nfip_url','https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt') .." > /tmp/netflixip.list" - sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") - icount = luci.sys.exec("cat /tmp/netflixip.list | wc -l") - if sret == 0 and tonumber(icount) > 5 then - if nixio.fs.access("/etc/config/netflixip.list") then - oldcount = luci.sys.exec("cat /etc/config/netflixip.list | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/netflixip.list /etc/config/netflixip.list") - luci.sys.exec("/etc/init.d/shadowsocksr restart &") - retstring = tostring(tonumber(icount)) - else - retstring = "0" - end - else - retstring = "-1" - end - luci.sys.exec("rm -f /tmp/netflixip.list") + update(uci:get_first("shadowsocksr", "global", "chnroute_url","https://ispip.clang.cn/all_cn.txt"), "/etc/ssr/china_ssr.txt", set) end if set == "ad_data" then - refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'adblock_url','https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt') .." > /tmp/adnew.conf" - sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") - if sret == 0 then - luci.sys.call("/usr/bin/ssr-ad") - icount = luci.sys.exec("cat /tmp/ad.conf | wc -l") - if tonumber(icount) > 100 then - if nixio.fs.access("/etc/dnsmasq.ssr/ad.conf") then - oldcount = luci.sys.exec("cat /etc/dnsmasq.ssr/ad.conf | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/ad.conf /etc/dnsmasq.ssr/ad.conf") - luci.sys.exec("cp -f /tmp/ad.conf /tmp/dnsmasq.ssr/ad.conf") - luci.sys.call("/etc/init.d/dnsmasq restart") - retstring = tostring(tonumber(icount)) - else - retstring = "0" - end - else - retstring = "-1" - end - luci.sys.exec("rm -f /tmp/ad.conf") - else - retstring = "-1" - end + update(uci:get_first("shadowsocksr", "global", "adblock_url","https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt"), "/etc/dnsmasq.ssr/ad.conf", set, "/tmp/dnsmasq.ssr/ad.conf") + end + if set == "nfip_data" then + update(uci:get_first("shadowsocksr", "global", "nfip_url","https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt"), "/etc/ssr/netflixip.list", set) end luci.http.prepare_content("application/json") luci.http.write_json({ret = retstring,retcount = icount}) diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua index d7908e5e6..ff05ae3db 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua @@ -1,3 +1,4 @@ +require "luci.model.uci" local shadowsocksr = "shadowsocksr" local uci = luci.model.uci.cursor() local server_table = {} diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua index f42822f58..48e113359 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua @@ -1,108 +1,105 @@ -- Copyright (C) 2017 yushi studio github.com/ywb94 -- Licensed to the public under the GNU General Public License v3. - +require "luci.model.uci" +require "nixio.fs" +require "luci.sys" +require "luci.http" local m, s, o,kcp_enable local shadowsocksr = "shadowsocksr" local uci = luci.model.uci.cursor() -local fs = require "nixio.fs" -local sys = require "luci.sys" local sid = arg[1] local uuid = luci.sys.exec("cat /proc/sys/kernel/random/uuid") -local http = require "luci.http" local function isKcptun(file) - if not fs.access(file, "rwx", "rx", "rx") then - fs.chmod(file, 755) + if not nixio.fs.access(file, "rwx", "rx", "rx") then + nixio.fs.chmod(file, 755) end - - local str = sys.exec(file .. " -v | awk '{printf $1}'") + local str = uci.sys.exec(file .. " -v | awk '{printf $1}'") return (str:lower() == "kcptun") end - local server_table = {} local encrypt_methods = { - "none", - "table", - "rc4", - "rc4-md5-6", - "rc4-md5", - "aes-128-cfb", - "aes-192-cfb", - "aes-256-cfb", - "aes-128-ctr", - "aes-192-ctr", - "aes-256-ctr", - "bf-cfb", - "camellia-128-cfb", - "camellia-192-cfb", - "camellia-256-cfb", - "cast5-cfb", - "des-cfb", - "idea-cfb", - "rc2-cfb", - "seed-cfb", - "salsa20", - "chacha20", - "chacha20-ietf", +"none", +"table", +"rc4", +"rc4-md5-6", +"rc4-md5", +"aes-128-cfb", +"aes-192-cfb", +"aes-256-cfb", +"aes-128-ctr", +"aes-192-ctr", +"aes-256-ctr", +"bf-cfb", +"camellia-128-cfb", +"camellia-192-cfb", +"camellia-256-cfb", +"cast5-cfb", +"des-cfb", +"idea-cfb", +"rc2-cfb", +"seed-cfb", +"salsa20", +"chacha20", +"chacha20-ietf", } local encrypt_methods_ss = { - -- aead - "aes-128-gcm", - "aes-192-gcm", - "aes-256-gcm", - "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305", - -- stream - "table", - "rc4", - "rc4-md5", - "aes-128-cfb", - "aes-192-cfb", - "aes-256-cfb", - "aes-128-ctr", - "aes-192-ctr", - "aes-256-ctr", - "bf-cfb", - "camellia-128-cfb", - "camellia-192-cfb", - "camellia-256-cfb", - "salsa20", - "chacha20", - "chacha20-ietf", +-- aead +"aes-128-gcm", +"aes-192-gcm", +"aes-256-gcm", +"chacha20-ietf-poly1305", +"xchacha20-ietf-poly1305", +-- stream +"table", +"rc4", +"rc4-md5", +"aes-128-cfb", +"aes-192-cfb", +"aes-256-cfb", +"aes-128-ctr", +"aes-192-ctr", +"aes-256-ctr", +"bf-cfb", +"camellia-128-cfb", +"camellia-192-cfb", +"camellia-256-cfb", +"salsa20", +"chacha20", +"chacha20-ietf", } local protocol = { - "origin", - "verify_deflate", - "auth_sha1_v4", - "auth_aes128_sha1", - "auth_aes128_md5", - "auth_chain_a", - "auth_chain_b", - "auth_chain_c", - "auth_chain_d", - "auth_chain_e", - "auth_chain_f", +"origin", +"verify_deflate", +"auth_sha1_v4", +"auth_aes128_sha1", +"auth_aes128_md5", +"auth_chain_a", +"auth_chain_b", +"auth_chain_c", +"auth_chain_d", +"auth_chain_e", +"auth_chain_f", } obfs = { - "plain", - "http_simple", - "http_post", - "random_head", - "tls1.2_ticket_auth", +"plain", +"http_simple", +"http_post", +"random_head", +"tls1.2_ticket_auth", } local securitys = { - "auto", - "none", - "aes-128-gcm", - "chacha20-poly1305" +"auto", +"none", +"aes-128-gcm", +"chacha20-poly1305" } - m = Map(shadowsocksr, translate("Edit ShadowSocksR Server")) m.redirect = luci.dispatcher.build_url("admin/services/shadowsocksr/servers") if m.uci:get(shadowsocksr, sid) ~= "servers" then @@ -113,35 +110,35 @@ end -- [[ Servers Setting ]]-- s = m:section(NamedSection, sid, "servers") s.anonymous = true -s.addremove = false +s.addremove = false o = s:option(DummyValue,"ssr_url","SS/SSR/V2RAY/TROJAN URL") -o.rawhtml = true +o.rawhtml = true o.template = "shadowsocksr/ssrurl" o.value =sid o = s:option(ListValue, "type", translate("Server Node Type")) o:value("ssr", translate("ShadowsocksR")) if nixio.fs.access("/usr/bin/ss-redir") then -o:value("ss", translate("Shadowsocks New Version")) + o:value("ss", translate("Shadowsocks New Version")) end if nixio.fs.access("/usr/bin/v2ray/v2ray") or nixio.fs.access("/usr/bin/v2ray") then -o:value("v2ray", translate("V2Ray")) + o:value("v2ray", translate("V2Ray")) end if nixio.fs.access("/usr/sbin/trojan") then -o:value("trojan", translate("Trojan")) + o:value("trojan", translate("Trojan")) end if nixio.fs.access("/usr/sbin/redsocks2") then -o:value("socks5", translate("Socks5")) -o:value("tun", translate("Network Tunnel")) + o:value("socks5", translate("Socks5")) + o:value("tun", translate("Network Tunnel")) end o.description = translate("Using incorrect encryption mothod may causes service fail to start") o = s:option(Value, "alias", translate("Alias(optional)")) o = s:option(ListValue, "iface", translate("Network interface to use")) -for _, e in ipairs(sys.net.devices()) do - if e ~= "lo" then o:value(e) end +for _, e in ipairs(luci.sys.net.devices()) do + if e ~= "lo" then o:value(e) end end o:depends("type", "tun") o.description = translate("Redirect traffic to this network interface") @@ -369,6 +366,7 @@ o.rmempty = true o:depends("type", "v2ray") o:depends("type", "trojan") o.default = "1" +o.description = translate("If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates.") -- [[ TLS ]]-- o = s:option(Flag, "tls", translate("TLS")) @@ -409,31 +407,31 @@ o:depends("certificate", 1) cert_dir = "/etc/ssl/private/" local path -http.setfilehandler( - function(meta, chunk, eof) - if not fd then - if (not meta) or (not meta.name) or (not meta.file) then return end - fd = nixio.open(cert_dir .. meta.file, "w") - if not fd then - path = translate("Create upload file error.") - return - end - end - if chunk and fd then - fd:write(chunk) - end - if eof and fd then - fd:close() - fd = nil - path = '/etc/ssl/private/' .. meta.file .. '' - end - end - ) +luci.http.setfilehandler( +function(meta, chunk, eof) + if not fd then + if (not meta) or (not meta.name) or (not meta.file) then return end + fd = nixio.open(cert_dir .. meta.file, "w") + if not fd then + path = translate("Create upload file error.") + return + end + end + if chunk and fd then + fd:write(chunk) + end + if eof and fd then + fd:close() + fd = nil + path = '/etc/ssl/private/' .. meta.file .. '' + end +end +) if luci.http.formvalue("upload") then - local f = luci.http.formvalue("ulfile") - if #f <= 0 then - path = translate("No specify upload file.") - end + local f = luci.http.formvalue("ulfile") + if #f <= 0 then + path = translate("No specify upload file.") + end end o = s:option(Value, "certpath", translate("Current Certificate Path")) @@ -459,42 +457,36 @@ o.default = 1234 o.rmempty = false if nixio.fs.access("/usr/bin/kcptun-client") then - -kcp_enable = s:option(Flag, "kcp_enable", translate("KcpTun Enable"), translate("bin:/usr/bin/kcptun-client")) -kcp_enable.rmempty = true -kcp_enable.default = "0" -kcp_enable:depends("type", "ssr") -kcp_enable:depends("type", "ss") - -o = s:option(Value, "kcp_port", translate("KcpTun Port")) -o.datatype = "port" -o.default = 4000 -function o.validate(self, value, section) + kcp_enable = s:option(Flag, "kcp_enable", translate("KcpTun Enable"), translate("bin:/usr/bin/kcptun-client")) + kcp_enable.rmempty = true + kcp_enable.default = "0" + kcp_enable:depends("type", "ssr") + kcp_enable:depends("type", "ss") + o = s:option(Value, "kcp_port", translate("KcpTun Port")) + o.datatype = "port" + o.default = 4000 + function o.validate(self, value, section) local kcp_file="/usr/bin/kcptun-client" local enable = kcp_enable:formvalue(section) or kcp_enable.disabled if enable == kcp_enable.enabled then - if not fs.access(kcp_file) then - return nil, translate("Haven't a Kcptun executable file") - elseif not isKcptun(kcp_file) then - return nil, translate("Not a Kcptun executable file") + if not nixio.fs.access(kcp_file) then + return nil, translate("Haven't a Kcptun executable file") + elseif not isKcptun(kcp_file) then + return nil, translate("Not a Kcptun executable file") + end + end + return value end - end - - return value -end -o:depends("type", "ssr") -o:depends("type", "ss") - -o = s:option(Value, "kcp_password", translate("KcpTun Password")) -o.password = true -o:depends("type", "ssr") -o:depends("type", "ss") - -o = s:option(Value, "kcp_param", translate("KcpTun Param")) -o.default = "--nocomp" -o:depends("type", "ssr") -o:depends("type", "ss") - + o:depends("type", "ssr") + o:depends("type", "ss") + o = s:option(Value, "kcp_password", translate("KcpTun Password")) + o.password = true + o:depends("type", "ssr") + o:depends("type", "ss") + o = s:option(Value, "kcp_param", translate("KcpTun Param")) + o.default = "--nocomp" + o:depends("type", "ssr") + o:depends("type", "ss") end return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua index c73e5e21d..9992d55bd 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua @@ -1,16 +1,14 @@ -- Copyright (C) 2017 yushi studio github.com/ywb94 -- Copyright (C) 2018 lean github.com/coolsnowwolf -- Licensed to the public under the GNU General Public License v3. - +require "luci.model.uci" local m, s, sec, o, kcp_enable local shadowsocksr = "shadowsocksr" local uci = luci.model.uci.cursor() -local sys = require "luci.sys" - m = Map(shadowsocksr, translate("ShadowSocksR Plus+ Settings")) -m:section(SimpleSection).template = "shadowsocksr/status" +m:section(SimpleSection).template = "shadowsocksr/status" local server_table = {} uci:foreach(shadowsocksr, "servers", function(s) diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua index 7a5e33b63..9f2b39bf6 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua @@ -1,5 +1,6 @@ +require "luci.ip" +require "nixio.fs" local m, s, o -local NXFS = require "nixio.fs" m = Map("shadowsocksr", translate("IP black-and-white list")) @@ -27,9 +28,9 @@ o.rmempty = false o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List")) o.datatype = "ipaddr" luci.ip.neighbors({ family = 4 }, function(entry) - if entry.reachable then - o:value(entry.dest:string()) - end + if entry.reachable then + o:value(entry.dest:string()) + end end) o:depends("lan_ac_mode", "w") o:depends("lan_ac_mode", "b") @@ -37,25 +38,25 @@ o:depends("lan_ac_mode", "b") o = s:taboption("lan_ac", DynamicList, "lan_bp_ips", translate("LAN Bypassed Host List")) o.datatype = "ipaddr" luci.ip.neighbors({ family = 4 }, function(entry) - if entry.reachable then - o:value(entry.dest:string()) - end + if entry.reachable then + o:value(entry.dest:string()) + end end) o = s:taboption("lan_ac", DynamicList, "lan_fp_ips", translate("LAN Force Proxy Host List")) o.datatype = "ipaddr" luci.ip.neighbors({ family = 4 }, function(entry) - if entry.reachable then - o:value(entry.dest:string()) - end + if entry.reachable then + o:value(entry.dest:string()) + end end) o = s:taboption("lan_ac", DynamicList, "lan_gm_ips", translate("Game Mode Host List")) o.datatype = "ipaddr" luci.ip.neighbors({ family = 4 }, function(entry) - if entry.reachable then - o:value(entry.dest:string()) - end + if entry.reachable then + o:value(entry.dest:string()) + end end) -- Part of Self @@ -66,73 +67,73 @@ end) -- o:value("2", translatef("Forwarded Proxy")) -- o.rmempty = false -s:tab("esc", translate("Bypass Domain List")) +s:tab("esc", translate("Bypass Domain List")) -local escconf = "/etc/config/white.list" +local escconf = "/etc/ssr/white.list" o = s:taboption("esc", TextValue, "escconf") o.rows = 13 o.wrap = "off" o.rmempty = true o.cfgvalue = function(self, section) - return NXFS.readfile(escconf) or "" + return nixio.fs.readfile(escconf) or "" end o.write = function(self, section, value) - NXFS.writefile(escconf, value:gsub("\r\n", "\n")) + nixio.fs.writefile(escconf, value:gsub("\r\n", "\n")) end o.remove = function(self, section, value) - NXFS.writefile(escconf, "") + nixio.fs.writefile(escconf, "") end -s:tab("block", translate("Black Domain List")) +s:tab("block", translate("Black Domain List")) -local blockconf = "/etc/config/black.list" +local blockconf = "/etc/ssr/black.list" o = s:taboption("block", TextValue, "blockconf") o.rows = 13 o.wrap = "off" o.rmempty = true o.cfgvalue = function(self, section) - return NXFS.readfile(blockconf) or " " + return nixio.fs.readfile(blockconf) or " " end o.write = function(self, section, value) - NXFS.writefile(blockconf, value:gsub("\r\n", "\n")) + nixio.fs.writefile(blockconf, value:gsub("\r\n", "\n")) end o.remove = function(self, section, value) - NXFS.writefile(blockconf, "") + nixio.fs.writefile(blockconf, "") end -s:tab("netflix", translate("Netflix Domain List")) +s:tab("netflix", translate("Netflix Domain List")) -local netflixconf = "/etc/config/netflix.list" +local netflixconf = "/etc/ssr/netflix.list" o = s:taboption("netflix", TextValue, "netflixconf") o.rows = 13 o.wrap = "off" o.rmempty = true o.cfgvalue = function(self, section) - return NXFS.readfile(netflixconf) or " " + return nixio.fs.readfile(netflixconf) or " " end o.write = function(self, section, value) - NXFS.writefile(netflixconf, value:gsub("\r\n", "\n")) + nixio.fs.writefile(netflixconf, value:gsub("\r\n", "\n")) end o.remove = function(self, section, value) - NXFS.writefile(netflixconf, "") + nixio.fs.writefile(netflixconf, "") end -s:tab("netflixip", translate("Netflix IP List")) +s:tab("netflixip", translate("Netflix IP List")) -local netflixipconf = "/etc/config/netflixip.list" +local netflixipconf = "/etc/ssr/netflixip.list" o = s:taboption("netflixip", TextValue, "netflixipconf") o.rows = 13 o.wrap = "off" o.rmempty = true o.cfgvalue = function(self, section) - return NXFS.readfile(netflixipconf) or " " + return nixio.fs.readfile(netflixipconf) or " " end o.write = function(self, section, value) - NXFS.writefile(netflixipconf, value:gsub("\r\n", "\n")) + nixio.fs.writefile(netflixipconf, value:gsub("\r\n", "\n")) end o.remove = function(self, section, value) - NXFS.writefile(netflixipconf, "") + nixio.fs.writefile(netflixipconf, "") end return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua index 6c5938ed7..a71d0003b 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua @@ -1,20 +1,20 @@ -local fs = require "nixio.fs" - +require "luci.util" +require "nixio.fs" f = SimpleForm("logview") - +f.reset = false +f.submit = false t = f:field(TextValue, "conf") t.rmempty = true t.rows = 20 function t.cfgvalue() - if fs.access("/tmp/ssrplus.log") then - local logs = luci.util.execi("cat /tmp/ssrplus.log") - local s = "" - for line in logs do - s = line .. "\n" .. s - end - return s - end + if nixio.fs.access("/tmp/ssrplus.log") then + local logs = luci.util.execi("cat /tmp/ssrplus.log") + local s = "" + for line in logs do + s = line .. "\n" .. s + end + return s + end end t.readonly="readonly" - -return f \ No newline at end of file +return f diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua index c7d902156..4e7e3cf65 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua @@ -1,43 +1,44 @@ -- Copyright (C) 2017 yushi studio -- Licensed to the public under the GNU General Public License v3. - +require "luci.http" +require "luci.dispatcher" local m, s, o local shadowsocksr = "shadowsocksr" local sid = arg[1] local encrypt_methods = { - "rc4-md5", - "rc4-md5-6", - "rc4", - "table", - "aes-128-cfb", - "aes-192-cfb", - "aes-256-cfb", - "aes-128-ctr", - "aes-192-ctr", - "aes-256-ctr", - "bf-cfb", - "camellia-128-cfb", - "camellia-192-cfb", - "camellia-256-cfb", - "cast5-cfb", - "des-cfb", - "idea-cfb", - "rc2-cfb", - "seed-cfb", - "salsa20", - "chacha20", - "chacha20-ietf", +"rc4-md5", +"rc4-md5-6", +"rc4", +"table", +"aes-128-cfb", +"aes-192-cfb", +"aes-256-cfb", +"aes-128-ctr", +"aes-192-ctr", +"aes-256-ctr", +"bf-cfb", +"camellia-128-cfb", +"camellia-192-cfb", +"camellia-256-cfb", +"cast5-cfb", +"des-cfb", +"idea-cfb", +"rc2-cfb", +"seed-cfb", +"salsa20", +"chacha20", +"chacha20-ietf", } local protocol = { - "origin", +"origin", } obfs = { - "plain", - "http_simple", - "http_post", +"plain", +"http_simple", +"http_post", } m = Map(shadowsocksr, translate("Edit ShadowSocksR Server")) @@ -54,7 +55,7 @@ end -- [[ Server Setting ]]-- s = m:section(NamedSection, sid, "server_config") s.anonymous = true -s.addremove = false +s.addremove = false o = s:option(Flag, "enable", translate("Enable")) o.default = 1 diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua index ec273e0f3..42f01055f 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua @@ -1,56 +1,55 @@ -- Copyright (C) 2017 yushi studio -- Licensed to the public under the GNU General Public License v3. - +require "luci.http" +require "luci.dispatcher" local m, sec, o local shadowsocksr = "shadowsocksr" -local uci = luci.model.uci.cursor() - - -m = Map(shadowsocksr) local encrypt_methods = { - "table", - "rc4", - "rc4-md5", - "rc4-md5-6", - "aes-128-cfb", - "aes-192-cfb", - "aes-256-cfb", - "aes-128-ctr", - "aes-192-ctr", - "aes-256-ctr", - "bf-cfb", - "camellia-128-cfb", - "camellia-192-cfb", - "camellia-256-cfb", - "cast5-cfb", - "des-cfb", - "idea-cfb", - "rc2-cfb", - "seed-cfb", - "salsa20", - "chacha20", - "chacha20-ietf", +"table", +"rc4", +"rc4-md5", +"rc4-md5-6", +"aes-128-cfb", +"aes-192-cfb", +"aes-256-cfb", +"aes-128-ctr", +"aes-192-ctr", +"aes-256-ctr", +"bf-cfb", +"camellia-128-cfb", +"camellia-192-cfb", +"camellia-256-cfb", +"cast5-cfb", +"des-cfb", +"idea-cfb", +"rc2-cfb", +"seed-cfb", +"salsa20", +"chacha20", +"chacha20-ietf", } local protocol = { - "origin", - "verify_deflate", - "auth_sha1_v4", - "auth_aes128_sha1", - "auth_aes128_md5", - "auth_chain_a", +"origin", +"verify_deflate", +"auth_sha1_v4", +"auth_aes128_sha1", +"auth_aes128_md5", +"auth_chain_a", } obfs = { - "plain", - "http_simple", - "http_post", - "random_head", - "tls1.2_ticket_auth", - "tls1.2_ticket_fastauth", +"plain", +"http_simple", +"http_post", +"random_head", +"tls1.2_ticket_auth", +"tls1.2_ticket_fastauth", } +m = Map(shadowsocksr) + -- [[ Global Setting ]]-- sec = m:section(TypedSection, "server_global", translate("Global Setting")) sec.anonymous = true diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua index d1ca50467..237879817 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua @@ -1,20 +1,17 @@ -- Licensed to the public under the GNU General Public License v3. - +require "luci.http" +require "luci.dispatcher" +require "luci.model.uci" local m, s, o local shadowsocksr = "shadowsocksr" - local uci = luci.model.uci.cursor() local server_count = 0 + uci:foreach("shadowsocksr", "servers", function(s) - server_count = server_count + 1 + server_count = server_count + 1 end) -local fs = require "nixio.fs" -local sys = require "luci.sys" - -local ucic = luci.model.uci.cursor() - -m = Map(shadowsocksr, translate("Servers subscription and manage")) +m = Map(shadowsocksr, translate("Servers subscription and manage")) -- Server Subscribe @@ -28,7 +25,7 @@ o.description = translate("Auto Update Server subscription, GFW list and CHN rou o = s:option(ListValue, "auto_update_time", translate("Update time (every day)")) for t = 0,23 do -o:value(t, t..":00") + o:value(t, t..":00") end o.default=2 o.rmempty = false @@ -44,7 +41,7 @@ o = s:option(Button,"update_Sub",translate("Update Subscribe List")) o.inputstyle = "reload" o.description = translate("Update subscribe url list first") o.write = function() - luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers")) + luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers")) end o = s:option(Flag, "switch", translate("Subscribe Default Auto-Switch")) @@ -58,25 +55,25 @@ o.description = translate("Through proxy update list, Not Recommended ") o = s:option(Button,"subscribe", translate("Update All Subscribe Severs")) -o.rawhtml = true +o.rawhtml = true o.template = "shadowsocksr/subscribe" o = s:option(Button,"delete",translate("Delete All Subscribe Severs")) o.inputstyle = "reset" -o.description = string.format(translate("Server Count") .. ": %d", server_count) +o.description = string.format(translate("Server Count") .. ": %d", server_count) o.write = function() -uci:delete_all("shadowsocksr", "servers", function(s) - if s.hashkey or s.isSubscribe then - return true - else - return false - end -end) -uci:save("shadowsocksr") -uci:commit("shadowsocksr") -luci.sys.exec("/etc/init.d/shadowsocksr restart") -luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers")) -return + uci:delete_all("shadowsocksr", "servers", function(s) + if s.hashkey or s.isSubscribe then + return true + else + return false + end + end) + uci:save("shadowsocksr") + uci:commit("shadowsocksr") + luci.sys.exec("/etc/init.d/shadowsocksr restart") + luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers")) + return end -- [[ Servers Manage ]]-- @@ -85,12 +82,12 @@ s.anonymous = true s.addremove = true s.template = "cbi/tblsection" s.sortable = true -s.extedit = luci.dispatcher.build_url("admin/services/shadowsocksr/servers/%s") +s.extedit = luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers", "%s") function s.create(...) local sid = TypedSection.create(...) if sid then luci.http.redirect(s.extedit % sid) - return + return end end @@ -121,11 +118,11 @@ o.width="10%" node = s:option(Button,"apply_node",translate("Apply")) node.inputstyle = "apply" node.write = function(self, section) - ucic:set("shadowsocksr", '@global[0]', 'global_server', section) - ucic:save("shadowsocksr") - ucic:commit("shadowsocksr") - luci.sys.exec("/etc/init.d/shadowsocksr restart") - luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "client")) + uci:set("shadowsocksr", '@global[0]', 'global_server', section) + uci:save("shadowsocksr") + uci:commit("shadowsocksr") + luci.sys.exec("/etc/init.d/shadowsocksr restart") + luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "client")) end o = s:option(Flag, "switch_enable", translate("Auto Switch")) diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua index 0ae5219ee..bd6c6d354 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua @@ -1,6 +1,8 @@ -- Copyright (C) 2017 yushi studio -- Licensed to the public under the GNU General Public License v3. - +require "nixio.fs" +require "luci.sys" +require "luci.model.uci" local m, s, o local redir_run=0 local reudp_run=0 @@ -20,71 +22,69 @@ font_off = [[]] bold_on = [[]] bold_off = [[]] -local fs = require "nixio.fs" -local sys = require "luci.sys" local kcptun_version=translate("Unknown") local kcp_file="/usr/bin/kcptun-client" -if not fs.access(kcp_file) then -kcptun_version=translate("Not exist") +if not nixio.fs.access(kcp_file) then + kcptun_version=translate("Not exist") else -if not fs.access(kcp_file, "rwx", "rx", "rx") then -fs.chmod(kcp_file, 755) -end -kcptun_version=sys.exec(kcp_file .. " -v | awk '{printf $3}'") -if not kcptun_version or kcptun_version == "" then -kcptun_version = translate("Unknown") -end - + if not nixio.fs.access(kcp_file, "rwx", "rx", "rx") then + nixio.fs.chmod(kcp_file, 755) + end + kcptun_version=luci.sys.exec(kcp_file .. " -v | awk '{printf $3}'") + if not kcptun_version or kcptun_version == "" then + kcptun_version = translate("Unknown") + end + end if nixio.fs.access("/etc/dnsmasq.ssr/gfw_list.conf") then -gfw_count = tonumber(sys.exec("cat /etc/dnsmasq.ssr/gfw_list.conf | wc -l"))/2 + gfw_count = tonumber(luci.sys.exec("cat /etc/dnsmasq.ssr/gfw_list.conf | wc -l"))/2 end if nixio.fs.access("/etc/dnsmasq.ssr/ad.conf") then -ad_count = tonumber(sys.exec("cat /etc/dnsmasq.ssr/ad.conf | wc -l")) + ad_count = tonumber(luci.sys.exec("cat /etc/dnsmasq.ssr/ad.conf | wc -l")) end -if nixio.fs.access("/etc/china_ssr.txt") then -ip_count = tonumber(sys.exec("cat /etc/china_ssr.txt | wc -l")) +if nixio.fs.access("/etc/ssr/china_ssr.txt") then + ip_count = tonumber(luci.sys.exec("cat /etc/china_ssr.txt | wc -l")) end -if nixio.fs.access("/etc/config/netflixip.list") then -nfip_count = tonumber(sys.exec("cat /etc/config/netflixip.list | wc -l")) +if nixio.fs.access("/etc/ssr/netflixip.list") then + nfip_count = tonumber(luci.sys.exec("cat /etc/ssr/netflixip.list | wc -l")) end -local icount=sys.exec("busybox ps -w | grep ssr-reudp |grep -v grep| wc -l") +local icount=luci.sys.exec("busybox ps -w | grep ssr-reudp |grep -v grep| wc -l") if tonumber(icount)>0 then -reudp_run=1 + reudp_run=1 else -icount=sys.exec("busybox ps -w | grep ssr-retcp |grep \"\\-u\"|grep -v grep| wc -l") -if tonumber(icount)>0 then -reudp_run=1 -end + icount=luci.sys.exec("busybox ps -w | grep ssr-retcp |grep \"\\-u\"|grep -v grep| wc -l") + if tonumber(icount)>0 then + reudp_run=1 + end end if luci.sys.call("busybox ps -w | grep ssr-retcp | grep -v grep >/dev/null") == 0 then -redir_run=1 + redir_run=1 end if luci.sys.call("busybox ps -w | grep ssr-local | grep -v ssr-socksdns |grep -v grep >/dev/null") == 0 then -sock5_run=1 + sock5_run=1 end if luci.sys.call("pidof kcptun-client >/dev/null") == 0 then -kcptun_run=1 + kcptun_run=1 end if luci.sys.call("busybox ps -w | grep ssr-server | grep -v grep >/dev/null") == 0 then -server_run=1 + server_run=1 end if luci.sys.call("busybox ps -w | grep ssr-tunnel |grep -v grep >/dev/null") == 0 then -tunnel_run=1 + tunnel_run=1 end if luci.sys.call("pidof pdnsd >/dev/null") == 0 or (luci.sys.call("busybox ps -w | grep ssr-dns |grep -v grep >/dev/null") == 0 and luci.sys.call("pidof dns2socks >/dev/null") == 0)then -pdnsd_run=1 + pdnsd_run=1 end m = SimpleForm("Version") @@ -94,56 +94,56 @@ m.submit = false s=m:field(DummyValue,"redir_run",translate("Global Client")) s.rawhtml = true if redir_run == 1 then -s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off + s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off else -s.value = translate("Not Running") + s.value = translate("Not Running") end s=m:field(DummyValue,"reudp_run",translate("Game Mode UDP Relay")) s.rawhtml = true if reudp_run == 1 then -s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off + s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off else -s.value = translate("Not Running") + s.value = translate("Not Running") end if uci:get_first(shadowsocksr, 'global', 'pdnsd_enable', '0') ~= '0' then -s=m:field(DummyValue,"pdnsd_run",translate("DNS Anti-pollution")) -s.rawhtml = true -if pdnsd_run == 1 then -s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off -else -s.value = translate("Not Running") -end + s=m:field(DummyValue,"pdnsd_run",translate("DNS Anti-pollution")) + s.rawhtml = true + if pdnsd_run == 1 then + s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off + else + s.value = translate("Not Running") + end end s=m:field(DummyValue,"sock5_run",translate("Global SOCKS5 Proxy Server")) s.rawhtml = true if sock5_run == 1 then -s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off + s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off else -s.value = translate("Not Running") + s.value = translate("Not Running") end s=m:field(DummyValue,"server_run",translate("Local Servers")) s.rawhtml = true if server_run == 1 then -s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off + s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off else -s.value = translate("Not Running") + s.value = translate("Not Running") end if nixio.fs.access("/usr/bin/kcptun-client") then -s=m:field(DummyValue,"kcp_version",translate("KcpTun Version")) -s.rawhtml = true -s.value =kcptun_version -s=m:field(DummyValue,"kcptun_run",translate("KcpTun")) -s.rawhtml = true -if kcptun_run == 1 then -s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off -else -s.value = translate("Not Running") -end + s=m:field(DummyValue,"kcp_version",translate("KcpTun Version")) + s.rawhtml = true + s.value =kcptun_version + s=m:field(DummyValue,"kcptun_run",translate("KcpTun")) + s.rawhtml = true + if kcptun_run == 1 then + s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off + else + s.value = translate("Not Running") + end end s=m:field(DummyValue,"google",translate("Google Connectivity")) @@ -170,10 +170,10 @@ s.template = "shadowsocksr/refresh" s.value = nfip_count .. " " .. translate("Records") if uci:get_first(shadowsocksr, 'global', 'adblock', '0') == '1' then -s=m:field(DummyValue,"ad_data",translate("Advertising Data")) -s.rawhtml = true -s.template = "shadowsocksr/refresh" -s.value = ad_count .. " " .. translate("Records") + s=m:field(DummyValue,"ad_data",translate("Advertising Data")) + s.rawhtml = true + s.template = "shadowsocksr/refresh" + s.value = ad_count .. " " .. translate("Records") end s=m:field(DummyValue,"check_port",translate("Check Server Port")) diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm index f34f04d7b..55ed14ef8 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm @@ -1,4 +1,4 @@ <%+cbi/valueheader%> - - + + <%+cbi/valuefooter%> diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm index ed91a2f22..e37b446e9 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm @@ -1,7 +1,5 @@ <%+cbi/valueheader%> - <%=self.value%> - - - <%+cbi/valuefooter%> \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm index 9c5ba66ac..f5b3c079a 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm @@ -81,47 +81,39 @@ local dsp = require "luci.dispatcher" return false; } - // set tr draggable function enableDragForTable(table_selecter, store) { var trs = document.querySelectorAll(table_selecter + " tr"); if (!trs || trs.length.length < 3) { return; } - function ondragstart(ev) { ev.dataTransfer.setData("Text", ev.target.id); } - function ondrop(ev) { var from = ev.dataTransfer.getData("Text"); cbi_row_drop(from, this.id, store); } - function ondragover(ev) { ev.preventDefault(); ev.dataTransfer.dropEffect = "move"; } - function moveToTop(id) { var top = document.querySelectorAll(table_selecter + " tr")[2]; cbi_row_drop(id, top.id, store); } - function moveToBottom(id) { console.log('moveToBottom:', id); var trList = document.querySelectorAll(table_selecter + " tr"); var bottom = trList[trList.length - 1]; cbi_row_drop(id, bottom.id, store, true); } - for (let index = 2; index < trs.length; index++) { const el = trs[index]; el.setAttribute("draggable", true); el.ondragstart = ondragstart; el.ondrop = ondrop; el.ondragover = ondragover; - // reset the behaviors of the btns var upBtns = el.querySelectorAll(".cbi-button.cbi-button-up"); if (upBtns && upBtns.length > 0) { @@ -131,7 +123,6 @@ local dsp = require "luci.dispatcher" }; }); } - var downBtns = el.querySelectorAll(".cbi-button.cbi-button-down"); if (downBtns && downBtns.length > 0) { downBtns.forEach(function (_el) { @@ -142,7 +133,6 @@ local dsp = require "luci.dispatcher" } } } - // enable enableDragForTable( "#cbi-shadowsocksr-servers table", diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm index e734af05a..aabc8b59f 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm @@ -80,7 +80,6 @@ } return false; } - function import_ssr_url(btn, urlname, sid) { var s = document.getElementById(urlname + '-status'); if (!s) @@ -98,7 +97,6 @@ s.innerHTML = "无效格式"; return false; } - var event = document.createEvent("HTMLEvents"); event.initEvent("change", true, true); if (ssu[0] == "ssr") { @@ -137,7 +135,6 @@ s.innerHTML = "导入ShadowsocksR配置信息成功"; return false; } else if (ssu[0] == "ss") { - var url0, param = ""; var sipIndex = ssu[1].indexOf("@"); var ploc = ssu[1].indexOf("#"); @@ -147,7 +144,6 @@ } else { url0 = ssu[1]; } - if (sipIndex != -1) { // SIP002 var userInfo = b64decsafe(url0.substr(0, sipIndex)); @@ -163,7 +159,6 @@ plugin = pluginNameInfo.substr(pluginNameInfo.indexOf("=") + 1) pluginOpts = pluginInfo.substr(pluginIndex + 1); } - var userInfoSplitIndex = userInfo.indexOf(":"); if (userInfoSplitIndex != -1) { method = userInfo.substr(0, userInfoSplitIndex); @@ -177,7 +172,6 @@ document.getElementsByName('cbid.shadowsocksr.' + sid + '.encrypt_method_ss')[0].value = method || ""; document.getElementsByName('cbid.shadowsocksr.' + sid + '.plugin')[0].value = plugin || ""; document.getElementsByName('cbid.shadowsocksr.' + sid + '.plugin_opts')[0].value = pluginOpts || ""; - if (param != undefined) { document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = decodeURI(param); } @@ -212,7 +206,6 @@ url0 = ssu[1] } var sstr = url0; - document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = "trojan"; document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event); var team = sstr.split('@'); @@ -229,7 +222,6 @@ queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || ''); } } - document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = serverPart[0]; document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = port; document.getElementsByName('cbid.shadowsocksr.' + sid + '.password')[0].value = password; @@ -237,7 +229,6 @@ document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].dispatchEvent(event); document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_host')[0].value = queryParam.peer || ''; document.getElementsByName('cbid.shadowsocksr.' + sid + '.insecure')[0].checked = queryParam.allowInsecure === '1'; - if (param != undefined) { document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = decodeURI(param); } diff --git a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po index 6052702da..cf0a7aa50 100644 --- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po +++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po @@ -61,9 +61,21 @@ msgstr "密码" msgid "Encrypt Method" msgstr "加密方式" +msgid "Transport" +msgstr "传输协议" + msgid "Protocol" msgstr "传输协议" +msgid "allowInsecure" +msgstr "允许不安全连接" + +msgid "Concurrency" +msgstr "最大并发连接数" + +msgid "If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates." +msgstr "是否允许不安全连接。当选择时,将不会检查远端主机所提供的 TLS 证书的有效性。" + msgid "Protocol param(optional)" msgstr "传输协议参数(可选)" diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr index 35207f08c..7658938ae 100644 --- a/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr @@ -6,7 +6,6 @@ config global option dports '2' option pdnsd_enable '1' option monitor_enable '1' - option global_server 'nil' option enable_switch '1' option switch_timeout '5' option switch_time '667' @@ -15,16 +14,13 @@ config global option chnroute_url 'https://ispip.clang.cn/all_cn.txt' option nfip_url 'https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt' option adblock_url 'https://gitee.com/privacy-protection-tools/anti-ad/raw/master/anti-ad-for-dnsmasq.conf' - option netflix_server 'same' option threads '0' - -config socks5_proxy - option socks '0' - option local_port '1080' - option local_address '0.0.0.0' + option global_server 'nil' + option netflix_server 'nil' + option netflix_proxy '0' config access_control - option wan_bp_list '/etc/china_ssr.txt' + option wan_bp_list '/etc/ssr/china_ssr.txt' option lan_ac_mode 'b' option router_proxy '1' list wan_fw_ips '149.154.160.0/20' @@ -33,6 +29,11 @@ config access_control list wan_fw_ips '91.108.56.0/22' list wan_fw_ips '109.239.140.0/24' +config socks5_proxy + option socks '0' + option local_port '1080' + option local_address '0.0.0.0' + config server_global option enable_server '0' diff --git a/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf b/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf index cfeb42fc8..ccaf1bf86 100644 --- a/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf +++ b/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf @@ -1,5 +1,5 @@ -server=/.030buy.com/127.0.0.1#5335 -ipset=/.030buy.com/gfwlist +server=/.0914.global.ssl.fastly.net/127.0.0.1#5335 +ipset=/.0914.global.ssl.fastly.net/gfwlist server=/.0rz.tw/127.0.0.1#5335 ipset=/.0rz.tw/gfwlist server=/.10.tt/127.0.0.1#5335 @@ -210,14 +210,10 @@ server=/.8news.com.tw/127.0.0.1#5335 ipset=/.8news.com.tw/gfwlist server=/.8z1.net/127.0.0.1#5335 ipset=/.8z1.net/gfwlist -server=/.9001700.com/127.0.0.1#5335 -ipset=/.9001700.com/gfwlist server=/.91porn.com/127.0.0.1#5335 ipset=/.91porn.com/gfwlist server=/.91vps.club/127.0.0.1#5335 ipset=/.91vps.club/gfwlist -server=/.92ccav.com/127.0.0.1#5335 -ipset=/.92ccav.com/gfwlist server=/.991.com/127.0.0.1#5335 ipset=/.991.com/gfwlist server=/.99btgc01.com/127.0.0.1#5335 @@ -236,6 +232,8 @@ server=/.a248.e.akamai.net/127.0.0.1#5335 ipset=/.a248.e.akamai.net/gfwlist server=/.a5.com.ru/127.0.0.1#5335 ipset=/.a5.com.ru/gfwlist +server=/.a771.dscq.akamai.net/127.0.0.1#5335 +ipset=/.a771.dscq.akamai.net/gfwlist server=/.aamacau.com/127.0.0.1#5335 ipset=/.aamacau.com/gfwlist server=/.abc.com/127.0.0.1#5335 @@ -248,8 +246,6 @@ server=/.abc.xyz/127.0.0.1#5335 ipset=/.abc.xyz/gfwlist server=/.abchinese.com/127.0.0.1#5335 ipset=/.abchinese.com/gfwlist -server=/.abclite.net/127.0.0.1#5335 -ipset=/.abclite.net/gfwlist server=/.abebooks.com/127.0.0.1#5335 ipset=/.abebooks.com/gfwlist server=/.abematv.akamaized.net/127.0.0.1#5335 @@ -260,20 +256,12 @@ server=/.aboluowang.com/127.0.0.1#5335 ipset=/.aboluowang.com/gfwlist server=/.about.google/127.0.0.1#5335 ipset=/.about.google/gfwlist -server=/.aboutgfw.com/127.0.0.1#5335 -ipset=/.aboutgfw.com/gfwlist -server=/.abs.edu/127.0.0.1#5335 -ipset=/.abs.edu/gfwlist server=/.ac.jiruan.net/127.0.0.1#5335 ipset=/.ac.jiruan.net/gfwlist -server=/.accim.org/127.0.0.1#5335 -ipset=/.accim.org/gfwlist server=/.aceros-de-hispania.com/127.0.0.1#5335 ipset=/.aceros-de-hispania.com/gfwlist server=/.acevpn.com/127.0.0.1#5335 ipset=/.acevpn.com/gfwlist -server=/.acg18.me/127.0.0.1#5335 -ipset=/.acg18.me/gfwlist server=/.acgkj.com/127.0.0.1#5335 ipset=/.acgkj.com/gfwlist server=/.acmedia365.com/127.0.0.1#5335 @@ -300,8 +288,6 @@ server=/.admob.com/127.0.0.1#5335 ipset=/.admob.com/gfwlist server=/.adpl.org.hk/127.0.0.1#5335 ipset=/.adpl.org.hk/gfwlist -server=/.ads-twitter.com/127.0.0.1#5335 -ipset=/.ads-twitter.com/gfwlist server=/.adsense.com/127.0.0.1#5335 ipset=/.adsense.com/gfwlist server=/.adult-sex-games.com/127.0.0.1#5335 @@ -320,8 +306,6 @@ server=/.aex.com/127.0.0.1#5335 ipset=/.aex.com/gfwlist server=/.af.mil/127.0.0.1#5335 ipset=/.af.mil/gfwlist -server=/.agnesb.fr/127.0.0.1#5335 -ipset=/.agnesb.fr/gfwlist server=/.agoogleaday.com/127.0.0.1#5335 ipset=/.agoogleaday.com/gfwlist server=/.agro.hk/127.0.0.1#5335 @@ -352,8 +336,6 @@ server=/.aiweiweiblog.com/127.0.0.1#5335 ipset=/.aiweiweiblog.com/gfwlist server=/.akiba-online.com/127.0.0.1#5335 ipset=/.akiba-online.com/gfwlist -server=/.akiba-web.com/127.0.0.1#5335 -ipset=/.akiba-web.com/gfwlist server=/.akow.org/127.0.0.1#5335 ipset=/.akow.org/gfwlist server=/.al-islam.com/127.0.0.1#5335 @@ -414,8 +396,6 @@ server=/.alphaporno.com/127.0.0.1#5335 ipset=/.alphaporno.com/gfwlist server=/.alternate-tools.com/127.0.0.1#5335 ipset=/.alternate-tools.com/gfwlist -server=/.altrec.com/127.0.0.1#5335 -ipset=/.altrec.com/gfwlist server=/.alvinalexander.com/127.0.0.1#5335 ipset=/.alvinalexander.com/gfwlist server=/.alwaysdata.com/127.0.0.1#5335 @@ -428,8 +408,8 @@ server=/.am730.com.hk/127.0.0.1#5335 ipset=/.am730.com.hk/gfwlist server=/.amazon.co.jp/127.0.0.1#5335 ipset=/.amazon.co.jp/gfwlist -server=/.ameblo.jp/127.0.0.1#5335 -ipset=/.ameblo.jp/gfwlist +server=/.ameba.jp/127.0.0.1#5335 +ipset=/.ameba.jp/gfwlist server=/.americangreencard.com/127.0.0.1#5335 ipset=/.americangreencard.com/gfwlist server=/.americanunfinished.com/127.0.0.1#5335 @@ -470,8 +450,6 @@ server=/.andygod.com/127.0.0.1#5335 ipset=/.andygod.com/gfwlist server=/.angela-merkel.de/127.0.0.1#5335 ipset=/.angela-merkel.de/gfwlist -server=/.angola.org/127.0.0.1#5335 -ipset=/.angola.org/gfwlist server=/.angularjs.org/127.0.0.1#5335 ipset=/.angularjs.org/gfwlist server=/.animecrazy.net/127.0.0.1#5335 @@ -518,10 +496,6 @@ server=/.aolchannels.aol.com/127.0.0.1#5335 ipset=/.aolchannels.aol.com/gfwlist server=/.aomiwang.com/127.0.0.1#5335 ipset=/.aomiwang.com/gfwlist -server=/.apartmentratings.com/127.0.0.1#5335 -ipset=/.apartmentratings.com/gfwlist -server=/.apartments.com/127.0.0.1#5335 -ipset=/.apartments.com/gfwlist server=/.apetube.com/127.0.0.1#5335 ipset=/.apetube.com/gfwlist server=/.api-secure.recaptcha.net/127.0.0.1#5335 @@ -598,8 +572,6 @@ server=/.arctosia.com/127.0.0.1#5335 ipset=/.arctosia.com/gfwlist server=/.areca-backup.org/127.0.0.1#5335 ipset=/.areca-backup.org/gfwlist -server=/.arena.taipei/127.0.0.1#5335 -ipset=/.arena.taipei/gfwlist server=/.arethusa.su/127.0.0.1#5335 ipset=/.arethusa.su/gfwlist server=/.arlingtoncemetery.mil/127.0.0.1#5335 @@ -644,16 +616,12 @@ server=/.assembla.com/127.0.0.1#5335 ipset=/.assembla.com/gfwlist server=/.assets.bwbx.io/127.0.0.1#5335 ipset=/.assets.bwbx.io/gfwlist -server=/.assimp.org/127.0.0.1#5335 -ipset=/.assimp.org/gfwlist server=/.astrill.com/127.0.0.1#5335 ipset=/.astrill.com/gfwlist server=/.atc.org.au/127.0.0.1#5335 ipset=/.atc.org.au/gfwlist server=/.atchinese.com/127.0.0.1#5335 ipset=/.atchinese.com/gfwlist -server=/.atdmt.com/127.0.0.1#5335 -ipset=/.atdmt.com/gfwlist server=/.atgfw.org/127.0.0.1#5335 ipset=/.atgfw.org/gfwlist server=/.athenaeizou.com/127.0.0.1#5335 @@ -716,8 +684,6 @@ server=/.azerbaycan.tv/127.0.0.1#5335 ipset=/.azerbaycan.tv/gfwlist server=/.azerimix.com/127.0.0.1#5335 ipset=/.azerimix.com/gfwlist -server=/.azubu.tv/127.0.0.1#5335 -ipset=/.azubu.tv/gfwlist server=/.b0ne.com/127.0.0.1#5335 ipset=/.b0ne.com/gfwlist server=/.babynet.com.hk/127.0.0.1#5335 @@ -732,8 +698,6 @@ server=/.badjojo.com/127.0.0.1#5335 ipset=/.badjojo.com/gfwlist server=/.badoo.com/127.0.0.1#5335 ipset=/.badoo.com/gfwlist -server=/.baidu.jp/127.0.0.1#5335 -ipset=/.baidu.jp/gfwlist server=/.baijie.org/127.0.0.1#5335 ipset=/.baijie.org/gfwlist server=/.bailandaily.com/127.0.0.1#5335 @@ -746,6 +710,8 @@ server=/.banana-vpn.com/127.0.0.1#5335 ipset=/.banana-vpn.com/gfwlist server=/.band.us/127.0.0.1#5335 ipset=/.band.us/gfwlist +server=/.bandpage.com/127.0.0.1#5335 +ipset=/.bandpage.com/gfwlist server=/.bandwagonhost.com/127.0.0.1#5335 ipset=/.bandwagonhost.com/gfwlist server=/.bangbrosnetwork.com/127.0.0.1#5335 @@ -756,14 +722,10 @@ server=/.bangdream.space/127.0.0.1#5335 ipset=/.bangdream.space/gfwlist server=/.bangyoulater.com/127.0.0.1#5335 ipset=/.bangyoulater.com/gfwlist -server=/.bankmobilevibe.com/127.0.0.1#5335 -ipset=/.bankmobilevibe.com/gfwlist server=/.bannedbook.org/127.0.0.1#5335 ipset=/.bannedbook.org/gfwlist server=/.bannednews.org/127.0.0.1#5335 ipset=/.bannednews.org/gfwlist -server=/.banorte.com/127.0.0.1#5335 -ipset=/.banorte.com/gfwlist server=/.baramangaonline.com/127.0.0.1#5335 ipset=/.baramangaonline.com/gfwlist server=/.barenakedislam.com/127.0.0.1#5335 @@ -774,8 +736,6 @@ server=/.barton.de/127.0.0.1#5335 ipset=/.barton.de/gfwlist server=/.bartvpn.com/127.0.0.1#5335 ipset=/.bartvpn.com/gfwlist -server=/.bash-hackers.org/127.0.0.1#5335 -ipset=/.bash-hackers.org/gfwlist server=/.bastillepost.com/127.0.0.1#5335 ipset=/.bastillepost.com/gfwlist server=/.bayvoice.net/127.0.0.1#5335 @@ -920,8 +880,6 @@ server=/.bfsh.hk/127.0.0.1#5335 ipset=/.bfsh.hk/gfwlist server=/.bgvpn.com/127.0.0.1#5335 ipset=/.bgvpn.com/gfwlist -server=/.bianlei.com/127.0.0.1#5335 -ipset=/.bianlei.com/gfwlist server=/.biantailajiao.com/127.0.0.1#5335 ipset=/.biantailajiao.com/gfwlist server=/.biantailajiao.in/127.0.0.1#5335 @@ -936,6 +894,8 @@ server=/.big.one/127.0.0.1#5335 ipset=/.big.one/gfwlist server=/.bigfools.com/127.0.0.1#5335 ipset=/.bigfools.com/gfwlist +server=/.biggo.com.tw/127.0.0.1#5335 +ipset=/.biggo.com.tw/gfwlist server=/.bigjapanesesex.com/127.0.0.1#5335 ipset=/.bigjapanesesex.com/gfwlist server=/.bigmoney.biz/127.0.0.1#5335 @@ -1122,8 +1082,6 @@ server=/.bolin.netfirms.com/127.0.0.1#5335 ipset=/.bolin.netfirms.com/gfwlist server=/.bonbonme.com/127.0.0.1#5335 ipset=/.bonbonme.com/gfwlist -server=/.bonbonsex.com/127.0.0.1#5335 -ipset=/.bonbonsex.com/gfwlist server=/.bonfoundation.org/127.0.0.1#5335 ipset=/.bonfoundation.org/gfwlist server=/.bongacams.com/127.0.0.1#5335 @@ -1352,8 +1310,6 @@ server=/.castbox.fm/127.0.0.1#5335 ipset=/.castbox.fm/gfwlist server=/.catch22.net/127.0.0.1#5335 ipset=/.catch22.net/gfwlist -server=/.catchgod.com/127.0.0.1#5335 -ipset=/.catchgod.com/gfwlist server=/.catfightpayperview.xxx/127.0.0.1#5335 ipset=/.catfightpayperview.xxx/gfwlist server=/.catholic.org.hk/127.0.0.1#5335 @@ -1602,8 +1558,6 @@ server=/.chinasoul.org/127.0.0.1#5335 ipset=/.chinasoul.org/gfwlist server=/.chinasucks.net/127.0.0.1#5335 ipset=/.chinasucks.net/gfwlist -server=/.chinatimes.com/127.0.0.1#5335 -ipset=/.chinatimes.com/gfwlist server=/.chinatopsex.com/127.0.0.1#5335 ipset=/.chinatopsex.com/gfwlist server=/.chinatown.com.au/127.0.0.1#5335 @@ -1656,8 +1610,6 @@ server=/.chithu.org/127.0.0.1#5335 ipset=/.chithu.org/gfwlist server=/.chn.chosun.com/127.0.0.1#5335 ipset=/.chn.chosun.com/gfwlist -server=/.chobit.cc/127.0.0.1#5335 -ipset=/.chobit.cc/gfwlist server=/.chrdnet.com/127.0.0.1#5335 ipset=/.chrdnet.com/gfwlist server=/.christianfreedom.org/127.0.0.1#5335 @@ -1754,6 +1706,8 @@ server=/.clinica-tibet.ru/127.0.0.1#5335 ipset=/.clinica-tibet.ru/gfwlist server=/.clipfish.de/127.0.0.1#5335 ipset=/.clipfish.de/gfwlist +server=/.clips4sale.com/127.0.0.1#5335 +ipset=/.clips4sale.com/gfwlist server=/.cloakpoint.com/127.0.0.1#5335 ipset=/.cloakpoint.com/gfwlist server=/.cloud.feedly.com/127.0.0.1#5335 @@ -1790,8 +1744,6 @@ server=/.cn.freeones.com/127.0.0.1#5335 ipset=/.cn.freeones.com/gfwlist server=/.cn.ibtimes.com/127.0.0.1#5335 ipset=/.cn.ibtimes.com/gfwlist -server=/.cn.nytstyle.com/127.0.0.1#5335 -ipset=/.cn.nytstyle.com/gfwlist server=/.cn.sandscotaicentral.com/127.0.0.1#5335 ipset=/.cn.sandscotaicentral.com/gfwlist server=/.cn.shafaqna.com/127.0.0.1#5335 @@ -1948,8 +1900,6 @@ server=/.cristyli.com/127.0.0.1#5335 ipset=/.cristyli.com/gfwlist server=/.crocotube.com/127.0.0.1#5335 ipset=/.crocotube.com/gfwlist -server=/.crossfire.co.kr/127.0.0.1#5335 -ipset=/.crossfire.co.kr/gfwlist server=/.crossthewall.net/127.0.0.1#5335 ipset=/.crossthewall.net/gfwlist server=/.crossvpn.net/127.0.0.1#5335 @@ -2116,8 +2066,6 @@ server=/.darktech.org/127.0.0.1#5335 ipset=/.darktech.org/gfwlist server=/.darktoy.net/127.0.0.1#5335 ipset=/.darktoy.net/gfwlist -server=/.darpa.mil/127.0.0.1#5335 -ipset=/.darpa.mil/gfwlist server=/.dastrassi.org/127.0.0.1#5335 ipset=/.dastrassi.org/gfwlist server=/.data-vocabulary.org/127.0.0.1#5335 @@ -2130,8 +2078,6 @@ server=/.daum.net/127.0.0.1#5335 ipset=/.daum.net/gfwlist server=/.david-kilgour.com/127.0.0.1#5335 ipset=/.david-kilgour.com/gfwlist -server=/.dawangidc.com/127.0.0.1#5335 -ipset=/.dawangidc.com/gfwlist server=/.daxa.cn/127.0.0.1#5335 ipset=/.daxa.cn/gfwlist server=/.db.tt/127.0.0.1#5335 @@ -2166,6 +2112,8 @@ server=/.deck.ly/127.0.0.1#5335 ipset=/.deck.ly/gfwlist server=/.decodet.co/127.0.0.1#5335 ipset=/.decodet.co/gfwlist +server=/.deepdiscount.com/127.0.0.1#5335 +ipset=/.deepdiscount.com/gfwlist server=/.deepmind.com/127.0.0.1#5335 ipset=/.deepmind.com/gfwlist server=/.deezer.com/127.0.0.1#5335 @@ -2228,8 +2176,6 @@ server=/.diigo.com/127.0.0.1#5335 ipset=/.diigo.com/gfwlist server=/.dilber.se/127.0.0.1#5335 ipset=/.dilber.se/gfwlist -server=/.dingchin.com.tw/127.0.0.1#5335 -ipset=/.dingchin.com.tw/gfwlist server=/.dipity.com/127.0.0.1#5335 ipset=/.dipity.com/gfwlist server=/.directcreative.com/127.0.0.1#5335 @@ -2270,14 +2216,10 @@ server=/.dlsite.com/127.0.0.1#5335 ipset=/.dlsite.com/gfwlist server=/.dlyoutube.com/127.0.0.1#5335 ipset=/.dlyoutube.com/gfwlist -server=/.dm530.net/127.0.0.1#5335 -ipset=/.dm530.net/gfwlist server=/.dmcdn.net/127.0.0.1#5335 ipset=/.dmcdn.net/gfwlist server=/.dmhy.org/127.0.0.1#5335 ipset=/.dmhy.org/gfwlist -server=/.dmm.co.jp/127.0.0.1#5335 -ipset=/.dmm.co.jp/gfwlist server=/.dns-dns.com/127.0.0.1#5335 ipset=/.dns-dns.com/gfwlist server=/.dns-stuff.com/127.0.0.1#5335 @@ -2302,8 +2244,6 @@ server=/.dnsrd.com/127.0.0.1#5335 ipset=/.dnsrd.com/gfwlist server=/.dnssec.net/127.0.0.1#5335 ipset=/.dnssec.net/gfwlist -server=/.dnvod.tv/127.0.0.1#5335 -ipset=/.dnvod.tv/gfwlist server=/.doctorvoice.org/127.0.0.1#5335 ipset=/.doctorvoice.org/gfwlist server=/.documentingreality.com/127.0.0.1#5335 @@ -2338,6 +2278,8 @@ server=/.dontmovetochina.com/127.0.0.1#5335 ipset=/.dontmovetochina.com/gfwlist server=/.dorjeshugden.com/127.0.0.1#5335 ipset=/.dorjeshugden.com/gfwlist +server=/.dotgov.gov/127.0.0.1#5335 +ipset=/.dotgov.gov/gfwlist server=/.dotplane.com/127.0.0.1#5335 ipset=/.dotplane.com/gfwlist server=/.dotsub.com/127.0.0.1#5335 @@ -2554,8 +2496,6 @@ server=/.edubridge.com/127.0.0.1#5335 ipset=/.edubridge.com/gfwlist server=/.edupro.org/127.0.0.1#5335 ipset=/.edupro.org/gfwlist -server=/.eesti.ee/127.0.0.1#5335 -ipset=/.eesti.ee/gfwlist server=/.eevpn.com/127.0.0.1#5335 ipset=/.eevpn.com/gfwlist server=/.efcc.org.hk/127.0.0.1#5335 @@ -2702,8 +2642,6 @@ server=/.eslite.com/127.0.0.1#5335 ipset=/.eslite.com/gfwlist server=/.esmtp.biz/127.0.0.1#5335 ipset=/.esmtp.biz/gfwlist -server=/.esurance.com/127.0.0.1#5335 -ipset=/.esurance.com/gfwlist server=/.etaa.org.au/127.0.0.1#5335 ipset=/.etaa.org.au/gfwlist server=/.etadult.com/127.0.0.1#5335 @@ -2910,8 +2848,6 @@ server=/.farwestchina.com/127.0.0.1#5335 ipset=/.farwestchina.com/gfwlist server=/.fast.wistia.com/127.0.0.1#5335 ipset=/.fast.wistia.com/gfwlist -server=/.fastpic.ru/127.0.0.1#5335 -ipset=/.fastpic.ru/gfwlist server=/.fastssh.com/127.0.0.1#5335 ipset=/.fastssh.com/gfwlist server=/.faststone.org/127.0.0.1#5335 @@ -2996,16 +2932,12 @@ server=/.fileflyer.com/127.0.0.1#5335 ipset=/.fileflyer.com/gfwlist server=/.files2me.com/127.0.0.1#5335 ipset=/.files2me.com/gfwlist -server=/.filesor.com/127.0.0.1#5335 -ipset=/.filesor.com/gfwlist server=/.fillthesquare.org/127.0.0.1#5335 ipset=/.fillthesquare.org/gfwlist server=/.filmingfortibet.org/127.0.0.1#5335 ipset=/.filmingfortibet.org/gfwlist server=/.filthdump.com/127.0.0.1#5335 ipset=/.filthdump.com/gfwlist -server=/.financetwitter.com/127.0.0.1#5335 -ipset=/.financetwitter.com/gfwlist server=/.finchvpn.com/127.0.0.1#5335 ipset=/.finchvpn.com/gfwlist server=/.findmespot.com/127.0.0.1#5335 @@ -3062,10 +2994,6 @@ server=/.flyvpn.com/127.0.0.1#5335 ipset=/.flyvpn.com/gfwlist server=/.flyzy2005.com/127.0.0.1#5335 ipset=/.flyzy2005.com/gfwlist -server=/.fnac.be/127.0.0.1#5335 -ipset=/.fnac.be/gfwlist -server=/.fnac.com/127.0.0.1#5335 -ipset=/.fnac.com/gfwlist server=/.fochk.org/127.0.0.1#5335 ipset=/.fochk.org/gfwlist server=/.focustaiwan.tw/127.0.0.1#5335 @@ -3318,8 +3246,6 @@ server=/.fw.cm/127.0.0.1#5335 ipset=/.fw.cm/gfwlist server=/.fxcm-chinese.com/127.0.0.1#5335 ipset=/.fxcm-chinese.com/gfwlist -server=/.fxnetworks.com/127.0.0.1#5335 -ipset=/.fxnetworks.com/gfwlist server=/.fzh999.com/127.0.0.1#5335 ipset=/.fzh999.com/gfwlist server=/.fzh999.net/127.0.0.1#5335 @@ -3470,10 +3396,6 @@ server=/.getsync.com/127.0.0.1#5335 ipset=/.getsync.com/gfwlist server=/.gettrials.com/127.0.0.1#5335 ipset=/.gettrials.com/gfwlist -server=/.gettyimages.com/127.0.0.1#5335 -ipset=/.gettyimages.com/gfwlist -server=/.getuploader.com/127.0.0.1#5335 -ipset=/.getuploader.com/gfwlist server=/.gfbv.de/127.0.0.1#5335 ipset=/.gfbv.de/gfwlist server=/.gfgold.com.hk/127.0.0.1#5335 @@ -3512,8 +3434,6 @@ server=/.gjczz.com/127.0.0.1#5335 ipset=/.gjczz.com/gfwlist server=/.glass8.eu/127.0.0.1#5335 ipset=/.glass8.eu/gfwlist -server=/.global.bing.com/127.0.0.1#5335 -ipset=/.global.bing.com/gfwlist server=/.globaljihad.net/127.0.0.1#5335 ipset=/.globaljihad.net/gfwlist server=/.globalmediaoutreach.com/127.0.0.1#5335 @@ -3536,8 +3456,6 @@ server=/.gloryhole.com/127.0.0.1#5335 ipset=/.gloryhole.com/gfwlist server=/.glorystar.me/127.0.0.1#5335 ipset=/.glorystar.me/gfwlist -server=/.glype.com/127.0.0.1#5335 -ipset=/.glype.com/gfwlist server=/.gmail.com/127.0.0.1#5335 ipset=/.gmail.com/gfwlist server=/.gmbd.cn/127.0.0.1#5335 @@ -4214,10 +4132,6 @@ server=/.hkzone.org/127.0.0.1#5335 ipset=/.hkzone.org/gfwlist server=/.hmonghot.com/127.0.0.1#5335 ipset=/.hmonghot.com/gfwlist -server=/.hmvdigital.ca/127.0.0.1#5335 -ipset=/.hmvdigital.ca/gfwlist -server=/.hmvdigital.com/127.0.0.1#5335 -ipset=/.hmvdigital.com/gfwlist server=/.hnjhj.com/127.0.0.1#5335 ipset=/.hnjhj.com/gfwlist server=/.hnntube.com/127.0.0.1#5335 @@ -4234,8 +4148,6 @@ server=/.holyspiritspeaks.org/127.0.0.1#5335 ipset=/.holyspiritspeaks.org/gfwlist server=/.home.sina.com/127.0.0.1#5335 ipset=/.home.sina.com/gfwlist -server=/.homedepot.com/127.0.0.1#5335 -ipset=/.homedepot.com/gfwlist server=/.homeperversion.com/127.0.0.1#5335 ipset=/.homeperversion.com/gfwlist server=/.homeservershow.com/127.0.0.1#5335 @@ -4248,8 +4160,6 @@ server=/.hongzhi.li/127.0.0.1#5335 ipset=/.hongzhi.li/gfwlist server=/.hootsuite.com/127.0.0.1#5335 ipset=/.hootsuite.com/gfwlist -server=/.hoovers.com/127.0.0.1#5335 -ipset=/.hoovers.com/gfwlist server=/.hopedialogue.org/127.0.0.1#5335 ipset=/.hopedialogue.org/gfwlist server=/.hopto.org/127.0.0.1#5335 @@ -4522,8 +4432,6 @@ server=/.illusionfactory.com/127.0.0.1#5335 ipset=/.illusionfactory.com/gfwlist server=/.ilove80.be/127.0.0.1#5335 ipset=/.ilove80.be/gfwlist -server=/.ilovelongtoes.com/127.0.0.1#5335 -ipset=/.ilovelongtoes.com/gfwlist server=/.im.tv/127.0.0.1#5335 ipset=/.im.tv/gfwlist server=/.im88.tw/127.0.0.1#5335 @@ -4536,8 +4444,6 @@ server=/.imageflea.com/127.0.0.1#5335 ipset=/.imageflea.com/gfwlist server=/.images-gaytube.com/127.0.0.1#5335 ipset=/.images-gaytube.com/gfwlist -server=/.images.comico.tw/127.0.0.1#5335 -ipset=/.images.comico.tw/gfwlist server=/.imageshack.us/127.0.0.1#5335 ipset=/.imageshack.us/gfwlist server=/.imagevenue.com/127.0.0.1#5335 @@ -4664,8 +4570,6 @@ server=/.isaacmao.com/127.0.0.1#5335 ipset=/.isaacmao.com/gfwlist server=/.isasecret.com/127.0.0.1#5335 ipset=/.isasecret.com/gfwlist -server=/.isc.sans.edu/127.0.0.1#5335 -ipset=/.isc.sans.edu/gfwlist server=/.isgreat.org/127.0.0.1#5335 ipset=/.isgreat.org/gfwlist server=/.islahhaber.net/127.0.0.1#5335 @@ -4770,6 +4674,8 @@ server=/.jav68.tv/127.0.0.1#5335 ipset=/.jav68.tv/gfwlist server=/.javakiba.org/127.0.0.1#5335 ipset=/.javakiba.org/gfwlist +server=/.javbus.co/127.0.0.1#5335 +ipset=/.javbus.co/gfwlist server=/.javbus.com/127.0.0.1#5335 ipset=/.javbus.com/gfwlist server=/.javfor.me/127.0.0.1#5335 @@ -4778,10 +4684,6 @@ server=/.javhd.com/127.0.0.1#5335 ipset=/.javhd.com/gfwlist server=/.javhip.com/127.0.0.1#5335 ipset=/.javhip.com/gfwlist -server=/.javhub.net/127.0.0.1#5335 -ipset=/.javhub.net/gfwlist -server=/.javhuge.com/127.0.0.1#5335 -ipset=/.javhuge.com/gfwlist server=/.javlibrary.com/127.0.0.1#5335 ipset=/.javlibrary.com/gfwlist server=/.javmobile.net/127.0.0.1#5335 @@ -4804,8 +4706,6 @@ server=/.jbtalks.com/127.0.0.1#5335 ipset=/.jbtalks.com/gfwlist server=/.jbtalks.my/127.0.0.1#5335 ipset=/.jbtalks.my/gfwlist -server=/.jcpenney.com/127.0.0.1#5335 -ipset=/.jcpenney.com/gfwlist server=/.jdwsy.com/127.0.0.1#5335 ipset=/.jdwsy.com/gfwlist server=/.jeanyim.com/127.0.0.1#5335 @@ -4838,8 +4738,6 @@ server=/.jihadology.net/127.0.0.1#5335 ipset=/.jihadology.net/gfwlist server=/.jiji.com/127.0.0.1#5335 ipset=/.jiji.com/gfwlist -server=/.jims.net/127.0.0.1#5335 -ipset=/.jims.net/gfwlist server=/.jinbushe.org/127.0.0.1#5335 ipset=/.jinbushe.org/gfwlist server=/.jingpin.org/127.0.0.1#5335 @@ -4974,8 +4872,6 @@ server=/.kawaiikawaii.jp/127.0.0.1#5335 ipset=/.kawaiikawaii.jp/gfwlist server=/.kawase.com/127.0.0.1#5335 ipset=/.kawase.com/gfwlist -server=/.kb.monitorware.com/127.0.0.1#5335 -ipset=/.kb.monitorware.com/gfwlist server=/.kba-tx.org/127.0.0.1#5335 ipset=/.kba-tx.org/gfwlist server=/.kcoolonline.com/127.0.0.1#5335 @@ -5002,8 +4898,6 @@ server=/.keycdn.com/127.0.0.1#5335 ipset=/.keycdn.com/gfwlist server=/.khabdha.org/127.0.0.1#5335 ipset=/.khabdha.org/gfwlist -server=/.khatrimaza.org/127.0.0.1#5335 -ipset=/.khatrimaza.org/gfwlist server=/.khmusic.com.tw/127.0.0.1#5335 ipset=/.khmusic.com.tw/gfwlist server=/.kichiku-doujinko.com/127.0.0.1#5335 @@ -5166,8 +5060,6 @@ server=/.leirentv.ca/127.0.0.1#5335 ipset=/.leirentv.ca/gfwlist server=/.leisurecafe.ca/127.0.0.1#5335 ipset=/.leisurecafe.ca/gfwlist -server=/.leisurepro.com/127.0.0.1#5335 -ipset=/.leisurepro.com/gfwlist server=/.lematin.ch/127.0.0.1#5335 ipset=/.lematin.ch/gfwlist server=/.lemonde.fr/127.0.0.1#5335 @@ -5208,8 +5100,6 @@ server=/.liberal.org.hk/127.0.0.1#5335 ipset=/.liberal.org.hk/gfwlist server=/.libertytimes.com.tw/127.0.0.1#5335 ipset=/.libertytimes.com.tw/gfwlist -server=/.lifemiles.com/127.0.0.1#5335 -ipset=/.lifemiles.com/gfwlist server=/.lighten.org.tw/127.0.0.1#5335 ipset=/.lighten.org.tw/gfwlist server=/.lighti.me/127.0.0.1#5335 @@ -5316,8 +5206,6 @@ server=/.longmusic.com/127.0.0.1#5335 ipset=/.longmusic.com/gfwlist server=/.longtermly.net/127.0.0.1#5335 ipset=/.longtermly.net/gfwlist -server=/.longtoes.com/127.0.0.1#5335 -ipset=/.longtoes.com/gfwlist server=/.lookpic.com/127.0.0.1#5335 ipset=/.lookpic.com/gfwlist server=/.looktoronto.com/127.0.0.1#5335 @@ -5376,8 +5264,6 @@ server=/.m.plixi.com/127.0.0.1#5335 ipset=/.m.plixi.com/gfwlist server=/.m.slandr.net/127.0.0.1#5335 ipset=/.m.slandr.net/gfwlist -server=/.macgamestore.com/127.0.0.1#5335 -ipset=/.macgamestore.com/gfwlist server=/.macrovpn.com/127.0.0.1#5335 ipset=/.macrovpn.com/gfwlist server=/.macts.com.tw/127.0.0.1#5335 @@ -5420,10 +5306,6 @@ server=/.mamingzhe.com/127.0.0.1#5335 ipset=/.mamingzhe.com/gfwlist server=/.manchukuo.net/127.0.0.1#5335 ipset=/.manchukuo.net/gfwlist -server=/.mangafox.com/127.0.0.1#5335 -ipset=/.mangafox.com/gfwlist -server=/.mangafox.me/127.0.0.1#5335 -ipset=/.mangafox.me/gfwlist server=/.maniash.com/127.0.0.1#5335 ipset=/.maniash.com/gfwlist server=/.manicur4ik.ru/127.0.0.1#5335 @@ -5574,8 +5456,6 @@ server=/.meyou.jp/127.0.0.1#5335 ipset=/.meyou.jp/gfwlist server=/.meyul.com/127.0.0.1#5335 ipset=/.meyul.com/gfwlist -server=/.mfxmedia.com/127.0.0.1#5335 -ipset=/.mfxmedia.com/gfwlist server=/.mgoon.com/127.0.0.1#5335 ipset=/.mgoon.com/gfwlist server=/.mgstage.com/127.0.0.1#5335 @@ -5746,8 +5626,6 @@ server=/.moodyz.com/127.0.0.1#5335 ipset=/.moodyz.com/gfwlist server=/.moonbbs.com/127.0.0.1#5335 ipset=/.moonbbs.com/gfwlist -server=/.moonbingo.com/127.0.0.1#5335 -ipset=/.moonbingo.com/gfwlist server=/.morningsun.org/127.0.0.1#5335 ipset=/.morningsun.org/gfwlist server=/.moroneta.com/127.0.0.1#5335 @@ -5824,8 +5702,6 @@ server=/.muzi.com/127.0.0.1#5335 ipset=/.muzi.com/gfwlist server=/.muzi.net/127.0.0.1#5335 ipset=/.muzi.net/gfwlist -server=/.muzu.tv/127.0.0.1#5335 -ipset=/.muzu.tv/gfwlist server=/.mvdis.gov.tw/127.0.0.1#5335 ipset=/.mvdis.gov.tw/gfwlist server=/.mvg.jp/127.0.0.1#5335 @@ -5986,6 +5862,8 @@ server=/.nccwatch.org.tw/127.0.0.1#5335 ipset=/.nccwatch.org.tw/gfwlist server=/.nch.com.tw/127.0.0.1#5335 ipset=/.nch.com.tw/gfwlist +server=/.nchrd.org/127.0.0.1#5335 +ipset=/.nchrd.org/gfwlist server=/.ncn.org/127.0.0.1#5335 ipset=/.ncn.org/gfwlist server=/.nde.de/127.0.0.1#5335 @@ -5996,8 +5874,6 @@ server=/.ned.org/127.0.0.1#5335 ipset=/.ned.org/gfwlist server=/.nekoslovakia.net/127.0.0.1#5335 ipset=/.nekoslovakia.net/gfwlist -server=/.neo-miracle.com/127.0.0.1#5335 -ipset=/.neo-miracle.com/gfwlist server=/.nepusoku.com/127.0.0.1#5335 ipset=/.nepusoku.com/gfwlist server=/.net-fits.pro/127.0.0.1#5335 @@ -6128,8 +6004,6 @@ server=/.nic.cz.cc/127.0.0.1#5335 ipset=/.nic.cz.cc/gfwlist server=/.nic.google/127.0.0.1#5335 ipset=/.nic.google/gfwlist -server=/.nic.gov/127.0.0.1#5335 -ipset=/.nic.gov/gfwlist server=/.nicovideo.jp/127.0.0.1#5335 ipset=/.nicovideo.jp/gfwlist server=/.nighost.org/127.0.0.1#5335 @@ -6176,16 +6050,14 @@ server=/.norbulingka.org/127.0.0.1#5335 ipset=/.norbulingka.org/gfwlist server=/.nordstrom.com/127.0.0.1#5335 ipset=/.nordstrom.com/gfwlist -server=/.nordstromimage.com/127.0.0.1#5335 -ipset=/.nordstromimage.com/gfwlist +server=/.nordstrommedia.com/127.0.0.1#5335 +ipset=/.nordstrommedia.com/gfwlist server=/.nordstromrack.com/127.0.0.1#5335 ipset=/.nordstromrack.com/gfwlist server=/.nordvpn.com/127.0.0.1#5335 ipset=/.nordvpn.com/gfwlist server=/.notify.dropboxapi.com/127.0.0.1#5335 ipset=/.notify.dropboxapi.com/gfwlist -server=/.nottinghampost.com/127.0.0.1#5335 -ipset=/.nottinghampost.com/gfwlist server=/.novelasia.com/127.0.0.1#5335 ipset=/.novelasia.com/gfwlist server=/.now.com/127.0.0.1#5335 @@ -6206,8 +6078,6 @@ server=/.npnt.me/127.0.0.1#5335 ipset=/.npnt.me/gfwlist server=/.nps.gov/127.0.0.1#5335 ipset=/.nps.gov/gfwlist -server=/.npsboost.com/127.0.0.1#5335 -ipset=/.npsboost.com/gfwlist server=/.nradio.me/127.0.0.1#5335 ipset=/.nradio.me/gfwlist server=/.nrk.no/127.0.0.1#5335 @@ -6246,8 +6116,6 @@ server=/.ntdtv.co.kr/127.0.0.1#5335 ipset=/.ntdtv.co.kr/gfwlist server=/.ntdtv.com/127.0.0.1#5335 ipset=/.ntdtv.com/gfwlist -server=/.ntdtv.cz/127.0.0.1#5335 -ipset=/.ntdtv.cz/gfwlist server=/.ntdtv.org/127.0.0.1#5335 ipset=/.ntdtv.org/gfwlist server=/.ntdtv.ru/127.0.0.1#5335 @@ -6260,14 +6128,14 @@ server=/.ntsna.gov.tw/127.0.0.1#5335 ipset=/.ntsna.gov.tw/gfwlist server=/.nubiles.net/127.0.0.1#5335 ipset=/.nubiles.net/gfwlist +server=/.nudezz.com/127.0.0.1#5335 +ipset=/.nudezz.com/gfwlist server=/.nuexpo.com/127.0.0.1#5335 ipset=/.nuexpo.com/gfwlist server=/.nukistream.com/127.0.0.1#5335 ipset=/.nukistream.com/gfwlist server=/.nurgo-software.com/127.0.0.1#5335 ipset=/.nurgo-software.com/gfwlist -server=/.nusatrip.com/127.0.0.1#5335 -ipset=/.nusatrip.com/gfwlist server=/.nutaku.net/127.0.0.1#5335 ipset=/.nutaku.net/gfwlist server=/.nuuvem.com/127.0.0.1#5335 @@ -6332,6 +6200,8 @@ server=/.ocreampies.com/127.0.0.1#5335 ipset=/.ocreampies.com/gfwlist server=/.ocry.com/127.0.0.1#5335 ipset=/.ocry.com/gfwlist +server=/.ocsp.int-x3.letsencrypt.org/127.0.0.1#5335 +ipset=/.ocsp.int-x3.letsencrypt.org/gfwlist server=/.october-review.org/127.0.0.1#5335 ipset=/.october-review.org/gfwlist server=/.oculus.com/127.0.0.1#5335 @@ -6382,8 +6252,6 @@ server=/.on.cc/127.0.0.1#5335 ipset=/.on.cc/gfwlist server=/.on2.com/127.0.0.1#5335 ipset=/.on2.com/gfwlist -server=/.onapp.com/127.0.0.1#5335 -ipset=/.onapp.com/gfwlist server=/.onedrive.live.com/127.0.0.1#5335 ipset=/.onedrive.live.com/gfwlist server=/.onedumb.com/127.0.0.1#5335 @@ -6416,8 +6284,6 @@ server=/.onmypc.us/127.0.0.1#5335 ipset=/.onmypc.us/gfwlist server=/.onthehunt.com/127.0.0.1#5335 ipset=/.onthehunt.com/gfwlist -server=/.ontrac.com/127.0.0.1#5335 -ipset=/.ontrac.com/gfwlist server=/.oopsforum.com/127.0.0.1#5335 ipset=/.oopsforum.com/gfwlist server=/.open.com.hk/127.0.0.1#5335 @@ -6552,8 +6418,8 @@ server=/.paradisehill.cc/127.0.0.1#5335 ipset=/.paradisehill.cc/gfwlist server=/.paradisepoker.com/127.0.0.1#5335 ipset=/.paradisepoker.com/gfwlist -server=/.parkansky.com/127.0.0.1#5335 -ipset=/.parkansky.com/gfwlist +server=/.parts.blog.livedoor.jp/127.0.0.1#5335 +ipset=/.parts.blog.livedoor.jp/gfwlist server=/.partycasino.com/127.0.0.1#5335 ipset=/.partycasino.com/gfwlist server=/.partypoker.com/127.0.0.1#5335 @@ -6906,6 +6772,8 @@ server=/.proxomitron.info/127.0.0.1#5335 ipset=/.proxomitron.info/gfwlist server=/.proxpn.com/127.0.0.1#5335 ipset=/.proxpn.com/gfwlist +server=/.proxy.org/127.0.0.1#5335 +ipset=/.proxy.org/gfwlist server=/.proxy1.xyz/127.0.0.1#5335 ipset=/.proxy1.xyz/gfwlist server=/.proxyanonimo.es/127.0.0.1#5335 @@ -6948,6 +6816,8 @@ server=/.pttvan.org/127.0.0.1#5335 ipset=/.pttvan.org/gfwlist server=/.pubu.com.tw/127.0.0.1#5335 ipset=/.pubu.com.tw/gfwlist +server=/.puffin.com/127.0.0.1#5335 +ipset=/.puffin.com/gfwlist server=/.puffinbrowser.com/127.0.0.1#5335 ipset=/.puffinbrowser.com/gfwlist server=/.puffstore.com/127.0.0.1#5335 @@ -6956,8 +6826,6 @@ server=/.pullfolio.com/127.0.0.1#5335 ipset=/.pullfolio.com/gfwlist server=/.pulse.yahoo.com/127.0.0.1#5335 ipset=/.pulse.yahoo.com/gfwlist -server=/.pure18.com/127.0.0.1#5335 -ipset=/.pure18.com/gfwlist server=/.pureconcepts.net/127.0.0.1#5335 ipset=/.pureconcepts.net/gfwlist server=/.pureinsight.org/127.0.0.1#5335 @@ -6984,8 +6852,6 @@ server=/.pwned.com/127.0.0.1#5335 ipset=/.pwned.com/gfwlist server=/.python.com/127.0.0.1#5335 ipset=/.python.com/gfwlist -server=/.pytorch.org/127.0.0.1#5335 -ipset=/.pytorch.org/gfwlist server=/.qanote.com/127.0.0.1#5335 ipset=/.qanote.com/gfwlist server=/.qgirl.com.tw/127.0.0.1#5335 @@ -7012,8 +6878,6 @@ server=/.qoos.com/127.0.0.1#5335 ipset=/.qoos.com/gfwlist server=/.qpoe.com/127.0.0.1#5335 ipset=/.qpoe.com/gfwlist -server=/.qq.co.za/127.0.0.1#5335 -ipset=/.qq.co.za/gfwlist server=/.qstatus.com/127.0.0.1#5335 ipset=/.qstatus.com/gfwlist server=/.qtrac.eu/127.0.0.1#5335 @@ -7046,8 +6910,6 @@ server=/.qxbbs.org/127.0.0.1#5335 ipset=/.qxbbs.org/gfwlist server=/.qz.com/127.0.0.1#5335 ipset=/.qz.com/gfwlist -server=/.r18.com/127.0.0.1#5335 -ipset=/.r18.com/gfwlist server=/.ra.gg/127.0.0.1#5335 ipset=/.ra.gg/gfwlist server=/.radicalparty.org/127.0.0.1#5335 @@ -7070,8 +6932,8 @@ server=/.raidtalk.com.tw/127.0.0.1#5335 ipset=/.raidtalk.com.tw/gfwlist server=/.raizoji.or.jp/127.0.0.1#5335 ipset=/.raizoji.or.jp/gfwlist -server=/.ramcity.com.au/127.0.0.1#5335 -ipset=/.ramcity.com.au/gfwlist +server=/.rakuten.co.jp/127.0.0.1#5335 +ipset=/.rakuten.co.jp/gfwlist server=/.rangwang.biz/127.0.0.1#5335 ipset=/.rangwang.biz/gfwlist server=/.rangzen.com/127.0.0.1#5335 @@ -7108,10 +6970,6 @@ server=/.rcinet.ca/127.0.0.1#5335 ipset=/.rcinet.ca/gfwlist server=/.rconversation.blogs.com/127.0.0.1#5335 ipset=/.rconversation.blogs.com/gfwlist -server=/.rd.com/127.0.0.1#5335 -ipset=/.rd.com/gfwlist -server=/.rdio.com/127.0.0.1#5335 -ipset=/.rdio.com/gfwlist server=/.read01.com/127.0.0.1#5335 ipset=/.read01.com/gfwlist server=/.read100.com/127.0.0.1#5335 @@ -7126,8 +6984,6 @@ server=/.realcourage.org/127.0.0.1#5335 ipset=/.realcourage.org/gfwlist server=/.realforum.zkiz.com/127.0.0.1#5335 ipset=/.realforum.zkiz.com/gfwlist -server=/.realitykings.com/127.0.0.1#5335 -ipset=/.realitykings.com/gfwlist server=/.realraptalk.com/127.0.0.1#5335 ipset=/.realraptalk.com/gfwlist server=/.realsexpass.com/127.0.0.1#5335 @@ -7298,8 +7154,6 @@ server=/.s-cute.com/127.0.0.1#5335 ipset=/.s-cute.com/gfwlist server=/.s-dragon.org/127.0.0.1#5335 ipset=/.s-dragon.org/gfwlist -server=/.s1.nudezz.com/127.0.0.1#5335 -ipset=/.s1.nudezz.com/gfwlist server=/.s1heng.com/127.0.0.1#5335 ipset=/.s1heng.com/gfwlist server=/.s1s1s1.com/127.0.0.1#5335 @@ -7472,8 +7326,6 @@ server=/.sexinsex.net/127.0.0.1#5335 ipset=/.sexinsex.net/gfwlist server=/.sextvx.com/127.0.0.1#5335 ipset=/.sextvx.com/gfwlist -server=/.sexxxy.biz/127.0.0.1#5335 -ipset=/.sexxxy.biz/gfwlist server=/.sfileydy.com/127.0.0.1#5335 ipset=/.sfileydy.com/gfwlist server=/.sfshibao.com/127.0.0.1#5335 @@ -7514,8 +7366,6 @@ server=/.shapeservices.com/127.0.0.1#5335 ipset=/.shapeservices.com/gfwlist server=/.share.america.gov/127.0.0.1#5335 ipset=/.share.america.gov/gfwlist -server=/.share.dmhy.org/127.0.0.1#5335 -ipset=/.share.dmhy.org/gfwlist server=/.share.youthwant.com.tw/127.0.0.1#5335 ipset=/.share.youthwant.com.tw/gfwlist server=/.sharebee.com/127.0.0.1#5335 @@ -7552,6 +7402,8 @@ server=/.shicheng.org/127.0.0.1#5335 ipset=/.shicheng.org/gfwlist server=/.shiksha.com/127.0.0.1#5335 ipset=/.shiksha.com/gfwlist +server=/.shiksha.ws/127.0.0.1#5335 +ipset=/.shiksha.ws/gfwlist server=/.shinychan.com/127.0.0.1#5335 ipset=/.shinychan.com/gfwlist server=/.shipcamouflage.com/127.0.0.1#5335 @@ -7670,8 +7522,6 @@ server=/.skyvegas.com/127.0.0.1#5335 ipset=/.skyvegas.com/gfwlist server=/.skyxvpn.com/127.0.0.1#5335 ipset=/.skyxvpn.com/gfwlist -server=/.slacker.com/127.0.0.1#5335 -ipset=/.slacker.com/gfwlist server=/.slaytizle.com/127.0.0.1#5335 ipset=/.slaytizle.com/gfwlist server=/.sleazydream.com/127.0.0.1#5335 @@ -7812,8 +7662,6 @@ server=/.southnews.com.tw/127.0.0.1#5335 ipset=/.southnews.com.tw/gfwlist server=/.sowers.org.hk/127.0.0.1#5335 ipset=/.sowers.org.hk/gfwlist -server=/.soylentnews.org/127.0.0.1#5335 -ipset=/.soylentnews.org/gfwlist server=/.spaces.hightail.com/127.0.0.1#5335 ipset=/.spaces.hightail.com/gfwlist server=/.spankbang.com/127.0.0.1#5335 @@ -7848,12 +7696,8 @@ server=/.spotflux.com/127.0.0.1#5335 ipset=/.spotflux.com/gfwlist server=/.spotify.com/127.0.0.1#5335 ipset=/.spotify.com/gfwlist -server=/.spreadshirt.es/127.0.0.1#5335 -ipset=/.spreadshirt.es/gfwlist server=/.spring4u.info/127.0.0.1#5335 ipset=/.spring4u.info/gfwlist -server=/.springboardplatform.com/127.0.0.1#5335 -ipset=/.springboardplatform.com/gfwlist server=/.sproutcore.com/127.0.0.1#5335 ipset=/.sproutcore.com/gfwlist server=/.sproxy.info/127.0.0.1#5335 @@ -7876,8 +7720,6 @@ server=/.ssglobal.me/127.0.0.1#5335 ipset=/.ssglobal.me/gfwlist server=/.ssh91.com/127.0.0.1#5335 ipset=/.ssh91.com/gfwlist -server=/.ssl.webpack.de/127.0.0.1#5335 -ipset=/.ssl.webpack.de/gfwlist server=/.ssl443.org/127.0.0.1#5335 ipset=/.ssl443.org/gfwlist server=/.sspanel.net/127.0.0.1#5335 @@ -7910,8 +7752,6 @@ server=/.stat.gov.tw/127.0.0.1#5335 ipset=/.stat.gov.tw/gfwlist server=/.static-economist.com/127.0.0.1#5335 ipset=/.static-economist.com/gfwlist -server=/.static.comico.tw/127.0.0.1#5335 -ipset=/.static.comico.tw/gfwlist server=/.static.shemalez.com/127.0.0.1#5335 ipset=/.static.shemalez.com/gfwlist server=/.static01.nyt.com/127.0.0.1#5335 @@ -8020,8 +7860,6 @@ server=/.supchina.com/127.0.0.1#5335 ipset=/.supchina.com/gfwlist server=/.superfreevpn.com/127.0.0.1#5335 ipset=/.superfreevpn.com/gfwlist -server=/.superokayama.com/127.0.0.1#5335 -ipset=/.superokayama.com/gfwlist server=/.superpages.com/127.0.0.1#5335 ipset=/.superpages.com/gfwlist server=/.supervpn.net/127.0.0.1#5335 @@ -8044,8 +7882,6 @@ server=/.suyangg.com/127.0.0.1#5335 ipset=/.suyangg.com/gfwlist server=/.svsfx.com/127.0.0.1#5335 ipset=/.svsfx.com/gfwlist -server=/.swagbucks.com/127.0.0.1#5335 -ipset=/.swagbucks.com/gfwlist server=/.swissinfo.ch/127.0.0.1#5335 ipset=/.swissinfo.ch/gfwlist server=/.swissvpn.net/127.0.0.1#5335 @@ -8164,8 +8000,6 @@ server=/.taoism.net/127.0.0.1#5335 ipset=/.taoism.net/gfwlist server=/.taolun.info/127.0.0.1#5335 ipset=/.taolun.info/gfwlist -server=/.tapanwap.com/127.0.0.1#5335 -ipset=/.tapanwap.com/gfwlist server=/.tapatalk.com/127.0.0.1#5335 ipset=/.tapatalk.com/gfwlist server=/.tascn.com.au/127.0.0.1#5335 @@ -9408,8 +9242,6 @@ server=/.vocn.tv/127.0.0.1#5335 ipset=/.vocn.tv/gfwlist server=/.vod-abematv.akamaized.net/127.0.0.1#5335 ipset=/.vod-abematv.akamaized.net/gfwlist -server=/.vod.wwe.com/127.0.0.1#5335 -ipset=/.vod.wwe.com/gfwlist server=/.vot.org/127.0.0.1#5335 ipset=/.vot.org/gfwlist server=/.vovo2000.com/127.0.0.1#5335 @@ -9690,8 +9522,6 @@ server=/.wheelockslatin.com/127.0.0.1#5335 ipset=/.wheelockslatin.com/gfwlist server=/.whereiswerner.com/127.0.0.1#5335 ipset=/.whereiswerner.com/gfwlist -server=/.wheretowatch.com/127.0.0.1#5335 -ipset=/.wheretowatch.com/gfwlist server=/.whichav.com/127.0.0.1#5335 ipset=/.whichav.com/gfwlist server=/.whippedass.com/127.0.0.1#5335 @@ -9744,6 +9574,8 @@ server=/.wikimapia.org/127.0.0.1#5335 ipset=/.wikimapia.org/gfwlist server=/.wikipedia.org/127.0.0.1#5335 ipset=/.wikipedia.org/gfwlist +server=/.wikiwand.com/127.0.0.1#5335 +ipset=/.wikiwand.com/gfwlist server=/.wikiwiki.jp/127.0.0.1#5335 ipset=/.wikiwiki.jp/gfwlist server=/.wildammo.com/127.0.0.1#5335 @@ -9756,8 +9588,6 @@ server=/.windowsphoneme.com/127.0.0.1#5335 ipset=/.windowsphoneme.com/gfwlist server=/.windscribe.com/127.0.0.1#5335 ipset=/.windscribe.com/gfwlist -server=/.wingamestore.com/127.0.0.1#5335 -ipset=/.wingamestore.com/gfwlist server=/.wingy.site/127.0.0.1#5335 ipset=/.wingy.site/gfwlist server=/.winning11.com/127.0.0.1#5335 @@ -9802,8 +9632,6 @@ server=/.wo3ttt.wordpress.com/127.0.0.1#5335 ipset=/.wo3ttt.wordpress.com/gfwlist server=/.woeser.com/127.0.0.1#5335 ipset=/.woeser.com/gfwlist -server=/.wokar.org/127.0.0.1#5335 -ipset=/.wokar.org/gfwlist server=/.wolfax.com/127.0.0.1#5335 ipset=/.wolfax.com/gfwlist server=/.woolyss.com/127.0.0.1#5335 @@ -9812,8 +9640,6 @@ server=/.woopie.jp/127.0.0.1#5335 ipset=/.woopie.jp/gfwlist server=/.woopie.tv/127.0.0.1#5335 ipset=/.woopie.tv/gfwlist -server=/.wordpress.com/127.0.0.1#5335 -ipset=/.wordpress.com/gfwlist server=/.workatruna.com/127.0.0.1#5335 ipset=/.workatruna.com/gfwlist server=/.workerdemo.org.hk/127.0.0.1#5335 @@ -9846,8 +9672,6 @@ server=/.woyaolian.org/127.0.0.1#5335 ipset=/.woyaolian.org/gfwlist server=/.wozy.in/127.0.0.1#5335 ipset=/.wozy.in/gfwlist -server=/.wp.com/127.0.0.1#5335 -ipset=/.wp.com/gfwlist server=/.wpoforum.com/127.0.0.1#5335 ipset=/.wpoforum.com/gfwlist server=/.wqyd.org/127.0.0.1#5335 @@ -9890,8 +9714,6 @@ server=/.wuyanblog.com/127.0.0.1#5335 ipset=/.wuyanblog.com/gfwlist server=/.wwitv.com/127.0.0.1#5335 ipset=/.wwitv.com/gfwlist -server=/.www.abclite.net/127.0.0.1#5335 -ipset=/.www.abclite.net/gfwlist server=/.www.ajsands.com/127.0.0.1#5335 ipset=/.www.ajsands.com/gfwlist server=/.www.americorps.gov/127.0.0.1#5335 @@ -9948,8 +9770,6 @@ server=/.www.websnapr.com/127.0.0.1#5335 ipset=/.www.websnapr.com/gfwlist server=/.www1.biz/127.0.0.1#5335 ipset=/.www1.biz/gfwlist -server=/.wwwhost.biz/127.0.0.1#5335 -ipset=/.wwwhost.biz/gfwlist server=/.x-art.com/127.0.0.1#5335 ipset=/.x-art.com/gfwlist server=/.x-berry.com/127.0.0.1#5335 @@ -10052,6 +9872,8 @@ server=/.xmovies.com/127.0.0.1#5335 ipset=/.xmovies.com/gfwlist server=/.xn--4gq171p.com/127.0.0.1#5335 ipset=/.xn--4gq171p.com/gfwlist +server=/.xn--90wwvt03e.com/127.0.0.1#5335 +ipset=/.xn--90wwvt03e.com/gfwlist server=/.xn--czq75pvv1aj5c.org/127.0.0.1#5335 ipset=/.xn--czq75pvv1aj5c.org/gfwlist server=/.xn--i2ru8q2qg.com/127.0.0.1#5335 @@ -10244,8 +10066,6 @@ server=/.youtubegaming.com/127.0.0.1#5335 ipset=/.youtubegaming.com/gfwlist server=/.youversion.com/127.0.0.1#5335 ipset=/.youversion.com/gfwlist -server=/.youwin.com/127.0.0.1#5335 -ipset=/.youwin.com/gfwlist server=/.youxu.info/127.0.0.1#5335 ipset=/.youxu.info/gfwlist server=/.yt.be/127.0.0.1#5335 @@ -10254,8 +10074,6 @@ server=/.ytht.net/127.0.0.1#5335 ipset=/.ytht.net/gfwlist server=/.ytimg.com/127.0.0.1#5335 ipset=/.ytimg.com/gfwlist -server=/.ytn.co.kr/127.0.0.1#5335 -ipset=/.ytn.co.kr/gfwlist server=/.yuanming.net/127.0.0.1#5335 ipset=/.yuanming.net/gfwlist server=/.yuanzhengtang.org/127.0.0.1#5335 @@ -10398,10 +10216,10 @@ server=/.zoozle.net/127.0.0.1#5335 ipset=/.zoozle.net/gfwlist server=/.zorrovpn.com/127.0.0.1#5335 ipset=/.zorrovpn.com/gfwlist -server=/.zozotown.com/127.0.0.1#5335 -ipset=/.zozotown.com/gfwlist server=/.zpn.im/127.0.0.1#5335 ipset=/.zpn.im/gfwlist +server=/.zsdxzk.com/127.0.0.1#5335 +ipset=/.zsdxzk.com/gfwlist server=/.zspeeder.me/127.0.0.1#5335 ipset=/.zspeeder.me/gfwlist server=/.zsrhao.com/127.0.0.1#5335 diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index f932fd216..ff6082594 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -10,10 +10,10 @@ START=95 STOP=15 - SERVICE_DAEMONIZE=1 -NAME=shadowsocksr EXTRA_COMMANDS=rules +NAME=shadowsocksr +LOCK_FILE=/var/lock/${NAME}.lock CONFIG_FILE=/var/etc/${NAME}.json CONFIG_UDP_FILE=/var/etc/${NAME}_u.json CONFIG_SOCK5_FILE=/var/etc/${NAME}_s.json @@ -28,7 +28,6 @@ kcp_flag=0 pdnsd_enable_flag=0 switch_enable=0 switch_server=$1 -MAXFD=32768 CRON_FILE=/etc/crontabs/root threads=1 @@ -42,33 +41,47 @@ uci_get_by_type() { echo ${ret:=$3} } +uci_set_by_name() { + uci set $NAME.$1.$2=$3 2>/dev/null + uci commit $NAME +} + +uci_set_by_type() { + uci set $NAME.@$1[0].$2=$3 2>/dev/null + uci commit $NAME +} + uci_get_by_cfgid() { local ret=$(uci show $NAME.@$1[0].$2 | awk -F '.' '{print $2}' 2>/dev/null) echo ${ret:=$3} } -check_host() { +get_host_ip() { local host=$1 - if echo $host | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - hostip=$host - elif [ "$host" != "${host#*:[0-9a-fA-F]}" ]; then - hostip=$host - else - hostip=$(ping $host -W 1 -s 1 -c 1 | grep PING | cut -d'(' -f 2 | cut -d')' -f1) - if echo $hostip | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - hostip=$hostip + local isip="" + local ip=$host + isip=$(echo $host | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}") + if [ -z "$isip" ]; then + if [ "$host" != "${host#*:[0-9a-fA-F]}" ]; then + ip=$host else - hostip="127.0.0.1" + local ip=$(resolveip -4 -t 3 $host | awk 'NR==1{print}') + [ -z "$ip" ] && ip=$(wget -q -O- http://119.29.29.29/d?dn=$1 | awk -F ';' '{print $1}') fi fi - echo -e $hostip + echo ${ip:="127.0.0.1"} +} + +clean_log() { + logsnum=$(cat /tmp/ssrplus.log 2>/dev/null | wc -l) + [ "$logsnum" -gt 1000 ] && { + echo "$(date "+%Y-%m-%d %H:%M:%S") 日志文件过长,清空处理!" >/tmp/ssrplus.log + } } add_cron() { sed -i '/shadowsocksr/d' $CRON_FILE - sed -i '/ssrplus.log/d' $CRON_FILE && echo '0 1 * * * echo "" > /tmp/ssrplus.log' >>$CRON_FILE - [ $(uci_get_by_type server_subscribe auto_update 0) -eq 1 ] && echo "0 $(uci_get_by_type server_subscribe auto_update_time) * * * /usr/share/shadowsocksr/ssrplusupdate.sh >> /tmp/ssrplus.log 2>&1" >>$CRON_FILE - + [ $(uci_get_by_type server_subscribe auto_update 0) -eq 1 ] && echo "0 $(uci_get_by_type server_subscribe auto_update_time) * * * /usr/share/shadowsocksr/ssrplusupdate.sh >>/tmp/ssrplus.log 2>&1" >>$CRON_FILE crontab $CRON_FILE } @@ -76,41 +89,58 @@ del_cron() { sed -i '/shadowsocksr/d' $CRON_FILE sed -i '/ssrplus.log/d' $CRON_FILE /etc/init.d/cron restart + clean_log } -run_mode=$(uci_get_by_type global run_mode) +unlock() { + failcount=1 + while [ "$failcount" -le 10 ]; do + if [ -f "$LOCK_FILE" ]; then + let "failcount++" + sleep 1s + [ "$failcount" -ge 10 ] && rm -f "$LOCK_FILE" + else + break + fi + done +} + +find_bin() { + case "$1" in + ss) ret="/usr/bin/ss-redir" ;; + ss-local) ret="/usr/bin/ss-local" ;; + ssr) ret="/usr/bin/ssr-redir" ;; + ssr-local) ret="/usr/bin/ssr-local" ;; + ssr-server) ret="/usr/bin/ssr-server" ;; + v2ray) ret="/usr/bin/v2ray/v2ray" && [ ! -f "$ret" ] && ret="/usr/bin/v2ray" ;; + trojan) ret="/usr/sbin/trojan" ;; + socks5 | tun) ret="/usr/sbin/redsocks2" ;; + esac + echo $ret +} gen_config_file() { - local host=$(uci_get_by_name $1 server) - if echo $host | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - hostip=$host - elif [ "$host" != "${host#*:[0-9a-fA-F]}" ]; then - hostip=$host + local hostip=$(get_host_ip $(uci_get_by_name $1 server)) + if [ "$hostip" == "127.0.0.1" ]; then + hostip=$(uci_get_by_name $1 ip) else - hostip=$(ping $host -W 1 -s 1 -c 1 | grep PING | cut -d'(' -f 2 | cut -d')' -f1) - if echo $hostip | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - hostip=$hostip - else - hostip=$(cat /etc/ssr_ip) - fi + uci_set_by_name $1 ip $hostip fi [ "$2" == "0" -a "$kcp_flag" == "1" ] && hostip="127.0.0.1" - if [ "$2" == "0" ]; then - config_file=$CONFIG_FILE - elif [ "$2" == "1" ]; then - config_file=$CONFIG_UDP_FILE - elif [ "$2" == "2" ]; then - config_file=$CONFIG_NETFLIX_FILE - else - config_file=$CONFIG_SOCK5_FILE - fi + case "$2" in + 0) config_file=$CONFIG_FILE ;; + 1) config_file=$CONFIG_UDP_FILE ;; + 2) config_file=$CONFIG_NETFLIX_FILE ;; + *) config_file=$CONFIG_SOCK5_FILE ;; + esac if [ $(uci_get_by_name $1 fast_open 0) == "1" ]; then fastopen="true" else fastopen="false" fi - local stype=$(uci_get_by_name $1 type) - if [ "$stype" == "ss" ]; then + local type=$(uci_get_by_name $1 type) + case "$type" in + ss) cat <<-EOF >$config_file { "server": "$hostip", @@ -135,7 +165,8 @@ gen_config_file() { echo "$(date "+%Y-%m-%d %H:%M:%S") Warning!!! SIP003 plugin $plugin not found!!!" >>/tmp/ssrplus.log fi fi - elif [ "$stype" == "ssr" ]; then + ;; + ssr) cat <<-EOF >$config_file { "server": "$hostip", @@ -153,357 +184,18 @@ gen_config_file() { "fast_open": $fastopen } EOF - elif [ "$stype" == "v2ray" ]; then + ;; + v2ray) lua /usr/share/shadowsocksr/genv2config.lua $GLOBAL_SERVER tcp $(uci_get_by_name $1 local_port) >/var/etc/v2-ssr-retcp.json sed -i 's/\\//g' /var/etc/v2-ssr-retcp.json - elif [ "$stype" == "trojan" ]; then + ;; + trojan) lua /usr/share/shadowsocksr/gentrojanconfig.lua $GLOBAL_SERVER nat $(uci_get_by_name $1 local_port) >/var/etc/trojan-ssr-retcp.json sed -i 's/\\//g' /var/etc/trojan-ssr-retcp.json - fi -} - -get_arg_out() { - case "$(uci_get_by_type access_control router_proxy 1)" in - 1) echo "-o" ;; - 2) echo "-O" ;; + ;; esac } -start_rules() { - local server=$(uci_get_by_name $GLOBAL_SERVER server) - #resolve name - if echo $server | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - server=$server - elif [ "$server" != "${server#*:[0-9a-fA-F]}" ]; then - server=$server - else - server=$(ping $server -W 1 -s 1 -c 1 | grep PING | cut -d'(' -f 2 | cut -d')' -f1) - if echo $server | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - echo $server >/etc/ssr_ip - else - server=$(cat /etc/ssr_ip) - fi - fi - kcp_server=$server - local kcp_enable=$(uci_get_by_name $GLOBAL_SERVER kcp_enable 0) - if [ $kcp_enable == "1" ]; then - kcp_flag=1 - fi - local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port) - local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips) - local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode) - local router_proxy=$(uci_get_by_type access_control router_proxy) - if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a "$kcp_flag" == "0" ]; then - ARG_UDP="-u" - elif [ -n "$UDP_RELAY_SERVER" ]; then - ARG_UDP="-U" - local udp_server=$(uci_get_by_name $UDP_RELAY_SERVER server) - local udp_local_port=$(uci_get_by_name $UDP_RELAY_SERVER local_port) - fi - if [ -n "$lan_ac_ips" ]; then - case "$lan_ac_mode" in - w | W | b | B) local ac_ips="$lan_ac_mode$lan_ac_ips" ;; - esac - fi - - #deal gfw firewall rule - local gfwmode="" - if [ "$run_mode" == "gfw" ]; then - gfwmode="-g" - elif [ "$run_mode" == "router" ]; then - gfwmode="-r" - elif [ "$run_mode" == "oversea" ]; then - gfwmode="-c" - elif [ "$run_mode" == "all" ]; then - gfwmode="-z" - fi - local dports=$(uci_get_by_type global dports 1) - if [ $dports == "1" ]; then - proxyport=" " - else - proxyport="-m multiport --dports 22,53,587,465,995,993,143,80,443" - fi - if [ "$NETFLIX_SERVER" != "nil" ]; then - if [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then - netflix="1" - else - netflix="2" - fi - else - netflix="0" - fi - netflix_ip=$(check_host $(uci_get_by_name $NETFLIX_SERVER server 127.0.0.1)) - /usr/bin/ssr-rules \ - -s "$server" \ - -l "$local_port" \ - -S "$udp_server" \ - -L "$udp_local_port" \ - -a "$ac_ips" \ - -i "$(uci_get_by_type access_control wan_bp_list)" \ - -b "$(uci_get_by_type access_control wan_bp_ips)" \ - -w "$(uci_get_by_type access_control wan_fw_ips)" \ - -B "$(uci_get_by_type access_control lan_bp_ips)" \ - -p "$(uci_get_by_type access_control lan_fp_ips)" \ - -G "$(uci_get_by_type access_control lan_gm_ips)" \ - -D "$proxyport" \ - -F "$netflix" \ - -N "$netflix_ip" \ - -M "$(uci_get_by_type global netflix_proxy 0)" \ - $(get_arg_out) $gfwmode $ARG_UDP - return $? -} - -start_pdnsd() { - local usr_dns="$1" - local usr_port="$2" - local tcp_dns_list="208.67.222.222, 208.67.220.220" - [ -z "$usr_dns" ] && usr_dns="8.8.8.8" - [ -z "$usr_port" ] && usr_port="53" - [ -d /var/etc ] || mkdir -p /var/etc - if [ ! -d /var/pdnsd ]; then - mkdir -p /var/pdnsd - echo -ne "pd13\000\000\000\000" >/var/pdnsd/pdnsd.cache - chown -R nobody:nogroup /var/pdnsd - fi - cat <<-EOF >/var/etc/pdnsd.conf - global{ - perm_cache=1024; - cache_dir="/var/pdnsd"; - pid_file="/var/run/pdnsd.pid"; - run_as="nobody"; - server_ip=127.0.0.1; - server_port=5335; - status_ctl=on; - query_method=tcp_only; - min_ttl=1h; - max_ttl=1w; - timeout=10; - neg_domain_pol=on; - proc_limit=2; - procq_limit=8; - par_queries=1; - } - server{ - label="ssr-usrdns"; - ip=$usr_dns; - port=$usr_port; - timeout=6; - uptest=none; - interval=10m; - purge_cache=off; - } - EOF - /usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d & -} - -start_redir() { - case "$(uci_get_by_name $GLOBAL_SERVER auth_enable)" in - 1 | on | true | yes | enabled) ARG_OTA="-A" ;; - *) ARG_OTA="" ;; - esac - #deal kcp - local kcp_enable=$(uci_get_by_name $GLOBAL_SERVER kcp_enable 0) - if [ "$kcp_enable" == "1" ]; then - [ ! -f "/usr/bin/kcptun-client" ] && return 1 - local kcp_str=$(/usr/bin/kcptun-client -v | grep kcptun | wc -l) - [ "0" == "$kcp_str" ] && return 1 - local kcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port) - local server_port=$(uci_get_by_name $GLOBAL_SERVER server_port) - local password=$(uci_get_by_name $GLOBAL_SERVER kcp_password) - local kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param) - [ "$password" != "" ] && password="--key "$password - service_start /usr/bin/kcptun-client \ - -r $kcp_server:$kcp_port \ - -l :$server_port $password $kcp_param - kcp_enable_flag=1 - fi - - gen_config_file $GLOBAL_SERVER 0 $(uci_get_by_name $GLOBAL_SERVER local_port 1234) - local stype=$(uci_get_by_name $GLOBAL_SERVER type) - if [ "$stype" == "ss" ]; then - sscmd="/usr/bin/ss-redir" - elif [ "$stype" == "ssr" ]; then - sscmd="/usr/bin/ssr-redir" - elif [ "$stype" == "v2ray" ]; then - sscmd="/usr/bin/v2ray/v2ray" - [ ! -f "$sscmd" ] && sscmd="/usr/bin/v2ray" - elif [ "$stype" == "trojan" ]; then - sscmd="/usr/sbin/trojan" - elif [ "$stype" == "socks5" ]; then - sscmd="/usr/sbin/redsocks2" - elif [ "$stype" == "tun" ]; then - sscmd="/usr/sbin/redsocks2" - fi - - local ntype=$(uci_get_by_name $NETFLIX_SERVER type) - if [ "$ntype" == "ss" ]; then - ncmd="/usr/bin/ss-redir" - sssock="/usr/bin/ss-local" - elif [ "$ntype" == "ssr" ]; then - ncmd="/usr/bin/ssr-redir" - sssock="/usr/bin/ssr-local" - elif [ "$ntype" == "v2ray" ]; then - ncmd="/usr/bin/v2ray/v2ray" - [ ! -f "$ncmd" ] && ncmd="/usr/bin/v2ray" - elif [ "$ntype" == "trojan" ]; then - ncmd="/usr/sbin/trojan" - elif [ "$ntype" == "socks5" ]; then - ncmd="/usr/sbin/redsocks2" - elif [ "$ntype" == "tun" ]; then - ncmd="/usr/sbin/redsocks2" - fi - - local utype=$(uci_get_by_name $UDP_RELAY_SERVER type) - if [ "$utype" == "ss" ]; then - ucmd="/usr/bin/ss-redir" - elif [ "$utype" == "ssr" ]; then - ucmd="/usr/bin/ssr-redir" - elif [ "$utype" == "v2ray" ]; then - ucmd="/usr/bin/v2ray/v2ray" - [ ! -f "$ucmd" ] && ucmd="/usr/bin/v2ray" - elif [ "$utype" == "trojan" ]; then - ucmd="/usr/sbin/trojan" - elif [ "$stype" == "socks5" ]; then - ucmd="/usr/sbin/redsocks2" - elif [ "$stype" == "tun" ]; then - ucmd="/usr/sbin/redsocks2" - fi - if [ "$(uci_get_by_type global threads 0)" == "0" ]; then - threads=$(cat /proc/cpuinfo | grep 'processor' | wc -l) - else - threads=$(uci_get_by_type global threads) - fi - - if [ "$stype" == "ss" -o "$stype" == "ssr" ]; then - local last_config_file=$CONFIG_FILE - local pid_file="/var/run/ssr-retcp.pid" - for i in $(seq 1 $threads); do - $sscmd -c $CONFIG_FILE $ARG_OTA -f /var/run/ssr-retcp_$i.pid >/dev/null 2>&1 - done - echo "$(date "+%Y-%m-%d %H:%M:%S") Shadowsocks/ShadowsocksR $threads Threads Started!" >>/tmp/ssrplus.log - elif [ "$stype" == "v2ray" ]; then - $sscmd -config /var/etc/v2-ssr-retcp.json >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") $($sscmd -version | head -1) Started!" >>/tmp/ssrplus.log - elif [ "$stype" == "trojan" ]; then - for i in $(seq 1 $threads); do - $sscmd --config /var/etc/trojan-ssr-retcp.json >/dev/null 2>&1 & - done - echo "$(date "+%Y-%m-%d %H:%M:%S") $($sscmd --version 2>&1 | head -1) , $threads Threads Started!" >>/tmp/ssrplus.log - elif [ "$stype" == "socks5" ]; then - /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-retcp.conf" socks5 tcp $(uci_get_by_name $GLOBAL_SERVER local_port) \ - $(check_host $(uci_get_by_name $GLOBAL_SERVER server)) $(uci_get_by_name $GLOBAL_SERVER server_port) \ - $(uci_get_by_name $GLOBAL_SERVER auth_enable 0) $(uci_get_by_name $GLOBAL_SERVER username) $(uci_get_by_name $GLOBAL_SERVER password) - for i in $(seq 1 $threads); do - $sscmd -c /var/etc/redsocks-ssr-retcp.conf >/dev/null 2>&1 - done - echo "$(date "+%Y-%m-%d %H:%M:%S") Socks5 REDIRECT/TPROXY $threads Threads Started!" >>/tmp/ssrplus.log - elif [ "$stype" == "tun" ]; then - /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-retcp.conf" vpn $(uci_get_by_name $GLOBAL_SERVER iface "br-lan") $(uci_get_by_name $GLOBAL_SERVER local_port) - for i in $(seq 1 $threads); do - $sscmd -c /var/etc/redsocks-ssr-retcp.conf >/dev/null 2>&1 - done - echo "$(date "+%Y-%m-%d %H:%M:%S") Network Tunnel REDIRECT $threads Threads Started!" >>/tmp/ssrplus.log - fi - - if [ "$NETFLIX_SERVER" != "nil" ] && [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then - if [ "$ntype" == "ss" -o "$ntype" == "ssr" ]; then - gen_config_file $NETFLIX_SERVER 2 4321 - gen_config_file $NETFLIX_SERVER 3 1088 - $sssock -c /var/etc/shadowsocksr_s.json $ARG_OTA -f /var/run/ssr-socksdns.pid >/dev/null 2>&1 - dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & - $ncmd -c /var/etc/shadowsocksr_n.json $ARG_OTA -f /var/run/ssr-netflix.pid >/dev/null 2>&1 - elif [ "$ntype" == "v2ray" ]; then - lua /usr/share/shadowsocksr/genv2config.lua $NETFLIX_SERVER tcp 4321 1088 >/var/etc/v2-ssr-netflix.json - $ncmd -config /var/etc/v2-ssr-netflix.json >/dev/null 2>&1 & - dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & - elif [ "$ntype" == "trojan" ]; then - lua /usr/share/shadowsocksr/gentrojanconfig.lua $NETFLIX_SERVER nat 4321 >/var/etc/trojan-ssr-netflix.json - sed -i 's/\\//g' /var/etc/trojan-ssr-netflix.json - $ncmd --config /var/etc/trojan-ssr-netflix.json >/dev/null 2>&1 & - lua /usr/share/shadowsocksr/gentrojanconfig.lua $NETFLIX_SERVER client 1088 >/var/etc/trojan-ssr-socksdns.json - sed -i 's/\\//g' /var/etc/trojan-ssr-socksdns.json - $ncmd --config /var/etc/trojan-ssr-socksdns.json >/dev/null 2>&1 & - dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & - elif [ "$ntype" == "socks5" ]; then - /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-netflix.conf" socks5 tcp 4321 \ - $(check_host $(uci_get_by_name $NETFLIX_SERVER server)) $(uci_get_by_name $NETFLIX_SERVER server_port) \ - $(uci_get_by_name $NETFLIX_SERVER auth_enable 0) $(uci_get_by_name $NETFLIX_SERVER username) $(uci_get_by_name $NETFLIX_SERVER password) - $ncmd -c /var/etc/redsocks-ssr-netflix.conf >/dev/null 2>&1 - microsocks -i 127.0.0.1 -p 1088 ssr-socksdns >/dev/null 2>&1 & - dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & - elif [ "$ntype" == "tun" ]; then - /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-netflix.conf" vpn $(uci_get_by_name $NETFLIX_SERVER iface "br-lan") 4321 - $ncmd -c /var/etc/redsocks-ssr-netflix.conf >/dev/null 2>&1 - microsocks -i 127.0.0.1 -p 1088 ssr-socksdns >/dev/null 2>&1 & - dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & - fi - fi - - if [ -n "$UDP_RELAY_SERVER" ]; then - if [ "$utype" == "ss" -o "$utype" == "ssr" ]; then - case "$(uci_get_by_name $UDP_RELAY_SERVER auth_enable)" in - 1 | on | true | yes | enabled) ARG_OTA="-A" ;; - *) ARG_OTA="" ;; - esac - gen_config_file $UDP_RELAY_SERVER 1 $(uci_get_by_name $UDP_RELAY_SERVER local_port 1234) - last_config_file=$CONFIG_UDP_FILE - pid_file="/var/run/ssr-reudp.pid" - $ucmd -c $last_config_file $ARG_OTA -U -f /var/run/ssr-reudp.pid >/dev/null 2>&1 - elif [ "$utype" == "v2ray" ]; then - lua /usr/share/shadowsocksr/genv2config.lua $UDP_RELAY_SERVER udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) >/var/etc/v2-ssr-reudp.json - sed -i 's/\\//g' /var/etc/v2-ssr-reudp.json - $ucmd -config /var/etc/v2-ssr-reudp.json >/dev/null 2>&1 & - elif [ "$stype" == "trojan" ]; then - lua /usr/share/shadowsocksr/gentrojanconfig.lua $GLOBAL_SERVER client 10801 >/var/etc/trojan-ssr-reudp.json - sed -i 's/\\//g' /var/etc/trojan-ssr-reudp.json - $ucmd --config /var/etc/trojan-ssr-reudp.json >/dev/null 2>&1 & - ipt2socks -U -b 0.0.0.0 -4 -s 127.0.0.1 -p 10801 -l $(uci_get_by_name $UDP_RELAY_SERVER local_port) >/dev/null 2>&1 & - elif [ "$utype" == "socks5" ]; then - /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-reudp.conf" socks5 udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) \ - $(check_host $(uci_get_by_name $UDP_RELAY_SERVER server)) $(uci_get_by_name $UDP_RELAY_SERVER server_port) \ - $(uci_get_by_name $UDP_RELAY_SERVER auth_enable 0) $(uci_get_by_name $UDP_RELAY_SERVER username) $(uci_get_by_name $UDP_RELAY_SERVER password) - $ucmd -c /var/etc/redsocks-ssr-reudp.conf >/dev/null 2>&1 - elif [ "$stype" == "tun" ]; then - redir_udp=0 - echo "$(date "+%Y-%m-%d %H:%M:%S") Network Tunnel UDP TPROXY Relay not supported!" >>/tmp/ssrplus.log - fi - fi - #deal with dns - local ssr_dns="$(uci_get_by_type global pdnsd_enable 0)" - local dnsstr="$(uci_get_by_type global tunnel_forward 8.8.4.4:53)" - local dnsserver=$(echo "$dnsstr" | awk -F ':' '{print $1}') - local dnsport=$(echo "$dnsstr" | awk -F ':' '{print $2}') - if [ "$ssr_dns" != "0" ]; then # not use custom dns service - if [ "$run_mode" == "gfw" ]; then - ipset add gfwlist $dnsserver 2>/dev/null - elif [ "$run_mode" == "oversea" ]; then - ipset add oversea $dnsserver 2>/dev/null - else - ipset add ss_spec_wan_ac $dnsserver nomatch 2>/dev/null - fi - fi - if [ "$ssr_dns" == "1" ]; then - start_pdnsd $dnsserver $dnsport - pdnsd_enable_flag=1 - elif [ "$ssr_dns" == "2" ]; then - microsocks -i 127.0.0.1 -p 10802 ssr-dns >/dev/null 2>&1 & - dns2socks 127.0.0.1:10802 $dnsserver:$dnsport 127.0.0.1:5335 -q >/dev/null 2>&1 & - pdnsd_enable_flag=2 - fi - if [ "$(uci_get_by_type global enable_switch)" == "1" ]; then - if [ "$(uci_get_by_name $GLOBAL_SERVER switch_enable 1)" == "1" ]; then - if [ -z "$switch_server" ]; then - local switch_time=$(uci_get_by_type global switch_time) - local switch_timeout=$(uci_get_by_type global switch_timeout) - service_start /usr/bin/ssr-switch start $switch_time $switch_timeout - switch_enable=1 - fi - fi - fi - add_cron - return $? -} - gen_service_file() { if [ $(uci_get_by_name $1 fast_open) == "1" ]; then fastopen="true" @@ -526,26 +218,6 @@ gen_service_file() { EOF } -start_service() { - [ $(uci_get_by_name $1 enable 0) == "0" ] && return 1 - let server_count=server_count+1 - if [ "$server_count" == "1" ]; then - if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then - iptables -N SSR-SERVER-RULE && \ - iptables -t filter -I INPUT -j SSR-SERVER-RULE - fi - fi - if [ "$(uci_get_by_name $1 type ssr)" == "ssr" ]; then - gen_service_file $1 /var/etc/${NAME}_$server_count.json - /usr/bin/ssr-server -c /var/etc/${NAME}_$server_count.json -u -f /var/run/ssr-server$server_count.pid >/dev/null 2>&1 - else - microsocks -i :: -p $(uci_get_by_name $1 server_port) -1 -u $(uci_get_by_name $1 username) -P $(uci_get_by_name $1 password) ssr-server$server_count >/dev/null 2>&1 & - fi - iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT - iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT - return 0 -} - gen_serv_include() { FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null) [ -n "$FWI" ] || return 0 @@ -565,42 +237,426 @@ gen_serv_include() { EOF } -start_server() { - SERVER_ENABLE=$(uci_get_by_type server_global enable_server 0) - [ "$SERVER_ENABLE" == "0" ] && return 0 - mkdir -p /var/run /var/etc - config_load $NAME - config_foreach start_service server_config - gen_serv_include +start_dns() { + local ssr_dns="$(uci_get_by_type global pdnsd_enable 0)" + local dnsstr="$(uci_get_by_type global tunnel_forward 8.8.4.4:53)" + local dnsserver=$(echo "$dnsstr" | awk -F ':' '{print $1}') + local dnsport=$(echo "$dnsstr" | awk -F ':' '{print $2}') + start_pdnsd() { + local usr_dns="$1" + local usr_port="$2" + [ -z "$usr_dns" ] && usr_dns="8.8.8.8" + [ -z "$usr_port" ] && usr_port="53" + [ -d /var/etc ] || mkdir -p /var/etc + if [ ! -d /var/pdnsd ]; then + mkdir -p /var/pdnsd + echo -ne "pd13\000\000\000\000" >/var/pdnsd/pdnsd.cache + chown -R nobody:nogroup /var/pdnsd + fi + cat <<-EOF >/var/etc/pdnsd.conf + global{ + perm_cache=1024; + cache_dir="/var/pdnsd"; + pid_file="/var/run/pdnsd.pid"; + run_as="nobody"; + server_ip=127.0.0.1; + server_port=5335; + status_ctl=on; + query_method=tcp_only; + min_ttl=1h; + max_ttl=1w; + timeout=10; + neg_domain_pol=on; + proc_limit=2; + procq_limit=8; + par_queries=1; + } + server{ + label="ssr-usrdns"; + ip=$usr_dns; + port=$usr_port; + timeout=6; + uptest=none; + interval=10m; + purge_cache=off; + } + EOF + /usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d & + } + if [ "$ssr_dns" != "0" ]; then + case "$run_mode" in + oversea) ipset add oversea $dnsserver 2>/dev/null ;; + *) ipset add gfwlist $dnsserver 2>/dev/null ;; + esac + fi + case "$ssr_dns" in + 1) + start_pdnsd $dnsserver $dnsport + pdnsd_enable_flag=1 + ;; + 2) + microsocks -i 127.0.0.1 -p 10802 ssr-dns >/dev/null 2>&1 & + dns2socks 127.0.0.1:10802 $dnsserver:$dnsport 127.0.0.1:5335 -q >/dev/null 2>&1 & + pdnsd_enable_flag=2 + ;; + esac +} + +start_redir_tcp() { + local type=$(uci_get_by_name $GLOBAL_SERVER type) + local bin=$(find_bin $type) + [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + case "$(uci_get_by_name $GLOBAL_SERVER auth_enable)" in + 1 | on | true | yes | enabled) ARG_OTA="-A" ;; + *) ARG_OTA="" ;; + esac + local kcp_enable=$(uci_get_by_name $GLOBAL_SERVER kcp_enable 0) + if [ "$kcp_enable" == "1" ]; then + [ ! -f "/usr/bin/kcptun-client" ] && return 1 + local kcp_str=$(/usr/bin/kcptun-client -v | grep kcptun | wc -l) + [ "0" == "$kcp_str" ] && return 1 + local kcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port) + local server_port=$(uci_get_by_name $GLOBAL_SERVER server_port) + local password=$(uci_get_by_name $GLOBAL_SERVER kcp_password) + local kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param) + [ "$password" != "" ] && password="--key "$password + service_start /usr/bin/kcptun-client \ + -r $kcp_server:$kcp_port \ + -l :$server_port $password $kcp_param + kcp_enable_flag=1 + fi + gen_config_file $GLOBAL_SERVER 0 $(uci_get_by_name $GLOBAL_SERVER local_port 1234) + if [ "$(uci_get_by_type global threads 0)" == "0" ]; then + threads=$(cat /proc/cpuinfo | grep 'processor' | wc -l) + else + threads=$(uci_get_by_type global threads) + fi + case "$type" in + ss | ssr) + local last_config_file=$CONFIG_FILE + local name="Shadowsocks" + [ "$type" == "ssr" ] && name="ShadowsocksR" + for i in $(seq 1 $threads); do + $bin -c $CONFIG_FILE $ARG_OTA -f /var/run/$type-retcp_$i.pid >/dev/null 2>&1 + done + echo "$(date "+%Y-%m-%d %H:%M:%S") Master node:$name $threads Threads Started!" >>/tmp/ssrplus.log + ;; + v2ray) + $bin -config /var/etc/v2-ssr-retcp.json >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Master node:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log + ;; + trojan) + for i in $(seq 1 $threads); do + $bin --config /var/etc/trojan-ssr-retcp.json >/dev/null 2>&1 & + done + echo "$(date "+%Y-%m-%d %H:%M:%S") Master node:$($bin --version 2>&1 | head -1) , $threads Threads Started!" >>/tmp/ssrplus.log + ;; + socks5) + /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-retcp.conf" socks5 tcp $(uci_get_by_name $GLOBAL_SERVER local_port) \ + $(get_host_ip $(uci_get_by_name $GLOBAL_SERVER server)) $(uci_get_by_name $GLOBAL_SERVER server_port) \ + $(uci_get_by_name $GLOBAL_SERVER auth_enable 0) $(uci_get_by_name $GLOBAL_SERVER username) $(uci_get_by_name $GLOBAL_SERVER password) + for i in $(seq 1 $threads); do + $bin -c /var/etc/redsocks-ssr-retcp.conf >/dev/null 2>&1 + done + echo "$(date "+%Y-%m-%d %H:%M:%S") Master node:Socks5 REDIRECT/TPROXY $threads Threads Started!" >>/tmp/ssrplus.log + ;; + tun) + /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-retcp.conf" vpn $(uci_get_by_name $GLOBAL_SERVER iface "br-lan") $(uci_get_by_name $GLOBAL_SERVER local_port) + for i in $(seq 1 $threads); do + $bin -c /var/etc/redsocks-ssr-retcp.conf >/dev/null 2>&1 + done + echo "$(date "+%Y-%m-%d %H:%M:%S") Master node:Network Tunnel REDIRECT $threads Threads Started!" >>/tmp/ssrplus.log + ;; + esac + return 0 +} + +start_redir_udp() { + if [ -n "$UDP_RELAY_SERVER" ]; then + local type=$(uci_get_by_name $UDP_RELAY_SERVER type) + local bin=$(find_bin $type) + [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + case "$type" in + ss | ssr) + case "$(uci_get_by_name $UDP_RELAY_SERVER auth_enable)" in + 1 | on | true | yes | enabled) ARG_OTA="-A" ;; + *) ARG_OTA="" ;; + esac + local name="Shadowsocks" + [ "$type" == "ssr" ] && name="ShadowsocksR" + gen_config_file $UDP_RELAY_SERVER 1 $(uci_get_by_name $UDP_RELAY_SERVER local_port 1234) + last_config_file=$CONFIG_UDP_FILE + $bin -c $last_config_file $ARG_OTA -U -f /var/run/$type-reudp.pid >/dev/null 2>&1 + echo "$(date "+%Y-%m-%d %H:%M:%S") UDP TPROXY Relay:$name Started!" >>/tmp/ssrplus.log + ;; + v2ray) + lua /usr/share/shadowsocksr/genv2config.lua $UDP_RELAY_SERVER udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) >/var/etc/v2-ssr-reudp.json + sed -i 's/\\//g' /var/etc/v2-ssr-reudp.json + $bin -config /var/etc/v2-ssr-reudp.json >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") UDP TPROXY Relay:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log + ;; + trojan) + lua /usr/share/shadowsocksr/gentrojanconfig.lua $GLOBAL_SERVER client 10801 >/var/etc/trojan-ssr-reudp.json + sed -i 's/\\//g' /var/etc/trojan-ssr-reudp.json + $bin --config /var/etc/trojan-ssr-reudp.json >/dev/null 2>&1 & + ipt2socks -U -b 0.0.0.0 -4 -s 127.0.0.1 -p 10801 -l $(uci_get_by_name $UDP_RELAY_SERVER local_port) >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") UDP TPROXY Relay:$($bin --version 2>&1 | head -1) Started!" >>/tmp/ssrplus.log + ;; + socks5) + /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-reudp.conf" socks5 udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) \ + $(get_host_ip $(uci_get_by_name $UDP_RELAY_SERVER server)) $(uci_get_by_name $UDP_RELAY_SERVER server_port) \ + $(uci_get_by_name $UDP_RELAY_SERVER auth_enable 0) $(uci_get_by_name $UDP_RELAY_SERVER username) $(uci_get_by_name $UDP_RELAY_SERVER password) + $bin -c /var/etc/redsocks-ssr-reudp.conf >/dev/null 2>&1 + echo "$(date "+%Y-%m-%d %H:%M:%S") UDP TPROXY Relay:Socks5 REDIRECT/TPROXY Started!" >>/tmp/ssrplus.log + ;; + tun) + redir_udp=0 + echo "$(date "+%Y-%m-%d %H:%M:%S") Network Tunnel UDP TPROXY Relay not supported!" >>/tmp/ssrplus.log + ;; + esac + fi + return 0 +} + +start_Bypass() { + if [ "$NETFLIX_SERVER" != "nil" ] && [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then + local type=$(uci_get_by_name $NETFLIX_SERVER type) + local bin=$(find_bin $type) + [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + case "$type" in + ss | ssr) + local bin2=$(find_bin $type-local) + [ ! -f "$bin2" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin2 program, can't start!" >>/tmp/ssrplus.log && return 2 + local name="Shadowsocks" + [ "$type" == "ssr" ] && name="ShadowsocksR" + gen_config_file $NETFLIX_SERVER 2 4321 + gen_config_file $NETFLIX_SERVER 3 1088 + $bin -c /var/etc/shadowsocksr_n.json $ARG_OTA -f /var/run/$type-netflix.pid >/dev/null 2>&1 + $bin2 -c /var/etc/shadowsocksr_s.json $ARG_OTA -f /var/run/$type-socksdns.pid >/dev/null 2>&1 + dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Netflix Bypass:$name Started!" >>/tmp/ssrplus.log + ;; + v2ray) + lua /usr/share/shadowsocksr/genv2config.lua $NETFLIX_SERVER tcp 4321 1088 >/var/etc/v2-ssr-netflix.json + $bin -config /var/etc/v2-ssr-netflix.json >/dev/null 2>&1 & + dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Netflix Bypass:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log + ;; + trojan) + lua /usr/share/shadowsocksr/gentrojanconfig.lua $NETFLIX_SERVER nat 4321 >/var/etc/trojan-ssr-netflix.json + sed -i 's/\\//g' /var/etc/trojan-ssr-netflix.json + $bin --config /var/etc/trojan-ssr-netflix.json >/dev/null 2>&1 & + lua /usr/share/shadowsocksr/gentrojanconfig.lua $NETFLIX_SERVER client 1088 >/var/etc/trojan-ssr-socksdns.json + sed -i 's/\\//g' /var/etc/trojan-ssr-socksdns.json + $bin --config /var/etc/trojan-ssr-socksdns.json >/dev/null 2>&1 & + dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Netflix Bypass:$($bin --version 2>&1 | head -1) Started!" >>/tmp/ssrplus.log + ;; + socks5) + /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-netflix.conf" socks5 tcp 4321 \ + $(get_host_ip $(uci_get_by_name $NETFLIX_SERVER server)) $(uci_get_by_name $NETFLIX_SERVER server_port) \ + $(uci_get_by_name $NETFLIX_SERVER auth_enable 0) $(uci_get_by_name $NETFLIX_SERVER username) $(uci_get_by_name $NETFLIX_SERVER password) + $bin -c /var/etc/redsocks-ssr-netflix.conf >/dev/null 2>&1 + microsocks -i 127.0.0.1 -p 1088 ssr-socksdns >/dev/null 2>&1 & + dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Netflix Bypass:Socks5 Started!" >>/tmp/ssrplus.log + ;; + tun) + /usr/share/shadowsocksr/genred2config.sh "/var/etc/redsocks-ssr-netflix.conf" vpn $(uci_get_by_name $NETFLIX_SERVER iface "br-lan") 4321 + $bin -c /var/etc/redsocks-ssr-netflix.conf >/dev/null 2>&1 + microsocks -i 127.0.0.1 -p 1088 ssr-socksdns >/dev/null 2>&1 & + dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Netflix Bypass:Network Tunnel REDIRECT Started!" >>/tmp/ssrplus.log + ;; + esac + fi return 0 } start_local() { local local_server=$(uci_get_by_type socks5_proxy server nil) - [ "$local_server" == "same" ] && local_server=$GLOBAL_SERVER [ "$local_server" == "nil" ] && return 1 - local local_type=$(uci_get_by_name $local_server type) - mkdir -p /var/run /var/etc - - if [ "$local_type" == "ssr" ]; then + [ "$local_server" == "same" ] && local_server=$GLOBAL_SERVER + local type=$(uci_get_by_name $local_server type) + local bin=$(find_bin $type) + [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + case "$type" in + ss | ssr) + local name="Shadowsocks" + local bin=$(find_bin $type-local) + [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + [ "$type" == "ssr" ] && name="ShadowsocksR" gen_config_file $local_server 3 $(uci_get_by_type socks5_proxy local_port 1080) - /usr/bin/ssr-local -c $CONFIG_SOCK5_FILE -u -f /var/run/ssr-local.pid >/dev/null 2>&1 - elif [ "$local_type" == "ss" ]; then - gen_config_file $local_server 3 $(uci_get_by_type socks5_proxy local_port 1080) - /usr/bin/ss-local -c $CONFIG_SOCK5_FILE -u -f /var/run/ssr-local.pid >/dev/null 2>&1 - elif [ "$local_type" == "v2ray" ]; then + $bin -c $CONFIG_SOCK5_FILE -u -f /var/run/$type-local.pid >/dev/null 2>&1 + echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$name Started!" >>/tmp/ssrplus.log + ;; + v2ray) lua /usr/share/shadowsocksr/genv2config.lua $local_server tcp 0 $(uci_get_by_type socks5_proxy local_port 1080) >/var/etc/v2-ssr-local.json sed -i 's/\\//g' /var/etc/v2-ssr-local.json - /usr/bin/v2ray/v2ray -config /var/etc/v2-ssr-local.json >/dev/null 2>&1 & - elif [ "$local_type" == "trojan" ]; then + $bin -config /var/etc/v2-ssr-local.json >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log + ;; + trojan) lua /usr/share/shadowsocksr/gentrojanconfig.lua $local_server client $(uci_get_by_type socks5_proxy local_port 1080) >/var/etc/trojan-ssr-local.json sed -i 's/\\//g' /var/etc/trojan-ssr-local.json - /usr/sbin/trojan --config /var/etc/trojan-ssr-local.json >/dev/null 2>&1 & - else - microsocks -i :: -p $(uci_get_by_type socks5_proxy local_port 1080) ssr-local >/dev/null 2>&1 & - fi - + $bin --config /var/etc/trojan-ssr-local.json >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$($bin --version 2>&1 | head -1) Started!" >>/tmp/ssrplus.log + ;; + *) + [ -f "/bin/ping6" ] && local listenip='-i ::' + microsocks $listenip -p $(uci_get_by_type socks5_proxy local_port 1080) ssr-local >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$type Started!" >>/tmp/ssrplus.log + ;; + esac local_enable=1 + return 0 +} + +start_server() { + SERVER_ENABLE=$(uci_get_by_type server_global enable_server 0) + [ "$SERVER_ENABLE" == "0" ] && return 0 + server_service() { + [ $(uci_get_by_name $1 enable 0) == "0" ] && return 1 + let server_count=server_count+1 + if [ "$server_count" == "1" ]; then + if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then + iptables -N SSR-SERVER-RULE && \ + iptables -t filter -I INPUT -j SSR-SERVER-RULE + fi + fi + if [ "$(uci_get_by_name $1 type ssr)" == "ssr" ]; then + local bin=$(find_bin ssr-server) + [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + gen_service_file $1 /var/etc/${NAME}_$server_count.json + $(find_bin ssr-server) -c /var/etc/${NAME}_$server_count.json -u -f /var/run/ssr-server$server_count.pid >/dev/null 2>&1 + echo "$(date "+%Y-%m-%d %H:%M:%S") Server:ShadowsocksR Server$server_count Started!" >>/tmp/ssrplus.log + else + [ -f "/bin/ping6" ] && local listenip='-i ::' + microsocks $listenip -p $(uci_get_by_name $1 server_port) -1 -u $(uci_get_by_name $1 username) -P $(uci_get_by_name $1 password) ssr-server$server_count >/dev/null 2>&1 & + echo "$(date "+%Y-%m-%d %H:%M:%S") Server:Socks5 Server$server_count Started!" >>/tmp/ssrplus.log + fi + iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT + iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT + return 0 + } + mkdir -p /var/run /var/etc + config_load $NAME + config_foreach server_service server_config + gen_serv_include + return 0 +} + +start_switch() { + if [ "$(uci_get_by_type global enable_switch 0)" == "1" ]; then + if [ -z "$switch_server" ]; then + local switch_time=$(uci_get_by_type global switch_time)s + local switch_timeout=$(uci_get_by_type global switch_timeout) + service_start /usr/bin/ssr-switch start $switch_time $switch_timeout + switch_enable=1 + fi + fi +} + +start_monitor() { + if [ $(uci_get_by_type global monitor_enable 1) == "1" ]; then + let total_count=server_count+redir_tcp+redir_udp+tunnel_enable+kcp_enable_flag+local_enable+pdnsd_enable_flag+switch_enable + if [ $total_count -gt 0 ]; then + service_start /usr/bin/ssr-monitor $server_count $redir_tcp $redir_udp $tunnel_enable $kcp_enable_flag $local_enable $pdnsd_enable_flag $switch_enable + fi + fi +} + +check_server() { + ENABLE_SERVER=$(uci_get_by_type global global_server nil) + if [ "$ENABLE_SERVER" == "nil" ]; then + return 1 + else + STYPE=$(uci_get_by_name $ENABLE_SERVER type nil) + if [ "$STYPE" == "nil" ]; then + CFGID=$(uci_get_by_cfgid servers type nil) + if [ "$CFGID" == "nil" ]; then + uci_set_by_type global global_server 'nil' + else + uci_set_by_type global global_server $CFGID + fi + /etc/init.d/shadowsocksr restart + fi + fi +} + +start_rules() { + local server=$(get_host_ip $(uci_get_by_name $GLOBAL_SERVER server)) + [ "$server" == "127.0.0.1" ] && hostip=$(uci_get_by_name $GLOBAL_SERVER ip) + kcp_server=$server + local kcp_enable=$(uci_get_by_name $GLOBAL_SERVER kcp_enable 0) + if [ $kcp_enable == "1" ]; then + kcp_flag=1 + fi + local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port) + local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips) + local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode) + local router_proxy=$(uci_get_by_type access_control router_proxy) + if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a "$kcp_flag" == "0" ]; then + ARG_UDP="-u" + elif [ -n "$UDP_RELAY_SERVER" ]; then + ARG_UDP="-U" + local udp_server=$(uci_get_by_name $UDP_RELAY_SERVER server) + local udp_local_port=$(uci_get_by_name $UDP_RELAY_SERVER local_port) + fi + if [ -n "$lan_ac_ips" ]; then + case "$lan_ac_mode" in + w | W | b | B) local ac_ips="$lan_ac_mode$lan_ac_ips" ;; + esac + fi + #deal gfw firewall rule + local gfwmode="" + case "$run_mode" in + gfw) gfwmode="-g" ;; + router) gfwmode="-r" ;; + oversea) gfwmode="-c" ;; + all) gfwmode="-z" ;; + esac + local dports=$(uci_get_by_type global dports 1) + if [ $dports == "1" ]; then + proxyport=" " + else + proxyport="-m multiport --dports 22,53,587,465,995,993,143,80,443" + fi + if [ "$NETFLIX_SERVER" != "nil" ]; then + if [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then + netflix="1" + else + netflix="2" + fi + else + netflix="0" + fi + get_arg_out() { + case "$(uci_get_by_type access_control router_proxy 1)" in + 1) echo "-o" ;; + 2) echo "-O" ;; + esac + } + netflix_ip=$(get_host_ip $(uci_get_by_name $NETFLIX_SERVER server 127.0.0.1)) + /usr/bin/ssr-rules \ + -s "$server" \ + -l "$local_port" \ + -S "$udp_server" \ + -L "$udp_local_port" \ + -a "$ac_ips" \ + -i "$(uci_get_by_type access_control wan_bp_list)" \ + -b "$(uci_get_by_type access_control wan_bp_ips)" \ + -w "$(uci_get_by_type access_control wan_fw_ips)" \ + -B "$(uci_get_by_type access_control lan_bp_ips)" \ + -p "$(uci_get_by_type access_control lan_fp_ips)" \ + -G "$(uci_get_by_type access_control lan_gm_ips)" \ + -D "$proxyport" \ + -F "$netflix" \ + -N "$netflix_ip" \ + -M "$(uci_get_by_type global netflix_proxy 0)" \ + -I "/etc/ssr/netflixip.list" \ + $(get_arg_out) $gfwmode $ARG_UDP + return $? } rules() { @@ -610,6 +666,7 @@ rules() { redir_tcp=1 fi mkdir -p /var/run /var/etc + run_mode=$(uci_get_by_type global run_mode) UDP_RELAY_SERVER=$(uci_get_by_type global udp_relay_server) [ "$UDP_RELAY_SERVER" == "same" ] && UDP_RELAY_SERVER=$GLOBAL_SERVER [ -n "$UDP_RELAY_SERVER" ] && redir_udp=1 @@ -621,90 +678,48 @@ rules() { } start() { + [ -f "$LOCK_FILE" ] && exit 2 + touch "$LOCK_FILE" + echo "-------------------------start-------------------------" >>/tmp/ssrplus.log if [ -z "$switch_server" ]; then GLOBAL_SERVER=$(uci_get_by_type global global_server) else GLOBAL_SERVER=$switch_server switch_enable=1 fi - NETFLIX_SERVER=$(uci_get_by_type global netflix_server nil) if [ "$NETFLIX_SERVER" == "same" ]; then NETFLIX_SERVER=$GLOBAL_SERVER fi - if rules; then - start_redir - mkdir -p /tmp/dnsmasq.d && cp -a /etc/dnsmasq.ssr /tmp/ && cp -a /etc/dnsmasq.oversea /tmp/ - if ! [ "$run_mode" == "oversea" ]; then - cat <<-EOF >/tmp/dnsmasq.d/dnsmasq-ssr.conf - conf-dir=/tmp/dnsmasq.ssr - EOF - else - cat <<-EOF >/tmp/dnsmasq.d/dnsmasq-ssr.conf - conf-dir=/tmp/dnsmasq.oversea - EOF - fi - if [ $(uci_get_by_type global adblock 0) == "0" ]; then - rm -f /tmp/dnsmasq.ssr/ad.conf - fi - /usr/share/shadowsocksr/gfw2ipset.sh - - if [ "$NETFLIX_SERVER" != "nil" ]; then - if [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then - cat /etc/config/netflix.list | while read line || [ -n "$line" ]; do - sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_list.conf - done - awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"netflix"'\n",$0)}' /etc/config/netflix.list >/tmp/dnsmasq.ssr/netflix_forward.conf - awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5555"'\n",$0)}' /etc/config/netflix.list >>/tmp/dnsmasq.ssr/netflix_forward.conf - - ipset -N netflix hash:net 2>/dev/null - cat /etc/config/netflixip.list | while read nip || [ -n "$nip" ]; do - ipset add netflix $nip 2>/dev/null - done + if start_redir_tcp; then + start_redir_udp + start_Bypass + start_switch + start_dns + add_cron + mkdir -p /tmp/dnsmasq.d + if [ "$run_mode" == "oversea" ]; then + cat <<-EOF >/tmp/dnsmasq.d/dnsmasq-ssr.conf + conf-dir=/tmp/dnsmasq.oversea + EOF else - cat /etc/config/netflix.list | while read line || [ -n "$line" ]; do - sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_list.conf - done - awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"netflix"'\n",$0)}' /etc/config/netflix.list >/tmp/dnsmasq.ssr/netflix_forward.conf - awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/config/netflix.list >>/tmp/dnsmasq.ssr/netflix_forward.conf - ipset -N netflix hash:net 2>/dev/null - cat /etc/config/netflixip.list | while read nip || [ -n "$nip" ]; do - ipset add netflix $nip 2>/dev/null - done + cat <<-EOF >/tmp/dnsmasq.d/dnsmasq-ssr.conf + conf-dir=/tmp/dnsmasq.ssr + EOF fi + /usr/share/shadowsocksr/gfw2ipset.sh else - rm -f /tmp/dnsmasq.ssr/netflix_forward.conf + /usr/bin/ssr-rules -f fi - - /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi start_server start_local - if [ $(uci_get_by_type global monitor_enable 1) == "1" ]; then - let total_count=server_count+redir_tcp+redir_udp+tunnel_enable+kcp_enable_flag+local_enable+pdnsd_enable_flag+switch_enable - if [ $total_count -gt 0 ]; then - #param:server(count) redir_tcp(0:no,1:yes) redir_udp tunnel kcp local gfw - service_start /usr/bin/ssr-monitor $server_count $redir_tcp $redir_udp $tunnel_enable $kcp_enable_flag $local_enable $pdnsd_enable_flag $switch_enable - fi - fi - - ENABLE_SERVER=$(uci_get_by_type global global_server nil) - if [ "$ENABLE_SERVER" == "nil" ]; then - return 1 - else - STYPE=$(uci_get_by_name $ENABLE_SERVER type nil) - if [ "$STYPE" == "nil" ]; then - CFGID=$(uci_get_by_cfgid servers type nil) - if [ "$CFGID" == "nil" ]; then - uci set shadowsocksr.@global[0].global_server='nil' - else - uci set shadowsocksr.@global[0].global_server=$CFGID - fi - uci commit shadowsocksr - /etc/init.d/shadowsocksr restart - fi - fi + start_monitor + check_server + clean_log + echo "--------------------------end--------------------------" >>/tmp/ssrplus.log + rm -f $LOCK_FILE } boot() { @@ -712,6 +727,7 @@ boot() { } stop() { + unlock /usr/bin/ssr-rules -f srulecount=$(iptables -L | grep SSR-SERVER-RULE | wc -l) if [ $srulecount -gt 0 ]; then @@ -720,32 +736,14 @@ stop() { iptables -X SSR-SERVER-RULE 2>/dev/null fi if [ -z "$switch_server" ]; then - kill -9 $(busybox ps -w | grep ssr-switch | grep -v grep | awk '{print $1}') >/dev/null 2>&1 - fi - if [ $(uci_get_by_type global monitor_enable 0) == "1" ]; then - kill -9 $(busybox ps -w | grep ssr-monitor | grep -v grep | awk '{print $1}') >/dev/null 2>&1 - fi - killall -q -9 ssr-monitor - killall -q -9 ss-redir - killall -q -9 obfs-local - killall -q -9 v2ray-plugin - killall -q -9 ssr-redir - killall -q -9 v2ray - killall -q -9 trojan - killall -q -9 ipt2socks - kill -9 $(busybox ps -w | grep ssr-server | grep -v grep | awk '{print $1}') >/dev/null 2>&1 - kill -9 $(busybox ps -w | grep ssr-local | grep -v grep | awk '{print $1}') >/dev/null 2>&1 - killall -q -9 ssr-local - killall -q -9 ss-local - killall -q -9 kcptun-client - killall -q -9 dns2socks - killall -q -9 microsocks - killall -q -9 redsocks2 - if [ -f /var/run/pdnsd.pid ]; then - kill $(cat /var/run/pdnsd.pid) >/dev/null 2>&1 - else - kill -9 $(busybox ps -w | grep pdnsd | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + ps -w | grep -v "grep" | grep ssr-switch | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & + rm -f /var/lock/ssr-switch.lock fi + ps -w | grep -v "grep" | grep ssr-monitor | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & + ps -w | grep -v "grep" | grep "sleep $(uci_get_by_type global switch_time)s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & + ps -w | grep -v "grep" | grep "sleep 30s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & + killall -q -9 ss-redir ss-local obfs-local ssr-redir ssr-local ssr-server v2ray v2ray-plugin trojan microsocks ipt2socks dns2socks redsocks2 pdnsd + rm -f /var/lock/ssr-chinaipset.lock /var/lock/ssr-monitor.lock if [ -f "/tmp/dnsmasq.d/dnsmasq-ssr.conf" ]; then rm -f /tmp/dnsmasq.d/dnsmasq-ssr.conf /tmp/dnsmasq.ssr/* /tmp/dnsmasq.oversea/* /etc/init.d/dnsmasq restart >/dev/null 2>&1 diff --git a/package/lean/luci-app-ssr-plus/root/etc/china_ssr.txt b/package/lean/luci-app-ssr-plus/root/etc/ssr/china_ssr.txt similarity index 99% rename from package/lean/luci-app-ssr-plus/root/etc/china_ssr.txt rename to package/lean/luci-app-ssr-plus/root/etc/ssr/china_ssr.txt index c152a07af..b5e637c5b 100644 --- a/package/lean/luci-app-ssr-plus/root/etc/china_ssr.txt +++ b/package/lean/luci-app-ssr-plus/root/etc/ssr/china_ssr.txt @@ -1030,7 +1030,8 @@ 45.65.28.0/22 45.112.132.0/22 45.112.188.0/22 -45.112.208.0/21 +45.112.208.0/22 +45.112.212.0/22 45.112.216.0/22 45.112.220.0/22 45.112.228.0/22 @@ -1471,6 +1472,9 @@ 45.253.232.0/22 45.253.236.0/22 45.253.240.0/22 +45.253.244.0/22 +45.253.248.0/22 +45.253.252.0/22 45.254.0.0/22 45.254.4.0/22 45.254.8.0/22 @@ -1782,6 +1786,7 @@ 61.29.128.0/18 61.29.192.0/19 61.29.224.0/20 +61.29.240.0/20 61.45.128.0/18 61.45.224.0/20 61.47.128.0/18 @@ -4004,6 +4009,11 @@ 103.149.210.0/23 103.149.214.0/23 103.149.220.0/23 +103.149.242.0/23 +103.149.244.0/23 +103.149.246.0/23 +103.149.248.0/23 +103.150.24.0/23 103.192.0.0/22 103.192.4.0/22 103.192.8.0/22 @@ -5062,8 +5072,7 @@ 106.4.0.0/14 106.8.0.0/15 106.11.0.0/16 -106.12.0.0/15 -106.14.0.0/15 +106.12.0.0/14 106.16.0.0/12 106.32.0.0/12 106.48.0.0/15 @@ -5401,10 +5410,7 @@ 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 -117.48.0.0/17 -117.48.128.0/17 -117.49.0.0/16 -117.50.0.0/15 +117.48.0.0/14 117.53.48.0/20 117.53.176.0/20 117.57.0.0/16 @@ -5832,8 +5838,7 @@ 124.64.0.0/15 124.66.0.0/17 124.67.0.0/16 -124.68.0.0/15 -124.70.0.0/15 +124.68.0.0/14 124.72.0.0/16 124.73.0.0/16 124.74.0.0/15 diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/netflix.list b/package/lean/luci-app-ssr-plus/root/etc/ssr/netflix.list similarity index 100% rename from package/lean/luci-app-ssr-plus/root/etc/config/netflix.list rename to package/lean/luci-app-ssr-plus/root/etc/ssr/netflix.list diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/netflixip.list b/package/lean/luci-app-ssr-plus/root/etc/ssr/netflixip.list similarity index 100% rename from package/lean/luci-app-ssr-plus/root/etc/config/netflixip.list rename to package/lean/luci-app-ssr-plus/root/etc/ssr/netflixip.list diff --git a/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus b/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus index bd8d02a51..6419b4381 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus +++ b/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus @@ -13,11 +13,11 @@ uci -q batch <<-EOF >/dev/null commit firewall EOF -touch /etc/china_ssr.txt -touch /etc/config/white.list -touch /etc/config/black.list -touch /etc/config/netflix.list -touch /etc/config/netflixip.list +touch /etc/ssr/china_ssr.txt +touch /etc/ssr/white.list +touch /etc/ssr/black.list +touch /etc/ssr/netflix.list +touch /etc/ssr/netflixip.list touch /etc/dnsmasq.ssr/ad.conf touch /etc/dnsmasq.ssr/gfw_list.conf diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad index 2c7ffef05..1523ce6d3 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad @@ -1,9 +1,9 @@ #!/bin/sh -e if [ -f /tmp/adnew.conf ]; then - if (grep -wq "address=" /tmp/adnew.conf) ; then - cp /tmp/adnew.conf /tmp/ad.conf - else - cat /tmp/adnew.conf | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/ad.conf - fi + if (grep -wq "address=" /tmp/adnew.conf); then + cp /tmp/adnew.conf /tmp/ssr-update.$1 + else + cat /tmp/adnew.conf | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' >/tmp/ssr-update.$1 + fi fi rm -f /tmp/adnew.conf diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw index 07ee49c45..44b85d29e 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw @@ -1,5 +1,4 @@ #!/bin/sh -e - generate_china_banned() { cat $1 | base64 -d >/tmp/gfwlist.txt rm -f $1 @@ -19,7 +18,7 @@ generate_china_banned() { }' | sort -u } -generate_china_banned /tmp/gfw.b64 >/tmp/gfw.txt +generate_china_banned /tmp/ssr-update.$1 >/tmp/gfw.txt rm -f /tmp/gfwlist.txt -sed '/.*/s/.*/server=\/\.&\/127.0.0.1#5335\nipset=\/\.&\/gfwlist/' /tmp/gfw.txt >/tmp/gfwnew.txt +sed '/.*/s/.*/server=\/\.&\/127.0.0.1#5335\nipset=\/\.&\/gfwlist/' /tmp/gfw.txt >/tmp/ssr-update.$1 rm -f /tmp/gfw.txt diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor index 889f1d119..4525a0d1f 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor @@ -6,6 +6,9 @@ # This is free software, licensed under the GNU General Public License v3. # See /LICENSE for more information. # +LOCK_FILE="/var/lock/ssr-monitor.lock" +[ -f "$LOCK_FILE" ] && exit 2 +touch "$LOCK_FILE" NAME=shadowsocksr @@ -19,6 +22,23 @@ uci_get_by_type() { echo ${ret:=$3} } +get_host_ip() { + local host=$1 + local isip="" + local ip=$host + isip=$(echo $host | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}") + if [ -z "$isip" ]; then + if [ "$host" != "${host#*:[0-9a-fA-F]}" ]; then + ip=$host + else + local ip=$(resolveip -4 -t 3 $host | awk 'NR==1{print}') + # local hostip=$(ping $host -W 1 -s 1 -c 1 | grep PING | cut -d'(' -f 2 | cut -d')' -f1) + [ -z "$ip" ] && ip=$(wget -q -O- http://119.29.29.29/d?dn=$1 | awk -F ';' '{print $1}') + fi + fi + echo ${ip:="127.0.0.1"} +} + server_process_count=$1 redir_tcp_process=$2 redir_udp_process=$3 @@ -29,25 +49,18 @@ pdnsd_process=$7 if [ -z "$pdnsd_process" ]; then pdnsd_process=0 fi - i=0 - GLOBAL_SERVER=$(uci_get_by_type global global_server) -server=$(uci_get_by_name $GLOBAL_SERVER server) +server=$(get_host_ip $(uci_get_by_name $GLOBAL_SERVER server)) +[ "$server" == "127.0.0.1" ] && hostip=$(uci_get_by_name $GLOBAL_SERVER ip) lkcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port) server_port=$(uci_get_by_name $GLOBAL_SERVER server_port) password=$(uci_get_by_name $GLOBAL_SERVER kcp_password) kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param) [ "$password" != "" ] && password="--key "${password} -if echo "$server" | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then - server=${server} -else - server=$(cat /etc/ssr_ip) -fi - while [ "1" == "1" ]; do #死循环 - sleep 30 + sleep 30s #redir tcp if [ "$redir_tcp_process" -gt 0 ]; then icount=$(busybox ps -w | grep ssr-retcp | grep -v grep | wc -l) @@ -82,6 +95,7 @@ while [ "1" == "1" ]; do #死循环 logger -t "$NAME" "ssr server error.restart!" kill -9 $(busybox ps -w | grep ssr-server | grep -v grep | awk '{print $1}') >/dev/null 2>&1 /etc/init.d/shadowsocksr restart + exit 0 fi fi #kcptun @@ -100,6 +114,7 @@ while [ "1" == "1" ]; do #死循环 logger -t "$NAME" "global socks server error.restart!" kill -9 $(busybox ps -w | grep ssr-local | grep -v grep | awk '{print $1}') >/dev/null 2>&1 /etc/init.d/shadowsocksr restart + exit 0 fi fi #pdnsd @@ -119,14 +134,14 @@ while [ "1" == "1" ]; do #死循环 if [ "$pdnsd_process" -eq 2 ]; then icount=$(busybox ps -w | grep -e ssr-dns -e dns2socks | grep -v grep | wc -l) if [ "$icount" -lt 2 ]; then #如果进程挂掉就重启它 - logger -t "$NAME" "dns2socks $dnsstr tunnel error.restart!" + logger -t "$NAME" "dns2socks $dnsstr tunnel error.restart!" dnsstr=$(uci_get_by_type global tunnel_forward 8.8.4.4:53) dnsserver=$(echo "$dnsstr" | awk -F ':' '{print $1}') dnsport=$(echo "$dnsstr" | awk -F ':' '{print $2}') killall -q -9 dns2socks kill -9 $(busybox ps -w | grep ssr-dns | grep -v grep | awk '{print $1}') >/dev/null 2>&1 microsocks -i 127.0.0.1 -p 10802 ssr-dns >/dev/null 2>&1 & - dns2socks 127.0.0.1:10802 $dnsserver:$dnsport 127.0.0.1:5335 -q >/dev/null 2>&1 & + dns2socks 127.0.0.1:10802 $dnsserver:$dnsport 127.0.0.1:5335 -q >/dev/null 2>&1 & fi fi done diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules index 0279d926a..087a74c14 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -33,6 +33,7 @@ Valid options are: -F netflix mode -N netflix server IP -M netflix proxy mode + -I a file content is bypassed netflix ip list -e extra options for iptables -o apply the rules to the OUTPUT chain -O apply the global rules to the OUTPUT chain @@ -82,7 +83,8 @@ flush_r() { ipset_r() { ipset -N gmlan hash:net 2>/dev/null for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done - if [ "$RUNMODE" == "router" ]; then + case "$RUNMODE" in + router) ipset -! -R <<-EOF || return 1 create ss_spec_wan_ac hash:net $(gen_iplist | sed -e "s/^/add ss_spec_wan_ac /") @@ -92,25 +94,29 @@ ipset_r() { $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN $IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW - elif [ "$RUNMODE" == "gfw" ]; then + ;; + gfw) ipset -N gfwlist hash:net 2>/dev/null $IPT -N SS_SPEC_WAN_AC $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN - elif [ "$RUNMODE" == "oversea" ]; then + ;; + oversea) ipset -N oversea hash:net 2>/dev/null $IPT -N SS_SPEC_WAN_AC ipset -N gmlan hash:net 2>/dev/null for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN - elif [ "$RUNMODE" == "all" ]; then + ;; + all) $IPT -N SS_SPEC_WAN_AC $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN - fi + ;; + esac ipset -N fplan hash:net 2>/dev/null for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW @@ -123,23 +129,25 @@ ipset_r() { $IPT -I SS_SPEC_WAN_AC -m set --match-set whitelist dst -j RETURN for ip in $WAN_BP_IP; do ipset -! add whitelist $ip; done for ip in $WAN_FW_IP; do ipset -! add blacklist $ip; done - - if [ "$NETFLIX" == "1" ]; then + if [ "$NETFLIX" != "0" ]; then + ipset -N netflix hash:net 2>/dev/null + for ip in $(cat ${NETFLIX_LIST:=/dev/null} 2>/dev/null); do ipset -! add netflix $ip; done + fi + case "$NETFLIX" in + 1) $IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports 4321 if [ "$NETFLIX_PROXY" == "1" ]; then $IPT -I SS_SPEC_WAN_AC -p tcp -d $NETFLIX_IP -j REDIRECT --to-ports $local_port else ipset -! add whitelist $NETFLIX_IP fi - elif [ "$NETFLIX" == "2" ]; then - $IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $local_port - fi - + ;; + 2) $IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $local_port ;; + esac return $? } fw_rule() { - ipset -N netflix hash:net 2>/dev/null $IPT -N SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_FW -d 0.0.0.0/8 -j RETURN $IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN @@ -216,23 +224,26 @@ tp_rule() { $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - if [ "$RUNMODE" == "router" ]; then + case "$RUNMODE" in + router) $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - elif [ "$RUNMODE" == "gfw" ]; then + ;; + gfw) $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt -A SS_SPEC_TPROXY -p udp -m set $PROXY_PORTS --match-set gfwlist dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - elif [ "$RUNMODE" == "oversea" ]; then + ;; + oversea) $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - elif [ "$RUNMODE" == "all" ]; then - $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - fi + ;; + all) $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 ;; + esac $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \ -m comment --comment "$TAG" -j SS_SPEC_TPROXY return $? @@ -309,7 +320,7 @@ gen_include() { return 0 } -while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:oOuUfgrczh" arg; do +while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:I:oOuUfgrczh" arg; do case "$arg" in s) server=$OPTARG @@ -359,6 +370,9 @@ while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:oOuUfgrczh" arg; do M) NETFLIX_PROXY=$OPTARG ;; + I) + NETFLIX_LIST=$OPTARG + ;; o) OUTPUT=1 ;; @@ -403,4 +417,3 @@ fi flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include [ "$?" == 0 ] || loger 3 "Start failed!" exit $? - diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch index 98d91dc96..15378a17f 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch @@ -1,4 +1,4 @@ -#!/bin/sh /etc/rc.common +#!/bin/sh /etc/rc.common # # Copyright (C) 2017 openwrt-ssr # Copyright (C) 2017 yushi studio @@ -6,6 +6,9 @@ # This is free software, licensed under the GNU General Public License v3. # See /LICENSE for more information. # +LOCK_FILE="/var/lock/ssr-switch.lock" +[ -f "$LOCK_FILE" ] && exit 2 +touch "$LOCK_FILE" cycle_time=60 switch_time=3 @@ -162,7 +165,7 @@ start() { fi else normal_flag=0 - echo "$(date "+%Y-%m-%d %H:%M:%S") ShadowsocksR No Problem." >>/tmp/ssrplus.log + # echo "$(date "+%Y-%m-%d %H:%M:%S") ShadowsocksR No Problem." >>/tmp/ssrplus.log fi done } diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh index 044d524d9..d011c63ca 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh @@ -1,5 +1,9 @@ +#!/bin/sh +LOCK_FILE="/var/lock/ssr-chinaipset.lock" +[ -f "$LOCK_FILE" ] && exit 2 +touch "$LOCK_FILE" echo "create china hash:net family inet hashsize 1024 maxelem 65536" > /tmp/china.ipset awk '!/^$/&&!/^#/{printf("add china %s'" "'\n",$0)}' /etc/china_ssr.txt >> /tmp/china.ipset ipset -! flush china ipset -! restore < /tmp/china.ipset 2>/dev/null -rm -f /tmp/china.ipset +rm -f /tmp/china.ipset $LOCK_FILE diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh index a36f48f89..480b8e3ef 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh @@ -1,72 +1,71 @@ #!/bin/sh - cat <<-EOF >$1 -base { - log_debug = off; - log_info = off; - log = stderr; - daemon = on; - redirector = iptables; - reuseport = on; -} + base { + log_debug = off; + log_info = off; + log = stderr; + daemon = on; + redirector = iptables; + reuseport = on; + } EOF if [ "$2" == "socks5" ]; then if [ "$3" == "tcp" ]; then if [ "$7" == "0" ]; then - cat <<-EOF >>$1 -redsocks { - bind = "0.0.0.0:$4"; - relay = "$5:$6"; - type = socks5; - autoproxy = 0; - timeout = 10; -} -EOF - else - cat <<-EOF >>$1 -redsocks { - bind = "0.0.0.0:$4"; - relay = "$5:$6"; - type = socks5; - autoproxy = 0; - timeout = 10; - login = "$8"; - password = "$9"; -} -EOF + cat <<-EOF >>$1 + redsocks { + bind = "0.0.0.0:$4"; + relay = "$5:$6"; + type = socks5; + autoproxy = 0; + timeout = 10; + } + EOF + else + cat <<-EOF >>$1 + redsocks { + bind = "0.0.0.0:$4"; + relay = "$5:$6"; + type = socks5; + autoproxy = 0; + timeout = 10; + login = "$8"; + password = "$9"; + } + EOF fi else - if [ "$7" == "0" ]; then - cat <<-EOF >>$1 -redudp { - bind = "0.0.0.0:$4"; - relay = "$5:$6"; - type = socks5; - udp_timeout = 10; -} -EOF - else - cat <<-EOF >>$1 -redudp { - bind = "0.0.0.0:$4"; - relay = "$5:$6"; - type = socks5; - udp_timeout = 10; - login = "$8"; - password = "$9"; -} -EOF + if [ "$7" == "0" ]; then + cat <<-EOF >>$1 + redudp { + bind = "0.0.0.0:$4"; + relay = "$5:$6"; + type = socks5; + udp_timeout = 10; + } + EOF + else + cat <<-EOF >>$1 + redudp { + bind = "0.0.0.0:$4"; + relay = "$5:$6"; + type = socks5; + udp_timeout = 10; + login = "$8"; + password = "$9"; + } + EOF fi fi else - cat <<-EOF >>$1 -redsocks { - bind = "0.0.0.0:$4"; - type = direct; - interface = $3; - autoproxy = 0; - timeout = 10; -} -EOF + cat <<-EOF >>$1 + redsocks { + bind = "0.0.0.0:$4"; + type = direct; + interface = $3; + autoproxy = 0; + timeout = 10; + } + EOF fi diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gentrojanconfig.lua b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gentrojanconfig.lua index 8cb979bef..9474777d0 100644 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gentrojanconfig.lua +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gentrojanconfig.lua @@ -1,9 +1,8 @@ -local ucursor = require "luci.model.uci".cursor() +local ucursor = require "uci".cursor() local json = require "luci.jsonc" local server_section = arg[1] local proto = arg[2] local local_port = arg[3] - local server = ucursor:get_all("shadowsocksr", server_section) local trojan = { diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2config.lua b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2config.lua index 2554ebd17..36e7efae4 100644 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2config.lua +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2config.lua @@ -1,10 +1,9 @@ -local ucursor = require "luci.model.uci".cursor() +local ucursor = require "uci".cursor() local json = require "luci.jsonc" local server_section = arg[1] local proto = arg[2] local local_port = arg[3] or "0" local socks_port = arg[4] or "0" - local server = ucursor:get_all("shadowsocksr", server_section) local v2ray = { diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh index c5decd28c..245bb8c88 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh @@ -1,5 +1,34 @@ #!/bin/sh -mkdir -p /tmp/dnsmasq.ssr -awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/config/black.list > /tmp/dnsmasq.ssr/blacklist_forward.conf -awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/config/black.list >> /tmp/dnsmasq.ssr/blacklist_forward.conf -awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"whitelist"'\n",$0)}' /etc/config/white.list > /tmp/dnsmasq.ssr/whitelist_forward.conf +NAME=shadowsocksr +uci_get_by_type() { + local ret=$(uci get $NAME.@$1[0].$2 2>/dev/null) + echo ${ret:=$3} +} +cp -a /etc/dnsmasq.ssr /tmp/ +cp -a /etc/dnsmasq.oversea /tmp/ +GLOBAL_SERVER=$(uci_get_by_type global global_server) +NETFLIX_SERVER=$(uci_get_by_type global netflix_server nil) +[ "$NETFLIX_SERVER" == "same" ] && NETFLIX_SERVER=$GLOBAL_SERVER +if [ "$NETFLIX_SERVER" != "nil" ]; then + netflix() { + for line in $(cat /etc/ssr/netflix.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_list.conf; done + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"netflix"'\n",$0)}' /etc/ssr/netflix.list >/tmp/dnsmasq.ssr/netflix_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#$1"'\n",$0)}' /etc/ssr/netflix.list >>/tmp/dnsmasq.ssr/netflix_forward.conf + } + if [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then + netflix 5555 + else + netflix 5335 + fi +else + rm -f /tmp/dnsmasq.ssr/netflix_forward.conf +fi +if [ "$1" == "" ]; then + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/ssr/black.list >/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/ssr/black.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"whitelist"'\n",$0)}' /etc/ssr/white.list >/tmp/dnsmasq.ssr/whitelist_forward.conf + if [ "$(uci_get_by_type global adblock 0)" == "0" ]; then + rm -f /tmp/dnsmasq.ssr/ad.conf + fi +fi +/etc/init.d/dnsmasq restart >/dev/null 2>&1 diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh index 5db73ff88..818726a98 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh @@ -1,6 +1,6 @@ #!/bin/sh - /usr/bin/lua /usr/share/shadowsocksr/update.lua +sleep 2s +/usr/share/shadowsocksr/chinaipset.sh +sleep 2s /usr/bin/lua /usr/share/shadowsocksr/subscribe.lua -sleep 10 -/etc/init.d/shadowsocksr restart \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua index 7b05ce5cf..b7cb1bce9 100644 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua @@ -10,27 +10,56 @@ require 'luci.sys' require 'uci' -- these global functions are accessed all the time by the event handler -- so caching them is worth the effort -local luci = luci local tinsert = table.insert local ssub, slen, schar, sbyte, sformat, sgsub = string.sub, string.len, string.char, string.byte, string.format, string.gsub local jsonParse, jsonStringify = luci.jsonc.parse, luci.jsonc.stringify local b64decode = nixio.bin.b64decode -local cache = {} -local nodeResult = setmetatable({}, { __index = cache }) -- update result -local name = 'shadowsocksr' +local nodeResult = {} -- update result +local application = 'shadowsocksr' local uciType = 'servers' -local ucic = luci.model.uci.cursor() -local proxy = ucic:get_first(name, 'server_subscribe', 'proxy', '0') -local switch = ucic:get_first(name, 'server_subscribe', 'switch', '1') -local subscribe_url = ucic:get_first(name, 'server_subscribe', 'subscribe_url', {}) -local filter_words = ucic:get_first(name, 'server_subscribe', 'filter_words', 'QQ群') +local ucic2 = uci.cursor() +local proxy = ucic2:get(application, '@server_subscribe[0]', 'proxy') or '0' +local switch = ucic2:get(application, '@server_subscribe[0]', 'switch') or '1' +local subscribe_url = ucic2:get(application, '@server_subscribe[0]', 'subscribe_url') or {} +local filter_words = ucic2:get(application, '@server_subscribe[0]', 'filter_words') or '过期时间/剩余流量' +ucic2:revert(application) local log = function(...) print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({ ... }, " ")) end + +-- 获取各项动态配置的当前服务器,可以用 get 和 set, get必须要获取到节点表 +local CONFIG = { + GLOBAL_SERVER = { + remarks = '主节点', + type = "global", option = "global_server", + set = function(server) + ucic2:set(application, '@global[0]', "global_server", server) + end + } +} +do + for k, v in pairs(CONFIG) do + local currentNode + if v.get then + currentNode = v.get() + else + local cfgid = ucic2:get(application, '@' .. v.type .. '[0]', v.option) + if cfgid then + currentNode = ucic2:get_all(application, cfgid) + end + end + if currentNode then + CONFIG[k].currentNode = currentNode + else + CONFIG[k] = nil + end + end +end + -- 分割字符串 local function split(full, sep) - full = full:gsub("%z", "") -- 这里不是很清楚 有时候结尾带个\0 + full = full:gsub("%z", "") -- 这里不是很清楚 有时候结尾带个\0 local off, result = 1, {} while true do local nStart, nEnd = full:find(sep, off) @@ -48,15 +77,15 @@ local function split(full, sep) return result end -- urlencode -local function get_urlencode(c) - return sformat("%%%02X", sbyte(c)) -end +-- local function get_urlencode(c) +-- return sformat("%%%02X", sbyte(c)) +-- end -local function urlEncode(szText) - local str = szText:gsub("([^0-9a-zA-Z ])", get_urlencode) - str = str:gsub(" ", "+") - return str -end +-- local function urlEncode(szText) +-- local str = szText:gsub("([^0-9a-zA-Z ])", get_urlencode) +-- str = str:gsub(" ", "+") +-- return str +-- end local function get_urldecode(h) return schar(tonumber(h, 16)) @@ -72,12 +101,7 @@ local function trim(text) end return (sgsub(text, "^%s*(.-)%s*$", "%1")) end --- md5 -local function md5(content) - local stdout = luci.sys.exec('echo \"' .. urlEncode(content) .. '\" | md5sum | cut -d \" \" -f1') - -- assert(nixio.errno() == 0) - return trim(stdout) -end + -- base64 local function base64Decode(text) local raw = text @@ -99,7 +123,8 @@ local function processData(szType, content) local result = { type = szType, local_port = 1234, - kcp_param = '--nocomp' + kcp_param = '--nocomp', + isSubscribe = 1, } if szType == 'ssr' then local dat = split(content, "/%?") @@ -119,7 +144,7 @@ local function processData(szType, content) result.protocol_param = base64Decode(params.protoparam) local group = base64Decode(params.group) if group then - result.alias = "[" .. group .. "] " + result.alias = "[" .. group .. "] " end result.alias = result.alias .. base64Decode(params.remarks) elseif szType == 'vmess' then @@ -263,14 +288,6 @@ local function processData(szType, content) if not result.alias then result.alias = result.server .. ':' .. result.server_port end - -- alias 不参与 hashkey 计算 - local alias = result.alias - result.alias = nil - local switch_enable = result.switch_enable - result.switch_enable = nil - result.hashkey = md5(jsonStringify(result)) - result.alias = alias - result.switch_enable = switch_enable return result end -- wget @@ -280,15 +297,67 @@ local function wget(url) end local function check_filer(result) - do - local filter_word = split(filter_words, "/") - for i, v in pairs(filter_word) do - if result.alias:find(v) then - log('订阅节点关键字过滤:“' .. v ..'” ,该节点被丢弃') - return true - end - end - end + do + local filter_word = split(filter_words, "/") + for i, v in pairs(filter_word) do + if result.alias:find(v) then + log('订阅节点关键字过滤:“' .. v ..'” ,该节点被丢弃') + return true + end + end + end +end + +local function select_node(nodes, config) + local server + -- 第一优先级 IP + 端口 + for id, node in pairs(nodes) do + if node.server .. ':' .. node.server_port == config.currentNode.server .. ':' .. config.currentNode.server_port then + log('选择【' .. config.remarks .. '】第一匹配节点:' .. node.alias) + server = id + break + end + end + -- 第二优先级 IP + if not server then + for id, node in pairs(nodes) do + if node.server == config.currentNode.server then + log('选择【' .. config.remarks .. '】第二匹配节点:' .. node.alias) + server = id + break + end + end + end + -- 第三优先级备注 + if not server then + for id, node in pairs(nodes) do + if node.alias == config.currentNode.alias then + log('选择【' .. config.remarks .. '】第三匹配节点:' .. node.alias) + server = id + break + end + end + end + -- 第四 cfgid + if not server then + for id, node in pairs(nodes) do + if id == config.currentNode['.name'] then + log('选择【' .. config.remarks .. '】第四匹配节点:' .. node.alias) + server = id + break + end + end + end + -- 还不行 随便找一个 + if not server then + server = ucic2:get(application, '@'.. uciType .. '[0]') + if server then + log('无法找到最匹配的节点,当前已更换为' .. ucic2:get_all(application, server).alias) + end + end + if server then + config.set(server) + end end local execute = function() @@ -296,15 +365,14 @@ local execute = function() do if proxy == '0' then -- 不使用代理更新的话先暂停 log('服务正在暂停') - luci.sys.init.stop(name) + luci.sys.init.stop(application) end for k, url in ipairs(subscribe_url) do local raw = wget(url) if #raw > 0 then local nodes, szType - local groupHash = md5(url) - cache[groupHash] = {} - tinsert(nodeResult, {}) + local all_odes = {} + tinsert(nodeResult, all_odes) local index = #nodeResult -- SSD 似乎是这种格式 ssd:// 开头的 if raw:find('ssd://') then @@ -313,10 +381,10 @@ local execute = function() nodes = base64Decode(raw:sub(nEnd + 1, #raw)) nodes = jsonParse(nodes) local extra = { - airport = nodes.airport, - port = nodes.port, - encryption = nodes.encryption, - password = nodes.password + airport = nodes.airport, + port = nodes.port, + encryption = nodes.encryption, + password = nodes.password } local servers = {} -- SS里面包着 干脆直接这样 @@ -349,16 +417,15 @@ local execute = function() -- log(result) if result then if - not result.server or - check_filer(result) or - result.server:match("[^0-9a-zA-Z%-%.%s]") -- 中文做地址的 也没有人拿中文域名搞,就算中文域也有Puny Code SB 机场 - then + not result.server or + not result.server_port or + check_filer(result) or + result.server:match("[^0-9a-zA-Z%-%.%s]") -- 中文做地址的 也没有人拿中文域名搞,就算中文域也有Puny Code SB 机场 + then log('丢弃无效节点: ' .. result.type ..' 节点, ' .. result.alias) else log('成功解析: ' .. result.type ..' 节点, ' .. result.alias) - result.grouphashkey = groupHash - tinsert(nodeResult[index], result) - cache[groupHash][result.hashkey] = nodeResult[index][#nodeResult[index]] + tinsert(all_odes, result) end end end @@ -371,61 +438,45 @@ local execute = function() end -- diff do - if next(nodeResult) == nil then - log("更新失败,没有可用的节点信息") - return - end - local add, del = 0, 0 - ucic:foreach(name, uciType, function(old) - if old.grouphashkey or old.hashkey then -- 没有 hash 的不参与删除 - if not nodeResult[old.grouphashkey] or not nodeResult[old.grouphashkey][old.hashkey] then - ucic:delete(name, old['.name']) - del = del + 1 - else - local dat = nodeResult[old.grouphashkey][old.hashkey] - ucic:tset(name, old['.name'], dat) - -- 标记一下 - setmetatable(nodeResult[old.grouphashkey][old.hashkey], { __index = { _ignore = true } }) - end - else - if not old.alias then - old.alias = old.server .. ':' .. old.server_port - end - log('忽略手动添加的节点: ' .. old.alias) + assert(next(nodeResult), '更新失败,没有可用的节点信息') + -- delete all for subscribe nodes + ucic2:foreach(application, uciType, function(node) + if node.isSubscribe or node.hashkey then -- 兼容之前的hashkey + ucic2:delete(application, node['.name']) end - end) - for k, v in ipairs(nodeResult) do - for kk, vv in ipairs(v) do - if not vv._ignore then - local section = ucic:add(name, uciType) - ucic:tset(name, section, vv) - ucic:set(name, section, "switch_enable", switch) - add = add + 1 + for _, v in ipairs(nodeResult) do + for _, vv in ipairs(v) do + vv.switch_enable = switch + local cfgid = ucic2:add(application, uciType) + for kkk, vvv in pairs(vv) do + ucic2:set(application, cfgid, kkk, vvv) end end end - ucic:commit(name) - -- 如果原有服务器节点已经不见了就尝试换为第一个节点 - local globalServer = ucic:get_first(name, 'global', 'global_server', '') - local firstServer = ucic:get_first(name, uciType) - if firstServer then - if not ucic:get(name, globalServer) then - luci.sys.call("/etc/init.d/" .. name .. " stop > /dev/null 2>&1 &") - ucic:commit(name) - ucic:set(name, ucic:get_first(name, 'global'), 'global_server', ucic:get_first(name, uciType)) - ucic:commit(name) - log('当前主服务器节点已被删除,正在自动更换为第一个节点。') - luci.sys.call("/etc/init.d/" .. name .. " start > /dev/null 2>&1 &") - else - log('维持当前主服务器节点。') - luci.sys.call("/etc/init.d/" .. name .." restart > /dev/null 2>&1 &") + ucic2:commit(application) + local ucic3 = uci.cursor() + -- repair configuration + if next(CONFIG) then + local nodes = {} + ucic3:foreach(application, uciType, function(node) + if node.server and node.server_port and node.alias then + nodes[node['.name']] = node + end + end) + for _, config in pairs(CONFIG) do + select_node(nodes, config) end - else - log('没有服务器节点了,停止服务') - luci.sys.call("/etc/init.d/" .. name .. " stop > /dev/null 2>&1 &") + ucic3:commit(application) end - log('新增节点数量: ' ..add, '删除节点数量: ' .. del) + -- select first server + local globalServer = ucic3:get(application, '@global[0]', 'global_server') or '' + if not globalServer or not ucic3:get_all(application, globalServer) then + ucic3:set(application, '@global[0]', 'global_server', select(2, ucic3:get(application, '@' .. uciType .. '[0]'))) + ucic3:commit(application) + log('当前没有主节点,自动选择第一个节点开启服务。') + end + luci.sys.call("/etc/init.d/" .. application .." restart > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早 log('订阅更新成功') end end @@ -435,12 +486,11 @@ if subscribe_url and #subscribe_url > 0 then log(e) log(debug.traceback()) log('发生错误, 正在恢复服务') - local firstServer = ucic:get_first(name, uciType) - if firstServer then - luci.sys.call("/etc/init.d/" .. name .." restart > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早 + if CONFIG.GLOBAL_SERVER and CONFIG.GLOBAL_SERVER.currentNode then + luci.sys.call("/etc/init.d/" .. application .." restart > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早 log('重启服务成功') else - luci.sys.call("/etc/init.d/" .. name .." stop > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早 + luci.sys.call("/etc/init.d/" .. application .." stop > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早 log('停止服务成功') end end) diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua index 17341bd84..bcf256890 100644 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua @@ -3,10 +3,8 @@ -- This file is part of the luci-app-ssr-plus update.lua -- By Mattraks ------------------------------------------------ -require 'nixio' -require 'luci.util' -require 'luci.jsonc' -require 'luci.sys' +require "luci.sys" +require "luci.model.uci" local icount = 0 local uci = luci.model.uci.cursor() @@ -14,112 +12,41 @@ local log = function(...) print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({ ... }, " ")) end -log('正在更新【GFW列表】数据库') -refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'gfwlist_url', 'https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt') .. " > /tmp/gfw.b64" -sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") -if sret == 0 then - luci.sys.call("/usr/bin/ssr-gfw") - icount = luci.sys.exec("cat /tmp/gfwnew.txt | wc -l") - if tonumber(icount) > 1000 then - if nixio.fs.access("/etc/dnsmasq.ssr/gfw_list.conf") then - oldcount = luci.sys.exec("cat /etc/dnsmasq.ssr/gfw_list.conf | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/gfwnew.txt /etc/dnsmasq.ssr/gfw_list.conf") - luci.sys.exec("cp -f /tmp/gfwnew.txt /tmp/dnsmasq.ssr/gfw_list.conf") - log('更新成功! 新的总纪录数:' .. tostring(tonumber(icount)/2)) - else - log('你已经是最新数据,无需更新!') - end - else - log('更新失败!') - end - luci.sys.exec("rm -f /tmp/gfwnew.txt") -else - log('更新失败!') -end - -log('正在更新【国内IP段】数据库') -refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'chnroute_url','https://ispip.clang.cn/all_cn.txt') .. " > /tmp/china_ssr.txt" -sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") -icount = luci.sys.exec("cat /tmp/china_ssr.txt | wc -l") -if sret == 0 then - icount = luci.sys.exec("cat /tmp/china_ssr.txt | wc -l") - if tonumber(icount) > 1000 then - if nixio.fs.access("/etc/china_ssr.txt") then - oldcount = luci.sys.exec("cat /etc/china_ssr.txt | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/china_ssr.txt /etc/china_ssr.txt") - log('更新成功! 新的总纪录数:' .. tostring(tonumber(icount))) - else - log('你已经是最新数据,无需更新!') - end - else - log('更新失败!') - end - luci.sys.exec("rm -f /tmp/china_ssr.txt") -else - log('更新失败!') -end - -if uci:get_first('shadowsocksr', 'global', 'adblock','0') == "1" then - log('正在更新【广告屏蔽】数据库') - refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'adblock_url','https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt') .. " > /tmp/adnew.conf" +local function update(url, file, type, file2) + local Num = 1 + refresh_cmd = "wget-ssl --no-check-certificate -t 3 -T 10 -O- " .. url .. " > /tmp/ssr-update." .. type sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") if sret == 0 then - luci.sys.call("/usr/bin/ssr-ad") - icount = luci.sys.exec("cat /tmp/ad.conf | wc -l") - if tonumber(icount) > 100 then - if nixio.fs.access("/etc/dnsmasq.ssr/ad.conf") then - oldcount = luci.sys.exec("cat /etc/dnsmasq.ssr/ad.conf | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/ad.conf /etc/dnsmasq.ssr/ad.conf") - luci.sys.exec("cp -f /tmp/ad.conf /tmp/dnsmasq.ssr/ad.conf") - log('更新成功! 新的总纪录数:' .. tostring(tonumber(icount))) - else - log('你已经是最新数据,无需更新!') - end - else - log('更新失败!') + if type == "gfw_data" then + luci.sys.call("/usr/bin/ssr-gfw " .. type) + Num = 2 + end + if type == "ad_data" then + luci.sys.call("/usr/bin/ssr-ad " .. type) + end + local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/ssr-update." .. type .. "' ] && md5sum /tmp/ssr-update." .. type .. " | awk '{print $1}')") + local old_md5 = luci.sys.exec("echo -n $([ -f '" .. file .. "' ] && md5sum " .. file .. " | awk '{print $1}')") + if new_md5 == old_md5 then + log("你已经是最新数据,无需更新!") + else + icount = luci.sys.exec("cat /tmp/ssr-update." .. type .. " | wc -l") + luci.sys.exec("cp -f /tmp/ssr-update." .. type .. " " .. file) + if file2 then luci.sys.exec("cp -f /tmp/ssr-update." .. type .. " " .. file2) end + log("更新成功! 新的总纪录数:" .. tostring(tonumber(icount)/Num)) end - luci.sys.exec("rm -f /tmp/ad.conf") else - log('更新失败!') + log("更新失败!") end + luci.sys.exec("rm -f /tmp/ssr-update." .. type) end ---[[ -log('正在更新【Netflix IP段】数据库') -refresh_cmd = "wget-ssl --no-check-certificate -O- " .. uci:get_first('shadowsocksr', 'global', 'nfip_url','https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt') .. " > /tmp/netflixip.list" -sret = luci.sys.call(refresh_cmd .. " 2>/dev/null") -if sret == 0 then - luci.sys.call("/usr/bin/ssr-gfw") - icount = luci.sys.exec("cat /tmp/netflixip.list | wc -l") - if tonumber(icount) > 5 then - if nixio.fs.access("/etc/config/netflixip.list") then - oldcount = luci.sys.exec("cat /etc/config/netflixip.list | wc -l") - else - oldcount = "0" - end - if tonumber(icount) ~= tonumber(oldcount) then - luci.sys.exec("cp -f /tmp/netflixip.list /etc/config/netflixip.list") - log('更新成功! 新的总纪录数:' .. tostring(tonumber(icount))) - else - log('你已经是最新数据,无需更新!') - end - else - log('更新失败!') - end - luci.sys.exec("rm -f /tmp/netflixip.list") -else - log('更新失败!') +log("正在更新【GFW列表】数据库") +update(uci:get_first("shadowsocksr", "global", "gfwlist_url", "https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt"), "/etc/dnsmasq.ssr/gfw_list.conf", "gfw_data", "/tmp/dnsmasq.ssr/gfw_list.conf") +log("正在更新【国内IP段】数据库") +update(uci:get_first("shadowsocksr", "global", "chnroute_url","https://ispip.clang.cn/all_cn.txt"), "/etc/ssr/china_ssr.txt", "cnip") +if uci:get_first("shadowsocksr", "global", "adblock","0") == "1" then + log("正在更新【广告屏蔽】数据库") + update(uci:get_first("shadowsocksr", "global", "adblock_url","https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt"), "/etc/dnsmasq.ssr/ad.conf", "ad_data", "/tmp/dnsmasq.ssr/ad.conf") end ---]] +-- log("正在更新【Netflix IP段】数据库") +-- update(uci:get_first("shadowsocksr", "global", "nfip_url","https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt"), "/etc/ssr/netflixip.list", "nfip_data")