From b0592e0f3767173344a9c3d74ca1398be9fca62f Mon Sep 17 00:00:00 2001
From: coolsnowwolf <coolsnowwolf@gmail.com>
Date: Tue, 13 Nov 2018 01:37:54 +0800
Subject: [PATCH] luci ssr plus: add enhanced Game Mode user IP control list

---
 package/lean/luci-app-ssr-plus/Makefile       |  2 +-
 .../model/cbi/shadowsocksr/client-config.lua  | 26 +++++-----
 .../luasrc/model/cbi/shadowsocksr/control.lua |  8 +++
 .../luci-app-ssr-plus/po/zh-cn/ssr-plus.po    |  3 ++
 .../root/etc/init.d/shadowsocksr              |  1 +
 .../luci-app-ssr-plus/root/usr/bin/ssr-rules  | 49 +++++++++++++------
 6 files changed, 61 insertions(+), 28 deletions(-)

diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile
index afd514700..a9aedb268 100644
--- a/package/lean/luci-app-ssr-plus/Makefile
+++ b/package/lean/luci-app-ssr-plus/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=1
-PKG_RELEASE:=52
+PKG_RELEASE:=53
 
 PO2LMO:=$(BUILD_DIR)/luci-base/po2lmo
 
diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
index b6c135e64..b5c553b30 100644
--- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@@ -194,13 +194,13 @@ o.rmempty = false
 o.default = uuid
 o:depends("type", "v2ray")
 
--- åŠ å¯†æ–¹å¼
+-- ¼ÓÃÜ·½Ê½
 o = s:option(ListValue, "security", translate("Encrypt Method"))
 for _, v in ipairs(securitys) do o:value(v, v:upper()) end
 o.rmempty = false
 o:depends("type", "v2ray")
 
--- ä¼ è¾“åè®®
+-- ´«ÊäÐ­Òé
 o = s:option(ListValue, "transport", translate("Transport"))
 o:value("tcp", "TCP")
 o:value("kcp", "mKCP")
@@ -209,50 +209,50 @@ o:value("h2", "HTTP/2")
 o.rmempty = false
 o:depends("type", "v2ray")
 
--- [[ TCPéƒ¨åˆ† ]]--
+-- [[ TCP²¿·Ö ]]--
 
--- TCPä¼ªè£…
+-- TCPÎ±×°
 o = s:option(ListValue, "tcp_guise", translate("Camouflage Type"))
 o:depends("transport", "tcp")
 o:value("none", translate("None"))
 o:value("http", "HTTP")
 o.rmempty = true
 
--- HTTPåŸŸå
+-- HTTPÓòÃû
 o = s:option(DynamicList, "http_host", translate("HTTP Host"))
 o:depends("tcp_guise", "http")
 o.rmempty = true
 
--- HTTPè·¯å¾„
+-- HTTPÂ·¾¶
 o = s:option(DynamicList, "http_path", translate("HTTP Path"))
 o:depends("tcp_guise", "http")
 o.rmempty = true
 
--- [[ WSéƒ¨åˆ† ]]--
+-- [[ WS²¿·Ö ]]--
 
--- WSåŸŸå
+-- WSÓòÃû
 o = s:option(Value, "ws_host", translate("WebSocket Host"))
 o:depends("transport", "ws")
 o.rmempty = true
 
--- WSè·¯å¾„
+-- WSÂ·¾¶
 o = s:option(Value, "ws_path", translate("WebSocket Path"))
 o:depends("transport", "ws")
 o.rmempty = true
 
--- [[ H2éƒ¨åˆ† ]]--
+-- [[ H2²¿·Ö ]]--
 
--- H2åŸŸå
+-- H2ÓòÃû
 o = s:option(DynamicList, "h2_host", translate("HTTP/2 Host"))
 o:depends("transport", "h2")
 o.rmempty = true
 
--- H2è·¯å¾„
+-- H2Â·¾¶
 o = s:option(Value, "h2_path", translate("HTTP/2 Path"))
 o:depends("transport", "h2")
 o.rmempty = true
 
--- [[ mKCPéƒ¨åˆ† ]]--
+-- [[ mKCP²¿·Ö ]]--
 
 o = s:option(ListValue, "kcp_guise", translate("Camouflage Type"))
 o:depends("transport", "kcp")
diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
index 4b113bac7..62e8d2a0d 100644
--- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
+++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
@@ -33,6 +33,14 @@ luci.ip.neighbors({ family = 4 }, function(entry)
        end
 end)
 
+o = s:taboption("lan_ac", DynamicList, "lan_gm_ips", translate("Game Mode Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({ family = 4 }, function(entry)
+       if entry.reachable then
+               o:value(entry.dest:string())
+       end
+end)
+
 -- Part of Self
 -- s:tab("self_ac", translate("Router Self AC"))
 -- o = s:taboption("self_ac",ListValue, "router_proxy", translate("Router Self Proxy"))
diff --git a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
index c74fd43c2..fa28cc8f5 100644
--- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@@ -467,3 +467,6 @@ msgstr "æœåŠ¡å™¨èŠ‚ç‚¹ç±»åž‹"
 msgid "Using incorrect encryption mothod may causes service fail to start"
 msgstr "è¾“å…¥ä¸æ­£ç¡®çš„å‚æ•°ç»„åˆå¯èƒ½ä¼šå¯¼è‡´æœåŠ¡æ— æ³•å¯åŠ¨"
 
+msgid "Game Mode Host List"
+msgstr "å¢žå¼ºæ¸¸æˆæ¨¡å¼å®¢æˆ·ç«¯ LAN IP"
+
diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
index 46ff61e78..1db0ad4ca 100755
--- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@@ -190,6 +190,7 @@ start_rules() {
 		-b "$(uci_get_by_type access_control wan_bp_ips)" \
 		-w "$(uci_get_by_type access_control wan_fw_ips)" \
 		-p "$(uci_get_by_type access_control lan_fp_ips)" \
+		-G "$(uci_get_by_type access_control lan_gm_ips)" \
 		$(get_arg_out) $gfwmode $ARG_UDP
 			
 	return $?
diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
index 2597b506a..4fd4c016d 100755
--- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
@@ -27,6 +27,7 @@ usage() {
 		    -b <wan_ips>            wan ip of will be bypassed
 		    -w <wan_ips>            wan ip of will be forwarded
 		    -p <fp_lan_ips>         lan ip of will be global proxy
+		    -G <gm_lan_ips>         lan ip of will be game mode proxy
 		    -e <extra_options>      extra options for iptables
 		    -o                      apply the rules to the OUTPUT chain
 		    -O                      apply the global rules to the OUTPUT chain
@@ -62,6 +63,7 @@ flush_r() {
 	ipset -X ss_spec_wan_ac 2>/dev/null
 	ipset -X ssr_gen_router 2>/dev/null
 	ipset -X fplan 2>/dev/null
+	ipset -X gmlan 2>/dev/null
 	[ -n "$FWI" ] && echo '#!/bin/sh' >$FWI
 	return 0
 }
@@ -84,8 +86,12 @@ EOF
 	$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 	
+	ipset -N gmlan hash:net 2>/dev/null
+	for ip in $LAN_GM_IP; do ipset -! add gmlan $ip ; done
+	$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+	
 	ipset -N fplan hash:net 2>/dev/null
-	for ip in $LAN_FP_IP; do ipset add fplan $ip ; done
+	for ip in $LAN_FP_IP; do ipset -! add fplan $ip ; done
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
 	
 	$IPT -I SS_SPEC_WAN_AC -d $server -j RETURN
@@ -96,12 +102,14 @@ EOF
 
 fw_rule() {
 	$IPT -N SS_SPEC_WAN_FW
-	$IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4	-j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 0.0.0.0/8 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 169.254.0.0/16 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN
 	$IPT -A SS_SPEC_WAN_FW -p tcp \
 		-j REDIRECT --to-ports $local_port 2>/dev/null || {
 		loger 3 "Can't redirect, please check the iptables."
@@ -154,18 +162,28 @@ tp_rule() {
 	ip route add local 0.0.0.0/0 dev lo table 100
 	local ipt="iptables -t mangle"
 	$ipt -N SS_SPEC_TPROXY
+	$ipt -A SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 0.0.0.0/8 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 10.0.0.0/8 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 127.0.0.0/8 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 169.254.0.0/16 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 172.16.0.0/12 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 192.168.0.0/16 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+  
 	if [ -z "$GFWMODE" ] ;then
 	$ipt -A SS_SPEC_TPROXY -p udp -m set ! --match-set ss_spec_wan_ac dst \
 		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	else
+	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \
+		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	$ipt -A SS_SPEC_TPROXY -p udp -m set  --match-set gfwlist dst \
 		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	fi	
-	
-	$ipt -I SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
-	$ipt -I SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
-	$ipt -I SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
-	
+		
 	$ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \
 		-m comment --comment "$TAG" -j SS_SPEC_TPROXY
 	return $?
@@ -242,7 +260,7 @@ EOF
 	return 0
 }
 
-while getopts ":s:l:S:L:i:e:a:b:w:p:oOuUfgh" arg; do
+while getopts ":s:l:S:L:i:e:a:b:w:p:G:oOuUfgh" arg; do
 	case "$arg" in
 		s)
 			server=$OPTARG
@@ -273,7 +291,10 @@ while getopts ":s:l:S:L:i:e:a:b:w:p:oOuUfgh" arg; do
 			;;
 		p)
 			LAN_FP_IP=$OPTARG
-			;;		
+			;;	
+		G)
+			LAN_GM_IP=$OPTARG
+			;;	
 		o)
 			OUTPUT=1
 			;;