re-add luci ssr pro and support ss-libev 3.2.1

package/lean/luci-app-ssr-pro/Makefile

@@ -0,0 +1,18 @@
+# Copyright (C) 2016 Openwrt.org
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for SSR Pro
+LUCI_DEPENDS:=+iptables-mod-tproxy +kmod-ipt-tproxy +ip +ipset-lists +shadowsocksr-libev-alt +shadowsocks-libev-ss-redir +pdnsd-alt +coreutils +coreutils-base64 +coreutils-nohup +dnsmasq-full
+LUCI_PKGARCH:=all
+PKG_VERSION:=2
+PKG_RELEASE:=31
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
+
+

package/lean/luci-app-ssr-pro/luasrc/controller/ssrpro.lua

@@ -0,0 +1,17 @@
+module("luci.controller.ssrpro", package.seeall)
+function index()
+		if not nixio.fs.access("/etc/config/ssrpro") then
+		return
+	end
+	local page
+	page = entry({"admin", "services", "ssrpro"}, cbi("ssrpro"), _("ShadowsocksR Pro"))
+	page.dependent = true
+	entry({"admin","services","ssrpro","status"},call("act_status")).leaf=true
+end
+
+function act_status()
+  local e={}
+  e.running=luci.sys.call("pgrep ssr-redir >/dev/null")==0
+  luci.http.prepare_content("application/json")
+  luci.http.write_json(e)
+end

package/lean/luci-app-ssr-pro/luasrc/model/cbi/ssrpro.lua

@@ -0,0 +1,229 @@
+
+local fs = require "nixio.fs"
+local NXFS = require "nixio.fs"
+local WLFS = require "nixio.fs"
+local SYS  = require "luci.sys"
+local ND = SYS.exec("cat /etc/gfwlist/china-banned | wc -l")
+local conf = "/etc/shadowsocksr/base-gfwlist.txt"
+local watch = "/tmp/shadowsocksr_watchdog.log"
+local dog = "/tmp/ssrpro.log"
+
+m = Map("ssrpro")
+m.title	= translate("Shadowsocksr Transparent Proxy")
+m.description = translate("A fast secure tunnel proxy that help you get through firewalls on your router")
+
+m:section(SimpleSection).template  = "ssrpro/ssrpro_status"
+
+s = m:section(TypedSection, "ssrpro")
+s.anonymous = true
+
+-- ---------------------------------------------------
+
+s:tab("basic",  translate("Base Setting"))
+
+
+switch = s:taboption("basic",Flag, "enabled", translate("Enable"))
+switch.rmempty = false
+
+proxy_mode = s:taboption("basic",ListValue, "proxy_mode", translate("Proxy Mode"))
+proxy_mode:value("M", translate("Base on GFW-List Auto Proxy Mode(Recommend)"))
+proxy_mode:value("S", translate("Bypassing China Manland IP Mode(Be caution when using P2P download！)"))
+proxy_mode:value("G", translate("Global Mode"))
+proxy_mode:value("V", translate("Overseas users watch China video website Mode"))
+
+cronup = s:taboption("basic", Flag, "cron_mode", translate("Auto Update GFW-List"),
+	translate(string.format("GFW-List Lines： <strong><font color=\"blue\">%s</font></strong> Lines", ND)))
+cronup.default = 0
+cronup.rmempty = false
+
+updatead = s:taboption("basic", Button, "updatead", translate("Manually force update GFW-List"), translate("Note: It needs to download and convert the rules. The background process may takes 60-120 seconds to run. <br / > After completed it would automatically refresh, please do not duplicate click!"))
+updatead.inputtitle = translate("Manually force update GFW-List")
+updatead.inputstyle = "apply"
+updatead.write = function()
+	SYS.call("nohup sh /etc/shadowsocksr/up-gfwlist.sh > /tmp/gfwupdate.log 2>&1 &")
+end
+
+safe_dns_tcp = s:taboption("basic",Flag, "safe_dns_tcp", translate("DNS uses TCP"),
+	translate("Through the server transfer mode inquires DNS pollution prevention (Safer and recommended)"))
+safe_dns_tcp.rmempty = false
+-- safe_dns_tcp:depends("more", "1")
+
+-- timeout = s:taboption("basic",Value, "timeout", translate("Timeout"))
+-- timeout.datatype = "range(0,10000)"
+-- timeout.placeholder = "60"
+-- timeout.optional = false
+-- timeout:depends("more", "1")
+
+-- safe_dns = s:taboption("basic",Value, "safe_dns", translate("Safe DNS"),
+-- 	translate("8.8.8.8 or 8.8.4.4 is recommended"))
+-- safe_dns.datatype = "ip4addr"
+-- safe_dns.optional = false
+-- safe_dns:depends("more", "1")
+
+-- safe_dns_port = s:taboption("basic",Value, "safe_dns_port", translate("Safe DNS Port"),
+-- 	translate("Foreign DNS on UDP port 53 might be polluted"))
+-- safe_dns_port.datatype = "range(1,65535)"
+-- safe_dns_port.placeholder = "53"
+-- safe_dns_port.optional = false
+-- safe_dns_port:depends("more", "1")
+
+--fast_open =s:taboption("basic",Flag, "fast_open", translate("TCP Fast Open"),
+--	translate("Enable TCP fast open, only available on kernel > 3.7.0"))
+
+
+
+s:tab("main",  translate("Server Setting"))
+
+more = s:taboption("main",ListValue, "more", translate("Tool Select"))
+more:value("0", translate("ShadowsockR"))
+more:value("1", translate("Shadowsocks New Vesion"))
+more.description = translate("Using incorrect encryption mothod may causes service fail to start")
+
+server = s:taboption("main",Value, "server", translate("Server Address"))
+server.optional = false
+server.datatype = "host"
+server.rmempty = false
+
+server_port = s:taboption("main",Value, "server_port", translate("Server Port"))
+server_port.datatype = "range(1,65535)"
+server_port.optional = false
+server_port.rmempty = false
+
+password = s:taboption("main",Value, "password", translate("Password"))
+password.password = true
+
+method = s:taboption("main",ListValue, "method", translate("Encryption Method"))
+method:value("none")
+method:value("aes-128-ctr")
+method:value("aes-192-ctr")
+method:value("aes-256-ctr")
+method:value("aes-128-cfb")
+method:value("aes-192-cfb")
+method:value("aes-256-cfb")
+method:value("aes-128-gcm")
+method:value("aes-192-gcm")
+method:value("aes-256-gcm")
+method:value("rc4")
+method:value("rc4-md5")
+method:value("rc4-md5-6")
+method:value("salsa20")
+method:value("chacha20")
+method:value("chacha20-ietf")
+method:value("camellia-128-cfb")
+method:value("camellia-192-cfb")
+method:value("camellia-256-cfb")
+method:value("bf-cfb")
+method:value("chacha20-ietf-poly1305")
+method:value("xchacha20-ietf-poly1305")
+
+protocol = s:taboption("main",ListValue, "protocol", translate("Protocol"))
+protocol:value("origin")
+protocol:value("verify_deflate")
+protocol:value("auth_sha1_v4")
+protocol:value("auth_aes128_md5")
+protocol:value("auth_aes128_sha1")
+protocol:value("auth_chain_a")
+protocol:value("auth_chain_b")
+protocol:value("auth_chain_c")
+protocol:value("auth_chain_d")
+protocol:value("auth_chain_e")
+protocol:value("auth_chain_f")
+
+protoparam = s:taboption("main",Value, "protoparam", translate("Protocol Param"))
+protoparam.optional = true
+protoparam.rmempty = true
+
+obfs = s:taboption("main",ListValue, "obfs", translate("Obfs Param"))
+obfs:value("plain")
+obfs:value("http_simple")
+obfs:value("http_post")
+obfs:value("random_head")
+obfs:value("tls1.2_ticket_auth")
+obfs:value("tls1.2_ticket_fastauth")
+
+plugin_param = s:taboption("main",Flag, "plugin_param", translate("Plug-in parameters"),
+	translate("Incorrect use of this parameter will cause IP to be blocked. Please use it with care"))
+plugin_param:depends("obfs", "http_simple")
+plugin_param:depends("obfs", "http_post")
+plugin_param:depends("obfs", "tls1.2_ticket_auth")
+plugin_param:depends("obfs", "tls1.2_ticket_fastauth")
+
+obfs_param = s:taboption("main",Value, "obfs_param", translate("Confusing plug-in parameters"))
+obfs_param.rmempty = true
+obfs_param:depends("plugin_param", "1")
+
+s:tab("list",  translate("User-defined GFW-List"))
+gfwlist = s:taboption("list", TextValue, "conf")
+gfwlist.description = translate("<br />（!）Note: When the domain name is entered and will automatically merge with the online GFW-List. Please manually update the GFW-List list after applying.")
+gfwlist.rows = 13
+gfwlist.wrap = "off"
+gfwlist.cfgvalue = function(self, section)
+	return NXFS.readfile(conf) or ""
+end
+gfwlist.write = function(self, section, value)
+	NXFS.writefile(conf, value:gsub("\r\n", "\n"))
+end
+
+local addipconf = "/etc/shadowsocksr/addinip.txt"
+
+s:tab("addip",  translate("GFW-List Add-in IP"))
+gfwaddin = s:taboption("addip", TextValue, "addipconf")
+gfwaddin.description = translate("<br />（!）Note: IP add-in to GFW-List. Such as Telegram Messenger")
+gfwaddin.rows = 13
+gfwaddin.wrap = "off"
+gfwaddin.cfgvalue = function(self, section)
+	return NXFS.readfile(addipconf) or ""
+end
+gfwaddin.write = function(self, section, value)
+	NXFS.writefile(addipconf, value:gsub("\r\n", "\n"))
+end
+
+s:tab("status",  translate("Status and Tools"))
+s:taboption("status", DummyValue,"opennewwindow" , 
+	translate("<input type=\"button\" class=\"cbi-button cbi-button-apply\" value=\"IP111.CN\" onclick=\"window.open('http://www.ip111.cn/')\" />"))
+
+
+s:tab("watchdog",  translate("Watchdog Log"))
+log = s:taboption("watchdog", TextValue, "sylogtext")
+log.template = "cbi/tvalue"
+log.rows = 13
+log.wrap = "off"
+log.readonly="readonly"
+
+function log.cfgvalue(self, section)
+  SYS.exec("[ -f /tmp/shadowsocksr_watchdog.log ] && sed '1!G;h;$!d' /tmp/shadowsocksr_watchdog.log > /tmp/ssrpro.log")
+	return nixio.fs.readfile(dog)
+end
+
+function log.write(self, section, value)
+	value = value:gsub("\r\n?", "\n")
+	nixio.fs.writefile(dog, value)
+end
+
+
+
+t=m:section(TypedSection,"acl_rule",translate("<strong>Client Proxy Mode Settings</strong>"),
+translate("Proxy mode settings can be set to specific LAN clients ( <font color=blue> No Proxy, Global Proxy, Game Mode</font>) . Does not need to be set by default."))
+t.template="cbi/tblsection"
+t.sortable=true
+t.anonymous=true
+t.addremove=true
+e=t:option(Value,"ipaddr",translate("IP Address"))
+e.width="40%"
+e.datatype="ip4addr"
+e.placeholder="0.0.0.0/0"
+luci.ip.neighbors({ family = 4 }, function(entry)
+	if entry.reachable then
+		e:value(entry.dest:string())
+	end
+end)
+
+e=t:option(ListValue,"filter_mode",translate("Proxy Mode"))
+e.width="40%"
+e.default="disable"
+e.rmempty=false
+e:value("disable",translate("No Proxy"))
+e:value("global",translate("Global Proxy"))
+e:value("game",translate("Game Mode"))
+
+return m

package/lean/luci-app-ssr-pro/luasrc/view/ssrpro/ssrpro_status.htm

@@ -0,0 +1,22 @@
+<script type="text/javascript">//<![CDATA[
+XHR.poll(3, '<%=url([[admin]], [[services]], [[ssrpro]], [[status]])%>', null,
+	function(x, data) {
+		var tb = document.getElementById('ssrpro_status');
+		if (data && tb) {
+			if (data.running) {
+				var links = '<em><b><font color=green>ShadowsocksR Pro <%:RUNNING%></font></b></em>';
+				tb.innerHTML = links;
+			} else {
+				tb.innerHTML = '<em><b><font color=red>ShadowsocksR Pro <%:NOT RUNNING%></font></b></em>';
+			}
+		}
+	}
+);
+//]]>
+</script>
+<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
+<fieldset class="cbi-section">
+	<p id="ssrpro_status">
+		<em><%:Collecting data...%></em>
+	</p>
+</fieldset>

package/lean/luci-app-ssr-pro/po/zh-cn/ssrpro.po

@@ -0,0 +1,117 @@
+msgid "<strong><font color=\"green\">ShadowsocksR is Running</font></strong>"
+msgstr "<strong><font color=\"green\">ShadowsocksR 正在运行</font></strong>"
+
+msgid "<strong><font color=\"red\">ShadowsocksR is Not Running</font></strong>"
+msgstr "<strong><font color=\"red\">ShadowsocksR 没有运行</font></strong>"
+
+msgid "Shadowsocksr Transparent Proxy"
+msgstr "ShadowsocksR 透明代理"
+
+msgid "A fast secure tunnel proxy that help you get through firewalls on your router"
+msgstr "一个快速安全隧道代理，帮助您穿过防火墙"
+
+msgid "Base Setting"
+msgstr "基本设置"
+
+msgid "Proxy Mode"
+msgstr "代理模式"
+
+msgid "Base on GFW-List Auto Proxy Mode(Recommend)"
+msgstr "基于GFW-List自动代理(推荐)"
+
+msgid "Bypassing China Manland IP Mode(Be caution when using P2P download！)"
+msgstr "绕过中国大陆IP地址(P2P 下载慎用！)"
+
+msgid "Global Mode"
+msgstr "全局代理"
+
+msgid "Overseas users watch China video website Mode"
+msgstr "海外用户回国看视频"
+
+msgid "Auto Update GFW-List"
+msgstr "自动更新GFW-List"
+
+msgid "Manually force update GFW-List"
+msgstr "手动强制更新GFW-List"
+
+msgid "DNS uses TCP"
+msgstr "启用DNS TCP防污染"
+
+msgid "Through the server transfer mode inquires DNS pollution prevention (Safer and recommended)"
+msgstr "往国外的DNS请求将通过服务器中转发出（更安全，推荐）"
+
+msgid "Server Setting"
+msgstr "服务器设置"
+
+msgid "Server Address"
+msgstr "服务器地址（支持域名）"
+
+msgid "Server Port"
+msgstr "服务器端口"
+
+msgid "Password"
+msgstr "密码"
+
+msgid "Encryption Method"
+msgstr "加密"
+
+msgid "Protocol"
+msgstr "协议"
+
+msgid "Protocol Param"
+msgstr "协议参数"
+
+msgid "Obfs Param"
+msgstr "混淆"
+
+msgid "Plug-in parameters"
+msgstr "插件参数"
+
+msgid "Confusing plug-in parameters"
+msgstr "混淆参数"
+
+msgid "Incorrect use of this parameter will cause IP to be blocked. Please use it with care"
+msgstr "不正确的使用参数可能会导致IP被封，请注意使用"
+
+msgid "User-defined GFW-List"
+msgstr "用户自定义GFW-List"
+
+msgid "<br />（!）Note: When the domain name is entered and will automatically merge with the online GFW-List. Please manually update the GFW-List list after applying."
+msgstr "用户自定义GFW-List将会和自动更新的自动合并。如果要新加入域名马上生效，请应用后点击手动强制更新GFW-List"
+
+msgid "Status and Tools"
+msgstr "状态与工具"
+
+msgid "Watchdog Log"
+msgstr "守护日志"
+
+msgid "<strong>Client Proxy Mode Settings</strong>"
+msgstr "<strong>客户端代理模式设置</strong>"
+
+msgid "Proxy mode settings can be set to specific LAN clients ( <font color=blue> No Proxy, Global Proxy, Game Mode</font>) . Does not need to be set by default."
+msgstr "可以为局域网客户端分别设置不同的代理模式 ( <font color=blue> 不代理, 全局代理, 游戏模式</font>).默认无需设置"
+
+msgid "GFW-List Add-in IP"
+msgstr "GFW-List附加IP"
+
+msgid "<br />（!）Note: IP add-in to GFW-List. Such as Telegram Messenger"
+msgstr "<br />（!）注意：有些应用使用IP而不是域名，例如 Telegram Messenger ，您需要把IP地址加入这里"
+
+msgid "No Proxy"
+msgstr "不代理"
+
+msgid "Global Proxy"
+msgstr "全局代理"
+
+msgid "Game Mode"
+msgstr "游戏模式"
+
+msgid "Using SS instead of SSR"
+msgstr "使用SS新版代替SSR"
+
+msgid "Using incorrect encryption mothod may causes service fail to start"
+msgstr "设置不正确的加密方法可能会导致SS/SSR服务无法启动"
+
+msgid "Shadowsocks New Vesion"
+msgstr "Shadowsocks 原版(支持新增协议)"
+

package/lean/luci-app-ssr-pro/root/etc/config/ssrpro

@@ -0,0 +1,15 @@
+
+config ssrpro
+	option gfwlist 'china-banned'
+	option server_port '23143'
+	option password 'test.TEST'
+	option protocol 'origin'
+	option obfs 'plain'
+	option proxy_mode 'M'
+	option safe_dns_tcp '1'
+	option cron_mode '1'
+	option method 'rc4-md5'
+	option server '4.4.4.4'
+	option enabled '0'
+	option more '0'
+

package/lean/luci-app-ssr-pro/root/etc/init.d/ssrpro

@@ -0,0 +1,402 @@
+#!/bin/sh /etc/rc.common
+#
+#
+
+START=99
+STOP=10
+
+EXTRA_COMMANDS="reload_rule"
+
+SS_REDIR_PORT=7070
+SS_REDIR_PIDFILE=/var/run/ssr-redir-go.pid 
+PDNSD_LOCAL_PORT=7453
+SSRCONF=/etc/shadowsocksr.json
+CRON_FILE=/etc/crontabs/root
+CONFIG=ssrpro
+KEEP_GFWLIST=Y
+vt_np_ipset="china"
+
+get_config()
+{
+	config_get_bool vt_enabled $1 enabled 0
+	config_get vt_server_addr $1 server
+	config_get vt_server_port $1 server_port
+	config_get vt_password $1 password
+	config_get vt_method $1 method
+	config_get vt_protocol $1 protocol
+	config_get vt_protoparam $1 protoparam
+	config_get vt_obfs $1 obfs
+	config_get obfs_param $1 obfs_param
+	config_get vt_proxy_mode $1 proxy_mode
+	config_get vt_timeout $1 timeout
+	config_get vt_safe_dns $1 safe_dns
+	config_get vt_timeout $1 timeout
+	config_get vt_safe_dns $1 safe_dns
+	config_get vt_safe_dns_port $1 safe_dns_port
+	config_get vt_safe_dns_tcp $1 safe_dns_tcp
+	config_get cron_mode $1 cron_mode 1
+	config_get_bool vt_more $1 more 0
+}
+
+
+
+
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
+	# Get LAN settings as default parameters
+	[ -f /lib/functions/network.sh ] && . /lib/functions/network.sh
+	network_get_subnet covered_subnets lan
+	network_get_ipaddr local_addresses lan
+
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
+__gfwlist_by_mode()
+{
+	case "$1" in
+		V) echo unblock-youku;;
+		*) echo china-banned;;
+	esac
+}
+
+start()
+{   
+  config_load ssrpro
+	config_foreach get_config ssrpro
+	
+	[ -f /etc/init.d/pdnsd ] && /etc/init.d/pdnsd disable 2>/dev/null
+	
+	if [ "$vt_enabled" = 0 ]; then
+		echo "WARNING: Shadowsocksr is disabled."
+		exit 0
+	fi
+
+	if [ -z "$vt_server_addr" -o -z "$vt_server_port" ]; then
+		echo "WARNING: Shadowsocksr not fully configured, not starting."
+		exit 0
+	fi
+	
+	local vt_gfwlist=`__gfwlist_by_mode $vt_proxy_mode`
+	[ -z "$vt_proxy_mode" ] && vt_proxy_mode=M
+	[ -z "$vt_method" ] && vt_method=table
+	[ -z "$vt_timeout" ] && vt_timeout=60
+	case "$vt_proxy_mode" in
+		M|S|G)
+			[ -z "$vt_safe_dns" ] && vt_safe_dns="8.8.8.8"
+			[ -z "$vt_safe_dns_tcp" ] && vt_safe_dns_tcp=1
+			;;
+	esac
+	[ -z "$vt_safe_dns_port" ] && vt_safe_dns_port=53
+
+	# -----------------------------------------------------------------
+	###### shadowsocksr ######
+	cat > $SSRCONF <<EOF
+{
+    "server": "$vt_server_addr",
+    "server_port": $vt_server_port,
+    "password": "$vt_password",
+    "method": "$vt_method",
+    "local_address": "0.0.0.0",
+    "local_port": $SS_REDIR_PORT,
+    "timeout": $vt_timeout,
+    "protocol": "$vt_protocol",
+    "protocol_param": "$vt_protoparam",
+    "obfs": "$vt_obfs",
+    "obfs_param": "$obfs_param",
+    "fast_open": false
+}
+EOF
+
+	if [ "$vt_more" = 0 ]; then
+    ln -sf /usr/bin/ssr-redir /usr/sbin/ssr-redir
+	else
+    ln -sf /usr/bin/ss-redir /usr/sbin/ssr-redir
+	fi
+	
+	/usr/sbin/ssr-redir -u -c $SSRCONF -f $SS_REDIR_PIDFILE || return 1
+
+	# IPv4 firewall rules
+  add_rule
+  
+	# -----------------------------------------------------------------
+	mkdir -p /var/etc/dnsmasq-go.d
+	###### Anti-pollution configuration ######
+	if [ -n "$vt_safe_dns" ]; then
+		if [ "$vt_safe_dns_tcp" = 1 ]; then
+			start_pdnsd "$vt_safe_dns"
+			awk -vs="127.0.0.1#$PDNSD_LOCAL_PORT" '!/^$/&&!/^#/{printf("server=/%s/%s\n",$0,s)}' \
+				/etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/01-pollution.conf
+		else
+			awk -vs="$vt_safe_dns#$vt_safe_dns_port" '!/^$/&&!/^#/{printf("server=/%s/%s\n",$0,s)}' \
+				/etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/01-pollution.conf
+		fi
+	else
+		echo "WARNING: Not using secure DNS, DNS resolution might be polluted if you are in China."
+	fi
+
+	###### dnsmasq-to-ipset configuration ######
+	case "$vt_proxy_mode" in
+		M|V)
+			awk '!/^$/&&!/^#/{printf("ipset=/%s/'"$vt_gfwlist"'\n",$0)}' \
+				/etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/02-ipset.conf
+			;;
+	esac
+
+	# -----------------------------------------------------------------
+	###### Restart main 'dnsmasq' service if needed ######
+	if ls /var/etc/dnsmasq-go.d/* >/dev/null 2>&1; then
+		mkdir -p /tmp/dnsmasq.d
+		cat > /tmp/dnsmasq.d/dnsmasq-go.conf <<EOF
+conf-dir=/var/etc/dnsmasq-go.d
+EOF
+		/etc/init.d/dnsmasq restart
+	fi
+	
+	add_cron
+}
+
+
+stop()
+{
+  
+	# -----------------------------------------------------------------
+	rm -rf /var/etc/dnsmasq-go.d
+	if [ -f /tmp/dnsmasq.d/dnsmasq-go.conf ]; then
+		rm -f /tmp/dnsmasq.d/dnsmasq-go.conf
+		/etc/init.d/dnsmasq restart
+	fi
+
+	stop_pdnsd
+
+	# --STOP IPv4 firewall---------------------------------------------------------------
+  del_rule
+  
+	# -----------------------------------------------------------------
+	if [ -f $SS_REDIR_PIDFILE ]; then
+		kill -9 `cat $SS_REDIR_PIDFILE`
+		rm -f $SS_REDIR_PIDFILE
+	fi
+	killall -9 ssr-redir 2>/dev/null
+	del_cron
+}
+
+
+reload_rule()
+{
+  config_load ssrpro
+	config_foreach get_config ssrpro
+	
+	local vt_gfwlist=`__gfwlist_by_mode $vt_proxy_mode`
+	
+	KEEP_GFWLIST=Y
+	del_rule
+	add_rule
+	if [ "$vt_safe_dns_tcp" = 1 ]; then
+    stop_pdnsd
+    start_pdnsd
+	fi
+}
+
+restart()
+{
+	KEEP_GFWLIST=Y
+	stop
+	start
+}
+
+
+# $1: upstream DNS server
+start_pdnsd()
+{
+	local safe_dns="$1"
+
+	local tcp_dns_list="208.67.222.222, 208.67.220.220"
+	[ -n "$safe_dns" ] && tcp_dns_list="$safe_dns,$tcp_dns_list"
+
+	#killall -9 pdnsd 2>/dev/null && sleep 1
+	kill -9 $(cat /var/run/pdnsd.pid) >/dev/null 2>&1 
+	
+	mkdir -p /var/etc /var/pdnsd
+	if ! test -f "/var/pdnsd/pdnsd.cache"; then
+    echo -ne "pd13\000\000\000\000" >/var/pdnsd/pdnsd.cache
+    chown -R nobody.nogroup /var/pdnsd
+  fi
+	
+	cat > /var/etc/pdnsd.conf <<EOF
+global {
+	perm_cache=1024;
+	cache_dir="/var/pdnsd";
+	pid_file = /var/run/pdnsd.pid;
+	run_as="nobody";
+	server_ip = 127.0.0.1;
+	server_port = $PDNSD_LOCAL_PORT;
+	status_ctl = on;
+	query_method = tcp_only;
+	min_ttl=1h;
+	max_ttl=1w;
+	timeout=10;
+	neg_domain_pol=on;
+	proc_limit=40;
+	procq_limit=60;
+}
+server {
+	label= "fwxxx";
+	ip = $tcp_dns_list;
+	port = 53;
+	timeout=6;
+	uptest=none;
+	interval=10m;
+	purge_cache=off;
+}
+EOF
+
+	/usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d
+
+	# Access TCP DNS server through Shadowsocksr tunnel
+	if iptables -t nat -N pdnsd_output; then
+		iptables -t nat -A pdnsd_output -m set --match-set $vt_np_ipset dst -j RETURN
+		iptables -t nat -A pdnsd_output -p tcp -j REDIRECT --to $SS_REDIR_PORT
+	fi
+	iptables -t nat -I OUTPUT -p tcp --dport 53 -j pdnsd_output
+}
+
+stop_pdnsd()
+{
+	if iptables -t nat -F pdnsd_output 2>/dev/null; then
+		while iptables -t nat -D OUTPUT -p tcp --dport 53 -j pdnsd_output 2>/dev/null; do :; done
+		iptables -t nat -X pdnsd_output
+	fi
+	kill $(cat /var/run/pdnsd.pid) >/dev/null 2>&1 || killall -9 pdnsd >/dev/null 2>&1 
+	rm -rf /var/pdnsd
+	rm -f /var/etc/pdnsd.conf
+}
+
+add_cron()
+{
+  sed -i '/up-gfwlist.sh/d' $CRON_FILE
+	sed -i '/shadowsocksr_watchdog.log/d' $CRON_FILE
+	if [ $cron_mode -eq 1 ]; then
+		echo '0 5 * * * /etc/shadowsocksr/up-gfwlist.sh > /tmp/gfwupdate.log 2>&1' >> $CRON_FILE	
+	fi
+	echo '0 */1 * * * /etc/shadowsocksr/ssr-watchdog >> /tmp/shadowsocksr_watchdog.log 2>&1' >> $CRON_FILE
+	echo '0 1 * * 0 echo "" > /tmp/shadowsocksr_watchdog.log' >> $CRON_FILE
+	crontab $CRON_FILE
+}
+
+del_cron()
+{
+	sed -i '/up-gfwlist.sh/d' $CRON_FILE
+	sed -i '/shadowsocksr_watchdog.log/d' $CRON_FILE
+	/etc/init.d/cron restart
+}
+
+
+
+uci_get_by_name() {
+	local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+uci_get_by_type() {
+	local index=0
+	if [ -n $4 ]; then
+		index=$4
+	fi
+	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+add_rule()
+{
+	iptables -t nat -N shadowsocksr_pre
+	iptables -t nat -F shadowsocksr_pre
+	iptables -t nat -A shadowsocksr_pre -m set --match-set local dst -j RETURN || {
+		iptables -t nat -A shadowsocksr_pre -d 10.0.0.0/8 -j RETURN
+		iptables -t nat -A shadowsocksr_pre -d 127.0.0.0/8 -j RETURN
+		iptables -t nat -A shadowsocksr_pre -d 172.16.0.0/12 -j RETURN
+		iptables -t nat -A shadowsocksr_pre -d 192.168.0.0/16 -j RETURN
+		iptables -t nat -A shadowsocksr_pre -d 127.0.0.0/8 -j RETURN
+		iptables -t nat -A shadowsocksr_pre -d 224.0.0.0/3 -j RETURN
+	}
+	iptables -t nat -A shadowsocksr_pre -d $vt_server_addr -j RETURN
+	
+	iptables -N gameboost -t mangle
+	ipset -! create gameuser hash:ip maxelem 65536 2>/dev/null
+	/usr/bin/ip rule add fwmark 0x01/0x01 table 100
+	/usr/bin/ip route add local 0.0.0.0/0 dev lo table 100
+	iptables -t mangle -A gameboost -p udp -m set --match-set local dst -j RETURN
+	iptables -t mangle -A gameboost -p udp -m set --match-set china dst -j RETURN
+	iptables -t mangle -A gameboost -p udp --dport 53 -j RETURN
+	iptables -t mangle -A gameboost -p udp -j TPROXY --on-port 7070 --tproxy-mark 0x01/0x01
+	iptables -t mangle -A PREROUTING -m set --match-set gameuser src -j gameboost 
+
+	for i in $(seq 0 100)
+	do
+		local ip=$(uci_get_by_type acl_rule ipaddr '' $i)
+		local mode=$(uci_get_by_type acl_rule filter_mode '' $i)
+		case "$mode" in
+		disable)
+			iptables -t nat -A shadowsocksr_pre -s $ip -j RETURN
+			;;
+		global)
+			iptables -t nat -A shadowsocksr_pre -s $ip -p tcp -j REDIRECT --to $SS_REDIR_PORT
+			iptables -t nat -A shadowsocksr_pre -s $ip -j RETURN 
+			;;
+		game)
+			iptables -t nat -A shadowsocksr_pre -p tcp -s $ip -m set ! --match-set china dst -j REDIRECT --to $SS_REDIR_PORT
+			ipset -! add gameuser $ip
+			;;
+		esac
+	done
+
+	case "$vt_proxy_mode" in
+		G) : ;;
+		S)
+			iptables -t nat -A shadowsocksr_pre -m set --match-set $vt_np_ipset dst -j RETURN
+			iptables -t nat -I OUTPUT -p tcp -m multiport --dports 80,443 -m set ! --match-set $vt_np_ipset dst -j REDIRECT --to $SS_REDIR_PORT
+			;;
+		M)
+			ipset -! create $vt_gfwlist hash:ip maxelem 65536 2>/dev/null
+      awk '!/^$/&&!/^#/{printf("add vt_gfwlist %s'" "'\n",$0)}' /etc/shadowsocksr/addinip.txt > /tmp/addinip.ipset
+      sed -i "s/vt_gfwlist/$vt_gfwlist/g" /tmp/addinip.ipset
+      ipset -! restore < /tmp/addinip.ipset
+			iptables -t nat -A shadowsocksr_pre -m set ! --match-set $vt_gfwlist dst -j RETURN
+			iptables -t nat -A shadowsocksr_pre -m set --match-set $vt_np_ipset dst -j RETURN
+			iptables -t nat -I OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set $vt_gfwlist dst -j REDIRECT --to $SS_REDIR_PORT
+			;;
+		V)
+			vt_np_ipset=""
+			ipset -! create $vt_gfwlist hash:ip maxelem 65536 2>/dev/null
+			iptables -t nat -A shadowsocksr_pre -m set ! --match-set $vt_gfwlist dst -j RETURN
+			;;
+	esac
+	local subnet
+	for subnet in $covered_subnets; do
+		iptables -t nat -A shadowsocksr_pre -s $subnet -p tcp -j REDIRECT --to $SS_REDIR_PORT
+	done
+	iptables -t nat -I PREROUTING -p tcp -j shadowsocksr_pre
+}
+
+del_rule()
+{
+	if iptables -t nat -F shadowsocksr_pre 2>/dev/null; then
+		while iptables -t nat -D PREROUTING -p tcp -j shadowsocksr_pre 2>/dev/null; do :; done
+		iptables -t nat -X shadowsocksr_pre 2>/dev/null
+	fi
+	
+	iptables -t nat -D OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set china-banned dst -j REDIRECT --to $SS_REDIR_PORT 2>/dev/null
+	iptables -t nat -D OUTPUT -p tcp -m multiport --dports 80,443 -m set ! --match-set $vt_np_ipset dst -j REDIRECT --to $SS_REDIR_PORT 2>/dev/null
+	
+	/usr/bin/ip rule del fwmark 0x01/0x01 table 100
+	/usr/bin/ip route del local 0.0.0.0/0 dev lo table 100
+	if iptables -t mangle -F gameboost 2>/dev/null; then
+		while iptables -t mangle -D PREROUTING -m set --match-set gameuser src -j gameboost 2>/dev/null; do :; done
+		iptables -t mangle -X gameboost 2>/dev/null
+	fi
+
+	ipset destroy gameuser 2>/dev/null
+
+
+	# -----------------------------------------------------------------
+	[ "$KEEP_GFWLIST" = Y ] || ipset destroy "$vt_gfwlist" 2>/dev/null
+}
+

package/lean/luci-app-ssr-pro/root/etc/shadowsocksr/addinip.txt

@@ -0,0 +1,7 @@
+149.154.160.0/20
+149.154.164.0/22 
+149.154.168.0/21 
+67.198.55.0/24 
+91.108.4.0/22 
+91.108.56.0/22 
+109.239.140.0/24 

package/lean/luci-app-ssr-pro/root/etc/shadowsocksr/gen-gfwlist.sh

@@ -0,0 +1,29 @@
+#!/bin/sh -e
+
+generate_china_banned()
+{
+	if [ ! -f /tmp/gfwlist.txt ]; then
+		wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfwlist.b64 >&2
+		cat /tmp/gfwlist.b64 | base64 -d > /tmp/gfwlist.txt
+		rm -f /tmp/gfwlist.b64
+	fi
+
+	cat /tmp/gfwlist.txt | sort -u |
+		sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' |
+		sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /byr\.cn/d; /jlike\.com/d; /weibo\.com/d; /zhongsou\.com/d; /youdao\.com/d; /sogou\.com/d; /so\.com/d; /soso\.com/d; /aliyun\.com/d; /taobao\.com/d; /jd\.com/d; /qq\.com/d' |
+		sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' |
+		grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | sort -u |
+		awk '
+BEGIN { prev = "________"; }  {
+	cur = $0;
+	if (index(cur, prev) == 1 && substr(cur, 1 + length(prev) ,1) == ".") {
+	} else {
+		print cur;
+		prev = cur;
+	}
+}' | sort -u
+
+}
+
+
+generate_china_banned

package/lean/luci-app-ssr-pro/root/etc/shadowsocksr/ssr-watchdog

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
+#GOOGLE=$(ping -4 www.gstatic.com -c 1 -w 5| sed '1{s/[^(]*(//;s/).*//;q}')
+
+#iptables -t nat -I OUTPUT -p tcp -d $GOOGLE -j REDIRECT --to-port 7070
+
+#sleep 3
+
+/usr/bin/wget --spider --quiet --tries=1 --timeout=3 www.gstatic.com/generate_204
+
+if [ "$?" == "0" ]; then
+	echo '['$LOGTIME'] ShadowsocksR No Problem.'
+else
+	/usr/bin/wget --spider --quiet --tries=1 --timeout=3 www.baidu.com
+	if [ "$?" == "0" ]; then
+		echo '['$LOGTIME'] Problem decteted, restarting ShadowsocksR...'
+		/etc/init.d/ssrpro restart
+	else
+		echo '['$LOGTIME'] Network Problem. Do nothing.'
+	fi
+fi
+
+#sleep 3
+
+#iptables -t nat -D OUTPUT -p tcp -d $GOOGLE -j REDIRECT --to-port 7070
+
+
+
+
+
+
+
+
+

package/lean/luci-app-ssr-pro/root/etc/shadowsocksr/up-gfwlist.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+/etc/shadowsocksr/gen-gfwlist.sh > /tmp/ol-gfw.txt
+
+if [ -s "/tmp/ol-gfw.txt" ];then
+	sort -u /etc/shadowsocksr/base-gfwlist.txt /tmp/ol-gfw.txt > /tmp/china-banned
+	if ( ! cmp -s /tmp/china-banned /etc/gfwlist/china-banned );then
+		if [ -s "/tmp/china-banned" ];then
+			mv /tmp/china-banned /etc/gfwlist/china-banned
+			echo "Update GFW-List Done!"
+		fi
+	else
+		echo "GFW-List No Change!"
+	fi
+fi
+
+rm -f /tmp/gfwlist.txt
+rm -f /tmp/ol-gfw.txt
+
+/etc/init.d/ssrpro restart
+

package/lean/luci-app-ssr-pro/root/etc/ssrpro.include

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+ssr_enable=$(uci get ssrpro.@ssrpro[0].enabled 2>/dev/null)
+
+if [ $ssr_enable -eq 1 ]; then
+	if pidof ssr-redir>/dev/null; then
+	   /etc/init.d/ssrpro reload_rule
+	 else
+	   /etc/init.d/ssrpro restart
+  fi
+fi

package/lean/luci-app-ssr-pro/root/etc/uci-defaults/ssrpro

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+  delete ucitrack.@ssrpro[-1]
+	add ucitrack ssrpro
+	set ucitrack.@ssrpro[-1].init=ssrpro
+	commit ucitrack
+	delete firewall.ssrpro
+	set firewall.ssrpro=include
+	set firewall.ssrpro.type=script
+	set firewall.ssrpro.path=/etc/ssrpro.include
+	set firewall.ssrpro.reload=1
+	commit firewall
+EOF
+
+/etc/init.d/ssrpro stop
+/etc/init.d/ssrpro enable
+
+rm -f /tmp/luci-indexcache
+exit 0