improve ssr plus rules to avoid Taobao slide refresh detect

2025-04-19 14:13:30 +00:00 · 2018-10-20 09:53:20 +08:00 · 2018-10-20 09:53:20 +08:00 · e382e01be0
commit e382e01be0
parent 1ef60c4d08
5 changed files with 18 additions and 2 deletions
--- a/package/lean/luci-app-ssr-plus/Makefile
+++ b/package/lean/luci-app-ssr-plus/Makefile
@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for SSR Plus
 LUCI_DEPENDS:=+shadowsocksr-libev +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +bash +pdnsd-alt +wget
 LUCI_PKGARCH:=all
 PKG_VERSION:=1
-PKG_RELEASE:=20
+PKG_RELEASE:=21

 include $(TOPDIR)/feeds/luci/luci.mk

--- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -455,7 +455,7 @@ EOF
 }

 boot() {
-	(sleep 5 && start >/dev/null 2>&1) &
+	(/usr/share/shadowsocksr/chinaipset.sh && sleep 5 && start >/dev/null 2>&1) &
 }

 stop() {
--- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
@ -81,11 +81,16 @@ EOF
 	for ip in $WAN_FW_IP; do ipset add gfwlist  $ip ; done
 	$IPT -N SS_SPEC_WAN_AC
 	$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
+
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 	
 	ipset -N fplan hash:net 2>/dev/null
 	for ip in $LAN_FP_IP; do ipset add fplan $ip ; done
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
+	
+	$IPT -I SS_SPEC_WAN_AC -d $server -j RETURN
 	fi
+
 	return $?
 }

@ -156,6 +161,10 @@ tp_rule() {
 	$ipt -A SS_SPEC_TPROXY -p udp -m set  --match-set gfwlist dst \
 		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	fi	
+	
+	$ipt -I SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+	$ipt -I SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
+	
 	$ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \
 		-m comment --comment "$TAG" -j SS_SPEC_TPROXY
 	return $?
--- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh
+++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh
@ -0,0 +1,5 @@
+echo "create china hash:net family inet hashsize 1024 maxelem 65536" > /tmp/china.ipset
+awk '!/^$/&&!/^#/{printf("add china %s'" "'\n",$0)}' /etc/china_ssr.txt >> /tmp/china.ipset
+ipset -! flush china
+ipset -! restore < /tmp/china.ipset 2>/dev/null
+rm -f /tmp/china.ipset
--- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh
+++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh
@ -11,6 +11,8 @@ if [ -s "/tmp/china_ssr.txt" ];then
  fi
 fi

+/usr/share/shadowsocksr/chinaipset.sh
+
 wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfw.b64
 /usr/bin/ssr-gfw