From e382e01be053eb88137861cb8c74e036e748b315 Mon Sep 17 00:00:00 2001 From: coolsnowwolf Date: Sat, 20 Oct 2018 09:53:20 +0800 Subject: [PATCH] improve ssr plus rules to avoid Taobao slide refresh detect --- package/lean/luci-app-ssr-plus/Makefile | 2 +- .../lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr | 2 +- package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules | 9 +++++++++ .../root/usr/share/shadowsocksr/chinaipset.sh | 5 +++++ .../root/usr/share/shadowsocksr/update.sh | 2 ++ 5 files changed, 18 insertions(+), 2 deletions(-) create mode 100755 package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile index ec3385957..76c109101 100644 --- a/package/lean/luci-app-ssr-plus/Makefile +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for SSR Plus LUCI_DEPENDS:=+shadowsocksr-libev +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +bash +pdnsd-alt +wget LUCI_PKGARCH:=all PKG_VERSION:=1 -PKG_RELEASE:=20 +PKG_RELEASE:=21 include $(TOPDIR)/feeds/luci/luci.mk diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index fb674621b..024090146 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -455,7 +455,7 @@ EOF } boot() { - (sleep 5 && start >/dev/null 2>&1) & + (/usr/share/shadowsocksr/chinaipset.sh && sleep 5 && start >/dev/null 2>&1) & } stop() { diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules index 0499c2233..ddf251e6c 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -81,11 +81,16 @@ EOF for ip in $WAN_FW_IP; do ipset add gfwlist $ip ; done $IPT -N SS_SPEC_WAN_AC $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW + + $IPT -I SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN ipset -N fplan hash:net 2>/dev/null for ip in $LAN_FP_IP; do ipset add fplan $ip ; done $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW + + $IPT -I SS_SPEC_WAN_AC -d $server -j RETURN fi + return $? } @@ -156,6 +161,10 @@ tp_rule() { $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gfwlist dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 fi + + $ipt -I SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN + $ipt -I SS_SPEC_TPROXY -p udp --dport 53 -j RETURN + $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \ -m comment --comment "$TAG" -j SS_SPEC_TPROXY return $? diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh new file mode 100755 index 000000000..044d524d9 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh @@ -0,0 +1,5 @@ +echo "create china hash:net family inet hashsize 1024 maxelem 65536" > /tmp/china.ipset +awk '!/^$/&&!/^#/{printf("add china %s'" "'\n",$0)}' /etc/china_ssr.txt >> /tmp/china.ipset +ipset -! flush china +ipset -! restore < /tmp/china.ipset 2>/dev/null +rm -f /tmp/china.ipset diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh index 01ab7f90f..0ad565a44 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh @@ -11,6 +11,8 @@ if [ -s "/tmp/china_ssr.txt" ];then fi fi +/usr/share/shadowsocksr/chinaipset.sh + wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfw.b64 /usr/bin/ssr-gfw