diff --git a/package/lean/adbyby/Makefile b/package/lean/adbyby/Makefile new file mode 100644 index 000000000..54b8bc3dc --- /dev/null +++ b/package/lean/adbyby/Makefile @@ -0,0 +1,70 @@ +# +# Copyright (C) 2015-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v3. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=adbyby +PKG_VERSION:=2.7 +PKG_RELEASE:=20181008 + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=net + CATEGORY:=Network + TITLE:=Powerful adblock module to block ad. + DEPENDS:= + URL:=http://www.adbyby.com/ +endef + +define Package/$(PKG_NAME)/description +Adbyby is a powerful adblock module to block ad,just like adblock. +endef + +define Build/Prepare +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/usr/share/adbyby + $(INSTALL_BIN) ./files/adbyby.sh $(1)/usr/share/adbyby/ + $(INSTALL_BIN) ./files/adbybyfirst.sh $(1)/usr/share/adbyby/ + $(INSTALL_BIN) ./files/adbybyupdate.sh $(1)/usr/share/adbyby/ + $(INSTALL_CONF) ./files/adhook.ini $(1)/usr/share/adbyby/ + $(INSTALL_CONF) ./files/user.action $(1)/usr/share/adbyby/ + + $(INSTALL_DIR) $(1)/usr/share/adbyby/data + $(INSTALL_DATA) ./files/data/* $(1)/usr/share/adbyby/data/ + + $(INSTALL_DIR) $(1)/usr/share/adbyby/doc + $(INSTALL_DATA) ./files/doc/* $(1)/usr/share/adbyby/doc/ + +ifeq ($(ARCH),mipsel) + $(INSTALL_BIN) ./files/7620n/adbyby $(1)/usr/share/adbyby/ +endif +ifeq ($(ARCH),mips) + $(INSTALL_BIN) ./files/ar71xx/adbyby $(1)/usr/share/adbyby/ +endif +ifeq ($(ARCH),i386) + $(INSTALL_BIN) ./files/x86/adbyby $(1)/usr/share/adbyby/ +endif +ifeq ($(ARCH),x86_64) + $(INSTALL_BIN) ./files/x86_64/adbyby $(1)/usr/share/adbyby/ +endif +ifeq ($(ARCH),arm) + $(INSTALL_BIN) ./files/arm/adbyby $(1)/usr/share/adbyby/ +endif +ifeq ($(ARCH),aarch64) + $(INSTALL_BIN) ./files/armv7/adbyby $(1)/usr/share/adbyby/ +endif +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/lean/adbyby/files/7620n/adbyby b/package/lean/adbyby/files/7620n/adbyby new file mode 100755 index 000000000..39ab0a1eb Binary files /dev/null and b/package/lean/adbyby/files/7620n/adbyby differ diff --git a/package/lean/adbyby/files/adbyby.sh b/package/lean/adbyby/files/adbyby.sh new file mode 100755 index 000000000..146a070d1 --- /dev/null +++ b/package/lean/adbyby/files/adbyby.sh @@ -0,0 +1,16 @@ +#!/bin/sh +PROG_PATH=/usr/share/adbyby +err=0 +until [ $err -ge 5 ]; do + if [ -n "$(pgrep $PROG_PATH/adbyby)" ]; then + iptables-save | grep ADBYBY >/dev/null || \ + /etc/init.d/adbyby add_rule + sleep 10 + err=0 + else + $PROG_PATH/adbyby --no-daemon &>/dev/null & + sleep 1 + err=$((err+1)) + fi +done +/etc/init.d/adbyby del_rule diff --git a/package/lean/adbyby/files/adbybyfirst.sh b/package/lean/adbyby/files/adbybyfirst.sh new file mode 100755 index 000000000..c677d1bec --- /dev/null +++ b/package/lean/adbyby/files/adbybyfirst.sh @@ -0,0 +1,11 @@ +#!/bin/sh +PROG_PATH=/usr/share/adbyby +if [ -z "$(dnsmasq --version | grep no-ipset)" ]; then + [ $(uci get adbyby.@adbyby[-1].wan_mode) -ne 2 ] && \ + [ $(awk -F= '/^ipset/{print $2}' $PROG_PATH/adhook.ini) -eq 1 ] && \ + { + sed -i 's/adbyby_list/adbyby_wan/' /tmp/adbyby_host.conf + echo conf-file=/tmp/adbyby_host.conf >> /etc/dnsmasq.conf + /etc/init.d/dnsmasq restart + } +fi diff --git a/package/lean/adbyby/files/adbybyupdate.sh b/package/lean/adbyby/files/adbybyupdate.sh new file mode 100755 index 000000000..bdde944a2 --- /dev/null +++ b/package/lean/adbyby/files/adbybyupdate.sh @@ -0,0 +1,11 @@ +#!/bin/sh +PROG_PATH=/usr/share/adbyby +if [ -z "$(dnsmasq --version | grep no-ipset)" ]; then + [ $(uci get adbyby.@adbyby[-1].wan_mode) -ne 2 ] && \ + [ $(awk -F= '/^ipset/{print $2}' $PROG_PATH/adhook.ini) -eq 1 ] && \ + { + sed -i 's/adbyby_list/adbyby_wan/' /tmp/adbyby_host.conf + ipset -F adbyby_wan 2>/dev/null + /etc/init.d/dnsmasq restart + } +fi diff --git a/package/lean/adbyby/files/adhook.ini b/package/lean/adbyby/files/adhook.ini new file mode 100644 index 000000000..6a7613ea8 --- /dev/null +++ b/package/lean/adbyby/files/adhook.ini @@ -0,0 +1,14 @@ +[cfg] +### 2.1 ### +listen-address=0.0.0.0:8118 +buffer-limit=1024 +keep-alive-timeout=30 +socket-timeout=60 +### 2.5 ### +max_client_connections=0 +### 2.6 ### +stack_size=200 +auto_restart=0 +### 2.7 ### +debug=0 +ipset=0 diff --git a/package/lean/adbyby/files/ar71xx/adbyby b/package/lean/adbyby/files/ar71xx/adbyby new file mode 100755 index 000000000..6c8edf1cb Binary files /dev/null and b/package/lean/adbyby/files/ar71xx/adbyby differ diff --git a/package/lean/adbyby/files/arm/adbyby b/package/lean/adbyby/files/arm/adbyby new file mode 100755 index 000000000..a7da1900d Binary files /dev/null and b/package/lean/adbyby/files/arm/adbyby differ diff --git a/package/lean/adbyby/files/armv7/adbyby b/package/lean/adbyby/files/armv7/adbyby new file mode 100755 index 000000000..98dbfbe54 Binary files /dev/null and b/package/lean/adbyby/files/armv7/adbyby differ diff --git a/package/lean/adbyby/files/data/adclear.ini b/package/lean/adbyby/files/data/adclear.ini new file mode 100644 index 000000000..369186258 --- /dev/null +++ b/package/lean/adbyby/files/data/adclear.ini @@ -0,0 +1,121 @@ +//IE6、7、8、9, from adsafe +%USERPROFILE%\Local Settings\Temporary Internet Files\*.html +%USERPROFILE%\Local Settings\Temporary Internet Files\*.js +%USERPROFILE%\Local Settings\Temporary Internet Files\*.htm +%USERPROFILE%\Local Settings\Temporary Internet Files\*.xml +%USERPROFILE%\Local Settings\Temporary Internet Files\*.css +%USERPROFILE%\Local Settings\Temporary Internet Files\*.swf +%USERPROFILE%\Local Settings\Temporary Internet Files\*.flv +%USERPROFILE%\Local Settings\Temporary Internet Files\*.mp4 +%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.* +%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.* +%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\*.* + +//360安全浏览器 +%USERPROFILE%\Application Data\360se\ie8data\Temporary Internet Files\*.* + +//chrome +%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.* + +//360极速浏览器 +%USERPROFILE%\Local Settings\Application Data\360Chrome\Chrome\User Data\Default\CacheIE\*.* +%USERPROFILE%\Local Settings\Application Data\360Chrome\Chrome\User Data\Default\Cache\*.* +%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Cache\*.* +%USERPROFILE%\Local Settings\Application Data\360Chrome\Chrome\User Data\Default\CacheIE\Content.IE5\*.* + +//搜狗浏览器 +%USERPROFILE%\Application Data\SogouExplorer\Webkit\Default\Cache\*.* +%USERPROFILE%\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\*.* + +//opera浏览器 +%USERPROFILE%\AppData\Local\Opera\Opera\cache\*.* +%USERPROFILE%\Local Settings\Application Data\Opera\Opera\cache\*.* +%USERPROFILE%\Local Settings\Application Data\Opera\Opera\application_cache\mcache\*.* +%USERPROFILE%\Local Settings\Application Data\Opera\Opera\application_cache\cache_groups.xml +%USERPROFILE%\Local Settings\Application Data\Opera\Opera\opcache\*.* + +//淘宝浏览器 +%USERPROFILE%\AppData\Local\TaoBrowser\User Data\Default\Cache\*.* +%USERPROFILE%\AppData\Local\TaoBrowser\User Data\Default\JumpListIcons\*.* +%USERPROFILE%\Local Settings\Application Data\TaoBrowser\User Data\Default\Cache\*.* + +//百度浏览器 +%USERPROFILE%\Application Data\Baidu\browser\DiskCache\*.* +%USERPROFILE%\AppData\Roaming\Baidu\browser\DiskCache\*.* + +//猎豹浏览器 +%USERPROFILE%\Local Settings\Application Data\liebao\User Data\Default\Cache\*.* +%USERPROFILE%\Local Settings\Application Data\liebao\User Data\iecache\Content.IE5\*.* +%USERPROFILE%\AppData\Local\liebao\User Data\Default\Cache\*.* +%USERPROFILE%\AppData\Local\liebao\User Data\Default\JumpListIcons\*.* + +//Letv +%USERPROFILE%\Application Data\Letv\Logg\*.log + +//PPSStream +%APPDATA%\PPStream\adsys\*.* +%APPDATA%\PPStream\banner\*.* +%APPDATA%\PPStream\notice\*.* +%APPDATA%\PPStream\CLCache\*.pld +%APPDATA%\PPStream\FDSCache\*.blf + +//PPTV +%APPDATA%\PPLive\PPTV\cache\*.* + +//风行 +%USERPROFILE%\funshion\cache\*.* + + +//youku +-s%appdata%\Macromedia\Flash Player\#SharedObjects\YOUKU_FSO_PROXY.sol +-s%APPDATA%\Roaming\Macromedia\Flash Player\#SharedObjects\YOUKU_FSO_PROXY.sol + + +//letv +-s%appdata%\Macromedia\Flash Player\#SharedObjects\com.letv.sol + +//iqiyi +-s%appdata%\Macromedia\Flash Player\#SharedObjects\qiyi_statistics.sol + +//chrome YOUKU +-s%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol + +//chrome LeTv +-s%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\com.letv.sol + +//chrome iqiyi +-s%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\qiyi_statistics.sol + +//360 youku +-s%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol + +//360 letv +-s%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\com.letv.sol + +//360 iqiyi +-s%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\qiyi_statistics.sol + + +//暴风影音5 +%ALLUSERSPROFILE%\Baofeng\StormPlayer\Profiles\md\*.* +%ALLUSERSPROFILE%\Baofeng\StormPlayer\Profiles\vod\*.* +%ALLUSERSPROFILE%\Application Data\Baofeng\StormPlayer\Profiles\md\*.* +%ALLUSERSPROFILE%\Application Data\Baofeng\StormPlayer\Profiles\vod\*.* +%ALLUSERSPROFILE%\Baofeng\Application Data\StormPlayer\Profiles\md\*.* +%ALLUSERSPROFILE%\Baofeng\Application Data\StormPlayer\Profiles\vod\*.* + +//pptv +%ALLUSERSPROFILE%\PPLive\PPTV\Cache\pluginad\*.* +%ALLUSERSPROFILE%\Application Data\PPLive\PPTV\Cache\pluginad\*.* +%ALLUSERSPROFILE%\Application Data\PPLive\PPTV\screensaver\*.* + + +//多米 +C:\Program Files\DuoMi\dmdeskinfo.exe + +//UUSEE +%TEMP%\UUFile\*.* + +//iqiyi +%ALLUSERSPROFILE%\Application Data\Qiyi\qiyiclient\cache\*.* + diff --git a/package/lean/adbyby/files/data/clean.ini b/package/lean/adbyby/files/data/clean.ini new file mode 100644 index 000000000..6b69b1492 --- /dev/null +++ b/package/lean/adbyby/files/data/clean.ini @@ -0,0 +1,43 @@ +//youku +-y%appdata%\Macromedia\Flash Player\#SharedObjects\YOUKU_FSO_PROXY.sol +//youku win7 +-y%APPDATA%\Roaming\Macromedia\Flash Player\#SharedObjects\YOUKU_FSO_PROXY.sol +//chrome YOUKU +-y%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol +//360 youku +-y%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol +//sougou youku +-y%appdata%\SogouExplorer\Webkit\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol + +-y%userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol +-y%userprofile%\Local Settings\Application Data\UCBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol +-y%userprofile%\Local Settings\Application Data\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YOUKU_FSO_PROXY.sol + +//qq +%appdata%\Tencent\QQ\Misc\com.tencent.advertisement\*.* +%appdata%\Tencent\QQ\Misc\com.tencent.advertisement\GDT_0\*.* + +//letv +-s%appdata%\Macromedia\Flash Player\#SharedObjects\com.letv.sol + +//letv1 +-s%APPDATA%\Roaming\Macromedia\Flash Player\#SharedObjects\com.letv.sol + +//iqiyi +-s%appdata%\Macromedia\Flash Player\#SharedObjects\qiyi_statistics.sol + +//iqiyi1 +-s%APPDATA%\Roaming\Macromedia\Flash Player\#SharedObjects\qiyi_statistics.sol + + +//chrome LeTv +-s%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\com.letv.sol + +//chrome iqiyi +-s%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\qiyi_statistics.sol + +//360 letv +-s%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\com.letv.sol + +//360 iqiyi +-s%USERPROFILE%\AppData\Local\360Chrome\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\qiyi_statistics.sol diff --git a/package/lean/adbyby/files/data/lazy.bin b/package/lean/adbyby/files/data/lazy.bin new file mode 100644 index 000000000..68ed55630 Binary files /dev/null and b/package/lean/adbyby/files/data/lazy.bin differ diff --git a/package/lean/adbyby/files/data/lazy.txt b/package/lean/adbyby/files/data/lazy.txt new file mode 100644 index 000000000..f25fed319 --- /dev/null +++ b/package/lean/adbyby/files/data/lazy.txt @@ -0,0 +1 @@ +! -----更新时间: 2018-06-10 12:56:28 by:xwhyc----- diff --git a/package/lean/adbyby/files/data/rules.txt b/package/lean/adbyby/files/data/rules.txt new file mode 100644 index 000000000..5c44b0e8c --- /dev/null +++ b/package/lean/adbyby/files/data/rules.txt @@ -0,0 +1,15 @@ +! ------------------------------ ADByby 鑷畾涔夎繃婊よ娉曠畝琛--------------------------------- +! -------------- 瑙勫垯鍩轰簬abp瑙勫垯锛屽苟杩涜浜嗗瓧绗︽浛鎹㈤儴鍒嗙殑鎵╁睍----------------------------- +! ABP瑙勫垯璇峰弬鑰僪ttps://adblockplus.org/zh_CN/filters锛屼笅闈负澶ц嚧鎽樿 +! "!" 涓鸿娉ㄩ噴绗︼紝娉ㄩ噴琛屼互璇ョ鍙疯捣濮嬩綔涓轰竴琛屾敞閲婅涔夛紝鐢ㄤ簬瑙勫垯鎻忚堪 +! "*" 涓哄瓧绗﹂氶厤绗︼紝鑳藉鍖归厤0闀垮害鎴栦换鎰忛暱搴︾殑瀛楃涓诧紝璇ラ氶厤绗︿笉鑳戒笌姝e垯璇硶娣风敤銆 +! "^" 涓哄垎闅旂锛屽彲浠ユ槸闄や簡瀛楁瘝銆佹暟瀛楁垨鑰 _ - . % 涔嬪鐨勪换浣曞瓧绗︺ +! "|" 涓虹绾跨鍙凤紝鏉ヨ〃绀哄湴鍧鐨勬渶鍓嶇鎴栨渶鏈 +! "||" 涓哄瓙鍩熼氶厤绗︼紝鏂逛究鍖归厤涓诲煙鍚嶄笅鐨勬墍鏈夊瓙鍩熴 +! "~" 涓烘帓闄ゆ爣璇嗙锛岄氶厤绗﹁兘杩囨护澶у鏁板箍鍛婏紝浣嗗悓鏃跺瓨鍦ㄨ鏉, 鍙互閫氳繃鎺掗櫎鏍囪瘑绗︿慨姝h鏉閾炬帴銆 +! "##" 涓哄厓绱犻夋嫨鍣ㄦ爣璇嗙锛屽悗闈㈣窡闇瑕侀殣钘忓厓绱犵殑CSS鏍峰紡渚嬪 #ad_id .ad_class +!! 鍏冪礌闅愯棌鏆備笉鏀寔鍏ㄥ眬瑙勫垯鍜屾帓闄よ鍒 +!! 瀛楃鏇挎崲鎵╁睍 +! 鏂囨湰鏇挎崲閫夋嫨鍣ㄦ爣璇嗙锛屽悗闈㈣窡闇瑕佹浛鎹㈢殑鏂囨湰鏁版嵁锛屾牸寮忥細$s@妯″紡瀛楃涓睝鏇挎崲鍚庣殑鏂囨湰@ +! 鏀寔閫氶厤绗*鍜岋紵 +! ------------------------------------------------------------------------------------------- diff --git a/package/lean/adbyby/files/data/user.txt b/package/lean/adbyby/files/data/user.txt new file mode 100644 index 000000000..e69de29bb diff --git a/package/lean/adbyby/files/data/video.txt b/package/lean/adbyby/files/data/video.txt new file mode 100644 index 000000000..1d098eb25 --- /dev/null +++ b/package/lean/adbyby/files/data/video.txt @@ -0,0 +1,23 @@ +! -----更新时间: 2018-06-13 22:56:37 by:xwhyc----------------------------------------------- +! -----广告反馈:http://www.adbyby.com/help.htm QQ群: 79547134(满), 364066294(满),470705224,534897434,438394572-------------- + + +!------------------------------------------- +twmeiju.com##iframe[width="336"] +txzqw##.ad-text,.tac,#banner,[id^="ads_"] +|http://*.com/logo/ad.js +|http://*.com/logo/logo.js +|http://*.com/logo/logoxia.js +|http://*.com/logo/playjs.js +|http://m.haxdu.com/hi18/$script +|http://www.hqck.net/templets/default/js/ntes_jslib_1.x.js +||51wady.com/me.php?id= +||haxwx3.com/web/js/$script +||jiawen88.com +!----------------------- + + + + +!---------adbyby--------- + diff --git a/package/lean/adbyby/files/doc/hidecss.js b/package/lean/adbyby/files/doc/hidecss.js new file mode 100644 index 000000000..93c21f5fe --- /dev/null +++ b/package/lean/adbyby/files/doc/hidecss.js @@ -0,0 +1 @@ +(function(global){var DOC=global.document,w3c_css=global.getComputedStyle,undef=void 0,reg_combinator=/^\s*([>+~,\s])\s*(\*|(?:[-\w*]|[^\x00-\xa0]|\\.)*)/,trimLeft=/^\s+/,trimRight=/\s+$/,reg_comma=/^\s*,\s*/,reg_sequence=/^([#\.:]|\[\s*)((?:[-\w]|[^\x00-\xa0]|\\.)+)/,reg_pseudo=/^\(\s*("([^"]*)"|'([^']*)'|[^\(\)]*(\([^\(\)]*\))?)\s*\)/,reg_attrib=/^\s*(?:(\S?=)\s*(?:(['"])(.*?)\2|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/,reg_attrval=/\\([0-9a-fA-F]{2,2})/g,reg_sensitive=/^(?:title|id|name|class|for|href|src)$/,reg_backslash=/\\/g,reg_tag=/^((?:[-\w\*]|[^\x00-\xa0]|\\.)+)/,reg_parse_pseudo=/(-?)(\d*)n([-+]?\d*)/,reg_quick=/^(^|[#.])((?:[-\w]|[^\x00-\xa0]|\\.)+)$/,has_in=function(a,b){return(a in b)},dom={html:DOC.documentElement,mix:function(target,source){var args=[].slice.call(arguments),key,ride=typeof args[args.length-1]=="boolean"?args.pop():true;target=target||{};for(var i=1;source=args[i++];){for(key in source){if(ride||!has_in(key,target)){target[key]=source[key]}}}return target},rword:/[^, ]+/g,uuid:1,getUid:w3c_css?function(node){return node.uniqueNumber||(node.uniqueNumber=dom.uuid++)}:function(node){var uid=node.getAttribute("uniqueNumber");if(!uid){uid=dom.uuid++;node.setAttribute("uniqueNumber",uid)}return uid},oneObject:function(array,val){if(typeof array=="string"){array=array.match(dom.rword)||[]}var result={},value=val!==undef?val:1;for(var i=0,n=array.length;i=0);(found^flag_not)&&(result[ri++]=el)}return result}}},onePosition=dom.oneObject("eq,gt,lt,first,last,even,odd"),siblingCheck=function(a,b,ret){if(a===b){return ret}var cur=a.nextSibling;while(cur){if(cur===b){return -1}cur=cur.nextSibling}return 1},sortOrder1=function(a,b){if(a===b){sortOrder1.hasDuplicate=true;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition){return a.compareDocumentPosition?-1:1}return a.compareDocumentPosition(b)&4?-1:1},sortOrder2=function(a,b){if(a===b){sortOrder2.hasDuplicate=true;return 0}var al,bl,ap=[],bp=[],aup=a.parentNode,bup=b.parentNode,cur=aup;if(aup===bup){return siblingCheck(a,b)}else{if(!aup){return -1}else{if(!bup){return 1}}}while(cur){ap.unshift(cur);cur=cur.parentNode}cur=bup;while(cur){bp.unshift(cur);cur=cur.parentNode}al=ap.length;bl=bp.length;for(var i=0;i0&&els.length&&els[0].lookupNamespaceURI){var arr=tagName.split(":");prefix=arr[0];tagName=arr[1];method="getElementsByTagNameNS";prefix=els[0].lookupNamespaceURI(prefix)}switch(els.length){case 0:return elems;case 1:var all=prefix?els[0][method](prefix,tagName):els[0][method](tagName);for(var i=0,ri=0,el;el=all[i++];){if(el.nodeType===1){elems[ri++]=el}}return elems;default:for(var nodes,i=0,ri=0;el=els[i++];){nodes=prefix?el[method](prefix,tagName):el[method](tagName);for(var uid,j=0,node;node=nodes[j++];){uid=dom.getUid(node);if(!uniqResult[uid]){uniqResult[uid]=elems[ri++]=node}}}return elems}},getElementsByXPath=function(xpath,context,doc){var result=[];try{if(global.DOMParser){var nodes=doc.evaluate(xpath,context,null,7,null);for(var i=0,n=nodes.snapshotLength;i";root.insertBefore(form,root.firstChild);fixById=!!DOC.getElementById(id);root.removeChild(form)})();try{slice.call(dom.html.childNodes,0)[0].nodeType}catch(e){makeArray=function(nodes,result,flag_multi){var ret=result||[],ri=ret.length;for(var i=0,el;el=nodes[i++];){ret[ri++]=el}return flag_multi?dom.unique(ret):ret}}var Icarus=dom.query=function(expr,contexts,result,lastResult,flag_xml,flag_multi,flag_dirty){result=result||[];contexts=contexts||DOC;var pushResult=makeArray;if(!contexts.nodeType){contexts=pushResult(contexts);if(!contexts.length){return result}}else{contexts=[contexts]}var rrelative=reg_combinator,rBackslash=reg_backslash,rcomma=reg_comma,context=contexts[0],doc=context.ownerDocument||context,rtag=reg_tag,flag_all,uniqResult,elems,nodes,tagName,last,ri,uid;expr=expr.replace(trimLeft,"").replace(trimRight,"");flag_xml=flag_xml!==undef?flag_xml:dom.isXML(doc);if(flag_xml&&expr==="body"&&context.body){return pushResult([context.body],result,flag_multi)}if(!flag_xml&&doc.querySelectorAll){var query=expr,fix_icarus_sqa="fix_icarus_sqa";if(contexts.length>2||doc.documentMode==8&&context.nodeType==1){if(contexts.length>2){context=doc}query="."+fix_icarus_sqa+" "+query;for(var i=0,node;node=contexts[i++];){if(node.nodeType===1){node.className=fix_icarus_sqa+" "+node.className}}}if(doc.documentMode!==8||context.nodeName.toLowerCase()!=="object"){try{return pushResult(context.querySelectorAll(query),result,flag_multi)}catch(e){}finally{if(!query.indexOf("."+fix_icarus_sqa)){for(i=0;node=contexts[i++];){if(node.nodeType===1){node.className=node.className.replace(fix_icarus_sqa+" ","")}}}}}}var match=expr.match(reg_quick);if(match){var value=match[2].replace(rBackslash,""),key=match[1];if(key==""){nodes=getElementsByTagName(value,contexts,flag_xml)}else{if(key==="."&&contexts.length===1){if(flag_xml){nodes=getElementsByXPath("//*[@class='"+value+"']",context,doc)}else{if(context.getElementsByClassName){nodes=context.getElementsByClassName(value)}}}else{if(key==="#"&&contexts.length===1){if(flag_xml){nodes=getElementsByXPath("//*[@id='"+value+"']",context,doc)}else{if(context.nodeType==Math.pow(3,2)){node=doc.getElementById(value);nodes=!node?[]:!fixById?[node]:node.getAttributeNode("id").nodeValue===value?[node]:false}}}}}if(nodes){return pushResult(nodes,result,flag_multi)}}lastResult=contexts;if(lastResult.length){loop:while(expr&&last!==expr){flag_dirty=false;elems=null;uniqResult={};if((match=expr.match(rrelative))){expr=RegExp.rightContext;elems=[];tagName=(flag_xml?match[2]:match[2].toUpperCase()).replace(rBackslash,"")||"*";i=0;ri=0;flag_all=tagName==="*";switch(match[1]){case" ":if(expr.length||match[2]){elems=getElementsByTagName(tagName,lastResult,flag_xml)}else{elems=lastResult;break loop}break;case">":while((node=lastResult[i++])){for(node=node.firstChild;node;node=node.nextSibling){if(node.nodeType===1&&(flag_all||tagName===node.nodeName)){elems[ri++]=node}}}break;case"+":while((node=lastResult[i++])){while((node=node.nextSibling)){if(node.nodeType===1){if(flag_all||tagName===node.nodeName){elems[ri++]=node}break}}}break;case"~":while((node=lastResult[i++])){while((node=node.nextSibling)){if(node.nodeType===1&&(flag_all||tagName===node.nodeName)){uid=dom.getUid(node);if(uniqResult[uid]){break}else{uniqResult[uid]=elems[ri++]=node}}}}elems=dom.unique(elems);break}}else{if((match=expr.match(rtag))){expr=RegExp.rightContext;elems=getElementsByTagName(match[1].replace(rBackslash,""),lastResult,flag_xml)}}if(expr){var arr=Icarus.filter(expr,elems,lastResult,doc,flag_xml);expr=arr[0];elems=arr[1];if(!elems){flag_dirty=true;elems=getElementsByTagName("*",lastResult,flag_xml)}if((match=expr.match(rcomma))){expr=RegExp.rightContext;pushResult(elems,result);return Icarus(expr,contexts,result,[],flag_xml,true,flag_dirty)}else{lastResult=elems}}}}if(flag_multi){if(elems.length){return pushResult(elems,result,flag_multi)}}else{if(DOC!==doc||fixByTag&&flag_dirty){for(result=[],ri=0,i=0;node=elems[i++];){if(node.nodeType===1){result[ri++]=node}}return result}}return elems},filterPseudoNoExp=function(name,isLast,isOnly){var A="for(var result=[],flag_not=A.not,node,el,tagName,i=0,ri=0,found=0;node=el=B[i++];found=0){",B="{0}while(!found&&(node=node.{1})){(node.{2}==={3})&&++found}",C="node=el;while(!found&&(node=node.previousSibling)){node.{2}==={3}&&++found}",D="!found^flag_not&&(result[ri++]=el)}return result",start=isLast?"nextSibling":"previousSibling",fills={type:["tagName=el.nodeName;",start,"nodeName","tagName"],child:["",start,"nodeType","1"]}[name],body=A+B+(isOnly?C:"")+D;return{exec:new Function("A","B",body.replace(/{(\d)}/g,function($,$1){return fills[$1]}))}};dom.mix(Icarus,{getAttribute:!fixGetAttribute?function(elem,name){return elem.getAttribute(name)||""}:function(elem,name,flag_xml){if(flag_xml){return elem.getAttribute(name)||""}name=name.toLowerCase();if(attrURL[name]){return elem.getAttribute(name,2)||""}if(elem.tagName==="INPUT"&&name=="type"){return elem.getAttribute("type")||elem.type}var attr=boolOne[name]?(elem.getAttribute(name)?name:""):(elem=elem.getAttributeNode(name))&&elem.value||"";return reg_sensitive.test(name)?attr:attr.toLowerCase()},hasAttribute:!fixHasAttribute?function(elem,name,flag_xml){return flag_xml?!!elem.getAttribute(name):elem.hasAttribute(name)}:function(elem,name){elem=elem.getAttributeNode(name.toLowerCase());return !!(elem&&(elem.specified||elem.nodeValue))},filter:function(expr,elems,lastResult,doc,flag_xml,flag_get){var rsequence=reg_sequence,rattrib=reg_attrib,rpseudo=reg_pseudo,rBackslash=reg_backslash,rattrval=reg_attrval,pushResult=makeArray,toHex=_toHex,_hash_op=hash_operator,parsePseudo=parse_pseudo,match,key,tmp;while((match=expr.match(rsequence))){expr=RegExp.rightContext;key=(match[2]||"").replace(rBackslash,"");if(!elems){if(lastResult.length===1&&lastResult[0]===doc){switch(match[1]){case"#":if(!flag_xml){tmp=doc.getElementById(key);if(!tmp){elems=[];continue}if(fixById?tmp.id===key:tmp.getAttributeNode("id").nodeValue===key){elems=[tmp];continue}}break;case":":switch(key){case"root":elems=[doc.documentElement];continue;case"link":elems=pushResult(doc.links||[]);continue}break}}elems=getElementsByTagName("*",lastResult,flag_xml)}var filter=0,flag_not=false,args;switch(match[1]){case"#":filter=["id","=",key];break;case".":filter=["class","~=",key];break;case":":tmp=Icarus.hook[key];if((match=expr.match(rpseudo))){expr=RegExp.rightContext;args=parsePseudo(key,match)}if(tmp){filter=tmp}else{if(key==="not"){flag_not=true;if(args==="*"){elems=[]}else{if(reg_tag.test(args)){tmp=[];match=flag_xml?args:args.toUpperCase();for(var i=0,ri=0,elem;elem=elems[i++];){if(match!==elem.nodeName){tmp[ri++]=elem}}elems=tmp}else{var obj=Icarus.filter(args,elems,lastResult,doc,flag_xml,true);filter=obj.filter;args=obj.args}}}else{throw"!"}}break;default:filter=[key.toLowerCase()];if((match=expr.match(rattrib))){expr=RegExp.rightContext;if(match[1]){filter[1]=match[1];filter[2]=match[3]||match[4];filter[2]=filter[2]?filter[2].replace(rattrval,toHex).replace(rBackslash,""):""}}break}if(flag_get){return{filter:filter,args:args}}if(elems.length&&filter){tmp=[];i=0;ri=0;if(typeof filter==="function"){if(onePosition[key]){args=args===undef?elems.length-1:~~args;for(;elem=elems[i];){if(filter(i++,args)^flag_not){tmp[ri++]=elem}}}else{while((elem=elems[i++])){if((!!filter(elem,args))^flag_not){tmp[ri++]=elem}}}}else{if(typeof filter.exec==="function"){tmp=filter.exec({not:flag_not,xml:flag_xml},elems,args,doc)}else{var name=filter[0],op=_hash_op[filter[1]],val=filter[2]||"",flag,attr,className;if(!flag_xml&&name==="class"&&op===4){val=" "+val+" ";while((elem=elems[i++])){className=elem.className;if(!!(className&&~(" "+className+" ").indexOf(val))^flag_not){tmp[ri++]=elem}}}else{if(!flag_xml&&op&&val&&!reg_sensitive.test(name)){val=val.toLowerCase()}if(op===4){val=" "+val+" "}while((elem=elems[i++])){if(!op){flag=Icarus.hasAttribute(elem,name,flag_xml)}else{if(val===""&&op>3){flag=false}else{attr=Icarus.getAttribute(elem,name,flag_xml);switch(op){case 1:(flag=attr===val);break;case 2:(flag=attr!==val);break;case 3:(flag=attr===val||attr.substr(0,val.length+1)===val+"-");break;case 4:(flag=attr!==""&&!!~(" "+attr+" ").indexOf(val));break;case 5:(flag=attr!==""&&!attr.indexOf(val));break;case 6:(flag=attr!==""&&attr.substr(attr.length-val.length)===val);break;case 7:(flag=attr!==""&&!!~attr.indexOf(val));break}}}if(flag^flag_not){tmp[ri++]=elem}}}}}elems=tmp}}return[expr,elems]}});Icarus.hook={root:function(el){return el===(el.ownerDocument||el.document).documentElement},"first-child":filterPseudoNoExp("child",false,false),"last-child":filterPseudoNoExp("child",true,false),"only-child":filterPseudoNoExp("child",true,true),"nth-child":filterPseudoHasExp("firstChild","nextSibling",false),link:{exec:function(flags,elems){var links=(elems[0].ownerDocument||elems[0].document).links;if(!links){return[]}var result=[],checked={},flag_not=flags.not;for(var i=0,ri=0,elem;elem=links[i++];){checked[dom.getUid(elem)]=1}for(i=0;elem=elems[i++];){if(checked[dom.getUid(elem)]^flag_not){result[ri++]=elem}}return result}},lang:{exec:function(flags,elems,arg){var result=[],reg=new RegExp("^"+arg,"i"),flag_not=flags.not;for(var tmp,i=0,ri=0,elem;elem=elems[i++];){tmp=elem;while(tmp&&!tmp.getAttribute("lang")){tmp=tmp.parentNode}tmp=!!(tmp&®.test(tmp.getAttribute("lang")));if(tmp^flag_not){result[ri++]=elem}}return result}},contains:{exec:function(flags,elems,arg){var res=[],flag_not=flags.not;for(var i=0,ri=0,elem;elem=elems[i++];){if(!!~((elem.innerText||elem.textContent||dom.getText([elem])).indexOf(arg))^flag_not){res[ri++]=elem}}return res}},selected:function(el){el.parentNode&&el.parentNode.selectedIndex;return el.selected===true},header:function(el){return/h\d/i.test(el.nodeName)},button:function(el){return"button"===el.type||el.nodeName==="BUTTON"},input:function(el){return/input|select|textarea|button/i.test(el.nodeName)},parent:function(el){return !!el.firstChild},has:function(el,expr){return !!dom.query(expr,[el]).length},first:function(index){return index===0},last:function(index,num){return index===num},even:function(index){return index%2===0},odd:function(index){return index%2===1},lt:function(index,num){return indexnum},eq:function(index,num){return index===num},hidden:function(el){return(el.offsetWidth+el.offsetHeight)==0||(el.currentStyle||{}).display=="none"}};Icarus.hook.visible=function(el){return !Icarus.hook.hidden(el)};"text,radio,checkbox,file,password,submit,image,reset".replace(dom.rword,function(name){Icarus.hook[name]=function(el){return(el.getAttribute("type")||el.type)===name}});var blockCss=/(?:function|open|document|location|alert|confirm|prompt|showmodelessdialog|activexobject|xmlhttprequest|execscript|eval)\s*[(.=;]/i,checkCss=function(a,b){b=b||"visibility";return"hidden"==(w3c_css?DOC.defaultView.getComputedStyle(a,null).getPropertyValue(b):a.currentStyle[b])},removeNode=!!global.VBArray?function(){var b;return function(a){if(a&&"BODY"!=a.tagName){b=b||DOC.createElement("DIV");b.appendChild(a);b.innerHTML=""}}}():function(a){a&&a.parentNode&&"BODY"!=a.tagName&&a.parentNode.removeChild(a)},execFunc=[function(){},function(a){for(var b,c=a.length;c--;){b=a[c];checkCss(b)||(b.style.display="none",b.style.visibility="hidden")}},function(a){for(var c=a.length;c--;){removeNode(a[c])}}],execMainFunc=function(a,b){var c;try{c=dom.query(a)}catch(e){return((c=null),0)}return("function"==typeof execFunc[b]&&execFunc[b](c),c.length)},const_DOMContentLoaded="DOMContentLoaded",const_complete="complete",domReadyList=[],domisReady=0,domReady=function(fn){domisReady?fn():domReadyList.unshift(fn)},domfireReady=function(){if(!domisReady){if(!DOC.body){return setTimeout(domfireReady,32)}domisReady=1;for(var len=domReadyList.length;len--;){domReadyList[len]()}}},createCss=(function(){var style,media,self={},reg_media=/screen|all/i,splitCss=/[\[+>~:].+?/,addCss="{display:none;position:absolute;top:-1000000px;visibility:hidden}",styles=DOC.getElementsByTagName("style"),len=styles.length,new_css=function(g){for(var r=[],z=[],o,y=g.split(","),E=y.length;E--;){o=y[E];o&&(splitCss.test(o)?r:z).push(o)}z.length&&r.push(z.join());return(r.join(addCss)||"iframe")+addCss};while(len--){style=styles[len];media=style.getAttribute("media");if(media===null||reg_media.test(media)){self.style=style;break}}if(!self.style){var head=DOC.head||DOC.getElementsByTagName("head")[0];style=DOC.createElement("style");head.insertBefore(style,head.firstChild);domReady(function(){DOC.body&&DOC.body.insertBefore(style,DOC.body.firstChild)})}return style.styleSheet?function(css){style.styleSheet.cssText+=new_css(css)}:!!global.Components?function(css){style.innerHTML+=new_css(css)}:function(css){style.appendChild(DOC.createTextNode(new_css(css)))}})();if(const_complete==DOC.readyState){domfireReady()}else{if(!DOC.attachEvent){DOC.addEventListener(const_DOMContentLoaded,function(){DOC.removeEventListener(const_DOMContentLoaded,arguments.callee,false);domfireReady()},false)}else{DOC.attachEvent("onreadystatechange",function(){const_complete==DOC.readyState&&(DOC.detachEvent("onreadystatechange",arguments.callee),domfireReady())});(function(){if(domisReady){return}try{var node=new Image();node.doScroll();node=null}catch(e){setTimeout(arguments.callee,64);return}domfireReady()})()}}var AdSafe_CheckRule={regIDS:null,regSub:null,format:function(){var str=arguments[0];var regM=/\{\s*(\d+)\s*\}/,arr,temp="",xb;while((arr=regM.exec(str))!=null){xb=parseInt(arr[1]);if(isNaN(xb)||typeof(arguments[xb+1])=="undefined"){throw"锟斤拷指锟斤拷锟斤拷锟斤拷:"+arr[0]}temp+=str.substr(0,arr.index)+arguments[xb+1];str=str.substr(arr.index+arr[0].length)}temp+=str;return temp},isNullOrEmpty:function(str){var t=str;if(str.constructor==Array){t=str[0]}if(t==null||t==""){return true}return false},trim:function(str,dir){var regTrim;if(dir=="left"){regTrim=/^\s*/g}else{if(dir=="right"){regTrim=/\s*$/g}else{regTrim=/(?:^\s*|\s*$)/g}}if(str.constructor==String){str=str.replace(regTrim,"")}else{if(str.constructor==Array){for(var i=0;i+]\\s*)?(?:{0}|{1}|{2})+)+",str_iden,str_attr,str_quick),str_jquerys=this.format("^{0}\\s*(?:,\\s*{0}\\s*)*$",str_alone);this.regIDS=new RegExp(str_jquerys,"i");this.regSub=new RegExp(strSub,"i")},Checking:function(str){if(this.isNullOrEmpty(str)){return false}var result=this.AloneSub(str);if(!result){return false}if(this.isNullOrEmpty(str)){return true}if(!this.CheckRules(str)){return false}return true},CheckRules:function(str){var strArr=str[0].split(",");var lst=[];for(var t=0;t0){return false}else{return true}},GetPair:function(k){var t=[],result=[],c;t.push("0");for(var i=0;i0){var rc=str[0].charAt(temp1.length-1);if(rc==">"||rc=="+"||rc==","){if(temp1.length-1>=0){temp1=temp1.substr(0,temp1.length-1)}hasSub=true}}if(hasSub){str[0]=temp1+" "+str[0].substr(m.index+m[0].length+temp[0].length+1)}else{str[0]=str[0].substr(0,m.index)+str[0].substr(m.index+m[0].length+temp[0].length+1)}str[0]=this.trim(str[0])}if(this.isNullOrEmpty(str)){return true}return this.AloneSub(str)}else{return this.CheckRules(str)}}};var isIni=false;var checkCSSRule=function(line){if(!isIni){AdSafe_CheckRule.ini();isIni=true}var i=line.indexOf("??1");if(i>=0){line=line.substr(0,i)}line=AdSafe_CheckRule.trim(line);if(line==""){return false}return AdSafe_CheckRule.Checking([line])};global.hidecss=function(c){if(c.indexOf("??1")>-1||c.indexOf("??")<0){try{if(!checkCSSRule(c)){return}}catch(e){}}if(!c||blockCss.test(c)){return}var d=String(c).split("??"),f=parseInt(d[1],10)||1,g=d[0],l=100;var setCookie=function(name,value,expires,path,domain,secure){var curCookie=name+"="+escape(value)+((expires)?"; expires="+expires.toGMTString():"")+((path)?"; path="+path:"")+((domain)?"; domain="+domain:"")+((secure)?"; secure":"");document.cookie=curCookie};var addCookieForHours=function(name,value,path,domain,hour,secure){var t;if(hour){t=new Date();hour=isNaN(parseFloat(hour))?1:hour;t.setTime(t.getTime()+hour*3600*1000)}setCookie(name,value,t,path,domain,secure)};var deleteCookie=function(name,path,domain){document.cookie=name+"="+((path)?"; path="+path:"")+((domain)?"; domain="+domain:"")+"; expires=Thu, 01-Jan-70 00:00:01 GMT"};var clearCookie=function(path,domain,arr){var keys=[],r,reg=/([^=; ]+)=([^;]+)/g,cook=document.cookie;while((r=reg.exec(cook))!=null){keys.push(r[1])}if(keys&&keys.length>0){var _f;if(typeof arr=="undefined"||!arr){arr=[]}if(typeof arr=="string"){arr=[arr]}for(var i=keys.length-1;i--;i>=0){_f=false;for(var k=0;k + +START=99 + +start() +{ + rfc=4096 + cc=$(grep -c processor /proc/cpuinfo) + rsfe=$(echo $cc*$rfc | bc) + sysctl -w net.core.rps_sock_flow_entries=$rsfe + for fileRps in $(ls /sys/class/net/eth*/queues/rx-*/rps_cpus) + do + echo $cc > $fileRps + done + + for fileRfc in $(ls /sys/class/net/eth*/queues/rx-*/rps_flow_cnt) + do + echo $rfc > $fileRfc + done + + for fileRps in $(ls /sys/class/net/eth*/queues/tx-*/xps_cpus) + do + echo $cc > $fileRps + done + + a=$(cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq) + b=$(echo -n ' : ') + c=$(cat /proc/cpuinfo | grep 'core id' | sort -u | wc -l) + d=$(echo -n ' Core ') + e=$(cat /proc/cpuinfo | grep 'processor' | wc -l) + f=$(echo -n ' Thread ') + g=${a}${b}${c}${d}${e}${f} + echo $g > /tmp/sysinfo/model + + ethtool -K eth0 rx-checksum on >/dev/null 2>&1 + ethtool -K eth0 tx-checksum-ip-generic on >/dev/null 2>&1 + ethtool -K eth0 tso on >/dev/null 2>&1 + ethtool -K eth0 ufo on >/dev/null 2>&1 + ethtool -K eth0 gso on >/dev/null 2>&1 + + ethtool -K eth1 rx-checksum on >/dev/null 2>&1 + ethtool -K eth1 tx-checksum-ip-generic on >/dev/null 2>&1 + ethtool -K eth1 tso on >/dev/null 2>&1 + ethtool -K eth1 ufo on >/dev/null 2>&1 + ethtool -K eth1 gso on >/dev/null 2>&1 + + ethtool -K eth2 rx-checksum on >/dev/null 2>&1 + ethtool -K eth2 tx-checksum-ip-generic on >/dev/null 2>&1 + ethtool -K eth2 tso on >/dev/null 2>&1 + ethtool -K eth2 ufo on >/dev/null 2>&1 + ethtool -K eth2 gso on >/dev/null 2>&1 + + ethtool -K eth3 rx-checksum on >/dev/null 2>&1 + ethtool -K eth3 tx-checksum-ip-generic on >/dev/null 2>&1 + ethtool -K eth3 tso on >/dev/null 2>&1 + ethtool -K eth3 ufo on >/dev/null 2>&1 + ethtool -K eth3 gso on >/dev/null 2>&1 + + [ -f /etc/index.htm ] && mv /etc/index.htm /usr/lib/lua/luci/view/admin_status/index.htm +} + + + diff --git a/package/lean/autocore/files/index.htm b/package/lean/autocore/files/index.htm new file mode 100644 index 000000000..6cec12ca9 --- /dev/null +++ b/package/lean/autocore/files/index.htm @@ -0,0 +1,830 @@ +<%# + Copyright 2008 Steven Barth + Copyright 2008-2011 Jo-Philipp Wich + Licensed to the public under the Apache License 2.0. +-%> + +<% + local fs = require "nixio.fs" + local util = require "luci.util" + local stat = require "luci.tools.status" + local ver = require "luci.version" + + local has_ipv6 = fs.access("/usr/sbin/ip6tables") + local has_dhcp = fs.access("/etc/config/dhcp") + local has_wifi = ((fs.stat("/etc/config/wireless", "size") or 0) > 0) + + local sysinfo = luci.util.ubus("system", "info") or { } + local boardinfo = luci.util.ubus("system", "board") or { } + local unameinfo = nixio.uname() or { } + + local meminfo = sysinfo.memory or { + total = 0, + free = 0, + buffered = 0, + shared = 0 + } + + local swapinfo = sysinfo.swap or { + total = 0, + free = 0 + } + + local has_dsl = fs.access("/etc/init.d/dsl_control") + + if luci.http.formvalue("status") == "1" then + local ntm = require "luci.model.network".init() + local wan = ntm:get_wannet() + local wan6 = ntm:get_wan6net() + + local conn_count = tonumber( + fs.readfile("/proc/sys/net/netfilter/nf_conntrack_count") or "") or 0 + + local conn_max = tonumber(luci.sys.exec( + "sysctl -n -e net.nf_conntrack_max net.ipv4.netfilter.ip_conntrack_max" + ):match("%d+")) or 4096 + + local rv = { + uptime = sysinfo.uptime or 0, + localtime = os.date(), + loadavg = sysinfo.load or { 0, 0, 0 }, + memory = meminfo, + swap = swapinfo, + connmax = conn_max, + conncount = conn_count, + leases = stat.dhcp_leases(), + leases6 = stat.dhcp6_leases(), + wifinets = stat.wifi_networks() + } + + if wan then + rv.wan = { + ipaddr = wan:ipaddr(), + gwaddr = wan:gwaddr(), + netmask = wan:netmask(), + dns = wan:dnsaddrs(), + expires = wan:expires(), + uptime = wan:uptime(), + proto = wan:proto(), + ifname = wan:ifname(), + link = wan:adminlink() + } + end + + if wan6 then + rv.wan6 = { + ip6addr = wan6:ip6addr(), + gw6addr = wan6:gw6addr(), + dns = wan6:dns6addrs(), + ip6prefix = wan6:ip6prefix(), + uptime = wan6:uptime(), + proto = wan6:proto(), + ifname = wan6:ifname(), + link = wan6:adminlink() + } + end + + if has_dsl then + local dsl_stat = luci.sys.exec("/etc/init.d/dsl_control lucistat") + local dsl_func = loadstring(dsl_stat) + if dsl_func then + rv.dsl = dsl_func() + end + end + + luci.http.prepare_content("application/json") + luci.http.write_json(rv) + + return + elseif luci.http.formvalue("hosts") == "1" then + luci.http.prepare_content("application/json") + luci.http.write_json(luci.sys.net.host_hints()) + + return + end +-%> + +<%+header%> + + + + +

<%:Status%>

+ +
+ <%:System%> + + + + + + + + + + +
<%:Hostname%><%=luci.sys.hostname() or "?"%>
<%:Model%><%=pcdata(boardinfo.model or boardinfo.system or "?")%>
<%:CPU Temperature%><%=luci.sys.exec("sensors | grep 'Core 0' | cut -c10-24")%> @ <%=luci.sys.exec("grep 'MHz' /proc/cpuinfo | cut -c11- |sed -n '1p'")%> MHz
<%:Firmware Version%> + <%=pcdata(ver.distname)%> <%=pcdata(ver.distversion)%> / + <%=pcdata(ver.luciname)%> (<%=pcdata(ver.luciversion)%>) +
<%:Kernel Version%><%=unameinfo.release or "?"%>
<%:Local Time%>-
<%:Uptime%>-
<%:Load Average%>-
+
+ +
+ <%:Memory%> + + + + + +
<%:Total Available%>-
<%:Free%>-
<%:Buffered%>-
+
+ +<% if swapinfo.total > 0 then %> +
+ <%:Swap%> + + + + +
<%:Total Available%>-
<%:Free%>-
+
+<% end %> + +
+ <%:Network%> + + + + <% if has_ipv6 then %> + + <% end %> + +
<%:IPv4 WAN Status%> + + + +

?		<%:Collecting data...%>
+
<%:IPv6 WAN Status%> + + + +

?		<%:Collecting data...%>
+
<%:Active Connections%>-
+
+ +<% if has_dhcp then %> +
+ <%:DHCP Leases%> + + + + + + + + + + + +
<%:Hostname%><%:IPv4-Address%><%:MAC-Address%><%:Leasetime remaining%>

<%:Collecting data...%>
+
+ +<% if has_ipv6 then %> + +<% end %> +<% end %> + +<% if has_dsl then %> +
+ <%:DSL%> + + +
<%:DSL Status%> + + + +

?		<%:Collecting data...%>
+
+
+<% end %> + +<% if has_wifi then %> +
+ <%:Wireless%> + + + +
<%:Collecting data...%>
+
+ +
+ <%:Associated Stations%> + + + + + + + + + + + + + +
 <%:Network%><%:MAC-Address%><%:Host%><%:Signal%> / <%:Noise%><%:RX Rate%> / <%:TX Rate%>

<%:Collecting data...%>
+
+<% end %> + +<%- + local incdir = util.libpath() .. "/view/admin_status/index/" + if fs.access(incdir) then + local inc + for inc in fs.dir(incdir) do + if inc:match("%.htm$") then + include("admin_status/index/" .. inc:gsub("%.htm$", "")) + end + end + end +-%> + +<%+footer%> diff --git a/package/lean/automount/Makefile b/package/lean/automount/Makefile new file mode 100644 index 000000000..e026f8987 --- /dev/null +++ b/package/lean/automount/Makefile @@ -0,0 +1,36 @@ +# +# Copyright (C) 2010-2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=automount +PKG_VERSION:=1 +PKG_RELEASE:=20 +PKG_ARCH:=all + +include $(INCLUDE_DIR)/package.mk + +define Package/automount + TITLE:=Mount autoconfig hotplug script. + MAINTAINER:=Lean + DEPENDS:=+block-mount +kmod-usb-storage +kmod-usb-storage-extras +kmod-fs-vfat +ntfs-3g +kmod-fs-ext4 +endef + +define Package/automount/description +A usb autoconfig hotplug script. +endef + +define Build/Compile +endef + +define Package/automount/install + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/15-automount $(1)/etc/15-automount + $(INSTALL_BIN) ./files/zzz-move-automount $(1)/etc/uci-defaults/zzz-move-automount +endef + +$(eval $(call BuildPackage,automount)) diff --git a/package/lean/automount/files/15-automount b/package/lean/automount/files/15-automount new file mode 100755 index 000000000..dd518c4ec --- /dev/null +++ b/package/lean/automount/files/15-automount @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright (C) 2015 OpenWrt.org + +# 0 yes blockdevice handles this - 1 no it is not there +blkdev=`dirname $DEVPATH` +basename=`basename $blkdev` +device=`basename $DEVPATH` +skip=`block info | sed 's/\(.*\): .*/\1/' | grep -q $device ; echo $?` +path=$DEVPATH + +if [ $basename != "block" ] && [ -z "${device##sd*}" ] && [ $skip -eq 1 ]; then + mntpnt=$device + case "$ACTION" in + add) + mkdir -p /mnt/$mntpnt + chmod 777 /mnt/$mntpnt + # Try to be gentle on solid state devices + mount -o rw,noatime,discard /dev/$device /mnt/$mntpnt + ;; + remove) + # Once the device is removed, the /dev entry disappear. We need mountpoint + mountpoint=`mount |grep /dev/$device | sed 's/.* on \(.*\) type.*/\1/'` + umount -l $mountpoint + ;; + esac +fi \ No newline at end of file diff --git a/package/lean/automount/files/zzz-move-automount b/package/lean/automount/files/zzz-move-automount new file mode 100755 index 000000000..fbe094cbd --- /dev/null +++ b/package/lean/automount/files/zzz-move-automount @@ -0,0 +1,7 @@ +#!/bin/sh + +sleep 15 +mv /etc/15-automount /etc/hotplug.d/block/ + + + diff --git a/package/lean/autosamba/Makefile b/package/lean/autosamba/Makefile new file mode 100644 index 000000000..f6d765da7 --- /dev/null +++ b/package/lean/autosamba/Makefile @@ -0,0 +1,35 @@ +# +# Copyright (C) 2010-2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=autosamba +PKG_VERSION:=1 +PKG_RELEASE:=9 +PKG_ARCH:=all + +include $(INCLUDE_DIR)/package.mk + +define Package/autosamba + TITLE:=Samba autoconfig hotplug script. + MAINTAINER:=Lean + DEPENDS:=+luci-app-samba +endef + +define Package/autosamba/description +A hotplug script to config Samba share automatically. +endef + +define Build/Compile +endef + +define Package/autosamba/install + $(INSTALL_DIR) $(1)/etc/hotplug.d/block + $(INSTALL_BIN) ./files/20-smb $(1)/etc/hotplug.d/block/20-smb +endef + +$(eval $(call BuildPackage,autosamba)) diff --git a/package/lean/autosamba/files/20-smb b/package/lean/autosamba/files/20-smb new file mode 100755 index 000000000..7a2056cd0 --- /dev/null +++ b/package/lean/autosamba/files/20-smb @@ -0,0 +1,105 @@ +#!/bin/sh +# +# D-Team Technology Co.,Ltd. ShenZhen +# 浣滆:Vic +# +# +# 璀﹀憡:瀵圭潃灞忓箷鐨勫摜浠,鎴戜滑鍏佽浣犱娇鐢ㄦ鑴氭湰锛屼絾涓嶅厑璁镐綘鎶瑰幓浣滆呯殑淇℃伅,璇蜂繚鐣欒繖娈佃瘽銆 +# +. /lib/functions.sh +. /lib/functions/service.sh + +global=0 +config_file="/etc/config/samba" + +wait_for_init() { + for i in `seq 30` + do + [ -e /tmp/procd.done ] || { + sleep 1; continue; + } + return + done +} + +smb_handle() { + config_get path $1 path + if [ "$path" = "$2" ] ;then + global=1 + fi +} + +chk_en() { + config_get_bool autoshare $1 autoshare 1 + [ $autoshare -eq 0 ] && exit +} + +config_load samba +config_foreach chk_en samba + +device=`basename $DEVPATH` + +case "$ACTION" in + add) + + case "$device" in + sd*) ;; + md*) ;; + hd*);; + mmcblk*);; + *) return;; + esac + + path="/dev/$device" + + wait_for_init + + cat /proc/mounts | while read j + do + str=${j%% *} + if [ "$str" == $path ];then + strr=${j#* } + target=${strr%% *} + global=0 + config_foreach smb_handle sambashare $target + name=${target#*/mnt/} + + if [ $global -eq 0 ] ;then + echo -e "\n\nconfig sambashare" >> $config_file + echo -e "\toption auto '1'" >> $config_file + echo -e "\toption name '$name'" >> $config_file + echo -e "\toption path '$target'" >> $config_file + echo -e "\toption read_only 'no'" >> $config_file + echo -e "\toption guest_ok 'yes'" >> $config_file + echo -e "\toption create_mask '0666'" >> $config_file + echo -e "\toption dir_mask '0777'" >> $config_file + echo -e "\toption device '$device'" >> $config_file + /etc/init.d/samba reload + return + fi + fi + done + ;; + remove) + i=0 + while true + do + + dev=`uci get samba.@sambashare[$i].device` + [ $? -ne 0 ] && break + + [ "$dev" = "$device" ] && { + auto=`uci get samba.@sambashare[$i].auto` + [ $auto = "1" ] && { + mount_dir=`uci get samba.@sambashare[$i].name` + rm -rf /mnt/$device /mnt/$mount_dir + uci delete samba.@sambashare[$i] + uci commit + /etc/init.d/samba reload + return + } + } + let i+=1 + done + ;; +esac diff --git a/package/lean/ddns-scripts_aliyun/Makefile b/package/lean/ddns-scripts_aliyun/Makefile new file mode 100644 index 000000000..e35cef5a4 --- /dev/null +++ b/package/lean/ddns-scripts_aliyun/Makefile @@ -0,0 +1,72 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ddns-scripts_aliyun +PKG_VERSION:=1.0.0 +PKG_RELEASE:=1 + +PKG_LICENSE:=GPLv2 +PKG_MAINTAINER:=Sense + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE:=DDNS extension for AliYun.com + PKGARCH:=all + DEPENDS:=+ddns-scripts +wget +openssl-util +endef + +define Package/$(PKG_NAME)/description + Dynamic DNS Client scripts extension for AliYun.com +endef + +define Build/Configure +endef + +define Build/Compile + $(CP) ./*.sh $(PKG_BUILD_DIR) +endef + +define Package/$(PKG_NAME)/preinst + #!/bin/sh + # if NOT run buildroot then stop service + [ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop >/dev/null 2>&1 + exit 0 # suppress errors +endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/usr/lib/ddns + $(INSTALL_BIN) $(PKG_BUILD_DIR)/update_aliyun_com.sh $(1)/usr/lib/ddns +endef + +define Package/$(PKG_NAME)/postinst + #!/bin/sh + # remove old services file entries + /bin/sed -i '/aliyun\.com/d' $${IPKG_INSTROOT}/etc/ddns/services >/dev/null 2>&1 + /bin/sed -i '/aliyun\.com/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6 >/dev/null 2>&1 + # and create new + printf "%s\\t\\t%s\\n" '"aliyun.com"' '"update_aliyun_com.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services + printf "%s\\t\\t%s\\n" '"aliyun.com"' '"update_aliyun_com.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services_ipv6 + # on real system restart service if enabled + [ -z "$${IPKG_INSTROOT}" ] && { + /etc/init.d/ddns enabled && \ + /etc/init.d/ddns start >/dev/null 2>&1 + } + exit 0 # suppress errors +endef + +define Package/$(PKG_NAME)/prerm + #!/bin/sh + # if NOT run buildroot then stop service + [ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop >/dev/null 2>&1 + # remove services file entries + /bin/sed -i '/aliyun\.com/d' $${IPKG_INSTROOT}/etc/ddns/services >/dev/null 2>&1 + /bin/sed -i '/aliyun\.com/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6 >/dev/null 2>&1 + exit 0 # suppress errors +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/lean/ddns-scripts_aliyun/update_aliyun_com.sh b/package/lean/ddns-scripts_aliyun/update_aliyun_com.sh new file mode 100755 index 000000000..89ee909ce --- /dev/null +++ b/package/lean/ddns-scripts_aliyun/update_aliyun_com.sh @@ -0,0 +1,233 @@ +#!/bin/sh +# +# 鐢ㄤ簬闃块噷浜戣В鏋愮殑DNS鏇存柊鑴氭湰 +# 2017-2018 Sense +# 闃块噷浜戣В鏋怉PI鏂囨。 https://help.aliyun.com/document_detail/29739.html +# +# 鏈剼鏈敱 dynamic_dns_functions.sh 鍐呯殑鍑芥暟 send_update() 璋冪敤 +# +# 闇瑕佸湪 /etc/config/ddns 涓缃殑閫夐」 +# option username - 闃块噷浜慉PI璁块棶璐﹀彿 Access Key ID銆傚彲閫氳繃 aliyun.com 甯愬彿绠$悊鐨 accesskeys 鑾峰彇, 鎴栬呰闂 https://ak-console.aliyun.com +# option password - 闃块噷浜慉PI璁块棶瀵嗛挜 Access Key Secret +# option domain - 瀹屾暣鐨勫煙鍚嶃傚缓璁富鏈轰笌鍩熷悕涔嬮棿浣跨敤 @绗﹀彿 鍒嗛殧锛屽惁鍒欏皢浠ョ涓涓 .绗﹀彿 涔嬪墠鐨勫唴瀹逛綔涓轰富鏈哄悕 +# + +# 妫鏌ヤ紶鍏ュ弬鏁 +[ -z "$username" ] && write_log 14 "閰嶇疆閿欒锛佷繚瀛橀樋閲屼簯API璁块棶璐﹀彿鐨'鐢ㄦ埛鍚'涓嶈兘涓虹┖" +[ -z "$password" ] && write_log 14 "閰嶇疆閿欒锛佷繚瀛橀樋閲屼簯API璁块棶瀵嗛挜鐨'瀵嗙爜'涓嶈兘涓虹┖" + +# 妫鏌ュ閮ㄨ皟鐢ㄥ伐鍏 +[ -n "$WGET_SSL" ] || write_log 13 "浣跨敤闃块噷浜慉PI闇瑕 GNU Wget 鏀寔锛岃鍏堝畨瑁" +command -v sed >/dev/null 2>&1 || write_log 13 "浣跨敤闃块噷浜慉PI闇瑕 sed 鏀寔锛岃鍏堝畨瑁" +command -v openssl >/dev/null 2>&1 || write_log 13 "浣跨敤闃块噷浜慉PI闇瑕 openssl-util 鏀寔锛岃鍏堝畨瑁" + +# 鍖呭惈鐢ㄤ簬瑙f瀽 JSON 鏍煎紡杩斿洖鍊肩殑鍑芥暟 +. /usr/share/libubox/jshn.sh + +# 鍙橀噺澹版槑 +local __HOST __DOMAIN __TYPE __URLBASE __CMDBASE __URLARGS __SEPARATOR __RECID +[ $use_https -eq 0 ] && __URLBASE="http://alidns.aliyuncs.com/" || __URLBASE="https://alidns.aliyuncs.com/" +__SEPARATOR="&" + +# 浠 $domain 鍒嗙涓绘満鍜屽煙鍚 +[ "${domain:0:2}" == "@." ] && domain="${domain/./}" # 涓诲煙鍚嶅鐞 +[ "$domain" == "${domain/@/}" ] && domain="${domain/./@}" # 鏈壘鍒板垎闅旂锛屽吋瀹瑰父鐢ㄥ煙鍚嶆牸寮 +__HOST="${domain%%@*}" +__DOMAIN="${domain#*@}" +[ -z "$__HOST" -o "$__HOST" == "$__DOMAIN" ] && __HOST="@" + +# 璁剧疆璁板綍绫诲瀷 +[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA" + +# 鏋勯犲熀鏈氫俊鍛戒护 +build_command() { + __CMDBASE="$WGET_SSL -nv -t 1 -O $DATFILE -o $ERRFILE" + # 缁戝畾鐢ㄤ簬閫氫俊鐨勪富鏈/IP + if [ -n "$bind_network" ]; then + local bind_ip run_prog + [ $use_ipv6 -eq 0 ] && run_prog="network_get_ipaddr" || run_prog="network_get_ipaddr6" + eval "$run_prog bind_ip $bind_network" || \ + write_log 13 "鏃犳硶浣跨敤 '$run_prog $bind_network' 鑾峰彇鏈湴IP鍦板潃 - 閿欒浠g爜: '$?'" + write_log 7 "寮哄埗浣跨敤IP '$bind_ip' 閫氫俊" + __CMDBASE="$__CMDBASE --bind-address=$bind_ip" + fi + # 寮哄埗璁惧畾IP鐗堟湰 + if [ $force_ipversion -eq 1 ]; then + [ $use_ipv6 -eq 0 ] && __CMDBASE="$__CMDBASE -4" || __CMDBASE="$__CMDBASE -6" + fi + # 璁剧疆CA璇佷功鍙傛暟 + if [ $use_https -eq 1 ]; then + if [ "$cacert" = "IGNORE" ]; then + __CMDBASE="$__CMDBASE --no-check-certificate" + elif [ -f "$cacert" ]; then + __CMDBASE="$__CMDBASE --ca-certificate=${cacert}" + elif [ -d "$cacert" ]; then + __CMDBASE="$__CMDBASE --ca-directory=${cacert}" + elif [ -n "$cacert" ]; then + write_log 14 "鍦 '$cacert' 涓湭鎵惧埌鐢ㄤ簬 HTTPS 閫氫俊鐨勬湁鏁堣瘉涔" + fi + fi + # 濡傛灉娌℃湁璁剧疆锛岀鐢ㄤ唬鐞 (杩欏彲鑳芥槸 .wgetrc 鎴栫幆澧冭缃敊璇) + [ -z "$proxy" ] && __CMDBASE="$__CMDBASE --no-proxy" +} + +# 鐢ㄤ簬闃块噷浜慉PI鐨勯氫俊鍑芥暟 +aliyun_transfer() { + local __PARAM=$* + local __CNT=0 + local __RUNPROG __ERR PID_SLEEP + + [ $# -eq 0 ] && write_log 12 "'aliyun_transfer()' 鍑洪敊 - 鍙傛暟鏁伴噺閿欒" + + while : ; do + build_Request $__PARAM + __RUNPROG="$__CMDBASE '${__URLBASE}?${__URLARGS}'" + + write_log 7 "#> $__RUNPROG" + eval $__RUNPROG + __ERR=$? + [ $__ERR -eq 0 ] && return 0 + + write_log 3 "wget 閿欒浠g爜: '$__ERR'" + write_log 7 "$(cat $ERRFILE)" + + if [ $VERBOSE -gt 1 ]; then + write_log 4 "浼犺緭澶辫触 - 璇︾粏妯″紡: $VERBOSE - 鍑洪敊鍚庝笉鍐嶉噸璇" + return 1 + fi + + __CNT=$(( $__CNT + 1 )) + [ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \ + write_log 14 "$retry_count 娆¢噸璇曞悗浼犺緭杩樻槸澶辫触" + + write_log 4 "浼犺緭澶辫触 - $__CNT/$retry_count 鍦 $RETRY_SECONDS 绉掑悗閲嶈瘯" + sleep $RETRY_SECONDS & + PID_SLEEP=$! + wait $PID_SLEEP + PID_SLEEP=0 + done +} + +# 鐧惧垎鍙风紪鐮 +percentEncode() { + if [ -z "${1//[A-Za-z0-9_.~-]/}" ]; then + echo -n "$1" + else + local string=$1; local i=0; local ret chr + while [ $i -lt ${#string} ]; do + chr=${string:$i:1} + [ -z "${chr#[^A-Za-z0-9_.~-]}" ] && chr=$(printf '%%%02X' "'$chr") + ret="$ret$chr" + i=$(( $i + 1 )) + done + echo -n "$ret" + fi +} + +# 鏋勯犻樋閲屼簯瑙f瀽璇锋眰鍙傛暟 +build_Request() { + local args=$*; local string + local HTTP_METHOD="GET" + + # 娣诲姞璇锋眰鍙傛暟 + __URLARGS= + for string in $args; do + case "${string%%=*}" in + Format|Version|AccessKeyId|SignatureMethod|Timestamp|SignatureVersion|SignatureNonce|Signature) ;; # 杩囨护鍏叡鍙傛暟 + *) __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}");; + esac + done + __URLARGS="${__URLARGS:1}" + + # 闄勫姞鍏叡鍙傛暟 + string="Format=JSON"; __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + string="Version=2015-01-09"; __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + string="AccessKeyId=$username"; __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + string="SignatureMethod=HMAC-SHA1"; __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + string="Timestamp="$(date -u '+%Y-%m-%dT%H:%M:%SZ'); __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + string="SignatureVersion=1.0"; __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + string="SignatureNonce="$(cat '/proc/sys/kernel/random/uuid'); __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") + + # 瀵硅姹傚弬鏁拌繘琛屾帓搴忥紝鐢ㄤ簬鐢熸垚绛惧悕 + string=$(echo -n "$__URLARGS" | sed 's/\'"${__SEPARATOR}"'/\n/g' | sort | sed ':label; N; s/\n/\'"${__SEPARATOR}"'/g; b label') + # 鏋勯犵敤浜庤绠楃鍚嶇殑瀛楃涓 + string="${HTTP_METHOD}${__SEPARATOR}"$(percentEncode "/")"${__SEPARATOR}"$(percentEncode "$string") + # 瀛楃涓茶绠楃鍚岺MAC鍊 + local signature=$(echo -n "$string" | openssl dgst -sha1 -hmac "${password}&" -binary) + # HMAC鍊肩紪鐮佹垚瀛楃涓诧紝寰楀埌绛惧悕鍊 + signature=$(echo -n "$signature" | openssl base64) + + # 闄勫姞绛惧悕鍙傛暟 + string="Signature=$signature"; __URLARGS="$__URLARGS${__SEPARATOR}"$(percentEncode "${string%%=*}")"="$(percentEncode "${string#*=}") +} + +# 娣诲姞瑙f瀽璁板綍 +add_domain() { + local value + aliyun_transfer "Action=AddDomainRecord" "DomainName=${__DOMAIN}" "RR=${__HOST}" "Type=${__TYPE}" "Value=${__IP}" || write_log 14 "鏈嶅姟鍣ㄩ氫俊澶辫触" + json_cleanup; json_load "$(cat "$DATFILE" 2> /dev/null)" >/dev/null 2>&1 + json_get_var value "RecordId" + [ -z "$value" ] && write_log 14 "娣诲姞鏂拌В鏋愯褰曞け璐" + write_log 7 "娣诲姞鏂拌В鏋愯褰曟垚鍔" + return 0 +} + +# 淇敼瑙f瀽璁板綍 +update_domain() { + local value + aliyun_transfer "Action=UpdateDomainRecord" "RecordId=${__RECID}" "RR=${__HOST}" "Type=${__TYPE}" "Value=${__IP}" || write_log 14 "鏈嶅姟鍣ㄩ氫俊澶辫触" + json_cleanup; json_load "$(cat "$DATFILE" 2> /dev/null)" >/dev/null 2>&1 + json_get_var value "RecordId" + [ -z "$value" ] && write_log 14 "淇敼瑙f瀽璁板綍澶辫触" + write_log 7 "淇敼瑙f瀽璁板綍鎴愬姛" + return 0 +} + +# 鍚敤瑙f瀽璁板綍 +enable_domain() { + local value + aliyun_transfer "Action=SetDomainRecordStatus" "RecordId=${__RECID}" "Status=Enable" || write_log 14 "鏈嶅姟鍣ㄩ氫俊澶辫触" + json_cleanup; json_load "$(cat "$DATFILE" 2> /dev/null)" >/dev/null 2>&1 + json_get_var value "Status" + [ "$value" != "Enable" ] && write_log 14 "鍚敤瑙f瀽璁板綍澶辫触" + write_log 7 "鍚敤瑙f瀽璁板綍鎴愬姛" + return 0 +} + +# 鑾峰彇瀛愬煙鍚嶈В鏋愯褰曞垪琛 +describe_domain() { + local value type; local ret=0 + aliyun_transfer "Action=DescribeSubDomainRecords" "SubDomain=${__HOST}.${__DOMAIN}" || write_log 14 "鏈嶅姟鍣ㄩ氫俊澶辫触" + json_cleanup; json_load "$(cat "$DATFILE" 2> /dev/null)" >/dev/null 2>&1 + json_get_var value "TotalCount" + if [ $value -eq 0 ]; then + write_log 7 "瑙f瀽璁板綍涓嶅瓨鍦" + ret=1 + else + json_select "DomainRecords" >/dev/null 2>&1 + json_select "Record" >/dev/null 2>&1 + json_select 1 >/dev/null 2>&1 + json_get_var value "Locked" + [ $value -ne 0 ] && write_log 14 "瑙f瀽璁板綍琚攣瀹" + json_get_var __RECID "RecordId" + write_log 7 "鑾峰緱瑙f瀽璁板綍ID: ${__RECID}" + json_get_var value "Status" + [ "$value" != "ENABLE" ] && ret=$(( $ret | 2 )) && write_log 7 "瑙f瀽璁板綍琚鐢" + json_get_var type "Type" + json_get_var value "Value" + [ "$type" != "${__TYPE}" -o "$value" != "${__IP}" ] && ret=$(( $ret | 4 )) && write_log 7 "鍦板潃鎴栫被鍨嬮渶瑕佷慨鏀" + fi + return $ret +} + +build_command +describe_domain +ret=$? +if [ $ret -eq 1 ]; then + sleep 3 && add_domain +else + [ $(( $ret & 2 )) -ne 0 ] && sleep 3 && enable_domain + [ $(( $ret & 4 )) -ne 0 ] && sleep 3 && update_domain +fi + +return 0 diff --git a/package/lean/default-settings/Makefile b/package/lean/default-settings/Makefile new file mode 100644 index 000000000..2db989464 --- /dev/null +++ b/package/lean/default-settings/Makefile @@ -0,0 +1,49 @@ +# +# Copyright (C) 2016-2017 GitHub +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. + +include $(TOPDIR)/rules.mk + +PKG_NAME:=default-settings +PKG_VERSION:=1.0 +PKG_RELEASE:=63 +PKG_LICENSE:=GPLv3 +PKG_LICENSE_FILES:=LICENSE + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/default-settings + SECTION:=luci + CATEGORY:=LuCI + TITLE:=LuCI support for Default Settings + PKGARCH:=all + DEPENDS:=+@LUCI_LANG_zh-cn +endef + +define Package/default-settings/description + Language Support Packages. +endef + +define Build/Prepare + $(foreach po,$(wildcard ${CURDIR}/i18n/*.po), \ + po2lmo $(po) $(PKG_BUILD_DIR)/$(patsubst %.po,%.lmo,$(notdir $(po)));) +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/default-settings/install + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DATA) $(PKG_BUILD_DIR)/*.lmo $(1)/usr/lib/lua/luci/i18n/ + $(INSTALL_BIN) ./files/zzz-default-settings $(1)/etc/uci-defaults/99-default-settings +endef + +$(eval $(call BuildPackage,default-settings)) diff --git a/package/lean/default-settings/files/zzz-default-settings b/package/lean/default-settings/files/zzz-default-settings new file mode 100755 index 000000000..d80d6c20d --- /dev/null +++ b/package/lean/default-settings/files/zzz-default-settings @@ -0,0 +1,72 @@ +#!/bin/sh + +uci set luci.main.lang=zh_cn +uci commit luci + +uci set system.@system[0].timezone=CST-8 +uci set system.@system[0].zonename=Asia/Shanghai +uci commit system + +uci set fstab.@global[0].anon_mount=1 +uci commit fstab + +rm -f /usr/lib/lua/luci/view/admin_status/index/mwan.htm +rm -f /usr/lib/lua/luci/view/admin_status/index/upnp.htm +rm -f /usr/lib/lua/luci/view/admin_status/index/ddns.htm +rm -f /usr/lib/lua/luci/view/admin_status/index/minidlna.htm + +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/aria2.lua +sed -i 's/services/nas/g' /usr/lib/lua/luci/view/aria2/overview_status.htm +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/hd_idle.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/samba.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/minidlna.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/transmission.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/mjpg-streamer.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/p910nd.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/usb_printer.lua +sed -i 's/\"services\"/\"nas\"/g' /usr/lib/lua/luci/controller/xunlei.lua + +sed -i 's/services/nas/g' /usr/lib/lua/luci/view/minidlna_status.htm +uci set minidlna.config.enabled=0 +uci commit minidlna +/etc/init.d/minidlna stop + +ln -sf /sbin/ip /usr/bin/ip + +sed -i 's/downloads.openwrt.org/openwrt.proxy.ustclug.org/g' /etc/opkg/distfeeds.conf +sed -i 's/root::0:0:99999:7:::/root:$1$V4UetPzk$CYXluq4wUazHjmCDBCqXF.:0:0:99999:7:::/g' /etc/shadow + +sed -i "s/# //g" /etc/opkg/distfeeds.conf + +uci set dhcp.lan.ra='server' +uci set dhcp.lan.dhcpv6='server' +uci set dhcp.lan.ra_management='1' +uci set dhcp.lan.ra_default='1' +uci commit dhcp + +uci set upnpd.config.enabled='1' +uci set upnpd.config.igdv1='1' +uci commit upnpd + +sed -i '/REDIRECT --to-ports 53/d' /etc/firewall.user +echo "iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53" >> /etc/firewall.user +echo "iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53" >> /etc/firewall.user + +sed -i '/option disabled/d' /etc/config/wireless +sed -i '/set wireless.radio${devidx}.disabled/d' /lib/wifi/mac80211.sh +wifi up + +sed -i '/DISTRIB_REVISION/d' /etc/openwrt_release +echo "DISTRIB_REVISION='R8.1.8 By Lean'" >> /etc/openwrt_release +sed -i '/DISTRIB_DESCRIPTION/d' /etc/openwrt_release +echo "DISTRIB_DESCRIPTION='OpenWrt '" >> /etc/openwrt_release + +sed -i 's/cbi.submit\"] = true/cbi.submit\"] = \"1\"/g' /usr/lib/lua/luci/dispatcher.lua + +rm -rf /tmp/luci-modulecache/ +rm -f /tmp/luci-indexcache + +exit 0 + + + diff --git a/package/lean/default-settings/i18n/default.zh-cn.po b/package/lean/default-settings/i18n/default.zh-cn.po new file mode 100644 index 000000000..b87b9c714 --- /dev/null +++ b/package/lean/default-settings/i18n/default.zh-cn.po @@ -0,0 +1,53 @@ +msgid "Processor" +msgstr "澶勭悊鍣" + +msgid "Architecture" +msgstr "鏋舵瀯" + +msgid "CPU Temperature" +msgstr "CPU娓╁害" + +msgid "CPU Info" +msgstr "CPU淇℃伅" + +msgid "CPU Model" +msgstr "澶勭悊鍣ㄥ瀷鍙" + +msgid "CPU frequency" +msgstr "CPU棰戠巼" + +msgid "RAM frequency" +msgstr "RAM棰戠巼" + +msgid "Flash Size" +msgstr "闂瓨澶у皬" + +msgid "Free Memory" +msgstr "閲婃斁鍐呭瓨" + +msgid "RUNNING" +msgstr "杩愯涓" + +msgid "NOT RUNNING" +msgstr "鏈繍琛" + +msgid "ZRam Settings" +msgstr "ZRam 璁剧疆" + +msgid "ZRam Compression Algorithm" +msgstr "ZRAM鍘嬬缉绠楁硶" + +msgid "ZRam Compression Streams" +msgstr "ZRam 鍘嬬缉鏁版嵁娴佺嚎绋嬫暟" + +msgid "ZRam Size" +msgstr "ZRam 澶у皬" + +msgid "Size of the ZRam device in megabytes" +msgstr "鍒掑垎缁橺Ram 鍒嗗尯鐨勫唴瀛樺ぇ灏忥紙MB锛夛紝鎺ㄨ崘鐣欑┖鐢辩郴缁熻嚜鍔ㄧ鐞" + +msgid "Number of parallel threads used for compression" +msgstr "鐢ㄤ簬鍘嬬缉鍐呭瓨鏁版嵁鐨凜PU骞跺彂绾跨▼鏁" + +msgid "Swap" +msgstr "铏氭嫙鍐呭瓨" diff --git a/package/lean/default-settings/i18n/more.zh-cn.po b/package/lean/default-settings/i18n/more.zh-cn.po new file mode 100644 index 000000000..c602be14c --- /dev/null +++ b/package/lean/default-settings/i18n/more.zh-cn.po @@ -0,0 +1,1037 @@ +msgid "" +msgstr "" +"Content-Type: text/plain; charset=UTF-8\n" +"Last-Translator: Hsing-Wang Liao \n" + +msgid "%d hour" +msgstr "%d 灏忔椂" + +msgid "%d minute" +msgstr "%d 鍒嗛挓" + +msgid "%d minutes" +msgstr "%d 鍒嗛挓" + +msgid "%d second" +msgstr "%d 绉" + +msgid "%d seconds" +msgstr "%d 绉" + +msgid "" +"Acceptable values: 1-100. This many Tracking IP addresses must respond for " +"the link to be deemed up" +msgstr "" +"鍙栧艰寖鍥: 1-100銆傝繖涓缃」鎸囧畾浜嗗綋澶氬皯涓 IP 鍦板潃鑳藉杩為氭椂鎺ュ彛浼氳璁や负鍦ㄧ嚎" + +msgid "Acceptable values: 1-1000. Defaults to 1 if not set" +msgstr "鍙栧艰寖鍥: 1-100銆傚鏋滀笉濉啓锛岄粯璁ゅ间负 1" + +msgid "Advanced" +msgstr "楂樼骇" + +msgid "Check IP rules" +msgstr "妫鏌 IP 瑙勫垯" + +msgid "Check routing table" +msgstr "妫鏌ヨ矾鐢辫〃" + +msgid "Collecting data..." +msgstr "姝e湪鏀堕泦鏁版嵁..." + +msgid "Configuration" +msgstr "閰嶇疆" + +msgid "Currently Configured Interfaces" +msgstr "褰撳墠閰嶇疆鐨勬帴鍙" + +msgid "Currently Configured Members" +msgstr "褰撳墠閰嶇疆鐨勬垚鍛" + +msgid "Currently Configured Policies" +msgstr "褰撳墠閰嶇疆鐨勭瓥鐣" + +msgid "Destination address" +msgstr "鐩爣鍦板潃" + +msgid "Destination port" +msgstr "鐩爣绔彛" + +msgid "Detailed Status" +msgstr "璇︾粏鐘舵" + +msgid "Diagnostic Results" +msgstr "璇婃柇缁撴灉" + +msgid "Diagnostics" +msgstr "璇婃柇" + +msgid "Disabled" +msgstr "绂佺敤" + +msgid "" +"Downed interface will be deemed up after this many successful ping tests" +msgstr "褰 Ping 鎴愬姛娆℃暟杈惧埌杩欎釜鏁板煎悗锛屽凡缁忚璁や负绂荤嚎鐨勬帴鍙e皢浼氶噸鏂颁笂绾" + +msgid "Enabled" +msgstr "鍚敤" + +msgid "Error collecting troubleshooting information" +msgstr "鏀堕泦鏁呴殰鎺掗櫎淇℃伅鏃跺嚭閿" + +msgid "Errors" +msgstr "閿欒" + +msgid "Failure interval" +msgstr "鏁呴殰妫娴嬮棿闅" + +msgid "Flush conntrack table" +msgstr "鍒锋柊杩炴帴璺熻釜琛" + +msgid "Flush global firewall conntrack table on interface events" +msgstr "鍦ㄦ帴鍙d簨浠惰Е鍙戞椂鍒锋柊鍏ㄥ眬闃茬伀澧欒繛鎺ヨ窡韪〃" + +msgid "Hotplug Script" +msgstr "Hotplug 鑴氭湰" + +msgid "Hotplug ifdown" +msgstr "Hotplug ifdown" + +msgid "Hotplug ifup" +msgstr "Hotplug ifup" + +msgid "IPset" +msgstr "IPset" + +msgid "IPv4" +msgstr "IPv4" + +msgid "IPv6" +msgstr "IPv6" + +msgid "Interface" +msgstr "鎺ュ彛" + +msgid "Interface Status" +msgstr "鎺ュ彛鐘舵" + +msgid "Interface down" +msgstr "鎺ュ彛绂荤嚎" + +msgid "Interface up" +msgstr "鎺ュ彛涓婄嚎" + +msgid "Interface will be deemed down after this many failed ping tests" +msgstr "褰 Ping 澶辫触娆℃暟杈惧埌杩欎釜鏁板煎悗鎺ュ彛浼氳璁や负绂荤嚎" + +msgid "Interfaces" +msgstr "鎺ュ彛" + +msgid "Internet Protocol" +msgstr "浜掕仈缃戝崗璁" + +msgid "Last 50 MWAN systemlog entries. Newest entries sorted at the top :" +msgstr "鏈杩 50 鏉 MWAN 绯荤粺鏃ュ織锛屾渶鏂版潯鐩帓鍦ㄩ《閮:" + +msgid "Last resort" +msgstr "澶囩敤鎴愬憳" + +msgid "Load Balancing" +msgstr "璐熻浇鍧囪 " + +msgid "Loading" +msgstr "杞藉叆涓" + +msgid "MWAN Config" +msgstr "MWAN 閰嶇疆鏂囦欢" + +msgid "MWAN Detailed Status" +msgstr "MWAN 璇︾粏鐘舵" + +msgid "MWAN Interface Configuration" +msgstr "MWAN 鎺ュ彛閰嶇疆" + +msgid "MWAN Interface Configuration - %s" +msgstr "MWAN 鎺ュ彛閰嶇疆 - %s" + +msgid "MWAN Interface Diagnostics" +msgstr "MWAN 鎺ュ彛璇婃柇" + +msgid "MWAN Interface Live Status" +msgstr "MWAN 鎺ュ彛瀹炴椂鐘舵" + +msgid "MWAN Interface Systemlog" +msgstr "MWAN 鎺ュ彛绯荤粺鏃ュ織" + +msgid "MWAN Member Configuration" +msgstr "MWAN 鎴愬憳閰嶇疆" + +msgid "MWAN Member Configuration - %s" +msgstr "MWAN 鎴愬憳閰嶇疆 - %s" + +msgid "MWAN Policy Configuration" +msgstr "MWAN 绛栫暐閰嶇疆" + +msgid "MWAN Policy Configuration - %s" +msgstr "MWAN 绛栫暐閰嶇疆 - %s" + +msgid "MWAN Rule Configuration" +msgstr "MWAN 瑙勫垯閰嶇疆" + +msgid "MWAN Rule Configuration - %s" +msgstr "MWAN 瑙勫垯閰嶇疆 - %s" + +msgid "MWAN Service Control" +msgstr "MWAN 鏈嶅姟鎺у埗" + +msgid "" +"MWAN supports up to 250 physical and/or logical interfaces
MWAN " +"requires that all interfaces have a unique metric configured in /etc/config/" +"network
Names must match the interface name found in /etc/config/" +"network (see advanced tab)
Names may contain characters A-Z, a-z, 0-9, " +"_ and no spaces
Interfaces may not share the same name as configured " +"members, policies or rules" +msgstr "" +"MWAN 鏀寔鏈澶 250 涓墿鐞嗘垨閫昏緫鎺ュ彛銆
MWAN 瑕佹眰鎵鏈夋帴鍙e繀椤诲湪 /etc/" +"config/network 涓瀹氬敮涓鐨勭綉鍏宠穬鐐广
鍚嶇О蹇呴』涓 /etc/config/network 涓" +"鐨勬帴鍙e悕绉板尮閰嶃傦紙鍙煡鐪嬧滈珮绾р濋夐」鍗★級
鍚嶇О鍏佽鍖呮嫭A-Z銆乤-z銆0-9銆乢 浣嗘槸" +"涓嶈兘鏈夌┖鏍笺
鎺ュ彛涓嶅簲璇ヤ笌鎴愬憳銆佺瓥鐣ャ佽鍒欎腑鐨勪换鎰忎竴涓缃」浣跨敤鐩稿悓鐨勫悕" +"绉" + +msgid "" +"May be entered as a single or multiple port(s) (eg \"22\" or \"80,443\") or " +"as a portrange (eg \"1024:2048\") without quotes" +msgstr "" +"鍙互杈撳叆涓涓垨澶氫釜绔彛锛堜緥濡 \"22\" 鎴栬 \"80,443\"锛夋垨鑰呮槸涓涓鍙h寖鍥达紙渚" +"濡 \"1024:2048\"锛変笉鍚紩鍙" + +msgid "Member" +msgstr "鎴愬憳" + +msgid "Member used" +msgstr "浣跨敤鐨勬垚鍛" + +msgid "Members" +msgstr "鎴愬憳" + +msgid "" +"Members are profiles attaching a metric and weight to an MWAN interface
Names may contain characters A-Z, a-z, 0-9, _ and no spaces
Members " +"may not share the same name as configured interfaces, policies or rules" +msgstr "" +"鈥滄垚鍛樷濈敤鏉ヨ缃瘡涓涓 MWAN 鎺ュ彛鐨勮穬鐐规暟锛堝嵆鎺ュ彛浼樺厛绾э級鍜屾墍鍗犳瘮閲嶃
鍚嶇О" +"鍏佽鍖呮嫭 A-Z銆 a-銆0-9銆乢 浣嗘槸涓嶈兘鏈夌┖鏍笺
鎴愬憳涓嶅簲璇ヤ笌鎺ュ彛銆佺瓥鐣ャ佽鍒" +"涓殑浠绘剰涓涓缃」浣跨敤鐩稿悓鐨勫悕绉" + +msgid "Members assigned" +msgstr "鍒嗛厤鐨勬垚鍛" + +msgid "Metric" +msgstr "璺冪偣鏁" + +msgid "" +"Name of IPset rule. Requires IPset rule in /etc/dnsmasq.conf (eg \"ipset=/" +"youtube.com/youtube\")" +msgstr "" +"鍖归厤 IPset 瑙勫垯鍒楄〃鍚嶇О銆傞渶瑕佸厛閰嶇疆 /etc/dnsmasq.conf 涓殑 IPset 瑙勫垯 (渚嬪: " +"\"ipset=/youtube.com/youtube\")" + +msgid "Network Config" +msgstr "缃戠粶閰嶇疆鏂囦欢" + +msgid "No" +msgstr "鍚" + +msgid "No MWAN interfaces found" +msgstr "娌℃湁鎵惧埌 MWAN 鎺ュ彛" + +msgid "No MWAN systemlog history found" +msgstr "娌℃湁鍦ㄧ郴缁熸棩蹇椾腑鎵惧埌 MWAN 鍘嗗彶淇℃伅" + +msgid "No detailed status information available" +msgstr "娌℃湁鐘舵佽缁嗕俊鎭彲鐢" + +msgid "No diagnostic results returned" +msgstr "娌℃湁杩斿洖璇婃柇缁撴灉" + +msgid "No protocol specified" +msgstr "鏈寚瀹氬崗璁" + +msgid "Offline" +msgstr "绂荤嚎" + +msgid "Online (tracking active)" +msgstr "鍦ㄧ嚎锛堣拷韪惎鐢ㄤ腑锛" + +msgid "Online (tracking off)" +msgstr "鍦ㄧ嚎锛堣拷韪凡鍏抽棴锛" + +msgid "Overview" +msgstr "姒傚喌" + +msgid "Ping count" +msgstr "Ping 璁℃暟" + +msgid "Ping default gateway" +msgstr "Ping 榛樿缃戝叧" + +msgid "Ping interval" +msgstr "Ping 闂撮殧" + +msgid "Ping interval during failure detection" +msgstr "鏁呴殰妫娴嬫湡闂寸殑 Ping 闂撮殧" + +msgid "Ping interval during failure recovering" +msgstr "鏁呴殰鎭㈠鏈熼棿鐨 Ping 闂撮殧" + +msgid "Ping size" +msgstr "Ping 澶у皬" + +msgid "Ping timeout" +msgstr "Ping 瓒呮椂" + +msgid "Ping tracking IP" +msgstr "Ping 璺熻釜 IP" + +msgid "Policies" +msgstr "绛栫暐" + +msgid "" +"Policies are profiles grouping one or more members controlling how MWAN " +"distributes traffic
Member interfaces with lower metrics are used " +"first. Interfaces with the same metric load-balance
Load-balanced " +"member interfaces distribute more traffic out those with higher weights
Names may contain characters A-Z, a-z, 0-9, _ and no spaces. Names must be " +"15 characters or less
Policies may not share the same name as " +"configured interfaces, members or rules" +msgstr "" +"鈥滅瓥鐣モ濇妸鎴愬憳杩涜鍒嗙粍锛屽憡璇 MWAN 濡備綍鍒嗛厤鈥滆鍒欌濅腑浣跨敤杩欎竴绛栫暐鐨勬祦閲
鎷ユ湁" +"杈冧綆璺冪偣鏁扮殑鎴愬憳灏嗕細琚紭鍏堜娇鐢ㄣ傛嫢鏈夌浉鍚岃穬鐐规暟鐨勬垚鍛樻妸娴侀噺杩涜璐熻浇鍧囪 銆
杩涜璐熻浇鍧囪 鐨勬垚鍛樹箣闂存嫢鏈夎緝楂樻瘮閲嶇殑鎴愬憳灏嗕細琚垎閰嶅埌鏇村娴侀噺銆
鍚嶇О鍏佽" +"鍖呮嫭A-Z銆乤-z銆0-9銆乢 浣嗘槸涓嶈兘鏈夌┖鏍笺傚悕绉板簲璇ュ湪 15 涓瓧绗︿互鍐
绛栫暐涓嶅簲璇" +"涓庢帴鍙c佹垚鍛樸佽鍒欎腑鐨勪换鎰忎竴涓缃」浣跨敤鐩稿悓鐨勫悕绉" + +msgid "Policy" +msgstr "绛栫暐" + +msgid "Policy assigned" +msgstr "鍒嗛厤鐨勭瓥鐣" + +msgid "Protocol" +msgstr "閫氫俊鍗忚" + +msgid "Recovery interval" +msgstr "鏁呴殰鎭㈠闂撮殧" + +msgid "Restart MWAN" +msgstr "閲嶅惎 MWAN" + +msgid "Restore default hotplug script" +msgstr "鎭㈠榛樿鐨 hotplug 鑴氭湰" + +msgid "Restore..." +msgstr "鎭㈠..." + +msgid "Rule" +msgstr "瑙勫垯" + +msgid "Rules" +msgstr "瑙勫垯" + +msgid "" +"Rules specify which traffic will use a particular MWAN policy based on IP " +"address, port or protocol
Rules are matched from top to bottom. Rules " +"below a matching rule are ignored. Traffic not matching any rule is routed " +"using the main routing table
Traffic destined for known (other than " +"default) networks is handled by the main routing table. Traffic matching a " +"rule, but all WAN interfaces for that policy are down will be blackholed
Names may contain characters A-Z, a-z, 0-9, _ and no spaces
Rules may " +"not share the same name as configured interfaces, members or policies" +msgstr "" +"鈥滆鍒欌濆熀浜 IP 鍦板潃銆佸崗璁佺鍙f妸娴侀噺鍒掑垎鍒版寚瀹氱殑鈥滅瓥鐣モ濅腑銆
瑙勫垯鎸夌収浠庝笂" +"鍒颁笅鐨勯『搴忚繘琛屽尮閰嶃傞櫎浜嗙涓鏉¤兘澶熷尮閰嶄竴娆¢氫俊鐨勮鍒欎互澶栵紝鍏跺畠瑙勫垯灏嗚蹇界暐銆" +"涓嶅尮閰嶄换浣曡鍒欑殑閫氫俊灏嗕細鐢辩郴缁熼粯璁よ矾鐢辫〃杩涜銆
鏉ヨ嚜宸茬煡鐨勭綉缁滅殑杞彂娴侀噺" +"鐢辩郴缁熼粯璁よ矾鐢辫〃鎺ユ墜锛岀劧鍚 MWAN 浠庝腑鍖归厤鍑虹浉搴旂殑娴侀噺骞惰浆绉诲埌 MWAN 鑷繁鐨勮矾鐢" +"琛ㄣ備絾鏄墍鏈夎鍒掑垎鍒颁竴涓棤娉曚娇鐢ㄧ殑绛栫暐鐨勬祦閲忓皢浼氭棤娉曟甯歌繘琛岃矾鐢便
鍚嶇О" +"鍏佽鍖呮嫭A-Z銆乤-z銆0-9銆乢 浣嗘槸涓嶈兘鏈夌┖鏍笺
瑙勫垯涓嶅簲璇ヤ笌鎺ュ彛銆佹垚鍛樸佺瓥鐣ヤ腑" +"鐨勪换鎰忎竴涓缃」浣跨敤鐩稿悓鐨勫悕绉" + +msgid "Seconds. Acceptable values: 1-1000000. Defaults to 600 if not set" +msgstr "鍗曚綅涓虹銆傛帴鍙楃殑鍊: 1-1000000銆傜暀绌哄垯浣跨敤榛樿鍊 600 绉" + +msgid "Source address" +msgstr "婧愬湴鍧" + +msgid "Source port" +msgstr "婧愮鍙" + +msgid "Start MWAN" +msgstr "鍚姩 MWAN" + +msgid "Sticky" +msgstr "绮樻粸妯″紡" + +msgid "Sticky timeout" +msgstr "绮樻粸瓒呮椂" + +msgid "Stop MWAN" +msgstr "鍋滄 MWAN" + +msgid "Supports CIDR notation (eg \"192.168.100.0/24\") without quotes" +msgstr "鏀寔 CIDR 璁版硶锛堜緥濡: \"192.168.100.0/24\"锛変笉鍚紩鍙" + +msgid "There are currently %d of 250 supported interfaces configured" +msgstr "褰撳墠宸查厤缃 %d 涓帴鍙o紝鏈澶ф敮鎸 250 涓" + +msgid "" +"This displays the metric assigned to this interface in /etc/config/network" +msgstr "杩欓噷鏄剧ず浜嗚繖涓帴鍙e湪 /etc/config/network 涓厤缃殑璺冪偣鏁" + +msgid "" +"This hostname or IP address will be pinged to determine if the link is up or " +"down. Leave blank to assume interface is always online" +msgstr "閫氳繃 ping 姝や富鏈烘垨 IP 鍦板潃鏉ョ‘瀹氶摼璺槸鍚﹀湪绾裤傜暀绌哄垯璁や负鎺ュ彛濮嬬粓鍦ㄧ嚎" + +msgid "This section allows you to modify the contents of /etc/config/mwan3" +msgstr "杩欓噷鍏佽浣犱慨鏀 /etc/config/mwan3 鐨勫唴瀹" + +msgid "This section allows you to modify the contents of /etc/config/network" +msgstr "杩欓噷鍏佽浣犱慨鏀 /etc/config/network 鐨勫唴瀹" + +msgid "This section allows you to modify the contents of /etc/config/wireless" +msgstr "杩欓噷鍏佽浣犱慨鏀 /etc/config/wireless 鐨勫唴瀹" + +msgid "" +"This section allows you to modify the contents of /etc/hotplug.d/iface/16-" +"mwancustom
This is useful for running system commands and/or scripts " +"based on interface ifup or ifdown hotplug events

Notes:
The " +"first line of the script must be "#!/bin/sh" without quotes
Lines beginning with # are comments and are not executed

Available variables:
$ACTION is the hotplug event (ifup, ifdown)
" +"$INTERFACE is the interface name (wan1, wan2, etc.)
$DEVICE is the " +"device name attached to the interface (eth0.1, eth1, etc.)" +msgstr "" +"杩欓噷鍏佽浣犱慨鏀 /etc/hotplug.d/iface/16-mwancustom 鐨勫唴瀹
杩欏彲浠ュ湪鎺ュ彛 " +"ifup 鎴 ifdown Hotplug 浜嬩欢鏃惰繍琛岀郴缁熷懡浠ゆ垨鑴氭湰

娉ㄦ剰:
鑴氭湰鐨" +"绗竴琛屽繀椤绘槸 "#!/bin/sh" 涓嶅惈寮曞彿
浠ワ純寮澶寸殑琛屾槸娉ㄩ噴锛屼笉浼氭墽琛" +"

鍙敤鍙橀噺:
$ACTION 鏄 Hotplug 浜嬩欢锛坕fup, ifdown锛
" +"$INTERFACE 鏄帴鍙e悕绉帮紙wan1銆亀an2 绛夛級
$DEVICE 鏄繛鎺ュ埌鎺ュ彛鐨勮澶囧悕绉 " +"锛坋th0.1銆乪th1 绛夛級" + +msgid "Tracking IP" +msgstr "杩借釜鐨 IP" + +msgid "Tracking hostname or IP address" +msgstr "杩借釜鐨勪富鏈烘垨 IP 鍦板潃" + +msgid "Tracking reliability" +msgstr "杩借釜鍙潬鎬" + +msgid "Traffic Rules" +msgstr "娴侀噺瑙勫垯" + +msgid "" +"Traffic from the same source IP address that previously matched this rule " +"within the sticky timeout period will use the same WAN interface" +msgstr "" +"鏉ヨ嚜鐩稿悓婧 IP 鐨勬祦閲忥紝濡傛灉宸茬粡鍖归厤杩囨瑙勫垯骞朵笖鍦ㄧ矘婊炶秴鏃舵椂闂村唴锛屽皢浼氫娇鐢ㄧ浉鍚" +"鐨 WAN 鎺ュ彛" + +msgid "Troubleshooting" +msgstr "鏁呴殰鎺掗櫎" + +msgid "Troubleshooting Data" +msgstr "鏁呴殰鎺掗櫎鏁版嵁" + +msgid "View the contents of /etc/protocols for protocol descriptions" +msgstr "璇锋煡鐪 /etc/protocols 鑾峰彇鍙夊崗璁鎯" + +msgid "WARNING: %d interfaces are configured exceeding the maximum of 250!" +msgstr "璀﹀憡: 宸查厤缃 %d 涓帴鍙o紝瓒呰繃鏈澶у 250锛" + +msgid "" +"WARNING: Some policies have names exceeding the maximum of 15 characters!" +msgstr "璀﹀憡: 鏌愪簺绛栫暐鐨勫悕绉拌秴杩囦簡 15 涓瓧绗︼紒" + +msgid "" +"WARNING: some interfaces are configured incorrectly or not at all in /etc/" +"config/network!" +msgstr "璀﹀憡: 鏌愪簺鎺ュ彛閰嶇疆涓嶆纭垨鏈厤缃埌 /etc/config/network锛" + +msgid "" +"WARNING: some interfaces have a higher reliability requirement than there " +"are tracking IP addresses!" +msgstr "璀﹀憡: 鏌愪簺鎺ュ彛鐨勮拷韪彲闈犳ц姹傚ぇ浜庝簡杩借釜 IP 鍦板潃鎬绘暟锛" + +msgid "" +"WARNING: some interfaces have duplicate metrics configured in /etc/config/" +"network!" +msgstr "璀﹀憡: 鏌愪簺鎺ュ彛鍦 /etc/config/network 涓厤缃簡鐩稿悓鐨勮穬鐐规暟锛" + +msgid "" +"WARNING: some interfaces have no default route in the main routing table!" +msgstr "璀﹀憡: 鏌愪簺鎺ュ彛鍦ㄤ富璺敱琛ㄤ腑娌℃湁榛樿璺敱锛" + +msgid "" +"WARNING: some interfaces have no metric configured in /etc/config/network!" +msgstr "璀﹀憡: 鏌愪簺鎺ュ彛娌℃湁鍦 /etc/config/network 涓厤缃穬鐐规暟锛" + +msgid "" +"WARNING: some rules have a port configured with no or improper protocol " +"specified! Please configure a specific protocol!" +msgstr "" +"璀﹀憡: 鏌愪簺瑙勫垯鎸囧畾浜嗙鍙e嵈娌℃湁閰嶇疆鎴栭厤缃簡涓嶆纭殑鍗忚锛岃閲嶆柊鎸囧畾鍗忚锛" + +msgid "" +"WARNING: this and other interfaces have duplicate metrics configured in /etc/" +"config/network!" +msgstr "璀﹀憡: 姝ゆ帴鍙e拰鍏朵粬鎺ュ彛鍦 /etc/config/network 涓厤缃簡鐩稿悓鐨勮穬鐐规暟锛" + +msgid "" +"WARNING: this interface has a higher reliability requirement than there are " +"tracking IP addresses!" +msgstr "璀﹀憡: 姝ゆ帴鍙g殑杩借釜鍙潬鎬ц姹傚ぇ浜庝簡杩借釜 IP 鍦板潃鎬绘暟锛" + +msgid "WARNING: this interface has no default route in the main routing table!" +msgstr "璀﹀憡: 姝ゆ帴鍙e湪涓昏矾鐢辫〃涓病鏈夐粯璁よ矾鐢憋紒" + +msgid "" +"WARNING: this interface has no metric configured in /etc/config/network!" +msgstr "璀﹀憡: 姝ゆ帴鍙f病鏈夊湪 /etc/config/network 涓厤缃穬鐐规暟锛" + +msgid "" +"WARNING: this interface is configured incorrectly or not at all in /etc/" +"config/network!" +msgstr "璀﹀憡: 姝ゆ帴鍙i厤缃笉姝g‘鎴栨湭閰嶇疆鍒 /etc/config/network锛" + +msgid "" +"WARNING: this policy's name is %d characters exceeding the maximum of 15!" +msgstr "璀﹀憡: 姝ょ瓥鐣ョ殑鍚嶇О鍏锋湁 %d 涓瓧绗︼紝瓒呰繃浜 15 涓瓧绗︼紒" + +msgid "" +"WARNING: this rule is incorrectly configured with no or improper protocol " +"specified! Please configure a specific protocol!" +msgstr "璀﹀憡: 姝よ鍒欐病鏈夐厤缃垨閰嶇疆浜嗕笉姝g‘鐨勫崗璁紝璇烽噸鏂版寚瀹氬崗璁紒" + +msgid "Waiting for MWAN to %s..." +msgstr "绛夊緟 MWAN %s..." + +msgid "Waiting for diagnostic results..." +msgstr "绛夊緟璇婃柇缁撴灉..." + +msgid "Weight" +msgstr "姣旈噸" + +msgid "" +"When all policy members are offline use this behavior for matched traffic" +msgstr "褰撴墍鏈夌瓥鐣ユ垚鍛橀兘鏃犳硶浣跨敤鐨勬椂鍊欙紝瀵逛娇鐢ㄨ绛栫暐鐨勬祦閲忎娇鐢ㄨ繖涓搷浣" + +msgid "Wireless Config" +msgstr "鏃犵嚎閰嶇疆" + +msgid "Yes" +msgstr "鏄" + +msgid "always" +msgstr "鎬绘槸" + +msgid "blackhole (drop)" +msgstr "榛戞礊锛堜涪寮冿級" + +msgid "default (use main routing table)" +msgstr "榛樿锛堜娇鐢ㄤ富璺敱琛級" + +msgid "ifdown" +msgstr "ifdown" + +msgid "ifup" +msgstr "ifup" + +msgid "never" +msgstr "浠庝笉" + +msgid "restart" +msgstr "" + +msgid "start" +msgstr "" + +msgid "stop" +msgstr "" + +msgid "unreachable (reject)" +msgstr "涓嶅彲杈撅紙鎷掔粷锛" + +msgid "%d IPv4-only hosts" +msgstr "%d 涓富鏈轰粎鏀寔 IPv4" + +msgid "%d IPv6-only hosts" +msgstr "%d 涓富鏈轰粎鏀寔 IPv6" + +msgid "%d dual-stack hosts" +msgstr "%d 涓弻鍗忚鏍堜富鏈" + +msgid "%s and %s" +msgstr "%s 鍜 %s" + +msgid "%s, %s and %s" +msgstr "%s, %s 鍜 %s" + +msgid "-1 - Restart every last day of month" +msgstr "-1 - 姣忔湀鐨勬渶鍚庝竴澶╅噸鏂板紑濮" + +msgid "-7 - Restart a week before end of month" +msgstr "-7 - 姣忔湀搴曞墠涓鍛ㄩ噸鏂板紑濮" + +msgid "1 - Restart every 1st of month" +msgstr "1 - 姣忔湀鐨勭涓澶╅噸鏂板紑濮" + +msgid "10m - frequent commits at the expense of flash wear" +msgstr "10m - 棰戠箒鎻愪氦锛岄棯瀛樻崯鑰楃殑寮閿涔熷澶" + +msgid "12h - compromise between risk of data loss and flash wear" +msgstr "12h - 骞宠 缁熻鏁版嵁涓㈠け鐨勯闄╀互鍙婇棯瀛樹娇鐢ㄥ鍛" + +msgid "24h - least flash wear at the expense of data loss risk" +msgstr "24h - 浠ユ暟鎹涪澶遍闄╃殑浠d环鎹㈠彇鏈灏忕殑闂瓨鎹熻" + +msgid "30s - refresh twice per minute for reasonably current stats" +msgstr "30s - 姣忓垎閽熷埛鏂颁簩娆′互鑾峰緱杈冨噯纭殑褰撳墠缁熻鍊" + +msgid "5m - rarely refresh to avoid frequently clearing conntrack counters" +msgstr "5m - 杈冨皯鍒锋柊浠ラ伩鍏嶉绻佹竻闄よ繛鎺ヨ窡韪鏁板櫒" + +msgid "60s - commit minutely, useful for non-flash storage" +msgstr "60s - 姣忓垎閽熸彁浜わ紝閫傜敤浜庨潪闂瓨绫诲瀷瀛樺偍" + +msgid "0 connections" +msgstr "杩炴帴锛0" + +msgid "0 hosts" +msgstr "涓绘満锛0" + +msgid "0% IPv6 support rate among hosts" +msgstr "鏀寔 IPv6 鐨勪富鏈烘瘮渚嬶細0%" + +msgid "0B total IPv6 download" +msgstr "IPv6 鎬讳笅杞介噺锛0B" + +msgid "0% of the total traffic is IPv6" +msgstr "IPv6 娴侀噺姣斾緥锛0%" + +msgid "0B total IPv6 upload" +msgstr "IPv6 鎬讳笂浼犻噺锛0B" + +msgid "0 cause the most connections" +msgstr "0 鏄繛鎺ユ暟鏈澶氱殑鍗忚" + +msgid "0 cause the most download" +msgstr "0 鏄笅杞介噺鏈澶х殑鍗忚" + +msgid "0 cause the most upload" +msgstr "0 鏄笂浼犻噺鏈澶х殑鍗忚" + +msgid "0 different application protocols" +msgstr "0 绉嶄笉鍚岀殑搴旂敤灞傚崗璁" + +msgid "0 download" +msgstr "涓嬭浇锛0" + +msgid "0 upload" +msgstr "涓婁紶锛0" + +msgid "Accounting period" +msgstr "缁熻鍛ㄦ湡" + +msgid "Advanced Settings" +msgstr "楂樼骇璁剧疆" + +msgid "Application" +msgstr "搴旂敤灞傚崗璁" + +msgid "Application Protocols" +msgstr "搴旂敤灞傚崗璁" + +msgid "Backup" +msgstr "澶囦唤" + +msgid "Bandwidth Monitor" +msgstr "甯﹀鐩戞帶" + +msgid "CSV, grouped by IP" +msgstr "CSV锛屾寜 IP 鍒嗙粍" + +msgid "CSV, grouped by MAC" +msgstr "CSV锛屾寜 MAC 鍒嗙粍" + +msgid "CSV, grouped by protocol" +msgstr "CSV锛屾寜鍗忚鍒嗙粍" + +msgid "" +"Changing the accounting interval type will invalidate existing databases!" +"
Download backup." +msgstr "" +"鏇存敼缁熻鍛ㄦ湡绫诲瀷浼氫娇鐜版湁鏁版嵁搴撴棤鏁堬紒
涓嬭浇澶囦唤." + +msgid "" +"Choose \"Day of month\" to restart the accounting period monthly on a " +"specific date, e.g. every 3rd. Choose \"Fixed interval\" to restart the " +"accounting period exactly every N days, beginning at a given date." +msgstr "" +"閫夋嫨鈥滄瘡鏈堢殑鏌愪竴澶┾濇潵璁剧疆缁熻鍛ㄦ湡鐨勯噸鍚椂闂达紝渚嬪锛氭瘡涓湀鐨勭 3 澶┿傞夋嫨鈥滃浐瀹氬懆" +"鏈熲濇潵璁剧疆浠庣粰瀹氭棩鏈熷紑濮嬫瘡 N 澶╅噸鍚粺璁″懆鏈熴" + +msgid "Commit interval" +msgstr "鎻愪氦闂撮殧" + +msgid "Compress database" +msgstr "鍘嬬缉鏁版嵁搴" + +msgid "Configuration" +msgstr "閰嶇疆" + +msgid "Conn." +msgstr "杩炴帴" + +msgid "Connections" +msgstr "杩炴帴" + +msgid "Connections / Host" +msgstr "杩炴帴 / 涓绘満" + +msgid "Database directory" +msgstr "鏁版嵁搴撶洰褰" + +msgid "" +"Database storage directory. One file per accounting period will be placed " +"into this directory." +msgstr "鏁版嵁搴撳瓨鍌ㄧ洰褰曘傛瘡涓滅粺璁″懆鏈熲濈殑鏂囦欢灏嗚鏀惧埌杩欎釜鐩綍涓" + +msgid "Day of month" +msgstr "姣忔湀鐨勬煇涓澶" + +msgid "" +"Day of month to restart the accounting period. Use negative values to count " +"towards the end of month, e.g. \"-5\" to specify the 27th of July or the " +"24th of Februrary." +msgstr "" +"姣忎釜鏈堥噸鍚粺璁″懆鏈熺殑鏃ユ湡銆備娇鐢ㄨ礋鏁拌〃绀轰粠鏈堝簳寮濮嬭绠楋紝渚嬪锛歕"-5\" 鍙互琛" +"绀 7 鏈堜唤鐨 27 鍙锋垨鑰 2 鏈堜唤鐨 24 鍙枫" + +msgid "Display" +msgstr "鏄剧ず" + +msgid "Down. (Bytes / Pkts.)" +msgstr "涓嬭浇锛堝瓧鑺 / 鏁版嵁鍖咃級" + +msgid "Download (Bytes / Packets)" +msgstr "涓嬭浇锛堝瓧鑺 / 鏁版嵁鍖咃級" + +msgid "Download / Application" +msgstr "涓嬭浇 / 搴旂敤灞傚崗璁" + +msgid "Download Database Backup" +msgstr "涓嬭浇鏁版嵁搴撳浠" + +msgid "Dualstack enabled hosts" +msgstr "鍙屽崗璁爤涓绘満" + +msgid "Due date" +msgstr "閲嶇疆鏃ユ湡" + +msgid "Export" +msgstr "瀵煎嚭" + +msgid "Family" +msgstr "鍗忚绫诲瀷" + +msgid "Fixed interval" +msgstr "鍥哄畾鍛ㄦ湡" + +msgid "Force reload鈥" +msgstr "寮哄埗閲嶆柊鍔犺浇..." + +msgid "General Settings" +msgstr "鍩烘湰璁剧疆" + +msgid "Generate Backup" +msgstr "鐢熸垚澶囦唤" + +msgid "Host" +msgstr "涓绘満" + +msgid "Hostname: example.org" +msgstr "涓绘満鍚嶏細example.org" + +msgid "IPv4 vs. IPv6" +msgstr "IPv4 涓 IPv6" + +msgid "IPv6" +msgstr "IPv6" + +msgid "Interval" +msgstr "鍛ㄦ湡" + +msgid "" +"Interval at which the temporary in-memory database is committed to the " +"persistent database directory." +msgstr "灏嗗唴瀛樹腑鐨勪复鏃舵暟鎹簱鎻愪氦鍒版寔涔呮ф暟鎹簱鐩綍鐨勯棿闅旀椂闂淬" + +msgid "" +"Interval at which traffic counters of still established connections are " +"refreshed from netlink information." +msgstr "浠 netlink 淇℃伅涓埛鏂扳滃凡寤虹珛杩炴帴鈥濈殑娴侀噺璁℃暟鍣ㄧ殑闂撮殧鏃堕棿銆" + +msgid "Invalid or empty backup archive" +msgstr "澶囦唤瀛樻。鏃犳晥鎴栦负绌" + +msgid "JSON dump" +msgstr "JSON 杈撳嚭" + +msgid "Length of accounting interval in days." +msgstr "缁熻鍛ㄦ湡锛堝ぉ锛夈" + +msgid "Local interfaces" +msgstr "鏈湴鎺ュ彛" + +msgid "Local subnets" +msgstr "鏈湴瀛愮綉" + +msgid "MAC" +msgstr "MAC" + +msgid "Maximum entries" +msgstr "鏈澶ф潯鐩" + +msgid "" +"Maximum number of accounting periods to keep, use zero to keep databases " +"forever." +msgstr "淇濈暀鐨勭粺璁″懆鏈熸暟鎹簱鐨勬渶澶ф暟閲忥紝璁剧疆 0 琛ㄧず涓嶉檺鍒躲" + +msgid "Netlink Bandwidth Monitor" +msgstr "缃戠粶甯﹀鐩戣鍣" + +msgid "Netlink Bandwidth Monitor - Backup / Restore" +msgstr "缃戠粶甯﹀鐩戣鍣 - 澶囦唤 / 鎭㈠" + +msgid "Netlink Bandwidth Monitor - Configuration" +msgstr "缃戠粶甯﹀鐩戣鍣 - 閰嶇疆" + +msgid "No data recorded yet." +msgstr "鏆傛棤鏁版嵁璁板綍銆" + +msgid "Only conntrack streams from or to any of these networks are counted." +msgstr "浠呯粺璁℃潵鑷垨鐩爣涓鸿繖浜涚綉缁滄帴鍙g殑杩炴帴娴侀噺銆" + +msgid "Only conntrack streams from or to any of these subnets are counted." +msgstr "浠呯粺璁℃潵鑷垨鐩爣涓鸿繖浜涘瓙缃戠殑杩炴帴娴侀噺銆" + +msgid "Preallocate database" +msgstr "棰勫垎閰嶆暟鎹簱" + +msgid "Protocol" +msgstr "鍗忚" + +msgid "Protocol Mapping" +msgstr "鍗忚鏄犲皠" + +msgid "" +"Protocol mappings to distinguish traffic types per host, one mapping per " +"line. The first value specifies the IP protocol, the second value the port " +"number and the third column is the name of the mapped protocol." +msgstr "" +"鍗忚鏄犲皠鐢ㄤ簬鍖哄垎娴侀噺绫诲瀷锛屾瘡琛屼竴鏉°傜涓涓兼寚瀹 IP 鍗忚绫诲瀷锛岀浜屼釜鍊兼槸" +"绔彛鍙凤紝绗笁涓兼槸鏄犲皠鐨勫崗璁悕绉般" + +msgid "Refresh interval" +msgstr "鍒锋柊闂撮殧" + +msgid "Restore" +msgstr "鎭㈠" + +msgid "Restore Database Backup" +msgstr "鎭㈠鏁版嵁搴撳浠" + +msgid "Select accounting period:" +msgstr "閫夋嫨缁熻鍛ㄦ湡锛" + +msgid "Source IP" +msgstr "婧 IP" + +msgid "Start date" +msgstr "璧峰鏃ユ湡" + +msgid "Start date of the first accounting period, e.g. begin of ISP contract." +msgstr "绗竴涓粺璁″懆鏈熺殑璧峰鏃ユ湡锛屼緥濡傦細ISP 鍚堢害鐨勮捣濮嬫棩鏈熴" + +msgid "Stored periods" +msgstr "鍌ㄥ瓨鍛ㄦ湡" + +msgid "" +"The Netlink Bandwidth Monitor (nlbwmon) is a lightweight, efficient traffic " +"accounting program keeping track of bandwidth usage per host and protocol." +msgstr "" +"缃戠粶甯﹀鐩戣鍣紙nlbwmon锛夋槸涓涓交閲忋侀珮鏁堢殑娴侀噺缁熻绋嬪簭锛屽彲浠ョ粺璁℃瘡涓富鏈哄拰" +"鍗忚鐨勫甫瀹戒娇鐢ㄦ儏鍐点" + +msgid "The following database files have been restored: %s" +msgstr "浠ヤ笅鏁版嵁搴撴枃浠跺凡鎭㈠锛%s" + +msgid "" +"The maximum amount of entries that should be put into the database, setting " +"the limit to 0 will allow databases to grow indefinitely." +msgstr "鏁版嵁搴撲腑鐨勬渶澶ф潯鐩暟閲, 璁剧疆涓 0 灏嗗厑璁告暟鎹簱鏃犻檺澧為暱銆" + +msgid "Traffic / Host" +msgstr "娴侀噺 / 涓绘満" + +msgid "Traffic Distribution" +msgstr "娴侀噺鍒嗗竷" + +msgid "Up. (Bytes / Pkts.)" +msgstr "涓婁紶锛堝瓧鑺 / 鏁版嵁鍖咃級" + +msgid "Upload (Bytes / Packets)" +msgstr "涓婁紶锛堝瓧鑺 / 鏁版嵁鍖咃級" + +msgid "Upload / Application" +msgstr "涓婁紶 / 搴旂敤灞傚崗璁" + +msgid "Vendor: Example Corp." +msgstr "渚涘簲鍟: Example Corp." + +msgid "Warning" +msgstr "璀﹀憡" + +msgid "" +"Whether to gzip compress archive databases. Compressing the database files " +"makes accessing old data slightly slower but helps to reduce storage " +"requirements." +msgstr "" +"鏄惁浣跨敤 gzip 鍘嬬缉鏁版嵁搴撳瓨妗c傚帇缂╂暟鎹簱鏂囦欢浼氫娇璁块棶鏃ф暟鎹◢寰參涓浜, 浣嗘湁鍔" +"浜庡噺灏戝瓨鍌ㄥ崰鐢ㄧ┖闂淬" + +msgid "" +"Whether to preallocate the maximum possible database size in memory. This is " +"mainly useful for memory constrained systems which might not be able to " +"satisfy memory allocation after longer uptime periods." +msgstr "" +"鏄惁棰勫厛鍒嗛厤鏁版嵁搴撴渶澶у彲鑳藉崰鐢ㄧ殑鍐呭瓨澶у皬銆傝繖涓昏閫傜敤浜庡唴瀛樿緝灏忕郴缁燂紝杩欎簺绯荤粺" +"鍦ㄩ暱鏃堕棿杩愯涔嬪悗鍙兘鏃犳硶婊¤冻鏁版嵁搴撶殑鍐呭瓨闇姹傘" + +msgid "no traffic" +msgstr "鏃犳祦閲忔暟鎹" + +msgid "other" +msgstr "鍏朵粬" + +msgid "Enable IGMP snooping" +msgstr "寮鍚 IGMP snooping" + +msgid "Enables IGMP snooping on this bridge" +msgstr "鍦ㄦ妗ユ帴涓婂惎鐢 IGMP snooping 缁勬挱锛堝鎾級" + +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8" + +msgid "Action" +msgstr "鍔ㄤ綔" + +msgid "Advanced Reboot" +msgstr "鍙屽垎鍖哄惎鍔ㄥ垏鎹" + +msgid "Alternative" +msgstr "澶囬" + +msgid "Cancel" +msgstr "鍙栨秷" + +msgid "Confirm" +msgstr "纭畾" + +msgid "Current" +msgstr "褰撳墠" + +msgid "Firmware/OS (Kernel)" +msgstr "鍥轰欢/绯荤粺 (鍐呮牳)" + +msgid "Partition" +msgstr "鍒嗗尯" + +msgid "Partitions" +msgstr "鍒嗗尯" + +msgid "Perform power off..." +msgstr "鐐瑰嚮鍏虫満..." + +msgid "Power Off Device" +msgstr "鍏抽棴璁惧" + +msgid "Proceed" +msgstr "澶勭悊" + +msgid "Reboot Device to an Alternative Partition" +msgstr "閲嶅惎璁惧鍒板閫夊垎鍖" + +msgid "Reboot to alternative partition..." +msgstr "閲嶅惎鍒板閫夊垎鍖" + +msgid "Reboot to current partition" +msgstr "閲嶅惎鍒板綋鍓嶅垎鍖" + +msgid "Rebooting..." +msgstr "姝e湪閲嶅惎..." + +msgid "Shutting down..." +msgstr "姝e湪鍏抽棴..." + +msgid "Status" +msgstr "鐘舵" + +msgid "" +"The system is rebooting now.
DO NOT POWER OFF THE DEVICE!
Wait a " +"few minutes before you try to reconnect. It might be necessary to renew the " +"address of your computer to reach the device again, depending on your " +"settings." +msgstr "" + +msgid "" +"The system is rebooting to an alternative partition now.
DO NOT POWER " +"OFF THE DEVICE!
Wait a few minutes before you try to reconnect. It " +"might be necessary to renew the address of your computer to reach the device " +"again, depending on your settings." +msgstr "" + +msgid "" +"The system is shutting down now.
DO NOT POWER OFF THE DEVICE!
It " +"might be necessary to renew the address of your computer to reach the device " +"again, depending on your settings." +msgstr "" + +msgid "" +"WARNING: An alternative partition might have its own settings and completely " +"different firmware.

As your network configuration and WiFi SSID/" +"password on alternative partition might be different, you might have to " +"adjust your computer settings to be able to access your device once it " +"reboots.

Please also be aware that alternative partition " +"firmware might not provide an easy way to switch active partition and boot " +"back to the currently active partition.

Click \"Proceed\" below " +"to reboot device to an alternative partition." +msgstr "" + +msgid "" +"WARNING: Power off might result in a reboot on a device which doesn't " +"support power off.

Click \"Proceed\" below to power off your " +"device." +msgstr "" + +msgid "Warning: There are unsaved changes that will get lost on reboot!" +msgstr "璀﹀憡锛氭煇浜涜缃病鏈変繚瀛橈紝閲嶅惎灏嗗鑷翠涪澶辫繖浜涢厤缃紒" + +msgid "Warning: This system does not have two partitions!" +msgstr "璀﹀憡锛氬綋鍓嶇郴缁熸病鏈夊寘鎷袱涓垎鍖!" + +msgid "Warning: This system does not support powering off!" +msgstr "璀﹀憡锛氭湰绯荤粺涓嶆敮鎸佽蒋鍏虫満!" + diff --git a/package/lean/default-settings/i18n/sqm.zh-cn.po b/package/lean/default-settings/i18n/sqm.zh-cn.po new file mode 100644 index 000000000..02a706de5 --- /dev/null +++ b/package/lean/default-settings/i18n/sqm.zh-cn.po @@ -0,0 +1,203 @@ +msgid "" +msgstr "" +"Project-Id-Version: luci-i18n-sqm\n" +"POT-Creation-Date: 2017-03-28 04:14+0800\n" +"PO-Revision-Date: 2017-03-28 04:15+0800\n" +"Last-Translator: \n" +"Language-Team: player131 \n" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.10\n" +"X-Poedit-Basepath: .\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Poedit-KeywordsList: translate\n" +"X-Poedit-SearchPath-0: .\n" + +#: usr/lib/lua/luci/controller/sqm.lua:24 +msgid "SQM QoS" +msgstr "SQM QoS" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:25 +msgid "Smart Queue Management" +msgstr "鏅鸿兘闃熷垪绠$悊" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:26 +msgid "" +"With SQM you can enable " +"traffic shaping, better mixing (Fair Queueing), active queue length " +"management (AQM) and prioritisation on one network interface." +msgstr "" +"浣跨敤 SQM 浣犲彲浠ュ惎鐢ㄦ祦閲忔暣褰紝鏇村ソ鐨勬贩鍚" +"(鍏钩鍒楅槦)涓诲姩鍒楅槦绠$悊(AQM) 骞惰缃綉缁滄帴鍙d紭鍏堢骇銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:32 +msgid "Queues" +msgstr "闃熷垪" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:33 +msgid "Basic Settings" +msgstr "鍩烘湰璁剧疆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:34 +msgid "Queue Discipline" +msgstr "鍒楅槦瑙勫垯" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:35 +msgid "Link Layer Adaptation" +msgstr "閾捐矾灞傞傞厤" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:40 +msgid "Enable this SQM instance." +msgstr "鍚敤姝QM瀹炰緥" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:54 +msgid "" +"The SQM GUI has just enabled the sqm initscript on your behalf. Remember to " +"disable the sqm initscript manually under System Startup menu in case this " +"change was not wished for." +msgstr "" +"浣犲垰鍒氬紑鍚簡SQM闅忔満鍚姩鍔熻兘锛屽鏋滀綘涓嶅笇鏈汼QM闅忔満鍚姩锛屽彲浠ュ湪绯荤粺鍚姩鑿滃崟涓嬫墜" +"鍔ㄧ鐢ㄣ" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:60 +msgid "Interface name" +msgstr "鎺ュ彛鍚嶇О" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:70 +msgid "" +"Download speed (kbit/s) (ingress) set to 0 to selectively disable ingress " +"shaping:" +msgstr "涓嬭浇閫熷害(kbit/s)(鍏ュ彛)
璁剧疆涓0鍏抽棴鍏ュ彛鎺у埗锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:74 +msgid "" +"Upload speed (kbit/s) (egress) set to 0 to selectively disable egress " +"shaping:" +msgstr "涓婁紶閫熷害(kbit/s)(鍑哄彛)
璁剧疆涓0鍏抽棴鍑哄彛鎺у埗锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:78 +msgid "" +"Create log file for this SQM instance under /var/run/sqm/${Inerface_name}." +"debug.log. Make sure to delete log files manually." +msgstr "" +"鍒涘缓鏃ュ織鏂囦欢鍒/var/run/sqm/
${Inerface_name}.debug.log銆
璇峰姟蹇呮墜鍔" +"鍒犻櫎鏃ュ織鏂囦欢銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:82 +msgid "Verbosity of SQM's output into the system log." +msgstr "SQM杈撳嚭鍒扮郴缁熸棩蹇楃殑璇︾粏绋嬪害銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:86 usr/lib/lua/luci/model/cbi/sqm.lua:99 +#: usr/lib/lua/luci/model/cbi/sqm.lua:148 +#: usr/lib/lua/luci/model/cbi/sqm.lua:155 +#: usr/lib/lua/luci/model/cbi/sqm.lua:202 +#: usr/lib/lua/luci/model/cbi/sqm.lua:243 +msgid "default" +msgstr "榛樿" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:98 +msgid "" +"Queuing disciplines useable on this system. After installing a new qdisc, " +"you need to restart the router to see updates!" +msgstr "绯荤粺涓婂彲鐢ㄧ殑鍒楅槦瑙勫垯銆傚畨瑁呮柊鐨勯槦鍒楄鍒欏悗锛岄噸鏂板惎鍔ㄨ矾鐢卞櫒鎵嶄細鐪嬪埌鏇存柊锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:112 +msgid "Queue setup script" +msgstr "闃熷垪鑴氭湰璁剧疆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:129 +msgid "" +"Show and Use Advanced Configuration. Advanced options will only be used as " +"long as this box is checked." +msgstr "閫変腑璇ュ閫夋鏄剧ず楂樼骇閰嶇疆銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:133 +msgid "Squash DSCP on inbound packets (ingress):" +msgstr "鍏ョ珯鏁版嵁鍖呭帇缂〥SCP:" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:140 +msgid "Ignore DSCP on ingress:" +msgstr "蹇界暐鍏ョ珯DSCP" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:147 +msgid "" +"Explicit congestion notification (ECN) status on inbound packets (ingress):" +msgstr "鍏ョ珯鏁版嵁鍖呯殑鏄惧紡鎷ュ閫氱煡锛圗CN锛夌姸鎬" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:154 +msgid "" +"Explicit congestion notification (ECN) status on outbound packets (egress)." +msgstr "鍑虹珯鏁版嵁鍖呯殑鏄惧紡鎷ュ閫氱煡锛圗CN锛夌姸鎬" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:161 +msgid "" +"Show and Use Dangerous Configuration. Dangerous options will only be used as " +"long as this box is checked." +msgstr "閫変腑璇ュ閫夋鏄剧ず鍗遍櫓閰嶇疆銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:166 +msgid "Hard limit on ingress queues; leave empty for default." +msgstr "鍏ョ珯闃熷垪涓ユ牸闄愬埗锛涚暀绌轰负榛樿銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:173 +msgid "Hard limit on egress queues; leave empty for default." +msgstr "鍑虹珯闃熷垪涓ユ牸闄愬埗锛涚暀绌轰负榛樿銆" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:180 +msgid "Latency target for ingress, e.g 5ms [units: s, ms, or us]; leave empty for automatic selection, put in the word default for the qdisc's default." +msgstr "鍏ョ珯寤惰繜鐩爣锛屼緥濡 5ms [鍗曚綅: s, ms, 鎴 us]锛涚暀绌轰负鑷姩閫夋嫨锛宒efault涓哄垪闃熻鍒欓粯璁ゅ笺" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:185 +msgid "Latency target for egress, e.g. 5ms [units: s, ms, or us]; leave empty for automatic selection, put in the word default for the qdisc's default." +msgstr "鍑虹珯寤惰繜鐩爣锛屼緥濡 5ms [鍗曚綅: s, ms, 鎴 us]锛涚暀绌轰负鑷姩閫夋嫨锛宒efault涓哄垪闃熻鍒欓粯璁ゅ笺" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:192 +msgid "" +"Advanced option string to pass to the ingress queueing disciplines; no error " +"checking, use very carefully." +msgstr "浼犻掑埌鍏ョ珯闃熷垪瑙勫垯鐨勯珮绾ч夐」瀛楃涓诧紱娌℃湁閿欒妫鏌ャ傝璋ㄦ厧浣跨敤锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:196 +msgid "" +"Advanced option string to pass to the egress queueing disciplines; no error " +"checking, use very carefully." +msgstr "浼犻掑埌鍑虹珯闃熷垪瑙勫垯鐨勯珮绾ч夐」瀛楃涓诧紱娌℃湁閿欒妫鏌ャ傝璋ㄦ厧浣跨敤锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:201 +msgid "Which link layer to account for:" +msgstr "瀵瑰摢涓摼璺眰鐢熸晥:" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:207 +msgid "Per Packet Overhead (byte):" +msgstr "姣忎釜鏁版嵁鍖呭紑閿" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:216 +msgid "" +"Show Advanced Linklayer Options, (only needed if MTU > 1500). Advanced " +"options will only be used as long as this box is checked." +msgstr "" +"鏄剧ず楂樼骇閾捐矾閫夐」锛岋紙浠呭湪MTU> 1500鏃舵墠闇瑕侊級銆 鍙湁閫変腑姝ゆ鏃讹紝鎵嶄細浣跨敤楂樼骇閫" +"椤广" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:221 +msgid "" +"Maximal Size for size and rate calculations, tcMTU (byte); needs to be >= " +"interface MTU + overhead:" +msgstr "澶у皬鍜岄熺巼璁$畻鐨勬渶澶у昂瀵革紝tcMTU锛坆yte锛; 闇瑕> =鎺ュ彛MTU +寮閿锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:228 +msgid "" +"Number of entries in size/rate tables, TSIZE; for ATM choose TSIZE = (tcMTU " +"+ 1) / 16:" +msgstr "澶у皬/閫熺巼琛ㄤ腑鐨勬潯鐩暟锛孴SIZE; 瀵逛簬ATM閫夋嫨TSIZE =锛坱cMTU + 1锛/ 16锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:235 +msgid "" +"Minimal packet size, MPU (byte); needs to be > 0 for ethernet size tables:" +msgstr "鏈灏忔暟鎹寘澶у皬锛孧PU锛坆yte锛; 鍦ㄤ互澶綉涓渶瑕>0锛" + +#: usr/lib/lua/luci/model/cbi/sqm.lua:242 +msgid "Which linklayer adaptation mechanism to use; for testing only" +msgstr "浣跨敤鍝釜閾捐矾閫傚簲鏈哄埗; 浠呯敤浜庢祴璇" \ No newline at end of file diff --git a/package/lean/default-settings/tools/po2lmo/Makefile b/package/lean/default-settings/tools/po2lmo/Makefile new file mode 100644 index 000000000..ad2c13320 --- /dev/null +++ b/package/lean/default-settings/tools/po2lmo/Makefile @@ -0,0 +1,12 @@ + +INSTALL = install +PREFIX = /usr/bin + +po2lmo: src/po2lmo.o src/template_lmo.o + $(CC) $(LDFLAGS) -o src/po2lmo src/po2lmo.o src/template_lmo.o + +install: + $(INSTALL) -m 755 src/po2lmo $(PREFIX) + +clean: + $(RM) src/po2lmo src/*.o diff --git a/package/lean/default-settings/tools/po2lmo/src/po2lmo b/package/lean/default-settings/tools/po2lmo/src/po2lmo new file mode 100644 index 000000000..134a59c27 Binary files /dev/null and b/package/lean/default-settings/tools/po2lmo/src/po2lmo differ diff --git a/package/lean/default-settings/tools/po2lmo/src/po2lmo.c b/package/lean/default-settings/tools/po2lmo/src/po2lmo.c new file mode 100644 index 000000000..0da792b68 --- /dev/null +++ b/package/lean/default-settings/tools/po2lmo/src/po2lmo.c @@ -0,0 +1,247 @@ +/* + * lmo - Lua Machine Objects - PO to LMO conversion tool + * + * Copyright (C) 2009-2012 Jo-Philipp Wich + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "template_lmo.h" + +static void die(const char *msg) +{ + fprintf(stderr, "Error: %s\n", msg); + exit(1); +} + +static void usage(const char *name) +{ + fprintf(stderr, "Usage: %s input.po output.lmo\n", name); + exit(1); +} + +static void print(const void *ptr, size_t size, size_t nmemb, FILE *stream) +{ + if( fwrite(ptr, size, nmemb, stream) == 0 ) + die("Failed to write stdout"); +} + +static int extract_string(const char *src, char *dest, int len) +{ + int pos = 0; + int esc = 0; + int off = -1; + + for( pos = 0; (pos < strlen(src)) && (pos < len); pos++ ) + { + if( (off == -1) && (src[pos] == '"') ) + { + off = pos + 1; + } + else if( off >= 0 ) + { + if( esc == 1 ) + { + switch (src[pos]) + { + case '"': + case '\\': + off++; + break; + } + dest[pos-off] = src[pos]; + esc = 0; + } + else if( src[pos] == '\\' ) + { + dest[pos-off] = src[pos]; + esc = 1; + } + else if( src[pos] != '"' ) + { + dest[pos-off] = src[pos]; + } + else + { + dest[pos-off] = '\0'; + break; + } + } + } + + return (off > -1) ? strlen(dest) : -1; +} + +static int cmp_index(const void *a, const void *b) +{ + uint32_t x = ((const lmo_entry_t *)a)->key_id; + uint32_t y = ((const lmo_entry_t *)b)->key_id; + + if (x < y) + return -1; + else if (x > y) + return 1; + + return 0; +} + +static void print_uint32(uint32_t x, FILE *out) +{ + uint32_t y = htonl(x); + print(&y, sizeof(uint32_t), 1, out); +} + +static void print_index(void *array, int n, FILE *out) +{ + lmo_entry_t *e; + + qsort(array, n, sizeof(*e), cmp_index); + + for (e = array; n > 0; n--, e++) + { + print_uint32(e->key_id, out); + print_uint32(e->val_id, out); + print_uint32(e->offset, out); + print_uint32(e->length, out); + } +} + +int main(int argc, char *argv[]) +{ + char line[4096]; + char key[4096]; + char val[4096]; + char tmp[4096]; + int state = 0; + int offset = 0; + int length = 0; + int n_entries = 0; + void *array = NULL; + lmo_entry_t *entry = NULL; + uint32_t key_id, val_id; + + FILE *in; + FILE *out; + + if( (argc != 3) || ((in = fopen(argv[1], "r")) == NULL) || ((out = fopen(argv[2], "w")) == NULL) ) + usage(argv[0]); + + memset(line, 0, sizeof(key)); + memset(key, 0, sizeof(val)); + memset(val, 0, sizeof(val)); + + while( (NULL != fgets(line, sizeof(line), in)) || (state >= 2 && feof(in)) ) + { + if( state == 0 && strstr(line, "msgid \"") == line ) + { + switch(extract_string(line, key, sizeof(key))) + { + case -1: + die("Syntax error in msgid"); + case 0: + state = 1; + break; + default: + state = 2; + } + } + else if( state == 1 || state == 2 ) + { + if( strstr(line, "msgstr \"") == line || state == 2 ) + { + switch(extract_string(line, val, sizeof(val))) + { + case -1: + state = 4; + break; + default: + state = 3; + } + } + else + { + switch(extract_string(line, tmp, sizeof(tmp))) + { + case -1: + state = 2; + break; + default: + strcat(key, tmp); + } + } + } + else if( state == 3 ) + { + switch(extract_string(line, tmp, sizeof(tmp))) + { + case -1: + state = 4; + break; + default: + strcat(val, tmp); + } + } + + if( state == 4 ) + { + if( strlen(key) > 0 && strlen(val) > 0 ) + { + key_id = sfh_hash(key, strlen(key)); + val_id = sfh_hash(val, strlen(val)); + + if( key_id != val_id ) + { + n_entries++; + array = realloc(array, n_entries * sizeof(lmo_entry_t)); + entry = (lmo_entry_t *)array + n_entries - 1; + + if (!array) + die("Out of memory"); + + entry->key_id = key_id; + entry->val_id = val_id; + entry->offset = offset; + entry->length = strlen(val); + + length = strlen(val) + ((4 - (strlen(val) % 4)) % 4); + + print(val, length, 1, out); + offset += length; + } + } + + state = 0; + memset(key, 0, sizeof(key)); + memset(val, 0, sizeof(val)); + } + + memset(line, 0, sizeof(line)); + } + + print_index(array, n_entries, out); + + if( offset > 0 ) + { + print_uint32(offset, out); + fsync(fileno(out)); + fclose(out); + } + else + { + fclose(out); + unlink(argv[2]); + } + + fclose(in); + return(0); +} diff --git a/package/lean/default-settings/tools/po2lmo/src/template_lmo.c b/package/lean/default-settings/tools/po2lmo/src/template_lmo.c new file mode 100644 index 000000000..27205a722 --- /dev/null +++ b/package/lean/default-settings/tools/po2lmo/src/template_lmo.c @@ -0,0 +1,328 @@ +/* + * lmo - Lua Machine Objects - Base functions + * + * Copyright (C) 2009-2010 Jo-Philipp Wich + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "template_lmo.h" + +/* + * Hash function from http://www.azillionmonkeys.com/qed/hash.html + * Copyright (C) 2004-2008 by Paul Hsieh + */ + +uint32_t sfh_hash(const char *data, int len) +{ + uint32_t hash = len, tmp; + int rem; + + if (len <= 0 || data == NULL) return 0; + + rem = len & 3; + len >>= 2; + + /* Main loop */ + for (;len > 0; len--) { + hash += sfh_get16(data); + tmp = (sfh_get16(data+2) << 11) ^ hash; + hash = (hash << 16) ^ tmp; + data += 2*sizeof(uint16_t); + hash += hash >> 11; + } + + /* Handle end cases */ + switch (rem) { + case 3: hash += sfh_get16(data); + hash ^= hash << 16; + hash ^= data[sizeof(uint16_t)] << 18; + hash += hash >> 11; + break; + case 2: hash += sfh_get16(data); + hash ^= hash << 11; + hash += hash >> 17; + break; + case 1: hash += *data; + hash ^= hash << 10; + hash += hash >> 1; + } + + /* Force "avalanching" of final 127 bits */ + hash ^= hash << 3; + hash += hash >> 5; + hash ^= hash << 4; + hash += hash >> 17; + hash ^= hash << 25; + hash += hash >> 6; + + return hash; +} + +uint32_t lmo_canon_hash(const char *str, int len) +{ + char res[4096]; + char *ptr, prev; + int off; + + if (!str || len >= sizeof(res)) + return 0; + + for (prev = ' ', ptr = res, off = 0; off < len; prev = *str, off++, str++) + { + if (isspace(*str)) + { + if (!isspace(prev)) + *ptr++ = ' '; + } + else + { + *ptr++ = *str; + } + } + + if ((ptr > res) && isspace(*(ptr-1))) + ptr--; + + return sfh_hash(res, ptr - res); +} + +lmo_archive_t * lmo_open(const char *file) +{ + int in = -1; + uint32_t idx_offset = 0; + struct stat s; + + lmo_archive_t *ar = NULL; + + if (stat(file, &s) == -1) + goto err; + + if ((in = open(file, O_RDONLY)) == -1) + goto err; + + if ((ar = (lmo_archive_t *)malloc(sizeof(*ar))) != NULL) + { + memset(ar, 0, sizeof(*ar)); + + ar->fd = in; + ar->size = s.st_size; + + fcntl(ar->fd, F_SETFD, fcntl(ar->fd, F_GETFD) | FD_CLOEXEC); + + if ((ar->mmap = mmap(NULL, ar->size, PROT_READ, MAP_SHARED, ar->fd, 0)) == MAP_FAILED) + goto err; + + idx_offset = ntohl(*((const uint32_t *) + (ar->mmap + ar->size - sizeof(uint32_t)))); + + if (idx_offset >= ar->size) + goto err; + + ar->index = (lmo_entry_t *)(ar->mmap + idx_offset); + ar->length = (ar->size - idx_offset - sizeof(uint32_t)) / sizeof(lmo_entry_t); + ar->end = ar->mmap + ar->size; + + return ar; + } + +err: + if (in > -1) + close(in); + + if (ar != NULL) + { + if ((ar->mmap != NULL) && (ar->mmap != MAP_FAILED)) + munmap(ar->mmap, ar->size); + + free(ar); + } + + return NULL; +} + +void lmo_close(lmo_archive_t *ar) +{ + if (ar != NULL) + { + if ((ar->mmap != NULL) && (ar->mmap != MAP_FAILED)) + munmap(ar->mmap, ar->size); + + close(ar->fd); + free(ar); + + ar = NULL; + } +} + + +lmo_catalog_t *_lmo_catalogs = NULL; +lmo_catalog_t *_lmo_active_catalog = NULL; + +int lmo_load_catalog(const char *lang, const char *dir) +{ + DIR *dh = NULL; + char pattern[16]; + char path[PATH_MAX]; + struct dirent *de = NULL; + + lmo_archive_t *ar = NULL; + lmo_catalog_t *cat = NULL; + + if (!lmo_change_catalog(lang)) + return 0; + + if (!dir || !(dh = opendir(dir))) + goto err; + + if (!(cat = malloc(sizeof(*cat)))) + goto err; + + memset(cat, 0, sizeof(*cat)); + + snprintf(cat->lang, sizeof(cat->lang), "%s", lang); + snprintf(pattern, sizeof(pattern), "*.%s.lmo", lang); + + while ((de = readdir(dh)) != NULL) + { + if (!fnmatch(pattern, de->d_name, 0)) + { + snprintf(path, sizeof(path), "%s/%s", dir, de->d_name); + ar = lmo_open(path); + + if (ar) + { + ar->next = cat->archives; + cat->archives = ar; + } + } + } + + closedir(dh); + + cat->next = _lmo_catalogs; + _lmo_catalogs = cat; + + if (!_lmo_active_catalog) + _lmo_active_catalog = cat; + + return 0; + +err: + if (dh) closedir(dh); + if (cat) free(cat); + + return -1; +} + +int lmo_change_catalog(const char *lang) +{ + lmo_catalog_t *cat; + + for (cat = _lmo_catalogs; cat; cat = cat->next) + { + if (!strncmp(cat->lang, lang, sizeof(cat->lang))) + { + _lmo_active_catalog = cat; + return 0; + } + } + + return -1; +} + +static lmo_entry_t * lmo_find_entry(lmo_archive_t *ar, uint32_t hash) +{ + unsigned int m, l, r; + uint32_t k; + + l = 0; + r = ar->length - 1; + + while (1) + { + m = l + ((r - l) / 2); + + if (r < l) + break; + + k = ntohl(ar->index[m].key_id); + + if (k == hash) + return &ar->index[m]; + + if (k > hash) + { + if (!m) + break; + + r = m - 1; + } + else + { + l = m + 1; + } + } + + return NULL; +} + +int lmo_translate(const char *key, int keylen, char **out, int *outlen) +{ + uint32_t hash; + lmo_entry_t *e; + lmo_archive_t *ar; + + if (!key || !_lmo_active_catalog) + return -2; + + hash = lmo_canon_hash(key, keylen); + + for (ar = _lmo_active_catalog->archives; ar; ar = ar->next) + { + if ((e = lmo_find_entry(ar, hash)) != NULL) + { + *out = ar->mmap + ntohl(e->offset); + *outlen = ntohl(e->length); + return 0; + } + } + + return -1; +} + +void lmo_close_catalog(const char *lang) +{ + lmo_archive_t *ar, *next; + lmo_catalog_t *cat, *prev; + + for (prev = NULL, cat = _lmo_catalogs; cat; prev = cat, cat = cat->next) + { + if (!strncmp(cat->lang, lang, sizeof(cat->lang))) + { + if (prev) + prev->next = cat->next; + else + _lmo_catalogs = cat->next; + + for (ar = cat->archives; ar; ar = next) + { + next = ar->next; + lmo_close(ar); + } + + free(cat); + break; + } + } +} diff --git a/package/lean/default-settings/tools/po2lmo/src/template_lmo.h b/package/lean/default-settings/tools/po2lmo/src/template_lmo.h new file mode 100644 index 000000000..57f59aa56 --- /dev/null +++ b/package/lean/default-settings/tools/po2lmo/src/template_lmo.h @@ -0,0 +1,92 @@ +/* + * lmo - Lua Machine Objects - General header + * + * Copyright (C) 2009-2012 Jo-Philipp Wich + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _TEMPLATE_LMO_H_ +#define _TEMPLATE_LMO_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if (defined(__GNUC__) && defined(__i386__)) +#define sfh_get16(d) (*((const uint16_t *) (d))) +#else +#define sfh_get16(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)\ + +(uint32_t)(((const uint8_t *)(d))[0]) ) +#endif + + +struct lmo_entry { + uint32_t key_id; + uint32_t val_id; + uint32_t offset; + uint32_t length; +} __attribute__((packed)); + +typedef struct lmo_entry lmo_entry_t; + + +struct lmo_archive { + int fd; + int length; + uint32_t size; + lmo_entry_t *index; + char *mmap; + char *end; + struct lmo_archive *next; +}; + +typedef struct lmo_archive lmo_archive_t; + + +struct lmo_catalog { + char lang[6]; + struct lmo_archive *archives; + struct lmo_catalog *next; +}; + +typedef struct lmo_catalog lmo_catalog_t; + + +uint32_t sfh_hash(const char *data, int len); +uint32_t lmo_canon_hash(const char *data, int len); + +lmo_archive_t * lmo_open(const char *file); +void lmo_close(lmo_archive_t *ar); + + +extern lmo_catalog_t *_lmo_catalogs; +extern lmo_catalog_t *_lmo_active_catalog; + +int lmo_load_catalog(const char *lang, const char *dir); +int lmo_change_catalog(const char *lang); +int lmo_translate(const char *key, int keylen, char **out, int *outlen); +void lmo_close_catalog(const char *lang); + +#endif diff --git a/package/lean/ipset-lists/Makefile b/package/lean/ipset-lists/Makefile new file mode 100644 index 000000000..3b054e117 --- /dev/null +++ b/package/lean/ipset-lists/Makefile @@ -0,0 +1,48 @@ +# +# Copyright (c) 2015 Justin Liu +# Author: Justin Liu +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ipset-lists +PKG_VERSION:=20171019 +PKG_RELEASE:=3 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +define Package/ipset-lists + CATEGORY:=Network + TITLE:=Service for IPSET address tables + MAINTAINER:=Justin Liu + DEPENDS:=+ipset +endef + +define Package/ipset-lists/conffiles +/etc/gfwlist/china-banned +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Compile/Default + +endef +Build/Compile = $(Build/Compile/Default) + +define Package/ipset-lists/install + $(CP) -a files/* $(1)/ +endef + +define Package/ipset-lists/postinst +#!/bin/sh +if [ -e /etc/openwrt_release ]; then + /etc/init.d/ipset.sh restart + /etc/init.d/ipset.sh enable || : +fi +endef + +$(eval $(call BuildPackage,ipset-lists)) diff --git a/package/lean/ipset-lists/files/etc/gfwlist/china-banned b/package/lean/ipset-lists/files/etc/gfwlist/china-banned new file mode 100644 index 000000000..f1bc03de9 --- /dev/null +++ b/package/lean/ipset-lists/files/etc/gfwlist/china-banned @@ -0,0 +1,4802 @@ +0rz.tw +0to255.com +1000giri.net +100ke.org +10conditionsoflove.com +10musume.com +123rf.com +12bet.com +12vpn.com +12vpn.net +141hongkong.com +141tube.com +1688.com.au +173ng.com +177pic.info +17t17p.com +18onlygirls.com +18virginsex.com +1949er.org +1984bbs.com +1984bbs.org +1989report.hkja.org.hk +1998cdp.org +1bao.org +1dumb.com +1e100.net +1eew.com +1mobile.com +1pondo.tv +2000fun.com +2008xianzhang.info +2017.hk +21andy.com +21pron.com +21sextury.com +228.net.tw +247realmedia.com +24hrs.ca +24smile.org +25u.com +2-hand.info +2lipstube.com +2mdn.net +2shared.com +2waky.com +301works.org +30boxes.com +315lz.com +32red.com +365singles.com.ar +36rain.com +3a5a.com +3-a.net +3arabtv.com +3boys2girls.com +3d-game.com +3ren.ca +3tui.net +4bluestones.biz +4chan.org +4dq.com +4everproxy.com +4irc.com +4mydomain.com +4pu.com +4rbtv.com +4shared.com +4sq.com +4tern.com +51.ca +51luoben.com +56cun04.jigsy.com +5aimiku.com +5i01.com +5isotoi5.org +5maodang.com +63i.com +64museum.org +64tianwang.com +64wiki.com +666kb.com +66.ca +6park.com +7capture.com +7cow.com +85cc.net +85st.com +881903.com +888.com +888poker.com +89-64.org +8-d.com +8news.com.tw +8z1.net +9001700.com +91porn.com +92ccav.com +991.com +99btgc01.com +99cn.info +9bis.com +9bis.net +9city.me +a248.e.akamai.net +a5.com.ru +aamacau.com +abc.com +abchinese.com +abc.pp.ru +abc.xyz +abitno.linpie.com +ablwang.com +aboluowang.com +aboutgfw.com +abs.edu +accim.org +aceros-de-hispania.com +acevpn.com +acg18.me +acgkj.com +ac.jiruan.net +acmetoy.com +ac.playstation.net +actimes.com.au +activpn.com +aculo.us +addictedtocoffee.de +admob.com +adorama.com +adpl.org.hk +adultfriendfinder.com +adultkeep.net +adult-sex-games.com +advanscene.com +advertfan.com +ae.hao123.com +aenhancers.com +ae.org +afantibbs.com +af.mil +agnesb.fr +agoogleaday.com +ai-kan.net +aiph.net +airconsole.com +airvpn.org +aisex.com +ait.org.tw +aiweiweiblog.com +aiweiwei.com +ai-wen.net +ajaxplorer.info +akamaihd.net +akiba-online.com +akiba-web.com +alabout.com +alanhou.com +alasbarricadas.org +alexlur.org +alforattv.net +alhayat.com +aliengu.com +alien-ufos.com +aliyun.com +alkasir.com +allaboutalpha.com +allconnected.co +alldrawnsex.com +allfinegirls.com +allgirlsallowed.org +alliance.org.hk +allinfa.com +allinfo.com +alljackpotscasino.com +allmovie.com +all-that-is-interesting.com +almostmy.com +alphaporno.com +al-qimmah.net +alternate-tools.com +altrec.com +alvinalexander.com +alwaysdata.com +alwaysdata.net +alwaysvpn.com +am730.com.hk +amazonaws.com +ameblo.jp +americangreencard.com +americanunfinished.com +amiblockedornot.com +amigobbs.net +amitabhafoundation.us +amnesty.org +amnesty.tw +amnestyusa.org +amnyemachen.org +amoiist.com +ampproject.org +amzs.me +analyze-v.com +anchorfree.com +ancsconf.org +andfaraway.net +android.com +androidify.com +android-x86.org +angularjs.org +animecrazy.net +animeshippuuden.com +aniscartujo.com +anobii.com +anontext.com +anonymitynetwork.com +anonymizer.com +a-normal-day.com +anpopo.com +answering-islam.org +anthonycalzadilla.com +anti.anti.cnn.googlepages.com +antidrm.hpg.ig.com.br +antiwave.net +anysex.com +aobo.com.au +aofriend.com +aofriend.com.au +aojiao.org +aolchannels.aol.com +aomiwang.com +apetube.com +apiary.io +apidocs.linksalpha.com +apigee.com +api.linksalpha.com +api.proxlet.com +api.supertweet.net +apk-dl.com +apkpure.com +app.box.com +app.heywire.com +appledaily.com +appledaily.com.tw +apps.hloli.net +appsocks.net +appspot.com +appsto.re +archive.is +archive.org +archives.gov +arctosia.com +areca-backup.org +arena.taipei +arethusa.su +ar.hao123.com +arlingtoncemetery.mil +army.mil +arstechnica.com +art4tibet1998.org +artofpeacefoundation.org +art-or-porn.com +artsy.net +asacp.org +asahichinese.com +asdfg.jp +asg.to +asiafriendfinder.com +asia-gaming.com +asiaharvest.org +asianews.it +asiansexdiary.com +asianspiss.com +asianwomensfilm.de +asiatgp.com +askstudent.com +askynz.net +assembla.com +astonmartinnews.com +astrill.com +atchinese.com +atc.org.au +atdmt.com +atgfw.org +athenaeizou.com +atj.org.tw +atlaspost.com +atnext.com +authorizeddns.net +authorizeddns.org +authorizeddns.us +autoproxy.org +avaaz.org +avcity.tv +avcool.com +avdb.in +avdb.tv +avfantasy.com +avidemux.org +avmoo.com +avmoo.net +avmoo.pw +avmo.pw +av.nightlife141.com +avoision.com +avyahoo.com +awardwinningfjords.com +axureformac.com +azerbaycan.tv +azerimix.com +azubu.tv +b0ne.com +babynet.com.hk +backchina.com +backpackers.com.tw +backtotiananmen.com +badassjs.com +badjojo.com +badoo.com +baidu.jp +bailandaily.com +baixing.me +bakgeekhome.tk +banana-vpn.com +bandwagonhost.com +bangbrosnetwork.com +bangchen.net +bangyoulater.com +bannedbook.org +bannednews.org +barenakedislam.com +barnabu.co.uk +barracuda.com +bartvpn.com +basetimesheightdividedby2.com +bayvoice.net +bbcchinese.com +bbc.com +bbc.co.uk +bb-chat.tv +bbchat.tv +bbci.co.uk +bbcimg.co.uk +bbc.in +bbg.gov +bbnradio.org +bbs2.newsgroup.la +bbs.brockbbs.com +bbs.ecstart.com +bbsfeed.com +bbs.hasi.wang +bbs.kimy.com.tw +bbsland.com +bbsmo.com +bbs.morbell.com +bbs.mychat.to +bbs.netbig.com +bbs.newsgroup.la +bbsone.com +bbs.qmzdd.com +bbs.sina.com +bbs.skykiwi.com +bbs.sou-tong.org +bbs.tuitui.info +bbs-tw.com +bbtoystore.com +bb.ttv.com.tw +bcast.co.nz +bcc.com.tw +bcchinese.net +bcmorning.com +bdsmvideos.net +bd.zhe.la +beaconevents.com +bebo.com +beeg.com +beevpn.com +behindkink.com +beijing1989.com +beijingspring.com +belamionline.com +bell.wiki +bemywife.cc +benjaminste.in +beric.me +berlintwitterwall.com +berm.co.nz +bestforchina.org +bestvpn.com +bestvpnserver.com +bestvpnservice.com +bestvpnusa.com +bet365.com +beta.iset.com.tw +beta.usejump.com +betfair.com +bettervpn.com +bettween.com +betvictor.com +bewww.net +beyondfirewall.com +bfnn.org +bfsh.hk +bgvpn.com +biantailajiao.com +biantailajiao.in +biblesforamerica.org +bic2011.org +bigfools.com +bigjapanesesex.com +bigmoney.biz +bignews.org +bigsound.org +bill2-software.com +billywr.com +bill.zhong.pp.ru +bipic.net +bitcointalk.org +bit.do +bit.ly +bitly.com +bitshare.com +bitsnoop.com +bizhat.com +bjnewlife.org +bjzc.org +blacklogic.com +blackvpn.com +bl-doujinsouko.com +blinkx.com +blinw.com +blip.tv +blockcn.com +blog.birdhouseapp.com +blogblog.com +blog.boxcar.io +blog.calibre-ebook.com +blogcatalog.com +blogcity.me +blog.cnyes.com +blog.davidziegler.net +blog.dayoneapp.com +blog.de +blog.dribbble.com +blog.exblog.co.jp +blog.excite.co.jp +blog.expofutures.com +blog.fizzik.com +blog.foolsmountain.com +blogger.com +blog.gowalla.com +blog.hotpotato.com +blog.ifttt.com +blogimg.jp +blog.inoreader.com +blog.instapaper.com +blog.iphone-dev.org +blog.istef.info +blog.jackjia.com +blog.joeyrobert.org +blog.jp +blog.kangye.org +blog.kickstarter.com +blog.kl.am +blog.klip.me +blog.lester850.info +blog.lightbox.com +bloglines.com +bloglovin.com +blog.martinoei.com +blog.mongodb.org +blog.openinkpot.org +blog.palm.com +blog.path.com +blog.pathtosharepoint.com +blog.pentalogic.net +blog.pikchur.com +blog.pilotmoon.com +blog.redren.com +blog.rockmelt.com +blog.romanandreg.com +blog.s135.com +blogs.icerocket.com +blog.sogoo.org +blog.sparrowmailapp.com +blogspot.com +blogspot.co.uk +blogspot.de +blogspot.fr +blogspot.in +blogspot.jp +blogs.tampabay.com +blogs.yahoo.co.jp +blog.syx86.cn +blog.syx86.com +blog.taragana.com +blogtd.net +blogtd.org +blog.tiney.com +blog.topify.com +blog.usa.gov +blog.xuite.net +blog.youthwant.com.tw +bloodshed.net +bloomberg.cn +bloomberg.com +bloomberg.de +bloombergview.com +bloomfortune.com +blueangellive.com +bmediaasia.com +bmfinn.com +bnrmetal.com +boardreader.com +bobulate.com +bod.asia +bodog88.com +bolehvpn.net +bolin.netfirms.com +bonbonme.com +bonbonsex.com +bongacams.com +bonjourlesgeeks.com +boobstagram.com +book.com.tw +bookepub.com +books.com.tw +bookshelfporn.com +book.zi5.me +botanwang.com +bot.nu +bowenpress.com +boxpn.com +boxunblog.com +boxunclub.com +boxun.com +boxun.tv +boyangu.com +boyfriendtv.com +boysfood.com +boysmaster.com +bralio.com +branch.com +brandonhutchinson.com +braumeister.org +bravotube.net +brazzers.com +break.com +breakgfw.com +breakingtweets.com +breakwall.net +br.hao123.com +briefdream.com +brightcove.com +brightkite.com +brizzly.com +broadbook.com +broadpressinc.com +br.st +brucewang.net +brutaltgp.com +bt2mag.com +bt95.com +btaia.com +bt.byr.cn +btdigg.org +btku.me +btku.org +bt.neu6.edu.cn +btrd.net +btspread.com +budaedu.org +buddhistchannel.tv +buffered.com +bugclub.org +builtwithbootstrap.com +bullogger.com +bullog.org +bunbunhk.com +busayari.com +businesstimes.com.cn +businessweek.com +busytrade.com +buugaa.com +buy.yahoo.com.tw +buzzhand.com +buzzhand.net +buzzurl.jp +bwbx.io +bwsj.hk +bx.tl +c100tibet.org +c1522.mooo.com +cablegatesearch.net +cachinese.com +cacnw.com +cactusvpn.com +cafepress.com +cahr.org.tw +calameo.com +calebelston.com +calgarychinese.ca +calgarychinese.com +calgarychinese.net +cam4.com +cam4.jp +cam4.sg +camfrog.com +cams.com +cams.org.sg +canadameet.com +canyu.org +caobian.info +caochangqing.com +cao.im +cap.org.hk +carabinasypistolas.com +cardinalkungfoundation.org +carfax.com +caribbeancom.com +cari.com.my +carmotorshow.com +cartoonmovement.com +casadeltibetbcn.org +casatibet.org.mx +casinobellini.com +casinoking.com +casinoriva.com +casino.williamhill.com +catch22.net +catfightpayperview.xxx +catholic.org.hk +catholic.org.tw +cathvoice.org.tw +cattt.com +cbc.ca +cbs.ntu.edu.tw +cbtc.org.hk +cc9007.spaces.live.com +ccavtop10.com +cccat.cc +ccdtr.org +cchere.com +ccim.org +cclife.ca +cclifefl.org +cclife.org +ccthere.com +cctongbao.com +ccue.ca +ccue.com +ccvoice.ca +ccw.org.tw +cdbook.org +cdd.me +cdef.org +cdig.info +cdjp.org +cdn1.lp.saboom.com +cdnews.com.tw +cdn.helixstudios.net +cdninstagram.com +cdn.printfriendly.com +cdn.softlayer.net +cdp1989.org +cdp1998.org +cdp2006.org +cdpa.url.tw +cdpeu.org +cdp.sinica.edu.tw +cdpusa.org +cdpweb.org +cdpwu.org +cdw.com +cecc.gov +cellulo.info +cenci.tk +cenews.eu +centauro.com.br +centerforhumanreprod.com +centralnation.com +centurys.net +certificate.revocationcheck.com +certificate-transparency.org +c-est-simple.com +cfhks.org.hk +cftfc.com +cgdepot.org +cgst.edu +chandoo.org +changeip.name +changeip.net +changeip.org +change.org +changp.com +changsa.net +chaos.e-spacy.com +chapm25.com +chartbeat.net +chatnook.com +chaturbate.com +chengmingmag.com +chenguangcheng.com +chenpokong.com +chenpokong.net +chenyehao.spaces.live.com +cherrysave.com +chevronwp7.com +chhongbi.org +chicagoncmtv.com +china101.com +china18.org +china21.com +china21.org +china5000.us +chinaaffairs.org +chinaaid.me +chinaaid.net +chinaaid.org +chinaaid.us +chinachange.org +chinachannel.hk +chinacitynews.be +chinacomments.org +chinadialogue.net +chinadigitaltimes.net +chinaelections.org +chinaeweekly.com +chinafreepress.org +chinagate.com +chinageeks.org +chinagfw.org +chinagreenparty.org +china-green-party.spaces.live.com +china.hket.com +chinahorizon.org +chinahush.com +chinainperspective.com +chinainperspective.net +chinainperspective.org +chinainterimgov.org +chinalaborwatch.org +chinalawandpolicy.com +chinalawtranslate.com +china-mmm.jp.net +china-mmm.net +china-mmm.sa.com +chinamule.com +chinamz.org +chinapress.com.my +chinarightsia.org +chinasocialdemocraticparty.com +chinaso.com +chinasoul.org +chinasucks.net +chinatimes.com +chinatopsex.com +chinatown.com.au +chinatweeps.com +chinaway.org +china-week.com +chinaworker.info +chinaxchina.com +chinayouth.org.hk +chinayuanmin.org +chinesedaily.com +chinesedailynews.com +chinesedemocracy.com +chinese.engadget.com +chinesegay.org +chinese-hermit.net +chinese.irib.ir +chinese-leaders.org +chinese-memorial.org +chinesen.de +chinesenewsnet.com +chinesepen.org +chinese.soifind.com +chinesetalks.net +chingcheong.com +chinman.net +chithu.org +chn.chosun.com +chrdnet.com +chrispederick.com +chrispederick.net +christianfreedom.org +christianstudy.com +christiantimes.org.hk +christusrex.org +chrlawyers.hk +chrlcg-hk.org +chromeadblock.com +chromecast.com +chrome.com +chromeexperiments.com +chromercise.com +chromestatus.com +chromium.org +ch.shvoong.com +chuang-yen.org +chubun.com +chuizi.net +cineastentreff.de +cipfg.org +circlethebayfortibet.org +citizenlab.org +citizenscommission.hk +citizensradio.org +city365.ca +city9x.com +civicparty.hk +civilhrfront.org +civiliangunner.com +civilmedia.tw +cjb.net +ck101.com +classicalguitarblog.net +clb.org.hk +cl.d0z.net +cleansite.biz +cleansite.info +cleansite.us +clearharmony.net +clearwisdom.net +clementine-player.org +clientsfromhell.net +cling.omy.sg +clinica-tibet.ru +clipfish.de +cl.ly +cloakpoint.com +cloudfront.net +club1069.com +cmi.org.tw +cmp.hku.hk +cms.gov +cmule.com +cmule.org +cn2.streetvoice.com +cn6.eu +cnabc.com +cna.com.tw +cnavista.com.tw +cn.dayabook.com +cnd.org +cnex.org.cn +cn.fmnnow.com +cn.freeones.com +cn.ibtimes.com +cnineu.com +cnn.com +cn.nytstyle.com +cnpolitics.org +cn-proxy.com +cnproxy.com +cn.sandscotaicentral.com +cn.shafaqna.com +cn.streetvoice.com +cn.uncyclopedia.wikia.com +cn.voa.mobi +coat.co.jp +cochina.co +cochina.org +cocoapods.org +cocoa.zonble.net +code1984.com +codeboxapp.com +codeshare.io +codeskulptor.org +collateralmurder.com +collateralmurder.org +comefromchina.com +com.google +comic-mega.me +commandarms.com +commentshk.com +communistcrimes.org +communitychoicecu.com +compileheart.com +compress.to +co.ng.mil +conoyo.com +contactmagazine.net +contests.twilio.com +convio.net +conviva.com +coobay.com +cookingtothegoodlife.com +coolaler.com +coolder.com +coolloud.org.tw +coolncute.com +corpus4u.org +corumcollege.com +cos-moe.com +cotweet.com +couchdbwiki.com +coveringweb.com +cpj.org +crackle.com +crchina.org +crd-net.org +creaders.net +creadersnet.com +cristyli.com +crocotube.com +crossfire.co.kr +crossthewall.net +csdparty.com +c-spanvideo.org +css.pixnet.in +csuchen.de +ctao.org +ctfriend.net +ctitv.com.tw +cts.com.tw +cubicle17.com +cuhkacs.org +cuihua.org +cuiweiping.net +culture.tw +cumlouder.com +curvefish.com +cusu.hk +cw.com.tw +cyanogenmod.org +cyberghost.natado.com +cyberghostvpn.com +cydia.ifuckgfw.com +cynscribe.com +cytode.us +d100.net +d2bay.com +dabr.co.uk +dabr.eu +dabr.me +dabr.mobi +dadazim.com +dadi360.com +dafagood.com +dafahao.com +daidostup.ru +dailidaili.com +dailymotion.com +dailynews.sina.com +daiphapinfo.net +dajiyuan.com +dajiyuan.de +dajiyuan.eu +dajusha.baywords.com +dalailama80.org +dalailama-archives.org +dalailamacenter.org +dalailama.com +dalailamafellows.org +dalailamafilm.com +dalailamafoundation.org +dalailamahindi.com +dalailamainaustralia.org +dalailamajapanese.com +dalailama.mn +dalailamaprotesters.info +dalailamaquotes.org +dalailama.ru +dalailamatrust.org +dalailama.usc.edu +dalailamavisit.org.nz +dalailamaworld.com +dalianmeng.org +daliulian.org +danke4china.net +danwei.org +daodu14.jigsy.com +daolan.net +darktech.org +darktoy.net +darpa.mil +dastrassi.org +data-vocabulary.org +date.fm +david-kilgour.com +davidslog.com +daxa.cn +dayaarmongol.ning.com +daylife.com +db.tt +dcard.tw +dcmilitary.com +ddc.com.tw +ddhw.info +ddns.info +ddns.me.uk +ddns.mobi +ddns.ms +ddns.name +ddns.net +ddns.us +deaftone.com +deck.ly +decodet.co +deepmind.com +default.secureserver.net +definebabe.com +deja.com +delcamp.net +delicious.com +democrats.org +demo.opera-mini.net +derekhsu.homeip.net +de-sci.org +desc.se +designerol.com +desipro.de +dessci.com +destiny.xfiles.to +destroy-china.jp +deutsche-welle.de +dev102.com +developers.box.net +deviantart.com +deviantart.net +devio.us +devpn.com +dfas.mil +dfn.org +dharamsalanet.com +dharmakara.net +dhcp.biz +diaoyuislands.org +digisfera.com +digitalnomadsproject.org +diigo.com +dilber.se +dipity.com +directcreative.com +discuss4u.com +discuss.com.hk +dish.com +disp.cc +disqus.com +dit-inc.us +dizhidizhi.com +dizhuzhishang.com +djangosnippets.org +djorz.com +dl.box.net +dl-laby.jp +dl.playstation.net +dlsite.com +dmcdn.net +dmm.co.jp +dns04.com +dns05.com +dns1.us +dns2go.com +dns2.us +dnscrypt.org +dns-dns.com +dnset.com +dnsrd.com +dnssec.net +dns-stuff.com +docstoc.com +doctorvoice.org +dojin.com +dok-forum.net +dolc.de +dolf.org.hk +dollf.com +domain.club.tw +domainhelp.search.com +domains.google +domaintoday.com.au +dongde.com +dongtaiwang.com +dongtaiwang.net +dongyangjing.com +dontfilter.us +dontmovetochina.com +dorjeshugden.com +dotheyfolloweachother.com +dotplane.com +dotsub.com +doubleaf.com +doubleclick.net +dougscripts.com +doujincafe.com +dowei.org +download.aircrack-ng.org +download.ithome.com.tw +download.syniumsoftware.com +doxygen.org +dphk.org +dpp.org.tw +dpr.info +dragonsprings.org +draw.io +dreammask.org +drepung.org +drewolanoff.com +drgan.net +drmingxia.org +dropbox.com +dropboxusercontent.com +drsunacademy.com +drtuber.com +dscn.info +dsmtp.com +dstk.dk +dtdns.net +dtiblog.com +dtic.mil +dtiserv2.com +dtwang.org +duanzhihu.com +duckdns.org +duckduckgo.com +duckload.com +duckmylife.com +duga.jp +duihuahrjournal.org +duihua.org +dumb1.com +duoweitimes.com +duping.net +duplicati.com +dupola.com +dupola.net +dushi.ca +dvorak.org +dw.com +dw.de +dwnews.com +dwnews.net +dw-world.com +dw-world.de +dy24k.info +dynamicdns.biz +dynamicdns.co.uk +dynamicdns.me.uk +dynamic-dns.net +dynamicdns.org.uk +dynawebinc.com +dyndns.org +dyndns.pro +dynssl.com +dzze.com +e123.hk +eamonnbrennan.com +earlytibet.com +earthcam.com +earthquake.usgs.gov +earthvpn.com +eastern-ark.com +easternlightning.org +eastturkestan.com +eastturkistancc.org +eastturkistangovernmentinexile.us +eastturkistan-gov.org +easyca.ca +easypic.com +easy-share.com +ebony-beauty.com +ebookbrowse.com +ebookee.com +ebook.hyread.com.tw +ecfa.org.tw +echofon.com +e-classical.com.tw +ecministry.net +economist.com +edgecastcdn.net +edicypages.com +edmontonchina.cn +edmontonservice.com +edns.biz +edoors.com +edubridge.com +edupro.org +eesti.ee +eevpn.com +efcc.org.hk +effers.com +efksoft.com +efmoe.com +efukt.com +e-gold.com +eic-av.com +e-info.org.tw +eisbb.com +eksisozluk.com +electionsmeter.com +elephantvpn.com +elgoog.im +elpais.com +eltondisney.com +emacsblog.org +embr.in +emilylau.org.hk +emory.edu +empfil.com +emule-ed2k.com +emulefans.com +emuparadise.me +enewstree.com +enfal.de +en.favotter.net +englishforeveryone.org +englishfromengland.co.uk +englishpen.org +en.hao123.com +enlighten.org.tw +entermap.com +entnt.com +epac.to +episcopalchurch.org +epochhk.com +epochtimes-bg.com +epochtimes.co.il +epochtimes.co.kr +epochtimes.com +epochtimes.cz +epochtimes.de +epochtimes.fr +epochtimes.ie +epochtimes.it +epochtimes.jp +epochtimes-romania.com +epochtimes.ru +epochtimes.se +epochtimestr.com +epochweek.com +epochweekly.com +eporner.com +equinenow.com +erabaru.net +eraysoft.com.tr +erepublik.com +erepublik.net +erights.net +eriversoft.com +erktv.com +ernestmandel.org +erodaizensyu.com +erodoujinworld.com +eromangadouzin.com +eromanga-kingdom.com +eromon.net +eroprofile.com +eroticsaloon.net +esmtp.biz +etaa.org.au +etaiwannews.com +etizer.org +etokki.com +etools.ncol.com +etowns.net +etowns.org +e-traderland.net +ettoday.net +etvonline.hk +eucasino.com +eulam.com +eu.org +evchk.wikia.com +eventful.com +everyday-carry.com +evschool.net +exblog.jp +exchristian.hk +exmormon.org +expatshield.com +expekt.com +experts-univers.com +exploader.net +expressvpn.com +extmatrix.com +extremetube.com +eyespirit.info +eyevio.jp +eyny.com +ezpc.tk +ezpeer.com +ezua.com +facebook.br +facebook.com +facebook.design +facebook.hu +facebook.in +facebook.net +facebook.nl +facebookquotes4u.com +facebook.se +faceless.me +facesofnyfw.com +facesoftibetanselfimmolators.info +fail.hk +faith100.org +faithfuleye.com +faiththedog.info +fakku.net +falsefire.com +falunart.org +falunasia.info +falun.caltech.edu +falun-co.org +falundafa-dc.org +falundafa-florida.org +falundafaindia.org +falundafamuseum.org +falundafa-nc.org +falundafa.org +falundafa-pa.net +falungong.de +falungong.org.uk +falunhr.org +faluninfo.de +faluninfo.net +falun-ny.net +falunpilipinas.net +falunworld.net +familyfed.org +famunion.com +fangbinxing.com +fangeming.com +fanglizhi.info +fangmincn.org +fangong.forums-free.com +fangongheike.com +fangong.org +fan-qiang.com +fanqianghou.com +fanqiang.tk +fanqiangyakexi.net +fanqiangzhe.com +fanswong.com +fanyue.info +fapdu.com +faproxy.com +faqserv.com +fartit.com +farwestchina.com +farxian.com +fastpic.ru +fastssh.com +faststone.org +fast.wistia.com +favorious.com +favstar.fm +fawanghuihui.org +faydao.com +fbcdn.net +fb.com +fb.me +fbsbx.com +fc2blog.net +fc2china.com +fc2cn.com +fc2.com +fdc89.jp +feedbooks.mobi +feedburner.com +feeds.fileforum.com +feedzshare.com +feelssh.com +feer.com +feifeiss.com +feitianacademy.org +feitian-california.org +felixcat.net +feministteacher.com +fengzhenghu.com +fengzhenghu.net +fetchvideo.com +fevernet.com +fffff.at +ff.im +fflick.com +fgmtv.net +fgmtv.org +fhreports.net +filefactory.com +fileflyer.com +files2me.com +fileserve.com +filesor.com +fillthesquare.org +filmingfortibet.org +filthdump.com +finalion.jp +financetwitter.com +finchvpn.com +findbook.tw +findmespot.com +findmima.com +fingerdaily.com +finler.net +firefoxfan.cc +fireofliberty.org +firetweet.io +firstfivefollowers.com +flagsonline.it +flecheinthepeche.fr +fleshbot.com +fleursdeslettres.com +flgg.us +flickr.com +flickrhivemind.net +flightcaster.com +fling.com +flipboard.com +flipkart.com +flitto.com +flnet.org +flowerofhappiness.spaces.live.com +fochk.org +focustaiwan.tw +focusvpn.com +fofg-europe.net +fofg.org +fofldfradio.org +fooooo.com +footwiball.com +forum4hk.com +forum.baby-kingdom.com +forum.cyberctm.com +forum.idsam.com +forum.iset.com.tw +forum.my903.com +forum.mymaji.com +forum.newsgroup.la +forum.omy.sg +forum.palmislife.com +forum.setty.com.tw +forum.sina.com.hk +forum.slime.com.tw +forum.tvb.com +fotile.me +fotop.net +fourface.nodesnoop.com +fourthinternational.org +foxdie.us +foxgay.com +foxsub.com +foxtang.com +fpmtmexico.org +fpmt.org +fpmt-osel.org +fpmt.tw +fqok.org +fqrouter.com +franklc.com +freakshare.com +fredwilson.vc +free4u.com.ar +freealim.com +freebrowser.org +freechal.com +freechina.net +freeddns.com +freedomchina.info +freedomhouse.org +freedomsherald.org +freeforums.org +freefq.com +free.fr +freefuckvids.com +freegao.com +freegateget.googlepages.com +free-gate.org +free-hada-now.org +freeilhamtohti.org +freelotto.com +freeman2.com +freemoren.com +freemorenews.com +freenet-china.org +freenetproject.org +freenewscn.com +freeopenvpn.com +freeoz.org +free-ssh.com +freessh.us +freetcp.com +freetibetanheroes.org +freetibet.net +freetibet.org +freeviewmovies.com +freevpn.me +freevpn.nl +freewallpaper4.me +freewebs.com +freeweibo.com +freewww.biz +freewww.info +freexinwen.com +freeyellow.com +freeyoutubeproxy.net +friendfeed.com +friendfeed-media.com +friends-of-tibet.org +friendsoftibet.org +fring.com +fringenetwork.com +fromchinatousa.net +frommel.net +frontlinedefenders.org +fscked.org +fsurf.com +ftchinese.com +ftp1.biz +ftpserver.biz +fucd.com +fuckcnnic.net +fuckgfw.com +fuckgfw.org +fullerconsideration.com +fulue.com +funf.tw +funkyimg.com +funp.com +fuq.com +furbo.org +furhhdl.org +furinkan.com +furl.net +futurechinaforum.org +futureme.org +futuremessage.org +fux.com +fuyindiantai.org +fuyin.net +fuyu.org.tw +fw.cm +fxnetworks.com +fzh999.com +fzh999.net +fzlm.com +g6hentai.com +gabocorp.com +gaeproxy.com +gaforum.org +galaxymacau.com +galenwu.com +galstars.net +game735.com +gamebase.com.tw +gamejolt.com +gamer.com.tw +gamez.com.tw +gamousa.com +ganges.com +gaoming.net +gaopi.net +gaozhisheng.net +gaozhisheng.org +gardennetworks.com +gardennetworks.org +gartlive.com +gather.com +gati.org.tw +gaybubble.com +gaycn.net +gaymap.cc +gaytube.com +gazotube.com +gcc.org.hk +gclooney.com +g.co +gcpnews.com +gcr.io +gdbt.net +gdzf.org +geek-art.net +geekerhome.com +geekheart.info +geekmade.co.uk +geekmanuals.com +g.e-hentai.org +gelbooru.com +generesis.com +genuitec.com +geocities.co.jp +geocities.com +geocities.jp +geohot.com +geometrictools.com +gerefoundation.org +getchu.com +getcloak.com +getcloudapp.com +get-digital-help.com +getfoxyproxy.org +getfreedur.com +getgom.com +get.how +getiton.com +getjetso.com +getlantern.org +getmdl.io +getsmartlinks.com +getsocialscope.com +gettrials.com +gettyimages.com +getuploader.com +gfbv.de +gfgold.com.hk +gfsale.com +gfw.org.ua +gfw.press +ggpht.com +ggssl.com +ghost.org +ghostpath.com +ghut.org +giga-web.jp +gigporno.ru +gimpshop.com +girlbanker.com +github.com +git.io +git-scm.com +givemesomethingtoread.com +gizlen.net +gjczz.com +glass8.eu +glennhilton.com +globaljihad.net +globalmediaoutreach.com +globalmuseumoncommunism.org +globalrescue.net +globaltm.org +globalvoicesonline.org +glock.com +gloryhole.com +glype.com +gmail.com +gmbd.cn +gmhz.org +gmll.org +gmodules.com +gmozomg.izihost.org +gnci.org.hk +go141.com +goagent.biz +goagent.codeplex.com +goagentplus.com +gobet.cc +godfootsteps.org +godns.work +godoc.org +godsdirectcontact.co.uk +godsdirectcontact.org +godsdirectcontact.org.tw +godsimmediatecontact.com +gogotunnel.com +gohappy.com.tw +gojet.krtco.com.tw +gokbayrak.com +golang.org +goldbet.com +goldbetsports.com +goldenfrog.com +goldstep.net +goldwave.com +gongmeng.info +gongm.in +gongminliliang.com +gongwt.com +gooddns.info +goodreaders.com +goodreads.com +goodtv.com.tw +goodtv.tv +goofind.com +goo.gl +googleadservices.com +google.ae +google.am +google-analytics.com +googleapis.com +googleapps.com +googleartproject.com +google.as +googleblog.com +googlebot.com +googlecapital.com +google.cat +google.cd +google.ci +googlecode.com +google.co.id +google.co.jp +google.co.kr +google.com +google.co.ma +google.com.hk +googlecommerce.com +google.com.sg +google.com.tw +google.com.uk +google.co.uk +google.de +google.dj +google.dk +googledomains.com +googledrive.com +googleearth.com +google.es +google.fi +google.fm +google.fr +google.gg +googlegroups.com +googlehosted.com +googleideas.com +google.ie +google.is +google.it +googlelabs.com +googlemail.com +google.ms +google.nl +google.no +google.nu +googleplay.com +googleplus.com +google.ro +google.sc +googlesile.com +google.sk +google.sm +googlesource.com +googlesyndication.com +googletagmanager.com +googletagservices.com +google.tk +google.to +google.tt +googleusercontent.com +googlevideo.com +google.vu +google.ws +googlezip.net +gopetition.com +go-pki.com +goproxing.net +gospelherald.com +got-game.org +gotgeeks.com +gotrusted.com +gotw.ca +gov.cn +gov.tw +gpass1.com +g-queen.com +gr8domain.biz +gr8name.biz +grammaly.com +grandtrial.org +grangorz.org +graphis.ne.jp +gravatar.com +graylog2.org +greasespot.net +greatfire.org +greatfire.us7.list-manage.com +greatfirewall.biz +great-firewall.com +greatfirewallofchina.net +greatfirewallofchina.org +great-roc.org +greatroc.org +greatroc.tw +greatzhonghua.org +greenfieldbookstore.com.hk +greenparty.org.tw +greenpeace.com.tw +greenpeace.org +greenvpn.net +greenvpn.org +groups.google.cn +gs-discuss.com +gseeker.com +gstatic.com +gtricks.com +guancha.org +guardster.com +gu-chu-sum.org +gufeng521.spaces.live.com +guishan.org +gunsamerica.com +gunsandammo.com +gun-world.net +guomin.us +guruonline.hk +gutteruncensored.com +gvlib.com +gvm.com.tw +gvt0.com +gvt1.com +gvt3.com +gwtproject.org +gyalwarinpoche.com +gyatsostudio.com +gzm.tv +gzone-anime.info +h1n1china.org +h5dm.com +h5galgame.me +hacg.club +hacg.in +hacg.li +hacg.red +hacken.cc +hackthatphone.net +hahlo.com +hakkatv.org.tw +hanunyi.com +haosou.com +happy-vpn.com +hardsextube.com +harunyahya.com +hasaowall.com +hautelookcdn.com +hautelook.com +have8.com +haygo.com +h-china.org +hdtvb.net +hdzog.com +heartyit.com +hecaitou.net +hechaji.com +hec.su +heeact.edu.tw +hegre-art.com +heix.pp.ru +heiyo.info +helloandroid.com +hellonewyork.us +helloqueer.com +hellotxt.com +hellouk.org +helpeachpeople.com +helplinfen.com +help.linksalpha.com +help.opera.com +helpster.de +helpzhuling.org +hen.bao.li +hentai.to +hentaitube.tv +hentaivideoworld.com +heqinglian.net +here4news.com +heungkongdiscuss.com +hexxeh.net +heyzo.com +hgseav.com +hhdcb3office.org +hidden-advent.org +hidecloud.com +hideipvpn.com +hideman.net +hide.me +hideme.nl +hidemyass.com +hidemycomp.com +higfw.com +highpeakspureearth.com +highrockmedia.com +hihiforum.com +hihistory.net +hiitch.com +hikinggfw.org +hilive.tv +himalayan-foundation.org +himalayanglacier.com +himemix.com +himemix.net +hi-on.org.tw +hitomi.la +hizb-ut-tahrir.info +hizb-ut-tahrir.org +hizbuttahrir.org +hjclub.info +hk01.com +hk32168.com +hkatvnews.com +hkbc.net +hkbf.org +hkbookcity.com +hkchurch.org +hkcmi.edu +hkcoc.com +hkcoc.weather.com.hk +hkdailynews.com.hk +hkday.net +hkdf.org +hkej.com +hkepc.com +hkfaa.com +hkfreezone.com +hkfront.org +hkgolden.com +hkgreenradio.org +hk.hao123img.com +hkheadline.com +hkhkhk.com +hkhrc.org.hk +hkhrm.org.hk +hkip.org.uk +hkjc.com +hk.jiepang.com +hkjp.easyweb.hk +hkjp.org +hk.knowledge.yahoo.com +hklft.com +hklts.org.hk +hk.myblog.yahoo.com +hk.news.yahoo.com +hkptu.org +hk-pub.com +hk.rd.yahoo.com +hkreporter.com +hkreporter.loved.hk +hk.search.yahoo.com +hkupop.hku.hk +hkusu.net +hk.video.news.yahoo.com +hkvwet.com +hkwcc.org.hk +hk.yahoo.com +hkzone.org +h-moe.com +hmvdigital.ca +hmvdigital.com +hnjhj.com +hnntube.com +hola.com +hola.org +holymountaincn.com +holyspiritspeaks.org +holz.byethost8.com +homedepot.com +homeperversion.com +homeservershow.com +home.sina.com +home.so-net.net.tw +honeonet.spaces.live.com +hongkongfp.com +hongmeimei.com +hongzhi.li +hootsuite.com +hoovers.com +hopto.org +hornygamer.com +hotav.tv +hotfrog.com.tw +hotgoo.com +hotpornshow.com +hotpot.hk +hotshame.com +hotspotshield.com +hotvpn.com +hougaige.com +howtoforge.com +hqcdp.org +hqjapanesesex.com +hqmovies.com +hrcchina.org +hrcir.com +hrea.org +hrichina.org +hrweb.org +hrw.org +hsjp.net +hsselite.com +hstern.net +hst.net.tw +hstt.net +htkou.net +htl.li +ht.ly +html5rocks.com +htmldog.com +https443.net +https443.org +huaglad.com +huajiadi.spaces.live.com +huanghuagang.org +huangyiyu.com +huaren.us +huaxiabao.org +huaxia-news.com +huaxin.ph +hua-yue.net +huayuworld.org +hudatoriq.web.id +hugoroy.eu +huhaitai.com +huhamhire.com +huiyi.in +hujiachina.spaces.live.com +hulkshare.com +hulu.com +huluim.com +humanities.uchicago.edu +humanrightsbriefing.org +hungerstrikeforaids.org +hung-ya.com +huping.net +hurgokbayrak.com +hurriyet.com.tr +hustlercash.com +hut2.ru +hutianyi.net +hutong9.net +huyandex.com +hwayue.org.tw +hwinfo.com +hxwq.org +hybrid-analysis.com +hyperrate.com +hypeshell.com +i1.hk +i2p2.de +i2runner.com +i818hk.com +ialmostlaugh.com +iam.soy +iask.bz +iask.ca +iav19.com +ibiblio.org +iblist.com +iblogserv-f.net +ibros.org +ibvpn.com +i-cable.com +icams.com +icij.org +icl-fi.org +icoco.com +iconpaper.org +icu-project.org +idemocracy.asia +identi.ca +id.hao123.com +idiomconnection.com +idouga.com +idreamx.com +idv.tw +ieasynews.net +ied2k.net +ieemdai.spaces.live.com +ienergy1.com +ifan.cz.cc +ifanqiang.com +ifanr.com +ifcss.org +ifjc.org +ifreewares.com +ift.tt +igcd.net +igfw.net +igmg.de +ignitedetroit.net +igoogle.com +igotmail.com.tw +igvita.com +ihakka.net +iicns.com +ikwb.com +illusionfactory.com +ilove80.be +ilovelongtoes.com +im88.tw +imageab.com +imagefap.com +imageflea.com +images.comico.tw +imageshack.us +imagevenue.com +imagezilla.net +imb.org +imgchili.net +img.ly +imkev.com +imlive.com +immoral.jp +impact.org.au +impp.mn +imrworldwide.com +im.tv +in99.org +incapdns.net +incloak.com +incredibox.fr +indiandefensenews.in +indiemerch.com +in-disguise.com +info-graf.fr +initiativesforchina.org +inkui.com +inmediahk.net +innermongolia.org +inote.tw +insecam.org +instagram.com +instanthq.com +institut-tibetain.org +interestinglaugh.com +interfaceaddiction.com +internationalrivers.org +internetdefenseleague.org +internetfreedom.org +internetpopculture.com +inxian.com +iownyour.biz +iownyour.org +ipalter.com +i-part.com.tw +ipcf.org.tw +iphone4hongkong.com +iphonehacks.com +iphonetaiwan.org +iphonix.fr +ipicture.ru +ipjetable.net +ipobar.com +iportal.me +ippotv.com +ipredator.se +iptorrents.com +iptv.com.tw +ipvanish.com +iredmail.org +ironbigfools.compython.net +ironicsoftware.com +ironpython.net +isaacmao.com +isasecret.com +is.gd +isgreat.org +islamhouse.com +islamicity.com +islamicpluralism.org +islam.org.hk +islamtoday.net +ismaelan.com +ismalltits.com +ismprofessional.net +isohunt.com +israbox.com +istars.co.nz +istiqlalhewer.com +istockphoto.com +isunaffairs.com +isuntv.com +itaboo.info +italiatibet.org +itasoftware.com +itemdb.com +ithelp.ithome.com.tw +itsaol.com +itshidden.com +itsky.it +itweet.net +iu45.com +iuhrdf.org +iuksky.com +ivacy.com +iverycd.com +ivpn.net +ixquick.com +ixxx.com +iyouport.com +izaobao.us +izlesem.org +izles.net +jamaat.org +jamyangnorbu.com +janwongphoto.com +japan-whores.com +jav68.tv +javakiba.org +javbus.com +javfor.me +javhip.com +javhub.net +javhuge.com +javlibrary.com +javmoo.com +javmoo.xyz +javseen.com +javtag.com +javzoo.com +jayparkinsonmd.com +jbtalks.cc +jbtalks.com +jbtalks.my +jcpenney.com +jdwsy.com +jeanyim.com +jetos.com +jgoodies.com +jiangweiping.com +jiaoyou8.com +jiehua.cz +jieshibaobao.com +jigong1024.com +jike.com +jimoparty.com +jinbushe.org +jingpin.org +jingsim.org +jinpianwang.com +jitouch.com +jizzthis.com +jjgirls.com +jkb.cc +jkforum.net +jkub.com +jma.go.jp +j.mp +joachims.org +jobso.tv +joeedelman.com +journalchretien.net +journalofdemocracy.org +joymiihub.com +jp.hao123.com +jpl.nasa.gov +jpopforum.net +juhuaren.com +juliepost.com +juliereyc.com +junauza.com +june4commemoration.org +junefourth-20.net +jungleheart.com +justdied.com +justfreevpn.com +justicefortenzin.org +justpaste.it +justtristan.com +juyuange.org +juziyue.com +jwmusic.org +jyxf.net +jyzj.waqn.com +k2.xrea.com +kagyuoffice.org +kagyuoffice.org.tw +kaiyuan.de +kakao.com +kankan.today +kannewyork.com +kanshifang.com +kanzhongguo.com +kanzhongguo.eu +kaotic.com +karayou.com +karkhung.com +karmapa.org +karmapa-teachings.org +kat.cr +ka-wai.com +kawaiikawaii.jp +kba-tx.org +kcoolonline.com +kcsoftwares.com +kebrum.com +kechara.com +keepandshare.com +kendincos.net +kenengba.com +keontech.net +kepard.com +keycdn.com +khabdha.org +khatrimaza.org +khmusic.com.tw +kichiku-doujinko.com +killwall.com +kindleren.com +kingdomsalvation.org +kinghost.com +kingstone.com.tw +kink.com +kir.jp +kissbbao.cn +kissyoutube.com +kiwi.kz +kk-whys.co.jp +knowledgerush.com +kodingen.com +kompozer.net +konachan.com +koolsolutions.com +koornk.com +koranmandarin.com +ksnews.com.tw +kt.kcome.org +ktzhk.com +kui.name +kun.im +kurashsultan.com +kurtmunger.com +kusocity.com +kusos.com +kwcg.ca +kwongwah.com.my +kyohk.net +kyoyue.com +kzeng.info +labiennale.org +ladbrokes.com +la-forum.org +lagranepoca.com +lalulalu.com +lamayeshe.com +lamnia.co.uk +lamrim.com +lanterncn.cn +lantosfoundation.org +laod.cn +laogai.org +laomiu.com +laoyang.info +laptoplockdown.com +laqingdan.net +larsgeorge.com +lastcombat.com +lastfm.es +latelinenews.com +latibet.org +latimesblogs.latimes.com +lazarsearlymusic.com +ld.hao123img.com +leafyvpn.net +leecheukyan.org +lefora.com +left21.hk +legalporno.com +legaltech.law.com +leirentv.ca +leisurecafe.ca +leisurepro.com +lematin.ch +lemonde.fr +lenwhite.com +lerosua.org +lesoir.be +lesscss.org +letscorp.net +le-vpn.com +lflink.com +lflinkup.com +lflinkup.net +lflinkup.org +lhakar.org +lhasocialwork.org +liangyou.net +liansi.org +lianyue.net +liaowangxizang.net +liberal.org.hk +libertytimes.com.tw +lich355.megabyet.net +lidecheng.com +life.fly4ever.me +lighten.org.tw +like.com +limiao.net +line.me +linglingfa.com +lingvodics.com +linkideo.com +linkuswell.com +linuxconfig.org +linux-engineer.net +linux.org.hk +linuxreviews.org +linuxtoy.org +lionsroar.com +lipuman.com +listentoyoutube.com +list.ly +listorious.com +lists.debian.org +lists.w3.org +littlebigdetails.com +liudejun.com +liuhanyu.com +liujianshu.com +liu.lu +liuxiaotong.com +livedoor.jp +liveleak.com +livestation.com +livestream.com +livevideo.com +livingonline.us +livingstream.com +liwangyang.com +lizhizhuangbi.com +lkcn.net +load.to +lobsangwangyal.com +localdomain.ws +localpresshk.com +lockdown.com +lockestek.com +lofi.e-hentai.org +logbot.net +logiqx.com +logmike.com +londonchinese.ca +london.neighborhoodr.com +longhair.hk +longmusic.com +longtermly.net +longtoes.com +lookatgame.com +lookingglasstheatre.org +lookpic.com +looktoronto.com +lotuslight.org.hk +lotuslight.org.tw +lovequicksilver.com +lovesphinx.tk +lovetvshow.com +lpsg.com +lrfz.com +lrip.org +lsd.org.hk +lsforum.net +lsmchinese.org +lsmkorean.org +lsm.org +lsmwebcast.com +lsxszzg.com +ltn.com.tw +lua.org +lua-users.org +luke54.com +luke54.org +lupm.org +lushstories.com +luxebc.com +lvhai.org +lvv2.com +lyfhk.net +lyricsquote.com +macgamestore.com +macrovpn.com +macts.com.tw +mad-ar.ch +madewithcode.com +madmenunbuttoned.com +madonna-av.com +madthumbs.com +magic-net.info +mahabodhi.org +ma.hao123.com +maiio.net +mail-archive.com +maildns.xyz +maiplus.com +maizhong.org +makemymood.com +makzhou.warehouse333.com +malaysiakini.com +mangafox.com +mangafox.me +maniash.com +manicur4ik.ru +mansion.com +mansionpoker.com +maplew.com +marc.info +marco.org +marguerite.su +marines.mil +markmilian.com +martau.com +martincartoons.com +martsangkagyuofficial.org +maruta.be +marxist.com +marxist.net +marxists.org +mashable.com +mash.to +maskedip.com +matainja.com +mathable.io +mathiew-badimon.com +matome-plus.com +matome-plus.net +matsushimakaede.com +mattwilcox.net +maturejp.com +maxgif.com +maxing.jp +mayimayi.com +mcadforums.com +mcaf.ee +mcfog.com +mcreasite.com +md-t.org +mediachinese.com +mediafire.com +mediafreakcity.com +media.org.hk +medium.com +meetup.com +mefeedia.com +mefound.com +megaporn.com +megaproxy.com +megarotic.com +megavideo.com +megurineluka.com +meirixiaochao.com +melon-peach.com +meltoday.com +memedia.cn +memehk.com +meme.yahoo.com +memorybbs.com +memrijttm.org +memri.org +mercyprophet.org +meridian-trust.org +meripet.biz +meripet.com +merit-times.com.tw +meshrep.com +mesotw.com +messenger.com +metacafe.com +metarthunter.com +meteorshowersonline.com +metrolife.ca +metroradio.com.hk +meyou.jp +meyul.com +mfxmedia.com +mgoon.com +mgstage.com +mh4u.org +m.hkgalden.com +mhradio.org +michaelanti.com +michaelmarketl.com +middle-way.net +mihk.hk +mihr.com +mihua.org +mike.cz.cc +mikesoltys.com +milph.net +milsurps.com +mimiai.net +mimivip.com +mimivv.com +mindrolling.org +minghui-a.org +minghui-b.org +minghui.org +minghui.or.kr +minghui-school.org +mingjinglishi.com +mingjingnews.com +mingjingtimes.com +mingpaocanada.com +mingpao.com +mingpaomonthly.com +mingpaonews.com +mingpaony.com +mingpaosf.com +mingpaotor.com +mingpaovan.com +mingshengbao.com +minhhue.net +miniforum.org +minimalmac.com +mininova.org +ministrybooks.org +minzhuhua.net +minzhuzhanxian.com +minzhuzhongguo.org +miroguide.com +mirrorbooks.com +mitao.com.tw +mitbbs.com +mixedmedialabs.com +mixero.com +mixpod.com +mixx.com +mizzmona.com +mk5000.com +mlcool.com +mmaaxx.com +m.me +mmmca.com +mobatek.net +mobile01.com +mobileways.de +mobypicture.com +moby.to +modfetish.com +moeerolibrary.com +mofaxiehui.com +mofos.com +mog.com +molihua.org +mondex.org +moneyhome.biz +mo.nightlife141.com +monitorchina.org +monster.com +moodyz.com +moonbbs.com +morningsun.org +moroneta.com +motherless.com +motor4ik.ru +m.oulove.org +mousebreaker.com +movabletype.com +movements.org +moviefap.com +mp3buscador.com +mp3ye.eu +mpettis.com +mpfinance.com +mpinews.com +m.plixi.com +mponline.hk +mrbasic.com +mrbonus.com +mrdoob.com +mrface.com +mrslove.com +mrtweet.com +msguancha.com +m.slandr.net +mswe1.org +m-team.cc +mthruf.com +m.tweete.net +mtw.tl +muchosucko.com +mullvad.net +multiply.com +multiproxy.org +multiupload.com +mummysgold.com +muouju.com +murmur.tw +muselinks.co.jp +musicade.net +muslimvideo.com +muzi.com +muzi.net +muzu.tv +mvg.jp +mx981.com +mx.hao123.com +my03.com +myactimes.com +my-addr.com +myaudiocast.com +myav.com.tw +mybbs.us +myboooks.googlepages.com +myca168.com +mychinamyhome.com +mychinanet.com +mychinanews.com +mycnnews.com +mydad.info +myddns.com +myeasytv.com +myeclipseide.com +my-formosa.com +myforum.com.hk +myforum.com.uk +myfreecams.com +myfreepaysite.com +myfreshnet.com +myftp.info +myftp.name +my.keso.cn +mykomica.org +mylftv.com +my.mail.ru +mymom.info +mymusic.net.tw +mynetav.net +mynetav.org +mynumber.org +myopenid.com +my.opera.com +myparagliding.com +mypicture.info +mypop3.net +mypop3.org +mypopescu.com +my-private-network.co.uk +my-proxy.com +mysecondarydns.com +myshare.url.com.tw +mysinablog.com +myspace.com +mytalkbox.com +mytizi.com +mywww.biz +myz.info +naacoalition.org +naitik.net +nakido.com +nalandabodhi.org +nalandawest.org +namgyalmonastery.org +namgyal.org +namsisi.com +nanyang.com +nanyangpost.com +nanzao.com +naol.ca +national-lottery.co.uk +nationwide.com +naughtyamerica.com +navicat.com +navigeaters.com +navy.mil +nbtvpn.com +nccwatch.org.tw +nch.com.tw +ncn.org +nde.de +ndr.de +ned.org +nekoslovakia.net +netbirds.com +netcolony.com +netflix.com +netme.cc +netsneak.com +network54.com +networkedblogs.com +neverforget8964.org +new-3lunch.net +new96.ca +new-akiba.com +newcenturymc.com +newcenturynews.com +newchen.com +newgrounds.com +newipnow.com +newlandmagazine.com.au +newnews.ca +news100.com.tw +newsancai.com +news.atebits.com +newscn.org +news.cnyes.com +newsdh.com +news.ghostery.com +news.hk.msn.com +news.hkpeanut.com +newsminer.com +news.msn.com.tw +news.now.com +news.omy.sg +newspeak.cc +newspp.org +news.sina.com.hk +news.sinchew.com.my +news.singtao.ca +newstamago.com +newstapa.org +newstarnet.com +news.tvbs.com.tw +newtaiwan.com.tw +newtalk.tw +newyorktimes.com +nexon.com +next11.co.jp +nextmag.com.tw +nextmedia.com +nexton-net.jp +nexttv.com.tw +nf.id.au +nga.mil +ngensis.com +nhentai.net +nic.cz.cc +nic.google +nicovideo.tw +nighost.org +ninecommentaries.com +ninjacloak.com +ninjaproxy.ninja +nintendium.com +nintendowifi.net +ninth.biz +niusnews.com +njactb.org +njuice.com +nlfreevpn.com +nobelprize.org +nobel.se +nobodycanstop.us +no-ip.org +nokogiri.org +nokola.com +noobbox.com +noodlevpn.com +norbulingka.org +nordstrom.com +nordstromimage.com +nordstromrack.com +nordvpn.com +notes.alexdong.com +nottinghampost.com +novelasia.com +nownews.com +nowtorrents.com +noypf.com +npa.go.jp +npnt.me +nps.gov +nrk.no +ns01.biz +ns01.info +ns01.us +ns02.biz +ns02.info +ns02.us +ns1.name +ns2.name +ns3.name +ntd.tv +ntdtv.ca +ntdtv.co +ntdtv.co.kr +ntdtv.com +ntdtv.cz +ntdtvla.com +ntdtv.org +ntdtv.ru +ntrfun.com +nubiles.net +nuexpo.com +nukistream.com +nurgo-software.com +nusatrip.com +nuuvem.com +nuvid.com +nuzcom.com +nvquan.org +nwtca.org +nyaa.eu +nyaa.se +nydus.ca +nylon-angel.com +nylonstockingsonline.com +nysingtao.com +ny.stgloballink.com +nytco.com +nyt.com +nytimes.com +nytimg.com +ny.visiontimes.com +nzchinese.com +nzchinese.net.nz +observechina.net +obutu.com +ocaspro.com +occupytiananmen.com +oclp.hk +ocreampies.com +ocry.com +october-review.org +oculus.com +offbeatchina.com +officeoftibet.com +ogaoga.org +oikos.com.tw +oiktv.com +oizoblog.com +okayfreedom.com +okk.tw +old-cat.net +old.nabble.com +olumpo.com +olympicwatch.org +omgili.com +omni7.jp +omnitalk.com +omnitalk.org +on2.com +on.cc +onedrive.live.com +onedumb.com +one.xthost.info +onion.city +onlinecha.com +online.recoveryversion.org +onlineyoutube.com +onlylady.cn +onmoon.com +onmoon.net +onmypc.biz +onmypc.info +onmypc.net +onmypc.org +onmypc.us +onthehunt.com +ontrac.com +oopsforum.com +ooyala.com +openallweb.com +open.com.hk +opendemocracy.net +opendn.xyz +openervpn.in +openid.net +openleaks.org +openvpn.net +openvpn.org +openwebster.com +opml.radiotime.com +opnir.com +organcare.org.tw +organharvestinvestigation.net +organiccrap.com +orgfree.com +orientaldaily.com.my +orient-doll.com +orn.jp +orzistic.org +osfoora.com +otnd.org +otto.de +otzo.com +ourdearamy.com +ourhobby.com +oursogo.com +oursteps.com.au +oursweb.net +ourtv.hk +overlapr.com +overplay.net +oversea.istarshine.com +owl.li +ow.ly +oyax.com +ozchinese.com +ozxw.com +ozyoyo.com +pachosting.com +pacificpoker.com +packages.debian.org +packetix.net +pacopacomama.com +padmanet.com +page2rss.com +page.bid.yahoo.com +pagodabox.com +paint.net +palacemoon.com +paldengyal.com +paljorpublications.com +paltalk.com +panacom.co.jp +panamapapers.sueddeutsche.de +pandapow.net +pandavpn-jp.com +pandora.com +pandora.tv +panluan.net +panoramio.com +pao-pao.net +paperb.us +paper.li +paper-replika.com +parade.com +paradisepoker.com +parislemon.com +parkansky.com +partycasino.com +partypoker.com +passion.com +passiontimes.hk +pastebin.com +pastie.org +pbs.org +pbwiki.com +pbworks.com +pbxes.com +pbxes.org +pcanywhere.net +pcdiscuss.com +pcdvd.com.tw +pchome.com.tw +pcij.org +pct.org.tw +pcworld.com +pdetails.com +pdproxy.com +pds.nasa.gov +peace.ca +peacefire.org +peacehall.com +pearlher.org +peeasian.com +peerpong.com +pekingduck.org +pemulihan.or.id +penchinese.com +penchinese.net +pengyulong.com +pen.io +penisbot.com +penthouse.com +peoplebookcafe.com +peoplenews.tw +peopo.org +percy.in +perfectgirls.net +perfectvpn.net +perfspot.com +perlhowto.com +persecutionblog.com +pfd.org.hk +phapluan.org +phayul.com +philborges.com +philly.com +phncdn.com +phosphation13.rssing.com +photodharma.net +photofocus.com +photos.dailyme.com +photo.utom.us +phuquocservices.com +picasaweb.com +picidae.net +picturesocial.com +pidown.com +pign.net +pimg.tw +pin6.com +ping.fm +pinoy-n.com +pioneer-worker.forums-free.com +piposay.com +piraattilahti.org +piring.com +pixanalytics.com +pixelqi.com +pixfs.net +pixnet.cc +pixnet.net +pixplug.in +pk.com +placemix.com +planetsuzy.org +playboy.com +playboyplus.com +playno1.com +playpcesor.com +plays.com.tw +plm.org.hk +plunder.com +plurk.com +plurktop.mmdays.com +plus28.com +plusbb.com +pmatehunter.com +pmates.com +po2b.com +podictionary.com +pokerstars.com +pokerstars.net +politicalchina.org +politicalconsultation.org +polymerhk.com +polymer-project.org +popo.tw +popvote.hk +popyard.com +popyard.org +porn2.com +porn5.com +pornbase.org +porn.com +pornerbros.com +pornhd.com +pornhost.com +pornhub.com +pornmm.net +pornoxo.com +pornrapidshare.com +pornsharing.com +pornstarclub.com +porntube.com +porntubenews.com +porntvblog.com +pornvisit.com +port25.biz +portablevpn.nl +portis21.spaces.live.com +pose.com +poskotanews.com +post852.com +postadult.com +post.anyu.org +posterous.com +postimg.org +post.ly +power.com +powercx.com +powerphoto.org +prayforchina.net +premeforwindows7.com +presentationzen.com +prestige-av.com +previewshots.com +prisoneralert.com +pritunl.com +privacybox.de +privateinternetaccess.com +privatepaste.com +privatetunnel.com +privatevpn.com +procopytips.com +program-think.spaces.live.com +prosiben.de +provideocoalition.com +provpnaccounts.com +proxfree.com +proxifier.com +proxomitron.info +proxpn.com +proxyanonimo.es +proxydns.com +proxylist.org.uk +proxynetwork.org.uk +proxy.org +proxypy.net +proxyroad.com +proxytunnel.net +proyectoclubes.com +prozz.net +psblog.name +psiphon3.com +psiphon.ca +psiphon.civisec.org +pts.org.tw +ptt.cc +pttvan.org +pubu.com.tw +puffinbrowser.com +puffstore.com +pullfolio.com +pulse.yahoo.com +pure18.com +pureconcepts.net +pureinsight.org +purepdf.com +purevpn.com +purplelotus.org +pussyspace.com +putihome.org +putlocker.com +putty.org +puuko.com +pwned.com +python.com +python.com.tw +qanote.com +qgirl.com.tw +qhigh.com +qidian.ca +qienkuen.org +qi-gong.me +qiwen.lu +qixianglu.cn +qkshare.com +qoos.com +qpoe.com +qq.co.za +qstatus.com +qtrac.eu +qtweeter.com +quadedge.com +questvisual.com +quitccp.net +quitccp.org +quran.com +quranexplorer.com +qusi8.net +qvodzy.org +qxbbs.org +r18.com +radicalparty.org +radiko.jp +radioaustralia.net.au +radiohilight.net +radiovaticana.org +radiovncr.com +rael.org +ra.gg +raggedbanner.com +raidcall.com.tw +raidtalk.com.tw +raizoji.or.jp +rangwang.biz +rangzen.com +rangzen.net +rangzen.org +ranyunfei.com +rapbull.net +rapidmoviez.com +rapidshare8.com +rapidsharedata.com +rapidvpn.com +raremovie.cc +raremovie.net +rayfme.com +razyboard.com +rcinet.ca +rconversation.blogs.com +rd.com +rdio.com +read100.com +readingtimes.com.tw +readmoo.com +readydown.com +realcourage.org +realforum.zkiz.com +realraptalk.com +rebatesrule.net +recaptcha.net +recordhistory.org +recovery.org.tw +recoveryversion.com.tw +redchinacn.net +redchinacn.org +redhotlabs.com +redtube.com +referer.us +reflectivecode.com +registry.google +relaxbbs.com +relay.com.tw +releaseinternational.org +religioustolerance.org +renminbao.com +renyurenquan.org +retweeteffect.com +retweetist.com +retweetrank.com +reuters.com +revleft.com +revsci.net +revver.com +rfachina.com +rfamobile.org +rfa.org +rfaweb.org +rferl.org +rfi.fr +rhcloud.com +rigpa.org +riku.me +rileyguide.com +ritouki.jp +rlwlw.com +rmjdw132.info +rmjdw.com +rnw.nl +roadshow.hk +robtex.com +robustnessiskey.com +rocket-inc.net +rocmp.org +roc-taiwan.org +rojo.com +rolia.net +ronjoneswriter.com +roodo.com +rosechina.net +rotten.com +rsf-chinese.org +rsf.org +rsgamen.org +rssmeme.com +rtalabel.org +rthk.hk +rthk.org.hk +rti.org.tw +rtycminnesota.org +ruanyifeng.com +rukor.org +rushbee.com +rutube.ru +ruyiseek.com +rxhj.net +s1heng.com +s1.nudezz.com +s1s1s1.com +s8forum.com +sacom.hk +sadistic-v.com +sadpanda.us +safervpn.com +sa.hao123.com +saiq.me +sakuralive.com +sakya.org +salvation.org.hk +samair.ru +sambhota.org +sammyjs.org +samsoff.es +sandnoble.com +sankaizok.com +sanmin.com.tw +sapikachu.net +savemedia.com +savetibet.de +savetibet.fr +savetibet.nl +savetibet.org +savetibet.ru +savevid.com +say2.info +sbme.me +scanscout.com +scasino.com +schema.org +sciencenets.com +scieron.com +scihub.org +scmpchinese.com +scmp.com +scorecardresearch.com +scramble.io +scribd.com +scriptspot.com +s-cute.com +s-dragon.org +seapuff.com +search.aol.com +search.disconnect.me +searchtruth.com +secretchina.com +secretgarden.no +secretsline.biz +secure.hustler.com +secure.logmein.com +securetunnel.com +secure.wikimedia.org +securitykiss.com +seesmic.com +seevpn.com +seezone.net +sejie.com +sellclassics.com +sendoid.com +sendsmtp.com +sendspace.com +serveuser.com +serveusers.com +sesawe.net +sesawe.org +sethwklein.net +setn.com +sevenload.com +sex-11.com +sex3.com +sex8.cc +sexandsubmission.com +sexbot.com +sex.com +sexhuang.com +sexhu.com +sexidude.com +sexinsex.net +sextvx.com +sexxxy.biz +sfileydy.com +sfshibao.com +sftindia.org +sftuk.org +shadow.ma +shadowsky.xyz +shadowsocks.com +shadowsocks.org +shahamat-english.com +shambhalasun.com +shangfang.org +shapeservices.com +sharebee.com +sharecool.org +share.ovi.com +share.skype.com +share.youthwant.com.tw +sharkdolphin.com +sharpdaily.com.hk +sharpdaily.hk +sharpdaily.tw +shat-tibet.com +shaunthesheep.com +sheikyermami.com +shellfire.de +shellmix.com +shenshou.org +shenyun.com +shenyunperformingarts.org +shenzhoufilm.com +sherabgyaltsen.com +shiatv.net +shicheng.org +shinychan.com +shipcamouflage.com +shitaotv.org +shixiao.org +shizhao.org +shkspr.mobi +shodanhq.com +shop2000.com.tw +shopping.com +showbiz.omy.sg +showhaotu.com +showtime.jp +shutterstock.com +shwchurch3.com +shwchurch.org +sidelinesnews.com +sidelinessportseatery.com +sijihuisuo.club +sijihuisuo.com +simplecd.me +simplecd.org +simpleproductivityblog.com +sina.com.tw +singaporepools.com.sg +singfortibet.com +singpao.com.hk +singtao.com +singularitys.spaces.live.com +sinoants.com +sinocast.com +sinocism.com +sino-monthly.com +sinomontreal.ca +sinonet.ca +sinopitt.info +sinoquebec.com +sis001.com +sis001.us +sis.xxx +site90.net +sitebro.tw +sitekreator.com +siteks.uk.to +site.locql.com +sitemaps.org +sites.google.com +sitetag.us +sixth.biz +siyi123123123.spaces.live.com +sjrt.org +sjum.cn +sketchappsources.com +skimtube.com +skybet.com +skyvegas.com +slacker.com +slavasoft.com +slaytizle.com +slheng.com +slickvpn.com +slideshare.net +slinkset.com +slutload.com +slyip.com +slyip.net +smartdnsproxy.com +smchbooks.com +smhric.org +smyxy.org +snapchat.com +snaptu.com +sndcdn.com +sneakme.net +snooper.co.uk +snowlionpub.com +sobees.com +socialwhale.com +sockscap64.com +sockslist.net +soc.mil +so.com +socrec.org +sod.co.jp +softether.co.jp +softether-download.com +softether.org +softwarebychuck.com +softwaredownload.gitbooks.io +so-ga.net +sogclub.com +sogou.com +sogrady.me +sohcradio.com +sohfrance.org +soh.tw +sokamonline.com +solarsystem.nasa.gov +solozorro.tk +somee.com +so-news.com +songjianjun.com +sonicbbs.cc +sonidodelaesperanza.org +sopcast.com +sopcast.org +sorazone.net +sorting-algorithms.com +soso.com +sos.org +sostibet.org +soubory.com +soulcaliburhentai.net +soul-plus.net +soumo.info +soundcloud.com +soundofhope.kr +soundofhope.org +soup.io +soupofmedia.com +sourceforge.net +sourcewadio.com +southnews.com.tw +sowers.org.hk +space-scape.com +spankbang.com +spankwire.com +spb.com +speakerdeck.com +speckleapp.com +specxinzl.jigsy.com +speedpluss.org +spem.at +spencertipping.com +spicevpn.com +spike.com +spinejs.com +sports.williamhill.com +spotflux.com +spotify.com +spring4u.info +springboardplatform.com +sprite.org +sproutcore.com +sproxy.info +squarespace.com +squirly.info +srcf.ucam.org +srocket.us +ssh91.com +ssl443.org +sspro.ml +sss.camp +sstatic.net +sstmlt.net +stage64.hk +standupfortibet.org +starfishfx.com +starp2p.com +startpage.com +statcounter.com +state168.com +static.comico.tw +static.digg.com +static-economist.com +staticflickr.com +statueofdemocracy.org +status.twhirl.org +stc.com.sa +steel-storm.com +stepchina.com +stephaniered.com +sthoo.com +stickam.com +stickeraction.com +stileproject.com +sto.cc +stonegames.net +stoneip.info +stoptibetcrisis.net +storagenewsletter.com +stories.google +storify.com +stormmediagroup.com +storm.mg +stoweboyd.com +stranabg.com +streamingthe.net +strongvpn.com +strongwindpress.com +studentsforafreetibet.org +student.tw +stuffimreading.com +stuffimreading.net +stumbleupon.com +stupidvideos.com +subacme.rerouted.org +sublexical.spaces.live.com +sufeng.org +sugarsync.com +sugobbs.com +suissl.com +summify.com +sumrando.com +sun1911.com +sunmedia.ca +sunporno.com +sunskyforum.com +sunvpn.net +suoluo.org +superpages.com +supervpn.net +suprememastertv.com +surfeasy.com +surfeasy.com.au +suroot.com +surrenderat20.net +suyangg.com +svwind.com +swagbucks.com +sweux.com +swift-tools.net +swissvpn.net +switch1.jp +switchvpn.net +sydneytoday.com +sylfoundation.org +syncback.com +synergyse.com +sysadmin1138.net +sysresccd.org +sytes.net +szbbs.net +szetowah.org.hk +t35.com +t66y.com +t88.ca +taa-usa.org +taaze.tw +tabtter.jp +tacem.org +taconet.com.tw +taedp.org.tw +tafaward.com +tafm.org +tagwalk.com +tagwa.org.au +tahr.org.tw +taipeisociety.org +taiwanbible.com +taiwancon.com +taiwandaily.net +taiwandc.org +taiwanembassy.org +taiwanjustice.com +taiwankiss.com +taiwannation.50webs.com +taiwannation.com +taiwannation.com.tw +taiwanncf.org.tw +taiwannews.com.tw +taiwan-sex.com +taiwantoday.tw +taiwantp.net +taiwantt.org.tw +taiwanus.net +taiwanyes.com +taiwanyes.ning.com +talk853.com +talkboxapp.com +talkonly.net +tamiaode.tk +tanc.org +tangben.com +tangren.us +taoism.net +taolun.info +tap11.com +tapanwap.com +target.com +tascn.com.au +taup.net +taweet.com +tbcollege.org +tbicn.org +tbi.org.hk +tbjyt.org +tbpic.info +tbsec.org +tbskkinabalu.page.tl +tbsmalaysia.org +tbsn.org +tbs-rainbow.org +tbsseattle.org +tbssqh.org +tbswd.org +tbtemple.org.uk +tbthouston.org +tccwonline.org +tcewf.org +tchrd.org +tcnynj.org +t.co +teamamericany.com +teamseesmic.com +teashark.com +techlifeweb.com +techparaiso.com +teck.in +teeniefuck.net +teensinasia.com +telecomspace.com +telegramdownload.com +telegram.org +telegraph.co.uk +tenacy.com +tensorflow.org +tew.org +thaicn.com +theampfactory.com +theappleblog.com +theatrum-belli.com +thebcomplex.com +theblemish.com +thebobs.com +thebodyshop-usa.com +thecenter.mit.edu +thechinabeat.org +thedailywh.at +thedalailamamovie.com +thedieline.com +thedw.us +thegatesnotes.com +thegly.com +thehots.info +thehousenews.com +thehungrydudes.com +thehun.net +theinitium.com +theinternetwishlist.com +thelifeyoucansave.com +thelius.org +thenewslens.com +thepiratebay.org +thepiratebay.se +theportalwiki.com +theqii.info +thereallove.kr +therock.net.nz +thesartorialist.com +thespeeder.com +thestandnews.com +thetibetcenter.org +thetibetconnection.org +thetibetmuseum.org +thetibetpost.com +thetrotskymovie.com +thevivekspot.com +thewgo.org +th.hao123.com +thinkingtaiwan.com +thinkwithgoogle.com +thisav.com +thisiswhyyouarefat.com +thkphoto.com +thlib.org +thomasbernhard.org +threatchaos.com +throughnightsfire.com +thumbzilla.com +thywords.com +thywords.com.tw +tiananmenduizhi.com +tiananmenmother.org +tiananmenuniv.com +tiananmenuniv.net +tiandixing.org +tianhuayuan.com +tianlawoffice.com +tiantibooks.org +tianti.io +tianzhu.org +tibet3rdpole.org +tibetaction.net +tibetaid.org +tibetalk.com +tibetanaidproject.org +tibetan-alliance.org +tibetanarts.org +tibetanbuddhistinstitute.org +tibetancommunityuk.net +tibetanculture.org +tibetanfeministcollective.org +tibetan.fr +tibetanlanguage.org +tibetanliberation.org +tibetanpaintings.com +tibetanphotoproject.com +tibetanpoliticalreview.org +tibetanreview.net +tibetanwomen.org +tibetanyouthcongress.org +tibetanyouth.org +tibet.a.se +tibet.at +tibet.ca +tibetcharity.dk +tibetcharity.in +tibetchild.org +tibetcity.com +tibetcollection.com +tibet.com +tibetcorps.org +tibet-envoy.eu +tibetexpress.net +tibetfocus.com +tibet-foundation.org +tibet.fr +tibetfund.org +tibetgermany.com +tibetgermany.de +tibethaus.com +tibetheritagefund.org +tibethouse.jp +tibethouse.org +tibet-house-trust.co.uk +tibethouse.us +tibet-info.net +tibetinfonet.net +tibet-initiative.de +tibetjustice.org +tibetkomite.dk +tibet-munich.de +tibetmuseum.org +tibet.net +tibetnetwork.org +tibet.nu +tibetoffice.ch +tibetoffice.com.au +tibetoffice.eu +tibetoffice.org +tibetonline.com +tibetonline.tv +tibetoralhistory.org +tibet.org +tibet.org.tw +tibetpolicy.eu +tibetrelieffund.co.uk +tibetsites.com +tibetsociety.com +tibetsun.com +tibetsupportgroup.org +tibetswiss.ch +tibettelegraph.com +tibettimes.net +tibet.to +tibetwrites.org +ticket.com.tw +tidyread.com +tiltbrush.com +timdir.com +time.com +times.hinet.net +timsah.com +tintuc101.com +tiny.cc +tinychat.com +tinypaste.com +tinypng.com +tistory.com +tjholowaychuk.com +tkcs-collins.com +tkforum.tk +tma.co.jp +tmagazine.com +tmdfish.com +tmi.me +tmpp.org +tnaflix.com +t.neolee.cn +tngrnow.com +tngrnow.net +tnp.org +togetter.com +toh.info +tokyo-247.com +tokyocn.com +tokyo-hot.com +tokyo-porn-tube.com +tomayko.com +tomsc.com +tongil.or.kr +tono-oka.jp +tonyyan.net +toodoc.com +toonel.net +top81.ws +topic.youthwant.com.tw +topnews.in +to-porno.com +topshare.us +topshareware.com +topstyle4.com +topsy.com +toptip.ca +tora.to +tor.blingblingsquad.net +torcn.com +torguard.net +torproject.org +torrentcrazy.com +torrentprivacy.com +torrentproject.se +torrenty.org +torrentz.eu +tor.updatestar.com +torvpn.com +t.orzdream.com +tosh.comedycentral.com +totalvpn.com +touch99.com +toutfr.com +towngain.com +toypark.in +toythieves.com +toytractorshow.com +tparents.org +tpi.org.tw +traffichaus.com +transgressionism.org +translate.google.cn +transparency.org +travelinlocal.com +treemall.com.tw +trendsmap.com +trialofccp.org +trickip.net +trickip.org +tripod.com +trouw.nl +trtc.com.tw +trt.net.tr +truebuddha-md.org +trulyergonomic.com +trustedbi.com +truth101.co.tv +truthcn.com +truthontour.org +truveo.com +tsctv.net +tsdr.uspto.gov +tsemtulku.com +tsquare.tv +tsunagarumon.com +tsu.org.tw +tt1069.com +tt-rss.org +tttan.com +tu8964.com +tuanzt.com +tubaholic.com +tube8.com +tube911.com +tubecao.com +tube.com +tubecup.com +tubegals.com +tubeislam.com +tubewolf.com +tuidang.net +tuidang.org +tuidang.se +tui.orzdream.com +tuitwit.com +tumblr.awflasher.com +tumblr.com +tumblweed.org +tumutanzi.com +tunein.com +tunnelbear.com +tuo8.cc +tuo8.club +tuo8.fit +tuo8.hk +tuo8.in +tuo8.ninja +tuo8.org +tuo8.pw +turansam.org +turbobit.net +turbohide.com +turbotwitter.com +turningtorso.com +turntable.fm +tushycash.com +tuvpn.com +tuxtraining.com +tuzaijidi.com +tvants.com +tvboxnow.com +tv.com +tvider.com +tv-intros.com +tvmost.com.hk +tvplayvideos.com +tvunetworks.com +tw01.org +twaitter.com +twapperkeeper.com +twa.sh +twaud.io +twbbs.net.tw +twbbs.org +twbbs.tw +twblogger.com +tweepguide.com +tweeplike.me +tweepmag.com +tweepml.org +tweetbackup.com +tweetboard.com +tweetboner.biz +tweetdeck.com +tweetedtimes.com +tweetmeme.com +tweetmylast.fm +tweetphoto.com +tweetrans.com +tweetree.com +tweettunnel.com +tweetwally.com +tweetymail.com +twerkingbutt.com +twftp.org +tw.gigacircle.com +tw.hao123.com +twibase.com +twibble.de +twibbon.com +twibs.com +twicsy.com +twiends.com +twifan.com +twiffo.com +twiggit.org +twilightsex.com +twilog.org +twimbow.com +twimg.com +twimg.edgesuite.net +twindexx.com +twip.me +twipple.jp +twishort.com +twistar.cc +twisterio.com +twister.net.co +twisternow.com +twistory.net +twit2d.com +twitbrowser.net +twitcause.com +twitese.spaces.live.com +twitgether.com +twitgoo.com +twitiq.com +twitlonger.com +twitmania.com +twitoaster.com +twitonmsn.com +twitpic.com +twitreferral.com +twitstat.com +twittbot.net +twitter4j.org +twitter.com +twittercounter.com +twitterfeed.com +twittergadget.com +twitter.jp +twitterkr.com +twittermail.com +twitterrific.com +twittertim.es +twitthat.com +twitturk.com +twitturly.com +twitvid.com +twitzap.com +twiyia.com +tw.jiepang.com +tw.knowledge.yahoo.com +tw.mall.yahoo.com +tw.mobi.yahoo.com +tw.myblog.yahoo.com +tw.news.yahoo.com +twnorth.org.tw +tw-npo.org +tw.rd.yahoo.com +twreg.info +twstar.net +tw.streetvoice.com +twt.fm +twtkr.com +tw.tomonews.net +twtrland.com +twt.tl +twttr.com +twurl.nl +tw.voa.mobi +twyac.org +tw.yahoo.com +txxx.com +tycool.com +tynsoe.org +typepad.com +tzangms.com +ub0.cc +ubddns.org +uberproxy.net +ucdc1998.org +uc-japan.org +uderzo.it +udn.com +uforadio.com.tw +ufreevpn.com +ugo.com +uhdwallpapers.org +uhrp.org +uighurbiz.net +uighur.narod.ru +uighur.nl +ukcdp.co.uk +ukliferadio.co.uk +ulike.net +ultravpn.fr +ultraxs.com +unblock.cn.com +unblockdmm.com +unblocksit.es +unblock-us.com +uncyclomedia.org +uncyclopedia.hk +uncyclopedia.info +uncyclopedia.tw +underwoodammo.com +unholyknight.com +uni.cc +unicode.org +unification.net +unification.org.tw +uniteddaily.com.my +unitedsocialpress.com +unix100.com +unknownspace.org +unodedos.com +unpo.org +untraceable.us +uocn.org +upcoming.yahoo.com +update.playstation.net +upholdjustice.org +upload4u.info +uploaded.to +uploadstation.com +upload.wikimedia.org +upornia.com +uproxy.org +upwill.org +ur7s.com +urbansurvival.com +urlborg.com +urlparser.com +usacn.com +usaip.eu +userapi.nytlog.com +usfk.mil +usinfo.state.gov +usma.edu +usmc.mil +us.to +ustream.tv +usus.cc +utopianpal.com +uu-gg.com +uushare.com +uvwxyz.xyz +uwants.com +uwants.net +uyghuramerican.org +uyghurcanadiansociety.org +uyghurcongress.org +uyghur.co.uk +uyghurensemble.co.uk +uyghur-j.org +uyghurpen.org +uyghurpress.com +uyghurstudies.org +uygur.org +v2ex.com +v2ray.com +v70.us +vaayoo.com +value-domain.com +van001.com +van698.com +vanemu.cn +vanilla-jp.com +vanpeople.com +vansky.com +vapurl.com +vatn.org +vcfbuilder.org +vcf-online.org +veempiire.com +vegasred.com +vegas.williamhill.com +velkaepocha.sk +venbbs.com +venchina.com +ventureswell.com +veoh.com +verizon.net +vermonttibet.org +versavpn.com +verybs.com +vevo.com +vft.com.tw +viber.com +vica.info +victimsofcommunism.org +vidble.com +video.aol.ca +video.aol.com +video.aol.co.uk +video.ap.org +videobam.com +videodetective.com +video.fdbox.com +video.foxbusiness.com +videomega.tv +videomo.com +videopediaworld.com +video.tiscali.it +video.yahoo.com +vid.me +vidoemo.com +vietdaikynguyen.com +views.fm +vijayatemple.org +viki.com +vimeocdn.com +vimeo.com +vimgolf.com +vimperator.org +vincnd.com +vinniev.com +visibletweets.com +vital247.org +viu.com +vivahentai4u.net +vivatube.com +vivthomas.com +vizvaz.com +vjmedia.com.hk +vllcs.org +vlog.xuite.net +vmixcore.com +vn.hao123.com +voa-11.akacast.akamaistream.net +voacantonese.com +voachineseblog.com +voachinese.com +voagd.com +voanews.com +voatibetan.com +voatibetanenglish.com +vocativ.com +vocn.tv +vot.org +vovo2000.com +voxer.com +voy.com +vpn4all.com +vpnaccount.org +vpnbook.com +vpncoupons.com +vpndada.com +vpnfan.com +vpnfire.com +vpnforgame.net +vpngate.jp +vpngate.net +vpngratis.net +vpnhq.com +vpninja.net +vpnmaster.com +vpnpick.com +vpnpop.com +vpnpronet.com +vpnreactor.com +vpnreviewz.com +vpnsecure.me +vpnsp.com +vpntunnel.com +vpnuk.info +vpnunlimitedapp.com +vpnvip.com +vporn.com +vpser.net +vraiesagesse.net +v-state.org +vtunnel.com +vuku.cc +w3schools.com +waffle1999.com +wahas.com +waigaobu.com +waikeung.org +waiwaier.com +wallornot.org +wallpapercasa.com +wallproxy.com +wallproxy.com.cn +waltermartin.com +waltermartin.org +wanderinghorse.net +wangafu.net +wangjinbo.org +wanglixiong.com +wango.org +wangruoshui.net +wangyi64.spaces.live.com +want-daily.com +wanz-factory.com +wapedia.mobi +warbler.iconfactory.net +waselpro.com +washeng.net +watchinese.com +watchmygf.net +wattpad.com +waveprotocol.org +wav.tv +wdf5.com +wearehairy.com +wearn.com +web2project.net +webbang.net +webevader.org +webfee.tk +webfreer.com +webjb.org +weblagu.com +webmproject.org +webrtc.org +webrush.net +webshots.com +website.informer.com +websitepulse.com +webs-tv.net +webwarper.net +webworkerdaily.com +weeewooo.net +weekmag.info +wefightcensorship.org +wefong.com +weibo.com +weiboleak.com +weiboscope.jmsc.hku.hk +weigegebyc.dreamhosters.com +weijingsheng.org +weiming.info +weiquanwang.org +weisuo.ws +wellplacedpixels.com +welovecock.com +wemigrate.org +wengewang.com +wengewang.org +wenhui.ch +wenku.com +wenxuecity.com +wenyunchao.com +wenyunchao.spaces.live.com +wepn.info +westca.com +westernshugdensociety.org +westernwolves.com +westkit.net +westpoint.edu +wetplace.com +wetpussygames.com +wexiaobo.org +wezhiyong.org +wezone.net +wforum.com +wha.la +whatblocked.com +whatbrowser.org +wheatseeds.org +wheelockslatin.com +whereiswerner.com +wheretowatch.com +whippedass.com +whitebear.freebearblog.org +whodns.xyz +whotalking.com +whydidyoubuymethat.com +whylover.com +whyx.org +w.idaiwan.com +wikaba.com +wiki.cnitter.com +wiki.gamerp.jp +wiki.jqueryui.com +wiki.keso.cn +wikileaks.ch +wikileaks.de +wikileaks.eu +wikileaks-forum.com +wikileaks.lu +wikileaks.org +wikileaks.pl +wikilivres.info +wikimapia.org +wikimedia.org.mo +wiki.moegirl.org +wikinet.org +wiki.oauth.net +wikipedia.org +wiki.phonegap.com +wikiwiki.jp +wikkii.com +wildammo.com +williamlong.spaces.live.com +willw.net +windowsphoneme.com +wingamestore.com +winning11.com +winwhispers.info +wiredbytes.com +wiredpen.com +wireshark.org +wisdompubs.org +wisevid.com +withgoogle.com +witnessleeteaching.com +witopia.net +wizcrafts.net +wjbk.org +wlcnew.jigsy.com +wlx.sowiki.net +wnacg.com +wn.com +woeser.com +wokar.org +wolfax.com +womensrightsofchina.org +woopie.jp +woopie.tv +wordboner.com +wordpress.com +wordsandturds.com +w.org +workatruna.com +workerdemo.org.hk +workersthebig.net +worldcat.org +worldjournal.com +worldvpn.net +worstthingieverate.com +wo.tc +wow.com +wowgirls.com +wowlegacy.ml +wow-life.net +wowporn.com +woxinghuiguo.com +woyaolian.org +wozy.in +wp.com +wpoforum.com +wqlhw.com +wqyd.org +wrchina.org +wretch.cc +writer.zoho.com +wsgzao.github.io +wsj.com +wsjhk.com +wsj.net +wtbn.org +wtfpeople.com +wuala.com +wuerkaixi.com +wufafangwen.com +wufi.org.tw +wuguoguang.com +wujieliulan.com +wujie.net +wukangrui.net +wwitv.com +www1.biz +www.6v6dota.com +www.ajsands.com +www.americorps.gov +www.antd.org +www.aolnews.com +www.bulbous.freeserve.co.uk +www.cmoinc.org +www.dfanning.com +www.dw.com +www.dwheeler.com +www.freetibet.org +www.getyouram.com +www.gmiddle.com +www.gmiddle.net +www.goldenmelody.com.tw +wwwhost.biz +www.idlcoyote.com +www.klip.me +www.lamenhu.com +www.linksalpha.com +www.loiclemeur.com +www.monlamit.org +www.moztw.org +www.m-sport.co.uk +www.mycould.com +www.orchidbbs.com +www.owind.com +www.oxid.it +www.powerpointninja.com +www.s4miniarchive.com +www.stackfile.com +www.supertweet.net +www.taup.org.tw +www.tiffanyarment.com +www.tv.com +www.urbanoutfitters.com +www.vegorpedersen.com +www.vpncup.com +www.wangruowang.org +www.wan-press.org +www.websnapr.com +www.wet123.com +www.zaurus.org.uk +wzyboy.im +x1949x.com +x24hr.com +x365x.com +xanga.com +x-art.com +xa.yimg.com +xbabe.com +x-berry.com +xbookcn.com +xcafe.in +xcity.jp +xcritic.com +xerotica.com +xfinity.com +xfm.pp.ru +xgmyd.com +xh4n.cn +xhamster.com +xianchawang.net +xianjian.tw +xianqiao.net +xiaochuncnjp.com +xiaod.in +xiaohexie.com +xiaolan.me +xiaoma.org +xiezhua.com +xihua.es +xing.com +xinhuanet.org +xinmiao.com.hk +xinqimeng.over-blog.com +xinsheng.net +xinshijue.com +xinyubbs.net +xiongpian.com +xiuren.org +xizang-zhiye.org +xjp.cc +xjtravelguide.com +xlfmtalk.com +xlfmwz.info +xml-training-guide.com +xmovies.com +xmusic.fm +xn--4gq171p.com +xn--p8j9a0d9c9a.xn--q9jyb4c +xnxx.com +xpdo.net +xpud.org +xrentdvd.com +xskywalker.com +xtube.com +xuchao.net +xuchao.org +xuzhiyong.net +xuzhuoer.com +xvedios.com +xvideo.cc +xvideos.com +xvideos.es +x-wall.org +xxbbx.com +xxlmovies.com +xxuz.com +xxx.com +xxxfuckmom.com +xxxx.com.au +xxxy.biz +xxxy.info +xxxymovies.com +xysblogs.org +xys.dxiong.com +xys.org +xyy69.com +xyy69.info +yahoo.cn +yahoo.com.hk +yakbutterblues.com +yam.com +yam.org.tw +yanghengjun.com +yanghengjun.spaces.live.com +yangjianli.com +yasni.co.uk +yasukuni.or.jp +ydy.com +yeahteentube.com +yecl.net +yeelou.com +yeeyi.com +yegle.net +yes123.com.tw +yesasia.com +yesasia.com.hk +yes-news.com +yes.xxx +yezimary.spaces.live.com +yfrog.com +ygto.com +yhcw.net +yibada.com +yibaochina.com +yidio.com +yilubbs.com +yingsuoss.com +yi.org +yipub.com +yobt.com +yogichen.org +yong.hu +yorkbbs.ca +youdao.com +youdontcare.com +youjizz.com +youmaker.com +youpai.org +youporn.com +youporngay.com +yourepeat.com +your-freedom.net +yourlisten.com +yourlust.com +yourprivatevpn.com +yourtrap.com +yousendit.com +youshun12.com +youthbao.com +youthnetradio.org +youtu.be +youtubecn.com +youtube.com +youtubeeducation.com +youtube-nocookie.com +youversion.com +youxu.info +ytht.net +ytimg.com +yuanming.net +yuanzhengtang.org +yulghun.com +yunchao.net +yuvutu.com +yvesgeleyn.com +yx51.net +yyii.org +yymaya.com +yzzk.com +zacebook.com +zalmos.com +zannel.com +zaobao.com +zaobao.com.sg +zaozon.com +zapto.org +zarias.com +zattoo.com +zdnet.com.tw +zello.com +zengjinyan.org +zengjinyan.spaces.live.com +zeutch.com +zfreet.com +zgsddh.com +zgzcjj.net +zhanbin.net +zhangboli.net +zhangtianliang.com +zhao.1984.city +zhao.jinhai.de +zhenghui.org +zhengwunet.org +zhenlibu1984.com +zhenlibu.info +zhenxiang.biz +zhinengluyou.com +zhllg.spaces.live.com +zh.netlog.com +zhonggtuotese.net +zhongguo.ca +zhongguorenquan.org +zhongguotese.net +zhongmeng.org +zhongsou.com +zh.pokerstrategy.com +zhreader.com +zh-tw.justin.tv +zhuanxing.cn +zhuatieba.com +zhuichaguoji.org +zh.uncyclopedia.wikia.com +zh.wikinews.org +zh.wikisource.org +zh.wikivoyage.org +zh.wiktionary.org +ziddu.com +zillionk.com +zinio.com +ziplib.com +ziporn.com +zkaip.com +zmw.cn +zomobo.net +zonaeuropa.com +zonghexinwen.com +zonghexinwen.net +zootool.com +zoozle.net +zozotown.com +zshare.net +zsrhao.com +zuobiao.me +zuo.la +zuola.com +zvereff.com +zynaima.com +zynamics.com +zyns.com +zyzc9.com +zyzg.us +zzcartoon.com +zzux.com diff --git a/package/lean/ipset-lists/files/etc/gfwlist/unblock-youku b/package/lean/ipset-lists/files/etc/gfwlist/unblock-youku new file mode 100644 index 000000000..9306dcefd --- /dev/null +++ b/package/lean/ipset-lists/files/etc/gfwlist/unblock-youku @@ -0,0 +1,95 @@ +v.youku.com +api.youku.com +v2.tudou.com +www.tudou.com +s.plcloud.music.qq.com +i.y.qq.com +hot.vrs.sohu.com +live.tv.sohu.com +pad.tv.sohu.com +my.tv.sohu.com +hot.vrs.letv.com +data.video.qiyi.com +cache.video.qiyi.com +cache.vip.qiyi.com +vv.video.qq.com +tt.video.qq.com +ice.video.qq.com +tjsa.video.qq.com +a10.video.qq.com +xyy.video.qq.com +vcq.video.qq.com +vsh.video.qq.com +vbj.video.qq.com +bobo.video.qq.com +flvs.video.qq.com +bkvv.video.qq.com +info.zb.qq.com +geo.js.kankan.xunlei.com +web-play.pptv.com +web-play.pplive.cn +dyn.ugc.pps.tv +v.pps.tv +inner.kandian.com +ipservice.163.com +so.open.163.com +zb.s.qq.com +ip.kankan.xunlei.com +vxml.56.com +music.sina.com.cn +play.baidu.com +v.iask.com +tv.weibo.com +wtv.v.iask.com +video.sina.com.cn +www.yinyuetai.com +api.letv.com +live.gslb.letv.com +static.itv.letv.com +ip.apps.cntv.cn +vdn.apps.cntv.cn +vdn.live.cntv.cn +vip.sports.cntv.cn +a.play.api.3g.youku.com +i.play.api.3g.youku.com +api.3g.youku.com +tv.api.3g.youku.com +play.api.3g.youku.com +play.api.3g.tudou.com +tv.api.3g.tudou.com +api.3g.tudou.com +api.tv.sohu.com +access.tv.sohu.com +iface.iqiyi.com +iface2.iqiyi.com +cache.m.iqiyi.com +dynamic.app.m.letv.com +dynamic.meizi.app.m.letv.com +dynamic.search.app.m.letv.com +dynamic.live.app.m.letv.com +listso.m.areainfo.ppstream.com +epg.api.pptv.com +play.api.pptv.com +m.letv.com +interface.bilibili.com +3g.music.qq.com +mqqplayer.3g.qq.com +proxy.music.qq.com +proxymc.qq.com +ip2.kugou.com +ip.kugou.com +client.api.ttpod.com +mobi.kuwo.cn +mobilefeedback.kugou.com +tingapi.ting.baidu.com +music.baidu.com +serviceinfo.sdk.duomi.com +music.163.com +www.xiami.com +spark.api.xiami.com +iplocation.geo.qiyi.com +sns.video.qq.com +v5.pc.duomi.com +tms.is.ysten.com +internal.check.duokanbox.com +openapi.youku.com diff --git a/package/lean/ipset-lists/files/etc/init.d/ipset.sh b/package/lean/ipset-lists/files/etc/init.d/ipset.sh new file mode 100755 index 000000000..55f82273b --- /dev/null +++ b/package/lean/ipset-lists/files/etc/init.d/ipset.sh @@ -0,0 +1,29 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2014 Justin Liu + +START=21 + +start() +{ + local file + for file in /etc/ipset/*; do + [ -f $file ] || continue + ipset restore < $file + done +} + +stop() +{ + local file + for file in /etc/ipset/*; do + [ -f $file ] || continue + ipset destroy `basename $file` + done +} + +restart() +{ + stop >/dev/null 2>&1 + start +} + diff --git a/package/lean/ipset-lists/files/etc/ipset/china b/package/lean/ipset-lists/files/etc/ipset/china new file mode 100644 index 000000000..03b1cc9c5 --- /dev/null +++ b/package/lean/ipset-lists/files/etc/ipset/china @@ -0,0 +1,4728 @@ +create china hash:net family inet hashsize 1024 maxelem 65536 +add china 1.0.1.0/24 +add china 1.0.2.0/23 +add china 1.0.8.0/21 +add china 1.0.32.0/19 +add china 1.1.0.0/24 +add china 1.1.2.0/23 +add china 1.1.4.0/22 +add china 1.1.8.0/21 +add china 1.1.16.0/20 +add china 1.1.32.0/19 +add china 1.2.0.0/23 +add china 1.2.2.0/24 +add china 1.2.4.0/22 +add china 1.2.8.0/21 +add china 1.2.16.0/20 +add china 1.2.32.0/19 +add china 1.2.64.0/18 +add china 1.3.0.0/16 +add china 1.4.1.0/24 +add china 1.4.2.0/23 +add china 1.4.4.0/22 +add china 1.4.8.0/21 +add china 1.4.16.0/20 +add china 1.4.32.0/19 +add china 1.4.64.0/18 +add china 1.8.0.0/16 +add china 1.10.0.0/21 +add china 1.10.8.0/23 +add china 1.10.11.0/24 +add china 1.10.12.0/22 +add china 1.10.16.0/20 +add china 1.10.32.0/19 +add china 1.10.64.0/18 +add china 1.12.0.0/14 +add china 1.24.0.0/13 +add china 1.45.0.0/16 +add china 1.48.0.0/14 +add china 1.56.0.0/13 +add china 1.68.0.0/14 +add china 1.80.0.0/12 +add china 1.116.0.0/14 +add china 1.180.0.0/14 +add china 1.184.0.0/15 +add china 1.188.0.0/14 +add china 1.192.0.0/13 +add china 1.202.0.0/15 +add china 1.204.0.0/14 +add china 14.0.0.0/21 +add china 14.0.12.0/22 +add china 14.1.0.0/22 +add china 14.1.24.0/22 +add china 14.1.96.0/22 +add china 14.1.108.0/22 +add china 14.16.0.0/12 +add china 14.102.128.0/22 +add china 14.102.156.0/22 +add china 14.102.180.0/22 +add china 14.103.0.0/16 +add china 14.104.0.0/13 +add china 14.112.0.0/12 +add china 14.130.0.0/15 +add china 14.134.0.0/15 +add china 14.144.0.0/12 +add china 14.192.4.0/22 +add china 14.192.56.0/21 +add china 14.192.76.0/22 +add china 14.196.0.0/15 +add china 14.204.0.0/15 +add china 14.208.0.0/12 +add china 20.134.160.0/20 +add china 20.139.160.0/20 +add china 27.0.128.0/21 +add china 27.0.160.0/21 +add china 27.0.188.0/22 +add china 27.0.204.0/22 +add china 27.0.208.0/21 +add china 27.8.0.0/13 +add china 27.16.0.0/12 +add china 27.34.232.0/21 +add china 27.36.0.0/14 +add china 27.40.0.0/13 +add china 27.50.40.0/21 +add china 27.50.128.0/17 +add china 27.54.72.0/21 +add china 27.54.152.0/21 +add china 27.54.192.0/18 +add china 27.98.208.0/20 +add china 27.98.224.0/19 +add china 27.99.128.0/17 +add china 27.103.0.0/16 +add china 27.106.128.0/18 +add china 27.106.204.0/22 +add china 27.109.32.0/19 +add china 27.109.124.0/22 +add china 27.112.0.0/18 +add china 27.112.80.0/20 +add china 27.112.112.0/21 +add china 27.113.128.0/18 +add china 27.115.0.0/17 +add china 27.116.44.0/22 +add china 27.121.72.0/21 +add china 27.121.120.0/21 +add china 27.123.232.0/22 +add china 27.128.0.0/15 +add china 27.131.220.0/22 +add china 27.144.0.0/16 +add china 27.148.0.0/14 +add china 27.152.0.0/13 +add china 27.184.0.0/13 +add china 27.192.0.0/11 +add china 27.224.0.0/14 +add china 36.0.0.0/22 +add china 36.0.8.0/21 +add china 36.0.16.0/20 +add china 36.0.32.0/19 +add china 36.0.64.0/18 +add china 36.0.128.0/17 +add china 36.1.0.0/16 +add china 36.4.0.0/14 +add china 36.16.0.0/12 +add china 36.32.0.0/14 +add china 36.36.0.0/16 +add china 36.37.0.0/19 +add china 36.37.36.0/23 +add china 36.37.39.0/24 +add china 36.37.40.0/21 +add china 36.37.48.0/20 +add china 36.40.0.0/13 +add china 36.48.0.0/15 +add china 36.51.0.0/16 +add china 36.56.0.0/13 +add china 36.96.0.0/11 +add china 36.128.0.0/10 +add china 36.192.0.0/11 +add china 36.248.0.0/14 +add china 36.254.0.0/16 +add china 36.255.116.0/22 +add china 36.255.128.0/22 +add china 36.255.164.0/22 +add china 36.255.172.0/22 +add china 36.255.176.0/22 +add china 36.255.192.0/22 +add china 39.0.0.0/24 +add china 39.0.2.0/23 +add china 39.0.4.0/22 +add china 39.0.8.0/21 +add china 39.0.16.0/20 +add china 39.0.32.0/19 +add china 39.0.64.0/18 +add china 39.0.128.0/17 +add china 39.64.0.0/11 +add china 39.96.0.0/13 +add china 39.104.0.0/14 +add china 39.108.0.0/16 +add china 39.128.0.0/10 +add china 40.0.176.0/20 +add china 40.0.247.0/24 +add china 40.0.248.0/22 +add china 40.0.252.0/23 +add china 40.0.255.0/24 +add china 40.72.0.0/15 +add china 40.125.128.0/17 +add china 40.126.64.0/18 +add china 40.198.10.0/24 +add china 40.198.16.0/21 +add china 40.198.24.0/23 +add china 40.250.16.0/23 +add china 40.251.227.0/24 +add china 42.0.0.0/22 +add china 42.0.8.0/21 +add china 42.0.16.0/21 +add china 42.0.24.0/22 +add china 42.0.32.0/19 +add china 42.0.128.0/17 +add china 42.1.0.0/19 +add china 42.1.32.0/20 +add china 42.1.48.0/21 +add china 42.1.56.0/22 +add china 42.1.128.0/17 +add china 42.4.0.0/14 +add china 42.48.0.0/13 +add china 42.56.0.0/14 +add china 42.62.0.0/17 +add china 42.62.128.0/19 +add china 42.62.160.0/20 +add china 42.62.180.0/22 +add china 42.62.184.0/21 +add china 42.63.0.0/16 +add china 42.80.0.0/15 +add china 42.83.64.0/20 +add china 42.83.80.0/22 +add china 42.83.88.0/21 +add china 42.83.96.0/19 +add china 42.83.128.0/17 +add china 42.84.0.0/14 +add china 42.88.0.0/13 +add china 42.96.64.0/19 +add china 42.96.96.0/21 +add china 42.96.108.0/22 +add china 42.96.112.0/20 +add china 42.96.128.0/17 +add china 42.97.0.0/16 +add china 42.99.0.0/18 +add china 42.99.64.0/19 +add china 42.99.96.0/20 +add china 42.99.112.0/22 +add china 42.99.120.0/21 +add china 42.100.0.0/14 +add china 42.120.0.0/15 +add china 42.122.0.0/16 +add china 42.123.0.0/19 +add china 42.123.36.0/22 +add china 42.123.40.0/21 +add china 42.123.48.0/20 +add china 42.123.64.0/18 +add china 42.123.128.0/17 +add china 42.128.0.0/12 +add china 42.156.0.0/19 +add china 42.156.36.0/22 +add china 42.156.40.0/21 +add china 42.156.48.0/20 +add china 42.156.64.0/18 +add china 42.156.128.0/17 +add china 42.157.0.0/16 +add china 42.158.0.0/15 +add china 42.160.0.0/12 +add china 42.176.0.0/13 +add china 42.184.0.0/15 +add china 42.186.0.0/16 +add china 42.187.0.0/18 +add china 42.187.64.0/19 +add china 42.187.96.0/20 +add china 42.187.112.0/21 +add china 42.187.120.0/22 +add china 42.187.128.0/17 +add china 42.192.0.0/13 +add china 42.201.0.0/17 +add china 42.202.0.0/15 +add china 42.204.0.0/14 +add china 42.208.0.0/12 +add china 42.224.0.0/12 +add china 42.240.0.0/16 +add china 42.242.0.0/15 +add china 42.244.0.0/14 +add china 42.248.0.0/13 +add china 43.224.12.0/22 +add china 43.224.24.0/22 +add china 43.224.44.0/22 +add china 43.224.52.0/22 +add china 43.224.56.0/22 +add china 43.224.64.0/21 +add china 43.224.72.0/22 +add china 43.224.80.0/22 +add china 43.224.100.0/22 +add china 43.224.144.0/22 +add china 43.224.160.0/22 +add china 43.224.176.0/22 +add china 43.224.184.0/22 +add china 43.224.200.0/21 +add china 43.224.208.0/21 +add china 43.224.216.0/22 +add china 43.224.224.0/22 +add china 43.224.240.0/22 +add china 43.225.76.0/22 +add china 43.225.84.0/22 +add china 43.225.120.0/21 +add china 43.225.140.0/22 +add china 43.225.172.0/22 +add china 43.225.180.0/22 +add china 43.225.184.0/22 +add china 43.225.208.0/22 +add china 43.225.216.0/21 +add china 43.225.224.0/20 +add china 43.225.240.0/21 +add china 43.225.252.0/22 +add china 43.226.32.0/19 +add china 43.226.64.0/19 +add china 43.226.96.0/20 +add china 43.226.112.0/21 +add china 43.226.120.0/22 +add china 43.226.128.0/18 +add china 43.226.192.0/20 +add china 43.226.208.0/21 +add china 43.226.236.0/22 +add china 43.226.240.0/20 +add china 43.227.0.0/21 +add china 43.227.8.0/22 +add china 43.227.32.0/19 +add china 43.227.64.0/19 +add china 43.227.96.0/21 +add china 43.227.104.0/22 +add china 43.227.136.0/21 +add china 43.227.144.0/22 +add china 43.227.152.0/21 +add china 43.227.160.0/20 +add china 43.227.176.0/21 +add china 43.227.188.0/22 +add china 43.227.192.0/19 +add china 43.227.232.0/22 +add china 43.227.248.0/21 +add china 43.228.0.0/18 +add china 43.228.64.0/21 +add china 43.228.76.0/22 +add china 43.228.100.0/22 +add china 43.228.116.0/22 +add china 43.228.120.0/22 +add china 43.228.132.0/22 +add china 43.228.136.0/22 +add china 43.228.148.0/22 +add china 43.228.152.0/22 +add china 43.228.188.0/22 +add china 43.228.204.0/22 +add china 43.228.240.0/22 +add china 43.229.16.0/22 +add china 43.229.40.0/22 +add china 43.229.48.0/22 +add china 43.229.56.0/22 +add china 43.229.96.0/22 +add china 43.229.108.0/22 +add china 43.229.120.0/22 +add china 43.229.136.0/21 +add china 43.229.144.0/22 +add china 43.229.168.0/21 +add china 43.229.176.0/20 +add china 43.229.192.0/21 +add china 43.229.216.0/21 +add china 43.229.232.0/21 +add china 43.230.20.0/22 +add china 43.230.32.0/22 +add china 43.230.68.0/22 +add china 43.230.72.0/22 +add china 43.230.84.0/22 +add china 43.230.124.0/22 +add china 43.230.136.0/22 +add china 43.230.168.0/22 +add china 43.230.220.0/22 +add china 43.230.224.0/19 +add china 43.231.12.0/22 +add china 43.231.32.0/20 +add china 43.231.80.0/20 +add china 43.231.96.0/20 +add china 43.231.136.0/21 +add china 43.231.144.0/20 +add china 43.231.160.0/20 +add china 43.231.176.0/21 +add china 43.236.0.0/15 +add china 43.238.0.0/16 +add china 43.239.0.0/19 +add china 43.239.32.0/20 +add china 43.239.48.0/22 +add china 43.239.116.0/22 +add china 43.239.120.0/22 +add china 43.239.172.0/22 +add china 43.239.176.0/22 +add china 43.240.0.0/22 +add china 43.240.48.0/22 +add china 43.240.56.0/21 +add china 43.240.68.0/22 +add china 43.240.72.0/21 +add china 43.240.84.0/22 +add china 43.240.124.0/22 +add china 43.240.128.0/21 +add china 43.240.136.0/22 +add china 43.240.156.0/22 +add china 43.240.160.0/19 +add china 43.240.192.0/19 +add china 43.240.236.0/22 +add china 43.240.240.0/20 +add china 43.241.0.0/20 +add china 43.241.16.0/21 +add china 43.241.48.0/22 +add china 43.241.76.0/22 +add china 43.241.80.0/20 +add china 43.241.112.0/22 +add china 43.241.168.0/21 +add china 43.241.176.0/21 +add china 43.241.184.0/22 +add china 43.241.196.0/22 +add china 43.241.208.0/20 +add china 43.241.224.0/20 +add china 43.241.240.0/22 +add china 43.241.248.0/21 +add china 43.242.8.0/21 +add china 43.242.16.0/20 +add china 43.242.44.0/22 +add china 43.242.48.0/20 +add china 43.242.64.0/22 +add china 43.242.72.0/21 +add china 43.242.80.0/20 +add china 43.242.96.0/22 +add china 43.242.144.0/20 +add china 43.242.160.0/21 +add china 43.242.168.0/22 +add china 43.242.180.0/22 +add china 43.242.188.0/22 +add china 43.242.192.0/21 +add china 43.242.204.0/22 +add china 43.242.216.0/21 +add china 43.242.252.0/22 +add china 43.243.4.0/22 +add china 43.243.8.0/21 +add china 43.243.16.0/22 +add china 43.243.24.0/22 +add china 43.243.88.0/22 +add china 43.243.128.0/22 +add china 43.243.136.0/22 +add china 43.243.144.0/21 +add china 43.243.156.0/22 +add china 43.243.168.0/22 +add china 43.243.180.0/22 +add china 43.243.188.0/22 +add china 43.243.228.0/22 +add china 43.243.232.0/22 +add china 43.243.244.0/22 +add china 43.246.0.0/18 +add china 43.246.64.0/19 +add china 43.246.96.0/22 +add china 43.246.112.0/22 +add china 43.246.212.0/22 +add china 43.246.228.0/22 +add china 43.247.4.0/22 +add china 43.247.8.0/22 +add china 43.247.44.0/22 +add china 43.247.48.0/22 +add china 43.247.68.0/22 +add china 43.247.76.0/22 +add china 43.247.84.0/22 +add china 43.247.88.0/21 +add china 43.247.96.0/21 +add china 43.247.108.0/22 +add china 43.247.112.0/22 +add china 43.247.148.0/22 +add china 43.247.152.0/22 +add china 43.247.176.0/20 +add china 43.247.196.0/22 +add china 43.247.200.0/21 +add china 43.247.208.0/20 +add china 43.247.224.0/19 +add china 43.248.0.0/21 +add china 43.248.20.0/22 +add china 43.248.28.0/22 +add china 43.248.48.0/22 +add china 43.248.76.0/22 +add china 43.248.80.0/20 +add china 43.248.96.0/19 +add china 43.248.128.0/20 +add china 43.248.144.0/21 +add china 43.248.176.0/20 +add china 43.248.192.0/20 +add china 43.248.208.0/22 +add china 43.248.228.0/22 +add china 43.248.232.0/22 +add china 43.248.244.0/22 +add china 43.249.0.0/21 +add china 43.249.8.0/22 +add china 43.249.24.0/22 +add china 43.249.120.0/22 +add china 43.249.132.0/22 +add china 43.249.136.0/22 +add china 43.249.144.0/20 +add china 43.249.160.0/21 +add china 43.249.168.0/22 +add china 43.249.192.0/22 +add china 43.249.236.0/22 +add china 43.250.4.0/22 +add china 43.250.12.0/22 +add china 43.250.16.0/21 +add china 43.250.28.0/22 +add china 43.250.32.0/21 +add china 43.250.72.0/22 +add china 43.250.96.0/20 +add china 43.250.112.0/21 +add china 43.250.128.0/22 +add china 43.250.144.0/21 +add china 43.250.160.0/22 +add china 43.250.168.0/21 +add china 43.250.176.0/22 +add china 43.250.200.0/22 +add china 43.250.212.0/22 +add china 43.250.216.0/21 +add china 43.250.236.0/22 +add china 43.250.244.0/22 +add china 43.251.4.0/22 +add china 43.251.8.0/21 +add china 43.251.36.0/22 +add china 43.251.116.0/22 +add china 43.251.192.0/22 +add china 43.251.232.0/21 +add china 43.251.244.0/22 +add china 43.252.40.0/22 +add china 43.252.48.0/22 +add china 43.252.56.0/22 +add china 43.252.224.0/22 +add china 43.254.0.0/21 +add china 43.254.8.0/22 +add china 43.254.24.0/22 +add china 43.254.36.0/22 +add china 43.254.44.0/22 +add china 43.254.52.0/22 +add china 43.254.64.0/22 +add china 43.254.72.0/22 +add china 43.254.84.0/22 +add china 43.254.88.0/21 +add china 43.254.100.0/22 +add china 43.254.104.0/22 +add china 43.254.112.0/21 +add china 43.254.128.0/22 +add china 43.254.136.0/21 +add china 43.254.144.0/20 +add china 43.254.168.0/21 +add china 43.254.180.0/22 +add china 43.254.184.0/21 +add china 43.254.192.0/21 +add china 43.254.200.0/22 +add china 43.254.208.0/22 +add china 43.254.220.0/22 +add china 43.254.224.0/20 +add china 43.254.240.0/22 +add china 43.254.248.0/21 +add china 43.255.0.0/21 +add china 43.255.8.0/22 +add china 43.255.16.0/22 +add china 43.255.48.0/22 +add china 43.255.64.0/20 +add china 43.255.84.0/22 +add china 43.255.96.0/22 +add china 43.255.108.0/22 +add china 43.255.144.0/22 +add china 43.255.168.0/22 +add china 43.255.176.0/22 +add china 43.255.184.0/22 +add china 43.255.192.0/22 +add china 43.255.200.0/21 +add china 43.255.208.0/21 +add china 43.255.224.0/21 +add china 43.255.232.0/22 +add china 43.255.244.0/22 +add china 45.65.16.0/20 +add china 45.112.132.0/22 +add china 45.112.188.0/22 +add china 45.112.208.0/20 +add china 45.112.228.0/22 +add china 45.112.232.0/21 +add china 45.113.12.0/22 +add china 45.113.16.0/20 +add china 45.113.40.0/22 +add china 45.113.52.0/22 +add china 45.113.56.0/22 +add china 45.113.72.0/22 +add china 45.113.108.0/22 +add china 45.113.144.0/21 +add china 45.113.168.0/22 +add china 45.113.176.0/22 +add china 45.113.184.0/22 +add china 45.113.200.0/21 +add china 45.113.208.0/20 +add china 45.113.228.0/22 +add china 45.113.240.0/22 +add china 45.113.252.0/22 +add china 45.114.0.0/22 +add china 45.114.12.0/22 +add china 45.114.32.0/22 +add china 45.114.40.0/22 +add china 45.114.52.0/22 +add china 45.114.96.0/22 +add china 45.114.104.0/22 +add china 45.114.136.0/22 +add china 45.114.196.0/22 +add china 45.114.200.0/22 +add china 45.114.228.0/22 +add china 45.114.236.0/22 +add china 45.114.252.0/22 +add china 45.115.44.0/22 +add china 45.115.100.0/22 +add china 45.115.120.0/22 +add china 45.115.132.0/22 +add china 45.115.144.0/22 +add china 45.115.156.0/22 +add china 45.115.164.0/22 +add china 45.115.200.0/22 +add china 45.115.212.0/22 +add china 45.115.216.0/22 +add china 45.115.228.0/22 +add china 45.115.236.0/22 +add china 45.115.244.0/22 +add china 45.115.248.0/22 +add china 45.116.12.0/22 +add china 45.116.16.0/21 +add china 45.116.24.0/22 +add china 45.116.32.0/21 +add china 45.116.52.0/22 +add china 45.116.60.0/22 +add china 45.116.64.0/22 +add china 45.116.96.0/21 +add china 45.116.140.0/22 +add china 45.116.152.0/22 +add china 45.116.208.0/22 +add china 45.117.8.0/22 +add china 45.117.20.0/22 +add china 45.117.40.0/22 +add china 45.117.68.0/22 +add china 45.117.124.0/22 +add china 45.117.252.0/22 +add china 45.119.52.0/22 +add china 45.119.60.0/22 +add china 45.119.64.0/21 +add china 45.119.72.0/22 +add china 45.119.104.0/22 +add china 45.119.116.0/22 +add china 45.119.232.0/22 +add china 45.120.100.0/22 +add china 45.120.140.0/22 +add china 45.120.156.0/22 +add china 45.120.164.0/22 +add china 45.120.220.0/22 +add china 45.120.240.0/22 +add china 45.121.20.0/22 +add china 45.121.52.0/22 +add china 45.121.64.0/21 +add china 45.121.72.0/22 +add china 45.121.92.0/22 +add china 45.121.96.0/22 +add china 45.121.104.0/22 +add china 45.121.172.0/22 +add china 45.121.176.0/22 +add china 45.121.212.0/22 +add china 45.121.240.0/20 +add china 45.122.0.0/19 +add china 45.122.32.0/21 +add china 45.122.40.0/22 +add china 45.122.60.0/22 +add china 45.122.64.0/19 +add china 45.122.96.0/20 +add china 45.122.112.0/21 +add china 45.122.160.0/19 +add china 45.122.192.0/20 +add china 45.122.208.0/21 +add china 45.122.216.0/22 +add china 45.123.28.0/22 +add china 45.123.32.0/21 +add china 45.123.44.0/22 +add china 45.123.48.0/20 +add china 45.123.64.0/20 +add china 45.123.80.0/21 +add china 45.123.88.0/22 +add china 45.123.120.0/22 +add china 45.123.128.0/21 +add china 45.123.136.0/22 +add china 45.123.148.0/22 +add china 45.123.152.0/21 +add china 45.123.164.0/22 +add china 45.123.168.0/21 +add china 45.123.176.0/21 +add china 45.123.184.0/22 +add china 45.123.204.0/22 +add china 45.123.212.0/22 +add china 45.123.224.0/19 +add china 45.124.0.0/22 +add china 45.124.20.0/22 +add china 45.124.28.0/22 +add china 45.124.32.0/21 +add china 45.124.44.0/22 +add china 45.124.68.0/22 +add china 45.124.76.0/22 +add china 45.124.80.0/22 +add china 45.124.100.0/22 +add china 45.124.124.0/22 +add china 45.124.172.0/22 +add china 45.124.176.0/22 +add china 45.124.208.0/22 +add china 45.124.248.0/21 +add china 45.125.12.0/22 +add china 45.125.16.0/22 +add china 45.125.24.0/21 +add china 45.125.32.0/22 +add china 45.125.44.0/22 +add china 45.125.52.0/22 +add china 45.125.56.0/22 +add china 45.125.76.0/22 +add china 45.125.80.0/20 +add china 45.125.96.0/21 +add china 45.125.104.0/22 +add china 45.125.136.0/22 +add china 45.126.48.0/21 +add china 45.126.100.0/22 +add china 45.126.108.0/22 +add china 45.126.112.0/21 +add china 45.126.120.0/22 +add china 45.126.212.0/22 +add china 45.126.220.0/22 +add china 45.127.8.0/21 +add china 45.127.36.0/22 +add china 45.127.96.0/22 +add china 45.127.116.0/22 +add china 45.127.124.0/22 +add china 45.127.128.0/22 +add china 45.127.144.0/21 +add china 45.127.156.0/22 +add china 45.127.216.0/22 +add china 45.221.0.0/16 +add china 45.248.8.0/22 +add china 45.248.80.0/21 +add china 45.248.88.0/22 +add china 45.248.96.0/20 +add china 45.248.128.0/21 +add china 45.248.204.0/22 +add china 45.248.208.0/20 +add china 45.248.224.0/19 +add china 45.249.0.0/21 +add china 45.249.12.0/22 +add china 45.249.16.0/20 +add china 45.249.32.0/21 +add china 45.249.92.0/22 +add china 45.249.112.0/22 +add china 45.249.180.0/22 +add china 45.249.188.0/22 +add china 45.249.192.0/20 +add china 45.249.208.0/21 +add china 45.250.12.0/22 +add china 45.250.16.0/22 +add china 45.250.28.0/22 +add china 45.250.32.0/21 +add china 45.250.40.0/22 +add china 45.250.76.0/22 +add china 45.250.80.0/20 +add china 45.250.96.0/22 +add china 45.250.104.0/21 +add china 45.250.112.0/20 +add china 45.250.128.0/20 +add china 45.250.144.0/21 +add china 45.250.152.0/22 +add china 45.250.164.0/22 +add china 45.250.180.0/22 +add china 45.250.184.0/21 +add china 45.250.192.0/22 +add china 45.251.0.0/22 +add china 45.251.8.0/22 +add china 45.251.16.0/21 +add china 45.251.52.0/22 +add china 45.251.84.0/22 +add china 45.251.88.0/21 +add china 45.251.96.0/21 +add china 45.251.120.0/21 +add china 45.251.136.0/21 +add china 45.251.144.0/20 +add china 45.251.160.0/19 +add china 45.251.192.0/19 +add china 45.251.224.0/22 +add china 45.252.0.0/19 +add china 45.252.32.0/20 +add china 45.252.48.0/22 +add china 45.252.60.0/22 +add china 45.252.84.0/22 +add china 45.252.88.0/21 +add china 45.252.96.0/19 +add china 45.252.128.0/19 +add china 45.252.160.0/20 +add china 45.252.176.0/22 +add china 45.252.192.0/19 +add china 45.252.224.0/21 +add china 45.252.232.0/22 +add china 45.253.0.0/18 +add china 45.253.64.0/20 +add china 45.253.80.0/21 +add china 45.253.92.0/22 +add china 45.253.96.0/20 +add china 45.253.112.0/21 +add china 45.253.120.0/22 +add china 45.253.130.0/23 +add china 45.253.132.0/22 +add china 45.253.136.0/21 +add china 45.253.144.0/20 +add china 45.253.160.0/19 +add china 45.253.192.0/18 +add china 45.254.0.0/19 +add china 45.254.40.0/22 +add china 45.254.48.0/20 +add china 45.254.64.0/18 +add china 45.254.128.0/18 +add china 45.254.192.0/19 +add china 45.254.224.0/21 +add china 45.254.236.0/22 +add china 45.254.240.0/22 +add china 45.254.248.0/22 +add china 45.255.0.0/17 +add china 45.255.132.0/22 +add china 45.255.136.0/21 +add china 45.255.144.0/20 +add china 45.255.160.0/19 +add china 45.255.192.0/19 +add china 45.255.224.0/20 +add china 45.255.240.0/21 +add china 45.255.248.0/22 +add china 47.92.0.0/14 +add china 47.96.0.0/11 +add china 49.4.0.0/14 +add china 49.51.0.0/16 +add china 49.52.0.0/14 +add china 49.64.0.0/11 +add china 49.112.0.0/13 +add china 49.120.0.0/14 +add china 49.128.0.0/24 +add china 49.128.2.0/23 +add china 49.128.4.0/22 +add china 49.140.0.0/15 +add china 49.152.0.0/14 +add china 49.208.0.0/14 +add china 49.220.0.0/14 +add china 49.232.0.0/14 +add china 49.239.0.0/18 +add china 49.239.192.0/18 +add china 49.246.224.0/19 +add china 52.80.0.0/14 +add china 54.222.0.0/15 +add china 54.231.208.0/20 +add china 58.14.0.0/15 +add china 58.16.0.0/13 +add china 58.24.0.0/15 +add china 58.30.0.0/15 +add china 58.32.0.0/11 +add china 58.65.232.0/21 +add china 58.66.0.0/15 +add china 58.68.128.0/17 +add china 58.82.0.0/17 +add china 58.83.0.0/16 +add china 58.87.64.0/18 +add china 58.99.128.0/17 +add china 58.100.0.0/15 +add china 58.116.0.0/14 +add china 58.128.0.0/13 +add china 58.144.0.0/16 +add china 58.154.0.0/15 +add china 58.192.0.0/11 +add china 58.240.0.0/12 +add china 59.32.0.0/11 +add china 59.64.0.0/12 +add china 59.80.0.0/14 +add china 59.107.0.0/16 +add china 59.108.0.0/14 +add china 59.151.0.0/17 +add china 59.152.16.0/20 +add china 59.152.32.0/21 +add china 59.152.64.0/20 +add china 59.152.112.0/21 +add china 59.153.4.0/22 +add china 59.153.32.0/22 +add china 59.153.60.0/22 +add china 59.153.64.0/21 +add china 59.153.72.0/22 +add china 59.153.92.0/22 +add china 59.153.116.0/22 +add china 59.153.136.0/22 +add china 59.153.152.0/21 +add china 59.153.164.0/22 +add china 59.153.168.0/21 +add china 59.153.176.0/20 +add china 59.153.192.0/22 +add china 59.155.0.0/16 +add china 59.172.0.0/14 +add china 59.191.0.0/17 +add china 59.191.240.0/20 +add china 59.192.0.0/10 +add china 60.0.0.0/11 +add china 60.55.0.0/16 +add china 60.63.0.0/16 +add china 60.160.0.0/11 +add china 60.194.0.0/15 +add china 60.200.0.0/13 +add china 60.208.0.0/12 +add china 60.232.0.0/15 +add china 60.235.0.0/16 +add china 60.245.128.0/17 +add china 60.247.0.0/16 +add china 60.252.0.0/16 +add china 60.253.128.0/17 +add china 60.255.0.0/16 +add china 61.4.80.0/20 +add china 61.4.176.0/20 +add china 61.8.160.0/20 +add china 61.14.212.0/22 +add china 61.14.216.0/21 +add china 61.14.240.0/21 +add china 61.28.0.0/17 +add china 61.29.128.0/17 +add china 61.45.128.0/18 +add china 61.45.224.0/20 +add china 61.47.128.0/18 +add china 61.48.0.0/13 +add china 61.87.192.0/18 +add china 61.128.0.0/10 +add china 61.232.0.0/14 +add china 61.236.0.0/15 +add china 61.240.0.0/14 +add china 65.55.209.0/24 +add china 72.163.248.0/22 +add china 87.254.207.0/24 +add china 93.183.14.0/24 +add china 93.183.18.0/24 +add china 101.0.0.0/22 +add china 101.1.0.0/22 +add china 101.2.172.0/22 +add china 101.4.0.0/14 +add china 101.16.0.0/12 +add china 101.32.0.0/12 +add china 101.48.0.0/15 +add china 101.50.8.0/21 +add china 101.50.56.0/22 +add china 101.52.0.0/16 +add china 101.53.100.0/22 +add china 101.54.0.0/16 +add china 101.55.224.0/21 +add china 101.64.0.0/13 +add china 101.72.0.0/14 +add china 101.76.0.0/15 +add china 101.78.0.0/22 +add china 101.78.32.0/19 +add china 101.80.0.0/12 +add china 101.96.0.0/21 +add china 101.96.8.0/22 +add china 101.96.16.0/20 +add china 101.96.128.0/17 +add china 101.99.96.0/19 +add china 101.101.64.0/19 +add china 101.101.100.0/24 +add china 101.101.102.0/23 +add china 101.101.104.0/21 +add china 101.101.112.0/20 +add china 101.102.64.0/19 +add china 101.102.100.0/23 +add china 101.102.102.0/24 +add china 101.102.104.0/21 +add china 101.102.112.0/20 +add china 101.104.0.0/14 +add china 101.110.64.0/19 +add china 101.110.96.0/20 +add china 101.110.116.0/22 +add china 101.110.120.0/21 +add china 101.120.0.0/14 +add china 101.124.0.0/15 +add china 101.126.0.0/16 +add china 101.128.0.0/22 +add china 101.128.8.0/21 +add china 101.128.16.0/20 +add china 101.128.32.0/19 +add china 101.129.0.0/16 +add china 101.130.0.0/15 +add china 101.132.0.0/14 +add china 101.144.0.0/12 +add china 101.192.0.0/13 +add china 101.200.0.0/15 +add china 101.203.128.0/19 +add china 101.203.160.0/21 +add china 101.203.172.0/22 +add china 101.203.176.0/20 +add china 101.204.0.0/14 +add china 101.224.0.0/13 +add china 101.232.0.0/15 +add china 101.234.64.0/21 +add china 101.234.76.0/22 +add china 101.234.80.0/20 +add china 101.234.96.0/19 +add china 101.236.0.0/14 +add china 101.240.0.0/13 +add china 101.248.0.0/15 +add china 101.251.0.0/22 +add china 101.251.8.0/21 +add china 101.251.16.0/20 +add china 101.251.32.0/19 +add china 101.251.64.0/18 +add china 101.251.128.0/17 +add china 101.252.0.0/15 +add china 101.254.0.0/16 +add china 103.1.8.0/22 +add china 103.1.20.0/22 +add china 103.1.24.0/22 +add china 103.1.72.0/22 +add china 103.1.88.0/22 +add china 103.1.168.0/22 +add china 103.2.108.0/22 +add china 103.2.156.0/22 +add china 103.2.164.0/22 +add china 103.2.200.0/21 +add china 103.2.208.0/21 +add china 103.3.84.0/22 +add china 103.3.88.0/21 +add china 103.3.96.0/19 +add china 103.3.128.0/20 +add china 103.3.148.0/22 +add china 103.3.152.0/21 +add china 103.4.56.0/22 +add china 103.4.168.0/22 +add china 103.4.184.0/22 +add china 103.4.224.0/22 +add china 103.5.36.0/22 +add china 103.5.52.0/22 +add china 103.5.56.0/22 +add china 103.5.152.0/22 +add china 103.5.168.0/22 +add china 103.5.192.0/22 +add china 103.5.252.0/22 +add china 103.6.76.0/22 +add china 103.6.108.0/22 +add china 103.6.120.0/22 +add china 103.6.220.0/22 +add china 103.6.228.0/22 +add china 103.7.4.0/22 +add china 103.7.28.0/22 +add china 103.7.120.0/22 +add china 103.7.140.0/22 +add china 103.7.212.0/22 +add china 103.7.216.0/21 +add china 103.8.0.0/21 +add china 103.8.8.0/22 +add china 103.8.32.0/22 +add china 103.8.52.0/22 +add china 103.8.68.0/22 +add china 103.8.108.0/22 +add china 103.8.156.0/22 +add china 103.8.200.0/21 +add china 103.8.220.0/22 +add china 103.9.8.0/22 +add china 103.9.24.0/22 +add china 103.9.108.0/22 +add china 103.9.152.0/22 +add china 103.9.192.0/22 +add china 103.9.248.0/21 +add china 103.10.0.0/22 +add china 103.10.16.0/22 +add china 103.10.84.0/22 +add china 103.10.111.0/24 +add china 103.10.140.0/22 +add china 103.11.16.0/22 +add china 103.11.168.0/22 +add china 103.11.180.0/22 +add china 103.12.32.0/22 +add china 103.12.68.0/22 +add china 103.12.92.0/22 +add china 103.12.136.0/22 +add china 103.12.184.0/22 +add china 103.12.232.0/22 +add china 103.13.12.0/22 +add china 103.13.72.0/23 +add china 103.13.124.0/22 +add china 103.13.144.0/22 +add china 103.13.196.0/22 +add china 103.13.220.0/22 +add china 103.13.244.0/22 +add china 103.14.32.0/22 +add china 103.14.84.0/22 +add china 103.14.100.0/22 +add china 103.14.112.0/22 +add china 103.14.132.0/22 +add china 103.14.136.0/22 +add china 103.14.156.0/22 +add china 103.14.240.0/22 +add china 103.15.4.0/22 +add china 103.15.8.0/22 +add china 103.15.16.0/22 +add china 103.15.96.0/22 +add china 103.15.200.0/22 +add china 103.16.52.0/22 +add china 103.16.80.0/21 +add china 103.16.88.0/22 +add china 103.16.108.0/22 +add china 103.16.124.0/22 +add china 103.17.40.0/22 +add china 103.17.64.0/22 +add china 103.17.120.0/22 +add china 103.17.136.0/22 +add china 103.17.160.0/22 +add china 103.17.204.0/22 +add china 103.17.228.0/22 +add china 103.18.192.0/22 +add china 103.18.208.0/21 +add china 103.18.224.0/22 +add china 103.19.0.0/22 +add china 103.19.12.0/22 +add china 103.19.40.0/21 +add china 103.19.64.0/21 +add china 103.19.72.0/22 +add china 103.19.232.0/22 +add china 103.20.12.0/22 +add china 103.20.32.0/22 +add china 103.20.44.0/22 +add china 103.20.68.0/22 +add china 103.20.112.0/22 +add china 103.20.128.0/22 +add china 103.20.160.0/22 +add china 103.20.248.0/22 +add china 103.21.112.0/21 +add china 103.21.136.0/21 +add china 103.21.176.0/22 +add china 103.21.208.0/22 +add china 103.21.240.0/22 +add china 103.22.0.0/18 +add china 103.22.64.0/19 +add china 103.22.100.0/22 +add china 103.22.104.0/21 +add china 103.22.112.0/20 +add china 103.22.188.0/22 +add china 103.22.228.0/22 +add china 103.22.252.0/22 +add china 103.23.8.0/22 +add china 103.23.56.0/22 +add china 103.23.160.0/21 +add china 103.23.176.0/22 +add china 103.23.228.0/22 +add china 103.24.24.0/22 +add china 103.24.116.0/22 +add china 103.24.128.0/22 +add china 103.24.144.0/22 +add china 103.24.176.0/22 +add china 103.24.184.0/22 +add china 103.24.220.0/22 +add china 103.24.228.0/22 +add china 103.24.248.0/21 +add china 103.25.8.0/23 +add china 103.25.20.0/22 +add china 103.25.24.0/21 +add china 103.25.32.0/21 +add china 103.25.40.0/22 +add china 103.25.48.0/22 +add china 103.25.64.0/21 +add china 103.25.148.0/22 +add china 103.25.156.0/22 +add china 103.25.216.0/22 +add china 103.26.0.0/22 +add china 103.26.64.0/22 +add china 103.26.76.0/22 +add china 103.26.116.0/22 +add china 103.26.132.0/22 +add china 103.26.156.0/22 +add china 103.26.160.0/22 +add china 103.26.228.0/22 +add china 103.26.240.0/22 +add china 103.27.4.0/22 +add china 103.27.12.0/22 +add china 103.27.24.0/22 +add china 103.27.56.0/22 +add china 103.27.96.0/22 +add china 103.27.184.0/22 +add china 103.27.208.0/21 +add china 103.27.240.0/22 +add china 103.28.4.0/22 +add china 103.28.8.0/22 +add china 103.28.184.0/22 +add china 103.28.204.0/22 +add china 103.28.212.0/22 +add china 103.29.0.0/22 +add china 103.29.16.0/22 +add china 103.29.128.0/21 +add china 103.29.136.0/22 +add china 103.30.20.0/22 +add china 103.30.96.0/22 +add china 103.30.148.0/22 +add china 103.30.200.0/22 +add china 103.30.228.0/22 +add china 103.30.234.0/23 +add china 103.30.236.0/22 +add china 103.31.0.0/22 +add china 103.31.48.0/20 +add china 103.31.64.0/21 +add china 103.31.72.0/24 +add china 103.31.148.0/22 +add china 103.31.160.0/22 +add china 103.31.168.0/22 +add china 103.31.200.0/22 +add china 103.31.236.0/22 +add china 103.32.0.0/15 +add china 103.34.0.0/16 +add china 103.35.0.0/19 +add china 103.35.32.0/20 +add china 103.35.48.0/22 +add china 103.35.104.0/22 +add china 103.35.116.0/22 +add china 103.35.180.0/22 +add china 103.35.200.0/22 +add china 103.35.220.0/22 +add china 103.36.20.0/22 +add china 103.36.28.0/22 +add china 103.36.36.0/22 +add china 103.36.56.0/21 +add china 103.36.64.0/22 +add china 103.36.72.0/22 +add china 103.36.96.0/22 +add china 103.36.132.0/22 +add china 103.36.136.0/22 +add china 103.36.160.0/19 +add china 103.36.192.0/19 +add china 103.36.224.0/20 +add china 103.36.240.0/21 +add china 103.37.0.0/22 +add china 103.37.12.0/22 +add china 103.37.16.0/22 +add china 103.37.24.0/22 +add china 103.37.44.0/22 +add china 103.37.52.0/22 +add china 103.37.56.0/22 +add china 103.37.72.0/22 +add china 103.37.100.0/22 +add china 103.37.104.0/22 +add china 103.37.124.0/22 +add china 103.37.136.0/21 +add china 103.37.144.0/20 +add china 103.37.160.0/21 +add china 103.37.172.0/22 +add china 103.37.176.0/22 +add china 103.37.188.0/22 +add china 103.37.208.0/20 +add china 103.37.248.0/21 +add china 103.38.0.0/22 +add china 103.38.32.0/22 +add china 103.38.40.0/21 +add china 103.38.56.0/22 +add china 103.38.76.0/22 +add china 103.38.84.0/22 +add china 103.38.92.0/22 +add china 103.38.96.0/22 +add china 103.38.116.0/22 +add china 103.38.132.0/22 +add china 103.38.140.0/22 +add china 103.38.220.0/22 +add china 103.38.224.0/21 +add china 103.38.232.0/22 +add china 103.38.252.0/22 +add china 103.39.16.0/22 +add china 103.39.64.0/22 +add china 103.39.88.0/22 +add china 103.39.100.0/22 +add china 103.39.104.0/21 +add china 103.39.160.0/19 +add china 103.39.200.0/21 +add china 103.39.208.0/20 +add china 103.39.224.0/21 +add china 103.39.232.0/22 +add china 103.40.12.0/22 +add china 103.40.16.0/20 +add china 103.40.32.0/20 +add china 103.40.88.0/22 +add china 103.40.100.0/22 +add china 103.40.112.0/22 +add china 103.40.192.0/22 +add china 103.40.212.0/22 +add china 103.40.220.0/22 +add china 103.40.228.0/22 +add china 103.40.232.0/21 +add china 103.40.240.0/20 +add china 103.41.0.0/22 +add china 103.41.16.0/22 +add china 103.41.52.0/22 +add china 103.41.140.0/22 +add china 103.41.148.0/22 +add china 103.41.152.0/22 +add china 103.41.160.0/21 +add china 103.41.220.0/22 +add china 103.41.224.0/21 +add china 103.41.232.0/22 +add china 103.42.8.0/22 +add china 103.42.24.0/21 +add china 103.42.32.0/22 +add china 103.42.64.0/21 +add china 103.42.76.0/22 +add china 103.42.104.0/22 +add china 103.42.180.0/22 +add china 103.42.232.0/22 +add china 103.43.16.0/22 +add china 103.43.26.0/23 +add china 103.43.84.0/22 +add china 103.43.96.0/21 +add china 103.43.104.0/22 +add china 103.43.124.0/22 +add china 103.43.132.0/22 +add china 103.43.184.0/22 +add china 103.43.192.0/21 +add china 103.43.208.0/22 +add china 103.43.220.0/22 +add china 103.43.224.0/22 +add china 103.43.232.0/22 +add china 103.43.240.0/22 +add china 103.44.56.0/22 +add china 103.44.80.0/22 +add china 103.44.88.0/22 +add china 103.44.120.0/21 +add china 103.44.132.0/22 +add china 103.44.144.0/22 +add china 103.44.152.0/22 +add china 103.44.168.0/22 +add china 103.44.176.0/20 +add china 103.44.192.0/20 +add china 103.44.224.0/22 +add china 103.44.236.0/22 +add china 103.44.240.0/20 +add china 103.45.0.0/18 +add china 103.45.72.0/21 +add china 103.45.80.0/20 +add china 103.45.96.0/19 +add china 103.45.128.0/18 +add china 103.45.192.0/19 +add china 103.45.224.0/22 +add china 103.45.248.0/22 +add china 103.46.0.0/22 +add china 103.46.12.0/22 +add china 103.46.16.0/20 +add china 103.46.32.0/19 +add china 103.46.64.0/18 +add china 103.46.128.0/21 +add china 103.46.136.0/22 +add china 103.46.152.0/21 +add china 103.46.160.0/20 +add china 103.46.176.0/21 +add china 103.46.244.0/22 +add china 103.46.248.0/22 +add china 103.47.4.0/22 +add china 103.47.20.0/22 +add china 103.47.36.0/22 +add china 103.47.40.0/22 +add china 103.47.48.0/22 +add china 103.47.80.0/22 +add china 103.47.96.0/22 +add china 103.47.108.0/22 +add china 103.47.116.0/22 +add china 103.47.120.0/22 +add china 103.47.136.0/21 +add china 103.47.212.0/22 +add china 103.47.220.0/22 +add china 103.47.248.0/22 +add china 103.48.20.0/22 +add china 103.48.52.0/22 +add china 103.48.92.0/22 +add china 103.48.144.0/20 +add china 103.48.202.0/23 +add china 103.48.216.0/21 +add china 103.48.224.0/20 +add china 103.48.240.0/21 +add china 103.49.12.0/22 +add china 103.49.20.0/22 +add china 103.49.72.0/21 +add china 103.49.92.0/22 +add china 103.49.96.0/22 +add china 103.49.108.0/22 +add china 103.49.128.0/22 +add china 103.49.176.0/21 +add china 103.49.196.0/22 +add china 103.49.248.0/22 +add china 103.50.36.0/22 +add china 103.50.44.0/22 +add china 103.50.48.0/20 +add china 103.50.64.0/21 +add china 103.50.72.0/22 +add china 103.50.92.0/22 +add china 103.50.108.0/22 +add china 103.50.112.0/20 +add china 103.50.132.0/22 +add china 103.50.136.0/21 +add china 103.50.172.0/22 +add china 103.50.176.0/20 +add china 103.50.192.0/21 +add china 103.50.200.0/22 +add china 103.50.220.0/22 +add china 103.50.224.0/20 +add china 103.50.240.0/21 +add china 103.50.248.0/22 +add china 103.52.40.0/22 +add china 103.52.72.0/21 +add china 103.52.80.0/21 +add china 103.52.96.0/21 +add china 103.52.104.0/22 +add china 103.52.160.0/21 +add china 103.52.172.0/22 +add china 103.52.176.0/22 +add china 103.52.184.0/22 +add china 103.52.196.0/22 +add china 103.53.4.0/22 +add china 103.53.64.0/21 +add china 103.53.92.0/22 +add china 103.53.100.0/22 +add china 103.53.124.0/22 +add china 103.53.128.0/20 +add china 103.53.144.0/22 +add china 103.53.160.0/22 +add china 103.53.180.0/22 +add china 103.53.204.0/22 +add china 103.53.208.0/21 +add china 103.53.216.0/22 +add china 103.53.236.0/22 +add china 103.53.248.0/22 +add china 103.54.8.0/22 +add china 103.54.48.0/22 +add china 103.54.60.0/22 +add china 103.54.160.0/21 +add china 103.54.212.0/22 +add china 103.54.228.0/22 +add china 103.54.240.0/22 +add china 103.55.24.0/22 +add china 103.55.80.0/22 +add china 103.55.120.0/22 +add china 103.55.152.0/22 +add china 103.55.172.0/22 +add china 103.55.204.0/22 +add china 103.55.208.0/22 +add china 103.55.228.0/22 +add china 103.55.236.0/22 +add china 103.55.240.0/22 +add china 103.56.8.0/22 +add china 103.56.16.0/21 +add china 103.56.32.0/22 +add china 103.56.52.0/22 +add china 103.56.56.0/21 +add china 103.56.72.0/21 +add china 103.56.100.0/22 +add china 103.56.104.0/22 +add china 103.56.140.0/22 +add china 103.56.152.0/22 +add china 103.56.184.0/22 +add china 103.56.200.0/22 +add china 103.56.216.0/22 +add china 103.57.12.0/22 +add china 103.57.52.0/22 +add china 103.57.56.0/22 +add china 103.57.76.0/22 +add china 103.57.108.0/22 +add china 103.57.136.0/22 +add china 103.57.196.0/22 +add china 103.58.24.0/22 +add china 103.58.182.0/23 +add china 103.59.76.0/22 +add china 103.59.100.0/22 +add china 103.59.112.0/20 +add china 103.59.128.0/22 +add china 103.59.148.0/22 +add china 103.59.164.0/22 +add china 103.60.32.0/22 +add china 103.60.44.0/22 +add china 103.60.164.0/22 +add china 103.60.228.0/22 +add china 103.60.236.0/22 +add china 103.61.60.0/22 +add china 103.61.104.0/22 +add china 103.61.140.0/22 +add china 103.61.152.0/21 +add china 103.61.160.0/22 +add china 103.61.172.0/22 +add china 103.61.176.0/22 +add china 103.61.184.0/21 +add china 103.62.24.0/22 +add china 103.62.52.0/22 +add china 103.62.72.0/21 +add china 103.62.80.0/21 +add china 103.62.88.0/22 +add china 103.62.96.0/19 +add china 103.62.128.0/21 +add china 103.62.156.0/22 +add china 103.62.160.0/19 +add china 103.62.192.0/22 +add china 103.62.204.0/22 +add china 103.62.208.0/20 +add china 103.62.224.0/22 +add china 103.63.32.0/19 +add china 103.63.64.0/20 +add china 103.63.80.0/21 +add china 103.63.88.0/22 +add china 103.63.140.0/22 +add china 103.63.144.0/22 +add china 103.63.152.0/22 +add china 103.63.160.0/20 +add china 103.63.176.0/21 +add china 103.63.184.0/22 +add china 103.63.192.0/20 +add china 103.63.208.0/22 +add china 103.63.240.0/20 +add china 103.64.0.0/21 +add china 103.64.24.0/21 +add china 103.64.32.0/19 +add china 103.64.64.0/18 +add china 103.64.140.0/22 +add china 103.64.144.0/22 +add china 103.64.152.0/21 +add china 103.64.160.0/19 +add china 103.64.192.0/18 +add china 103.65.0.0/20 +add china 103.65.16.0/22 +add china 103.65.36.0/22 +add china 103.65.40.0/22 +add china 103.65.48.0/20 +add china 103.65.64.0/19 +add china 103.65.100.0/22 +add china 103.65.104.0/21 +add china 103.65.112.0/20 +add china 103.65.128.0/21 +add china 103.65.136.0/22 +add china 103.65.144.0/20 +add china 103.65.160.0/20 +add china 103.66.32.0/22 +add china 103.66.40.0/22 +add china 103.66.92.0/22 +add china 103.66.108.0/22 +add china 103.66.200.0/22 +add china 103.66.216.0/22 +add china 103.66.240.0/20 +add china 103.67.0.0/21 +add china 103.67.8.0/22 +add china 103.67.40.0/21 +add china 103.67.48.0/20 +add china 103.67.64.0/18 +add china 103.67.128.0/20 +add china 103.67.144.0/21 +add china 103.67.172.0/22 +add china 103.67.192.0/22 +add china 103.67.212.0/22 +add china 103.67.252.0/22 +add china 103.68.64.0/22 +add china 103.68.88.0/22 +add china 103.68.100.0/22 +add china 103.68.128.0/22 +add china 103.68.192.0/22 +add china 103.69.16.0/22 +add china 103.69.116.0/22 +add china 103.69.132.0/22 +add china 103.69.152.0/22 +add china 103.69.212.0/22 +add china 103.70.8.0/22 +add china 103.70.148.0/22 +add china 103.70.184.0/22 +add china 103.70.220.0/22 +add china 103.70.224.0/22 +add china 103.70.236.0/22 +add china 103.70.252.0/22 +add china 103.71.0.0/22 +add china 103.71.32.0/22 +add china 103.71.48.0/22 +add china 103.71.68.0/22 +add china 103.71.72.0/22 +add china 103.71.80.0/21 +add china 103.71.88.0/22 +add china 103.71.120.0/21 +add china 103.71.128.0/22 +add china 103.71.144.0/22 +add china 103.71.196.0/22 +add china 103.71.200.0/22 +add china 103.71.232.0/22 +add china 103.72.12.0/22 +add china 103.72.16.0/20 +add china 103.72.32.0/20 +add china 103.72.48.0/21 +add china 103.72.112.0/20 +add china 103.72.128.0/21 +add china 103.72.144.0/21 +add china 103.72.164.0/22 +add china 103.72.172.0/22 +add china 103.72.180.0/22 +add china 103.72.224.0/19 +add china 103.73.0.0/19 +add china 103.73.48.0/22 +add china 103.73.88.0/22 +add china 103.73.96.0/22 +add china 103.73.116.0/22 +add china 103.73.120.0/22 +add china 103.73.128.0/20 +add china 103.73.144.0/22 +add china 103.73.168.0/22 +add china 103.73.176.0/22 +add china 103.73.204.0/22 +add china 103.73.208.0/22 +add china 103.73.240.0/21 +add china 103.73.248.0/22 +add china 103.74.24.0/21 +add china 103.74.32.0/20 +add china 103.74.48.0/22 +add china 103.74.56.0/21 +add china 103.74.80.0/22 +add china 103.74.124.0/22 +add china 103.74.148.0/22 +add china 103.74.152.0/21 +add china 103.74.204.0/22 +add china 103.74.232.0/22 +add china 103.75.16.0/22 +add china 103.75.84.0/22 +add china 103.75.88.0/21 +add china 103.75.104.0/21 +add china 103.75.112.0/22 +add china 103.75.120.0/22 +add china 103.75.128.0/22 +add china 103.75.144.0/22 +add china 103.75.152.0/22 +add china 103.75.236.0/24 +add china 103.76.60.0/22 +add china 103.76.64.0/21 +add china 103.76.72.0/22 +add china 103.76.84.0/22 +add china 103.76.92.0/22 +add china 103.76.104.0/22 +add china 103.76.216.0/21 +add china 103.76.224.0/22 +add china 103.77.28.0/22 +add china 103.77.52.0/22 +add china 103.77.56.0/22 +add china 103.77.72.0/22 +add china 103.77.88.0/21 +add china 103.77.132.0/22 +add china 103.77.148.0/22 +add china 103.77.220.0/22 +add china 103.78.56.0/21 +add china 103.78.64.0/21 +add china 103.78.124.0/22 +add china 103.78.172.0/22 +add china 103.78.176.0/22 +add china 103.78.196.0/22 +add china 103.78.228.0/22 +add china 103.79.24.0/21 +add china 103.79.36.0/22 +add china 103.79.40.0/21 +add china 103.192.0.0/19 +add china 103.192.48.0/21 +add china 103.192.56.0/22 +add china 103.192.84.0/22 +add china 103.192.88.0/21 +add china 103.192.96.0/20 +add china 103.192.112.0/22 +add china 103.192.128.0/20 +add china 103.192.144.0/22 +add china 103.192.164.0/22 +add china 103.192.188.0/22 +add china 103.192.208.0/21 +add china 103.192.216.0/22 +add china 103.192.252.0/22 +add china 103.193.40.0/21 +add china 103.193.120.0/21 +add china 103.193.140.0/22 +add china 103.193.144.0/21 +add china 103.193.160.0/22 +add china 103.193.188.0/22 +add china 103.193.192.0/22 +add china 103.193.212.0/22 +add china 103.193.216.0/21 +add china 103.193.224.0/20 +add china 103.193.240.0/22 +add china 103.194.16.0/22 +add china 103.194.230.0/23 +add china 103.195.104.0/22 +add china 103.195.112.0/22 +add china 103.195.136.0/22 +add china 103.195.148.0/22 +add china 103.195.152.0/22 +add china 103.195.160.0/22 +add china 103.195.192.0/22 +add china 103.196.60.0/22 +add china 103.196.64.0/22 +add china 103.196.72.0/22 +add china 103.196.88.0/21 +add china 103.196.96.0/22 +add china 103.196.168.0/22 +add china 103.196.184.0/22 +add china 103.196.204.0/22 +add china 103.197.180.0/22 +add china 103.197.228.0/22 +add china 103.197.252.0/22 +add china 103.198.20.0/22 +add china 103.198.60.0/22 +add china 103.198.64.0/22 +add china 103.198.72.0/22 +add china 103.198.124.0/22 +add china 103.198.156.0/22 +add china 103.198.180.0/22 +add china 103.198.196.0/22 +add china 103.198.200.0/22 +add china 103.198.216.0/21 +add china 103.198.224.0/20 +add china 103.198.240.0/21 +add china 103.199.164.0/22 +add china 103.199.196.0/22 +add china 103.199.228.0/22 +add china 103.199.248.0/21 +add china 103.200.28.0/22 +add china 103.200.32.0/22 +add china 103.200.52.0/22 +add china 103.200.64.0/21 +add china 103.200.136.0/21 +add china 103.200.144.0/20 +add china 103.200.160.0/19 +add china 103.200.192.0/22 +add china 103.200.220.0/22 +add china 103.200.224.0/19 +add china 103.201.0.0/20 +add china 103.201.16.0/21 +add china 103.201.28.0/22 +add china 103.201.32.0/19 +add china 103.201.64.0/22 +add china 103.201.76.0/22 +add china 103.201.80.0/20 +add china 103.201.96.0/20 +add china 103.201.112.0/21 +add china 103.201.120.0/22 +add china 103.201.152.0/21 +add china 103.201.160.0/19 +add china 103.201.192.0/18 +add china 103.202.0.0/19 +add china 103.202.32.0/20 +add china 103.202.56.0/21 +add china 103.202.64.0/18 +add china 103.202.128.0/20 +add china 103.202.144.0/22 +add china 103.202.152.0/21 +add china 103.202.160.0/19 +add china 103.202.192.0/20 +add china 103.202.212.0/22 +add china 103.202.228.0/22 +add china 103.202.236.0/22 +add china 103.202.240.0/20 +add china 103.203.0.0/19 +add china 103.203.32.0/22 +add china 103.203.52.0/22 +add china 103.203.56.0/22 +add china 103.203.96.0/19 +add china 103.203.128.0/22 +add china 103.203.140.0/22 +add china 103.203.164.0/22 +add china 103.203.168.0/22 +add china 103.203.192.0/22 +add china 103.203.200.0/22 +add china 103.203.212.0/22 +add china 103.203.216.0/22 +add china 103.204.24.0/22 +add china 103.204.72.0/22 +add china 103.204.88.0/22 +add china 103.204.112.0/22 +add china 103.204.136.0/21 +add china 103.204.144.0/21 +add china 103.204.152.0/22 +add china 103.204.196.0/22 +add china 103.204.232.0/21 +add china 103.205.4.0/22 +add china 103.205.8.0/22 +add china 103.205.40.0/21 +add china 103.205.52.0/22 +add china 103.205.108.0/22 +add china 103.205.116.0/22 +add china 103.205.120.0/22 +add china 103.205.136.0/22 +add china 103.205.162.0/24 +add china 103.205.188.0/22 +add china 103.205.192.0/21 +add china 103.205.200.0/22 +add china 103.205.236.0/22 +add china 103.205.248.0/21 +add china 103.206.0.0/22 +add china 103.206.44.0/22 +add china 103.206.108.0/22 +add china 103.206.148.0/22 +add china 103.207.48.0/22 +add china 103.207.104.0/22 +add china 103.207.164.0/22 +add china 103.207.184.0/21 +add china 103.207.192.0/20 +add china 103.207.208.0/21 +add china 103.207.220.0/22 +add china 103.207.228.0/22 +add china 103.207.232.0/22 +add china 103.208.12.0/22 +add china 103.208.16.0/22 +add china 103.208.28.0/22 +add china 103.208.40.0/21 +add china 103.208.48.0/22 +add china 103.208.148.0/22 +add china 103.209.112.0/22 +add china 103.209.136.0/22 +add china 103.209.200.0/22 +add china 103.209.208.0/22 +add china 103.209.216.0/22 +add china 103.209.232.0/22 +add china 103.210.0.0/22 +add china 103.210.96.0/22 +add china 103.210.156.0/22 +add china 103.210.160.0/19 +add china 103.210.216.0/22 +add china 103.211.44.0/22 +add china 103.211.96.0/21 +add china 103.211.156.0/22 +add china 103.211.164.0/22 +add china 103.211.168.0/22 +add china 103.211.192.0/22 +add china 103.211.220.0/22 +add china 103.211.224.0/21 +add china 103.211.248.0/22 +add china 103.212.0.0/20 +add china 103.212.32.0/22 +add china 103.212.44.0/22 +add china 103.212.48.0/22 +add china 103.212.84.0/22 +add china 103.212.100.0/22 +add china 103.212.104.0/21 +add china 103.212.148.0/22 +add china 103.212.164.0/22 +add china 103.212.196.0/22 +add china 103.212.200.0/22 +add china 103.212.228.0/22 +add china 103.212.252.0/22 +add china 103.213.40.0/21 +add china 103.213.48.0/20 +add china 103.213.64.0/19 +add china 103.213.96.0/22 +add china 103.213.132.0/22 +add china 103.213.136.0/21 +add china 103.213.144.0/20 +add china 103.213.160.0/19 +add china 103.213.248.0/21 +add china 103.214.32.0/22 +add china 103.214.48.0/22 +add china 103.214.84.0/22 +add china 103.214.168.0/22 +add china 103.214.212.0/22 +add china 103.214.224.0/22 +add china 103.214.240.0/21 +add china 103.215.28.0/22 +add china 103.215.32.0/21 +add china 103.215.44.0/22 +add china 103.215.48.0/22 +add china 103.215.100.0/22 +add china 103.215.104.0/21 +add china 103.215.116.0/22 +add china 103.215.120.0/22 +add china 103.215.140.0/22 +add china 103.215.184.0/22 +add china 103.215.228.0/22 +add china 103.216.4.0/22 +add china 103.216.8.0/21 +add china 103.216.16.0/20 +add china 103.216.32.0/20 +add china 103.216.64.0/22 +add china 103.216.108.0/22 +add china 103.216.136.0/22 +add china 103.216.152.0/22 +add china 103.216.224.0/21 +add china 103.216.240.0/20 +add china 103.217.0.0/18 +add china 103.217.168.0/22 +add china 103.217.180.0/22 +add china 103.217.184.0/21 +add china 103.217.192.0/20 +add china 103.218.0.0/22 +add china 103.218.8.0/21 +add china 103.218.16.0/21 +add china 103.218.28.0/22 +add china 103.218.32.0/19 +add china 103.218.64.0/19 +add china 103.218.184.0/22 +add china 103.218.192.0/20 +add china 103.218.208.0/21 +add china 103.218.216.0/22 +add china 103.219.24.0/21 +add china 103.219.32.0/21 +add china 103.219.64.0/22 +add china 103.219.84.0/22 +add china 103.219.88.0/21 +add china 103.219.96.0/21 +add china 103.219.176.0/22 +add china 103.219.184.0/22 +add china 103.220.48.0/20 +add china 103.220.64.0/22 +add china 103.220.92.0/22 +add china 103.220.96.0/20 +add china 103.220.116.0/22 +add china 103.220.120.0/21 +add china 103.220.128.0/20 +add china 103.220.144.0/21 +add china 103.220.152.0/22 +add china 103.220.160.0/19 +add china 103.220.192.0/21 +add china 103.220.200.0/22 +add china 103.220.240.0/20 +add china 103.221.0.0/19 +add china 103.221.32.0/20 +add china 103.221.48.0/22 +add china 103.221.88.0/21 +add china 103.221.96.0/19 +add china 103.221.128.0/18 +add china 103.221.192.0/20 +add china 103.222.0.0/20 +add china 103.222.16.0/22 +add china 103.222.24.0/21 +add china 103.222.32.0/19 +add china 103.222.64.0/18 +add china 103.222.128.0/18 +add china 103.222.192.0/19 +add china 103.222.224.0/21 +add china 103.222.232.0/22 +add china 103.222.240.0/21 +add china 103.223.16.0/20 +add china 103.223.32.0/19 +add china 103.223.64.0/18 +add china 103.223.128.0/21 +add china 103.223.140.0/22 +add china 103.223.144.0/20 +add china 103.223.160.0/20 +add china 103.223.176.0/21 +add china 103.223.188.0/22 +add china 103.223.192.0/18 +add china 103.224.0.0/22 +add china 103.224.16.0/22 +add china 103.224.40.0/21 +add china 103.224.60.0/22 +add china 103.224.80.0/22 +add china 103.224.220.0/22 +add china 103.224.224.0/21 +add china 103.224.232.0/22 +add china 103.225.84.0/22 +add china 103.226.16.0/22 +add china 103.226.40.0/22 +add china 103.226.56.0/21 +add china 103.226.80.0/22 +add china 103.226.116.0/22 +add china 103.226.132.0/22 +add china 103.226.156.0/22 +add china 103.226.180.0/22 +add china 103.226.196.0/22 +add china 103.227.48.0/22 +add china 103.227.72.0/21 +add china 103.227.80.0/22 +add china 103.227.100.0/22 +add china 103.227.120.0/22 +add china 103.227.132.0/22 +add china 103.227.136.0/22 +add china 103.227.196.0/22 +add china 103.227.204.0/22 +add china 103.227.212.0/22 +add china 103.227.228.0/22 +add china 103.228.12.0/22 +add china 103.228.28.0/22 +add china 103.228.68.0/22 +add china 103.228.88.0/22 +add china 103.228.128.0/22 +add china 103.228.136.0/22 +add china 103.228.160.0/22 +add china 103.228.176.0/22 +add china 103.228.204.0/22 +add china 103.228.208.0/22 +add china 103.228.228.0/22 +add china 103.228.232.0/22 +add china 103.229.20.0/22 +add china 103.229.60.0/22 +add china 103.229.136.0/22 +add china 103.229.148.0/22 +add china 103.229.172.0/22 +add china 103.229.212.0/22 +add china 103.229.216.0/21 +add china 103.229.228.0/22 +add china 103.229.236.0/22 +add china 103.229.240.0/22 +add china 103.230.0.0/22 +add china 103.230.28.0/22 +add china 103.230.40.0/21 +add china 103.230.96.0/22 +add china 103.230.196.0/22 +add china 103.230.200.0/21 +add china 103.230.212.0/22 +add china 103.230.236.0/22 +add china 103.231.16.0/21 +add china 103.231.64.0/21 +add china 103.231.144.0/22 +add china 103.231.180.0/22 +add china 103.231.184.0/22 +add china 103.231.244.0/22 +add china 103.232.4.0/22 +add china 103.232.144.0/22 +add china 103.232.188.0/22 +add china 103.232.212.0/22 +add china 103.233.4.0/22 +add china 103.233.44.0/22 +add china 103.233.52.0/22 +add china 103.233.104.0/22 +add china 103.233.128.0/22 +add china 103.233.136.0/22 +add china 103.233.228.0/22 +add china 103.234.0.0/22 +add china 103.234.20.0/22 +add china 103.234.56.0/22 +add china 103.234.124.0/22 +add china 103.234.128.0/22 +add china 103.234.172.0/22 +add china 103.234.180.0/22 +add china 103.234.244.0/22 +add china 103.235.16.0/22 +add china 103.235.48.0/22 +add china 103.235.56.0/21 +add china 103.235.80.0/21 +add china 103.235.128.0/20 +add china 103.235.144.0/21 +add china 103.235.184.0/22 +add china 103.235.192.0/22 +add china 103.235.200.0/22 +add china 103.235.220.0/22 +add china 103.235.224.0/19 +add china 103.236.0.0/18 +add china 103.236.64.0/19 +add china 103.236.96.0/22 +add china 103.236.120.0/22 +add china 103.236.184.0/22 +add china 103.236.220.0/22 +add china 103.236.232.0/22 +add china 103.236.240.0/20 +add china 103.237.0.0/20 +add china 103.237.24.0/21 +add china 103.237.68.0/22 +add china 103.237.88.0/22 +add china 103.237.152.0/22 +add china 103.237.176.0/20 +add china 103.237.192.0/18 +add china 103.238.0.0/21 +add china 103.238.16.0/20 +add china 103.238.32.0/20 +add china 103.238.48.0/21 +add china 103.238.56.0/22 +add china 103.238.88.0/21 +add china 103.238.96.0/22 +add china 103.238.132.0/22 +add china 103.238.140.0/22 +add china 103.238.144.0/22 +add china 103.238.160.0/19 +add china 103.238.196.0/22 +add china 103.238.204.0/22 +add china 103.238.252.0/22 +add china 103.239.0.0/22 +add china 103.239.44.0/22 +add china 103.239.68.0/22 +add china 103.239.96.0/22 +add china 103.239.152.0/21 +add china 103.239.176.0/21 +add china 103.239.184.0/22 +add china 103.239.192.0/21 +add china 103.239.204.0/22 +add china 103.239.208.0/22 +add china 103.239.224.0/22 +add china 103.239.244.0/22 +add china 103.240.16.0/22 +add china 103.240.36.0/22 +add china 103.240.72.0/22 +add china 103.240.84.0/22 +add china 103.240.124.0/22 +add china 103.240.156.0/22 +add china 103.240.172.0/22 +add china 103.240.188.0/22 +add china 103.240.244.0/22 +add china 103.241.12.0/22 +add china 103.241.72.0/22 +add china 103.241.92.0/22 +add china 103.241.96.0/22 +add china 103.241.160.0/22 +add china 103.241.184.0/21 +add china 103.241.220.0/22 +add china 103.242.8.0/22 +add china 103.242.64.0/22 +add china 103.242.128.0/21 +add china 103.242.160.0/22 +add china 103.242.168.0/21 +add china 103.242.176.0/22 +add china 103.242.200.0/22 +add china 103.242.212.0/22 +add china 103.242.220.0/22 +add china 103.242.240.0/22 +add china 103.243.136.0/22 +add china 103.243.252.0/22 +add china 103.244.16.0/22 +add china 103.244.58.0/23 +add china 103.244.60.0/22 +add china 103.244.64.0/20 +add china 103.244.80.0/21 +add china 103.244.116.0/22 +add china 103.244.164.0/22 +add china 103.244.232.0/22 +add china 103.244.252.0/22 +add china 103.245.23.0/24 +add china 103.245.52.0/22 +add china 103.245.60.0/22 +add china 103.245.80.0/22 +add china 103.245.124.0/22 +add china 103.245.128.0/22 +add china 103.246.8.0/21 +add china 103.246.72.0/22 +add china 103.246.120.0/21 +add china 103.246.132.0/22 +add china 103.246.152.0/21 +add china 103.247.168.0/21 +add china 103.247.176.0/22 +add china 103.247.200.0/22 +add china 103.247.212.0/22 +add china 103.248.0.0/23 +add china 103.248.64.0/22 +add china 103.248.100.0/22 +add china 103.248.124.0/22 +add china 103.248.152.0/22 +add china 103.248.168.0/22 +add china 103.248.192.0/22 +add china 103.248.212.0/22 +add china 103.248.220.0/22 +add china 103.248.224.0/21 +add china 103.249.8.0/21 +add china 103.249.52.0/22 +add china 103.249.104.0/22 +add china 103.249.128.0/22 +add china 103.249.136.0/22 +add china 103.249.144.0/22 +add china 103.249.164.0/22 +add china 103.249.168.0/21 +add china 103.249.176.0/22 +add china 103.249.188.0/22 +add china 103.249.192.0/22 +add china 103.249.244.0/22 +add china 103.249.252.0/22 +add china 103.250.32.0/22 +add china 103.250.104.0/22 +add china 103.250.124.0/22 +add china 103.250.180.0/22 +add china 103.250.192.0/22 +add china 103.250.216.0/22 +add china 103.250.224.0/22 +add china 103.250.236.0/22 +add china 103.250.248.0/21 +add china 103.251.32.0/21 +add china 103.251.84.0/22 +add china 103.251.96.0/22 +add china 103.251.124.0/22 +add china 103.251.128.0/22 +add china 103.251.160.0/22 +add china 103.251.192.0/22 +add china 103.251.204.0/22 +add china 103.251.236.0/22 +add china 103.251.240.0/22 +add china 103.252.28.0/22 +add china 103.252.36.0/22 +add china 103.252.64.0/22 +add china 103.252.96.0/22 +add china 103.252.104.0/22 +add china 103.252.172.0/22 +add china 103.252.204.0/22 +add china 103.252.208.0/22 +add china 103.252.232.0/22 +add china 103.252.248.0/22 +add china 103.253.4.0/22 +add china 103.253.60.0/22 +add china 103.253.204.0/22 +add china 103.253.220.0/22 +add china 103.253.224.0/22 +add china 103.253.232.0/22 +add china 103.254.8.0/22 +add china 103.254.20.0/22 +add china 103.254.64.0/20 +add china 103.254.112.0/22 +add china 103.254.176.0/22 +add china 103.254.188.0/22 +add china 103.254.196.0/24 +add china 103.254.220.0/22 +add china 103.255.56.0/22 +add china 103.255.68.0/22 +add china 103.255.88.0/21 +add china 103.255.136.0/21 +add china 103.255.184.0/22 +add china 103.255.200.0/22 +add china 103.255.208.0/21 +add china 103.255.228.0/22 +add china 106.0.0.0/24 +add china 106.0.2.0/23 +add china 106.0.4.0/22 +add china 106.0.8.0/21 +add china 106.0.16.0/20 +add china 106.0.44.0/22 +add china 106.0.64.0/18 +add china 106.2.0.0/15 +add china 106.4.0.0/14 +add china 106.8.0.0/15 +add china 106.11.0.0/16 +add china 106.12.0.0/14 +add china 106.16.0.0/12 +add china 106.32.0.0/12 +add china 106.48.0.0/15 +add china 106.50.0.0/16 +add china 106.52.0.0/14 +add china 106.56.0.0/13 +add china 106.74.0.0/15 +add china 106.80.0.0/12 +add china 106.108.0.0/14 +add china 106.112.0.0/12 +add china 106.224.0.0/12 +add china 110.6.0.0/15 +add china 110.16.0.0/14 +add china 110.34.40.0/21 +add china 110.40.0.0/14 +add china 110.44.12.0/22 +add china 110.44.144.0/20 +add china 110.48.0.0/16 +add china 110.51.0.0/16 +add china 110.52.0.0/15 +add china 110.56.0.0/13 +add china 110.64.0.0/15 +add china 110.72.0.0/15 +add china 110.75.0.0/16 +add china 110.76.0.0/18 +add china 110.76.132.0/22 +add china 110.76.156.0/22 +add china 110.76.184.0/22 +add china 110.76.192.0/18 +add china 110.77.0.0/17 +add china 110.80.0.0/13 +add china 110.88.0.0/14 +add china 110.92.68.0/22 +add china 110.93.32.0/19 +add china 110.94.0.0/15 +add china 110.96.0.0/11 +add china 110.152.0.0/14 +add china 110.156.0.0/15 +add china 110.165.32.0/19 +add china 110.166.0.0/15 +add china 110.172.192.0/18 +add china 110.173.0.0/19 +add china 110.173.32.0/20 +add china 110.173.64.0/18 +add china 110.173.192.0/19 +add china 110.176.0.0/12 +add china 110.192.0.0/11 +add china 110.228.0.0/14 +add china 110.232.32.0/19 +add china 110.236.0.0/15 +add china 110.240.0.0/12 +add china 111.0.0.0/10 +add china 111.66.0.0/16 +add china 111.67.192.0/20 +add china 111.68.64.0/19 +add china 111.72.0.0/13 +add china 111.85.0.0/16 +add china 111.91.192.0/19 +add china 111.92.248.0/21 +add china 111.112.0.0/14 +add china 111.116.0.0/15 +add china 111.118.200.0/21 +add china 111.119.64.0/18 +add china 111.119.128.0/19 +add china 111.120.0.0/14 +add china 111.124.0.0/16 +add china 111.126.0.0/15 +add china 111.128.0.0/11 +add china 111.160.0.0/13 +add china 111.170.0.0/16 +add china 111.172.0.0/14 +add china 111.176.0.0/13 +add china 111.186.0.0/15 +add china 111.192.0.0/12 +add china 111.208.0.0/13 +add china 111.221.28.0/24 +add china 111.221.128.0/17 +add china 111.222.0.0/16 +add china 111.223.4.0/22 +add china 111.223.8.0/21 +add china 111.223.16.0/22 +add china 111.223.240.0/22 +add china 111.223.248.0/22 +add china 111.224.0.0/13 +add china 111.235.96.0/19 +add china 111.235.156.0/22 +add china 111.235.160.0/19 +add china 112.0.0.0/10 +add china 112.64.0.0/14 +add china 112.73.0.0/16 +add china 112.74.0.0/15 +add china 112.80.0.0/12 +add china 112.96.0.0/13 +add china 112.109.128.0/17 +add china 112.111.0.0/16 +add china 112.112.0.0/14 +add china 112.116.0.0/15 +add china 112.122.0.0/15 +add china 112.124.0.0/14 +add china 112.128.0.0/14 +add china 112.132.0.0/16 +add china 112.137.48.0/21 +add china 112.192.0.0/14 +add china 112.224.0.0/11 +add china 113.0.0.0/13 +add china 113.8.0.0/15 +add china 113.11.192.0/19 +add china 113.12.0.0/14 +add china 113.16.0.0/15 +add china 113.18.0.0/16 +add china 113.21.232.0/21 +add china 113.24.0.0/14 +add china 113.31.0.0/16 +add china 113.44.0.0/14 +add china 113.48.0.0/14 +add china 113.52.160.0/19 +add china 113.52.228.0/22 +add china 113.54.0.0/15 +add china 113.56.0.0/15 +add china 113.58.0.0/16 +add china 113.59.0.0/17 +add china 113.59.224.0/22 +add china 113.62.0.0/15 +add china 113.64.0.0/10 +add china 113.128.0.0/15 +add china 113.130.96.0/20 +add china 113.130.112.0/21 +add china 113.132.0.0/14 +add china 113.136.0.0/13 +add china 113.194.0.0/15 +add china 113.197.100.0/22 +add china 113.200.0.0/15 +add china 113.202.0.0/16 +add china 113.204.0.0/14 +add china 113.208.96.0/19 +add china 113.208.128.0/17 +add china 113.209.0.0/16 +add china 113.212.0.0/18 +add china 113.212.100.0/22 +add china 113.212.184.0/21 +add china 113.213.0.0/17 +add china 113.214.0.0/15 +add china 113.218.0.0/15 +add china 113.220.0.0/14 +add china 113.224.0.0/12 +add china 113.240.0.0/13 +add china 113.248.0.0/14 +add china 114.28.0.0/16 +add china 114.31.64.0/21 +add china 114.54.0.0/15 +add china 114.60.0.0/14 +add china 114.64.0.0/14 +add china 114.68.0.0/16 +add china 114.79.64.0/18 +add china 114.80.0.0/12 +add china 114.96.0.0/13 +add china 114.104.0.0/14 +add china 114.110.0.0/20 +add china 114.110.64.0/18 +add china 114.111.0.0/19 +add china 114.111.160.0/19 +add china 114.112.0.0/13 +add china 114.132.0.0/16 +add china 114.135.0.0/16 +add china 114.138.0.0/15 +add china 114.141.64.0/21 +add china 114.141.80.0/21 +add china 114.141.128.0/18 +add china 114.196.0.0/15 +add china 114.198.248.0/21 +add china 114.208.0.0/12 +add china 114.224.0.0/11 +add china 115.24.0.0/14 +add china 115.28.0.0/15 +add china 115.31.64.0/20 +add china 115.32.0.0/14 +add china 115.42.56.0/22 +add china 115.44.0.0/14 +add china 115.48.0.0/12 +add china 115.69.64.0/20 +add china 115.84.0.0/18 +add china 115.84.192.0/19 +add china 115.85.192.0/18 +add china 115.100.0.0/14 +add china 115.104.0.0/14 +add china 115.120.0.0/14 +add china 115.124.16.0/20 +add china 115.148.0.0/14 +add china 115.152.0.0/13 +add china 115.166.64.0/19 +add china 115.168.0.0/13 +add china 115.180.0.0/14 +add china 115.187.0.0/20 +add china 115.190.0.0/15 +add china 115.192.0.0/11 +add china 115.224.0.0/12 +add china 116.0.8.0/21 +add china 116.0.24.0/21 +add china 116.1.0.0/16 +add china 116.2.0.0/15 +add china 116.4.0.0/14 +add china 116.8.0.0/14 +add china 116.13.0.0/16 +add china 116.16.0.0/12 +add china 116.50.0.0/20 +add china 116.52.0.0/14 +add china 116.56.0.0/15 +add china 116.58.128.0/20 +add china 116.58.208.0/20 +add china 116.60.0.0/14 +add china 116.66.0.0/17 +add china 116.66.176.0/22 +add china 116.68.136.0/21 +add china 116.68.176.0/21 +add china 116.69.0.0/16 +add china 116.70.0.0/17 +add china 116.76.0.0/14 +add china 116.85.0.0/16 +add china 116.89.144.0/20 +add china 116.90.80.0/20 +add china 116.90.184.0/21 +add china 116.95.0.0/16 +add china 116.112.0.0/14 +add china 116.116.0.0/15 +add china 116.128.0.0/10 +add china 116.192.0.0/16 +add china 116.193.16.0/20 +add china 116.193.32.0/19 +add china 116.193.152.0/22 +add china 116.193.164.0/22 +add china 116.193.176.0/21 +add china 116.194.0.0/15 +add china 116.196.0.0/16 +add china 116.197.160.0/21 +add china 116.197.180.0/23 +add china 116.198.0.0/16 +add china 116.199.0.0/17 +add china 116.199.128.0/19 +add china 116.204.0.0/15 +add china 116.207.0.0/16 +add china 116.208.0.0/14 +add china 116.212.160.0/20 +add china 116.213.40.0/21 +add china 116.213.64.0/18 +add china 116.213.128.0/17 +add china 116.214.32.0/19 +add china 116.214.64.0/20 +add china 116.214.128.0/17 +add china 116.215.0.0/16 +add china 116.216.0.0/14 +add china 116.224.0.0/12 +add china 116.242.0.0/15 +add china 116.244.0.0/14 +add china 116.248.0.0/15 +add china 116.251.64.0/18 +add china 116.252.0.0/15 +add china 116.254.104.0/21 +add china 116.254.128.0/17 +add china 116.255.128.0/17 +add china 117.8.0.0/13 +add china 117.21.0.0/16 +add china 117.22.0.0/15 +add china 117.24.0.0/13 +add china 117.32.0.0/13 +add china 117.40.0.0/14 +add china 117.44.0.0/15 +add china 117.48.0.0/14 +add china 117.53.48.0/20 +add china 117.53.176.0/20 +add china 117.57.0.0/16 +add china 117.58.0.0/17 +add china 117.59.0.0/16 +add china 117.60.0.0/14 +add china 117.64.0.0/13 +add china 117.72.0.0/15 +add china 117.74.64.0/19 +add china 117.74.128.0/17 +add china 117.75.0.0/16 +add china 117.76.0.0/14 +add china 117.80.0.0/12 +add china 117.100.0.0/15 +add china 117.103.16.0/20 +add china 117.103.40.0/21 +add china 117.103.72.0/21 +add china 117.103.128.0/20 +add china 117.104.168.0/21 +add china 117.104.188.0/24 +add china 117.106.0.0/15 +add china 117.112.0.0/13 +add china 117.120.64.0/18 +add china 117.120.128.0/17 +add china 117.121.0.0/17 +add china 117.121.128.0/18 +add china 117.121.192.0/21 +add china 117.122.128.0/17 +add china 117.124.0.0/14 +add china 117.128.0.0/10 +add china 118.24.0.0/15 +add china 118.26.0.0/16 +add china 118.28.0.0/14 +add china 118.64.0.0/15 +add china 118.66.0.0/16 +add china 118.67.112.0/20 +add china 118.72.0.0/13 +add china 118.80.0.0/15 +add china 118.84.0.0/15 +add china 118.88.32.0/19 +add china 118.88.64.0/18 +add china 118.88.128.0/17 +add china 118.89.0.0/16 +add china 118.91.240.0/20 +add china 118.102.16.0/20 +add china 118.102.32.0/21 +add china 118.103.164.0/22 +add china 118.103.168.0/21 +add china 118.103.176.0/22 +add china 118.103.244.0/22 +add china 118.112.0.0/13 +add china 118.120.0.0/14 +add china 118.124.0.0/15 +add china 118.126.0.0/16 +add china 118.127.128.0/19 +add china 118.132.0.0/14 +add china 118.144.0.0/14 +add china 118.178.0.0/16 +add china 118.180.0.0/14 +add china 118.184.0.0/16 +add china 118.186.0.0/15 +add china 118.188.0.0/16 +add china 118.190.0.0/15 +add china 118.192.0.0/16 +add china 118.193.0.0/20 +add china 118.193.31.0/24 +add china 118.193.32.0/19 +add china 118.193.64.0/20 +add china 118.193.96.0/19 +add china 118.193.128.0/17 +add china 118.194.0.0/15 +add china 118.196.0.0/14 +add china 118.202.0.0/15 +add china 118.204.0.0/14 +add china 118.212.0.0/15 +add china 118.215.192.0/19 +add china 118.224.0.0/14 +add china 118.228.0.0/15 +add china 118.230.0.0/16 +add china 118.239.0.0/16 +add china 118.242.0.0/16 +add china 118.244.0.0/14 +add china 118.248.0.0/13 +add china 119.0.0.0/15 +add china 119.2.0.0/19 +add china 119.2.128.0/17 +add china 119.3.0.0/16 +add china 119.4.0.0/14 +add china 119.8.0.0/16 +add china 119.10.0.0/17 +add china 119.15.136.0/21 +add china 119.16.0.0/16 +add china 119.18.192.0/20 +add china 119.18.208.0/21 +add china 119.18.224.0/19 +add china 119.19.0.0/16 +add china 119.20.0.0/14 +add china 119.27.64.0/18 +add china 119.27.128.0/17 +add china 119.28.0.0/15 +add china 119.30.48.0/20 +add china 119.31.192.0/19 +add china 119.32.0.0/13 +add china 119.40.0.0/18 +add china 119.40.64.0/20 +add china 119.40.128.0/17 +add china 119.41.0.0/16 +add china 119.42.0.0/19 +add china 119.42.52.0/22 +add china 119.42.128.0/20 +add china 119.42.224.0/19 +add china 119.44.0.0/15 +add china 119.48.0.0/13 +add china 119.57.0.0/16 +add china 119.58.0.0/16 +add china 119.59.128.0/17 +add china 119.60.0.0/15 +add china 119.62.0.0/16 +add china 119.63.32.0/19 +add china 119.75.208.0/20 +add china 119.78.0.0/15 +add china 119.80.0.0/16 +add china 119.82.208.0/20 +add china 119.84.0.0/14 +add china 119.88.0.0/14 +add china 119.96.0.0/13 +add china 119.108.0.0/15 +add china 119.112.0.0/12 +add china 119.128.0.0/12 +add china 119.144.0.0/14 +add china 119.148.160.0/19 +add china 119.151.192.0/18 +add china 119.160.200.0/21 +add china 119.161.120.0/21 +add china 119.161.128.0/17 +add china 119.162.0.0/15 +add china 119.164.0.0/14 +add china 119.176.0.0/12 +add china 119.232.0.0/15 +add china 119.235.128.0/18 +add china 119.248.0.0/14 +add china 119.252.96.0/21 +add china 119.252.240.0/20 +add china 119.253.0.0/16 +add china 119.254.0.0/15 +add china 120.0.0.0/12 +add china 120.24.0.0/14 +add china 120.30.0.0/15 +add china 120.32.0.0/12 +add china 120.48.0.0/15 +add china 120.52.0.0/14 +add china 120.64.0.0/13 +add china 120.72.32.0/19 +add china 120.72.128.0/17 +add china 120.76.0.0/14 +add china 120.80.0.0/13 +add china 120.88.8.0/21 +add china 120.90.0.0/15 +add china 120.92.0.0/16 +add china 120.94.0.0/15 +add china 120.128.0.0/13 +add china 120.136.16.0/21 +add china 120.136.128.0/18 +add china 120.137.0.0/17 +add china 120.143.128.0/19 +add china 120.192.0.0/10 +add china 121.0.8.0/21 +add china 121.0.16.0/20 +add china 121.4.0.0/15 +add china 121.8.0.0/13 +add china 121.16.0.0/12 +add china 121.32.0.0/13 +add china 121.40.0.0/14 +add china 121.46.0.0/18 +add china 121.46.76.0/22 +add china 121.46.128.0/17 +add china 121.47.0.0/16 +add china 121.48.0.0/15 +add china 121.50.8.0/21 +add china 121.51.0.0/16 +add china 121.52.160.0/19 +add china 121.52.208.0/20 +add china 121.52.224.0/19 +add china 121.54.176.0/21 +add china 121.54.188.0/22 +add china 121.55.0.0/18 +add china 121.56.0.0/15 +add china 121.58.0.0/17 +add china 121.58.136.0/21 +add china 121.58.144.0/20 +add china 121.58.160.0/21 +add china 121.59.0.0/16 +add china 121.60.0.0/14 +add china 121.68.0.0/14 +add china 121.76.0.0/15 +add china 121.79.128.0/18 +add china 121.89.0.0/16 +add china 121.100.128.0/17 +add china 121.101.0.0/18 +add china 121.101.208.0/20 +add china 121.192.0.0/13 +add china 121.200.192.0/21 +add china 121.201.0.0/16 +add china 121.204.0.0/14 +add china 121.224.0.0/12 +add china 121.248.0.0/14 +add china 121.255.0.0/16 +add china 122.0.64.0/18 +add china 122.0.128.0/17 +add china 122.4.0.0/14 +add china 122.8.0.0/15 +add china 122.10.0.0/16 +add china 122.11.0.0/17 +add china 122.12.0.0/15 +add china 122.14.0.0/16 +add china 122.48.0.0/16 +add china 122.49.0.0/18 +add china 122.51.0.0/16 +add china 122.64.0.0/11 +add china 122.96.0.0/15 +add china 122.98.144.0/20 +add china 122.98.160.0/21 +add china 122.98.172.0/22 +add china 122.98.176.0/20 +add china 122.98.192.0/21 +add china 122.98.232.0/21 +add china 122.98.240.0/20 +add china 122.102.0.0/20 +add china 122.102.64.0/19 +add china 122.112.0.0/14 +add china 122.119.0.0/16 +add china 122.128.100.0/22 +add china 122.128.120.0/21 +add china 122.136.0.0/13 +add china 122.144.128.0/17 +add china 122.152.192.0/18 +add china 122.156.0.0/14 +add china 122.188.0.0/14 +add china 122.192.0.0/14 +add china 122.198.0.0/16 +add china 122.200.40.0/21 +add china 122.200.64.0/18 +add china 122.201.48.0/20 +add china 122.204.0.0/14 +add china 122.224.0.0/12 +add china 122.240.0.0/13 +add china 122.248.24.0/21 +add china 122.248.48.0/20 +add china 122.255.64.0/21 +add china 123.0.128.0/18 +add china 123.4.0.0/14 +add china 123.8.0.0/13 +add china 123.49.128.0/17 +add china 123.50.160.0/19 +add china 123.52.0.0/14 +add china 123.56.0.0/14 +add china 123.60.0.0/15 +add china 123.62.0.0/16 +add china 123.64.0.0/11 +add china 123.96.0.0/15 +add china 123.98.0.0/17 +add china 123.99.128.0/17 +add china 123.100.0.0/19 +add china 123.100.232.0/24 +add china 123.101.0.0/16 +add china 123.103.0.0/17 +add china 123.108.128.0/20 +add china 123.108.208.0/20 +add china 123.112.0.0/12 +add china 123.128.0.0/13 +add china 123.136.80.0/20 +add china 123.137.0.0/16 +add china 123.138.0.0/15 +add china 123.144.0.0/12 +add china 123.160.0.0/12 +add china 123.176.60.0/22 +add china 123.176.80.0/20 +add china 123.177.0.0/16 +add china 123.178.0.0/15 +add china 123.180.0.0/14 +add china 123.184.0.0/13 +add china 123.196.0.0/15 +add china 123.199.128.0/17 +add china 123.206.0.0/15 +add china 123.232.0.0/14 +add china 123.242.0.0/17 +add china 123.242.192.0/21 +add china 123.244.0.0/14 +add china 123.249.0.0/16 +add china 123.253.0.0/16 +add china 123.254.96.0/21 +add china 124.6.64.0/18 +add china 124.14.0.0/15 +add china 124.16.0.0/15 +add china 124.20.0.0/14 +add china 124.28.192.0/18 +add china 124.29.0.0/17 +add china 124.31.0.0/16 +add china 124.40.112.0/20 +add china 124.40.128.0/18 +add china 124.40.192.0/19 +add china 124.40.240.0/22 +add china 124.42.0.0/16 +add china 124.47.0.0/18 +add china 124.64.0.0/15 +add china 124.66.0.0/17 +add china 124.67.0.0/16 +add china 124.68.0.0/14 +add china 124.72.0.0/13 +add china 124.88.0.0/13 +add china 124.108.8.0/21 +add china 124.108.40.0/21 +add china 124.109.96.0/21 +add china 124.112.0.0/13 +add china 124.126.0.0/15 +add china 124.128.0.0/13 +add china 124.147.128.0/17 +add china 124.150.137.0/24 +add china 124.151.0.0/16 +add china 124.152.0.0/16 +add china 124.156.0.0/16 +add china 124.160.0.0/13 +add china 124.172.0.0/14 +add china 124.192.0.0/15 +add china 124.196.0.0/16 +add china 124.200.0.0/13 +add china 124.220.0.0/14 +add china 124.224.0.0/12 +add china 124.240.0.0/17 +add china 124.240.128.0/18 +add china 124.242.0.0/16 +add china 124.243.192.0/18 +add china 124.248.0.0/17 +add china 124.249.0.0/16 +add china 124.250.0.0/15 +add china 124.254.0.0/18 +add china 125.31.192.0/18 +add china 125.32.0.0/12 +add china 125.58.128.0/17 +add china 125.61.128.0/17 +add china 125.62.0.0/18 +add china 125.64.0.0/11 +add china 125.96.0.0/15 +add china 125.98.0.0/16 +add china 125.104.0.0/13 +add china 125.112.0.0/12 +add china 125.169.0.0/16 +add china 125.171.0.0/16 +add china 125.208.0.0/18 +add china 125.210.0.0/15 +add china 125.213.0.0/17 +add china 125.214.96.0/19 +add china 125.215.0.0/18 +add china 125.216.0.0/13 +add china 125.254.128.0/17 +add china 129.223.254.0/24 +add china 132.237.134.0/24 +add china 132.237.150.0/24 +add china 135.159.208.0/20 +add china 135.244.80.0/20 +add china 137.59.59.0/24 +add china 137.59.88.0/22 +add china 138.32.244.0/22 +add china 139.5.56.0/21 +add china 139.5.80.0/22 +add china 139.5.92.0/22 +add china 139.5.108.0/22 +add china 139.5.128.0/22 +add china 139.5.160.0/22 +add china 139.5.192.0/22 +add china 139.5.204.0/22 +add china 139.5.208.0/21 +add china 139.5.244.0/22 +add china 139.9.0.0/16 +add china 139.129.0.0/16 +add china 139.148.0.0/16 +add china 139.155.0.0/16 +add china 139.159.0.0/16 +add china 139.170.0.0/16 +add china 139.176.0.0/16 +add china 139.183.0.0/16 +add china 139.186.0.0/16 +add china 139.189.0.0/16 +add china 139.196.0.0/14 +add china 139.200.0.0/13 +add china 139.208.0.0/13 +add china 139.217.0.0/16 +add china 139.219.0.0/16 +add china 139.220.0.0/15 +add china 139.224.0.0/16 +add china 139.226.0.0/15 +add china 140.75.0.0/16 +add china 140.101.208.0/24 +add china 140.143.0.0/16 +add china 140.205.0.0/16 +add china 140.206.0.0/15 +add china 140.210.0.0/16 +add china 140.224.0.0/16 +add china 140.237.0.0/16 +add china 140.240.0.0/16 +add china 140.242.216.0/24 +add china 140.242.223.0/24 +add china 140.242.224.0/24 +add china 140.243.0.0/16 +add china 140.246.0.0/16 +add china 140.249.0.0/16 +add china 140.250.0.0/16 +add china 140.255.0.0/16 +add china 144.0.0.0/16 +add china 144.7.0.0/16 +add china 144.12.0.0/16 +add china 144.36.146.0/23 +add china 144.48.8.0/21 +add china 144.48.56.0/22 +add china 144.48.64.0/22 +add china 144.48.88.0/22 +add china 144.48.156.0/22 +add china 144.48.172.0/22 +add china 144.48.180.0/22 +add china 144.48.184.0/22 +add china 144.48.204.0/22 +add china 144.48.208.0/21 +add china 144.48.220.0/22 +add china 144.48.252.0/22 +add china 144.52.0.0/16 +add china 144.123.0.0/16 +add china 144.211.80.0/24 +add china 144.211.138.0/24 +add china 144.255.0.0/16 +add china 146.196.56.0/22 +add china 146.196.68.0/22 +add china 146.196.72.0/21 +add china 146.196.92.0/22 +add china 146.196.112.0/21 +add china 146.196.124.0/22 +add china 146.217.137.0/24 +add china 146.222.79.0/24 +add china 146.222.81.0/24 +add china 146.222.94.0/24 +add china 150.0.0.0/16 +add china 150.115.0.0/16 +add china 150.121.0.0/16 +add china 150.122.0.0/16 +add china 150.129.136.0/22 +add china 150.129.152.0/22 +add china 150.129.192.0/22 +add china 150.129.216.0/22 +add china 150.129.252.0/22 +add china 150.138.0.0/15 +add china 150.223.0.0/16 +add china 150.242.0.0/21 +add china 150.242.8.0/22 +add china 150.242.28.0/22 +add china 150.242.44.0/22 +add china 150.242.48.0/21 +add china 150.242.56.0/22 +add china 150.242.76.0/22 +add china 150.242.80.0/22 +add china 150.242.92.0/22 +add china 150.242.96.0/22 +add china 150.242.112.0/21 +add china 150.242.120.0/22 +add china 150.242.152.0/21 +add china 150.242.160.0/21 +add china 150.242.168.0/22 +add china 150.242.184.0/21 +add china 150.242.192.0/22 +add china 150.242.212.0/22 +add china 150.242.224.0/20 +add china 150.242.240.0/21 +add china 150.242.248.0/22 +add china 150.255.0.0/16 +add china 152.104.128.0/17 +add china 153.0.0.0/16 +add china 153.3.0.0/16 +add china 153.34.0.0/15 +add china 153.36.0.0/15 +add china 153.99.0.0/16 +add china 153.101.0.0/16 +add china 153.118.0.0/15 +add china 157.0.0.0/16 +add china 157.18.0.0/16 +add china 157.61.0.0/16 +add china 157.119.0.0/22 +add china 157.119.8.0/21 +add china 157.119.16.0/22 +add china 157.119.28.0/22 +add china 157.119.68.0/22 +add china 157.119.112.0/22 +add china 157.119.132.0/22 +add china 157.119.136.0/21 +add china 157.119.144.0/20 +add china 157.119.160.0/21 +add china 157.119.172.0/22 +add china 157.119.192.0/21 +add china 157.119.240.0/22 +add china 157.119.252.0/22 +add china 157.122.0.0/16 +add china 157.133.192.0/21 +add china 157.148.0.0/16 +add china 157.156.0.0/16 +add china 157.255.0.0/16 +add china 159.153.120.0/22 +add china 159.226.0.0/16 +add china 160.19.48.0/22 +add china 160.19.208.0/21 +add china 160.19.216.0/22 +add china 160.20.48.0/22 +add china 160.62.10.0/24 +add china 160.83.109.0/24 +add china 160.83.110.0/23 +add china 160.202.60.0/22 +add china 160.202.148.0/22 +add china 160.202.152.0/22 +add china 160.202.168.0/22 +add china 160.202.212.0/22 +add china 160.202.216.0/21 +add china 160.202.224.0/19 +add china 160.238.64.0/22 +add china 161.163.0.0/21 +add china 161.163.28.0/23 +add china 161.163.176.0/24 +add china 161.163.178.0/23 +add china 161.163.180.0/22 +add china 161.207.0.0/16 +add china 162.105.0.0/16 +add china 163.0.0.0/16 +add china 163.47.4.0/22 +add china 163.53.0.0/20 +add china 163.53.36.0/22 +add china 163.53.40.0/21 +add china 163.53.48.0/20 +add china 163.53.64.0/22 +add china 163.53.88.0/21 +add china 163.53.96.0/19 +add china 163.53.128.0/21 +add china 163.53.136.0/22 +add china 163.53.160.0/20 +add china 163.53.188.0/22 +add china 163.53.220.0/22 +add china 163.53.240.0/22 +add china 163.125.0.0/16 +add china 163.142.0.0/16 +add china 163.177.0.0/16 +add china 163.179.0.0/16 +add china 163.204.0.0/16 +add china 163.244.246.0/24 +add china 164.52.0.0/17 +add china 166.111.0.0/16 +add china 167.139.0.0/16 +add china 167.189.0.0/16 +add china 167.220.244.0/22 +add china 168.159.144.0/21 +add china 168.159.152.0/22 +add china 168.159.156.0/23 +add china 168.159.158.0/24 +add china 168.160.0.0/16 +add china 168.230.0.0/24 +add china 170.179.0.0/16 +add china 170.225.224.0/23 +add china 170.252.152.0/21 +add china 171.8.0.0/13 +add china 171.34.0.0/15 +add china 171.36.0.0/14 +add china 171.40.0.0/13 +add china 171.80.0.0/12 +add china 171.104.0.0/13 +add china 171.112.0.0/12 +add china 171.208.0.0/12 +add china 175.0.0.0/12 +add china 175.16.0.0/13 +add china 175.24.0.0/14 +add china 175.30.0.0/15 +add china 175.42.0.0/15 +add china 175.44.0.0/16 +add china 175.46.0.0/15 +add china 175.48.0.0/12 +add china 175.64.0.0/11 +add china 175.102.0.0/16 +add china 175.106.128.0/17 +add china 175.111.108.0/22 +add china 175.111.144.0/20 +add china 175.111.160.0/20 +add china 175.111.184.0/22 +add china 175.146.0.0/15 +add china 175.148.0.0/14 +add china 175.152.0.0/14 +add china 175.158.96.0/22 +add china 175.160.0.0/12 +add china 175.176.156.0/22 +add china 175.176.176.0/22 +add china 175.176.188.0/22 +add china 175.178.0.0/16 +add china 175.184.128.0/18 +add china 175.185.0.0/16 +add china 175.186.0.0/15 +add china 175.188.0.0/14 +add china 180.76.0.0/14 +add china 180.84.0.0/15 +add china 180.86.0.0/16 +add china 180.88.0.0/14 +add china 180.94.56.0/21 +add china 180.94.96.0/20 +add china 180.94.120.0/21 +add china 180.95.128.0/17 +add china 180.96.0.0/11 +add china 180.129.128.0/17 +add china 180.130.0.0/16 +add china 180.136.0.0/13 +add china 180.148.16.0/21 +add china 180.148.152.0/21 +add china 180.148.216.0/21 +add china 180.148.224.0/19 +add china 180.149.128.0/19 +add china 180.149.236.0/22 +add china 180.150.160.0/19 +add china 180.152.0.0/13 +add china 180.160.0.0/12 +add china 180.178.112.0/21 +add china 180.178.192.0/18 +add china 180.184.0.0/14 +add china 180.188.0.0/17 +add china 180.189.148.0/22 +add china 180.200.252.0/22 +add china 180.201.0.0/16 +add china 180.202.0.0/15 +add china 180.208.0.0/15 +add china 180.210.212.0/22 +add china 180.210.224.0/19 +add china 180.212.0.0/15 +add china 180.222.224.0/19 +add china 180.223.0.0/16 +add china 180.233.0.0/18 +add china 180.233.64.0/19 +add china 180.233.144.0/22 +add china 180.235.64.0/19 +add china 180.235.112.0/22 +add china 180.235.136.0/22 +add china 182.16.144.0/21 +add china 182.16.192.0/19 +add china 182.18.0.0/17 +add china 182.23.184.0/21 +add china 182.23.200.0/21 +add china 182.32.0.0/12 +add china 182.48.96.0/19 +add china 182.49.0.0/16 +add china 182.50.0.0/20 +add china 182.50.112.0/20 +add china 182.51.0.0/16 +add china 182.54.0.0/17 +add china 182.54.244.0/22 +add china 182.61.0.0/16 +add china 182.80.0.0/13 +add china 182.88.0.0/14 +add china 182.92.0.0/16 +add china 182.96.0.0/11 +add china 182.128.0.0/12 +add china 182.144.0.0/13 +add china 182.157.0.0/16 +add china 182.160.64.0/19 +add china 182.174.0.0/15 +add china 182.200.0.0/13 +add china 182.236.128.0/17 +add china 182.237.24.0/21 +add china 182.238.0.0/16 +add china 182.239.0.0/19 +add china 182.240.0.0/13 +add china 182.254.0.0/16 +add china 182.255.36.0/22 +add china 182.255.60.0/22 +add china 183.0.0.0/10 +add china 183.64.0.0/13 +add china 183.78.160.0/21 +add china 183.78.180.0/22 +add china 183.81.172.0/22 +add china 183.81.180.0/22 +add china 183.84.0.0/15 +add china 183.91.128.0/22 +add china 183.91.136.0/21 +add china 183.91.144.0/20 +add china 183.92.0.0/14 +add china 183.128.0.0/11 +add china 183.160.0.0/13 +add china 183.168.0.0/15 +add china 183.170.0.0/16 +add china 183.172.0.0/14 +add china 183.182.0.0/19 +add china 183.184.0.0/13 +add china 183.192.0.0/10 +add china 192.11.23.0/24 +add china 192.11.26.0/24 +add china 192.11.39.0/24 +add china 192.11.236.0/24 +add china 192.23.191.0/24 +add china 192.55.10.0/23 +add china 192.55.46.0/23 +add china 192.55.68.0/22 +add china 192.102.204.0/22 +add china 192.124.154.0/24 +add china 192.139.135.0/24 +add china 192.139.136.0/24 +add china 192.140.128.0/21 +add china 192.140.136.0/22 +add china 192.140.156.0/22 +add china 192.140.160.0/19 +add china 192.140.192.0/20 +add china 192.140.208.0/21 +add china 192.163.11.0/24 +add china 192.170.79.0/24 +add china 192.232.97.0/24 +add china 193.20.64.0/22 +add china 194.138.202.0/23 +add china 198.17.7.0/24 +add china 198.175.100.0/22 +add china 198.208.17.0/24 +add china 199.7.72.0/24 +add china 199.65.192.0/21 +add china 199.244.144.0/24 +add china 202.0.100.0/23 +add china 202.0.122.0/23 +add china 202.0.176.0/22 +add china 202.1.105.0/24 +add china 202.1.106.0/24 +add china 202.3.128.0/23 +add china 202.4.128.0/19 +add china 202.4.252.0/22 +add china 202.5.208.0/21 +add china 202.5.216.0/22 +add china 202.6.6.0/23 +add china 202.6.66.0/23 +add china 202.6.72.0/23 +add china 202.6.87.0/24 +add china 202.6.88.0/23 +add china 202.6.92.0/23 +add china 202.6.103.0/24 +add china 202.6.108.0/24 +add china 202.6.110.0/23 +add china 202.6.114.0/24 +add china 202.6.176.0/20 +add china 202.8.0.0/24 +add china 202.8.2.0/23 +add china 202.8.4.0/23 +add china 202.8.12.0/24 +add china 202.8.24.0/24 +add china 202.8.77.0/24 +add china 202.8.128.0/19 +add china 202.8.192.0/20 +add china 202.9.32.0/24 +add china 202.9.34.0/23 +add china 202.9.48.0/23 +add china 202.9.51.0/24 +add china 202.9.52.0/23 +add china 202.9.54.0/24 +add china 202.9.57.0/24 +add china 202.9.58.0/23 +add china 202.10.64.0/20 +add china 202.10.112.0/20 +add china 202.12.1.0/24 +add china 202.12.2.0/24 +add china 202.12.17.0/24 +add china 202.12.18.0/23 +add china 202.12.72.0/24 +add china 202.12.84.0/23 +add china 202.12.96.0/24 +add china 202.12.98.0/23 +add china 202.12.106.0/24 +add china 202.12.111.0/24 +add china 202.12.116.0/24 +add china 202.14.64.0/23 +add china 202.14.69.0/24 +add china 202.14.73.0/24 +add china 202.14.74.0/23 +add china 202.14.76.0/24 +add china 202.14.78.0/23 +add china 202.14.88.0/24 +add china 202.14.97.0/24 +add china 202.14.104.0/23 +add china 202.14.108.0/23 +add china 202.14.111.0/24 +add china 202.14.114.0/23 +add china 202.14.118.0/23 +add china 202.14.124.0/23 +add china 202.14.127.0/24 +add china 202.14.129.0/24 +add china 202.14.135.0/24 +add china 202.14.136.0/24 +add china 202.14.149.0/24 +add china 202.14.151.0/24 +add china 202.14.157.0/24 +add china 202.14.158.0/23 +add china 202.14.169.0/24 +add china 202.14.170.0/23 +add china 202.14.172.0/22 +add china 202.14.176.0/24 +add china 202.14.184.0/23 +add china 202.14.208.0/23 +add china 202.14.213.0/24 +add china 202.14.219.0/24 +add china 202.14.220.0/24 +add china 202.14.222.0/23 +add china 202.14.225.0/24 +add china 202.14.226.0/23 +add china 202.14.231.0/24 +add china 202.14.235.0/24 +add china 202.14.236.0/22 +add china 202.14.246.0/24 +add china 202.14.251.0/24 +add china 202.20.66.0/24 +add china 202.20.79.0/24 +add china 202.20.87.0/24 +add china 202.20.88.0/23 +add china 202.20.90.0/24 +add china 202.20.94.0/23 +add china 202.20.114.0/24 +add china 202.20.117.0/24 +add china 202.20.120.0/24 +add china 202.20.125.0/24 +add china 202.20.126.0/23 +add china 202.21.48.0/20 +add china 202.21.131.0/24 +add china 202.21.132.0/24 +add china 202.21.141.0/24 +add china 202.21.142.0/24 +add china 202.21.147.0/24 +add china 202.21.148.0/24 +add china 202.21.150.0/23 +add china 202.21.152.0/23 +add china 202.21.154.0/24 +add china 202.21.156.0/24 +add china 202.21.208.0/24 +add china 202.22.248.0/21 +add china 202.27.12.0/24 +add china 202.27.14.0/24 +add china 202.27.136.0/23 +add china 202.36.226.0/24 +add china 202.38.0.0/22 +add china 202.38.8.0/21 +add china 202.38.48.0/20 +add china 202.38.64.0/18 +add china 202.38.128.0/21 +add china 202.38.136.0/23 +add china 202.38.138.0/24 +add china 202.38.140.0/22 +add china 202.38.146.0/23 +add china 202.38.149.0/24 +add china 202.38.150.0/23 +add china 202.38.152.0/22 +add china 202.38.156.0/24 +add china 202.38.158.0/23 +add china 202.38.160.0/23 +add china 202.38.164.0/22 +add china 202.38.168.0/22 +add china 202.38.176.0/23 +add china 202.38.184.0/21 +add china 202.38.192.0/18 +add china 202.40.4.0/23 +add china 202.40.7.0/24 +add china 202.40.15.0/24 +add china 202.40.135.0/24 +add china 202.40.136.0/24 +add china 202.40.140.0/24 +add china 202.40.143.0/24 +add china 202.40.144.0/23 +add china 202.40.150.0/24 +add china 202.40.155.0/24 +add china 202.40.156.0/24 +add china 202.40.158.0/23 +add china 202.40.162.0/24 +add china 202.41.8.0/23 +add china 202.41.11.0/24 +add china 202.41.12.0/23 +add china 202.41.128.0/24 +add china 202.41.130.0/23 +add china 202.41.152.0/21 +add china 202.41.192.0/24 +add china 202.41.196.0/22 +add china 202.41.200.0/22 +add china 202.41.240.0/20 +add china 202.43.76.0/22 +add china 202.43.144.0/20 +add china 202.44.16.0/20 +add china 202.44.48.0/22 +add china 202.44.67.0/24 +add china 202.44.74.0/24 +add china 202.44.97.0/24 +add china 202.44.129.0/24 +add china 202.44.132.0/23 +add china 202.44.146.0/23 +add china 202.45.0.0/23 +add china 202.45.2.0/24 +add china 202.45.15.0/24 +add china 202.45.16.0/20 +add china 202.46.16.0/23 +add china 202.46.18.0/24 +add china 202.46.20.0/23 +add china 202.46.32.0/19 +add china 202.46.128.0/24 +add china 202.46.224.0/20 +add china 202.47.82.0/23 +add china 202.47.96.0/20 +add china 202.47.124.0/24 +add china 202.47.126.0/24 +add china 202.47.128.0/24 +add china 202.47.130.0/23 +add china 202.52.33.0/24 +add china 202.52.34.0/24 +add china 202.52.47.0/24 +add china 202.52.143.0/24 +add china 202.52.144.0/24 +add china 202.53.140.0/24 +add china 202.53.143.0/24 +add china 202.57.192.0/20 +add china 202.57.212.0/22 +add china 202.57.216.0/22 +add china 202.57.240.0/20 +add china 202.58.0.0/24 +add china 202.58.104.0/22 +add china 202.58.112.0/22 +add china 202.59.0.0/23 +add china 202.59.212.0/22 +add china 202.59.236.0/24 +add china 202.59.240.0/24 +add china 202.60.48.0/21 +add china 202.60.96.0/21 +add china 202.60.112.0/20 +add china 202.60.132.0/22 +add china 202.60.136.0/21 +add china 202.60.144.0/20 +add china 202.61.68.0/22 +add china 202.61.76.0/22 +add china 202.61.88.0/22 +add china 202.61.123.0/24 +add china 202.61.127.0/24 +add china 202.62.112.0/22 +add china 202.62.248.0/22 +add china 202.62.252.0/24 +add china 202.62.255.0/24 +add china 202.63.80.0/20 +add china 202.63.160.0/19 +add china 202.63.248.0/22 +add china 202.63.253.0/24 +add china 202.65.0.0/21 +add china 202.65.8.0/23 +add china 202.65.96.0/20 +add china 202.66.168.0/22 +add china 202.67.0.0/22 +add china 202.69.4.0/22 +add china 202.69.16.0/20 +add china 202.70.0.0/19 +add china 202.70.96.0/20 +add china 202.70.192.0/20 +add china 202.71.32.0/20 +add china 202.72.40.0/21 +add china 202.72.80.0/20 +add china 202.72.112.0/20 +add china 202.73.128.0/22 +add china 202.73.240.0/20 +add china 202.74.8.0/21 +add china 202.74.36.0/24 +add china 202.74.42.0/24 +add china 202.74.52.0/24 +add china 202.74.80.0/20 +add china 202.74.232.0/22 +add china 202.74.254.0/23 +add china 202.75.208.0/20 +add china 202.75.252.0/22 +add china 202.76.247.0/24 +add china 202.76.252.0/22 +add china 202.77.39.0/24 +add china 202.77.80.0/21 +add china 202.77.92.0/22 +add china 202.78.8.0/21 +add china 202.79.224.0/21 +add china 202.79.248.0/22 +add china 202.80.192.0/20 +add china 202.81.0.0/22 +add china 202.81.176.0/20 +add china 202.83.252.0/22 +add china 202.84.0.0/20 +add china 202.84.16.0/23 +add china 202.84.22.0/24 +add china 202.84.24.0/21 +add china 202.85.208.0/20 +add china 202.86.249.0/24 +add china 202.86.252.0/22 +add china 202.87.80.0/20 +add china 202.88.32.0/22 +add china 202.89.8.0/21 +add china 202.89.96.0/22 +add china 202.89.108.0/22 +add china 202.89.119.0/24 +add china 202.89.232.0/21 +add china 202.90.0.0/22 +add china 202.90.16.0/20 +add china 202.90.37.0/24 +add china 202.90.96.0/19 +add china 202.90.193.0/24 +add china 202.90.196.0/24 +add china 202.90.205.0/24 +add china 202.90.224.0/20 +add china 202.91.0.0/22 +add china 202.91.96.0/20 +add china 202.91.128.0/22 +add china 202.91.176.0/20 +add china 202.91.224.0/19 +add china 202.92.0.0/22 +add china 202.92.8.0/21 +add china 202.92.48.0/20 +add china 202.92.252.0/22 +add china 202.93.0.0/22 +add china 202.93.252.0/22 +add china 202.94.0.0/19 +add china 202.94.74.0/24 +add china 202.94.81.0/24 +add china 202.94.92.0/22 +add china 202.95.0.0/19 +add china 202.95.240.0/21 +add china 202.95.252.0/22 +add china 202.96.0.0/12 +add china 202.112.0.0/13 +add china 202.120.0.0/15 +add china 202.122.0.0/21 +add china 202.122.32.0/21 +add china 202.122.64.0/19 +add china 202.122.112.0/20 +add china 202.122.128.0/24 +add china 202.122.132.0/24 +add china 202.123.96.0/20 +add china 202.123.116.0/22 +add china 202.123.120.0/22 +add china 202.124.16.0/21 +add china 202.124.24.0/22 +add china 202.125.107.0/24 +add china 202.125.109.0/24 +add china 202.125.112.0/20 +add china 202.125.176.0/20 +add china 202.127.0.0/21 +add china 202.127.12.0/22 +add china 202.127.16.0/20 +add china 202.127.40.0/21 +add china 202.127.48.0/20 +add china 202.127.112.0/20 +add china 202.127.128.0/19 +add china 202.127.160.0/21 +add china 202.127.192.0/20 +add china 202.127.208.0/23 +add china 202.127.212.0/22 +add china 202.127.216.0/21 +add china 202.127.224.0/19 +add china 202.129.208.0/24 +add china 202.130.0.0/19 +add china 202.130.39.0/24 +add china 202.130.224.0/19 +add china 202.131.16.0/21 +add china 202.131.48.0/20 +add china 202.131.208.0/20 +add china 202.133.32.0/20 +add china 202.134.58.0/24 +add china 202.134.128.0/20 +add china 202.134.208.0/20 +add china 202.136.48.0/20 +add china 202.136.208.0/20 +add china 202.136.224.0/20 +add china 202.136.248.0/22 +add china 202.136.254.0/23 +add china 202.137.231.0/24 +add china 202.140.140.0/22 +add china 202.140.144.0/20 +add china 202.141.160.0/19 +add china 202.142.16.0/20 +add china 202.143.4.0/22 +add china 202.143.16.0/20 +add china 202.143.32.0/20 +add china 202.143.56.0/21 +add china 202.143.100.0/22 +add china 202.143.104.0/22 +add china 202.146.160.0/20 +add china 202.146.186.0/24 +add china 202.146.188.0/22 +add china 202.146.196.0/22 +add china 202.146.200.0/21 +add china 202.147.144.0/20 +add china 202.148.32.0/20 +add china 202.148.64.0/18 +add china 202.149.32.0/19 +add china 202.149.160.0/19 +add china 202.149.224.0/19 +add china 202.150.16.0/20 +add china 202.150.32.0/20 +add china 202.150.56.0/22 +add china 202.150.192.0/20 +add china 202.150.224.0/19 +add china 202.151.0.0/22 +add china 202.151.33.0/24 +add china 202.151.128.0/19 +add china 202.152.176.0/20 +add china 202.153.0.0/22 +add china 202.153.7.0/24 +add china 202.153.48.0/20 +add china 202.157.192.0/19 +add china 202.158.160.0/19 +add china 202.158.242.0/24 +add china 202.160.140.0/22 +add china 202.160.156.0/22 +add china 202.160.176.0/20 +add china 202.162.67.0/24 +add china 202.162.75.0/24 +add china 202.164.0.0/20 +add china 202.164.96.0/19 +add china 202.165.96.0/20 +add china 202.165.176.0/20 +add china 202.165.208.0/20 +add china 202.165.239.0/24 +add china 202.165.240.0/23 +add china 202.165.243.0/24 +add china 202.165.245.0/24 +add china 202.165.251.0/24 +add china 202.165.252.0/22 +add china 202.166.224.0/19 +add china 202.168.80.0/22 +add china 202.168.128.0/20 +add china 202.168.160.0/19 +add china 202.170.128.0/19 +add china 202.170.216.0/21 +add china 202.170.224.0/19 +add china 202.171.216.0/21 +add china 202.171.232.0/24 +add china 202.171.235.0/24 +add china 202.172.0.0/22 +add china 202.172.7.0/24 +add china 202.173.0.0/22 +add china 202.173.6.0/24 +add china 202.173.8.0/21 +add china 202.173.112.0/22 +add china 202.173.120.0/22 +add china 202.173.224.0/19 +add china 202.174.64.0/20 +add china 202.174.124.0/22 +add china 202.176.224.0/19 +add china 202.179.160.0/20 +add china 202.179.240.0/20 +add china 202.180.128.0/19 +add china 202.180.208.0/21 +add china 202.181.8.0/22 +add china 202.181.28.0/22 +add china 202.181.112.0/20 +add china 202.182.32.0/20 +add china 202.182.192.0/19 +add china 202.189.0.0/18 +add china 202.189.80.0/20 +add china 202.189.184.0/21 +add china 202.191.0.0/24 +add china 202.191.68.0/22 +add china 202.191.72.0/21 +add china 202.191.80.0/20 +add china 202.192.0.0/12 +add china 203.0.4.0/22 +add china 203.0.10.0/23 +add china 203.0.18.0/24 +add china 203.0.24.0/24 +add china 203.0.42.0/23 +add china 203.0.45.0/24 +add china 203.0.46.0/23 +add china 203.0.81.0/24 +add china 203.0.82.0/23 +add china 203.0.90.0/23 +add china 203.0.96.0/23 +add china 203.0.104.0/21 +add china 203.0.114.0/23 +add china 203.0.122.0/24 +add china 203.0.128.0/24 +add china 203.0.130.0/23 +add china 203.0.132.0/22 +add china 203.0.137.0/24 +add china 203.0.142.0/24 +add china 203.0.144.0/24 +add china 203.0.146.0/24 +add china 203.0.148.0/24 +add china 203.0.150.0/23 +add china 203.0.152.0/24 +add china 203.0.177.0/24 +add china 203.0.224.0/24 +add china 203.1.4.0/22 +add china 203.1.18.0/24 +add china 203.1.26.0/23 +add china 203.1.65.0/24 +add china 203.1.66.0/23 +add china 203.1.70.0/23 +add china 203.1.76.0/23 +add china 203.1.90.0/24 +add china 203.1.97.0/24 +add china 203.1.98.0/23 +add china 203.1.100.0/22 +add china 203.1.108.0/24 +add china 203.1.253.0/24 +add china 203.1.254.0/24 +add china 203.2.64.0/21 +add china 203.2.73.0/24 +add china 203.2.112.0/21 +add china 203.2.126.0/23 +add china 203.2.140.0/24 +add china 203.2.150.0/24 +add china 203.2.152.0/22 +add china 203.2.156.0/23 +add china 203.2.160.0/21 +add china 203.2.180.0/23 +add china 203.2.196.0/23 +add china 203.2.209.0/24 +add china 203.2.214.0/23 +add china 203.2.226.0/23 +add china 203.2.229.0/24 +add china 203.2.236.0/23 +add china 203.3.68.0/24 +add china 203.3.72.0/23 +add china 203.3.75.0/24 +add china 203.3.80.0/21 +add china 203.3.96.0/22 +add china 203.3.105.0/24 +add china 203.3.112.0/21 +add china 203.3.120.0/24 +add china 203.3.123.0/24 +add china 203.3.135.0/24 +add china 203.3.139.0/24 +add china 203.3.143.0/24 +add china 203.4.132.0/23 +add china 203.4.134.0/24 +add china 203.4.151.0/24 +add china 203.4.152.0/22 +add china 203.4.174.0/23 +add china 203.4.180.0/24 +add china 203.4.186.0/24 +add china 203.4.205.0/24 +add china 203.4.208.0/22 +add china 203.4.227.0/24 +add china 203.4.230.0/23 +add china 203.5.4.0/23 +add china 203.5.7.0/24 +add china 203.5.8.0/23 +add china 203.5.11.0/24 +add china 203.5.21.0/24 +add china 203.5.22.0/24 +add china 203.5.44.0/24 +add china 203.5.46.0/23 +add china 203.5.52.0/22 +add china 203.5.56.0/23 +add china 203.5.60.0/23 +add china 203.5.114.0/23 +add china 203.5.118.0/24 +add china 203.5.120.0/24 +add china 203.5.172.0/24 +add china 203.5.180.0/23 +add china 203.5.182.0/24 +add china 203.5.185.0/24 +add china 203.5.186.0/24 +add china 203.5.188.0/23 +add china 203.5.190.0/24 +add china 203.5.195.0/24 +add china 203.5.214.0/23 +add china 203.5.218.0/23 +add china 203.6.131.0/24 +add china 203.6.136.0/24 +add china 203.6.138.0/23 +add china 203.6.142.0/24 +add china 203.6.150.0/23 +add china 203.6.157.0/24 +add china 203.6.159.0/24 +add china 203.6.224.0/20 +add china 203.6.248.0/23 +add china 203.7.129.0/24 +add china 203.7.138.0/23 +add china 203.7.147.0/24 +add china 203.7.150.0/23 +add china 203.7.158.0/24 +add china 203.7.192.0/23 +add china 203.7.200.0/24 +add china 203.8.0.0/24 +add china 203.8.8.0/24 +add china 203.8.23.0/24 +add china 203.8.24.0/21 +add china 203.8.70.0/24 +add china 203.8.82.0/24 +add china 203.8.86.0/23 +add china 203.8.91.0/24 +add china 203.8.110.0/23 +add china 203.8.115.0/24 +add china 203.8.166.0/23 +add china 203.8.169.0/24 +add china 203.8.173.0/24 +add china 203.8.184.0/24 +add china 203.8.186.0/23 +add china 203.8.190.0/23 +add china 203.8.192.0/24 +add china 203.8.197.0/24 +add china 203.8.198.0/23 +add china 203.8.203.0/24 +add china 203.8.209.0/24 +add china 203.8.210.0/23 +add china 203.8.212.0/22 +add china 203.8.217.0/24 +add china 203.8.220.0/24 +add china 203.9.32.0/24 +add china 203.9.36.0/23 +add china 203.9.57.0/24 +add china 203.9.63.0/24 +add china 203.9.65.0/24 +add china 203.9.70.0/23 +add china 203.9.72.0/24 +add china 203.9.75.0/24 +add china 203.9.76.0/23 +add china 203.9.96.0/22 +add china 203.9.100.0/23 +add china 203.9.108.0/24 +add china 203.9.158.0/24 +add china 203.10.34.0/24 +add china 203.10.56.0/24 +add china 203.10.74.0/23 +add china 203.10.84.0/22 +add china 203.10.88.0/24 +add china 203.10.95.0/24 +add china 203.10.125.0/24 +add china 203.11.70.0/24 +add china 203.11.76.0/22 +add china 203.11.82.0/24 +add china 203.11.84.0/22 +add china 203.11.100.0/22 +add china 203.11.109.0/24 +add china 203.11.117.0/24 +add china 203.11.122.0/24 +add china 203.11.126.0/24 +add china 203.11.136.0/22 +add china 203.11.141.0/24 +add china 203.11.142.0/23 +add china 203.11.180.0/22 +add china 203.11.208.0/22 +add china 203.12.16.0/24 +add china 203.12.19.0/24 +add china 203.12.24.0/24 +add china 203.12.57.0/24 +add china 203.12.65.0/24 +add china 203.12.66.0/24 +add china 203.12.70.0/23 +add china 203.12.87.0/24 +add china 203.12.88.0/21 +add china 203.12.100.0/23 +add china 203.12.103.0/24 +add china 203.12.114.0/24 +add china 203.12.118.0/24 +add china 203.12.130.0/24 +add china 203.12.137.0/24 +add china 203.12.196.0/22 +add china 203.12.200.0/21 +add china 203.12.211.0/24 +add china 203.12.219.0/24 +add china 203.12.226.0/24 +add china 203.12.240.0/22 +add china 203.13.18.0/24 +add china 203.13.24.0/24 +add china 203.13.44.0/23 +add china 203.13.80.0/21 +add china 203.13.88.0/23 +add china 203.13.92.0/22 +add china 203.13.173.0/24 +add china 203.13.224.0/23 +add china 203.13.227.0/24 +add china 203.13.233.0/24 +add china 203.14.24.0/22 +add china 203.14.33.0/24 +add china 203.14.56.0/24 +add china 203.14.61.0/24 +add china 203.14.62.0/24 +add china 203.14.104.0/24 +add china 203.14.114.0/23 +add china 203.14.118.0/24 +add china 203.14.162.0/24 +add china 203.14.184.0/21 +add china 203.14.192.0/24 +add china 203.14.194.0/23 +add china 203.14.214.0/24 +add china 203.14.231.0/24 +add china 203.14.246.0/24 +add china 203.15.0.0/20 +add china 203.15.20.0/23 +add china 203.15.22.0/24 +add china 203.15.87.0/24 +add china 203.15.88.0/23 +add china 203.15.105.0/24 +add china 203.15.112.0/21 +add china 203.15.130.0/23 +add china 203.15.149.0/24 +add china 203.15.151.0/24 +add china 203.15.156.0/22 +add china 203.15.174.0/24 +add china 203.15.227.0/24 +add china 203.15.232.0/21 +add china 203.15.240.0/23 +add china 203.15.246.0/24 +add china 203.16.10.0/24 +add china 203.16.12.0/23 +add china 203.16.16.0/21 +add china 203.16.27.0/24 +add china 203.16.38.0/24 +add china 203.16.49.0/24 +add china 203.16.50.0/23 +add china 203.16.58.0/24 +add china 203.16.63.0/24 +add china 203.16.133.0/24 +add china 203.16.161.0/24 +add china 203.16.162.0/24 +add china 203.16.186.0/23 +add china 203.16.228.0/24 +add china 203.16.238.0/24 +add china 203.16.240.0/24 +add china 203.16.245.0/24 +add china 203.17.2.0/24 +add china 203.17.18.0/24 +add china 203.17.28.0/24 +add china 203.17.39.0/24 +add china 203.17.56.0/24 +add china 203.17.74.0/23 +add china 203.17.88.0/23 +add china 203.17.136.0/24 +add china 203.17.164.0/24 +add china 203.17.187.0/24 +add china 203.17.190.0/23 +add china 203.17.231.0/24 +add china 203.17.233.0/24 +add china 203.17.248.0/23 +add china 203.17.255.0/24 +add china 203.18.2.0/23 +add china 203.18.4.0/24 +add china 203.18.7.0/24 +add china 203.18.31.0/24 +add china 203.18.37.0/24 +add china 203.18.48.0/23 +add china 203.18.52.0/24 +add china 203.18.72.0/22 +add china 203.18.80.0/23 +add china 203.18.87.0/24 +add china 203.18.100.0/23 +add china 203.18.105.0/24 +add china 203.18.107.0/24 +add china 203.18.110.0/24 +add china 203.18.129.0/24 +add china 203.18.131.0/24 +add china 203.18.132.0/23 +add china 203.18.144.0/24 +add china 203.18.153.0/24 +add china 203.18.199.0/24 +add china 203.18.208.0/24 +add china 203.18.211.0/24 +add china 203.18.215.0/24 +add china 203.19.1.0/24 +add china 203.19.18.0/24 +add china 203.19.24.0/24 +add china 203.19.30.0/24 +add china 203.19.32.0/21 +add china 203.19.41.0/24 +add china 203.19.44.0/23 +add china 203.19.46.0/24 +add china 203.19.58.0/24 +add china 203.19.60.0/23 +add china 203.19.64.0/24 +add china 203.19.68.0/24 +add china 203.19.72.0/24 +add china 203.19.101.0/24 +add china 203.19.111.0/24 +add china 203.19.131.0/24 +add china 203.19.133.0/24 +add china 203.19.144.0/24 +add china 203.19.147.0/24 +add china 203.19.149.0/24 +add china 203.19.156.0/24 +add china 203.19.176.0/24 +add china 203.19.178.0/23 +add china 203.19.208.0/24 +add china 203.19.228.0/22 +add china 203.19.233.0/24 +add china 203.19.242.0/24 +add china 203.19.248.0/23 +add china 203.19.255.0/24 +add china 203.20.17.0/24 +add china 203.20.40.0/23 +add china 203.20.44.0/24 +add china 203.20.48.0/24 +add china 203.20.61.0/24 +add china 203.20.65.0/24 +add china 203.20.84.0/23 +add china 203.20.89.0/24 +add china 203.20.106.0/23 +add china 203.20.115.0/24 +add china 203.20.117.0/24 +add china 203.20.118.0/23 +add china 203.20.122.0/24 +add china 203.20.126.0/23 +add china 203.20.135.0/24 +add china 203.20.136.0/21 +add china 203.20.150.0/24 +add china 203.20.230.0/24 +add china 203.20.232.0/24 +add china 203.20.236.0/24 +add china 203.21.0.0/23 +add china 203.21.2.0/24 +add china 203.21.8.0/24 +add china 203.21.10.0/24 +add china 203.21.18.0/24 +add china 203.21.33.0/24 +add china 203.21.34.0/24 +add china 203.21.41.0/24 +add china 203.21.44.0/24 +add china 203.21.68.0/24 +add china 203.21.82.0/24 +add china 203.21.96.0/22 +add china 203.21.124.0/24 +add china 203.21.136.0/23 +add china 203.21.145.0/24 +add china 203.21.206.0/24 +add china 203.22.24.0/24 +add china 203.22.28.0/23 +add china 203.22.31.0/24 +add china 203.22.68.0/24 +add china 203.22.76.0/24 +add china 203.22.78.0/24 +add china 203.22.84.0/24 +add china 203.22.87.0/24 +add china 203.22.92.0/22 +add china 203.22.99.0/24 +add china 203.22.106.0/24 +add china 203.22.122.0/23 +add china 203.22.131.0/24 +add china 203.22.163.0/24 +add china 203.22.166.0/24 +add china 203.22.170.0/24 +add china 203.22.176.0/21 +add china 203.22.194.0/24 +add china 203.22.242.0/23 +add china 203.22.245.0/24 +add china 203.22.246.0/24 +add china 203.22.252.0/23 +add china 203.23.0.0/24 +add china 203.23.47.0/24 +add china 203.23.61.0/24 +add china 203.23.62.0/23 +add china 203.23.73.0/24 +add china 203.23.85.0/24 +add china 203.23.92.0/22 +add china 203.23.98.0/24 +add china 203.23.107.0/24 +add china 203.23.112.0/24 +add china 203.23.130.0/24 +add china 203.23.140.0/23 +add china 203.23.172.0/24 +add china 203.23.182.0/24 +add china 203.23.186.0/23 +add china 203.23.192.0/24 +add china 203.23.197.0/24 +add china 203.23.198.0/24 +add china 203.23.204.0/22 +add china 203.23.224.0/24 +add china 203.23.226.0/23 +add china 203.23.228.0/22 +add china 203.23.249.0/24 +add china 203.23.251.0/24 +add china 203.24.13.0/24 +add china 203.24.18.0/24 +add china 203.24.27.0/24 +add china 203.24.43.0/24 +add china 203.24.56.0/24 +add china 203.24.58.0/24 +add china 203.24.67.0/24 +add china 203.24.74.0/24 +add china 203.24.79.0/24 +add china 203.24.80.0/23 +add china 203.24.84.0/23 +add china 203.24.86.0/24 +add china 203.24.90.0/24 +add china 203.24.111.0/24 +add china 203.24.112.0/24 +add china 203.24.116.0/24 +add china 203.24.122.0/23 +add china 203.24.145.0/24 +add china 203.24.152.0/23 +add china 203.24.157.0/24 +add china 203.24.161.0/24 +add china 203.24.167.0/24 +add china 203.24.186.0/23 +add china 203.24.199.0/24 +add china 203.24.202.0/24 +add china 203.24.212.0/23 +add china 203.24.217.0/24 +add china 203.24.219.0/24 +add china 203.24.244.0/24 +add china 203.25.19.0/24 +add china 203.25.20.0/23 +add china 203.25.46.0/24 +add china 203.25.48.0/21 +add china 203.25.64.0/23 +add china 203.25.91.0/24 +add china 203.25.99.0/24 +add china 203.25.100.0/24 +add china 203.25.106.0/24 +add china 203.25.131.0/24 +add china 203.25.135.0/24 +add china 203.25.138.0/24 +add china 203.25.147.0/24 +add china 203.25.153.0/24 +add china 203.25.154.0/23 +add china 203.25.164.0/24 +add china 203.25.166.0/24 +add china 203.25.174.0/23 +add china 203.25.180.0/24 +add china 203.25.182.0/24 +add china 203.25.191.0/24 +add china 203.25.199.0/24 +add china 203.25.200.0/24 +add china 203.25.202.0/23 +add china 203.25.208.0/20 +add china 203.25.229.0/24 +add china 203.25.235.0/24 +add china 203.25.236.0/24 +add china 203.25.242.0/24 +add china 203.26.12.0/24 +add china 203.26.34.0/24 +add china 203.26.49.0/24 +add china 203.26.50.0/24 +add china 203.26.55.0/24 +add china 203.26.56.0/23 +add china 203.26.60.0/24 +add china 203.26.65.0/24 +add china 203.26.68.0/24 +add china 203.26.76.0/24 +add china 203.26.80.0/24 +add china 203.26.84.0/24 +add china 203.26.97.0/24 +add china 203.26.102.0/23 +add china 203.26.115.0/24 +add china 203.26.116.0/24 +add china 203.26.129.0/24 +add china 203.26.143.0/24 +add china 203.26.144.0/24 +add china 203.26.148.0/23 +add china 203.26.154.0/24 +add china 203.26.158.0/23 +add china 203.26.161.0/24 +add china 203.26.170.0/24 +add china 203.26.173.0/24 +add china 203.26.176.0/24 +add china 203.26.185.0/24 +add china 203.26.202.0/23 +add china 203.26.210.0/24 +add china 203.26.214.0/24 +add china 203.26.222.0/24 +add china 203.26.224.0/24 +add china 203.26.228.0/24 +add china 203.26.232.0/24 +add china 203.27.0.0/24 +add china 203.27.10.0/24 +add china 203.27.15.0/24 +add china 203.27.16.0/24 +add china 203.27.20.0/24 +add china 203.27.22.0/23 +add china 203.27.40.0/24 +add china 203.27.45.0/24 +add china 203.27.53.0/24 +add china 203.27.65.0/24 +add china 203.27.66.0/24 +add china 203.27.81.0/24 +add china 203.27.88.0/24 +add china 203.27.102.0/24 +add china 203.27.109.0/24 +add china 203.27.117.0/24 +add china 203.27.121.0/24 +add china 203.27.122.0/23 +add china 203.27.125.0/24 +add china 203.27.200.0/24 +add china 203.27.202.0/24 +add china 203.27.233.0/24 +add china 203.27.241.0/24 +add china 203.27.250.0/24 +add china 203.28.10.0/24 +add china 203.28.12.0/24 +add china 203.28.33.0/24 +add china 203.28.34.0/23 +add china 203.28.43.0/24 +add china 203.28.44.0/24 +add china 203.28.54.0/24 +add china 203.28.56.0/24 +add china 203.28.73.0/24 +add china 203.28.74.0/24 +add china 203.28.76.0/24 +add china 203.28.86.0/24 +add china 203.28.88.0/24 +add china 203.28.112.0/24 +add china 203.28.131.0/24 +add china 203.28.136.0/24 +add china 203.28.140.0/24 +add china 203.28.145.0/24 +add china 203.28.165.0/24 +add china 203.28.169.0/24 +add china 203.28.170.0/24 +add china 203.28.178.0/23 +add china 203.28.185.0/24 +add china 203.28.187.0/24 +add china 203.28.196.0/24 +add china 203.28.226.0/23 +add china 203.28.239.0/24 +add china 203.29.2.0/24 +add china 203.29.8.0/23 +add china 203.29.13.0/24 +add china 203.29.14.0/24 +add china 203.29.28.0/24 +add china 203.29.46.0/24 +add china 203.29.57.0/24 +add china 203.29.61.0/24 +add china 203.29.63.0/24 +add china 203.29.69.0/24 +add china 203.29.73.0/24 +add china 203.29.81.0/24 +add china 203.29.90.0/24 +add china 203.29.95.0/24 +add china 203.29.100.0/24 +add china 203.29.103.0/24 +add china 203.29.112.0/24 +add china 203.29.120.0/22 +add china 203.29.182.0/23 +add china 203.29.187.0/24 +add china 203.29.189.0/24 +add china 203.29.190.0/24 +add china 203.29.205.0/24 +add china 203.29.210.0/24 +add china 203.29.217.0/24 +add china 203.29.227.0/24 +add china 203.29.231.0/24 +add china 203.29.233.0/24 +add china 203.29.234.0/24 +add china 203.29.248.0/24 +add china 203.29.254.0/23 +add china 203.30.16.0/23 +add china 203.30.25.0/24 +add china 203.30.27.0/24 +add china 203.30.29.0/24 +add china 203.30.66.0/24 +add china 203.30.81.0/24 +add china 203.30.87.0/24 +add china 203.30.111.0/24 +add china 203.30.121.0/24 +add china 203.30.123.0/24 +add china 203.30.152.0/24 +add china 203.30.156.0/24 +add china 203.30.162.0/24 +add china 203.30.173.0/24 +add china 203.30.175.0/24 +add china 203.30.187.0/24 +add china 203.30.194.0/24 +add china 203.30.217.0/24 +add china 203.30.220.0/24 +add china 203.30.222.0/24 +add china 203.30.232.0/23 +add china 203.30.235.0/24 +add china 203.30.240.0/23 +add china 203.30.246.0/24 +add china 203.30.250.0/23 +add china 203.31.45.0/24 +add china 203.31.46.0/24 +add china 203.31.49.0/24 +add china 203.31.51.0/24 +add china 203.31.54.0/23 +add china 203.31.69.0/24 +add china 203.31.72.0/24 +add china 203.31.80.0/24 +add china 203.31.85.0/24 +add china 203.31.97.0/24 +add china 203.31.105.0/24 +add china 203.31.106.0/24 +add china 203.31.108.0/23 +add china 203.31.124.0/24 +add china 203.31.162.0/24 +add china 203.31.174.0/24 +add china 203.31.177.0/24 +add china 203.31.181.0/24 +add china 203.31.187.0/24 +add china 203.31.189.0/24 +add china 203.31.204.0/24 +add china 203.31.220.0/24 +add china 203.31.222.0/23 +add china 203.31.225.0/24 +add china 203.31.229.0/24 +add china 203.31.248.0/23 +add china 203.31.253.0/24 +add china 203.32.20.0/24 +add china 203.32.48.0/23 +add china 203.32.56.0/24 +add china 203.32.60.0/24 +add china 203.32.62.0/24 +add china 203.32.68.0/23 +add china 203.32.76.0/24 +add china 203.32.81.0/24 +add china 203.32.84.0/23 +add china 203.32.95.0/24 +add china 203.32.102.0/24 +add china 203.32.105.0/24 +add china 203.32.130.0/24 +add china 203.32.133.0/24 +add china 203.32.140.0/24 +add china 203.32.152.0/24 +add china 203.32.186.0/23 +add china 203.32.192.0/24 +add china 203.32.196.0/24 +add china 203.32.203.0/24 +add china 203.32.204.0/23 +add china 203.32.212.0/24 +add china 203.33.4.0/24 +add china 203.33.7.0/24 +add china 203.33.8.0/21 +add china 203.33.21.0/24 +add china 203.33.26.0/24 +add china 203.33.32.0/24 +add china 203.33.63.0/24 +add china 203.33.64.0/24 +add china 203.33.67.0/24 +add china 203.33.68.0/24 +add china 203.33.73.0/24 +add china 203.33.79.0/24 +add china 203.33.100.0/24 +add china 203.33.122.0/24 +add china 203.33.129.0/24 +add china 203.33.131.0/24 +add china 203.33.145.0/24 +add china 203.33.156.0/24 +add china 203.33.158.0/23 +add china 203.33.174.0/24 +add china 203.33.185.0/24 +add china 203.33.200.0/24 +add china 203.33.202.0/23 +add china 203.33.204.0/24 +add china 203.33.206.0/23 +add china 203.33.214.0/23 +add china 203.33.224.0/23 +add china 203.33.226.0/24 +add china 203.33.233.0/24 +add china 203.33.243.0/24 +add china 203.33.250.0/24 +add china 203.34.4.0/24 +add china 203.34.21.0/24 +add china 203.34.27.0/24 +add china 203.34.39.0/24 +add china 203.34.48.0/23 +add china 203.34.54.0/24 +add china 203.34.56.0/23 +add china 203.34.67.0/24 +add china 203.34.69.0/24 +add china 203.34.76.0/24 +add china 203.34.92.0/24 +add china 203.34.106.0/24 +add china 203.34.113.0/24 +add china 203.34.147.0/24 +add china 203.34.150.0/24 +add china 203.34.152.0/23 +add china 203.34.161.0/24 +add china 203.34.162.0/24 +add china 203.34.187.0/24 +add china 203.34.192.0/21 +add china 203.34.204.0/22 +add china 203.34.232.0/24 +add china 203.34.240.0/24 +add china 203.34.242.0/24 +add china 203.34.245.0/24 +add china 203.34.251.0/24 +add china 203.55.2.0/23 +add china 203.55.4.0/24 +add china 203.55.10.0/24 +add china 203.55.13.0/24 +add china 203.55.22.0/24 +add china 203.55.30.0/24 +add china 203.55.93.0/24 +add china 203.55.101.0/24 +add china 203.55.109.0/24 +add china 203.55.110.0/24 +add china 203.55.116.0/23 +add china 203.55.119.0/24 +add china 203.55.128.0/23 +add china 203.55.146.0/23 +add china 203.55.192.0/24 +add china 203.55.196.0/24 +add china 203.55.218.0/23 +add china 203.55.221.0/24 +add china 203.55.224.0/24 +add china 203.56.1.0/24 +add china 203.56.4.0/24 +add china 203.56.12.0/24 +add china 203.56.24.0/24 +add china 203.56.38.0/24 +add china 203.56.40.0/24 +add china 203.56.46.0/24 +add china 203.56.48.0/21 +add china 203.56.68.0/23 +add china 203.56.82.0/23 +add china 203.56.84.0/23 +add china 203.56.95.0/24 +add china 203.56.110.0/24 +add china 203.56.121.0/24 +add china 203.56.161.0/24 +add china 203.56.169.0/24 +add china 203.56.172.0/23 +add china 203.56.175.0/24 +add china 203.56.183.0/24 +add china 203.56.185.0/24 +add china 203.56.187.0/24 +add china 203.56.192.0/24 +add china 203.56.198.0/24 +add china 203.56.201.0/24 +add china 203.56.208.0/23 +add china 203.56.210.0/24 +add china 203.56.214.0/24 +add china 203.56.216.0/24 +add china 203.56.227.0/24 +add china 203.56.228.0/24 +add china 203.56.231.0/24 +add china 203.56.232.0/24 +add china 203.56.240.0/24 +add china 203.56.252.0/24 +add china 203.56.254.0/24 +add china 203.57.5.0/24 +add china 203.57.6.0/24 +add china 203.57.12.0/23 +add china 203.57.28.0/24 +add china 203.57.39.0/24 +add china 203.57.46.0/24 +add china 203.57.58.0/24 +add china 203.57.61.0/24 +add china 203.57.66.0/24 +add china 203.57.69.0/24 +add china 203.57.70.0/23 +add china 203.57.73.0/24 +add china 203.57.90.0/24 +add china 203.57.101.0/24 +add china 203.57.109.0/24 +add china 203.57.123.0/24 +add china 203.57.157.0/24 +add china 203.57.200.0/24 +add china 203.57.202.0/24 +add china 203.57.206.0/24 +add china 203.57.222.0/24 +add china 203.57.224.0/20 +add china 203.57.246.0/23 +add china 203.57.249.0/24 +add china 203.57.253.0/24 +add china 203.57.254.0/23 +add china 203.62.2.0/24 +add china 203.62.131.0/24 +add china 203.62.139.0/24 +add china 203.62.161.0/24 +add china 203.62.197.0/24 +add china 203.62.228.0/22 +add china 203.62.234.0/24 +add china 203.62.246.0/24 +add china 203.65.240.0/22 +add china 203.76.160.0/22 +add china 203.76.168.0/22 +add china 203.76.208.0/21 +add china 203.76.216.0/22 +add china 203.76.240.0/21 +add china 203.77.180.0/22 +add china 203.78.48.0/20 +add china 203.78.156.0/22 +add china 203.79.0.0/20 +add china 203.79.32.0/20 +add china 203.80.4.0/23 +add china 203.80.32.0/20 +add china 203.80.57.0/24 +add china 203.80.129.0/24 +add china 203.80.132.0/22 +add china 203.80.136.0/21 +add china 203.80.144.0/20 +add china 203.81.0.0/21 +add china 203.81.16.0/20 +add china 203.81.244.0/22 +add china 203.82.0.0/23 +add china 203.82.16.0/21 +add china 203.82.112.0/20 +add china 203.82.224.0/20 +add china 203.83.0.0/22 +add china 203.83.8.0/21 +add china 203.83.56.0/21 +add china 203.83.224.0/20 +add china 203.86.0.0/17 +add china 203.86.250.0/24 +add china 203.86.254.0/23 +add china 203.88.32.0/19 +add china 203.88.192.0/19 +add china 203.89.0.0/22 +add china 203.89.8.0/21 +add china 203.89.133.0/24 +add china 203.89.136.0/22 +add china 203.89.144.0/24 +add china 203.90.0.0/22 +add china 203.90.8.0/21 +add china 203.90.128.0/18 +add china 203.90.192.0/19 +add china 203.91.1.0/24 +add china 203.91.32.0/19 +add china 203.91.96.0/20 +add china 203.91.120.0/21 +add china 203.92.0.0/22 +add china 203.92.6.0/24 +add china 203.92.160.0/19 +add china 203.93.0.0/16 +add china 203.94.0.0/19 +add china 203.95.0.0/21 +add china 203.95.96.0/19 +add china 203.95.128.0/18 +add china 203.95.200.0/21 +add china 203.95.208.0/22 +add china 203.95.224.0/19 +add china 203.99.8.0/21 +add china 203.99.16.0/20 +add china 203.99.80.0/20 +add china 203.100.32.0/20 +add china 203.100.48.0/21 +add china 203.100.58.0/24 +add china 203.100.60.0/24 +add china 203.100.63.0/24 +add china 203.100.80.0/20 +add china 203.100.96.0/19 +add china 203.100.192.0/20 +add china 203.104.32.0/20 +add china 203.105.96.0/19 +add china 203.105.128.0/19 +add china 203.107.0.0/17 +add china 203.110.160.0/19 +add china 203.110.208.0/20 +add china 203.110.232.0/23 +add china 203.110.234.0/24 +add china 203.114.80.0/20 +add china 203.114.244.0/22 +add china 203.118.192.0/19 +add china 203.118.241.0/24 +add china 203.118.248.0/22 +add china 203.119.24.0/21 +add china 203.119.32.0/22 +add china 203.119.80.0/22 +add china 203.119.85.0/24 +add china 203.119.113.0/24 +add china 203.119.114.0/23 +add china 203.119.116.0/22 +add china 203.119.120.0/21 +add china 203.119.128.0/17 +add china 203.123.58.0/24 +add china 203.128.32.0/19 +add china 203.128.96.0/19 +add china 203.128.128.0/24 +add china 203.128.224.0/21 +add china 203.129.8.0/21 +add china 203.130.32.0/19 +add china 203.132.32.0/19 +add china 203.134.240.0/21 +add china 203.135.96.0/19 +add china 203.135.160.0/20 +add china 203.142.12.0/23 +add china 203.142.219.0/24 +add china 203.142.224.0/19 +add china 203.144.96.0/19 +add china 203.145.0.0/19 +add china 203.148.0.0/18 +add china 203.148.64.0/20 +add china 203.148.80.0/22 +add china 203.148.86.0/23 +add china 203.149.92.0/22 +add china 203.152.64.0/19 +add china 203.152.128.0/19 +add china 203.153.0.0/22 +add china 203.156.192.0/18 +add china 203.158.16.0/21 +add china 203.160.52.0/22 +add china 203.160.104.0/21 +add china 203.160.129.0/24 +add china 203.160.192.0/19 +add china 203.161.0.0/22 +add china 203.161.180.0/24 +add china 203.161.183.0/24 +add china 203.161.192.0/19 +add china 203.166.160.0/19 +add china 203.167.28.0/22 +add china 203.168.0.0/19 +add china 203.170.58.0/23 +add china 203.171.0.0/22 +add china 203.171.208.0/24 +add china 203.171.224.0/20 +add china 203.174.4.0/24 +add china 203.174.6.0/23 +add china 203.174.96.0/19 +add china 203.175.128.0/19 +add china 203.175.192.0/18 +add china 203.176.0.0/18 +add china 203.176.64.0/19 +add china 203.176.168.0/21 +add china 203.184.80.0/20 +add china 203.185.189.0/24 +add china 203.187.160.0/19 +add china 203.189.0.0/23 +add china 203.189.6.0/23 +add china 203.189.112.0/22 +add china 203.189.192.0/19 +add china 203.189.232.0/21 +add china 203.189.240.0/22 +add china 203.190.96.0/20 +add china 203.190.249.0/24 +add china 203.191.0.0/23 +add china 203.191.2.0/24 +add china 203.191.5.0/24 +add china 203.191.7.0/24 +add china 203.191.16.0/20 +add china 203.191.64.0/18 +add china 203.191.133.0/24 +add china 203.191.144.0/20 +add china 203.192.0.0/19 +add china 203.193.224.0/19 +add china 203.194.120.0/21 +add china 203.195.64.0/19 +add china 203.195.112.0/21 +add china 203.195.128.0/17 +add china 203.196.0.0/20 +add china 203.196.28.0/22 +add china 203.201.181.0/24 +add china 203.201.182.0/24 +add china 203.202.236.0/22 +add china 203.205.64.0/19 +add china 203.205.128.0/17 +add china 203.207.64.0/18 +add china 203.207.128.0/17 +add china 203.208.0.0/20 +add china 203.208.16.0/22 +add china 203.208.32.0/19 +add china 203.209.224.0/19 +add china 203.212.0.0/20 +add china 203.212.80.0/20 +add china 203.215.232.0/21 +add china 203.217.164.0/22 +add china 203.222.192.0/20 +add china 203.223.0.0/20 +add china 203.223.16.0/21 +add china 204.55.160.0/24 +add china 204.74.96.0/24 +add china 204.114.176.0/23 +add china 206.219.44.0/23 +add china 206.219.50.0/23 +add china 206.219.52.0/23 +add china 210.2.0.0/19 +add china 210.5.0.0/19 +add china 210.5.56.0/21 +add china 210.5.128.0/19 +add china 210.7.56.0/21 +add china 210.12.0.0/15 +add china 210.14.64.0/19 +add china 210.14.112.0/20 +add china 210.14.128.0/17 +add china 210.15.0.0/17 +add china 210.15.128.0/18 +add china 210.16.104.0/22 +add china 210.16.128.0/18 +add china 210.21.0.0/16 +add china 210.22.0.0/16 +add china 210.23.32.0/19 +add china 210.25.0.0/16 +add china 210.26.0.0/15 +add china 210.28.0.0/14 +add china 210.32.0.0/12 +add china 210.51.0.0/16 +add china 210.52.0.0/15 +add china 210.56.192.0/19 +add china 210.72.0.0/14 +add china 210.76.0.0/15 +add china 210.78.0.0/16 +add china 210.79.64.0/18 +add china 210.79.224.0/19 +add china 210.82.0.0/15 +add china 210.87.128.0/18 +add china 210.185.192.0/18 +add china 210.192.96.0/19 +add china 211.64.0.0/13 +add china 211.80.0.0/12 +add china 211.96.0.0/13 +add china 211.136.0.0/13 +add china 211.144.0.0/12 +add china 211.160.0.0/13 +add china 216.250.108.0/22 +add china 218.0.0.0/11 +add china 218.56.0.0/13 +add china 218.64.0.0/11 +add china 218.96.0.0/14 +add china 218.100.88.0/21 +add china 218.100.96.0/19 +add china 218.100.128.0/17 +add china 218.104.0.0/14 +add china 218.108.0.0/15 +add china 218.185.192.0/19 +add china 218.185.240.0/21 +add china 218.192.0.0/12 +add china 218.240.0.0/13 +add china 218.249.0.0/16 +add china 219.72.0.0/16 +add china 219.82.0.0/16 +add china 219.83.128.0/17 +add china 219.90.68.0/22 +add china 219.90.72.0/21 +add china 219.128.0.0/11 +add china 219.216.0.0/13 +add china 219.224.0.0/12 +add china 219.242.0.0/15 +add china 219.244.0.0/14 +add china 220.101.192.0/18 +add china 220.112.0.0/14 +add china 220.152.128.0/17 +add china 220.154.0.0/15 +add china 220.158.240.0/22 +add china 220.160.0.0/11 +add china 220.192.0.0/12 +add china 220.231.0.0/18 +add china 220.231.128.0/17 +add china 220.232.64.0/18 +add china 220.234.0.0/16 +add china 220.242.0.0/15 +add china 220.247.136.0/21 +add china 220.248.0.0/14 +add china 220.252.0.0/16 +add china 221.0.0.0/13 +add china 221.8.0.0/14 +add china 221.12.0.0/17 +add china 221.12.128.0/18 +add china 221.13.0.0/16 +add china 221.14.0.0/15 +add china 221.122.0.0/15 +add china 221.128.128.0/17 +add china 221.129.0.0/16 +add china 221.130.0.0/15 +add china 221.133.224.0/19 +add china 221.136.0.0/15 +add china 221.172.0.0/14 +add china 221.176.0.0/13 +add china 221.192.0.0/14 +add china 221.196.0.0/15 +add china 221.198.0.0/16 +add china 221.199.0.0/17 +add china 221.199.128.0/18 +add china 221.199.192.0/20 +add china 221.199.224.0/19 +add china 221.200.0.0/13 +add china 221.208.0.0/12 +add china 221.224.0.0/12 +add china 222.16.0.0/12 +add china 222.32.0.0/11 +add china 222.64.0.0/11 +add china 222.125.0.0/16 +add china 222.126.128.0/17 +add china 222.128.0.0/12 +add china 222.160.0.0/14 +add china 222.168.0.0/13 +add china 222.176.0.0/12 +add china 222.192.0.0/11 +add china 222.240.0.0/13 +add china 222.248.0.0/15 +add china 223.0.0.0/12 +add china 223.20.0.0/15 +add china 223.27.184.0/22 +add china 223.29.208.0/22 +add china 223.29.252.0/22 +add china 223.64.0.0/11 +add china 223.96.0.0/12 +add china 223.112.0.0/14 +add china 223.116.0.0/15 +add china 223.120.0.0/13 +add china 223.128.0.0/15 +add china 223.130.8.0/22 +add china 223.144.0.0/12 +add china 223.160.0.0/14 +add china 223.166.0.0/15 +add china 223.192.0.0/15 +add china 223.198.0.0/15 +add china 223.201.0.0/16 +add china 223.202.0.0/15 +add china 223.208.0.0/13 +add china 223.220.0.0/15 +add china 223.223.176.0/20 +add china 223.223.192.0/20 +add china 223.240.0.0/13 +add china 223.248.0.0/14 +add china 223.252.128.0/17 +add china 223.254.0.0/16 +add china 223.255.0.0/17 +add china 223.255.236.0/22 +add china 223.255.252.0/23 diff --git a/package/lean/ipset-lists/files/etc/ipset/local b/package/lean/ipset-lists/files/etc/ipset/local new file mode 100644 index 000000000..9c1df02ce --- /dev/null +++ b/package/lean/ipset-lists/files/etc/ipset/local @@ -0,0 +1,6 @@ +create local hash:net family inet hashsize 1024 maxelem 65536 +add local 10.0.0.0/8 +add local 127.0.0.0/8 +add local 172.16.0.0/12 +add local 192.168.0.0/16 +add local 224.0.0.0/3 diff --git a/package/lean/ipset-lists/files/usr/lib/lua/luci/controller/gfwlist.lua b/package/lean/ipset-lists/files/usr/lib/lua/luci/controller/gfwlist.lua new file mode 100644 index 000000000..b06fdbd1a --- /dev/null +++ b/package/lean/ipset-lists/files/usr/lib/lua/luci/controller/gfwlist.lua @@ -0,0 +1,14 @@ +--[[ + Customize /etc/gfwlist.list content + Copyright (c) 2015 Justin Liu + Author: Justin Liu + https://github.com/rssnsj/network-feeds +]]-- + +module("luci.controller.gfwlist", package.seeall) + +function index() + local page + page = entry({"admin", "services", "gfwlist"}, cbi("gfwlist"), _("Domain Lists")) + page.dependent = true +end diff --git a/package/lean/ipset-lists/files/usr/lib/lua/luci/i18n/gfwlist.zh-cn.lmo b/package/lean/ipset-lists/files/usr/lib/lua/luci/i18n/gfwlist.zh-cn.lmo new file mode 100644 index 000000000..9bfab206c Binary files /dev/null and b/package/lean/ipset-lists/files/usr/lib/lua/luci/i18n/gfwlist.zh-cn.lmo differ diff --git a/package/lean/ipset-lists/files/usr/lib/lua/luci/model/cbi/gfwlist.lua b/package/lean/ipset-lists/files/usr/lib/lua/luci/model/cbi/gfwlist.lua new file mode 100644 index 000000000..db84754ed --- /dev/null +++ b/package/lean/ipset-lists/files/usr/lib/lua/luci/model/cbi/gfwlist.lua @@ -0,0 +1,33 @@ +--[[ + Customize firewall-banned domain lists - /etc/gfwlist/ + Copyright (c) 2015 Justin Liu + Author: Justin Liu + https://github.com/rssnsj/network-feeds +]]-- + +local fs = require "nixio.fs" + +function sync_value_to_file(value, file) + value = value:gsub("\r\n?", "\n") + local old_value = nixio.fs.readfile(file) + if value ~= old_value then + nixio.fs.writefile(file, value) + end +end + +m = SimpleForm("gfwlist", translate("Domain Lists Settings")) + +for e in fs.dir("/etc/gfwlist") do + glist = m:field(TextValue, e, e, nil) + glist.rmempty = false + glist.rows = 12 + + function glist.cfgvalue() + return nixio.fs.readfile("/etc/gfwlist/" .. e) or "" + end + function glist.write(self, section, value) + sync_value_to_file(value, "/etc/gfwlist/" .. e) + end +end + +return m diff --git a/package/lean/ipset-lists/po/zh_CN/gfwlist.po b/package/lean/ipset-lists/po/zh_CN/gfwlist.po new file mode 100644 index 000000000..7ce2c1e8d --- /dev/null +++ b/package/lean/ipset-lists/po/zh_CN/gfwlist.po @@ -0,0 +1,9 @@ +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8" + +msgid "Domain Lists Settings" +msgstr "鍩熷悕鍒楄〃璁剧疆" + +msgid "Domain Lists" +msgstr "鍩熷悕鍒楄〃" + diff --git a/package/lean/ipset-lists/tools/Makefile b/package/lean/ipset-lists/tools/Makefile new file mode 100644 index 000000000..f415b2052 --- /dev/null +++ b/package/lean/ipset-lists/tools/Makefile @@ -0,0 +1,3 @@ +update: + ./gen-china-routes.sh > ../files/etc/ipset/china + ./gen-gfwlist.sh > ../files/etc/gfwlist/china-banned diff --git a/package/lean/ipset-lists/tools/base-gfwlist.txt b/package/lean/ipset-lists/tools/base-gfwlist.txt new file mode 100644 index 000000000..75277f6c0 --- /dev/null +++ b/package/lean/ipset-lists/tools/base-gfwlist.txt @@ -0,0 +1,2941 @@ +0rz.tw +0to255.com +10musume.com +123rf.com +12bet.com +12vpn.com +141hongkong.com +173ng.com +1984bbs.com +1984bbs.org +1-apple.com.tw +1bao.org +1eew.com +1pondo.tv +2000fun.com +2008xianzhang.info +21andy.com +247realmedia.com +24smile.org +2-hand.info +2mdn.net +2shared.com +301works.org +315lz.com +32red.com +365singles.com.ar +36rain.com +4bluestones.biz +4chan.org +4pppc.gov.tw +4shared.com +4sq.com +51.ca +5i01.com +5maodang.com +64tianwang.com +64wiki.com +666kb.com +6park.com +7capture.com +881903.com +888.com +89-64.org +9001700.com +91porn.com +921.gov.tw +92ccav.com +9bis.com +9bis.net +9city.me +a5.com.ru +abc.pp.ru +abitno.linpie.com +ablwang.com +aboluowang.com +aboutgfw.com +acgkj.com +ac.jiruan.net +ac.playstation.net +actimes.com.au +aculo.us +ad1.nownews.com +addictedtocoffee.de +ads.backchina.com +adultfriendfinder.com +adultkeep.net +advanscene.com +advertfan.com +aec.gov.tw +aenhancers.com +af.mil +aftygh.gov.tw +aide.gov.tw +aiph.net +aisex.com +ait.org.tw +aiweiweiblog.com +aiweiwei.com +ajaxplorer.info +akamaihd.net +akiba-online.com +alabout.com +alasbarricadas.org +alexlur.org +aliengu.com +aliyun.com +alkasir.com +allaboutalpha.com +allgirlsallowed.org +alliance.org.hk +allinfa.com +allinfo.com +allmovie.com +allonlinux.free.fr +all-that-is-interesting.com +al-qimmah.net +alternate-tools.com +altrec.com +alvinalexander.com +alwaysdata.com +alwaysdata.net +am730.com.hk +amazonaws.com +ameblo.jp +americangreencard.com +amiblockedornot.com +amnesty.org +amnestyusa.org +amoiist.com +amzs.me +analyze-v.com +anchorfree.com +andfaraway.net +android.com +angularjs.org +animecrazy.net +anobii.com +anontext.com +anonymizer.com +a-normal-day.com +answering-islam.org +anthonycalzadilla.com +anti.anti.cnn.googlepages.com +antidrm.hpg.ig.com.br +antiwave.net +aobo.com.au +aolchannels.aol.com +aomiwang.com +apetube.com +apiary.io +apidocs.linksalpha.com +apigee.com +api.linksalpha.com +api.proxlet.com +api.supertweet.net +app.heywire.com +app.hkatvnews.com +appledaily.com +appledaily.com.tw +apps.hloli.net +appspot.com +archive.is +archive.org +arctosia.com +areca-backup.org +army.mil +arte.gov.tw +art-or-porn.com +artsy.net +asahichinese.com +asdfg.jp +asiafriendfinder.com +asiaharvest.org +asianews.it +asianwomensfilm.de +askstudent.com +askynz.net +assembla.com +astonmartinnews.com +atchinese.com +atc.org.au +atgfw.org +atj.org.tw +atlaspost.com +atnext.com +autoproxy.org +avaaz.org +avdb.in +avidemux.org +avoision.com +awardwinningfjords.com +axureformac.com +babynet.com.hk +backchina.com +backpackers.com.tw +badassjs.com +badoo.com +baidu.jp +baixing.me +bannedbook.org +barnabu.co.uk +basetimesheightdividedby2.com +bayvoice.net +bbcchinese.com +bbc.com +bbc.co.uk +bbci.co.uk +bbcimg.co.uk +bbc.in +bbg.gov +bbs2.newsgroup.la +bbs.ecstart.com +bbsfeed.com +bbs.kimy.com.tw +bbsland.com +bbs.morbell.com +bbs.mychat.to +bbs.newsgroup.la +bbs.ozchinese.com +bbs.qmzdd.com +bbs.sina.com +bbs.skykiwi.com +bbs.tuitui.info +bb.ttv.com.tw +bcc.com.tw +bcchinese.net +bdhr.gov.tw +bd.zhe.la +bebo.com +beeg.com +beijing1989.com +beijingspring.com +benjaminste.in +berlintwitterwall.com +bestforchina.org +bestvpnservice.com +bet365.com +beta.iset.com.tw +beta.usejump.com +betfair.com +bettween.com +betvictor.com +bewww.net +beyondfirewall.com +bfnn.org +biantailajiao.com +biantailajiao.in +bigfools.com +bignews.org +bigsound.org +bill2-software.com +billywr.com +bill.zhong.pp.ru +bipic.net +bitcointalk.org +bit.ly +bitly.com +bitshare.com +bjzc.org +blinkx.com +blinw.com +blip.tv +blockcn.com +blog.birdhouseapp.com +blog.bitly.com +blogblog.com +blog.boxcar.io +blogcatalog.com +blog.davidziegler.net +blog.dayoneapp.com +blog.de +blog.dribbble.com +blog.exblog.co.jp +blog.expofutures.com +blog.fizzik.com +blog.foolsmountain.com +blogger.com +blog.gowalla.com +blog.hotpotato.com +blog.ifttt.com +blogimg.jp +blog.instagram.com +blog.instapaper.com +blog.iphone-dev.org +blog.istef.info +blog.jackjia.com +blog.joeyrobert.org +blog.kangye.org +blog.kickstarter.com +blog.kl.am +blog.klip.me +blog.lester850.info +blog.lightbox.com +bloglines.com +bloglovin.com +blog.mongodb.org +blog.openinkpot.org +blog.palm.com +blog.path.com +blog.pathtosharepoint.com +blog.pchome.com.tw +blog.pentalogic.net +blog.pikchur.com +blog.pilotmoon.com +blog.redren.com +blog.rockmelt.com +blog.romanandreg.com +blog.s135.com +blogs.icerocket.com +blog.sina.com.tw +blog.sogoo.org +blog.sparrowmailapp.com +blogspot.com +blogspot.co.uk +blogspot.de +blogspot.fr +blogspot.in +blogspot.jp +blogs.tampabay.com +blog.summify.com +blogs.yahoo.co.jp +blog.syx86.cn +blog.syx86.com +blog.taragana.com +blogtd.net +blogtd.org +blog.tiney.com +blog.topify.com +blog.usa.gov +blog.xuite.net +blog.youthwant.com.tw +blog.youxu.info +bloodshed.net +bloomberg.cn +bloomberg.com +bloomberg.de +bloomfortune.com +bmediaasia.com +bnrmetal.com +boardreader.com +bobulate.com +bolin.netfirms.com +bonbonme.com +bonjourlesgeeks.com +boobstagram.com +books.com.tw +bookshelfporn.com +botanwang.com +bot.nu +bowenpress.com +boxunblog.com +boxunclub.com +boxun.com +boxun.tv +bralio.com +branch.com +brandonhutchinson.com +braumeister.org +break.com +breakingtweets.com +briefdream.com +brightcove.com +brightkite.com +brizzly.com +broadbook.com +br.st +brucewang.net +bt95.com +btdigg.org +btrd.net +budaedu.org +bugclub.org +builtwithbootstrap.com +bullogger.com +bullog.org +businesstimes.com.cn +businessweek.com +buugaa.com +buy.yahoo.com.tw +buzzurl.jp +bwbx.io +bwsj.hk +bx.tl +c1522.mooo.com +cacnw.com +cactusvpn.com +cafepress.com +cahr.org.tw +calameo.com +calebelston.com +cams.com +cams.org.sg +canadameet.com +canyu.org +caobian.info +caochangqing.com +cao.im +cari.com.my +catch22.net +catfightpayperview.xxx +catholic.org.hk +catholic.org.tw +cbs.ntu.edu.tw +cc9007.spaces.live.com +ccavtop10.com +ccdtr.org +ccim.org +cclife.org +ccthere.com +cctongbao.com +ccue.ca +ccue.com +cdig.info +cdjp.org +cdnews.com.tw +cdn.printfriendly.com +cdp1998.org +cdp2006.org +cdp.sinica.edu.tw +cdpusa.org +cdpweb.org +cdpwu.org +cdw.com +cecc.gov +cellulo.info +cenci.tk +cenews.eu +centralnation.com +centurys.net +c-est-simple.com +cfhks.org.hk +cftfc.com +cgdepot.org +chandoo.org +change.org +changp.com +chaos.e-spacy.com +chapm25.com +chartbeat.net +chaturbate.com +chccc.gov.tw +chengmingmag.com +chenguangcheng.com +chenpokong.com +chenyehao.spaces.live.com +cherrysave.com +chevronwp7.com +chicagoncmtv.com +china101.com +china21.com +china21.org +china5000.us +chinaaffairs.org +chinaaid.me +chinaaid.net +chinaaid.org +chinaaid.us +chinachange.org +chinachannel.hk +chinacomments.org +chinadigitaltimes.net +chinaeweekly.com +chinafreepress.org +chinagate.com +chinageeks.org +chinagfw.org +chinagreenparty.org +china-green-party.spaces.live.com +chinahush.com +chinainperspective.com +chinainperspective.net +chinainperspective.org +chinainterimgov.org +chinalawandpolicy.com +chinalawtranslate.com +chinamule.com +chinamz.org +chinarightsia.org +chinasocialdemocraticparty.com +chinaso.com +chinasoul.org +chinatimes.com +chinatweeps.com +chinaway.org +china-week.com +chinaworker.info +chinaxchina.com +chinayouth.org.hk +chinayuanmin.org +chinesedailynews.com +chinese.engadget.com +chinese-hermit.net +chinese-memorial.org +chinesen.de +chinesenewsnet.com +chinesepen.org +chinese.rnw.nl +chinese.soifind.com +chinesetalks.net +chinese.wsj.com +chingcheong.com +chn.chosun.com +chrispederick.com +chrispederick.net +christianstudy.com +christiantimes.org.hk +christusrex.org +chrlawyers.hk +chrlcg-hk.org +chromeadblock.com +chrome.com +ch.shvoong.com +chubun.com +chuizi.net +chukuang.gov.tw +circlethebayfortibet.org +citizenlab.org +citizensradio.org +city9x.com +civicparty.hk +civilhrfront.org +civilmedia.tw +cjb.net +ck101.com +classicalguitarblog.net +clb.org.hk +cl.d0z.net +clientsfromhell.net +clipfish.de +cl.ly +cloudfront.net +club.backchina.com +cms.gov +cmule.com +cn2.streetvoice.com +cna.com.tw +cnavista.com.tw +cn.calameo.com +cn.dayabook.com +cnd.org +cn.fmnnow.com +cn.ibtimes.com +cnn.com +cn.news.cnyes.com +cn.streetvoice.com +cn.uncyclopedia.wikia.com +cn.voa.mobi +cochina.org +cocoapods.org +cocoa.zonble.net +code1984.com +codeboxapp.com +codeshare.io +collateralmurder.com +collateralmurder.org +comefromchina.com +comnews.gio.gov.tw +compileheart.com +connectedchina.reuters.com +connect.facebook.net +conoyo.com +contactmagazine.net +contests.twilio.com +conviva.com +cookingtothegoodlife.com +coolaler.com +coolder.com +coolloud.org.tw +corpus4u.org +corumcollege.com +cotweet.com +couchdbwiki.com +coveringweb.com +cp-house.gov.tw +cpj.org +crackle.com +crd-net.org +creaders.net +cromotc.nat.gov.tw +crossthewall.net +csdparty.com +c-spanvideo.org +css.pixnet.in +csuchen.de +cts.com.tw +cubicle17.com +cuhkacs.org +cuihua.org +cuiweiping.net +culture.tw +curvefish.com +cwb.gov.tw +cyanogenmod.org +cyberghost.natado.com +cyberghostvpn.com +cycab.gov.tw +cydia.ifuckgfw.com +cynscribe.com +cytode.us +dabr.co.uk +dabr.me +dabr.mobi +dadazim.com +dadi360.com +dafagood.com +dafahao.com +dailidaili.com +dailymotion.com +dailynews.sina.com +dajiyuan.com +dajiyuan.eu +dajusha.baywords.com +dalailama.com +dalailama.ru +dalailamaworld.com +dalianmeng.org +danke4china.net +danwei.org +daolan.net +dapu-house.gov.tw +darpa.mil +date.fm +davidslog.com +daxa.cn +dayaarmongol.ning.com +daylife.com +ddc.com.tw +deck.ly +default.secureserver.net +delcamp.net +delicious.com +democrats.org +demo.opera-mini.net +derekhsu.homeip.net +de-sci.org +designerol.com +destiny.xfiles.to +deutsche-welle.de +dev102.com +developers.box.net +deviantart.com +deviantart.net +devio.us +devpn.com +dfas.mil +df.gov.tw +diaoyuislands.org +digitalnomadsproject.org +diigo.com +dimitrik.free.fr +dipity.com +directcreative.com +discuss.com.hk +disp.cc +dit-inc.us +dizhidizhi.com +djangosnippets.org +dl.box.net +dl-laby.jp +dl.playstation.net +dlsite.com +dmcdn.net +dmtip.gov.tw +dns2go.com +dnscrypt.org +docstoc.com +dojin.com +dok-forum.net +dolc.de +dollf.com +domain.club.tw +domainhelp.search.com +dongde.com +dongtaiwang.com +dongtaiwang.net +dongyangjing.com +dontfilter.us +dontmovetochina.com +dotheyfolloweachother.com +dotplane.com +dotsub.com +doubleaf.com +doubleclick.net +dougscripts.com +dowei.org +download.syniumsoftware.com +doxygen.org +dphk.org +dpp.org.tw +drewolanoff.com +drgan.net +dropbox.com +dropboxusercontent.com +drsunacademy.com +drtuber.com +dscn.info +dtiblog.com +dtic.mil +dtiserv2.com +duckduckgo.com +duckload.com +duckmylife.com +duihuahrjournal.org +duihua.org +duoweitimes.com +duping.net +duplicati.com +dupola.com +dupola.net +dvorak.org +dw.de +dwnews.com +dwnews.net +dw-world.com +dw-world.de +dy24k.info +dynawebinc.com +dyndns.org +dzze.com +e123.hk +eamonnbrennan.com +earthquake.usgs.gov +easy-share.com +ebookbrowse.com +ebookee.com +echofon.com +ecministry.net +edicypages.com +edoors.com +edubridge.com +eevpn.com +efcc.org.hk +efksoft.com +efmoe.com +e-gold.com +eic-av.com +e-info.org.tw +electionsmeter.com +elpais.com +eltondisney.com +emacsblog.org +embr.in +emory.edu +emule-ed2k.com +emuparadise.me +enewstree.com +en.favotter.net +englishfromengland.co.uk +entermap.com +en.wikipedia.org +epochtimes-bg.com +epochtimes.co.il +epochtimes.co.kr +epochtimes.com +epochtimes.de +epochtimes.fr +epochtimes.ie +epochtimes.jp +epochtimes-romania.com +epochtimes.ru +epochtimes.se +epochtimestr.com +epochweekly.com +erabaru.net +erepublik.com +erepublik.net +erights.net +eriversoft.com +ernestmandel.org +etaiwannews.com +etizer.org +etools.ncol.com +e-traderland.net +etraining.gov.tw +ettoday.net +evchk.wikia.com +eventful.com +everyday-carry.com +exblog.jp +expatshield.com +exploader.net +extremetube.com +eyespirit.info +eyevio.jp +eyny.com +ezpc.tk +ezpeer.com +facebook.com +facebook.net +facesofnyfw.com +fail.hk +faiththedog.info +fakku.net +falsefire.com +falunart.org +falundafamuseum.org +falundafa.org +falunhr.org +famunion.com +fangbinxing.com +fangeming.com +fanglizhi.info +fangongheike.com +fangong.org +fan-qiang.com +fanqianghou.com +fanqiangyakexi.net +fanswong.com +fanyue.info +fapdu.com +farwestchina.com +farxian.com +fastpic.ru +faststone.org +favorious.com +favstar.fm +fawanghuihui.org +faydao.com +fbcdn.net +fb.com +fb.me +fbsbx.com +fc2china.com +fc2.com +f.cl.ly +fdc89.jp +feedbooks.mobi +feedburner.com +feeds2.feedburner.com +feeds.feedburner.com +feedzshare.com +feelssh.com +feer.com +felixcat.net +feministteacher.com +fengzhenghu.com +fetchvideo.com +ff.im +fflick.com +fgmtv.net +fgmtv.org +filefactory.com +files2me.com +fileserve.com +fillthesquare.org +finalion.jp +findbook.tw +finler.net +fireofliberty.org +firstfivefollowers.com +flecheinthepeche.fr +fleshbot.com +flickr.com +flickrhivemind.net +flightcaster.com +flowerofhappiness.spaces.live.com +focustaiwan.tw +focusvpn.com +fofg.org +fooooo.com +footwiball.com +forum.baby-kingdom.com +forum.cyberctm.com +forum.idsam.com +forum.iset.com.tw +forum.my903.com +forum.mymaji.com +forum.newsgroup.la +forum.nownews.com +forum.omy.sg +forum.palmislife.com +forum.pchome.com.tw +forum.setty.com.tw +forum.sina.com.hk +forum.slime.com.tw +forum.tvb.com +forum.yorkbbs.ca +fotop.net +fourface.nodesnoop.com +fourthinternational.org +foxdie.us +foxsub.com +foxtang.com +fqrouter.com +franklc.com +freakshare.com +fredwilson.vc +free4u.com.ar +freealim.com +freechal.com +freedomhouse.org +free.fr +freegao.com +freegateget.googlepages.com +free-gate.org +free-hada-now.org +freelotto.com +freeman2.com +freemoren.com +freemorenews.com +freenet-china.org +freenetproject.org +freenewscn.com +freeopenvpn.com +freeoz.org +free-ssh.com +freessh.us +freetibet.org +freevpn.nl +freewallpaper4.me +freewebs.com +freeweibo.com +freexinwen.com +freeyoutubeproxy.net +friendfeed.com +friendfeed-media.com +fring.com +fringenetwork.com +frommel.net +frontlinedefenders.org +fscked.org +fsurf.com +ftchinese.com +fuckcnnic.net +fuckgfw.com +fuckgfw.org +fulue.com +funf.tw +funp.com +furinkan.com +furl.net +futurechinaforum.org +futureme.org +futuremessage.org +fuyin.net +fw.cm +fxnetworks.com +fzh999.com +fzh999.net +gabocorp.com +gaeproxy.com +gaeproxy.googlecode.com +galenwu.com +game735.com +gamebase.com.tw +gamer.com.tw +gamez.com.tw +ganges.com +gaoming.net +gaopi.net +gaozhisheng.net +gaozhisheng.org +gardennetworks.com +gardennetworks.org +gartlive.com +gather.com +gaymap.cc +gazotube.com +gcc.org.hk +gclooney.com +g.co +gcpnews.com +gdbt.net +gdzf.org +geek-art.net +geekerhome.com +geekmade.co.uk +geekmanuals.com +generesis.com +genuitec.com +geocities.co.jp +geocities.com +geocities.jp +geohot.com +geometrictools.com +getchu.com +getcloudapp.com +get-digital-help.com +getfoxyproxy.org +getfreedur.com +getiton.com +getjetso.com +getlantern.org +getsmartlinks.com +getsocialscope.com +gfwinterceptor.googlecode.com +gfw.org.ua +ggpht.com +ggssl.com +ghost.org +ghut.org +giga-web.jp +gigporno.ru +gimpshop.com +girlbanker.com +github.com +git-scm.com +givemesomethingtoread.com +glennhilton.com +globaljihad.net +globalmuseumoncommunism.org +globalrescue.net +globalvoicesonline.org +gmail.com +gmbd.cn +gmhz.org +gmodules.com +gmozomg.izihost.org +gnci.org.hk +goagent.biz +goagent.googlecode.com +goagentplus.com +godfootsteps.org +golang.org +goldbetsports.com +goldwave.com +gongmeng.info +gongm.in +gongminliliang.com +gongwt.com +goodreaders.com +goodreads.com +goofind.com +goo.gl +googleadservices.com +google-analytics.com +googleapis.com +googlecode.com +google.co.jp +google.com +google.com.hk +google.com.sg +google.com.tw +google.com.uk +googledomains.com +googledrive.com +googleearth.com +googlehosted.com +googlelabs.com +googlemail.com +googleplus.com +googlesile.com +googlesource.com +googlesyndication.com +googletagmanager.com +googletagservices.com +googleusercontent.com +googlevideo.com +gopetition.com +gospelherald.com +gov.tw +gpass1.com +grandtrial.org +graphis.ne.jp +gravatar.com +graylog2.org +grb.gov.tw +greatfire.org +greatfirewall.biz +great-firewall.com +greatfirewallofchina.net +greatfirewallofchina.org +great-roc.org +greatroc.org +greatroc.tw +greatzhonghua.org +greenparty.org.tw +greenvpn.net +gs-discuss.com +gseeker.com +gsn-cert.nat.gov.tw +gstatic.com +gtap.googlecode.com +gtricks.com +guancha.org +gufeng521.spaces.live.com +guishan.org +gunsamerica.com +gun-world.net +guomin.us +gutteruncensored.com +gvm.com.tw +gyalwarinpoche.com +gysd.nyc.gov.tw +gzm.tv +gzone-anime.info +h1n1china.org +hacken.cc +hackthatphone.net +hahlo.com +hakkatv.org.tw +hanunyi.com +hardsextube.com +hasaowall.com +have8.com +haygo.com +hcc.gov.tw +hchcc.gov.tw +h-china.org +hdtvb.net +heartyit.com +hecaitou.net +hechaji.com +heix.pp.ru +heiyo.info +helloandroid.com +hellonewyork.us +helloqueer.com +hellotxt.com +hellouk.org +helpeachpeople.com +helplinfen.com +help.linksalpha.com +help.opera.com +helpzhuling.org +hen.bao.li +hengchuen.gov.tw +heqinglian.net +here4news.com +heungkongdiscuss.com +hgseav.com +hidden-advent.org +hidecloud.com +hideipvpn.com +hidemyass.com +higfw.com +highrockmedia.com +hihiforum.com +hihistory.net +hiitch.com +hikinggfw.org +himemix.com +himemix.net +hjclub.info +hk32168.com +hkbc.net +hkbf.org +hkchurch.org +hkdailynews.com.hk +hkday.net +hkej.com +hkepc.com +hkfront.org +hk.geocities.com +hkgolden.com +hkgreenradio.org +hkg.westkit.net +hkheadline.com +hkhkhk.com +hkjc.com +hk.jiepang.com +hkjp.easyweb.hk +hkjp.org +hk.knowledge.yahoo.com +hk.myblog.yahoo.com +hk.news.yahoo.com +hkptu.org +hk-pub.com +hk.rd.yahoo.com +hkreporter.com +hkreporter.loved.hk +hk.search.yahoo.com +hk.video.news.yahoo.com +hkwcc.org.hk +hk.yahoo.com +hkzone.org +hnjhj.com +hola.com +holyspiritspeaks.org +holz.byethost8.com +homeservershow.com +home.sina.com +home.so-net.net.tw +honeonet.spaces.live.com +hongmeimei.com +hongzhi.li +hootsuite.com +hotpot.hk +hotshame.com +hotspotshield.com +hougaige.com +howtoforge.com +hqcdp.org +hrcir.com +hrichina.org +hrw.org +hsinchu-cc.gov.tw +hsjp.net +hsselite.com +htkou.net +htl.li +ht.ly +htmldog.com +huaglad.com +huajiadi.spaces.live.com +huanghuagang.org +huaren.us +huaxia-news.com +huaxin.ph +hua-yue.net +hudatoriq.web.id +hugoroy.eu +huhamhire.com +hujiachina.spaces.live.com +hulu.com +huluim.com +humanities.uchicago.edu +hungerstrikeforaids.org +hung-ya.com +huping.net +hutianyi.net +hutong9.net +hwinfo.com +hyperrate.com +hypeshell.com +i1.hk +i2runner.com +ialmostlaugh.com +iask.bz +iask.ca +ibiblio.org +iblogserv-f.net +ibros.org +icij.org +icl-fi.org +iconpaper.org +icu-project.org +idemocracy.asia +identi.ca +idiomconnection.com +idouga.com +idv.tw +ieasynews.net +ied2k.net +ieemdai.spaces.live.com +ifan.cz.cc +ifanqiang.com +ifanr.com +ifcss.org +ifjc.org +igfw.net +ignitedetroit.net +igvita.com +ihakka.net +iicns.com +illusionfactory.com +ilove80.be +im88.tw +imageflea.com +imagesblog.gio.gov.tw +imageshack.us +imagevenue.com +imagezilla.net +ime.baidu.jp +img.ly +imkev.com +imlive.com +immigration.gov.tw +imrworldwide.com +im.tv +incredibox.fr +iner.gov.tw +initiativesforchina.org +inmediahk.net +innermongolia.org +instagram.com +interestinglaugh.com +interfaceaddiction.com +internationalrivers.org +internetdefenseleague.org +internetfreedom.org +internetpopculture.com +inxian.com +iphone4hongkong.com +iphonehacks.com +iphonix.fr +ipicture.ru +ipobar.com +ippotv.com +iptorrents.com +ipvanish.com +iredmail.org +ironbigfools.compython.net +ironicsoftware.com +ironpython.net +isaacmao.com +isgreat.org +islamicity.com +islam.org.hk +ismprofessional.net +isohunt.com +israbox.com +istockphoto.com +isunaffairs.com +isuntv.com +itaboo.info +ithelp.ithome.com.tw +itrc.gov.tw +itshidden.com +itweet.net +iu45.com +iverycd.com +ixquick.com +izaobao.us +izles.net +japan-whores.com +jayparkinsonmd.com +jbtalks.cc +jbtalks.com +jbtalks.my +jeanyim.com +jgoodies.com +jiaoyou8.com +jiehua.cz +jieshibaobao.com +jike.com +jimoparty.com +jinbushe.org +jingpin.org +jitouch.com +jkforum.net +j.mp +joachims.org +jobso.tv +joeedelman.com +journalofdemocracy.org +jpopforum.net +juliereyc.com +junauza.com +junefourth-20.net +justfreevpn.com +justtristan.com +juziyue.com +jwmusic.org +jyxf.net +jyzj.waqn.com +k2.xrea.com +kagyuoffice.org.tw +kaiyuan.de +kakao.com +kanzhongguo.com +kanzhongguo.eu +karayou.com +ka-wai.com +kcsoftwares.com +kechara.com +keepandshare.com +kendincos.net +kenengba.com +keontech.net +khcc.gov.tw +khms.gov.tw +khmusic.com.tw +killwall.com +kineox.free.fr +kingdomsalvation.org +kinghost.com +kingstone.com.tw +kissbbao.cn +kissyoutube.com +kk.gov.tw +klccab.gov.tw +klra.gov.tw +klsio.gov.tw +kmh.gov.tw +kmseh.gov.tw +knowledgerush.com +kodingen.com +kompozer.net +koolsolutions.com +koornk.com +kt.kcome.org +kui.name +kun.im +kurtmunger.com +kusocity.com +kwongwah.com.my +kyohk.net +kzeng.info +labiennale.org +ladbrokes.com +la-forum.org +lagranepoca.com +lalulalu.com +laogai.org +laomiu.com +laoyang.info +laptoplockdown.com +laqingdan.net +larsgeorge.com +lastfm.es +latelinenews.com +latimesblogs.latimes.com +lazarsearlymusic.com +leecheukyan.org +legaltech.law.com +lematin.ch +lemonde.fr +lenwhite.com +lerosua.org +lesoir.be +lesscss.org +letscorp.net +liansi.org +lianyue.net +liaowangxizang.net +liberal.org.hk +libertytimes.com.tw +lich355.megabyet.net +lidecheng.com +life.fly4ever.me +limiao.net +line.me +linglingfa.com +lingvodics.com +linkideo.com +linuxconfig.org +linux-engineer.net +linuxreviews.org +linuxtoy.org +lipuman.com +listentoyoutube.com +list.ly +listorious.com +lists.debian.org +lists.w3.org +littlebigdetails.com +liudejun.com +liuhanyu.com +liujianshu.com +liu.lu +liuxiaotong.com +liveleak.com +livestation.com +livestream.com +livevideo.com +livingonline.us +livingstream.com +lizhizhuangbi.com +lkcn.net +localpresshk.com +lockdown.com +lockestek.com +logbot.net +logiqx.com +logmike.com +log.riku.me +london.neighborhoodr.com +longhair.hk +longtermly.net +lookatgame.com +lookingglasstheatre.org +lookpic.com +lotuslight.org.tw +lovequicksilver.com +lovesphinx.tk +lrfz.com +lsd.org.hk +lsforum.net +lsmchinese.org +lsmkorean.org +lsm.org +lsxszzg.com +lua.org +lua-users.org +lungtanhr.gov.tw +luntan.zaobao.com +lupm.org +lushstories.com +lvhai.org +lyricsquote.com +mad-ar.ch +madmenunbuttoned.com +magazines.sina.com.tw +maiio.net +mail-archive.com +maiplus.com +makemymood.com +makzhou.warehouse333.com +malaysiakini.com +marc.info +marco.org +marguerite.su +marines.mil +markmilian.com +martau.com +martincartoons.com +maruta.be +marxist.com +marxist.net +marxists.org +mashable.com +mash.to +matainja.com +mathiew-badimon.com +matsu-news.gov.tw +matsushimakaede.com +maxgif.com +mayimayi.com +mcadforums.com +mcfog.com +md-t.org +mediafire.com +meetup.com +mefeedia.com +megaporn.com +megarotic.com +megavideo.com +megurineluka.com +meirixiaochao.com +melon-peach.com +memedia.cn +meme.yahoo.com +memrijttm.org +merit-times.com.tw +mesotw.com +metacafe.com +meteorshowersonline.com +metrolife.ca +mgoon.com +mgstage.com +mh4u.org +mhradio.org +michaelanti.com +michaelmarketl.com +middle-way.net +mihk.hk +mihua.org +mike.cz.cc +mimivip.com +minghui.org +minghui-school.org +mingjinglishi.com +mingjingnews.com +mingpaocanada.com +mingpao.com +mingpaomonthly.com +mingpaonews.com +mingpaony.com +mingpaosf.com +mingpaotor.com +mingpaovan.com +minimalmac.com +mininova.org +minzhuhua.net +minzhuzhongguo.org +miroguide.com +mirrorbooks.com +mitbbs.com +mixedmedialabs.com +mixero.com +mixpod.com +mixx.com +mizzmona.com +mk5000.com +mlcool.com +mmaaxx.com +mmmca.com +mobatek.net +mobile01.com +mobileways.de +mobypicture.com +moby.to +modfetish.com +moe.gov.tw +mog.com +molihua.org +mondex.org +monitorchina.org +moonriver7.files.wordpress.com +morningsun.org +m.oulove.org +movabletype.com +moviefap.com +mp3ye.eu +mpettis.com +mpfinance.com +mpinews.com +m.plixi.com +mrdoob.com +mrtweet.com +msguancha.com +m.slandr.net +m-team.cc +mthruf.com +m.tweete.net +mtw.tl +multiply.com +multiproxy.org +multiupload.com +muouju.com +muselinks.co.jp +music.jwmusic.org +muzi.com +muzi.net +muzu.tv +mvdis.gov.tw +mx981.com +myactimes.com +my-addr.com +myaudiocast.com +myav.com.tw +my.backchina.com +myboooks.googlepages.com +mychinamyhome.com +myeclipseide.com +myforum.com.hk +myforum.com.uk +myfreshnet.com +my.keso.cn +myopenid.com +my.opera.com +mypaper.pchome.com.tw +myparagliding.com +mypopescu.com +my-proxy.com +myshare.url.com.tw +mysinablog.com +myspace.com +myvlog.im.tv +naacoalition.org +naitik.net +nakido.com +namsisi.com +nanyang.com +nanyangpost.com +nanzao.com +naol.ca +national-lottery.co.uk +navicat.com +navigeaters.com +navy.mil +nccwatch.org.tw +ncdr.nat.gov.tw +nch.com.tw +ncn.org +ncree.gov.tw +nde.de +ndr.de +nekoslovakia.net +nerch.gov.tw +ner.gov.tw +nerhl.gov.tw +nertt.gov.tw +netcolony.com +netflix.com +netme.cc +networkedblogs.com +neverforget8964.org +new-3lunch.net +new-akiba.com +newcenturymc.com +newcenturynews.com +newchen.com +newgrounds.com +newlandmagazine.com.au +news100.com.tw +newsancai.com +news.atebits.com +news.backchina.com +news.bbc.co.uk +newscn.org +news.cnyes.com +newsforums.bbc.co.uk +news.ghostery.com +news.google.com.hk +newsminer.com +news.msn.com.tw +news.omy.sg +news.pchome.com.tw +newspeak.cc +newspp.org +news.sina.com.hk +news.sina.com.tw +news.singtao.ca +newstapa.org +newtaiwan.com.tw +newtalk.tw +newyorktimes.com +nexton-net.jp +nexttv.com.tw +nf.id.au +nga.mil +ngensis.com +nhri.gov.tw +nic.cz.cc +nici.nat.gov.tw +nicovideo.tw +nict.gov.tw +nighost.org +nintendium.com +nintendowifi.net +njactb.org +njuice.com +nlfreevpn.com +nmh.gov.tw +nmmba.gov.tw +nmp.gov.tw +nmtl.gov.tw +nmvttc.gov.tw +nobelprize.org +nobel.se +nobodycanstop.us +nokogiri.org +nokola.com +noobbox.com +notes.alexdong.com +novelasia.com +nownews.com +nowtorrents.com +noypf.com +npa.go.jp +npm.gov.tw +nps.gov +nrk.no +nsc.gov.tw +nspo.gov.tw +nstm.gov.tw +ntdmh.gov.tw +ntdtv.ca +ntdtv.co +ntdtv.com +ntdtv.org +ntdtv.ru +ntl.gov.tw +ntsec.gov.tw +ntuh.gov.tw +nuexpo.com +nurgo-software.com +nuvid.com +nuzcom.com +nvquan.org +nvri.gov.tw +nydus.ca +nysingtao.com +nytco.com +nyt.com +nytimes.com +nytimg.com +nzchinese.net.nz +observechina.net +oclp.hk +october-review.org +offbeatchina.com +ogaoga.org +oikos.com.tw +oiktv.com +oizoblog.com +okayfreedom.com +old-cat.net +old.nabble.com +olumpo.com +olympicwatch.org +omgili.com +omnitalk.com +on.cc +one.xthost.info +onlylady.cn +onmoon.com +onmoon.net +oopsforum.com +ooyala.com +open.com.hk +opendemocracy.net +openid.net +openleaks.org +openvpn.net +openvpn.org +openwebster.com +opml.radiotime.com +opnir.com +orientaldaily.com.my +orient-doll.com +orn.jp +orzistic.org +osfoora.com +ourdearamy.com +oursogo.com +oursteps.com.au +overlapr.com +owl.li +ow.ly +oyax.com +ozchinese.com +ozyoyo.com +pabp.gov.tw +pacificpoker.com +packages.debian.org +packetix.net +page2rss.com +page.bid.yahoo.com +pagodabox.com +paint.net +palacemoon.com +pandora.com +pandora.tv +panluan.net +panoramio.com +pao-pao.net +paperb.us +paper.li +paper-replika.com +parade.com +parislemon.com +pastebin.com +pastie.org +patehr.gov.tw +pbs.org +pbwiki.com +pbworks.com +pbxes.com +pbxes.org +pcdiscuss.com +pcdvd.com.tw +pchome.com.tw +pct.org.tw +pcworld.com +pdetails.com +pdproxy.com +peacefire.org +peacehall.com +peeasian.com +peerpong.com +pekingduck.org +penchinese.com +penchinese.net +pengyulong.com +penthouse.com +peopo.org +percy.in +perfectgirls.net +perfectvpn.net +perfspot.com +perlhowto.com +pet.gov.tw +philly.com +photofocus.com +photos.dailyme.com +photo.utom.us +phuquocservices.com +picasaweb.google.com +picidae.net +picturesocial.com +pictures.playboy.com +pidown.com +pign.net +pimg.tw +pin6.com +ping.fm +pinoy-n.com +pioneer-worker.forums-free.com +piring.com +pixanalytics.com +pixelqi.com +pixfs.net +pixnet.cc +pixnet.net +pixplug.in +pk.com +placemix.com +planetsuzy.org +playboy.com +plays.com.tw +plm.org.hk +plunder.com +plurk.com +plurktop.mmdays.com +plus28.com +plusbb.com +pmates.com +po2b.com +podictionary.com +pokerstars.com +politicalchina.org +popvote.hk +popyard.com +popyard.org +porn2.com +pornbase.org +porn.com +pornhub.com +pornmm.net +pornoxo.com +pornrapidshare.com +pornstarclub.com +porntube.com +pornvisit.com +portis21.spaces.live.com +pose.com +postadult.com +post.anyu.org +posterous.com +post.ly +powerapple.com +power.com +powercx.com +prayforchina.net +premeforwindows7.com +presentationzen.com +president.gov.tw +prestige-av.com +previewshots.com +privacybox.de +privateinternetaccess.com +privatepaste.com +privatetunnel.com +procopytips.com +program-think.spaces.live.com +prosiben.de +provideocoalition.com +proxifier.com +proxomitron.info +proxy.org +proxypy.net +proxyroad.com +prozz.net +psblog.name +psiphon.ca +psiphon.civisec.org +pts.org.tw +ptt.cc +pubu.com.tw +puffinbrowser.com +puffstore.com +pullfolio.com +pulse.yahoo.com +pure18.com +pureconcepts.net +purepdf.com +purevpn.com +putlocker.com +puttycm.free.fr +pwned.com +python.com +python.com.tw +qanote.com +qidian.ca +qienkuen.org +qi-gong.me +qiwen.lu +qixianglu.cn +qkshare.com +qoos.com +qq.co.za +qstatus.com +qtrac.eu +qtweeter.com +quadedge.com +qusi8.net +qvodzy.org +qxbbs.org +radicalparty.org +radioaustralia.net.au +radiovaticana.org +radiovncr.com +raidcall.com.tw +rangzen.org +ranyunfei.com +rapbull.net +rapidshare8.com +rapidsharedata.com +rayfme.com +rcinet.ca +rconversation.blogs.com +rdio.com +read100.com +readingtimes.com.tw +readmoo.com +realraptalk.com +recordhistory.org +redchinacn.org +redtube.com +referer.us +reflectivecode.com +relaxbbs.com +renminbao.com +renyurenquan.org +retweeteffect.com +retweetist.com +retweetrank.com +revleft.com +revsci.net +revver.com +rfachina.com +rfamobile.org +rfa.org +rferl.org +rfi.fr +rhcloud.com +riku.me +rileyguide.com +rlwlw.com +rmjdw.com +rnw.nl +robtex.com +robustnessiskey.com +rocmp.org +rojo.com +ronjoneswriter.com +roodo.com +rotten.com +rsf-chinese.org +rsf.org +rssmeme.com +rthk.hk +rthk.org.hk +rti.org.tw +ruanyifeng.com +rushbee.com +rutube.ru +ruyiseek.com +rxhj.net +s1heng.com +s8forum.com +sacom.hk +sadpanda.us +saiq.me +salvation.org.hk +samair.ru +sammyjs.org +samsoff.es +sandnoble.com +sankaizok.com +sanmin.com.tw +sapikachu.net +savemedia.com +savetibet.de +savetibet.fr +savetibet.nl +savetibet.org +savetibet.ru +savevid.com +say2.info +scanscout.com +scmpchinese.com +scmp.com +scorecardresearch.com +scribd.com +scriptspot.com +seapuff.com +secretchina.com +secretgarden.no +secure.wikimedia.org +securitykiss.com +seesmic.com +seevpn.com +seezone.net +sejie.com +sendoid.com +sendspace.com +sesawe.net +sesawe.org +sethwklein.net +sevenload.com +sex-11.com +sex3.com +sex8.cc +sexandsubmission.com +sex.com +sexhuang.com +sexhu.com +sexinsex.net +sfileydy.com +shadow.ma +shadowsocks.org +shahamat-english.com +shangfang.org +shapeservices.com +sharebee.com +sharecool.org +share.ovi.com +share.skype.com +share.youthwant.com.tw +sharkdolphin.com +sharpdaily.com.hk +sharpdaily.hk +shaunthesheep.com +sheikyermami.com +shellmix.com +shenshou.org +shenyunperformingarts.org +shenzhoufilm.com +shifeike.blog125.fc2blog.net +shinychan.com +shitaotv.org +shixiao.org +shizhao.org +shkspr.mobi +shodanhq.com +shopping.com +showbiz.omy.sg +showtime.jp +shwchurch3.com +sidelinesnews.com +sidelinessportseatery.com +simplecd.me +simplecd.org +simpleproductivityblog.com +sina.com.tw +singtao.com +singularitys.spaces.live.com +sinoants.com +sinocast.com +sinocism.com +sino-monthly.com +sinomontreal.ca +sinonet.ca +sinopitt.info +sinoquebec.com +sis001.com +sis001.us +sis.xxx +site90.net +sitebro.tw +siteks.uk.to +site.locql.com +sitemaps.org +sites.google.com +sitetag.us +siyi123123123.spaces.live.com +skimtube.com +skybet.com +skyvegas.com +slacker.com +slavasoft.com +slheng.com +slickvpn.com +slideshare.net +slinkset.com +slutload.com +smhric.org +snapchat.com +snaptu.com +sndcdn.com +sneakme.net +snooper.co.uk +sobees.com +socialwhale.com +sockslist.net +so.com +sod.co.jp +softether.co.jp +softether-download.com +softether.org +softwarebychuck.com +so-ga.net +sogclub.com +sogou.com +sogrady.me +sohcradio.com +sohfrance.org +soh.tw +sokamonline.com +solozorro.tk +somee.com +so-news.com +songjianjun.com +sonidodelaesperanza.org +sopcast.com +sopcast.org +sorting-algorithms.com +soso.com +soumo.info +soundcloud.com +soundofhope.kr +soundofhope.org +soupofmedia.com +sourceforge.net +southnews.com.tw +sowers.org.hk +space-scape.com +spankwire.com +spb.com +speckleapp.com +speedpluss.org +spencertipping.com +spinejs.com +sports.williamhill.com +spotify.com +sproutcore.com +squarespace.com +srcf.ucam.org +ssh91.com +sshtunnel.googlecode.com +sstatic.net +stag.gov.tw +standupfortibet.org +starp2p.com +startpage.com +statcounter.com +state168.com +static.apple.nextmedia.com +static.digg.com +staticflickr.com +static.nownews.com +static.soup.io +static.typepad.com +status.twhirl.org +stdtime.gov.tw +steel-storm.com +sthoo.com +stickam.com +stickeraction.com +stonegames.net +stoneip.info +stoptibetcrisis.net +storagenewsletter.com +stoweboyd.com +streamingthe.net +strongvpn.com +student.tw +stuffimreading.com +stuffimreading.net +stupidvideos.com +subacme.rerouted.org +sublexical.spaces.live.com +sufeng.org +sugarsync.com +summify.com +sun1911.com +suoluo.org +surfeasy.com.au +svwind.com +sweux.com +swift-tools.net +s.xiaod.in +sydneytoday.com +sylfoundation.org +syncback.com +sysadmin1138.net +sysresccd.org +sytes.net +szbbs.net +szetowah.org.hk +t35.com +t66y.com +taa-usa.org +tabtter.jp +tacem.org +tafaward.com +tagwalk.com +taipei.gov.tw +taipeisociety.org +taitung-house.gov.tw +taiwandaily.net +taiwankiss.com +taiwannation.50webs.com +taiwannation.com +taiwannation.com.tw +taiwannews.com.tw +taiwan-sex.com +taiwantt.org.tw +taiwanus.net +taiwanyes.com +taiwanyes.ning.com +tamiaode.tk +tanc.org +tangben.com +taolun.info +taoyuan.gov.tw +tap11.com +target.com +taweet.com +tax.nat.gov.tw +tbpic.info +tbsec.org +tbsn.org +tbsseattle.org +tchb.gov.tw +tchrd.org +t.co +tcsac.gov.tw +teamseesmic.com +teashark.com +techlifeweb.com +techparaiso.com +telecomspace.com +telegraph.co.uk +tenacy.com +thbstc.gov.tw +theampfactory.com +theappleblog.com +theatrum-belli.com +thebcomplex.com +theblemish.com +thebodyshop-usa.com +thechinabeat.org +thedailywh.at +thedieline.com +thedw.us +thegatesnotes.com +thehots.info +thehousenews.com +thehungrydudes.com +thehun.net +theinternetwishlist.com +thelifeyoucansave.com +thelius.org +thepiratebay.org +thepiratebay.se +theqii.info +thereallove.kr +thesartorialist.com +thespeeder.com +the-sun.on.cc +thetibetpost.com +thetrotskymovie.com +thevivekspot.com +thewgo.org +thisav.com +thisiswhyyouarefat.com +thkphoto.com +thomasbernhard.org +threatchaos.com +throughnightsfire.com +t.huhaitai.com +thumbzilla.com +thywords.com +tiananmenmother.org +tiananmenuniv.com +tiananmenuniv.net +tiandixing.org +tianhuayuan.com +tiantibooks.org +tianzhu.org +tibetalk.com +tibetanyouthcongress.org +tibet.at +tibet.com +tibetcorps.org +tibetfund.org +tibetjustice.org +tibet.net +tibetoffice.org +tibetonline.com +tibetonline.tv +tibet.org.tw +tibetsun.com +tibetwrites.org +tidyread.com +time.com +times.hinet.net +tinychat.com +tinypaste.com +tinypng.com +tistory.com +tjholowaychuk.com +tkcs-collins.com +tkforum.tk +t.kun.im +tmagazine.com +tmi.me +tnaflix.com +tncsec.gov.tw +t.neolee.cn +togetter.com +tokyo-247.com +tokyocn.com +tokyo-hot.com +tomayko.com +tomsc.com +tono-oka.jp +tonyyan.net +toodoc.com +toonel.net +topic.youthwant.com.tw +topnews.in +topshare.us +topshareware.com +topstyle4.com +topsy.com +tora.to +tor.blingblingsquad.net +torproject.org +torrentcrazy.com +torrentproject.se +tor.updatestar.com +torvpn.com +t.orzdream.com +tosh.comedycentral.com +touch99.com +toutfr.com +tpde.aide.gov.tw +tphcc.gov.tw +tpi.org.tw +transgressionism.org +transparency.org +travelinlocal.com +trendsmap.com +trialofccp.org +tripod.com +trouw.nl +trtc.com.tw +trt.net.tr +trulyergonomic.com +trustedbi.com +truth101.co.tv +truthcn.com +truveo.com +tsctv.net +tsemtulku.com +tsquare.tv +tsunagarumon.com +tt1069.com +tttan.com +tuanzt.com +tube8.com +tubecao.com +tube.com +tubewolf.com +tuidang.net +tuidang.org +tui.orzdream.com +tuite.googlecode.com +tumblr.awflasher.com +tumblweed.org +tumutanzi.com +tunein.com +tunnelbear.com +turbobit.net +turbotwitter.com +turningtorso.com +turntable.fm +tuxtraining.com +tvants.com +tvboxnow.com +tv.com +tvider.com +tv-intros.com +tv.on.cc +tvunetworks.com +twapperkeeper.com +twa.sh +twaud.io +twbbs.net.tw +twbbs.org +twbbs.tw +twblogger.com +tweepguide.com +tweeplike.me +tweepmag.com +tweepml.org +tweetbackup.com +tweetboard.com +tweetboner.biz +tweetdeck.com +tweetedtimes.com +tweetmeme.com +tweetmylast.fm +tweetphoto.com +tweetrans.com +tweetree.com +tweetwally.com +tweetymail.com +twftp.org +twibase.com +twibble.de +twibbon.com +twibs.com +twicsy.com +twifan.com +twiffo.com +twiggit.org +twilog.org +twimbow.com +twimg.com +twimg.edgesuite.net +tw.img.nextmedia.com +twindexx.com +twipple.jp +twistar.cc +twisternow.com +twistory.net +twit2d.com +twitbrowser.net +twitcause.com +twitese.spaces.live.com +twitgether.com +twitgoo.com +twitiq.com +twitlonger.com +twitoaster.com +twitonmsn.com +twitpic.com +twitreferral.com +twitstat.com +twittbot.net +twitter4j.org +twitter.com +twittercounter.com +twitterfeed.com +twittergadget.com +twitter.jp +twitterkr.com +twittermail.com +twittertim.es +twitthat.com +twitturk.com +twitturly.com +twitvid.com +twitzap.com +twiyia.com +tw.jiepang.com +tw.myblog.yahoo.com +tw.news.yahoo.com +tw-npo.org +tw.rd.yahoo.com +twreg.info +twstar.net +tw.streetvoice.com +twt.fm +twtkr.com +twtr2src.ogaoga.org +twtrland.com +twt.tl +twttr.com +twurl.nl +tw.voa.mobi +twyac.org +tw.yahoo.com +tycool.com +tynsoe.org +typepad.com +tzangms.com +ub0.cc +uberproxy.net +ucdc1998.org +uderzo.it +udn.com +ufreevpn.com +ugo.com +uhrp.org +uighurbiz.net +ukliferadio.co.uk +ulike.net +ultravpn.fr +ultraxs.com +unblock.cn.com +unblocksit.es +uncyclomedia.org +uncyclopedia.info +uncyclopedia.tw +unholyknight.com +uni.cc +unicode.org +uniteddaily.com.my +unix100.com +unknownspace.org +unpo.org +uocn.org +upcoming.yahoo.com +update.playstation.net +upload4u.info +upload.backchina.com +uploaded.to +uploadstation.com +upload.wikimedia.org +urlborg.com +urlparser.com +usacn.com +usfk.mil +usinfo.state.gov +usmc.mil +us.to +ustream.tv +usus.cc +uushare.com +uwants.com +uwants.net +uyghurcongress.org +uygur.org +v70.us +vaayoo.com +value-domain.com +van698.com +vanemu.cn +vanilla-jp.com +vansky.com +vapurl.com +vatn.org +vcfbuilder.org +vcf-online.org +veempiire.com +velkaepocha.sk +venbbs.com +venchina.com +ventureswell.com +veoh.com +verizon.net +verybs.com +vevo.com +vft.com.tw +vghks.gov.tw +vghtc.gov.tw +vghtpe.gov.tw +video.aol.ca +video.aol.com +video.aol.co.uk +video.ap.org +videobam.com +video.fdbox.com +video.foxbusiness.com +videomo.com +video.tiscali.it +video.yahoo.com +vidoemo.com +views.fm +viki.com +vimeocdn.com +vimeo.com +vimgolf.com +vimperator.org +vincnd.com +vinniev.com +vllcs.org +vlog.xuite.net +vmixcore.com +voacantonese.com +voachineseblog.com +voachinese.com +voagd.com +voanews.com +voatibetan.com +vocn.tv +vot.org +vpnbook.com +vpnfire.com +vpngate.jp +vpngate.net +vpnpop.com +vpnpronet.com +v-state.org +vtunnel.com +w3schools.com +waffle1999.com +wahas.com +waigaobu.com +waikeung.org +waiwaier.com +wallornot.org +wallpapercasa.com +wanderinghorse.net +wanfang.gov.tw +wangafu.net +wangjinbo.org +wanglixiong.com +wangruoshui.net +wangyi64.spaces.live.com +want-daily.com +wapedia.mobi +washeng.net +watchmygf.net +wattpad.com +wdf5.com +wearn.com +web2project.net +webbang.net +webfee.tk +weblagu.com +webmproject.org +webshots.com +websitepulse.com +webs-tv.net +webworkerdaily.com +weeewooo.net +weekmag.info +wefong.com +weiboleak.com +weigegebyc.dreamhosters.com +weijingsheng.org +weiming.info +weiquanwang.org +weisuo.ws +wellplacedpixels.com +wengewang.com +wengewang.org +wenhui.ch +wenku.com +wenxuecity.com +wenyunchao.com +wenyunchao.spaces.live.com +wepn.info +westca.com +westernwolves.com +wetplace.com +wetpussygames.com +wexiaobo.org +wezhiyong.org +wezone.net +wforum.com +whatblocked.com +whereiswerner.com +whippedass.com +whitebear.freebearblog.org +whydidyoubuymethat.com +whylover.com +whyx.org +w.idaiwan.com +wiki.cnitter.com +wiki.jqueryui.com +wiki.keso.cn +wikileaks.ch +wikileaks.de +wikileaks.eu +wikileaks.lu +wikileaks.org +wikileaks.pl +wikilivres.info +wikimapia.org +wikimedia.org.mo +wiki.moegirl.org +wikinet.org +wiki.oauth.net +wikipedia.org +wiki.phonegap.com +wikiwiki.jp +wikkii.com +williamlong.spaces.live.com +willw.net +windowsphoneme.com +winwhispers.info +wiredbytes.com +wiredpen.com +wireshark.org +wisevid.com +witnessleeteaching.com +witopia.net +wlx.sowiki.net +woeser.com +wolfax.com +womenbusiness.nyc.gov.tw +womensrightsofchina.org +woopie.jp +woopie.tv +wordboner.com +wordpress.com +wordsandturds.com +w.org +workatruna.com +worldcat.org +worldjournal.com +worstthingieverate.com +wo.tc +wowlegacy.ml +wow-life.net +woxinghuiguo.com +wozy.in +wp.com +wpoforum.com +wqlhw.com +wqyd.org +wrchina.org +wretch.cc +writer.zoho.com +wsj.com +wsj.net +wtfpeople.com +wuala.com +wuerkaixi.com +wufi.org.tw +wuguoguang.com +wujieliulan.com +wujie.net +wukangrui.net +wwitv.com +www.6v6dota.com +www.ajsands.com +www.antd.org +www.aolnews.com +www.bulbous.freeserve.co.uk +www.cmoinc.org +www.dfanning.com +www.dwheeler.com +www.eulam.com +www.exblog.jp +www.forum4hk.com +www.freetibet.org +www.getyouram.com +www.goldenmelody.com.tw +www.idlcoyote.com +www.immigration.gov.tw +www.klip.me +www.kodingen.com +www.linksalpha.com +www.loiclemeur.com +www.macrovpn.com +www.monlamit.org +www.moztw.org +www.mycould.com +www.ned.org +www.nownews.com +www.orchidbbs.com +www.owind.com +www.oxid.it +www.parkansky.com +www.powerpointninja.com +www.rnw.nl +www.somee.com +www.stackfile.com +www.supertweet.net +www.tiffanyarment.com +www.tripod.com +www.tv.com +www.twtrland.com +www.typepad.com +www.urbanoutfitters.com +www.vegorpedersen.com +www.voy.com +www.vpncup.com +www.wangruowang.org +www.wan-press.org +www.wet123.com +www.zaurus.org.uk +wzyboy.im +x1949x.com +x365x.com +xanga.com +x-art.com +xa.yimg.com +xbabe.com +xbookcn.com +xcafe.in +xcritic.com +xfm.pp.ru +xgmyd.com +xh4n.cn +xhamster.com +xiaochuncnjp.com +xiaohexie.com +xiaoma.org +xiezhua.com +xing.com +xinhuanet.org +xinmiao.com.hk +xinqimeng.over-blog.com +xinsheng.net +xinshijue.com +xinyubbs.net +xizang-zhiye.org +xjp.cc +xml-training-guide.com +xmovies.com +xmusic.fm +xnxx.com +xpdo.net +xpud.org +xskywalker.com +xtube.com +xuchao.net +xuchao.org +xuzhiyong.net +xuzhuoer.com +xvedios.com +xvideos.com +x-wall.org +xxbbx.com +x.xcity.jp +xxxx.com.au +xysblogs.org +xys.dxiong.com +xys.org +xyy69.com +xyy69.info +yahoo.cn +yahoo.com.hk +yam.com +yanghengjun.spaces.live.com +yasni.co.uk +yasukuni.or.jp +yatsen.gov.tw +ydy.com +yeelou.com +yeeyi.com +yegle.net +yezimary.spaces.live.com +yfrog.com +yhcw.net +yidio.com +yilubbs.com +yi.org +yipub.com +ym.backchina.com +yogichen.org +yong.hu +yorkbbs.ca +youdao.com +youjizz.com +youmaker.com +youpai.org +youporn.com +your-freedom.net +yousendit.com +youthbao.com +youthnetradio.org +youtu.be +youtubecn.com +youtube.com +youtube-nocookie.com +youversion.com +youxu.info +ytht.net +ytimg.com +yuanming.net +yuming.flnet.org +yunchao.net +yvesgeleyn.com +yvtc.gov.tw +yx51.net +yyii.org +yymaya.com +yzzk.com +zacebook.com +zannel.com +zaobao.com +zaobao.com.sg +zaozon.com +zarias.com +zattoo.com +zdnet.com.tw +zengjinyan.org +zengjinyan.spaces.live.com +zeutch.com +zgzcjj.net +zhanbin.net +zhao.jinhai.de +zhenghui.org +zhenlibu.info +zhinengluyou.com +zhllg.spaces.live.com +zh.m.wikipedia.org +zh.netlog.com +zhonggtuotese.net +zhongguotese.net +zhongmeng.org +zhongsou.com +zh.pokerstrategy.com +zhreader.com +zh-tw.justin.tv +zhuichaguoji.org +zh.uncyclopedia.wikia.com +zh.wikinews.org +zh.wikipedia.org +zh.wikisource.org +ziddu.com +zillionk.com +zinio.com +ziplib.com +zkaip.com +zmw.cn +zomobo.net +zonaeuropa.com +zootool.com +zoozle.net +zozotown.com +zshare.net +zsrhao.com +zuo.la +zuola.com +zvereff.com +zyzc9.com +zyzg.us diff --git a/package/lean/ipset-lists/tools/gen-china-routes.sh b/package/lean/ipset-lists/tools/gen-china-routes.sh new file mode 100755 index 000000000..36fd9ee77 --- /dev/null +++ b/package/lean/ipset-lists/tools/gen-china-routes.sh @@ -0,0 +1,85 @@ +#!/bin/bash -e + +# +# Script for generating China IPv4 route table by merging APNIC.net data and IPIP.net data +# + +china_routes_ipip() +{ + [ -f ipip.txt ] || wget -4 https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt -O ipip.txt >&2 || exit 1 + cat ipip.txt | xargs netmask | awk '{print $1}' +} + +china_routes_apnic() +{ + [ -f apnic.txt ] || wget -4 http://ftp.apnic.net/stats/apnic/delegated-apnic-latest -O apnic.txt >&2 || exit 1 + + cat apnic.txt | awk -F'|' -vc=CN ' +function tobits(c) { for(n=0; c>=2; c/=2) n++; return 32-n; } +$2==c&&$3=="ipv4" { printf("%s/%d\n", $4, tobits($5)) }' | + xargs netmask | awk '{print $1}' +} + +china_routes_merged() +{ + [ -x ./ipv4-merger ] || gcc ipv4_merger.c -o ipv4-merger >&2 + + china_routes_apnic > china.apnic + china_routes_ipip > china.ipip + + # Merge them together + cat china.apnic china.ipip | ./ipv4-merger | sed 's/\-/:/g' | + xargs netmask | awk '{print $1}' | awk -F/ '$2<=24' > china.merged + + cat china.merged +} + +# $1: ipset name +convert_routes_to_ipset() +{ + local ipset_name="$1" + echo "create $ipset_name hash:net family inet hashsize 1024 maxelem 65536" + awk -vt="$ipset_name" '{ printf("add %s %s\n", t, $0) }' +} + + +generate_china_ipset() +{ + china_routes_merged | convert_routes_to_ipset china +} + +generate_inverted_china_routes() +{ + ( + china_routes_merged + echo 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3 + ) | + xargs netmask -r | awk '{print $1}' | + awk -F- ' +function iptoint(ip) { split(ip,arr,"."); n=0; for(i=1;i<=4;i++) n=n*256+arr[i]; return n; } +function inttoip(n) { a=int(n/16777216); b=int(n%16777216/65536); c=int(n%65536/256); d=n%256; return a "." b "." c "." d; } +BEGIN { st=0 } +{ x=st; y=iptoint($1); st=iptoint($2)+1; if(y>x) { print inttoip(x) ":" inttoip(y-1); } }' | + xargs netmask | awk '{print $1}' +} + + +## +case "$1" in + "") + generate_china_ipset + ;; + -c) + china_routes_merged + ;; + -r) + generate_inverted_china_routes + ;; + *) + echo "Usage:" + echo " $0 generate China routes in ipset format" + echo " $0 -c generate China routes in IP/prefix format" + echo " $0 -r generate invert China routes" + ;; + *) +esac diff --git a/package/lean/ipset-lists/tools/gen-gfwlist.sh b/package/lean/ipset-lists/tools/gen-gfwlist.sh new file mode 100755 index 000000000..483f6d8b3 --- /dev/null +++ b/package/lean/ipset-lists/tools/gen-gfwlist.sh @@ -0,0 +1,29 @@ +#!/bin/sh -e + +generate_china_banned() +{ + if [ ! -f gfwlist.txt ]; then + wget https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O gfwlist.b64 >&2 + cat gfwlist.b64 | base64 -d > gfwlist.txt + rm -f gfwlist.b64 + fi + + cat gfwlist.txt base-gfwlist.txt | sort -u | + sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' | + sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /qq\.com/d' | + sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' | + grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | rev | sort -u | + awk ' +BEGIN { prev = "________"; } { + cur = $0; + if (index(cur, prev) == 1 && substr(cur, 1 + length(prev) ,1) == ".") { + } else { + print cur; + prev = cur; + } +}' | rev | sort -u + +} + +generate_china_banned + diff --git a/package/lean/ipset-lists/tools/ipv4_merger.c b/package/lean/ipset-lists/tools/ipv4_merger.c new file mode 100644 index 000000000..0af85ced1 --- /dev/null +++ b/package/lean/ipset-lists/tools/ipv4_merger.c @@ -0,0 +1,339 @@ +#include +#include +#include +#include + +typedef u_int32_t u32; +typedef int bool; +#define true 1 +#define false 0 +typedef unsigned gfp_t; + +static inline char *ipv4_hltos(u32 u, char *s) +{ + static char ss[20]; + if (!s) + s = ss; + sprintf(s, "%d.%d.%d.%d", + (int)(u >> 24) & 0xff, (int)(u >> 16) & 0xff, + (int)(u >> 8) & 0xff, (int)u & 0xff ); + return s; +} + +static inline u32 ipv4_stohl(const char *s) +{ + int u[4]; + if (sscanf(s, "%d.%d.%d.%d", &u[0], &u[1], &u[2], &u[3]) == 4) { + return (((u32)u[0] & 0xff) << 24) | + (((u32)u[1] & 0xff) << 16) | + (((u32)u[2] & 0xff) << 8) | + (((u32)u[3] & 0xff)); + } else + return 0xffffffff; +} + +static inline bool is_ipv4_addr(const char *s) +{ + int u[4]; + if (sscanf(s, "%d.%d.%d.%d", &u[0], &u[1], &u[2], &u[3]) == 4) + return true; + else + return false; +} + + +struct ipv4_range { + u32 start; + u32 end; +}; + +struct sa_open_data { + struct ipv4_range *tmp_base; + size_t tmp_size; + size_t tmp_length; + int errors; +}; + +static int __touch_tmp_base(struct sa_open_data *od, gfp_t gfp) +{ + if (!od->tmp_base) { + /** + * Allocate a temporary table with twice the size of the previous + * table or at least 100, on which new entries can be inserted. + */ + if (od->tmp_size < 100) + od->tmp_size = 100; + od->tmp_base = (struct ipv4_range *)malloc( + sizeof(struct ipv4_range) * od->tmp_size /*, gfp*/ ); + if (!od->tmp_base) { + fprintf(stderr, + "salist: cannot allocate the temporary list for enlarging it.\n"); + return -ENOMEM; + } + od->tmp_length = 0; + } + return 0; +} + +static int ipv4_list_add_range(struct sa_open_data *od, u32 start, + u32 end, gfp_t gfp) +{ + struct ipv4_range *cur; + int ret; + + /* Ignore a new range if it or a larger range already exists */ + //if (salist_check_ipv4(od->table, start, end)) + // return 0; + + if ((ret = __touch_tmp_base(od, gfp)) < 0) + return ret; + + /* Check if the size is efficient. Enlarge it if needed. */ + if (od->tmp_length + 1 >= od->tmp_size) { + size_t old_size = od->tmp_size; + struct ipv4_range *old_base = od->tmp_base; + + od->tmp_size *= 2; + od->tmp_base = (struct ipv4_range *)realloc(od->tmp_base, + sizeof(struct ipv4_range) * od->tmp_size); + if (!od->tmp_base) { + od->tmp_size = old_size; + od->tmp_base = old_base; + return -ENOMEM; + } + } + + cur = &od->tmp_base[od->tmp_length++]; + cur->start = start; + cur->end = end; + + return 0; +} + +static inline int ipv4_list_add_netmask(struct sa_open_data *od, + u32 net, u32 net_mask, gfp_t gfp) +{ + u32 start = net & net_mask; + u32 end = net | ~net_mask; + + return ipv4_list_add_range(od, start, end, gfp); +} + +static int ipv4_list_add_net(struct sa_open_data *od, u32 net, + int net_bits, gfp_t gfp) +{ + u32 net_mask; + + if(net_bits == 0) + net_mask = 0x00000000; + else + net_mask = ~(((u32)1 << (32 - net_bits)) - 1); + //printf("%d: %08x, %08x\n", net_bits, net_mask, net_size); + + return ipv4_list_add_netmask(od, net, net_mask, gfp); +} + +static int salist_cmd_parse(struct sa_open_data *od, char *cmd, gfp_t gfp) +{ + char *a1 = NULL, *a2 = NULL; + char *sep; + char sc; + int n = 32; + + /* Case 3: Append an item */ + + /* Check IP description part: network segment or range? */ + if ((sep = strchr(cmd, '/'))) { } + else if ((sep = strchr(cmd, '-'))) { } + else if ((sep = strchr(cmd, ':'))) { } + + if (sep) { + /* Describes a subnet or range. */ + sc = *sep; + *sep = '\0'; + + a1 = cmd; + a2 = sep + 1; + + if (*a2 == '\0') { + fprintf(stderr, "Nothing after '%c'.\n", sc); + return -EINVAL; + } + } else { + /* Describes a single IP. */ + sc = '\0'; + a1 = cmd; + } + + switch (sc) { + case '/': + /* 10.10.20.0/24 */ + /* ------------------------------------ */ + if (is_ipv4_addr(a2)) { + ipv4_list_add_netmask(od, ipv4_stohl(a1), ipv4_stohl(a2), gfp); + } else { + sscanf(a2, "%d", &n); + ipv4_list_add_net(od, ipv4_stohl(a1), n, gfp); + } + /* ------------------------------------ */ + break; + case ':': + case '-': + /* 10.10.20.0-10.20.0.255 */ + /* ------------------------------------ */ + ipv4_list_add_range(od, ipv4_stohl(a1), ipv4_stohl(a2), gfp); + /* ------------------------------------ */ + break; + default: + if (is_ipv4_addr(a1)) { + /* Single IP address. */ + u32 ip = ipv4_stohl(a1); + /* ------------------------------------ */ + ipv4_list_add_range(od, ip, ip, gfp); + /* ------------------------------------ */ + } else { + fprintf(stderr, "Invalid IP address '%s'.\n", a1); + return -EINVAL; + } + break; + } + return 0; +} + +static int ipv4_range_sort_cmp(const void *a, const void *b) +{ + struct ipv4_range *ra = (struct ipv4_range *)a; + struct ipv4_range *rb = (struct ipv4_range *)b; + + if (ra->start > rb->start) { + return 1; + } else if (ra->start < rb->start) { + return -1; + } else if (ra->end > rb->end) { + return 1; + } else if (ra->end < rb->end) { + return -1; + } else { + return 0; + } +} + +static void ipv4_range_swap(void *a, void *b, int size) +{ + struct ipv4_range *ra = (struct ipv4_range *)a; + struct ipv4_range *rb = (struct ipv4_range *)b; + struct ipv4_range tmp; + tmp = *ra; + *ra = *rb; + *rb = tmp; +} + +static struct sa_open_data *salist_open(void) +{ + struct sa_open_data *od = NULL; + + od = (struct sa_open_data *)malloc(sizeof(*od)); + if (!od) { + fprintf(stderr, "salist: cannot allocate sa_open_data.\n"); + return NULL; + } + memset(od, 0, sizeof(*od)); + od->errors = 0; + + return od; +} + +static int salist_close(struct sa_open_data *od) +{ + size_t ri, wi; + struct ipv4_range *old_base; + + /* Flush the table if any modification has been done */ + if (od->tmp_base) { + /* Sort the table and merge entries as many as possible. */ + if (od->tmp_length >= 2) { + qsort(od->tmp_base, od->tmp_length, sizeof(struct ipv4_range), + ipv4_range_sort_cmp); + + for (wi = 0, ri = 1; ri < od->tmp_length; ri++) { + /* NOTICE: 0xffffffff + 1 ? */ + if (od->tmp_base[wi].end == (u32)(-1)) { + /* Nothing */ + } else if (od->tmp_base[ri].start <= od->tmp_base[wi].end + 1) { + /* The two ranges overlap, so merge the 2nd to the 1st one */ + if (od->tmp_base[ri].end > od->tmp_base[wi].end) + od->tmp_base[wi].end = od->tmp_base[ri].end; + } else { + wi++; + if (wi < ri) + od->tmp_base[wi] = od->tmp_base[ri]; + } + } + + od->tmp_length = wi + 1; + } + + /* Reduce the size */ + if (od->tmp_length < od->tmp_size) { + struct ipv4_range *__tmp = od->tmp_base; + od->tmp_base = (struct ipv4_range *)malloc( + sizeof(struct ipv4_range) * (od->tmp_length ? od->tmp_length : 1)); + if (od->tmp_base) { + memcpy(od->tmp_base, __tmp, + sizeof(struct ipv4_range) * od->tmp_length); + free(__tmp); + } else { + fprintf(stderr, "[%s:%d] Failed to allocate temporary table.\n", + __FUNCTION__, __LINE__); + /* If failed to allocate new memory, do not reduce it. */ + od->tmp_base = __tmp; + } + } + + /* Dump the table instead */ + } + + if (od->errors) { + fprintf(stderr, "[%s] %d errors detected during table operation.\n", + __FUNCTION__, od->errors); + } + + return 0; +} + +static void sa_open_data_dump(struct sa_open_data *od) +{ + size_t i; + char s1[20], s2[20]; + + for (i = 0; i < od->tmp_length; i++) { + printf("%s-%s\n", ipv4_hltos(od->tmp_base[i].start, s1), + ipv4_hltos(od->tmp_base[i].end, s2)); + } +} + +int main(int argc, char *argv[]) +{ + struct sa_open_data *od; + char lbuf[128]; + + od = salist_open(); + + while (fgets(lbuf, sizeof(lbuf), stdin)) { + size_t llen = strlen(lbuf); + if (llen > 0 && lbuf[llen - 1] == '\n') + lbuf[--llen] = '\0'; + if (llen > 0 && lbuf[llen - 1] == '\r') + lbuf[--llen] = '\0'; + if (llen == 0) + continue; + salist_cmd_parse(od, lbuf, 0); + } + + salist_close(od); + + sa_open_data_dump(od); + + return 0; +} + diff --git a/package/lean/ipv6-helper/Makefile b/package/lean/ipv6-helper/Makefile new file mode 100644 index 000000000..8be88ca5b --- /dev/null +++ b/package/lean/ipv6-helper/Makefile @@ -0,0 +1,56 @@ +# +# Copyright (C) 2015 OpenWrt-dist +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ipv6helper +PKG_VERSION:=1.0 +PKG_RELEASE:=1 + +PKG_LICENSE:=GPLv3 +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=LEAN + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) + +include $(INCLUDE_DIR)/package.mk + +define Package/ipv6helper + SECTION:=ipv6 + TITLE:=IPv6 Helper and Dynamic Update he.net of ip + PKGARCH:=all + DEPENDS:=+luci-proto-ipv6 +wget +ip6tables +kmod-ipt-nat6 +odhcpd-ipv6only +odhcp6c +6in4 +endef + +define Package/ipv6helper/description + IPv6 Helper and Dynamic Update he.net of ip +endef + +define Build/Prepare +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/ipv6helper/postinst +#!/bin/sh +if [ -z "$${IPKG_INSTROOT}" ]; then + chmod 755 /etc/hotplug.d/iface/60-6in4 >/dev/null 2>&1 +fi +exit 0 +endef + +define Package/ipv6helper/install + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_BIN) ./files/root/etc/hotplug.d/iface/60-6in4 $(1)/etc/hotplug.d/iface/60-6in4 +endef + + +$(eval $(call BuildPackage,ipv6helper)) diff --git a/package/lean/ipv6-helper/files/root/etc/hotplug.d/iface/60-6in4 b/package/lean/ipv6-helper/files/root/etc/hotplug.d/iface/60-6in4 new file mode 100644 index 000000000..270aad1f9 --- /dev/null +++ b/package/lean/ipv6-helper/files/root/etc/hotplug.d/iface/60-6in4 @@ -0,0 +1,12 @@ +#!/bin/sh +. /lib/functions.sh +if [ "$ACTION" != "ifup" ]; then + exit +fi +config_load network +config_get tunnelid $INTERFACE tunnelid +config_get username $INTERFACE username +config_get password $INTERFACE password +if [ "$tunnelid" != "" ]; then + wget -O - https://$username:$password@ipv4.tunnelbroker.net/nic/update?hostname=$tunnelid --no-check-certificate +fi diff --git a/package/lean/k3-brcmfmac4366c-firmware/Makefile b/package/lean/k3-brcmfmac4366c-firmware/Makefile new file mode 100644 index 000000000..479628dc0 --- /dev/null +++ b/package/lean/k3-brcmfmac4366c-firmware/Makefile @@ -0,0 +1,42 @@ +# +# Copyright (C) 2015-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v3. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=k3wifi +PKG_VERSION:=1 +PKG_RELEASE:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + TITLE:=k3wifi + DEPENDS:= + URL:=http://www.k3wifi.com/ +endef + +define Package/$(PKG_NAME)/description + k3wifi fw +endef + +define Build/Prepare +endef + +define Build/Configure +endef + +define Build/Compile +endef + + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/lib + $(INSTALL_DIR) $(1)/lib/firmware + $(INSTALL_DIR) $(1)/lib/firmware/brcm + $(INSTALL_DATA) ./files/lib/firmware/brcm/brcmfmac4366c-pcie.bin $(1)/lib/firmware/brcm/brcmfmac4366c-pcie.bin +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/lean/k3-brcmfmac4366c-firmware/files/lib/firmware/brcm/brcmfmac4366c-pcie.bin b/package/lean/k3-brcmfmac4366c-firmware/files/lib/firmware/brcm/brcmfmac4366c-pcie.bin new file mode 100644 index 000000000..203ce98f0 Binary files /dev/null and b/package/lean/k3-brcmfmac4366c-firmware/files/lib/firmware/brcm/brcmfmac4366c-pcie.bin differ diff --git a/package/lean/k3screenctrl/Makefile b/package/lean/k3screenctrl/Makefile new file mode 100644 index 000000000..6f862cec0 --- /dev/null +++ b/package/lean/k3screenctrl/Makefile @@ -0,0 +1,47 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=k3screenctrl +PKG_VERSION:=0.10 +PKG_RELEASE:=2 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/updateing/k3screenctrl.git +PKG_SOURCE_VERSION:=dd05ce9a5cb0cb6cebfc6b3b5823c7f6d75796ff +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION) +PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.xz +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR) +PKG_MAINTAINER:=Hamster Tian + +include $(INCLUDE_DIR)/package.mk + +TARGET_CFLAGS+= -D_GNU_SOURCE + +define Package/k3screenctrl + SECTION:=utils + CATEGORY:=Utilities + DEPENDS:=@TARGET_bcm53xx_DEVICE_phicomm-k3 +@KERNEL_DEVMEM + TITLE:=LCD screen controller on PHICOMM K3 + URL:=https://github.com/updateing/k3-screen-ctrl +endef + +define Package/k3screenctrl/description + K3 Screen Controller (k3screenctrl) is a program utilizing +the LCD screen on PHICOMM K3 to display some stats. +endef + +define Package/k3screenctrl/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_DIR) $(1)/lib/k3screenctrl + $(INSTALL_DIR) $(1)/etc/init.d + + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/k3screenctrl $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/k3screenctrl/wan.sh $(1)/lib/k3screenctrl/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/k3screenctrl/wifi.sh $(1)/lib/k3screenctrl/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/k3screenctrl/port.sh $(1)/lib/k3screenctrl/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/k3screenctrl/basic.sh $(1)/lib/k3screenctrl/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib/k3screenctrl/host.sh $(1)/lib/k3screenctrl/ + + $(INSTALL_BIN) ./files/k3screenctrl.init $(1)/etc/init.d/k3screenctrl +endef + +$(eval $(call BuildPackage,k3screenctrl)) diff --git a/package/lean/k3screenctrl/files/k3screenctrl.init b/package/lean/k3screenctrl/files/k3screenctrl.init new file mode 100755 index 000000000..5d3d190a2 --- /dev/null +++ b/package/lean/k3screenctrl/files/k3screenctrl.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=99 + +SCRIPTS_BASE=/lib/k3screenctrl/ + +start() { + /usr/bin/k3screenctrl & +} + +stop() { + killall k3screenctrl +} diff --git a/package/lean/libidn2/Makefile b/package/lean/libidn2/Makefile new file mode 100644 index 000000000..c023b5298 --- /dev/null +++ b/package/lean/libidn2/Makefile @@ -0,0 +1,93 @@ +# +# Copyright (C) 2017-2018 Daniel Engberg +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=libidn2 +PKG_VERSION:=2.0.4 +PKG_RELEASE:=1 +PKG_MAINTAINER:=Kevin Darbyshire-Bryant +PKG_LICENSE:=GPL-2.0-or-later LGPL-3.0-or-later +PKG_LICENSE_FILES:=COPYING COPYINGv2 COPYING.LESSERv3 + +PKG_SOURCE_URL:=@GNU/libidn +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_HASH:=644b6b03b285fb0ace02d241d59483d98bc462729d8bb3608d5cad5532f3d2f0 + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/nls.mk + +define Package/idn2/Default + SECTION:=net + CATEGORY:=Network + URL:=http://www.gnu.org/software/libidn/ +endef + +define Package/idn2/Default/description + Libidn2 is a free software implementation of IDNA2008, + Punycode and TR46 in library form. It contains + functionality to convert internationalized domain + names to and from ASCII Compatible Encoding (ACE), + following the IDNA2008 and TR46 standards. +endef + +define Package/idn2 + $(call Package/idn2/Default) + SUBMENU:=IP Addresses and Names + TITLE:=GNU IDN2 (Internationalized Domain Name) tool + DEPENDS:=+libidn2 +endef + +define Package/idn2/description +$(call Package/idn2/Default/description) + + Command line tool using libidn2 + +endef + +define Package/libidn2 + SECTION:=libs + CATEGORY:=Libraries + DEPENDS:=+libunistring $(ICONV_DEPENDS) $(INTL_DEPENDS) + TITLE:=International domain name library (IDNA2008, Punycode and TR46) + URL:=https://www.gnu.org/software/libidn/#libidn2 +endef + +define Package/libidn2/description +$(call Package/idn2/Default/description) + + Library only package + +endef + +CONFIGURE_ARGS += \ + --disable-rpath \ + --disable-doc + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/idn2.h $(1)/usr/include + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.{la,so}* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libidn2.pc $(1)/usr/lib/pkgconfig/ +endef + +define Package/idn2/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ +endef + +define Package/libidn2/install + $(INSTALL_DIR) $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,idn2)) +$(eval $(call BuildPackage,libidn2)) diff --git a/package/lean/luci-app-adbyby-plus/Makefile b/package/lean/luci-app-adbyby-plus/Makefile new file mode 100644 index 000000000..5e5f006c3 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/Makefile @@ -0,0 +1,18 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for Adbyby +LUCI_DEPENDS:=+adbyby +wget +ipset +coreutils +coreutils-nohup +dnsmasq-full +LUCI_PKGARCH:=all +PKG_NAME:=luci-app-adbyby-plus +PKG_VERSION:=2.0 +PKG_RELEASE:=32 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + diff --git a/package/lean/luci-app-adbyby-plus/luasrc/controller/adbyby.lua b/package/lean/luci-app-adbyby-plus/luasrc/controller/adbyby.lua new file mode 100644 index 000000000..9d986d344 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/luasrc/controller/adbyby.lua @@ -0,0 +1,18 @@ + +module("luci.controller.adbyby", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/adbyby") then + return + end + + entry({"admin", "services", "adbyby"}, cbi("adbyby"), _("ADBYBY Plus +"), 10).dependent = true + entry({"admin","services","adbyby","status"},call("act_status")).leaf=true +end + +function act_status() + local e={} + e.running=luci.sys.call("pgrep adbyby >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-adbyby-plus/luasrc/model/cbi/adbyby.lua b/package/lean/luci-app-adbyby-plus/luasrc/model/cbi/adbyby.lua new file mode 100644 index 000000000..963f9e90f --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/luasrc/model/cbi/adbyby.lua @@ -0,0 +1,178 @@ + +local NXFS = require "nixio.fs" +local SYS = require "luci.sys" +local HTTP = require "luci.http" +local DISP = require "luci.dispatcher" + +m = Map("adbyby") +m.title = translate("Adbyby Plus +") +m.description = translate("Adbyby Plus + can filter all kinds of banners, popups, video ads, and prevent tracking, privacy theft and a variety of malicious websites
Plus + version combination mode can operation with Adblock Plus Host锛宖iltering ads without losing bandwidth") + +m:section(SimpleSection).template = "adbyby/adbyby_status" + +s = m:section(TypedSection, "adbyby") +s.anonymous = true + +s:tab("basic", translate("Base Setting")) + +o = s:taboption("basic", Flag, "enable") +o.title = translate("Enable") +o.default = 0 +o.rmempty = false + +o = s:taboption("basic", ListValue, "wan_mode") +o.title = translate("Running Mode") +o:value("0", translate("Global Mode锛圱he slowest, the best effects锛")) +o:value("1", translate("Plus + Mode锛團ilter domain name list and blacklist website.Recommended锛")) +o:value("2", translate("No filter Mode (Must set in Client Filter Mode Settings manually)")) +o.default = 1 +o.rmempty = false + +mem = s:taboption("basic", Flag, "mem_mode") +mem.title = translate("RAM Running Mode") +mem.default = 1 +mem.rmempty = false +mem.description = translate("Running Adbyby in RAM.More speed,less disk consumption") + +local DL = SYS.exec("head -1 /usr/share/adbyby/data/lazy.txt | awk -F' ' '{print $3,$4}'") +local DV = SYS.exec("head -1 /usr/share/adbyby/data/video.txt | awk -F' ' '{print $3,$4}'") +local NR = SYS.exec("grep -v '^!' /usr/share/adbyby/data/rules.txt | wc -l") +local NU = SYS.exec("cat /usr/share/adbyby/data/user.txt | wc -l") +--local NW = SYS.exec("uci get adbyby.@adbyby[-1].domain 2>/dev/null | wc -l") +local ND = SYS.exec("cat /usr/share/adbyby/dnsmasq.adblock | wc -l") + +o = s:taboption("basic", Button, "restart") +o.title = translate("Adbyby and Rule state") +o.inputtitle = translate("Restart Adbyby") +o.description = translate(string.format("Lazy Rule锛%s   Video Rule锛%s
Third Party Subscription Rule锛%d lines  User-defined Rule锛%d lines", DL, DV, math.abs(NR-NU), NR)) +o.inputstyle = "reload" +o.write = function() + SYS.call("nohup sh /usr/share/adbyby/adupdate.sh > /tmp/adupdate.log 2>&1 &") + SYS.call("sleep 4") + HTTP.redirect(DISP.build_url("admin", "services", "adbyby")) +end + +s:tab("advanced", translate("Advance Setting")) + +o = s:taboption("advanced", Flag, "cron_mode") +o.title = translate("Update the rule at 6 a.m. every morning and restart adbyby") +o.default = 0 +o.rmempty = false +o.description = translate(string.format("Adblock Plus Host List锛 %s Lines

", ND)) + +updatead = s:taboption("advanced", Button, "updatead", translate("Manually force update
Adblock Plus Host List"), translate("Note: It needs to download and convert the rules. The background process may takes 60-120 seconds to run.
After completed it would automatically refresh, please do not duplicate click!")) +updatead.inputtitle = translate("Manually force update") +updatead.inputstyle = "apply" +updatead.write = function() + SYS.call("nohup sh /usr/share/adbyby/adblock.sh > /tmp/adupdate.log 2>&1 &") +end + +o = s:taboption("advanced", Flag, "update_source") +o.title = translate("Update adbyby rules form official website first") +o.default = 1 +o.rmempty = false + +o = s:taboption("advanced", Flag, "block_ios") +o.title = translate("Block Apple iOS OTA update") +o.default = 0 +o.rmempty = false + +s:tab("help", translate("Plus+ Domain List")) + +local conf = "/usr/share/adbyby/adhost.conf" +o = s:taboption("help", TextValue, "conf") +o.description = translate("锛!锛塏ote that you should fill to the domain name ONLY. For example, http://www.baidu.com only needs to write to baidu.com. One line for each") +o.rows = 13 +o.wrap = "off" +o.cfgvalue = function(self, section) + return NXFS.readfile(conf) or "" +end +o.write = function(self, section, value) + NXFS.writefile(conf, value:gsub("\r\n", "\n")) + --SYS.call("/etc/init.d/adbyby restart") +end + +s:tab("esc", translate("Bypass Domain List")) + +local escconf = "/usr/share/adbyby/adesc.conf" +o = s:taboption("esc", TextValue, "escconf") +o.description = translate("锛!锛塛ill Never filter these Domain") +o.rows = 13 +o.wrap = "off" +o.cfgvalue = function(self, section) + return NXFS.readfile(escconf) or "" +end +o.write = function(self, section, value) + NXFS.writefile(escconf, value:gsub("\r\n", "\n")) + --SYS.call("/etc/init.d/adbyby restart") +end + +s:tab("black", translate("Black Domain List")) + +local blackconf = "/usr/share/adbyby/adblack.conf" +o = s:taboption("black", TextValue, "blackconf") +o.description = translate("锛!锛塛ill Always block these Domain") +o.rows = 13 +o.wrap = "off" +o.cfgvalue = function(self, section) + return NXFS.readfile(blackconf) or "" +end +o.write = function(self, section, value) + NXFS.writefile(blackconf, value:gsub("\r\n", "\n")) + --SYS.call("/etc/init.d/adbyby restart") +end + +s:tab("block", translate("Black IP List")) + +local blockconf = "/usr/share/adbyby/blockip.conf" +o = s:taboption("block", TextValue, "blockconf") +o.description = translate("锛!锛塛ill Always block these IP") +o.rows = 13 +o.wrap = "off" +o.cfgvalue = function(self, section) + return NXFS.readfile(blockconf) or " " +end +o.write = function(self, section, value) + NXFS.writefile(blockconf, value:gsub("\r\n", "\n")) + --SYS.call("/etc/init.d/adbyby restart") +end + +s:tab("user", translate("User-defined Rule")) + +local file = "/usr/share/adbyby/rules.txt" +o = s:taboption("user", TextValue, "rules") +o.description = translate("Each line of the beginning exclamation mark is considered an annotation.") +o.rows = 13 +o.wrap = "off" +o.cfgvalue = function(self, section) + return NXFS.readfile(file) or "" +end +o.write = function(self, section, value) + NXFS.writefile(file, value:gsub("\r\n", "\n")) +end + +t=m:section(TypedSection,"acl_rule",translate("Client Filter Mode Settings"), +translate("Filter mode settings can be set to specific LAN clients ( No filter , Global filter ) . Does not need to be set by default.")) +t.template="cbi/tblsection" +t.sortable=true +t.anonymous=true +t.addremove=true + +e=t:option(Value,"ipaddr",translate("IP Address")) +e.width="40%" +e.datatype="ip4addr" +e.placeholder="0.0.0.0/0" +luci.ip.neighbors({ family = 4 }, function(entry) + if entry.reachable then + e:value(entry.dest:string()) + end +end) + +e=t:option(ListValue,"filter_mode",translate("Filter Mode")) +e.width="40%" +e.default="disable" +e.rmempty=false +e:value("disable",translate("No filter")) +e:value("global",translate("Global filter")) + +return m diff --git a/package/lean/luci-app-adbyby-plus/luasrc/view/adbyby/adbyby_status.htm b/package/lean/luci-app-adbyby-plus/luasrc/view/adbyby/adbyby_status.htm new file mode 100644 index 000000000..8191b63a6 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/luasrc/view/adbyby/adbyby_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
\ No newline at end of file diff --git a/package/lean/luci-app-adbyby-plus/po/zh-cn/adbyby.po b/package/lean/luci-app-adbyby-plus/po/zh-cn/adbyby.po new file mode 100644 index 000000000..b0842860c --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/po/zh-cn/adbyby.po @@ -0,0 +1,125 @@ +msgid "ADBYBY Plus +" +msgstr "骞垮憡灞忚斀澶у笀 Plus+" + +msgid "Adbyby Plus + is Running" +msgstr "骞垮憡灞忚斀澶у笀 Plus + 姝e湪杩愯" + +msgid "Adbyby Plus + is Not Running" +msgstr "骞垮憡灞忚斀澶у笀 Plus + 娌℃湁杩愯" + +msgid "Adbyby Plus + can filter all kinds of banners, popups, video ads, and prevent tracking, privacy theft and a variety of malicious websites
Plus + version combination mode can operation with Adblock Plus Host锛宖iltering ads without losing bandwidth" +msgstr "骞垮憡灞忚斀澶у笀 Plus + 鍙互鍏ㄩ潰杩囨护鍚勭妯箙銆佸脊绐椼佽棰戝箍鍛婏紝鍚屾椂闃绘璺熻釜銆侀殣绉佺獌鍙栧強鍚勭鎭舵剰缃戠珯
Plus + 鐗堟湰鍙互鍜 Adblock Plus Host 缁撳悎鏂瑰紡杩愯锛岃繃婊ゅ箍鍛婁笉鎹熷け甯﹀" + +msgid "Adbyby Plus +" +msgstr "骞垮憡灞忚斀澶у笀 Plus+" + +msgid "Base Setting" +msgstr "鍩烘湰璁剧疆" + +msgid "Running Mode" +msgstr "杩愯妯″紡" + +msgid "Global Mode锛圱he slowest, the best effects锛" +msgstr "鍏ㄥ眬妯″紡锛堟渶鎱, 鏁堟灉鏈濂斤級" + +msgid "Plus + Mode锛團ilter domain name list and blacklist website.Recommended锛" +msgstr "Plus + 妯″紡锛堝彧杩囨护鍒楄〃鍐呭煙鍚嶇粨鍚圓BP鍚嶅崟銆傛帹鑽愶紒锛" + +msgid "No filter Mode (Must set in Client Filter Mode Settings manually)" +msgstr "鎵嬪姩浠g悊妯″紡锛堝繀椤绘墜鍔ㄨ缃祻瑙堝櫒浠g悊锛屾垨鑰呭鎴风杩囨护妯″紡璁剧疆锛" + +msgid "Transparent proxy" +msgstr "閫忔槑浠g悊" + +msgid "Click to disable" +msgstr "鐐瑰嚮鍏抽棴" + +msgid "Click to enable" +msgstr "鐐瑰嚮寮鍚" + +msgid "Adbyby and Rule state" +msgstr "瑙勫垯鐘舵" + +msgid "Restart Adbyby" +msgstr "閲嶅惎Adbyby" + +msgid "Plus+ Domain List" +msgstr "Plus+ 妯″紡杩囨护鐨勫煙鍚" + +msgid "Bypass Domain List" +msgstr "鍩熷悕鐧藉悕鍗" + +msgid "Black Domain List" +msgstr "鍩熷悕榛戝悕鍗" + +msgid "Black IP List" +msgstr "IP榛戝悕鍗" + + +msgid "Advance Setting" +msgstr "楂樼骇璁剧疆" + +msgid "Update the rule at 6 a.m. every morning and restart adbyby" +msgstr "姣忓ぉ鍑屾櫒6鐐规洿鏂拌鍒欏苟閲嶅惎" + +msgid "Manually force update
Adblock Plus Host List" +msgstr "鎵嬪姩寮哄埗鏇存柊
Adblock Plus Host List" + +msgid "Manually force update" +msgstr "鎵嬪姩寮哄埗鏇存柊" + +msgid "Block Apple iOS OTA update" +msgstr "鎷︽埅 Apple iOS 鐨凮TA鏇存柊" + +msgid "RAM Running Mode" +msgstr "鍐呭瓨杩愯妯″紡" + +msgid "Running Adbyby in RAM.More speed,less disk consumption" +msgstr "鍦ㄥ唴瀛樹腑杩愯Adbyby銆傛洿蹇殑閫熷害锛屾洿灏戠殑瀛樺偍绌洪棿鎹熻" + + +msgid "User-defined Rule" +msgstr "鐢ㄦ埛鑷畾涔夎鍒" + +msgid "Client Filter Mode Settings" +msgstr "瀹㈡埛绔繃婊ゆā寮忚缃" + +msgid "Filter mode settings can be set to specific LAN clients ( No filter , Global filter ) . Does not need to be set by default." +msgstr "鍙互涓哄眬鍩熺綉瀹㈡埛绔垎鍒缃笉鍚岀殑杩囨护妯″紡 ( 涓嶈繃婊 , 鍏ㄥ眬杩囨护 ) 銆傞粯璁ゆ棤闇璁剧疆" + +msgid "IP Address" +msgstr "IP鍦板潃" + +msgid "Filter Mode" +msgstr "杩囨护妯″紡" + +msgid "锛!锛塏ote that you should fill to the domain name ONLY. For example, http://www.baidu.com only needs to write to baidu.com. One line for each" +msgstr "杩欎簺鍩熷悕鍦 Plus 妯″紡涓細琚繃婊ゃ備綘闇瑕佽濉啓鍩熷悕鍗冲彲锛屼緥濡 http://www.baidu.com锛屼綘鍐 baidu.com 鍗冲彲銆傛瘡琛屼竴涓煙鍚" + +msgid "锛!锛塛ill Never filter these Domain" +msgstr "姘镐笉杩囨护鐧藉悕鍗曞唴鐨勫煙鍚嶏紙鎵鏈夋ā寮忎腑鐢熸晥锛" + +msgid "锛!锛塛ill Always block these Domain" +msgstr "鎷︽埅榛戝悕鍗曞唴鐨勫煙鍚嶏紙鎵鏈夋ā寮忎腑鐢熸晥锛" + +msgid "锛!锛塛ill Always block these IP" +msgstr "鎷︽埅榛戝悕鍗曞唴鐨処P鍦板潃锛堟墍鏈夋ā寮忎腑鐢熸晥锛" + +msgid "Each line of the beginning exclamation mark is considered an annotation." +msgstr "姣忚涓鏉¤鍒欙紝鎰熷徆鍙峰紑澶寸殑琚涓烘槸娉ㄩ噴" + +msgid "Adblock Plus Host List锛" +msgstr "Adblock Plus Host 鍒楄〃锛" + +msgid "Note: It needs to download and convert the rules. The background process may takes 60-120 seconds to run.
After completed it would automatically refresh, please do not duplicate click!" +msgstr "娉ㄦ剰锛氶渶瑕佷笅杞藉苟杞崲瑙勫垯銆傚悗鍙拌繘绋嬪彲鑳介渶瑕60-120绉掕繍琛屻傚畬鎴愬悗浼氳嚜鍔ㄥ埛鏂帮紝璇蜂笉瑕侀噸澶嶇偣鍑伙紒" + +msgid "No filter" +msgstr "涓嶈繃婊" + +msgid "Global filter" +msgstr "鍏ㄥ眬杩囨护" + +msgid "Update adbyby rules form official website first" +msgstr "浼樺厛浠庡畼鏂圭綉绔欐洿鏂拌鍒" + diff --git a/package/lean/luci-app-adbyby-plus/root/etc/config/adbyby b/package/lean/luci-app-adbyby-plus/root/etc/config/adbyby new file mode 100644 index 000000000..d2afc6ed7 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/etc/config/adbyby @@ -0,0 +1,11 @@ + +config adbyby + option daemon '2' + option lan_mode '0' + option cron_mode '1' + option block_ios '0' + option enable '0' + option wan_mode '1' + option mem_mode '1' + option update_source '1' + diff --git a/package/lean/luci-app-adbyby-plus/root/etc/init.d/adbyby b/package/lean/luci-app-adbyby-plus/root/etc/init.d/adbyby new file mode 100755 index 000000000..47147cee9 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/etc/init.d/adbyby @@ -0,0 +1,218 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=10 + +EXTRA_COMMANDS="add_rule del_rule reload_rule" +PROG_PATH=/usr/share/adbyby +DATA_PATH=$PROG_PATH/data +WAN_FILE=/var/etc/dnsmasq-adbyby.d/03-adbyby-ipset.conf +CRON_FILE=/etc/crontabs/root +CONFIG=adbyby +ipt_n="iptables -t nat" + + +get_config() +{ + config_get_bool enable $1 enable + config_get_bool cron_mode $1 cron_mode + config_get wan_mode $1 wan_mode + config_get_bool block_ios $1 block_ios 0 + config_get_bool mem_mode $1 mem_mode 1 +} + +add_rules() +{ + rm -f $DATA_PATH/user.bin + grep -v ^! $PROG_PATH/rules.txt > $DATA_PATH/user.txt + cp $PROG_PATH/rules.txt $DATA_PATH/rules.txt +} + + +add_cron() +{ + if [ $cron_mode -eq 1 ]; then + sed -i '/adblock.sh/d' $CRON_FILE + echo '0 6 * * * /usr/share/adbyby/adblock.sh > /tmp/adupdate.log 2>&1' >> $CRON_FILE + crontab $CRON_FILE + fi +} + +del_cron() +{ + sed -i '/adblock.sh/d' $CRON_FILE + /etc/init.d/cron restart +} + +ip_rule() +{ + + ipset -N adbyby_esc hash:ip + $ipt_n -A ADBYBY -m set --match-set adbyby_esc dst -j RETURN + + for i in $(seq 0 100) + do + local ip=$(uci_get_by_type acl_rule ipaddr '' $i) + local mode=$(uci_get_by_type acl_rule filter_mode '' $i) + case "$mode" in + disable) + $ipt_n -A ADBYBY -s $ip -j RETURN + ;; + global) + $ipt_n -A ADBYBY -s $ip -p tcp -j REDIRECT --to-ports 8118 + $ipt_n -A ADBYBY -s $ip -j RETURN + ;; + esac + done + + + + case $wan_mode in + 0) + ;; + 1) + ipset -N adbyby_wan hash:ip + $ipt_n -A ADBYBY -m set ! --match-set adbyby_wan dst -j RETURN + ;; + 2) + $ipt_n -I ADBYBY -j RETURN + ;; + esac + + echo "create blockip hash:net family inet hashsize 1024 maxelem 65536" > /tmp/blockip.ipset + awk '!/^$/&&!/^#/{printf("add blockip %s'" "'\n",$0)}' /usr/share/adbyby/blockip.conf >> /tmp/blockip.ipset + ipset -! restore < /tmp/blockip.ipset 2>/dev/null + iptables -I FORWARD -m set --match-set blockip dst -j DROP + iptables -I OUTPUT -m set --match-set blockip dst -j DROP +} + +add_dns() +{ + mkdir -p /var/etc/dnsmasq-adbyby.d + mkdir -p /tmp/dnsmasq.d + awk '!/^$/&&!/^#/{printf("ipset=/%s/'"adbyby_esc"'\n",$0)}' $PROG_PATH/adesc.conf > /var/etc/dnsmasq-adbyby.d/06-dnsmasq.esc + awk '!/^$/&&!/^#/{printf("address=/%s/'"0.0.0.0"'\n",$0)}' $PROG_PATH/adblack.conf > /var/etc/dnsmasq-adbyby.d/07-dnsmasq.black + cat > /tmp/dnsmasq.d/dnsmasq-adbyby.conf < $WAN_FILE + if ls /var/etc/dnsmasq-adbyby.d/* >/dev/null 2>&1; then + mkdir -p /tmp/dnsmasq.d + cp /usr/share/adbyby/dnsmasq.adblock /var/etc/dnsmasq-adbyby.d/04-dnsmasq.adblock + cp /usr/share/adbyby/dnsmasq.ads /var/etc/dnsmasq-adbyby.d/05-dnsmasq.ads + fi + fi + + sed -i '/mesu.apple.com/d' /etc/dnsmasq.conf && [ $block_ios -eq 1 ] && echo 'address=/mesu.apple.com/0.0.0.0' >> /etc/dnsmasq.conf +} + +del_dns() +{ + rm -f /tmp/dnsmasq.d/dnsmasq-adbyby.conf + rm -f /var/etc/dnsmasq-adbyby.d/* + rm -f /tmp/adbyby_host.conf +} + + +add_rule() +{ + $ipt_n -N ADBYBY + $ipt_n -A ADBYBY -d 0.0.0.0/8 -j RETURN + $ipt_n -A ADBYBY -d 10.0.0.0/8 -j RETURN + $ipt_n -A ADBYBY -d 127.0.0.0/8 -j RETURN + $ipt_n -A ADBYBY -d 169.254.0.0/16 -j RETURN + $ipt_n -A ADBYBY -d 172.16.0.0/12 -j RETURN + $ipt_n -A ADBYBY -d 192.168.0.0/16 -j RETURN + $ipt_n -A ADBYBY -d 224.0.0.0/4 -j RETURN + $ipt_n -A ADBYBY -d 240.0.0.0/4 -j RETURN + ip_rule + $ipt_n -A ADBYBY -p tcp -j REDIRECT --to-ports 8118 + $ipt_n -I PREROUTING -p tcp --dport 80 -j ADBYBY +} + +del_rule() +{ + $ipt_n -D PREROUTING -p tcp --dport 80 -j ADBYBY 2>/dev/null + $ipt_n -F ADBYBY 2>/dev/null + $ipt_n -X ADBYBY 2>/dev/null + iptables -D FORWARD -m set --match-set blockip dst -j DROP 2>/dev/null + iptables -D OUTPUT -m set --match-set blockip dst -j DROP 2>/dev/null + ipset -F adbyby_esc 2>/dev/null + ipset -X adbyby_esc 2>/dev/null + ipset -F adbyby_wan 2>/dev/null + ipset -X adbyby_wan 2>/dev/null + ipset -F blockip 2>/dev/null + ipset -X blockip 2>/dev/null +} + +reload_rule() +{ + config_load adbyby + config_foreach get_config adbyby + del_rule + iptables-save | grep ADBYBY >/dev/null || \ + add_rule +} + +start() +{ + config_load adbyby + config_foreach get_config adbyby + [ $enable -eq 0 ] && exit 0 + add_cron + if [ $mem_mode -eq 1 ]; then + echo "start mem mode" + if mount | grep adbyby >/dev/null 2>&1; then + echo "has mount" + else + echo "mount adbyby" + [ ! -d "/tmp/adbyby" ] && mkdir -p /tmp/adbyby && cp -a $PROG_PATH/data /tmp/adbyby/ + mount --bind /tmp/adbyby/data $PROG_PATH/data + fi + fi + echo "add adbyby rules" + add_rules + $PROG_PATH/adbyby &>/dev/null & + add_dns + iptables-save | grep ADBYBY >/dev/null || \ + add_rule + /etc/init.d/dnsmasq restart +} + +stop() +{ + config_load adbyby + config_foreach get_config adbyby + del_rule + del_cron + del_dns + killall -q adbyby + if [ $mem_mode -eq 1 ]; then + echo "stop mem mode" + if mount | grep adbyby >/dev/null 2>&1; then + echo "umount adbyby" + umount /usr/share/adbyby/data + fi + fi + /etc/init.d/dnsmasq restart +} + + +uci_get_by_name() { + local ret=$(uci get $CONFIG.$1.$2 2>/dev/null) + echo ${ret:=$3} +} + +uci_get_by_type() { + local index=0 + if [ -n $4 ]; then + + index=$4 + fi + local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null) + echo ${ret:=$3} +} + diff --git a/package/lean/luci-app-adbyby-plus/root/etc/ppp/ip-up.d/adrulesup.sh b/package/lean/luci-app-adbyby-plus/root/etc/ppp/ip-up.d/adrulesup.sh new file mode 100755 index 000000000..683123e3a --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/etc/ppp/ip-up.d/adrulesup.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +sleep 30 && sh /usr/share/adbyby/adupdate.sh diff --git a/package/lean/luci-app-adbyby-plus/root/etc/uci-defaults/adbyby b/package/lean/luci-app-adbyby-plus/root/etc/uci-defaults/adbyby new file mode 100755 index 000000000..fb4b36f39 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/etc/uci-defaults/adbyby @@ -0,0 +1,22 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@adbyby[-1] + add ucitrack adbyby + set ucitrack.@adbyby[-1].init=adbyby + commit ucitrack + delete firewall.adbyby + set firewall.adbyby=include + set firewall.adbyby.type=script + set firewall.adbyby.path=/usr/share/adbyby/firewall.include + set firewall.adbyby.reload=1 + commit firewall +EOF + +mkdir -p /etc/dnsmasq.d + +/etc/init.d/adbyby stop +/etc/init.d/adbyby enable + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adblack.conf b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adblack.conf new file mode 100644 index 000000000..a532f5825 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adblack.conf @@ -0,0 +1,14 @@ +gvod.aiseejapp.atianqi.com +stat.pandora.xiaomi.com +upgrade.mishop.pandora.xiaomi.com +logonext.tv.kuyun.com +config.kuyun.com +mishop.pandora.xiaomi.com +dvb.pandora.xiaomi.com +api.ad.xiaomi.com +de.pandora.xiaomi.com +data.mistat.xiaomi.com +jellyfish.pandora.xiaomi.com +gallery.pandora.xiaomi.com +o2o.api.xiaomi.com +bss.pandora.xiaomi.com diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adblock.sh b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adblock.sh new file mode 100755 index 000000000..ebe7b6e6a --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adblock.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +rm -f /tmp/dnsmasq.adblock + +wget-ssl --no-check-certificate -O- https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.adblock +if [ -s "/tmp/dnsmasq.adblock" ];then + sed -i '/youku.com/d' /tmp/dnsmasq.adblock + if ( ! cmp -s /tmp/dnsmasq.adblock /usr/share/adbyby/dnsmasq.adblock );then + mv /tmp/dnsmasq.adblock /usr/share/adbyby/dnsmasq.adblock + fi +fi + +sh /usr/share/adbyby/adupdate.sh + + + + diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adesc.conf b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adesc.conf new file mode 100644 index 000000000..c5898a128 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adesc.conf @@ -0,0 +1,3 @@ +weixin.qq.com +qpic.cn +imtt.qq.com diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adhost.conf b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adhost.conf new file mode 100644 index 000000000..d14a7c50c --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adhost.conf @@ -0,0 +1,69 @@ +cbjs.baidu.com +list.video.baidu.com +nsclick.baidu.com +play.baidu.com +sclick.baidu.com +tieba.baidu.com +baidustatic.com +bdimg.com +bdstatic.com +share.baidu.com +hm.baidu.com +v.baidu.com +cpro.baidu.com +1000fr.net +atianqi.com +56.com +v-56.com +acfun.com +acfun.tv +baofeng.com +baofeng.net +cntv.cn +hoopchina.com.cn +funshion.com +fun.tv +hitvs.cn +hljtv.com +iqiyi.com +qiyi.com +agn.aty.sohu.com +itc.cn +kankan.com +ku6.com +letv.com +letvcloud.com +letvimg.com +pplive.cn +pps.tv +ppsimg.com +pptv.com +www.qq.com +l.qq.com +v.qq.com +video.sina.com.cn +tudou.com +wasu.cn +analytics-union.xunlei.com +kankan.xunlei.com +youku.com +hunantv.com +ifeng.com +renren.com +mediav.com +cnbeta.com +mydrivers.com +168f.info +doubleclick.net +126.net +sohu.com +163.com +right.com.cn +50bang.org +you85.cn +jiuzhilan.com +googles.com +cnbetacdn.com +ptqy.gitv.tv +admaster.com.cn +serving-sys.com \ No newline at end of file diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adupdate.sh b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adupdate.sh new file mode 100755 index 000000000..0b8b617e6 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/adupdate.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +update_source=$(uci get adbyby.@adbyby[0].update_source 2>/dev/null) + +rm -f /usr/share/adbyby/data/*.bak + +if [ $update_source -eq 1 ]; then + #wget-ssl -t 1 -T 10 -O /tmp/lazy.txt http://update.adbyby.com/rule3/lazy.jpg + #wget-ssl -t 1 -T 10 -O /tmp/video.txt http://update.adbyby.com/rule3/video.jpg + #wget-ssl -t 1 -T 10 -O /tmp/user.action http://update.adbyby.com/rule3/user.action + wget-ssl --no-check-certificate -t 1 -T 10 -O /tmp/lazy.txt https://opt.cn2qq.com/opt-file/lazy.txt + wget-ssl --no-check-certificate -t 1 -T 10 -O /tmp/video.txt https://opt.cn2qq.com/opt-file/video.txt +fi + +[ ! -s "/tmp/lazy.txt" ] && wget-ssl --no-check-certificate -O /tmp/lazy.txt https://raw.githubusercontent.com/adbyby/xwhyc-rules/master/lazy.txt +[ ! -s "/tmp/video.txt" ] && wget-ssl --no-check-certificate -O /tmp/video.txt https://raw.githubusercontent.com/adbyby/xwhyc-rules/master/video.txt + +[ -s "/tmp/lazy.txt" ] && ( ! cmp -s /tmp/lazy.txt /usr/share/adbyby/data/lazy.txt ) && mv /tmp/lazy.txt /usr/share/adbyby/data/lazy.txt +[ -s "/tmp/video.txt" ] && ( ! cmp -s /tmp/video.txt /usr/share/adbyby/data/video.txt ) && mv /tmp/video.txt /usr/share/adbyby/data/video.txt +[ -s "/tmp/user.action" ] && ( ! cmp -s /tmp/user.action /usr/share/adbyby/user.action ) && mv /tmp/user.action /usr/share/adbyby/user.action + +rm -f /tmp/lazy.txt /tmp/video.txt /tmp/user.action + +/etc/init.d/adbyby restart diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/blockip.conf b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/blockip.conf new file mode 100644 index 000000000..55cb84b53 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/blockip.conf @@ -0,0 +1 @@ +2.2.2.2 diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.adblock b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.adblock new file mode 100644 index 000000000..6f0950609 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.adblock @@ -0,0 +1,940 @@ +address=/a.youdao.com/0.0.0.0 +address=/adrs.sdo.com/0.0.0.0 +address=/hiad.myweb.hinet.net/0.0.0.0 +address=/log.interest.mix.sina.com.cn/0.0.0.0 +address=/tuiguang.178.com/0.0.0.0 +address=/0xxd.com/0.0.0.0 +address=/104.195.62.12/0.0.0.0 +address=/111.175.219.7/0.0.0.0 +address=/111111qb.com/0.0.0.0 +address=/112.124.98.75/0.0.0.0 +address=/116.55.227.242/0.0.0.0 +address=/122.227.254.195/0.0.0.0 +address=/123hala.com/0.0.0.0 +address=/139.159.32.82/0.0.0.0 +address=/182.92.81.104/0.0.0.0 +address=/1l1.cc/0.0.0.0 +address=/201071.com/0.0.0.0 +address=/2012ui.com/0.0.0.0 +address=/211.167.105.131/0.0.0.0 +address=/220.115.251.25/0.0.0.0 +address=/221.204.213.222/0.0.0.0 +address=/2m2n.com/0.0.0.0 +address=/360baidus.com/0.0.0.0 +address=/365bibi.com/0.0.0.0 +address=/365safego.com/0.0.0.0 +address=/366safego.com/0.0.0.0 +address=/36pn.com/0.0.0.0 +address=/3g.990.net/0.0.0.0 +address=/52kmk.com/0.0.0.0 +address=/58.215.179.159/0.0.0.0 +address=/61.152.223.15/0.0.0.0 +address=/68665565.com/0.0.0.0 +address=/6dvip.com/0.0.0.0 +address=/71sem.com/0.0.0.0 +address=/77power.com/0.0.0.0 +address=/7wen.cn/0.0.0.0 +address=/7xz3.com/0.0.0.0 +address=/81c.cn/0.0.0.0 +address=/85tgw.com/0.0.0.0 +address=/88rpg.net/0.0.0.0 +address=/892155.com/0.0.0.0 +address=/91ysa.com/0.0.0.0 +address=/91zgm.com/0.0.0.0 +address=/9377co.com/0.0.0.0 +address=/9377os.com/0.0.0.0 +address=/a907907.com/0.0.0.0 +address=/ad000000.com/0.0.0.0 +address=/adm-cnzz.net/0.0.0.0 +address=/ads.uc.cn/0.0.0.0 +address=/ajaxcdn.org/0.0.0.0 +address=/aliyuncss.com/0.0.0.0 +address=/aliyunxin.com/0.0.0.0 +address=/amazingmagics.com/0.0.0.0 +address=/aralego.com/0.0.0.0 +address=/at98.com/0.0.0.0 +address=/cangnews.com/0.0.0.0 +address=/caob5.info/0.0.0.0 +address=/cb.baidu.com/0.0.0.0 +address=/cbjs.baidu.com/0.0.0.0 +address=/cnxad.net/0.0.0.0 +address=/cnzz.com.so/0.0.0.0 +address=/code668.com/0.0.0.0 +address=/cpcv.cc/0.0.0.0 +address=/cpms.cc/0.0.0.0 +address=/cpro.baidu.com/0.0.0.0 +address=/cpro.baidustatic.com/0.0.0.0 +address=/cpv6.com/0.0.0.0 +address=/cpva.cc/0.0.0.0 +address=/crdrjs.info/0.0.0.0 +address=/csqiulong.com/0.0.0.0 +address=/ctsywy.com/0.0.0.0 +address=/cyacc.com/0.0.0.0 +address=/czpush.com/0.0.0.0 +address=/dashet.com/0.0.0.0 +address=/datafastguru.info/0.0.0.0 +address=/dou777.com/0.0.0.0 +address=/drmcmm.baidu.com/0.0.0.0 +address=/duiwai.baidu.com/0.0.0.0 +address=/dvr8.com/0.0.0.0 +address=/dw998.com/0.0.0.0 +address=/dxssiyi.com/0.0.0.0 +address=/e701.net/0.0.0.0 +address=/e70123.com/0.0.0.0 +address=/e708.net/0.0.0.0 +address=/e719.net/0.0.0.0 +address=/ecuc123.net/0.0.0.0 +address=/eiv.baidu.com/0.0.0.0 +address=/f1190.com/0.0.0.0 +address=/f6ce.com/0.0.0.0 +address=/f70123.com/0.0.0.0 +address=/fd7c.com/0.0.0.0 +address=/fjmeyer.com/0.0.0.0 +address=/fu68.com/0.0.0.0 +address=/fv99.com/0.0.0.0 +address=/gf108.com/0.0.0.0 +address=/gf1352.com/0.0.0.0 +address=/gm682.com/0.0.0.0 +address=/guduopu.com/0.0.0.0 +address=/gzmjnx.cn/0.0.0.0 +address=/gzqudou.com/0.0.0.0 +address=/hao123rt.com/0.0.0.0 +address=/haohaowan8.com/0.0.0.0 +address=/haolew.com/0.0.0.0 +address=/hfjuki.com/0.0.0.0 +address=/hmp33.com/0.0.0.0 +address=/hr44.com/0.0.0.0 +address=/humanding.com/0.0.0.0 +address=/i3818.com/0.0.0.0 +address=/ihualun.com/0.0.0.0 +address=/img80.net/0.0.0.0 +address=/jczzjx.com/0.0.0.0 +address=/jdlhg.com/0.0.0.0 +address=/jhzl001.com/0.0.0.0 +address=/jiyou2014.com/0.0.0.0 +address=/jk939.com/0.0.0.0 +address=/jlssbz.com/0.0.0.0 +address=/jnrsjm.com/0.0.0.0 +address=/johtzj.com/0.0.0.0 +address=/jwqj.net/0.0.0.0 +address=/jxjzny.com/0.0.0.0 +address=/keyyou.net/0.0.0.0 +address=/kingwam.com/0.0.0.0 +address=/kmadou.com/0.0.0.0 +address=/ku9377.com/0.0.0.0 +address=/lajizhan.org/0.0.0.0 +address=/le4le.com/0.0.0.0 +address=/lishuanghao.com/0.0.0.0 +address=/lzmm8.com/0.0.0.0 +address=/mainbx.com/0.0.0.0 +address=/mathads.com/0.0.0.0 +address=/mlt01.com/0.0.0.0 +address=/moodoocrv.com.cn/0.0.0.0 +address=/mscimg.com/0.0.0.0 +address=/nextcps.com/0.0.0.0 +address=/niuxgame77.com/0.0.0.0 +address=/notice.uchome.manyou.com/0.0.0.0 +address=/oikxlcv.wang/0.0.0.0 +address=/okm918.com/0.0.0.0 +address=/p3tt.com/0.0.0.0 +address=/pdsjycm.com/0.0.0.0 +address=/pos.baidu.com/0.0.0.0 +address=/qiqiww.com/0.0.0.0 +address=/qucaigg.com/0.0.0.0 +address=/re.taotaosou.com/0.0.0.0 +address=/ruxianke.com/0.0.0.0 +address=/rwjfs.com/0.0.0.0 +address=/sgbfjs.info/0.0.0.0 +address=/sharedaddomain.com/0.0.0.0 +address=/show.kc.taotaosou.com/0.0.0.0 +address=/si9377.com/0.0.0.0 +address=/socdm.com/0.0.0.0 +address=/spcode.baidu.com/0.0.0.0 +address=/sstc360.com/0.0.0.0 +address=/t70123.com/0.0.0.0 +address=/taat00889.com/0.0.0.0 +address=/tad.suning.com/0.0.0.0 +address=/tc600.com/0.0.0.0 +address=/tdayi.com/0.0.0.0 +address=/tg.1155t.cn/0.0.0.0 +address=/toourbb.com/0.0.0.0 +address=/ubmcmm.baidustatic.com/0.0.0.0 +address=/uoyrsd.com/0.0.0.0 +address=/v707070.com/0.0.0.0 +address=/victorjx.com/0.0.0.0 +address=/w65p.com/0.0.0.0 +address=/wdzsb.com.cn/0.0.0.0 +address=/winvestern.com.cn/0.0.0.0 +address=/wqsph.net/0.0.0.0 +address=/ws341.com/0.0.0.0 +address=/xa9t.com/0.0.0.0 +address=/xabaitai.com/0.0.0.0 +address=/xchgx.com/0.0.0.0 +address=/xcy8.com/0.0.0.0 +address=/xtxa.net/0.0.0.0 +address=/xxad.cc/0.0.0.0 +address=/xzyituo.com/0.0.0.0 +address=/yk0712.com/0.0.0.0 +address=/ymcqb.com/0.0.0.0 +address=/yqw88.com/0.0.0.0 +address=/yule8.net/0.0.0.0 +address=/yyp17.com/0.0.0.0 +address=/zgksb.com/0.0.0.0 +address=/zgunion.cn/0.0.0.0 +address=/zp22938576.com/0.0.0.0 +address=/120.27.34.156/0.0.0.0 +address=/122.228.236.165/0.0.0.0 +address=/125.46.61.28/0.0.0.0 +address=/192.184.10.171/0.0.0.0 +address=/218.65.30.232/0.0.0.0 +address=/27.255.67.120/0.0.0.0 +address=/32345sf.com/0.0.0.0 +address=/360safego.com/0.0.0.0 +address=/3dm.huya.com/0.0.0.0 +address=/5y9nfpes.52pk.com/0.0.0.0 +address=/654mmm.com/0.0.0.0 +address=/6d245gxt.52pk.com/0.0.0.0 +address=/7mad.7m.cn/0.0.0.0 +address=/801.tianyaui.com/0.0.0.0 +address=/86file.megajoy.com/0.0.0.0 +address=/8jkx.com/0.0.0.0 +address=/96.43.97.243/0.0.0.0 +address=/a-m-s.poco.cn/0.0.0.0 +address=/a.baomihua.com/0.0.0.0 +address=/a.xizi.com/0.0.0.0 +address=/a2.b310.com/0.0.0.0 +address=/a4.yeshj.com/0.0.0.0 +address=/a5.yeshj.com/0.0.0.0 +address=/a6.hujiang.com/0.0.0.0 +address=/abc.hkepc.com/0.0.0.0 +address=/acsystem.wasu.cn/0.0.0.0 +address=/ad.17173.com/0.0.0.0 +address=/ad.bjmama.net/0.0.0.0 +address=/adadmin.house365.com/0.0.0.0 +address=/add.dz19.net/0.0.0.0 +address=/adf.dahe.cn/0.0.0.0 +address=/adhome.1fangchan.com/0.0.0.0 +address=/adk.funshion.com/0.0.0.0 +address=/adm.265g.com/0.0.0.0 +address=/adm.72zx.com/0.0.0.0 +address=/adm.86wan.com/0.0.0.0 +address=/adm.bbcss.com/0.0.0.0 +address=/adm.funshion.com/0.0.0.0 +address=/adm.jjj8.cn/0.0.0.0 +address=/adm.qzbbs.com/0.0.0.0 +address=/adm.xmfish.com/0.0.0.0 +address=/adm.zbinfo.net/0.0.0.0 +address=/adm.zzfish.cn/0.0.0.0 +address=/admd.yam.com/0.0.0.0 +address=/adnetpub.yaolan.com/0.0.0.0 +address=/adp.cnool.net/0.0.0.0 +address=/adpub.yaolan.com/0.0.0.0 +address=/adpubs.yaolan.com/0.0.0.0 +address=/adsclick.yx.js.cn/0.0.0.0 +address=/adspending01.bwnet.com.tw/0.0.0.0 +address=/afp.chinanews.com/0.0.0.0 +address=/afp.wasu.cn/0.0.0.0 +address=/afpcreative.wasu.cn/0.0.0.0 +address=/ai.bioon.com/0.0.0.0 +address=/aid.chinayk.com/0.0.0.0 +address=/am.6park.com/0.0.0.0 +address=/am.szhome.com/0.0.0.0 +address=/app.acm.dzwww.com/0.0.0.0 +address=/as.sinahk.net/0.0.0.0 +address=/ashow.pcpop.com/0.0.0.0 +address=/bb345.com/0.0.0.0 +address=/besc.baidustatic.com/0.0.0.0 +address=/biz.gexing.com/0.0.0.0 +address=/biz.weibo.com/0.0.0.0 +address=/btn.onlylady.com/0.0.0.0 +address=/btn.pchome.net/0.0.0.0 +address=/business.92wy.com/0.0.0.0 +address=/by.7avz.com/0.0.0.0 +address=/cacafly.net/0.0.0.0 +address=/cachead.com/0.0.0.0 +address=/cdn.wdlm.cn/0.0.0.0 +address=/chidir.com/0.0.0.0 +address=/cps.okbuy.com/0.0.0.0 +address=/d.107788.com/0.0.0.0 +address=/d.taomato.com/0.0.0.0 +address=/d0.xcar.com.cn/0.0.0.0 +address=/dd.xdnice.com/0.0.0.0 +address=/de.as.pptv.com/0.0.0.0 +address=/dfad.dfdaily.com/0.0.0.0 +address=/dg.073img.com/0.0.0.0 +address=/doubleclick.tv002.com/0.0.0.0 +address=/dvs.china.com/0.0.0.0 +address=/dvser.china.com/0.0.0.0 +address=/e.yycqc.com/0.0.0.0 +address=/eap.big5.enorth.com.cn/0.0.0.0 +address=/eap.enorth.com.cn/0.0.0.0 +address=/ebp.renren.com/0.0.0.0 +address=/ecma.bdimg.com/0.0.0.0 +address=/ecmb.bdimg.com/0.0.0.0 +address=/fun.ynet.com/0.0.0.0 +address=/g.gxorg.com/0.0.0.0 +address=/g.hsw.cn/0.0.0.0 +address=/g.ousns.net/0.0.0.0 +address=/g1.0573ren.com/0.0.0.0 +address=/g2.ousns.net/0.0.0.0 +address=/ganjituiguang.ganji.com/0.0.0.0 +address=/gdt.qq.com/0.0.0.0 +address=/get.766.com/0.0.0.0 +address=/gg.0598yu.com/0.0.0.0 +address=/gg.18183.com/0.0.0.0 +address=/gg.cs090.com/0.0.0.0 +address=/gg.gao7.com/0.0.0.0 +address=/gg.kugou.com/0.0.0.0 +address=/gg.sonhoo.com/0.0.0.0 +address=/gg.yxdown.com/0.0.0.0 +address=/ggg.zj.com/0.0.0.0 +address=/ggw.gusuwang.com/0.0.0.0 +address=/ggw.watertu.com/0.0.0.0 +address=/ggyq.xdkb.net/0.0.0.0 +address=/go.hangzhou.com.cn/0.0.0.0 +address=/goto.www.iciba.com/0.0.0.0 +address=/gqgc.sz.zj.cn/0.0.0.0 +address=/groupa.onlylady.com/0.0.0.0 +address=/gsspcln.jp/0.0.0.0 +address=/gt.yy.com/0.0.0.0 +address=/guess.h.qhimg.com/0.0.0.0 +address=/haxiu.miaotiao.com/0.0.0.0 +address=/hdad.baike.com/0.0.0.0 +address=/hiad.vmall.com/0.0.0.0 +address=/hz.shouyoutv.com/0.0.0.0 +address=/hzhyhm.com/0.0.0.0 +address=/i.syasn.com/0.0.0.0 +address=/iads.xinmin.cn/0.0.0.0 +address=/idcot.com/0.0.0.0 +address=/ifx.aifang.com/0.0.0.0 +address=/image.6park.com/0.0.0.0 +address=/image.9duw.com/0.0.0.0 +address=/image.hh010.com/0.0.0.0 +address=/image.lepan.cc/0.0.0.0 +address=/images.chinaz.com/0.0.0.0 +address=/images.gxsky.com/0.0.0.0 +address=/img.3sjt.com/0.0.0.0 +address=/img.9duw.com/0.0.0.0 +address=/img1.126.net/0.0.0.0 +address=/img2.126.net/0.0.0.0 +address=/img2.www.fmdisk.com/0.0.0.0 +address=/inte.sogou.com/0.0.0.0 +address=/iwanad.baidu.com/0.0.0.0 +address=/j.6avz.com/0.0.0.0 +address=/j.7avz.com/0.0.0.0 +address=/ja.gamersky.com/0.0.0.0 +address=/jmsyzj.com/0.0.0.0 +address=/js-1.pchome.net/0.0.0.0 +address=/js.duotegame.com/0.0.0.0 +address=/js.leshen.com/0.0.0.0 +address=/js.pub.tom.com/0.0.0.0 +address=/js.youxi369.com/0.0.0.0 +address=/jxad.jx163.com/0.0.0.0 +address=/knnwdyou.com/0.0.0.0 +address=/leiqun.snxyf.com/0.0.0.0 +address=/life.e0575.com/0.0.0.0 +address=/lingdian98.com/0.0.0.0 +address=/link.fobshanghai.com/0.0.0.0 +address=/lxting.com/0.0.0.0 +address=/m.aty.sohu.com/0.0.0.0 +address=/manads.static.olcdn.com/0.0.0.0 +address=/manage.wdfans.cn/0.0.0.0 +address=/market.178.com/0.0.0.0 +address=/market.21cn.com/0.0.0.0 +address=/market.duowan.com/0.0.0.0 +address=/media.cheshi-img.com/0.0.0.0 +address=/money.qz828.com/0.0.0.0 +address=/myad.toocle.com/0.0.0.0 +address=/ok.432kkk.com/0.0.0.0 +address=/p.szonline.net/0.0.0.0 +address=/p.zol-img.com.cn/0.0.0.0 +address=/p4p.sina.com.cn/0.0.0.0 +address=/p8u.hinet.net/0.0.0.0 +address=/panda.kdnet.net/0.0.0.0 +address=/pcs1.app.joy.cn/0.0.0.0 +address=/phpad.cqnews.net/0.0.0.0 +address=/pic.0597kk.com/0.0.0.0 +address=/pic.111cn.net/0.0.0.0 +address=/pic.2u.com.cn/0.0.0.0 +address=/pic.ea3w.com/0.0.0.0 +address=/pic.fengniao.com/0.0.0.0 +address=/pic.taian.com/0.0.0.0 +address=/pic.xgo-img.com.cn/0.0.0.0 +address=/playad.xjmg.com/0.0.0.0 +address=/poster.weather.com.cn/0.0.0.0 +address=/pp.7060.la/0.0.0.0 +address=/pro.iweihai.cn/0.0.0.0 +address=/pub.funshion.com/0.0.0.0 +address=/pub.mop.com/0.0.0.0 +address=/publicize.liao1.com/0.0.0.0 +address=/publish.ad.youth.cn/0.0.0.0 +address=/res.hunantv.com/0.0.0.0 +address=/rh.qq.com/0.0.0.0 +address=/same.chinadaily.com.cn/0.0.0.0 +address=/same.eastmoney.com/0.0.0.0 +address=/same.stockstar.com/0.0.0.0 +address=/sc.tom.com/0.0.0.0 +address=/sgg.southcn.com/0.0.0.0 +address=/share.gzdsw.com/0.0.0.0 +address=/shenleyuni.com/0.0.0.0 +address=/shows.21cn.com/0.0.0.0 +address=/so.6949.com/0.0.0.0 +address=/sss.sege.xxx/0.0.0.0 +address=/static.yujiehenaishang.com/0.0.0.0 +address=/sub.powerapple.com/0.0.0.0 +address=/super.cat898.com/0.0.0.0 +address=/super.kdnet.net/0.0.0.0 +address=/synacast.com/0.0.0.0 +address=/tf.360.cn/0.0.0.0 +address=/tg.delnapb.com/0.0.0.0 +address=/tk.504pk.com/0.0.0.0 +address=/tp.sgcn.com/0.0.0.0 +address=/u.63kc.com/0.0.0.0 +address=/u.cnzol.com/0.0.0.0 +address=/union.china.com.cn/0.0.0.0 +address=/untitled.dwstatic.com/0.0.0.0 +address=/up.hiao.com/0.0.0.0 +address=/v-56.com/0.0.0.0 +address=/vas.funshion.com/0.0.0.0 +address=/vupload.duowan.com/0.0.0.0 +address=/web.900.la/0.0.0.0 +address=/xc.macd.cn/0.0.0.0 +address=/xs.houyi.baofeng.net/0.0.0.0 +address=/yktj.yzz.cn/0.0.0.0 +address=/zo66.com/0.0.0.0 +address=/zt2088.com/0.0.0.0 +address=/146.148.85.61/0.0.0.0 +address=/hdapp1003-a.akamaihd.net/0.0.0.0 +address=/hdapp1008-a.akamaihd.net/0.0.0.0 +address=/hdsrc-a.akamaihd.net/0.0.0.0 +address=/46.165.197.153/0.0.0.0 +address=/46.165.197.231/0.0.0.0 +address=/74.117.182.77/0.0.0.0 +address=/78.140.131.214/0.0.0.0 +address=/clkrev.com/0.0.0.0 +address=/a.livesportmedia.eu/0.0.0.0 +address=/a.ucoz.net/0.0.0.0 +address=/a.watershed-publishing.com/0.0.0.0 +address=/a04296f070c0146f314d-0dcad72565cb350972beb3666a86f246.r50.cf5.rackcdn.com/0.0.0.0 +address=/ad.about.co.kr/0.0.0.0 +address=/ad.accessmediaproductions.com/0.0.0.0 +address=/ad.bitmedia.io/0.0.0.0 +address=/ad.flux.com/0.0.0.0 +address=/ad.foxnetworks.com/0.0.0.0 +address=/ad.icasthq.com/0.0.0.0 +address=/ad.idgtn.net/0.0.0.0 +address=/ad.jamba.net/0.0.0.0 +address=/ad.livere.co.kr/0.0.0.0 +address=/ad.mail.ru/0.0.0.0 +address=/ad.mesomorphosis.com/0.0.0.0 +address=/ad.openmultimedia.biz/0.0.0.0 +address=/ad.outsidehub.com/0.0.0.0 +address=/ad.pickple.net/0.0.0.0 +address=/ad.proxy.sh/0.0.0.0 +address=/ad.r.worldssl.net/0.0.0.0 +address=/ad.rambler.ru/0.0.0.0 +address=/ad.reklamport.com/0.0.0.0 +address=/ad.sensismediasmart.com.au/0.0.0.0 +address=/ad.smartclip.net/0.0.0.0 +address=/ad.spielothek.so/0.0.0.0 +address=/ad.vidaroo.com/0.0.0.0 +address=/ad.winningpartner.com/0.0.0.0 +address=/add.bugun.com.tr/0.0.0.0 +address=/adingo.jp.eimg.jp/0.0.0.0 +address=/adn.ebay.com/0.0.0.0 +address=/adplus.goo.mx/0.0.0.0 +address=/ads.mp.mydas.mobi/0.0.0.0 +address=/adscaspion.appspot.com/0.0.0.0 +address=/adss.dotdo.net/0.0.0.0 +address=/adz.zwee.ly/0.0.0.0 +address=/aff.eteachergroup.com/0.0.0.0 +address=/aff.marathonbet.com/0.0.0.0 +address=/aff.svjump.com/0.0.0.0 +address=/affil.mupromo.com/0.0.0.0 +address=/affiliateprogram.keywordspy.com/0.0.0.0 +address=/affiliates.allposters.com/0.0.0.0 +address=/affiliatesmedia.sbobet.com/0.0.0.0 +address=/affiliation.fotovista.com/0.0.0.0 +address=/agenda.complex.com/0.0.0.0 +address=/airpushmarketing.s3.amazonaws.com/0.0.0.0 +address=/ais.abacast.com/0.0.0.0 +address=/analytics.disneyinternational.com/0.0.0.0 +address=/ard.ihookup.com/0.0.0.0 +address=/award.sitekeuring.net/0.0.0.0 +address=/b.babylon.com/0.0.0.0 +address=/b.livesport.eu/0.0.0.0 +address=/b92.putniktravel.com/0.0.0.0 +address=/banner.101xp.com/0.0.0.0 +address=/banner.3ddownloads.com/0.0.0.0 +address=/banner.europacasino.com/0.0.0.0 +address=/banner.telefragged.com/0.0.0.0 +address=/banner.titancasino.com/0.0.0.0 +address=/bl.wavecdn.de/0.0.0.0 +address=/blamads-assets.s3.amazonaws.com/0.0.0.0 +address=/bluhostedbanners.blucigs.com/0.0.0.0 +address=/box.anchorfree.net/0.0.0.0 +address=/btr.domywife.com/0.0.0.0 +address=/c.netu.tv/0.0.0.0 +address=/cas.clickability.com/0.0.0.0 +address=/cash.neweramediaworks.com/0.0.0.0 +address=/cerebral.typn.com/0.0.0.0 +address=/cjmooter.xcache.kinxcdn.com/0.0.0.0 +address=/clarity.abacast.com/0.0.0.0 +address=/click.eyk.net/0.0.0.0 +address=/clickstrip.6wav.es/0.0.0.0 +address=/connect.summit.co.uk/0.0.0.0 +address=/content.livesportmedia.eu/0.0.0.0 +address=/cpm.amateurcommunity.de/0.0.0.0 +address=/creatives.inmotionhosting.com/0.0.0.0 +address=/creatives.summitconnect.co.uk/0.0.0.0 +address=/d13czkep7ax7nj.cloudfront.net/0.0.0.0 +address=/d140sbu1b1m3h0.cloudfront.net/0.0.0.0 +address=/d15565yqt7pv7r.cloudfront.net/0.0.0.0 +address=/d15gt9gwxw5wu0.cloudfront.net/0.0.0.0 +address=/d17f2fxw547952.cloudfront.net/0.0.0.0 +address=/d19972r8wdpby8.cloudfront.net/0.0.0.0 +address=/d1ade4ciw4bqyc.cloudfront.net/0.0.0.0 +address=/d1cl1sqtf3o420.cloudfront.net/0.0.0.0 +address=/d1d95giojjkirt.cloudfront.net/0.0.0.0 +address=/d1ep3cn6qx0l3z.cloudfront.net/0.0.0.0 +address=/d1ey3fksimezm4.cloudfront.net/0.0.0.0 +address=/d1fo96xm8fci0r.cloudfront.net/0.0.0.0 +address=/d1gojtoka5qi10.cloudfront.net/0.0.0.0 +address=/d1k74lgicilrr3.cloudfront.net/0.0.0.0 +address=/d1noellhv8fksc.cloudfront.net/0.0.0.0 +address=/d1pcttwib15k25.cloudfront.net/0.0.0.0 +address=/d1pdpbxj733bb1.cloudfront.net/0.0.0.0 +address=/d1spb7fplenrp4.cloudfront.net/0.0.0.0 +address=/d1vbm0eveofcle.cloudfront.net/0.0.0.0 +address=/d1zgderxoe1a.cloudfront.net/0.0.0.0 +address=/d23guct4biwna6.cloudfront.net/0.0.0.0 +address=/d23nyyb6dc29z6.cloudfront.net/0.0.0.0 +address=/d25ruj6ht8bs1.cloudfront.net/0.0.0.0 +address=/d25xkbr68qqtcn.cloudfront.net/0.0.0.0 +address=/d26dzd2k67we08.cloudfront.net/0.0.0.0 +address=/d26j9bp9bq4uhd.cloudfront.net/0.0.0.0 +address=/d26wy0pxd3qqpv.cloudfront.net/0.0.0.0 +address=/d27jt7xr4fq3e8.cloudfront.net/0.0.0.0 +address=/d287x05ve9a63s.cloudfront.net/0.0.0.0 +address=/d29r6igjpnoykg.cloudfront.net/0.0.0.0 +address=/d2anfhdgjxf8s1.cloudfront.net/0.0.0.0 +address=/d2b2x1ywompm1b.cloudfront.net/0.0.0.0 +address=/d2b65ihpmocv7w.cloudfront.net/0.0.0.0 +address=/d2bgg7rjywcwsy.cloudfront.net/0.0.0.0 +address=/d2cxkkxhecdzsq.cloudfront.net/0.0.0.0 +address=/d2d2lbvq8xirbs.cloudfront.net/0.0.0.0 +address=/d2dxgm96wvaa5j.cloudfront.net/0.0.0.0 +address=/d2gpgaupalra1d.cloudfront.net/0.0.0.0 +address=/d2gtlljtkeiyzd.cloudfront.net/0.0.0.0 +address=/d2gz6iop9uxobu.cloudfront.net/0.0.0.0 +address=/d2hap2bsh1k9lw.cloudfront.net/0.0.0.0 +address=/d2ipklohrie3lo.cloudfront.net/0.0.0.0 +address=/d2mic0r0bo3i6z.cloudfront.net/0.0.0.0 +address=/d2mq0uzafv8ytp.cloudfront.net/0.0.0.0 +address=/d2nlytvx51ywh9.cloudfront.net/0.0.0.0 +address=/d2o307dm5mqftz.cloudfront.net/0.0.0.0 +address=/d2oallm7wrqvmi.cloudfront.net/0.0.0.0 +address=/d2omcicc3a4zlg.cloudfront.net/0.0.0.0 +address=/d2pgy8h4i30on1.cloudfront.net/0.0.0.0 +address=/d2plxos94peuwp.cloudfront.net/0.0.0.0 +address=/d2r359adnh3sfn.cloudfront.net/0.0.0.0 +address=/d2s64zaa9ua7uv.cloudfront.net/0.0.0.0 +address=/d2tgev5wuprbqq.cloudfront.net/0.0.0.0 +address=/d2tnimpzlb191i.cloudfront.net/0.0.0.0 +address=/d2ubicnllnnszy.cloudfront.net/0.0.0.0 +address=/d2ue9k1rhsumed.cloudfront.net/0.0.0.0 +address=/d2v4glj2m8yzg5.cloudfront.net/0.0.0.0 +address=/d2v9ajh2eysdau.cloudfront.net/0.0.0.0 +address=/d2vt6q0n0iy66w.cloudfront.net/0.0.0.0 +address=/d2yhukq7vldf1u.cloudfront.net/0.0.0.0 +address=/d2z1smm3i01tnr.cloudfront.net/0.0.0.0 +address=/d31807xkria1x4.cloudfront.net/0.0.0.0 +address=/d32pxqbknuxsuy.cloudfront.net/0.0.0.0 +address=/d33f10u0pfpplc.cloudfront.net/0.0.0.0 +address=/d33otidwg56k90.cloudfront.net/0.0.0.0 +address=/d34obr29voew8l.cloudfront.net/0.0.0.0 +address=/d34rdvn2ky3gnm.cloudfront.net/0.0.0.0 +address=/d37kzqe5knnh6t.cloudfront.net/0.0.0.0 +address=/d38pxm3dmrdu6d.cloudfront.net/0.0.0.0 +address=/d38r21vtgndgb1.cloudfront.net/0.0.0.0 +address=/d39xqloz8t5a6x.cloudfront.net/0.0.0.0 +address=/d3bvcf24wln03d.cloudfront.net/0.0.0.0 +address=/d3dphmosjk9rot.cloudfront.net/0.0.0.0 +address=/d3f9mcik999dte.cloudfront.net/0.0.0.0 +address=/d3fzrm6pcer44x.cloudfront.net/0.0.0.0 +address=/d3irruagotonpp.cloudfront.net/0.0.0.0 +address=/d3iwjrnl4m67rd.cloudfront.net/0.0.0.0 +address=/d3lvr7yuk4uaui.cloudfront.net/0.0.0.0 +address=/d3lzezfa753mqu.cloudfront.net/0.0.0.0 +address=/d3m41swuqq4sv5.cloudfront.net/0.0.0.0 +address=/d3nvrqlo8rj1kw.cloudfront.net/0.0.0.0 +address=/d3p9ql8flgemg7.cloudfront.net/0.0.0.0 +address=/d3pkae9owd2lcf.cloudfront.net/0.0.0.0 +address=/d3q2dpprdsteo.cloudfront.net/0.0.0.0 +address=/d3qszud4qdthr8.cloudfront.net/0.0.0.0 +address=/d3t2wca0ou3lqz.cloudfront.net/0.0.0.0 +address=/d3t9ip55bsuxrf.cloudfront.net/0.0.0.0 +address=/d3tdefw8pwfkbk.cloudfront.net/0.0.0.0 +address=/d3vc1nm9xbncz5.cloudfront.net/0.0.0.0 +address=/d5pvnbpawsaav.cloudfront.net/0.0.0.0 +address=/d6bdy3eto8fyu.cloudfront.net/0.0.0.0 +address=/d8qy7md4cj3gz.cloudfront.net/0.0.0.0 +address=/dal9hkyfi0m0n.cloudfront.net/0.0.0.0 +address=/dart.clearchannel.com/0.0.0.0 +address=/dasfdasfasdf.no-ip.info/0.0.0.0 +address=/data.neuroxmedia.com/0.0.0.0 +address=/dbam.dashbida.com/0.0.0.0 +address=/ddwht76d9jvfl.cloudfront.net/0.0.0.0 +address=/dew9ckzjyt2gn.cloudfront.net/0.0.0.0 +address=/dff7tx5c2qbxc.cloudfront.net/0.0.0.0 +address=/display.digitalriver.com/0.0.0.0 +address=/disy2s34euyqm.cloudfront.net/0.0.0.0 +address=/dizixdllzznrf.cloudfront.net/0.0.0.0 +address=/djlf5xdlz7m8m.cloudfront.net/0.0.0.0 +address=/dkd69bwkvrht1.cloudfront.net/0.0.0.0 +address=/dkdwv3lcby5zi.cloudfront.net/0.0.0.0 +address=/dl392qndlveq0.cloudfront.net/0.0.0.0 +address=/dl5v5atodo7gn.cloudfront.net/0.0.0.0 +address=/dlupv9uqtjlie.cloudfront.net/0.0.0.0 +address=/dm0acvguygm9h.cloudfront.net/0.0.0.0 +address=/dm8srf206hien.cloudfront.net/0.0.0.0 +address=/dp51h10v6ggpa.cloudfront.net/0.0.0.0 +address=/dpsq2uzakdgqz.cloudfront.net/0.0.0.0 +address=/dq2tgxnc2knif.cloudfront.net/0.0.0.0 +address=/dqhi3ea93ztgv.cloudfront.net/0.0.0.0 +address=/dr8pk6ovub897.cloudfront.net/0.0.0.0 +address=/duct5ntjian71.cloudfront.net/0.0.0.0 +address=/dvf2u7vwmkr5w.cloudfront.net/0.0.0.0 +address=/dvt4pepo9om3r.cloudfront.net/0.0.0.0 +address=/dx5qvhwg92mjd.cloudfront.net/0.0.0.0 +address=/dxq6c0tx3v6mm.cloudfront.net/0.0.0.0 +address=/dxqd86uz345mg.cloudfront.net/0.0.0.0 +address=/dy48bnzanqw0v.cloudfront.net/0.0.0.0 +address=/dycpc40hvg4ki.cloudfront.net/0.0.0.0 +address=/dyl3p6so5yozo.cloudfront.net/0.0.0.0 +address=/epowernetworktrackerimages.s3.amazonaws.com/0.0.0.0 +address=/euwidget.imshopping.com/0.0.0.0 +address=/events.kalooga.com/0.0.0.0 +address=/ext.theglobalweb.com/0.0.0.0 +address=/feeds.logicbuy.com/0.0.0.0 +address=/ft.pnop.com/0.0.0.0 +address=/gateway.fortunelounge.com/0.0.0.0 +address=/gateways.s3.amazonaws.com/0.0.0.0 +address=/geo.connexionsecure.com/0.0.0.0 +address=/geobanner.friendfinder.com/0.0.0.0 +address=/geobanner.passion.com/0.0.0.0 +address=/gfaf-banners.s3.amazonaws.com/0.0.0.0 +address=/homad-global-configs.schneevonmorgen.com/0.0.0.0 +address=/im.ov.yahoo.co.jp/0.0.0.0 +address=/ima3vpaid.appspot.com/0.0.0.0 +address=/indieclick.3janecdn.com/0.0.0.0 +address=/inskin.vo.llnwd.net/0.0.0.0 +address=/k2team.kyiv.ua/0.0.0.0 +address=/mads.aol.com/0.0.0.0 +address=/marketing.888.com/0.0.0.0 +address=/mb.zam.com/0.0.0.0 +address=/mozo-widgets.f2.com.au/0.0.0.0 +address=/network.aufeminin.com/0.0.0.0 +address=/network.business.com/0.0.0.0 +address=/oclasrv.comindex-2.htmlapu.php/0.0.0.0 +address=/odin.goo.mx/0.0.0.0 +address=/on.maxspeedcdn.com/0.0.0.0 +address=/ox-i.cordillera.tv/0.0.0.0 +address=/partner.bargaindomains.com/0.0.0.0 +address=/partner.catchy.com/0.0.0.0 +address=/partner.premiumdomains.com/0.0.0.0 +address=/partnerads.ysm.yahoo.com/0.0.0.0 +address=/partnerads1.ysm.yahoo.com/0.0.0.0 +address=/partners.fshealth.com/0.0.0.0 +address=/partners.optiontide.com/0.0.0.0 +address=/partners.rochen.com/0.0.0.0 +address=/partners.sportingbet.com.au/0.0.0.0 +address=/partners.vouchedfor.co.uk/0.0.0.0 +address=/partners.xpertmarket.com/0.0.0.0 +address=/priceinfo.comuv.com/0.0.0.0 +address=/promos.fling.com/0.0.0.0 +address=/promote.pair.com/0.0.0.0 +address=/promotions.iasbet.com/0.0.0.0 +address=/pub.betclick.com/0.0.0.0 +address=/pubs.hiddennetwork.com/0.0.0.0 +address=/rack.bauermedia.co.uk/0.0.0.0 +address=/res3.feedsportal.com/0.0.0.0 +address=/revealads.appspot.com/0.0.0.0 +address=/rotabanner.kulichki.net/0.0.0.0 +address=/rotator.tradetracker.net/0.0.0.0 +address=/s-yoolk-banner-assets.yoolk.com/0.0.0.0 +address=/s-yoolk-billboard-assets.yoolk.com/0.0.0.0 +address=/secretmedia.s3.amazonaws.com/0.0.0.0 +address=/servedby.keygamesnetwork.com/0.0.0.0 +address=/sitescout-video-cdn.edgesuite.net/0.0.0.0 +address=/slot.union.ucweb.com/0.0.0.0 +address=/smart.styria-digital.com/0.0.0.0 +address=/squarespace.evyy.net/0.0.0.0 +address=/stats.hosting24.com/0.0.0.0 +address=/stats.sitesuite.org/0.0.0.0 +address=/stuff-nzwhistleout.s3.amazonaws.com/0.0.0.0 +address=/survey.g.doubleclick.net/0.0.0.0 +address=/syndication.jsadapi.com/0.0.0.0 +address=/syndication1.viraladnetwork.net/0.0.0.0 +address=/tap.more-results.net/0.0.0.0 +address=/ti.tradetracker.net/0.0.0.0 +address=/track.bcvcmedia.com/0.0.0.0 +address=/twinplan.com/0.0.0.0 +address=/vendor1.fitschigogerl.com/0.0.0.0 +address=/web-jp.ad-v.jp/0.0.0.0 +address=/whistleout.s3.amazonaws.com/0.0.0.0 +address=/widget.crowdignite.com/0.0.0.0 +address=/widget.kelkoo.com/0.0.0.0 +address=/widget.raaze.com/0.0.0.0 +address=/widget.searchschoolsnetwork.com/0.0.0.0 +address=/widget.shopstyle.com.au/0.0.0.0 +address=/widget.solarquotes.com.au/0.0.0.0 +address=/widgets.realestate.com.au/0.0.0.0 +address=/wtpn.twenga.co.uk/0.0.0.0 +address=/wtpn.twenga.de/0.0.0.0 +address=/yb.torchbrowser.com/0.0.0.0 +address=/yeas.yahoo.co.jp/0.0.0.0 +address=/zapads.zapak.com/0.0.0.0 +address=/zeus.qj.net/0.0.0.0 +address=/iadc.qwapi.com/0.0.0.0 +address=/d1nmk7iw7hajjn.cloudfront.net/0.0.0.0 +address=/ad.duga.jp/0.0.0.0 +address=/ad.iloveinterracial.com/0.0.0.0 +address=/ads.videosz.com/0.0.0.0 +address=/affiliates.thrixxx.com/0.0.0.0 +address=/ard.sweetdiscreet.com/0.0.0.0 +address=/bannershotlink.perfectgonzo.com/0.0.0.0 +address=/blaaaa12.googlecode.com/0.0.0.0 +address=/br.blackfling.com/0.0.0.0 +address=/br.fling.com/0.0.0.0 +address=/br.realitykings.com/0.0.0.0 +address=/cpm.amateurcommunity.com/0.0.0.0 +address=/dailyvideo.securejoin.com/0.0.0.0 +address=/desk.cmix.org/0.0.0.0 +address=/feeds.videosz.com/0.0.0.0 +address=/ff.nsg.org.ua/0.0.0.0 +address=/freexxxvideoclip.aebn.net/0.0.0.0 +address=/geo.cliphunter.com/0.0.0.0 +address=/geo.frtya.com/0.0.0.0 +address=/geobanner.adultfriendfinder.com/0.0.0.0 +address=/geobanner.alt.com/0.0.0.0 +address=/geobanner.socialflirt.com/0.0.0.0 +address=/partners.pornerbros.com/0.0.0.0 +address=/s1magnettvcom.maynemyltf.netdna-cdn.com/0.0.0.0 +address=/surv.xbizmedia.com/0.0.0.0 +address=/sweet.game-rust.ru/0.0.0.0 +address=/widgets.comcontent.net/0.0.0.0 +address=/widgetssec.cam-content.com/0.0.0.0 +address=/a.cdngeek.net/0.0.0.0 +address=/a.clipconverter.cc/0.0.0.0 +address=/a.giantrealm.com/0.0.0.0 +address=/a.i-sgcm.com/0.0.0.0 +address=/a.kat.cr/0.0.0.0 +address=/a.kickass.to/0.0.0.0 +address=/a.lolwot.com/0.0.0.0 +address=/ac2.msn.com/0.0.0.0 +address=/access.njherald.com/0.0.0.0 +address=/ad.cooks.com/0.0.0.0 +address=/ad.digitimes.com.tw/0.0.0.0 +address=/ad.directmirror.com/0.0.0.0 +address=/ad.download.cnet.com/0.0.0.0 +address=/ad.evozi.com/0.0.0.0 +address=/ad.fnnews.com/0.0.0.0 +address=/ad.jamster.com/0.0.0.0 +address=/ad.lyricswire.com/0.0.0.0 +address=/ad.mangareader.net/0.0.0.0 +address=/ad.newegg.com/0.0.0.0 +address=/ad.pandora.tv/0.0.0.0 +address=/ad.reachlocal.com/0.0.0.0 +address=/ad.search.ch/0.0.0.0 +address=/ad.services.distractify.com/0.0.0.0 +address=/adcitrus.com/0.0.0.0 +address=/addirector.vindicosuite.com/0.0.0.0 +address=/adds.weatherology.com/0.0.0.0 +address=/adlink.shopsafe.co.nz/0.0.0.0 +address=/admeta.vo.llnwd.net/0.0.0.0 +address=/ads-rolandgarros.com/0.0.0.0 +address=/ads.pof.com/0.0.0.0 +address=/ads.yahoo.com/0.0.0.0 +address=/ads.zynga.com/0.0.0.0 +address=/adsatt.abcnews.starwave.com/0.0.0.0 +address=/adsatt.espn.starwave.com/0.0.0.0 +address=/adshare.freedocast.com/0.0.0.0 +address=/adsor.openrunner.com/0.0.0.0 +address=/adss.yahoo.com/0.0.0.0 +address=/adstil.indiatimes.com/0.0.0.0 +address=/adtest.theonion.com/0.0.0.0 +address=/advertise.twitpic.com/0.0.0.0 +address=/advice-ads-cdn.vice.com/0.0.0.0 +address=/adx.kat.ph/0.0.0.0 +address=/aff.lmgtfy.com/0.0.0.0 +address=/ajnad.aljazeera.net/0.0.0.0 +address=/amz.steamprices.com/0.0.0.0 +address=/analytics.mmosite.com/0.0.0.0 +address=/as.inbox.com/0.0.0.0 +address=/asd.projectfreetv.so/0.0.0.0 +address=/avpa.dzone.com/0.0.0.0 +address=/b.localpages.com/0.0.0.0 +address=/b.thefile.me/0.0.0.0 +address=/ba.ccm2.net/0.0.0.0 +address=/ba.kioskea.net/0.0.0.0 +address=/banner.automotiveworld.com/0.0.0.0 +address=/banner.itweb.co.za/0.0.0.0 +address=/banners.beevpn.com/0.0.0.0 +address=/banners.beted.com/0.0.0.0 +address=/banners.clubworldgroup.com/0.0.0.0 +address=/banners.expressindia.com/0.0.0.0 +address=/banners.i-comers.com/0.0.0.0 +address=/banners.itweb.co.za/0.0.0.0 +address=/banners.playocio.com/0.0.0.0 +address=/beap.gemini.yahoo.com/0.0.0.0 +address=/bizanti.youwatch.org/0.0.0.0 +address=/bnrs.ilm.ee/0.0.0.0 +address=/bwp.theinsider.com.com/0.0.0.0 +address=/cadvv.heraldm.com/0.0.0.0 +address=/cadvv.koreaherald.com/0.0.0.0 +address=/canvas.thenextweb.com/0.0.0.0 +address=/click.livedoor.com/0.0.0.0 +address=/clicks.superpages.com/0.0.0.0 +address=/cnetwidget.creativemark.co.uk/0.0.0.0 +address=/collector.viki.io/0.0.0.0 +address=/creatives.livejasmin.com/0.0.0.0 +address=/d.annarbor.com/0.0.0.0 +address=/d.businessinsider.com/0.0.0.0 +address=/d.gossipcenter.com/0.0.0.0 +address=/d.thelocal.com/0.0.0.0 +address=/dads.new.digg.com/0.0.0.0 +address=/dailydeals.amarillo.com/0.0.0.0 +address=/dailydeals.augustachronicle.com/0.0.0.0 +address=/dailydeals.brainerddispatch.com/0.0.0.0 +address=/dailydeals.lubbockonline.com/0.0.0.0 +address=/dailydeals.onlineathens.com/0.0.0.0 +address=/dailydeals.savannahnow.com/0.0.0.0 +address=/dcad.watersoul.com/0.0.0.0 +address=/deals.ledgertranscript.com/0.0.0.0 +address=/digdug.divxnetworks.com/0.0.0.0 +address=/display.superbay.net/0.0.0.0 +address=/dontblockme.modaco.com/0.0.0.0 +address=/ehow.com/media/ad.html/0.0.0.0 +address=/eva.ucas.com/0.0.0.0 +address=/fan.twitch.tv/0.0.0.0 +address=/fimserve.ign.com/0.0.0.0 +address=/findnsave.idahostatesman.com/0.0.0.0 +address=/g.brothersoft.com/0.0.0.0 +address=/gameads.digyourowngrave.com/0.0.0.0 +address=/geoshopping.nzherald.co.nz/0.0.0.0 +address=/get.thefile.me/0.0.0.0 +address=/gfx.infomine.com/0.0.0.0 +address=/green.virtual-nights.com/0.0.0.0 +address=/hejban.youwatch.org/0.0.0.0 +address=/ibanners.empoweredcomms.com.au/0.0.0.0 +address=/iframe.travel.yahoo.com/0.0.0.0 +address=/imads.rediff.com/0.0.0.0 +address=/kat-ads.torrenticity.com/0.0.0.0 +address=/keepthelighton.vpsboard.com/0.0.0.0 +address=/kermit.macnn.com/0.0.0.0 +address=/life.imagepix.org/0.0.0.0 +address=/ll.a.hulu.com/0.0.0.0 +address=/londonprivaterentals.standard.co.uk/0.0.0.0 +address=/looky.hyves.org/0.0.0.0 +address=/lw2.gamecopyworld.com/0.0.0.0 +address=/mads.dailymail.co.uk/0.0.0.0 +address=/marketingsolutions.yahoo.com/0.0.0.0 +address=/mb.hockeybuzz.com/0.0.0.0 +address=/mealsandsteals.sandiego6.com/0.0.0.0 +address=/media-delivery.armorgames.com/0.0.0.0 +address=/media-mgmt.armorgames.com/0.0.0.0 +address=/mediamgr.ugo.com/0.0.0.0 +address=/nest.youwatch.org/0.0.0.0 +address=/netspidermm.indiatimes.com/0.0.0.0 +address=/network.sofeminine.co.uk/0.0.0.0 +address=/noram.srv.ysm.yahoo.com/0.0.0.0 +address=/oas.autotrader.co.uk/0.0.0.0 +address=/oas.skyscanner.net/0.0.0.0 +address=/oasc07.citywire.co.uk/0.0.0.0 +address=/oascentral.chron.com/0.0.0.0 +address=/oascentral.hosted.ap.org/0.0.0.0 +address=/oascentral.newsmax.com/0.0.0.0 +address=/ox-d.rantsports.com/0.0.0.0 +address=/ox-d.sbnation.com/0.0.0.0 +address=/ox-d.wetransfer.com/0.0.0.0 +address=/ox.furaffinity.net/0.0.0.0 +address=/partners-z.com/0.0.0.0 +address=/photo.net/equipment/pg-160/0.0.0.0 +address=/player.1800coupon.com/0.0.0.0 +address=/player.1stcreditrepairs.com/0.0.0.0 +address=/player.800directories.com/0.0.0.0 +address=/player.accoona.com/0.0.0.0 +address=/player.alloutwedding.com/0.0.0.0 +address=/player.insuranceandhealth.com/0.0.0.0 +address=/pmm.people.com.cn/0.0.0.0 +address=/pop-over.powered-by.justplayzone.com/0.0.0.0 +address=/prerollads.ign.com/0.0.0.0 +address=/promo.fileforum.com/0.0.0.0 +address=/rad.microsoft.com/0.0.0.0 +address=/rad.msn.com/0.0.0.0 +address=/red.bayimg.net/0.0.0.0 +address=/redvase.bravenet.com/0.0.0.0 +address=/richmedia.yimg.com/0.0.0.0 +address=/roia.com/0.0.0.0 +address=/rpt.anchorfree.net/0.0.0.0 +address=/searchignited.com/0.0.0.0 +address=/sebar.thand.info/0.0.0.0 +address=/shoppingpartners2.futurenet.com/0.0.0.0 +address=/sponsors.s2ki.com/0.0.0.0 +address=/sponsors.webosroundup.com/0.0.0.0 +address=/srv.thespacereporter.com/0.0.0.0 +address=/storewidget.pcauthority.com.au/0.0.0.0 +address=/stream.heavenmedia.net/0.0.0.0 +address=/tanzanite.infomine.com/0.0.0.0 +address=/targetedinfo.com/0.0.0.0 +address=/targetedtopic.com/0.0.0.0 +address=/thejesperbay.com/0.0.0.0 +address=/themis.yahoo.com/0.0.0.0 +address=/tmcs.net/0.0.0.0 +address=/tom.itv.com/0.0.0.0 +address=/tracking.hostgator.com/0.0.0.0 +address=/ua.badongo.com/0.0.0.0 +address=/uimserv.net/0.0.0.0 +address=/unicast.ign.com/0.0.0.0 +address=/unicast.msn.com/0.0.0.0 +address=/verdict.abc.go.com/0.0.0.0 +address=/vice-ads-cdn.vice.com/0.0.0.0 +address=/w.homes.yahoo.net/0.0.0.0 +address=/webmaster.extabit.com/0.0.0.0 +address=/widget.directory.dailycommercial.com/0.0.0.0 +address=/x.castanet.net/0.0.0.0 +address=/yea.uploadimagex.com/0.0.0.0 +address=/yesbeby.whies.info/0.0.0.0 +address=/yrt7dgkf.exashare.com/0.0.0.0 +address=/ysm.yahoo.com/0.0.0.0 +address=/zads.care2.com/0.0.0.0 +address=/a.eporner.com/0.0.0.0 +address=/a.heavy-r.com/0.0.0.0 +address=/a.killergram-girls.com/0.0.0.0 +address=/ad.eporner.com/0.0.0.0 +address=/ad.slutload.com/0.0.0.0 +address=/ad.thisav.com/0.0.0.0 +address=/ad.userporn.com/0.0.0.0 +address=/ads.xxxbunker.com/0.0.0.0 +address=/affiliates.goodvibes.com/0.0.0.0 +address=/banner1.pornhost.com/0.0.0.0 +address=/banners.cams.com/0.0.0.0 +address=/bob.crazyshit.com/0.0.0.0 +address=/brcache.madthumbs.com/0.0.0.0 +address=/creatives.cliphunter.com/0.0.0.0 +address=/creatives.pichunter.com/0.0.0.0 +address=/dot.eporner.com/0.0.0.0 +address=/dot2.eporner.com/0.0.0.0 +address=/exit.macandbumble.com/0.0.0.0 +address=/lw1.cdmediaworld.com/0.0.0.0 +address=/m2.xhamster.com/0.0.0.0 +address=/partners.xhamster.com/0.0.0.0 +address=/pr-static.empflix.com/0.0.0.0 +address=/pr-static.tnaflix.com/0.0.0.0 +address=/r.radikal.ru/0.0.0.0 +address=/rev.fapdu.com/0.0.0.0 +address=/site.img.4tube.com/0.0.0.0 +address=/static.kinghost.com/0.0.0.0 +address=/x.eroticity.net/0.0.0.0 +address=/x.vipergirls.to/0.0.0.0 diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.ads b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.ads new file mode 100644 index 000000000..ec1a22189 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.ads @@ -0,0 +1,4 @@ +address=/p.tanx.com/0.0.0.0 +address=/googlesyndication.com/0.0.0.0 +address=/linkvans.com/0.0.0.0 +server=/valf.atm.youku.com/114.114.114.114 diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.esc b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.esc new file mode 100644 index 000000000..6cfd87056 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/dnsmasq.esc @@ -0,0 +1,3 @@ +ipset=/weixin.qq.com/adbyby_wan +ipset=/qpic.cn/adbyby_wan +ipset=/imtt.qq.com/adbyby_wan diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/firewall.include b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/firewall.include new file mode 100755 index 000000000..4dcec1e26 --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/firewall.include @@ -0,0 +1,16 @@ +#!/bin/sh + +if [ -f /tmp/blockip.ipset ];then + +adbyby_enable=$(uci get adbyby.@adbyby[0].enable) + +if [ $adbyby_enable -eq 1 ]; then + if pidof adbyby>/dev/null; then + /etc/init.d/adbyby reload_rule + else + /etc/init.d/adbyby restart + fi +fi + +fi + diff --git a/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/rules.txt b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/rules.txt new file mode 100644 index 000000000..5c44b0e8c --- /dev/null +++ b/package/lean/luci-app-adbyby-plus/root/usr/share/adbyby/rules.txt @@ -0,0 +1,15 @@ +! ------------------------------ ADByby 鑷畾涔夎繃婊よ娉曠畝琛--------------------------------- +! -------------- 瑙勫垯鍩轰簬abp瑙勫垯锛屽苟杩涜浜嗗瓧绗︽浛鎹㈤儴鍒嗙殑鎵╁睍----------------------------- +! ABP瑙勫垯璇峰弬鑰僪ttps://adblockplus.org/zh_CN/filters锛屼笅闈负澶ц嚧鎽樿 +! "!" 涓鸿娉ㄩ噴绗︼紝娉ㄩ噴琛屼互璇ョ鍙疯捣濮嬩綔涓轰竴琛屾敞閲婅涔夛紝鐢ㄤ簬瑙勫垯鎻忚堪 +! "*" 涓哄瓧绗﹂氶厤绗︼紝鑳藉鍖归厤0闀垮害鎴栦换鎰忛暱搴︾殑瀛楃涓诧紝璇ラ氶厤绗︿笉鑳戒笌姝e垯璇硶娣风敤銆 +! "^" 涓哄垎闅旂锛屽彲浠ユ槸闄や簡瀛楁瘝銆佹暟瀛楁垨鑰 _ - . % 涔嬪鐨勪换浣曞瓧绗︺ +! "|" 涓虹绾跨鍙凤紝鏉ヨ〃绀哄湴鍧鐨勬渶鍓嶇鎴栨渶鏈 +! "||" 涓哄瓙鍩熼氶厤绗︼紝鏂逛究鍖归厤涓诲煙鍚嶄笅鐨勬墍鏈夊瓙鍩熴 +! "~" 涓烘帓闄ゆ爣璇嗙锛岄氶厤绗﹁兘杩囨护澶у鏁板箍鍛婏紝浣嗗悓鏃跺瓨鍦ㄨ鏉, 鍙互閫氳繃鎺掗櫎鏍囪瘑绗︿慨姝h鏉閾炬帴銆 +! "##" 涓哄厓绱犻夋嫨鍣ㄦ爣璇嗙锛屽悗闈㈣窡闇瑕侀殣钘忓厓绱犵殑CSS鏍峰紡渚嬪 #ad_id .ad_class +!! 鍏冪礌闅愯棌鏆備笉鏀寔鍏ㄥ眬瑙勫垯鍜屾帓闄よ鍒 +!! 瀛楃鏇挎崲鎵╁睍 +! 鏂囨湰鏇挎崲閫夋嫨鍣ㄦ爣璇嗙锛屽悗闈㈣窡闇瑕佹浛鎹㈢殑鏂囨湰鏁版嵁锛屾牸寮忥細$s@妯″紡瀛楃涓睝鏇挎崲鍚庣殑鏂囨湰@ +! 鏀寔閫氶厤绗*鍜岋紵 +! ------------------------------------------------------------------------------------------- diff --git a/package/lean/luci-app-aliddns/Makefile b/package/lean/luci-app-aliddns/Makefile new file mode 100644 index 000000000..e3f10e5d2 --- /dev/null +++ b/package/lean/luci-app-aliddns/Makefile @@ -0,0 +1,19 @@ +# +# Copyright (C) 2008-2014 The LuCI Team +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI for Aliddns +LUCI_DEPENDS:=+wget +openssl-util +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=1 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-aliddns/luasrc/controller/aliddns.lua b/package/lean/luci-app-aliddns/luasrc/controller/aliddns.lua new file mode 100644 index 000000000..c62864560 --- /dev/null +++ b/package/lean/luci-app-aliddns/luasrc/controller/aliddns.lua @@ -0,0 +1,4 @@ +module("luci.controller.aliddns",package.seeall) +function index() +entry({"admin","services","aliddns"},cbi("aliddns"),_("Aliddns Client"),101) +end diff --git a/package/lean/luci-app-aliddns/luasrc/model/cbi/aliddns.lua b/package/lean/luci-app-aliddns/luasrc/model/cbi/aliddns.lua new file mode 100644 index 000000000..76b386ef8 --- /dev/null +++ b/package/lean/luci-app-aliddns/luasrc/model/cbi/aliddns.lua @@ -0,0 +1,52 @@ +local a=require"luci.sys" +local e=luci.model.uci.cursor() +local e=require"nixio.fs" +require("luci.sys") +local t,e,o +local m,s +t=Map("aliddns",translate("闃块噷DDNS瀹㈡埛绔"),translate("鍩轰簬闃块噷浜戣В鏋愮殑绉佷汉DDNS瑙e喅鏂规")) + +e=t:section(TypedSection,"base") +e.anonymous=true + +e:tab("basic", translate("璁剧疆")) + +enable=e:taboption("basic",Flag,"enable",translate("寮鍚"),translate("寮鍚垨鍏抽棴aliddns鍔ㄦ佸煙鍚")) +enable.rmempty=false +token=e:taboption("basic",Value,"app_key",translate("APP KEY")) +email=e:taboption("basic",Value,"app_secret",translate("APP SECRET")) +iface=e:taboption("basic",ListValue,"interface",translate("閫夋嫨澶栫綉鎺ュ彛"),translate("闄愬畾瑕佸姩鎬乤liddns鐨勫缃戞帴鍙o紝濡俻ppoe-wan")) +iface:value("",translate("閫夋嫨瑕佸姩鎬佹洿鏂扮殑澶栫綉鎺ュ彛")) +for t,e in ipairs(a.net.devices())do +if e~="lo"then iface:value(e)end +end +iface.rmempty=false +main=e:taboption("basic",Value,"main_domain",translate("涓诲煙鍚"),"鎯宠瑙f瀽鐨勪富鍩熷悕锛屼緥濡:baidu.com") +main.rmempty=false +sub=e:taboption("basic",Value,"sub_domain",translate("瀛愬煙鍚"),"鎯宠瑙f瀽鐨勫瓙鍩熷悕锛屼緥濡:test hehe") +sub.rmempty=false +time=e:taboption("basic",Value,"time",translate("妫鏌ユ椂闂"),"鍩熷悕妫鏌ユ椂闂达紝鍗曚綅鍒嗛挓锛岃寖鍥1-59") +time.rmempty=false + +e:tab("log", translate("鏇存柊璁板綍")) +--e=t:section(TypedSection,"base",translate("鏇存柊璁板綍")) +e.anonymous=true +local a="/var/log/aliddns.log" +tvlog=e:taboption("log",TextValue,"sylogtext") +tvlog.rows=14 +tvlog.readonly="readonly" +tvlog.wrap="off" +function tvlog.cfgvalue(e,e) +sylogtext="" +if a and nixio.fs.access(a)then +sylogtext=luci.sys.exec("tail -n 100 %s"%a) +end +return sylogtext +end +tvlog.write=function(e,e,e) +end +local e=luci.http.formvalue("cbi.apply") +if e then +io.popen("/etc/init.d/aliddns restart") +end +return t diff --git a/package/lean/luci-app-aliddns/po/zh-cn/aliddns.po b/package/lean/luci-app-aliddns/po/zh-cn/aliddns.po new file mode 100644 index 000000000..211e10d2c --- /dev/null +++ b/package/lean/luci-app-aliddns/po/zh-cn/aliddns.po @@ -0,0 +1,4 @@ +msgid "Aliddns Client" +msgstr "闃块噷DDNS瀹㈡埛绔" + + diff --git a/package/lean/luci-app-aliddns/root/etc/config/aliddns b/package/lean/luci-app-aliddns/root/etc/config/aliddns new file mode 100644 index 000000000..3dcd7e75a --- /dev/null +++ b/package/lean/luci-app-aliddns/root/etc/config/aliddns @@ -0,0 +1,10 @@ + +config base 'base' + option time '30' + option enable '0' + option app_key '1' + option app_secret '1' + option interface 'br-lan' + option main_domain '1.com' + option sub_domain '2' + diff --git a/package/lean/luci-app-aliddns/root/etc/init.d/aliddns b/package/lean/luci-app-aliddns/root/etc/init.d/aliddns new file mode 100755 index 000000000..93bb659e6 --- /dev/null +++ b/package/lean/luci-app-aliddns/root/etc/init.d/aliddns @@ -0,0 +1,18 @@ +#!/bin/sh /etc/rc.common + +START=80 + +restart() +{ + /usr/sbin/aliddns +} + +start() +{ + /usr/sbin/aliddns +} + +stop() +{ + /usr/sbin/aliddns +} diff --git a/package/lean/luci-app-aliddns/root/etc/uci-defaults/luci-app-aliddns b/package/lean/luci-app-aliddns/root/etc/uci-defaults/luci-app-aliddns new file mode 100755 index 000000000..c8dcb1e17 --- /dev/null +++ b/package/lean/luci-app-aliddns/root/etc/uci-defaults/luci-app-aliddns @@ -0,0 +1,5 @@ +#!/bin/sh + + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-aliddns/root/usr/sbin/aliddns b/package/lean/luci-app-aliddns/root/usr/sbin/aliddns new file mode 100755 index 000000000..7de6d904b --- /dev/null +++ b/package/lean/luci-app-aliddns/root/usr/sbin/aliddns @@ -0,0 +1,128 @@ +#!/bin/sh + +aliddns_ak=`uci get aliddns.base.app_key 2>/dev/null` +aliddns_sk=`uci get aliddns.base.app_secret 2>/dev/null` +aliddns_record_id=`uci get aliddns.base.record_id 2>/dev/null` +time=`uci get aliddns.base.time 2>/dev/null` +aliddns_enable=`uci get aliddns.base.enable` +aliddns_domain=`uci get aliddns.base.main_domain 2>/dev/null` +aliddns_name=`uci get aliddns.base.sub_domain 2>/dev/null` +interface=`uci get aliddns.base.interface 2>/dev/null` +DATE=$(date +'%Y-%m-%d %H:%M:%S') +timestamp=`date -u "+%Y-%m-%dT%H%%3A%M%%3A%SZ"` +ip=$(ifconfig $interface 2> /dev/null | grep 'inet addr' | awk '{print $2}' | cut -d: -f2 2>/dev/null) + +check_aliddns() { +#ip=`wget -qO- http://whatismyip.akamai.com/ 2>/dev/null` +#current_ip=`nslookup $aliddns_name.$aliddns_domain | grep "Address 1"|tail -n1|cut -d' ' -f3 2>/dev/null` +current_ip=`echo $query_result | sed 's/.*,"Value":"\([0-9\.]*\)",.*/\1/'` +echo "$DATE 褰撳墠璺敱IP: ${ip}" >> /var/log/aliddns.log +echo "$DATE 杩滅▼瑙f瀽IP: ${current_ip}" >> /var/log/aliddns.log +if [ "$ip" = "$current_ip" ] +then + echo "$DATE IP鏈敼鍙橈紝鏃犻渶鏇存柊" >> /var/log/aliddns.log + exit 0 + else + echo "$DATE 鏇存柊涓..." >> /var/log/aliddns.log +fi +} + +urlencode() { + # urlencode + + local length="${#1}" + i=0 + out="" + for i in $(awk "BEGIN { for ( i=0; i<$length; i++ ) { print i; } }") + do + local c="${1:$i:1}" + case $c in + [a-zA-Z0-9._-]) out="$out$c" ;; + *) out="$out`printf '%%%02X' "'$c"`" ;; + esac + i=$(($i + 1)) + done + echo -n $out +} + +send_request() { + local args="AccessKeyId=$aliddns_ak&Action=$1&Format=json&$2&Version=2015-01-09" + local hash=$(urlencode $(echo -n "GET&%2F&$(urlencode $args)" | openssl dgst -sha1 -hmac "$aliddns_sk&" -binary | openssl base64)) + wget -qO- "http://alidns.aliyuncs.com/?$args&Signature=$hash" 2> /dev/null +} + +get_recordid() { + grep -Eo '"RecordId":"[0-9]+"' | cut -d':' -f2 | tr -d '"' +} + +query_recordid() { + send_request "DescribeSubDomainRecords" "SignatureMethod=HMAC-SHA1&SignatureNonce=$timestamp&SignatureVersion=1.0&SubDomain=$(urlencode "$aliddns_name").$aliddns_domain&Timestamp=$timestamp" +} + +update_record() { + send_request "UpdateDomainRecord" "RR=$(urlencode "$aliddns_name")&RecordId=$1&SignatureMethod=HMAC-SHA1&SignatureNonce=$timestamp&SignatureVersion=1.0&Timestamp=$timestamp&Type=A&Value=$ip" +} + +add_record() { + send_request "AddDomainRecord&DomainName=$aliddns_domain" "RR=$(urlencode "$aliddns_name")&SignatureMethod=HMAC-SHA1&SignatureNonce=$timestamp&SignatureVersion=1.0&Timestamp=$timestamp&Type=A&Value=$ip" +} + +go_record() { +if [ "$aliddns_record_id" = "" ] +then + aliddns_record_id=`echo $query_result | get_recordid` +fi +if [ "$aliddns_record_id" = "" ] +then + aliddns_record_id=`add_record | get_recordid` + echo "$DATE 娣诲姞 record $aliddns_record_id" >> /var/log/aliddns.log +else + update_record $aliddns_record_id + echo "$DATE 鏇存柊 record $aliddns_record_id" >> /var/log/aliddns.log +fi +# save to file +if [ "$aliddns_record_id" = "" ]; then + # failed + echo "$DATE : 鏇存柊鍑洪敊,璇锋鏌ヨ缃紒" >> /var/log/aliddns.log + exit 0 +else + uci set aliddns.base.record_id=$aliddns_record_id + uci commit + echo "$DATE : 鏇存柊鎴愬姛锛($ip)" >> /var/log/aliddns.log +fi +} +#灏嗘墽琛岃剼鏈啓鍏rontab瀹氭椂杩愯 +add_aliddns_cru(){ +wirtecron=$(cat /etc/crontabs/root | grep "$time * * * *" | grep aliddns) +if [ -z "$wirtecron" ];then + sed -i '/aliddns/d' /etc/crontabs/root >/dev/null 2>&1 + echo "*/$time * * * * /usr/sbin/aliddns" >> /etc/crontabs/root +fi +} + +#娓呴櫎杩囧璁板綍 +clean_log(){ +logrow=$(grep -c "" /var/log/aliddns.log) +if [ $logrow -ge 15 ];then + cat /dev/null > /var/log/aliddns.log + echo "$DATE Log鏉℃暟瓒呴檺锛屾竻绌哄鐞嗭紒" >> /var/log/aliddns.log +fi +} + +#鍋滄鏈嶅姟 +stop_aliddns(){ + #鍋滄帀cru閲岀殑浠诲姟 + sed -i '/aliddns/d' /etc/crontabs/root >/dev/null 2>&1 +} + +if [ "$aliddns_enable" != "1" ]; then + stop_aliddns + echo "$DATE : aliddns娌℃湁寮鍚紒" >> /var/log/aliddns.log + else + clean_log + query_result=$(query_recordid) + check_aliddns + go_record + add_aliddns_cru +fi + diff --git a/package/lean/luci-app-autoreboot/Makefile b/package/lean/luci-app-autoreboot/Makefile new file mode 100644 index 000000000..9e2732986 --- /dev/null +++ b/package/lean/luci-app-autoreboot/Makefile @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for Scheduled Reboot +LUCI_DEPENDS:=+luci +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=8 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + diff --git a/package/lean/luci-app-autoreboot/luasrc/controller/autoreboot.lua b/package/lean/luci-app-autoreboot/luasrc/controller/autoreboot.lua new file mode 100644 index 000000000..e0429f34f --- /dev/null +++ b/package/lean/luci-app-autoreboot/luasrc/controller/autoreboot.lua @@ -0,0 +1,4 @@ +module("luci.controller.autoreboot",package.seeall) +function index() +entry({"admin","system","autoreboot"},cbi("autoreboot"),_("Scheduled Reboot"),88) +end diff --git a/package/lean/luci-app-autoreboot/luasrc/model/cbi/autoreboot.lua b/package/lean/luci-app-autoreboot/luasrc/model/cbi/autoreboot.lua new file mode 100644 index 000000000..8a008d7fa --- /dev/null +++ b/package/lean/luci-app-autoreboot/luasrc/model/cbi/autoreboot.lua @@ -0,0 +1,38 @@ +require("luci.sys") + +m=Map("autoreboot",translate("Scheduled Reboot"),translate("Scheduled reboot Setting")) + +s=m:section(TypedSection,"login","") +s.addremove=false +s.anonymous=true + +enable=s:option(Flag,"enable",translate("Enable")) +enable.rmempty = false +enable.default=0 + +week=s:option(ListValue,"week",translate("Week Day")) +week:value(0,translate("Everyday")) +week:value(1,translate("Monday")) +week:value(2,translate("Tuesday")) +week:value(3,translate("Wednesday")) +week:value(4,translate("Thursday")) +week:value(5,translate("Friday")) +week:value(6,translate("Saturday")) +week:value(7,translate("Sunday")) +week.default=0 + +hour=s:option(Value,"hour",translate("Hour")) +hour.datatype = "range(0,23)" +hour.rmempty = false + +pass=s:option(Value,"minute",translate("Minute")) +pass.datatype = "range(0,59)" +pass.rmempty = false + + +local e=luci.http.formvalue("cbi.apply") +if e then + io.popen("/etc/init.d/autoreboot restart") +end + +return m diff --git a/package/lean/luci-app-autoreboot/po/zh-cn/autoreboot.po b/package/lean/luci-app-autoreboot/po/zh-cn/autoreboot.po new file mode 100644 index 000000000..554ef2cc3 --- /dev/null +++ b/package/lean/luci-app-autoreboot/po/zh-cn/autoreboot.po @@ -0,0 +1,25 @@ +msgid "Scheduled Reboot" +msgstr "瀹氭椂閲嶅惎" + +msgid "Scheduled reboot Setting" +msgstr "瀹氭椂閲嶅惎璁剧疆" + +msgid "Week Day" +msgstr "鏄熸湡" + +msgid "Everyday" +msgstr "姣忓ぉ" + +msgid "Day" +msgstr "澶" + +msgid "Hour" +msgstr "灏忔椂" + +msgid "Minute" +msgstr "鍒嗛挓" + + + + + diff --git a/package/lean/luci-app-autoreboot/root/etc/config/autoreboot b/package/lean/luci-app-autoreboot/root/etc/config/autoreboot new file mode 100644 index 000000000..3b57e1484 --- /dev/null +++ b/package/lean/luci-app-autoreboot/root/etc/config/autoreboot @@ -0,0 +1,7 @@ + +config login + option minute '0' + option hour '5' + option week '3' + option enable '0' + diff --git a/package/lean/luci-app-autoreboot/root/etc/init.d/autoreboot b/package/lean/luci-app-autoreboot/root/etc/init.d/autoreboot new file mode 100755 index 000000000..7973d6c3f --- /dev/null +++ b/package/lean/luci-app-autoreboot/root/etc/init.d/autoreboot @@ -0,0 +1,39 @@ +#!/bin/sh /etc/rc.common +START=50 + +run_reboot() +{ + local enable + config_get_bool enable $1 enable + + if [ $enable = 1 ]; then + local minute + local hour + config_get week $1 week + config_get minute $1 minute + config_get hour $1 hour + if [ $minute = 0 ] ; then + minute="00" + fi + if [ $week = 0 ] ; then + week="*" + fi + sed -i '/reboot/d' /etc/crontabs/root >/dev/null 2>&1 + echo "$minute $hour * * $week sleep 5 && touch /etc/banner && reboot" >> /etc/crontabs/root + echo "Auto REBOOT has started." + else + sed -i '/reboot/d' /etc/crontabs/root >/dev/null 2>&1 + echo "Auto REBOOT has started." + fi +} + +start() +{ + config_load autoreboot + config_foreach run_reboot login +} + +stop() +{ + echo "Auto REBOOT has stoped." +} diff --git a/package/lean/luci-app-filetransfer/Makefile b/package/lean/luci-app-filetransfer/Makefile new file mode 100644 index 000000000..dae88c85d --- /dev/null +++ b/package/lean/luci-app-filetransfer/Makefile @@ -0,0 +1,18 @@ +# +# Copyright (C) 2008-2014 The LuCI Team +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI page for IPK upload +LUCI_DEPENDS:=+luci-lib-fs +PKG_VERSION:=1 +PKG_RELEASE:=2 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-filetransfer/etc/uci-defaults/luci-filetransfer b/package/lean/luci-app-filetransfer/etc/uci-defaults/luci-filetransfer new file mode 100755 index 000000000..935d7c8be --- /dev/null +++ b/package/lean/luci-app-filetransfer/etc/uci-defaults/luci-filetransfer @@ -0,0 +1,6 @@ +#!/bin/sh + +sed -i 's/cbi.submit\"] = true/cbi.submit\"] = \"1\"/g' /usr/lib/lua/luci/dispatcher.lua + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-filetransfer/luasrc/controller/filetransfer.lua b/package/lean/luci-app-filetransfer/luasrc/controller/filetransfer.lua new file mode 100644 index 000000000..727042786 --- /dev/null +++ b/package/lean/luci-app-filetransfer/luasrc/controller/filetransfer.lua @@ -0,0 +1,12 @@ +--[[ +luci-app-filetransfer +Description: File upload / download +Author: yuleniwo xzm2@qq.com QQ:529698939 +Modify: ayongwifi@126.com www.openwrtdl.com +]]-- + +module("luci.controller.filetransfer", package.seeall) + +function index() + entry({"admin", "system", "filetransfer"}, cbi("updownload"), _("FileTransfer"),89) +end diff --git a/package/lean/luci-app-filetransfer/luasrc/model/cbi/updownload.lua b/package/lean/luci-app-filetransfer/luasrc/model/cbi/updownload.lua new file mode 100644 index 000000000..7b487cb21 --- /dev/null +++ b/package/lean/luci-app-filetransfer/luasrc/model/cbi/updownload.lua @@ -0,0 +1,148 @@ +local fs = require "luci.fs" +local http = luci.http + +ful = SimpleForm("upload", translate("Upload"), nil) +ful.reset = false +ful.submit = false + +sul = ful:section(SimpleSection, "", translate("Upload file to '/tmp/upload/'")) +fu = sul:option(FileUpload, "") +fu.template = "cbi/other_upload" +um = sul:option(DummyValue, "", nil) +um.template = "cbi/other_dvalue" + +fdl = SimpleForm("download", translate("Download"), nil) +fdl.reset = false +fdl.submit = false +sdl = fdl:section(SimpleSection, "", translate("Download file")) +fd = sdl:option(FileUpload, "") +fd.template = "cbi/other_download" +dm = sdl:option(DummyValue, "", nil) +dm.template = "cbi/other_dvalue" + +function Download() + local sPath, sFile, fd, block + sPath = http.formvalue("dlfile") + sFile = nixio.fs.basename(sPath) + if luci.fs.isdirectory(sPath) then + fd = io.popen('tar -C "%s" -cz .' % {sPath}, "r") + sFile = sFile .. ".tar.gz" + else + fd = nixio.open(sPath, "r") + end + if not fd then + dm.value = translate("Couldn't open file: ") .. sPath + return + end + dm.value = nil + http.header('Content-Disposition', 'attachment; filename="%s"' % {sFile}) + http.prepare_content("application/octet-stream") + while true do + block = fd:read(nixio.const.buffersize) + if (not block) or (#block ==0) then + break + else + http.write(block) + end + end + fd:close() + http.close() +end + +local dir, fd +dir = "/tmp/upload/" +nixio.fs.mkdir(dir) +http.setfilehandler( + function(meta, chunk, eof) + if not fd then + if not meta then return end + + if meta and chunk then fd = nixio.open(dir .. meta.file, "w") end + + if not fd then + um.value = translate("Create upload file error.") + return + end + end + if chunk and fd then + fd:write(chunk) + end + if eof and fd then + fd:close() + fd = nil + um.value = translate("File saved to") .. ' "/tmp/upload/' .. meta.file .. '"' + end + end +) + +if luci.http.formvalue("upload") then + + + local f = luci.http.formvalue("ulfile") + if #f <= 0 then + um.value = translate("No specify upload file.") + end +elseif luci.http.formvalue("download") then + Download() +end + +local inits, attr = {} +for i, f in ipairs(fs.glob("/tmp/upload/*")) do + attr = fs.stat(f) + if attr then + inits[i] = {} + inits[i].name = fs.basename(f) + inits[i].mtime = os.date("%Y-%m-%d %H:%M:%S", attr.mtime) + inits[i].modestr = attr.modestr + inits[i].size = tostring(attr.size) + inits[i].remove = 0 + inits[i].install = false + end +end + +form = SimpleForm("filelist", translate("Upload file list"), nil) +form.reset = false +form.submit = false + +tb = form:section(Table, inits) +nm = tb:option(DummyValue, "name", translate("File name")) +mt = tb:option(DummyValue, "mtime", translate("Modify time")) +ms = tb:option(DummyValue, "modestr", translate("Mode string")) +sz = tb:option(DummyValue, "size", translate("Size")) +btnrm = tb:option(Button, "remove", translate("Remove")) +btnrm.render = function(self, section, scope) + self.inputstyle = "remove" + Button.render(self, section, scope) +end + +btnrm.write = function(self, section) + local v = luci.fs.unlink("/tmp/upload/" .. luci.fs.basename(inits[section].name)) + if v then table.remove(inits, section) end + return v +end + +function IsIpkFile(name) + name = name or "" + local ext = string.lower(string.sub(name, -4, -1)) + return ext == ".ipk" +end + +btnis = tb:option(Button, "install", translate("Install")) +btnis.template = "cbi/other_button" +btnis.render = function(self, section, scope) + if not inits[section] then return false end + if IsIpkFile(inits[section].name) then + scope.display = "" + else + scope.display = "none" + end + self.inputstyle = "apply" + Button.render(self, section, scope) +end + +btnis.write = function(self, section) + local r = luci.sys.exec(string.format('opkg --force-depends install "/tmp/upload/%s"', inits[section].name)) + form.description = string.format('%s', r) +end + +return ful, fdl, form diff --git a/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_button.htm b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_button.htm new file mode 100644 index 000000000..1c391ad98 --- /dev/null +++ b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_button.htm @@ -0,0 +1,7 @@ +<%+cbi/valueheader%> + <% if self:cfgvalue(section) ~= false then %> + " style="display: <%= display %>" type="submit"<%= attr("name", cbid) .. attr("id", cbid) .. attr("value", self.inputtitle or self.title)%> /> + <% else %> + - + <% end %> +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_download.htm b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_download.htm new file mode 100644 index 000000000..c14728632 --- /dev/null +++ b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_download.htm @@ -0,0 +1,5 @@ +<%+cbi/valueheader%> + + + +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_dvalue.htm b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_dvalue.htm new file mode 100644 index 000000000..296c61e4d --- /dev/null +++ b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_dvalue.htm @@ -0,0 +1,8 @@ +<%+cbi/valueheader%> + +<% + local val = self:cfgvalue(section) or self.default or "" + write(pcdata(val)) +%> + +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_upload.htm b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_upload.htm new file mode 100644 index 000000000..bb56f444f --- /dev/null +++ b/package/lean/luci-app-filetransfer/luasrc/view/cbi/other_upload.htm @@ -0,0 +1,5 @@ +<%+cbi/valueheader%> + + + +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-filetransfer/po/zh-cn/filetransfer.po b/package/lean/luci-app-filetransfer/po/zh-cn/filetransfer.po new file mode 100644 index 000000000..829c7d285 --- /dev/null +++ b/package/lean/luci-app-filetransfer/po/zh-cn/filetransfer.po @@ -0,0 +1,56 @@ +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8" + +msgid "Choose local file:" +msgstr "閫夋嫨鏈湴鏂囦欢锛" + +msgid "Couldn't open file:" +msgstr "鏃犳硶鎵撳紑鏂囦欢锛" + +msgid "Create upload file error." +msgstr "鍒涘缓涓婁紶鏂囦欢澶辫触銆" + +msgid "Download" +msgstr "涓嬭浇" + +msgid "Download file" +msgstr "涓嬭浇鏂囦欢" + +msgid "File name" +msgstr "鏂囦欢鍚" + +msgid "File saved to" +msgstr "鏂囦欢淇濆瓨鍒" + +msgid "FileTransfer" +msgstr "鏂囦欢浼犺緭" + +msgid "Install" +msgstr "瀹夎" + +msgid "Mode string" +msgstr "妯″紡瀛楃涓" + +msgid "Modify time" +msgstr "淇敼鏃堕棿" + +msgid "No specify upload file." +msgstr "鏈寚瀹氫笂浼犳枃浠" + +msgid "Path on Route:" +msgstr "璺敱涓婄洰褰" + +msgid "Remove" +msgstr "绉婚櫎" + +msgid "Size" +msgstr "澶у皬" + +msgid "Upload" +msgstr "涓婁紶" + +msgid "Upload file list" +msgstr "涓婁紶鏂囦欢鍒楄〃" + +msgid "Upload file to '/tmp/upload/'" +msgstr "灏嗘枃浠朵笂浼犲埌'/tmp/upload/'" diff --git a/package/lean/luci-app-flowoffload/Makefile b/package/lean/luci-app-flowoffload/Makefile new file mode 100644 index 000000000..8388255c5 --- /dev/null +++ b/package/lean/luci-app-flowoffload/Makefile @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for Flow Offload +LUCI_DEPENDS:=+kmod-ipt-offload +pdnsd-alt +kmod-tcp-bbr @LINUX_4_14 +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=11 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + diff --git a/package/lean/luci-app-flowoffload/luasrc/controller/flowoffload.lua b/package/lean/luci-app-flowoffload/luasrc/controller/flowoffload.lua new file mode 100644 index 000000000..a02807264 --- /dev/null +++ b/package/lean/luci-app-flowoffload/luasrc/controller/flowoffload.lua @@ -0,0 +1,41 @@ +module("luci.controller.flowoffload", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/flowoffload") then + return + end + local page + page = entry({"admin", "network", "flowoffload"}, cbi("flowoffload"), _("Turbo ACC Center"), 101) + page.i18n = "flowoffload" + page.dependent = true + + entry({"admin", "network", "flowoffload", "status"}, call("action_status")) +end + +local function is_running() + return luci.sys.call("[ `cat /sys/module/xt_FLOWOFFLOAD/refcnt 2>/dev/null` -gt 0 ] 2>/dev/null") == 0 +end + +local function is_bbr() + return luci.sys.call("[ `cat /proc/sys/net/ipv4/tcp_congestion_control 2>/dev/null` = bbr ] 2>/dev/null") == 0 +end + +local function is_fullcone() + return luci.sys.call("[ `cat /sys/module/xt_FULLCONENAT/refcnt 2>/dev/null` -gt 0 ] 2>/dev/null") == 0 +end + +local function is_dns() + return luci.sys.call("pgrep dnscache >/dev/null") == 0 +end + +function action_status() + luci.http.prepare_content("application/json") + luci.http.write_json({ + run_state = is_running(), + down_state = is_bbr(), + up_state = is_fullcone(), + dns_state = is_dns() + }) +end + + diff --git a/package/lean/luci-app-flowoffload/luasrc/model/cbi/flowoffload.lua b/package/lean/luci-app-flowoffload/luasrc/model/cbi/flowoffload.lua new file mode 100644 index 000000000..81eff5d40 --- /dev/null +++ b/package/lean/luci-app-flowoffload/luasrc/model/cbi/flowoffload.lua @@ -0,0 +1,39 @@ +local m,s,o +local SYS = require "luci.sys" + +m = Map("flowoffload") +m.title = translate("Turbo ACC Acceleration Settings") +m.description = translate("Opensource Linux Flow Offload driver (Fast Path or HWNAT)") +m:append(Template("flow/status")) + +s = m:section(TypedSection, "flow") +s.addremove = false +s.anonymous = true + +flow = s:option(Flag, "flow_offloading", translate("Enable")) +flow.default = 0 +flow.rmempty = false +flow.description = translate("Enable software flow offloading for connections. (decrease cpu load / increase routing throughput)") + +hw = s:option(Flag, "flow_offloading_hw", translate("HWNAT")) +hw.default = 0 +hw.rmempty = true +hw.description = translate("Enable Hardware NAT (depends on hw capability like MTK 762x)") +hw:depends("flow_offloading", 1) + +bbr = s:option(Flag, "bbr", translate("Enable BBR")) +bbr.default = 0 +bbr.rmempty = false +bbr.description = translate("Bottleneck Bandwidth and Round-trip propagation time (BBR)") + +dns = s:option(Flag, "dns", translate("DNS Acceleration")) +dns.default = 0 +dns.rmempty = false +dns.description = translate("Enable DNS Cache Acceleration and anti ISP DNS pollution") + +o = s:option(Value, "dns_server", translate("Upsteam DNS Server")) +o.default = "114.114.114.114,114.114.115.115" +o.description = translate("Muitiple DNS server can saperate with ','") +o:depends("dns", 1) + +return m diff --git a/package/lean/luci-app-flowoffload/luasrc/view/flow/status.htm b/package/lean/luci-app-flowoffload/luasrc/view/flow/status.htm new file mode 100644 index 000000000..43f3a02ae --- /dev/null +++ b/package/lean/luci-app-flowoffload/luasrc/view/flow/status.htm @@ -0,0 +1,24 @@ +
+ <%:Running Status%> + + + + + +
FLOW 鍔犻熺姸鎬<%:Collecting data...%>
BBR 鍔犻<%:Collecting data...%>
FULLCONE NAT鍔犻<%:Collecting data...%>
DNS 鍔犻<%:Collecting data...%>
+
+ + diff --git a/package/lean/luci-app-flowoffload/po/zh-cn/flowoffload.po b/package/lean/luci-app-flowoffload/po/zh-cn/flowoffload.po new file mode 100644 index 000000000..69f0b2d61 --- /dev/null +++ b/package/lean/luci-app-flowoffload/po/zh-cn/flowoffload.po @@ -0,0 +1,41 @@ +msgid "Flow Offload ACC" +msgstr "Flow Offload 杞彂鍔犻" + +msgid "Turbo ACC Center" +msgstr "Turbo ACC 缃戠粶鍔犻" + +msgid "Turbo ACC Acceleration Settings" +msgstr "Turbo ACC 缃戠粶鍔犻熻缃" + +msgid "Linux Flow Offload Forwarding Engine Settings" +msgstr "Linux Flow Offload Forwarding 杞彂鍔犻熷紩鎿庤缃" + +msgid "Opensource Linux Flow Offload driver (Fast Path or HWNAT)" +msgstr "寮婧 Linux Flow Offload 椹卞姩 (鏀寔 Fast Path 鎴栬 HWNAT)" + +msgid "Enable" +msgstr "鍚敤" + +msgid "Enable software flow offloading for connections. (decrease cpu load / increase routing throughput)" +msgstr "寮鍚 Flow Offloading 杞彂鍔犻. (闄嶄綆CPU鍗犵敤 / 澧炲己璺敱杞彂鎬ц兘锛屽拰澶歐AN鎴栬匭OS鍔熻兘鍙兘浼氬啿绐)" + +msgid "Enable Hardware NAT (depends on hw capability like MTK 762x)" +msgstr "鍚敤纭欢HWNAT鍔犻燂紙渚濊禆鐗瑰畾鐨勭‖浠讹紝渚嬪 MTK 762x 绯诲垪锛" + +msgid "Enable BBR" +msgstr "鍚敤 BBR" + +msgid "Bottleneck Bandwidth and Round-trip propagation time (BBR)" +msgstr "BBR鎷ュ鎺у埗绠楁硶鍙互鍔犲己TCP搴旂敤琛ㄧ幇锛屼絾浼氶檷浣庤矾鐢卞櫒鏈満涓婄殑WIFI鍚炲悙鎬ц兘" + +msgid "DNS Acceleration" +msgstr "DNS 鍔犻" + +msgid "Enable DNS Cache Acceleration and anti ISP DNS pollution" +msgstr "鍚敤DNS澶氱嚎绋嬫煡璇€佺紦瀛橈紝骞堕槻姝SP鐨凞NS骞垮憡鍜屽煙鍚嶅姭鎸" + +msgid "Upsteam DNS Server" +msgstr "涓婃父 DNS 鏈嶅姟鍣(鍥藉唴)" + +msgid "Muitiple DNS server can saperate with ','" +msgstr "鏀寔澶氫釜涓婃父DNS鏈嶅姟鍣紝鐢','鍒嗛殧锛堟敞鎰忕敤鑻辨枃閫楀彿).璇峰~鍐欐偍鏈蹇殑DNS鏈嶅姟鍣" diff --git a/package/lean/luci-app-flowoffload/root/etc/config/flowoffload b/package/lean/luci-app-flowoffload/root/etc/config/flowoffload new file mode 100644 index 000000000..19bd74222 --- /dev/null +++ b/package/lean/luci-app-flowoffload/root/etc/config/flowoffload @@ -0,0 +1,8 @@ + +config flow + option flow_offloading '1' + option flow_offloading_hw '0' + option dns '0' + option dns_server '114.114.114.114,114.114.115.115' + option bbr '0' + diff --git a/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload b/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload new file mode 100755 index 000000000..9e3e14f20 --- /dev/null +++ b/package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload @@ -0,0 +1,193 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2011-2015 OpenWrt.org + +START=60 + +DNSMASQ_RESTART=N +DNS_SERVER="114.114.114.114,114.114.115.115" + +start_pdnsd() { + DNS_SERVER=$(uci get flowoffload.@flow[0].dns_server 2>/dev/null) + + [ -d /var/etc ] || mkdir -p /var/etc + + if [ ! -f /var/dnscache/pdnsd.cache ]; then + mkdir -p /var/dnscache + echo -ne "pd13\000\000\000\000" > /var/dnscache/pdnsd.cache + chown -R nobody.nogroup /var/dnscache + fi + + cat > /var/etc/dnscache.conf </dev/null 2>&1 || kill -9 $(ps | grep dnscache | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + echo "Stop DNS Cache" +} + +change_dns() { + uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1 + uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5333 + uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto + uci set dhcp.@dnsmasq[0].noresolv=0 + uci commit dhcp +} + +revert_dns() { + uci del_list dhcp.@dnsmasq[0].server=127.0.0.1#5333 >/dev/null 2>&1 + uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto + uci set dhcp.@dnsmasq[0].noresolv=0 + uci commit dhcp +} + +start(){ + dns=$(uci get flowoffload.@flow[0].dns 2>/dev/null) + bbr=$(uci get flowoffload.@flow[0].bbr 2>/dev/null) + if [ $dns -eq 1 ]; then + start_pdnsd + change_dns + fi + if [ $bbr -eq 1 ]; then + sysctl -w net.ipv4.tcp_congestion_control=bbr + else + sysctl -w net.ipv4.tcp_congestion_control=cubic + fi + uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading) + uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw) + uci commit firewall + if [ "$DNSMASQ_RESTART" = N ]; then + /etc/init.d/dnsmasq restart && echo "DNSMASQ change" + /etc/init.d/firewall restart + fi +} + +stop(){ + dns=$(uci get firewall.@defaults[0].dns 2>/dev/null) + stop_pdnsd + revert_dns + uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading) + uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw) + uci commit firewall + if [ "$DNSMASQ_RESTART" = N ]; then + /etc/init.d/dnsmasq restart && echo "DNSMASQ revert" + /etc/init.d/firewall restart + fi +} + +restart(){ + DNSMASQ_RESTART=Y + stop + start + /etc/init.d/dnsmasq restart && echo "DNSMASQ restart" + /etc/init.d/firewall restart +} + diff --git a/package/lean/luci-app-flowoffload/root/etc/uci-defaults/flowoffload b/package/lean/luci-app-flowoffload/root/etc/uci-defaults/flowoffload new file mode 100755 index 000000000..3e3db27bf --- /dev/null +++ b/package/lean/luci-app-flowoffload/root/etc/uci-defaults/flowoffload @@ -0,0 +1,16 @@ +#!/bin/sh + +uci set firewall.@defaults[0].flow_offloading=1 +uci commit firewall + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@flowoffload[-1] + add ucitrack flowoffload + set ucitrack.@flowoffload[-1].init=flowoffload + commit ucitrack +EOF + +sed -i '/dnscache-watchdog.sh/d' /etc/crontabs/root +echo '*/60 * * * * /usr/share/dnscache-watchdog.sh' >> /etc/crontabs/root + +exit 0 diff --git a/package/lean/luci-app-flowoffload/root/usr/share/dnscache-watchdog.sh b/package/lean/luci-app-flowoffload/root/usr/share/dnscache-watchdog.sh new file mode 100755 index 000000000..bf5161aee --- /dev/null +++ b/package/lean/luci-app-flowoffload/root/usr/share/dnscache-watchdog.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +dns_enable=$(uci flowoffload.@flow[0].dns 2>/dev/null) + +if [ $dns_enable -eq 1 ]; then + if ! pidof dnscache>/dev/null; then + /etc/init.d/flowoffload restart + fi +fi diff --git a/package/lean/luci-app-ipsec-vpnd/Makefile b/package/lean/luci-app-ipsec-vpnd/Makefile new file mode 100644 index 000000000..b7a83920f --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/Makefile @@ -0,0 +1,18 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for IPSec VPN Server (IKEv1 with PSK and Xauth) +LUCI_DEPENDS:=+strongswan-minimal +strongswan-mod-xauth-generic +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=7 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-ipsec-vpnd/luasrc/controller/ipsec-server.lua b/package/lean/luci-app-ipsec-vpnd/luasrc/controller/ipsec-server.lua new file mode 100644 index 000000000..2925194c6 --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/luasrc/controller/ipsec-server.lua @@ -0,0 +1,19 @@ + +module("luci.controller.ipsec-server", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/ipsec") then + return + end + + entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false + entry({"admin", "vpn", "ipsec-server"}, cbi("ipsec-server/ipsec-server"), _("IPSec VPN Server"), 80).dependent=false + entry({"admin", "vpn", "ipsec-server","status"},call("act_status")).leaf=true +end + +function act_status() + local e={} + e.running=luci.sys.call("pgrep ipsec >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/ipsec-server.lua b/package/lean/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/ipsec-server.lua new file mode 100644 index 000000000..79a47b8bf --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/ipsec-server.lua @@ -0,0 +1,35 @@ + +mp = Map("ipsec", translate("IPSec VPN Server")) +mp.description = translate("IPSec VPN connectivity using the native built-in VPN Client on iOS or Andriod (IKEv1 with PSK and Xauth)") + +mp:section(SimpleSection).template = "ipsec/ipsec_status" + +s = mp:section(NamedSection, "ipsec", "service") +s.anonymouse = true + +enabled = s:option(Flag, "enabled", translate("Enable")) +enabled.default = 0 +enabled.rmempty = false + +clientip = s:option(Value, "clientip", translate("VPN Client IP")) +clientip.datatype = "ip4addr" +clientip.description = translate("LAN DHCP reserved started IP addresses with the same subnet mask") +clientip.optional = false +clientip.rmempty = false + +clientdns = s:option(Value, "clientdns", translate("VPN Client DNS")) +clientdns.datatype = "ip4addr" +clientdns.description = translate("DNS using in VPN tunnel.Set to the router's LAN IP is recommended") +clientdns.optional = false +clientdns.rmempty = false + +account = s:option(Value, "account", translate("Account")) +account.datatype = "string" + +password = s:option(Value, "password", translate("Password")) +password.password = true + +secret = s:option(Value, "secret", translate("Secret Pre-Shared Key")) +secret.password = true + +return mp diff --git a/package/lean/luci-app-ipsec-vpnd/luasrc/view/ipsec/ipsec_status.htm b/package/lean/luci-app-ipsec-vpnd/luasrc/view/ipsec/ipsec_status.htm new file mode 100644 index 000000000..60225b490 --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/luasrc/view/ipsec/ipsec_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
\ No newline at end of file diff --git a/package/lean/luci-app-ipsec-vpnd/po/zh-cn/ipsec.po b/package/lean/luci-app-ipsec-vpnd/po/zh-cn/ipsec.po new file mode 100644 index 000000000..0bf6b62aa --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/po/zh-cn/ipsec.po @@ -0,0 +1,34 @@ +msgid "IPSec VPN Server" +msgstr "IPSec VPN 鏈嶅姟鍣" + +msgid "IPSec VPN connectivity using the native built-in VPN Client on iOS or Andriod (IKEv1 with PSK and Xauth)" +msgstr "浣跨敤iOS 鎴栬 Andriod (IKEv1 with PSK and Xauth) 鍘熺敓鍐呯疆 IPSec VPN 瀹㈡埛绔繘琛岃繛鎺" + +msgid "VPN Client IP" +msgstr "VPN瀹㈡埛绔湴鍧娈" + +msgid "LAN DHCP reserved started IP addresses with the same subnet mask" +msgstr "VPN瀹㈡埛绔娇鐢―HCP淇濈暀绌轰綑IP鐨勮捣濮嬪湴鍧锛屽繀椤诲拰璺敱鍣↙AN鍚屼竴涓瓙缃戞帺鐮侊紝渚嬪 192.168.0.10/24" + +msgid "VPN Client DNS" +msgstr "VPN瀹㈡埛绔疍NS鏈嶅姟鍣" + +msgid "DNS using in VPN tunnel.Set to the router's LAN IP is recommended" +msgstr "鎸囧畾VPN瀹㈡埛绔殑DNS鍦板潃銆傛帹鑽愯缃负璺敱鍣ㄧ殑LAN IP锛屼緥濡 192.168.0.1" + +msgid "Account" +msgstr "璐︽埛" + +msgid "Secret Pre-Shared Key" +msgstr "PSK瀵嗛挜" + +msgid "IPSec VPN Server status" +msgstr "IPSec VPN 鏈嶅姟鍣ㄨ繍琛岀姸鎬" + +msgid "Disable from startup" +msgstr "绂佹寮鏈哄惎鍔" + +msgid "Enable on startup" +msgstr "鍏佽寮鏈哄惎鍔" + + diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec b/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec new file mode 100644 index 000000000..93c21f278 --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec @@ -0,0 +1,9 @@ + +config service 'ipsec' + option clientdns '192.168.0.1' + option account 'lean' + option secret 'myopenwrt' + option enabled '0' + option password '12345678' + option clientip '192.168.0.10/24' + diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/init.d/ipsec b/package/lean/luci-app-ipsec-vpnd/root/etc/init.d/ipsec new file mode 100755 index 000000000..5a4c6a217 --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/root/etc/init.d/ipsec @@ -0,0 +1,427 @@ +#!/bin/sh /etc/rc.common + +START=90 +STOP=10 + +USE_PROCD=1 +PROG=/usr/lib/ipsec/starter + +. $IPKG_INSTROOT/lib/functions.sh +. $IPKG_INSTROOT/lib/functions/network.sh + +IPSEC_SECRETS_FILE=/etc/ipsec.secrets +IPSEC_CONN_FILE=/etc/ipsec.conf +STRONGSWAN_CONF_FILE=/etc/strongswan.conf + +IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets +IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf +STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf + +WAIT_FOR_INTF=0 + +file_reset() { + : > "$1" +} + +xappend() { + local file="$1" + shift + + echo "${@}" >> "${file}" +} + +remove_include() { + local file="$1" + local include="$2" + + sed -i "\_${include}_d" "${file}" +} + +remove_includes() { + remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" + remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" + remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" +} + +do_include() { + local conf="$1" + local uciconf="$2" + local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX` + + [ ! -f "${conf}" ] && rm -rf "${conf}" + touch "${conf}" + + cat "${conf}" | grep -v "${uciconf}" > "${backup}" + mv "${backup}" "${conf}" + xappend "${conf}" "include ${uciconf}" + file_reset "${uciconf}" +} + +ipsec_reset() { + do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" +} + +ipsec_xappend() { + xappend "${IPSEC_VAR_CONN_FILE}" "$@" +} + +swan_reset() { + do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" +} + +swan_xappend() { + xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@" +} + +secret_reset() { + do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" +} + +secret_xappend() { + xappend "${IPSEC_VAR_SECRETS_FILE}" "$@" +} + +warning() { + echo "WARNING: $@" >&2 +} + +add_crypto_proposal() { + local encryption_algorithm + local hash_algorithm + local dh_group + + config_get encryption_algorithm "$1" encryption_algorithm + config_get hash_algorithm "$1" hash_algorithm + config_get dh_group "$1" dh_group + + [ -n "${encryption_algorithm}" ] && \ + crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}" +} + +set_crypto_proposal() { + local conf="$1" + local proposal + + crypto="" + + config_get crypto_proposal "$conf" crypto_proposal "" + for proposal in $crypto_proposal; do + add_crypto_proposal "$proposal" + done + + [ -n "${crypto}" ] && { + local force_crypto_proposal + + config_get_bool force_crypto_proposal "$conf" force_crypto_proposal + + [ "${force_crypto_proposal}" = "1" ] && crypto="${crypto}!" + } + + crypto_proposal="${crypto}" +} + +config_conn() { + # Generic ipsec conn section shared by tunnel and transport + local mode + local local_subnet + local local_nat + local local_sourceip + local local_updown + local local_firewall + local remote_subnet + local remote_sourceip + local remote_updown + local remote_firewall + local ikelifetime + local lifetime + local margintime + local keyingtries + local dpdaction + local dpddelay + local inactivity + local keyexchange + + config_get mode "$1" mode "route" + config_get local_subnet "$1" local_subnet "" + config_get local_nat "$1" local_nat "" + config_get local_sourceip "$1" local_sourceip "" + config_get local_updown "$1" local_updown "" + config_get local_firewall "$1" local_firewall "" + config_get remote_subnet "$1" remote_subnet "" + config_get remote_sourceip "$1" remote_sourceip "" + config_get remote_updown "$1" remote_updown "" + config_get remote_firewall "$1" remote_firewall "" + config_get ikelifetime "$1" ikelifetime "3h" + config_get lifetime "$1" lifetime "1h" + config_get margintime "$1" margintime "9m" + config_get keyingtries "$1" keyingtries "3" + config_get dpdaction "$1" dpdaction "none" + config_get dpddelay "$1" dpddelay "30s" + config_get inactivity "$1" inactivity + config_get keyexchange "$1" keyexchange "ikev2" + + [ -n "$local_nat" ] && local_subnet=$local_nat + + ipsec_xappend "conn $config_name-$1" + ipsec_xappend " left=%any" + ipsec_xappend " right=$remote_gateway" + + [ -n "$local_sourceip" ] && ipsec_xappend " leftsourceip=$local_sourceip" + [ -n "$local_subnet" ] && ipsec_xappend " leftsubnet=$local_subnet" + + [ -n "$local_firewall" ] && ipsec_xappend " leftfirewall=$local_firewall" + [ -n "$remote_firewall" ] && ipsec_xappend " rightfirewall=$remote_firewall" + + ipsec_xappend " ikelifetime=$ikelifetime" + ipsec_xappend " lifetime=$lifetime" + ipsec_xappend " margintime=$margintime" + ipsec_xappend " keyingtries=$keyingtries" + ipsec_xappend " dpdaction=$dpdaction" + ipsec_xappend " dpddelay=$dpddelay" + + [ -n "$inactivity" ] && ipsec_xappend " inactivity=$inactivity" + + if [ "$auth_method" = "psk" ]; then + ipsec_xappend " leftauth=psk" + ipsec_xappend " rightauth=psk" + + [ "$remote_sourceip" != "" ] && ipsec_xappend " rightsourceip=$remote_sourceip" + [ "$remote_subnet" != "" ] && ipsec_xappend " rightsubnet=$remote_subnet" + + ipsec_xappend " auto=$mode" + else + warning "AuthenticationMethod $auth_method not supported" + fi + + [ -n "$local_identifier" ] && ipsec_xappend " leftid=$local_identifier" + [ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier" + [ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown" + [ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown" + ipsec_xappend " keyexchange=$keyexchange" + + set_crypto_proposal "$1" + [ -n "${crypto_proposal}" ] && ipsec_xappend " esp=$crypto_proposal" + [ -n "${ike_proposal}" ] && ipsec_xappend " ike=$ike_proposal" +} + +config_tunnel() { + config_conn "$1" + + # Specific for the tunnel part + ipsec_xappend " type=tunnel" +} + +config_transport() { + config_conn "$1" + + # Specific for the transport part + ipsec_xappend " type=transport" +} + +config_remote() { + local enabled + local gateway + local pre_shared_key + local auth_method + + config_name=$1 + + config_get_bool enabled "$1" enabled 0 + [ $enabled -eq 0 ] && return + + config_get gateway "$1" gateway + config_get pre_shared_key "$1" pre_shared_key + config_get auth_method "$1" authentication_method + config_get local_identifier "$1" local_identifier "" + config_get remote_identifier "$1" remote_identifier "" + + [ "$gateway" = "any" ] && remote_gateway="%any" || remote_gateway="$gateway" + + [ -z "$local_identifier" ] && { + local ipdest + + [ "$remote_gateway" = "%any" ] && ipdest="1.1.1.1" || ipdest="$remote_gateway" + local_gateway=`ip route get $ipdest | awk -F"src" '/src/{gsub(/ /,"");print $2}'` + } + + [ -n "$local_identifier" ] && secret_xappend -n "$local_identifier " || secret_xappend -n "$local_gateway " + [ -n "$remote_identifier" ] && secret_xappend -n "$remote_identifier " || secret_xappend -n "$remote_gateway " + + secret_xappend ": PSK \"$pre_shared_key\"" + + set_crypto_proposal "$1" + ike_proposal="$crypto_proposal" + + config_list_foreach "$1" tunnel config_tunnel + + config_list_foreach "$1" transport config_transport + + ipsec_xappend "" +} + +config_ipsec() { + local debug + local rtinstall_enabled + local routing_tables_ignored + local routing_table + local routing_table_id + local interface + local device_list + + ipsec_reset + secret_reset + swan_reset + + ipsec_xappend "# generated by /etc/init.d/ipsec" + ipsec_xappend "version 2" + ipsec_xappend "" + + secret_xappend "# generated by /etc/init.d/ipsec" + + config_get debug "$1" debug 0 + config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 + [ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no + + # prepare extra charon config option ignore_routing_tables + for routing_table in $(config_get "$1" "ignore_routing_tables"); do + if [ "$routing_table" -ge 0 ] 2>/dev/null; then + routing_table_id=$routing_table + else + routing_table_id=$(sed -n '/[ \t]*[0-9]\+[ \t]\+'$routing_table'[ \t]*$/s/[ \t]*\([0-9]\+\).*/\1/p' /etc/iproute2/rt_tables) + fi + + [ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id" + done + + local interface_list=$(config_get "$1" "interface") + if [ -z "$interface_list" ]; then + WAIT_FOR_INTF=0 + else + for interface in $interface_list; do + network_get_device device $interface + [ -n "$device" ] && append device_list "$device" "," + done + [ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1 + fi + + swan_xappend "# generated by /etc/init.d/ipsec" + swan_xappend "charon {" + swan_xappend " load_modular = yes" + swan_xappend " install_routes = $install_routes" + [ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored" + [ -n "$device_list" ] && swan_xappend " interfaces_use = $device_list" + swan_xappend " plugins {" + swan_xappend " include /etc/strongswan.d/charon/*.conf" + swan_xappend " }" + swan_xappend " syslog {" + swan_xappend " identifier = ipsec" + swan_xappend " daemon {" + swan_xappend " default = $debug" + swan_xappend " }" + swan_xappend " auth {" + swan_xappend " default = $debug" + swan_xappend " }" + swan_xappend " }" + swan_xappend "}" +} + +prepare_env() { + mkdir -p /var/ipsec + remove_includes + config_load ipsec + config_foreach config_ipsec ipsec + config_foreach config_remote remote +} + +service_running() { + ipsec status > /dev/null 2>&1 +} + +reload_service() { + local bool vt_enabled=`uci get ipsec.@service[0].enabled 2>/dev/null` + [ "$vt_enabled" = 0 ] && /etc/init.d/ipsec stop && return + running && { + prepare_env + [ $WAIT_FOR_INTF -eq 0 ] && { + ipsec rereadall + ipsec reload + return + } + } + [ "$vt_enabled" = 1 ] && start +} + +check_ipsec_interface() { + local intf + + for intf in $(config_get "$1" interface); do + procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload + done +} + +service_triggers() { + procd_add_reload_trigger "ipsec" + config load "ipsec" + config_foreach check_ipsec_interface ipsec +} + +start_service() { + local vt_enabled=`uci get ipsec.@service[0].enabled 2>/dev/null` + local vt_clientip=`uci get ipsec.@service[0].clientip` + local vt_clientdns=`uci get ipsec.@service[0].clientdns` + local vt_account=`uci get ipsec.@service[0].account` + local vt_password=`uci get ipsec.@service[0].password 2>/dev/null` + local vt_secret=`uci get ipsec.@service[0].secret 2>/dev/null` + + [ "$vt_enabled" = 0 ] && /etc/init.d/ipsec stop && return + + cat > /etc/ipsec.conf < /etc/ipsec.secrets </dev/null +iptables -D FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null +iptables -D INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev/null +iptables -D OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null + +iptables -I FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT +iptables -I FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT +iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT +iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT + +echo 1 > /proc/sys/net/ipv4/conf/br-lan/proxy_arp diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec b/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec new file mode 100755 index 000000000..b9eb66fb8 --- /dev/null +++ b/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec @@ -0,0 +1,54 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete firewall.ipsecd + set firewall.ipsecd=include + set firewall.ipsecd.type=script + set firewall.ipsecd.path=/etc/ipsec.include + set firewall.ipsecd.reload=1 + commit firewall +EOF + +uci -q batch <<-EOF >/dev/null + delete firewall.ike + add firewall rule + rename firewall.@rule[-1]="ike" + set firewall.@rule[-1].name="ike" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="udp" + set firewall.@rule[-1].dest_port="500" + delete firewall.ipsec + add firewall rule + rename firewall.@rule[-1]="ipsec" + set firewall.@rule[-1].name="ipsec" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="udp" + set firewall.@rule[-1].dest_port="4500" + delete firewall.ah + add firewall rule + rename firewall.@rule[-1]="ah" + set firewall.@rule[-1].name="ah" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="ah" + delete firewall.esp + add firewall rule + rename firewall.@rule[-1]="esp" + set firewall.@rule[-1].name="esp" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="esp" + commit firewall +EOF + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@ipsec[-1] + add ucitrack ipsec + set ucitrack.@ipsec[-1].init=ipsec + commit ucitrack +EOF + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-openvpn-server/Makefile b/package/lean/luci-app-openvpn-server/Makefile new file mode 100644 index 000000000..1a8f23034 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/Makefile @@ -0,0 +1,21 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for OpenVPN Server +LUCI_DEPENDS:=+openvpn-openssl +openvpn-easy-rsa +kmod-tun +LUCI_PKGARCH:=all +PKG_NAME:=luci-app-openvpn-server +PKG_VERSION:=2.0 +PKG_RELEASE:=17 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + + + diff --git a/package/lean/luci-app-openvpn-server/luasrc/controller/openvpn-server.lua b/package/lean/luci-app-openvpn-server/luasrc/controller/openvpn-server.lua new file mode 100644 index 000000000..b5eb40a69 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/luasrc/controller/openvpn-server.lua @@ -0,0 +1,14 @@ + +module("luci.controller.openvpn-server", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/openvpn") then + return + end + + entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false + + local page + + entry({"admin", "vpn", "openvpn-server"}, cbi("openvpn-server/openvpn-server"), _("OpenVPN Server"), 80).dependent=false +end diff --git a/package/lean/luci-app-openvpn-server/luasrc/model/cbi/openvpn-server/openvpn-server.lua b/package/lean/luci-app-openvpn-server/luasrc/model/cbi/openvpn-server/openvpn-server.lua new file mode 100644 index 000000000..df795e4c9 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/luasrc/model/cbi/openvpn-server/openvpn-server.lua @@ -0,0 +1,131 @@ + +--require("luci.tools.webadmin") + +mp = Map("openvpn", "OpenVPN Server","") + +s = mp:section(TypedSection, "openvpn", "", translate("An easy config OpenVPN Server Web-UI")) +s.anonymous = true +s.addremove = false + +s:tab("basic", translate("Base Setting")) + +o = s:taboption("basic", Flag, "enabled", translate("Enable")) + +port = s:taboption("basic", Value, "port", translate("Port")) +port.datatype = "range(1,65535)" + +ddns = s:taboption("basic", Value, "ddns", translate("WAN DDNS or IP")) +ddns.datatype = "string" +ddns.default = "exmple.com" +ddns.rmempty = false + +localnet = s:taboption("basic", Value, "server", translate("Client Network")) +localnet.datatype = "string" +localnet.description = translate("VPN Client Network IP with subnet") + +list = s:taboption("basic", DynamicList, "push") +list.title = translate("Client Settings") +list.datatype = "string" +list.description = translate("Set route 192.168.0.0 255.255.255.0 and dhcp-option DNS 192.168.0.1 base on your router") + + +local o +o = s:taboption("basic", Button,"certificate",translate("OpenVPN Client config file")) +o.inputtitle = translate("Download .ovpn file") +o.description = translate("If you are using IOS client, please download this .ovpn file and send it via QQ or Email to your IOS device") +o.inputstyle = "reload" +o.write = function() + luci.sys.call("sh /etc/genovpn.sh 2>&1 >/dev/null") + Download() +end + +s:tab("code", translate("Special Code")) + +local conf = "/etc/ovpnadd.conf" +local NXFS = require "nixio.fs" +o = s:taboption("code", TextValue, "conf") +o.description = translate("(!)Special Code you know that add in to client .ovpn file") +o.rows = 13 +o.wrap = "off" +o.cfgvalue = function(self, section) + return NXFS.readfile(conf) or "" +end +o.write = function(self, section, value) + NXFS.writefile(conf, value:gsub("\r\n", "\n")) +end + + +local pid = luci.util.exec("/usr/bin/pgrep openvpn") + +function openvpn_process_status() + local status = "OpenVPN is not running now " + + if pid ~= "" then + status = "OpenVPN is running with the PID " .. pid .. "" + end + + local status = { status=status } + local table = { pid=status } + return table +end + + + +function Download() + local t,e + t=nixio.open("/tmp/my.ovpn","r") + luci.http.header('Content-Disposition','attachment; filename="my.ovpn"') + luci.http.prepare_content("application/octet-stream") + while true do + e=t:read(nixio.const.buffersize) + if(not e)or(#e==0)then + break + else + luci.http.write(e) + end + end + t:close() + luci.http.close() +end + +t = mp:section(Table, openvpn_process_status()) +t.anonymous = true + +t:option(DummyValue, "status", translate("OpenVPN status")) + +if pid == "" then + start = t:option(Button, "_start", translate("Start")) + start.inputstyle = "apply" + function start.write(self, section) + luci.util.exec("uci set openvpn.myvpn.enabled=='1' && uci commit openvpn") + message = luci.util.exec("/etc/init.d/openvpn start 2>&1") + luci.util.exec("sleep 2") + luci.http.redirect( + luci.dispatcher.build_url("admin", "vpn", "openvpn-server") .. "?message=" .. message + ) + end +else + stop = t:option(Button, "_stop", translate("Stop")) + stop.inputstyle = "reset" + function stop.write(self, section) + luci.util.exec("uci set openvpn.myvpn.enabled=='0' && uci commit openvpn") + luci.util.exec("/etc/init.d/openvpn stop") + luci.util.exec("sleep 2") + luci.http.redirect( + luci.dispatcher.build_url("admin", "vpn", "openvpn-server") + ) + end +end + +function mp.on_after_commit(self) + os.execute("uci set firewall.openvpn.dest_port=$(uci get openvpn.myvpn.port) && uci commit firewall && /etc/init.d/firewall restart") + os.execute("/etc/init.d/openvpn restart") +end + + +--local apply = luci.http.formvalue("cbi.apply") +--if apply then +-- os.execute("/etc/init.d/openvpn restart") +--end + +return mp diff --git a/package/lean/luci-app-openvpn-server/po/zh-cn/openvpn-server.po b/package/lean/luci-app-openvpn-server/po/zh-cn/openvpn-server.po new file mode 100644 index 000000000..960ba61b1 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/po/zh-cn/openvpn-server.po @@ -0,0 +1,50 @@ +msgid "OpenVPN Server" +msgstr "OpenVPN 鏈嶅姟鍣" + +msgid "An easy config OpenVPN Server Web-UI" +msgstr "鏄撲簬浣跨敤鐨 OpenVPN 鏈嶅姟鍣 Web-UI" + +msgid "Base Setting" +msgstr "鍩烘湰璁剧疆" + +msgid "Enable" +msgstr "鍚敤" + +msgid "Port" +msgstr "绔彛" + +msgid "WAN DDNS or IP" +msgstr "WAN鍙g殑 DDNS鍩熷悕 鎴栬 IP" + + +msgid "Client Network" +msgstr "瀹㈡埛绔綉娈" + +msgid "VPN Client Network IP with subnet" +msgstr "瀹㈡埛绔垎閰嶇殑缃戞鍦板潃锛堥粯璁や负 10.8.0.0 255.255.255.0锛" + + +msgid "Client Settings" +msgstr "瀹㈡埛绔帹閫侀厤缃" + +msgid "OpenVPN Client config file" +msgstr "OpenVPN 瀹㈡埛绔厤缃枃浠" + + +msgid "Download .ovpn file" +msgstr "涓閿笅杞 .ovpn 鏂囦欢" + +msgid "If you are using IOS client, please download this .ovpn file and send it via QQ or Email to your IOS device" +msgstr "濡傛灉浣犱娇鐢ㄧ殑鏄 iOS 璁惧锛屼綘鍙互浣跨敤 QQ 鎴栬呴偖浠跺彂閫佸埌鑷繁鐨勮澶囦笂鐢 OpenVPN 瀹㈡埛绔墦寮瀵煎叆" + +msgid "Special Code" +msgstr "鐗规畩浠g爜" + +msgid "(!)Special Code you know that add in to client .ovpn file" +msgstr "(!)鐗规畩浠g爜灏嗚嚜鍔ㄥ悎骞跺埌瀹㈡埛绔殑 .ovpn 閰嶇疆鏂囦欢涓" + +msgid "Set route 192.168.0.0 255.255.255.0 and dhcp-option DNS 192.168.0.1 base on your router" +msgstr "鏍规嵁璺敱鐨勫疄闄匧AN IP 淇敼 route 192.168.0.0 255.255.255.0 鍜 dhcp-option DNS 192.168.0.1 杩欎袱琛" + +msgid "OpenVPN status" +msgstr "OpenVPN 鏈嶅姟鍣ㄨ繍琛岀姸鎬" diff --git a/package/lean/luci-app-openvpn-server/root/etc/config/openvpn b/package/lean/luci-app-openvpn-server/root/etc/config/openvpn new file mode 100644 index 000000000..6a829f4e6 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/config/openvpn @@ -0,0 +1,28 @@ + +config openvpn 'myvpn' + option enabled '0' + option proto 'tcp-server' + option port '1194' + option ddns example.com + option dev 'tun' + option topology 'subnet' + option server '10.8.0.0 255.255.255.0' + option comp_lzo 'adaptive' + option ca '/etc/openvpn/ca.crt' + option dh '/etc/openvpn/dh1024.pem' + option cert '/etc/openvpn/server.crt' + option key '/etc/openvpn/server.key' + option persist_key '1' + option persist_tun '1' + option user 'nobody' + option group 'nogroup' + option max_clients '10' + option keepalive '10 120' + option verb '3' + option status '/var/log/openvpn_status.log' + option log '/tmp/openvpn.log' + list push 'route 192.168.0.0 255.255.255.0' + list push 'comp-lzo adaptive' + list push 'redirect-gateway def1 bypass-dhcp' + list push 'dhcp-option DNS 192.168.0.1' + diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/01.pem b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/01.pem new file mode 100644 index 000000000..a73a757e9 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/01.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + Validity + Not Before: Aug 23 14:26:42 2017 GMT + Not After : Aug 21 14:26:42 2027 GMT + Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:e0:67:2e:33:ab:4f:4f:a1:78:c6:32:ba:d3:1d: + 71:73:34:ba:45:40:88:87:76:03:fb:87:d8:4e:4e: + 7c:7d:95:22:7d:8e:70:dc:68:10:27:fe:7d:f0:79: + 93:86:83:ef:a9:16:78:ae:86:5e:ea:42:74:38:4d: + 37:0d:c9:34:a6:84:5e:64:ad:dd:91:dd:df:02:bf: + 53:f8:fb:c0:9b:cb:bd:93:7c:26:ab:bd:0a:c6:c3: + 5d:da:5d:b3:c0:ff:72:a1:2f:1e:0b:f6:a6:71:77: + f9:00:38:8a:ae:ab:c0:86:11:ab:12:de:1e:82:13: + e8:c3:d5:bb:6f:2e:bf:6e:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + Easy-RSA Generated Server Certificate + X509v3 Subject Key Identifier: + 1C:06:47:33:61:0E:15:84:D5:08:5A:40:E6:C9:23:EF:87:F3:EE:F9 + X509v3 Authority Key Identifier: + keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09 + DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + serial:AE:18:A1:E1:3D:52:4D:F0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + aa:b5:0d:7a:b3:09:7a:d4:e6:df:46:0d:54:39:e2:34:da:4f: + 9b:92:d6:41:db:10:b9:ed:66:34:7f:9d:a9:fa:af:6a:80:b4: + 1f:13:d3:39:a6:72:93:5a:6b:e8:4f:ba:95:f9:83:10:58:b3: + fe:12:3f:a9:e8:31:04:e0:8e:d8:4c:c1:f7:7e:fc:7a:ba:17: + d8:2e:76:ab:7c:17:ca:a4:1d:3d:c5:bc:df:02:e5:2e:91:c4: + b2:6c:40:a1:e2:3d:64:15:da:a6:b0:e4:1d:66:11:54:c0:49: + 05:91:c4:69:68:2d:bc:d5:f6:32:43:3c:18:c4:97:54:45:52: + 28:36 +-----BEGIN CERTIFICATE----- +MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL +MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC +WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN +AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjQyWhcNMjcwODIxMTQyNjQyWjB+ +MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK +EwJaSjELMAkGA1UECxMCWkoxDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHRWFz +eVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkouY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDgZy4zq09PoXjGMrrTHXFzNLpFQIiHdgP7h9hOTnx9lSJ9jnDc +aBAn/n3weZOGg++pFniuhl7qQnQ4TTcNyTSmhF5krd2R3d8Cv1P4+8Cby72TfCar +vQrGw13aXbPA/3KhLx4L9qZxd/kAOIquq8CGEasS3h6CE+jD1btvLr9uwQIDAQAB +o4IBTDCCAUgwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4 +QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD +VR0OBBYEFBwGRzNhDhWE1QhaQObJI++H8+75MIGwBgNVHSMEgagwgaWAFI3VBHkQ +BU8bEmMRrADU/MwxALgJoYGBpH8wfTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpK +MQswCQYDVQQHEwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ4wDAYDVQQD +EwVaSiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkou +Y29tggkArhih4T1STfAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWg +MA0GCSqGSIb3DQEBCwUAA4GBAKq1DXqzCXrU5t9GDVQ54jTaT5uS1kHbELntZjR/ +nan6r2qAtB8T0zmmcpNaa+hPupX5gxBYs/4SP6noMQTgjthMwfd+/Hq6F9gudqt8 +F8qkHT3FvN8C5S6RxLJsQKHiPWQV2qaw5B1mEVTASQWRxGloLbzV9jJDPBjEl1RF +Uig2 +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/02.pem b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/02.pem new file mode 100644 index 000000000..c757880ea --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/02.pem @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + Validity + Not Before: Aug 23 14:26:58 2017 GMT + Not After : Aug 21 14:26:58 2027 GMT + Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:b7:6b:40:0b:c1:ef:a7:c3:fa:54:32:c2:d7:87: + fa:ac:85:18:ae:af:44:ba:dd:57:0f:43:73:eb:df: + 37:5e:5e:8f:ad:43:7a:87:dd:a6:bd:6a:0b:68:8d: + 75:0c:fe:49:39:e1:54:11:53:0f:b5:63:10:5b:21: + 98:7f:53:32:b3:d6:b0:3d:23:fc:1d:ad:06:b0:f0: + fb:10:27:83:e1:5e:5a:b4:f6:7c:02:87:4c:73:86: + 7b:79:07:ca:a7:1c:18:2c:70:e3:9d:e6:f0:89:06: + 4b:25:2c:09:39:51:c3:d4:44:ef:81:5e:aa:e0:63: + d8:11:c6:9c:e0:6f:d8:66:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + Easy-RSA Generated Certificate + X509v3 Subject Key Identifier: + E8:15:F9:71:C4:A7:C2:41:A3:AF:F5:C5:93:51:8E:5D:67:9B:12:E2 + X509v3 Authority Key Identifier: + keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09 + DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + serial:AE:18:A1:E1:3D:52:4D:F0 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + 5b:63:c2:e5:e4:04:ad:f4:b6:76:24:df:94:a5:b0:a2:99:38: + f9:e7:b4:2f:79:91:51:1b:06:4b:33:fc:4c:74:ce:47:3e:54: + 1b:da:ea:43:e3:6d:6e:ec:b4:cd:77:86:ea:ea:48:a1:79:70: + 5c:ff:99:0e:fb:bd:fc:0d:89:a6:2e:13:fe:86:82:69:33:4c: + 28:21:0d:a8:ba:1a:3e:c7:2e:2d:97:0c:5a:ed:e3:af:73:fc: + bb:c9:58:05:c5:26:56:13:1c:3e:8f:90:c7:e8:d9:e5:0b:1f: + 40:9a:fa:15:49:b9:d8:8e:6a:fd:71:f4:3c:df:a1:11:af:fb: + ea:a8 +-----BEGIN CERTIFICATE----- +MIIDpjCCAw+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL +MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC +WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN +AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjU4WhcNMjcwODIxMTQyNjU4WjB/ +MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK +EwJaSjELMAkGA1UECxMCWkoxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB0Vh +c3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAt2tAC8Hvp8P6VDLC14f6rIUYrq9Eut1XD0Nz6983Xl6PrUN6 +h92mvWoLaI11DP5JOeFUEVMPtWMQWyGYf1Mys9awPSP8Ha0GsPD7ECeD4V5atPZ8 +AodMc4Z7eQfKpxwYLHDjnebwiQZLJSwJOVHD1ETvgV6q4GPYEcac4G/YZhECAwEA +AaOCATIwggEuMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl +bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6BX5ccSnwkGjr/XFk1GOXWeb +EuIwgbAGA1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQsw +CQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJa +SjELMAkGA1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNB +MRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DATBgNVHSUEDDAK +BggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAW2PC5eQE +rfS2diTflKWwopk4+ee0L3mRURsGSzP8THTORz5UG9rqQ+Ntbuy0zXeG6upIoXlw +XP+ZDvu9/A2Jpi4T/oaCaTNMKCENqLoaPscuLZcMWu3jr3P8u8lYBcUmVhMcPo+Q +x+jZ5QsfQJr6FUm52I5q/XH0PN+hEa/76qg= +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.crt b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.crt new file mode 100644 index 000000000..7b7ba5ef8 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAsWgAwIBAgIJAK4YoeE9Uk3wMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkoxCzAJBgNVBAoTAlpKMQsw +CQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExGDAW +BgkqhkiG9w0BCQEWCVpKQFpKLmNvbTAeFw0xNzA4MjMxNDE4MDVaFw0yNzA4MjEx +NDE4MDVaMH0xCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkox +CzAJBgNVBAoTAlpKMQswCQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNV +BCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAsLBNLkjfNUK4Rb3xgJD0EEgzp6b+5zkiibT3wdS9 +SKZqkqJRcM/z7Ifc79LKXDDHrVnajkyc8QSaXOKVW8pTx75fYnoHjNbeU9JZHoTg +9GgRWq5HHUJlxhsdbcGeTxOHrMRz2d+VzvNvs5KOLJaqGkRmm/KMb7nTRnwjhx4A +pWsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUjdUEeRAFTxsSYxGsANT8zDEAuAkwgbAG +A1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQswCQYDVQQG +EwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkG +A1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJ +KoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4GBAAAN0aRmQGNsF23CxShEnj3ohgpYA20F2FwEWYmCCWXe +CKxuPGtPZAeLmToIMgn75QlyuvVG+Uoe7I6ylbEK3XoeNStcS61wAXL8hIPfMcUX +fDsImBvc+Bo+LxQMWMSz0r88+B8784KELyaQKOnvPlTrnTuyP9RftjUWpjy23Kjd +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.key b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.key new file mode 100644 index 000000000..796fbf10e --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALCwTS5I3zVCuEW9 +8YCQ9BBIM6em/uc5Iom098HUvUimapKiUXDP8+yH3O/Sylwwx61Z2o5MnPEEmlzi +lVvKU8e+X2J6B4zW3lPSWR6E4PRoEVquRx1CZcYbHW3Bnk8Th6zEc9nflc7zb7OS +jiyWqhpEZpvyjG+500Z8I4ceAKVrAgMBAAECgYBfiTRyTlzCg6z3qNioV7hgBWpI +wHcbtz0BkKRWXh1q5vDBEJtQkGCoCF5iHmvkpUuSY/9U6gACIicFCk8QLrpVZGzY +1SgOQS796La2gYR0clCvtsf8Kg4BYCKkF40jGDGZTGKtWa9mPuOZXZFhSMZJiCQi +UIfTN3D9Ngt/nLFMwQJBANwavdYXnPxGr/0rL1ct0RUjsZLyd9kmr1gD4Nq+/uwC +FQrNHl/ieXOsSeD0eVNtuTFzmt8sTz963SXmbPv01dMCQQDNgPioq4M/1sluGUdI +yK5bantPAD7A7wTb+uryP7lNMuDSGTXgLsh+RrhBuDlUdi+OPc0dIJV1fTjEiLbI +fLsJAkEAoSSe6Zh+IaDrBfJRBYWQtuZcApasMfqFk227eMsuvcFEgJTt8QtRGeQA +bsbt8Ku7Uz4tG8lH99TPBglurwRwawJAALVrJhnBUB0LgMexiTy37TTGzBTyInQw +jhmlacRyfSOpxs+zcdx3cIgJ5qAeAn6N1227IViVa1xNL9BQ4QwdEQJBAJjLcCYS +twmgoyOj4K5+8+aAuuXWj7lpxEakOZbghrBmy0GytiRKN9wb/x8QF6EtrJAmYltL +wMMDUDE0zd+hc2Q= +-----END PRIVATE KEY----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.crt b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.crt new file mode 100644 index 000000000..c757880ea --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.crt @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + Validity + Not Before: Aug 23 14:26:58 2017 GMT + Not After : Aug 21 14:26:58 2027 GMT + Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:b7:6b:40:0b:c1:ef:a7:c3:fa:54:32:c2:d7:87: + fa:ac:85:18:ae:af:44:ba:dd:57:0f:43:73:eb:df: + 37:5e:5e:8f:ad:43:7a:87:dd:a6:bd:6a:0b:68:8d: + 75:0c:fe:49:39:e1:54:11:53:0f:b5:63:10:5b:21: + 98:7f:53:32:b3:d6:b0:3d:23:fc:1d:ad:06:b0:f0: + fb:10:27:83:e1:5e:5a:b4:f6:7c:02:87:4c:73:86: + 7b:79:07:ca:a7:1c:18:2c:70:e3:9d:e6:f0:89:06: + 4b:25:2c:09:39:51:c3:d4:44:ef:81:5e:aa:e0:63: + d8:11:c6:9c:e0:6f:d8:66:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + Easy-RSA Generated Certificate + X509v3 Subject Key Identifier: + E8:15:F9:71:C4:A7:C2:41:A3:AF:F5:C5:93:51:8E:5D:67:9B:12:E2 + X509v3 Authority Key Identifier: + keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09 + DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + serial:AE:18:A1:E1:3D:52:4D:F0 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + 5b:63:c2:e5:e4:04:ad:f4:b6:76:24:df:94:a5:b0:a2:99:38: + f9:e7:b4:2f:79:91:51:1b:06:4b:33:fc:4c:74:ce:47:3e:54: + 1b:da:ea:43:e3:6d:6e:ec:b4:cd:77:86:ea:ea:48:a1:79:70: + 5c:ff:99:0e:fb:bd:fc:0d:89:a6:2e:13:fe:86:82:69:33:4c: + 28:21:0d:a8:ba:1a:3e:c7:2e:2d:97:0c:5a:ed:e3:af:73:fc: + bb:c9:58:05:c5:26:56:13:1c:3e:8f:90:c7:e8:d9:e5:0b:1f: + 40:9a:fa:15:49:b9:d8:8e:6a:fd:71:f4:3c:df:a1:11:af:fb: + ea:a8 +-----BEGIN CERTIFICATE----- +MIIDpjCCAw+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL +MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC +WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN +AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjU4WhcNMjcwODIxMTQyNjU4WjB/ +MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK +EwJaSjELMAkGA1UECxMCWkoxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB0Vh +c3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAt2tAC8Hvp8P6VDLC14f6rIUYrq9Eut1XD0Nz6983Xl6PrUN6 +h92mvWoLaI11DP5JOeFUEVMPtWMQWyGYf1Mys9awPSP8Ha0GsPD7ECeD4V5atPZ8 +AodMc4Z7eQfKpxwYLHDjnebwiQZLJSwJOVHD1ETvgV6q4GPYEcac4G/YZhECAwEA +AaOCATIwggEuMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl +bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6BX5ccSnwkGjr/XFk1GOXWeb +EuIwgbAGA1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQsw +CQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJa +SjELMAkGA1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNB +MRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DATBgNVHSUEDDAK +BggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAW2PC5eQE +rfS2diTflKWwopk4+ee0L3mRURsGSzP8THTORz5UG9rqQ+Ntbuy0zXeG6upIoXlw +XP+ZDvu9/A2Jpi4T/oaCaTNMKCENqLoaPscuLZcMWu3jr3P8u8lYBcUmVhMcPo+Q +x+jZ5QsfQJr6FUm52I5q/XH0PN+hEa/76qg= +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.csr b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.csr new file mode 100644 index 000000000..a3549ca15 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBvzCCASgCAQAwfzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpKMQswCQYDVQQH +EwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMRAwDgYDVQQDEwdjbGllbnQx +MRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb20wgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdrQAvB76fD+lQywteH+qyFGK6vRLrd +Vw9Dc+vfN15ej61Deofdpr1qC2iNdQz+STnhVBFTD7VjEFshmH9TMrPWsD0j/B2t +BrDw+xAng+FeWrT2fAKHTHOGe3kHyqccGCxw453m8IkGSyUsCTlRw9RE74FequBj +2BHGnOBv2GYRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQBfvn2fP2Tj8FTZH+Xk +9u04rYaQdspSyL61F4QIEiP5UOUzbnSSU/B72KF5gm8b0irXGnTbHlXeMv6WXaAS +VF1fEeM+gsGJIDOvomT5PKfudezr6DpGrUammQnRY3tho078Ao0Mkq8PAWpiVWGV +Z7rsqHhI3mWYLNyne9n8K224pg== +-----END CERTIFICATE REQUEST----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.key b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.key new file mode 100644 index 000000000..076ce4e72 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALdrQAvB76fD+lQy +wteH+qyFGK6vRLrdVw9Dc+vfN15ej61Deofdpr1qC2iNdQz+STnhVBFTD7VjEFsh +mH9TMrPWsD0j/B2tBrDw+xAng+FeWrT2fAKHTHOGe3kHyqccGCxw453m8IkGSyUs +CTlRw9RE74FequBj2BHGnOBv2GYRAgMBAAECgYBhWatEkkqA4KOczNRdUO7bYkkX +bi8sfw4WK9b6+h6JF+dqLsZ6FkrJfd9QPsRBgTWcYtwb1dogi9PCirJF4gKmSsv1 +h/BISW4lrXJPf08aJAuBF0ym8XZUgVLLptn8KdXX3xc6YF6K336AnNNLZ80X4El8 +m7X4d8Y3F4k3Dj04AQJBAN9NkHYwevaZ8jfv5rZSTKECmdk1DZITd756+sObFAs1 +vX9VfunwVw6xWmaUyMt8oPFqb0wKES9zqrViaMhU9YkCQQDSRqV3ldHcaZJ6sTgm +T8ZKm+UpbC4zat4rGSBYKaoeLRPh5nxP892rOfBAevkoIQzW7LfVfoMImM/i1J6T +lNJJAkAHSOZ/lJFOXjNSs9bY99JcJlOSjHKG42+ynRx1KSf8PaKS9t0PELImXo7O +begnC0fM2GYNGv74h1N4W1+DuZHRAkEAlNov3jSvh+EwMSxs/Cnyy/QJyEXteraH +KWkzDVYJOC1e6sZXb93JKKHuIicrY63pwed2x2o0ZgyO9RrgWsa6CQJBAMogPcRO +jUGjYs3IYXW6Suf1bRJN2aS81gx7lqyLQE3ignH6e9kMxcrzG4AzzePCLouY3waL +HS1KW8V9I5c4qTs= +-----END PRIVATE KEY----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.p12 b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.p12 new file mode 100644 index 000000000..1511e1d0a Binary files /dev/null and b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.p12 differ diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/dh1024.pem b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/dh1024.pem new file mode 100644 index 000000000..01eba3e5a --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAMzJWsEtMQ76G81O8RzEweDaPrio4NihRBo0fmNuh3IjJtFJ++URPW4y +HHtnGOkPoMwQjGQ3GQV+lfcR7QGWojET4NskXOk6mdFU+/nYB9s5YY7RR4qyln9b +dNMp3KnMLtILNH1rJRoqYbSNoz3Z2cS59Ejp1dgXqN8kSP8wiqDjAgEC +-----END DH PARAMETERS----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt new file mode 100644 index 000000000..4bb34b80f --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt @@ -0,0 +1,2 @@ +V 270821142642Z 01 unknown /C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com +V 270821142658Z 02 unknown /C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr.old b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr.old new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.old b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.old new file mode 100644 index 000000000..d74831ee4 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.old @@ -0,0 +1 @@ +V 270821142642Z 01 unknown /C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial new file mode 100644 index 000000000..75016ea36 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial @@ -0,0 +1 @@ +03 diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial.old b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial.old new file mode 100644 index 000000000..9e22bcb8e --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial.old @@ -0,0 +1 @@ +02 diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.crt b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.crt new file mode 100644 index 000000000..a73a757e9 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.crt @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + Validity + Not Before: Aug 23 14:26:42 2017 GMT + Not After : Aug 21 14:26:42 2027 GMT + Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:e0:67:2e:33:ab:4f:4f:a1:78:c6:32:ba:d3:1d: + 71:73:34:ba:45:40:88:87:76:03:fb:87:d8:4e:4e: + 7c:7d:95:22:7d:8e:70:dc:68:10:27:fe:7d:f0:79: + 93:86:83:ef:a9:16:78:ae:86:5e:ea:42:74:38:4d: + 37:0d:c9:34:a6:84:5e:64:ad:dd:91:dd:df:02:bf: + 53:f8:fb:c0:9b:cb:bd:93:7c:26:ab:bd:0a:c6:c3: + 5d:da:5d:b3:c0:ff:72:a1:2f:1e:0b:f6:a6:71:77: + f9:00:38:8a:ae:ab:c0:86:11:ab:12:de:1e:82:13: + e8:c3:d5:bb:6f:2e:bf:6e:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + Easy-RSA Generated Server Certificate + X509v3 Subject Key Identifier: + 1C:06:47:33:61:0E:15:84:D5:08:5A:40:E6:C9:23:EF:87:F3:EE:F9 + X509v3 Authority Key Identifier: + keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09 + DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + serial:AE:18:A1:E1:3D:52:4D:F0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + aa:b5:0d:7a:b3:09:7a:d4:e6:df:46:0d:54:39:e2:34:da:4f: + 9b:92:d6:41:db:10:b9:ed:66:34:7f:9d:a9:fa:af:6a:80:b4: + 1f:13:d3:39:a6:72:93:5a:6b:e8:4f:ba:95:f9:83:10:58:b3: + fe:12:3f:a9:e8:31:04:e0:8e:d8:4c:c1:f7:7e:fc:7a:ba:17: + d8:2e:76:ab:7c:17:ca:a4:1d:3d:c5:bc:df:02:e5:2e:91:c4: + b2:6c:40:a1:e2:3d:64:15:da:a6:b0:e4:1d:66:11:54:c0:49: + 05:91:c4:69:68:2d:bc:d5:f6:32:43:3c:18:c4:97:54:45:52: + 28:36 +-----BEGIN CERTIFICATE----- +MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL +MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC +WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN +AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjQyWhcNMjcwODIxMTQyNjQyWjB+ +MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK +EwJaSjELMAkGA1UECxMCWkoxDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHRWFz +eVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkouY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDgZy4zq09PoXjGMrrTHXFzNLpFQIiHdgP7h9hOTnx9lSJ9jnDc +aBAn/n3weZOGg++pFniuhl7qQnQ4TTcNyTSmhF5krd2R3d8Cv1P4+8Cby72TfCar +vQrGw13aXbPA/3KhLx4L9qZxd/kAOIquq8CGEasS3h6CE+jD1btvLr9uwQIDAQAB +o4IBTDCCAUgwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4 +QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD +VR0OBBYEFBwGRzNhDhWE1QhaQObJI++H8+75MIGwBgNVHSMEgagwgaWAFI3VBHkQ +BU8bEmMRrADU/MwxALgJoYGBpH8wfTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpK +MQswCQYDVQQHEwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ4wDAYDVQQD +EwVaSiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkou +Y29tggkArhih4T1STfAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWg +MA0GCSqGSIb3DQEBCwUAA4GBAKq1DXqzCXrU5t9GDVQ54jTaT5uS1kHbELntZjR/ +nan6r2qAtB8T0zmmcpNaa+hPupX5gxBYs/4SP6noMQTgjthMwfd+/Hq6F9gudqt8 +F8qkHT3FvN8C5S6RxLJsQKHiPWQV2qaw5B1mEVTASQWRxGloLbzV9jJDPBjEl1RF +Uig2 +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.csr b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.csr new file mode 100644 index 000000000..c83aadabe --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBvjCCAScCAQAwfjELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpKMQswCQYDVQQH +EwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ8wDQYDVQQDEwZzZXJ2ZXIx +EDAOBgNVBCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4GcuM6tPT6F4xjK60x1xczS6RUCIh3YD ++4fYTk58fZUifY5w3GgQJ/598HmThoPvqRZ4roZe6kJ0OE03Dck0poReZK3dkd3f +Ar9T+PvAm8u9k3wmq70KxsNd2l2zwP9yoS8eC/amcXf5ADiKrqvAhhGrEt4eghPo +w9W7by6/bsECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAMrytQrG3MGVTD2vsZkw +hJn9U4MYmikqFxEcSJ+JEeDJ0w3NTn95XJmFtmuT/CwsrnP9g+1neSpCXsZewozd +QRisYBF9Rl9qw9fH2o1S/GIVpTDIiTtWjegZA6FPkhQQyY387LU9Lp4vG9hdNbuz +QNDs6cI9T0U53PZiq7R65rGV +-----END CERTIFICATE REQUEST----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.key b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.key new file mode 100644 index 000000000..3aab5cd4b --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOBnLjOrT0+heMYy +utMdcXM0ukVAiId2A/uH2E5OfH2VIn2OcNxoECf+ffB5k4aD76kWeK6GXupCdDhN +Nw3JNKaEXmSt3ZHd3wK/U/j7wJvLvZN8Jqu9CsbDXdpds8D/cqEvHgv2pnF3+QA4 +iq6rwIYRqxLeHoIT6MPVu28uv27BAgMBAAECgYEAqno4g1BVxG0rT4cin1fy5E7e +Y9YO4ropdGFTVsoRkWZG+ZPI8eisvXV9P79c8AgzfgVwUUYLvXQWzt76QCLnN11x +pBURloJbEReEEzIF6z3LiT9CKgVWY4vtC6f5OW4Kd+EZxXMftFz8kMzRuRQLvOzR +WeU+3GD42mIwYjsXBrECQQD2P6azeZJ1ZIEf+9Ys19tSQ6uxbXyvghlTfhmZfBW3 +bshNRH4+L4lnnbm75pFkWqR0gYSAD3toRymccctN2K9jAkEA6UoRwURTjIER8yZO +6gLTFtzb841jv6TPErOY7CzNZ/TYBUdUBmM/NB4+RgBpBNFXB3uqweNVPO6mhyQP +zB88iwJBAOeH6YGOqTpfiVk9PJ9lRf4PSnvE6htLQ+zQ/9jkZrbWHtcns1tc7uDR +2DToEYQ+BarVrHOMGwhtAJ7sD6/eMOkCQFjn8XxGHdEeH0kbAFgOW4QLB4f6Clmu +5XurFkxrhpxnoyvf0xXcHOov3GuxHFTJsvEXICxkBsgB61T1WU/hV6ECQGzk5Eqo +uik2OAYMOb7NPGYMWS68DpmP11QDuvoj5zm2vdzohXHyBM7mO12MLSrTpxfgjWhQ +pqwEbErchuKkzN4= +-----END PRIVATE KEY----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/openssl-1.0.0.cnf b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/openssl-1.0.0.cnf new file mode 100644 index 000000000..93ac6eaba --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/openssl-1.0.0.cnf @@ -0,0 +1,286 @@ +# For use with easy-rsa version 2.0 and OpenSSL 1.0.0* + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd +openssl_conf = openssl_init + +[ openssl_init ] +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids +engines = engine_section + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = $ENV::KEY_DIR # Where everything is kept +certs = $dir # Where the issued certs are kept +crl_dir = $dir # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir # default place for new certs. + +certificate = $dir/ca.crt # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/ca.key # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 3650 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha256 # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_anything + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +name = optional +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +name = optional +emailAddress = optional + +#################################################################### +[ req ] +default_bits = $ENV::KEY_SIZE +default_keyfile = privkey.pem +default_md = sha256 +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation after 2004). +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = $ENV::KEY_COUNTRY +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = $ENV::KEY_PROVINCE + +localityName = Locality Name (eg, city) +localityName_default = $ENV::KEY_CITY + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = $ENV::KEY_ORG + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 + +name = Name +name_max = 64 + +emailAddress = Email Address +emailAddress_default = $ENV::KEY_EMAIL +emailAddress_max = 40 + +# JY -- added for batch mode +organizationalUnitName_default = $ENV::KEY_OU +commonName_default = $ENV::KEY_CN +name_default = $ENV::KEY_NAME + + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "Easy-RSA Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +extendedKeyUsage=clientAuth +keyUsage = digitalSignature + + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ server ] + +# JY ADDED -- Make a cert with nsCertType set to "server" +basicConstraints=CA:FALSE +nsCertType = server +nsComment = "Easy-RSA Generated Server Certificate" +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +extendedKeyUsage=serverAuth +keyUsage = digitalSignature, keyEncipherment + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ engine_section ] +# +# If you are using PKCS#11 +# Install engine_pkcs11 of opensc (www.opensc.org) +# And uncomment the following +# verify that dynamic_path points to the correct location +# +#pkcs11 = pkcs11_section + +[ pkcs11_section ] +engine_id = pkcs11 +dynamic_path = /usr/lib/engines/engine_pkcs11.so +MODULE_PATH = $ENV::PKCS11_MODULE_PATH +PIN = $ENV::PKCS11_PIN +init = 0 diff --git a/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/vars b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/vars new file mode 100644 index 000000000..4873fbcf7 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/easy-rsa/vars @@ -0,0 +1,19 @@ +export EASY_RSA="/etc/easy-rsa" +export OPENSSL="openssl" +export PKCS11TOOL="pkcs11-tool" +export GREP="grep" +export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` +export KEY_DIR="$EASY_RSA/keys" +echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR +export PKCS11_MODULE_PATH="dummy" +export PKCS11_PIN="dummy" +export KEY_SIZE=1024 +export CA_EXPIRE=3650 +export KEY_EXPIRE=3650 +export KEY_COUNTRY="CN" +export KEY_PROVINCE="ZJ" +export KEY_CITY="ZJ" +export KEY_ORG="ZJ" +export KEY_EMAIL="ZJ@ZJ.com" +export KEY_OU="ZJ" +export KEY_NAME="EasyRSA" \ No newline at end of file diff --git a/package/lean/luci-app-openvpn-server/root/etc/genovpn.sh b/package/lean/luci-app-openvpn-server/root/etc/genovpn.sh new file mode 100755 index 000000000..964f8e859 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/genovpn.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +ddns=`uci get openvpn.myvpn.ddns` +port=`uci get openvpn.myvpn.port` + +cat > /tmp/my.ovpn <' >> /tmp/my.ovpn +cat /etc/openvpn/ca.crt >> /tmp/my.ovpn +echo '' >> /tmp/my.ovpn +echo '' >> /tmp/my.ovpn +cat /etc/openvpn/client1.crt >> /tmp/my.ovpn +echo '' >> /tmp/my.ovpn +echo '' >> /tmp/my.ovpn +cat /etc/openvpn/client1.key >> /tmp/my.ovpn +echo '' >> /tmp/my.ovpn +[ -f /etc/ovpnadd.conf ] && cat /etc/ovpnadd.conf >> /tmp/my.ovpn diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpn/ca.crt b/package/lean/luci-app-openvpn-server/root/etc/openvpn/ca.crt new file mode 100644 index 000000000..7b7ba5ef8 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpn/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDXDCCAsWgAwIBAgIJAK4YoeE9Uk3wMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkoxCzAJBgNVBAoTAlpKMQsw +CQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExGDAW +BgkqhkiG9w0BCQEWCVpKQFpKLmNvbTAeFw0xNzA4MjMxNDE4MDVaFw0yNzA4MjEx +NDE4MDVaMH0xCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkox +CzAJBgNVBAoTAlpKMQswCQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNV +BCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAsLBNLkjfNUK4Rb3xgJD0EEgzp6b+5zkiibT3wdS9 +SKZqkqJRcM/z7Ifc79LKXDDHrVnajkyc8QSaXOKVW8pTx75fYnoHjNbeU9JZHoTg +9GgRWq5HHUJlxhsdbcGeTxOHrMRz2d+VzvNvs5KOLJaqGkRmm/KMb7nTRnwjhx4A +pWsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUjdUEeRAFTxsSYxGsANT8zDEAuAkwgbAG +A1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQswCQYDVQQG +EwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkG +A1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJ +KoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4GBAAAN0aRmQGNsF23CxShEnj3ohgpYA20F2FwEWYmCCWXe +CKxuPGtPZAeLmToIMgn75QlyuvVG+Uoe7I6ylbEK3XoeNStcS61wAXL8hIPfMcUX +fDsImBvc+Bo+LxQMWMSz0r88+B8784KELyaQKOnvPlTrnTuyP9RftjUWpjy23Kjd +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.crt b/package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.crt new file mode 100644 index 000000000..c757880ea --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.crt @@ -0,0 +1,71 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + Validity + Not Before: Aug 23 14:26:58 2017 GMT + Not After : Aug 21 14:26:58 2027 GMT + Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:b7:6b:40:0b:c1:ef:a7:c3:fa:54:32:c2:d7:87: + fa:ac:85:18:ae:af:44:ba:dd:57:0f:43:73:eb:df: + 37:5e:5e:8f:ad:43:7a:87:dd:a6:bd:6a:0b:68:8d: + 75:0c:fe:49:39:e1:54:11:53:0f:b5:63:10:5b:21: + 98:7f:53:32:b3:d6:b0:3d:23:fc:1d:ad:06:b0:f0: + fb:10:27:83:e1:5e:5a:b4:f6:7c:02:87:4c:73:86: + 7b:79:07:ca:a7:1c:18:2c:70:e3:9d:e6:f0:89:06: + 4b:25:2c:09:39:51:c3:d4:44:ef:81:5e:aa:e0:63: + d8:11:c6:9c:e0:6f:d8:66:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + Easy-RSA Generated Certificate + X509v3 Subject Key Identifier: + E8:15:F9:71:C4:A7:C2:41:A3:AF:F5:C5:93:51:8E:5D:67:9B:12:E2 + X509v3 Authority Key Identifier: + keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09 + DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + serial:AE:18:A1:E1:3D:52:4D:F0 + + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature + Signature Algorithm: sha256WithRSAEncryption + 5b:63:c2:e5:e4:04:ad:f4:b6:76:24:df:94:a5:b0:a2:99:38: + f9:e7:b4:2f:79:91:51:1b:06:4b:33:fc:4c:74:ce:47:3e:54: + 1b:da:ea:43:e3:6d:6e:ec:b4:cd:77:86:ea:ea:48:a1:79:70: + 5c:ff:99:0e:fb:bd:fc:0d:89:a6:2e:13:fe:86:82:69:33:4c: + 28:21:0d:a8:ba:1a:3e:c7:2e:2d:97:0c:5a:ed:e3:af:73:fc: + bb:c9:58:05:c5:26:56:13:1c:3e:8f:90:c7:e8:d9:e5:0b:1f: + 40:9a:fa:15:49:b9:d8:8e:6a:fd:71:f4:3c:df:a1:11:af:fb: + ea:a8 +-----BEGIN CERTIFICATE----- +MIIDpjCCAw+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL +MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC +WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN +AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjU4WhcNMjcwODIxMTQyNjU4WjB/ +MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK +EwJaSjELMAkGA1UECxMCWkoxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB0Vh +c3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAt2tAC8Hvp8P6VDLC14f6rIUYrq9Eut1XD0Nz6983Xl6PrUN6 +h92mvWoLaI11DP5JOeFUEVMPtWMQWyGYf1Mys9awPSP8Ha0GsPD7ECeD4V5atPZ8 +AodMc4Z7eQfKpxwYLHDjnebwiQZLJSwJOVHD1ETvgV6q4GPYEcac4G/YZhECAwEA +AaOCATIwggEuMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl +bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6BX5ccSnwkGjr/XFk1GOXWeb +EuIwgbAGA1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQsw +CQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJa +SjELMAkGA1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNB +MRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DATBgNVHSUEDDAK +BggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAW2PC5eQE +rfS2diTflKWwopk4+ee0L3mRURsGSzP8THTORz5UG9rqQ+Ntbuy0zXeG6upIoXlw +XP+ZDvu9/A2Jpi4T/oaCaTNMKCENqLoaPscuLZcMWu3jr3P8u8lYBcUmVhMcPo+Q +x+jZ5QsfQJr6FUm52I5q/XH0PN+hEa/76qg= +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.key b/package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.key new file mode 100644 index 000000000..076ce4e72 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALdrQAvB76fD+lQy +wteH+qyFGK6vRLrdVw9Dc+vfN15ej61Deofdpr1qC2iNdQz+STnhVBFTD7VjEFsh +mH9TMrPWsD0j/B2tBrDw+xAng+FeWrT2fAKHTHOGe3kHyqccGCxw453m8IkGSyUs +CTlRw9RE74FequBj2BHGnOBv2GYRAgMBAAECgYBhWatEkkqA4KOczNRdUO7bYkkX +bi8sfw4WK9b6+h6JF+dqLsZ6FkrJfd9QPsRBgTWcYtwb1dogi9PCirJF4gKmSsv1 +h/BISW4lrXJPf08aJAuBF0ym8XZUgVLLptn8KdXX3xc6YF6K336AnNNLZ80X4El8 +m7X4d8Y3F4k3Dj04AQJBAN9NkHYwevaZ8jfv5rZSTKECmdk1DZITd756+sObFAs1 +vX9VfunwVw6xWmaUyMt8oPFqb0wKES9zqrViaMhU9YkCQQDSRqV3ldHcaZJ6sTgm +T8ZKm+UpbC4zat4rGSBYKaoeLRPh5nxP892rOfBAevkoIQzW7LfVfoMImM/i1J6T +lNJJAkAHSOZ/lJFOXjNSs9bY99JcJlOSjHKG42+ynRx1KSf8PaKS9t0PELImXo7O +begnC0fM2GYNGv74h1N4W1+DuZHRAkEAlNov3jSvh+EwMSxs/Cnyy/QJyEXteraH +KWkzDVYJOC1e6sZXb93JKKHuIicrY63pwed2x2o0ZgyO9RrgWsa6CQJBAMogPcRO +jUGjYs3IYXW6Suf1bRJN2aS81gx7lqyLQE3ignH6e9kMxcrzG4AzzePCLouY3waL +HS1KW8V9I5c4qTs= +-----END PRIVATE KEY----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpn/dh1024.pem b/package/lean/luci-app-openvpn-server/root/etc/openvpn/dh1024.pem new file mode 100644 index 000000000..01eba3e5a --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpn/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAMzJWsEtMQ76G81O8RzEweDaPrio4NihRBo0fmNuh3IjJtFJ++URPW4y +HHtnGOkPoMwQjGQ3GQV+lfcR7QGWojET4NskXOk6mdFU+/nYB9s5YY7RR4qyln9b +dNMp3KnMLtILNH1rJRoqYbSNoz3Z2cS59Ejp1dgXqN8kSP8wiqDjAgEC +-----END DH PARAMETERS----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpn/server.crt b/package/lean/luci-app-openvpn-server/root/etc/openvpn/server.crt new file mode 100644 index 000000000..a73a757e9 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpn/server.crt @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + Validity + Not Before: Aug 23 14:26:42 2017 GMT + Not After : Aug 21 14:26:42 2027 GMT + Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:e0:67:2e:33:ab:4f:4f:a1:78:c6:32:ba:d3:1d: + 71:73:34:ba:45:40:88:87:76:03:fb:87:d8:4e:4e: + 7c:7d:95:22:7d:8e:70:dc:68:10:27:fe:7d:f0:79: + 93:86:83:ef:a9:16:78:ae:86:5e:ea:42:74:38:4d: + 37:0d:c9:34:a6:84:5e:64:ad:dd:91:dd:df:02:bf: + 53:f8:fb:c0:9b:cb:bd:93:7c:26:ab:bd:0a:c6:c3: + 5d:da:5d:b3:c0:ff:72:a1:2f:1e:0b:f6:a6:71:77: + f9:00:38:8a:ae:ab:c0:86:11:ab:12:de:1e:82:13: + e8:c3:d5:bb:6f:2e:bf:6e:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + Easy-RSA Generated Server Certificate + X509v3 Subject Key Identifier: + 1C:06:47:33:61:0E:15:84:D5:08:5A:40:E6:C9:23:EF:87:F3:EE:F9 + X509v3 Authority Key Identifier: + keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09 + DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com + serial:AE:18:A1:E1:3D:52:4D:F0 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + aa:b5:0d:7a:b3:09:7a:d4:e6:df:46:0d:54:39:e2:34:da:4f: + 9b:92:d6:41:db:10:b9:ed:66:34:7f:9d:a9:fa:af:6a:80:b4: + 1f:13:d3:39:a6:72:93:5a:6b:e8:4f:ba:95:f9:83:10:58:b3: + fe:12:3f:a9:e8:31:04:e0:8e:d8:4c:c1:f7:7e:fc:7a:ba:17: + d8:2e:76:ab:7c:17:ca:a4:1d:3d:c5:bc:df:02:e5:2e:91:c4: + b2:6c:40:a1:e2:3d:64:15:da:a6:b0:e4:1d:66:11:54:c0:49: + 05:91:c4:69:68:2d:bc:d5:f6:32:43:3c:18:c4:97:54:45:52: + 28:36 +-----BEGIN CERTIFICATE----- +MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL +MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC +WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN +AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjQyWhcNMjcwODIxMTQyNjQyWjB+ +MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK +EwJaSjELMAkGA1UECxMCWkoxDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHRWFz +eVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkouY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDgZy4zq09PoXjGMrrTHXFzNLpFQIiHdgP7h9hOTnx9lSJ9jnDc +aBAn/n3weZOGg++pFniuhl7qQnQ4TTcNyTSmhF5krd2R3d8Cv1P4+8Cby72TfCar +vQrGw13aXbPA/3KhLx4L9qZxd/kAOIquq8CGEasS3h6CE+jD1btvLr9uwQIDAQAB +o4IBTDCCAUgwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4 +QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD +VR0OBBYEFBwGRzNhDhWE1QhaQObJI++H8+75MIGwBgNVHSMEgagwgaWAFI3VBHkQ +BU8bEmMRrADU/MwxALgJoYGBpH8wfTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpK +MQswCQYDVQQHEwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ4wDAYDVQQD +EwVaSiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkou +Y29tggkArhih4T1STfAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWg +MA0GCSqGSIb3DQEBCwUAA4GBAKq1DXqzCXrU5t9GDVQ54jTaT5uS1kHbELntZjR/ +nan6r2qAtB8T0zmmcpNaa+hPupX5gxBYs/4SP6noMQTgjthMwfd+/Hq6F9gudqt8 +F8qkHT3FvN8C5S6RxLJsQKHiPWQV2qaw5B1mEVTASQWRxGloLbzV9jJDPBjEl1RF +Uig2 +-----END CERTIFICATE----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpn/server.key b/package/lean/luci-app-openvpn-server/root/etc/openvpn/server.key new file mode 100644 index 000000000..3aab5cd4b --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpn/server.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOBnLjOrT0+heMYy +utMdcXM0ukVAiId2A/uH2E5OfH2VIn2OcNxoECf+ffB5k4aD76kWeK6GXupCdDhN +Nw3JNKaEXmSt3ZHd3wK/U/j7wJvLvZN8Jqu9CsbDXdpds8D/cqEvHgv2pnF3+QA4 +iq6rwIYRqxLeHoIT6MPVu28uv27BAgMBAAECgYEAqno4g1BVxG0rT4cin1fy5E7e +Y9YO4ropdGFTVsoRkWZG+ZPI8eisvXV9P79c8AgzfgVwUUYLvXQWzt76QCLnN11x +pBURloJbEReEEzIF6z3LiT9CKgVWY4vtC6f5OW4Kd+EZxXMftFz8kMzRuRQLvOzR +WeU+3GD42mIwYjsXBrECQQD2P6azeZJ1ZIEf+9Ys19tSQ6uxbXyvghlTfhmZfBW3 +bshNRH4+L4lnnbm75pFkWqR0gYSAD3toRymccctN2K9jAkEA6UoRwURTjIER8yZO +6gLTFtzb841jv6TPErOY7CzNZ/TYBUdUBmM/NB4+RgBpBNFXB3uqweNVPO6mhyQP +zB88iwJBAOeH6YGOqTpfiVk9PJ9lRf4PSnvE6htLQ+zQ/9jkZrbWHtcns1tc7uDR +2DToEYQ+BarVrHOMGwhtAJ7sD6/eMOkCQFjn8XxGHdEeH0kbAFgOW4QLB4f6Clmu +5XurFkxrhpxnoyvf0xXcHOov3GuxHFTJsvEXICxkBsgB61T1WU/hV6ECQGzk5Eqo +uik2OAYMOb7NPGYMWS68DpmP11QDuvoj5zm2vdzohXHyBM7mO12MLSrTpxfgjWhQ +pqwEbErchuKkzN4= +-----END PRIVATE KEY----- diff --git a/package/lean/luci-app-openvpn-server/root/etc/openvpncert.sh b/package/lean/luci-app-openvpn-server/root/etc/openvpncert.sh new file mode 100755 index 000000000..61d6f0cb9 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/openvpncert.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +clean-all +echo -en "\n\n\n\n\n\n\n\n" | build-ca +build-dh +build-key-server server +build-key-pkcs12 client1 +cp /etc/easy-rsa/keys/ca.crt /etc/openvpn/ +cp /etc/easy-rsa/keys/server.crt /etc/openvpn/ +cp /etc/easy-rsa/keys/server.key /etc/openvpn/ +cp /etc/easy-rsa/keys/dh1024.pem /etc/openvpn/ +cp /etc/easy-rsa/keys/client1.crt /etc/openvpn/ +cp /etc/easy-rsa/keys/client1.key /etc/openvpn/ +/etc/init.d/openvpn restart +echo "OpenVPN Cert renew successfully" \ No newline at end of file diff --git a/package/lean/luci-app-openvpn-server/root/etc/ovpnadd.conf b/package/lean/luci-app-openvpn-server/root/etc/ovpnadd.conf new file mode 100644 index 000000000..0d03f345b --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/ovpnadd.conf @@ -0,0 +1,9 @@ +http-proxy-option EXT1 "POST http://rd.go.10086.cn" +http-proxy-option EXT1 "GET http://rd.go.10086.cn" +http-proxy-option EXT1 "X-Online-Host: rd.go.10086.cn" +http-proxy-option EXT1 "POST http://rd.go.10086.cn" +http-proxy-option EXT1 "X-Online-Host: rd.go.10086.cn" +http-proxy-option EXT1 "POST http://rd.go.10086.cn" +http-proxy-option EXT1 "Host: rd.go.10086.cn" +http-proxy-option EXT1 "GET http://rd.go.10086.cn" +http-proxy-option EXT1 "Host: rd.go.10086.cn" \ No newline at end of file diff --git a/package/lean/luci-app-openvpn-server/root/etc/uci-defaults/openvpn b/package/lean/luci-app-openvpn-server/root/etc/uci-defaults/openvpn new file mode 100755 index 000000000..5afa99995 --- /dev/null +++ b/package/lean/luci-app-openvpn-server/root/etc/uci-defaults/openvpn @@ -0,0 +1,46 @@ +#!/bin/sh + +uci set network.vpn0="interface" +uci set network.vpn0.ifname="tun0" +uci set network.vpn0.proto="none" +uci commit network; +/etc/init.d/network reload + +uci delete firewall.openvpn +uci add firewall rule +uci rename firewall.@rule[-1]="openvpn" +uci set firewall.@rule[-1].name="openvpn" +uci set firewall.@rule[-1].target="ACCEPT" +uci set firewall.@rule[-1].src="wan" +uci set firewall.@rule[-1].proto="tcp" +uci set firewall.@rule[-1].dest_port="1194" + +uci delete firewall.vpn +uci delete firewall.vpnwan +uci delete firewall.vpnlan +uci commit firewall + +uci add firewall zone +uci rename firewall.@zone[-1]="vpn" +uci set firewall.@zone[-1].name="vpn" +uci set firewall.@zone[-1].input="ACCEPT" +uci set firewall.@zone[-1].forward="ACCEPT" +uci set firewall.@zone[-1].output="ACCEPT" +uci set firewall.@zone[-1].masq="1" +uci set firewall.@zone[-1].network="vpn0" +uci add firewall forwarding +uci rename firewall.@forwarding[-1]="vpnwan" +uci set firewall.@forwarding[-1].src="vpn" +uci set firewall.@forwarding[-1].dest="wan" +uci add firewall forwarding +uci rename firewall.@forwarding[-1]="vpnlan" +uci set firewall.@forwarding[-1].src="vpn" +uci set firewall.@forwarding[-1].dest="lan" +uci commit firewall; +/etc/init.d/firewall restart + +/etc/init.d/openvpn enable +/etc/init.d/openvpn stop + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-pptp-server/Makefile b/package/lean/luci-app-pptp-server/Makefile new file mode 100644 index 000000000..2e13beb86 --- /dev/null +++ b/package/lean/luci-app-pptp-server/Makefile @@ -0,0 +1,21 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for PPTP VPN Server +LUCI_DEPENDS:=+pptpd +kmod-mppe +ppp +LUCI_PKGARCH:=all +PKG_NAME:=luci-app-pptp-server +PKG_VERSION:=1.0 +PKG_RELEASE:=13 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + + + diff --git a/package/lean/luci-app-pptp-server/luasrc/controller/pptp-server.lua b/package/lean/luci-app-pptp-server/luasrc/controller/pptp-server.lua new file mode 100644 index 000000000..5bda83098 --- /dev/null +++ b/package/lean/luci-app-pptp-server/luasrc/controller/pptp-server.lua @@ -0,0 +1,19 @@ + +module("luci.controller.pptp-server", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/pptpd") then + return + end + + entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false + entry({"admin", "vpn", "pptp-server"}, cbi("pptp-server/pptp-server"), _("PPTP VPN Server"), 80).dependent=false + entry({"admin", "vpn", "pptp-server","status"},call("act_status")).leaf=true +end + +function act_status() + local e={} + e.running=luci.sys.call("pgrep pptpd >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-pptp-server/luasrc/model/cbi/pptp-server/pptp-server.lua b/package/lean/luci-app-pptp-server/luasrc/model/cbi/pptp-server/pptp-server.lua new file mode 100644 index 000000000..7fa03cfdb --- /dev/null +++ b/package/lean/luci-app-pptp-server/luasrc/model/cbi/pptp-server/pptp-server.lua @@ -0,0 +1,37 @@ + +mp = Map("pptpd", translate("PPTP VPN Server")) +mp.description = translate("PPTP VPN Server connectivity using the native built-in VPN Client on Windows/Linux or Andriod") + +mp:section(SimpleSection).template = "pptp/pptp_status" + +s = mp:section(NamedSection, "pptpd", "service") +s.anonymouse = true + +enabled = s:option(Flag, "enabled", translate("Enable")) +enabled.default = 0 +enabled.rmempty = false + +localip = s:option(Value, "localip", translate("Local IP")) +localip.datatype = "ip4addr" + +clientip = s:option(Value, "remoteip", translate("Client IP")) +clientip.datatype = "string" +clientip.description = translate("LAN DHCP reserved start-to-end IP addresses with the same subnet mask") + +remotedns = s:option(Value, "remotedns", translate("Remote Client DNS")) +remotedns.datatype = "ip4addr" + +logging = s:option(Flag, "logwtmp", translate("Debug Logging")) +logging.default = 0 +logging.rmempty = false + +logins = mp:section(NamedSection, "login", "login", translate("PPTP Logins")) +logins.anonymouse = true + +username = logins:option(Value, "username", translate("User name")) +username.datatype = "string" + +password = logins:option(Value, "password", translate("Password")) +password.password = true + +return mp diff --git a/package/lean/luci-app-pptp-server/luasrc/view/pptp/pptp_status.htm b/package/lean/luci-app-pptp-server/luasrc/view/pptp/pptp_status.htm new file mode 100644 index 000000000..11a2852d9 --- /dev/null +++ b/package/lean/luci-app-pptp-server/luasrc/view/pptp/pptp_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
\ No newline at end of file diff --git a/package/lean/luci-app-pptp-server/po/zh-cn/pptp.po b/package/lean/luci-app-pptp-server/po/zh-cn/pptp.po new file mode 100644 index 000000000..0c2f78df3 --- /dev/null +++ b/package/lean/luci-app-pptp-server/po/zh-cn/pptp.po @@ -0,0 +1,56 @@ +msgid "Disable from startup" +msgstr "绂佹寮鏈哄惎鍔" + +msgid "Enable on startup" +msgstr "鍏佽寮鏈哄惎鍔" + +msgid "PPTP VPN Server" +msgstr "PPTP VPN 鏈嶅姟鍣" + +msgid "PPTP Service" +msgstr "PPTP 鏈嶅姟璁剧疆" + +msgid "Local IP" +msgstr "PPTP 鏈嶅姟鍣↖P" + +msgid "Client IP" +msgstr "瀹㈡埛绔垎閰嶇殑IP鑼冨洿" + +msgid "LAN DHCP reserved start-to-end IP addresses with the same subnet mask" +msgstr "浣跨敤鍜 LAN 鍚屼竴缃戞銆傝浣跨敤 DHCP鍒嗛厤鍦板潃浠ュ鐨勭┖浣橧P鍦板潃鑼冨洿锛屼緥濡 192.168.0.20-30" + +msgid "Remote Client DNS" +msgstr "瀹㈡埛绔垎閰岻P鐨凞NS鏈嶅姟鍣" + +msgid "Debug Logging" +msgstr "璁板綍鏃ュ織" + +msgid "PPTP Logins" +msgstr "PPTP 鐧诲綍璁剧疆" + +msgid "User name" +msgstr "鐢ㄦ埛鍚" + +msgid "Password" +msgstr "瀵嗙爜" + +msgid "Enable" +msgstr "鍚敤" + +msgid "PPTPD status" +msgstr "PPTPD 鏈嶅姟鐘舵" + +msgid "Start" +msgstr "鍚姩" + +msgid "Stop" +msgstr "鍏抽棴" + +msgid "PPTP VPN Server" +msgstr "PPTP VPN 鏈嶅姟鍣" + +msgid "PPTP VPN Server connectivity using the native built-in VPN Client on Windows/Linux or Andriod" +msgstr "浣跨敤Windows/Linux 鎴栬 Andriod 鍐呯疆鐨 PPTP VPN 瀹㈡埛绔繘琛岃繛鎺 " + + + diff --git a/package/lean/luci-app-pptp-server/root/etc/config/pptpd b/package/lean/luci-app-pptp-server/root/etc/config/pptpd new file mode 100644 index 000000000..c55cfa60c --- /dev/null +++ b/package/lean/luci-app-pptp-server/root/etc/config/pptpd @@ -0,0 +1,12 @@ + +config service 'pptpd' + option enabled '0' + option remoteip '192.168.0.20-30' + option remotedns '192.168.0.1' + option logwtmp '0' + option localip '192.168.0.1' + +config login 'login' + option username 'lean' + option password 'I234567B' + diff --git a/package/lean/luci-app-pptp-server/root/etc/pptpd.include b/package/lean/luci-app-pptp-server/root/etc/pptpd.include new file mode 100755 index 000000000..e59a7b7ea --- /dev/null +++ b/package/lean/luci-app-pptp-server/root/etc/pptpd.include @@ -0,0 +1,6 @@ +iptables -D forwarding_rule -i ppp+ -j ACCEPT 2>/dev/null +iptables -D forwarding_rule -o ppp+ -j ACCEPT 2>/dev/null + +iptables -A forwarding_rule -i ppp+ -j ACCEPT +iptables -A forwarding_rule -o ppp+ -j ACCEPT +echo 1 > /proc/sys/net/ipv4/conf/br-lan/proxy_arp diff --git a/package/lean/luci-app-pptp-server/root/etc/uci-defaults/pptpd b/package/lean/luci-app-pptp-server/root/etc/uci-defaults/pptpd new file mode 100755 index 000000000..68c9f3e66 --- /dev/null +++ b/package/lean/luci-app-pptp-server/root/etc/uci-defaults/pptpd @@ -0,0 +1,37 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete firewall.pptpd + set firewall.pptpd=include + set firewall.pptpd.type=script + set firewall.pptpd.path=/etc/pptpd.include + set firewall.pptpd.reload=1 + delete firewall.pptp + add firewall rule + rename firewall.@rule[-1]="pptp" + set firewall.@rule[-1].name="pptp" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="tcp" + set firewall.@rule[-1].dest_port="1723" + delete firewall.gre + add firewall rule + rename firewall.@rule[-1]="gre" + set firewall.@rule[-1].name="gre" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="47" + commit firewall +EOF + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@pptpd[-1] + add ucitrack pptpd + set ucitrack.@pptpd[-1].init=pptpd + commit ucitrack +EOF + +/etc/init.d/pptpd enable && /etc/init.d/pptpd restart + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-ramfree/Makefile b/package/lean/luci-app-ramfree/Makefile new file mode 100644 index 000000000..cddacda36 --- /dev/null +++ b/package/lean/luci-app-ramfree/Makefile @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=luci-app-ramfree +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=1 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-ramfree/luasrc/controller/release_ram.lua b/package/lean/luci-app-ramfree/luasrc/controller/release_ram.lua new file mode 100644 index 000000000..17e95ce40 --- /dev/null +++ b/package/lean/luci-app-ramfree/luasrc/controller/release_ram.lua @@ -0,0 +1,9 @@ +module("luci.controller.release_ram",package.seeall) + +function index() + entry({"admin","status","release_ram"}, call("release_ram"), _("Release Ram"), 9999) +end +function release_ram() + luci.sys.call("sync && echo 3 > /proc/sys/vm/drop_caches") + luci.http.redirect(luci.dispatcher.build_url("admin/status")) +end diff --git a/package/lean/luci-app-ramfree/po/zh-cn/release_ram.po b/package/lean/luci-app-ramfree/po/zh-cn/release_ram.po new file mode 100644 index 000000000..cff6f0289 --- /dev/null +++ b/package/lean/luci-app-ramfree/po/zh-cn/release_ram.po @@ -0,0 +1,2 @@ +msgid "Release Ram" +msgstr "閲婃斁鍐呭瓨" diff --git a/package/lean/luci-app-sfe/Makefile b/package/lean/luci-app-sfe/Makefile new file mode 100644 index 000000000..2504a24aa --- /dev/null +++ b/package/lean/luci-app-sfe/Makefile @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for Turbo ACC (SFE) +LUCI_DEPENDS:=+kmod-fast-classifier +pdnsd-alt +kmod-tcp-bbr @LINUX_4_9 +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=11 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + diff --git a/package/lean/luci-app-sfe/luasrc/controller/sfe.lua b/package/lean/luci-app-sfe/luasrc/controller/sfe.lua new file mode 100644 index 000000000..10e9dd82b --- /dev/null +++ b/package/lean/luci-app-sfe/luasrc/controller/sfe.lua @@ -0,0 +1,39 @@ +module("luci.controller.sfe", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/sfe") then + return + end + local page + page = entry({"admin", "network", "sfe"}, cbi("sfe"), _("Turbo ACC Center"), 100) + page.i18n = "sfe" + page.dependent = true + + entry({"admin", "network", "sfe", "status"}, call("action_status")) +end + +local function is_running() + return luci.sys.call("lsmod | grep fast_classifier >/dev/null") == 0 +end + +local function is_bbr() + return luci.sys.call("sysctl net.ipv4.tcp_congestion_control | grep bbr >/dev/null") == 0 +end + +local function is_fullcone() + return luci.sys.call("iptables -t nat -L -n --line-numbers | grep FULLCONENAT >/dev/null") == 0 +end + +local function is_dns() + return luci.sys.call("pgrep dnscache >/dev/null") == 0 +end + +function action_status() + luci.http.prepare_content("application/json") + luci.http.write_json({ + run_state = is_running(), + down_state = is_bbr(), + up_state = is_fullcone(), + dns_state = is_dns() + }) +end \ No newline at end of file diff --git a/package/lean/luci-app-sfe/luasrc/model/cbi/sfe.lua b/package/lean/luci-app-sfe/luasrc/model/cbi/sfe.lua new file mode 100644 index 000000000..bb4c47616 --- /dev/null +++ b/package/lean/luci-app-sfe/luasrc/model/cbi/sfe.lua @@ -0,0 +1,45 @@ + +m = Map("sfe") +m.title = translate("Turbo ACC Acceleration Settings") +m.description = translate("Opensource Qualcomm Shortcut FE driver (Fast Path)") + +m:append(Template("sfe/status")) + +s = m:section(TypedSection, "sfe", "") +s.addremove = false +s.anonymous = true + + +enable = s:option(Flag, "enabled", translate("Enable SFE Fast Path")) +enable.default = 0 +enable.rmempty = false +enable.description = translate("Enable Fast Path offloading for connections. (decrease cpu load / increase routing throughput)") + +wifi = s:option(Flag, "wifi", translate("Bridge Acceleration")) +wifi.default = 0 +wifi.rmempty = false +wifi.description = translate("Enable Bridge Acceleration (may be functional conflict with bridge-mode VPN Server)") +wifi:depends("enabled", 1) + +ipv6 = s:option(Flag, "ipv6", translate("IPv6 Acceleration")) +ipv6.default = 0 +ipv6.rmempty = false +ipv6.description = translate("Enable IPv6 Acceleration") +ipv6:depends("enabled", 1) + +bbr = s:option(Flag, "bbr", translate("Enable BBR")) +bbr.default = 0 +bbr.rmempty = false +bbr.description = translate("Bottleneck Bandwidth and Round-trip propagation time (BBR)") + +dns = s:option(Flag, "dns", translate("DNS Acceleration")) +dns.default = 0 +dns.rmempty = false +dns.description = translate("Enable DNS Cache Acceleration and anti ISP DNS pollution") + +o = s:option(Value, "dns_server", translate("Upsteam DNS Server")) +o.default = "114.114.114.114,114.114.115.115" +o.description = translate("Muitiple DNS server can saperate with ','") +o:depends("dns", 1) + +return m diff --git a/package/lean/luci-app-sfe/luasrc/view/sfe/status.htm b/package/lean/luci-app-sfe/luasrc/view/sfe/status.htm new file mode 100644 index 000000000..6d35265ac --- /dev/null +++ b/package/lean/luci-app-sfe/luasrc/view/sfe/status.htm @@ -0,0 +1,24 @@ +
+ <%:Running Status%> + + + + + +
SFE 鍔犻熺姸鎬<%:Collecting data...%>
BBR 鍔犻<%:Collecting data...%>
FULLCONE NAT鍔犻<%:Collecting data...%>
DNS 鍔犻<%:Collecting data...%>
+
+ + diff --git a/package/lean/luci-app-sfe/po/zh-cn/sfe.po b/package/lean/luci-app-sfe/po/zh-cn/sfe.po new file mode 100644 index 000000000..044d2f630 --- /dev/null +++ b/package/lean/luci-app-sfe/po/zh-cn/sfe.po @@ -0,0 +1,53 @@ +msgid "SFE Acceleration" +msgstr "SFE 杞彂鍔犻" + +msgid "Turbo ACC Center" +msgstr "Turbo ACC 缃戠粶鍔犻" + +msgid "Turbo ACC Acceleration Settings" +msgstr "Turbo ACC 缃戠粶鍔犻熻缃" + +msgid "Shortcut Forwarding Engine Acceleration Settings" +msgstr "SFE 杞彂鍔犻熷紩鎿庤缃" + +msgid "Opensource Qualcomm Shortcut FE driver (Fast Path)" +msgstr "鏉ヨ嚜楂橀氬紑婧愮殑 Shortcut FE 杞彂鍔犻熷紩鎿 (Fast Path)" + +msgid "Enable" +msgstr "鍚敤" + +msgid "Enable SFE Fast Path" +msgstr "鍚敤 SFE Fast Path 鍔犻" + +msgid "Enable Fast Path offloading for connections. (decrease cpu load / increase routing throughput)" +msgstr "寮鍚 Fast Path 杞彂鍔犻. (闄嶄綆CPU鍗犵敤 / 澧炲己璺敱杞彂鎬ц兘锛屽拰澶歐AN鎴栬匭OS鍔熻兘鍙兘浼氬啿绐)" + +msgid "Bridge Acceleration" +msgstr "妗ユ帴鍔犻" + +msgid "Enable Bridge Acceleration (may be functional conflict with bridge-mode VPN Server)" +msgstr "鍚敤妗ユ帴鍔犻 (鍙兘浼氬拰璺敱鍣ㄤ笂妗ユ帴妯″紡鐨刅PN鏈嶅姟鍣ㄥ啿绐)" + +msgid "IPv6 Acceleration" +msgstr "IPv6 鍔犻" + +msgid "Enable IPv6 Acceleration" +msgstr "寮鍚疘Pv6鍔犻" + +msgid "Enable BBR" +msgstr "鍚敤 BBR" + +msgid "Bottleneck Bandwidth and Round-trip propagation time (BBR)" +msgstr "BBR鎷ュ鎺у埗绠楁硶鍙互鍔犲己TCP搴旂敤琛ㄧ幇锛屼絾浼氶檷浣庤矾鐢卞櫒鏈満涓婄殑WIFI鍚炲悙鎬ц兘" + +msgid "DNS Acceleration" +msgstr "DNS 鍔犻" + +msgid "Enable DNS Cache Acceleration and anti ISP DNS pollution" +msgstr "鍚敤DNS澶氱嚎绋嬫煡璇€佺紦瀛橈紝骞堕槻姝SP鐨凞NS骞垮憡鍜屽煙鍚嶅姭鎸" + +msgid "Upsteam DNS Server" +msgstr "涓婃父 DNS 鏈嶅姟鍣(鍥藉唴)" + +msgid "Muitiple DNS server can saperate with ','" +msgstr "鏀寔澶氫釜涓婃父DNS鏈嶅姟鍣紝鐢','鍒嗛殧锛堟敞鎰忕敤鑻辨枃閫楀彿).璇峰~鍐欐偍鏈蹇殑DNS鏈嶅姟鍣" diff --git a/package/lean/luci-app-sfe/root/etc/config/sfe b/package/lean/luci-app-sfe/root/etc/config/sfe new file mode 100644 index 000000000..fc0b52ec4 --- /dev/null +++ b/package/lean/luci-app-sfe/root/etc/config/sfe @@ -0,0 +1,9 @@ + +config sfe 'config' + option enabled '1' + option ipv6 '0' + option wifi '0' + option bbr '0' + option dns '0' + option dns_server '114.114.114.114,114.114.115.115' + diff --git a/package/lean/luci-app-sfe/root/etc/init.d/sfe b/package/lean/luci-app-sfe/root/etc/init.d/sfe new file mode 100755 index 000000000..5b3c2512e --- /dev/null +++ b/package/lean/luci-app-sfe/root/etc/init.d/sfe @@ -0,0 +1,206 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2011-2015 OpenWrt.org + +START=30 + +DNSMASQ_RESTART=N +DNS_SERVER="114.114.114.114,114.114.115.115" + +start_pdnsd() { + DNS_SERVER=$(uci get sfe.config.dns_server 2>/dev/null) + + [ -d /var/etc ] || mkdir -p /var/etc + + if [ ! -f /var/dnscache/pdnsd.cache ]; then + mkdir -p /var/dnscache + echo -ne "pd13\000\000\000\000" > /var/dnscache/pdnsd.cache + chown -R nobody.nogroup /var/dnscache + fi + + cat > /var/etc/dnscache.conf </dev/null 2>&1 || kill -9 $(ps | grep dnscache | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + echo "Stop DNS Cache" +} + +change_dns() { + uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1 + uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5333 + uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto + uci set dhcp.@dnsmasq[0].noresolv=0 + uci commit dhcp +} + +revert_dns() { + uci del_list dhcp.@dnsmasq[0].server=127.0.0.1#5333 >/dev/null 2>&1 + uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto + uci set dhcp.@dnsmasq[0].noresolv=0 + uci commit dhcp +} + +start(){ + enable=$(uci get sfe.config.enabled 2>/dev/null) + wifi=$(uci get sfe.config.wifi) + ipv6=$(uci get sfe.config.ipv6) + dns=$(uci get sfe.config.dns 2>/dev/null) + bbr=$(uci get sfe.config.bbr 2>/dev/null) + if [ $enable -eq 1 ]; then + echo "enable" + ! (lsmod | grep fast_classifier >/dev/null) && (modprobe fast_classifier) + if [ $wifi -eq 1 ] ; then + echo 1 > /sys/fast_classifier/skip_to_bridge_ingress + else + echo 0 > /sys/fast_classifier/skip_to_bridge_ingress + fi + if [ $ipv6 -eq 1 ]; then + sfe_ipv6=$(cat /sys/sfe_ipv6/debug_dev) + [ ! -f /dev/sfe_ipv6 ] && mknod /dev/sfe_ipv6 c $sfe_ipv6 0 + else + rm -f /dev/sfe_ipv6 + fi + else + rmmod fast_classifier >/dev/null 2>&1 + fi + if [ $dns -eq 1 ]; then + start_pdnsd + change_dns + fi + if [ $bbr -eq 1 ]; then + sysctl -w net.ipv4.tcp_congestion_control=bbr + else + sysctl -w net.ipv4.tcp_congestion_control=cubic + fi + if [ "$DNSMASQ_RESTART" = N ]; then + /etc/init.d/dnsmasq restart && echo "DNSMASQ change" + fi +} + +stop(){ + enable=$(uci get sfe.config.enabled 2>/dev/null) + [ $enable -ne 1 ] && rmmod fast_classifier >/dev/null 2>&1 + stop_pdnsd + revert_dns + if [ "$DNSMASQ_RESTART" = N ]; then + /etc/init.d/dnsmasq restart && echo "DNSMASQ revert" + fi +} + +restart(){ + DNSMASQ_RESTART=Y + stop + start + /etc/init.d/dnsmasq restart && echo "DNSMASQ restart" +} + + diff --git a/package/lean/luci-app-sfe/root/etc/uci-defaults/sfe b/package/lean/luci-app-sfe/root/etc/uci-defaults/sfe new file mode 100755 index 000000000..444964d9b --- /dev/null +++ b/package/lean/luci-app-sfe/root/etc/uci-defaults/sfe @@ -0,0 +1,17 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@sfe[-1] + add ucitrack sfe + set ucitrack.@sfe[-1].init=sfe + commit ucitrack +EOF + +sed -i '/dnscache-watchdog.sh/d' /etc/crontabs/root +echo '*/60 * * * * /usr/share/dnscache-watchdog.sh' >> /etc/crontabs/root + +[ ! -f /usr/sbin/dnscache ] && ln /usr/sbin/pdnsd /usr/sbin/dnscache +/etc/init.d/sfe enable + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-sfe/root/usr/share/dnscache-watchdog.sh b/package/lean/luci-app-sfe/root/usr/share/dnscache-watchdog.sh new file mode 100755 index 000000000..4bde67d57 --- /dev/null +++ b/package/lean/luci-app-sfe/root/usr/share/dnscache-watchdog.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +dns_enable=$(uci get sfe.config.dns 2>/dev/null) + +if [ $dns_enable -eq 1 ]; then + if ! pidof dnscache>/dev/null; then + /etc/init.d/sfe restart + fi +fi diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile new file mode 100644 index 000000000..99a6b58e7 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -0,0 +1,18 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for SSR Plus +LUCI_DEPENDS:=+shadowsocksr-libev +ipset +ip-full +iptables-mod-tproxy +dnsmasq-full +coreutils +coreutils-base64 +bash +pdnsd-alt +wget +LUCI_PKGARCH:=all +PKG_VERSION:=1 +PKG_RELEASE:=17 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua b/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua new file mode 100644 index 000000000..1c0f437bb --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua @@ -0,0 +1,178 @@ +-- Copyright (C) 2017 yushi studio +-- Licensed to the public under the GNU General Public License v3. + +module("luci.controller.shadowsocksr", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/shadowsocksr") then + return + end + + + entry({"admin", "services", "shadowsocksr"},alias("admin", "services", "shadowsocksr", "client"),_("ShadowSocksR Plus+"), 10).dependent = true + + entry({"admin", "services", "shadowsocksr", "client"},cbi("shadowsocksr/client"),_("SSR Client"), 10).leaf = true + + entry({"admin", "services", "shadowsocksr", "servers"}, arcombine(cbi("shadowsocksr/servers"), cbi("shadowsocksr/client-config")),_("Servers Manage"), 20).leaf = true + + entry({"admin", "services", "shadowsocksr", "control"},cbi("shadowsocksr/control"),_("Access Control"), 30).leaf = true + + entry({"admin", "services", "shadowsocksr", "list"},form("shadowsocksr/list"),_("GFW List"), 40).leaf = true + + entry({"admin", "services", "shadowsocksr", "advanced"},cbi("shadowsocksr/advanced"),_("Advanced Settings"), 50).leaf = true + + entry({"admin", "services", "shadowsocksr", "status"},form("shadowsocksr/status"),_("Status"), 60).leaf = true + + entry({"admin", "services", "shadowsocksr", "check"}, call("check_status")) + entry({"admin", "services", "shadowsocksr", "refresh"}, call("refresh_data")) + entry({"admin", "services", "shadowsocksr", "checkport"}, call("check_port")) + + entry({"admin", "services", "shadowsocksr", "log"},form("shadowsocksr/log"),_("Log"), 70).leaf = true + + entry({"admin", "services", "shadowsocksr","run"},call("act_status")).leaf=true + +end + +function act_status() + local e={} + e.running=luci.sys.call("pgrep ssr-redir >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end + +function check_status() +local set ="/usr/bin/ssr-check www." .. luci.http.formvalue("set") .. ".com 80 3 1" +sret=luci.sys.call(set) +if sret== 0 then + retstring ="0" +else + retstring ="1" +end +luci.http.prepare_content("application/json") +luci.http.write_json({ ret=retstring }) +end + +function refresh_data() +local set =luci.http.formvalue("set") +local icount =0 + +if set == "gfw_data" then + if nixio.fs.access("/usr/bin/wget-ssl") then + refresh_cmd="wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfw.b64" + else + refresh_cmd="wget -O /tmp/gfw.b64 http://iytc.net/tools/list.b64" + end + sret=luci.sys.call(refresh_cmd .. " 2>/dev/null") + if sret== 0 then + luci.sys.call("/usr/bin/ssr-gfw") + icount = luci.sys.exec("cat /tmp/gfwnew.txt | wc -l") + if tonumber(icount)>1000 then + oldcount=luci.sys.exec("cat /etc/dnsmasq.ssr/gfw_list.conf | wc -l") + if tonumber(icount) ~= tonumber(oldcount) then + luci.sys.exec("cp -f /tmp/gfwnew.txt /etc/dnsmasq.ssr/gfw_list.conf") + retstring=tostring(math.ceil(tonumber(icount)/2)) + else + retstring ="0" + end + else + retstring ="-1" + end + luci.sys.exec("rm -f /tmp/gfwnew.txt ") + else + retstring ="-1" + end +elseif set == "ip_data" then + refresh_cmd="wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' 2>/dev/null| awk -F\\| '/CN\\|ipv4/ { printf(\"%s/%d\\n\", $4, 32-log($5)/log(2)) }' > /tmp/china_ssr.txt" + sret=luci.sys.call(refresh_cmd) + icount = luci.sys.exec("cat /tmp/china_ssr.txt | wc -l") + if sret== 0 and tonumber(icount)>1000 then + oldcount=luci.sys.exec("cat /etc/china_ssr.txt | wc -l") + if tonumber(icount) ~= tonumber(oldcount) then + luci.sys.exec("cp -f /tmp/china_ssr.txt /etc/china_ssr.txt") + retstring=tostring(tonumber(icount)) + else + retstring ="0" + end + + else + retstring ="-1" + end + luci.sys.exec("rm -f /tmp/china_ssr.txt ") +else + local need_process = 0 + if nixio.fs.access("/usr/bin/wget-ssl") then + refresh_cmd="wget-ssl --no-check-certificate -O - https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt > /tmp/adnew.conf" + need_process = 1 + else + refresh_cmd="wget -O /tmp/ad.conf http://iytc.net/tools/ad.conf" + end + sret=luci.sys.call(refresh_cmd .. " 2>/dev/null") + if sret== 0 then + if need_process == 1 then + luci.sys.call("/usr/bin/ssr-ad") + end + icount = luci.sys.exec("cat /tmp/ad.conf | wc -l") + if tonumber(icount)>1000 then + if nixio.fs.access("/etc/dnsmasq.ssr/ad.conf") then + oldcount=luci.sys.exec("cat /etc/dnsmasq.ssr/ad.conf | wc -l") + else + oldcount=0 + end + + if tonumber(icount) ~= tonumber(oldcount) then + luci.sys.exec("cp -f /tmp/ad.conf /etc/dnsmasq.ssr/ad.conf") + retstring=tostring(math.ceil(tonumber(icount))) + if oldcount==0 then + luci.sys.call("/etc/init.d/dnsmasq restart") + end + else + retstring ="0" + end + else + retstring ="-1" + end + luci.sys.exec("rm -f /tmp/ad.conf ") + else + retstring ="-1" + end +end +luci.http.prepare_content("application/json") +luci.http.write_json({ ret=retstring ,retcount=icount}) +end + + +function check_port() +local set="" +local retstring="

" +local s +local server_name = "" +local shadowsocksr = "shadowsocksr" +local uci = luci.model.uci.cursor() +local iret=1 + +uci:foreach(shadowsocksr, "servers", function(s) + + if s.alias then + server_name=s.alias + elseif s.server and s.server_port then + server_name= "%s:%s" %{s.server, s.server_port} + end + iret=luci.sys.call(" ipset add ss_spec_wan_ac " .. s.server .. " 2>/dev/null") + socket = nixio.socket("inet", "stream") + socket:setopt("socket", "rcvtimeo", 3) + socket:setopt("socket", "sndtimeo", 3) + ret=socket:connect(s.server,s.server_port) + if tostring(ret) == "true" then + socket:close() + retstring =retstring .. "[" .. server_name .. "] OK.
" + else + retstring =retstring .. "[" .. server_name .. "] Error.
" + end + if iret== 0 then + luci.sys.call(" ipset del ss_spec_wan_ac " .. s.server) + end +end) + +luci.http.prepare_content("application/json") +luci.http.write_json({ ret=retstring }) +end \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua new file mode 100644 index 000000000..c27341c6c --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua @@ -0,0 +1,49 @@ +local shadowsocksr = "shadowsocksr" +local uci = luci.model.uci.cursor() +local server_table = {} + +uci:foreach(shadowsocksr, "servers", function(s) + if s.alias then + server_table[s[".name"]] = s.alias + elseif s.server and s.server_port then + server_table[s[".name"]] = "%s:%s" %{s.server, s.server_port} + end +end) + +m = Map(shadowsocksr) + +s = m:section(TypedSection, "global", translate("Server failsafe auto swith settings")) +s.anonymous = true + +o = s:option(Flag, "enable_switch", translate("Enable Auto Switch")) +o.rmempty = false + +o = s:option(Value, "switch_time", translate("Switch check cycly(second)")) +o.datatype = "uinteger" +o:depends("enable_switch", "1") +o.default = 3600 + +o = s:option(Value, "switch_timeout", translate("Check timout(second)")) +o.datatype = "uinteger" +o:depends("enable_switch", "1") +o.default = 5 + +-- o = s:option(Flag, "monitor_enable", translate("Enable Process Deamon")) +-- o.rmempty = false + +-- [[ SOCKS5 Proxy ]]-- +s = m:section(TypedSection, "socks5_proxy", translate("SOCKS5 Proxy")) +s.anonymous = true + +o = s:option(ListValue, "server", translate("Server")) +o:value("nil", translate("Disable")) +for k, v in pairs(server_table) do o:value(k, v) end +o.default = "nil" +o.rmempty = false + +o = s:option(Value, "local_port", translate("Local Port")) +o.datatype = "port" +o.default = 1080 +o.rmempty = false + +return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua new file mode 100644 index 000000000..4417378aa --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua @@ -0,0 +1,168 @@ +-- Copyright (C) 2017 yushi studio github.com/ywb94 +-- Licensed to the public under the GNU General Public License v3. + +local m, s, o,kcp_enable +local shadowsocksr = "shadowsocksr" +local uci = luci.model.uci.cursor() +local ipkg = require("luci.model.ipkg") +local fs = require "nixio.fs" +local sys = require "luci.sys" +local sid = arg[1] + +local function isKcptun(file) + if not fs.access(file, "rwx", "rx", "rx") then + fs.chmod(file, 755) + end + + local str = sys.exec(file .. " -v | awk '{printf $1}'") + return (str:lower() == "kcptun") +end + + +local server_table = {} +local encrypt_methods = { + "none", + "table", + "rc4", + "rc4-md5-6", + "rc4-md5", + "aes-128-cfb", + "aes-192-cfb", + "aes-256-cfb", + "aes-128-ctr", + "aes-192-ctr", + "aes-256-ctr", + "bf-cfb", + "camellia-128-cfb", + "camellia-192-cfb", + "camellia-256-cfb", + "cast5-cfb", + "des-cfb", + "idea-cfb", + "rc2-cfb", + "seed-cfb", + "salsa20", + "chacha20", + "chacha20-ietf", +} + +local protocol = { + "origin", + "verify_deflate", + "auth_sha1_v4", + "auth_aes128_sha1", + "auth_aes128_md5", + "auth_chain_a", + "auth_chain_b", + "auth_chain_c", + "auth_chain_d", + "auth_chain_e", + "auth_chain_f", +} + +obfs = { + "plain", + "http_simple", + "http_post", + "random_head", + "tls1.2_ticket_auth", +} + +m = Map(shadowsocksr, translate("Edit ShadowSocksR Server")) +m.redirect = luci.dispatcher.build_url("admin/services/shadowsocksr/servers") +if m.uci:get(shadowsocksr, sid) ~= "servers" then + luci.http.redirect(m.redirect) + return +end + +-- [[ Servers Setting ]]-- +s = m:section(NamedSection, sid, "servers") +s.anonymous = true +s.addremove = false + +o = s:option(DummyValue,"ssr_url","SSR URL") +o.rawhtml = true +o.template = "shadowsocksr/ssrurl" +o.value =sid + +o = s:option(Value, "alias", translate("Alias(optional)")) + +-- o = s:option(Flag, "auth_enable", translate("Onetime Authentication")) +-- o.rmempty = false + +o = s:option(Value, "server", translate("Server Address")) +o.datatype = "host" +o.rmempty = false + +o = s:option(Value, "server_port", translate("Server Port")) +o.datatype = "port" +o.rmempty = false + +-- o = s:option(Value, "timeout", translate("Connection Timeout")) +-- o.datatype = "uinteger" +-- o.default = 60 +-- o.rmempty = false + +o = s:option(Value, "password", translate("Password")) +o.password = true +o.rmempty = false + +o = s:option(ListValue, "encrypt_method", translate("Encrypt Method")) +for _, v in ipairs(encrypt_methods) do o:value(v) end +o.rmempty = false + +o = s:option(ListValue, "protocol", translate("Protocol")) +for _, v in ipairs(protocol) do o:value(v) end +o.rmempty = false + +o = s:option(Value, "protocol_param", translate("Protocol param(optional)")) + +o = s:option(ListValue, "obfs", translate("Obfs")) +for _, v in ipairs(obfs) do o:value(v) end +o.rmempty = false + +o = s:option(Value, "obfs_param", translate("Obfs param(optional)")) + +-- o = s:option(Flag, "fast_open", translate("TCP Fast Open")) +-- o.rmempty = false + +o = s:option(Flag, "switch_enable", translate("Enable Auto Switch")) +o.rmempty = false +o.default = "1" + +o = s:option(Value, "local_port", translate("Local Port")) +o.datatype = "port" +o.default = 1234 +o.rmempty = false + +if nixio.fs.access("/usr/bin/ssr-kcptun") then + +kcp_enable = s:option(Flag, "kcp_enable", translate("KcpTun Enable"), translate("bin:/usr/bin/ssr-kcptun")) +kcp_enable.rmempty = false + +o = s:option(Value, "kcp_port", translate("KcpTun Port")) +o.datatype = "port" +o.default = 4000 +function o.validate(self, value, section) + local kcp_file="/usr/bin/ssr-kcptun" + local enable = kcp_enable:formvalue(section) or kcp_enable.disabled + if enable == kcp_enable.enabled then + if not fs.access(kcp_file) then + return nil, translate("Haven't a Kcptun executable file") + elseif not isKcptun(kcp_file) then + return nil, translate("Not a Kcptun executable file") + end + end + + return value +end + +o = s:option(Value, "kcp_password", translate("KcpTun Password")) +o.password = true + +o = s:option(Value, "kcp_param", translate("KcpTun Param")) +o.default = "--nocomp" + +end + +return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua new file mode 100644 index 000000000..55b871193 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua @@ -0,0 +1,72 @@ +-- Copyright (C) 2017 yushi studio github.com/ywb94 +-- Copyright (C) 2018 lean github.com/coolsnowwolf +-- Licensed to the public under the GNU General Public License v3. + +local m, s, sec, o, kcp_enable +local shadowsocksr = "shadowsocksr" +local uci = luci.model.uci.cursor() + +local sys = require "luci.sys" + +m = Map(shadowsocksr, translate("ShadowSocksR Plus+ Settings")) + +m:section(SimpleSection).template = "shadowsocksr/status" + +local server_table = {} +uci:foreach(shadowsocksr, "servers", function(s) + if s.alias then + server_table[s[".name"]] = s.alias + elseif s.server and s.server_port then + server_table[s[".name"]] = "%s:%s" %{s.server, s.server_port} + end +end) + +-- [[ Global Setting ]]-- +s = m:section(TypedSection, "global") +s.anonymous = true + +o = s:option(ListValue, "global_server", translate("Main Server")) +o:value("nil", translate("Disable")) +for k, v in pairs(server_table) do o:value(k, v) end +o.default = "nil" +o.rmempty = false + +o = s:option(ListValue, "udp_relay_server", translate("Game Mode UDP Server")) +o:value("", translate("Disable")) +o:value("same", translate("Same as Global Server")) +for k, v in pairs(server_table) do o:value(k, v) end + +o = s:option(ListValue, "run_mode", translate("Running Mode")) +o:value("gfw", translate("GFW List Mode")) +o:value("router", translate("IP Route Mode")) +o.default = gfw + +o = s:option(ListValue, "pdnsd_enable", translate("Resolve Dns Mode")) +o:depends("run_mode", "gfw") +o:value("1", translate("Use Pdnsd tcp query and cache")) +o:value("0", translate("Use SSR DNS Tunnel")) +o.default = 1 + +o = s:option(Flag, "tunnel_enable", translate("Enable Tunnel(DNS)")) +o:depends("run_mode", "router") +o.default = 1 + +o = s:option(Value, "tunnel_port", translate("Tunnel Port")) +o:depends("run_mode", "router") +o.datatype = "port" +o.default = 5300 + +o = s:option(ListValue, "tunnel_forward", translate("Anti-pollution DNS Server")) +o:value("8.8.4.4:53", translate("Google Public DNS (8.8.4.4)")) +o:value("8.8.8.8:53", translate("Google Public DNS (8.8.8.8)")) +o:value("208.67.222.222:53", translate("OpenDNS (208.67.222.222)")) +o:value("208.67.220.220:53", translate("OpenDNS (208.67.220.220)")) +o:value("209.244.0.3:53", translate("Level 3 Public DNS (209.244.0.3)")) +o:value("209.244.0.4:53", translate("Level 3 Public DNS (209.244.0.4)")) +o:value("4.2.2.1:53", translate("Level 3 Public DNS (4.2.2.1)")) +o:value("4.2.2.2:53", translate("Level 3 Public DNS (4.2.2.2)")) +o:value("4.2.2.3:53", translate("Level 3 Public DNS (4.2.2.3)")) +o:value("4.2.2.4:53", translate("Level 3 Public DNS (4.2.2.4)")) +o:value("1.1.1.1:53", translate("Cloudflare DNS (1.1.1.1)")) + +return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua new file mode 100644 index 000000000..4b113bac7 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua @@ -0,0 +1,44 @@ +local m, s, o + +m = Map("shadowsocksr", translate("IP black-and-white list")) + +s = m:section(TypedSection, "access_control") +s.anonymous = true + +-- Part of WAN +s:tab("wan_ac", translate("WAN IP AC")) + +o = s:taboption("wan_ac", DynamicList, "wan_bp_ips", translate("WAN White List IP")) +o.datatype = "ip4addr" + +o = s:taboption("wan_ac", DynamicList, "wan_fw_ips", translate("WAN Force Proxy IP")) +o.datatype = "ip4addr" + +-- Part of LAN +s:tab("lan_ac", translate("LAN IP AC")) + +o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Bypassed Host List")) +o.datatype = "ipaddr" +luci.ip.neighbors({ family = 4 }, function(entry) + if entry.reachable then + o:value(entry.dest:string()) + end +end) + +o = s:taboption("lan_ac", DynamicList, "lan_fp_ips", translate("LAN Force Proxy Host List")) +o.datatype = "ipaddr" +luci.ip.neighbors({ family = 4 }, function(entry) + if entry.reachable then + o:value(entry.dest:string()) + end +end) + +-- Part of Self +-- s:tab("self_ac", translate("Router Self AC")) +-- o = s:taboption("self_ac",ListValue, "router_proxy", translate("Router Self Proxy")) +-- o:value("1", translatef("Normal Proxy")) +-- o:value("0", translatef("Bypassed Proxy")) +-- o:value("2", translatef("Forwarded Proxy")) +-- o.rmempty = false + +return m \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/list.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/list.lua new file mode 100644 index 000000000..5dd8cab01 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/list.lua @@ -0,0 +1,23 @@ +local fs = require "nixio.fs" +local conffile = "/etc/config/gfw.list" + +f = SimpleForm("custom", translate("GFW Custom List"), translate("Please refer to the following writing")) + +t = f:field(TextValue, "conf") +t.rmempty = true +t.rows = 13 +function t.cfgvalue() + return fs.readfile(conffile) or "" +end + +function f.handle(self, state, data) + if state == FORM_VALID then + if data.conf then + fs.writefile(conffile, data.conf:gsub("\r\n", "\n")) + luci.sys.call("/usr/share/shadowsocksr/gfw2ipset.sh && /etc/init.d/dnsmasq restart && ipset flush gfwlist") + end + end + return true +end + +return f \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua new file mode 100644 index 000000000..05b4162fc --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua @@ -0,0 +1,15 @@ +local fs = require "nixio.fs" +local conffile = "/tmp/ssrpro.log" + +f = SimpleForm("logview") + +t = f:field(TextValue, "conf") +t.rmempty = true +t.rows = 20 +function t.cfgvalue() + luci.sys.exec("[ -f /tmp/ssrplus.log ] && sed '1!G;h;$!d' /tmp/ssrplus.log > /tmp/ssrpro.log") + return fs.readfile(conffile) or "" +end +t.readonly="readonly" + +return f \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua new file mode 100644 index 000000000..ff1b62ae3 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua @@ -0,0 +1,85 @@ +-- Licensed to the public under the GNU General Public License v3. + +local m, s, o +local shadowsocksr = "shadowsocksr" + +m = Map(shadowsocksr, translate("Servers subscription and manage")) + +-- Server Subscribe + +s = m:section(TypedSection, "server_subscribe") +s.anonymous = true + +o = s:option(Flag, "auto_update", translate("Auto Update")) +o.rmempty = false +o.description = translate("Auto Update Server subscription, GFW list and CHN route") + + +o = s:option(ListValue, "auto_update_time", translate("Update time (every day)")) +for t = 0,23 do +o:value(t, t..":00") +end +o.default=2 +o.rmempty = false + +o = s:option(DynamicList, "subscribe_url", translate("Subscribe URL")) +o.rmempty = true + +o = s:option(Flag, "proxy", translate("Through proxy update")) +o.rmempty = false +o.description = translate("Through proxy update list, Not Recommended ") + +o = s:option(Button,"update",translate("Update")) +o.inputstyle = "reload" +o.write = function() + luci.sys.call("nohup bash /usr/share/shadowsocksr/subscribe.sh > /tmp/subupdate.log 2>&1 &") + luci.sys.call("sleep 8") + luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers")) +end + + +-- [[ Servers Manage ]]-- +s = m:section(TypedSection, "servers") +s.anonymous = true +s.addremove = true +s.sortable = false +s.template = "cbi/tblsection" +s.extedit = luci.dispatcher.build_url("admin/services/shadowsocksr/servers/%s") +function s.create(...) + local sid = TypedSection.create(...) + if sid then + luci.http.redirect(s.extedit % sid) + return + end +end + +o = s:option(DummyValue, "alias", translate("Alias")) +function o.cfgvalue(...) + return Value.cfgvalue(...) or translate("None") +end + +o = s:option(DummyValue, "server", translate("Server Address")) +function o.cfgvalue(...) + return Value.cfgvalue(...) or "?" +end + +o = s:option(DummyValue, "server_port", translate("Server Port")) +function o.cfgvalue(...) + return Value.cfgvalue(...) or "?" +end + +if nixio.fs.access("/usr/bin/ssr-kcptun") then + +o = s:option(DummyValue, "kcp_enable", translate("KcpTun")) +function o.cfgvalue(...) + return Value.cfgvalue(...) or "?" +end + +end + +o = s:option(DummyValue, "switch_enable", translate("Auto Switch")) +function o.cfgvalue(...) + return Value.cfgvalue(...) or "0" +end + +return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua new file mode 100644 index 000000000..7bec5acd6 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua @@ -0,0 +1,166 @@ +-- Copyright (C) 2017 yushi studio +-- Licensed to the public under the GNU General Public License v3. + +local IPK_Version="3.0.9" +local m, s, o +local redir_run=0 +local reudp_run=0 +local sock5_run=0 +local server_run=0 +local kcptun_run=0 +local tunnel_run=0 +local udp2raw_run=0 +local udpspeeder_run=0 +local gfw_count=0 +local ad_count=0 +local ip_count=0 +local gfwmode=0 + +if nixio.fs.access("/etc/dnsmasq.ssr/gfw_list.conf") then +gfwmode=1 +end + +local shadowsocksr = "shadowsocksr" +-- html constants +font_blue = [[]] +font_off = [[]] +bold_on = [[]] +bold_off = [[]] + +local fs = require "nixio.fs" +local sys = require "luci.sys" +local kcptun_version=translate("Unknown") +local kcp_file="/usr/bin/ssr-kcptun" +if not fs.access(kcp_file) then + kcptun_version=translate("Not exist") +else + if not fs.access(kcp_file, "rwx", "rx", "rx") then + fs.chmod(kcp_file, 755) + end + kcptun_version=sys.exec(kcp_file .. " -v | awk '{printf $3}'") + if not kcptun_version or kcptun_version == "" then + kcptun_version = translate("Unknown") + end + +end + +if gfwmode==1 then + gfw_count = tonumber(sys.exec("cat /etc/dnsmasq.ssr/gfw_list.conf | wc -l"))/2 + if nixio.fs.access("/etc/dnsmasq.ssr/ad.conf") then + ad_count=tonumber(sys.exec("cat /etc/dnsmasq.ssr/ad.conf | wc -l")) + end +end + +if nixio.fs.access("/etc/china_ssr.txt") then + ip_count = sys.exec("cat /etc/china_ssr.txt | wc -l") +end + +local icount=sys.exec("ps -w | grep ssr-reudp |grep -v grep| wc -l") +if tonumber(icount)>0 then +reudp_run=1 +else +icount=sys.exec("ps -w | grep ssr-retcp |grep \"\\-u\"|grep -v grep| wc -l") +if tonumber(icount)>0 then +reudp_run=1 +end +end + + +if luci.sys.call("pidof ssr-redir >/dev/null") == 0 then +redir_run=1 +end + +if luci.sys.call("pidof ssr-kcptun >/dev/null") == 0 then +kcptun_run=1 +end + +if luci.sys.call("pidof ssr-server >/dev/null") == 0 then +server_run=1 +end + +if luci.sys.call("ps -w | grep ssr-tunnel |grep -v grep >/dev/null") == 0 then +tunnel_run=1 +end + +if luci.sys.call("pidof pdnsd >/dev/null") == 0 then +pdnsd_run=1 +end + +m = SimpleForm("Version") +m.reset = false +m.submit = false + +s=m:field(DummyValue,"redir_run",translate("Global Client")) +s.rawhtml = true +if redir_run == 1 then +s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off +else +s.value = translate("Not Running") +end + +s=m:field(DummyValue,"reudp_run",translate("Game Mode UDP Relay")) +s.rawhtml = true +if reudp_run == 1 then +s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off +else +s.value = translate("Not Running") +end + +s=m:field(DummyValue,"pdnsd_run",translate("PDNSD")) +s.rawhtml = true +if pdnsd_run == 1 then +s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off +else +s.value = translate("Not Running") +end + +s=m:field(DummyValue,"tunnel_run",translate("DNS Tunnel")) +s.rawhtml = true +if tunnel_run == 1 then +s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off +else +s.value = translate("Not Running") +end + +if nixio.fs.access("/usr/bin/ssr-kcptun") then + +s=m:field(DummyValue,"kcp_version",translate("KcpTun Version")) +s.rawhtml = true +s.value =kcptun_version + +s=m:field(DummyValue,"kcptun_run",translate("KcpTun")) +s.rawhtml = true +if kcptun_run == 1 then +s.value =font_blue .. bold_on .. translate("Running") .. bold_off .. font_off +else +s.value = translate("Not Running") +end + +end + +s=m:field(DummyValue,"google",translate("Google Connectivity")) +s.value = translate("No Check") +s.template = "shadowsocksr/check" + +s=m:field(DummyValue,"baidu",translate("Baidu Connectivity")) +s.value = translate("No Check") +s.template = "shadowsocksr/check" + +if gfwmode==1 then +s=m:field(DummyValue,"gfw_data",translate("GFW List Data")) +s.rawhtml = true +s.template = "shadowsocksr/refresh" +s.value =tostring(math.ceil(gfw_count)) .. " " .. translate("Records") + +end + +s=m:field(DummyValue,"ip_data",translate("China IP Data")) +s.rawhtml = true +s.template = "shadowsocksr/refresh" +s.value =ip_count .. " " .. translate("Records") + +s=m:field(DummyValue,"check_port",translate("Check Server Port")) +s.template = "shadowsocksr/checkport" +s.value =translate("No Check") + +return m diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/check.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/check.htm new file mode 100644 index 000000000..bd7892611 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/check.htm @@ -0,0 +1,38 @@ +<%+cbi/valueheader%> + + + + + +<%=self.value%> + +<%+cbi/valuefooter%> \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm new file mode 100644 index 000000000..ed91a2f22 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm @@ -0,0 +1,36 @@ +<%+cbi/valueheader%> + + + +<%=self.value%> + + + +<%+cbi/valuefooter%> \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/refresh.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/refresh.htm new file mode 100644 index 000000000..00da6cd6d --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/refresh.htm @@ -0,0 +1,44 @@ +<%+cbi/valueheader%> + + + + + +<%=self.value%> + +<%+cbi/valuefooter%> \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm new file mode 100644 index 000000000..6bcc8bbc7 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm @@ -0,0 +1,139 @@ +<%+cbi/valueheader%> + + + + + +<%:ssr://%> + +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/status.htm b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/status.htm new file mode 100644 index 000000000..0dab4d550 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
diff --git a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po new file mode 100644 index 000000000..a83bc1683 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po @@ -0,0 +1,453 @@ +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8\n" + +msgid "ShadowSocksR Client" +msgstr "ShadowSocksR 瀹㈡埛绔" + +msgid "Enable" +msgstr "鍚敤" + +msgid "Disable" +msgstr "鍋滅敤" + +msgid "Log" +msgstr "鏃ュ織" + +msgid "ShadowSocksR is running" +msgstr "ShadowSocksR 瀹㈡埛绔繍琛屼腑" + +msgid "ShadowSocksR is not running" +msgstr "ShadowSocksR 瀹㈡埛绔湭杩愯" + +msgid "Global Setting" +msgstr "鍏ㄥ眬璁剧疆" + +msgid "Global Server" +msgstr "鍏ㄥ眬鏈嶅姟鍣" + +msgid "ShadowSocksR SOCK5 Proxy is running" +msgstr "ShadowSocksR SOCK5浠g悊杩愯涓" + +msgid "UDP Relay Server" +msgstr "UDP涓户鏈嶅姟鍣" + +msgid "Same as Global Server" +msgstr "涓庡叏灞鏈嶅姟鍣ㄧ浉鍚" + +msgid "Servers Setting" +msgstr "鏈嶅姟鍣ㄩ厤缃" + +msgid "Alias(optional)" +msgstr "鍒悕锛堝彲閫夛級" + +msgid "Onetime Authentication" +msgstr "涓娆¢獙璇" + +msgid "Server Address" +msgstr "鏈嶅姟鍣ㄥ湴鍧" + +msgid "Server Port" +msgstr "鏈嶅姟鍣ㄧ鍙" + +msgid "Local Port" +msgstr "鏈湴绔彛" + +msgid "Connection Timeout" +msgstr "杩炴帴瓒呮椂" + +msgid "Password" +msgstr "瀵嗙爜" + +msgid "Encrypt Method" +msgstr "鍔犲瘑鏂瑰紡" + +msgid "Protocol" +msgstr "浼犺緭鍗忚" + +msgid "Protocol param(optional)" +msgstr "浼犺緭鍗忚鍙傛暟锛堝彲閫夛級" + +msgid "Obfs" +msgstr "娣锋穯鎻掍欢" + +msgid "Obfs param(optional)" +msgstr "娣锋穯鍙傛暟锛堝彲閫夛級" + +msgid "Enable Tunnel(DNS)" +msgstr "鍚敤闅ч亾锛圖NS锛夎浆鍙" + +msgid "Tunnel Port" +msgstr "闅ч亾锛圖NS锛夋湰鍦扮鍙" + +msgid "Forwarding Tunnel" +msgstr "闅ч亾锛圖NS锛夎浆鍙戝湴鍧" + +msgid "Access Control" +msgstr "璁块棶鎺у埗" + +msgid "Interfaces - WAN" +msgstr "鎺ュ彛 - WAN" + +msgid "Bypassed IP List" +msgstr "琚拷鐣P鍒楄〃" + +msgid "NULL - As Global Proxy" +msgstr "鐣欑┖ - 浣滀负鍏ㄥ眬浠g悊" + +msgid "Bypassed IP" +msgstr "棰濆琚拷鐣P" + +msgid "Forwarded IP" +msgstr "寮哄埗璧颁唬鐞咺P" + +msgid "Interfaces - LAN" +msgstr "鎺ュ彛 - LAN" + +msgid "LAN Access Control" +msgstr "鍐呯綉璁块棶鎺у埗" + +msgid "Allow listed only" +msgstr "浠呭厑璁稿垪琛ㄥ唴" + +msgid "Allow all except listed" +msgstr "浠呭厑璁稿垪琛ㄥ" + +msgid "LAN Host List" +msgstr "鍐呯綉涓绘満鍒楄〃" + +msgid "SSR Client" +msgstr "瀹㈡埛绔" + +msgid "SSR Server" +msgstr "鏈嶅姟绔" + +msgid "ShadowSocksR Server" +msgstr "ShadowSocksR 鏈嶅姟绔" + +msgid "ShadowSocksR Server is running" +msgstr "ShadowSocksR 鏈嶅姟绔繍琛屼腑" + +msgid "ShadowSocksR Server is not running" +msgstr "ShadowSocksR 鏈嶅姟绔湭杩愯" + +msgid "Enable Server" +msgstr "鍚姩鏈嶅姟绔" + +msgid "Server Setting" +msgstr "鏈嶅姟绔厤缃" + +msgid "KcpTun Enable" +msgstr "KcpTun 鍚敤" + +msgid "bin:/usr/bin/ssr-kcptun" +msgstr "浜岃繘鍒舵枃浠讹細/usr/bin/ssr-kcptun" + +msgid "KcpTun Port" +msgstr "KcpTun 绔彛" + +msgid "KcpTun Param" +msgstr "KcpTun 鍙傛暟" + +msgid "KcpTun Password" +msgstr "KcpTun 瀵嗙爜" + +msgid "Haven't a Kcptun executable file" +msgstr "涓嶅瓨鍦↘cptun鍙墽琛屾枃浠讹紝璇蜂笅杞終cptun鍙墽琛屾枃浠跺苟鏀瑰悕鏀惧叆/usr/bin/ssr-kcptun" + +msgid "Not a Kcptun executable file" +msgstr "Kcptun鍙墽琛屾枃浠舵牸寮忎笉姝g‘锛岃纭鏄惁姝g‘涓嬭浇浜嗚矾鐢卞櫒瀵瑰簲鐨勫彲鎵ц鏂囦欢" + +msgid "Enable Process Monitor" +msgstr "鍚敤杩涚▼鐩戞帶" + +msgid "Edit ShadowSocksR Server" +msgstr "缂栬緫鏈嶅姟鍣ㄩ厤缃" + +msgid "Alias" +msgstr "鍒悕" + +msgid "SOCKS5 Proxy" +msgstr "SOCKS5浠g悊" + +msgid "Server" +msgstr "鏈嶅姟鍣" + +msgid "TCP Fast Open" +msgstr "TCP蹇熸墦寮" + +msgid "Status" +msgstr "鐘舵" + +msgid "Unknown" +msgstr "鏈煡" + +msgid "Running Status" +msgstr "杩愯鐘舵" + +msgid "Global Client" +msgstr "鍏ㄥ眬瀹㈡埛绔" + +msgid "Global SSR Server" +msgstr "SSR鏈嶅姟绔" + +msgid "DNS Tunnel" +msgstr "DNS 闅ч亾" + +msgid "IPK Version" +msgstr "IPK 鐗堟湰鍙" + +msgid "KcpTun Version" +msgstr "KcpTun 鐗堟湰鍙" + +msgid "Not exist" +msgstr "鏈畨瑁呭彲鎵ц鏂囦欢" + +msgid "IPK Installation Time" +msgstr "IPK 瀹夎鏃堕棿" + +msgid "Project" +msgstr "椤圭洰鍦板潃" + +msgid "Not Running" +msgstr "鏈繍琛" + +msgid "Running" +msgstr "杩愯涓" + +msgid "Enable GFW mode" +msgstr "鍚敤 GFW 妯″紡" + +msgid "Running Mode" +msgstr "杩愯妯″紡" + +msgid "IP Route Mode" +msgstr "缁曡繃涓浗澶ч檰IP妯″紡" + +msgid "GFW List Mode" +msgstr "GFW鍒楄〃妯″紡" + +msgid "Router Proxy" +msgstr "璺敱鍣ㄨ闂帶鍒" + +msgid "Normal Proxy" +msgstr "姝e父浠g悊" + +msgid "Bypassed Proxy" +msgstr "涓嶈蛋浠g悊" + +msgid "Forwarded Proxy" +msgstr "寮哄埗璧颁唬鐞" + +msgid "UDP Relay" +msgstr "UDP涓户" + +msgid "Google Connectivity" +msgstr "銆愯胺姝屻戣繛閫氭ф鏌" + +msgid "Baidu Connectivity" +msgstr "銆愮櫨搴︺戣繛閫氭ф鏌" + +msgid "No Check" +msgstr "鏈鏌" + +msgid "Check" +msgstr "妫鏌" + +msgid "Connect OK" +msgstr "杩炴帴姝e父" + +msgid "Connect Error" +msgstr "杩炴帴閿欒" + +msgid "Check..." +msgstr "姝e湪妫鏌.." + +msgid "Proxy Check" +msgstr "浠g悊妫鏌" + + +msgid "GFW List Data" +msgstr "銆怗FW鍒楄〃銆戞暟鎹簱" + +msgid "China IP Data" +msgstr "銆愬浗鍐匢P娈点戞暟鎹簱" + +msgid "Records" +msgstr "鏉¤褰" + +msgid "Refresh Data" +msgstr "鏇存柊鏁版嵁搴" + +msgid "Refresh..." +msgstr "姝e湪鏇存柊锛岃绋嶅.." + +msgid "Refresh OK!" +msgstr "鏇存柊鎴愬姛锛" + +msgid "Refresh Error!" +msgstr "鏇存柊澶辫触锛" + +msgid "No new data!" +msgstr "浣犲凡缁忔槸鏈鏂版暟鎹紝鏃犻渶鏇存柊锛" + +msgid "Total Records:" +msgstr "鏂扮殑鎬荤邯褰曟暟锛" + +msgid "Check Server Port" +msgstr "銆愭湇鍔″櫒绔彛銆戞鏌" + +msgid "Check Connect" +msgstr "妫鏌ヨ繛閫氭" + +msgid "Check Server" +msgstr "妫鏌ユ湇鍔″櫒" + +msgid "Auto Switch" +msgstr "鑷姩鍒囨崲" + +msgid "Enable Auto Switch" +msgstr "鍚敤鑷姩鍒囨崲" + +msgid "Switch check cycly(second)" +msgstr "鑷姩鍒囨崲妫鏌ュ懆鏈燂紙绉掞級" + +msgid "Check timout(second)" +msgstr "鍒囨崲妫鏌ヨ秴鏃舵椂闂达紙绉掞級" + +msgid "Advertising Data" +msgstr "銆愬箍鍛婂睆钄姐戞暟鎹簱" + +msgid "DNS Server IP and Port" +msgstr "DNS鏈嶅姟鍣ㄥ湴鍧鍜岀鍙" + +msgid "Resolve Dns Mode" +msgstr "DNS瑙f瀽鏂瑰紡" + +msgid "Use SSR DNS Tunnel" +msgstr "浣跨敤SSR-DNS闅ч亾" + +msgid "Use Pdnsd" +msgstr "浣跨敤Pdnsd" + +msgid "Use Other DNS Tunnel(Need to install)" +msgstr "浣跨敤鍏朵粬DNS杞彂(闇瑕佽嚜宸卞畨瑁)" + +msgid "Import SSR" +msgstr "瀵煎叆ssr閰嶇疆淇℃伅" + +msgid "Export SSR" +msgstr "瀵煎嚭ssr閰嶇疆淇℃伅" + +msgid "Import SSR successfully." +msgstr "鎴愬姛瀵煎叆SSR銆" + +msgid "Invalid SSR format." +msgstr "鏃犳晥鐨凷SR鏍煎紡銆" + +msgid "User cancelled." +msgstr "鐢ㄦ埛宸插彇娑堛" + +msgid "Paste ssr url here" +msgstr "鍦ㄦ澶勭矘璐磗sr://缃戝潃" + +msgid "Unable to copy SSR to clipboard." +msgstr "鏃犳硶澶嶅埗SSR缃戝潃鍒板壀璐存澘銆" + +msgid "Copy SSR to clipboard successfully." +msgstr "鎴愬姛澶嶅埗SSR缃戝潃鍒板壀璐存澘銆" + +msgid "Servers Manage" +msgstr "鏈嶅姟鍣ㄧ鐞" + +msgid "Auto Update" +msgstr "鑷姩鏇存柊" + +msgid "Through proxy update" +msgstr "閫氳繃浠g悊鏇存柊" + +msgid "GFW List" +msgstr "GFW鍒楄〃" + +msgid "ShadowSocksR Plus+ Settings" +msgstr "ShadowSocksR Plus+ 璁剧疆" + +msgid "Main Server" +msgstr "涓绘湇鍔″櫒" + +msgid "Anti-pollution DNS Server" +msgstr "璁块棶鍥藉鍩熷悕DNS鏈嶅姟鍣" + +msgid "Use Pdnsd tcp query and cache" +msgstr "浣跨敤PDNSD TCP鏌ヨ骞剁紦瀛" + +msgid "DNS Server IP:Port" +msgstr "DNS鏈嶅姟鍣 IP:Port" + +msgid "Update time (every day)" +msgstr "鏇存柊鏃堕棿 (姣忓ぉ)" + +msgid "Auto Update Server subscription, GFW list and CHN route" +msgstr "鑷姩鏇存柊鏈嶅姟鍣ㄨ闃呫丟FW鍒楄〃鍜 CHN璺敱琛" + +msgid "Subscribe URL" +msgstr "SSR鏈嶅姟鍣ㄨ闃匲RL鍦板潃" + +msgid "Update" +msgstr "鏇存柊" + +msgid "IP black-and-white list" +msgstr "IP榛戠櫧鍚嶅崟" + +msgid "WAN IP AC" +msgstr "WAN IP璁块棶鎺у埗" + +msgid "WAN White List IP" +msgstr "涓嶈蛋浠g悊鐨刉AN IP" + +msgid "WAN Force Proxy IP" +msgstr "寮哄埗璧颁唬鐞嗙殑WAN IP" + +msgid "LAN Bypassed Host List" +msgstr "涓嶈蛋浠g悊鐨勫眬鍩熺綉 LAN IP" + +msgid "LAN Force Proxy Host List" +msgstr "鍏ㄥ眬浠g悊鐨凩AN IP" + +msgid "Router Self AC" +msgstr "璺敱鍣ㄨ嚜韬唬鐞嗚缃" + +msgid "Router Self Proxy" +msgstr "璺敱鍣ㄨ嚜韬唬鐞嗘柟寮" + +msgid "Normal Proxy" +msgstr "璺熼殢鍏ㄥ眬璁剧疆" + +msgid "Bypassed Proxy" +msgstr "涓嶈蛋浠g悊" + +msgid "Forwarded Proxy" +msgstr "鍏ㄥ眬浠g悊" + +msgid "GFW Custom List" +msgstr "GFW 鐢ㄦ埛鑷畾涔夊垪琛" + +msgid "Please refer to the following writing" +msgstr "姣忚涓涓煙鍚嶏紝鏃犻渶鍐欏墠闈㈢殑 HTTP(S):// 锛屾彁浜ゅ悗鍗虫椂鐢熸晥" + +msgid "Servers subscription and manage" +msgstr "鏈嶅姟鍣ㄨ妭鐐硅闃呬笌绠$悊锛堟敮鎸佽闃呭拰鎵嬪姩瀵煎叆SSR閾炬帴锛" + +msgid "Through proxy update list, Not Recommended" +msgstr "閫氳繃璺敱鍣ㄨ嚜韬唬鐞嗘洿鏂拌闃咃紙涓嶆帹鑽愶級" + +msgid "LAN IP AC" +msgstr "LAN IP璁块棶鎺у埗" + +msgid "Game Mode UDP Server" +msgstr "娓告垙妯″紡UDP涓户鏈嶅姟鍣" + +msgid "Game Mode UDP Relay" +msgstr "娓告垙妯″紡UDP涓户" + +msgid "Server failsafe auto swith settings" +msgstr "鏈嶅姟鍣ㄨ妭鐐规晠闅滆嚜鍔ㄥ垏鎹㈣缃" diff --git a/package/lean/luci-app-ssr-plus/root/etc/china_ssr.txt b/package/lean/luci-app-ssr-plus/root/etc/china_ssr.txt new file mode 100644 index 000000000..4f6474ce4 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/etc/china_ssr.txt @@ -0,0 +1,8264 @@ +1.0.1.0/24 +1.0.2.0/23 +1.0.8.0/21 +1.0.32.0/19 +1.1.0.0/24 +1.1.2.0/23 +1.1.4.0/22 +1.1.8.0/24 +1.1.9.0/24 +1.1.10.0/23 +1.1.12.0/22 +1.1.16.0/20 +1.1.32.0/19 +1.2.0.0/23 +1.2.2.0/24 +1.2.4.0/24 +1.2.5.0/24 +1.2.6.0/23 +1.2.8.0/24 +1.2.9.0/24 +1.2.10.0/23 +1.2.12.0/22 +1.2.16.0/20 +1.2.32.0/19 +1.2.64.0/18 +1.3.0.0/16 +1.4.1.0/24 +1.4.2.0/23 +1.4.4.0/24 +1.4.5.0/24 +1.4.6.0/23 +1.4.8.0/21 +1.4.16.0/20 +1.4.32.0/19 +1.4.64.0/18 +1.8.0.0/16 +1.10.0.0/21 +1.10.8.0/23 +1.10.11.0/24 +1.10.12.0/22 +1.10.16.0/20 +1.10.32.0/19 +1.10.64.0/18 +1.12.0.0/14 +1.24.0.0/13 +1.45.0.0/16 +1.48.0.0/15 +1.50.0.0/16 +1.51.0.0/16 +1.56.0.0/13 +1.68.0.0/14 +1.80.0.0/13 +1.88.0.0/14 +1.92.0.0/15 +1.94.0.0/15 +1.116.0.0/15 +1.118.0.0/16 +1.119.0.0/17 +1.119.128.0/17 +1.180.0.0/14 +1.184.0.0/15 +1.188.0.0/14 +1.192.0.0/13 +1.202.0.0/15 +1.204.0.0/14 +14.0.0.0/21 +14.0.12.0/22 +14.1.0.0/22 +14.1.24.0/22 +14.1.96.0/22 +14.1.108.0/22 +14.16.0.0/12 +14.102.128.0/22 +14.102.156.0/22 +14.102.180.0/22 +14.103.0.0/16 +14.104.0.0/13 +14.112.0.0/12 +14.130.0.0/15 +14.134.0.0/15 +14.144.0.0/12 +14.192.60.0/22 +14.192.76.0/22 +14.196.0.0/15 +14.204.0.0/15 +14.208.0.0/12 +27.0.128.0/22 +27.0.132.0/22 +27.0.160.0/22 +27.0.164.0/22 +27.0.188.0/22 +27.0.204.0/22 +27.0.208.0/22 +27.0.212.0/22 +27.8.0.0/13 +27.16.0.0/12 +27.34.232.0/21 +27.36.0.0/14 +27.40.0.0/13 +27.50.40.0/21 +27.50.128.0/17 +27.54.72.0/21 +27.54.152.0/21 +27.54.192.0/18 +27.98.208.0/20 +27.98.224.0/19 +27.99.128.0/17 +27.103.0.0/16 +27.106.128.0/18 +27.106.204.0/22 +27.109.32.0/19 +27.109.124.0/22 +27.112.0.0/18 +27.112.80.0/20 +27.112.112.0/22 +27.112.116.0/22 +27.113.128.0/18 +27.115.0.0/17 +27.116.44.0/22 +27.121.72.0/21 +27.121.120.0/21 +27.123.232.0/22 +27.128.0.0/15 +27.131.220.0/22 +27.144.0.0/16 +27.148.0.0/14 +27.152.0.0/13 +27.184.0.0/13 +27.192.0.0/11 +27.224.0.0/14 +36.0.0.0/22 +36.0.8.0/21 +36.0.16.0/20 +36.0.32.0/19 +36.0.64.0/18 +36.0.128.0/17 +36.1.0.0/16 +36.4.0.0/14 +36.16.0.0/12 +36.32.0.0/14 +36.36.0.0/16 +36.37.0.0/19 +36.37.36.0/23 +36.37.39.0/24 +36.37.40.0/21 +36.37.48.0/20 +36.40.0.0/13 +36.48.0.0/15 +36.51.0.0/16 +36.56.0.0/13 +36.96.0.0/11 +36.128.0.0/10 +36.192.0.0/11 +36.248.0.0/14 +36.254.0.0/16 +36.255.116.0/22 +36.255.128.0/22 +36.255.164.0/22 +36.255.172.0/22 +36.255.176.0/22 +36.255.220.0/22 +39.0.0.0/24 +39.0.2.0/23 +39.0.4.0/22 +39.0.8.0/21 +39.0.16.0/20 +39.0.32.0/19 +39.0.64.0/18 +39.0.128.0/17 +39.64.0.0/11 +39.96.0.0/13 +39.104.0.0/14 +39.108.0.0/16 +39.128.0.0/10 +40.72.0.0/15 +40.125.128.0/17 +40.126.64.0/18 +42.0.0.0/22 +42.0.8.0/21 +42.0.16.0/21 +42.0.24.0/22 +42.0.32.0/19 +42.0.128.0/17 +42.1.0.0/19 +42.1.32.0/20 +42.1.48.0/21 +42.1.56.0/22 +42.1.128.0/17 +42.4.0.0/14 +42.48.0.0/15 +42.50.0.0/16 +42.51.0.0/16 +42.52.0.0/14 +42.56.0.0/14 +42.62.0.0/17 +42.62.128.0/19 +42.62.160.0/20 +42.62.180.0/22 +42.62.184.0/21 +42.63.0.0/16 +42.80.0.0/15 +42.83.64.0/20 +42.83.80.0/22 +42.83.88.0/21 +42.83.96.0/19 +42.83.128.0/17 +42.84.0.0/14 +42.88.0.0/13 +42.96.64.0/19 +42.96.96.0/21 +42.96.108.0/22 +42.96.112.0/20 +42.96.128.0/17 +42.97.0.0/16 +42.99.0.0/18 +42.99.64.0/19 +42.99.96.0/20 +42.99.112.0/22 +42.99.120.0/21 +42.100.0.0/14 +42.120.0.0/15 +42.122.0.0/16 +42.123.0.0/19 +42.123.36.0/22 +42.123.40.0/21 +42.123.48.0/20 +42.123.64.0/18 +42.123.128.0/17 +42.128.0.0/12 +42.156.0.0/19 +42.156.36.0/22 +42.156.40.0/21 +42.156.48.0/20 +42.156.64.0/18 +42.156.128.0/17 +42.157.0.0/16 +42.158.0.0/16 +42.159.0.0/16 +42.160.0.0/12 +42.176.0.0/13 +42.184.0.0/15 +42.186.0.0/16 +42.187.0.0/18 +42.187.64.0/19 +42.187.96.0/20 +42.187.112.0/21 +42.187.120.0/22 +42.187.128.0/17 +42.192.0.0/15 +42.194.0.0/21 +42.194.8.0/22 +42.194.12.0/22 +42.194.16.0/20 +42.194.32.0/19 +42.194.64.0/18 +42.194.128.0/17 +42.195.0.0/16 +42.196.0.0/14 +42.201.0.0/17 +42.202.0.0/15 +42.204.0.0/14 +42.208.0.0/12 +42.224.0.0/12 +42.240.0.0/17 +42.240.128.0/17 +42.242.0.0/15 +42.244.0.0/14 +42.248.0.0/13 +43.224.12.0/22 +43.224.24.0/22 +43.224.44.0/22 +43.224.52.0/22 +43.224.56.0/22 +43.224.64.0/22 +43.224.68.0/22 +43.224.72.0/22 +43.224.80.0/22 +43.224.100.0/22 +43.224.144.0/22 +43.224.160.0/22 +43.224.176.0/22 +43.224.184.0/22 +43.224.200.0/22 +43.224.204.0/22 +43.224.208.0/22 +43.224.212.0/22 +43.224.216.0/22 +43.224.240.0/22 +43.225.76.0/22 +43.225.84.0/22 +43.225.120.0/22 +43.225.124.0/22 +43.225.140.0/22 +43.225.172.0/22 +43.225.180.0/22 +43.225.208.0/22 +43.225.216.0/22 +43.225.220.0/22 +43.225.224.0/22 +43.225.228.0/22 +43.225.232.0/22 +43.225.236.0/22 +43.225.240.0/22 +43.225.244.0/22 +43.225.252.0/22 +43.226.32.0/22 +43.226.36.0/22 +43.226.40.0/22 +43.226.44.0/22 +43.226.48.0/22 +43.226.52.0/22 +43.226.56.0/22 +43.226.60.0/22 +43.226.64.0/22 +43.226.68.0/22 +43.226.72.0/22 +43.226.76.0/22 +43.226.80.0/22 +43.226.84.0/22 +43.226.88.0/22 +43.226.92.0/22 +43.226.96.0/22 +43.226.100.0/22 +43.226.104.0/22 +43.226.108.0/22 +43.226.112.0/22 +43.226.116.0/22 +43.226.120.0/22 +43.226.128.0/22 +43.226.132.0/22 +43.226.136.0/22 +43.226.140.0/22 +43.226.144.0/22 +43.226.148.0/22 +43.226.152.0/22 +43.226.156.0/22 +43.226.160.0/22 +43.226.164.0/22 +43.226.168.0/22 +43.226.172.0/22 +43.226.176.0/22 +43.226.180.0/22 +43.226.184.0/22 +43.226.188.0/22 +43.226.192.0/22 +43.226.196.0/22 +43.226.200.0/22 +43.226.204.0/22 +43.226.208.0/22 +43.226.212.0/22 +43.226.236.0/22 +43.226.240.0/22 +43.226.244.0/22 +43.226.248.0/22 +43.226.252.0/22 +43.227.0.0/22 +43.227.4.0/22 +43.227.8.0/22 +43.227.32.0/22 +43.227.36.0/22 +43.227.40.0/22 +43.227.44.0/22 +43.227.48.0/22 +43.227.52.0/22 +43.227.56.0/22 +43.227.60.0/22 +43.227.64.0/22 +43.227.68.0/22 +43.227.72.0/22 +43.227.76.0/22 +43.227.80.0/22 +43.227.84.0/22 +43.227.88.0/22 +43.227.92.0/22 +43.227.96.0/22 +43.227.100.0/22 +43.227.104.0/22 +43.227.136.0/22 +43.227.140.0/22 +43.227.144.0/22 +43.227.152.0/22 +43.227.156.0/22 +43.227.160.0/22 +43.227.164.0/22 +43.227.168.0/22 +43.227.172.0/22 +43.227.176.0/22 +43.227.180.0/22 +43.227.188.0/22 +43.227.192.0/22 +43.227.196.0/22 +43.227.200.0/22 +43.227.204.0/22 +43.227.208.0/22 +43.227.212.0/22 +43.227.216.0/22 +43.227.220.0/22 +43.227.232.0/22 +43.227.248.0/22 +43.227.252.0/22 +43.228.0.0/22 +43.228.4.0/22 +43.228.8.0/22 +43.228.12.0/22 +43.228.16.0/22 +43.228.20.0/22 +43.228.24.0/22 +43.228.28.0/22 +43.228.32.0/22 +43.228.36.0/22 +43.228.40.0/22 +43.228.44.0/22 +43.228.48.0/22 +43.228.52.0/22 +43.228.56.0/22 +43.228.60.0/22 +43.228.64.0/22 +43.228.68.0/22 +43.228.76.0/22 +43.228.100.0/22 +43.228.116.0/22 +43.228.120.0/22 +43.228.132.0/22 +43.228.136.0/22 +43.228.148.0/22 +43.228.152.0/22 +43.228.188.0/22 +43.229.16.0/22 +43.229.40.0/22 +43.229.48.0/22 +43.229.56.0/22 +43.229.96.0/22 +43.229.120.0/22 +43.229.136.0/22 +43.229.140.0/22 +43.229.144.0/22 +43.229.168.0/22 +43.229.172.0/22 +43.229.176.0/22 +43.229.180.0/22 +43.229.184.0/22 +43.229.188.0/22 +43.229.192.0/22 +43.229.196.0/22 +43.229.216.0/22 +43.229.220.0/22 +43.229.232.0/22 +43.229.236.0/22 +43.230.20.0/22 +43.230.32.0/22 +43.230.68.0/22 +43.230.72.0/22 +43.230.84.0/22 +43.230.124.0/22 +43.230.136.0/22 +43.230.168.0/22 +43.230.220.0/22 +43.230.224.0/22 +43.230.228.0/22 +43.230.232.0/22 +43.230.236.0/22 +43.230.240.0/22 +43.230.244.0/22 +43.230.248.0/22 +43.230.252.0/22 +43.231.32.0/22 +43.231.36.0/22 +43.231.40.0/22 +43.231.44.0/22 +43.231.80.0/22 +43.231.84.0/22 +43.231.88.0/22 +43.231.92.0/22 +43.231.96.0/22 +43.231.100.0/22 +43.231.104.0/22 +43.231.108.0/22 +43.231.136.0/22 +43.231.140.0/22 +43.231.144.0/22 +43.231.148.0/22 +43.231.152.0/22 +43.231.156.0/22 +43.231.160.0/22 +43.231.164.0/22 +43.231.168.0/22 +43.231.172.0/22 +43.231.176.0/22 +43.231.180.0/22 +43.236.0.0/22 +43.236.4.0/22 +43.236.8.0/22 +43.236.12.0/22 +43.236.16.0/22 +43.236.20.0/22 +43.236.24.0/22 +43.236.28.0/22 +43.236.32.0/22 +43.236.36.0/22 +43.236.40.0/22 +43.236.44.0/22 +43.236.48.0/22 +43.236.52.0/22 +43.236.56.0/22 +43.236.60.0/22 +43.236.64.0/22 +43.236.68.0/22 +43.236.72.0/22 +43.236.76.0/22 +43.236.80.0/22 +43.236.84.0/22 +43.236.88.0/22 +43.236.92.0/22 +43.236.96.0/22 +43.236.100.0/22 +43.236.104.0/22 +43.236.108.0/22 +43.236.112.0/22 +43.236.116.0/22 +43.236.120.0/22 +43.236.124.0/22 +43.236.128.0/22 +43.236.132.0/22 +43.236.136.0/22 +43.236.140.0/22 +43.236.144.0/22 +43.236.148.0/22 +43.236.152.0/22 +43.236.156.0/22 +43.236.160.0/22 +43.236.164.0/22 +43.236.168.0/22 +43.236.172.0/22 +43.236.176.0/22 +43.236.180.0/22 +43.236.184.0/22 +43.236.188.0/22 +43.236.192.0/22 +43.236.196.0/22 +43.236.200.0/22 +43.236.204.0/22 +43.236.208.0/22 +43.236.212.0/22 +43.236.216.0/22 +43.236.220.0/22 +43.236.224.0/22 +43.236.228.0/22 +43.236.232.0/22 +43.236.236.0/22 +43.236.240.0/22 +43.236.244.0/22 +43.236.248.0/22 +43.236.252.0/22 +43.237.0.0/22 +43.237.4.0/22 +43.237.8.0/22 +43.237.12.0/22 +43.237.16.0/22 +43.237.20.0/22 +43.237.24.0/22 +43.237.28.0/22 +43.237.32.0/22 +43.237.36.0/22 +43.237.40.0/22 +43.237.44.0/22 +43.237.48.0/22 +43.237.52.0/22 +43.237.56.0/22 +43.237.60.0/22 +43.237.64.0/22 +43.237.68.0/22 +43.237.72.0/22 +43.237.76.0/22 +43.237.80.0/22 +43.237.84.0/22 +43.237.88.0/22 +43.237.92.0/22 +43.237.96.0/22 +43.237.100.0/22 +43.237.104.0/22 +43.237.108.0/22 +43.237.112.0/22 +43.237.116.0/22 +43.237.120.0/22 +43.237.124.0/22 +43.237.128.0/22 +43.237.132.0/22 +43.237.136.0/22 +43.237.140.0/22 +43.237.144.0/22 +43.237.148.0/22 +43.237.152.0/22 +43.237.156.0/22 +43.237.160.0/22 +43.237.164.0/22 +43.237.168.0/22 +43.237.172.0/22 +43.237.176.0/22 +43.237.180.0/22 +43.237.184.0/22 +43.237.188.0/22 +43.237.192.0/22 +43.237.196.0/22 +43.237.200.0/22 +43.237.204.0/22 +43.237.208.0/22 +43.237.212.0/22 +43.237.216.0/22 +43.237.220.0/22 +43.237.224.0/22 +43.237.228.0/22 +43.237.232.0/22 +43.237.236.0/22 +43.237.240.0/22 +43.237.244.0/22 +43.237.248.0/22 +43.237.252.0/22 +43.238.0.0/22 +43.238.4.0/22 +43.238.8.0/22 +43.238.12.0/22 +43.238.16.0/22 +43.238.20.0/22 +43.238.24.0/22 +43.238.28.0/22 +43.238.32.0/22 +43.238.36.0/22 +43.238.40.0/22 +43.238.44.0/22 +43.238.48.0/22 +43.238.52.0/22 +43.238.56.0/22 +43.238.60.0/22 +43.238.64.0/22 +43.238.68.0/22 +43.238.72.0/22 +43.238.76.0/22 +43.238.80.0/22 +43.238.84.0/22 +43.238.88.0/22 +43.238.92.0/22 +43.238.96.0/22 +43.238.100.0/22 +43.238.104.0/22 +43.238.108.0/22 +43.238.112.0/22 +43.238.116.0/22 +43.238.120.0/22 +43.238.124.0/22 +43.238.128.0/22 +43.238.132.0/22 +43.238.136.0/22 +43.238.140.0/22 +43.238.144.0/22 +43.238.148.0/22 +43.238.152.0/22 +43.238.156.0/22 +43.238.160.0/22 +43.238.164.0/22 +43.238.168.0/22 +43.238.172.0/22 +43.238.176.0/22 +43.238.180.0/22 +43.238.184.0/22 +43.238.188.0/22 +43.238.192.0/22 +43.238.196.0/22 +43.238.200.0/22 +43.238.204.0/22 +43.238.208.0/22 +43.238.212.0/22 +43.238.216.0/22 +43.238.220.0/22 +43.238.224.0/22 +43.238.228.0/22 +43.238.232.0/22 +43.238.236.0/22 +43.238.240.0/22 +43.238.244.0/22 +43.238.248.0/22 +43.238.252.0/22 +43.239.0.0/22 +43.239.4.0/22 +43.239.8.0/21 +43.239.16.0/22 +43.239.20.0/22 +43.239.24.0/22 +43.239.28.0/22 +43.239.32.0/22 +43.239.36.0/22 +43.239.40.0/22 +43.239.44.0/22 +43.239.48.0/22 +43.239.116.0/22 +43.239.120.0/22 +43.239.172.0/22 +43.239.176.0/22 +43.240.0.0/22 +43.240.48.0/22 +43.240.56.0/22 +43.240.60.0/22 +43.240.68.0/22 +43.240.72.0/22 +43.240.76.0/22 +43.240.84.0/22 +43.240.124.0/22 +43.240.128.0/22 +43.240.132.0/22 +43.240.136.0/22 +43.240.156.0/22 +43.240.160.0/22 +43.240.164.0/22 +43.240.168.0/22 +43.240.172.0/22 +43.240.176.0/22 +43.240.180.0/22 +43.240.184.0/22 +43.240.188.0/22 +43.240.192.0/22 +43.240.196.0/22 +43.240.200.0/22 +43.240.204.0/22 +43.240.208.0/22 +43.240.212.0/22 +43.240.216.0/22 +43.240.220.0/22 +43.240.236.0/22 +43.240.240.0/22 +43.240.244.0/22 +43.240.248.0/22 +43.240.252.0/22 +43.241.0.0/22 +43.241.4.0/22 +43.241.8.0/22 +43.241.12.0/22 +43.241.16.0/22 +43.241.20.0/22 +43.241.48.0/22 +43.241.76.0/22 +43.241.80.0/22 +43.241.84.0/22 +43.241.88.0/22 +43.241.92.0/22 +43.241.112.0/22 +43.241.168.0/22 +43.241.172.0/22 +43.241.176.0/22 +43.241.180.0/22 +43.241.184.0/22 +43.241.196.0/22 +43.241.208.0/22 +43.241.212.0/22 +43.241.216.0/22 +43.241.220.0/22 +43.241.224.0/22 +43.241.228.0/22 +43.241.232.0/22 +43.241.236.0/22 +43.241.240.0/22 +43.241.248.0/22 +43.241.252.0/22 +43.242.8.0/22 +43.242.12.0/22 +43.242.16.0/22 +43.242.20.0/22 +43.242.24.0/22 +43.242.28.0/22 +43.242.44.0/22 +43.242.48.0/22 +43.242.52.0/22 +43.242.56.0/22 +43.242.60.0/22 +43.242.64.0/22 +43.242.72.0/22 +43.242.76.0/22 +43.242.80.0/22 +43.242.84.0/22 +43.242.88.0/22 +43.242.92.0/22 +43.242.96.0/22 +43.242.144.0/22 +43.242.148.0/22 +43.242.152.0/22 +43.242.156.0/22 +43.242.160.0/22 +43.242.164.0/22 +43.242.168.0/22 +43.242.180.0/22 +43.242.188.0/22 +43.242.192.0/22 +43.242.196.0/22 +43.242.204.0/22 +43.242.216.0/22 +43.242.220.0/22 +43.242.252.0/22 +43.243.4.0/22 +43.243.8.0/22 +43.243.12.0/22 +43.243.16.0/22 +43.243.24.0/22 +43.243.88.0/22 +43.243.128.0/22 +43.243.136.0/22 +43.243.144.0/22 +43.243.148.0/22 +43.243.156.0/22 +43.243.168.0/22 +43.243.180.0/22 +43.243.188.0/22 +43.243.228.0/22 +43.243.232.0/22 +43.243.244.0/22 +43.246.0.0/22 +43.246.4.0/22 +43.246.8.0/22 +43.246.12.0/22 +43.246.16.0/22 +43.246.20.0/22 +43.246.24.0/22 +43.246.28.0/22 +43.246.32.0/22 +43.246.36.0/22 +43.246.40.0/22 +43.246.44.0/22 +43.246.48.0/22 +43.246.52.0/22 +43.246.56.0/22 +43.246.60.0/22 +43.246.64.0/22 +43.246.68.0/22 +43.246.72.0/22 +43.246.76.0/22 +43.246.80.0/22 +43.246.84.0/22 +43.246.88.0/22 +43.246.92.0/22 +43.246.96.0/22 +43.246.112.0/22 +43.246.212.0/22 +43.246.228.0/22 +43.247.4.0/22 +43.247.8.0/22 +43.247.44.0/22 +43.247.48.0/22 +43.247.68.0/22 +43.247.76.0/22 +43.247.84.0/22 +43.247.88.0/22 +43.247.92.0/22 +43.247.96.0/22 +43.247.100.0/22 +43.247.108.0/22 +43.247.112.0/22 +43.247.148.0/22 +43.247.152.0/22 +43.247.176.0/22 +43.247.180.0/22 +43.247.184.0/22 +43.247.188.0/22 +43.247.196.0/22 +43.247.200.0/22 +43.247.204.0/22 +43.247.208.0/22 +43.247.212.0/22 +43.247.216.0/22 +43.247.220.0/22 +43.247.224.0/22 +43.247.228.0/22 +43.247.232.0/22 +43.247.236.0/22 +43.247.240.0/22 +43.247.244.0/22 +43.247.248.0/22 +43.247.252.0/22 +43.248.0.0/22 +43.248.4.0/22 +43.248.20.0/22 +43.248.28.0/22 +43.248.48.0/22 +43.248.76.0/22 +43.248.80.0/22 +43.248.84.0/22 +43.248.88.0/22 +43.248.92.0/22 +43.248.96.0/22 +43.248.100.0/22 +43.248.104.0/22 +43.248.108.0/22 +43.248.112.0/22 +43.248.116.0/22 +43.248.120.0/22 +43.248.124.0/22 +43.248.128.0/22 +43.248.132.0/22 +43.248.136.0/22 +43.248.140.0/22 +43.248.144.0/22 +43.248.148.0/22 +43.248.176.0/22 +43.248.180.0/22 +43.248.184.0/22 +43.248.188.0/22 +43.248.192.0/22 +43.248.196.0/22 +43.248.200.0/22 +43.248.204.0/22 +43.248.208.0/22 +43.248.228.0/22 +43.248.232.0/22 +43.248.244.0/22 +43.249.0.0/22 +43.249.4.0/22 +43.249.8.0/22 +43.249.24.0/22 +43.249.120.0/22 +43.249.132.0/22 +43.249.136.0/22 +43.249.144.0/22 +43.249.148.0/22 +43.249.152.0/22 +43.249.156.0/22 +43.249.160.0/22 +43.249.164.0/22 +43.249.168.0/22 +43.249.192.0/22 +43.249.236.0/22 +43.250.4.0/22 +43.250.12.0/22 +43.250.16.0/22 +43.250.20.0/22 +43.250.28.0/22 +43.250.32.0/22 +43.250.36.0/22 +43.250.72.0/22 +43.250.96.0/22 +43.250.100.0/22 +43.250.104.0/22 +43.250.108.0/22 +43.250.112.0/22 +43.250.116.0/22 +43.250.128.0/22 +43.250.144.0/22 +43.250.148.0/22 +43.250.160.0/22 +43.250.168.0/22 +43.250.172.0/22 +43.250.176.0/22 +43.250.200.0/22 +43.250.212.0/22 +43.250.216.0/22 +43.250.220.0/22 +43.250.236.0/22 +43.250.244.0/22 +43.251.4.0/22 +43.251.8.0/22 +43.251.12.0/22 +43.251.36.0/22 +43.251.100.0/22 +43.251.116.0/22 +43.251.192.0/22 +43.251.232.0/22 +43.251.236.0/22 +43.251.244.0/22 +43.252.40.0/22 +43.252.48.0/22 +43.252.56.0/22 +43.252.224.0/22 +43.254.0.0/22 +43.254.4.0/22 +43.254.8.0/22 +43.254.24.0/22 +43.254.36.0/22 +43.254.44.0/22 +43.254.52.0/22 +43.254.64.0/22 +43.254.72.0/22 +43.254.84.0/22 +43.254.88.0/22 +43.254.92.0/22 +43.254.100.0/22 +43.254.104.0/22 +43.254.112.0/22 +43.254.116.0/22 +43.254.128.0/22 +43.254.136.0/22 +43.254.140.0/22 +43.254.144.0/22 +43.254.148.0/22 +43.254.152.0/22 +43.254.156.0/22 +43.254.168.0/22 +43.254.172.0/22 +43.254.180.0/22 +43.254.184.0/22 +43.254.188.0/22 +43.254.192.0/22 +43.254.196.0/22 +43.254.200.0/22 +43.254.208.0/22 +43.254.220.0/22 +43.254.224.0/22 +43.254.228.0/22 +43.254.232.0/22 +43.254.236.0/22 +43.254.240.0/22 +43.254.248.0/22 +43.254.252.0/22 +43.255.0.0/22 +43.255.4.0/22 +43.255.8.0/22 +43.255.16.0/22 +43.255.48.0/22 +43.255.64.0/22 +43.255.68.0/22 +43.255.72.0/22 +43.255.76.0/22 +43.255.84.0/22 +43.255.96.0/22 +43.255.108.0/22 +43.255.144.0/22 +43.255.168.0/22 +43.255.176.0/22 +43.255.184.0/22 +43.255.192.0/22 +43.255.200.0/22 +43.255.204.0/22 +43.255.208.0/22 +43.255.212.0/22 +43.255.224.0/22 +43.255.228.0/22 +43.255.232.0/22 +43.255.244.0/22 +45.40.192.0/18 +45.65.16.0/22 +45.65.20.0/22 +45.65.24.0/22 +45.65.28.0/22 +45.112.132.0/22 +45.112.188.0/22 +45.112.208.0/22 +45.112.212.0/22 +45.112.216.0/22 +45.112.220.0/22 +45.112.228.0/22 +45.112.232.0/22 +45.112.236.0/22 +45.113.12.0/22 +45.113.16.0/22 +45.113.20.0/22 +45.113.24.0/22 +45.113.28.0/22 +45.113.40.0/22 +45.113.52.0/22 +45.113.56.0/22 +45.113.72.0/22 +45.113.144.0/22 +45.113.148.0/22 +45.113.168.0/22 +45.113.176.0/22 +45.113.184.0/22 +45.113.200.0/22 +45.113.204.0/22 +45.113.208.0/22 +45.113.212.0/22 +45.113.216.0/22 +45.113.220.0/22 +45.113.240.0/22 +45.113.252.0/22 +45.114.0.0/22 +45.114.12.0/22 +45.114.32.0/22 +45.114.40.0/22 +45.114.52.0/22 +45.114.96.0/22 +45.114.104.0/22 +45.114.108.0/22 +45.114.124.0/22 +45.114.136.0/22 +45.114.196.0/22 +45.114.200.0/22 +45.114.228.0/22 +45.114.252.0/22 +45.115.44.0/22 +45.115.100.0/22 +45.115.120.0/22 +45.115.132.0/22 +45.115.144.0/22 +45.115.156.0/22 +45.115.164.0/22 +45.115.200.0/22 +45.115.212.0/22 +45.115.228.0/22 +45.115.236.0/22 +45.115.244.0/22 +45.115.248.0/22 +45.116.12.0/22 +45.116.16.0/22 +45.116.24.0/22 +45.116.32.0/22 +45.116.36.0/22 +45.116.52.0/22 +45.116.96.0/22 +45.116.100.0/22 +45.116.140.0/22 +45.116.152.0/22 +45.116.208.0/22 +45.117.8.0/22 +45.117.20.0/22 +45.117.68.0/22 +45.117.124.0/22 +45.117.252.0/22 +45.119.52.0/22 +45.119.60.0/22 +45.119.64.0/22 +45.119.68.0/22 +45.119.72.0/22 +45.119.104.0/22 +45.119.116.0/22 +45.119.232.0/22 +45.120.100.0/22 +45.120.140.0/22 +45.120.164.0/22 +45.120.220.0/22 +45.120.240.0/22 +45.121.20.0/22 +45.121.52.0/22 +45.121.64.0/22 +45.121.68.0/22 +45.121.72.0/22 +45.121.92.0/22 +45.121.96.0/22 +45.121.104.0/22 +45.121.172.0/22 +45.121.176.0/22 +45.121.212.0/22 +45.121.240.0/22 +45.121.244.0/22 +45.121.248.0/22 +45.121.252.0/22 +45.122.0.0/22 +45.122.4.0/22 +45.122.8.0/22 +45.122.12.0/22 +45.122.16.0/22 +45.122.20.0/22 +45.122.24.0/22 +45.122.28.0/22 +45.122.32.0/22 +45.122.36.0/22 +45.122.40.0/22 +45.122.60.0/22 +45.122.64.0/22 +45.122.68.0/22 +45.122.72.0/22 +45.122.76.0/22 +45.122.80.0/22 +45.122.84.0/22 +45.122.88.0/22 +45.122.92.0/22 +45.122.96.0/21 +45.122.104.0/22 +45.122.108.0/22 +45.122.112.0/22 +45.122.116.0/22 +45.122.160.0/22 +45.122.164.0/22 +45.122.168.0/22 +45.122.172.0/22 +45.122.176.0/22 +45.122.180.0/22 +45.122.184.0/22 +45.122.188.0/22 +45.122.192.0/22 +45.122.196.0/22 +45.122.200.0/22 +45.122.204.0/22 +45.122.208.0/22 +45.122.212.0/22 +45.122.216.0/22 +45.123.28.0/22 +45.123.32.0/22 +45.123.36.0/22 +45.123.44.0/22 +45.123.48.0/22 +45.123.52.0/22 +45.123.56.0/22 +45.123.60.0/22 +45.123.64.0/22 +45.123.68.0/22 +45.123.72.0/22 +45.123.76.0/22 +45.123.80.0/22 +45.123.84.0/22 +45.123.88.0/22 +45.123.120.0/22 +45.123.128.0/22 +45.123.132.0/22 +45.123.136.0/22 +45.123.148.0/22 +45.123.152.0/22 +45.123.156.0/22 +45.123.164.0/22 +45.123.168.0/22 +45.123.172.0/22 +45.123.176.0/22 +45.123.180.0/22 +45.123.184.0/22 +45.123.204.0/22 +45.123.212.0/22 +45.123.224.0/22 +45.123.228.0/22 +45.123.232.0/22 +45.123.236.0/22 +45.123.240.0/22 +45.123.244.0/22 +45.123.248.0/22 +45.123.252.0/22 +45.124.0.0/22 +45.124.20.0/22 +45.124.28.0/22 +45.124.32.0/22 +45.124.36.0/22 +45.124.44.0/22 +45.124.68.0/22 +45.124.76.0/22 +45.124.80.0/22 +45.124.100.0/22 +45.124.124.0/22 +45.124.172.0/22 +45.124.176.0/22 +45.124.208.0/22 +45.124.248.0/22 +45.124.252.0/22 +45.125.12.0/22 +45.125.16.0/22 +45.125.24.0/22 +45.125.28.0/22 +45.125.32.0/22 +45.125.44.0/22 +45.125.52.0/22 +45.125.56.0/22 +45.125.76.0/22 +45.125.80.0/22 +45.125.84.0/22 +45.125.88.0/22 +45.125.92.0/22 +45.125.96.0/22 +45.125.100.0/22 +45.125.104.0/22 +45.125.136.0/22 +45.126.48.0/22 +45.126.52.0/22 +45.126.100.0/22 +45.126.108.0/22 +45.126.112.0/22 +45.126.116.0/22 +45.126.120.0/22 +45.126.212.0/22 +45.126.220.0/22 +45.127.8.0/22 +45.127.12.0/22 +45.127.96.0/22 +45.127.116.0/22 +45.127.124.0/22 +45.127.128.0/22 +45.127.144.0/22 +45.127.148.0/22 +45.127.156.0/22 +45.127.216.0/22 +45.248.8.0/22 +45.248.80.0/22 +45.248.84.0/22 +45.248.88.0/22 +45.248.96.0/22 +45.248.100.0/22 +45.248.104.0/22 +45.248.108.0/22 +45.248.128.0/22 +45.248.132.0/22 +45.248.204.0/22 +45.248.208.0/22 +45.248.212.0/22 +45.248.216.0/22 +45.248.220.0/22 +45.248.224.0/22 +45.248.228.0/22 +45.248.232.0/22 +45.248.236.0/22 +45.248.240.0/22 +45.248.244.0/22 +45.248.248.0/22 +45.248.252.0/22 +45.249.0.0/22 +45.249.4.0/22 +45.249.12.0/22 +45.249.16.0/22 +45.249.20.0/22 +45.249.24.0/22 +45.249.28.0/22 +45.249.32.0/22 +45.249.36.0/22 +45.249.92.0/22 +45.249.112.0/22 +45.249.180.0/22 +45.249.188.0/22 +45.249.192.0/22 +45.249.196.0/22 +45.249.200.0/22 +45.249.204.0/22 +45.249.208.0/22 +45.249.212.0/22 +45.250.12.0/22 +45.250.16.0/22 +45.250.28.0/22 +45.250.32.0/22 +45.250.36.0/22 +45.250.40.0/22 +45.250.76.0/22 +45.250.80.0/22 +45.250.84.0/22 +45.250.88.0/22 +45.250.92.0/22 +45.250.96.0/22 +45.250.104.0/22 +45.250.108.0/22 +45.250.112.0/22 +45.250.116.0/22 +45.250.120.0/22 +45.250.124.0/22 +45.250.128.0/22 +45.250.132.0/22 +45.250.136.0/22 +45.250.140.0/22 +45.250.144.0/22 +45.250.148.0/22 +45.250.152.0/22 +45.250.164.0/22 +45.250.180.0/22 +45.250.184.0/22 +45.250.188.0/22 +45.250.192.0/22 +45.251.0.0/22 +45.251.8.0/22 +45.251.16.0/22 +45.251.20.0/22 +45.251.52.0/22 +45.251.84.0/22 +45.251.88.0/22 +45.251.92.0/22 +45.251.96.0/22 +45.251.100.0/22 +45.251.120.0/22 +45.251.124.0/22 +45.251.136.0/22 +45.251.140.0/22 +45.251.144.0/22 +45.251.148.0/22 +45.251.152.0/22 +45.251.156.0/22 +45.251.160.0/22 +45.251.164.0/22 +45.251.168.0/22 +45.251.172.0/22 +45.251.176.0/22 +45.251.180.0/22 +45.251.184.0/22 +45.251.188.0/22 +45.251.192.0/22 +45.251.196.0/22 +45.251.200.0/22 +45.251.204.0/22 +45.251.208.0/22 +45.251.212.0/22 +45.251.216.0/22 +45.251.220.0/22 +45.251.224.0/22 +45.251.240.0/22 +45.252.0.0/22 +45.252.4.0/22 +45.252.8.0/22 +45.252.12.0/22 +45.252.16.0/22 +45.252.20.0/22 +45.252.24.0/22 +45.252.28.0/22 +45.252.32.0/22 +45.252.36.0/22 +45.252.40.0/22 +45.252.44.0/22 +45.252.48.0/22 +45.252.60.0/22 +45.252.84.0/22 +45.252.88.0/22 +45.252.92.0/22 +45.252.96.0/22 +45.252.100.0/22 +45.252.104.0/22 +45.252.108.0/22 +45.252.112.0/22 +45.252.116.0/22 +45.252.120.0/22 +45.252.124.0/22 +45.252.128.0/22 +45.252.132.0/22 +45.252.136.0/22 +45.252.140.0/22 +45.252.144.0/22 +45.252.148.0/22 +45.252.152.0/22 +45.252.156.0/22 +45.252.160.0/22 +45.252.164.0/22 +45.252.168.0/22 +45.252.172.0/22 +45.252.176.0/22 +45.252.192.0/22 +45.252.196.0/22 +45.252.200.0/22 +45.252.204.0/22 +45.252.208.0/22 +45.252.212.0/22 +45.252.216.0/22 +45.252.220.0/22 +45.252.224.0/22 +45.252.228.0/22 +45.252.232.0/22 +45.253.0.0/22 +45.253.4.0/22 +45.253.8.0/22 +45.253.12.0/22 +45.253.16.0/22 +45.253.20.0/22 +45.253.24.0/22 +45.253.28.0/22 +45.253.32.0/22 +45.253.36.0/22 +45.253.40.0/22 +45.253.44.0/22 +45.253.48.0/22 +45.253.52.0/22 +45.253.56.0/22 +45.253.60.0/22 +45.253.64.0/22 +45.253.68.0/22 +45.253.72.0/22 +45.253.76.0/22 +45.253.80.0/22 +45.253.84.0/22 +45.253.92.0/22 +45.253.96.0/22 +45.253.100.0/22 +45.253.104.0/22 +45.253.108.0/22 +45.253.112.0/22 +45.253.116.0/22 +45.253.120.0/22 +45.253.132.0/22 +45.253.136.0/22 +45.253.140.0/22 +45.253.144.0/22 +45.253.148.0/22 +45.253.152.0/22 +45.253.156.0/22 +45.253.160.0/22 +45.253.164.0/22 +45.253.168.0/22 +45.253.172.0/22 +45.253.176.0/22 +45.253.180.0/22 +45.253.184.0/22 +45.253.188.0/22 +45.253.192.0/22 +45.253.196.0/22 +45.253.200.0/22 +45.253.204.0/22 +45.253.208.0/22 +45.253.212.0/22 +45.253.216.0/22 +45.253.220.0/22 +45.253.224.0/22 +45.253.228.0/22 +45.253.232.0/22 +45.253.236.0/22 +45.253.240.0/22 +45.253.244.0/22 +45.253.248.0/22 +45.253.252.0/22 +45.254.0.0/22 +45.254.4.0/22 +45.254.8.0/22 +45.254.12.0/22 +45.254.16.0/22 +45.254.20.0/22 +45.254.24.0/22 +45.254.28.0/22 +45.254.40.0/22 +45.254.48.0/22 +45.254.52.0/22 +45.254.56.0/22 +45.254.60.0/22 +45.254.64.0/22 +45.254.68.0/22 +45.254.72.0/22 +45.254.76.0/22 +45.254.80.0/22 +45.254.84.0/22 +45.254.88.0/22 +45.254.92.0/22 +45.254.96.0/22 +45.254.100.0/22 +45.254.104.0/22 +45.254.108.0/22 +45.254.112.0/22 +45.254.116.0/22 +45.254.120.0/22 +45.254.124.0/22 +45.254.128.0/22 +45.254.132.0/22 +45.254.136.0/22 +45.254.140.0/22 +45.254.144.0/22 +45.254.148.0/22 +45.254.152.0/22 +45.254.156.0/22 +45.254.160.0/22 +45.254.164.0/22 +45.254.168.0/22 +45.254.172.0/22 +45.254.176.0/22 +45.254.180.0/22 +45.254.184.0/22 +45.254.188.0/22 +45.254.192.0/22 +45.254.196.0/22 +45.254.200.0/22 +45.254.204.0/22 +45.254.208.0/22 +45.254.212.0/22 +45.254.216.0/22 +45.254.220.0/22 +45.254.224.0/22 +45.254.228.0/22 +45.254.236.0/22 +45.254.240.0/22 +45.254.248.0/22 +45.255.0.0/22 +45.255.4.0/22 +45.255.8.0/22 +45.255.12.0/22 +45.255.16.0/22 +45.255.20.0/22 +45.255.24.0/22 +45.255.28.0/22 +45.255.32.0/22 +45.255.36.0/22 +45.255.40.0/22 +45.255.44.0/22 +45.255.48.0/22 +45.255.52.0/22 +45.255.56.0/22 +45.255.60.0/22 +45.255.64.0/22 +45.255.68.0/22 +45.255.72.0/22 +45.255.76.0/22 +45.255.80.0/22 +45.255.84.0/22 +45.255.88.0/22 +45.255.92.0/22 +45.255.96.0/22 +45.255.100.0/22 +45.255.104.0/22 +45.255.108.0/22 +45.255.112.0/22 +45.255.116.0/22 +45.255.120.0/22 +45.255.124.0/22 +45.255.132.0/22 +45.255.136.0/22 +45.255.140.0/22 +45.255.144.0/22 +45.255.148.0/22 +45.255.152.0/22 +45.255.156.0/22 +45.255.160.0/22 +45.255.164.0/22 +45.255.168.0/22 +45.255.172.0/22 +45.255.176.0/22 +45.255.180.0/22 +45.255.184.0/22 +45.255.188.0/22 +45.255.192.0/22 +45.255.196.0/22 +45.255.200.0/22 +45.255.204.0/22 +45.255.208.0/22 +45.255.212.0/22 +45.255.216.0/22 +45.255.220.0/22 +45.255.224.0/22 +45.255.228.0/22 +45.255.232.0/22 +45.255.236.0/22 +45.255.240.0/22 +45.255.244.0/22 +45.255.248.0/22 +47.92.0.0/14 +47.96.0.0/11 +49.4.0.0/14 +49.51.0.0/16 +49.52.0.0/14 +49.64.0.0/11 +49.112.0.0/13 +49.120.0.0/14 +49.128.0.0/24 +49.128.2.0/23 +49.128.4.0/22 +49.140.0.0/15 +49.152.0.0/14 +49.208.0.0/15 +49.210.0.0/15 +49.220.0.0/14 +49.232.0.0/14 +49.239.0.0/18 +49.239.192.0/18 +49.246.224.0/19 +52.80.0.0/15 +52.82.0.0/15 +52.130.0.0/15 +54.222.0.0/15 +58.14.0.0/15 +58.16.0.0/16 +58.17.0.0/17 +58.17.128.0/17 +58.18.0.0/16 +58.19.0.0/16 +58.20.0.0/16 +58.21.0.0/16 +58.22.0.0/15 +58.24.0.0/15 +58.30.0.0/15 +58.32.0.0/13 +58.40.0.0/15 +58.42.0.0/16 +58.43.0.0/16 +58.44.0.0/14 +58.48.0.0/13 +58.56.0.0/15 +58.58.0.0/16 +58.59.0.0/17 +58.59.128.0/17 +58.60.0.0/14 +58.65.232.0/21 +58.66.0.0/15 +58.68.128.0/17 +58.82.0.0/17 +58.83.0.0/17 +58.83.128.0/17 +58.87.64.0/18 +58.99.128.0/17 +58.100.0.0/15 +58.116.0.0/14 +58.128.0.0/13 +58.144.0.0/16 +58.154.0.0/15 +58.192.0.0/15 +58.194.0.0/15 +58.196.0.0/15 +58.198.0.0/15 +58.200.0.0/13 +58.208.0.0/12 +58.240.0.0/15 +58.242.0.0/15 +58.244.0.0/15 +58.246.0.0/15 +58.248.0.0/13 +59.32.0.0/13 +59.40.0.0/15 +59.42.0.0/16 +59.43.0.0/16 +59.44.0.0/14 +59.48.0.0/16 +59.49.0.0/17 +59.49.128.0/17 +59.50.0.0/16 +59.51.0.0/17 +59.51.128.0/17 +59.52.0.0/14 +59.56.0.0/14 +59.60.0.0/15 +59.62.0.0/15 +59.64.0.0/14 +59.68.0.0/14 +59.72.0.0/15 +59.74.0.0/15 +59.76.0.0/16 +59.77.0.0/16 +59.78.0.0/15 +59.80.0.0/15 +59.82.0.0/15 +59.107.0.0/17 +59.107.128.0/17 +59.108.0.0/15 +59.110.0.0/15 +59.151.0.0/17 +59.152.16.0/22 +59.152.20.0/22 +59.152.24.0/22 +59.152.28.0/22 +59.152.32.0/22 +59.152.36.0/22 +59.152.64.0/22 +59.152.68.0/22 +59.152.72.0/22 +59.152.76.0/22 +59.152.112.0/22 +59.152.116.0/22 +59.153.4.0/22 +59.153.32.0/22 +59.153.60.0/22 +59.153.64.0/22 +59.153.68.0/22 +59.153.72.0/22 +59.153.92.0/22 +59.153.116.0/22 +59.153.136.0/22 +59.153.152.0/22 +59.153.156.0/22 +59.153.164.0/22 +59.153.168.0/22 +59.153.172.0/22 +59.153.176.0/22 +59.153.180.0/22 +59.153.184.0/22 +59.153.188.0/22 +59.153.192.0/22 +59.155.0.0/16 +59.172.0.0/15 +59.174.0.0/15 +59.191.0.0/17 +59.191.240.0/20 +59.192.0.0/10 +60.0.0.0/13 +60.8.0.0/15 +60.10.0.0/16 +60.11.0.0/16 +60.12.0.0/16 +60.13.0.0/18 +60.13.64.0/18 +60.13.128.0/17 +60.14.0.0/15 +60.16.0.0/13 +60.24.0.0/14 +60.28.0.0/15 +60.30.0.0/16 +60.31.0.0/16 +60.55.0.0/16 +60.63.0.0/16 +60.160.0.0/15 +60.162.0.0/15 +60.164.0.0/15 +60.166.0.0/15 +60.168.0.0/13 +60.176.0.0/12 +60.194.0.0/15 +60.200.0.0/14 +60.204.0.0/16 +60.205.0.0/16 +60.206.0.0/15 +60.208.0.0/13 +60.216.0.0/15 +60.218.0.0/15 +60.220.0.0/14 +60.232.0.0/15 +60.235.0.0/16 +60.245.128.0/17 +60.247.0.0/16 +60.252.0.0/16 +60.253.128.0/17 +60.255.0.0/16 +61.4.80.0/22 +61.4.84.0/22 +61.4.88.0/21 +61.4.176.0/20 +61.8.160.0/20 +61.14.212.0/22 +61.14.216.0/22 +61.14.220.0/22 +61.14.240.0/22 +61.14.244.0/22 +61.28.0.0/20 +61.28.16.0/20 +61.28.32.0/19 +61.28.64.0/18 +61.29.128.0/18 +61.29.192.0/19 +61.29.224.0/20 +61.29.240.0/20 +61.45.128.0/18 +61.45.224.0/20 +61.47.128.0/18 +61.48.0.0/14 +61.52.0.0/15 +61.54.0.0/16 +61.55.0.0/16 +61.87.192.0/18 +61.128.0.0/15 +61.130.0.0/15 +61.132.0.0/16 +61.133.0.0/17 +61.133.128.0/17 +61.134.0.0/18 +61.134.64.0/19 +61.134.96.0/19 +61.134.128.0/18 +61.134.192.0/18 +61.135.0.0/16 +61.136.0.0/18 +61.136.64.0/18 +61.136.128.0/17 +61.137.0.0/17 +61.137.128.0/17 +61.138.0.0/18 +61.138.64.0/18 +61.138.128.0/18 +61.138.192.0/18 +61.139.0.0/17 +61.139.128.0/18 +61.139.192.0/18 +61.140.0.0/14 +61.144.0.0/14 +61.148.0.0/15 +61.150.0.0/15 +61.152.0.0/16 +61.153.0.0/16 +61.154.0.0/15 +61.156.0.0/16 +61.157.0.0/16 +61.158.0.0/17 +61.158.128.0/17 +61.159.0.0/18 +61.159.64.0/18 +61.159.128.0/17 +61.160.0.0/16 +61.161.0.0/18 +61.161.64.0/18 +61.161.128.0/17 +61.162.0.0/16 +61.163.0.0/16 +61.164.0.0/16 +61.165.0.0/16 +61.166.0.0/16 +61.167.0.0/16 +61.168.0.0/16 +61.169.0.0/16 +61.170.0.0/15 +61.172.0.0/14 +61.176.0.0/16 +61.177.0.0/16 +61.178.0.0/16 +61.179.0.0/16 +61.180.0.0/17 +61.180.128.0/17 +61.181.0.0/16 +61.182.0.0/16 +61.183.0.0/16 +61.184.0.0/14 +61.188.0.0/16 +61.189.0.0/17 +61.189.128.0/17 +61.190.0.0/15 +61.232.0.0/14 +61.236.0.0/15 +61.240.0.0/14 +62.234.0.0/16 +68.79.0.0/18 +69.230.192.0/18 +69.231.128.0/18 +69.234.192.0/18 +69.235.128.0/18 +71.131.192.0/18 +71.132.0.0/18 +71.136.64.0/18 +71.137.0.0/18 +81.68.0.0/14 +82.156.0.0/15 +94.191.0.0/17 +101.0.0.0/22 +101.1.0.0/22 +101.2.172.0/22 +101.4.0.0/14 +101.16.0.0/12 +101.32.0.0/14 +101.36.0.0/17 +101.36.128.0/17 +101.37.0.0/16 +101.38.0.0/15 +101.40.0.0/13 +101.48.0.0/15 +101.50.8.0/22 +101.50.12.0/22 +101.50.56.0/22 +101.52.0.0/16 +101.53.100.0/22 +101.54.0.0/16 +101.55.224.0/21 +101.64.0.0/13 +101.72.0.0/14 +101.76.0.0/15 +101.78.0.0/22 +101.78.32.0/19 +101.80.0.0/12 +101.96.0.0/21 +101.96.8.0/22 +101.96.16.0/20 +101.96.128.0/17 +101.99.96.0/19 +101.101.64.0/19 +101.101.100.0/24 +101.101.102.0/23 +101.101.104.0/21 +101.101.112.0/20 +101.102.64.0/19 +101.102.100.0/23 +101.102.102.0/24 +101.102.104.0/21 +101.102.112.0/20 +101.104.0.0/14 +101.110.64.0/19 +101.110.96.0/20 +101.110.116.0/22 +101.110.120.0/21 +101.120.0.0/14 +101.124.0.0/15 +101.126.0.0/16 +101.128.0.0/22 +101.128.8.0/21 +101.128.16.0/20 +101.128.32.0/19 +101.129.0.0/16 +101.130.0.0/15 +101.132.0.0/14 +101.144.0.0/12 +101.192.0.0/14 +101.196.0.0/16 +101.197.0.0/16 +101.198.0.0/15 +101.200.0.0/15 +101.203.128.0/19 +101.203.160.0/21 +101.203.172.0/22 +101.203.176.0/20 +101.204.0.0/14 +101.224.0.0/13 +101.232.0.0/15 +101.234.64.0/21 +101.234.76.0/22 +101.234.80.0/20 +101.234.96.0/19 +101.236.0.0/14 +101.240.0.0/14 +101.244.0.0/14 +101.248.0.0/15 +101.251.0.0/22 +101.251.8.0/21 +101.251.16.0/20 +101.251.32.0/19 +101.251.64.0/18 +101.251.128.0/17 +101.252.0.0/15 +101.254.0.0/16 +103.1.8.0/22 +103.1.20.0/22 +103.1.24.0/22 +103.1.72.0/22 +103.1.88.0/22 +103.1.168.0/22 +103.2.108.0/22 +103.2.156.0/22 +103.2.164.0/22 +103.2.200.0/22 +103.2.204.0/22 +103.2.208.0/22 +103.2.212.0/22 +103.3.84.0/22 +103.3.88.0/22 +103.3.92.0/22 +103.3.96.0/22 +103.3.100.0/22 +103.3.104.0/22 +103.3.108.0/22 +103.3.112.0/22 +103.3.116.0/22 +103.3.120.0/22 +103.3.124.0/22 +103.3.128.0/22 +103.3.132.0/22 +103.3.136.0/22 +103.3.140.0/22 +103.3.148.0/22 +103.3.152.0/22 +103.3.156.0/22 +103.4.56.0/22 +103.4.168.0/22 +103.4.184.0/22 +103.4.224.0/22 +103.5.36.0/22 +103.5.52.0/22 +103.5.56.0/22 +103.5.152.0/22 +103.5.168.0/22 +103.5.192.0/22 +103.5.252.0/22 +103.6.76.0/22 +103.6.108.0/22 +103.6.220.0/22 +103.6.228.0/22 +103.7.4.0/22 +103.7.28.0/22 +103.7.140.0/22 +103.7.212.0/22 +103.7.216.0/22 +103.7.220.0/22 +103.8.0.0/22 +103.8.4.0/22 +103.8.8.0/22 +103.8.32.0/22 +103.8.52.0/22 +103.8.68.0/22 +103.8.108.0/22 +103.8.156.0/22 +103.8.200.0/22 +103.8.204.0/22 +103.8.220.0/22 +103.9.8.0/22 +103.9.24.0/22 +103.9.108.0/22 +103.9.152.0/22 +103.9.192.0/22 +103.9.248.0/22 +103.9.252.0/22 +103.10.0.0/22 +103.10.16.0/22 +103.10.84.0/22 +103.10.140.0/22 +103.11.16.0/22 +103.11.168.0/22 +103.11.180.0/22 +103.12.32.0/22 +103.12.68.0/22 +103.12.92.0/22 +103.12.136.0/22 +103.12.184.0/22 +103.12.232.0/22 +103.13.12.0/22 +103.13.72.0/23 +103.13.124.0/22 +103.13.144.0/22 +103.13.196.0/22 +103.13.220.0/22 +103.13.244.0/22 +103.14.32.0/22 +103.14.84.0/22 +103.14.100.0/22 +103.14.132.0/22 +103.14.136.0/22 +103.14.156.0/22 +103.14.240.0/22 +103.15.4.0/22 +103.15.8.0/22 +103.15.16.0/22 +103.15.96.0/22 +103.15.200.0/22 +103.16.52.0/22 +103.16.80.0/22 +103.16.84.0/22 +103.16.88.0/22 +103.16.108.0/22 +103.16.124.0/22 +103.17.40.0/22 +103.17.64.0/22 +103.17.120.0/22 +103.17.136.0/22 +103.17.160.0/22 +103.17.204.0/22 +103.17.228.0/22 +103.18.192.0/22 +103.18.208.0/22 +103.18.212.0/22 +103.18.224.0/22 +103.19.0.0/22 +103.19.12.0/22 +103.19.40.0/22 +103.19.44.0/22 +103.19.64.0/22 +103.19.68.0/22 +103.19.72.0/22 +103.19.232.0/22 +103.20.12.0/22 +103.20.32.0/22 +103.20.44.0/22 +103.20.68.0/22 +103.20.112.0/22 +103.20.128.0/22 +103.20.160.0/22 +103.20.248.0/22 +103.21.112.0/22 +103.21.116.0/22 +103.21.136.0/22 +103.21.140.0/22 +103.21.176.0/22 +103.21.208.0/22 +103.21.240.0/22 +103.22.0.0/22 +103.22.4.0/22 +103.22.8.0/22 +103.22.12.0/22 +103.22.16.0/22 +103.22.20.0/22 +103.22.24.0/22 +103.22.28.0/22 +103.22.32.0/22 +103.22.36.0/22 +103.22.40.0/22 +103.22.44.0/22 +103.22.48.0/22 +103.22.52.0/22 +103.22.56.0/22 +103.22.60.0/22 +103.22.64.0/22 +103.22.68.0/22 +103.22.72.0/22 +103.22.76.0/22 +103.22.80.0/22 +103.22.84.0/22 +103.22.88.0/22 +103.22.92.0/22 +103.22.100.0/22 +103.22.104.0/22 +103.22.108.0/22 +103.22.112.0/22 +103.22.116.0/22 +103.22.120.0/22 +103.22.124.0/22 +103.22.188.0/22 +103.22.228.0/22 +103.22.252.0/22 +103.23.8.0/22 +103.23.56.0/22 +103.23.160.0/22 +103.23.164.0/22 +103.23.176.0/22 +103.23.228.0/22 +103.24.24.0/22 +103.24.116.0/22 +103.24.128.0/22 +103.24.144.0/22 +103.24.176.0/22 +103.24.184.0/22 +103.24.220.0/22 +103.24.228.0/22 +103.24.248.0/22 +103.24.252.0/22 +103.25.8.0/23 +103.25.20.0/22 +103.25.24.0/22 +103.25.28.0/22 +103.25.32.0/22 +103.25.36.0/22 +103.25.40.0/22 +103.25.48.0/22 +103.25.64.0/22 +103.25.68.0/22 +103.25.148.0/22 +103.25.156.0/22 +103.25.216.0/22 +103.26.0.0/22 +103.26.64.0/22 +103.26.76.0/22 +103.26.132.0/22 +103.26.156.0/22 +103.26.160.0/22 +103.26.228.0/22 +103.26.240.0/22 +103.27.4.0/22 +103.27.12.0/22 +103.27.24.0/22 +103.27.56.0/22 +103.27.96.0/22 +103.27.184.0/22 +103.27.208.0/22 +103.27.212.0/22 +103.27.240.0/22 +103.28.4.0/22 +103.28.8.0/22 +103.28.184.0/22 +103.28.204.0/22 +103.28.212.0/22 +103.29.16.0/22 +103.29.128.0/22 +103.29.132.0/22 +103.29.136.0/22 +103.30.20.0/22 +103.30.96.0/22 +103.30.148.0/22 +103.30.200.0/22 +103.30.228.0/22 +103.30.236.0/22 +103.31.0.0/22 +103.31.48.0/22 +103.31.52.0/22 +103.31.56.0/22 +103.31.60.0/22 +103.31.64.0/22 +103.31.68.0/22 +103.31.148.0/22 +103.31.160.0/22 +103.31.168.0/22 +103.31.200.0/22 +103.31.236.0/22 +103.32.0.0/22 +103.32.4.0/22 +103.32.8.0/22 +103.32.12.0/22 +103.32.16.0/22 +103.32.20.0/22 +103.32.24.0/22 +103.32.28.0/22 +103.32.32.0/22 +103.32.36.0/22 +103.32.40.0/22 +103.32.44.0/22 +103.32.48.0/22 +103.32.52.0/22 +103.32.56.0/22 +103.32.60.0/22 +103.32.64.0/22 +103.32.68.0/22 +103.32.72.0/22 +103.32.76.0/22 +103.32.80.0/22 +103.32.84.0/22 +103.32.88.0/22 +103.32.92.0/22 +103.32.96.0/22 +103.32.100.0/22 +103.32.104.0/22 +103.32.108.0/22 +103.32.112.0/22 +103.32.116.0/22 +103.32.120.0/22 +103.32.124.0/22 +103.32.128.0/22 +103.32.132.0/22 +103.32.136.0/22 +103.32.140.0/22 +103.32.144.0/22 +103.32.148.0/22 +103.32.152.0/22 +103.32.156.0/22 +103.32.160.0/22 +103.32.164.0/22 +103.32.168.0/22 +103.32.172.0/22 +103.32.176.0/22 +103.32.180.0/22 +103.32.184.0/22 +103.32.188.0/22 +103.32.192.0/22 +103.32.196.0/22 +103.32.200.0/22 +103.32.204.0/22 +103.32.208.0/22 +103.32.212.0/22 +103.32.216.0/22 +103.32.220.0/22 +103.32.224.0/22 +103.32.228.0/22 +103.32.232.0/22 +103.32.236.0/22 +103.32.240.0/22 +103.32.244.0/22 +103.32.248.0/22 +103.32.252.0/22 +103.33.0.0/22 +103.33.4.0/22 +103.33.8.0/22 +103.33.12.0/22 +103.33.16.0/22 +103.33.20.0/22 +103.33.24.0/22 +103.33.28.0/22 +103.33.32.0/22 +103.33.36.0/22 +103.33.40.0/22 +103.33.44.0/22 +103.33.48.0/22 +103.33.52.0/22 +103.33.56.0/22 +103.33.60.0/22 +103.33.64.0/22 +103.33.68.0/22 +103.33.72.0/22 +103.33.76.0/22 +103.33.80.0/22 +103.33.84.0/22 +103.33.88.0/22 +103.33.92.0/22 +103.33.96.0/22 +103.33.100.0/22 +103.33.104.0/22 +103.33.108.0/22 +103.33.112.0/22 +103.33.116.0/22 +103.33.120.0/22 +103.33.124.0/22 +103.33.128.0/22 +103.33.132.0/22 +103.33.136.0/22 +103.33.140.0/22 +103.33.144.0/22 +103.33.148.0/22 +103.33.152.0/22 +103.33.156.0/22 +103.33.160.0/22 +103.33.164.0/22 +103.33.168.0/22 +103.33.172.0/22 +103.33.176.0/22 +103.33.180.0/22 +103.33.184.0/22 +103.33.188.0/22 +103.33.192.0/22 +103.33.196.0/22 +103.33.200.0/22 +103.33.204.0/22 +103.33.208.0/22 +103.33.212.0/22 +103.33.216.0/22 +103.33.220.0/22 +103.33.224.0/22 +103.33.228.0/22 +103.33.232.0/22 +103.33.236.0/22 +103.33.240.0/22 +103.33.244.0/22 +103.33.248.0/22 +103.33.252.0/22 +103.34.0.0/22 +103.34.4.0/22 +103.34.8.0/22 +103.34.12.0/22 +103.34.16.0/22 +103.34.20.0/22 +103.34.24.0/22 +103.34.28.0/22 +103.34.32.0/22 +103.34.36.0/22 +103.34.40.0/22 +103.34.44.0/22 +103.34.48.0/22 +103.34.52.0/22 +103.34.56.0/22 +103.34.60.0/22 +103.34.64.0/22 +103.34.68.0/22 +103.34.72.0/22 +103.34.76.0/22 +103.34.80.0/22 +103.34.84.0/22 +103.34.88.0/22 +103.34.92.0/22 +103.34.96.0/22 +103.34.100.0/22 +103.34.104.0/22 +103.34.108.0/22 +103.34.112.0/22 +103.34.116.0/22 +103.34.120.0/22 +103.34.124.0/22 +103.34.128.0/22 +103.34.132.0/22 +103.34.136.0/22 +103.34.140.0/22 +103.34.144.0/22 +103.34.148.0/22 +103.34.152.0/22 +103.34.156.0/22 +103.34.160.0/22 +103.34.164.0/22 +103.34.168.0/22 +103.34.172.0/22 +103.34.176.0/22 +103.34.180.0/22 +103.34.184.0/22 +103.34.188.0/22 +103.34.192.0/22 +103.34.196.0/22 +103.34.200.0/22 +103.34.204.0/22 +103.34.208.0/22 +103.34.212.0/22 +103.34.216.0/22 +103.34.220.0/22 +103.34.224.0/22 +103.34.228.0/22 +103.34.232.0/22 +103.34.236.0/22 +103.34.240.0/22 +103.34.244.0/22 +103.34.248.0/22 +103.34.252.0/22 +103.35.0.0/22 +103.35.4.0/22 +103.35.8.0/22 +103.35.12.0/22 +103.35.16.0/22 +103.35.20.0/22 +103.35.24.0/22 +103.35.28.0/22 +103.35.32.0/22 +103.35.36.0/22 +103.35.40.0/22 +103.35.44.0/22 +103.35.48.0/22 +103.35.104.0/22 +103.35.116.0/22 +103.35.180.0/22 +103.35.200.0/22 +103.35.220.0/22 +103.36.20.0/22 +103.36.28.0/22 +103.36.36.0/22 +103.36.56.0/22 +103.36.60.0/22 +103.36.64.0/22 +103.36.72.0/22 +103.36.96.0/22 +103.36.132.0/22 +103.36.136.0/22 +103.36.160.0/22 +103.36.164.0/22 +103.36.168.0/22 +103.36.172.0/22 +103.36.176.0/22 +103.36.180.0/22 +103.36.184.0/22 +103.36.188.0/22 +103.36.192.0/22 +103.36.196.0/22 +103.36.200.0/22 +103.36.204.0/22 +103.36.208.0/22 +103.36.212.0/22 +103.36.216.0/22 +103.36.220.0/22 +103.36.224.0/22 +103.36.228.0/22 +103.36.232.0/22 +103.36.236.0/22 +103.36.240.0/22 +103.36.244.0/22 +103.37.0.0/22 +103.37.12.0/22 +103.37.16.0/22 +103.37.24.0/22 +103.37.44.0/22 +103.37.52.0/22 +103.37.56.0/22 +103.37.72.0/22 +103.37.100.0/22 +103.37.104.0/22 +103.37.124.0/22 +103.37.136.0/22 +103.37.140.0/22 +103.37.144.0/22 +103.37.148.0/22 +103.37.152.0/22 +103.37.156.0/22 +103.37.160.0/22 +103.37.164.0/22 +103.37.172.0/22 +103.37.176.0/22 +103.37.188.0/22 +103.37.208.0/22 +103.37.212.0/22 +103.37.216.0/22 +103.37.220.0/22 +103.37.248.0/22 +103.37.252.0/22 +103.38.0.0/22 +103.38.32.0/22 +103.38.40.0/22 +103.38.44.0/22 +103.38.56.0/22 +103.38.76.0/22 +103.38.84.0/22 +103.38.92.0/22 +103.38.96.0/22 +103.38.116.0/22 +103.38.132.0/22 +103.38.140.0/22 +103.38.224.0/22 +103.38.228.0/22 +103.38.232.0/22 +103.38.252.0/22 +103.39.16.0/22 +103.39.64.0/22 +103.39.88.0/22 +103.39.100.0/22 +103.39.104.0/22 +103.39.108.0/22 +103.39.160.0/22 +103.39.164.0/22 +103.39.168.0/22 +103.39.172.0/22 +103.39.176.0/22 +103.39.180.0/22 +103.39.184.0/22 +103.39.188.0/22 +103.39.200.0/22 +103.39.204.0/22 +103.39.208.0/22 +103.39.212.0/22 +103.39.216.0/22 +103.39.220.0/22 +103.39.224.0/22 +103.39.228.0/22 +103.39.232.0/22 +103.40.12.0/22 +103.40.16.0/22 +103.40.20.0/22 +103.40.24.0/22 +103.40.28.0/22 +103.40.32.0/22 +103.40.36.0/22 +103.40.40.0/22 +103.40.44.0/22 +103.40.88.0/22 +103.40.100.0/22 +103.40.112.0/22 +103.40.192.0/22 +103.40.212.0/22 +103.40.220.0/22 +103.40.228.0/22 +103.40.232.0/22 +103.40.236.0/22 +103.40.240.0/22 +103.40.244.0/22 +103.40.248.0/22 +103.40.252.0/22 +103.41.0.0/22 +103.41.16.0/22 +103.41.52.0/22 +103.41.140.0/22 +103.41.148.0/22 +103.41.152.0/22 +103.41.160.0/22 +103.41.164.0/22 +103.41.220.0/22 +103.41.224.0/22 +103.41.228.0/22 +103.41.232.0/22 +103.42.8.0/22 +103.42.24.0/22 +103.42.28.0/22 +103.42.32.0/22 +103.42.64.0/22 +103.42.68.0/22 +103.42.76.0/22 +103.42.104.0/22 +103.42.180.0/22 +103.42.232.0/22 +103.43.16.0/22 +103.43.84.0/22 +103.43.96.0/22 +103.43.100.0/22 +103.43.104.0/22 +103.43.124.0/22 +103.43.184.0/22 +103.43.192.0/22 +103.43.196.0/22 +103.43.208.0/22 +103.43.220.0/22 +103.43.224.0/22 +103.43.232.0/22 +103.43.240.0/22 +103.44.56.0/22 +103.44.80.0/22 +103.44.88.0/22 +103.44.120.0/22 +103.44.124.0/22 +103.44.132.0/22 +103.44.144.0/22 +103.44.168.0/22 +103.44.176.0/22 +103.44.180.0/22 +103.44.184.0/22 +103.44.188.0/22 +103.44.192.0/22 +103.44.196.0/22 +103.44.200.0/22 +103.44.204.0/22 +103.44.224.0/22 +103.44.236.0/22 +103.44.240.0/22 +103.44.244.0/22 +103.44.248.0/22 +103.44.252.0/22 +103.45.0.0/22 +103.45.4.0/22 +103.45.8.0/22 +103.45.12.0/22 +103.45.16.0/22 +103.45.20.0/22 +103.45.24.0/22 +103.45.28.0/22 +103.45.32.0/22 +103.45.36.0/22 +103.45.40.0/22 +103.45.44.0/22 +103.45.48.0/22 +103.45.52.0/22 +103.45.56.0/22 +103.45.60.0/22 +103.45.72.0/22 +103.45.76.0/22 +103.45.80.0/22 +103.45.84.0/22 +103.45.88.0/22 +103.45.92.0/22 +103.45.96.0/22 +103.45.100.0/22 +103.45.104.0/22 +103.45.108.0/22 +103.45.112.0/22 +103.45.116.0/22 +103.45.120.0/22 +103.45.124.0/22 +103.45.128.0/22 +103.45.132.0/22 +103.45.136.0/22 +103.45.140.0/22 +103.45.144.0/22 +103.45.148.0/22 +103.45.152.0/22 +103.45.156.0/22 +103.45.160.0/22 +103.45.164.0/22 +103.45.168.0/22 +103.45.172.0/22 +103.45.176.0/22 +103.45.180.0/22 +103.45.184.0/22 +103.45.188.0/22 +103.45.192.0/22 +103.45.196.0/22 +103.45.200.0/22 +103.45.204.0/22 +103.45.208.0/22 +103.45.212.0/22 +103.45.216.0/22 +103.45.220.0/22 +103.45.224.0/22 +103.45.248.0/22 +103.46.0.0/22 +103.46.12.0/22 +103.46.16.0/22 +103.46.20.0/22 +103.46.24.0/22 +103.46.28.0/22 +103.46.32.0/22 +103.46.36.0/22 +103.46.40.0/22 +103.46.44.0/22 +103.46.48.0/22 +103.46.52.0/22 +103.46.56.0/22 +103.46.60.0/22 +103.46.64.0/22 +103.46.68.0/22 +103.46.72.0/22 +103.46.76.0/22 +103.46.80.0/22 +103.46.84.0/22 +103.46.88.0/22 +103.46.92.0/22 +103.46.96.0/22 +103.46.100.0/22 +103.46.104.0/22 +103.46.108.0/22 +103.46.112.0/22 +103.46.116.0/22 +103.46.120.0/22 +103.46.124.0/22 +103.46.128.0/22 +103.46.132.0/22 +103.46.136.0/22 +103.46.152.0/22 +103.46.156.0/22 +103.46.160.0/22 +103.46.164.0/22 +103.46.168.0/22 +103.46.172.0/22 +103.46.176.0/22 +103.46.180.0/22 +103.46.244.0/22 +103.46.248.0/22 +103.47.4.0/22 +103.47.20.0/22 +103.47.36.0/22 +103.47.40.0/22 +103.47.48.0/22 +103.47.80.0/22 +103.47.96.0/22 +103.47.108.0/22 +103.47.116.0/22 +103.47.120.0/22 +103.47.136.0/22 +103.47.140.0/22 +103.47.212.0/22 +103.48.20.0/22 +103.48.52.0/22 +103.48.92.0/22 +103.48.144.0/22 +103.48.148.0/22 +103.48.152.0/22 +103.48.156.0/22 +103.48.202.0/23 +103.48.216.0/22 +103.48.220.0/22 +103.48.224.0/22 +103.48.228.0/22 +103.48.232.0/22 +103.48.236.0/22 +103.48.240.0/22 +103.48.244.0/22 +103.49.12.0/22 +103.49.20.0/22 +103.49.72.0/22 +103.49.76.0/22 +103.49.92.0/22 +103.49.96.0/22 +103.49.108.0/22 +103.49.128.0/22 +103.49.176.0/22 +103.49.180.0/22 +103.49.196.0/22 +103.49.248.0/22 +103.50.36.0/22 +103.50.44.0/22 +103.50.48.0/22 +103.50.52.0/22 +103.50.56.0/22 +103.50.60.0/22 +103.50.64.0/22 +103.50.68.0/22 +103.50.72.0/22 +103.50.108.0/22 +103.50.112.0/22 +103.50.116.0/22 +103.50.120.0/22 +103.50.124.0/22 +103.50.132.0/22 +103.50.136.0/22 +103.50.140.0/22 +103.50.172.0/22 +103.50.176.0/22 +103.50.180.0/22 +103.50.184.0/22 +103.50.188.0/22 +103.50.192.0/22 +103.50.196.0/22 +103.50.200.0/22 +103.50.220.0/22 +103.50.224.0/22 +103.50.228.0/22 +103.50.232.0/22 +103.50.236.0/22 +103.50.240.0/22 +103.50.244.0/22 +103.50.248.0/22 +103.52.40.0/22 +103.52.72.0/22 +103.52.76.0/22 +103.52.80.0/22 +103.52.84.0/22 +103.52.96.0/22 +103.52.100.0/22 +103.52.104.0/22 +103.52.160.0/22 +103.52.164.0/22 +103.52.172.0/22 +103.52.176.0/22 +103.52.184.0/22 +103.52.196.0/22 +103.53.4.0/22 +103.53.64.0/22 +103.53.68.0/22 +103.53.92.0/22 +103.53.100.0/22 +103.53.124.0/22 +103.53.128.0/22 +103.53.132.0/22 +103.53.136.0/22 +103.53.140.0/22 +103.53.144.0/22 +103.53.180.0/22 +103.53.204.0/22 +103.53.208.0/22 +103.53.212.0/22 +103.53.216.0/22 +103.53.236.0/22 +103.53.248.0/22 +103.54.8.0/22 +103.54.48.0/22 +103.54.60.0/22 +103.54.160.0/22 +103.54.164.0/22 +103.54.212.0/22 +103.54.240.0/22 +103.55.24.0/22 +103.55.80.0/22 +103.55.120.0/22 +103.55.152.0/22 +103.55.172.0/22 +103.55.204.0/22 +103.55.208.0/22 +103.55.228.0/22 +103.55.236.0/22 +103.56.8.0/22 +103.56.16.0/22 +103.56.20.0/22 +103.56.32.0/22 +103.56.52.0/22 +103.56.56.0/22 +103.56.60.0/22 +103.56.72.0/22 +103.56.76.0/22 +103.56.140.0/22 +103.56.152.0/22 +103.56.184.0/22 +103.56.200.0/22 +103.57.12.0/22 +103.57.52.0/22 +103.57.56.0/22 +103.57.76.0/22 +103.57.136.0/22 +103.57.196.0/22 +103.58.24.0/22 +103.59.76.0/22 +103.59.100.0/22 +103.59.112.0/22 +103.59.116.0/22 +103.59.120.0/22 +103.59.124.0/22 +103.59.128.0/22 +103.59.148.0/22 +103.59.164.0/22 +103.60.32.0/22 +103.60.44.0/22 +103.60.164.0/22 +103.60.228.0/22 +103.60.236.0/22 +103.61.60.0/22 +103.61.104.0/22 +103.61.140.0/22 +103.61.152.0/22 +103.61.156.0/22 +103.61.160.0/22 +103.61.172.0/22 +103.61.176.0/22 +103.61.184.0/22 +103.61.188.0/22 +103.62.24.0/22 +103.62.52.0/22 +103.62.72.0/22 +103.62.76.0/22 +103.62.80.0/22 +103.62.84.0/22 +103.62.88.0/22 +103.62.96.0/22 +103.62.100.0/22 +103.62.104.0/22 +103.62.108.0/22 +103.62.112.0/22 +103.62.116.0/22 +103.62.120.0/22 +103.62.124.0/22 +103.62.128.0/22 +103.62.132.0/22 +103.62.156.0/22 +103.62.160.0/22 +103.62.164.0/22 +103.62.168.0/22 +103.62.172.0/22 +103.62.176.0/22 +103.62.180.0/22 +103.62.184.0/22 +103.62.188.0/22 +103.62.192.0/22 +103.62.204.0/22 +103.62.208.0/22 +103.62.212.0/22 +103.62.216.0/22 +103.62.220.0/22 +103.62.224.0/22 +103.63.32.0/22 +103.63.36.0/22 +103.63.40.0/22 +103.63.44.0/22 +103.63.48.0/22 +103.63.52.0/22 +103.63.56.0/22 +103.63.60.0/22 +103.63.64.0/22 +103.63.68.0/22 +103.63.72.0/22 +103.63.76.0/22 +103.63.80.0/22 +103.63.84.0/22 +103.63.88.0/22 +103.63.140.0/22 +103.63.144.0/22 +103.63.152.0/22 +103.63.160.0/22 +103.63.164.0/22 +103.63.168.0/22 +103.63.172.0/22 +103.63.176.0/22 +103.63.180.0/22 +103.63.184.0/22 +103.63.192.0/22 +103.63.196.0/22 +103.63.200.0/22 +103.63.204.0/22 +103.63.208.0/22 +103.63.240.0/22 +103.63.244.0/22 +103.63.248.0/22 +103.63.252.0/22 +103.64.0.0/22 +103.64.4.0/22 +103.64.24.0/22 +103.64.28.0/22 +103.64.32.0/22 +103.64.36.0/22 +103.64.40.0/22 +103.64.44.0/22 +103.64.48.0/22 +103.64.52.0/22 +103.64.56.0/22 +103.64.60.0/22 +103.64.64.0/22 +103.64.68.0/22 +103.64.72.0/22 +103.64.76.0/22 +103.64.80.0/22 +103.64.84.0/22 +103.64.88.0/22 +103.64.92.0/22 +103.64.96.0/22 +103.64.100.0/22 +103.64.104.0/22 +103.64.108.0/22 +103.64.112.0/22 +103.64.116.0/22 +103.64.120.0/22 +103.64.124.0/22 +103.64.140.0/22 +103.64.144.0/22 +103.64.152.0/22 +103.64.156.0/22 +103.64.160.0/22 +103.64.164.0/22 +103.64.168.0/22 +103.64.172.0/22 +103.64.176.0/22 +103.64.180.0/22 +103.64.184.0/22 +103.64.188.0/22 +103.64.192.0/22 +103.64.196.0/22 +103.64.200.0/22 +103.64.204.0/22 +103.64.208.0/22 +103.64.212.0/22 +103.64.216.0/22 +103.64.220.0/22 +103.64.224.0/22 +103.64.228.0/22 +103.64.232.0/22 +103.64.236.0/22 +103.64.240.0/22 +103.64.244.0/22 +103.64.248.0/22 +103.64.252.0/22 +103.65.0.0/22 +103.65.4.0/22 +103.65.8.0/22 +103.65.12.0/22 +103.65.16.0/22 +103.65.36.0/22 +103.65.40.0/22 +103.65.48.0/22 +103.65.52.0/22 +103.65.56.0/22 +103.65.60.0/22 +103.65.64.0/22 +103.65.68.0/22 +103.65.72.0/22 +103.65.76.0/22 +103.65.80.0/22 +103.65.84.0/22 +103.65.88.0/22 +103.65.92.0/22 +103.65.100.0/22 +103.65.104.0/22 +103.65.108.0/22 +103.65.112.0/22 +103.65.144.0/22 +103.65.148.0/22 +103.65.152.0/22 +103.65.156.0/22 +103.65.160.0/22 +103.65.164.0/22 +103.65.168.0/22 +103.65.172.0/22 +103.66.32.0/22 +103.66.40.0/22 +103.66.92.0/22 +103.66.108.0/22 +103.66.200.0/22 +103.66.216.0/22 +103.66.240.0/22 +103.66.244.0/22 +103.66.248.0/22 +103.66.252.0/22 +103.67.0.0/22 +103.67.4.0/22 +103.67.8.0/22 +103.67.100.0/22 +103.67.104.0/22 +103.67.108.0/22 +103.67.112.0/22 +103.67.116.0/22 +103.67.120.0/22 +103.67.124.0/22 +103.67.128.0/22 +103.67.132.0/22 +103.67.136.0/22 +103.67.140.0/22 +103.67.144.0/22 +103.67.148.0/22 +103.67.172.0/22 +103.67.192.0/22 +103.67.212.0/22 +103.67.252.0/22 +103.68.64.0/22 +103.68.88.0/22 +103.68.100.0/22 +103.68.128.0/22 +103.68.192.0/22 +103.69.16.0/22 +103.69.116.0/22 +103.69.132.0/22 +103.69.152.0/22 +103.69.212.0/22 +103.70.8.0/22 +103.70.148.0/22 +103.70.184.0/22 +103.70.220.0/22 +103.70.224.0/22 +103.70.236.0/22 +103.70.252.0/22 +103.71.0.0/22 +103.71.32.0/22 +103.71.48.0/22 +103.71.68.0/22 +103.71.72.0/22 +103.71.80.0/22 +103.71.84.0/22 +103.71.88.0/22 +103.71.120.0/22 +103.71.124.0/22 +103.71.128.0/22 +103.71.144.0/22 +103.71.196.0/22 +103.71.200.0/22 +103.71.232.0/22 +103.72.12.0/22 +103.72.16.0/22 +103.72.20.0/22 +103.72.24.0/22 +103.72.28.0/22 +103.72.32.0/22 +103.72.36.0/22 +103.72.40.0/22 +103.72.44.0/22 +103.72.48.0/22 +103.72.52.0/22 +103.72.112.0/22 +103.72.116.0/22 +103.72.120.0/22 +103.72.124.0/22 +103.72.128.0/22 +103.72.132.0/22 +103.72.144.0/22 +103.72.148.0/22 +103.72.172.0/22 +103.72.180.0/22 +103.72.224.0/22 +103.72.228.0/22 +103.72.232.0/22 +103.72.236.0/22 +103.72.240.0/22 +103.72.244.0/22 +103.72.248.0/22 +103.72.252.0/22 +103.73.0.0/22 +103.73.4.0/22 +103.73.8.0/22 +103.73.12.0/22 +103.73.16.0/22 +103.73.20.0/22 +103.73.24.0/22 +103.73.28.0/22 +103.73.48.0/22 +103.73.88.0/22 +103.73.96.0/22 +103.73.116.0/22 +103.73.120.0/22 +103.73.128.0/22 +103.73.132.0/22 +103.73.136.0/22 +103.73.140.0/22 +103.73.144.0/22 +103.73.168.0/22 +103.73.176.0/22 +103.73.204.0/22 +103.73.208.0/22 +103.73.240.0/22 +103.73.244.0/22 +103.73.248.0/22 +103.74.24.0/22 +103.74.28.0/22 +103.74.32.0/22 +103.74.36.0/22 +103.74.40.0/22 +103.74.44.0/22 +103.74.48.0/22 +103.74.56.0/22 +103.74.60.0/22 +103.74.80.0/22 +103.74.124.0/22 +103.74.148.0/22 +103.74.152.0/22 +103.74.156.0/22 +103.74.204.0/22 +103.74.232.0/22 +103.75.16.0/22 +103.75.88.0/22 +103.75.92.0/22 +103.75.104.0/22 +103.75.108.0/22 +103.75.112.0/22 +103.75.120.0/22 +103.75.128.0/22 +103.75.144.0/22 +103.75.152.0/22 +103.75.236.0/24 +103.76.60.0/22 +103.76.64.0/22 +103.76.68.0/22 +103.76.72.0/22 +103.76.84.0/22 +103.76.92.0/22 +103.76.104.0/22 +103.76.216.0/22 +103.76.220.0/22 +103.76.224.0/22 +103.77.28.0/22 +103.77.52.0/22 +103.77.56.0/22 +103.77.72.0/22 +103.77.88.0/22 +103.77.92.0/22 +103.77.132.0/22 +103.77.148.0/22 +103.77.220.0/22 +103.78.56.0/22 +103.78.60.0/22 +103.78.64.0/22 +103.78.68.0/22 +103.78.124.0/22 +103.78.172.0/22 +103.78.176.0/22 +103.78.196.0/22 +103.78.228.0/22 +103.79.24.0/22 +103.79.28.0/22 +103.79.36.0/22 +103.79.40.0/22 +103.79.44.0/22 +103.79.52.0/22 +103.79.56.0/22 +103.79.60.0/22 +103.79.64.0/22 +103.79.68.0/22 +103.79.80.0/22 +103.79.84.0/22 +103.79.120.0/22 +103.79.136.0/22 +103.79.188.0/22 +103.79.192.0/22 +103.79.196.0/22 +103.79.200.0/22 +103.79.204.0/22 +103.79.208.0/22 +103.79.212.0/22 +103.79.240.0/22 +103.80.24.0/22 +103.80.28.0/22 +103.80.44.0/22 +103.80.72.0/22 +103.80.176.0/22 +103.80.180.0/22 +103.80.184.0/22 +103.80.192.0/22 +103.80.200.0/22 +103.80.232.0/22 +103.81.4.0/22 +103.81.8.0/22 +103.81.16.0/22 +103.81.20.0/22 +103.81.44.0/22 +103.81.48.0/22 +103.81.96.0/22 +103.81.120.0/22 +103.81.148.0/22 +103.81.164.0/22 +103.81.168.0/22 +103.81.183.0/24 +103.81.184.0/22 +103.81.200.0/22 +103.81.232.0/22 +103.82.52.0/22 +103.82.60.0/22 +103.82.68.0/22 +103.82.84.0/22 +103.82.104.0/22 +103.82.224.0/22 +103.82.236.0/22 +103.83.44.0/22 +103.83.52.0/22 +103.83.60.0/22 +103.83.64.0/22 +103.83.72.0/22 +103.83.112.0/22 +103.83.120.0/22 +103.83.180.0/22 +103.84.0.0/22 +103.84.12.0/22 +103.84.16.0/22 +103.84.20.0/22 +103.84.24.0/22 +103.84.28.0/22 +103.84.48.0/22 +103.84.64.0/22 +103.84.72.0/22 +103.84.92.0/22 +103.84.108.0/22 +103.84.136.0/22 +103.85.20.0/22 +103.85.24.0/22 +103.85.44.0/22 +103.85.48.0/22 +103.85.84.0/22 +103.85.136.0/22 +103.85.144.0/22 +103.85.164.0/22 +103.85.168.0/22 +103.85.172.0/22 +103.85.176.0/22 +103.85.224.0/22 +103.86.28.0/22 +103.86.32.0/22 +103.86.44.0/22 +103.86.60.0/22 +103.86.68.0/22 +103.86.80.0/22 +103.86.84.0/22 +103.86.88.0/22 +103.86.204.0/22 +103.86.208.0/22 +103.86.212.0/22 +103.86.216.0/22 +103.86.220.0/22 +103.86.224.0/22 +103.86.228.0/22 +103.86.232.0/22 +103.86.236.0/22 +103.86.240.0/22 +103.86.244.0/22 +103.86.248.0/22 +103.86.252.0/22 +103.87.0.0/22 +103.87.4.0/22 +103.87.20.0/22 +103.87.32.0/22 +103.87.72.0/22 +103.87.96.0/22 +103.87.132.0/22 +103.87.180.0/22 +103.87.224.0/22 +103.88.4.0/22 +103.88.8.0/22 +103.88.12.0/22 +103.88.16.0/22 +103.88.20.0/22 +103.88.32.0/22 +103.88.36.0/22 +103.88.60.0/22 +103.88.64.0/22 +103.88.72.0/22 +103.88.96.0/22 +103.88.100.0/22 +103.88.164.0/22 +103.88.176.0/22 +103.88.184.0/22 +103.88.188.0/22 +103.88.212.0/22 +103.89.28.0/22 +103.89.96.0/22 +103.89.100.0/22 +103.89.104.0/22 +103.89.108.0/22 +103.89.112.0/22 +103.89.116.0/22 +103.89.148.0/22 +103.89.172.0/22 +103.89.184.0/22 +103.89.188.0/22 +103.89.192.0/22 +103.89.196.0/22 +103.89.200.0/22 +103.89.204.0/22 +103.89.208.0/22 +103.89.212.0/22 +103.89.216.0/22 +103.89.220.0/22 +103.89.224.0/22 +103.89.228.0/22 +103.90.52.0/22 +103.90.92.0/22 +103.90.100.0/22 +103.90.104.0/22 +103.90.108.0/22 +103.90.112.0/22 +103.90.116.0/22 +103.90.120.0/22 +103.90.124.0/22 +103.90.128.0/22 +103.90.132.0/22 +103.90.152.0/22 +103.90.168.0/22 +103.90.173.0/24 +103.90.176.0/22 +103.90.188.0/22 +103.90.192.0/22 +103.91.36.0/22 +103.91.40.0/22 +103.91.108.0/22 +103.91.152.0/22 +103.91.176.0/22 +103.91.200.0/22 +103.91.208.0/22 +103.91.212.0/22 +103.91.219.0/24 +103.91.236.0/22 +103.91.252.0/22 +103.92.0.0/22 +103.92.4.0/22 +103.92.8.0/22 +103.92.12.0/22 +103.92.48.0/22 +103.92.52.0/22 +103.92.56.0/22 +103.92.60.0/22 +103.92.64.0/22 +103.92.68.0/22 +103.92.72.0/22 +103.92.76.0/22 +103.92.80.0/22 +103.92.86.0/24 +103.92.88.0/22 +103.92.108.0/22 +103.92.124.0/22 +103.92.128.0/24 +103.92.132.0/22 +103.92.156.0/22 +103.92.164.0/22 +103.92.168.0/22 +103.92.172.0/22 +103.92.176.0/22 +103.92.180.0/22 +103.92.184.0/22 +103.92.188.0/22 +103.92.192.0/22 +103.92.236.0/22 +103.92.240.0/22 +103.92.244.0/22 +103.92.248.0/22 +103.92.252.0/22 +103.93.0.0/22 +103.93.4.0/22 +103.93.28.0/22 +103.93.76.0/22 +103.93.84.0/22 +103.93.121.0/24 +103.93.152.0/22 +103.93.180.0/22 +103.93.204.0/22 +103.94.12.0/22 +103.94.20.0/22 +103.94.28.0/22 +103.94.32.0/22 +103.94.36.0/22 +103.94.40.0/22 +103.94.44.0/22 +103.94.72.0/22 +103.94.88.0/22 +103.94.116.0/22 +103.94.160.0/22 +103.94.180.0/22 +103.94.200.0/22 +103.95.28.0/22 +103.95.52.0/22 +103.95.64.0/22 +103.95.68.0/22 +103.95.88.0/22 +103.95.92.0/22 +103.95.116.0/22 +103.95.128.0/22 +103.95.136.0/22 +103.95.140.0/22 +103.95.144.0/22 +103.95.152.0/22 +103.95.207.0/24 +103.95.216.0/22 +103.95.220.0/22 +103.95.224.0/22 +103.95.236.0/22 +103.95.240.0/22 +103.95.244.0/22 +103.95.248.0/22 +103.95.252.0/22 +103.96.0.0/22 +103.96.8.0/22 +103.96.80.0/22 +103.96.124.0/22 +103.96.136.0/22 +103.96.140.0/24 +103.96.148.0/22 +103.96.152.0/22 +103.96.156.0/22 +103.96.160.0/22 +103.96.164.0/22 +103.96.168.0/22 +103.96.172.0/22 +103.96.176.0/22 +103.96.180.0/22 +103.96.184.0/22 +103.96.188.0/22 +103.96.192.0/22 +103.96.196.0/22 +103.96.200.0/22 +103.96.204.0/22 +103.96.208.0/22 +103.96.212.0/22 +103.96.216.0/22 +103.97.8.0/22 +103.97.12.0/22 +103.97.16.0/22 +103.97.20.0/22 +103.97.24.0/22 +103.97.28.0/22 +103.97.32.0/22 +103.97.36.0/22 +103.97.40.0/22 +103.97.56.0/22 +103.97.60.0/22 +103.97.64.0/22 +103.97.68.0/22 +103.97.72.0/22 +103.97.80.0/22 +103.97.112.0/22 +103.97.116.0/22 +103.97.128.0/22 +103.97.144.0/22 +103.97.148.0/22 +103.97.188.0/22 +103.97.192.0/22 +103.97.224.0/22 +103.97.228.0/23 +103.98.28.0/23 +103.98.40.0/22 +103.98.44.0/22 +103.98.48.0/22 +103.98.56.0/22 +103.98.80.0/22 +103.98.88.0/22 +103.98.92.0/22 +103.98.96.0/22 +103.98.100.0/22 +103.98.124.0/22 +103.98.136.0/22 +103.98.140.0/22 +103.98.144.0/22 +103.98.164.0/22 +103.98.168.0/22 +103.98.180.0/22 +103.98.196.0/22 +103.98.216.0/22 +103.98.220.0/22 +103.98.224.0/22 +103.98.228.0/22 +103.98.232.0/22 +103.98.240.0/22 +103.98.244.0/22 +103.98.248.0/22 +103.98.252.0/22 +103.99.40.0/23 +103.99.52.0/22 +103.99.56.0/22 +103.99.60.0/22 +103.99.76.0/22 +103.99.104.0/22 +103.99.116.0/22 +103.99.120.0/22 +103.99.152.0/22 +103.99.220.0/22 +103.99.232.0/22 +103.99.236.0/22 +103.100.0.0/22 +103.100.32.0/22 +103.100.40.0/22 +103.100.48.0/22 +103.100.52.0/22 +103.100.56.0/22 +103.100.60.0/22 +103.100.64.0/22 +103.100.68.0/22 +103.100.88.0/22 +103.100.116.0/22 +103.100.140.0/22 +103.100.144.0/22 +103.100.236.0/22 +103.100.240.0/22 +103.100.248.0/22 +103.100.252.0/22 +103.101.4.0/22 +103.101.8.0/22 +103.101.12.0/22 +103.101.28.0/22 +103.101.60.0/22 +103.101.120.0/22 +103.101.124.0/22 +103.101.144.0/22 +103.101.148.0/22 +103.101.153.0/24 +103.101.180.0/22 +103.101.184.0/22 +103.102.76.0/22 +103.102.80.0/22 +103.102.168.0/22 +103.102.172.0/22 +103.102.180.0/22 +103.102.184.0/22 +103.102.188.0/22 +103.102.192.0/22 +103.102.196.0/22 +103.102.200.0/22 +103.102.208.0/22 +103.102.212.0/22 +103.103.12.0/22 +103.103.16.0/22 +103.103.36.0/22 +103.103.68.0/22 +103.103.72.0/22 +103.103.176.0/22 +103.103.188.0/22 +103.103.200.0/22 +103.103.204.0/22 +103.103.220.0/22 +103.103.224.0/22 +103.103.228.0/22 +103.103.232.0/22 +103.103.248.0/22 +103.103.252.0/22 +103.104.0.0/22 +103.104.4.0/22 +103.104.36.0/22 +103.104.40.0/22 +103.104.64.0/22 +103.104.104.0/22 +103.104.152.0/22 +103.104.168.0/22 +103.104.172.0/22 +103.104.188.0/22 +103.104.198.0/23 +103.104.252.0/22 +103.105.0.0/22 +103.105.4.0/22 +103.105.12.0/22 +103.105.16.0/22 +103.105.23.0/24 +103.105.56.0/22 +103.105.60.0/22 +103.105.116.0/22 +103.105.132.0/22 +103.105.180.0/22 +103.105.184.0/22 +103.105.200.0/22 +103.105.204.0/22 +103.105.220.0/22 +103.106.36.0/22 +103.106.40.0/22 +103.106.44.0/22 +103.106.60.0/22 +103.106.68.0/22 +103.106.96.0/22 +103.106.120.0/22 +103.106.128.0/22 +103.106.132.0/22 +103.106.160.0/22 +103.106.188.0/22 +103.106.196.0/22 +103.106.202.0/23 +103.106.212.0/22 +103.106.244.0/22 +103.106.252.0/22 +103.107.0.0/22 +103.107.8.0/24 +103.107.28.0/22 +103.107.32.0/22 +103.107.44.0/22 +103.107.72.0/22 +103.107.108.0/22 +103.107.164.0/22 +103.107.168.0/22 +103.107.188.0/22 +103.107.192.0/22 +103.107.208.0/22 +103.107.212.0/22 +103.107.216.0/22 +103.107.220.0/22 +103.108.52.0/22 +103.108.64.0/22 +103.108.160.0/22 +103.108.164.0/22 +103.108.184.0/23 +103.108.188.0/23 +103.108.192.0/22 +103.108.196.0/22 +103.108.208.0/22 +103.108.212.0/22 +103.108.224.0/22 +103.108.244.0/22 +103.108.251.0/24 +103.109.20.0/22 +103.109.48.0/22 +103.109.88.0/22 +103.109.106.0/23 +103.109.248.0/22 +103.110.32.0/22 +103.110.80.0/23 +103.110.92.0/22 +103.110.100.0/22 +103.110.116.0/22 +103.110.127.0/24 +103.110.128.0/23 +103.110.131.0/24 +103.110.132.0/22 +103.110.136.0/22 +103.110.152.0/22 +103.110.156.0/22 +103.110.188.0/22 +103.110.204.0/22 +103.111.38.0/23 +103.111.64.0/22 +103.111.172.0/22 +103.111.252.0/22 +103.112.28.0/22 +103.112.68.0/22 +103.112.72.0/22 +103.112.88.0/22 +103.112.92.0/22 +103.112.96.0/22 +103.112.108.0/22 +103.112.112.0/22 +103.112.116.0/22 +103.112.140.0/22 +103.112.172.0/22 +103.112.184.0/22 +103.112.208.0/22 +103.113.4.0/22 +103.113.92.0/22 +103.113.144.0/22 +103.113.220.0/22 +103.113.232.0/22 +103.113.236.0/22 +103.114.4.0/22 +103.114.28.0/22 +103.114.68.0/22 +103.114.72.0/22 +103.114.100.0/22 +103.114.132.0/22 +103.114.148.0/22 +103.114.156.0/22 +103.114.176.0/22 +103.114.212.0/22 +103.114.236.0/22 +103.114.240.0/22 +103.115.16.0/22 +103.115.40.0/22 +103.115.44.0/22 +103.115.48.0/22 +103.115.52.0/22 +103.115.56.0/22 +103.115.60.0/22 +103.115.64.0/22 +103.115.68.0/22 +103.115.92.0/22 +103.115.120.0/22 +103.115.148.0/22 +103.115.204.0/23 +103.115.248.0/22 +103.116.20.0/22 +103.116.40.0/22 +103.116.64.0/22 +103.116.72.0/22 +103.116.76.0/22 +103.116.92.0/22 +103.116.120.0/22 +103.116.128.0/22 +103.116.132.0/23 +103.116.148.0/22 +103.116.184.0/22 +103.116.206.0/23 +103.116.220.0/22 +103.116.224.0/22 +103.116.228.0/22 +103.117.16.0/22 +103.117.72.0/22 +103.117.88.0/22 +103.117.132.0/22 +103.117.136.0/22 +103.117.188.0/22 +103.117.220.0/22 +103.118.19.0/24 +103.118.36.0/22 +103.118.52.0/22 +103.118.56.0/22 +103.118.60.0/22 +103.118.64.0/22 +103.118.68.0/22 +103.118.72.0/22 +103.118.88.0/22 +103.118.173.0/24 +103.118.192.0/22 +103.118.196.0/22 +103.118.200.0/22 +103.118.204.0/22 +103.118.208.0/22 +103.118.212.0/22 +103.118.216.0/22 +103.118.220.0/22 +103.118.240.0/22 +103.118.244.0/22 +103.118.248.0/22 +103.118.252.0/22 +103.119.0.0/22 +103.119.12.0/22 +103.119.16.0/22 +103.119.28.0/22 +103.119.44.0/22 +103.119.104.0/22 +103.119.115.0/24 +103.119.156.0/22 +103.119.180.0/22 +103.119.200.0/22 +103.119.224.0/22 +103.120.52.0/22 +103.120.72.0/22 +103.120.76.0/24 +103.120.88.0/22 +103.120.96.0/22 +103.120.100.0/22 +103.120.140.0/22 +103.120.196.0/22 +103.120.224.0/22 +103.121.52.0/22 +103.121.92.0/22 +103.121.160.0/22 +103.121.164.0/22 +103.121.250.0/24 +103.121.252.0/22 +103.122.48.0/22 +103.122.176.0/22 +103.122.192.0/22 +103.122.240.0/22 +103.123.4.0/22 +103.123.56.0/22 +103.123.88.0/22 +103.123.92.0/22 +103.123.116.0/22 +103.123.160.0/22 +103.123.176.0/22 +103.123.200.0/22 +103.123.204.0/22 +103.123.208.0/22 +103.123.212.0/22 +103.129.52.0/22 +103.129.148.0/22 +103.192.0.0/22 +103.192.4.0/22 +103.192.8.0/22 +103.192.12.0/22 +103.192.16.0/22 +103.192.20.0/22 +103.192.24.0/22 +103.192.28.0/22 +103.192.48.0/22 +103.192.52.0/22 +103.192.56.0/22 +103.192.84.0/22 +103.192.88.0/22 +103.192.92.0/22 +103.192.96.0/22 +103.192.100.0/22 +103.192.104.0/22 +103.192.108.0/22 +103.192.112.0/22 +103.192.128.0/22 +103.192.132.0/22 +103.192.136.0/22 +103.192.140.0/22 +103.192.144.0/22 +103.192.164.0/22 +103.192.188.0/22 +103.192.208.0/22 +103.192.212.0/22 +103.192.216.0/22 +103.192.252.0/22 +103.193.40.0/22 +103.193.44.0/22 +103.193.120.0/22 +103.193.124.0/22 +103.193.140.0/22 +103.193.144.0/22 +103.193.148.0/22 +103.193.160.0/22 +103.193.188.0/22 +103.193.192.0/22 +103.193.212.0/22 +103.193.216.0/22 +103.193.220.0/22 +103.193.224.0/22 +103.193.228.0/22 +103.193.232.0/22 +103.193.236.0/22 +103.193.240.0/22 +103.194.16.0/22 +103.195.104.0/22 +103.195.112.0/22 +103.195.136.0/22 +103.195.148.0/22 +103.195.152.0/22 +103.195.160.0/22 +103.195.192.0/22 +103.196.60.0/22 +103.196.64.0/22 +103.196.72.0/22 +103.196.88.0/22 +103.196.92.0/22 +103.196.96.0/22 +103.196.168.0/22 +103.196.204.0/22 +103.197.180.0/22 +103.197.228.0/22 +103.198.20.0/22 +103.198.60.0/22 +103.198.64.0/22 +103.198.72.0/22 +103.198.124.0/22 +103.198.156.0/22 +103.198.180.0/22 +103.198.196.0/22 +103.198.200.0/22 +103.198.216.0/22 +103.198.220.0/22 +103.198.224.0/22 +103.198.228.0/22 +103.198.232.0/22 +103.198.236.0/22 +103.198.240.0/22 +103.198.244.0/22 +103.199.164.0/22 +103.199.196.0/22 +103.199.228.0/22 +103.199.248.0/22 +103.199.252.0/22 +103.200.28.0/22 +103.200.32.0/22 +103.200.52.0/22 +103.200.64.0/22 +103.200.68.0/22 +103.200.136.0/22 +103.200.140.0/22 +103.200.144.0/22 +103.200.148.0/22 +103.200.152.0/22 +103.200.156.0/22 +103.200.160.0/22 +103.200.164.0/22 +103.200.168.0/22 +103.200.172.0/22 +103.200.176.0/22 +103.200.180.0/22 +103.200.184.0/22 +103.200.188.0/22 +103.200.192.0/22 +103.200.220.0/22 +103.200.224.0/22 +103.200.228.0/22 +103.200.232.0/22 +103.200.236.0/22 +103.200.240.0/22 +103.200.244.0/22 +103.200.248.0/22 +103.200.252.0/22 +103.201.0.0/22 +103.201.4.0/22 +103.201.8.0/22 +103.201.12.0/22 +103.201.16.0/22 +103.201.20.0/22 +103.201.28.0/22 +103.201.32.0/22 +103.201.36.0/22 +103.201.40.0/22 +103.201.44.0/22 +103.201.48.0/22 +103.201.52.0/22 +103.201.56.0/22 +103.201.60.0/22 +103.201.64.0/22 +103.201.76.0/22 +103.201.80.0/22 +103.201.84.0/22 +103.201.88.0/22 +103.201.92.0/22 +103.201.96.0/22 +103.201.100.0/22 +103.201.104.0/22 +103.201.108.0/22 +103.201.112.0/22 +103.201.116.0/22 +103.201.120.0/22 +103.201.152.0/22 +103.201.156.0/22 +103.201.160.0/22 +103.201.164.0/22 +103.201.168.0/22 +103.201.172.0/22 +103.201.176.0/22 +103.201.180.0/22 +103.201.184.0/22 +103.201.188.0/22 +103.201.192.0/22 +103.201.196.0/22 +103.201.200.0/22 +103.201.204.0/22 +103.201.208.0/22 +103.201.212.0/22 +103.201.216.0/22 +103.201.220.0/22 +103.201.224.0/22 +103.201.228.0/22 +103.201.232.0/22 +103.201.236.0/22 +103.201.240.0/22 +103.201.244.0/22 +103.201.248.0/22 +103.201.252.0/22 +103.202.0.0/22 +103.202.4.0/22 +103.202.8.0/22 +103.202.12.0/22 +103.202.16.0/22 +103.202.20.0/22 +103.202.24.0/22 +103.202.28.0/22 +103.202.32.0/22 +103.202.36.0/22 +103.202.40.0/22 +103.202.44.0/22 +103.202.56.0/22 +103.202.60.0/22 +103.202.64.0/22 +103.202.68.0/22 +103.202.72.0/22 +103.202.76.0/22 +103.202.80.0/22 +103.202.84.0/22 +103.202.88.0/22 +103.202.92.0/22 +103.202.96.0/22 +103.202.100.0/22 +103.202.104.0/22 +103.202.108.0/22 +103.202.112.0/22 +103.202.116.0/22 +103.202.120.0/22 +103.202.124.0/22 +103.202.128.0/22 +103.202.132.0/22 +103.202.136.0/22 +103.202.140.0/22 +103.202.144.0/22 +103.202.152.0/22 +103.202.156.0/22 +103.202.160.0/22 +103.202.164.0/22 +103.202.168.0/22 +103.202.172.0/22 +103.202.176.0/22 +103.202.180.0/22 +103.202.184.0/22 +103.202.188.0/22 +103.202.192.0/22 +103.202.196.0/22 +103.202.200.0/21 +103.202.212.0/22 +103.202.228.0/22 +103.202.236.0/22 +103.202.240.0/22 +103.202.244.0/22 +103.202.248.0/22 +103.202.252.0/22 +103.203.0.0/22 +103.203.4.0/22 +103.203.8.0/22 +103.203.12.0/22 +103.203.16.0/22 +103.203.20.0/22 +103.203.24.0/22 +103.203.28.0/22 +103.203.32.0/22 +103.203.52.0/22 +103.203.56.0/22 +103.203.96.0/22 +103.203.100.0/22 +103.203.104.0/22 +103.203.108.0/22 +103.203.112.0/22 +103.203.116.0/22 +103.203.120.0/22 +103.203.124.0/22 +103.203.128.0/22 +103.203.140.0/22 +103.203.164.0/22 +103.203.168.0/22 +103.203.192.0/22 +103.203.200.0/22 +103.203.212.0/22 +103.203.216.0/22 +103.204.24.0/22 +103.204.72.0/22 +103.204.88.0/22 +103.204.112.0/22 +103.204.136.0/22 +103.204.140.0/22 +103.204.144.0/22 +103.204.148.0/22 +103.204.152.0/22 +103.204.196.0/22 +103.204.232.0/22 +103.204.236.0/22 +103.205.4.0/22 +103.205.8.0/22 +103.205.40.0/22 +103.205.44.0/22 +103.205.52.0/22 +103.205.108.0/22 +103.205.116.0/22 +103.205.120.0/22 +103.205.136.0/22 +103.205.162.0/24 +103.205.188.0/22 +103.205.192.0/22 +103.205.196.0/22 +103.205.200.0/22 +103.205.236.0/22 +103.205.248.0/22 +103.205.252.0/22 +103.206.0.0/22 +103.206.44.0/22 +103.206.108.0/22 +103.206.148.0/22 +103.207.48.0/22 +103.207.104.0/22 +103.207.164.0/22 +103.207.184.0/22 +103.207.188.0/22 +103.207.192.0/22 +103.207.196.0/22 +103.207.200.0/22 +103.207.204.0/22 +103.207.208.0/22 +103.207.212.0/22 +103.207.220.0/22 +103.207.228.0/22 +103.207.232.0/22 +103.208.12.0/22 +103.208.16.0/22 +103.208.28.0/22 +103.208.40.0/22 +103.208.44.0/22 +103.208.48.0/22 +103.208.148.0/22 +103.209.112.0/22 +103.209.136.0/22 +103.209.200.0/22 +103.209.208.0/22 +103.209.216.0/22 +103.210.0.0/22 +103.210.20.0/22 +103.210.96.0/22 +103.210.156.0/22 +103.210.160.0/22 +103.210.164.0/22 +103.210.168.0/22 +103.210.172.0/22 +103.210.176.0/22 +103.210.180.0/22 +103.210.184.0/22 +103.210.188.0/22 +103.210.216.0/22 +103.211.44.0/22 +103.211.96.0/22 +103.211.100.0/22 +103.211.156.0/22 +103.211.164.0/22 +103.211.192.0/22 +103.211.220.0/22 +103.211.224.0/22 +103.211.248.0/22 +103.212.0.0/22 +103.212.4.0/22 +103.212.8.0/22 +103.212.12.0/22 +103.212.32.0/22 +103.212.44.0/22 +103.212.48.0/22 +103.212.84.0/22 +103.212.100.0/22 +103.212.104.0/22 +103.212.108.0/22 +103.212.148.0/22 +103.212.164.0/22 +103.212.196.0/22 +103.212.200.0/22 +103.212.228.0/22 +103.212.252.0/22 +103.213.40.0/22 +103.213.44.0/22 +103.213.48.0/22 +103.213.52.0/22 +103.213.56.0/22 +103.213.60.0/22 +103.213.64.0/22 +103.213.68.0/22 +103.213.72.0/22 +103.213.76.0/22 +103.213.80.0/22 +103.213.84.0/22 +103.213.88.0/22 +103.213.92.0/22 +103.213.96.0/22 +103.213.132.0/22 +103.213.136.0/22 +103.213.140.0/22 +103.213.144.0/22 +103.213.148.0/22 +103.213.152.0/22 +103.213.156.0/22 +103.213.160.0/22 +103.213.164.0/22 +103.213.168.0/22 +103.213.172.0/22 +103.213.176.0/22 +103.213.180.0/22 +103.213.184.0/22 +103.213.188.0/22 +103.213.248.0/22 +103.214.32.0/22 +103.214.48.0/22 +103.214.84.0/22 +103.214.168.0/22 +103.214.212.0/22 +103.214.240.0/22 +103.214.244.0/22 +103.215.28.0/22 +103.215.32.0/22 +103.215.36.0/22 +103.215.44.0/22 +103.215.48.0/22 +103.215.100.0/22 +103.215.104.0/22 +103.215.108.0/22 +103.215.116.0/22 +103.215.120.0/22 +103.215.140.0/22 +103.215.184.0/22 +103.215.228.0/22 +103.216.4.0/22 +103.216.8.0/22 +103.216.12.0/22 +103.216.16.0/22 +103.216.20.0/22 +103.216.24.0/22 +103.216.28.0/22 +103.216.32.0/22 +103.216.36.0/22 +103.216.40.0/22 +103.216.44.0/22 +103.216.64.0/22 +103.216.108.0/22 +103.216.136.0/22 +103.216.152.0/22 +103.216.224.0/22 +103.216.228.0/22 +103.216.240.0/22 +103.216.244.0/22 +103.216.248.0/22 +103.216.252.0/22 +103.217.0.0/22 +103.217.4.0/22 +103.217.8.0/22 +103.217.12.0/22 +103.217.16.0/22 +103.217.20.0/22 +103.217.24.0/22 +103.217.28.0/22 +103.217.32.0/22 +103.217.36.0/22 +103.217.40.0/22 +103.217.44.0/22 +103.217.48.0/22 +103.217.52.0/22 +103.217.56.0/22 +103.217.60.0/22 +103.217.168.0/22 +103.217.180.0/22 +103.217.184.0/22 +103.217.188.0/22 +103.217.192.0/22 +103.217.196.0/22 +103.217.200.0/22 +103.217.204.0/22 +103.218.0.0/22 +103.218.8.0/22 +103.218.12.0/22 +103.218.16.0/22 +103.218.20.0/22 +103.218.28.0/22 +103.218.32.0/22 +103.218.36.0/22 +103.218.40.0/22 +103.218.44.0/22 +103.218.48.0/22 +103.218.52.0/22 +103.218.56.0/22 +103.218.60.0/22 +103.218.64.0/22 +103.218.68.0/22 +103.218.72.0/22 +103.218.76.0/22 +103.218.80.0/22 +103.218.84.0/22 +103.218.88.0/22 +103.218.92.0/22 +103.218.184.0/22 +103.218.192.0/22 +103.218.196.0/22 +103.218.200.0/22 +103.218.204.0/22 +103.218.208.0/22 +103.218.212.0/22 +103.218.216.0/22 +103.219.24.0/22 +103.219.28.0/22 +103.219.32.0/22 +103.219.36.0/22 +103.219.64.0/22 +103.219.84.0/22 +103.219.88.0/22 +103.219.92.0/22 +103.219.96.0/22 +103.219.100.0/22 +103.219.176.0/22 +103.219.184.0/22 +103.220.48.0/22 +103.220.52.0/22 +103.220.56.0/22 +103.220.60.0/22 +103.220.64.0/22 +103.220.92.0/22 +103.220.96.0/22 +103.220.100.0/22 +103.220.104.0/22 +103.220.108.0/22 +103.220.116.0/22 +103.220.120.0/22 +103.220.124.0/22 +103.220.128.0/22 +103.220.132.0/22 +103.220.136.0/22 +103.220.140.0/22 +103.220.144.0/22 +103.220.148.0/22 +103.220.152.0/22 +103.220.160.0/22 +103.220.164.0/22 +103.220.168.0/22 +103.220.172.0/22 +103.220.176.0/22 +103.220.180.0/22 +103.220.184.0/22 +103.220.188.0/22 +103.220.192.0/22 +103.220.196.0/22 +103.220.200.0/22 +103.220.240.0/22 +103.220.244.0/22 +103.220.248.0/22 +103.220.252.0/22 +103.221.0.0/22 +103.221.4.0/22 +103.221.8.0/22 +103.221.12.0/22 +103.221.16.0/22 +103.221.20.0/22 +103.221.24.0/22 +103.221.28.0/22 +103.221.32.0/22 +103.221.36.0/22 +103.221.40.0/22 +103.221.44.0/22 +103.221.48.0/22 +103.221.88.0/22 +103.221.92.0/22 +103.221.96.0/22 +103.221.100.0/22 +103.221.104.0/22 +103.221.108.0/22 +103.221.112.0/22 +103.221.116.0/22 +103.221.120.0/22 +103.221.124.0/22 +103.221.128.0/22 +103.221.132.0/22 +103.221.136.0/22 +103.221.140.0/22 +103.221.144.0/22 +103.221.148.0/22 +103.221.152.0/22 +103.221.156.0/22 +103.221.160.0/22 +103.221.164.0/22 +103.221.168.0/22 +103.221.172.0/22 +103.221.176.0/22 +103.221.180.0/22 +103.221.184.0/22 +103.221.188.0/22 +103.221.192.0/22 +103.221.196.0/22 +103.221.200.0/22 +103.221.204.0/22 +103.222.0.0/22 +103.222.4.0/22 +103.222.8.0/22 +103.222.12.0/22 +103.222.16.0/22 +103.222.24.0/22 +103.222.28.0/22 +103.222.32.0/22 +103.222.36.0/22 +103.222.40.0/22 +103.222.44.0/22 +103.222.48.0/22 +103.222.52.0/22 +103.222.56.0/22 +103.222.60.0/22 +103.222.64.0/22 +103.222.68.0/22 +103.222.72.0/22 +103.222.76.0/22 +103.222.80.0/22 +103.222.84.0/22 +103.222.88.0/22 +103.222.92.0/22 +103.222.96.0/22 +103.222.100.0/22 +103.222.104.0/22 +103.222.108.0/22 +103.222.112.0/22 +103.222.116.0/22 +103.222.120.0/22 +103.222.124.0/22 +103.222.128.0/22 +103.222.132.0/22 +103.222.136.0/22 +103.222.140.0/22 +103.222.144.0/22 +103.222.148.0/22 +103.222.152.0/22 +103.222.156.0/22 +103.222.160.0/22 +103.222.164.0/22 +103.222.168.0/22 +103.222.172.0/22 +103.222.176.0/22 +103.222.180.0/22 +103.222.184.0/22 +103.222.188.0/22 +103.222.192.0/22 +103.222.196.0/22 +103.222.200.0/22 +103.222.204.0/22 +103.222.208.0/22 +103.222.212.0/22 +103.222.216.0/22 +103.222.220.0/22 +103.222.224.0/22 +103.222.228.0/22 +103.222.232.0/22 +103.222.240.0/22 +103.222.244.0/22 +103.223.16.0/22 +103.223.20.0/22 +103.223.24.0/22 +103.223.28.0/22 +103.223.32.0/22 +103.223.36.0/22 +103.223.40.0/22 +103.223.44.0/22 +103.223.48.0/22 +103.223.52.0/22 +103.223.56.0/22 +103.223.60.0/22 +103.223.64.0/22 +103.223.68.0/22 +103.223.72.0/22 +103.223.76.0/22 +103.223.80.0/22 +103.223.84.0/22 +103.223.88.0/22 +103.223.92.0/22 +103.223.96.0/22 +103.223.100.0/22 +103.223.104.0/22 +103.223.108.0/22 +103.223.112.0/22 +103.223.116.0/22 +103.223.120.0/22 +103.223.124.0/22 +103.223.128.0/22 +103.223.132.0/22 +103.223.140.0/22 +103.223.144.0/22 +103.223.148.0/22 +103.223.152.0/22 +103.223.156.0/22 +103.223.160.0/22 +103.223.164.0/22 +103.223.168.0/22 +103.223.172.0/22 +103.223.176.0/22 +103.223.180.0/22 +103.223.188.0/22 +103.223.192.0/22 +103.223.196.0/22 +103.223.200.0/22 +103.223.204.0/22 +103.223.208.0/22 +103.223.212.0/22 +103.223.216.0/22 +103.223.220.0/22 +103.223.224.0/22 +103.223.228.0/22 +103.223.232.0/22 +103.223.236.0/22 +103.223.240.0/22 +103.223.244.0/22 +103.223.248.0/22 +103.223.252.0/22 +103.224.0.0/22 +103.224.40.0/22 +103.224.44.0/22 +103.224.60.0/22 +103.224.80.0/22 +103.224.220.0/22 +103.224.224.0/22 +103.224.228.0/22 +103.224.232.0/22 +103.225.84.0/22 +103.226.16.0/22 +103.226.40.0/22 +103.226.56.0/22 +103.226.60.0/22 +103.226.80.0/22 +103.226.132.0/22 +103.226.156.0/22 +103.226.180.0/22 +103.226.196.0/22 +103.227.48.0/22 +103.227.72.0/22 +103.227.76.0/22 +103.227.80.0/22 +103.227.100.0/22 +103.227.120.0/22 +103.227.132.0/22 +103.227.136.0/22 +103.227.196.0/22 +103.227.204.0/22 +103.227.212.0/22 +103.227.228.0/22 +103.228.12.0/22 +103.228.28.0/22 +103.228.68.0/22 +103.228.88.0/22 +103.228.128.0/22 +103.228.136.0/22 +103.228.160.0/22 +103.228.176.0/22 +103.228.204.0/22 +103.228.208.0/22 +103.228.228.0/22 +103.228.232.0/22 +103.229.20.0/22 +103.229.60.0/22 +103.229.136.0/22 +103.229.148.0/22 +103.229.172.0/22 +103.229.212.0/22 +103.229.216.0/22 +103.229.220.0/22 +103.229.228.0/22 +103.229.236.0/22 +103.229.240.0/22 +103.230.0.0/22 +103.230.28.0/22 +103.230.44.0/22 +103.230.96.0/22 +103.230.196.0/22 +103.230.200.0/22 +103.230.204.0/22 +103.230.212.0/22 +103.230.236.0/22 +103.231.16.0/22 +103.231.20.0/22 +103.231.64.0/22 +103.231.68.0/22 +103.231.144.0/22 +103.231.180.0/22 +103.231.184.0/22 +103.231.244.0/22 +103.232.4.0/22 +103.232.144.0/22 +103.232.188.0/22 +103.232.212.0/22 +103.233.4.0/22 +103.233.44.0/22 +103.233.52.0/22 +103.233.104.0/22 +103.233.128.0/22 +103.233.136.0/22 +103.233.228.0/22 +103.234.0.0/22 +103.234.20.0/22 +103.234.56.0/22 +103.234.128.0/22 +103.234.172.0/22 +103.234.180.0/22 +103.234.244.0/22 +103.235.16.0/22 +103.235.48.0/22 +103.235.56.0/22 +103.235.60.0/22 +103.235.80.0/22 +103.235.84.0/22 +103.235.128.0/22 +103.235.132.0/22 +103.235.136.0/22 +103.235.140.0/22 +103.235.144.0/22 +103.235.148.0/22 +103.235.184.0/22 +103.235.192.0/22 +103.235.200.0/22 +103.235.220.0/22 +103.235.224.0/22 +103.235.228.0/22 +103.235.232.0/22 +103.235.236.0/22 +103.235.240.0/22 +103.235.244.0/22 +103.235.248.0/22 +103.235.252.0/22 +103.236.0.0/22 +103.236.4.0/22 +103.236.8.0/22 +103.236.12.0/22 +103.236.16.0/22 +103.236.20.0/22 +103.236.24.0/22 +103.236.28.0/22 +103.236.32.0/22 +103.236.36.0/22 +103.236.40.0/22 +103.236.44.0/22 +103.236.48.0/22 +103.236.52.0/22 +103.236.56.0/22 +103.236.60.0/22 +103.236.64.0/22 +103.236.68.0/22 +103.236.72.0/22 +103.236.76.0/22 +103.236.80.0/22 +103.236.84.0/22 +103.236.88.0/22 +103.236.92.0/22 +103.236.96.0/22 +103.236.120.0/22 +103.236.184.0/22 +103.236.220.0/22 +103.236.232.0/22 +103.236.240.0/22 +103.236.244.0/22 +103.236.248.0/22 +103.236.252.0/22 +103.237.0.0/22 +103.237.4.0/22 +103.237.8.0/22 +103.237.12.0/22 +103.237.24.0/22 +103.237.28.0/22 +103.237.68.0/22 +103.237.88.0/22 +103.237.152.0/22 +103.237.176.0/22 +103.237.180.0/22 +103.237.184.0/22 +103.237.188.0/22 +103.237.192.0/22 +103.237.196.0/22 +103.237.200.0/22 +103.237.204.0/22 +103.237.208.0/22 +103.237.212.0/22 +103.237.216.0/22 +103.237.220.0/22 +103.237.224.0/22 +103.237.228.0/22 +103.237.232.0/22 +103.237.236.0/22 +103.237.240.0/22 +103.237.244.0/22 +103.237.248.0/22 +103.237.252.0/22 +103.238.0.0/22 +103.238.4.0/22 +103.238.16.0/22 +103.238.20.0/22 +103.238.24.0/22 +103.238.28.0/22 +103.238.32.0/22 +103.238.36.0/22 +103.238.40.0/22 +103.238.44.0/22 +103.238.48.0/22 +103.238.52.0/22 +103.238.56.0/22 +103.238.88.0/22 +103.238.92.0/22 +103.238.96.0/22 +103.238.132.0/22 +103.238.140.0/22 +103.238.144.0/22 +103.238.160.0/22 +103.238.164.0/22 +103.238.168.0/22 +103.238.172.0/22 +103.238.176.0/22 +103.238.180.0/22 +103.238.184.0/22 +103.238.188.0/22 +103.238.196.0/22 +103.238.204.0/22 +103.238.252.0/22 +103.239.0.0/22 +103.239.44.0/22 +103.239.68.0/22 +103.239.96.0/22 +103.239.152.0/22 +103.239.156.0/22 +103.239.176.0/22 +103.239.180.0/22 +103.239.184.0/22 +103.239.192.0/22 +103.239.196.0/22 +103.239.204.0/22 +103.239.208.0/22 +103.239.224.0/22 +103.239.244.0/22 +103.240.16.0/22 +103.240.36.0/22 +103.240.72.0/22 +103.240.84.0/22 +103.240.124.0/22 +103.240.156.0/22 +103.240.172.0/22 +103.240.188.0/22 +103.240.244.0/22 +103.241.12.0/22 +103.241.72.0/22 +103.241.92.0/22 +103.241.96.0/22 +103.241.160.0/22 +103.241.184.0/22 +103.241.188.0/22 +103.241.220.0/22 +103.242.64.0/22 +103.242.128.0/22 +103.242.132.0/22 +103.242.160.0/22 +103.242.168.0/22 +103.242.172.0/22 +103.242.176.0/22 +103.242.200.0/22 +103.242.212.0/22 +103.242.220.0/22 +103.242.240.0/22 +103.243.136.0/22 +103.243.252.0/22 +103.244.16.0/22 +103.244.58.0/23 +103.244.60.0/22 +103.244.64.0/22 +103.244.68.0/22 +103.244.72.0/22 +103.244.76.0/22 +103.244.80.0/22 +103.244.84.0/22 +103.244.116.0/22 +103.244.164.0/22 +103.244.232.0/22 +103.244.252.0/22 +103.245.23.0/24 +103.245.52.0/22 +103.245.60.0/22 +103.245.80.0/22 +103.245.124.0/22 +103.245.128.0/22 +103.246.8.0/22 +103.246.12.0/22 +103.246.120.0/22 +103.246.124.0/22 +103.246.132.0/22 +103.246.152.0/22 +103.246.156.0/22 +103.247.168.0/22 +103.247.172.0/22 +103.247.176.0/22 +103.247.200.0/22 +103.247.212.0/22 +103.248.0.0/23 +103.248.64.0/22 +103.248.100.0/22 +103.248.124.0/22 +103.248.152.0/22 +103.248.168.0/22 +103.248.192.0/22 +103.248.212.0/22 +103.248.220.0/22 +103.248.224.0/22 +103.249.8.0/22 +103.249.12.0/22 +103.249.52.0/22 +103.249.104.0/22 +103.249.128.0/22 +103.249.136.0/22 +103.249.144.0/22 +103.249.164.0/22 +103.249.168.0/22 +103.249.172.0/22 +103.249.176.0/22 +103.249.188.0/22 +103.249.192.0/22 +103.249.244.0/22 +103.249.252.0/22 +103.250.32.0/22 +103.250.104.0/22 +103.250.124.0/22 +103.250.180.0/22 +103.250.192.0/22 +103.250.216.0/22 +103.250.224.0/22 +103.250.236.0/22 +103.250.248.0/22 +103.250.252.0/22 +103.251.32.0/22 +103.251.36.0/22 +103.251.84.0/22 +103.251.96.0/22 +103.251.124.0/22 +103.251.128.0/22 +103.251.160.0/22 +103.251.192.0/22 +103.251.204.0/22 +103.251.236.0/22 +103.251.240.0/22 +103.252.28.0/22 +103.252.36.0/22 +103.252.64.0/22 +103.252.96.0/22 +103.252.104.0/22 +103.252.172.0/22 +103.252.204.0/22 +103.252.208.0/22 +103.252.232.0/22 +103.252.248.0/22 +103.253.4.0/22 +103.253.60.0/22 +103.253.204.0/22 +103.253.220.0/22 +103.253.224.0/22 +103.253.232.0/22 +103.254.8.0/22 +103.254.20.0/22 +103.254.64.0/22 +103.254.68.0/22 +103.254.72.0/22 +103.254.76.0/22 +103.254.112.0/22 +103.254.176.0/22 +103.254.188.0/22 +103.254.196.0/24 +103.254.220.0/22 +103.255.56.0/22 +103.255.68.0/22 +103.255.88.0/22 +103.255.92.0/22 +103.255.136.0/22 +103.255.140.0/22 +103.255.184.0/22 +103.255.200.0/22 +103.255.212.0/22 +103.255.228.0/22 +106.0.0.0/24 +106.0.2.0/23 +106.0.4.0/22 +106.0.8.0/21 +106.0.16.0/20 +106.0.44.0/22 +106.0.64.0/18 +106.2.0.0/15 +106.4.0.0/14 +106.8.0.0/15 +106.11.0.0/16 +106.12.0.0/14 +106.16.0.0/12 +106.32.0.0/12 +106.48.0.0/15 +106.50.0.0/16 +106.52.0.0/14 +106.56.0.0/13 +106.74.0.0/16 +106.75.0.0/16 +106.80.0.0/12 +106.108.0.0/14 +106.112.0.0/13 +106.120.0.0/13 +106.224.0.0/12 +109.244.0.0/16 +110.6.0.0/15 +110.16.0.0/14 +110.34.40.0/22 +110.34.44.0/22 +110.40.0.0/14 +110.44.12.0/22 +110.44.144.0/20 +110.48.0.0/16 +110.51.0.0/16 +110.52.0.0/15 +110.56.0.0/13 +110.64.0.0/15 +110.72.0.0/15 +110.75.0.0/17 +110.75.128.0/19 +110.75.160.0/19 +110.75.192.0/18 +110.76.0.0/19 +110.76.32.0/19 +110.76.132.0/22 +110.76.156.0/22 +110.76.184.0/22 +110.76.192.0/18 +110.77.0.0/17 +110.80.0.0/13 +110.88.0.0/14 +110.92.68.0/22 +110.93.32.0/19 +110.94.0.0/15 +110.96.0.0/11 +110.152.0.0/14 +110.156.0.0/15 +110.165.32.0/19 +110.166.0.0/15 +110.172.192.0/18 +110.173.0.0/19 +110.173.32.0/20 +110.173.64.0/19 +110.173.96.0/19 +110.173.192.0/19 +110.176.0.0/13 +110.184.0.0/13 +110.192.0.0/11 +110.228.0.0/14 +110.232.32.0/19 +110.236.0.0/15 +110.240.0.0/12 +111.0.0.0/10 +111.66.0.0/16 +111.67.192.0/20 +111.68.64.0/19 +111.72.0.0/13 +111.85.0.0/16 +111.91.192.0/19 +111.92.248.0/22 +111.92.252.0/22 +111.112.0.0/15 +111.114.0.0/15 +111.116.0.0/15 +111.118.200.0/21 +111.119.64.0/18 +111.119.128.0/19 +111.120.0.0/14 +111.124.0.0/16 +111.126.0.0/15 +111.128.0.0/11 +111.160.0.0/13 +111.170.0.0/16 +111.172.0.0/14 +111.176.0.0/13 +111.186.0.0/15 +111.192.0.0/12 +111.208.0.0/14 +111.212.0.0/14 +111.221.28.0/24 +111.221.128.0/17 +111.222.0.0/16 +111.223.4.0/22 +111.223.8.0/22 +111.223.12.0/22 +111.223.16.0/22 +111.223.240.0/22 +111.223.248.0/22 +111.224.0.0/14 +111.228.0.0/14 +111.235.96.0/19 +111.235.156.0/22 +111.235.160.0/19 +112.0.0.0/10 +112.64.0.0/15 +112.66.0.0/15 +112.73.0.0/16 +112.74.0.0/15 +112.80.0.0/13 +112.88.0.0/13 +112.96.0.0/15 +112.98.0.0/15 +112.100.0.0/14 +112.109.128.0/17 +112.111.0.0/16 +112.112.0.0/14 +112.116.0.0/15 +112.122.0.0/15 +112.124.0.0/14 +112.128.0.0/14 +112.132.0.0/16 +112.137.48.0/21 +112.192.0.0/14 +112.224.0.0/11 +113.0.0.0/13 +113.8.0.0/15 +113.11.192.0/19 +113.12.0.0/14 +113.16.0.0/15 +113.18.0.0/16 +113.21.232.0/22 +113.21.236.0/22 +113.24.0.0/14 +113.31.0.0/16 +113.44.0.0/14 +113.48.0.0/14 +113.52.160.0/19 +113.52.228.0/22 +113.54.0.0/15 +113.56.0.0/15 +113.58.0.0/16 +113.59.0.0/17 +113.59.224.0/22 +113.62.0.0/15 +113.64.0.0/11 +113.96.0.0/12 +113.112.0.0/13 +113.120.0.0/13 +113.128.0.0/15 +113.130.96.0/20 +113.130.112.0/21 +113.132.0.0/14 +113.136.0.0/13 +113.194.0.0/15 +113.197.100.0/22 +113.200.0.0/15 +113.202.0.0/16 +113.204.0.0/14 +113.208.96.0/19 +113.208.128.0/17 +113.209.0.0/16 +113.212.0.0/18 +113.212.100.0/22 +113.212.184.0/21 +113.213.0.0/17 +113.214.0.0/15 +113.218.0.0/15 +113.220.0.0/14 +113.224.0.0/12 +113.240.0.0/13 +113.248.0.0/14 +114.28.0.0/16 +114.31.64.0/22 +114.31.68.0/22 +114.54.0.0/15 +114.60.0.0/14 +114.64.0.0/14 +114.68.0.0/16 +114.79.64.0/18 +114.80.0.0/12 +114.96.0.0/13 +114.104.0.0/14 +114.110.0.0/20 +114.110.64.0/18 +114.111.0.0/19 +114.111.160.0/19 +114.112.0.0/14 +114.116.0.0/16 +114.117.0.0/16 +114.118.0.0/16 +114.119.0.0/17 +114.119.128.0/18 +114.119.192.0/21 +114.119.200.0/22 +114.119.204.0/22 +114.119.208.0/20 +114.119.224.0/19 +114.132.0.0/16 +114.135.0.0/16 +114.138.0.0/15 +114.141.64.0/21 +114.141.80.0/22 +114.141.84.0/22 +114.141.128.0/18 +114.196.0.0/15 +114.198.248.0/21 +114.208.0.0/14 +114.212.0.0/15 +114.214.0.0/16 +114.215.0.0/16 +114.216.0.0/13 +114.224.0.0/12 +114.240.0.0/12 +115.24.0.0/14 +115.28.0.0/15 +115.31.64.0/22 +115.31.68.0/22 +115.31.72.0/22 +115.31.76.0/22 +115.32.0.0/14 +115.42.56.0/22 +115.44.0.0/15 +115.46.0.0/16 +115.47.0.0/16 +115.48.0.0/12 +115.69.64.0/20 +115.84.0.0/18 +115.84.192.0/19 +115.85.192.0/18 +115.100.0.0/14 +115.104.0.0/14 +115.120.0.0/14 +115.124.16.0/20 +115.148.0.0/14 +115.152.0.0/15 +115.154.0.0/15 +115.156.0.0/15 +115.158.0.0/16 +115.159.0.0/16 +115.166.64.0/19 +115.168.0.0/14 +115.172.0.0/14 +115.180.0.0/15 +115.182.0.0/16 +115.183.0.0/16 +115.187.0.0/22 +115.187.4.0/22 +115.187.8.0/22 +115.187.12.0/22 +115.190.0.0/15 +115.192.0.0/11 +115.224.0.0/12 +116.0.8.0/21 +116.0.24.0/21 +116.1.0.0/16 +116.2.0.0/15 +116.4.0.0/14 +116.8.0.0/14 +116.13.0.0/16 +116.16.0.0/12 +116.50.0.0/20 +116.52.0.0/14 +116.56.0.0/15 +116.58.128.0/20 +116.58.208.0/20 +116.60.0.0/14 +116.66.0.0/17 +116.66.176.0/22 +116.68.136.0/22 +116.68.140.0/22 +116.68.176.0/22 +116.68.180.0/22 +116.69.0.0/16 +116.70.0.0/17 +116.76.0.0/15 +116.78.0.0/15 +116.85.0.0/16 +116.89.144.0/20 +116.89.240.0/22 +116.90.80.0/20 +116.90.184.0/21 +116.95.0.0/16 +116.112.0.0/14 +116.116.0.0/15 +116.128.0.0/10 +116.192.0.0/16 +116.193.16.0/20 +116.193.32.0/19 +116.193.152.0/22 +116.193.164.0/22 +116.193.176.0/21 +116.194.0.0/15 +116.196.0.0/16 +116.197.160.0/22 +116.197.164.0/22 +116.198.0.0/16 +116.199.0.0/17 +116.199.128.0/19 +116.204.0.0/17 +116.204.132.0/22 +116.205.0.0/16 +116.206.92.0/22 +116.206.100.0/22 +116.206.176.0/22 +116.207.0.0/16 +116.208.0.0/14 +116.212.160.0/20 +116.213.44.0/22 +116.213.64.0/18 +116.213.128.0/17 +116.214.32.0/19 +116.214.64.0/20 +116.214.128.0/17 +116.215.0.0/16 +116.216.0.0/14 +116.224.0.0/12 +116.242.0.0/15 +116.244.0.0/15 +116.246.0.0/15 +116.248.0.0/15 +116.251.64.0/18 +116.252.0.0/15 +116.254.104.0/22 +116.254.108.0/22 +116.254.128.0/17 +116.255.128.0/17 +117.8.0.0/13 +117.21.0.0/16 +117.22.0.0/15 +117.24.0.0/13 +117.32.0.0/13 +117.40.0.0/14 +117.44.0.0/15 +117.48.0.0/14 +117.53.48.0/20 +117.53.176.0/20 +117.57.0.0/16 +117.58.0.0/17 +117.59.0.0/16 +117.60.0.0/14 +117.64.0.0/13 +117.72.0.0/15 +117.74.64.0/20 +117.74.80.0/20 +117.74.128.0/17 +117.75.0.0/16 +117.76.0.0/14 +117.80.0.0/12 +117.100.0.0/15 +117.103.16.0/20 +117.103.40.0/21 +117.103.72.0/21 +117.103.128.0/20 +117.104.168.0/21 +117.106.0.0/15 +117.112.0.0/13 +117.120.64.0/18 +117.120.128.0/17 +117.121.0.0/17 +117.121.128.0/18 +117.121.192.0/21 +117.122.128.0/17 +117.124.0.0/14 +117.128.0.0/10 +118.24.0.0/15 +118.26.0.0/19 +118.26.32.0/20 +118.26.48.0/21 +118.26.56.0/21 +118.26.64.0/18 +118.26.128.0/17 +118.28.0.0/15 +118.30.0.0/16 +118.31.0.0/16 +118.64.0.0/15 +118.66.0.0/16 +118.67.112.0/20 +118.72.0.0/13 +118.80.0.0/15 +118.84.0.0/15 +118.88.32.0/19 +118.88.64.0/18 +118.88.128.0/17 +118.89.0.0/16 +118.91.240.0/20 +118.102.16.0/20 +118.102.32.0/21 +118.103.164.0/22 +118.103.168.0/22 +118.103.172.0/22 +118.103.176.0/22 +118.107.180.0/22 +118.112.0.0/13 +118.120.0.0/14 +118.124.0.0/15 +118.126.0.0/16 +118.127.128.0/19 +118.132.0.0/14 +118.144.0.0/14 +118.178.0.0/16 +118.180.0.0/14 +118.184.0.0/17 +118.184.128.0/17 +118.186.0.0/15 +118.188.0.0/16 +118.190.0.0/16 +118.191.0.0/16 +118.192.0.0/16 +118.193.0.0/20 +118.193.32.0/19 +118.193.64.0/20 +118.193.96.0/19 +118.193.128.0/17 +118.194.0.0/17 +118.194.128.0/17 +118.195.0.0/17 +118.195.128.0/17 +118.196.0.0/14 +118.202.0.0/15 +118.204.0.0/14 +118.212.0.0/16 +118.213.0.0/16 +118.215.192.0/18 +118.224.0.0/14 +118.228.0.0/15 +118.230.0.0/16 +118.239.0.0/16 +118.242.0.0/16 +118.244.0.0/14 +118.248.0.0/13 +119.0.0.0/15 +119.2.0.0/19 +119.2.128.0/17 +119.3.0.0/16 +119.4.0.0/14 +119.8.0.0/16 +119.10.0.0/17 +119.15.136.0/21 +119.16.0.0/16 +119.18.192.0/20 +119.18.208.0/21 +119.18.224.0/20 +119.18.240.0/20 +119.19.0.0/16 +119.20.0.0/14 +119.27.64.0/18 +119.27.128.0/19 +119.27.160.0/19 +119.27.192.0/18 +119.28.0.0/15 +119.30.48.0/20 +119.31.192.0/19 +119.32.0.0/14 +119.36.0.0/16 +119.37.0.0/17 +119.37.128.0/18 +119.37.192.0/18 +119.38.0.0/17 +119.38.128.0/18 +119.38.192.0/20 +119.38.208.0/20 +119.38.224.0/19 +119.39.0.0/16 +119.40.0.0/18 +119.40.64.0/20 +119.40.128.0/17 +119.41.0.0/16 +119.42.0.0/19 +119.42.52.0/22 +119.42.128.0/21 +119.42.136.0/21 +119.42.224.0/19 +119.44.0.0/15 +119.48.0.0/13 +119.57.0.0/16 +119.58.0.0/16 +119.59.128.0/17 +119.60.0.0/16 +119.61.0.0/16 +119.62.0.0/16 +119.63.32.0/19 +119.75.208.0/20 +119.78.0.0/15 +119.80.0.0/16 +119.82.208.0/20 +119.84.0.0/14 +119.88.0.0/14 +119.96.0.0/13 +119.108.0.0/15 +119.112.0.0/13 +119.120.0.0/13 +119.128.0.0/12 +119.144.0.0/14 +119.148.160.0/20 +119.148.176.0/20 +119.151.192.0/18 +119.160.200.0/21 +119.161.120.0/22 +119.161.124.0/22 +119.161.128.0/17 +119.162.0.0/15 +119.164.0.0/14 +119.176.0.0/12 +119.232.0.0/15 +119.235.128.0/18 +119.248.0.0/14 +119.252.96.0/21 +119.252.240.0/20 +119.253.0.0/16 +119.254.0.0/15 +120.0.0.0/12 +120.24.0.0/14 +120.30.0.0/16 +120.31.0.0/16 +120.32.0.0/13 +120.40.0.0/14 +120.44.0.0/14 +120.48.0.0/15 +120.52.0.0/16 +120.53.0.0/16 +120.54.0.0/15 +120.64.0.0/14 +120.68.0.0/14 +120.72.32.0/19 +120.72.128.0/17 +120.76.0.0/14 +120.80.0.0/13 +120.88.8.0/21 +120.90.0.0/15 +120.92.0.0/16 +120.94.0.0/16 +120.95.0.0/16 +120.128.0.0/14 +120.132.0.0/17 +120.132.128.0/17 +120.133.0.0/16 +120.134.0.0/15 +120.136.16.0/22 +120.136.20.0/22 +120.136.128.0/18 +120.137.0.0/17 +120.143.128.0/19 +120.192.0.0/10 +121.0.8.0/21 +121.0.16.0/20 +121.4.0.0/15 +121.8.0.0/13 +121.16.0.0/13 +121.24.0.0/14 +121.28.0.0/15 +121.30.0.0/16 +121.31.0.0/16 +121.32.0.0/14 +121.36.0.0/16 +121.37.0.0/16 +121.38.0.0/15 +121.40.0.0/14 +121.46.0.0/18 +121.46.76.0/22 +121.46.128.0/17 +121.47.0.0/16 +121.48.0.0/15 +121.50.8.0/21 +121.51.0.0/16 +121.52.160.0/19 +121.52.208.0/20 +121.52.224.0/19 +121.54.176.0/21 +121.54.188.0/22 +121.55.0.0/18 +121.56.0.0/15 +121.58.0.0/17 +121.58.136.0/21 +121.58.144.0/20 +121.58.160.0/21 +121.59.0.0/16 +121.60.0.0/14 +121.68.0.0/14 +121.76.0.0/15 +121.79.128.0/18 +121.89.0.0/16 +121.100.128.0/17 +121.101.0.0/18 +121.101.208.0/20 +121.192.0.0/16 +121.193.0.0/16 +121.194.0.0/15 +121.196.0.0/14 +121.200.192.0/21 +121.201.0.0/16 +121.204.0.0/14 +121.224.0.0/12 +121.248.0.0/14 +121.255.0.0/16 +122.0.64.0/18 +122.0.128.0/17 +122.4.0.0/14 +122.8.0.0/16 +122.9.0.0/16 +122.10.128.0/22 +122.10.132.0/23 +122.10.134.0/23 +122.10.136.0/23 +122.10.138.0/23 +122.10.140.0/22 +122.10.144.0/20 +122.10.160.0/19 +122.10.192.0/18 +122.11.0.0/17 +122.12.0.0/16 +122.13.0.0/16 +122.14.0.0/17 +122.14.128.0/18 +122.14.192.0/18 +122.48.0.0/16 +122.49.0.0/18 +122.51.0.0/16 +122.64.0.0/11 +122.96.0.0/15 +122.102.0.0/20 +122.102.64.0/20 +122.102.80.0/20 +122.112.0.0/18 +122.112.64.0/18 +122.112.128.0/17 +122.113.0.0/16 +122.114.0.0/16 +122.115.0.0/17 +122.115.128.0/19 +122.115.160.0/19 +122.115.192.0/19 +122.115.224.0/19 +122.119.0.0/16 +122.128.100.0/22 +122.128.120.0/21 +122.136.0.0/13 +122.144.128.0/17 +122.152.192.0/18 +122.156.0.0/14 +122.188.0.0/14 +122.192.0.0/14 +122.198.0.0/16 +122.200.40.0/22 +122.200.44.0/22 +122.200.64.0/18 +122.201.48.0/20 +122.204.0.0/14 +122.224.0.0/12 +122.240.0.0/13 +122.248.24.0/21 +122.248.48.0/20 +122.255.64.0/21 +123.0.128.0/18 +123.4.0.0/14 +123.8.0.0/13 +123.49.128.0/17 +123.50.160.0/19 +123.52.0.0/14 +123.56.0.0/15 +123.58.0.0/20 +123.58.16.0/20 +123.58.32.0/19 +123.58.64.0/19 +123.58.96.0/19 +123.58.128.0/18 +123.58.192.0/19 +123.58.224.0/20 +123.58.240.0/20 +123.59.0.0/16 +123.60.0.0/16 +123.61.0.0/16 +123.62.0.0/16 +123.64.0.0/11 +123.96.0.0/15 +123.98.0.0/17 +123.99.128.0/17 +123.100.0.0/19 +123.101.0.0/16 +123.103.0.0/17 +123.108.128.0/20 +123.108.208.0/20 +123.112.0.0/12 +123.128.0.0/13 +123.136.80.0/20 +123.137.0.0/16 +123.138.0.0/15 +123.144.0.0/14 +123.148.0.0/16 +123.149.0.0/16 +123.150.0.0/15 +123.152.0.0/13 +123.160.0.0/14 +123.164.0.0/14 +123.168.0.0/14 +123.172.0.0/15 +123.174.0.0/15 +123.176.60.0/22 +123.176.80.0/20 +123.177.0.0/16 +123.178.0.0/15 +123.180.0.0/14 +123.184.0.0/14 +123.188.0.0/14 +123.196.0.0/15 +123.199.128.0/17 +123.206.0.0/15 +123.232.0.0/14 +123.242.0.0/17 +123.242.192.0/22 +123.242.196.0/22 +123.244.0.0/14 +123.249.0.0/16 +123.254.96.0/22 +123.254.100.0/22 +124.6.64.0/18 +124.14.0.0/15 +124.16.0.0/15 +124.20.0.0/16 +124.21.0.0/20 +124.21.16.0/20 +124.21.32.0/19 +124.21.64.0/18 +124.21.128.0/17 +124.22.0.0/15 +124.28.192.0/18 +124.29.0.0/17 +124.31.0.0/16 +124.40.112.0/20 +124.40.128.0/18 +124.40.192.0/19 +124.40.240.0/22 +124.42.0.0/17 +124.42.128.0/17 +124.47.0.0/18 +124.64.0.0/15 +124.66.0.0/17 +124.67.0.0/16 +124.68.0.0/14 +124.72.0.0/16 +124.73.0.0/16 +124.74.0.0/15 +124.76.0.0/14 +124.88.0.0/16 +124.89.0.0/17 +124.89.128.0/17 +124.90.0.0/15 +124.92.0.0/14 +124.108.8.0/21 +124.108.40.0/21 +124.109.96.0/21 +124.112.0.0/15 +124.114.0.0/15 +124.116.0.0/16 +124.117.0.0/16 +124.118.0.0/15 +124.126.0.0/15 +124.128.0.0/13 +124.147.128.0/17 +124.150.137.0/24 +124.151.0.0/16 +124.152.0.0/16 +124.160.0.0/16 +124.161.0.0/16 +124.162.0.0/16 +124.163.0.0/16 +124.164.0.0/14 +124.172.0.0/15 +124.174.0.0/15 +124.192.0.0/15 +124.196.0.0/16 +124.200.0.0/13 +124.220.0.0/14 +124.224.0.0/16 +124.225.0.0/16 +124.226.0.0/15 +124.228.0.0/14 +124.232.0.0/15 +124.234.0.0/15 +124.236.0.0/14 +124.240.0.0/17 +124.240.128.0/18 +124.242.0.0/16 +124.243.192.0/18 +124.248.0.0/17 +124.249.0.0/16 +124.250.0.0/15 +124.254.0.0/18 +125.31.192.0/18 +125.32.0.0/16 +125.33.0.0/16 +125.34.0.0/16 +125.35.0.0/17 +125.35.128.0/17 +125.36.0.0/14 +125.40.0.0/13 +125.58.128.0/17 +125.61.128.0/17 +125.62.0.0/18 +125.64.0.0/13 +125.72.0.0/16 +125.73.0.0/16 +125.74.0.0/15 +125.76.0.0/17 +125.76.128.0/17 +125.77.0.0/16 +125.78.0.0/15 +125.80.0.0/13 +125.88.0.0/13 +125.96.0.0/15 +125.98.0.0/16 +125.104.0.0/13 +125.112.0.0/12 +125.169.0.0/16 +125.171.0.0/16 +125.208.0.0/18 +125.210.0.0/16 +125.211.0.0/16 +125.213.0.0/17 +125.214.96.0/19 +125.215.0.0/18 +125.216.0.0/15 +125.218.0.0/16 +125.219.0.0/16 +125.220.0.0/15 +125.222.0.0/15 +125.254.128.0/18 +125.254.192.0/18 +128.108.0.0/16 +129.28.0.0/16 +129.204.0.0/16 +129.211.0.0/16 +132.232.0.0/16 +134.175.0.0/16 +137.59.59.0/24 +137.59.88.0/22 +139.5.56.0/22 +139.5.60.0/22 +139.5.80.0/22 +139.5.92.0/22 +139.5.108.0/22 +139.5.128.0/22 +139.5.160.0/22 +139.5.192.0/22 +139.5.204.0/22 +139.5.208.0/22 +139.5.212.0/22 +139.5.244.0/22 +139.9.0.0/16 +139.129.0.0/16 +139.148.0.0/16 +139.155.0.0/16 +139.159.0.0/16 +139.170.0.0/16 +139.176.0.0/16 +139.183.0.0/16 +139.186.0.0/16 +139.189.0.0/16 +139.196.0.0/14 +139.200.0.0/13 +139.208.0.0/13 +139.217.0.0/16 +139.219.0.0/16 +139.220.0.0/15 +139.224.0.0/16 +139.226.0.0/15 +140.75.0.0/16 +140.143.0.0/16 +140.179.0.0/16 +140.205.0.0/16 +140.206.0.0/15 +140.210.0.0/16 +140.224.0.0/16 +140.237.0.0/16 +140.240.0.0/16 +140.243.0.0/16 +140.246.0.0/16 +140.249.0.0/16 +140.250.0.0/16 +140.255.0.0/16 +144.0.0.0/16 +144.7.0.0/16 +144.12.0.0/16 +144.48.8.0/22 +144.48.64.0/22 +144.48.88.0/22 +144.48.156.0/22 +144.48.180.0/22 +144.48.184.0/22 +144.48.204.0/22 +144.48.208.0/22 +144.48.212.0/22 +144.48.220.0/22 +144.48.252.0/22 +144.52.0.0/16 +144.123.0.0/16 +144.255.0.0/16 +146.56.192.0/18 +146.196.56.0/22 +146.196.68.0/22 +146.196.72.0/22 +146.196.92.0/22 +146.196.112.0/22 +146.196.116.0/22 +146.196.124.0/22 +148.70.0.0/16 +150.0.0.0/16 +150.115.0.0/16 +150.121.0.0/16 +150.122.0.0/16 +150.129.136.0/22 +150.129.192.0/22 +150.129.216.0/22 +150.129.252.0/22 +150.138.0.0/15 +150.158.0.0/16 +150.223.0.0/16 +150.242.0.0/22 +150.242.4.0/22 +150.242.8.0/22 +150.242.28.0/22 +150.242.44.0/22 +150.242.48.0/22 +150.242.52.0/22 +150.242.56.0/22 +150.242.76.0/22 +150.242.80.0/22 +150.242.92.0/22 +150.242.96.0/22 +150.242.112.0/22 +150.242.116.0/22 +150.242.120.0/22 +150.242.152.0/22 +150.242.156.0/22 +150.242.160.0/22 +150.242.164.0/22 +150.242.168.0/22 +150.242.184.0/22 +150.242.188.0/22 +150.242.192.0/22 +150.242.212.0/22 +150.242.224.0/22 +150.242.228.0/22 +150.242.232.0/22 +150.242.236.0/22 +150.242.240.0/22 +150.242.244.0/22 +150.242.248.0/22 +150.255.0.0/16 +152.104.128.0/17 +152.136.0.0/16 +153.0.0.0/16 +153.3.0.0/16 +153.34.0.0/15 +153.36.0.0/15 +153.99.0.0/16 +153.101.0.0/16 +153.118.0.0/15 +154.8.128.0/17 +157.0.0.0/16 +157.18.0.0/16 +157.61.0.0/16 +157.119.0.0/22 +157.119.8.0/22 +157.119.12.0/22 +157.119.16.0/22 +157.119.28.0/22 +157.119.68.0/22 +157.119.112.0/22 +157.119.132.0/22 +157.119.136.0/22 +157.119.140.0/22 +157.119.144.0/22 +157.119.148.0/22 +157.119.152.0/22 +157.119.156.0/22 +157.119.160.0/22 +157.119.164.0/22 +157.119.172.0/22 +157.119.192.0/22 +157.119.196.0/22 +157.119.240.0/22 +157.119.252.0/22 +157.122.0.0/16 +157.148.0.0/16 +157.156.0.0/16 +157.255.0.0/16 +159.75.0.0/16 +159.226.0.0/16 +160.19.208.0/22 +160.19.212.0/22 +160.19.216.0/22 +160.20.48.0/22 +160.202.60.0/22 +160.202.148.0/22 +160.202.152.0/22 +160.202.168.0/22 +160.202.212.0/22 +160.202.216.0/22 +160.202.220.0/22 +160.202.224.0/22 +160.202.228.0/22 +160.202.232.0/22 +160.202.236.0/22 +160.202.240.0/22 +160.202.244.0/22 +160.202.248.0/22 +160.202.252.0/22 +160.238.64.0/22 +161.189.0.0/16 +161.207.0.0/16 +162.14.0.0/16 +162.105.0.0/16 +163.0.0.0/16 +163.47.4.0/22 +163.53.0.0/22 +163.53.4.0/22 +163.53.8.0/22 +163.53.12.0/22 +163.53.36.0/22 +163.53.40.0/22 +163.53.44.0/22 +163.53.48.0/22 +163.53.52.0/22 +163.53.56.0/22 +163.53.60.0/22 +163.53.64.0/22 +163.53.88.0/22 +163.53.92.0/22 +163.53.96.0/22 +163.53.100.0/22 +163.53.104.0/22 +163.53.108.0/22 +163.53.112.0/22 +163.53.116.0/22 +163.53.120.0/22 +163.53.124.0/22 +163.53.128.0/22 +163.53.132.0/22 +163.53.136.0/22 +163.53.160.0/22 +163.53.164.0/22 +163.53.168.0/22 +163.53.172.0/22 +163.53.188.0/22 +163.53.220.0/22 +163.53.240.0/22 +163.125.0.0/16 +163.142.0.0/16 +163.177.0.0/16 +163.179.0.0/16 +163.204.0.0/16 +164.52.0.0/17 +166.111.0.0/16 +167.139.0.0/16 +167.189.0.0/16 +167.220.244.0/22 +168.160.0.0/16 +170.179.0.0/16 +171.8.0.0/13 +171.34.0.0/15 +171.36.0.0/14 +171.40.0.0/13 +171.80.0.0/14 +171.84.0.0/14 +171.88.0.0/13 +171.104.0.0/13 +171.112.0.0/14 +171.116.0.0/14 +171.120.0.0/13 +171.208.0.0/12 +172.81.192.0/18 +175.0.0.0/12 +175.16.0.0/13 +175.24.0.0/14 +175.30.0.0/15 +175.42.0.0/15 +175.44.0.0/16 +175.46.0.0/15 +175.48.0.0/12 +175.64.0.0/11 +175.102.0.0/16 +175.106.128.0/17 +175.111.144.0/22 +175.111.148.0/22 +175.111.152.0/22 +175.111.156.0/22 +175.111.160.0/22 +175.111.164.0/22 +175.111.168.0/22 +175.111.172.0/22 +175.111.184.0/22 +175.146.0.0/15 +175.148.0.0/14 +175.152.0.0/14 +175.158.96.0/22 +175.160.0.0/12 +175.176.156.0/22 +175.176.176.0/22 +175.176.188.0/22 +175.176.192.0/22 +175.178.0.0/16 +175.184.128.0/18 +175.185.0.0/16 +175.186.0.0/15 +175.188.0.0/14 +180.76.0.0/16 +180.77.0.0/16 +180.78.0.0/15 +180.84.0.0/15 +180.86.0.0/16 +180.88.0.0/14 +180.94.56.0/21 +180.94.96.0/20 +180.94.120.0/22 +180.94.124.0/22 +180.95.128.0/17 +180.96.0.0/11 +180.129.128.0/17 +180.130.0.0/16 +180.136.0.0/13 +180.148.16.0/21 +180.148.152.0/21 +180.148.216.0/21 +180.148.224.0/19 +180.149.128.0/19 +180.149.236.0/22 +180.150.160.0/19 +180.152.0.0/13 +180.160.0.0/12 +180.178.112.0/22 +180.178.116.0/22 +180.178.192.0/18 +180.184.0.0/14 +180.188.0.0/17 +180.189.148.0/22 +180.200.252.0/22 +180.201.0.0/16 +180.202.0.0/15 +180.208.0.0/15 +180.210.212.0/22 +180.210.224.0/19 +180.212.0.0/15 +180.222.224.0/19 +180.223.0.0/16 +180.233.0.0/18 +180.233.64.0/19 +180.233.144.0/22 +180.235.64.0/19 +180.235.112.0/22 +180.235.136.0/22 +182.16.144.0/22 +182.16.148.0/22 +182.16.192.0/19 +182.18.0.0/17 +182.23.184.0/21 +182.23.200.0/21 +182.32.0.0/12 +182.48.96.0/19 +182.49.0.0/16 +182.50.0.0/20 +182.50.112.0/20 +182.51.0.0/16 +182.54.0.0/17 +182.54.244.0/22 +182.61.0.0/16 +182.80.0.0/14 +182.84.0.0/14 +182.88.0.0/14 +182.92.0.0/16 +182.96.0.0/12 +182.112.0.0/12 +182.128.0.0/12 +182.144.0.0/13 +182.157.0.0/16 +182.160.64.0/19 +182.174.0.0/15 +182.200.0.0/13 +182.236.128.0/17 +182.237.24.0/22 +182.237.28.0/22 +182.238.0.0/16 +182.239.0.0/19 +182.240.0.0/13 +182.254.0.0/16 +182.255.36.0/22 +182.255.60.0/22 +183.0.0.0/10 +183.64.0.0/13 +183.78.160.0/22 +183.78.164.0/22 +183.78.180.0/22 +183.81.172.0/22 +183.81.180.0/22 +183.84.0.0/15 +183.91.128.0/22 +183.91.136.0/21 +183.91.144.0/20 +183.92.0.0/14 +183.128.0.0/11 +183.160.0.0/13 +183.168.0.0/15 +183.170.0.0/16 +183.172.0.0/14 +183.182.0.0/19 +183.184.0.0/13 +183.192.0.0/10 +188.131.128.0/17 +192.55.46.0/24 +192.55.68.0/22 +192.102.204.0/23 +192.124.154.0/24 +192.140.128.0/22 +192.140.132.0/22 +192.140.136.0/22 +192.140.156.0/22 +192.140.160.0/22 +192.140.164.0/22 +192.140.168.0/22 +192.140.172.0/22 +192.140.176.0/22 +192.140.180.0/22 +192.140.184.0/22 +192.140.188.0/22 +192.140.192.0/22 +192.140.196.0/22 +192.140.200.0/22 +192.140.204.0/22 +192.140.208.0/22 +192.140.212.0/22 +192.144.128.0/17 +193.112.0.0/16 +198.175.100.0/22 +202.0.100.0/23 +202.0.122.0/23 +202.0.176.0/22 +202.3.128.0/23 +202.4.128.0/19 +202.4.252.0/22 +202.5.208.0/22 +202.5.212.0/22 +202.5.216.0/22 +202.6.6.0/23 +202.6.66.0/23 +202.6.72.0/23 +202.6.87.0/24 +202.6.88.0/23 +202.6.92.0/23 +202.6.103.0/24 +202.6.108.0/24 +202.6.110.0/23 +202.6.114.0/24 +202.6.176.0/20 +202.8.0.0/24 +202.8.2.0/23 +202.8.4.0/23 +202.8.12.0/24 +202.8.24.0/24 +202.8.77.0/24 +202.8.128.0/19 +202.8.192.0/20 +202.9.32.0/24 +202.9.34.0/23 +202.9.48.0/23 +202.9.51.0/24 +202.9.52.0/23 +202.9.54.0/24 +202.9.57.0/24 +202.9.58.0/23 +202.10.64.0/20 +202.10.112.0/22 +202.10.116.0/22 +202.10.120.0/22 +202.10.124.0/22 +202.12.1.0/24 +202.12.2.0/24 +202.12.17.0/24 +202.12.18.0/24 +202.12.19.0/24 +202.12.72.0/24 +202.12.84.0/23 +202.12.96.0/24 +202.12.98.0/23 +202.12.106.0/24 +202.12.111.0/24 +202.12.116.0/24 +202.14.64.0/23 +202.14.69.0/24 +202.14.73.0/24 +202.14.74.0/23 +202.14.76.0/24 +202.14.78.0/23 +202.14.88.0/24 +202.14.97.0/24 +202.14.104.0/23 +202.14.108.0/23 +202.14.111.0/24 +202.14.114.0/23 +202.14.118.0/23 +202.14.124.0/23 +202.14.127.0/24 +202.14.129.0/24 +202.14.135.0/24 +202.14.136.0/24 +202.14.149.0/24 +202.14.151.0/24 +202.14.157.0/24 +202.14.158.0/23 +202.14.169.0/24 +202.14.170.0/23 +202.14.172.0/22 +202.14.176.0/24 +202.14.184.0/23 +202.14.208.0/23 +202.14.213.0/24 +202.14.219.0/24 +202.14.220.0/24 +202.14.222.0/23 +202.14.225.0/24 +202.14.226.0/23 +202.14.231.0/24 +202.14.235.0/24 +202.14.236.0/23 +202.14.238.0/24 +202.14.239.0/24 +202.14.246.0/24 +202.14.251.0/24 +202.20.66.0/24 +202.20.79.0/24 +202.20.87.0/24 +202.20.88.0/23 +202.20.90.0/24 +202.20.94.0/23 +202.20.114.0/24 +202.20.117.0/24 +202.20.120.0/24 +202.20.125.0/24 +202.20.126.0/24 +202.20.127.0/24 +202.21.48.0/22 +202.21.52.0/22 +202.21.56.0/22 +202.21.60.0/22 +202.21.131.0/24 +202.21.132.0/24 +202.21.141.0/24 +202.21.142.0/24 +202.21.147.0/24 +202.21.148.0/24 +202.21.150.0/23 +202.21.152.0/23 +202.21.154.0/24 +202.21.156.0/24 +202.22.248.0/22 +202.22.252.0/22 +202.27.12.0/24 +202.27.14.0/24 +202.27.136.0/23 +202.36.226.0/24 +202.38.0.0/23 +202.38.2.0/23 +202.38.8.0/21 +202.38.48.0/20 +202.38.64.0/19 +202.38.96.0/19 +202.38.128.0/23 +202.38.130.0/23 +202.38.132.0/23 +202.38.134.0/24 +202.38.135.0/24 +202.38.136.0/23 +202.38.138.0/24 +202.38.140.0/23 +202.38.142.0/23 +202.38.146.0/23 +202.38.149.0/24 +202.38.150.0/23 +202.38.152.0/23 +202.38.154.0/23 +202.38.156.0/24 +202.38.158.0/23 +202.38.160.0/23 +202.38.164.0/22 +202.38.168.0/23 +202.38.170.0/24 +202.38.171.0/24 +202.38.176.0/23 +202.38.184.0/21 +202.38.192.0/18 +202.40.4.0/23 +202.40.7.0/24 +202.40.15.0/24 +202.40.135.0/24 +202.40.136.0/24 +202.40.140.0/24 +202.40.143.0/24 +202.40.144.0/23 +202.40.150.0/24 +202.40.155.0/24 +202.40.156.0/24 +202.40.158.0/23 +202.40.162.0/24 +202.41.8.0/23 +202.41.11.0/24 +202.41.12.0/23 +202.41.128.0/24 +202.41.130.0/23 +202.41.152.0/21 +202.41.192.0/24 +202.41.196.0/22 +202.41.200.0/22 +202.41.240.0/20 +202.43.76.0/22 +202.43.144.0/20 +202.44.16.0/20 +202.44.48.0/22 +202.44.67.0/24 +202.44.74.0/24 +202.44.97.0/24 +202.44.129.0/24 +202.44.132.0/23 +202.44.146.0/23 +202.45.0.0/23 +202.45.2.0/24 +202.45.15.0/24 +202.45.16.0/20 +202.46.16.0/23 +202.46.18.0/24 +202.46.20.0/23 +202.46.32.0/19 +202.46.128.0/24 +202.46.224.0/20 +202.47.82.0/23 +202.47.96.0/22 +202.47.100.0/22 +202.47.104.0/22 +202.47.108.0/22 +202.47.126.0/24 +202.47.128.0/24 +202.47.130.0/23 +202.52.33.0/24 +202.52.34.0/24 +202.52.47.0/24 +202.52.143.0/24 +202.53.140.0/24 +202.53.143.0/24 +202.57.192.0/22 +202.57.196.0/22 +202.57.200.0/22 +202.57.204.0/22 +202.57.212.0/22 +202.57.216.0/22 +202.57.240.0/20 +202.58.0.0/24 +202.58.104.0/22 +202.58.112.0/22 +202.59.0.0/24 +202.59.1.0/24 +202.59.212.0/22 +202.59.236.0/24 +202.59.240.0/24 +202.60.48.0/21 +202.60.96.0/21 +202.60.112.0/20 +202.60.132.0/22 +202.60.136.0/21 +202.60.144.0/20 +202.61.68.0/22 +202.61.76.0/22 +202.61.88.0/22 +202.61.123.0/24 +202.61.127.0/24 +202.62.112.0/22 +202.62.248.0/22 +202.62.252.0/24 +202.62.255.0/24 +202.63.80.0/24 +202.63.81.0/24 +202.63.82.0/23 +202.63.84.0/22 +202.63.88.0/21 +202.63.160.0/19 +202.63.248.0/22 +202.63.253.0/24 +202.65.0.0/21 +202.65.8.0/23 +202.65.96.0/22 +202.65.100.0/22 +202.65.104.0/22 +202.65.108.0/22 +202.66.168.0/22 +202.67.0.0/22 +202.69.4.0/22 +202.69.16.0/20 +202.70.0.0/19 +202.70.96.0/20 +202.70.192.0/20 +202.71.32.0/22 +202.71.36.0/22 +202.71.40.0/22 +202.71.44.0/22 +202.72.40.0/21 +202.72.80.0/20 +202.72.112.0/22 +202.72.116.0/22 +202.72.120.0/22 +202.72.124.0/22 +202.73.128.0/22 +202.73.240.0/22 +202.73.244.0/22 +202.73.248.0/22 +202.73.252.0/22 +202.74.8.0/21 +202.74.36.0/24 +202.74.42.0/24 +202.74.52.0/24 +202.74.80.0/20 +202.74.232.0/22 +202.74.254.0/23 +202.75.208.0/20 +202.75.252.0/22 +202.76.252.0/22 +202.77.80.0/21 +202.77.92.0/22 +202.78.8.0/21 +202.79.224.0/21 +202.79.248.0/22 +202.80.192.0/21 +202.80.200.0/21 +202.81.0.0/22 +202.81.176.0/22 +202.81.180.0/22 +202.81.184.0/22 +202.81.188.0/22 +202.83.252.0/22 +202.84.0.0/22 +202.84.4.0/22 +202.84.8.0/21 +202.84.16.0/23 +202.84.22.0/24 +202.84.24.0/21 +202.85.208.0/20 +202.86.249.0/24 +202.86.252.0/22 +202.87.80.0/20 +202.88.32.0/22 +202.89.8.0/21 +202.89.96.0/22 +202.89.108.0/22 +202.89.119.0/24 +202.89.232.0/21 +202.90.0.0/22 +202.90.16.0/22 +202.90.20.0/22 +202.90.24.0/22 +202.90.28.0/22 +202.90.37.0/24 +202.90.96.0/22 +202.90.100.0/22 +202.90.104.0/22 +202.90.108.0/22 +202.90.112.0/20 +202.90.193.0/24 +202.90.196.0/24 +202.90.205.0/24 +202.90.224.0/20 +202.91.0.0/22 +202.91.36.0/22 +202.91.96.0/20 +202.91.128.0/22 +202.91.176.0/20 +202.91.224.0/19 +202.92.0.0/22 +202.92.8.0/21 +202.92.48.0/20 +202.92.252.0/22 +202.93.0.0/22 +202.93.252.0/22 +202.94.74.0/24 +202.94.81.0/24 +202.94.92.0/22 +202.95.240.0/21 +202.95.252.0/22 +202.96.0.0/18 +202.96.64.0/21 +202.96.72.0/21 +202.96.80.0/20 +202.96.96.0/21 +202.96.104.0/21 +202.96.112.0/20 +202.96.128.0/21 +202.96.136.0/21 +202.96.144.0/20 +202.96.160.0/21 +202.96.168.0/21 +202.96.176.0/20 +202.96.192.0/21 +202.96.200.0/21 +202.96.208.0/20 +202.96.224.0/21 +202.96.232.0/21 +202.96.240.0/20 +202.97.0.0/21 +202.97.8.0/21 +202.97.16.0/20 +202.97.32.0/19 +202.97.64.0/19 +202.97.96.0/20 +202.97.112.0/20 +202.97.128.0/18 +202.97.192.0/19 +202.97.224.0/21 +202.97.232.0/21 +202.97.240.0/20 +202.98.0.0/21 +202.98.8.0/21 +202.98.16.0/20 +202.98.32.0/21 +202.98.40.0/21 +202.98.48.0/20 +202.98.64.0/19 +202.98.96.0/21 +202.98.104.0/21 +202.98.112.0/20 +202.98.128.0/19 +202.98.160.0/21 +202.98.168.0/21 +202.98.176.0/20 +202.98.192.0/21 +202.98.200.0/21 +202.98.208.0/20 +202.98.224.0/21 +202.98.232.0/21 +202.98.240.0/20 +202.99.0.0/18 +202.99.64.0/19 +202.99.96.0/21 +202.99.104.0/21 +202.99.112.0/20 +202.99.128.0/19 +202.99.160.0/21 +202.99.168.0/21 +202.99.176.0/20 +202.99.192.0/21 +202.99.200.0/21 +202.99.208.0/20 +202.99.224.0/21 +202.99.232.0/21 +202.99.240.0/20 +202.100.0.0/21 +202.100.8.0/21 +202.100.16.0/20 +202.100.32.0/19 +202.100.64.0/21 +202.100.72.0/21 +202.100.80.0/20 +202.100.96.0/21 +202.100.104.0/21 +202.100.112.0/20 +202.100.128.0/21 +202.100.136.0/21 +202.100.144.0/20 +202.100.160.0/21 +202.100.168.0/21 +202.100.176.0/20 +202.100.192.0/21 +202.100.200.0/21 +202.100.208.0/20 +202.100.224.0/19 +202.101.0.0/18 +202.101.64.0/19 +202.101.96.0/19 +202.101.128.0/18 +202.101.192.0/19 +202.101.224.0/21 +202.101.232.0/21 +202.101.240.0/20 +202.102.0.0/19 +202.102.32.0/19 +202.102.64.0/18 +202.102.128.0/21 +202.102.136.0/21 +202.102.144.0/20 +202.102.160.0/19 +202.102.192.0/21 +202.102.200.0/21 +202.102.208.0/20 +202.102.224.0/21 +202.102.232.0/21 +202.102.240.0/20 +202.103.0.0/21 +202.103.8.0/21 +202.103.16.0/20 +202.103.32.0/19 +202.103.64.0/19 +202.103.96.0/21 +202.103.104.0/21 +202.103.112.0/20 +202.103.128.0/18 +202.103.192.0/19 +202.103.224.0/21 +202.103.232.0/21 +202.103.240.0/20 +202.104.0.0/15 +202.106.0.0/16 +202.107.0.0/17 +202.107.128.0/17 +202.108.0.0/16 +202.109.0.0/16 +202.110.0.0/18 +202.110.64.0/18 +202.110.128.0/18 +202.110.192.0/18 +202.111.0.0/17 +202.111.128.0/19 +202.111.160.0/19 +202.111.192.0/18 +202.112.0.0/16 +202.113.0.0/20 +202.113.16.0/20 +202.113.32.0/19 +202.113.64.0/18 +202.113.128.0/18 +202.113.192.0/19 +202.113.224.0/20 +202.113.240.0/20 +202.114.0.0/19 +202.114.32.0/19 +202.114.64.0/18 +202.114.128.0/17 +202.115.0.0/19 +202.115.32.0/19 +202.115.64.0/18 +202.115.128.0/17 +202.116.0.0/19 +202.116.32.0/20 +202.116.48.0/20 +202.116.64.0/19 +202.116.96.0/19 +202.116.128.0/17 +202.117.0.0/18 +202.117.64.0/18 +202.117.128.0/17 +202.118.0.0/19 +202.118.32.0/19 +202.118.64.0/18 +202.118.128.0/17 +202.119.0.0/19 +202.119.32.0/19 +202.119.64.0/20 +202.119.80.0/20 +202.119.96.0/19 +202.119.128.0/17 +202.120.0.0/18 +202.120.64.0/18 +202.120.128.0/17 +202.121.0.0/16 +202.122.0.0/21 +202.122.32.0/21 +202.122.64.0/19 +202.122.112.0/21 +202.122.120.0/21 +202.122.128.0/24 +202.122.132.0/24 +202.123.96.0/20 +202.123.116.0/22 +202.123.120.0/22 +202.124.16.0/21 +202.124.24.0/22 +202.125.107.0/24 +202.125.109.0/24 +202.125.112.0/20 +202.125.176.0/20 +202.127.0.0/23 +202.127.2.0/24 +202.127.3.0/24 +202.127.4.0/24 +202.127.5.0/24 +202.127.6.0/23 +202.127.12.0/22 +202.127.16.0/20 +202.127.40.0/21 +202.127.48.0/20 +202.127.112.0/20 +202.127.128.0/20 +202.127.144.0/20 +202.127.160.0/21 +202.127.192.0/23 +202.127.194.0/23 +202.127.196.0/22 +202.127.200.0/21 +202.127.208.0/24 +202.127.209.0/24 +202.127.212.0/22 +202.127.216.0/21 +202.127.224.0/19 +202.129.208.0/24 +202.130.0.0/19 +202.130.39.0/24 +202.130.224.0/19 +202.131.16.0/21 +202.131.48.0/20 +202.131.208.0/20 +202.133.32.0/20 +202.134.58.0/24 +202.134.128.0/20 +202.134.208.0/22 +202.134.212.0/22 +202.134.216.0/22 +202.134.220.0/22 +202.136.48.0/20 +202.136.208.0/20 +202.136.224.0/20 +202.136.248.0/22 +202.137.231.0/24 +202.140.140.0/22 +202.140.144.0/22 +202.140.148.0/22 +202.140.152.0/22 +202.140.156.0/22 +202.141.160.0/19 +202.142.16.0/20 +202.143.4.0/22 +202.143.16.0/20 +202.143.32.0/20 +202.143.56.0/21 +202.143.100.0/22 +202.143.104.0/22 +202.144.196.0/22 +202.146.160.0/20 +202.146.186.0/24 +202.146.188.0/22 +202.146.196.0/22 +202.146.200.0/21 +202.147.144.0/20 +202.148.32.0/20 +202.148.64.0/19 +202.148.96.0/19 +202.149.32.0/19 +202.149.160.0/19 +202.149.224.0/19 +202.150.16.0/20 +202.150.32.0/20 +202.150.56.0/22 +202.150.192.0/20 +202.150.224.0/19 +202.151.0.0/22 +202.151.33.0/24 +202.151.128.0/19 +202.152.176.0/20 +202.153.0.0/22 +202.153.7.0/24 +202.153.48.0/20 +202.157.192.0/19 +202.158.160.0/19 +202.158.242.0/24 +202.160.140.0/22 +202.160.156.0/22 +202.160.176.0/20 +202.162.67.0/24 +202.162.75.0/24 +202.164.0.0/20 +202.164.96.0/19 +202.165.176.0/20 +202.165.208.0/20 +202.165.239.0/24 +202.165.240.0/23 +202.165.243.0/24 +202.165.245.0/24 +202.165.251.0/24 +202.165.252.0/22 +202.166.224.0/19 +202.168.80.0/22 +202.168.128.0/22 +202.168.132.0/22 +202.168.136.0/22 +202.168.140.0/22 +202.168.160.0/20 +202.168.176.0/20 +202.170.128.0/19 +202.170.216.0/21 +202.170.224.0/19 +202.171.216.0/21 +202.171.232.0/24 +202.171.235.0/24 +202.172.0.0/22 +202.172.7.0/24 +202.173.0.0/22 +202.173.6.0/24 +202.173.8.0/21 +202.173.112.0/22 +202.173.224.0/19 +202.174.64.0/20 +202.174.124.0/22 +202.176.224.0/19 +202.179.160.0/22 +202.179.164.0/22 +202.179.168.0/22 +202.179.172.0/22 +202.179.240.0/20 +202.180.128.0/19 +202.180.208.0/21 +202.181.8.0/22 +202.181.28.0/22 +202.181.112.0/20 +202.182.32.0/20 +202.182.192.0/19 +202.189.0.0/18 +202.189.80.0/20 +202.189.184.0/21 +202.191.0.0/24 +202.191.68.0/22 +202.191.72.0/21 +202.191.80.0/20 +202.192.0.0/13 +202.200.0.0/14 +202.204.0.0/14 +203.0.4.0/22 +203.0.10.0/23 +203.0.18.0/24 +203.0.24.0/24 +203.0.42.0/23 +203.0.45.0/24 +203.0.46.0/23 +203.0.81.0/24 +203.0.82.0/23 +203.0.90.0/23 +203.0.96.0/23 +203.0.104.0/21 +203.0.114.0/23 +203.0.122.0/24 +203.0.128.0/24 +203.0.130.0/23 +203.0.132.0/22 +203.0.137.0/24 +203.0.142.0/24 +203.0.144.0/24 +203.0.146.0/24 +203.0.148.0/24 +203.0.150.0/23 +203.0.152.0/24 +203.0.177.0/24 +203.0.224.0/24 +203.1.4.0/22 +203.1.18.0/24 +203.1.26.0/23 +203.1.65.0/24 +203.1.66.0/23 +203.1.70.0/23 +203.1.76.0/23 +203.1.90.0/24 +203.1.97.0/24 +203.1.98.0/23 +203.1.100.0/22 +203.1.108.0/24 +203.1.253.0/24 +203.1.254.0/24 +203.2.64.0/21 +203.2.73.0/24 +203.2.112.0/21 +203.2.126.0/23 +203.2.140.0/24 +203.2.150.0/24 +203.2.152.0/22 +203.2.156.0/23 +203.2.160.0/21 +203.2.180.0/23 +203.2.196.0/23 +203.2.209.0/24 +203.2.214.0/23 +203.2.226.0/23 +203.2.229.0/24 +203.2.236.0/23 +203.3.68.0/24 +203.3.72.0/23 +203.3.75.0/24 +203.3.80.0/21 +203.3.96.0/22 +203.3.105.0/24 +203.3.112.0/21 +203.3.120.0/24 +203.3.123.0/24 +203.3.135.0/24 +203.3.139.0/24 +203.3.143.0/24 +203.4.132.0/23 +203.4.134.0/24 +203.4.151.0/24 +203.4.152.0/22 +203.4.174.0/23 +203.4.180.0/24 +203.4.186.0/24 +203.4.205.0/24 +203.4.208.0/22 +203.4.227.0/24 +203.4.230.0/23 +203.5.4.0/23 +203.5.7.0/24 +203.5.8.0/23 +203.5.11.0/24 +203.5.21.0/24 +203.5.22.0/24 +203.5.44.0/24 +203.5.46.0/23 +203.5.52.0/22 +203.5.56.0/23 +203.5.60.0/23 +203.5.114.0/23 +203.5.118.0/24 +203.5.120.0/24 +203.5.172.0/24 +203.5.180.0/23 +203.5.182.0/24 +203.5.185.0/24 +203.5.186.0/24 +203.5.188.0/23 +203.5.190.0/24 +203.5.195.0/24 +203.5.214.0/23 +203.5.218.0/23 +203.6.131.0/24 +203.6.136.0/24 +203.6.138.0/23 +203.6.142.0/24 +203.6.150.0/23 +203.6.157.0/24 +203.6.159.0/24 +203.6.224.0/20 +203.6.248.0/23 +203.7.129.0/24 +203.7.138.0/23 +203.7.147.0/24 +203.7.150.0/23 +203.7.158.0/24 +203.7.192.0/23 +203.7.200.0/24 +203.8.0.0/24 +203.8.8.0/24 +203.8.23.0/24 +203.8.24.0/21 +203.8.70.0/24 +203.8.82.0/24 +203.8.86.0/23 +203.8.91.0/24 +203.8.110.0/23 +203.8.115.0/24 +203.8.166.0/23 +203.8.169.0/24 +203.8.173.0/24 +203.8.184.0/24 +203.8.186.0/23 +203.8.190.0/23 +203.8.192.0/24 +203.8.197.0/24 +203.8.198.0/23 +203.8.203.0/24 +203.8.209.0/24 +203.8.210.0/23 +203.8.212.0/22 +203.8.217.0/24 +203.8.220.0/24 +203.9.32.0/24 +203.9.36.0/23 +203.9.57.0/24 +203.9.63.0/24 +203.9.65.0/24 +203.9.70.0/23 +203.9.72.0/24 +203.9.75.0/24 +203.9.76.0/23 +203.9.96.0/22 +203.9.100.0/23 +203.9.108.0/24 +203.9.158.0/24 +203.10.34.0/24 +203.10.56.0/24 +203.10.74.0/23 +203.10.84.0/22 +203.10.88.0/24 +203.10.95.0/24 +203.10.125.0/24 +203.11.70.0/24 +203.11.76.0/22 +203.11.82.0/24 +203.11.84.0/22 +203.11.100.0/22 +203.11.109.0/24 +203.11.117.0/24 +203.11.122.0/24 +203.11.126.0/24 +203.11.136.0/22 +203.11.141.0/24 +203.11.142.0/23 +203.11.180.0/22 +203.11.208.0/22 +203.12.16.0/24 +203.12.19.0/24 +203.12.24.0/24 +203.12.57.0/24 +203.12.65.0/24 +203.12.66.0/24 +203.12.70.0/23 +203.12.87.0/24 +203.12.88.0/21 +203.12.100.0/23 +203.12.103.0/24 +203.12.114.0/24 +203.12.118.0/24 +203.12.130.0/24 +203.12.137.0/24 +203.12.196.0/22 +203.12.200.0/21 +203.12.211.0/24 +203.12.219.0/24 +203.12.226.0/24 +203.12.240.0/22 +203.13.18.0/24 +203.13.24.0/24 +203.13.44.0/23 +203.13.80.0/21 +203.13.88.0/23 +203.13.92.0/22 +203.13.173.0/24 +203.13.224.0/23 +203.13.227.0/24 +203.13.233.0/24 +203.14.24.0/22 +203.14.33.0/24 +203.14.56.0/24 +203.14.61.0/24 +203.14.62.0/24 +203.14.104.0/24 +203.14.114.0/23 +203.14.118.0/24 +203.14.162.0/24 +203.14.184.0/21 +203.14.192.0/24 +203.14.194.0/23 +203.14.214.0/24 +203.14.231.0/24 +203.14.246.0/24 +203.15.0.0/20 +203.15.20.0/23 +203.15.22.0/24 +203.15.87.0/24 +203.15.88.0/23 +203.15.105.0/24 +203.15.112.0/21 +203.15.130.0/23 +203.15.149.0/24 +203.15.151.0/24 +203.15.156.0/22 +203.15.174.0/24 +203.15.227.0/24 +203.15.232.0/21 +203.15.240.0/23 +203.15.246.0/24 +203.16.10.0/24 +203.16.12.0/23 +203.16.16.0/21 +203.16.27.0/24 +203.16.38.0/24 +203.16.49.0/24 +203.16.50.0/23 +203.16.58.0/24 +203.16.63.0/24 +203.16.133.0/24 +203.16.161.0/24 +203.16.162.0/24 +203.16.186.0/23 +203.16.228.0/24 +203.16.238.0/24 +203.16.240.0/24 +203.16.245.0/24 +203.17.2.0/24 +203.17.18.0/24 +203.17.28.0/24 +203.17.39.0/24 +203.17.56.0/24 +203.17.74.0/23 +203.17.88.0/23 +203.17.136.0/24 +203.17.164.0/24 +203.17.187.0/24 +203.17.190.0/23 +203.17.231.0/24 +203.17.233.0/24 +203.17.248.0/24 +203.17.249.0/24 +203.17.255.0/24 +203.18.2.0/23 +203.18.4.0/24 +203.18.7.0/24 +203.18.31.0/24 +203.18.37.0/24 +203.18.48.0/23 +203.18.52.0/24 +203.18.72.0/22 +203.18.80.0/23 +203.18.87.0/24 +203.18.100.0/23 +203.18.105.0/24 +203.18.107.0/24 +203.18.110.0/24 +203.18.129.0/24 +203.18.131.0/24 +203.18.132.0/23 +203.18.144.0/24 +203.18.153.0/24 +203.18.199.0/24 +203.18.208.0/24 +203.18.211.0/24 +203.18.215.0/24 +203.19.1.0/24 +203.19.18.0/24 +203.19.24.0/24 +203.19.30.0/24 +203.19.32.0/21 +203.19.41.0/24 +203.19.44.0/23 +203.19.46.0/24 +203.19.58.0/24 +203.19.60.0/23 +203.19.64.0/24 +203.19.68.0/24 +203.19.72.0/24 +203.19.101.0/24 +203.19.111.0/24 +203.19.131.0/24 +203.19.133.0/24 +203.19.144.0/24 +203.19.147.0/24 +203.19.149.0/24 +203.19.156.0/24 +203.19.176.0/24 +203.19.178.0/23 +203.19.208.0/24 +203.19.228.0/22 +203.19.233.0/24 +203.19.242.0/24 +203.19.248.0/23 +203.19.255.0/24 +203.20.17.0/24 +203.20.40.0/23 +203.20.44.0/24 +203.20.48.0/24 +203.20.61.0/24 +203.20.65.0/24 +203.20.84.0/23 +203.20.89.0/24 +203.20.106.0/23 +203.20.115.0/24 +203.20.117.0/24 +203.20.118.0/23 +203.20.122.0/24 +203.20.126.0/23 +203.20.135.0/24 +203.20.136.0/21 +203.20.150.0/24 +203.20.230.0/24 +203.20.232.0/24 +203.20.236.0/24 +203.21.0.0/23 +203.21.2.0/24 +203.21.8.0/24 +203.21.10.0/24 +203.21.18.0/24 +203.21.33.0/24 +203.21.34.0/24 +203.21.41.0/24 +203.21.44.0/24 +203.21.68.0/24 +203.21.82.0/24 +203.21.96.0/22 +203.21.124.0/24 +203.21.136.0/23 +203.21.145.0/24 +203.21.206.0/24 +203.22.24.0/24 +203.22.28.0/23 +203.22.31.0/24 +203.22.68.0/24 +203.22.76.0/24 +203.22.78.0/24 +203.22.84.0/24 +203.22.87.0/24 +203.22.92.0/22 +203.22.99.0/24 +203.22.106.0/24 +203.22.122.0/23 +203.22.131.0/24 +203.22.163.0/24 +203.22.166.0/24 +203.22.170.0/24 +203.22.176.0/21 +203.22.194.0/24 +203.22.242.0/23 +203.22.245.0/24 +203.22.246.0/24 +203.22.252.0/23 +203.23.0.0/24 +203.23.47.0/24 +203.23.61.0/24 +203.23.62.0/23 +203.23.73.0/24 +203.23.85.0/24 +203.23.92.0/22 +203.23.98.0/24 +203.23.107.0/24 +203.23.112.0/24 +203.23.130.0/24 +203.23.140.0/23 +203.23.172.0/24 +203.23.182.0/24 +203.23.186.0/23 +203.23.192.0/24 +203.23.197.0/24 +203.23.198.0/24 +203.23.204.0/22 +203.23.224.0/24 +203.23.226.0/23 +203.23.228.0/22 +203.23.249.0/24 +203.23.251.0/24 +203.24.13.0/24 +203.24.18.0/24 +203.24.27.0/24 +203.24.43.0/24 +203.24.56.0/24 +203.24.58.0/24 +203.24.67.0/24 +203.24.74.0/24 +203.24.79.0/24 +203.24.80.0/23 +203.24.84.0/23 +203.24.86.0/24 +203.24.90.0/24 +203.24.111.0/24 +203.24.112.0/24 +203.24.116.0/24 +203.24.122.0/23 +203.24.145.0/24 +203.24.152.0/23 +203.24.157.0/24 +203.24.161.0/24 +203.24.167.0/24 +203.24.186.0/23 +203.24.199.0/24 +203.24.202.0/24 +203.24.212.0/23 +203.24.217.0/24 +203.24.219.0/24 +203.24.244.0/24 +203.25.19.0/24 +203.25.20.0/23 +203.25.46.0/24 +203.25.48.0/21 +203.25.64.0/23 +203.25.91.0/24 +203.25.99.0/24 +203.25.100.0/24 +203.25.106.0/24 +203.25.131.0/24 +203.25.135.0/24 +203.25.138.0/24 +203.25.147.0/24 +203.25.153.0/24 +203.25.154.0/23 +203.25.164.0/24 +203.25.166.0/24 +203.25.174.0/23 +203.25.180.0/24 +203.25.182.0/24 +203.25.191.0/24 +203.25.199.0/24 +203.25.200.0/24 +203.25.202.0/23 +203.25.208.0/20 +203.25.229.0/24 +203.25.235.0/24 +203.25.236.0/24 +203.25.242.0/24 +203.26.12.0/24 +203.26.34.0/24 +203.26.49.0/24 +203.26.50.0/24 +203.26.55.0/24 +203.26.56.0/23 +203.26.60.0/24 +203.26.65.0/24 +203.26.68.0/24 +203.26.76.0/24 +203.26.80.0/24 +203.26.84.0/24 +203.26.97.0/24 +203.26.102.0/23 +203.26.115.0/24 +203.26.116.0/24 +203.26.129.0/24 +203.26.143.0/24 +203.26.144.0/24 +203.26.148.0/23 +203.26.154.0/24 +203.26.158.0/23 +203.26.170.0/24 +203.26.173.0/24 +203.26.176.0/24 +203.26.185.0/24 +203.26.202.0/23 +203.26.210.0/24 +203.26.214.0/24 +203.26.222.0/24 +203.26.224.0/24 +203.26.228.0/24 +203.26.232.0/24 +203.27.0.0/24 +203.27.10.0/24 +203.27.15.0/24 +203.27.16.0/24 +203.27.20.0/24 +203.27.22.0/23 +203.27.40.0/24 +203.27.45.0/24 +203.27.53.0/24 +203.27.65.0/24 +203.27.66.0/24 +203.27.81.0/24 +203.27.88.0/24 +203.27.102.0/24 +203.27.109.0/24 +203.27.117.0/24 +203.27.121.0/24 +203.27.122.0/23 +203.27.125.0/24 +203.27.200.0/24 +203.27.202.0/24 +203.27.233.0/24 +203.27.241.0/24 +203.27.250.0/24 +203.28.10.0/24 +203.28.12.0/24 +203.28.33.0/24 +203.28.34.0/23 +203.28.43.0/24 +203.28.44.0/24 +203.28.54.0/24 +203.28.56.0/24 +203.28.73.0/24 +203.28.74.0/24 +203.28.76.0/24 +203.28.86.0/24 +203.28.88.0/24 +203.28.112.0/24 +203.28.131.0/24 +203.28.136.0/24 +203.28.140.0/24 +203.28.145.0/24 +203.28.165.0/24 +203.28.169.0/24 +203.28.170.0/24 +203.28.178.0/23 +203.28.185.0/24 +203.28.187.0/24 +203.28.196.0/24 +203.28.226.0/23 +203.28.239.0/24 +203.29.2.0/24 +203.29.8.0/23 +203.29.13.0/24 +203.29.14.0/24 +203.29.28.0/24 +203.29.46.0/24 +203.29.57.0/24 +203.29.61.0/24 +203.29.63.0/24 +203.29.69.0/24 +203.29.73.0/24 +203.29.81.0/24 +203.29.90.0/24 +203.29.95.0/24 +203.29.100.0/24 +203.29.103.0/24 +203.29.112.0/24 +203.29.120.0/22 +203.29.182.0/23 +203.29.187.0/24 +203.29.189.0/24 +203.29.190.0/24 +203.29.205.0/24 +203.29.210.0/24 +203.29.217.0/24 +203.29.227.0/24 +203.29.231.0/24 +203.29.233.0/24 +203.29.234.0/24 +203.29.248.0/24 +203.29.254.0/23 +203.30.16.0/23 +203.30.25.0/24 +203.30.27.0/24 +203.30.29.0/24 +203.30.66.0/24 +203.30.81.0/24 +203.30.87.0/24 +203.30.111.0/24 +203.30.121.0/24 +203.30.123.0/24 +203.30.152.0/24 +203.30.156.0/24 +203.30.162.0/24 +203.30.173.0/24 +203.30.175.0/24 +203.30.187.0/24 +203.30.194.0/24 +203.30.217.0/24 +203.30.220.0/24 +203.30.222.0/24 +203.30.232.0/23 +203.30.235.0/24 +203.30.240.0/23 +203.30.246.0/24 +203.30.250.0/23 +203.31.45.0/24 +203.31.46.0/24 +203.31.49.0/24 +203.31.51.0/24 +203.31.54.0/23 +203.31.69.0/24 +203.31.72.0/24 +203.31.80.0/24 +203.31.85.0/24 +203.31.97.0/24 +203.31.105.0/24 +203.31.106.0/24 +203.31.108.0/23 +203.31.124.0/24 +203.31.162.0/24 +203.31.174.0/24 +203.31.177.0/24 +203.31.181.0/24 +203.31.187.0/24 +203.31.189.0/24 +203.31.204.0/24 +203.31.220.0/24 +203.31.222.0/23 +203.31.225.0/24 +203.31.229.0/24 +203.31.248.0/23 +203.31.253.0/24 +203.32.20.0/24 +203.32.48.0/23 +203.32.56.0/24 +203.32.60.0/24 +203.32.62.0/24 +203.32.68.0/23 +203.32.76.0/24 +203.32.81.0/24 +203.32.84.0/23 +203.32.95.0/24 +203.32.102.0/24 +203.32.105.0/24 +203.32.130.0/24 +203.32.133.0/24 +203.32.140.0/24 +203.32.152.0/24 +203.32.186.0/23 +203.32.192.0/24 +203.32.196.0/24 +203.32.203.0/24 +203.32.204.0/23 +203.32.212.0/24 +203.33.4.0/24 +203.33.7.0/24 +203.33.8.0/21 +203.33.21.0/24 +203.33.26.0/24 +203.33.32.0/24 +203.33.63.0/24 +203.33.64.0/24 +203.33.67.0/24 +203.33.68.0/24 +203.33.73.0/24 +203.33.79.0/24 +203.33.100.0/24 +203.33.122.0/24 +203.33.129.0/24 +203.33.131.0/24 +203.33.145.0/24 +203.33.156.0/24 +203.33.158.0/23 +203.33.174.0/24 +203.33.185.0/24 +203.33.200.0/24 +203.33.202.0/23 +203.33.204.0/24 +203.33.206.0/23 +203.33.214.0/23 +203.33.224.0/23 +203.33.226.0/24 +203.33.233.0/24 +203.33.243.0/24 +203.33.250.0/24 +203.34.4.0/24 +203.34.21.0/24 +203.34.27.0/24 +203.34.39.0/24 +203.34.48.0/23 +203.34.54.0/24 +203.34.56.0/23 +203.34.67.0/24 +203.34.69.0/24 +203.34.76.0/24 +203.34.92.0/24 +203.34.106.0/24 +203.34.113.0/24 +203.34.147.0/24 +203.34.150.0/24 +203.34.152.0/23 +203.34.161.0/24 +203.34.162.0/24 +203.34.187.0/24 +203.34.192.0/21 +203.34.204.0/22 +203.34.232.0/24 +203.34.240.0/24 +203.34.242.0/24 +203.34.245.0/24 +203.34.251.0/24 +203.55.2.0/23 +203.55.4.0/24 +203.55.10.0/24 +203.55.13.0/24 +203.55.22.0/24 +203.55.30.0/24 +203.55.93.0/24 +203.55.101.0/24 +203.55.109.0/24 +203.55.110.0/24 +203.55.116.0/23 +203.55.119.0/24 +203.55.128.0/23 +203.55.146.0/23 +203.55.192.0/24 +203.55.196.0/24 +203.55.218.0/23 +203.55.221.0/24 +203.55.224.0/24 +203.56.1.0/24 +203.56.4.0/24 +203.56.12.0/24 +203.56.24.0/24 +203.56.38.0/24 +203.56.40.0/24 +203.56.46.0/24 +203.56.48.0/21 +203.56.68.0/23 +203.56.82.0/23 +203.56.84.0/23 +203.56.95.0/24 +203.56.110.0/24 +203.56.121.0/24 +203.56.161.0/24 +203.56.169.0/24 +203.56.172.0/23 +203.56.175.0/24 +203.56.183.0/24 +203.56.185.0/24 +203.56.187.0/24 +203.56.192.0/24 +203.56.198.0/24 +203.56.201.0/24 +203.56.208.0/23 +203.56.210.0/24 +203.56.214.0/24 +203.56.216.0/24 +203.56.227.0/24 +203.56.228.0/24 +203.56.231.0/24 +203.56.232.0/24 +203.56.240.0/24 +203.56.252.0/24 +203.56.254.0/24 +203.57.5.0/24 +203.57.6.0/24 +203.57.12.0/23 +203.57.28.0/24 +203.57.39.0/24 +203.57.46.0/24 +203.57.58.0/24 +203.57.61.0/24 +203.57.66.0/24 +203.57.69.0/24 +203.57.70.0/23 +203.57.73.0/24 +203.57.90.0/24 +203.57.101.0/24 +203.57.109.0/24 +203.57.123.0/24 +203.57.157.0/24 +203.57.200.0/24 +203.57.202.0/24 +203.57.206.0/24 +203.57.222.0/24 +203.57.224.0/20 +203.57.246.0/23 +203.57.249.0/24 +203.57.253.0/24 +203.57.254.0/23 +203.62.2.0/24 +203.62.131.0/24 +203.62.139.0/24 +203.62.161.0/24 +203.62.197.0/24 +203.62.228.0/22 +203.62.234.0/24 +203.62.246.0/24 +203.76.160.0/22 +203.76.168.0/22 +203.76.208.0/22 +203.76.212.0/22 +203.76.216.0/22 +203.76.240.0/22 +203.76.244.0/22 +203.77.180.0/22 +203.78.48.0/20 +203.78.156.0/22 +203.79.0.0/20 +203.79.32.0/20 +203.80.4.0/23 +203.80.32.0/20 +203.80.57.0/24 +203.80.129.0/24 +203.80.132.0/22 +203.80.136.0/21 +203.80.144.0/20 +203.81.0.0/21 +203.81.16.0/20 +203.81.244.0/22 +203.82.0.0/23 +203.82.16.0/21 +203.82.112.0/22 +203.82.116.0/22 +203.82.120.0/22 +203.82.124.0/22 +203.82.224.0/22 +203.82.228.0/22 +203.82.232.0/22 +203.82.236.0/22 +203.83.0.0/22 +203.83.8.0/22 +203.83.12.0/22 +203.83.56.0/21 +203.83.224.0/20 +203.86.0.0/19 +203.86.32.0/19 +203.86.64.0/20 +203.86.80.0/20 +203.86.96.0/19 +203.86.250.0/24 +203.86.254.0/23 +203.88.32.0/19 +203.88.192.0/19 +203.89.0.0/22 +203.89.8.0/21 +203.89.100.0/22 +203.89.133.0/24 +203.89.136.0/22 +203.89.144.0/24 +203.90.0.0/22 +203.90.8.0/22 +203.90.12.0/22 +203.90.128.0/19 +203.90.160.0/19 +203.90.192.0/19 +203.91.32.0/19 +203.91.96.0/20 +203.91.120.0/21 +203.92.0.0/22 +203.92.6.0/24 +203.92.160.0/19 +203.93.0.0/22 +203.93.4.0/22 +203.93.8.0/24 +203.93.9.0/24 +203.93.10.0/23 +203.93.12.0/22 +203.93.16.0/20 +203.93.32.0/19 +203.93.64.0/18 +203.93.128.0/21 +203.93.136.0/22 +203.93.140.0/24 +203.93.141.0/24 +203.93.142.0/23 +203.93.144.0/20 +203.93.160.0/19 +203.93.192.0/18 +203.94.0.0/22 +203.94.4.0/22 +203.94.8.0/21 +203.94.16.0/20 +203.95.0.0/21 +203.95.96.0/20 +203.95.112.0/20 +203.95.128.0/18 +203.95.200.0/22 +203.95.204.0/22 +203.95.208.0/22 +203.95.224.0/19 +203.99.8.0/21 +203.99.16.0/20 +203.99.80.0/20 +203.100.32.0/20 +203.100.48.0/21 +203.100.58.0/24 +203.100.60.0/24 +203.100.63.0/24 +203.100.80.0/20 +203.100.96.0/19 +203.100.192.0/20 +203.104.32.0/20 +203.105.96.0/19 +203.105.128.0/19 +203.107.0.0/17 +203.110.160.0/19 +203.110.208.0/20 +203.110.232.0/23 +203.110.234.0/24 +203.114.80.0/22 +203.114.84.0/22 +203.114.88.0/22 +203.114.92.0/22 +203.114.244.0/22 +203.118.192.0/19 +203.118.241.0/24 +203.118.248.0/22 +203.119.24.0/21 +203.119.32.0/22 +203.119.80.0/22 +203.119.85.0/24 +203.119.113.0/24 +203.119.114.0/23 +203.119.116.0/22 +203.119.120.0/21 +203.119.128.0/17 +203.123.58.0/24 +203.128.32.0/19 +203.128.96.0/19 +203.128.224.0/21 +203.129.8.0/21 +203.130.32.0/19 +203.132.32.0/19 +203.134.240.0/21 +203.135.96.0/20 +203.135.112.0/20 +203.135.160.0/20 +203.142.219.0/24 +203.142.224.0/19 +203.144.96.0/19 +203.145.0.0/19 +203.148.0.0/18 +203.148.64.0/20 +203.148.80.0/22 +203.148.86.0/23 +203.149.92.0/22 +203.152.64.0/19 +203.152.128.0/19 +203.153.0.0/22 +203.156.192.0/18 +203.158.16.0/21 +203.160.52.0/22 +203.160.104.0/21 +203.160.129.0/24 +203.160.192.0/19 +203.161.0.0/22 +203.161.180.0/24 +203.161.183.0/24 +203.161.192.0/19 +203.166.160.0/19 +203.167.28.0/22 +203.168.0.0/19 +203.170.58.0/23 +203.171.0.0/22 +203.171.208.0/24 +203.171.224.0/20 +203.174.4.0/24 +203.174.6.0/24 +203.174.7.0/24 +203.174.96.0/19 +203.175.128.0/19 +203.175.192.0/18 +203.176.0.0/18 +203.176.64.0/19 +203.176.168.0/21 +203.184.80.0/20 +203.185.189.0/24 +203.187.160.0/19 +203.189.0.0/23 +203.189.6.0/23 +203.189.112.0/22 +203.189.192.0/19 +203.189.232.0/22 +203.189.240.0/22 +203.190.96.0/20 +203.190.249.0/24 +203.191.0.0/23 +203.191.2.0/24 +203.191.5.0/24 +203.191.7.0/24 +203.191.16.0/20 +203.191.64.0/18 +203.191.133.0/24 +203.191.144.0/21 +203.191.152.0/21 +203.192.0.0/19 +203.193.224.0/19 +203.194.120.0/21 +203.195.64.0/19 +203.195.112.0/21 +203.195.128.0/17 +203.196.0.0/21 +203.196.8.0/21 +203.196.28.0/22 +203.201.181.0/24 +203.201.182.0/24 +203.202.236.0/22 +203.205.64.0/19 +203.205.128.0/17 +203.207.64.0/20 +203.207.80.0/21 +203.207.88.0/22 +203.207.92.0/22 +203.207.96.0/20 +203.207.112.0/20 +203.207.128.0/18 +203.207.192.0/21 +203.207.200.0/21 +203.207.208.0/20 +203.207.224.0/19 +203.208.0.0/20 +203.208.16.0/22 +203.208.32.0/19 +203.209.224.0/19 +203.212.0.0/20 +203.212.80.0/20 +203.215.232.0/21 +203.217.164.0/22 +203.222.192.0/20 +203.223.0.0/20 +203.223.16.0/21 +210.2.0.0/20 +210.2.16.0/20 +210.5.0.0/19 +210.5.56.0/21 +210.5.128.0/20 +210.5.144.0/20 +210.7.56.0/22 +210.7.60.0/22 +210.12.0.0/18 +210.12.64.0/18 +210.12.128.0/18 +210.12.192.0/18 +210.13.0.0/18 +210.13.64.0/18 +210.13.128.0/17 +210.14.64.0/19 +210.14.112.0/20 +210.14.128.0/19 +210.14.160.0/19 +210.14.192.0/19 +210.14.224.0/19 +210.15.0.0/19 +210.15.32.0/19 +210.15.64.0/19 +210.15.96.0/19 +210.15.128.0/18 +210.16.104.0/22 +210.16.128.0/18 +210.21.0.0/17 +210.21.128.0/17 +210.22.0.0/16 +210.23.32.0/19 +210.25.0.0/16 +210.26.0.0/15 +210.28.0.0/14 +210.32.0.0/14 +210.36.0.0/14 +210.40.0.0/13 +210.51.0.0/16 +210.52.0.0/18 +210.52.64.0/18 +210.52.128.0/17 +210.53.0.0/17 +210.53.128.0/17 +210.56.192.0/19 +210.72.0.0/17 +210.72.128.0/19 +210.72.160.0/19 +210.72.192.0/18 +210.73.0.0/19 +210.73.32.0/19 +210.73.64.0/18 +210.73.128.0/17 +210.74.0.0/19 +210.74.32.0/19 +210.74.64.0/19 +210.74.96.0/19 +210.74.128.0/19 +210.74.160.0/19 +210.74.192.0/18 +210.75.0.0/16 +210.76.0.0/19 +210.76.32.0/19 +210.76.64.0/18 +210.76.128.0/17 +210.77.0.0/16 +210.78.0.0/19 +210.78.32.0/19 +210.78.64.0/18 +210.78.128.0/19 +210.78.160.0/19 +210.78.192.0/18 +210.79.64.0/18 +210.79.224.0/19 +210.82.0.0/15 +210.87.128.0/20 +210.87.144.0/20 +210.87.160.0/19 +210.185.192.0/18 +210.192.96.0/19 +211.64.0.0/14 +211.68.0.0/15 +211.70.0.0/15 +211.80.0.0/16 +211.81.0.0/16 +211.82.0.0/16 +211.83.0.0/16 +211.84.0.0/15 +211.86.0.0/15 +211.88.0.0/16 +211.89.0.0/16 +211.90.0.0/15 +211.92.0.0/15 +211.94.0.0/15 +211.96.0.0/15 +211.98.0.0/16 +211.99.0.0/18 +211.99.64.0/19 +211.99.96.0/19 +211.99.128.0/17 +211.100.0.0/16 +211.101.0.0/18 +211.101.64.0/18 +211.101.128.0/17 +211.102.0.0/16 +211.103.0.0/17 +211.103.128.0/17 +211.136.0.0/14 +211.140.0.0/15 +211.142.0.0/17 +211.142.128.0/17 +211.143.0.0/16 +211.144.0.0/15 +211.146.0.0/16 +211.147.0.0/16 +211.148.0.0/14 +211.152.0.0/15 +211.154.0.0/16 +211.155.0.0/18 +211.155.64.0/19 +211.155.96.0/19 +211.155.128.0/17 +211.156.0.0/14 +211.160.0.0/14 +211.164.0.0/14 +212.64.0.0/17 +212.129.128.0/17 +216.250.108.0/22 +218.0.0.0/16 +218.1.0.0/16 +218.2.0.0/15 +218.4.0.0/15 +218.6.0.0/16 +218.7.0.0/16 +218.8.0.0/15 +218.10.0.0/16 +218.11.0.0/16 +218.12.0.0/16 +218.13.0.0/16 +218.14.0.0/15 +218.16.0.0/14 +218.20.0.0/16 +218.21.0.0/17 +218.21.128.0/17 +218.22.0.0/15 +218.24.0.0/15 +218.26.0.0/16 +218.27.0.0/16 +218.28.0.0/15 +218.30.0.0/15 +218.56.0.0/14 +218.60.0.0/15 +218.62.0.0/17 +218.62.128.0/17 +218.63.0.0/16 +218.64.0.0/15 +218.66.0.0/16 +218.67.0.0/17 +218.67.128.0/17 +218.68.0.0/15 +218.70.0.0/15 +218.72.0.0/14 +218.76.0.0/15 +218.78.0.0/15 +218.80.0.0/14 +218.84.0.0/14 +218.88.0.0/13 +218.96.0.0/15 +218.98.0.0/17 +218.98.128.0/18 +218.98.192.0/19 +218.98.224.0/19 +218.99.0.0/16 +218.100.88.0/21 +218.100.96.0/19 +218.100.128.0/17 +218.104.0.0/17 +218.104.128.0/19 +218.104.160.0/19 +218.104.192.0/21 +218.104.200.0/21 +218.104.208.0/20 +218.104.224.0/19 +218.105.0.0/16 +218.106.0.0/15 +218.108.0.0/16 +218.109.0.0/16 +218.185.192.0/19 +218.185.240.0/21 +218.192.0.0/16 +218.193.0.0/16 +218.194.0.0/16 +218.195.0.0/16 +218.196.0.0/14 +218.200.0.0/14 +218.204.0.0/15 +218.206.0.0/15 +218.240.0.0/14 +218.244.0.0/15 +218.246.0.0/15 +218.249.0.0/16 +219.72.0.0/16 +219.82.0.0/16 +219.83.128.0/17 +219.90.68.0/22 +219.90.72.0/22 +219.90.76.0/22 +219.128.0.0/12 +219.144.0.0/14 +219.148.0.0/16 +219.149.0.0/17 +219.149.128.0/18 +219.149.192.0/18 +219.150.0.0/19 +219.150.32.0/19 +219.150.64.0/19 +219.150.96.0/20 +219.150.112.0/20 +219.150.128.0/17 +219.151.0.0/19 +219.151.32.0/19 +219.151.64.0/18 +219.151.128.0/17 +219.152.0.0/15 +219.154.0.0/15 +219.156.0.0/15 +219.158.0.0/17 +219.158.128.0/17 +219.159.0.0/18 +219.159.64.0/18 +219.159.128.0/17 +219.216.0.0/15 +219.218.0.0/15 +219.220.0.0/16 +219.221.0.0/16 +219.222.0.0/15 +219.224.0.0/15 +219.226.0.0/16 +219.227.0.0/16 +219.228.0.0/15 +219.230.0.0/15 +219.232.0.0/14 +219.236.0.0/15 +219.238.0.0/15 +219.242.0.0/15 +219.244.0.0/14 +220.101.192.0/18 +220.112.0.0/14 +220.152.128.0/17 +220.154.0.0/15 +220.158.240.0/22 +220.160.0.0/11 +220.192.0.0/15 +220.194.0.0/15 +220.196.0.0/14 +220.200.0.0/13 +220.231.0.0/18 +220.231.128.0/17 +220.232.64.0/18 +220.234.0.0/16 +220.242.0.0/15 +220.247.136.0/21 +220.248.0.0/14 +220.252.0.0/16 +221.0.0.0/15 +221.2.0.0/16 +221.3.0.0/17 +221.3.128.0/17 +221.4.0.0/16 +221.5.0.0/17 +221.5.128.0/17 +221.6.0.0/16 +221.7.0.0/19 +221.7.32.0/19 +221.7.64.0/19 +221.7.96.0/19 +221.7.128.0/17 +221.8.0.0/15 +221.10.0.0/16 +221.11.0.0/17 +221.11.128.0/18 +221.11.192.0/19 +221.11.224.0/19 +221.12.0.0/17 +221.12.128.0/18 +221.13.0.0/18 +221.13.64.0/19 +221.13.96.0/19 +221.13.128.0/17 +221.14.0.0/15 +221.122.0.0/15 +221.128.128.0/17 +221.129.0.0/16 +221.130.0.0/15 +221.133.224.0/19 +221.136.0.0/16 +221.137.0.0/16 +221.172.0.0/14 +221.176.0.0/13 +221.192.0.0/15 +221.194.0.0/16 +221.195.0.0/16 +221.196.0.0/15 +221.198.0.0/16 +221.199.0.0/19 +221.199.32.0/20 +221.199.48.0/20 +221.199.64.0/18 +221.199.128.0/18 +221.199.192.0/20 +221.199.224.0/19 +221.200.0.0/14 +221.204.0.0/15 +221.206.0.0/16 +221.207.0.0/18 +221.207.64.0/18 +221.207.128.0/17 +221.208.0.0/14 +221.212.0.0/16 +221.213.0.0/16 +221.214.0.0/15 +221.216.0.0/13 +221.224.0.0/13 +221.232.0.0/14 +221.236.0.0/15 +221.238.0.0/16 +221.239.0.0/17 +221.239.128.0/17 +222.16.0.0/15 +222.18.0.0/15 +222.20.0.0/15 +222.22.0.0/16 +222.23.0.0/16 +222.24.0.0/15 +222.26.0.0/15 +222.28.0.0/14 +222.32.0.0/11 +222.64.0.0/13 +222.72.0.0/15 +222.74.0.0/16 +222.75.0.0/16 +222.76.0.0/14 +222.80.0.0/15 +222.82.0.0/16 +222.83.0.0/17 +222.83.128.0/17 +222.84.0.0/16 +222.85.0.0/17 +222.85.128.0/17 +222.86.0.0/15 +222.88.0.0/15 +222.90.0.0/15 +222.92.0.0/14 +222.125.0.0/16 +222.126.128.0/17 +222.128.0.0/14 +222.132.0.0/14 +222.136.0.0/13 +222.160.0.0/15 +222.162.0.0/16 +222.163.0.0/19 +222.163.32.0/19 +222.163.64.0/18 +222.163.128.0/17 +222.168.0.0/15 +222.170.0.0/15 +222.172.0.0/17 +222.172.128.0/17 +222.173.0.0/16 +222.174.0.0/15 +222.176.0.0/13 +222.184.0.0/13 +222.192.0.0/14 +222.196.0.0/15 +222.198.0.0/16 +222.199.0.0/16 +222.200.0.0/14 +222.204.0.0/15 +222.206.0.0/15 +222.208.0.0/13 +222.216.0.0/15 +222.218.0.0/16 +222.219.0.0/16 +222.220.0.0/15 +222.222.0.0/15 +222.240.0.0/13 +222.248.0.0/16 +222.249.0.0/17 +222.249.128.0/19 +222.249.160.0/20 +222.249.176.0/20 +222.249.192.0/18 +223.0.0.0/15 +223.2.0.0/15 +223.4.0.0/14 +223.8.0.0/13 +223.20.0.0/15 +223.27.184.0/22 +223.29.208.0/22 +223.29.252.0/22 +223.64.0.0/11 +223.96.0.0/12 +223.112.0.0/14 +223.116.0.0/15 +223.120.128.0/17 +223.121.128.0/17 +223.122.0.0/15 +223.124.0.0/14 +223.128.0.0/15 +223.144.0.0/12 +223.160.0.0/14 +223.166.0.0/15 +223.192.0.0/15 +223.198.0.0/15 +223.201.0.0/16 +223.202.0.0/15 +223.208.0.0/14 +223.212.0.0/15 +223.214.0.0/15 +223.220.0.0/15 +223.223.176.0/20 +223.223.192.0/20 +223.240.0.0/13 +223.248.0.0/14 +223.252.128.0/17 +223.254.0.0/16 +223.255.0.0/17 +223.255.236.0/22 +223.255.252.0/23 diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/gfw.list b/package/lean/luci-app-ssr-plus/root/etc/config/gfw.list new file mode 100644 index 000000000..c327ef406 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/etc/config/gfw.list @@ -0,0 +1,55 @@ +91smartyun.pt +adobe.com +amazonaws.com +ampproject.org +apple.news +aws.amazon.com +azureedge.net +backpackers.com.tw +bitfinex.com +buzzfeed.com +clockwise.ee +cloudfront.net +coindesk.com +coinsquare.io +cryptocompare.com +dropboxstatic.com +eurecom.fr +gdax.com +github.com +isnssdk.com +kknews.cc +nutaq.com +openairinterface.org +skype.com +snssdk.com +sublimetext.com +textnow.com +textnow.me +trouter.io +uploaded.net +whatsapp.com +whatsapp.net +wsj.net +google.com +google.com.hk +gstatic.com +googleusercontent.com +googlepages.com +googlevideo.com +googlecode.com +googleapis.com +googlesource.com +googledrive.com +ggpht.com +youtube.com +youtu.be +ytimg.com +twitter.com +facebook.com +fastly.net +akamai.net +akamaiedge.net +akamaihd.net +edgesuite.net +edgekey.net \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr new file mode 100644 index 000000000..3112c40c8 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/etc/config/shadowsocksr @@ -0,0 +1,37 @@ + +config global + option tunnel_forward '8.8.4.4:53' + option tunnel_address '0.0.0.0' + option run_mode 'gfw' + option pdnsd_enable '1' + option monitor_enable '0' + option global_server 'nil' + option enable_switch '1' + option switch_timeout '5' + option switch_time '667' + +config socks5_proxy + option server 'nil' + option local_port '1080' + option local_address '0.0.0.0' + +config access_control + option wan_bp_list '/etc/china_ssr.txt' + option lan_ac_mode 'b' + option router_proxy '1' + list wan_fw_ips '149.154.160.0/20' + list wan_fw_ips '67.198.55.0/24' + list wan_fw_ips '91.108.4.0/22' + list wan_fw_ips '91.108.56.0/22' + list wan_fw_ips '109.239.140.0/24' + +config server_global + option enable_server '0' + +config server_subscribe + option proxy '0' + option auto_update_time '2' + option auto_update '1' + + + diff --git a/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/ad.conf b/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/ad.conf new file mode 100644 index 000000000..e69de29bb diff --git a/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf b/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf new file mode 100644 index 000000000..31c37e04e --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/etc/dnsmasq.ssr/gfw_list.conf @@ -0,0 +1,10354 @@ +server=/.030buy.com/127.0.0.1#5353 +ipset=/.030buy.com/gfwlist +server=/.0rz.tw/127.0.0.1#5353 +ipset=/.0rz.tw/gfwlist +server=/.10.tt/127.0.0.1#5353 +ipset=/.10.tt/gfwlist +server=/.1000giri.net/127.0.0.1#5353 +ipset=/.1000giri.net/gfwlist +server=/.100ke.org/127.0.0.1#5353 +ipset=/.100ke.org/gfwlist +server=/.10conditionsoflove.com/127.0.0.1#5353 +ipset=/.10conditionsoflove.com/gfwlist +server=/.10musume.com/127.0.0.1#5353 +ipset=/.10musume.com/gfwlist +server=/.123rf.com/127.0.0.1#5353 +ipset=/.123rf.com/gfwlist +server=/.12bet.com/127.0.0.1#5353 +ipset=/.12bet.com/gfwlist +server=/.12vpn.com/127.0.0.1#5353 +ipset=/.12vpn.com/gfwlist +server=/.12vpn.net/127.0.0.1#5353 +ipset=/.12vpn.net/gfwlist +server=/.138.com/127.0.0.1#5353 +ipset=/.138.com/gfwlist +server=/.141jj.com/127.0.0.1#5353 +ipset=/.141jj.com/gfwlist +server=/.141tube.com/127.0.0.1#5353 +ipset=/.141tube.com/gfwlist +server=/.1688.com.au/127.0.0.1#5353 +ipset=/.1688.com.au/gfwlist +server=/.173ng.com/127.0.0.1#5353 +ipset=/.173ng.com/gfwlist +server=/.177pic.info/127.0.0.1#5353 +ipset=/.177pic.info/gfwlist +server=/.17t17p.com/127.0.0.1#5353 +ipset=/.17t17p.com/gfwlist +server=/.18board.com/127.0.0.1#5353 +ipset=/.18board.com/gfwlist +server=/.18board.info/127.0.0.1#5353 +ipset=/.18board.info/gfwlist +server=/.18onlygirls.com/127.0.0.1#5353 +ipset=/.18onlygirls.com/gfwlist +server=/.18p2p.com/127.0.0.1#5353 +ipset=/.18p2p.com/gfwlist +server=/.18virginsex.com/127.0.0.1#5353 +ipset=/.18virginsex.com/gfwlist +server=/.1949er.org/127.0.0.1#5353 +ipset=/.1949er.org/gfwlist +server=/.1984bbs.com/127.0.0.1#5353 +ipset=/.1984bbs.com/gfwlist +server=/.1984bbs.org/127.0.0.1#5353 +ipset=/.1984bbs.org/gfwlist +server=/.1989report.hkja.org.hk/127.0.0.1#5353 +ipset=/.1989report.hkja.org.hk/gfwlist +server=/.1991way.com/127.0.0.1#5353 +ipset=/.1991way.com/gfwlist +server=/.1998cdp.org/127.0.0.1#5353 +ipset=/.1998cdp.org/gfwlist +server=/.1bao.org/127.0.0.1#5353 +ipset=/.1bao.org/gfwlist +server=/.1dumb.com/127.0.0.1#5353 +ipset=/.1dumb.com/gfwlist +server=/.1e100.net/127.0.0.1#5353 +ipset=/.1e100.net/gfwlist +server=/.1eew.com/127.0.0.1#5353 +ipset=/.1eew.com/gfwlist +server=/.1mobile.com/127.0.0.1#5353 +ipset=/.1mobile.com/gfwlist +server=/.1pondo.tv/127.0.0.1#5353 +ipset=/.1pondo.tv/gfwlist +server=/.2-hand.info/127.0.0.1#5353 +ipset=/.2-hand.info/gfwlist +server=/.2008xianzhang.info/127.0.0.1#5353 +ipset=/.2008xianzhang.info/gfwlist +server=/.2017.hk/127.0.0.1#5353 +ipset=/.2017.hk/gfwlist +server=/.21pron.com/127.0.0.1#5353 +ipset=/.21pron.com/gfwlist +server=/.21sextury.com/127.0.0.1#5353 +ipset=/.21sextury.com/gfwlist +server=/.228.net.tw/127.0.0.1#5353 +ipset=/.228.net.tw/gfwlist +server=/.233abc.com/127.0.0.1#5353 +ipset=/.233abc.com/gfwlist +server=/.24hrs.ca/127.0.0.1#5353 +ipset=/.24hrs.ca/gfwlist +server=/.24smile.org/127.0.0.1#5353 +ipset=/.24smile.org/gfwlist +server=/.25u.com/127.0.0.1#5353 +ipset=/.25u.com/gfwlist +server=/.2lipstube.com/127.0.0.1#5353 +ipset=/.2lipstube.com/gfwlist +server=/.2shared.com/127.0.0.1#5353 +ipset=/.2shared.com/gfwlist +server=/.2waky.com/127.0.0.1#5353 +ipset=/.2waky.com/gfwlist +server=/.3-a.net/127.0.0.1#5353 +ipset=/.3-a.net/gfwlist +server=/.30boxes.com/127.0.0.1#5353 +ipset=/.30boxes.com/gfwlist +server=/.315lz.com/127.0.0.1#5353 +ipset=/.315lz.com/gfwlist +server=/.32red.com/127.0.0.1#5353 +ipset=/.32red.com/gfwlist +server=/.36rain.com/127.0.0.1#5353 +ipset=/.36rain.com/gfwlist +server=/.3a5a.com/127.0.0.1#5353 +ipset=/.3a5a.com/gfwlist +server=/.3arabtv.com/127.0.0.1#5353 +ipset=/.3arabtv.com/gfwlist +server=/.3boys2girls.com/127.0.0.1#5353 +ipset=/.3boys2girls.com/gfwlist +server=/.3d-game.com/127.0.0.1#5353 +ipset=/.3d-game.com/gfwlist +server=/.3proxy.ru/127.0.0.1#5353 +ipset=/.3proxy.ru/gfwlist +server=/.3ren.ca/127.0.0.1#5353 +ipset=/.3ren.ca/gfwlist +server=/.3tui.net/127.0.0.1#5353 +ipset=/.3tui.net/gfwlist +server=/.466453.com/127.0.0.1#5353 +ipset=/.466453.com/gfwlist +server=/.4bluestones.biz/127.0.0.1#5353 +ipset=/.4bluestones.biz/gfwlist +server=/.4chan.com/127.0.0.1#5353 +ipset=/.4chan.com/gfwlist +server=/.4dq.com/127.0.0.1#5353 +ipset=/.4dq.com/gfwlist +server=/.4everproxy.com/127.0.0.1#5353 +ipset=/.4everproxy.com/gfwlist +server=/.4irc.com/127.0.0.1#5353 +ipset=/.4irc.com/gfwlist +server=/.4mydomain.com/127.0.0.1#5353 +ipset=/.4mydomain.com/gfwlist +server=/.4pu.com/127.0.0.1#5353 +ipset=/.4pu.com/gfwlist +server=/.4rbtv.com/127.0.0.1#5353 +ipset=/.4rbtv.com/gfwlist +server=/.4shared.com/127.0.0.1#5353 +ipset=/.4shared.com/gfwlist +server=/.51.ca/127.0.0.1#5353 +ipset=/.51.ca/gfwlist +server=/.51jav.org/127.0.0.1#5353 +ipset=/.51jav.org/gfwlist +server=/.51luoben.com/127.0.0.1#5353 +ipset=/.51luoben.com/gfwlist +server=/.5278.cc/127.0.0.1#5353 +ipset=/.5278.cc/gfwlist +server=/.56cun04.jigsy.com/127.0.0.1#5353 +ipset=/.56cun04.jigsy.com/gfwlist +server=/.5aimiku.com/127.0.0.1#5353 +ipset=/.5aimiku.com/gfwlist +server=/.5i01.com/127.0.0.1#5353 +ipset=/.5i01.com/gfwlist +server=/.5isotoi5.org/127.0.0.1#5353 +ipset=/.5isotoi5.org/gfwlist +server=/.5maodang.com/127.0.0.1#5353 +ipset=/.5maodang.com/gfwlist +server=/.63i.com/127.0.0.1#5353 +ipset=/.63i.com/gfwlist +server=/.64museum.org/127.0.0.1#5353 +ipset=/.64museum.org/gfwlist +server=/.64tianwang.com/127.0.0.1#5353 +ipset=/.64tianwang.com/gfwlist +server=/.64wiki.com/127.0.0.1#5353 +ipset=/.64wiki.com/gfwlist +server=/.66.ca/127.0.0.1#5353 +ipset=/.66.ca/gfwlist +server=/.666kb.com/127.0.0.1#5353 +ipset=/.666kb.com/gfwlist +server=/.6park.com/127.0.0.1#5353 +ipset=/.6park.com/gfwlist +server=/.6parker.com/127.0.0.1#5353 +ipset=/.6parker.com/gfwlist +server=/.7capture.com/127.0.0.1#5353 +ipset=/.7capture.com/gfwlist +server=/.7cow.com/127.0.0.1#5353 +ipset=/.7cow.com/gfwlist +server=/.8-d.com/127.0.0.1#5353 +ipset=/.8-d.com/gfwlist +server=/.85cc.net/127.0.0.1#5353 +ipset=/.85cc.net/gfwlist +server=/.85cc.us/127.0.0.1#5353 +ipset=/.85cc.us/gfwlist +server=/.85st.com/127.0.0.1#5353 +ipset=/.85st.com/gfwlist +server=/.881903.com/127.0.0.1#5353 +ipset=/.881903.com/gfwlist +server=/.888.com/127.0.0.1#5353 +ipset=/.888.com/gfwlist +server=/.888poker.com/127.0.0.1#5353 +ipset=/.888poker.com/gfwlist +server=/.89-64.org/127.0.0.1#5353 +ipset=/.89-64.org/gfwlist +server=/.89.64.charter.constitutionalism.solutions/127.0.0.1#5353 +ipset=/.89.64.charter.constitutionalism.solutions/gfwlist +server=/.8news.com.tw/127.0.0.1#5353 +ipset=/.8news.com.tw/gfwlist +server=/.8z1.net/127.0.0.1#5353 +ipset=/.8z1.net/gfwlist +server=/.9001700.com/127.0.0.1#5353 +ipset=/.9001700.com/gfwlist +server=/.91porn.com/127.0.0.1#5353 +ipset=/.91porn.com/gfwlist +server=/.91vps.club/127.0.0.1#5353 +ipset=/.91vps.club/gfwlist +server=/.92ccav.com/127.0.0.1#5353 +ipset=/.92ccav.com/gfwlist +server=/.991.com/127.0.0.1#5353 +ipset=/.991.com/gfwlist +server=/.99btgc01.com/127.0.0.1#5353 +ipset=/.99btgc01.com/gfwlist +server=/.99cn.info/127.0.0.1#5353 +ipset=/.99cn.info/gfwlist +server=/.9bis.com/127.0.0.1#5353 +ipset=/.9bis.com/gfwlist +server=/.9bis.net/127.0.0.1#5353 +ipset=/.9bis.net/gfwlist +server=/.a-normal-day.com/127.0.0.1#5353 +ipset=/.a-normal-day.com/gfwlist +server=/.a248.e.akamai.net/127.0.0.1#5353 +ipset=/.a248.e.akamai.net/gfwlist +server=/.a5.com.ru/127.0.0.1#5353 +ipset=/.a5.com.ru/gfwlist +server=/.aamacau.com/127.0.0.1#5353 +ipset=/.aamacau.com/gfwlist +server=/.abc.com/127.0.0.1#5353 +ipset=/.abc.com/gfwlist +server=/.abc.net.au/127.0.0.1#5353 +ipset=/.abc.net.au/gfwlist +server=/.abc.pp.ru/127.0.0.1#5353 +ipset=/.abc.pp.ru/gfwlist +server=/.abc.xyz/127.0.0.1#5353 +ipset=/.abc.xyz/gfwlist +server=/.abchinese.com/127.0.0.1#5353 +ipset=/.abchinese.com/gfwlist +server=/.abclite.net/127.0.0.1#5353 +ipset=/.abclite.net/gfwlist +server=/.abematv.akamaized.net/127.0.0.1#5353 +ipset=/.abematv.akamaized.net/gfwlist +server=/.ablwang.com/127.0.0.1#5353 +ipset=/.ablwang.com/gfwlist +server=/.aboluowang.com/127.0.0.1#5353 +ipset=/.aboluowang.com/gfwlist +server=/.aboutgfw.com/127.0.0.1#5353 +ipset=/.aboutgfw.com/gfwlist +server=/.abs.edu/127.0.0.1#5353 +ipset=/.abs.edu/gfwlist +server=/.ac.jiruan.net/127.0.0.1#5353 +ipset=/.ac.jiruan.net/gfwlist +server=/.accim.org/127.0.0.1#5353 +ipset=/.accim.org/gfwlist +server=/.aceros-de-hispania.com/127.0.0.1#5353 +ipset=/.aceros-de-hispania.com/gfwlist +server=/.acevpn.com/127.0.0.1#5353 +ipset=/.acevpn.com/gfwlist +server=/.acg18.me/127.0.0.1#5353 +ipset=/.acg18.me/gfwlist +server=/.acgkj.com/127.0.0.1#5353 +ipset=/.acgkj.com/gfwlist +server=/.acmedia365.com/127.0.0.1#5353 +ipset=/.acmedia365.com/gfwlist +server=/.acmetoy.com/127.0.0.1#5353 +ipset=/.acmetoy.com/gfwlist +server=/.acnw.com.au/127.0.0.1#5353 +ipset=/.acnw.com.au/gfwlist +server=/.actfortibet.org/127.0.0.1#5353 +ipset=/.actfortibet.org/gfwlist +server=/.actimes.com.au/127.0.0.1#5353 +ipset=/.actimes.com.au/gfwlist +server=/.activpn.com/127.0.0.1#5353 +ipset=/.activpn.com/gfwlist +server=/.aculo.us/127.0.0.1#5353 +ipset=/.aculo.us/gfwlist +server=/.adcex.com/127.0.0.1#5353 +ipset=/.adcex.com/gfwlist +server=/.addictedtocoffee.de/127.0.0.1#5353 +ipset=/.addictedtocoffee.de/gfwlist +server=/.admin.recaptcha.net/127.0.0.1#5353 +ipset=/.admin.recaptcha.net/gfwlist +server=/.admob.com/127.0.0.1#5353 +ipset=/.admob.com/gfwlist +server=/.adpl.org.hk/127.0.0.1#5353 +ipset=/.adpl.org.hk/gfwlist +server=/.ads-twitter.com/127.0.0.1#5353 +ipset=/.ads-twitter.com/gfwlist +server=/.adsense.com/127.0.0.1#5353 +ipset=/.adsense.com/gfwlist +server=/.adult-sex-games.com/127.0.0.1#5353 +ipset=/.adult-sex-games.com/gfwlist +server=/.adultfriendfinder.com/127.0.0.1#5353 +ipset=/.adultfriendfinder.com/gfwlist +server=/.advanscene.com/127.0.0.1#5353 +ipset=/.advanscene.com/gfwlist +server=/.advertfan.com/127.0.0.1#5353 +ipset=/.advertfan.com/gfwlist +server=/.ae.hao123.com/127.0.0.1#5353 +ipset=/.ae.hao123.com/gfwlist +server=/.ae.org/127.0.0.1#5353 +ipset=/.ae.org/gfwlist +server=/.aenhancers.com/127.0.0.1#5353 +ipset=/.aenhancers.com/gfwlist +server=/.af.mil/127.0.0.1#5353 +ipset=/.af.mil/gfwlist +server=/.afantibbs.com/127.0.0.1#5353 +ipset=/.afantibbs.com/gfwlist +server=/.aftygh.gov.tw/127.0.0.1#5353 +ipset=/.aftygh.gov.tw/gfwlist +server=/.agnesb.fr/127.0.0.1#5353 +ipset=/.agnesb.fr/gfwlist +server=/.agoogleaday.com/127.0.0.1#5353 +ipset=/.agoogleaday.com/gfwlist +server=/.agro.hk/127.0.0.1#5353 +ipset=/.agro.hk/gfwlist +server=/.ai-kan.net/127.0.0.1#5353 +ipset=/.ai-kan.net/gfwlist +server=/.ai-wen.net/127.0.0.1#5353 +ipset=/.ai-wen.net/gfwlist +server=/.ai.google/127.0.0.1#5353 +ipset=/.ai.google/gfwlist +server=/.aide.gov.tw/127.0.0.1#5353 +ipset=/.aide.gov.tw/gfwlist +server=/.aiph.net/127.0.0.1#5353 +ipset=/.aiph.net/gfwlist +server=/.airasia.com/127.0.0.1#5353 +ipset=/.airasia.com/gfwlist +server=/.airconsole.com/127.0.0.1#5353 +ipset=/.airconsole.com/gfwlist +server=/.airvpn.org/127.0.0.1#5353 +ipset=/.airvpn.org/gfwlist +server=/.aisex.com/127.0.0.1#5353 +ipset=/.aisex.com/gfwlist +server=/.aiss.anws.gov.tw/127.0.0.1#5353 +ipset=/.aiss.anws.gov.tw/gfwlist +server=/.ait.org.tw/127.0.0.1#5353 +ipset=/.ait.org.tw/gfwlist +server=/.aiweiwei.com/127.0.0.1#5353 +ipset=/.aiweiwei.com/gfwlist +server=/.aiweiweiblog.com/127.0.0.1#5353 +ipset=/.aiweiweiblog.com/gfwlist +server=/.akiba-online.com/127.0.0.1#5353 +ipset=/.akiba-online.com/gfwlist +server=/.akiba-web.com/127.0.0.1#5353 +ipset=/.akiba-web.com/gfwlist +server=/.akow.org/127.0.0.1#5353 +ipset=/.akow.org/gfwlist +server=/.al-islam.com/127.0.0.1#5353 +ipset=/.al-islam.com/gfwlist +server=/.al-qimmah.net/127.0.0.1#5353 +ipset=/.al-qimmah.net/gfwlist +server=/.alabout.com/127.0.0.1#5353 +ipset=/.alabout.com/gfwlist +server=/.alanhou.com/127.0.0.1#5353 +ipset=/.alanhou.com/gfwlist +server=/.alarab.qa/127.0.0.1#5353 +ipset=/.alarab.qa/gfwlist +server=/.alasbarricadas.org/127.0.0.1#5353 +ipset=/.alasbarricadas.org/gfwlist +server=/.alexlur.org/127.0.0.1#5353 +ipset=/.alexlur.org/gfwlist +server=/.alforattv.net/127.0.0.1#5353 +ipset=/.alforattv.net/gfwlist +server=/.alhayat.com/127.0.0.1#5353 +ipset=/.alhayat.com/gfwlist +server=/.alicejapan.co.jp/127.0.0.1#5353 +ipset=/.alicejapan.co.jp/gfwlist +server=/.aliengu.com/127.0.0.1#5353 +ipset=/.aliengu.com/gfwlist +server=/.alkasir.com/127.0.0.1#5353 +ipset=/.alkasir.com/gfwlist +server=/.allcoin.com/127.0.0.1#5353 +ipset=/.allcoin.com/gfwlist +server=/.allconnected.co/127.0.0.1#5353 +ipset=/.allconnected.co/gfwlist +server=/.alldrawnsex.com/127.0.0.1#5353 +ipset=/.alldrawnsex.com/gfwlist +server=/.allervpn.com/127.0.0.1#5353 +ipset=/.allervpn.com/gfwlist +server=/.allfinegirls.com/127.0.0.1#5353 +ipset=/.allfinegirls.com/gfwlist +server=/.allgirlmassage.com/127.0.0.1#5353 +ipset=/.allgirlmassage.com/gfwlist +server=/.allgirlsallowed.org/127.0.0.1#5353 +ipset=/.allgirlsallowed.org/gfwlist +server=/.allgravure.com/127.0.0.1#5353 +ipset=/.allgravure.com/gfwlist +server=/.alliance.org.hk/127.0.0.1#5353 +ipset=/.alliance.org.hk/gfwlist +server=/.allinfa.com/127.0.0.1#5353 +ipset=/.allinfa.com/gfwlist +server=/.alljackpotscasino.com/127.0.0.1#5353 +ipset=/.alljackpotscasino.com/gfwlist +server=/.allmovie.com/127.0.0.1#5353 +ipset=/.allmovie.com/gfwlist +server=/.allowed.org/127.0.0.1#5353 +ipset=/.allowed.org/gfwlist +server=/.almasdarnews.com/127.0.0.1#5353 +ipset=/.almasdarnews.com/gfwlist +server=/.almostmy.com/127.0.0.1#5353 +ipset=/.almostmy.com/gfwlist +server=/.alphaporno.com/127.0.0.1#5353 +ipset=/.alphaporno.com/gfwlist +server=/.alternate-tools.com/127.0.0.1#5353 +ipset=/.alternate-tools.com/gfwlist +server=/.altrec.com/127.0.0.1#5353 +ipset=/.altrec.com/gfwlist +server=/.alvinalexander.com/127.0.0.1#5353 +ipset=/.alvinalexander.com/gfwlist +server=/.alwaysdata.com/127.0.0.1#5353 +ipset=/.alwaysdata.com/gfwlist +server=/.alwaysdata.net/127.0.0.1#5353 +ipset=/.alwaysdata.net/gfwlist +server=/.alwaysvpn.com/127.0.0.1#5353 +ipset=/.alwaysvpn.com/gfwlist +server=/.am730.com.hk/127.0.0.1#5353 +ipset=/.am730.com.hk/gfwlist +server=/.amazon.co.jp/127.0.0.1#5353 +ipset=/.amazon.co.jp/gfwlist +server=/.ameblo.jp/127.0.0.1#5353 +ipset=/.ameblo.jp/gfwlist +server=/.americangreencard.com/127.0.0.1#5353 +ipset=/.americangreencard.com/gfwlist +server=/.americanunfinished.com/127.0.0.1#5353 +ipset=/.americanunfinished.com/gfwlist +server=/.amiblockedornot.com/127.0.0.1#5353 +ipset=/.amiblockedornot.com/gfwlist +server=/.amigobbs.net/127.0.0.1#5353 +ipset=/.amigobbs.net/gfwlist +server=/.amitabhafoundation.us/127.0.0.1#5353 +ipset=/.amitabhafoundation.us/gfwlist +server=/.amnesty.org/127.0.0.1#5353 +ipset=/.amnesty.org/gfwlist +server=/.amnesty.tw/127.0.0.1#5353 +ipset=/.amnesty.tw/gfwlist +server=/.amnestyusa.org/127.0.0.1#5353 +ipset=/.amnestyusa.org/gfwlist +server=/.amnyemachen.org/127.0.0.1#5353 +ipset=/.amnyemachen.org/gfwlist +server=/.amoiist.com/127.0.0.1#5353 +ipset=/.amoiist.com/gfwlist +server=/.ampproject.org/127.0.0.1#5353 +ipset=/.ampproject.org/gfwlist +server=/.amtb-taipei.org/127.0.0.1#5353 +ipset=/.amtb-taipei.org/gfwlist +server=/.anchorfree.com/127.0.0.1#5353 +ipset=/.anchorfree.com/gfwlist +server=/.ancsconf.org/127.0.0.1#5353 +ipset=/.ancsconf.org/gfwlist +server=/.andfaraway.net/127.0.0.1#5353 +ipset=/.andfaraway.net/gfwlist +server=/.android-x86.org/127.0.0.1#5353 +ipset=/.android-x86.org/gfwlist +server=/.android.com/127.0.0.1#5353 +ipset=/.android.com/gfwlist +server=/.androidify.com/127.0.0.1#5353 +ipset=/.androidify.com/gfwlist +server=/.andygod.com/127.0.0.1#5353 +ipset=/.andygod.com/gfwlist +server=/.angularjs.org/127.0.0.1#5353 +ipset=/.angularjs.org/gfwlist +server=/.animecrazy.net/127.0.0.1#5353 +ipset=/.animecrazy.net/gfwlist +server=/.animeshippuuden.com/127.0.0.1#5353 +ipset=/.animeshippuuden.com/gfwlist +server=/.aniscartujo.com/127.0.0.1#5353 +ipset=/.aniscartujo.com/gfwlist +server=/.anobii.com/127.0.0.1#5353 +ipset=/.anobii.com/gfwlist +server=/.anontext.com/127.0.0.1#5353 +ipset=/.anontext.com/gfwlist +server=/.anonymise.us/127.0.0.1#5353 +ipset=/.anonymise.us/gfwlist +server=/.anonymitynetwork.com/127.0.0.1#5353 +ipset=/.anonymitynetwork.com/gfwlist +server=/.anonymizer.com/127.0.0.1#5353 +ipset=/.anonymizer.com/gfwlist +server=/.anpopo.com/127.0.0.1#5353 +ipset=/.anpopo.com/gfwlist +server=/.answering-islam.org/127.0.0.1#5353 +ipset=/.answering-islam.org/gfwlist +server=/.anthonycalzadilla.com/127.0.0.1#5353 +ipset=/.anthonycalzadilla.com/gfwlist +server=/.anti1984.com/127.0.0.1#5353 +ipset=/.anti1984.com/gfwlist +server=/.antichristendom.com/127.0.0.1#5353 +ipset=/.antichristendom.com/gfwlist +server=/.antiwave.net/127.0.0.1#5353 +ipset=/.antiwave.net/gfwlist +server=/.anyporn.com/127.0.0.1#5353 +ipset=/.anyporn.com/gfwlist +server=/.anysex.com/127.0.0.1#5353 +ipset=/.anysex.com/gfwlist +server=/.aobo.com.au/127.0.0.1#5353 +ipset=/.aobo.com.au/gfwlist +server=/.aofriend.com/127.0.0.1#5353 +ipset=/.aofriend.com/gfwlist +server=/.aojiao.org/127.0.0.1#5353 +ipset=/.aojiao.org/gfwlist +server=/.aolchannels.aol.com/127.0.0.1#5353 +ipset=/.aolchannels.aol.com/gfwlist +server=/.aomiwang.com/127.0.0.1#5353 +ipset=/.aomiwang.com/gfwlist +server=/.apartmentratings.com/127.0.0.1#5353 +ipset=/.apartmentratings.com/gfwlist +server=/.apartments.com/127.0.0.1#5353 +ipset=/.apartments.com/gfwlist +server=/.apetube.com/127.0.0.1#5353 +ipset=/.apetube.com/gfwlist +server=/.api-secure.recaptcha.net/127.0.0.1#5353 +ipset=/.api-secure.recaptcha.net/gfwlist +server=/.api-verify.recaptcha.net/127.0.0.1#5353 +ipset=/.api-verify.recaptcha.net/gfwlist +server=/.api.ai/127.0.0.1#5353 +ipset=/.api.ai/gfwlist +server=/.api.dropboxapi.com/127.0.0.1#5353 +ipset=/.api.dropboxapi.com/gfwlist +server=/.api.linksalpha.com/127.0.0.1#5353 +ipset=/.api.linksalpha.com/gfwlist +server=/.api.proxlet.com/127.0.0.1#5353 +ipset=/.api.proxlet.com/gfwlist +server=/.api.recaptcha.net/127.0.0.1#5353 +ipset=/.api.recaptcha.net/gfwlist +server=/.apiary.io/127.0.0.1#5353 +ipset=/.apiary.io/gfwlist +server=/.apidocs.linksalpha.com/127.0.0.1#5353 +ipset=/.apidocs.linksalpha.com/gfwlist +server=/.apigee.com/127.0.0.1#5353 +ipset=/.apigee.com/gfwlist +server=/.apk-dl.com/127.0.0.1#5353 +ipset=/.apk-dl.com/gfwlist +server=/.apkmirror.com/127.0.0.1#5353 +ipset=/.apkmirror.com/gfwlist +server=/.apkplz.com/127.0.0.1#5353 +ipset=/.apkplz.com/gfwlist +server=/.apkpure.com/127.0.0.1#5353 +ipset=/.apkpure.com/gfwlist +server=/.aplusvpn.com/127.0.0.1#5353 +ipset=/.aplusvpn.com/gfwlist +server=/.app.box.com/127.0.0.1#5353 +ipset=/.app.box.com/gfwlist +server=/.app.heywire.com/127.0.0.1#5353 +ipset=/.app.heywire.com/gfwlist +server=/.app.smartmailcloud.com/127.0.0.1#5353 +ipset=/.app.smartmailcloud.com/gfwlist +server=/.app.tutanota.com/127.0.0.1#5353 +ipset=/.app.tutanota.com/gfwlist +server=/.appledaily.com/127.0.0.1#5353 +ipset=/.appledaily.com/gfwlist +server=/.appshopper.com/127.0.0.1#5353 +ipset=/.appshopper.com/gfwlist +server=/.appsocks.net/127.0.0.1#5353 +ipset=/.appsocks.net/gfwlist +server=/.appspot.com/127.0.0.1#5353 +ipset=/.appspot.com/gfwlist +server=/.appsto.re/127.0.0.1#5353 +ipset=/.appsto.re/gfwlist +server=/.aptoide.com/127.0.0.1#5353 +ipset=/.aptoide.com/gfwlist +server=/.ar.hao123.com/127.0.0.1#5353 +ipset=/.ar.hao123.com/gfwlist +server=/.archive.fo/127.0.0.1#5353 +ipset=/.archive.fo/gfwlist +server=/.archive.is/127.0.0.1#5353 +ipset=/.archive.is/gfwlist +server=/.archive.li/127.0.0.1#5353 +ipset=/.archive.li/gfwlist +server=/.archive.org/127.0.0.1#5353 +ipset=/.archive.org/gfwlist +server=/.archive.today/127.0.0.1#5353 +ipset=/.archive.today/gfwlist +server=/.archives.gov/127.0.0.1#5353 +ipset=/.archives.gov/gfwlist +server=/.arctosia.com/127.0.0.1#5353 +ipset=/.arctosia.com/gfwlist +server=/.areca-backup.org/127.0.0.1#5353 +ipset=/.areca-backup.org/gfwlist +server=/.arena.taipei/127.0.0.1#5353 +ipset=/.arena.taipei/gfwlist +server=/.arethusa.su/127.0.0.1#5353 +ipset=/.arethusa.su/gfwlist +server=/.arlingtoncemetery.mil/127.0.0.1#5353 +ipset=/.arlingtoncemetery.mil/gfwlist +server=/.army.mil/127.0.0.1#5353 +ipset=/.army.mil/gfwlist +server=/.art4tibet1998.org/127.0.0.1#5353 +ipset=/.art4tibet1998.org/gfwlist +server=/.arte.gov.tw/127.0.0.1#5353 +ipset=/.arte.gov.tw/gfwlist +server=/.artofpeacefoundation.org/127.0.0.1#5353 +ipset=/.artofpeacefoundation.org/gfwlist +server=/.artsy.net/127.0.0.1#5353 +ipset=/.artsy.net/gfwlist +server=/.asacp.org/127.0.0.1#5353 +ipset=/.asacp.org/gfwlist +server=/.asahichinese.com/127.0.0.1#5353 +ipset=/.asahichinese.com/gfwlist +server=/.asg.to/127.0.0.1#5353 +ipset=/.asg.to/gfwlist +server=/.asia-gaming.com/127.0.0.1#5353 +ipset=/.asia-gaming.com/gfwlist +server=/.asiaharvest.org/127.0.0.1#5353 +ipset=/.asiaharvest.org/gfwlist +server=/.asianews.it/127.0.0.1#5353 +ipset=/.asianews.it/gfwlist +server=/.asiansexdiary.com/127.0.0.1#5353 +ipset=/.asiansexdiary.com/gfwlist +server=/.asianspiss.com/127.0.0.1#5353 +ipset=/.asianspiss.com/gfwlist +server=/.asianwomensfilm.de/127.0.0.1#5353 +ipset=/.asianwomensfilm.de/gfwlist +server=/.asiatgp.com/127.0.0.1#5353 +ipset=/.asiatgp.com/gfwlist +server=/.asiatoday.us/127.0.0.1#5353 +ipset=/.asiatoday.us/gfwlist +server=/.askstudent.com/127.0.0.1#5353 +ipset=/.askstudent.com/gfwlist +server=/.askynz.net/127.0.0.1#5353 +ipset=/.askynz.net/gfwlist +server=/.assembla.com/127.0.0.1#5353 +ipset=/.assembla.com/gfwlist +server=/.assimp.org/127.0.0.1#5353 +ipset=/.assimp.org/gfwlist +server=/.astrill.com/127.0.0.1#5353 +ipset=/.astrill.com/gfwlist +server=/.atc.org.au/127.0.0.1#5353 +ipset=/.atc.org.au/gfwlist +server=/.atchinese.com/127.0.0.1#5353 +ipset=/.atchinese.com/gfwlist +server=/.atdmt.com/127.0.0.1#5353 +ipset=/.atdmt.com/gfwlist +server=/.atgfw.org/127.0.0.1#5353 +ipset=/.atgfw.org/gfwlist +server=/.athenaeizou.com/127.0.0.1#5353 +ipset=/.athenaeizou.com/gfwlist +server=/.atlaspost.com/127.0.0.1#5353 +ipset=/.atlaspost.com/gfwlist +server=/.atnext.com/127.0.0.1#5353 +ipset=/.atnext.com/gfwlist +server=/.authorizeddns.net/127.0.0.1#5353 +ipset=/.authorizeddns.net/gfwlist +server=/.authorizeddns.org/127.0.0.1#5353 +ipset=/.authorizeddns.org/gfwlist +server=/.authorizeddns.us/127.0.0.1#5353 +ipset=/.authorizeddns.us/gfwlist +server=/.autodraw.com/127.0.0.1#5353 +ipset=/.autodraw.com/gfwlist +server=/.av-e-body.com/127.0.0.1#5353 +ipset=/.av-e-body.com/gfwlist +server=/.av.com/127.0.0.1#5353 +ipset=/.av.com/gfwlist +server=/.av.movie/127.0.0.1#5353 +ipset=/.av.movie/gfwlist +server=/.av.nightlife141.com/127.0.0.1#5353 +ipset=/.av.nightlife141.com/gfwlist +server=/.avaaz.org/127.0.0.1#5353 +ipset=/.avaaz.org/gfwlist +server=/.avbody.tv/127.0.0.1#5353 +ipset=/.avbody.tv/gfwlist +server=/.avcity.tv/127.0.0.1#5353 +ipset=/.avcity.tv/gfwlist +server=/.avcool.com/127.0.0.1#5353 +ipset=/.avcool.com/gfwlist +server=/.avdb.in/127.0.0.1#5353 +ipset=/.avdb.in/gfwlist +server=/.avdb.tv/127.0.0.1#5353 +ipset=/.avdb.tv/gfwlist +server=/.avfantasy.com/127.0.0.1#5353 +ipset=/.avfantasy.com/gfwlist +server=/.avgle.com/127.0.0.1#5353 +ipset=/.avgle.com/gfwlist +server=/.avidemux.org/127.0.0.1#5353 +ipset=/.avidemux.org/gfwlist +server=/.avmo.pw/127.0.0.1#5353 +ipset=/.avmo.pw/gfwlist +server=/.avmoo.com/127.0.0.1#5353 +ipset=/.avmoo.com/gfwlist +server=/.avmoo.net/127.0.0.1#5353 +ipset=/.avmoo.net/gfwlist +server=/.avmoo.pw/127.0.0.1#5353 +ipset=/.avmoo.pw/gfwlist +server=/.avoision.com/127.0.0.1#5353 +ipset=/.avoision.com/gfwlist +server=/.avyahoo.com/127.0.0.1#5353 +ipset=/.avyahoo.com/gfwlist +server=/.axureformac.com/127.0.0.1#5353 +ipset=/.axureformac.com/gfwlist +server=/.azerbaycan.tv/127.0.0.1#5353 +ipset=/.azerbaycan.tv/gfwlist +server=/.azerimix.com/127.0.0.1#5353 +ipset=/.azerimix.com/gfwlist +server=/.azubu.tv/127.0.0.1#5353 +ipset=/.azubu.tv/gfwlist +server=/.b0ne.com/127.0.0.1#5353 +ipset=/.b0ne.com/gfwlist +server=/.babynet.com.hk/127.0.0.1#5353 +ipset=/.babynet.com.hk/gfwlist +server=/.backchina.com/127.0.0.1#5353 +ipset=/.backchina.com/gfwlist +server=/.backtotiananmen.com/127.0.0.1#5353 +ipset=/.backtotiananmen.com/gfwlist +server=/.badiucao.com/127.0.0.1#5353 +ipset=/.badiucao.com/gfwlist +server=/.badjojo.com/127.0.0.1#5353 +ipset=/.badjojo.com/gfwlist +server=/.badoo.com/127.0.0.1#5353 +ipset=/.badoo.com/gfwlist +server=/.baidu.jp/127.0.0.1#5353 +ipset=/.baidu.jp/gfwlist +server=/.baijie.org/127.0.0.1#5353 +ipset=/.baijie.org/gfwlist +server=/.bailandaily.com/127.0.0.1#5353 +ipset=/.bailandaily.com/gfwlist +server=/.baixing.me/127.0.0.1#5353 +ipset=/.baixing.me/gfwlist +server=/.bakgeekhome.tk/127.0.0.1#5353 +ipset=/.bakgeekhome.tk/gfwlist +server=/.banana-vpn.com/127.0.0.1#5353 +ipset=/.banana-vpn.com/gfwlist +server=/.bandwagonhost.com/127.0.0.1#5353 +ipset=/.bandwagonhost.com/gfwlist +server=/.bangbrosnetwork.com/127.0.0.1#5353 +ipset=/.bangbrosnetwork.com/gfwlist +server=/.bangchen.net/127.0.0.1#5353 +ipset=/.bangchen.net/gfwlist +server=/.bangyoulater.com/127.0.0.1#5353 +ipset=/.bangyoulater.com/gfwlist +server=/.bankmobilevibe.com/127.0.0.1#5353 +ipset=/.bankmobilevibe.com/gfwlist +server=/.bannedbook.org/127.0.0.1#5353 +ipset=/.bannedbook.org/gfwlist +server=/.bannednews.org/127.0.0.1#5353 +ipset=/.bannednews.org/gfwlist +server=/.banorte.com/127.0.0.1#5353 +ipset=/.banorte.com/gfwlist +server=/.baramangaonline.com/127.0.0.1#5353 +ipset=/.baramangaonline.com/gfwlist +server=/.barenakedislam.com/127.0.0.1#5353 +ipset=/.barenakedislam.com/gfwlist +server=/.barnabu.co.uk/127.0.0.1#5353 +ipset=/.barnabu.co.uk/gfwlist +server=/.bartvpn.com/127.0.0.1#5353 +ipset=/.bartvpn.com/gfwlist +server=/.bash-hackers.org/127.0.0.1#5353 +ipset=/.bash-hackers.org/gfwlist +server=/.bastillepost.com/127.0.0.1#5353 +ipset=/.bastillepost.com/gfwlist +server=/.bayvoice.net/127.0.0.1#5353 +ipset=/.bayvoice.net/gfwlist +server=/.bb-chat.tv/127.0.0.1#5353 +ipset=/.bb-chat.tv/gfwlist +server=/.bbc.co.uk/127.0.0.1#5353 +ipset=/.bbc.co.uk/gfwlist +server=/.bbc.com/127.0.0.1#5353 +ipset=/.bbc.com/gfwlist +server=/.bbc.in/127.0.0.1#5353 +ipset=/.bbc.in/gfwlist +server=/.bbcchinese.com/127.0.0.1#5353 +ipset=/.bbcchinese.com/gfwlist +server=/.bbchat.tv/127.0.0.1#5353 +ipset=/.bbchat.tv/gfwlist +server=/.bbci.co.uk/127.0.0.1#5353 +ipset=/.bbci.co.uk/gfwlist +server=/.bbg.gov/127.0.0.1#5353 +ipset=/.bbg.gov/gfwlist +server=/.bbnradio.org/127.0.0.1#5353 +ipset=/.bbnradio.org/gfwlist +server=/.bbs-tw.com/127.0.0.1#5353 +ipset=/.bbs-tw.com/gfwlist +server=/.bbs.brockbbs.com/127.0.0.1#5353 +ipset=/.bbs.brockbbs.com/gfwlist +server=/.bbs.ecstart.com/127.0.0.1#5353 +ipset=/.bbs.ecstart.com/gfwlist +server=/.bbs.hasi.wang/127.0.0.1#5353 +ipset=/.bbs.hasi.wang/gfwlist +server=/.bbs.huasing.org/127.0.0.1#5353 +ipset=/.bbs.huasing.org/gfwlist +server=/.bbs.junglobal.net/127.0.0.1#5353 +ipset=/.bbs.junglobal.net/gfwlist +server=/.bbs.kimy.com.tw/127.0.0.1#5353 +ipset=/.bbs.kimy.com.tw/gfwlist +server=/.bbs.morbell.com/127.0.0.1#5353 +ipset=/.bbs.morbell.com/gfwlist +server=/.bbs.mychat.to/127.0.0.1#5353 +ipset=/.bbs.mychat.to/gfwlist +server=/.bbs.netbig.com/127.0.0.1#5353 +ipset=/.bbs.netbig.com/gfwlist +server=/.bbs.ozchinese.com/127.0.0.1#5353 +ipset=/.bbs.ozchinese.com/gfwlist +server=/.bbs.qmzdd.com/127.0.0.1#5353 +ipset=/.bbs.qmzdd.com/gfwlist +server=/.bbs.skykiwi.com/127.0.0.1#5353 +ipset=/.bbs.skykiwi.com/gfwlist +server=/.bbs.sou-tong.org/127.0.0.1#5353 +ipset=/.bbs.sou-tong.org/gfwlist +server=/.bbs.tuitui.info/127.0.0.1#5353 +ipset=/.bbs.tuitui.info/gfwlist +server=/.bbsfeed.com/127.0.0.1#5353 +ipset=/.bbsfeed.com/gfwlist +server=/.bbsland.com/127.0.0.1#5353 +ipset=/.bbsland.com/gfwlist +server=/.bbsmo.com/127.0.0.1#5353 +ipset=/.bbsmo.com/gfwlist +server=/.bbsone.com/127.0.0.1#5353 +ipset=/.bbsone.com/gfwlist +server=/.bbtoystore.com/127.0.0.1#5353 +ipset=/.bbtoystore.com/gfwlist +server=/.bcast.co.nz/127.0.0.1#5353 +ipset=/.bcast.co.nz/gfwlist +server=/.bcchinese.net/127.0.0.1#5353 +ipset=/.bcchinese.net/gfwlist +server=/.bcex.ca/127.0.0.1#5353 +ipset=/.bcex.ca/gfwlist +server=/.bcmorning.com/127.0.0.1#5353 +ipset=/.bcmorning.com/gfwlist +server=/.bdsmvideos.net/127.0.0.1#5353 +ipset=/.bdsmvideos.net/gfwlist +server=/.beaconevents.com/127.0.0.1#5353 +ipset=/.beaconevents.com/gfwlist +server=/.bebo.com/127.0.0.1#5353 +ipset=/.bebo.com/gfwlist +server=/.beeg.com/127.0.0.1#5353 +ipset=/.beeg.com/gfwlist +server=/.beevpn.com/127.0.0.1#5353 +ipset=/.beevpn.com/gfwlist +server=/.behindkink.com/127.0.0.1#5353 +ipset=/.behindkink.com/gfwlist +server=/.beijing1989.com/127.0.0.1#5353 +ipset=/.beijing1989.com/gfwlist +server=/.beijingspring.com/127.0.0.1#5353 +ipset=/.beijingspring.com/gfwlist +server=/.beijingzx.org/127.0.0.1#5353 +ipset=/.beijingzx.org/gfwlist +server=/.belamionline.com/127.0.0.1#5353 +ipset=/.belamionline.com/gfwlist +server=/.bell.wiki/127.0.0.1#5353 +ipset=/.bell.wiki/gfwlist +server=/.bemywife.cc/127.0.0.1#5353 +ipset=/.bemywife.cc/gfwlist +server=/.beric.me/127.0.0.1#5353 +ipset=/.beric.me/gfwlist +server=/.berlintwitterwall.com/127.0.0.1#5353 +ipset=/.berlintwitterwall.com/gfwlist +server=/.berm.co.nz/127.0.0.1#5353 +ipset=/.berm.co.nz/gfwlist +server=/.bestforchina.org/127.0.0.1#5353 +ipset=/.bestforchina.org/gfwlist +server=/.bestgore.com/127.0.0.1#5353 +ipset=/.bestgore.com/gfwlist +server=/.bestpornstardb.com/127.0.0.1#5353 +ipset=/.bestpornstardb.com/gfwlist +server=/.bestvpn.com/127.0.0.1#5353 +ipset=/.bestvpn.com/gfwlist +server=/.bestvpnanalysis.com/127.0.0.1#5353 +ipset=/.bestvpnanalysis.com/gfwlist +server=/.bestvpnserver.com/127.0.0.1#5353 +ipset=/.bestvpnserver.com/gfwlist +server=/.bestvpnservice.com/127.0.0.1#5353 +ipset=/.bestvpnservice.com/gfwlist +server=/.bestvpnusa.com/127.0.0.1#5353 +ipset=/.bestvpnusa.com/gfwlist +server=/.bet365.com/127.0.0.1#5353 +ipset=/.bet365.com/gfwlist +server=/.betfair.com/127.0.0.1#5353 +ipset=/.betfair.com/gfwlist +server=/.betternet.co/127.0.0.1#5353 +ipset=/.betternet.co/gfwlist +server=/.bettervpn.com/127.0.0.1#5353 +ipset=/.bettervpn.com/gfwlist +server=/.bettween.com/127.0.0.1#5353 +ipset=/.bettween.com/gfwlist +server=/.betvictor.com/127.0.0.1#5353 +ipset=/.betvictor.com/gfwlist +server=/.bewww.net/127.0.0.1#5353 +ipset=/.bewww.net/gfwlist +server=/.beyondfirewall.com/127.0.0.1#5353 +ipset=/.beyondfirewall.com/gfwlist +server=/.bfnn.org/127.0.0.1#5353 +ipset=/.bfnn.org/gfwlist +server=/.bfsh.hk/127.0.0.1#5353 +ipset=/.bfsh.hk/gfwlist +server=/.bgvpn.com/127.0.0.1#5353 +ipset=/.bgvpn.com/gfwlist +server=/.bianlei.com/127.0.0.1#5353 +ipset=/.bianlei.com/gfwlist +server=/.biantailajiao.com/127.0.0.1#5353 +ipset=/.biantailajiao.com/gfwlist +server=/.biantailajiao.in/127.0.0.1#5353 +ipset=/.biantailajiao.in/gfwlist +server=/.biblesforamerica.org/127.0.0.1#5353 +ipset=/.biblesforamerica.org/gfwlist +server=/.bibox.com/127.0.0.1#5353 +ipset=/.bibox.com/gfwlist +server=/.bic2011.org/127.0.0.1#5353 +ipset=/.bic2011.org/gfwlist +server=/.big.one/127.0.0.1#5353 +ipset=/.big.one/gfwlist +server=/.bigfools.com/127.0.0.1#5353 +ipset=/.bigfools.com/gfwlist +server=/.bigjapanesesex.com/127.0.0.1#5353 +ipset=/.bigjapanesesex.com/gfwlist +server=/.bigmoney.biz/127.0.0.1#5353 +ipset=/.bigmoney.biz/gfwlist +server=/.bignews.org/127.0.0.1#5353 +ipset=/.bignews.org/gfwlist +server=/.bigsound.org/127.0.0.1#5353 +ipset=/.bigsound.org/gfwlist +server=/.biliworld.com/127.0.0.1#5353 +ipset=/.biliworld.com/gfwlist +server=/.binance.com/127.0.0.1#5353 +ipset=/.binance.com/gfwlist +server=/.binux.me/127.0.0.1#5353 +ipset=/.binux.me/gfwlist +server=/.bipic.net/127.0.0.1#5353 +ipset=/.bipic.net/gfwlist +server=/.bird.so/127.0.0.1#5353 +ipset=/.bird.so/gfwlist +server=/.bit-z.com/127.0.0.1#5353 +ipset=/.bit-z.com/gfwlist +server=/.bit.do/127.0.0.1#5353 +ipset=/.bit.do/gfwlist +server=/.bit.ly/127.0.0.1#5353 +ipset=/.bit.ly/gfwlist +server=/.bitcointalk.org/127.0.0.1#5353 +ipset=/.bitcointalk.org/gfwlist +server=/.bitcoinworld.com/127.0.0.1#5353 +ipset=/.bitcoinworld.com/gfwlist +server=/.bitfinex.com/127.0.0.1#5353 +ipset=/.bitfinex.com/gfwlist +server=/.bitinka.com.ar/127.0.0.1#5353 +ipset=/.bitinka.com.ar/gfwlist +server=/.bitmex.com/127.0.0.1#5353 +ipset=/.bitmex.com/gfwlist +server=/.bitshare.com/127.0.0.1#5353 +ipset=/.bitshare.com/gfwlist +server=/.bitsnoop.com/127.0.0.1#5353 +ipset=/.bitsnoop.com/gfwlist +server=/.bitvise.com/127.0.0.1#5353 +ipset=/.bitvise.com/gfwlist +server=/.bizhat.com/127.0.0.1#5353 +ipset=/.bizhat.com/gfwlist +server=/.bjnewlife.org/127.0.0.1#5353 +ipset=/.bjnewlife.org/gfwlist +server=/.bjs.org/127.0.0.1#5353 +ipset=/.bjs.org/gfwlist +server=/.bjzc.org/127.0.0.1#5353 +ipset=/.bjzc.org/gfwlist +server=/.bl-doujinsouko.com/127.0.0.1#5353 +ipset=/.bl-doujinsouko.com/gfwlist +server=/.blacklogic.com/127.0.0.1#5353 +ipset=/.blacklogic.com/gfwlist +server=/.blackvpn.com/127.0.0.1#5353 +ipset=/.blackvpn.com/gfwlist +server=/.blewpass.com/127.0.0.1#5353 +ipset=/.blewpass.com/gfwlist +server=/.blinkx.com/127.0.0.1#5353 +ipset=/.blinkx.com/gfwlist +server=/.blinw.com/127.0.0.1#5353 +ipset=/.blinw.com/gfwlist +server=/.blip.tv/127.0.0.1#5353 +ipset=/.blip.tv/gfwlist +server=/.blockcn.com/127.0.0.1#5353 +ipset=/.blockcn.com/gfwlist +server=/.blockless.com/127.0.0.1#5353 +ipset=/.blockless.com/gfwlist +server=/.blog.calibre-ebook.com/127.0.0.1#5353 +ipset=/.blog.calibre-ebook.com/gfwlist +server=/.blog.cnyes.com/127.0.0.1#5353 +ipset=/.blog.cnyes.com/gfwlist +server=/.blog.de/127.0.0.1#5353 +ipset=/.blog.de/gfwlist +server=/.blog.exblog.co.jp/127.0.0.1#5353 +ipset=/.blog.exblog.co.jp/gfwlist +server=/.blog.excite.co.jp/127.0.0.1#5353 +ipset=/.blog.excite.co.jp/gfwlist +server=/.blog.expofutures.com/127.0.0.1#5353 +ipset=/.blog.expofutures.com/gfwlist +server=/.blog.fizzik.com/127.0.0.1#5353 +ipset=/.blog.fizzik.com/gfwlist +server=/.blog.foolsmountain.com/127.0.0.1#5353 +ipset=/.blog.foolsmountain.com/gfwlist +server=/.blog.fuckgfw233.org/127.0.0.1#5353 +ipset=/.blog.fuckgfw233.org/gfwlist +server=/.blog.google/127.0.0.1#5353 +ipset=/.blog.google/gfwlist +server=/.blog.inoreader.com/127.0.0.1#5353 +ipset=/.blog.inoreader.com/gfwlist +server=/.blog.jackjia.com/127.0.0.1#5353 +ipset=/.blog.jackjia.com/gfwlist +server=/.blog.jp/127.0.0.1#5353 +ipset=/.blog.jp/gfwlist +server=/.blog.kangye.org/127.0.0.1#5353 +ipset=/.blog.kangye.org/gfwlist +server=/.blog.lester850.info/127.0.0.1#5353 +ipset=/.blog.lester850.info/gfwlist +server=/.blog.martinoei.com/127.0.0.1#5353 +ipset=/.blog.martinoei.com/gfwlist +server=/.blog.ontrac.com/127.0.0.1#5353 +ipset=/.blog.ontrac.com/gfwlist +server=/.blog.pathtosharepoint.com/127.0.0.1#5353 +ipset=/.blog.pathtosharepoint.com/gfwlist +server=/.blog.pentalogic.net/127.0.0.1#5353 +ipset=/.blog.pentalogic.net/gfwlist +server=/.blog.sina.com.tw/127.0.0.1#5353 +ipset=/.blog.sina.com.tw/gfwlist +server=/.blog.sogoo.org/127.0.0.1#5353 +ipset=/.blog.sogoo.org/gfwlist +server=/.blog.soylent.com/127.0.0.1#5353 +ipset=/.blog.soylent.com/gfwlist +server=/.blog.taragana.com/127.0.0.1#5353 +ipset=/.blog.taragana.com/gfwlist +server=/.blog.tiney.com/127.0.0.1#5353 +ipset=/.blog.tiney.com/gfwlist +server=/.blog.xuite.net/127.0.0.1#5353 +ipset=/.blog.xuite.net/gfwlist +server=/.blog.youthwant.com.tw/127.0.0.1#5353 +ipset=/.blog.youthwant.com.tw/gfwlist +server=/.blogblog.com/127.0.0.1#5353 +ipset=/.blogblog.com/gfwlist +server=/.blogcatalog.com/127.0.0.1#5353 +ipset=/.blogcatalog.com/gfwlist +server=/.blogcity.me/127.0.0.1#5353 +ipset=/.blogcity.me/gfwlist +server=/.blogdns.org/127.0.0.1#5353 +ipset=/.blogdns.org/gfwlist +server=/.blogger.com/127.0.0.1#5353 +ipset=/.blogger.com/gfwlist +server=/.blogimg.jp/127.0.0.1#5353 +ipset=/.blogimg.jp/gfwlist +server=/.bloglines.com/127.0.0.1#5353 +ipset=/.bloglines.com/gfwlist +server=/.bloglovin.com/127.0.0.1#5353 +ipset=/.bloglovin.com/gfwlist +server=/.blogs.tampabay.com/127.0.0.1#5353 +ipset=/.blogs.tampabay.com/gfwlist +server=/.blogs.yahoo.co.jp/127.0.0.1#5353 +ipset=/.blogs.yahoo.co.jp/gfwlist +server=/.blogspot.com/127.0.0.1#5353 +ipset=/.blogspot.com/gfwlist +server=/.blogspot.hk/127.0.0.1#5353 +ipset=/.blogspot.hk/gfwlist +server=/.blogspot.jp/127.0.0.1#5353 +ipset=/.blogspot.jp/gfwlist +server=/.blogspot.tw/127.0.0.1#5353 +ipset=/.blogspot.tw/gfwlist +server=/.blogtd.net/127.0.0.1#5353 +ipset=/.blogtd.net/gfwlist +server=/.blogtd.org/127.0.0.1#5353 +ipset=/.blogtd.org/gfwlist +server=/.bloodshed.net/127.0.0.1#5353 +ipset=/.bloodshed.net/gfwlist +server=/.bloomberg.cn/127.0.0.1#5353 +ipset=/.bloomberg.cn/gfwlist +server=/.bloomberg.com/127.0.0.1#5353 +ipset=/.bloomberg.com/gfwlist +server=/.bloomberg.de/127.0.0.1#5353 +ipset=/.bloomberg.de/gfwlist +server=/.bloombergview.com/127.0.0.1#5353 +ipset=/.bloombergview.com/gfwlist +server=/.bloomfortune.com/127.0.0.1#5353 +ipset=/.bloomfortune.com/gfwlist +server=/.blueangellive.com/127.0.0.1#5353 +ipset=/.blueangellive.com/gfwlist +server=/.bmfinn.com/127.0.0.1#5353 +ipset=/.bmfinn.com/gfwlist +server=/.bnews.co/127.0.0.1#5353 +ipset=/.bnews.co/gfwlist +server=/.bnrmetal.com/127.0.0.1#5353 +ipset=/.bnrmetal.com/gfwlist +server=/.boardreader.com/127.0.0.1#5353 +ipset=/.boardreader.com/gfwlist +server=/.bod.asia/127.0.0.1#5353 +ipset=/.bod.asia/gfwlist +server=/.bodog88.com/127.0.0.1#5353 +ipset=/.bodog88.com/gfwlist +server=/.bolehvpn.net/127.0.0.1#5353 +ipset=/.bolehvpn.net/gfwlist +server=/.bolin.netfirms.com/127.0.0.1#5353 +ipset=/.bolin.netfirms.com/gfwlist +server=/.bonbonme.com/127.0.0.1#5353 +ipset=/.bonbonme.com/gfwlist +server=/.bonbonsex.com/127.0.0.1#5353 +ipset=/.bonbonsex.com/gfwlist +server=/.bonfoundation.org/127.0.0.1#5353 +ipset=/.bonfoundation.org/gfwlist +server=/.bongacams.com/127.0.0.1#5353 +ipset=/.bongacams.com/gfwlist +server=/.boobstagram.com/127.0.0.1#5353 +ipset=/.boobstagram.com/gfwlist +server=/.book.com.tw/127.0.0.1#5353 +ipset=/.book.com.tw/gfwlist +server=/.book.zi5.me/127.0.0.1#5353 +ipset=/.book.zi5.me/gfwlist +server=/.bookepub.com/127.0.0.1#5353 +ipset=/.bookepub.com/gfwlist +server=/.books.com.tw/127.0.0.1#5353 +ipset=/.books.com.tw/gfwlist +server=/.booktopia.com.au/127.0.0.1#5353 +ipset=/.booktopia.com.au/gfwlist +server=/.boomssr.com/127.0.0.1#5353 +ipset=/.boomssr.com/gfwlist +server=/.bot.nu/127.0.0.1#5353 +ipset=/.bot.nu/gfwlist +server=/.botanwang.com/127.0.0.1#5353 +ipset=/.botanwang.com/gfwlist +server=/.bowenpress.com/127.0.0.1#5353 +ipset=/.bowenpress.com/gfwlist +server=/.boxpn.com/127.0.0.1#5353 +ipset=/.boxpn.com/gfwlist +server=/.boxun.com/127.0.0.1#5353 +ipset=/.boxun.com/gfwlist +server=/.boxun.tv/127.0.0.1#5353 +ipset=/.boxun.tv/gfwlist +server=/.boxunblog.com/127.0.0.1#5353 +ipset=/.boxunblog.com/gfwlist +server=/.boxunclub.com/127.0.0.1#5353 +ipset=/.boxunclub.com/gfwlist +server=/.boyangu.com/127.0.0.1#5353 +ipset=/.boyangu.com/gfwlist +server=/.boyfriendtv.com/127.0.0.1#5353 +ipset=/.boyfriendtv.com/gfwlist +server=/.boysfood.com/127.0.0.1#5353 +ipset=/.boysfood.com/gfwlist +server=/.boysmaster.com/127.0.0.1#5353 +ipset=/.boysmaster.com/gfwlist +server=/.br.hao123.com/127.0.0.1#5353 +ipset=/.br.hao123.com/gfwlist +server=/.br.st/127.0.0.1#5353 +ipset=/.br.st/gfwlist +server=/.brandonhutchinson.com/127.0.0.1#5353 +ipset=/.brandonhutchinson.com/gfwlist +server=/.braumeister.org/127.0.0.1#5353 +ipset=/.braumeister.org/gfwlist +server=/.bravotube.net/127.0.0.1#5353 +ipset=/.bravotube.net/gfwlist +server=/.brazzers.com/127.0.0.1#5353 +ipset=/.brazzers.com/gfwlist +server=/.break.com/127.0.0.1#5353 +ipset=/.break.com/gfwlist +server=/.breakgfw.com/127.0.0.1#5353 +ipset=/.breakgfw.com/gfwlist +server=/.breaking911.com/127.0.0.1#5353 +ipset=/.breaking911.com/gfwlist +server=/.breakingtweets.com/127.0.0.1#5353 +ipset=/.breakingtweets.com/gfwlist +server=/.breakwall.net/127.0.0.1#5353 +ipset=/.breakwall.net/gfwlist +server=/.brizzly.com/127.0.0.1#5353 +ipset=/.brizzly.com/gfwlist +server=/.brkmd.com/127.0.0.1#5353 +ipset=/.brkmd.com/gfwlist +server=/.broadbook.com/127.0.0.1#5353 +ipset=/.broadbook.com/gfwlist +server=/.broadpressinc.com/127.0.0.1#5353 +ipset=/.broadpressinc.com/gfwlist +server=/.brucewang.net/127.0.0.1#5353 +ipset=/.brucewang.net/gfwlist +server=/.brutaltgp.com/127.0.0.1#5353 +ipset=/.brutaltgp.com/gfwlist +server=/.bt2mag.com/127.0.0.1#5353 +ipset=/.bt2mag.com/gfwlist +server=/.bt95.com/127.0.0.1#5353 +ipset=/.bt95.com/gfwlist +server=/.btaia.com/127.0.0.1#5353 +ipset=/.btaia.com/gfwlist +server=/.btbtav.com/127.0.0.1#5353 +ipset=/.btbtav.com/gfwlist +server=/.btcbank.bank/127.0.0.1#5353 +ipset=/.btcbank.bank/gfwlist +server=/.btctrade.im/127.0.0.1#5353 +ipset=/.btctrade.im/gfwlist +server=/.btdigg.org/127.0.0.1#5353 +ipset=/.btdigg.org/gfwlist +server=/.btku.me/127.0.0.1#5353 +ipset=/.btku.me/gfwlist +server=/.btku.org/127.0.0.1#5353 +ipset=/.btku.org/gfwlist +server=/.btspread.com/127.0.0.1#5353 +ipset=/.btspread.com/gfwlist +server=/.btsynckeys.com/127.0.0.1#5353 +ipset=/.btsynckeys.com/gfwlist +server=/.budaedu.org/127.0.0.1#5353 +ipset=/.budaedu.org/gfwlist +server=/.buddhistchannel.tv/127.0.0.1#5353 +ipset=/.buddhistchannel.tv/gfwlist +server=/.buffered.com/127.0.0.1#5353 +ipset=/.buffered.com/gfwlist +server=/.bullog.org/127.0.0.1#5353 +ipset=/.bullog.org/gfwlist +server=/.bullogger.com/127.0.0.1#5353 +ipset=/.bullogger.com/gfwlist +server=/.bunbunhk.com/127.0.0.1#5353 +ipset=/.bunbunhk.com/gfwlist +server=/.busayari.com/127.0.0.1#5353 +ipset=/.busayari.com/gfwlist +server=/.businessinsider.com/127.0.0.1#5353 +ipset=/.businessinsider.com/gfwlist +server=/.businessweek.com/127.0.0.1#5353 +ipset=/.businessweek.com/gfwlist +server=/.busytrade.com/127.0.0.1#5353 +ipset=/.busytrade.com/gfwlist +server=/.buugaa.com/127.0.0.1#5353 +ipset=/.buugaa.com/gfwlist +server=/.buzzhand.com/127.0.0.1#5353 +ipset=/.buzzhand.com/gfwlist +server=/.buzzhand.net/127.0.0.1#5353 +ipset=/.buzzhand.net/gfwlist +server=/.buzzorange.com/127.0.0.1#5353 +ipset=/.buzzorange.com/gfwlist +server=/.bvpn.com/127.0.0.1#5353 +ipset=/.bvpn.com/gfwlist +server=/.bwsj.hk/127.0.0.1#5353 +ipset=/.bwsj.hk/gfwlist +server=/.bx.in.th/127.0.0.1#5353 +ipset=/.bx.in.th/gfwlist +server=/.bx.tl/127.0.0.1#5353 +ipset=/.bx.tl/gfwlist +server=/.bynet.co.il/127.0.0.1#5353 +ipset=/.bynet.co.il/gfwlist +server=/.c-est-simple.com/127.0.0.1#5353 +ipset=/.c-est-simple.com/gfwlist +server=/.c-spanvideo.org/127.0.0.1#5353 +ipset=/.c-spanvideo.org/gfwlist +server=/.c100tibet.org/127.0.0.1#5353 +ipset=/.c100tibet.org/gfwlist +server=/.c1522.mooo.com/127.0.0.1#5353 +ipset=/.c1522.mooo.com/gfwlist +server=/.c2cx.com/127.0.0.1#5353 +ipset=/.c2cx.com/gfwlist +server=/.cablegatesearch.net/127.0.0.1#5353 +ipset=/.cablegatesearch.net/gfwlist +server=/.cachinese.com/127.0.0.1#5353 +ipset=/.cachinese.com/gfwlist +server=/.cacnw.com/127.0.0.1#5353 +ipset=/.cacnw.com/gfwlist +server=/.cactusvpn.com/127.0.0.1#5353 +ipset=/.cactusvpn.com/gfwlist +server=/.cafepress.com/127.0.0.1#5353 +ipset=/.cafepress.com/gfwlist +server=/.cahr.org.tw/127.0.0.1#5353 +ipset=/.cahr.org.tw/gfwlist +server=/.calebelston.com/127.0.0.1#5353 +ipset=/.calebelston.com/gfwlist +server=/.calgarychinese.ca/127.0.0.1#5353 +ipset=/.calgarychinese.ca/gfwlist +server=/.calgarychinese.com/127.0.0.1#5353 +ipset=/.calgarychinese.com/gfwlist +server=/.calgarychinese.net/127.0.0.1#5353 +ipset=/.calgarychinese.net/gfwlist +server=/.cam4.com/127.0.0.1#5353 +ipset=/.cam4.com/gfwlist +server=/.cam4.jp/127.0.0.1#5353 +ipset=/.cam4.jp/gfwlist +server=/.cam4.sg/127.0.0.1#5353 +ipset=/.cam4.sg/gfwlist +server=/.camfrog.com/127.0.0.1#5353 +ipset=/.camfrog.com/gfwlist +server=/.cams.com/127.0.0.1#5353 +ipset=/.cams.com/gfwlist +server=/.cams.org.sg/127.0.0.1#5353 +ipset=/.cams.org.sg/gfwlist +server=/.canadameet.com/127.0.0.1#5353 +ipset=/.canadameet.com/gfwlist +server=/.canalporno.com/127.0.0.1#5353 +ipset=/.canalporno.com/gfwlist +server=/.canyu.org/127.0.0.1#5353 +ipset=/.canyu.org/gfwlist +server=/.cao.im/127.0.0.1#5353 +ipset=/.cao.im/gfwlist +server=/.caobian.info/127.0.0.1#5353 +ipset=/.caobian.info/gfwlist +server=/.caochangqing.com/127.0.0.1#5353 +ipset=/.caochangqing.com/gfwlist +server=/.cap.org.hk/127.0.0.1#5353 +ipset=/.cap.org.hk/gfwlist +server=/.carabinasypistolas.com/127.0.0.1#5353 +ipset=/.carabinasypistolas.com/gfwlist +server=/.cardinalkungfoundation.org/127.0.0.1#5353 +ipset=/.cardinalkungfoundation.org/gfwlist +server=/.carfax.com/127.0.0.1#5353 +ipset=/.carfax.com/gfwlist +server=/.cari.com.my/127.0.0.1#5353 +ipset=/.cari.com.my/gfwlist +server=/.caribbeancom.com/127.0.0.1#5353 +ipset=/.caribbeancom.com/gfwlist +server=/.carmotorshow.com/127.0.0.1#5353 +ipset=/.carmotorshow.com/gfwlist +server=/.cartoonmovement.com/127.0.0.1#5353 +ipset=/.cartoonmovement.com/gfwlist +server=/.casadeltibetbcn.org/127.0.0.1#5353 +ipset=/.casadeltibetbcn.org/gfwlist +server=/.casatibet.org.mx/127.0.0.1#5353 +ipset=/.casatibet.org.mx/gfwlist +server=/.casino.williamhill.com/127.0.0.1#5353 +ipset=/.casino.williamhill.com/gfwlist +server=/.casinobellini.com/127.0.0.1#5353 +ipset=/.casinobellini.com/gfwlist +server=/.casinoking.com/127.0.0.1#5353 +ipset=/.casinoking.com/gfwlist +server=/.casinoriva.com/127.0.0.1#5353 +ipset=/.casinoriva.com/gfwlist +server=/.castbox.fm/127.0.0.1#5353 +ipset=/.castbox.fm/gfwlist +server=/.catch22.net/127.0.0.1#5353 +ipset=/.catch22.net/gfwlist +server=/.catchgod.com/127.0.0.1#5353 +ipset=/.catchgod.com/gfwlist +server=/.catfightpayperview.xxx/127.0.0.1#5353 +ipset=/.catfightpayperview.xxx/gfwlist +server=/.catholic.org.hk/127.0.0.1#5353 +ipset=/.catholic.org.hk/gfwlist +server=/.catholic.org.tw/127.0.0.1#5353 +ipset=/.catholic.org.tw/gfwlist +server=/.cathvoice.org.tw/127.0.0.1#5353 +ipset=/.cathvoice.org.tw/gfwlist +server=/.cattt.com/127.0.0.1#5353 +ipset=/.cattt.com/gfwlist +server=/.cbc.ca/127.0.0.1#5353 +ipset=/.cbc.ca/gfwlist +server=/.cbs.ntu.edu.tw/127.0.0.1#5353 +ipset=/.cbs.ntu.edu.tw/gfwlist +server=/.cbtc.org.hk/127.0.0.1#5353 +ipset=/.cbtc.org.hk/gfwlist +server=/.cccat.cc/127.0.0.1#5353 +ipset=/.cccat.cc/gfwlist +server=/.cccat.co/127.0.0.1#5353 +ipset=/.cccat.co/gfwlist +server=/.ccdtr.org/127.0.0.1#5353 +ipset=/.ccdtr.org/gfwlist +server=/.cchere.com/127.0.0.1#5353 +ipset=/.cchere.com/gfwlist +server=/.ccim.org/127.0.0.1#5353 +ipset=/.ccim.org/gfwlist +server=/.cclife.ca/127.0.0.1#5353 +ipset=/.cclife.ca/gfwlist +server=/.cclife.org/127.0.0.1#5353 +ipset=/.cclife.org/gfwlist +server=/.cclifefl.org/127.0.0.1#5353 +ipset=/.cclifefl.org/gfwlist +server=/.ccthere.com/127.0.0.1#5353 +ipset=/.ccthere.com/gfwlist +server=/.cctmweb.net/127.0.0.1#5353 +ipset=/.cctmweb.net/gfwlist +server=/.ccue.ca/127.0.0.1#5353 +ipset=/.ccue.ca/gfwlist +server=/.ccue.com/127.0.0.1#5353 +ipset=/.ccue.com/gfwlist +server=/.ccvoice.ca/127.0.0.1#5353 +ipset=/.ccvoice.ca/gfwlist +server=/.ccw.org.tw/127.0.0.1#5353 +ipset=/.ccw.org.tw/gfwlist +server=/.cdbook.org/127.0.0.1#5353 +ipset=/.cdbook.org/gfwlist +server=/.cdcparty.com/127.0.0.1#5353 +ipset=/.cdcparty.com/gfwlist +server=/.cdef.org/127.0.0.1#5353 +ipset=/.cdef.org/gfwlist +server=/.cdig.info/127.0.0.1#5353 +ipset=/.cdig.info/gfwlist +server=/.cdjp.org/127.0.0.1#5353 +ipset=/.cdjp.org/gfwlist +server=/.cdn-images.mailchimp.com/127.0.0.1#5353 +ipset=/.cdn-images.mailchimp.com/gfwlist +server=/.cdn.assets.lfpcontent.com/127.0.0.1#5353 +ipset=/.cdn.assets.lfpcontent.com/gfwlist +server=/.cdn.helixstudios.net/127.0.0.1#5353 +ipset=/.cdn.helixstudios.net/gfwlist +server=/.cdn.printfriendly.com/127.0.0.1#5353 +ipset=/.cdn.printfriendly.com/gfwlist +server=/.cdn.seatguru.com/127.0.0.1#5353 +ipset=/.cdn.seatguru.com/gfwlist +server=/.cdn.softlayer.net/127.0.0.1#5353 +ipset=/.cdn.softlayer.net/gfwlist +server=/.cdn.v2ex.com/127.0.0.1#5353 +ipset=/.cdn.v2ex.com/gfwlist +server=/.cdn1.lp.saboom.com/127.0.0.1#5353 +ipset=/.cdn1.lp.saboom.com/gfwlist +server=/.cdnews.com.tw/127.0.0.1#5353 +ipset=/.cdnews.com.tw/gfwlist +server=/.cdninstagram.com/127.0.0.1#5353 +ipset=/.cdninstagram.com/gfwlist +server=/.cdp1989.org/127.0.0.1#5353 +ipset=/.cdp1989.org/gfwlist +server=/.cdp1998.org/127.0.0.1#5353 +ipset=/.cdp1998.org/gfwlist +server=/.cdp2006.org/127.0.0.1#5353 +ipset=/.cdp2006.org/gfwlist +server=/.cdpa.url.tw/127.0.0.1#5353 +ipset=/.cdpa.url.tw/gfwlist +server=/.cdpeu.org/127.0.0.1#5353 +ipset=/.cdpeu.org/gfwlist +server=/.cdpusa.org/127.0.0.1#5353 +ipset=/.cdpusa.org/gfwlist +server=/.cdpweb.org/127.0.0.1#5353 +ipset=/.cdpweb.org/gfwlist +server=/.cdpwu.org/127.0.0.1#5353 +ipset=/.cdpwu.org/gfwlist +server=/.cdw.com/127.0.0.1#5353 +ipset=/.cdw.com/gfwlist +server=/.cecc.gov/127.0.0.1#5353 +ipset=/.cecc.gov/gfwlist +server=/.cellulo.info/127.0.0.1#5353 +ipset=/.cellulo.info/gfwlist +server=/.cenews.eu/127.0.0.1#5353 +ipset=/.cenews.eu/gfwlist +server=/.centauro.com.br/127.0.0.1#5353 +ipset=/.centauro.com.br/gfwlist +server=/.centerforhumanreprod.com/127.0.0.1#5353 +ipset=/.centerforhumanreprod.com/gfwlist +server=/.centralnation.com/127.0.0.1#5353 +ipset=/.centralnation.com/gfwlist +server=/.centurys.net/127.0.0.1#5353 +ipset=/.centurys.net/gfwlist +server=/.certificate-transparency.org/127.0.0.1#5353 +ipset=/.certificate-transparency.org/gfwlist +server=/.certificate.revocationcheck.com/127.0.0.1#5353 +ipset=/.certificate.revocationcheck.com/gfwlist +server=/.cfhks.org.hk/127.0.0.1#5353 +ipset=/.cfhks.org.hk/gfwlist +server=/.cfos.de/127.0.0.1#5353 +ipset=/.cfos.de/gfwlist +server=/.cftfc.com/127.0.0.1#5353 +ipset=/.cftfc.com/gfwlist +server=/.cgdepot.org/127.0.0.1#5353 +ipset=/.cgdepot.org/gfwlist +server=/.cgst.edu/127.0.0.1#5353 +ipset=/.cgst.edu/gfwlist +server=/.ch.shvoong.com/127.0.0.1#5353 +ipset=/.ch.shvoong.com/gfwlist +server=/.change.org/127.0.0.1#5353 +ipset=/.change.org/gfwlist +server=/.changeip.name/127.0.0.1#5353 +ipset=/.changeip.name/gfwlist +server=/.changeip.net/127.0.0.1#5353 +ipset=/.changeip.net/gfwlist +server=/.changeip.org/127.0.0.1#5353 +ipset=/.changeip.org/gfwlist +server=/.changp.com/127.0.0.1#5353 +ipset=/.changp.com/gfwlist +server=/.changsa.net/127.0.0.1#5353 +ipset=/.changsa.net/gfwlist +server=/.chaoex.com/127.0.0.1#5353 +ipset=/.chaoex.com/gfwlist +server=/.chapm25.com/127.0.0.1#5353 +ipset=/.chapm25.com/gfwlist +server=/.chatnook.com/127.0.0.1#5353 +ipset=/.chatnook.com/gfwlist +server=/.chaturbate.com/127.0.0.1#5353 +ipset=/.chaturbate.com/gfwlist +server=/.chengmingmag.com/127.0.0.1#5353 +ipset=/.chengmingmag.com/gfwlist +server=/.chenguangcheng.com/127.0.0.1#5353 +ipset=/.chenguangcheng.com/gfwlist +server=/.chenpokong.com/127.0.0.1#5353 +ipset=/.chenpokong.com/gfwlist +server=/.chenpokong.net/127.0.0.1#5353 +ipset=/.chenpokong.net/gfwlist +server=/.chenshan20042005.wordpress.com/127.0.0.1#5353 +ipset=/.chenshan20042005.wordpress.com/gfwlist +server=/.cherrysave.com/127.0.0.1#5353 +ipset=/.cherrysave.com/gfwlist +server=/.chhongbi.org/127.0.0.1#5353 +ipset=/.chhongbi.org/gfwlist +server=/.chicagoncmtv.com/127.0.0.1#5353 +ipset=/.chicagoncmtv.com/gfwlist +server=/.china-mmm.jp.net/127.0.0.1#5353 +ipset=/.china-mmm.jp.net/gfwlist +server=/.china-mmm.net/127.0.0.1#5353 +ipset=/.china-mmm.net/gfwlist +server=/.china-mmm.sa.com/127.0.0.1#5353 +ipset=/.china-mmm.sa.com/gfwlist +server=/.china-review.com.ua/127.0.0.1#5353 +ipset=/.china-review.com.ua/gfwlist +server=/.china-week.com/127.0.0.1#5353 +ipset=/.china-week.com/gfwlist +server=/.china.hket.com/127.0.0.1#5353 +ipset=/.china.hket.com/gfwlist +server=/.china101.com/127.0.0.1#5353 +ipset=/.china101.com/gfwlist +server=/.china18.org/127.0.0.1#5353 +ipset=/.china18.org/gfwlist +server=/.china21.com/127.0.0.1#5353 +ipset=/.china21.com/gfwlist +server=/.china21.org/127.0.0.1#5353 +ipset=/.china21.org/gfwlist +server=/.china5000.us/127.0.0.1#5353 +ipset=/.china5000.us/gfwlist +server=/.chinaaffairs.org/127.0.0.1#5353 +ipset=/.chinaaffairs.org/gfwlist +server=/.chinaaid.me/127.0.0.1#5353 +ipset=/.chinaaid.me/gfwlist +server=/.chinaaid.net/127.0.0.1#5353 +ipset=/.chinaaid.net/gfwlist +server=/.chinaaid.org/127.0.0.1#5353 +ipset=/.chinaaid.org/gfwlist +server=/.chinaaid.us/127.0.0.1#5353 +ipset=/.chinaaid.us/gfwlist +server=/.chinachange.org/127.0.0.1#5353 +ipset=/.chinachange.org/gfwlist +server=/.chinachannel.hk/127.0.0.1#5353 +ipset=/.chinachannel.hk/gfwlist +server=/.chinacitynews.be/127.0.0.1#5353 +ipset=/.chinacitynews.be/gfwlist +server=/.chinacomments.org/127.0.0.1#5353 +ipset=/.chinacomments.org/gfwlist +server=/.chinadialogue.net/127.0.0.1#5353 +ipset=/.chinadialogue.net/gfwlist +server=/.chinadigitaltimes.net/127.0.0.1#5353 +ipset=/.chinadigitaltimes.net/gfwlist +server=/.chinaelections.org/127.0.0.1#5353 +ipset=/.chinaelections.org/gfwlist +server=/.chinaeweekly.com/127.0.0.1#5353 +ipset=/.chinaeweekly.com/gfwlist +server=/.chinafreepress.org/127.0.0.1#5353 +ipset=/.chinafreepress.org/gfwlist +server=/.chinagate.com/127.0.0.1#5353 +ipset=/.chinagate.com/gfwlist +server=/.chinageeks.org/127.0.0.1#5353 +ipset=/.chinageeks.org/gfwlist +server=/.chinagfw.org/127.0.0.1#5353 +ipset=/.chinagfw.org/gfwlist +server=/.chinagonet.com/127.0.0.1#5353 +ipset=/.chinagonet.com/gfwlist +server=/.chinagreenparty.org/127.0.0.1#5353 +ipset=/.chinagreenparty.org/gfwlist +server=/.chinahorizon.org/127.0.0.1#5353 +ipset=/.chinahorizon.org/gfwlist +server=/.chinahush.com/127.0.0.1#5353 +ipset=/.chinahush.com/gfwlist +server=/.chinainperspective.com/127.0.0.1#5353 +ipset=/.chinainperspective.com/gfwlist +server=/.chinainterimgov.org/127.0.0.1#5353 +ipset=/.chinainterimgov.org/gfwlist +server=/.chinalaborwatch.org/127.0.0.1#5353 +ipset=/.chinalaborwatch.org/gfwlist +server=/.chinalawandpolicy.com/127.0.0.1#5353 +ipset=/.chinalawandpolicy.com/gfwlist +server=/.chinalawtranslate.com/127.0.0.1#5353 +ipset=/.chinalawtranslate.com/gfwlist +server=/.chinamule.com/127.0.0.1#5353 +ipset=/.chinamule.com/gfwlist +server=/.chinamz.org/127.0.0.1#5353 +ipset=/.chinamz.org/gfwlist +server=/.chinapress.com.my/127.0.0.1#5353 +ipset=/.chinapress.com.my/gfwlist +server=/.chinarightsia.org/127.0.0.1#5353 +ipset=/.chinarightsia.org/gfwlist +server=/.chinasocialdemocraticparty.com/127.0.0.1#5353 +ipset=/.chinasocialdemocraticparty.com/gfwlist +server=/.chinasoul.org/127.0.0.1#5353 +ipset=/.chinasoul.org/gfwlist +server=/.chinasucks.net/127.0.0.1#5353 +ipset=/.chinasucks.net/gfwlist +server=/.chinatopsex.com/127.0.0.1#5353 +ipset=/.chinatopsex.com/gfwlist +server=/.chinatown.com.au/127.0.0.1#5353 +ipset=/.chinatown.com.au/gfwlist +server=/.chinatweeps.com/127.0.0.1#5353 +ipset=/.chinatweeps.com/gfwlist +server=/.chinaview.wordpress.com/127.0.0.1#5353 +ipset=/.chinaview.wordpress.com/gfwlist +server=/.chinaway.org/127.0.0.1#5353 +ipset=/.chinaway.org/gfwlist +server=/.chinaworker.info/127.0.0.1#5353 +ipset=/.chinaworker.info/gfwlist +server=/.chinayouth.org.hk/127.0.0.1#5353 +ipset=/.chinayouth.org.hk/gfwlist +server=/.chinayuanmin.org/127.0.0.1#5353 +ipset=/.chinayuanmin.org/gfwlist +server=/.chinaz.com/127.0.0.1#5353 +ipset=/.chinaz.com/gfwlist +server=/.chinese-hermit.net/127.0.0.1#5353 +ipset=/.chinese-hermit.net/gfwlist +server=/.chinese-leaders.org/127.0.0.1#5353 +ipset=/.chinese-leaders.org/gfwlist +server=/.chinese-memorial.org/127.0.0.1#5353 +ipset=/.chinese-memorial.org/gfwlist +server=/.chinese.donga.com/127.0.0.1#5353 +ipset=/.chinese.donga.com/gfwlist +server=/.chinese.engadget.com/127.0.0.1#5353 +ipset=/.chinese.engadget.com/gfwlist +server=/.chinese.irib.ir/127.0.0.1#5353 +ipset=/.chinese.irib.ir/gfwlist +server=/.chinese.soifind.com/127.0.0.1#5353 +ipset=/.chinese.soifind.com/gfwlist +server=/.chinesedaily.com/127.0.0.1#5353 +ipset=/.chinesedaily.com/gfwlist +server=/.chinesedailynews.com/127.0.0.1#5353 +ipset=/.chinesedailynews.com/gfwlist +server=/.chinesedemocracy.com/127.0.0.1#5353 +ipset=/.chinesedemocracy.com/gfwlist +server=/.chinesegay.org/127.0.0.1#5353 +ipset=/.chinesegay.org/gfwlist +server=/.chinesen.de/127.0.0.1#5353 +ipset=/.chinesen.de/gfwlist +server=/.chinesepen.org/127.0.0.1#5353 +ipset=/.chinesepen.org/gfwlist +server=/.chineseupress.com/127.0.0.1#5353 +ipset=/.chineseupress.com/gfwlist +server=/.chingcheong.com/127.0.0.1#5353 +ipset=/.chingcheong.com/gfwlist +server=/.chinman.net/127.0.0.1#5353 +ipset=/.chinman.net/gfwlist +server=/.chithu.org/127.0.0.1#5353 +ipset=/.chithu.org/gfwlist +server=/.chn.chosun.com/127.0.0.1#5353 +ipset=/.chn.chosun.com/gfwlist +server=/.chobit.cc/127.0.0.1#5353 +ipset=/.chobit.cc/gfwlist +server=/.chrdnet.com/127.0.0.1#5353 +ipset=/.chrdnet.com/gfwlist +server=/.christianfreedom.org/127.0.0.1#5353 +ipset=/.christianfreedom.org/gfwlist +server=/.christianstudy.com/127.0.0.1#5353 +ipset=/.christianstudy.com/gfwlist +server=/.christiantimes.org.hk/127.0.0.1#5353 +ipset=/.christiantimes.org.hk/gfwlist +server=/.chrlawyers.hk/127.0.0.1#5353 +ipset=/.chrlawyers.hk/gfwlist +server=/.chrome.com/127.0.0.1#5353 +ipset=/.chrome.com/gfwlist +server=/.chromecast.com/127.0.0.1#5353 +ipset=/.chromecast.com/gfwlist +server=/.chromeexperiments.com/127.0.0.1#5353 +ipset=/.chromeexperiments.com/gfwlist +server=/.chromercise.com/127.0.0.1#5353 +ipset=/.chromercise.com/gfwlist +server=/.chromestatus.com/127.0.0.1#5353 +ipset=/.chromestatus.com/gfwlist +server=/.chromium.org/127.0.0.1#5353 +ipset=/.chromium.org/gfwlist +server=/.chuang-yen.org/127.0.0.1#5353 +ipset=/.chuang-yen.org/gfwlist +server=/.chubold.com/127.0.0.1#5353 +ipset=/.chubold.com/gfwlist +server=/.chubun.com/127.0.0.1#5353 +ipset=/.chubun.com/gfwlist +server=/.chuizi.net/127.0.0.1#5353 +ipset=/.chuizi.net/gfwlist +server=/.chukuang.gov.tw/127.0.0.1#5353 +ipset=/.chukuang.gov.tw/gfwlist +server=/.chushigangdrug.ch/127.0.0.1#5353 +ipset=/.chushigangdrug.ch/gfwlist +server=/.cienen.com/127.0.0.1#5353 +ipset=/.cienen.com/gfwlist +server=/.cineastentreff.de/127.0.0.1#5353 +ipset=/.cineastentreff.de/gfwlist +server=/.cipfg.org/127.0.0.1#5353 +ipset=/.cipfg.org/gfwlist +server=/.circlethebayfortibet.org/127.0.0.1#5353 +ipset=/.circlethebayfortibet.org/gfwlist +server=/.cirosantilli.com/127.0.0.1#5353 +ipset=/.cirosantilli.com/gfwlist +server=/.citizencn.com/127.0.0.1#5353 +ipset=/.citizencn.com/gfwlist +server=/.citizenlab.org/127.0.0.1#5353 +ipset=/.citizenlab.org/gfwlist +server=/.citizenscommission.hk/127.0.0.1#5353 +ipset=/.citizenscommission.hk/gfwlist +server=/.citizensradio.org/127.0.0.1#5353 +ipset=/.citizensradio.org/gfwlist +server=/.city365.ca/127.0.0.1#5353 +ipset=/.city365.ca/gfwlist +server=/.city9x.com/127.0.0.1#5353 +ipset=/.city9x.com/gfwlist +server=/.citypopulation.de/127.0.0.1#5353 +ipset=/.citypopulation.de/gfwlist +server=/.civicparty.hk/127.0.0.1#5353 +ipset=/.civicparty.hk/gfwlist +server=/.civildisobediencemovement.org/127.0.0.1#5353 +ipset=/.civildisobediencemovement.org/gfwlist +server=/.civilhrfront.org/127.0.0.1#5353 +ipset=/.civilhrfront.org/gfwlist +server=/.civiliangunner.com/127.0.0.1#5353 +ipset=/.civiliangunner.com/gfwlist +server=/.civilmedia.tw/127.0.0.1#5353 +ipset=/.civilmedia.tw/gfwlist +server=/.ck101.com/127.0.0.1#5353 +ipset=/.ck101.com/gfwlist +server=/.cl.d0z.net/127.0.0.1#5353 +ipset=/.cl.d0z.net/gfwlist +server=/.classicalguitarblog.net/127.0.0.1#5353 +ipset=/.classicalguitarblog.net/gfwlist +server=/.clb.org.hk/127.0.0.1#5353 +ipset=/.clb.org.hk/gfwlist +server=/.cldr.unicode.org/127.0.0.1#5353 +ipset=/.cldr.unicode.org/gfwlist +server=/.cleansite.biz/127.0.0.1#5353 +ipset=/.cleansite.biz/gfwlist +server=/.cleansite.info/127.0.0.1#5353 +ipset=/.cleansite.info/gfwlist +server=/.cleansite.us/127.0.0.1#5353 +ipset=/.cleansite.us/gfwlist +server=/.clearharmony.net/127.0.0.1#5353 +ipset=/.clearharmony.net/gfwlist +server=/.clearsurance.com/127.0.0.1#5353 +ipset=/.clearsurance.com/gfwlist +server=/.clearwisdom.net/127.0.0.1#5353 +ipset=/.clearwisdom.net/gfwlist +server=/.clementine-player.org/127.0.0.1#5353 +ipset=/.clementine-player.org/gfwlist +server=/.clientservices.googleapis.com/127.0.0.1#5353 +ipset=/.clientservices.googleapis.com/gfwlist +server=/.cling.omy.sg/127.0.0.1#5353 +ipset=/.cling.omy.sg/gfwlist +server=/.clinica-tibet.ru/127.0.0.1#5353 +ipset=/.clinica-tibet.ru/gfwlist +server=/.clipfish.de/127.0.0.1#5353 +ipset=/.clipfish.de/gfwlist +server=/.cloakpoint.com/127.0.0.1#5353 +ipset=/.cloakpoint.com/gfwlist +server=/.cloud.mail.ru/127.0.0.1#5353 +ipset=/.cloud.mail.ru/gfwlist +server=/.club1069.com/127.0.0.1#5353 +ipset=/.club1069.com/gfwlist +server=/.cmcn.org/127.0.0.1#5353 +ipset=/.cmcn.org/gfwlist +server=/.cmi.org.tw/127.0.0.1#5353 +ipset=/.cmi.org.tw/gfwlist +server=/.cmp.hku.hk/127.0.0.1#5353 +ipset=/.cmp.hku.hk/gfwlist +server=/.cms.gov/127.0.0.1#5353 +ipset=/.cms.gov/gfwlist +server=/.cmule.com/127.0.0.1#5353 +ipset=/.cmule.com/gfwlist +server=/.cmule.org/127.0.0.1#5353 +ipset=/.cmule.org/gfwlist +server=/.cmx.im/127.0.0.1#5353 +ipset=/.cmx.im/gfwlist +server=/.cn-proxy.com/127.0.0.1#5353 +ipset=/.cn-proxy.com/gfwlist +server=/.cn.calameo.com/127.0.0.1#5353 +ipset=/.cn.calameo.com/gfwlist +server=/.cn.dayabook.com/127.0.0.1#5353 +ipset=/.cn.dayabook.com/gfwlist +server=/.cn.fmnnow.com/127.0.0.1#5353 +ipset=/.cn.fmnnow.com/gfwlist +server=/.cn.freeones.com/127.0.0.1#5353 +ipset=/.cn.freeones.com/gfwlist +server=/.cn.gravatar.com/127.0.0.1#5353 +ipset=/.cn.gravatar.com/gfwlist +server=/.cn.ibtimes.com/127.0.0.1#5353 +ipset=/.cn.ibtimes.com/gfwlist +server=/.cn.nytstyle.com/127.0.0.1#5353 +ipset=/.cn.nytstyle.com/gfwlist +server=/.cn.sandscotaicentral.com/127.0.0.1#5353 +ipset=/.cn.sandscotaicentral.com/gfwlist +server=/.cn.shafaqna.com/127.0.0.1#5353 +ipset=/.cn.shafaqna.com/gfwlist +server=/.cn.thegay.com/127.0.0.1#5353 +ipset=/.cn.thegay.com/gfwlist +server=/.cn.uncyclopedia.wikia.com/127.0.0.1#5353 +ipset=/.cn.uncyclopedia.wikia.com/gfwlist +server=/.cn.uptodown.com/127.0.0.1#5353 +ipset=/.cn.uptodown.com/gfwlist +server=/.cn.v2ex.com/127.0.0.1#5353 +ipset=/.cn.v2ex.com/gfwlist +server=/.cn.voa.mobi/127.0.0.1#5353 +ipset=/.cn.voa.mobi/gfwlist +server=/.cn2.streetvoice.com/127.0.0.1#5353 +ipset=/.cn2.streetvoice.com/gfwlist +server=/.cn6.eu/127.0.0.1#5353 +ipset=/.cn6.eu/gfwlist +server=/.cna.com.tw/127.0.0.1#5353 +ipset=/.cna.com.tw/gfwlist +server=/.cnabc.com/127.0.0.1#5353 +ipset=/.cnabc.com/gfwlist +server=/.cnbbnews.wordpress.com/127.0.0.1#5353 +ipset=/.cnbbnews.wordpress.com/gfwlist +server=/.cnd.org/127.0.0.1#5353 +ipset=/.cnd.org/gfwlist +server=/.cnex.org.cn/127.0.0.1#5353 +ipset=/.cnex.org.cn/gfwlist +server=/.cnineu.com/127.0.0.1#5353 +ipset=/.cnineu.com/gfwlist +server=/.cnpolitics.org/127.0.0.1#5353 +ipset=/.cnpolitics.org/gfwlist +server=/.cnproxy.com/127.0.0.1#5353 +ipset=/.cnproxy.com/gfwlist +server=/.co.ng.mil/127.0.0.1#5353 +ipset=/.co.ng.mil/gfwlist +server=/.coat.co.jp/127.0.0.1#5353 +ipset=/.coat.co.jp/gfwlist +server=/.cochina.co/127.0.0.1#5353 +ipset=/.cochina.co/gfwlist +server=/.cochina.org/127.0.0.1#5353 +ipset=/.cochina.org/gfwlist +server=/.codeshare.io/127.0.0.1#5353 +ipset=/.codeshare.io/gfwlist +server=/.codeskulptor.org/127.0.0.1#5353 +ipset=/.codeskulptor.org/gfwlist +server=/.coin2co.in/127.0.0.1#5353 +ipset=/.coin2co.in/gfwlist +server=/.coinegg.com/127.0.0.1#5353 +ipset=/.coinegg.com/gfwlist +server=/.coinex.com/127.0.0.1#5353 +ipset=/.coinex.com/gfwlist +server=/.coingi.com/127.0.0.1#5353 +ipset=/.coingi.com/gfwlist +server=/.coinrail.co.kr/127.0.0.1#5353 +ipset=/.coinrail.co.kr/gfwlist +server=/.cointobe.com/127.0.0.1#5353 +ipset=/.cointobe.com/gfwlist +server=/.coinut.com/127.0.0.1#5353 +ipset=/.coinut.com/gfwlist +server=/.collateralmurder.com/127.0.0.1#5353 +ipset=/.collateralmurder.com/gfwlist +server=/.collateralmurder.org/127.0.0.1#5353 +ipset=/.collateralmurder.org/gfwlist +server=/.com.google/127.0.0.1#5353 +ipset=/.com.google/gfwlist +server=/.comefromchina.com/127.0.0.1#5353 +ipset=/.comefromchina.com/gfwlist +server=/.comic-mega.me/127.0.0.1#5353 +ipset=/.comic-mega.me/gfwlist +server=/.commandarms.com/127.0.0.1#5353 +ipset=/.commandarms.com/gfwlist +server=/.commentshk.com/127.0.0.1#5353 +ipset=/.commentshk.com/gfwlist +server=/.communistcrimes.org/127.0.0.1#5353 +ipset=/.communistcrimes.org/gfwlist +server=/.community.windy.com/127.0.0.1#5353 +ipset=/.community.windy.com/gfwlist +server=/.communitychoicecu.com/127.0.0.1#5353 +ipset=/.communitychoicecu.com/gfwlist +server=/.compileheart.com/127.0.0.1#5353 +ipset=/.compileheart.com/gfwlist +server=/.compress.to/127.0.0.1#5353 +ipset=/.compress.to/gfwlist +server=/.connect.facebook.net/127.0.0.1#5353 +ipset=/.connect.facebook.net/gfwlist +server=/.connectivitycheck.gstatic.com/127.0.0.1#5353 +ipset=/.connectivitycheck.gstatic.com/gfwlist +server=/.conoha.jp/127.0.0.1#5353 +ipset=/.conoha.jp/gfwlist +server=/.contactmagazine.net/127.0.0.1#5353 +ipset=/.contactmagazine.net/gfwlist +server=/.contests.twilio.com/127.0.0.1#5353 +ipset=/.contests.twilio.com/gfwlist +server=/.convio.net/127.0.0.1#5353 +ipset=/.convio.net/gfwlist +server=/.coobay.com/127.0.0.1#5353 +ipset=/.coobay.com/gfwlist +server=/.coolaler.com/127.0.0.1#5353 +ipset=/.coolaler.com/gfwlist +server=/.coolder.com/127.0.0.1#5353 +ipset=/.coolder.com/gfwlist +server=/.coolloud.org.tw/127.0.0.1#5353 +ipset=/.coolloud.org.tw/gfwlist +server=/.coolncute.com/127.0.0.1#5353 +ipset=/.coolncute.com/gfwlist +server=/.coolstuffinc.com/127.0.0.1#5353 +ipset=/.coolstuffinc.com/gfwlist +server=/.corumcollege.com/127.0.0.1#5353 +ipset=/.corumcollege.com/gfwlist +server=/.cos-moe.com/127.0.0.1#5353 +ipset=/.cos-moe.com/gfwlist +server=/.cosmic.monar.ch/127.0.0.1#5353 +ipset=/.cosmic.monar.ch/gfwlist +server=/.cosplayjav.pl/127.0.0.1#5353 +ipset=/.cosplayjav.pl/gfwlist +server=/.costco.com/127.0.0.1#5353 +ipset=/.costco.com/gfwlist +server=/.cotweet.com/127.0.0.1#5353 +ipset=/.cotweet.com/gfwlist +server=/.coursehero.com/127.0.0.1#5353 +ipset=/.coursehero.com/gfwlist +server=/.cpj.org/127.0.0.1#5353 +ipset=/.cpj.org/gfwlist +server=/.cq99.us/127.0.0.1#5353 +ipset=/.cq99.us/gfwlist +server=/.crackle.com/127.0.0.1#5353 +ipset=/.crackle.com/gfwlist +server=/.crazys.cc/127.0.0.1#5353 +ipset=/.crazys.cc/gfwlist +server=/.crazyshit.com/127.0.0.1#5353 +ipset=/.crazyshit.com/gfwlist +server=/.crchina.org/127.0.0.1#5353 +ipset=/.crchina.org/gfwlist +server=/.crd-net.org/127.0.0.1#5353 +ipset=/.crd-net.org/gfwlist +server=/.creaders.net/127.0.0.1#5353 +ipset=/.creaders.net/gfwlist +server=/.creadersnet.com/127.0.0.1#5353 +ipset=/.creadersnet.com/gfwlist +server=/.creativelab5.com/127.0.0.1#5353 +ipset=/.creativelab5.com/gfwlist +server=/.cristyli.com/127.0.0.1#5353 +ipset=/.cristyli.com/gfwlist +server=/.crocotube.com/127.0.0.1#5353 +ipset=/.crocotube.com/gfwlist +server=/.cromotc.nat.gov.tw/127.0.0.1#5353 +ipset=/.cromotc.nat.gov.tw/gfwlist +server=/.crossfire.co.kr/127.0.0.1#5353 +ipset=/.crossfire.co.kr/gfwlist +server=/.crossthewall.net/127.0.0.1#5353 +ipset=/.crossthewall.net/gfwlist +server=/.crossvpn.net/127.0.0.1#5353 +ipset=/.crossvpn.net/gfwlist +server=/.crrev.com/127.0.0.1#5353 +ipset=/.crrev.com/gfwlist +server=/.crucial.com/127.0.0.1#5353 +ipset=/.crucial.com/gfwlist +server=/.csdparty.com/127.0.0.1#5353 +ipset=/.csdparty.com/gfwlist +server=/.csi.gstatic.com/127.0.0.1#5353 +ipset=/.csi.gstatic.com/gfwlist +server=/.css.pixnet.in/127.0.0.1#5353 +ipset=/.css.pixnet.in/gfwlist +server=/.csuchen.de/127.0.0.1#5353 +ipset=/.csuchen.de/gfwlist +server=/.csw.org.uk/127.0.0.1#5353 +ipset=/.csw.org.uk/gfwlist +server=/.ct.org.tw/127.0.0.1#5353 +ipset=/.ct.org.tw/gfwlist +server=/.ctao.org/127.0.0.1#5353 +ipset=/.ctao.org/gfwlist +server=/.ctfriend.net/127.0.0.1#5353 +ipset=/.ctfriend.net/gfwlist +server=/.ctitv.com.tw/127.0.0.1#5353 +ipset=/.ctitv.com.tw/gfwlist +server=/.cts.com.tw/127.0.0.1#5353 +ipset=/.cts.com.tw/gfwlist +server=/.cuihua.org/127.0.0.1#5353 +ipset=/.cuihua.org/gfwlist +server=/.cuiweiping.net/127.0.0.1#5353 +ipset=/.cuiweiping.net/gfwlist +server=/.culture.tw/127.0.0.1#5353 +ipset=/.culture.tw/gfwlist +server=/.cumlouder.com/127.0.0.1#5353 +ipset=/.cumlouder.com/gfwlist +server=/.curvefish.com/127.0.0.1#5353 +ipset=/.curvefish.com/gfwlist +server=/.cusu.hk/127.0.0.1#5353 +ipset=/.cusu.hk/gfwlist +server=/.cutscenes.net/127.0.0.1#5353 +ipset=/.cutscenes.net/gfwlist +server=/.cw.com.tw/127.0.0.1#5353 +ipset=/.cw.com.tw/gfwlist +server=/.cwb.gov.tw/127.0.0.1#5353 +ipset=/.cwb.gov.tw/gfwlist +server=/.cyberghost.natado.com/127.0.0.1#5353 +ipset=/.cyberghost.natado.com/gfwlist +server=/.cyberghostvpn.com/127.0.0.1#5353 +ipset=/.cyberghostvpn.com/gfwlist +server=/.cycab.gov.tw/127.0.0.1#5353 +ipset=/.cycab.gov.tw/gfwlist +server=/.cynscribe.com/127.0.0.1#5353 +ipset=/.cynscribe.com/gfwlist +server=/.cytode.us/127.0.0.1#5353 +ipset=/.cytode.us/gfwlist +server=/.d-fukyu.com/127.0.0.1#5353 +ipset=/.d-fukyu.com/gfwlist +server=/.d100.net/127.0.0.1#5353 +ipset=/.d100.net/gfwlist +server=/.d1b183sg0nvnuh.cloudfront.net/127.0.0.1#5353 +ipset=/.d1b183sg0nvnuh.cloudfront.net/gfwlist +server=/.d1c37gjwa26taa.cloudfront.net/127.0.0.1#5353 +ipset=/.d1c37gjwa26taa.cloudfront.net/gfwlist +server=/.d2bay.com/127.0.0.1#5353 +ipset=/.d2bay.com/gfwlist +server=/.d2pass.com/127.0.0.1#5353 +ipset=/.d2pass.com/gfwlist +server=/.d3c33hcgiwev3.cloudfront.net/127.0.0.1#5353 +ipset=/.d3c33hcgiwev3.cloudfront.net/gfwlist +server=/.d3rhr7kgmtrq1v.cloudfront.net/127.0.0.1#5353 +ipset=/.d3rhr7kgmtrq1v.cloudfront.net/gfwlist +server=/.dabr.co.uk/127.0.0.1#5353 +ipset=/.dabr.co.uk/gfwlist +server=/.dabr.eu/127.0.0.1#5353 +ipset=/.dabr.eu/gfwlist +server=/.dabr.me/127.0.0.1#5353 +ipset=/.dabr.me/gfwlist +server=/.dabr.mobi/127.0.0.1#5353 +ipset=/.dabr.mobi/gfwlist +server=/.dadazim.com/127.0.0.1#5353 +ipset=/.dadazim.com/gfwlist +server=/.dadi360.com/127.0.0.1#5353 +ipset=/.dadi360.com/gfwlist +server=/.dafabet.com/127.0.0.1#5353 +ipset=/.dafabet.com/gfwlist +server=/.dafagood.com/127.0.0.1#5353 +ipset=/.dafagood.com/gfwlist +server=/.dafahao.com/127.0.0.1#5353 +ipset=/.dafahao.com/gfwlist +server=/.dafoh.org/127.0.0.1#5353 +ipset=/.dafoh.org/gfwlist +server=/.daftporn.com/127.0.0.1#5353 +ipset=/.daftporn.com/gfwlist +server=/.dagelijksestandaard.nl/127.0.0.1#5353 +ipset=/.dagelijksestandaard.nl/gfwlist +server=/.daidostup.ru/127.0.0.1#5353 +ipset=/.daidostup.ru/gfwlist +server=/.dailidaili.com/127.0.0.1#5353 +ipset=/.dailidaili.com/gfwlist +server=/.dailymotion.com/127.0.0.1#5353 +ipset=/.dailymotion.com/gfwlist +server=/.daiphapinfo.net/127.0.0.1#5353 +ipset=/.daiphapinfo.net/gfwlist +server=/.dajiyuan.com/127.0.0.1#5353 +ipset=/.dajiyuan.com/gfwlist +server=/.dajiyuan.de/127.0.0.1#5353 +ipset=/.dajiyuan.de/gfwlist +server=/.dajiyuan.eu/127.0.0.1#5353 +ipset=/.dajiyuan.eu/gfwlist +server=/.dajusha.baywords.com/127.0.0.1#5353 +ipset=/.dajusha.baywords.com/gfwlist +server=/.dalailama-archives.org/127.0.0.1#5353 +ipset=/.dalailama-archives.org/gfwlist +server=/.dalailama.com/127.0.0.1#5353 +ipset=/.dalailama.com/gfwlist +server=/.dalailama.mn/127.0.0.1#5353 +ipset=/.dalailama.mn/gfwlist +server=/.dalailama.ru/127.0.0.1#5353 +ipset=/.dalailama.ru/gfwlist +server=/.dalailama.usc.edu/127.0.0.1#5353 +ipset=/.dalailama.usc.edu/gfwlist +server=/.dalailama80.org/127.0.0.1#5353 +ipset=/.dalailama80.org/gfwlist +server=/.dalailamacenter.org/127.0.0.1#5353 +ipset=/.dalailamacenter.org/gfwlist +server=/.dalailamafellows.org/127.0.0.1#5353 +ipset=/.dalailamafellows.org/gfwlist +server=/.dalailamafilm.com/127.0.0.1#5353 +ipset=/.dalailamafilm.com/gfwlist +server=/.dalailamafoundation.org/127.0.0.1#5353 +ipset=/.dalailamafoundation.org/gfwlist +server=/.dalailamahindi.com/127.0.0.1#5353 +ipset=/.dalailamahindi.com/gfwlist +server=/.dalailamainaustralia.org/127.0.0.1#5353 +ipset=/.dalailamainaustralia.org/gfwlist +server=/.dalailamajapanese.com/127.0.0.1#5353 +ipset=/.dalailamajapanese.com/gfwlist +server=/.dalailamaprotesters.info/127.0.0.1#5353 +ipset=/.dalailamaprotesters.info/gfwlist +server=/.dalailamaquotes.org/127.0.0.1#5353 +ipset=/.dalailamaquotes.org/gfwlist +server=/.dalailamatrust.org/127.0.0.1#5353 +ipset=/.dalailamatrust.org/gfwlist +server=/.dalailamavisit.org.nz/127.0.0.1#5353 +ipset=/.dalailamavisit.org.nz/gfwlist +server=/.dalailamaworld.com/127.0.0.1#5353 +ipset=/.dalailamaworld.com/gfwlist +server=/.dalianmeng.org/127.0.0.1#5353 +ipset=/.dalianmeng.org/gfwlist +server=/.daliulian.org/127.0.0.1#5353 +ipset=/.daliulian.org/gfwlist +server=/.danbooru.donmai.us/127.0.0.1#5353 +ipset=/.danbooru.donmai.us/gfwlist +server=/.danke4china.net/127.0.0.1#5353 +ipset=/.danke4china.net/gfwlist +server=/.danwei.org/127.0.0.1#5353 +ipset=/.danwei.org/gfwlist +server=/.daodu14.jigsy.com/127.0.0.1#5353 +ipset=/.daodu14.jigsy.com/gfwlist +server=/.daolan.net/127.0.0.1#5353 +ipset=/.daolan.net/gfwlist +server=/.daozhongxing.org/127.0.0.1#5353 +ipset=/.daozhongxing.org/gfwlist +server=/.darktech.org/127.0.0.1#5353 +ipset=/.darktech.org/gfwlist +server=/.darktoy.net/127.0.0.1#5353 +ipset=/.darktoy.net/gfwlist +server=/.darpa.mil/127.0.0.1#5353 +ipset=/.darpa.mil/gfwlist +server=/.dastrassi.org/127.0.0.1#5353 +ipset=/.dastrassi.org/gfwlist +server=/.data-vocabulary.org/127.0.0.1#5353 +ipset=/.data-vocabulary.org/gfwlist +server=/.data.flurry.com/127.0.0.1#5353 +ipset=/.data.flurry.com/gfwlist +server=/.data.gov.tw/127.0.0.1#5353 +ipset=/.data.gov.tw/gfwlist +server=/.david-kilgour.com/127.0.0.1#5353 +ipset=/.david-kilgour.com/gfwlist +server=/.dawangidc.com/127.0.0.1#5353 +ipset=/.dawangidc.com/gfwlist +server=/.daxa.cn/127.0.0.1#5353 +ipset=/.daxa.cn/gfwlist +server=/.db.tt/127.0.0.1#5353 +ipset=/.db.tt/gfwlist +server=/.dbnsa.gov.tw/127.0.0.1#5353 +ipset=/.dbnsa.gov.tw/gfwlist +server=/.dcard.tw/127.0.0.1#5353 +ipset=/.dcard.tw/gfwlist +server=/.dcmilitary.com/127.0.0.1#5353 +ipset=/.dcmilitary.com/gfwlist +server=/.ddc.com.tw/127.0.0.1#5353 +ipset=/.ddc.com.tw/gfwlist +server=/.ddhw.info/127.0.0.1#5353 +ipset=/.ddhw.info/gfwlist +server=/.ddns.info/127.0.0.1#5353 +ipset=/.ddns.info/gfwlist +server=/.ddns.me.uk/127.0.0.1#5353 +ipset=/.ddns.me.uk/gfwlist +server=/.ddns.mobi/127.0.0.1#5353 +ipset=/.ddns.mobi/gfwlist +server=/.ddns.ms/127.0.0.1#5353 +ipset=/.ddns.ms/gfwlist +server=/.ddns.name/127.0.0.1#5353 +ipset=/.ddns.name/gfwlist +server=/.ddns.us/127.0.0.1#5353 +ipset=/.ddns.us/gfwlist +server=/.de-sci.org/127.0.0.1#5353 +ipset=/.de-sci.org/gfwlist +server=/.deaftone.com/127.0.0.1#5353 +ipset=/.deaftone.com/gfwlist +server=/.debug.com/127.0.0.1#5353 +ipset=/.debug.com/gfwlist +server=/.deck.ly/127.0.0.1#5353 +ipset=/.deck.ly/gfwlist +server=/.decodet.co/127.0.0.1#5353 +ipset=/.decodet.co/gfwlist +server=/.deepmind.com/127.0.0.1#5353 +ipset=/.deepmind.com/gfwlist +server=/.deezer.com/127.0.0.1#5353 +ipset=/.deezer.com/gfwlist +server=/.definebabe.com/127.0.0.1#5353 +ipset=/.definebabe.com/gfwlist +server=/.deja.com/127.0.0.1#5353 +ipset=/.deja.com/gfwlist +server=/.delcamp.net/127.0.0.1#5353 +ipset=/.delcamp.net/gfwlist +server=/.demo.opera-mini.net/127.0.0.1#5353 +ipset=/.demo.opera-mini.net/gfwlist +server=/.democrats.org/127.0.0.1#5353 +ipset=/.democrats.org/gfwlist +server=/.depositphotos.com/127.0.0.1#5353 +ipset=/.depositphotos.com/gfwlist +server=/.derekhsu.homeip.net/127.0.0.1#5353 +ipset=/.derekhsu.homeip.net/gfwlist +server=/.desc.se/127.0.0.1#5353 +ipset=/.desc.se/gfwlist +server=/.design.google/127.0.0.1#5353 +ipset=/.design.google/gfwlist +server=/.desipro.de/127.0.0.1#5353 +ipset=/.desipro.de/gfwlist +server=/.dessci.com/127.0.0.1#5353 +ipset=/.dessci.com/gfwlist +server=/.destroy-china.jp/127.0.0.1#5353 +ipset=/.destroy-china.jp/gfwlist +server=/.deutsche-welle.de/127.0.0.1#5353 +ipset=/.deutsche-welle.de/gfwlist +server=/.developers.box.net/127.0.0.1#5353 +ipset=/.developers.box.net/gfwlist +server=/.devio.us/127.0.0.1#5353 +ipset=/.devio.us/gfwlist +server=/.devpn.com/127.0.0.1#5353 +ipset=/.devpn.com/gfwlist +server=/.df.gov.tw/127.0.0.1#5353 +ipset=/.df.gov.tw/gfwlist +server=/.dfas.mil/127.0.0.1#5353 +ipset=/.dfas.mil/gfwlist +server=/.dfn.org/127.0.0.1#5353 +ipset=/.dfn.org/gfwlist +server=/.dharamsalanet.com/127.0.0.1#5353 +ipset=/.dharamsalanet.com/gfwlist +server=/.dharmakara.net/127.0.0.1#5353 +ipset=/.dharmakara.net/gfwlist +server=/.dhcp.biz/127.0.0.1#5353 +ipset=/.dhcp.biz/gfwlist +server=/.diaoyuislands.org/127.0.0.1#5353 +ipset=/.diaoyuislands.org/gfwlist +server=/.dictionary.goo.ne.jp/127.0.0.1#5353 +ipset=/.dictionary.goo.ne.jp/gfwlist +server=/.difangwenge.org/127.0.0.1#5353 +ipset=/.difangwenge.org/gfwlist +server=/.digisfera.com/127.0.0.1#5353 +ipset=/.digisfera.com/gfwlist +server=/.digitalnomadsproject.org/127.0.0.1#5353 +ipset=/.digitalnomadsproject.org/gfwlist +server=/.diigo.com/127.0.0.1#5353 +ipset=/.diigo.com/gfwlist +server=/.dilber.se/127.0.0.1#5353 +ipset=/.dilber.se/gfwlist +server=/.dingchin.com.tw/127.0.0.1#5353 +ipset=/.dingchin.com.tw/gfwlist +server=/.dipity.com/127.0.0.1#5353 +ipset=/.dipity.com/gfwlist +server=/.directcreative.com/127.0.0.1#5353 +ipset=/.directcreative.com/gfwlist +server=/.discoins.com/127.0.0.1#5353 +ipset=/.discoins.com/gfwlist +server=/.discordapp.com/127.0.0.1#5353 +ipset=/.discordapp.com/gfwlist +server=/.discordapp.net/127.0.0.1#5353 +ipset=/.discordapp.net/gfwlist +server=/.discuss.com.hk/127.0.0.1#5353 +ipset=/.discuss.com.hk/gfwlist +server=/.discuss4u.com/127.0.0.1#5353 +ipset=/.discuss4u.com/gfwlist +server=/.dish.com/127.0.0.1#5353 +ipset=/.dish.com/gfwlist +server=/.disp.cc/127.0.0.1#5353 +ipset=/.disp.cc/gfwlist +server=/.disqus.com/127.0.0.1#5353 +ipset=/.disqus.com/gfwlist +server=/.dit-inc.us/127.0.0.1#5353 +ipset=/.dit-inc.us/gfwlist +server=/.dizhidizhi.com/127.0.0.1#5353 +ipset=/.dizhidizhi.com/gfwlist +server=/.dizhuzhishang.com/127.0.0.1#5353 +ipset=/.dizhuzhishang.com/gfwlist +server=/.djangosnippets.org/127.0.0.1#5353 +ipset=/.djangosnippets.org/gfwlist +server=/.djorz.com/127.0.0.1#5353 +ipset=/.djorz.com/gfwlist +server=/.dl-laby.jp/127.0.0.1#5353 +ipset=/.dl-laby.jp/gfwlist +server=/.dl.box.net/127.0.0.1#5353 +ipset=/.dl.box.net/gfwlist +server=/.dl.google.com/127.0.0.1#5353 +ipset=/.dl.google.com/gfwlist +server=/.dlsite.com/127.0.0.1#5353 +ipset=/.dlsite.com/gfwlist +server=/.dlyoutube.com/127.0.0.1#5353 +ipset=/.dlyoutube.com/gfwlist +server=/.dm530.net/127.0.0.1#5353 +ipset=/.dm530.net/gfwlist +server=/.dmcdn.net/127.0.0.1#5353 +ipset=/.dmcdn.net/gfwlist +server=/.dmm.co.jp/127.0.0.1#5353 +ipset=/.dmm.co.jp/gfwlist +server=/.dns-dns.com/127.0.0.1#5353 +ipset=/.dns-dns.com/gfwlist +server=/.dns-stuff.com/127.0.0.1#5353 +ipset=/.dns-stuff.com/gfwlist +server=/.dns04.com/127.0.0.1#5353 +ipset=/.dns04.com/gfwlist +server=/.dns05.com/127.0.0.1#5353 +ipset=/.dns05.com/gfwlist +server=/.dns1.us/127.0.0.1#5353 +ipset=/.dns1.us/gfwlist +server=/.dns2.us/127.0.0.1#5353 +ipset=/.dns2.us/gfwlist +server=/.dns2go.com/127.0.0.1#5353 +ipset=/.dns2go.com/gfwlist +server=/.dnscrypt.org/127.0.0.1#5353 +ipset=/.dnscrypt.org/gfwlist +server=/.dnset.com/127.0.0.1#5353 +ipset=/.dnset.com/gfwlist +server=/.dnsrd.com/127.0.0.1#5353 +ipset=/.dnsrd.com/gfwlist +server=/.dnssec.net/127.0.0.1#5353 +ipset=/.dnssec.net/gfwlist +server=/.dnvod.tv/127.0.0.1#5353 +ipset=/.dnvod.tv/gfwlist +server=/.doctorvoice.org/127.0.0.1#5353 +ipset=/.doctorvoice.org/gfwlist +server=/.dojin.com/127.0.0.1#5353 +ipset=/.dojin.com/gfwlist +server=/.dok-forum.net/127.0.0.1#5353 +ipset=/.dok-forum.net/gfwlist +server=/.dolc.de/127.0.0.1#5353 +ipset=/.dolc.de/gfwlist +server=/.dolf.org.hk/127.0.0.1#5353 +ipset=/.dolf.org.hk/gfwlist +server=/.dollf.com/127.0.0.1#5353 +ipset=/.dollf.com/gfwlist +server=/.domain.club.tw/127.0.0.1#5353 +ipset=/.domain.club.tw/gfwlist +server=/.domainhelp.search.com/127.0.0.1#5353 +ipset=/.domainhelp.search.com/gfwlist +server=/.domains.google/127.0.0.1#5353 +ipset=/.domains.google/gfwlist +server=/.domaintoday.com.au/127.0.0.1#5353 +ipset=/.domaintoday.com.au/gfwlist +server=/.dongtaiwang.com/127.0.0.1#5353 +ipset=/.dongtaiwang.com/gfwlist +server=/.dongtaiwang.net/127.0.0.1#5353 +ipset=/.dongtaiwang.net/gfwlist +server=/.dongyangjing.com/127.0.0.1#5353 +ipset=/.dongyangjing.com/gfwlist +server=/.dontfilter.us/127.0.0.1#5353 +ipset=/.dontfilter.us/gfwlist +server=/.dontmovetochina.com/127.0.0.1#5353 +ipset=/.dontmovetochina.com/gfwlist +server=/.dorjeshugden.com/127.0.0.1#5353 +ipset=/.dorjeshugden.com/gfwlist +server=/.dotplane.com/127.0.0.1#5353 +ipset=/.dotplane.com/gfwlist +server=/.dotsub.com/127.0.0.1#5353 +ipset=/.dotsub.com/gfwlist +server=/.dotvpn.com/127.0.0.1#5353 +ipset=/.dotvpn.com/gfwlist +server=/.doub.io/127.0.0.1#5353 +ipset=/.doub.io/gfwlist +server=/.dougscripts.com/127.0.0.1#5353 +ipset=/.dougscripts.com/gfwlist +server=/.douhokanko.net/127.0.0.1#5353 +ipset=/.douhokanko.net/gfwlist +server=/.doujincafe.com/127.0.0.1#5353 +ipset=/.doujincafe.com/gfwlist +server=/.dowei.org/127.0.0.1#5353 +ipset=/.dowei.org/gfwlist +server=/.download.aircrack-ng.org/127.0.0.1#5353 +ipset=/.download.aircrack-ng.org/gfwlist +server=/.download.cnet.com/127.0.0.1#5353 +ipset=/.download.cnet.com/gfwlist +server=/.download.ithome.com.tw/127.0.0.1#5353 +ipset=/.download.ithome.com.tw/gfwlist +server=/.download.syniumsoftware.com/127.0.0.1#5353 +ipset=/.download.syniumsoftware.com/gfwlist +server=/.dphk.org/127.0.0.1#5353 +ipset=/.dphk.org/gfwlist +server=/.dpp.org.tw/127.0.0.1#5353 +ipset=/.dpp.org.tw/gfwlist +server=/.dpr.info/127.0.0.1#5353 +ipset=/.dpr.info/gfwlist +server=/.dragonex.io/127.0.0.1#5353 +ipset=/.dragonex.io/gfwlist +server=/.dragonsprings.org/127.0.0.1#5353 +ipset=/.dragonsprings.org/gfwlist +server=/.dreamamateurs.com/127.0.0.1#5353 +ipset=/.dreamamateurs.com/gfwlist +server=/.drepung.org/127.0.0.1#5353 +ipset=/.drepung.org/gfwlist +server=/.drgan.net/127.0.0.1#5353 +ipset=/.drgan.net/gfwlist +server=/.drmingxia.org/127.0.0.1#5353 +ipset=/.drmingxia.org/gfwlist +server=/.dropbooks.tv/127.0.0.1#5353 +ipset=/.dropbooks.tv/gfwlist +server=/.dropbox.com/127.0.0.1#5353 +ipset=/.dropbox.com/gfwlist +server=/.dropboxusercontent.com/127.0.0.1#5353 +ipset=/.dropboxusercontent.com/gfwlist +server=/.drsunacademy.com/127.0.0.1#5353 +ipset=/.drsunacademy.com/gfwlist +server=/.drtuber.com/127.0.0.1#5353 +ipset=/.drtuber.com/gfwlist +server=/.dscn.info/127.0.0.1#5353 +ipset=/.dscn.info/gfwlist +server=/.dsmtp.com/127.0.0.1#5353 +ipset=/.dsmtp.com/gfwlist +server=/.dstk.dk/127.0.0.1#5353 +ipset=/.dstk.dk/gfwlist +server=/.dtdns.net/127.0.0.1#5353 +ipset=/.dtdns.net/gfwlist +server=/.dtiblog.com/127.0.0.1#5353 +ipset=/.dtiblog.com/gfwlist +server=/.dtic.mil/127.0.0.1#5353 +ipset=/.dtic.mil/gfwlist +server=/.dtwang.org/127.0.0.1#5353 +ipset=/.dtwang.org/gfwlist +server=/.duanzhihu.com/127.0.0.1#5353 +ipset=/.duanzhihu.com/gfwlist +server=/.duck.com/127.0.0.1#5353 +ipset=/.duck.com/gfwlist +server=/.duckdns.org/127.0.0.1#5353 +ipset=/.duckdns.org/gfwlist +server=/.duckduckgo-owned-server.yahoo.net/127.0.0.1#5353 +ipset=/.duckduckgo-owned-server.yahoo.net/gfwlist +server=/.duckduckgo.com/127.0.0.1#5353 +ipset=/.duckduckgo.com/gfwlist +server=/.duckmylife.com/127.0.0.1#5353 +ipset=/.duckmylife.com/gfwlist +server=/.duga.jp/127.0.0.1#5353 +ipset=/.duga.jp/gfwlist +server=/.duihua.org/127.0.0.1#5353 +ipset=/.duihua.org/gfwlist +server=/.duihuahrjournal.org/127.0.0.1#5353 +ipset=/.duihuahrjournal.org/gfwlist +server=/.dumb1.com/127.0.0.1#5353 +ipset=/.dumb1.com/gfwlist +server=/.dunyabulteni.net/127.0.0.1#5353 +ipset=/.dunyabulteni.net/gfwlist +server=/.duoweitimes.com/127.0.0.1#5353 +ipset=/.duoweitimes.com/gfwlist +server=/.duping.net/127.0.0.1#5353 +ipset=/.duping.net/gfwlist +server=/.duplicati.com/127.0.0.1#5353 +ipset=/.duplicati.com/gfwlist +server=/.dupola.com/127.0.0.1#5353 +ipset=/.dupola.com/gfwlist +server=/.dupola.net/127.0.0.1#5353 +ipset=/.dupola.net/gfwlist +server=/.dushi.ca/127.0.0.1#5353 +ipset=/.dushi.ca/gfwlist +server=/.dvdpac.com/127.0.0.1#5353 +ipset=/.dvdpac.com/gfwlist +server=/.dvorak.org/127.0.0.1#5353 +ipset=/.dvorak.org/gfwlist +server=/.dw-world.com/127.0.0.1#5353 +ipset=/.dw-world.com/gfwlist +server=/.dw-world.de/127.0.0.1#5353 +ipset=/.dw-world.de/gfwlist +server=/.dw.com/127.0.0.1#5353 +ipset=/.dw.com/gfwlist +server=/.dw.de/127.0.0.1#5353 +ipset=/.dw.de/gfwlist +server=/.dwnews.com/127.0.0.1#5353 +ipset=/.dwnews.com/gfwlist +server=/.dwnews.net/127.0.0.1#5353 +ipset=/.dwnews.net/gfwlist +server=/.dynamic-dns.net/127.0.0.1#5353 +ipset=/.dynamic-dns.net/gfwlist +server=/.dynamicdns.biz/127.0.0.1#5353 +ipset=/.dynamicdns.biz/gfwlist +server=/.dynamicdns.co.uk/127.0.0.1#5353 +ipset=/.dynamicdns.co.uk/gfwlist +server=/.dynamicdns.me.uk/127.0.0.1#5353 +ipset=/.dynamicdns.me.uk/gfwlist +server=/.dynamicdns.org.uk/127.0.0.1#5353 +ipset=/.dynamicdns.org.uk/gfwlist +server=/.dynawebinc.com/127.0.0.1#5353 +ipset=/.dynawebinc.com/gfwlist +server=/.dyndns-ip.com/127.0.0.1#5353 +ipset=/.dyndns-ip.com/gfwlist +server=/.dyndns-pics.com/127.0.0.1#5353 +ipset=/.dyndns-pics.com/gfwlist +server=/.dyndns.org/127.0.0.1#5353 +ipset=/.dyndns.org/gfwlist +server=/.dyndns.pro/127.0.0.1#5353 +ipset=/.dyndns.pro/gfwlist +server=/.dynssl.com/127.0.0.1#5353 +ipset=/.dynssl.com/gfwlist +server=/.dynu.com/127.0.0.1#5353 +ipset=/.dynu.com/gfwlist +server=/.dynu.net/127.0.0.1#5353 +ipset=/.dynu.net/gfwlist +server=/.dzze.com/127.0.0.1#5353 +ipset=/.dzze.com/gfwlist +server=/.e-classical.com.tw/127.0.0.1#5353 +ipset=/.e-classical.com.tw/gfwlist +server=/.e-gold.com/127.0.0.1#5353 +ipset=/.e-gold.com/gfwlist +server=/.e-hentai.org/127.0.0.1#5353 +ipset=/.e-hentai.org/gfwlist +server=/.e-hentaidb.com/127.0.0.1#5353 +ipset=/.e-hentaidb.com/gfwlist +server=/.e-info.org.tw/127.0.0.1#5353 +ipset=/.e-info.org.tw/gfwlist +server=/.e123.hk/127.0.0.1#5353 +ipset=/.e123.hk/gfwlist +server=/.earlytibet.com/127.0.0.1#5353 +ipset=/.earlytibet.com/gfwlist +server=/.earthcam.com/127.0.0.1#5353 +ipset=/.earthcam.com/gfwlist +server=/.earthvpn.com/127.0.0.1#5353 +ipset=/.earthvpn.com/gfwlist +server=/.eastcoast-nsa.gov.tw/127.0.0.1#5353 +ipset=/.eastcoast-nsa.gov.tw/gfwlist +server=/.eastern-ark.com/127.0.0.1#5353 +ipset=/.eastern-ark.com/gfwlist +server=/.easternlightning.org/127.0.0.1#5353 +ipset=/.easternlightning.org/gfwlist +server=/.eastturkestan.com/127.0.0.1#5353 +ipset=/.eastturkestan.com/gfwlist +server=/.eastturkistan-gov.org/127.0.0.1#5353 +ipset=/.eastturkistan-gov.org/gfwlist +server=/.eastturkistancc.org/127.0.0.1#5353 +ipset=/.eastturkistancc.org/gfwlist +server=/.eastturkistangovernmentinexile.us/127.0.0.1#5353 +ipset=/.eastturkistangovernmentinexile.us/gfwlist +server=/.easyca.ca/127.0.0.1#5353 +ipset=/.easyca.ca/gfwlist +server=/.easypic.com/127.0.0.1#5353 +ipset=/.easypic.com/gfwlist +server=/.ebony-beauty.com/127.0.0.1#5353 +ipset=/.ebony-beauty.com/gfwlist +server=/.ebook.hyread.com.tw/127.0.0.1#5353 +ipset=/.ebook.hyread.com.tw/gfwlist +server=/.ebookbrowse.com/127.0.0.1#5353 +ipset=/.ebookbrowse.com/gfwlist +server=/.ebookee.com/127.0.0.1#5353 +ipset=/.ebookee.com/gfwlist +server=/.ebtcbank.com/127.0.0.1#5353 +ipset=/.ebtcbank.com/gfwlist +server=/.ecfa.org.tw/127.0.0.1#5353 +ipset=/.ecfa.org.tw/gfwlist +server=/.echofon.com/127.0.0.1#5353 +ipset=/.echofon.com/gfwlist +server=/.ecimg.tw/127.0.0.1#5353 +ipset=/.ecimg.tw/gfwlist +server=/.ecministry.net/127.0.0.1#5353 +ipset=/.ecministry.net/gfwlist +server=/.economist.com/127.0.0.1#5353 +ipset=/.economist.com/gfwlist +server=/.edgecastcdn.net/127.0.0.1#5353 +ipset=/.edgecastcdn.net/gfwlist +server=/.edicypages.com/127.0.0.1#5353 +ipset=/.edicypages.com/gfwlist +server=/.edmontonchina.cn/127.0.0.1#5353 +ipset=/.edmontonchina.cn/gfwlist +server=/.edmontonservice.com/127.0.0.1#5353 +ipset=/.edmontonservice.com/gfwlist +server=/.edns.biz/127.0.0.1#5353 +ipset=/.edns.biz/gfwlist +server=/.edoors.com/127.0.0.1#5353 +ipset=/.edoors.com/gfwlist +server=/.edubridge.com/127.0.0.1#5353 +ipset=/.edubridge.com/gfwlist +server=/.edupro.org/127.0.0.1#5353 +ipset=/.edupro.org/gfwlist +server=/.eesti.ee/127.0.0.1#5353 +ipset=/.eesti.ee/gfwlist +server=/.eevpn.com/127.0.0.1#5353 +ipset=/.eevpn.com/gfwlist +server=/.efcc.org.hk/127.0.0.1#5353 +ipset=/.efcc.org.hk/gfwlist +server=/.effers.com/127.0.0.1#5353 +ipset=/.effers.com/gfwlist +server=/.efksoft.com/127.0.0.1#5353 +ipset=/.efksoft.com/gfwlist +server=/.efukt.com/127.0.0.1#5353 +ipset=/.efukt.com/gfwlist +server=/.eic-av.com/127.0.0.1#5353 +ipset=/.eic-av.com/gfwlist +server=/.eireinikotaerukai.com/127.0.0.1#5353 +ipset=/.eireinikotaerukai.com/gfwlist +server=/.eisbb.com/127.0.0.1#5353 +ipset=/.eisbb.com/gfwlist +server=/.eksisozluk.com/127.0.0.1#5353 +ipset=/.eksisozluk.com/gfwlist +server=/.electionsmeter.com/127.0.0.1#5353 +ipset=/.electionsmeter.com/gfwlist +server=/.elgoog.im/127.0.0.1#5353 +ipset=/.elgoog.im/gfwlist +server=/.elpais.com/127.0.0.1#5353 +ipset=/.elpais.com/gfwlist +server=/.eltondisney.com/127.0.0.1#5353 +ipset=/.eltondisney.com/gfwlist +server=/.embr.in/127.0.0.1#5353 +ipset=/.embr.in/gfwlist +server=/.emilylau.org.hk/127.0.0.1#5353 +ipset=/.emilylau.org.hk/gfwlist +server=/.empfil.com/127.0.0.1#5353 +ipset=/.empfil.com/gfwlist +server=/.emule-ed2k.com/127.0.0.1#5353 +ipset=/.emule-ed2k.com/gfwlist +server=/.emulefans.com/127.0.0.1#5353 +ipset=/.emulefans.com/gfwlist +server=/.emuparadise.me/127.0.0.1#5353 +ipset=/.emuparadise.me/gfwlist +server=/.en.favotter.net/127.0.0.1#5353 +ipset=/.en.favotter.net/gfwlist +server=/.en.hao123.com/127.0.0.1#5353 +ipset=/.en.hao123.com/gfwlist +server=/.enanyang.my/127.0.0.1#5353 +ipset=/.enanyang.my/gfwlist +server=/.enewstree.com/127.0.0.1#5353 +ipset=/.enewstree.com/gfwlist +server=/.enfal.de/127.0.0.1#5353 +ipset=/.enfal.de/gfwlist +server=/.engagedaily.org/127.0.0.1#5353 +ipset=/.engagedaily.org/gfwlist +server=/.englishforeveryone.org/127.0.0.1#5353 +ipset=/.englishforeveryone.org/gfwlist +server=/.englishfromengland.co.uk/127.0.0.1#5353 +ipset=/.englishfromengland.co.uk/gfwlist +server=/.englishpen.org/127.0.0.1#5353 +ipset=/.englishpen.org/gfwlist +server=/.enlighten.org.tw/127.0.0.1#5353 +ipset=/.enlighten.org.tw/gfwlist +server=/.entermap.com/127.0.0.1#5353 +ipset=/.entermap.com/gfwlist +server=/.entnt.com/127.0.0.1#5353 +ipset=/.entnt.com/gfwlist +server=/.environment.google/127.0.0.1#5353 +ipset=/.environment.google/gfwlist +server=/.epa.gov.tw/127.0.0.1#5353 +ipset=/.epa.gov.tw/gfwlist +server=/.epac.to/127.0.0.1#5353 +ipset=/.epac.to/gfwlist +server=/.episcopalchurch.org/127.0.0.1#5353 +ipset=/.episcopalchurch.org/gfwlist +server=/.epochhk.com/127.0.0.1#5353 +ipset=/.epochhk.com/gfwlist +server=/.epochtimes-bg.com/127.0.0.1#5353 +ipset=/.epochtimes-bg.com/gfwlist +server=/.epochtimes-romania.com/127.0.0.1#5353 +ipset=/.epochtimes-romania.com/gfwlist +server=/.epochtimes.co.il/127.0.0.1#5353 +ipset=/.epochtimes.co.il/gfwlist +server=/.epochtimes.co.kr/127.0.0.1#5353 +ipset=/.epochtimes.co.kr/gfwlist +server=/.epochtimes.com/127.0.0.1#5353 +ipset=/.epochtimes.com/gfwlist +server=/.epochtimes.cz/127.0.0.1#5353 +ipset=/.epochtimes.cz/gfwlist +server=/.epochtimes.de/127.0.0.1#5353 +ipset=/.epochtimes.de/gfwlist +server=/.epochtimes.fr/127.0.0.1#5353 +ipset=/.epochtimes.fr/gfwlist +server=/.epochtimes.ie/127.0.0.1#5353 +ipset=/.epochtimes.ie/gfwlist +server=/.epochtimes.it/127.0.0.1#5353 +ipset=/.epochtimes.it/gfwlist +server=/.epochtimes.jp/127.0.0.1#5353 +ipset=/.epochtimes.jp/gfwlist +server=/.epochtimes.ru/127.0.0.1#5353 +ipset=/.epochtimes.ru/gfwlist +server=/.epochtimes.se/127.0.0.1#5353 +ipset=/.epochtimes.se/gfwlist +server=/.epochtimestr.com/127.0.0.1#5353 +ipset=/.epochtimestr.com/gfwlist +server=/.epochweek.com/127.0.0.1#5353 +ipset=/.epochweek.com/gfwlist +server=/.epochweekly.com/127.0.0.1#5353 +ipset=/.epochweekly.com/gfwlist +server=/.eporner.com/127.0.0.1#5353 +ipset=/.eporner.com/gfwlist +server=/.equinenow.com/127.0.0.1#5353 +ipset=/.equinenow.com/gfwlist +server=/.erabaru.net/127.0.0.1#5353 +ipset=/.erabaru.net/gfwlist +server=/.eracom.com.tw/127.0.0.1#5353 +ipset=/.eracom.com.tw/gfwlist +server=/.eraysoft.com.tr/127.0.0.1#5353 +ipset=/.eraysoft.com.tr/gfwlist +server=/.erepublik.com/127.0.0.1#5353 +ipset=/.erepublik.com/gfwlist +server=/.erights.net/127.0.0.1#5353 +ipset=/.erights.net/gfwlist +server=/.eriversoft.com/127.0.0.1#5353 +ipset=/.eriversoft.com/gfwlist +server=/.erktv.com/127.0.0.1#5353 +ipset=/.erktv.com/gfwlist +server=/.ernestmandel.org/127.0.0.1#5353 +ipset=/.ernestmandel.org/gfwlist +server=/.erodaizensyu.com/127.0.0.1#5353 +ipset=/.erodaizensyu.com/gfwlist +server=/.erodoujinlog.com/127.0.0.1#5353 +ipset=/.erodoujinlog.com/gfwlist +server=/.erodoujinworld.com/127.0.0.1#5353 +ipset=/.erodoujinworld.com/gfwlist +server=/.eromanga-kingdom.com/127.0.0.1#5353 +ipset=/.eromanga-kingdom.com/gfwlist +server=/.eromangadouzin.com/127.0.0.1#5353 +ipset=/.eromangadouzin.com/gfwlist +server=/.eromon.net/127.0.0.1#5353 +ipset=/.eromon.net/gfwlist +server=/.eroprofile.com/127.0.0.1#5353 +ipset=/.eroprofile.com/gfwlist +server=/.eroticsaloon.net/127.0.0.1#5353 +ipset=/.eroticsaloon.net/gfwlist +server=/.erv-nsa.gov.tw/127.0.0.1#5353 +ipset=/.erv-nsa.gov.tw/gfwlist +server=/.eslite.com/127.0.0.1#5353 +ipset=/.eslite.com/gfwlist +server=/.esmtp.biz/127.0.0.1#5353 +ipset=/.esmtp.biz/gfwlist +server=/.esurance.com/127.0.0.1#5353 +ipset=/.esurance.com/gfwlist +server=/.etaa.org.au/127.0.0.1#5353 +ipset=/.etaa.org.au/gfwlist +server=/.etadult.com/127.0.0.1#5353 +ipset=/.etadult.com/gfwlist +server=/.etaiwannews.com/127.0.0.1#5353 +ipset=/.etaiwannews.com/gfwlist +server=/.etherdelta.com/127.0.0.1#5353 +ipset=/.etherdelta.com/gfwlist +server=/.etizer.org/127.0.0.1#5353 +ipset=/.etizer.org/gfwlist +server=/.etokki.com/127.0.0.1#5353 +ipset=/.etokki.com/gfwlist +server=/.etools.ncol.com/127.0.0.1#5353 +ipset=/.etools.ncol.com/gfwlist +server=/.etowns.net/127.0.0.1#5353 +ipset=/.etowns.net/gfwlist +server=/.etowns.org/127.0.0.1#5353 +ipset=/.etowns.org/gfwlist +server=/.etvonline.hk/127.0.0.1#5353 +ipset=/.etvonline.hk/gfwlist +server=/.eu.org/127.0.0.1#5353 +ipset=/.eu.org/gfwlist +server=/.eucasino.com/127.0.0.1#5353 +ipset=/.eucasino.com/gfwlist +server=/.eulam.com/127.0.0.1#5353 +ipset=/.eulam.com/gfwlist +server=/.eurekavpt.com/127.0.0.1#5353 +ipset=/.eurekavpt.com/gfwlist +server=/.evchk.wikia.com/127.0.0.1#5353 +ipset=/.evchk.wikia.com/gfwlist +server=/.evschool.net/127.0.0.1#5353 +ipset=/.evschool.net/gfwlist +server=/.exblog.jp/127.0.0.1#5353 +ipset=/.exblog.jp/gfwlist +server=/.exchristian.hk/127.0.0.1#5353 +ipset=/.exchristian.hk/gfwlist +server=/.exmo.com/127.0.0.1#5353 +ipset=/.exmo.com/gfwlist +server=/.exmormon.org/127.0.0.1#5353 +ipset=/.exmormon.org/gfwlist +server=/.expatshield.com/127.0.0.1#5353 +ipset=/.expatshield.com/gfwlist +server=/.expecthim.com/127.0.0.1#5353 +ipset=/.expecthim.com/gfwlist +server=/.expekt.com/127.0.0.1#5353 +ipset=/.expekt.com/gfwlist +server=/.experts-univers.com/127.0.0.1#5353 +ipset=/.experts-univers.com/gfwlist +server=/.exploader.net/127.0.0.1#5353 +ipset=/.exploader.net/gfwlist +server=/.expressvpn.com/127.0.0.1#5353 +ipset=/.expressvpn.com/gfwlist +server=/.exrates.me/127.0.0.1#5353 +ipset=/.exrates.me/gfwlist +server=/.extmatrix.com/127.0.0.1#5353 +ipset=/.extmatrix.com/gfwlist +server=/.extremetube.com/127.0.0.1#5353 +ipset=/.extremetube.com/gfwlist +server=/.exx.com/127.0.0.1#5353 +ipset=/.exx.com/gfwlist +server=/.eyevio.jp/127.0.0.1#5353 +ipset=/.eyevio.jp/gfwlist +server=/.eyny.com/127.0.0.1#5353 +ipset=/.eyny.com/gfwlist +server=/.ezpeer.com/127.0.0.1#5353 +ipset=/.ezpeer.com/gfwlist +server=/.ezua.com/127.0.0.1#5353 +ipset=/.ezua.com/gfwlist +server=/.fa.gov.tw/127.0.0.1#5353 +ipset=/.fa.gov.tw/gfwlist +server=/.facebook.br/127.0.0.1#5353 +ipset=/.facebook.br/gfwlist +server=/.facebook.com/127.0.0.1#5353 +ipset=/.facebook.com/gfwlist +server=/.facebook.design/127.0.0.1#5353 +ipset=/.facebook.design/gfwlist +server=/.facebook.hu/127.0.0.1#5353 +ipset=/.facebook.hu/gfwlist +server=/.facebook.in/127.0.0.1#5353 +ipset=/.facebook.in/gfwlist +server=/.facebook.nl/127.0.0.1#5353 +ipset=/.facebook.nl/gfwlist +server=/.facebook.se/127.0.0.1#5353 +ipset=/.facebook.se/gfwlist +server=/.facebookquotes4u.com/127.0.0.1#5353 +ipset=/.facebookquotes4u.com/gfwlist +server=/.faceless.me/127.0.0.1#5353 +ipset=/.faceless.me/gfwlist +server=/.facesofnyfw.com/127.0.0.1#5353 +ipset=/.facesofnyfw.com/gfwlist +server=/.facesoftibetanselfimmolators.info/127.0.0.1#5353 +ipset=/.facesoftibetanselfimmolators.info/gfwlist +server=/.fail.hk/127.0.0.1#5353 +ipset=/.fail.hk/gfwlist +server=/.faith100.org/127.0.0.1#5353 +ipset=/.faith100.org/gfwlist +server=/.faithfuleye.com/127.0.0.1#5353 +ipset=/.faithfuleye.com/gfwlist +server=/.faiththedog.info/127.0.0.1#5353 +ipset=/.faiththedog.info/gfwlist +server=/.fakku.net/127.0.0.1#5353 +ipset=/.fakku.net/gfwlist +server=/.falsefire.com/127.0.0.1#5353 +ipset=/.falsefire.com/gfwlist +server=/.falun-co.org/127.0.0.1#5353 +ipset=/.falun-co.org/gfwlist +server=/.falun-ny.net/127.0.0.1#5353 +ipset=/.falun-ny.net/gfwlist +server=/.falun.caltech.edu/127.0.0.1#5353 +ipset=/.falun.caltech.edu/gfwlist +server=/.falunart.org/127.0.0.1#5353 +ipset=/.falunart.org/gfwlist +server=/.falunasia.info/127.0.0.1#5353 +ipset=/.falunasia.info/gfwlist +server=/.falunau.org/127.0.0.1#5353 +ipset=/.falunau.org/gfwlist +server=/.falunaz.net/127.0.0.1#5353 +ipset=/.falunaz.net/gfwlist +server=/.falundafa-dc.org/127.0.0.1#5353 +ipset=/.falundafa-dc.org/gfwlist +server=/.falundafa-florida.org/127.0.0.1#5353 +ipset=/.falundafa-florida.org/gfwlist +server=/.falundafa-nc.org/127.0.0.1#5353 +ipset=/.falundafa-nc.org/gfwlist +server=/.falundafa-pa.net/127.0.0.1#5353 +ipset=/.falundafa-pa.net/gfwlist +server=/.falundafa-sacramento.org/127.0.0.1#5353 +ipset=/.falundafa-sacramento.org/gfwlist +server=/.falundafa.org/127.0.0.1#5353 +ipset=/.falundafa.org/gfwlist +server=/.falundafaindia.org/127.0.0.1#5353 +ipset=/.falundafaindia.org/gfwlist +server=/.falundafamuseum.org/127.0.0.1#5353 +ipset=/.falundafamuseum.org/gfwlist +server=/.falungong.club/127.0.0.1#5353 +ipset=/.falungong.club/gfwlist +server=/.falungong.de/127.0.0.1#5353 +ipset=/.falungong.de/gfwlist +server=/.falungong.org.uk/127.0.0.1#5353 +ipset=/.falungong.org.uk/gfwlist +server=/.falunhr.org/127.0.0.1#5353 +ipset=/.falunhr.org/gfwlist +server=/.faluninfo.de/127.0.0.1#5353 +ipset=/.faluninfo.de/gfwlist +server=/.faluninfo.net/127.0.0.1#5353 +ipset=/.faluninfo.net/gfwlist +server=/.falunpilipinas.net/127.0.0.1#5353 +ipset=/.falunpilipinas.net/gfwlist +server=/.falunworld.net/127.0.0.1#5353 +ipset=/.falunworld.net/gfwlist +server=/.familyfed.org/127.0.0.1#5353 +ipset=/.familyfed.org/gfwlist +server=/.famunion.com/127.0.0.1#5353 +ipset=/.famunion.com/gfwlist +server=/.fan-qiang.com/127.0.0.1#5353 +ipset=/.fan-qiang.com/gfwlist +server=/.fangbinxing.com/127.0.0.1#5353 +ipset=/.fangbinxing.com/gfwlist +server=/.fangeming.com/127.0.0.1#5353 +ipset=/.fangeming.com/gfwlist +server=/.fangeqiang.com/127.0.0.1#5353 +ipset=/.fangeqiang.com/gfwlist +server=/.fanglizhi.info/127.0.0.1#5353 +ipset=/.fanglizhi.info/gfwlist +server=/.fangmincn.org/127.0.0.1#5353 +ipset=/.fangmincn.org/gfwlist +server=/.fangong.forums-free.com/127.0.0.1#5353 +ipset=/.fangong.forums-free.com/gfwlist +server=/.fangong.org/127.0.0.1#5353 +ipset=/.fangong.org/gfwlist +server=/.fangongheike.com/127.0.0.1#5353 +ipset=/.fangongheike.com/gfwlist +server=/.fanhaodang.com/127.0.0.1#5353 +ipset=/.fanhaodang.com/gfwlist +server=/.fanqiang.tk/127.0.0.1#5353 +ipset=/.fanqiang.tk/gfwlist +server=/.fanqianghou.com/127.0.0.1#5353 +ipset=/.fanqianghou.com/gfwlist +server=/.fanqiangyakexi.net/127.0.0.1#5353 +ipset=/.fanqiangyakexi.net/gfwlist +server=/.fanqiangzhe.com/127.0.0.1#5353 +ipset=/.fanqiangzhe.com/gfwlist +server=/.fanswong.com/127.0.0.1#5353 +ipset=/.fanswong.com/gfwlist +server=/.fanyue.info/127.0.0.1#5353 +ipset=/.fanyue.info/gfwlist +server=/.fapdu.com/127.0.0.1#5353 +ipset=/.fapdu.com/gfwlist +server=/.faproxy.com/127.0.0.1#5353 +ipset=/.faproxy.com/gfwlist +server=/.faqserv.com/127.0.0.1#5353 +ipset=/.faqserv.com/gfwlist +server=/.fartit.com/127.0.0.1#5353 +ipset=/.fartit.com/gfwlist +server=/.farwestchina.com/127.0.0.1#5353 +ipset=/.farwestchina.com/gfwlist +server=/.fast.wistia.com/127.0.0.1#5353 +ipset=/.fast.wistia.com/gfwlist +server=/.fastpic.ru/127.0.0.1#5353 +ipset=/.fastpic.ru/gfwlist +server=/.fastssh.com/127.0.0.1#5353 +ipset=/.fastssh.com/gfwlist +server=/.faststone.org/127.0.0.1#5353 +ipset=/.faststone.org/gfwlist +server=/.fatbtc.com/127.0.0.1#5353 +ipset=/.fatbtc.com/gfwlist +server=/.favstar.fm/127.0.0.1#5353 +ipset=/.favstar.fm/gfwlist +server=/.fawanghuihui.org/127.0.0.1#5353 +ipset=/.fawanghuihui.org/gfwlist +server=/.fb.com/127.0.0.1#5353 +ipset=/.fb.com/gfwlist +server=/.fb.me/127.0.0.1#5353 +ipset=/.fb.me/gfwlist +server=/.fbaddins.com/127.0.0.1#5353 +ipset=/.fbaddins.com/gfwlist +server=/.fbcdn.net/127.0.0.1#5353 +ipset=/.fbcdn.net/gfwlist +server=/.fbsbx.com/127.0.0.1#5353 +ipset=/.fbsbx.com/gfwlist +server=/.fbworkmail.com/127.0.0.1#5353 +ipset=/.fbworkmail.com/gfwlist +server=/.fc2.com/127.0.0.1#5353 +ipset=/.fc2.com/gfwlist +server=/.fc2blog.net/127.0.0.1#5353 +ipset=/.fc2blog.net/gfwlist +server=/.fc2china.com/127.0.0.1#5353 +ipset=/.fc2china.com/gfwlist +server=/.fc2cn.com/127.0.0.1#5353 +ipset=/.fc2cn.com/gfwlist +server=/.fda.gov.tw/127.0.0.1#5353 +ipset=/.fda.gov.tw/gfwlist +server=/.fdc64.de/127.0.0.1#5353 +ipset=/.fdc64.de/gfwlist +server=/.fdc64.org/127.0.0.1#5353 +ipset=/.fdc64.org/gfwlist +server=/.fdc89.jp/127.0.0.1#5353 +ipset=/.fdc89.jp/gfwlist +server=/.feedburner.com/127.0.0.1#5353 +ipset=/.feedburner.com/gfwlist +server=/.feeds.fileforum.com/127.0.0.1#5353 +ipset=/.feeds.fileforum.com/gfwlist +server=/.feelssh.com/127.0.0.1#5353 +ipset=/.feelssh.com/gfwlist +server=/.feer.com/127.0.0.1#5353 +ipset=/.feer.com/gfwlist +server=/.feifeiss.com/127.0.0.1#5353 +ipset=/.feifeiss.com/gfwlist +server=/.feitian-california.org/127.0.0.1#5353 +ipset=/.feitian-california.org/gfwlist +server=/.feitianacademy.org/127.0.0.1#5353 +ipset=/.feitianacademy.org/gfwlist +server=/.feministteacher.com/127.0.0.1#5353 +ipset=/.feministteacher.com/gfwlist +server=/.fengzhenghu.com/127.0.0.1#5353 +ipset=/.fengzhenghu.com/gfwlist +server=/.fengzhenghu.net/127.0.0.1#5353 +ipset=/.fengzhenghu.net/gfwlist +server=/.fevernet.com/127.0.0.1#5353 +ipset=/.fevernet.com/gfwlist +server=/.ff.im/127.0.0.1#5353 +ipset=/.ff.im/gfwlist +server=/.fffff.at/127.0.0.1#5353 +ipset=/.fffff.at/gfwlist +server=/.fflick.com/127.0.0.1#5353 +ipset=/.fflick.com/gfwlist +server=/.ffvpn.com/127.0.0.1#5353 +ipset=/.ffvpn.com/gfwlist +server=/.fgmtv.net/127.0.0.1#5353 +ipset=/.fgmtv.net/gfwlist +server=/.fgmtv.org/127.0.0.1#5353 +ipset=/.fgmtv.org/gfwlist +server=/.fhreports.net/127.0.0.1#5353 +ipset=/.fhreports.net/gfwlist +server=/.figprayer.com/127.0.0.1#5353 +ipset=/.figprayer.com/gfwlist +server=/.fileflyer.com/127.0.0.1#5353 +ipset=/.fileflyer.com/gfwlist +server=/.files2me.com/127.0.0.1#5353 +ipset=/.files2me.com/gfwlist +server=/.filesor.com/127.0.0.1#5353 +ipset=/.filesor.com/gfwlist +server=/.fillthesquare.org/127.0.0.1#5353 +ipset=/.fillthesquare.org/gfwlist +server=/.filmingfortibet.org/127.0.0.1#5353 +ipset=/.filmingfortibet.org/gfwlist +server=/.filthdump.com/127.0.0.1#5353 +ipset=/.filthdump.com/gfwlist +server=/.financetwitter.com/127.0.0.1#5353 +ipset=/.financetwitter.com/gfwlist +server=/.finchvpn.com/127.0.0.1#5353 +ipset=/.finchvpn.com/gfwlist +server=/.findmespot.com/127.0.0.1#5353 +ipset=/.findmespot.com/gfwlist +server=/.findyoutube.com/127.0.0.1#5353 +ipset=/.findyoutube.com/gfwlist +server=/.findyoutube.net/127.0.0.1#5353 +ipset=/.findyoutube.net/gfwlist +server=/.fingerdaily.com/127.0.0.1#5353 +ipset=/.fingerdaily.com/gfwlist +server=/.finler.net/127.0.0.1#5353 +ipset=/.finler.net/gfwlist +server=/.firearmsworld.net/127.0.0.1#5353 +ipset=/.firearmsworld.net/gfwlist +server=/.firebaseio.com/127.0.0.1#5353 +ipset=/.firebaseio.com/gfwlist +server=/.fireofliberty.org/127.0.0.1#5353 +ipset=/.fireofliberty.org/gfwlist +server=/.firetweet.io/127.0.0.1#5353 +ipset=/.firetweet.io/gfwlist +server=/.firstfivefollowers.com/127.0.0.1#5353 +ipset=/.firstfivefollowers.com/gfwlist +server=/.flagsonline.it/127.0.0.1#5353 +ipset=/.flagsonline.it/gfwlist +server=/.flecheinthepeche.fr/127.0.0.1#5353 +ipset=/.flecheinthepeche.fr/gfwlist +server=/.fleshbot.com/127.0.0.1#5353 +ipset=/.fleshbot.com/gfwlist +server=/.fleursdeslettres.com/127.0.0.1#5353 +ipset=/.fleursdeslettres.com/gfwlist +server=/.flgg.us/127.0.0.1#5353 +ipset=/.flgg.us/gfwlist +server=/.flgjustice.org/127.0.0.1#5353 +ipset=/.flgjustice.org/gfwlist +server=/.flickr.com/127.0.0.1#5353 +ipset=/.flickr.com/gfwlist +server=/.flickrhivemind.net/127.0.0.1#5353 +ipset=/.flickrhivemind.net/gfwlist +server=/.flickriver.com/127.0.0.1#5353 +ipset=/.flickriver.com/gfwlist +server=/.fling.com/127.0.0.1#5353 +ipset=/.fling.com/gfwlist +server=/.flipboard.com/127.0.0.1#5353 +ipset=/.flipboard.com/gfwlist +server=/.flipkart.com/127.0.0.1#5353 +ipset=/.flipkart.com/gfwlist +server=/.flitto.com/127.0.0.1#5353 +ipset=/.flitto.com/gfwlist +server=/.flnet.org/127.0.0.1#5353 +ipset=/.flnet.org/gfwlist +server=/.flog.tw/127.0.0.1#5353 +ipset=/.flog.tw/gfwlist +server=/.flyvpn.com/127.0.0.1#5353 +ipset=/.flyvpn.com/gfwlist +server=/.flyzy2005.com/127.0.0.1#5353 +ipset=/.flyzy2005.com/gfwlist +server=/.fnac.be/127.0.0.1#5353 +ipset=/.fnac.be/gfwlist +server=/.fnac.com/127.0.0.1#5353 +ipset=/.fnac.com/gfwlist +server=/.fochk.org/127.0.0.1#5353 +ipset=/.fochk.org/gfwlist +server=/.focustaiwan.tw/127.0.0.1#5353 +ipset=/.focustaiwan.tw/gfwlist +server=/.focusvpn.com/127.0.0.1#5353 +ipset=/.focusvpn.com/gfwlist +server=/.fofg-europe.net/127.0.0.1#5353 +ipset=/.fofg-europe.net/gfwlist +server=/.fofg.org/127.0.0.1#5353 +ipset=/.fofg.org/gfwlist +server=/.fofldfradio.org/127.0.0.1#5353 +ipset=/.fofldfradio.org/gfwlist +server=/.fonts.googleapis.com/127.0.0.1#5353 +ipset=/.fonts.googleapis.com/gfwlist +server=/.fonts.gstatic.com/127.0.0.1#5353 +ipset=/.fonts.gstatic.com/gfwlist +server=/.fooooo.com/127.0.0.1#5353 +ipset=/.fooooo.com/gfwlist +server=/.footwiball.com/127.0.0.1#5353 +ipset=/.footwiball.com/gfwlist +server=/.forum.baby-kingdom.com/127.0.0.1#5353 +ipset=/.forum.baby-kingdom.com/gfwlist +server=/.forum.cyberctm.com/127.0.0.1#5353 +ipset=/.forum.cyberctm.com/gfwlist +server=/.forum.idsam.com/127.0.0.1#5353 +ipset=/.forum.idsam.com/gfwlist +server=/.forum.my903.com/127.0.0.1#5353 +ipset=/.forum.my903.com/gfwlist +server=/.forum.mymaji.com/127.0.0.1#5353 +ipset=/.forum.mymaji.com/gfwlist +server=/.forum.omy.sg/127.0.0.1#5353 +ipset=/.forum.omy.sg/gfwlist +server=/.forum.palmislife.com/127.0.0.1#5353 +ipset=/.forum.palmislife.com/gfwlist +server=/.forum.setty.com.tw/127.0.0.1#5353 +ipset=/.forum.setty.com.tw/gfwlist +server=/.forum.sina.com.hk/127.0.0.1#5353 +ipset=/.forum.sina.com.hk/gfwlist +server=/.forum.slime.com.tw/127.0.0.1#5353 +ipset=/.forum.slime.com.tw/gfwlist +server=/.forum.tvb.com/127.0.0.1#5353 +ipset=/.forum.tvb.com/gfwlist +server=/.forum4hk.com/127.0.0.1#5353 +ipset=/.forum4hk.com/gfwlist +server=/.fotile.me/127.0.0.1#5353 +ipset=/.fotile.me/gfwlist +server=/.fourface.nodesnoop.com/127.0.0.1#5353 +ipset=/.fourface.nodesnoop.com/gfwlist +server=/.fourthinternational.org/127.0.0.1#5353 +ipset=/.fourthinternational.org/gfwlist +server=/.foxdie.us/127.0.0.1#5353 +ipset=/.foxdie.us/gfwlist +server=/.foxgay.com/127.0.0.1#5353 +ipset=/.foxgay.com/gfwlist +server=/.foxsub.com/127.0.0.1#5353 +ipset=/.foxsub.com/gfwlist +server=/.foxtang.com/127.0.0.1#5353 +ipset=/.foxtang.com/gfwlist +server=/.fpmt-osel.org/127.0.0.1#5353 +ipset=/.fpmt-osel.org/gfwlist +server=/.fpmt.org/127.0.0.1#5353 +ipset=/.fpmt.org/gfwlist +server=/.fpmt.tw/127.0.0.1#5353 +ipset=/.fpmt.tw/gfwlist +server=/.fpmtmexico.org/127.0.0.1#5353 +ipset=/.fpmtmexico.org/gfwlist +server=/.fq.wikia.com/127.0.0.1#5353 +ipset=/.fq.wikia.com/gfwlist +server=/.fqok.org/127.0.0.1#5353 +ipset=/.fqok.org/gfwlist +server=/.fqrouter.com/127.0.0.1#5353 +ipset=/.fqrouter.com/gfwlist +server=/.franklc.com/127.0.0.1#5353 +ipset=/.franklc.com/gfwlist +server=/.freakshare.com/127.0.0.1#5353 +ipset=/.freakshare.com/gfwlist +server=/.free-gate.org/127.0.0.1#5353 +ipset=/.free-gate.org/gfwlist +server=/.free-hada-now.org/127.0.0.1#5353 +ipset=/.free-hada-now.org/gfwlist +server=/.free-proxy.cz/127.0.0.1#5353 +ipset=/.free-proxy.cz/gfwlist +server=/.free-ss.site/127.0.0.1#5353 +ipset=/.free-ss.site/gfwlist +server=/.free-ssh.com/127.0.0.1#5353 +ipset=/.free-ssh.com/gfwlist +server=/.free4u.com.ar/127.0.0.1#5353 +ipset=/.free4u.com.ar/gfwlist +server=/.freealim.com/127.0.0.1#5353 +ipset=/.freealim.com/gfwlist +server=/.freebrowser.org/127.0.0.1#5353 +ipset=/.freebrowser.org/gfwlist +server=/.freechal.com/127.0.0.1#5353 +ipset=/.freechal.com/gfwlist +server=/.freechina.net/127.0.0.1#5353 +ipset=/.freechina.net/gfwlist +server=/.freechinaforum.org/127.0.0.1#5353 +ipset=/.freechinaforum.org/gfwlist +server=/.freeddns.com/127.0.0.1#5353 +ipset=/.freeddns.com/gfwlist +server=/.freeddns.org/127.0.0.1#5353 +ipset=/.freeddns.org/gfwlist +server=/.freedomchina.info/127.0.0.1#5353 +ipset=/.freedomchina.info/gfwlist +server=/.freedomhouse.org/127.0.0.1#5353 +ipset=/.freedomhouse.org/gfwlist +server=/.freedominfonetweb.wordpress.com/127.0.0.1#5353 +ipset=/.freedominfonetweb.wordpress.com/gfwlist +server=/.freedomsherald.org/127.0.0.1#5353 +ipset=/.freedomsherald.org/gfwlist +server=/.freeforums.org/127.0.0.1#5353 +ipset=/.freeforums.org/gfwlist +server=/.freefq.com/127.0.0.1#5353 +ipset=/.freefq.com/gfwlist +server=/.freefuckvids.com/127.0.0.1#5353 +ipset=/.freefuckvids.com/gfwlist +server=/.freegao.com/127.0.0.1#5353 +ipset=/.freegao.com/gfwlist +server=/.freeilhamtohti.org/127.0.0.1#5353 +ipset=/.freeilhamtohti.org/gfwlist +server=/.freekwonpyong.org/127.0.0.1#5353 +ipset=/.freekwonpyong.org/gfwlist +server=/.freelotto.com/127.0.0.1#5353 +ipset=/.freelotto.com/gfwlist +server=/.freeman2.com/127.0.0.1#5353 +ipset=/.freeman2.com/gfwlist +server=/.freemoren.com/127.0.0.1#5353 +ipset=/.freemoren.com/gfwlist +server=/.freemorenews.com/127.0.0.1#5353 +ipset=/.freemorenews.com/gfwlist +server=/.freenet-china.org/127.0.0.1#5353 +ipset=/.freenet-china.org/gfwlist +server=/.freenetproject.org/127.0.0.1#5353 +ipset=/.freenetproject.org/gfwlist +server=/.freenewscn.com/127.0.0.1#5353 +ipset=/.freenewscn.com/gfwlist +server=/.freeopenvpn.com/127.0.0.1#5353 +ipset=/.freeopenvpn.com/gfwlist +server=/.freeoz.org/127.0.0.1#5353 +ipset=/.freeoz.org/gfwlist +server=/.freessh.us/127.0.0.1#5353 +ipset=/.freessh.us/gfwlist +server=/.freetcp.com/127.0.0.1#5353 +ipset=/.freetcp.com/gfwlist +server=/.freetibet.net/127.0.0.1#5353 +ipset=/.freetibet.net/gfwlist +server=/.freetibet.org/127.0.0.1#5353 +ipset=/.freetibet.org/gfwlist +server=/.freetibetanheroes.org/127.0.0.1#5353 +ipset=/.freetibetanheroes.org/gfwlist +server=/.freeviewmovies.com/127.0.0.1#5353 +ipset=/.freeviewmovies.com/gfwlist +server=/.freevpn.me/127.0.0.1#5353 +ipset=/.freevpn.me/gfwlist +server=/.freevpn.nl/127.0.0.1#5353 +ipset=/.freevpn.nl/gfwlist +server=/.freewallpaper4.me/127.0.0.1#5353 +ipset=/.freewallpaper4.me/gfwlist +server=/.freewebs.com/127.0.0.1#5353 +ipset=/.freewebs.com/gfwlist +server=/.freewechat.com/127.0.0.1#5353 +ipset=/.freewechat.com/gfwlist +server=/.freewww.biz/127.0.0.1#5353 +ipset=/.freewww.biz/gfwlist +server=/.freewww.info/127.0.0.1#5353 +ipset=/.freewww.info/gfwlist +server=/.freexinwen.com/127.0.0.1#5353 +ipset=/.freexinwen.com/gfwlist +server=/.freeyellow.com/127.0.0.1#5353 +ipset=/.freeyellow.com/gfwlist +server=/.freeyoutubeproxy.net/127.0.0.1#5353 +ipset=/.freeyoutubeproxy.net/gfwlist +server=/.friendfeed.com/127.0.0.1#5353 +ipset=/.friendfeed.com/gfwlist +server=/.friends-of-tibet.org/127.0.0.1#5353 +ipset=/.friends-of-tibet.org/gfwlist +server=/.friendsoftibet.org/127.0.0.1#5353 +ipset=/.friendsoftibet.org/gfwlist +server=/.fring.com/127.0.0.1#5353 +ipset=/.fring.com/gfwlist +server=/.fringenetwork.com/127.0.0.1#5353 +ipset=/.fringenetwork.com/gfwlist +server=/.from-pr.com/127.0.0.1#5353 +ipset=/.from-pr.com/gfwlist +server=/.from-sd.com/127.0.0.1#5353 +ipset=/.from-sd.com/gfwlist +server=/.fromchinatousa.net/127.0.0.1#5353 +ipset=/.fromchinatousa.net/gfwlist +server=/.frommel.net/127.0.0.1#5353 +ipset=/.frommel.net/gfwlist +server=/.frontlinedefenders.org/127.0.0.1#5353 +ipset=/.frontlinedefenders.org/gfwlist +server=/.frootvpn.com/127.0.0.1#5353 +ipset=/.frootvpn.com/gfwlist +server=/.fscked.org/127.0.0.1#5353 +ipset=/.fscked.org/gfwlist +server=/.fsurf.com/127.0.0.1#5353 +ipset=/.fsurf.com/gfwlist +server=/.ftp1.biz/127.0.0.1#5353 +ipset=/.ftp1.biz/gfwlist +server=/.ftpserver.biz/127.0.0.1#5353 +ipset=/.ftpserver.biz/gfwlist +server=/.ftv.com.tw/127.0.0.1#5353 +ipset=/.ftv.com.tw/gfwlist +server=/.fucd.com/127.0.0.1#5353 +ipset=/.fucd.com/gfwlist +server=/.fuckcnnic.net/127.0.0.1#5353 +ipset=/.fuckcnnic.net/gfwlist +server=/.fuckgfw.org/127.0.0.1#5353 +ipset=/.fuckgfw.org/gfwlist +server=/.fullerconsideration.com/127.0.0.1#5353 +ipset=/.fullerconsideration.com/gfwlist +server=/.fulue.com/127.0.0.1#5353 +ipset=/.fulue.com/gfwlist +server=/.funf.tw/127.0.0.1#5353 +ipset=/.funf.tw/gfwlist +server=/.funkyimg.com/127.0.0.1#5353 +ipset=/.funkyimg.com/gfwlist +server=/.funp.com/127.0.0.1#5353 +ipset=/.funp.com/gfwlist +server=/.fuq.com/127.0.0.1#5353 +ipset=/.fuq.com/gfwlist +server=/.furbo.org/127.0.0.1#5353 +ipset=/.furbo.org/gfwlist +server=/.furhhdl.org/127.0.0.1#5353 +ipset=/.furhhdl.org/gfwlist +server=/.furinkan.com/127.0.0.1#5353 +ipset=/.furinkan.com/gfwlist +server=/.furl.net/127.0.0.1#5353 +ipset=/.furl.net/gfwlist +server=/.futurechinaforum.org/127.0.0.1#5353 +ipset=/.futurechinaforum.org/gfwlist +server=/.futuremessage.org/127.0.0.1#5353 +ipset=/.futuremessage.org/gfwlist +server=/.fux.com/127.0.0.1#5353 +ipset=/.fux.com/gfwlist +server=/.fuyin.net/127.0.0.1#5353 +ipset=/.fuyin.net/gfwlist +server=/.fuyindiantai.org/127.0.0.1#5353 +ipset=/.fuyindiantai.org/gfwlist +server=/.fuyu.org.tw/127.0.0.1#5353 +ipset=/.fuyu.org.tw/gfwlist +server=/.fw.cm/127.0.0.1#5353 +ipset=/.fw.cm/gfwlist +server=/.fxcm-chinese.com/127.0.0.1#5353 +ipset=/.fxcm-chinese.com/gfwlist +server=/.fxnetworks.com/127.0.0.1#5353 +ipset=/.fxnetworks.com/gfwlist +server=/.fzh999.com/127.0.0.1#5353 +ipset=/.fzh999.com/gfwlist +server=/.fzh999.net/127.0.0.1#5353 +ipset=/.fzh999.net/gfwlist +server=/.fzlm.com/127.0.0.1#5353 +ipset=/.fzlm.com/gfwlist +server=/.g-area.org/127.0.0.1#5353 +ipset=/.g-area.org/gfwlist +server=/.g-queen.com/127.0.0.1#5353 +ipset=/.g-queen.com/gfwlist +server=/.g.co/127.0.0.1#5353 +ipset=/.g.co/gfwlist +server=/.g6hentai.com/127.0.0.1#5353 +ipset=/.g6hentai.com/gfwlist +server=/.gabocorp.com/127.0.0.1#5353 +ipset=/.gabocorp.com/gfwlist +server=/.gaeproxy.com/127.0.0.1#5353 +ipset=/.gaeproxy.com/gfwlist +server=/.gaforum.org/127.0.0.1#5353 +ipset=/.gaforum.org/gfwlist +server=/.galaxymacau.com/127.0.0.1#5353 +ipset=/.galaxymacau.com/gfwlist +server=/.galenwu.com/127.0.0.1#5353 +ipset=/.galenwu.com/gfwlist +server=/.galstars.net/127.0.0.1#5353 +ipset=/.galstars.net/gfwlist +server=/.game735.com/127.0.0.1#5353 +ipset=/.game735.com/gfwlist +server=/.gamebase.com.tw/127.0.0.1#5353 +ipset=/.gamebase.com.tw/gfwlist +server=/.gamejolt.com/127.0.0.1#5353 +ipset=/.gamejolt.com/gfwlist +server=/.gamer.com.tw/127.0.0.1#5353 +ipset=/.gamer.com.tw/gfwlist +server=/.gamez.com.tw/127.0.0.1#5353 +ipset=/.gamez.com.tw/gfwlist +server=/.gamousa.com/127.0.0.1#5353 +ipset=/.gamousa.com/gfwlist +server=/.ganges.com/127.0.0.1#5353 +ipset=/.ganges.com/gfwlist +server=/.gaoming.net/127.0.0.1#5353 +ipset=/.gaoming.net/gfwlist +server=/.gaopi.net/127.0.0.1#5353 +ipset=/.gaopi.net/gfwlist +server=/.gaozhisheng.net/127.0.0.1#5353 +ipset=/.gaozhisheng.net/gfwlist +server=/.gaozhisheng.org/127.0.0.1#5353 +ipset=/.gaozhisheng.org/gfwlist +server=/.gardennetworks.com/127.0.0.1#5353 +ipset=/.gardennetworks.com/gfwlist +server=/.gardennetworks.org/127.0.0.1#5353 +ipset=/.gardennetworks.org/gfwlist +server=/.gartlive.com/127.0.0.1#5353 +ipset=/.gartlive.com/gfwlist +server=/.gate-project.com/127.0.0.1#5353 +ipset=/.gate-project.com/gfwlist +server=/.gate.io/127.0.0.1#5353 +ipset=/.gate.io/gfwlist +server=/.gatecoin.com/127.0.0.1#5353 +ipset=/.gatecoin.com/gfwlist +server=/.gather.com/127.0.0.1#5353 +ipset=/.gather.com/gfwlist +server=/.gatherproxy.com/127.0.0.1#5353 +ipset=/.gatherproxy.com/gfwlist +server=/.gati.org.tw/127.0.0.1#5353 +ipset=/.gati.org.tw/gfwlist +server=/.gaybubble.com/127.0.0.1#5353 +ipset=/.gaybubble.com/gfwlist +server=/.gaycn.net/127.0.0.1#5353 +ipset=/.gaycn.net/gfwlist +server=/.gayhub.com/127.0.0.1#5353 +ipset=/.gayhub.com/gfwlist +server=/.gaymap.cc/127.0.0.1#5353 +ipset=/.gaymap.cc/gfwlist +server=/.gaymenring.com/127.0.0.1#5353 +ipset=/.gaymenring.com/gfwlist +server=/.gaytube.com/127.0.0.1#5353 +ipset=/.gaytube.com/gfwlist +server=/.gaywatch.com/127.0.0.1#5353 +ipset=/.gaywatch.com/gfwlist +server=/.gazotube.com/127.0.0.1#5353 +ipset=/.gazotube.com/gfwlist +server=/.gcc.org.hk/127.0.0.1#5353 +ipset=/.gcc.org.hk/gfwlist +server=/.gclooney.com/127.0.0.1#5353 +ipset=/.gclooney.com/gfwlist +server=/.gcmasia.com/127.0.0.1#5353 +ipset=/.gcmasia.com/gfwlist +server=/.gcpnews.com/127.0.0.1#5353 +ipset=/.gcpnews.com/gfwlist +server=/.gcr.io/127.0.0.1#5353 +ipset=/.gcr.io/gfwlist +server=/.gdzf.org/127.0.0.1#5353 +ipset=/.gdzf.org/gfwlist +server=/.geek-art.net/127.0.0.1#5353 +ipset=/.geek-art.net/gfwlist +server=/.geekheart.info/127.0.0.1#5353 +ipset=/.geekheart.info/gfwlist +server=/.gekikame.com/127.0.0.1#5353 +ipset=/.gekikame.com/gfwlist +server=/.gelbooru.com/127.0.0.1#5353 +ipset=/.gelbooru.com/gfwlist +server=/.geocities.co.jp/127.0.0.1#5353 +ipset=/.geocities.co.jp/gfwlist +server=/.geocities.jp/127.0.0.1#5353 +ipset=/.geocities.jp/gfwlist +server=/.gerefoundation.org/127.0.0.1#5353 +ipset=/.gerefoundation.org/gfwlist +server=/.get.app/127.0.0.1#5353 +ipset=/.get.app/gfwlist +server=/.get.how/127.0.0.1#5353 +ipset=/.get.how/gfwlist +server=/.getastrill.com/127.0.0.1#5353 +ipset=/.getastrill.com/gfwlist +server=/.getchu.com/127.0.0.1#5353 +ipset=/.getchu.com/gfwlist +server=/.getcloak.com/127.0.0.1#5353 +ipset=/.getcloak.com/gfwlist +server=/.getfoxyproxy.org/127.0.0.1#5353 +ipset=/.getfoxyproxy.org/gfwlist +server=/.getfreedur.com/127.0.0.1#5353 +ipset=/.getfreedur.com/gfwlist +server=/.getgom.com/127.0.0.1#5353 +ipset=/.getgom.com/gfwlist +server=/.geti2p.net/127.0.0.1#5353 +ipset=/.geti2p.net/gfwlist +server=/.getiton.com/127.0.0.1#5353 +ipset=/.getiton.com/gfwlist +server=/.getlantern.org/127.0.0.1#5353 +ipset=/.getlantern.org/gfwlist +server=/.getmdl.io/127.0.0.1#5353 +ipset=/.getmdl.io/gfwlist +server=/.getoutline.org/127.0.0.1#5353 +ipset=/.getoutline.org/gfwlist +server=/.getsocialscope.com/127.0.0.1#5353 +ipset=/.getsocialscope.com/gfwlist +server=/.getsync.com/127.0.0.1#5353 +ipset=/.getsync.com/gfwlist +server=/.gettrials.com/127.0.0.1#5353 +ipset=/.gettrials.com/gfwlist +server=/.gettyimages.com/127.0.0.1#5353 +ipset=/.gettyimages.com/gfwlist +server=/.getuploader.com/127.0.0.1#5353 +ipset=/.getuploader.com/gfwlist +server=/.gfbv.de/127.0.0.1#5353 +ipset=/.gfbv.de/gfwlist +server=/.gfgold.com.hk/127.0.0.1#5353 +ipset=/.gfgold.com.hk/gfwlist +server=/.gfsale.com/127.0.0.1#5353 +ipset=/.gfsale.com/gfwlist +server=/.gfw.org.ua/127.0.0.1#5353 +ipset=/.gfw.org.ua/gfwlist +server=/.gfw.press/127.0.0.1#5353 +ipset=/.gfw.press/gfwlist +server=/.ggpht.com/127.0.0.1#5353 +ipset=/.ggpht.com/gfwlist +server=/.ggssl.com/127.0.0.1#5353 +ipset=/.ggssl.com/gfwlist +server=/.ghostpath.com/127.0.0.1#5353 +ipset=/.ghostpath.com/gfwlist +server=/.ghut.org/127.0.0.1#5353 +ipset=/.ghut.org/gfwlist +server=/.giantessnight.com/127.0.0.1#5353 +ipset=/.giantessnight.com/gfwlist +server=/.gifree.com/127.0.0.1#5353 +ipset=/.gifree.com/gfwlist +server=/.giga-web.jp/127.0.0.1#5353 +ipset=/.giga-web.jp/gfwlist +server=/.gigporno.ru/127.0.0.1#5353 +ipset=/.gigporno.ru/gfwlist +server=/.girlbanker.com/127.0.0.1#5353 +ipset=/.girlbanker.com/gfwlist +server=/.gist.github.com/127.0.0.1#5353 +ipset=/.gist.github.com/gfwlist +server=/.git.io/127.0.0.1#5353 +ipset=/.git.io/gfwlist +server=/.gizlen.net/127.0.0.1#5353 +ipset=/.gizlen.net/gfwlist +server=/.gjczz.com/127.0.0.1#5353 +ipset=/.gjczz.com/gfwlist +server=/.glass8.eu/127.0.0.1#5353 +ipset=/.glass8.eu/gfwlist +server=/.global.bing.com/127.0.0.1#5353 +ipset=/.global.bing.com/gfwlist +server=/.globaljihad.net/127.0.0.1#5353 +ipset=/.globaljihad.net/gfwlist +server=/.globalmediaoutreach.com/127.0.0.1#5353 +ipset=/.globalmediaoutreach.com/gfwlist +server=/.globalmuseumoncommunism.org/127.0.0.1#5353 +ipset=/.globalmuseumoncommunism.org/gfwlist +server=/.globalrescue.net/127.0.0.1#5353 +ipset=/.globalrescue.net/gfwlist +server=/.globaltm.org/127.0.0.1#5353 +ipset=/.globaltm.org/gfwlist +server=/.globalvoices.org/127.0.0.1#5353 +ipset=/.globalvoices.org/gfwlist +server=/.globalvoicesonline.org/127.0.0.1#5353 +ipset=/.globalvoicesonline.org/gfwlist +server=/.globalvpn.net/127.0.0.1#5353 +ipset=/.globalvpn.net/gfwlist +server=/.glock.com/127.0.0.1#5353 +ipset=/.glock.com/gfwlist +server=/.gloryhole.com/127.0.0.1#5353 +ipset=/.gloryhole.com/gfwlist +server=/.glorystar.me/127.0.0.1#5353 +ipset=/.glorystar.me/gfwlist +server=/.glype.com/127.0.0.1#5353 +ipset=/.glype.com/gfwlist +server=/.gmail.com/127.0.0.1#5353 +ipset=/.gmail.com/gfwlist +server=/.gmbd.cn/127.0.0.1#5353 +ipset=/.gmbd.cn/gfwlist +server=/.gmhz.org/127.0.0.1#5353 +ipset=/.gmhz.org/gfwlist +server=/.gmll.org/127.0.0.1#5353 +ipset=/.gmll.org/gfwlist +server=/.gmodules.com/127.0.0.1#5353 +ipset=/.gmodules.com/gfwlist +server=/.gmozomg.izihost.org/127.0.0.1#5353 +ipset=/.gmozomg.izihost.org/gfwlist +server=/.gnci.org.hk/127.0.0.1#5353 +ipset=/.gnci.org.hk/gfwlist +server=/.go-pki.com/127.0.0.1#5353 +ipset=/.go-pki.com/gfwlist +server=/.go.nesnode.com/127.0.0.1#5353 +ipset=/.go.nesnode.com/gfwlist +server=/.go141.com/127.0.0.1#5353 +ipset=/.go141.com/gfwlist +server=/.goagent.biz/127.0.0.1#5353 +ipset=/.goagent.biz/gfwlist +server=/.goagent.codeplex.com/127.0.0.1#5353 +ipset=/.goagent.codeplex.com/gfwlist +server=/.goagentplus.com/127.0.0.1#5353 +ipset=/.goagentplus.com/gfwlist +server=/.gobet.cc/127.0.0.1#5353 +ipset=/.gobet.cc/gfwlist +server=/.godfootsteps.org/127.0.0.1#5353 +ipset=/.godfootsteps.org/gfwlist +server=/.godns.work/127.0.0.1#5353 +ipset=/.godns.work/gfwlist +server=/.godoc.org/127.0.0.1#5353 +ipset=/.godoc.org/gfwlist +server=/.godsdirectcontact.co.uk/127.0.0.1#5353 +ipset=/.godsdirectcontact.co.uk/gfwlist +server=/.godsdirectcontact.org/127.0.0.1#5353 +ipset=/.godsdirectcontact.org/gfwlist +server=/.godsimmediatecontact.com/127.0.0.1#5353 +ipset=/.godsimmediatecontact.com/gfwlist +server=/.gogotunnel.com/127.0.0.1#5353 +ipset=/.gogotunnel.com/gfwlist +server=/.gohappy.com.tw/127.0.0.1#5353 +ipset=/.gohappy.com.tw/gfwlist +server=/.gojet.krtco.com.tw/127.0.0.1#5353 +ipset=/.gojet.krtco.com.tw/gfwlist +server=/.gokbayrak.com/127.0.0.1#5353 +ipset=/.gokbayrak.com/gfwlist +server=/.golang.org/127.0.0.1#5353 +ipset=/.golang.org/gfwlist +server=/.goldbet.com/127.0.0.1#5353 +ipset=/.goldbet.com/gfwlist +server=/.goldbetsports.com/127.0.0.1#5353 +ipset=/.goldbetsports.com/gfwlist +server=/.goldeneyevault.com/127.0.0.1#5353 +ipset=/.goldeneyevault.com/gfwlist +server=/.goldenfrog.com/127.0.0.1#5353 +ipset=/.goldenfrog.com/gfwlist +server=/.goldjizz.com/127.0.0.1#5353 +ipset=/.goldjizz.com/gfwlist +server=/.goldstep.net/127.0.0.1#5353 +ipset=/.goldstep.net/gfwlist +server=/.goldwave.com/127.0.0.1#5353 +ipset=/.goldwave.com/gfwlist +server=/.gongm.in/127.0.0.1#5353 +ipset=/.gongm.in/gfwlist +server=/.gongmeng.info/127.0.0.1#5353 +ipset=/.gongmeng.info/gfwlist +server=/.gongminliliang.com/127.0.0.1#5353 +ipset=/.gongminliliang.com/gfwlist +server=/.gongwt.com/127.0.0.1#5353 +ipset=/.gongwt.com/gfwlist +server=/.goo.gl/127.0.0.1#5353 +ipset=/.goo.gl/gfwlist +server=/.gooday.xyz/127.0.0.1#5353 +ipset=/.gooday.xyz/gfwlist +server=/.gooddns.info/127.0.0.1#5353 +ipset=/.gooddns.info/gfwlist +server=/.goodreaders.com/127.0.0.1#5353 +ipset=/.goodreaders.com/gfwlist +server=/.goodreads.com/127.0.0.1#5353 +ipset=/.goodreads.com/gfwlist +server=/.goodtv.com.tw/127.0.0.1#5353 +ipset=/.goodtv.com.tw/gfwlist +server=/.goodtv.tv/127.0.0.1#5353 +ipset=/.goodtv.tv/gfwlist +server=/.goofind.com/127.0.0.1#5353 +ipset=/.goofind.com/gfwlist +server=/.google.ae/127.0.0.1#5353 +ipset=/.google.ae/gfwlist +server=/.google.am/127.0.0.1#5353 +ipset=/.google.am/gfwlist +server=/.google.as/127.0.0.1#5353 +ipset=/.google.as/gfwlist +server=/.google.at/127.0.0.1#5353 +ipset=/.google.at/gfwlist +server=/.google.az/127.0.0.1#5353 +ipset=/.google.az/gfwlist +server=/.google.ba/127.0.0.1#5353 +ipset=/.google.ba/gfwlist +server=/.google.be/127.0.0.1#5353 +ipset=/.google.be/gfwlist +server=/.google.bg/127.0.0.1#5353 +ipset=/.google.bg/gfwlist +server=/.google.ca/127.0.0.1#5353 +ipset=/.google.ca/gfwlist +server=/.google.calstate.edu/127.0.0.1#5353 +ipset=/.google.calstate.edu/gfwlist +server=/.google.cd/127.0.0.1#5353 +ipset=/.google.cd/gfwlist +server=/.google.ci/127.0.0.1#5353 +ipset=/.google.ci/gfwlist +server=/.google.co.id/127.0.0.1#5353 +ipset=/.google.co.id/gfwlist +server=/.google.co.jp/127.0.0.1#5353 +ipset=/.google.co.jp/gfwlist +server=/.google.co.kr/127.0.0.1#5353 +ipset=/.google.co.kr/gfwlist +server=/.google.co.ma/127.0.0.1#5353 +ipset=/.google.co.ma/gfwlist +server=/.google.co.uk/127.0.0.1#5353 +ipset=/.google.co.uk/gfwlist +server=/.google.com/127.0.0.1#5353 +ipset=/.google.com/gfwlist +server=/.google.de/127.0.0.1#5353 +ipset=/.google.de/gfwlist +server=/.google.dj/127.0.0.1#5353 +ipset=/.google.dj/gfwlist +server=/.google.dk/127.0.0.1#5353 +ipset=/.google.dk/gfwlist +server=/.google.es/127.0.0.1#5353 +ipset=/.google.es/gfwlist +server=/.google.fi/127.0.0.1#5353 +ipset=/.google.fi/gfwlist +server=/.google.fm/127.0.0.1#5353 +ipset=/.google.fm/gfwlist +server=/.google.fr/127.0.0.1#5353 +ipset=/.google.fr/gfwlist +server=/.google.gg/127.0.0.1#5353 +ipset=/.google.gg/gfwlist +server=/.google.gl/127.0.0.1#5353 +ipset=/.google.gl/gfwlist +server=/.google.gr/127.0.0.1#5353 +ipset=/.google.gr/gfwlist +server=/.google.ie/127.0.0.1#5353 +ipset=/.google.ie/gfwlist +server=/.google.is/127.0.0.1#5353 +ipset=/.google.is/gfwlist +server=/.google.it/127.0.0.1#5353 +ipset=/.google.it/gfwlist +server=/.google.jo/127.0.0.1#5353 +ipset=/.google.jo/gfwlist +server=/.google.kz/127.0.0.1#5353 +ipset=/.google.kz/gfwlist +server=/.google.lv/127.0.0.1#5353 +ipset=/.google.lv/gfwlist +server=/.google.mn/127.0.0.1#5353 +ipset=/.google.mn/gfwlist +server=/.google.ms/127.0.0.1#5353 +ipset=/.google.ms/gfwlist +server=/.google.nl/127.0.0.1#5353 +ipset=/.google.nl/gfwlist +server=/.google.no/127.0.0.1#5353 +ipset=/.google.no/gfwlist +server=/.google.nu/127.0.0.1#5353 +ipset=/.google.nu/gfwlist +server=/.google.ro/127.0.0.1#5353 +ipset=/.google.ro/gfwlist +server=/.google.ru/127.0.0.1#5353 +ipset=/.google.ru/gfwlist +server=/.google.rw/127.0.0.1#5353 +ipset=/.google.rw/gfwlist +server=/.google.sc/127.0.0.1#5353 +ipset=/.google.sc/gfwlist +server=/.google.sh/127.0.0.1#5353 +ipset=/.google.sh/gfwlist +server=/.google.sk/127.0.0.1#5353 +ipset=/.google.sk/gfwlist +server=/.google.sm/127.0.0.1#5353 +ipset=/.google.sm/gfwlist +server=/.google.sn/127.0.0.1#5353 +ipset=/.google.sn/gfwlist +server=/.google.tk/127.0.0.1#5353 +ipset=/.google.tk/gfwlist +server=/.google.tm/127.0.0.1#5353 +ipset=/.google.tm/gfwlist +server=/.google.to/127.0.0.1#5353 +ipset=/.google.to/gfwlist +server=/.google.tt/127.0.0.1#5353 +ipset=/.google.tt/gfwlist +server=/.google.vu/127.0.0.1#5353 +ipset=/.google.vu/gfwlist +server=/.google.ws/127.0.0.1#5353 +ipset=/.google.ws/gfwlist +server=/.googleapis.cn/127.0.0.1#5353 +ipset=/.googleapis.cn/gfwlist +server=/.googleapis.com/127.0.0.1#5353 +ipset=/.googleapis.com/gfwlist +server=/.googleapps.com/127.0.0.1#5353 +ipset=/.googleapps.com/gfwlist +server=/.googlearth.com/127.0.0.1#5353 +ipset=/.googlearth.com/gfwlist +server=/.googleartproject.com/127.0.0.1#5353 +ipset=/.googleartproject.com/gfwlist +server=/.googleblog.com/127.0.0.1#5353 +ipset=/.googleblog.com/gfwlist +server=/.googlebot.com/127.0.0.1#5353 +ipset=/.googlebot.com/gfwlist +server=/.googlechinawebmaster.com/127.0.0.1#5353 +ipset=/.googlechinawebmaster.com/gfwlist +server=/.googlecode.com/127.0.0.1#5353 +ipset=/.googlecode.com/gfwlist +server=/.googlecommerce.com/127.0.0.1#5353 +ipset=/.googlecommerce.com/gfwlist +server=/.googledomains.com/127.0.0.1#5353 +ipset=/.googledomains.com/gfwlist +server=/.googledrive.com/127.0.0.1#5353 +ipset=/.googledrive.com/gfwlist +server=/.googleearth.com/127.0.0.1#5353 +ipset=/.googleearth.com/gfwlist +server=/.googlegroups.com/127.0.0.1#5353 +ipset=/.googlegroups.com/gfwlist +server=/.googlehosted.com/127.0.0.1#5353 +ipset=/.googlehosted.com/gfwlist +server=/.googleideas.com/127.0.0.1#5353 +ipset=/.googleideas.com/gfwlist +server=/.googleinsidesearch.com/127.0.0.1#5353 +ipset=/.googleinsidesearch.com/gfwlist +server=/.googlelabs.com/127.0.0.1#5353 +ipset=/.googlelabs.com/gfwlist +server=/.googlemail.com/127.0.0.1#5353 +ipset=/.googlemail.com/gfwlist +server=/.googlemashups.com/127.0.0.1#5353 +ipset=/.googlemashups.com/gfwlist +server=/.googlepagecreator.com/127.0.0.1#5353 +ipset=/.googlepagecreator.com/gfwlist +server=/.googleplay.com/127.0.0.1#5353 +ipset=/.googleplay.com/gfwlist +server=/.googleplus.com/127.0.0.1#5353 +ipset=/.googleplus.com/gfwlist +server=/.googlescholar.com/127.0.0.1#5353 +ipset=/.googlescholar.com/gfwlist +server=/.googlesile.com/127.0.0.1#5353 +ipset=/.googlesile.com/gfwlist +server=/.googlesource.com/127.0.0.1#5353 +ipset=/.googlesource.com/gfwlist +server=/.googleusercontent.com/127.0.0.1#5353 +ipset=/.googleusercontent.com/gfwlist +server=/.googlevideo.com/127.0.0.1#5353 +ipset=/.googlevideo.com/gfwlist +server=/.googleweblight.com/127.0.0.1#5353 +ipset=/.googleweblight.com/gfwlist +server=/.googlezip.net/127.0.0.1#5353 +ipset=/.googlezip.net/gfwlist +server=/.gopetition.com/127.0.0.1#5353 +ipset=/.gopetition.com/gfwlist +server=/.goproxing.net/127.0.0.1#5353 +ipset=/.goproxing.net/gfwlist +server=/.gospelherald.com/127.0.0.1#5353 +ipset=/.gospelherald.com/gfwlist +server=/.got-game.org/127.0.0.1#5353 +ipset=/.got-game.org/gfwlist +server=/.gotdns.ch/127.0.0.1#5353 +ipset=/.gotdns.ch/gfwlist +server=/.gotgeeks.com/127.0.0.1#5353 +ipset=/.gotgeeks.com/gfwlist +server=/.gotrusted.com/127.0.0.1#5353 +ipset=/.gotrusted.com/gfwlist +server=/.gotw.ca/127.0.0.1#5353 +ipset=/.gotw.ca/gfwlist +server=/.gov.cn/127.0.0.1#5353 +ipset=/.gov.cn/gfwlist +server=/.gov.taipei/127.0.0.1#5353 +ipset=/.gov.taipei/gfwlist +server=/.gov.tw/127.0.0.1#5353 +ipset=/.gov.tw/gfwlist +server=/.gr8domain.biz/127.0.0.1#5353 +ipset=/.gr8domain.biz/gfwlist +server=/.gr8name.biz/127.0.0.1#5353 +ipset=/.gr8name.biz/gfwlist +server=/.grammaly.com/127.0.0.1#5353 +ipset=/.grammaly.com/gfwlist +server=/.grandtrial.org/127.0.0.1#5353 +ipset=/.grandtrial.org/gfwlist +server=/.grangorz.org/127.0.0.1#5353 +ipset=/.grangorz.org/gfwlist +server=/.graphis.ne.jp/127.0.0.1#5353 +ipset=/.graphis.ne.jp/gfwlist +server=/.graphql.org/127.0.0.1#5353 +ipset=/.graphql.org/gfwlist +server=/.grb.gov.tw/127.0.0.1#5353 +ipset=/.grb.gov.tw/gfwlist +server=/.greasespot.net/127.0.0.1#5353 +ipset=/.greasespot.net/gfwlist +server=/.great-firewall.com/127.0.0.1#5353 +ipset=/.great-firewall.com/gfwlist +server=/.great-roc.org/127.0.0.1#5353 +ipset=/.great-roc.org/gfwlist +server=/.greatfire.org/127.0.0.1#5353 +ipset=/.greatfire.org/gfwlist +server=/.greatfire.us7.list-manage.com/127.0.0.1#5353 +ipset=/.greatfire.us7.list-manage.com/gfwlist +server=/.greatfirewall.biz/127.0.0.1#5353 +ipset=/.greatfirewall.biz/gfwlist +server=/.greatfirewallofchina.net/127.0.0.1#5353 +ipset=/.greatfirewallofchina.net/gfwlist +server=/.greatfirewallofchina.org/127.0.0.1#5353 +ipset=/.greatfirewallofchina.org/gfwlist +server=/.greatroc.org/127.0.0.1#5353 +ipset=/.greatroc.org/gfwlist +server=/.greatroc.tw/127.0.0.1#5353 +ipset=/.greatroc.tw/gfwlist +server=/.greatzhonghua.org/127.0.0.1#5353 +ipset=/.greatzhonghua.org/gfwlist +server=/.greenfieldbookstore.com.hk/127.0.0.1#5353 +ipset=/.greenfieldbookstore.com.hk/gfwlist +server=/.greenparty.org.tw/127.0.0.1#5353 +ipset=/.greenparty.org.tw/gfwlist +server=/.greenpeace.com.tw/127.0.0.1#5353 +ipset=/.greenpeace.com.tw/gfwlist +server=/.greenpeace.org/127.0.0.1#5353 +ipset=/.greenpeace.org/gfwlist +server=/.greenvpn.net/127.0.0.1#5353 +ipset=/.greenvpn.net/gfwlist +server=/.greenvpn.org/127.0.0.1#5353 +ipset=/.greenvpn.org/gfwlist +server=/.grotty-monday.com/127.0.0.1#5353 +ipset=/.grotty-monday.com/gfwlist +server=/.groups.google.cn/127.0.0.1#5353 +ipset=/.groups.google.cn/gfwlist +server=/.gs-discuss.com/127.0.0.1#5353 +ipset=/.gs-discuss.com/gfwlist +server=/.gsp.target.com/127.0.0.1#5353 +ipset=/.gsp.target.com/gfwlist +server=/.gstatic.com/127.0.0.1#5353 +ipset=/.gstatic.com/gfwlist +server=/.gtricks.com/127.0.0.1#5353 +ipset=/.gtricks.com/gfwlist +server=/.gts-vpn.com/127.0.0.1#5353 +ipset=/.gts-vpn.com/gfwlist +server=/.gu-chu-sum.org/127.0.0.1#5353 +ipset=/.gu-chu-sum.org/gfwlist +server=/.guaguass.com/127.0.0.1#5353 +ipset=/.guaguass.com/gfwlist +server=/.guaguass.org/127.0.0.1#5353 +ipset=/.guaguass.org/gfwlist +server=/.guancha.org/127.0.0.1#5353 +ipset=/.guancha.org/gfwlist +server=/.guaneryu.com/127.0.0.1#5353 +ipset=/.guaneryu.com/gfwlist +server=/.guangming.com.my/127.0.0.1#5353 +ipset=/.guangming.com.my/gfwlist +server=/.guardster.com/127.0.0.1#5353 +ipset=/.guardster.com/gfwlist +server=/.guishan.org/127.0.0.1#5353 +ipset=/.guishan.org/gfwlist +server=/.gumroad.com/127.0.0.1#5353 +ipset=/.gumroad.com/gfwlist +server=/.gun-world.net/127.0.0.1#5353 +ipset=/.gun-world.net/gfwlist +server=/.gunsamerica.com/127.0.0.1#5353 +ipset=/.gunsamerica.com/gfwlist +server=/.gunsandammo.com/127.0.0.1#5353 +ipset=/.gunsandammo.com/gfwlist +server=/.guo.media/127.0.0.1#5353 +ipset=/.guo.media/gfwlist +server=/.guruonline.hk/127.0.0.1#5353 +ipset=/.guruonline.hk/gfwlist +server=/.gutteruncensored.com/127.0.0.1#5353 +ipset=/.gutteruncensored.com/gfwlist +server=/.gvlib.com/127.0.0.1#5353 +ipset=/.gvlib.com/gfwlist +server=/.gvm.com.tw/127.0.0.1#5353 +ipset=/.gvm.com.tw/gfwlist +server=/.gvt0.com/127.0.0.1#5353 +ipset=/.gvt0.com/gfwlist +server=/.gvt1.com/127.0.0.1#5353 +ipset=/.gvt1.com/gfwlist +server=/.gvt3.com/127.0.0.1#5353 +ipset=/.gvt3.com/gfwlist +server=/.gwtproject.org/127.0.0.1#5353 +ipset=/.gwtproject.org/gfwlist +server=/.gyalwarinpoche.com/127.0.0.1#5353 +ipset=/.gyalwarinpoche.com/gfwlist +server=/.gyatsostudio.com/127.0.0.1#5353 +ipset=/.gyatsostudio.com/gfwlist +server=/.gysd.nyc.gov.tw/127.0.0.1#5353 +ipset=/.gysd.nyc.gov.tw/gfwlist +server=/.gzm.tv/127.0.0.1#5353 +ipset=/.gzm.tv/gfwlist +server=/.gzone-anime.info/127.0.0.1#5353 +ipset=/.gzone-anime.info/gfwlist +server=/.h-china.org/127.0.0.1#5353 +ipset=/.h-china.org/gfwlist +server=/.h-moe.com/127.0.0.1#5353 +ipset=/.h-moe.com/gfwlist +server=/.h1n1china.org/127.0.0.1#5353 +ipset=/.h1n1china.org/gfwlist +server=/.h528.com/127.0.0.1#5353 +ipset=/.h528.com/gfwlist +server=/.h5dm.com/127.0.0.1#5353 +ipset=/.h5dm.com/gfwlist +server=/.h5galgame.me/127.0.0.1#5353 +ipset=/.h5galgame.me/gfwlist +server=/.hacg.club/127.0.0.1#5353 +ipset=/.hacg.club/gfwlist +server=/.hacg.in/127.0.0.1#5353 +ipset=/.hacg.in/gfwlist +server=/.hacg.li/127.0.0.1#5353 +ipset=/.hacg.li/gfwlist +server=/.hacg.me/127.0.0.1#5353 +ipset=/.hacg.me/gfwlist +server=/.hacg.red/127.0.0.1#5353 +ipset=/.hacg.red/gfwlist +server=/.hacker.org/127.0.0.1#5353 +ipset=/.hacker.org/gfwlist +server=/.hackthatphone.net/127.0.0.1#5353 +ipset=/.hackthatphone.net/gfwlist +server=/.hahaxixi.github.io/127.0.0.1#5353 +ipset=/.hahaxixi.github.io/gfwlist +server=/.hahlo.com/127.0.0.1#5353 +ipset=/.hahlo.com/gfwlist +server=/.hakkatv.org.tw/127.0.0.1#5353 +ipset=/.hakkatv.org.tw/gfwlist +server=/.handcraftedsoftware.org/127.0.0.1#5353 +ipset=/.handcraftedsoftware.org/gfwlist +server=/.hanunyi.com/127.0.0.1#5353 +ipset=/.hanunyi.com/gfwlist +server=/.haoel.github.io/127.0.0.1#5353 +ipset=/.haoel.github.io/gfwlist +server=/.haosou.com/127.0.0.1#5353 +ipset=/.haosou.com/gfwlist +server=/.happy-vpn.com/127.0.0.1#5353 +ipset=/.happy-vpn.com/gfwlist +server=/.haproxy.org/127.0.0.1#5353 +ipset=/.haproxy.org/gfwlist +server=/.hardsextube.com/127.0.0.1#5353 +ipset=/.hardsextube.com/gfwlist +server=/.harunyahya.com/127.0.0.1#5353 +ipset=/.harunyahya.com/gfwlist +server=/.hautelook.com/127.0.0.1#5353 +ipset=/.hautelook.com/gfwlist +server=/.hautelookcdn.com/127.0.0.1#5353 +ipset=/.hautelookcdn.com/gfwlist +server=/.have8.com/127.0.0.1#5353 +ipset=/.have8.com/gfwlist +server=/.haygo.com/127.0.0.1#5353 +ipset=/.haygo.com/gfwlist +server=/.hbo.com/127.0.0.1#5353 +ipset=/.hbo.com/gfwlist +server=/.hchcc.gov.tw/127.0.0.1#5353 +ipset=/.hchcc.gov.tw/gfwlist +server=/.hclips.com/127.0.0.1#5353 +ipset=/.hclips.com/gfwlist +server=/.hdlt.me/127.0.0.1#5353 +ipset=/.hdlt.me/gfwlist +server=/.hdtvb.net/127.0.0.1#5353 +ipset=/.hdtvb.net/gfwlist +server=/.hdzog.com/127.0.0.1#5353 +ipset=/.hdzog.com/gfwlist +server=/.heartyit.com/127.0.0.1#5353 +ipset=/.heartyit.com/gfwlist +server=/.heavy-r.com/127.0.0.1#5353 +ipset=/.heavy-r.com/gfwlist +server=/.hec.su/127.0.0.1#5353 +ipset=/.hec.su/gfwlist +server=/.hecaitou.net/127.0.0.1#5353 +ipset=/.hecaitou.net/gfwlist +server=/.hechaji.com/127.0.0.1#5353 +ipset=/.hechaji.com/gfwlist +server=/.heeact.edu.tw/127.0.0.1#5353 +ipset=/.heeact.edu.tw/gfwlist +server=/.hegre-art.com/127.0.0.1#5353 +ipset=/.hegre-art.com/gfwlist +server=/.heix.pp.ru/127.0.0.1#5353 +ipset=/.heix.pp.ru/gfwlist +server=/.helloandroid.com/127.0.0.1#5353 +ipset=/.helloandroid.com/gfwlist +server=/.helloqueer.com/127.0.0.1#5353 +ipset=/.helloqueer.com/gfwlist +server=/.helloss.pw/127.0.0.1#5353 +ipset=/.helloss.pw/gfwlist +server=/.hellotxt.com/127.0.0.1#5353 +ipset=/.hellotxt.com/gfwlist +server=/.help.linksalpha.com/127.0.0.1#5353 +ipset=/.help.linksalpha.com/gfwlist +server=/.helpeachpeople.com/127.0.0.1#5353 +ipset=/.helpeachpeople.com/gfwlist +server=/.helplinfen.com/127.0.0.1#5353 +ipset=/.helplinfen.com/gfwlist +server=/.helpster.de/127.0.0.1#5353 +ipset=/.helpster.de/gfwlist +server=/.helpzhuling.org/127.0.0.1#5353 +ipset=/.helpzhuling.org/gfwlist +server=/.hentai.to/127.0.0.1#5353 +ipset=/.hentai.to/gfwlist +server=/.hentaitube.tv/127.0.0.1#5353 +ipset=/.hentaitube.tv/gfwlist +server=/.hentaivideoworld.com/127.0.0.1#5353 +ipset=/.hentaivideoworld.com/gfwlist +server=/.heqinglian.net/127.0.0.1#5353 +ipset=/.heqinglian.net/gfwlist +server=/.heungkongdiscuss.com/127.0.0.1#5353 +ipset=/.heungkongdiscuss.com/gfwlist +server=/.hexieshe.com/127.0.0.1#5353 +ipset=/.hexieshe.com/gfwlist +server=/.hexieshe.xyz/127.0.0.1#5353 +ipset=/.hexieshe.xyz/gfwlist +server=/.hexxeh.net/127.0.0.1#5353 +ipset=/.hexxeh.net/gfwlist +server=/.heyzo.com/127.0.0.1#5353 +ipset=/.heyzo.com/gfwlist +server=/.hgseav.com/127.0.0.1#5353 +ipset=/.hgseav.com/gfwlist +server=/.hhdcb3office.org/127.0.0.1#5353 +ipset=/.hhdcb3office.org/gfwlist +server=/.hhthesakyatrizin.org/127.0.0.1#5353 +ipset=/.hhthesakyatrizin.org/gfwlist +server=/.hi-on.org.tw/127.0.0.1#5353 +ipset=/.hi-on.org.tw/gfwlist +server=/.hidden-advent.org/127.0.0.1#5353 +ipset=/.hidden-advent.org/gfwlist +server=/.hide.me/127.0.0.1#5353 +ipset=/.hide.me/gfwlist +server=/.hidein.net/127.0.0.1#5353 +ipset=/.hidein.net/gfwlist +server=/.hideipvpn.com/127.0.0.1#5353 +ipset=/.hideipvpn.com/gfwlist +server=/.hideman.net/127.0.0.1#5353 +ipset=/.hideman.net/gfwlist +server=/.hideme.nl/127.0.0.1#5353 +ipset=/.hideme.nl/gfwlist +server=/.hidemy.name/127.0.0.1#5353 +ipset=/.hidemy.name/gfwlist +server=/.hidemyass.com/127.0.0.1#5353 +ipset=/.hidemyass.com/gfwlist +server=/.hidemycomp.com/127.0.0.1#5353 +ipset=/.hidemycomp.com/gfwlist +server=/.higfw.com/127.0.0.1#5353 +ipset=/.higfw.com/gfwlist +server=/.highpeakspureearth.com/127.0.0.1#5353 +ipset=/.highpeakspureearth.com/gfwlist +server=/.highrockmedia.com/127.0.0.1#5353 +ipset=/.highrockmedia.com/gfwlist +server=/.hihiforum.com/127.0.0.1#5353 +ipset=/.hihiforum.com/gfwlist +server=/.hihistory.net/127.0.0.1#5353 +ipset=/.hihistory.net/gfwlist +server=/.hiitch.com/127.0.0.1#5353 +ipset=/.hiitch.com/gfwlist +server=/.hikinggfw.org/127.0.0.1#5353 +ipset=/.hikinggfw.org/gfwlist +server=/.hilive.tv/127.0.0.1#5353 +ipset=/.hilive.tv/gfwlist +server=/.himalayan-foundation.org/127.0.0.1#5353 +ipset=/.himalayan-foundation.org/gfwlist +server=/.himalayanglacier.com/127.0.0.1#5353 +ipset=/.himalayanglacier.com/gfwlist +server=/.himemix.com/127.0.0.1#5353 +ipset=/.himemix.com/gfwlist +server=/.himemix.net/127.0.0.1#5353 +ipset=/.himemix.net/gfwlist +server=/.hitbtc.com/127.0.0.1#5353 +ipset=/.hitbtc.com/gfwlist +server=/.hitomi.la/127.0.0.1#5353 +ipset=/.hitomi.la/gfwlist +server=/.hiwifi.com/127.0.0.1#5353 +ipset=/.hiwifi.com/gfwlist +server=/.hizb-ut-tahrir.info/127.0.0.1#5353 +ipset=/.hizb-ut-tahrir.info/gfwlist +server=/.hizb-ut-tahrir.org/127.0.0.1#5353 +ipset=/.hizb-ut-tahrir.org/gfwlist +server=/.hizbuttahrir.org/127.0.0.1#5353 +ipset=/.hizbuttahrir.org/gfwlist +server=/.hjclub.info/127.0.0.1#5353 +ipset=/.hjclub.info/gfwlist +server=/.hk-pub.com/127.0.0.1#5353 +ipset=/.hk-pub.com/gfwlist +server=/.hk.geocities.com/127.0.0.1#5353 +ipset=/.hk.geocities.com/gfwlist +server=/.hk.hao123img.com/127.0.0.1#5353 +ipset=/.hk.hao123img.com/gfwlist +server=/.hk.jiepang.com/127.0.0.1#5353 +ipset=/.hk.jiepang.com/gfwlist +server=/.hk.knowledge.yahoo.com/127.0.0.1#5353 +ipset=/.hk.knowledge.yahoo.com/gfwlist +server=/.hk.myblog.yahoo.com/127.0.0.1#5353 +ipset=/.hk.myblog.yahoo.com/gfwlist +server=/.hk.news.yahoo.com/127.0.0.1#5353 +ipset=/.hk.news.yahoo.com/gfwlist +server=/.hk.rd.yahoo.com/127.0.0.1#5353 +ipset=/.hk.rd.yahoo.com/gfwlist +server=/.hk.v2ex.com/127.0.0.1#5353 +ipset=/.hk.v2ex.com/gfwlist +server=/.hk.yahoo.com/127.0.0.1#5353 +ipset=/.hk.yahoo.com/gfwlist +server=/.hk01.com/127.0.0.1#5353 +ipset=/.hk01.com/gfwlist +server=/.hk32168.com/127.0.0.1#5353 +ipset=/.hk32168.com/gfwlist +server=/.hka8964.wordpress.com/127.0.0.1#5353 +ipset=/.hka8964.wordpress.com/gfwlist +server=/.hkacg.com/127.0.0.1#5353 +ipset=/.hkacg.com/gfwlist +server=/.hkacg.net/127.0.0.1#5353 +ipset=/.hkacg.net/gfwlist +server=/.hkanews.wordpress.com/127.0.0.1#5353 +ipset=/.hkanews.wordpress.com/gfwlist +server=/.hkatvnews.com/127.0.0.1#5353 +ipset=/.hkatvnews.com/gfwlist +server=/.hkbc.net/127.0.0.1#5353 +ipset=/.hkbc.net/gfwlist +server=/.hkbf.org/127.0.0.1#5353 +ipset=/.hkbf.org/gfwlist +server=/.hkbookcity.com/127.0.0.1#5353 +ipset=/.hkbookcity.com/gfwlist +server=/.hkchurch.org/127.0.0.1#5353 +ipset=/.hkchurch.org/gfwlist +server=/.hkci.org.hk/127.0.0.1#5353 +ipset=/.hkci.org.hk/gfwlist +server=/.hkcmi.edu/127.0.0.1#5353 +ipset=/.hkcmi.edu/gfwlist +server=/.hkcnews.com/127.0.0.1#5353 +ipset=/.hkcnews.com/gfwlist +server=/.hkcoc.com/127.0.0.1#5353 +ipset=/.hkcoc.com/gfwlist +server=/.hkcoc.weather.com.hk/127.0.0.1#5353 +ipset=/.hkcoc.weather.com.hk/gfwlist +server=/.hkday.net/127.0.0.1#5353 +ipset=/.hkday.net/gfwlist +server=/.hkdf.org/127.0.0.1#5353 +ipset=/.hkdf.org/gfwlist +server=/.hkej.com/127.0.0.1#5353 +ipset=/.hkej.com/gfwlist +server=/.hkfaa.com/127.0.0.1#5353 +ipset=/.hkfaa.com/gfwlist +server=/.hkfreezone.com/127.0.0.1#5353 +ipset=/.hkfreezone.com/gfwlist +server=/.hkfront.org/127.0.0.1#5353 +ipset=/.hkfront.org/gfwlist +server=/.hkgolden.com/127.0.0.1#5353 +ipset=/.hkgolden.com/gfwlist +server=/.hkhkhk.com/127.0.0.1#5353 +ipset=/.hkhkhk.com/gfwlist +server=/.hkhrc.org.hk/127.0.0.1#5353 +ipset=/.hkhrc.org.hk/gfwlist +server=/.hkhrm.org.hk/127.0.0.1#5353 +ipset=/.hkhrm.org.hk/gfwlist +server=/.hkip.org.uk/127.0.0.1#5353 +ipset=/.hkip.org.uk/gfwlist +server=/.hkjc.com/127.0.0.1#5353 +ipset=/.hkjc.com/gfwlist +server=/.hkjp.org/127.0.0.1#5353 +ipset=/.hkjp.org/gfwlist +server=/.hklft.com/127.0.0.1#5353 +ipset=/.hklft.com/gfwlist +server=/.hklts.org.hk/127.0.0.1#5353 +ipset=/.hklts.org.hk/gfwlist +server=/.hkptu.org/127.0.0.1#5353 +ipset=/.hkptu.org/gfwlist +server=/.hkreporter.com/127.0.0.1#5353 +ipset=/.hkreporter.com/gfwlist +server=/.hkreporter.loved.hk/127.0.0.1#5353 +ipset=/.hkreporter.loved.hk/gfwlist +server=/.hkupop.hku.hk/127.0.0.1#5353 +ipset=/.hkupop.hku.hk/gfwlist +server=/.hkusu.net/127.0.0.1#5353 +ipset=/.hkusu.net/gfwlist +server=/.hkvwet.com/127.0.0.1#5353 +ipset=/.hkvwet.com/gfwlist +server=/.hkwcc.org.hk/127.0.0.1#5353 +ipset=/.hkwcc.org.hk/gfwlist +server=/.hkzone.org/127.0.0.1#5353 +ipset=/.hkzone.org/gfwlist +server=/.hmonghot.com/127.0.0.1#5353 +ipset=/.hmonghot.com/gfwlist +server=/.hmvdigital.ca/127.0.0.1#5353 +ipset=/.hmvdigital.ca/gfwlist +server=/.hmvdigital.com/127.0.0.1#5353 +ipset=/.hmvdigital.com/gfwlist +server=/.hnjhj.com/127.0.0.1#5353 +ipset=/.hnjhj.com/gfwlist +server=/.hnntube.com/127.0.0.1#5353 +ipset=/.hnntube.com/gfwlist +server=/.hola.com/127.0.0.1#5353 +ipset=/.hola.com/gfwlist +server=/.hola.org/127.0.0.1#5353 +ipset=/.hola.org/gfwlist +server=/.holymountaincn.com/127.0.0.1#5353 +ipset=/.holymountaincn.com/gfwlist +server=/.holyspiritspeaks.org/127.0.0.1#5353 +ipset=/.holyspiritspeaks.org/gfwlist +server=/.home.sina.com/127.0.0.1#5353 +ipset=/.home.sina.com/gfwlist +server=/.homedepot.com/127.0.0.1#5353 +ipset=/.homedepot.com/gfwlist +server=/.homeperversion.com/127.0.0.1#5353 +ipset=/.homeperversion.com/gfwlist +server=/.homeservershow.com/127.0.0.1#5353 +ipset=/.homeservershow.com/gfwlist +server=/.hongkongfp.com/127.0.0.1#5353 +ipset=/.hongkongfp.com/gfwlist +server=/.hongmeimei.com/127.0.0.1#5353 +ipset=/.hongmeimei.com/gfwlist +server=/.hongzhi.li/127.0.0.1#5353 +ipset=/.hongzhi.li/gfwlist +server=/.hootsuite.com/127.0.0.1#5353 +ipset=/.hootsuite.com/gfwlist +server=/.hoovers.com/127.0.0.1#5353 +ipset=/.hoovers.com/gfwlist +server=/.hopedialogue.org/127.0.0.1#5353 +ipset=/.hopedialogue.org/gfwlist +server=/.hopto.org/127.0.0.1#5353 +ipset=/.hopto.org/gfwlist +server=/.hornygamer.com/127.0.0.1#5353 +ipset=/.hornygamer.com/gfwlist +server=/.hornytrip.com/127.0.0.1#5353 +ipset=/.hornytrip.com/gfwlist +server=/.hotav.tv/127.0.0.1#5353 +ipset=/.hotav.tv/gfwlist +server=/.hotels.cn/127.0.0.1#5353 +ipset=/.hotels.cn/gfwlist +server=/.hotfrog.com.tw/127.0.0.1#5353 +ipset=/.hotfrog.com.tw/gfwlist +server=/.hotgoo.com/127.0.0.1#5353 +ipset=/.hotgoo.com/gfwlist +server=/.hotpornshow.com/127.0.0.1#5353 +ipset=/.hotpornshow.com/gfwlist +server=/.hotpot.hk/127.0.0.1#5353 +ipset=/.hotpot.hk/gfwlist +server=/.hotshame.com/127.0.0.1#5353 +ipset=/.hotshame.com/gfwlist +server=/.hotspotshield.com/127.0.0.1#5353 +ipset=/.hotspotshield.com/gfwlist +server=/.hotvpn.com/127.0.0.1#5353 +ipset=/.hotvpn.com/gfwlist +server=/.hougaige.com/127.0.0.1#5353 +ipset=/.hougaige.com/gfwlist +server=/.howtoforge.com/127.0.0.1#5353 +ipset=/.howtoforge.com/gfwlist +server=/.hoxx.com/127.0.0.1#5353 +ipset=/.hoxx.com/gfwlist +server=/.hpa.gov.tw/127.0.0.1#5353 +ipset=/.hpa.gov.tw/gfwlist +server=/.hqcdp.org/127.0.0.1#5353 +ipset=/.hqcdp.org/gfwlist +server=/.hqjapanesesex.com/127.0.0.1#5353 +ipset=/.hqjapanesesex.com/gfwlist +server=/.hqmovies.com/127.0.0.1#5353 +ipset=/.hqmovies.com/gfwlist +server=/.hqsbnet.wordpress.com/127.0.0.1#5353 +ipset=/.hqsbnet.wordpress.com/gfwlist +server=/.hqsbonline.wordpress.com/127.0.0.1#5353 +ipset=/.hqsbonline.wordpress.com/gfwlist +server=/.hrcchina.org/127.0.0.1#5353 +ipset=/.hrcchina.org/gfwlist +server=/.hrcir.com/127.0.0.1#5353 +ipset=/.hrcir.com/gfwlist +server=/.hrea.org/127.0.0.1#5353 +ipset=/.hrea.org/gfwlist +server=/.hrichina.org/127.0.0.1#5353 +ipset=/.hrichina.org/gfwlist +server=/.hrw.org/127.0.0.1#5353 +ipset=/.hrw.org/gfwlist +server=/.hrweb.org/127.0.0.1#5353 +ipset=/.hrweb.org/gfwlist +server=/.hsinchu-cc.gov.tw/127.0.0.1#5353 +ipset=/.hsinchu-cc.gov.tw/gfwlist +server=/.hsjp.net/127.0.0.1#5353 +ipset=/.hsjp.net/gfwlist +server=/.hsselite.com/127.0.0.1#5353 +ipset=/.hsselite.com/gfwlist +server=/.hst.net.tw/127.0.0.1#5353 +ipset=/.hst.net.tw/gfwlist +server=/.hstern.net/127.0.0.1#5353 +ipset=/.hstern.net/gfwlist +server=/.hstt.net/127.0.0.1#5353 +ipset=/.hstt.net/gfwlist +server=/.ht.ly/127.0.0.1#5353 +ipset=/.ht.ly/gfwlist +server=/.htkou.net/127.0.0.1#5353 +ipset=/.htkou.net/gfwlist +server=/.htl.li/127.0.0.1#5353 +ipset=/.htl.li/gfwlist +server=/.html5rocks.com/127.0.0.1#5353 +ipset=/.html5rocks.com/gfwlist +server=/.http2.golang.org/127.0.0.1#5353 +ipset=/.http2.golang.org/gfwlist +server=/.https443.net/127.0.0.1#5353 +ipset=/.https443.net/gfwlist +server=/.https443.org/127.0.0.1#5353 +ipset=/.https443.org/gfwlist +server=/.hua-yue.net/127.0.0.1#5353 +ipset=/.hua-yue.net/gfwlist +server=/.huaglad.com/127.0.0.1#5353 +ipset=/.huaglad.com/gfwlist +server=/.huanghuagang.org/127.0.0.1#5353 +ipset=/.huanghuagang.org/gfwlist +server=/.huangyiyu.com/127.0.0.1#5353 +ipset=/.huangyiyu.com/gfwlist +server=/.huaren.us/127.0.0.1#5353 +ipset=/.huaren.us/gfwlist +server=/.huaren4us.com/127.0.0.1#5353 +ipset=/.huaren4us.com/gfwlist +server=/.huashangnews.com/127.0.0.1#5353 +ipset=/.huashangnews.com/gfwlist +server=/.huaxia-news.com/127.0.0.1#5353 +ipset=/.huaxia-news.com/gfwlist +server=/.huaxiabao.org/127.0.0.1#5353 +ipset=/.huaxiabao.org/gfwlist +server=/.huaxin.ph/127.0.0.1#5353 +ipset=/.huaxin.ph/gfwlist +server=/.huayuworld.org/127.0.0.1#5353 +ipset=/.huayuworld.org/gfwlist +server=/.hudatoriq.web.id/127.0.0.1#5353 +ipset=/.hudatoriq.web.id/gfwlist +server=/.hugoroy.eu/127.0.0.1#5353 +ipset=/.hugoroy.eu/gfwlist +server=/.huhaitai.com/127.0.0.1#5353 +ipset=/.huhaitai.com/gfwlist +server=/.huhamhire.com/127.0.0.1#5353 +ipset=/.huhamhire.com/gfwlist +server=/.huiyi.in/127.0.0.1#5353 +ipset=/.huiyi.in/gfwlist +server=/.hulkshare.com/127.0.0.1#5353 +ipset=/.hulkshare.com/gfwlist +server=/.hulu.com/127.0.0.1#5353 +ipset=/.hulu.com/gfwlist +server=/.huluim.com/127.0.0.1#5353 +ipset=/.huluim.com/gfwlist +server=/.humanrightsbriefing.org/127.0.0.1#5353 +ipset=/.humanrightsbriefing.org/gfwlist +server=/.hung-ya.com/127.0.0.1#5353 +ipset=/.hung-ya.com/gfwlist +server=/.hungerstrikeforaids.org/127.0.0.1#5353 +ipset=/.hungerstrikeforaids.org/gfwlist +server=/.huobi.com/127.0.0.1#5353 +ipset=/.huobi.com/gfwlist +server=/.huobi.pro/127.0.0.1#5353 +ipset=/.huobi.pro/gfwlist +server=/.huobipro.com/127.0.0.1#5353 +ipset=/.huobipro.com/gfwlist +server=/.huping.net/127.0.0.1#5353 +ipset=/.huping.net/gfwlist +server=/.hurgokbayrak.com/127.0.0.1#5353 +ipset=/.hurgokbayrak.com/gfwlist +server=/.hurriyet.com.tr/127.0.0.1#5353 +ipset=/.hurriyet.com.tr/gfwlist +server=/.hustlercash.com/127.0.0.1#5353 +ipset=/.hustlercash.com/gfwlist +server=/.hut2.ru/127.0.0.1#5353 +ipset=/.hut2.ru/gfwlist +server=/.hutianyi.net/127.0.0.1#5353 +ipset=/.hutianyi.net/gfwlist +server=/.hutong9.net/127.0.0.1#5353 +ipset=/.hutong9.net/gfwlist +server=/.huyandex.com/127.0.0.1#5353 +ipset=/.huyandex.com/gfwlist +server=/.hwadzan.tw/127.0.0.1#5353 +ipset=/.hwadzan.tw/gfwlist +server=/.hwayue.org.tw/127.0.0.1#5353 +ipset=/.hwayue.org.tw/gfwlist +server=/.hwinfo.com/127.0.0.1#5353 +ipset=/.hwinfo.com/gfwlist +server=/.hxwk.org/127.0.0.1#5353 +ipset=/.hxwk.org/gfwlist +server=/.hxwq.org/127.0.0.1#5353 +ipset=/.hxwq.org/gfwlist +server=/.hybrid-analysis.com/127.0.0.1#5353 +ipset=/.hybrid-analysis.com/gfwlist +server=/.hyperrate.com/127.0.0.1#5353 +ipset=/.hyperrate.com/gfwlist +server=/.i-cable.com/127.0.0.1#5353 +ipset=/.i-cable.com/gfwlist +server=/.i-part.com.tw/127.0.0.1#5353 +ipset=/.i-part.com.tw/gfwlist +server=/.i.lithium.com/127.0.0.1#5353 +ipset=/.i.lithium.com/gfwlist +server=/.i.v2ex.com/127.0.0.1#5353 +ipset=/.i.v2ex.com/gfwlist +server=/.i1.hk/127.0.0.1#5353 +ipset=/.i1.hk/gfwlist +server=/.i2p2.de/127.0.0.1#5353 +ipset=/.i2p2.de/gfwlist +server=/.i2runner.com/127.0.0.1#5353 +ipset=/.i2runner.com/gfwlist +server=/.i818hk.com/127.0.0.1#5353 +ipset=/.i818hk.com/gfwlist +server=/.iam.soy/127.0.0.1#5353 +ipset=/.iam.soy/gfwlist +server=/.iamtopone.com/127.0.0.1#5353 +ipset=/.iamtopone.com/gfwlist +server=/.iask.bz/127.0.0.1#5353 +ipset=/.iask.bz/gfwlist +server=/.iask.ca/127.0.0.1#5353 +ipset=/.iask.ca/gfwlist +server=/.iav19.com/127.0.0.1#5353 +ipset=/.iav19.com/gfwlist +server=/.iblist.com/127.0.0.1#5353 +ipset=/.iblist.com/gfwlist +server=/.iblogserv-f.net/127.0.0.1#5353 +ipset=/.iblogserv-f.net/gfwlist +server=/.ibros.org/127.0.0.1#5353 +ipset=/.ibros.org/gfwlist +server=/.ibvpn.com/127.0.0.1#5353 +ipset=/.ibvpn.com/gfwlist +server=/.icams.com/127.0.0.1#5353 +ipset=/.icams.com/gfwlist +server=/.ice.audionow.com/127.0.0.1#5353 +ipset=/.ice.audionow.com/gfwlist +server=/.icij.org/127.0.0.1#5353 +ipset=/.icij.org/gfwlist +server=/.icl-fi.org/127.0.0.1#5353 +ipset=/.icl-fi.org/gfwlist +server=/.icoco.com/127.0.0.1#5353 +ipset=/.icoco.com/gfwlist +server=/.iconpaper.org/127.0.0.1#5353 +ipset=/.iconpaper.org/gfwlist +server=/.icu-project.org/127.0.0.1#5353 +ipset=/.icu-project.org/gfwlist +server=/.id.hao123.com/127.0.0.1#5353 +ipset=/.id.hao123.com/gfwlist +server=/.id.heroku.com/127.0.0.1#5353 +ipset=/.id.heroku.com/gfwlist +server=/.iddddg.com/127.0.0.1#5353 +ipset=/.iddddg.com/gfwlist +server=/.idemocracy.asia/127.0.0.1#5353 +ipset=/.idemocracy.asia/gfwlist +server=/.identi.ca/127.0.0.1#5353 +ipset=/.identi.ca/gfwlist +server=/.idiomconnection.com/127.0.0.1#5353 +ipset=/.idiomconnection.com/gfwlist +server=/.idouga.com/127.0.0.1#5353 +ipset=/.idouga.com/gfwlist +server=/.idreamx.com/127.0.0.1#5353 +ipset=/.idreamx.com/gfwlist +server=/.idv.tw/127.0.0.1#5353 +ipset=/.idv.tw/gfwlist +server=/.ieasy5.com/127.0.0.1#5353 +ipset=/.ieasy5.com/gfwlist +server=/.ied2k.net/127.0.0.1#5353 +ipset=/.ied2k.net/gfwlist +server=/.ienergy1.com/127.0.0.1#5353 +ipset=/.ienergy1.com/gfwlist +server=/.ifan.cz.cc/127.0.0.1#5353 +ipset=/.ifan.cz.cc/gfwlist +server=/.ifanqiang.com/127.0.0.1#5353 +ipset=/.ifanqiang.com/gfwlist +server=/.ifcss.org/127.0.0.1#5353 +ipset=/.ifcss.org/gfwlist +server=/.ifjc.org/127.0.0.1#5353 +ipset=/.ifjc.org/gfwlist +server=/.ifreewares.com/127.0.0.1#5353 +ipset=/.ifreewares.com/gfwlist +server=/.ift.tt/127.0.0.1#5353 +ipset=/.ift.tt/gfwlist +server=/.igcd.net/127.0.0.1#5353 +ipset=/.igcd.net/gfwlist +server=/.igfw.net/127.0.0.1#5353 +ipset=/.igfw.net/gfwlist +server=/.igfw.tech/127.0.0.1#5353 +ipset=/.igfw.tech/gfwlist +server=/.igmg.de/127.0.0.1#5353 +ipset=/.igmg.de/gfwlist +server=/.ignitedetroit.net/127.0.0.1#5353 +ipset=/.ignitedetroit.net/gfwlist +server=/.igoogle.com/127.0.0.1#5353 +ipset=/.igoogle.com/gfwlist +server=/.igotmail.com.tw/127.0.0.1#5353 +ipset=/.igotmail.com.tw/gfwlist +server=/.igvita.com/127.0.0.1#5353 +ipset=/.igvita.com/gfwlist +server=/.ihakka.net/127.0.0.1#5353 +ipset=/.ihakka.net/gfwlist +server=/.iicns.com/127.0.0.1#5353 +ipset=/.iicns.com/gfwlist +server=/.iipdigital.usembassy.gov/127.0.0.1#5353 +ipset=/.iipdigital.usembassy.gov/gfwlist +server=/.ikstar.com/127.0.0.1#5353 +ipset=/.ikstar.com/gfwlist +server=/.ikwb.com/127.0.0.1#5353 +ipset=/.ikwb.com/gfwlist +server=/.illusionfactory.com/127.0.0.1#5353 +ipset=/.illusionfactory.com/gfwlist +server=/.ilove80.be/127.0.0.1#5353 +ipset=/.ilove80.be/gfwlist +server=/.ilovelongtoes.com/127.0.0.1#5353 +ipset=/.ilovelongtoes.com/gfwlist +server=/.im.tv/127.0.0.1#5353 +ipset=/.im.tv/gfwlist +server=/.im88.tw/127.0.0.1#5353 +ipset=/.im88.tw/gfwlist +server=/.imageab.com/127.0.0.1#5353 +ipset=/.imageab.com/gfwlist +server=/.imagefap.com/127.0.0.1#5353 +ipset=/.imagefap.com/gfwlist +server=/.imageflea.com/127.0.0.1#5353 +ipset=/.imageflea.com/gfwlist +server=/.images-gaytube.com/127.0.0.1#5353 +ipset=/.images-gaytube.com/gfwlist +server=/.images.comico.tw/127.0.0.1#5353 +ipset=/.images.comico.tw/gfwlist +server=/.imageshack.us/127.0.0.1#5353 +ipset=/.imageshack.us/gfwlist +server=/.imagevenue.com/127.0.0.1#5353 +ipset=/.imagevenue.com/gfwlist +server=/.imagezilla.net/127.0.0.1#5353 +ipset=/.imagezilla.net/gfwlist +server=/.imb.org/127.0.0.1#5353 +ipset=/.imb.org/gfwlist +server=/.ime.baidu.jp/127.0.0.1#5353 +ipset=/.ime.baidu.jp/gfwlist +server=/.img.ly/127.0.0.1#5353 +ipset=/.img.ly/gfwlist +server=/.imgchili.net/127.0.0.1#5353 +ipset=/.imgchili.net/gfwlist +server=/.imkev.com/127.0.0.1#5353 +ipset=/.imkev.com/gfwlist +server=/.imlive.com/127.0.0.1#5353 +ipset=/.imlive.com/gfwlist +server=/.immigration.gov.tw/127.0.0.1#5353 +ipset=/.immigration.gov.tw/gfwlist +server=/.immoral.jp/127.0.0.1#5353 +ipset=/.immoral.jp/gfwlist +server=/.impact.org.au/127.0.0.1#5353 +ipset=/.impact.org.au/gfwlist +server=/.impp.mn/127.0.0.1#5353 +ipset=/.impp.mn/gfwlist +server=/.in-disguise.com/127.0.0.1#5353 +ipset=/.in-disguise.com/gfwlist +server=/.in99.org/127.0.0.1#5353 +ipset=/.in99.org/gfwlist +server=/.incapdns.net/127.0.0.1#5353 +ipset=/.incapdns.net/gfwlist +server=/.incloak.com/127.0.0.1#5353 +ipset=/.incloak.com/gfwlist +server=/.incredibox.fr/127.0.0.1#5353 +ipset=/.incredibox.fr/gfwlist +server=/.indiandefensenews.in/127.0.0.1#5353 +ipset=/.indiandefensenews.in/gfwlist +server=/.indiemerch.com/127.0.0.1#5353 +ipset=/.indiemerch.com/gfwlist +server=/.iner.gov.tw/127.0.0.1#5353 +ipset=/.iner.gov.tw/gfwlist +server=/.info-graf.fr/127.0.0.1#5353 +ipset=/.info-graf.fr/gfwlist +server=/.initiativesforchina.org/127.0.0.1#5353 +ipset=/.initiativesforchina.org/gfwlist +server=/.inkui.com/127.0.0.1#5353 +ipset=/.inkui.com/gfwlist +server=/.inmediahk.net/127.0.0.1#5353 +ipset=/.inmediahk.net/gfwlist +server=/.innermongolia.org/127.0.0.1#5353 +ipset=/.innermongolia.org/gfwlist +server=/.inote.tw/127.0.0.1#5353 +ipset=/.inote.tw/gfwlist +server=/.insecam.org/127.0.0.1#5353 +ipset=/.insecam.org/gfwlist +server=/.insidevoa.com/127.0.0.1#5353 +ipset=/.insidevoa.com/gfwlist +server=/.instagram.com/127.0.0.1#5353 +ipset=/.instagram.com/gfwlist +server=/.instanthq.com/127.0.0.1#5353 +ipset=/.instanthq.com/gfwlist +server=/.institut-tibetain.org/127.0.0.1#5353 +ipset=/.institut-tibetain.org/gfwlist +server=/.internetdefenseleague.org/127.0.0.1#5353 +ipset=/.internetdefenseleague.org/gfwlist +server=/.internetfreedom.org/127.0.0.1#5353 +ipset=/.internetfreedom.org/gfwlist +server=/.internetpopculture.com/127.0.0.1#5353 +ipset=/.internetpopculture.com/gfwlist +server=/.investigating.wordpress.com/127.0.0.1#5353 +ipset=/.investigating.wordpress.com/gfwlist +server=/.inxian.com/127.0.0.1#5353 +ipset=/.inxian.com/gfwlist +server=/.iownyour.biz/127.0.0.1#5353 +ipset=/.iownyour.biz/gfwlist +server=/.iownyour.org/127.0.0.1#5353 +ipset=/.iownyour.org/gfwlist +server=/.ip.cn/127.0.0.1#5353 +ipset=/.ip.cn/gfwlist +server=/.ip6.static.sl-reverse.com/127.0.0.1#5353 +ipset=/.ip6.static.sl-reverse.com/gfwlist +server=/.ipalter.com/127.0.0.1#5353 +ipset=/.ipalter.com/gfwlist +server=/.ipfire.org/127.0.0.1#5353 +ipset=/.ipfire.org/gfwlist +server=/.ipfs.io/127.0.0.1#5353 +ipset=/.ipfs.io/gfwlist +server=/.iphone4hongkong.com/127.0.0.1#5353 +ipset=/.iphone4hongkong.com/gfwlist +server=/.iphonehacks.com/127.0.0.1#5353 +ipset=/.iphonehacks.com/gfwlist +server=/.iphonetaiwan.org/127.0.0.1#5353 +ipset=/.iphonetaiwan.org/gfwlist +server=/.iphonix.fr/127.0.0.1#5353 +ipset=/.iphonix.fr/gfwlist +server=/.ipicture.ru/127.0.0.1#5353 +ipset=/.ipicture.ru/gfwlist +server=/.ipjetable.net/127.0.0.1#5353 +ipset=/.ipjetable.net/gfwlist +server=/.iportal.me/127.0.0.1#5353 +ipset=/.iportal.me/gfwlist +server=/.ippotv.com/127.0.0.1#5353 +ipset=/.ippotv.com/gfwlist +server=/.ipredator.se/127.0.0.1#5353 +ipset=/.ipredator.se/gfwlist +server=/.iptv.com.tw/127.0.0.1#5353 +ipset=/.iptv.com.tw/gfwlist +server=/.iptvbin.com/127.0.0.1#5353 +ipset=/.iptvbin.com/gfwlist +server=/.ipvanish.com/127.0.0.1#5353 +ipset=/.ipvanish.com/gfwlist +server=/.iredmail.org/127.0.0.1#5353 +ipset=/.iredmail.org/gfwlist +server=/.ironbigfools.compython.net/127.0.0.1#5353 +ipset=/.ironbigfools.compython.net/gfwlist +server=/.ironpython.net/127.0.0.1#5353 +ipset=/.ironpython.net/gfwlist +server=/.ironsocket.com/127.0.0.1#5353 +ipset=/.ironsocket.com/gfwlist +server=/.is-a-hunter.com/127.0.0.1#5353 +ipset=/.is-a-hunter.com/gfwlist +server=/.is.gd/127.0.0.1#5353 +ipset=/.is.gd/gfwlist +server=/.isaacmao.com/127.0.0.1#5353 +ipset=/.isaacmao.com/gfwlist +server=/.isasecret.com/127.0.0.1#5353 +ipset=/.isasecret.com/gfwlist +server=/.isgreat.org/127.0.0.1#5353 +ipset=/.isgreat.org/gfwlist +server=/.islahhaber.net/127.0.0.1#5353 +ipset=/.islahhaber.net/gfwlist +server=/.islam.org.hk/127.0.0.1#5353 +ipset=/.islam.org.hk/gfwlist +server=/.islamhouse.com/127.0.0.1#5353 +ipset=/.islamhouse.com/gfwlist +server=/.islamicity.com/127.0.0.1#5353 +ipset=/.islamicity.com/gfwlist +server=/.islamicpluralism.org/127.0.0.1#5353 +ipset=/.islamicpluralism.org/gfwlist +server=/.islamtoday.net/127.0.0.1#5353 +ipset=/.islamtoday.net/gfwlist +server=/.ismaelan.com/127.0.0.1#5353 +ipset=/.ismaelan.com/gfwlist +server=/.ismalltits.com/127.0.0.1#5353 +ipset=/.ismalltits.com/gfwlist +server=/.ismprofessional.net/127.0.0.1#5353 +ipset=/.ismprofessional.net/gfwlist +server=/.isohunt.com/127.0.0.1#5353 +ipset=/.isohunt.com/gfwlist +server=/.israbox.com/127.0.0.1#5353 +ipset=/.israbox.com/gfwlist +server=/.issuu.com/127.0.0.1#5353 +ipset=/.issuu.com/gfwlist +server=/.istars.co.nz/127.0.0.1#5353 +ipset=/.istars.co.nz/gfwlist +server=/.istiqlalhewer.com/127.0.0.1#5353 +ipset=/.istiqlalhewer.com/gfwlist +server=/.istockphoto.com/127.0.0.1#5353 +ipset=/.istockphoto.com/gfwlist +server=/.isunaffairs.com/127.0.0.1#5353 +ipset=/.isunaffairs.com/gfwlist +server=/.isuntv.com/127.0.0.1#5353 +ipset=/.isuntv.com/gfwlist +server=/.itaboo.info/127.0.0.1#5353 +ipset=/.itaboo.info/gfwlist +server=/.itaiwan.gov.tw/127.0.0.1#5353 +ipset=/.itaiwan.gov.tw/gfwlist +server=/.italiatibet.org/127.0.0.1#5353 +ipset=/.italiatibet.org/gfwlist +server=/.itasoftware.com/127.0.0.1#5353 +ipset=/.itasoftware.com/gfwlist +server=/.itemdb.com/127.0.0.1#5353 +ipset=/.itemdb.com/gfwlist +server=/.ithelp.ithome.com.tw/127.0.0.1#5353 +ipset=/.ithelp.ithome.com.tw/gfwlist +server=/.itsaol.com/127.0.0.1#5353 +ipset=/.itsaol.com/gfwlist +server=/.itshidden.com/127.0.0.1#5353 +ipset=/.itshidden.com/gfwlist +server=/.itsky.it/127.0.0.1#5353 +ipset=/.itsky.it/gfwlist +server=/.itweet.net/127.0.0.1#5353 +ipset=/.itweet.net/gfwlist +server=/.iu45.com/127.0.0.1#5353 +ipset=/.iu45.com/gfwlist +server=/.iuhrdf.org/127.0.0.1#5353 +ipset=/.iuhrdf.org/gfwlist +server=/.iuksky.com/127.0.0.1#5353 +ipset=/.iuksky.com/gfwlist +server=/.ivacy.com/127.0.0.1#5353 +ipset=/.ivacy.com/gfwlist +server=/.iverycd.com/127.0.0.1#5353 +ipset=/.iverycd.com/gfwlist +server=/.ivpn.net/127.0.0.1#5353 +ipset=/.ivpn.net/gfwlist +server=/.ixquick.com/127.0.0.1#5353 +ipset=/.ixquick.com/gfwlist +server=/.ixxx.com/127.0.0.1#5353 +ipset=/.ixxx.com/gfwlist +server=/.iyouport.com/127.0.0.1#5353 +ipset=/.iyouport.com/gfwlist +server=/.izaobao.us/127.0.0.1#5353 +ipset=/.izaobao.us/gfwlist +server=/.izles.net/127.0.0.1#5353 +ipset=/.izles.net/gfwlist +server=/.izlesem.org/127.0.0.1#5353 +ipset=/.izlesem.org/gfwlist +server=/.j.mp/127.0.0.1#5353 +ipset=/.j.mp/gfwlist +server=/.ja.wikipedia.org/127.0.0.1#5353 +ipset=/.ja.wikipedia.org/gfwlist +server=/.jamaat.org/127.0.0.1#5353 +ipset=/.jamaat.org/gfwlist +server=/.jamyangnorbu.com/127.0.0.1#5353 +ipset=/.jamyangnorbu.com/gfwlist +server=/.jandyx.com/127.0.0.1#5353 +ipset=/.jandyx.com/gfwlist +server=/.janwongphoto.com/127.0.0.1#5353 +ipset=/.janwongphoto.com/gfwlist +server=/.japan-whores.com/127.0.0.1#5353 +ipset=/.japan-whores.com/gfwlist +server=/.japantimes.co.jp/127.0.0.1#5353 +ipset=/.japantimes.co.jp/gfwlist +server=/.jav.com/127.0.0.1#5353 +ipset=/.jav.com/gfwlist +server=/.jav101.com/127.0.0.1#5353 +ipset=/.jav101.com/gfwlist +server=/.jav2be.com/127.0.0.1#5353 +ipset=/.jav2be.com/gfwlist +server=/.jav68.tv/127.0.0.1#5353 +ipset=/.jav68.tv/gfwlist +server=/.javakiba.org/127.0.0.1#5353 +ipset=/.javakiba.org/gfwlist +server=/.javbus.com/127.0.0.1#5353 +ipset=/.javbus.com/gfwlist +server=/.javfor.me/127.0.0.1#5353 +ipset=/.javfor.me/gfwlist +server=/.javhd.com/127.0.0.1#5353 +ipset=/.javhd.com/gfwlist +server=/.javhip.com/127.0.0.1#5353 +ipset=/.javhip.com/gfwlist +server=/.javhub.net/127.0.0.1#5353 +ipset=/.javhub.net/gfwlist +server=/.javhuge.com/127.0.0.1#5353 +ipset=/.javhuge.com/gfwlist +server=/.javlibrary.com/127.0.0.1#5353 +ipset=/.javlibrary.com/gfwlist +server=/.javmobile.net/127.0.0.1#5353 +ipset=/.javmobile.net/gfwlist +server=/.javmoo.com/127.0.0.1#5353 +ipset=/.javmoo.com/gfwlist +server=/.javmoo.xyz/127.0.0.1#5353 +ipset=/.javmoo.xyz/gfwlist +server=/.javseen.com/127.0.0.1#5353 +ipset=/.javseen.com/gfwlist +server=/.javtag.com/127.0.0.1#5353 +ipset=/.javtag.com/gfwlist +server=/.javzoo.com/127.0.0.1#5353 +ipset=/.javzoo.com/gfwlist +server=/.jbtalks.cc/127.0.0.1#5353 +ipset=/.jbtalks.cc/gfwlist +server=/.jbtalks.com/127.0.0.1#5353 +ipset=/.jbtalks.com/gfwlist +server=/.jbtalks.my/127.0.0.1#5353 +ipset=/.jbtalks.my/gfwlist +server=/.jcpenney.com/127.0.0.1#5353 +ipset=/.jcpenney.com/gfwlist +server=/.jdwsy.com/127.0.0.1#5353 +ipset=/.jdwsy.com/gfwlist +server=/.jeanyim.com/127.0.0.1#5353 +ipset=/.jeanyim.com/gfwlist +server=/.jetos.com/127.0.0.1#5353 +ipset=/.jetos.com/gfwlist +server=/.jex.com/127.0.0.1#5353 +ipset=/.jex.com/gfwlist +server=/.jfqu36.club/127.0.0.1#5353 +ipset=/.jfqu36.club/gfwlist +server=/.jfqu37.xyz/127.0.0.1#5353 +ipset=/.jfqu37.xyz/gfwlist +server=/.jgoodies.com/127.0.0.1#5353 +ipset=/.jgoodies.com/gfwlist +server=/.jiangweiping.com/127.0.0.1#5353 +ipset=/.jiangweiping.com/gfwlist +server=/.jiaoyou8.com/127.0.0.1#5353 +ipset=/.jiaoyou8.com/gfwlist +server=/.jiehua.cz/127.0.0.1#5353 +ipset=/.jiehua.cz/gfwlist +server=/.jieshibaobao.com/127.0.0.1#5353 +ipset=/.jieshibaobao.com/gfwlist +server=/.jigglegifs.com/127.0.0.1#5353 +ipset=/.jigglegifs.com/gfwlist +server=/.jigong1024.com/127.0.0.1#5353 +ipset=/.jigong1024.com/gfwlist +server=/.jihadintel.meforum.org/127.0.0.1#5353 +ipset=/.jihadintel.meforum.org/gfwlist +server=/.jihadology.net/127.0.0.1#5353 +ipset=/.jihadology.net/gfwlist +server=/.jiji.com/127.0.0.1#5353 +ipset=/.jiji.com/gfwlist +server=/.jike.com/127.0.0.1#5353 +ipset=/.jike.com/gfwlist +server=/.jims.net/127.0.0.1#5353 +ipset=/.jims.net/gfwlist +server=/.jinbushe.org/127.0.0.1#5353 +ipset=/.jinbushe.org/gfwlist +server=/.jingpin.org/127.0.0.1#5353 +ipset=/.jingpin.org/gfwlist +server=/.jingsim.org/127.0.0.1#5353 +ipset=/.jingsim.org/gfwlist +server=/.jinpianwang.com/127.0.0.1#5353 +ipset=/.jinpianwang.com/gfwlist +server=/.jinroukong.com/127.0.0.1#5353 +ipset=/.jinroukong.com/gfwlist +server=/.jinx.com/127.0.0.1#5353 +ipset=/.jinx.com/gfwlist +server=/.jitouch.com/127.0.0.1#5353 +ipset=/.jitouch.com/gfwlist +server=/.jizzthis.com/127.0.0.1#5353 +ipset=/.jizzthis.com/gfwlist +server=/.jjgirls.com/127.0.0.1#5353 +ipset=/.jjgirls.com/gfwlist +server=/.jkb.cc/127.0.0.1#5353 +ipset=/.jkb.cc/gfwlist +server=/.jkforum.net/127.0.0.1#5353 +ipset=/.jkforum.net/gfwlist +server=/.jkub.com/127.0.0.1#5353 +ipset=/.jkub.com/gfwlist +server=/.jma.go.jp/127.0.0.1#5353 +ipset=/.jma.go.jp/gfwlist +server=/.jmscult.com/127.0.0.1#5353 +ipset=/.jmscult.com/gfwlist +server=/.joachims.org/127.0.0.1#5353 +ipset=/.joachims.org/gfwlist +server=/.jobnewera.wordpress.com/127.0.0.1#5353 +ipset=/.jobnewera.wordpress.com/gfwlist +server=/.jobso.tv/127.0.0.1#5353 +ipset=/.jobso.tv/gfwlist +server=/.journalchretien.net/127.0.0.1#5353 +ipset=/.journalchretien.net/gfwlist +server=/.journalofdemocracy.org/127.0.0.1#5353 +ipset=/.journalofdemocracy.org/gfwlist +server=/.joymiihub.com/127.0.0.1#5353 +ipset=/.joymiihub.com/gfwlist +server=/.joyourself.com/127.0.0.1#5353 +ipset=/.joyourself.com/gfwlist +server=/.jp.hao123.com/127.0.0.1#5353 +ipset=/.jp.hao123.com/gfwlist +server=/.jpl.nasa.gov/127.0.0.1#5353 +ipset=/.jpl.nasa.gov/gfwlist +server=/.jpopforum.net/127.0.0.1#5353 +ipset=/.jpopforum.net/gfwlist +server=/.jpush.cn/127.0.0.1#5353 +ipset=/.jpush.cn/gfwlist +server=/.jubushoushen.com/127.0.0.1#5353 +ipset=/.jubushoushen.com/gfwlist +server=/.juhuaren.com/127.0.0.1#5353 +ipset=/.juhuaren.com/gfwlist +server=/.jukujo-club.com/127.0.0.1#5353 +ipset=/.jukujo-club.com/gfwlist +server=/.juliepost.com/127.0.0.1#5353 +ipset=/.juliepost.com/gfwlist +server=/.juliereyc.com/127.0.0.1#5353 +ipset=/.juliereyc.com/gfwlist +server=/.junauza.com/127.0.0.1#5353 +ipset=/.junauza.com/gfwlist +server=/.june4commemoration.org/127.0.0.1#5353 +ipset=/.june4commemoration.org/gfwlist +server=/.junefourth-20.net/127.0.0.1#5353 +ipset=/.junefourth-20.net/gfwlist +server=/.jungleheart.com/127.0.0.1#5353 +ipset=/.jungleheart.com/gfwlist +server=/.juoaa.com/127.0.0.1#5353 +ipset=/.juoaa.com/gfwlist +server=/.justdied.com/127.0.0.1#5353 +ipset=/.justdied.com/gfwlist +server=/.justfreevpn.com/127.0.0.1#5353 +ipset=/.justfreevpn.com/gfwlist +server=/.justicefortenzin.org/127.0.0.1#5353 +ipset=/.justicefortenzin.org/gfwlist +server=/.justpaste.it/127.0.0.1#5353 +ipset=/.justpaste.it/gfwlist +server=/.justtristan.com/127.0.0.1#5353 +ipset=/.justtristan.com/gfwlist +server=/.juyuange.org/127.0.0.1#5353 +ipset=/.juyuange.org/gfwlist +server=/.juziyue.com/127.0.0.1#5353 +ipset=/.juziyue.com/gfwlist +server=/.jwmusic.org/127.0.0.1#5353 +ipset=/.jwmusic.org/gfwlist +server=/.jyxf.net/127.0.0.1#5353 +ipset=/.jyxf.net/gfwlist +server=/.k-doujin.net/127.0.0.1#5353 +ipset=/.k-doujin.net/gfwlist +server=/.ka-wai.com/127.0.0.1#5353 +ipset=/.ka-wai.com/gfwlist +server=/.kagyu.org/127.0.0.1#5353 +ipset=/.kagyu.org/gfwlist +server=/.kagyumonlam.org/127.0.0.1#5353 +ipset=/.kagyumonlam.org/gfwlist +server=/.kagyunews.com.hk/127.0.0.1#5353 +ipset=/.kagyunews.com.hk/gfwlist +server=/.kagyuoffice.org/127.0.0.1#5353 +ipset=/.kagyuoffice.org/gfwlist +server=/.kaiyuan.de/127.0.0.1#5353 +ipset=/.kaiyuan.de/gfwlist +server=/.kakao.com/127.0.0.1#5353 +ipset=/.kakao.com/gfwlist +server=/.kalachakralugano.org/127.0.0.1#5353 +ipset=/.kalachakralugano.org/gfwlist +server=/.kankan.today/127.0.0.1#5353 +ipset=/.kankan.today/gfwlist +server=/.kannewyork.com/127.0.0.1#5353 +ipset=/.kannewyork.com/gfwlist +server=/.kanshifang.com/127.0.0.1#5353 +ipset=/.kanshifang.com/gfwlist +server=/.kantie.org/127.0.0.1#5353 +ipset=/.kantie.org/gfwlist +server=/.kanzhongguo.com/127.0.0.1#5353 +ipset=/.kanzhongguo.com/gfwlist +server=/.kanzhongguo.eu/127.0.0.1#5353 +ipset=/.kanzhongguo.eu/gfwlist +server=/.kaotic.com/127.0.0.1#5353 +ipset=/.kaotic.com/gfwlist +server=/.karayou.com/127.0.0.1#5353 +ipset=/.karayou.com/gfwlist +server=/.karkhung.com/127.0.0.1#5353 +ipset=/.karkhung.com/gfwlist +server=/.karmapa-teachings.org/127.0.0.1#5353 +ipset=/.karmapa-teachings.org/gfwlist +server=/.karmapa.org/127.0.0.1#5353 +ipset=/.karmapa.org/gfwlist +server=/.kawaiikawaii.jp/127.0.0.1#5353 +ipset=/.kawaiikawaii.jp/gfwlist +server=/.kawase.com/127.0.0.1#5353 +ipset=/.kawase.com/gfwlist +server=/.kb.monitorware.com/127.0.0.1#5353 +ipset=/.kb.monitorware.com/gfwlist +server=/.kba-tx.org/127.0.0.1#5353 +ipset=/.kba-tx.org/gfwlist +server=/.kcoolonline.com/127.0.0.1#5353 +ipset=/.kcoolonline.com/gfwlist +server=/.kebrum.com/127.0.0.1#5353 +ipset=/.kebrum.com/gfwlist +server=/.kechara.com/127.0.0.1#5353 +ipset=/.kechara.com/gfwlist +server=/.keezmovies.com/127.0.0.1#5353 +ipset=/.keezmovies.com/gfwlist +server=/.kendatire.com/127.0.0.1#5353 +ipset=/.kendatire.com/gfwlist +server=/.kendincos.net/127.0.0.1#5353 +ipset=/.kendincos.net/gfwlist +server=/.kenengba.com/127.0.0.1#5353 +ipset=/.kenengba.com/gfwlist +server=/.keontech.net/127.0.0.1#5353 +ipset=/.keontech.net/gfwlist +server=/.kepard.com/127.0.0.1#5353 +ipset=/.kepard.com/gfwlist +server=/.kex.com/127.0.0.1#5353 +ipset=/.kex.com/gfwlist +server=/.keycdn.com/127.0.0.1#5353 +ipset=/.keycdn.com/gfwlist +server=/.kh.google.com/127.0.0.1#5353 +ipset=/.kh.google.com/gfwlist +server=/.khabdha.org/127.0.0.1#5353 +ipset=/.khabdha.org/gfwlist +server=/.khatrimaza.org/127.0.0.1#5353 +ipset=/.khatrimaza.org/gfwlist +server=/.khm.google.com/127.0.0.1#5353 +ipset=/.khm.google.com/gfwlist +server=/.khm.googleapis.com/127.0.0.1#5353 +ipset=/.khm.googleapis.com/gfwlist +server=/.khm0.google.com/127.0.0.1#5353 +ipset=/.khm0.google.com/gfwlist +server=/.khm0.googleapis.com/127.0.0.1#5353 +ipset=/.khm0.googleapis.com/gfwlist +server=/.khm1.google.com/127.0.0.1#5353 +ipset=/.khm1.google.com/gfwlist +server=/.khm1.googleapis.com/127.0.0.1#5353 +ipset=/.khm1.googleapis.com/gfwlist +server=/.khm2.google.com/127.0.0.1#5353 +ipset=/.khm2.google.com/gfwlist +server=/.khm2.googleapis.com/127.0.0.1#5353 +ipset=/.khm2.googleapis.com/gfwlist +server=/.khm3.google.com/127.0.0.1#5353 +ipset=/.khm3.google.com/gfwlist +server=/.khm3.googleapis.com/127.0.0.1#5353 +ipset=/.khm3.googleapis.com/gfwlist +server=/.khmdb.google.com/127.0.0.1#5353 +ipset=/.khmdb.google.com/gfwlist +server=/.khmdb.googleapis.com/127.0.0.1#5353 +ipset=/.khmdb.googleapis.com/gfwlist +server=/.khmusic.com.tw/127.0.0.1#5353 +ipset=/.khmusic.com.tw/gfwlist +server=/.kichiku-doujinko.com/127.0.0.1#5353 +ipset=/.kichiku-doujinko.com/gfwlist +server=/.kik.com/127.0.0.1#5353 +ipset=/.kik.com/gfwlist +server=/.killwall.com/127.0.0.1#5353 +ipset=/.killwall.com/gfwlist +server=/.kindleren.com/127.0.0.1#5353 +ipset=/.kindleren.com/gfwlist +server=/.kineox.free.fr/127.0.0.1#5353 +ipset=/.kineox.free.fr/gfwlist +server=/.kingdomsalvation.org/127.0.0.1#5353 +ipset=/.kingdomsalvation.org/gfwlist +server=/.kinghost.com/127.0.0.1#5353 +ipset=/.kinghost.com/gfwlist +server=/.kingstone.com.tw/127.0.0.1#5353 +ipset=/.kingstone.com.tw/gfwlist +server=/.kink.com/127.0.0.1#5353 +ipset=/.kink.com/gfwlist +server=/.kinmen.org.tw/127.0.0.1#5353 +ipset=/.kinmen.org.tw/gfwlist +server=/.kinmen.travel/127.0.0.1#5353 +ipset=/.kinmen.travel/gfwlist +server=/.kir.jp/127.0.0.1#5353 +ipset=/.kir.jp/gfwlist +server=/.kissbbao.cn/127.0.0.1#5353 +ipset=/.kissbbao.cn/gfwlist +server=/.kiwi.kz/127.0.0.1#5353 +ipset=/.kiwi.kz/gfwlist +server=/.kk-whys.co.jp/127.0.0.1#5353 +ipset=/.kk-whys.co.jp/gfwlist +server=/.kkbox.com/127.0.0.1#5353 +ipset=/.kkbox.com/gfwlist +server=/.kknews.cc/127.0.0.1#5353 +ipset=/.kknews.cc/gfwlist +server=/.klsio.gov.tw/127.0.0.1#5353 +ipset=/.klsio.gov.tw/gfwlist +server=/.kmseh.gov.tw/127.0.0.1#5353 +ipset=/.kmseh.gov.tw/gfwlist +server=/.kmuh.org.tw/127.0.0.1#5353 +ipset=/.kmuh.org.tw/gfwlist +server=/.kobo.com/127.0.0.1#5353 +ipset=/.kobo.com/gfwlist +server=/.kobobooks.com/127.0.0.1#5353 +ipset=/.kobobooks.com/gfwlist +server=/.kodingen.com/127.0.0.1#5353 +ipset=/.kodingen.com/gfwlist +server=/.kompozer.net/127.0.0.1#5353 +ipset=/.kompozer.net/gfwlist +server=/.konachan.com/127.0.0.1#5353 +ipset=/.konachan.com/gfwlist +server=/.kone.com/127.0.0.1#5353 +ipset=/.kone.com/gfwlist +server=/.koolsolutions.com/127.0.0.1#5353 +ipset=/.koolsolutions.com/gfwlist +server=/.koornk.com/127.0.0.1#5353 +ipset=/.koornk.com/gfwlist +server=/.koranmandarin.com/127.0.0.1#5353 +ipset=/.koranmandarin.com/gfwlist +server=/.korenan2.com/127.0.0.1#5353 +ipset=/.korenan2.com/gfwlist +server=/.ksdl.org/127.0.0.1#5353 +ipset=/.ksdl.org/gfwlist +server=/.ksnews.com.tw/127.0.0.1#5353 +ipset=/.ksnews.com.tw/gfwlist +server=/.kspcoin.com/127.0.0.1#5353 +ipset=/.kspcoin.com/gfwlist +server=/.ktzhk.com/127.0.0.1#5353 +ipset=/.ktzhk.com/gfwlist +server=/.kucoin.com/127.0.0.1#5353 +ipset=/.kucoin.com/gfwlist +server=/.kun.im/127.0.0.1#5353 +ipset=/.kun.im/gfwlist +server=/.kurashsultan.com/127.0.0.1#5353 +ipset=/.kurashsultan.com/gfwlist +server=/.kurtmunger.com/127.0.0.1#5353 +ipset=/.kurtmunger.com/gfwlist +server=/.kusocity.com/127.0.0.1#5353 +ipset=/.kusocity.com/gfwlist +server=/.kwcg.ca/127.0.0.1#5353 +ipset=/.kwcg.ca/gfwlist +server=/.kwongwah.com.my/127.0.0.1#5353 +ipset=/.kwongwah.com.my/gfwlist +server=/.kxsw.life/127.0.0.1#5353 +ipset=/.kxsw.life/gfwlist +server=/.kyofun.com/127.0.0.1#5353 +ipset=/.kyofun.com/gfwlist +server=/.kyohk.net/127.0.0.1#5353 +ipset=/.kyohk.net/gfwlist +server=/.kyoyue.com/127.0.0.1#5353 +ipset=/.kyoyue.com/gfwlist +server=/.kyzyhello.com/127.0.0.1#5353 +ipset=/.kyzyhello.com/gfwlist +server=/.kzeng.info/127.0.0.1#5353 +ipset=/.kzeng.info/gfwlist +server=/.la-forum.org/127.0.0.1#5353 +ipset=/.la-forum.org/gfwlist +server=/.labiennale.org/127.0.0.1#5353 +ipset=/.labiennale.org/gfwlist +server=/.ladbrokes.com/127.0.0.1#5353 +ipset=/.ladbrokes.com/gfwlist +server=/.lagranepoca.com/127.0.0.1#5353 +ipset=/.lagranepoca.com/gfwlist +server=/.lalulalu.com/127.0.0.1#5353 +ipset=/.lalulalu.com/gfwlist +server=/.lama.com.tw/127.0.0.1#5353 +ipset=/.lama.com.tw/gfwlist +server=/.lamayeshe.com/127.0.0.1#5353 +ipset=/.lamayeshe.com/gfwlist +server=/.lamnia.co.uk/127.0.0.1#5353 +ipset=/.lamnia.co.uk/gfwlist +server=/.lamrim.com/127.0.0.1#5353 +ipset=/.lamrim.com/gfwlist +server=/.lanterncn.cn/127.0.0.1#5353 +ipset=/.lanterncn.cn/gfwlist +server=/.lantosfoundation.org/127.0.0.1#5353 +ipset=/.lantosfoundation.org/gfwlist +server=/.laod.cn/127.0.0.1#5353 +ipset=/.laod.cn/gfwlist +server=/.laogai.org/127.0.0.1#5353 +ipset=/.laogai.org/gfwlist +server=/.laomiu.com/127.0.0.1#5353 +ipset=/.laomiu.com/gfwlist +server=/.laoyang.info/127.0.0.1#5353 +ipset=/.laoyang.info/gfwlist +server=/.laptoplockdown.com/127.0.0.1#5353 +ipset=/.laptoplockdown.com/gfwlist +server=/.laqingdan.net/127.0.0.1#5353 +ipset=/.laqingdan.net/gfwlist +server=/.larsgeorge.com/127.0.0.1#5353 +ipset=/.larsgeorge.com/gfwlist +server=/.lastcombat.com/127.0.0.1#5353 +ipset=/.lastcombat.com/gfwlist +server=/.lastfm.es/127.0.0.1#5353 +ipset=/.lastfm.es/gfwlist +server=/.latelinenews.com/127.0.0.1#5353 +ipset=/.latelinenews.com/gfwlist +server=/.latibet.org/127.0.0.1#5353 +ipset=/.latibet.org/gfwlist +server=/.lax.v2ex.com/127.0.0.1#5353 +ipset=/.lax.v2ex.com/gfwlist +server=/.lbank.info/127.0.0.1#5353 +ipset=/.lbank.info/gfwlist +server=/.ld.hao123img.com/127.0.0.1#5353 +ipset=/.ld.hao123img.com/gfwlist +server=/.le-vpn.com/127.0.0.1#5353 +ipset=/.le-vpn.com/gfwlist +server=/.leafyvpn.net/127.0.0.1#5353 +ipset=/.leafyvpn.net/gfwlist +server=/.lecloud.net/127.0.0.1#5353 +ipset=/.lecloud.net/gfwlist +server=/.lefora.com/127.0.0.1#5353 +ipset=/.lefora.com/gfwlist +server=/.left21.hk/127.0.0.1#5353 +ipset=/.left21.hk/gfwlist +server=/.legalporno.com/127.0.0.1#5353 +ipset=/.legalporno.com/gfwlist +server=/.legaltech.law.com/127.0.0.1#5353 +ipset=/.legaltech.law.com/gfwlist +server=/.legsjapan.com/127.0.0.1#5353 +ipset=/.legsjapan.com/gfwlist +server=/.leirentv.ca/127.0.0.1#5353 +ipset=/.leirentv.ca/gfwlist +server=/.leisurecafe.ca/127.0.0.1#5353 +ipset=/.leisurecafe.ca/gfwlist +server=/.leisurepro.com/127.0.0.1#5353 +ipset=/.leisurepro.com/gfwlist +server=/.lematin.ch/127.0.0.1#5353 +ipset=/.lematin.ch/gfwlist +server=/.lemonde.fr/127.0.0.1#5353 +ipset=/.lemonde.fr/gfwlist +server=/.lenwhite.com/127.0.0.1#5353 +ipset=/.lenwhite.com/gfwlist +server=/.lerosua.org/127.0.0.1#5353 +ipset=/.lerosua.org/gfwlist +server=/.lers.google/127.0.0.1#5353 +ipset=/.lers.google/gfwlist +server=/.lesoir.be/127.0.0.1#5353 +ipset=/.lesoir.be/gfwlist +server=/.letou.com/127.0.0.1#5353 +ipset=/.letou.com/gfwlist +server=/.letscorp.net/127.0.0.1#5353 +ipset=/.letscorp.net/gfwlist +server=/.lflink.com/127.0.0.1#5353 +ipset=/.lflink.com/gfwlist +server=/.lflinkup.com/127.0.0.1#5353 +ipset=/.lflinkup.com/gfwlist +server=/.lflinkup.net/127.0.0.1#5353 +ipset=/.lflinkup.net/gfwlist +server=/.lflinkup.org/127.0.0.1#5353 +ipset=/.lflinkup.org/gfwlist +server=/.lhakar.org/127.0.0.1#5353 +ipset=/.lhakar.org/gfwlist +server=/.lhasocialwork.org/127.0.0.1#5353 +ipset=/.lhasocialwork.org/gfwlist +server=/.liangyou.net/127.0.0.1#5353 +ipset=/.liangyou.net/gfwlist +server=/.lianyue.net/127.0.0.1#5353 +ipset=/.lianyue.net/gfwlist +server=/.liaowangxizang.net/127.0.0.1#5353 +ipset=/.liaowangxizang.net/gfwlist +server=/.liberal.org.hk/127.0.0.1#5353 +ipset=/.liberal.org.hk/gfwlist +server=/.libertytimes.com.tw/127.0.0.1#5353 +ipset=/.libertytimes.com.tw/gfwlist +server=/.lifemiles.com/127.0.0.1#5353 +ipset=/.lifemiles.com/gfwlist +server=/.lighten.org.tw/127.0.0.1#5353 +ipset=/.lighten.org.tw/gfwlist +server=/.lightnovel.cn/127.0.0.1#5353 +ipset=/.lightnovel.cn/gfwlist +server=/.like.com/127.0.0.1#5353 +ipset=/.like.com/gfwlist +server=/.limiao.net/127.0.0.1#5353 +ipset=/.limiao.net/gfwlist +server=/.line-apps.com/127.0.0.1#5353 +ipset=/.line-apps.com/gfwlist +server=/.line-scdn.net/127.0.0.1#5353 +ipset=/.line-scdn.net/gfwlist +server=/.line.me/127.0.0.1#5353 +ipset=/.line.me/gfwlist +server=/.line.naver.jp/127.0.0.1#5353 +ipset=/.line.naver.jp/gfwlist +server=/.linear-abematv.akamaized.net/127.0.0.1#5353 +ipset=/.linear-abematv.akamaized.net/gfwlist +server=/.linglingfa.com/127.0.0.1#5353 +ipset=/.linglingfa.com/gfwlist +server=/.lingvodics.com/127.0.0.1#5353 +ipset=/.lingvodics.com/gfwlist +server=/.link-o-rama.com/127.0.0.1#5353 +ipset=/.link-o-rama.com/gfwlist +server=/.linkideo.com/127.0.0.1#5353 +ipset=/.linkideo.com/gfwlist +server=/.linkuswell.com/127.0.0.1#5353 +ipset=/.linkuswell.com/gfwlist +server=/.linux.org.hk/127.0.0.1#5353 +ipset=/.linux.org.hk/gfwlist +server=/.lionsroar.com/127.0.0.1#5353 +ipset=/.lionsroar.com/gfwlist +server=/.lipuman.com/127.0.0.1#5353 +ipset=/.lipuman.com/gfwlist +server=/.liquidvpn.com/127.0.0.1#5353 +ipset=/.liquidvpn.com/gfwlist +server=/.listentoyoutube.com/127.0.0.1#5353 +ipset=/.listentoyoutube.com/gfwlist +server=/.listorious.com/127.0.0.1#5353 +ipset=/.listorious.com/gfwlist +server=/.liu-xiaobo.org/127.0.0.1#5353 +ipset=/.liu-xiaobo.org/gfwlist +server=/.liudejun.com/127.0.0.1#5353 +ipset=/.liudejun.com/gfwlist +server=/.liuhanyu.com/127.0.0.1#5353 +ipset=/.liuhanyu.com/gfwlist +server=/.liujianshu.com/127.0.0.1#5353 +ipset=/.liujianshu.com/gfwlist +server=/.liuxiaobo.net/127.0.0.1#5353 +ipset=/.liuxiaobo.net/gfwlist +server=/.liuxiaotong.com/127.0.0.1#5353 +ipset=/.liuxiaotong.com/gfwlist +server=/.livecoin.net/127.0.0.1#5353 +ipset=/.livecoin.net/gfwlist +server=/.livedoor.jp/127.0.0.1#5353 +ipset=/.livedoor.jp/gfwlist +server=/.liveleak.com/127.0.0.1#5353 +ipset=/.liveleak.com/gfwlist +server=/.livestation.com/127.0.0.1#5353 +ipset=/.livestation.com/gfwlist +server=/.livestream.com/127.0.0.1#5353 +ipset=/.livestream.com/gfwlist +server=/.livevideo.com/127.0.0.1#5353 +ipset=/.livevideo.com/gfwlist +server=/.livingonline.us/127.0.0.1#5353 +ipset=/.livingonline.us/gfwlist +server=/.livingstream.com/127.0.0.1#5353 +ipset=/.livingstream.com/gfwlist +server=/.liwangyang.com/127.0.0.1#5353 +ipset=/.liwangyang.com/gfwlist +server=/.lizhizhuangbi.com/127.0.0.1#5353 +ipset=/.lizhizhuangbi.com/gfwlist +server=/.lkcn.net/127.0.0.1#5353 +ipset=/.lkcn.net/gfwlist +server=/.load.to/127.0.0.1#5353 +ipset=/.load.to/gfwlist +server=/.lobsangwangyal.com/127.0.0.1#5353 +ipset=/.lobsangwangyal.com/gfwlist +server=/.localdomain.ws/127.0.0.1#5353 +ipset=/.localdomain.ws/gfwlist +server=/.localpresshk.com/127.0.0.1#5353 +ipset=/.localpresshk.com/gfwlist +server=/.lockestek.com/127.0.0.1#5353 +ipset=/.lockestek.com/gfwlist +server=/.logbot.net/127.0.0.1#5353 +ipset=/.logbot.net/gfwlist +server=/.login.target.com/127.0.0.1#5353 +ipset=/.login.target.com/gfwlist +server=/.logiqx.com/127.0.0.1#5353 +ipset=/.logiqx.com/gfwlist +server=/.londonchinese.ca/127.0.0.1#5353 +ipset=/.londonchinese.ca/gfwlist +server=/.longhair.hk/127.0.0.1#5353 +ipset=/.longhair.hk/gfwlist +server=/.longmusic.com/127.0.0.1#5353 +ipset=/.longmusic.com/gfwlist +server=/.longtermly.net/127.0.0.1#5353 +ipset=/.longtermly.net/gfwlist +server=/.longtoes.com/127.0.0.1#5353 +ipset=/.longtoes.com/gfwlist +server=/.lookpic.com/127.0.0.1#5353 +ipset=/.lookpic.com/gfwlist +server=/.looktoronto.com/127.0.0.1#5353 +ipset=/.looktoronto.com/gfwlist +server=/.lotuslight.org.hk/127.0.0.1#5353 +ipset=/.lotuslight.org.hk/gfwlist +server=/.lotuslight.org.tw/127.0.0.1#5353 +ipset=/.lotuslight.org.tw/gfwlist +server=/.lovetvshow.com/127.0.0.1#5353 +ipset=/.lovetvshow.com/gfwlist +server=/.lpsg.com/127.0.0.1#5353 +ipset=/.lpsg.com/gfwlist +server=/.lrfz.com/127.0.0.1#5353 +ipset=/.lrfz.com/gfwlist +server=/.lrip.org/127.0.0.1#5353 +ipset=/.lrip.org/gfwlist +server=/.lsd.org.hk/127.0.0.1#5353 +ipset=/.lsd.org.hk/gfwlist +server=/.lsforum.net/127.0.0.1#5353 +ipset=/.lsforum.net/gfwlist +server=/.lsm.org/127.0.0.1#5353 +ipset=/.lsm.org/gfwlist +server=/.lsmchinese.org/127.0.0.1#5353 +ipset=/.lsmchinese.org/gfwlist +server=/.lsmkorean.org/127.0.0.1#5353 +ipset=/.lsmkorean.org/gfwlist +server=/.lsmwebcast.com/127.0.0.1#5353 +ipset=/.lsmwebcast.com/gfwlist +server=/.lsxszzg.com/127.0.0.1#5353 +ipset=/.lsxszzg.com/gfwlist +server=/.ltn.com.tw/127.0.0.1#5353 +ipset=/.ltn.com.tw/gfwlist +server=/.luke54.com/127.0.0.1#5353 +ipset=/.luke54.com/gfwlist +server=/.luke54.org/127.0.0.1#5353 +ipset=/.luke54.org/gfwlist +server=/.lungtanhr.gov.tw/127.0.0.1#5353 +ipset=/.lungtanhr.gov.tw/gfwlist +server=/.lupm.org/127.0.0.1#5353 +ipset=/.lupm.org/gfwlist +server=/.lushstories.com/127.0.0.1#5353 +ipset=/.lushstories.com/gfwlist +server=/.luxebc.com/127.0.0.1#5353 +ipset=/.luxebc.com/gfwlist +server=/.lvhai.org/127.0.0.1#5353 +ipset=/.lvhai.org/gfwlist +server=/.lvv2.com/127.0.0.1#5353 +ipset=/.lvv2.com/gfwlist +server=/.lyfhk.net/127.0.0.1#5353 +ipset=/.lyfhk.net/gfwlist +server=/.lzmtnews.org/127.0.0.1#5353 +ipset=/.lzmtnews.org/gfwlist +server=/.m.hkgalden.com/127.0.0.1#5353 +ipset=/.m.hkgalden.com/gfwlist +server=/.m.me/127.0.0.1#5353 +ipset=/.m.me/gfwlist +server=/.m.plixi.com/127.0.0.1#5353 +ipset=/.m.plixi.com/gfwlist +server=/.m.slandr.net/127.0.0.1#5353 +ipset=/.m.slandr.net/gfwlist +server=/.ma.hao123.com/127.0.0.1#5353 +ipset=/.ma.hao123.com/gfwlist +server=/.macgamestore.com/127.0.0.1#5353 +ipset=/.macgamestore.com/gfwlist +server=/.macrovpn.com/127.0.0.1#5353 +ipset=/.macrovpn.com/gfwlist +server=/.macts.com.tw/127.0.0.1#5353 +ipset=/.macts.com.tw/gfwlist +server=/.mad-ar.ch/127.0.0.1#5353 +ipset=/.mad-ar.ch/gfwlist +server=/.madewithcode.com/127.0.0.1#5353 +ipset=/.madewithcode.com/gfwlist +server=/.madonna-av.com/127.0.0.1#5353 +ipset=/.madonna-av.com/gfwlist +server=/.madrau.com/127.0.0.1#5353 +ipset=/.madrau.com/gfwlist +server=/.madthumbs.com/127.0.0.1#5353 +ipset=/.madthumbs.com/gfwlist +server=/.magazines.sina.com.tw/127.0.0.1#5353 +ipset=/.magazines.sina.com.tw/gfwlist +server=/.magic-net.info/127.0.0.1#5353 +ipset=/.magic-net.info/gfwlist +server=/.mahabodhi.org/127.0.0.1#5353 +ipset=/.mahabodhi.org/gfwlist +server=/.maiio.net/127.0.0.1#5353 +ipset=/.maiio.net/gfwlist +server=/.mail-archive.com/127.0.0.1#5353 +ipset=/.mail-archive.com/gfwlist +server=/.maildns.xyz/127.0.0.1#5353 +ipset=/.maildns.xyz/gfwlist +server=/.maiplus.com/127.0.0.1#5353 +ipset=/.maiplus.com/gfwlist +server=/.maizhong.org/127.0.0.1#5353 +ipset=/.maizhong.org/gfwlist +server=/.makemymood.com/127.0.0.1#5353 +ipset=/.makemymood.com/gfwlist +server=/.makkahnewspaper.com/127.0.0.1#5353 +ipset=/.makkahnewspaper.com/gfwlist +server=/.makzhou.warehouse333.com/127.0.0.1#5353 +ipset=/.makzhou.warehouse333.com/gfwlist +server=/.malaysiakini.com/127.0.0.1#5353 +ipset=/.malaysiakini.com/gfwlist +server=/.mamingzhe.com/127.0.0.1#5353 +ipset=/.mamingzhe.com/gfwlist +server=/.manchukuo.net/127.0.0.1#5353 +ipset=/.manchukuo.net/gfwlist +server=/.mangafox.com/127.0.0.1#5353 +ipset=/.mangafox.com/gfwlist +server=/.mangafox.me/127.0.0.1#5353 +ipset=/.mangafox.me/gfwlist +server=/.maniash.com/127.0.0.1#5353 +ipset=/.maniash.com/gfwlist +server=/.manicur4ik.ru/127.0.0.1#5353 +ipset=/.manicur4ik.ru/gfwlist +server=/.mansion.com/127.0.0.1#5353 +ipset=/.mansion.com/gfwlist +server=/.mansionpoker.com/127.0.0.1#5353 +ipset=/.mansionpoker.com/gfwlist +server=/.manta.com/127.0.0.1#5353 +ipset=/.manta.com/gfwlist +server=/.maolin-nsa.gov.tw/127.0.0.1#5353 +ipset=/.maolin-nsa.gov.tw/gfwlist +server=/.maplew.com/127.0.0.1#5353 +ipset=/.maplew.com/gfwlist +server=/.marc.info/127.0.0.1#5353 +ipset=/.marc.info/gfwlist +server=/.marguerite.su/127.0.0.1#5353 +ipset=/.marguerite.su/gfwlist +server=/.martau.com/127.0.0.1#5353 +ipset=/.martau.com/gfwlist +server=/.martincartoons.com/127.0.0.1#5353 +ipset=/.martincartoons.com/gfwlist +server=/.martsangkagyuofficial.org/127.0.0.1#5353 +ipset=/.martsangkagyuofficial.org/gfwlist +server=/.marxist.com/127.0.0.1#5353 +ipset=/.marxist.com/gfwlist +server=/.marxist.net/127.0.0.1#5353 +ipset=/.marxist.net/gfwlist +server=/.mash.to/127.0.0.1#5353 +ipset=/.mash.to/gfwlist +server=/.maskedip.com/127.0.0.1#5353 +ipset=/.maskedip.com/gfwlist +server=/.mastodon.host/127.0.0.1#5353 +ipset=/.mastodon.host/gfwlist +server=/.matainja.com/127.0.0.1#5353 +ipset=/.matainja.com/gfwlist +server=/.material.io/127.0.0.1#5353 +ipset=/.material.io/gfwlist +server=/.mathable.io/127.0.0.1#5353 +ipset=/.mathable.io/gfwlist +server=/.mathiew-badimon.com/127.0.0.1#5353 +ipset=/.mathiew-badimon.com/gfwlist +server=/.matome-plus.com/127.0.0.1#5353 +ipset=/.matome-plus.com/gfwlist +server=/.matome-plus.net/127.0.0.1#5353 +ipset=/.matome-plus.net/gfwlist +server=/.matsu-news.gov.tw/127.0.0.1#5353 +ipset=/.matsu-news.gov.tw/gfwlist +server=/.matsu-nsa.gov.tw/127.0.0.1#5353 +ipset=/.matsu-nsa.gov.tw/gfwlist +server=/.matsucc.gov.tw/127.0.0.1#5353 +ipset=/.matsucc.gov.tw/gfwlist +server=/.matsushimakaede.com/127.0.0.1#5353 +ipset=/.matsushimakaede.com/gfwlist +server=/.mattwilcox.net/127.0.0.1#5353 +ipset=/.mattwilcox.net/gfwlist +server=/.maturejp.com/127.0.0.1#5353 +ipset=/.maturejp.com/gfwlist +server=/.maxing.jp/127.0.0.1#5353 +ipset=/.maxing.jp/gfwlist +server=/.mayimayi.com/127.0.0.1#5353 +ipset=/.mayimayi.com/gfwlist +server=/.mcadforums.com/127.0.0.1#5353 +ipset=/.mcadforums.com/gfwlist +server=/.mcaf.ee/127.0.0.1#5353 +ipset=/.mcaf.ee/gfwlist +server=/.mcfog.com/127.0.0.1#5353 +ipset=/.mcfog.com/gfwlist +server=/.mcreasite.com/127.0.0.1#5353 +ipset=/.mcreasite.com/gfwlist +server=/.md-t.org/127.0.0.1#5353 +ipset=/.md-t.org/gfwlist +server=/.me.youthwant.com.tw/127.0.0.1#5353 +ipset=/.me.youthwant.com.tw/gfwlist +server=/.meansys.com/127.0.0.1#5353 +ipset=/.meansys.com/gfwlist +server=/.media.nu.nl/127.0.0.1#5353 +ipset=/.media.nu.nl/gfwlist +server=/.media.org.hk/127.0.0.1#5353 +ipset=/.media.org.hk/gfwlist +server=/.mediachinese.com/127.0.0.1#5353 +ipset=/.mediachinese.com/gfwlist +server=/.mediafreakcity.com/127.0.0.1#5353 +ipset=/.mediafreakcity.com/gfwlist +server=/.medium.com/127.0.0.1#5353 +ipset=/.medium.com/gfwlist +server=/.meetav.com/127.0.0.1#5353 +ipset=/.meetav.com/gfwlist +server=/.meetup.com/127.0.0.1#5353 +ipset=/.meetup.com/gfwlist +server=/.mefeedia.com/127.0.0.1#5353 +ipset=/.mefeedia.com/gfwlist +server=/.mefound.com/127.0.0.1#5353 +ipset=/.mefound.com/gfwlist +server=/.mega.nz/127.0.0.1#5353 +ipset=/.mega.nz/gfwlist +server=/.megaproxy.com/127.0.0.1#5353 +ipset=/.megaproxy.com/gfwlist +server=/.megarotic.com/127.0.0.1#5353 +ipset=/.megarotic.com/gfwlist +server=/.megavideo.com/127.0.0.1#5353 +ipset=/.megavideo.com/gfwlist +server=/.megurineluka.com/127.0.0.1#5353 +ipset=/.megurineluka.com/gfwlist +server=/.meirixiaochao.com/127.0.0.1#5353 +ipset=/.meirixiaochao.com/gfwlist +server=/.meltoday.com/127.0.0.1#5353 +ipset=/.meltoday.com/gfwlist +server=/.meme.yahoo.com/127.0.0.1#5353 +ipset=/.meme.yahoo.com/gfwlist +server=/.memehk.com/127.0.0.1#5353 +ipset=/.memehk.com/gfwlist +server=/.memorybbs.com/127.0.0.1#5353 +ipset=/.memorybbs.com/gfwlist +server=/.memri.org/127.0.0.1#5353 +ipset=/.memri.org/gfwlist +server=/.memrijttm.org/127.0.0.1#5353 +ipset=/.memrijttm.org/gfwlist +server=/.mercyprophet.org/127.0.0.1#5353 +ipset=/.mercyprophet.org/gfwlist +server=/.meridian-trust.org/127.0.0.1#5353 +ipset=/.meridian-trust.org/gfwlist +server=/.meripet.biz/127.0.0.1#5353 +ipset=/.meripet.biz/gfwlist +server=/.meripet.com/127.0.0.1#5353 +ipset=/.meripet.com/gfwlist +server=/.merit-times.com.tw/127.0.0.1#5353 +ipset=/.merit-times.com.tw/gfwlist +server=/.meshrep.com/127.0.0.1#5353 +ipset=/.meshrep.com/gfwlist +server=/.messenger.com/127.0.0.1#5353 +ipset=/.messenger.com/gfwlist +server=/.metarthunter.com/127.0.0.1#5353 +ipset=/.metarthunter.com/gfwlist +server=/.meteorshowersonline.com/127.0.0.1#5353 +ipset=/.meteorshowersonline.com/gfwlist +server=/.metrolife.ca/127.0.0.1#5353 +ipset=/.metrolife.ca/gfwlist +server=/.metroradio.com.hk/127.0.0.1#5353 +ipset=/.metroradio.com.hk/gfwlist +server=/.meyou.jp/127.0.0.1#5353 +ipset=/.meyou.jp/gfwlist +server=/.meyul.com/127.0.0.1#5353 +ipset=/.meyul.com/gfwlist +server=/.mfxmedia.com/127.0.0.1#5353 +ipset=/.mfxmedia.com/gfwlist +server=/.mgoon.com/127.0.0.1#5353 +ipset=/.mgoon.com/gfwlist +server=/.mgstage.com/127.0.0.1#5353 +ipset=/.mgstage.com/gfwlist +server=/.mh4u.org/127.0.0.1#5353 +ipset=/.mh4u.org/gfwlist +server=/.mhradio.org/127.0.0.1#5353 +ipset=/.mhradio.org/gfwlist +server=/.michaelanti.com/127.0.0.1#5353 +ipset=/.michaelanti.com/gfwlist +server=/.michaelmarketl.com/127.0.0.1#5353 +ipset=/.michaelmarketl.com/gfwlist +server=/.microvpn.com/127.0.0.1#5353 +ipset=/.microvpn.com/gfwlist +server=/.middle-way.net/127.0.0.1#5353 +ipset=/.middle-way.net/gfwlist +server=/.mihr.com/127.0.0.1#5353 +ipset=/.mihr.com/gfwlist +server=/.mihua.org/127.0.0.1#5353 +ipset=/.mihua.org/gfwlist +server=/.mike.cz.cc/127.0.0.1#5353 +ipset=/.mike.cz.cc/gfwlist +server=/.mikesoltys.com/127.0.0.1#5353 +ipset=/.mikesoltys.com/gfwlist +server=/.milph.net/127.0.0.1#5353 +ipset=/.milph.net/gfwlist +server=/.milsurps.com/127.0.0.1#5353 +ipset=/.milsurps.com/gfwlist +server=/.mimiai.net/127.0.0.1#5353 +ipset=/.mimiai.net/gfwlist +server=/.mimivip.com/127.0.0.1#5353 +ipset=/.mimivip.com/gfwlist +server=/.mimivv.com/127.0.0.1#5353 +ipset=/.mimivv.com/gfwlist +server=/.mindrolling.org/127.0.0.1#5353 +ipset=/.mindrolling.org/gfwlist +server=/.minghui-a.org/127.0.0.1#5353 +ipset=/.minghui-a.org/gfwlist +server=/.minghui-b.org/127.0.0.1#5353 +ipset=/.minghui-b.org/gfwlist +server=/.minghui-school.org/127.0.0.1#5353 +ipset=/.minghui-school.org/gfwlist +server=/.minghui.or.kr/127.0.0.1#5353 +ipset=/.minghui.or.kr/gfwlist +server=/.minghui.org/127.0.0.1#5353 +ipset=/.minghui.org/gfwlist +server=/.minghuiyw.wordpress.com/127.0.0.1#5353 +ipset=/.minghuiyw.wordpress.com/gfwlist +server=/.mingjinglishi.com/127.0.0.1#5353 +ipset=/.mingjinglishi.com/gfwlist +server=/.mingjingnews.com/127.0.0.1#5353 +ipset=/.mingjingnews.com/gfwlist +server=/.mingjingtimes.com/127.0.0.1#5353 +ipset=/.mingjingtimes.com/gfwlist +server=/.mingpao.com/127.0.0.1#5353 +ipset=/.mingpao.com/gfwlist +server=/.mingpaocanada.com/127.0.0.1#5353 +ipset=/.mingpaocanada.com/gfwlist +server=/.mingpaomonthly.com/127.0.0.1#5353 +ipset=/.mingpaomonthly.com/gfwlist +server=/.mingpaonews.com/127.0.0.1#5353 +ipset=/.mingpaonews.com/gfwlist +server=/.mingpaony.com/127.0.0.1#5353 +ipset=/.mingpaony.com/gfwlist +server=/.mingpaosf.com/127.0.0.1#5353 +ipset=/.mingpaosf.com/gfwlist +server=/.mingpaotor.com/127.0.0.1#5353 +ipset=/.mingpaotor.com/gfwlist +server=/.mingpaovan.com/127.0.0.1#5353 +ipset=/.mingpaovan.com/gfwlist +server=/.mingshengbao.com/127.0.0.1#5353 +ipset=/.mingshengbao.com/gfwlist +server=/.minhhue.net/127.0.0.1#5353 +ipset=/.minhhue.net/gfwlist +server=/.miniforum.org/127.0.0.1#5353 +ipset=/.miniforum.org/gfwlist +server=/.ministrybooks.org/127.0.0.1#5353 +ipset=/.ministrybooks.org/gfwlist +server=/.minzhuhua.net/127.0.0.1#5353 +ipset=/.minzhuhua.net/gfwlist +server=/.minzhuzhanxian.com/127.0.0.1#5353 +ipset=/.minzhuzhanxian.com/gfwlist +server=/.minzhuzhongguo.org/127.0.0.1#5353 +ipset=/.minzhuzhongguo.org/gfwlist +server=/.miroguide.com/127.0.0.1#5353 +ipset=/.miroguide.com/gfwlist +server=/.mirrorbooks.com/127.0.0.1#5353 +ipset=/.mirrorbooks.com/gfwlist +server=/.mist.vip/127.0.0.1#5353 +ipset=/.mist.vip/gfwlist +server=/.mitao.com.tw/127.0.0.1#5353 +ipset=/.mitao.com.tw/gfwlist +server=/.mitbbs.com/127.0.0.1#5353 +ipset=/.mitbbs.com/gfwlist +server=/.mitbbsau.com/127.0.0.1#5353 +ipset=/.mitbbsau.com/gfwlist +server=/.mixero.com/127.0.0.1#5353 +ipset=/.mixero.com/gfwlist +server=/.mixpod.com/127.0.0.1#5353 +ipset=/.mixpod.com/gfwlist +server=/.mixx.com/127.0.0.1#5353 +ipset=/.mixx.com/gfwlist +server=/.mizzmona.com/127.0.0.1#5353 +ipset=/.mizzmona.com/gfwlist +server=/.mjib.gov.tw/127.0.0.1#5353 +ipset=/.mjib.gov.tw/gfwlist +server=/.mk5000.com/127.0.0.1#5353 +ipset=/.mk5000.com/gfwlist +server=/.mlcool.com/127.0.0.1#5353 +ipset=/.mlcool.com/gfwlist +server=/.mlzs.work/127.0.0.1#5353 +ipset=/.mlzs.work/gfwlist +server=/.mm-cg.com/127.0.0.1#5353 +ipset=/.mm-cg.com/gfwlist +server=/.mmaaxx.com/127.0.0.1#5353 +ipset=/.mmaaxx.com/gfwlist +server=/.mmmca.com/127.0.0.1#5353 +ipset=/.mmmca.com/gfwlist +server=/.mnewstv.com/127.0.0.1#5353 +ipset=/.mnewstv.com/gfwlist +server=/.mo.nightlife141.com/127.0.0.1#5353 +ipset=/.mo.nightlife141.com/gfwlist +server=/.mobatek.net/127.0.0.1#5353 +ipset=/.mobatek.net/gfwlist +server=/.mobile01.com/127.0.0.1#5353 +ipset=/.mobile01.com/gfwlist +server=/.mobileways.de/127.0.0.1#5353 +ipset=/.mobileways.de/gfwlist +server=/.moby.to/127.0.0.1#5353 +ipset=/.moby.to/gfwlist +server=/.mobypicture.com/127.0.0.1#5353 +ipset=/.mobypicture.com/gfwlist +server=/.moe.gov.tw/127.0.0.1#5353 +ipset=/.moe.gov.tw/gfwlist +server=/.moeaic.gov.tw/127.0.0.1#5353 +ipset=/.moeaic.gov.tw/gfwlist +server=/.moeerolibrary.com/127.0.0.1#5353 +ipset=/.moeerolibrary.com/gfwlist +server=/.mofa.gov.tw/127.0.0.1#5353 +ipset=/.mofa.gov.tw/gfwlist +server=/.mofaxiehui.com/127.0.0.1#5353 +ipset=/.mofaxiehui.com/gfwlist +server=/.mofos.com/127.0.0.1#5353 +ipset=/.mofos.com/gfwlist +server=/.mog.com/127.0.0.1#5353 +ipset=/.mog.com/gfwlist +server=/.mohu.club/127.0.0.1#5353 +ipset=/.mohu.club/gfwlist +server=/.mohu.ml/127.0.0.1#5353 +ipset=/.mohu.ml/gfwlist +server=/.mol.gov.tw/127.0.0.1#5353 +ipset=/.mol.gov.tw/gfwlist +server=/.molihua.org/127.0.0.1#5353 +ipset=/.molihua.org/gfwlist +server=/.mondex.org/127.0.0.1#5353 +ipset=/.mondex.org/gfwlist +server=/.money-link.com.tw/127.0.0.1#5353 +ipset=/.money-link.com.tw/gfwlist +server=/.moneyhome.biz/127.0.0.1#5353 +ipset=/.moneyhome.biz/gfwlist +server=/.monitorchina.org/127.0.0.1#5353 +ipset=/.monitorchina.org/gfwlist +server=/.monster.com/127.0.0.1#5353 +ipset=/.monster.com/gfwlist +server=/.moodyz.com/127.0.0.1#5353 +ipset=/.moodyz.com/gfwlist +server=/.moonbbs.com/127.0.0.1#5353 +ipset=/.moonbbs.com/gfwlist +server=/.moonbingo.com/127.0.0.1#5353 +ipset=/.moonbingo.com/gfwlist +server=/.morningsun.org/127.0.0.1#5353 +ipset=/.morningsun.org/gfwlist +server=/.moroneta.com/127.0.0.1#5353 +ipset=/.moroneta.com/gfwlist +server=/.mos.ru/127.0.0.1#5353 +ipset=/.mos.ru/gfwlist +server=/.motherless.com/127.0.0.1#5353 +ipset=/.motherless.com/gfwlist +server=/.motor4ik.ru/127.0.0.1#5353 +ipset=/.motor4ik.ru/gfwlist +server=/.mousebreaker.com/127.0.0.1#5353 +ipset=/.mousebreaker.com/gfwlist +server=/.movements.org/127.0.0.1#5353 +ipset=/.movements.org/gfwlist +server=/.moviefap.com/127.0.0.1#5353 +ipset=/.moviefap.com/gfwlist +server=/.mp3buscador.com/127.0.0.1#5353 +ipset=/.mp3buscador.com/gfwlist +server=/.mp3ye.eu/127.0.0.1#5353 +ipset=/.mp3ye.eu/gfwlist +server=/.mpettis.com/127.0.0.1#5353 +ipset=/.mpettis.com/gfwlist +server=/.mpfinance.com/127.0.0.1#5353 +ipset=/.mpfinance.com/gfwlist +server=/.mpinews.com/127.0.0.1#5353 +ipset=/.mpinews.com/gfwlist +server=/.mponline.hk/127.0.0.1#5353 +ipset=/.mponline.hk/gfwlist +server=/.mqxd.org/127.0.0.1#5353 +ipset=/.mqxd.org/gfwlist +server=/.mrbasic.com/127.0.0.1#5353 +ipset=/.mrbasic.com/gfwlist +server=/.mrbonus.com/127.0.0.1#5353 +ipset=/.mrbonus.com/gfwlist +server=/.mrface.com/127.0.0.1#5353 +ipset=/.mrface.com/gfwlist +server=/.mrslove.com/127.0.0.1#5353 +ipset=/.mrslove.com/gfwlist +server=/.mrtweet.com/127.0.0.1#5353 +ipset=/.mrtweet.com/gfwlist +server=/.msguancha.com/127.0.0.1#5353 +ipset=/.msguancha.com/gfwlist +server=/.msha.gov/127.0.0.1#5353 +ipset=/.msha.gov/gfwlist +server=/.mswe1.org/127.0.0.1#5353 +ipset=/.mswe1.org/gfwlist +server=/.mthruf.com/127.0.0.1#5353 +ipset=/.mthruf.com/gfwlist +server=/.mtw.tl/127.0.0.1#5353 +ipset=/.mtw.tl/gfwlist +server=/.muchosucko.com/127.0.0.1#5353 +ipset=/.muchosucko.com/gfwlist +server=/.mullvad.net/127.0.0.1#5353 +ipset=/.mullvad.net/gfwlist +server=/.multiply.com/127.0.0.1#5353 +ipset=/.multiply.com/gfwlist +server=/.multiproxy.org/127.0.0.1#5353 +ipset=/.multiproxy.org/gfwlist +server=/.multiupload.com/127.0.0.1#5353 +ipset=/.multiupload.com/gfwlist +server=/.mummysgold.com/127.0.0.1#5353 +ipset=/.mummysgold.com/gfwlist +server=/.murmur.tw/127.0.0.1#5353 +ipset=/.murmur.tw/gfwlist +server=/.music.jwmusic.org/127.0.0.1#5353 +ipset=/.music.jwmusic.org/gfwlist +server=/.musicade.net/127.0.0.1#5353 +ipset=/.musicade.net/gfwlist +server=/.muslimvideo.com/127.0.0.1#5353 +ipset=/.muslimvideo.com/gfwlist +server=/.muzi.com/127.0.0.1#5353 +ipset=/.muzi.com/gfwlist +server=/.muzi.net/127.0.0.1#5353 +ipset=/.muzi.net/gfwlist +server=/.muzu.tv/127.0.0.1#5353 +ipset=/.muzu.tv/gfwlist +server=/.mvdis.gov.tw/127.0.0.1#5353 +ipset=/.mvdis.gov.tw/gfwlist +server=/.mvg.jp/127.0.0.1#5353 +ipset=/.mvg.jp/gfwlist +server=/.mx.hao123.com/127.0.0.1#5353 +ipset=/.mx.hao123.com/gfwlist +server=/.mx981.com/127.0.0.1#5353 +ipset=/.mx981.com/gfwlist +server=/.my-formosa.com/127.0.0.1#5353 +ipset=/.my-formosa.com/gfwlist +server=/.my-private-network.co.uk/127.0.0.1#5353 +ipset=/.my-private-network.co.uk/gfwlist +server=/.my-proxy.com/127.0.0.1#5353 +ipset=/.my-proxy.com/gfwlist +server=/.my.mail.ru/127.0.0.1#5353 +ipset=/.my.mail.ru/gfwlist +server=/.my.pcloud.com/127.0.0.1#5353 +ipset=/.my.pcloud.com/gfwlist +server=/.my03.com/127.0.0.1#5353 +ipset=/.my03.com/gfwlist +server=/.myanniu.com/127.0.0.1#5353 +ipset=/.myanniu.com/gfwlist +server=/.myaudiocast.com/127.0.0.1#5353 +ipset=/.myaudiocast.com/gfwlist +server=/.mybbs.us/127.0.0.1#5353 +ipset=/.mybbs.us/gfwlist +server=/.mybet.com/127.0.0.1#5353 +ipset=/.mybet.com/gfwlist +server=/.myca168.com/127.0.0.1#5353 +ipset=/.myca168.com/gfwlist +server=/.mycanadanow.com/127.0.0.1#5353 +ipset=/.mycanadanow.com/gfwlist +server=/.mychinamyhome.com/127.0.0.1#5353 +ipset=/.mychinamyhome.com/gfwlist +server=/.mychinanet.com/127.0.0.1#5353 +ipset=/.mychinanet.com/gfwlist +server=/.mychinanews.com/127.0.0.1#5353 +ipset=/.mychinanews.com/gfwlist +server=/.mychinese.news/127.0.0.1#5353 +ipset=/.mychinese.news/gfwlist +server=/.mycnnews.com/127.0.0.1#5353 +ipset=/.mycnnews.com/gfwlist +server=/.mydad.info/127.0.0.1#5353 +ipset=/.mydad.info/gfwlist +server=/.myddns.com/127.0.0.1#5353 +ipset=/.myddns.com/gfwlist +server=/.myeasytv.com/127.0.0.1#5353 +ipset=/.myeasytv.com/gfwlist +server=/.myeclipseide.com/127.0.0.1#5353 +ipset=/.myeclipseide.com/gfwlist +server=/.myforum.com.hk/127.0.0.1#5353 +ipset=/.myforum.com.hk/gfwlist +server=/.myforum.com.uk/127.0.0.1#5353 +ipset=/.myforum.com.uk/gfwlist +server=/.myfreecams.com/127.0.0.1#5353 +ipset=/.myfreecams.com/gfwlist +server=/.myfreepaysite.com/127.0.0.1#5353 +ipset=/.myfreepaysite.com/gfwlist +server=/.myfreshnet.com/127.0.0.1#5353 +ipset=/.myfreshnet.com/gfwlist +server=/.myftp.info/127.0.0.1#5353 +ipset=/.myftp.info/gfwlist +server=/.myftp.name/127.0.0.1#5353 +ipset=/.myftp.name/gfwlist +server=/.myiphide.com/127.0.0.1#5353 +ipset=/.myiphide.com/gfwlist +server=/.mykomica.org/127.0.0.1#5353 +ipset=/.mykomica.org/gfwlist +server=/.mylftv.com/127.0.0.1#5353 +ipset=/.mylftv.com/gfwlist +server=/.mymoe.moe/127.0.0.1#5353 +ipset=/.mymoe.moe/gfwlist +server=/.mymom.info/127.0.0.1#5353 +ipset=/.mymom.info/gfwlist +server=/.mymusic.net.tw/127.0.0.1#5353 +ipset=/.mymusic.net.tw/gfwlist +server=/.mynetav.net/127.0.0.1#5353 +ipset=/.mynetav.net/gfwlist +server=/.mynetav.org/127.0.0.1#5353 +ipset=/.mynetav.org/gfwlist +server=/.mynumber.org/127.0.0.1#5353 +ipset=/.mynumber.org/gfwlist +server=/.myparagliding.com/127.0.0.1#5353 +ipset=/.myparagliding.com/gfwlist +server=/.mypicture.info/127.0.0.1#5353 +ipset=/.mypicture.info/gfwlist +server=/.mypop3.net/127.0.0.1#5353 +ipset=/.mypop3.net/gfwlist +server=/.mypop3.org/127.0.0.1#5353 +ipset=/.mypop3.org/gfwlist +server=/.mypopescu.com/127.0.0.1#5353 +ipset=/.mypopescu.com/gfwlist +server=/.myreadingmanga.info/127.0.0.1#5353 +ipset=/.myreadingmanga.info/gfwlist +server=/.mysecondarydns.com/127.0.0.1#5353 +ipset=/.mysecondarydns.com/gfwlist +server=/.mysinablog.com/127.0.0.1#5353 +ipset=/.mysinablog.com/gfwlist +server=/.mysite.verizon.net/127.0.0.1#5353 +ipset=/.mysite.verizon.net/gfwlist +server=/.myspace.com/127.0.0.1#5353 +ipset=/.myspace.com/gfwlist +server=/.myspacecdn.com/127.0.0.1#5353 +ipset=/.myspacecdn.com/gfwlist +server=/.mytalkbox.com/127.0.0.1#5353 +ipset=/.mytalkbox.com/gfwlist +server=/.mytizi.com/127.0.0.1#5353 +ipset=/.mytizi.com/gfwlist +server=/.myvlog.im.tv/127.0.0.1#5353 +ipset=/.myvlog.im.tv/gfwlist +server=/.mywww.biz/127.0.0.1#5353 +ipset=/.mywww.biz/gfwlist +server=/.myz.info/127.0.0.1#5353 +ipset=/.myz.info/gfwlist +server=/.naacoalition.org/127.0.0.1#5353 +ipset=/.naacoalition.org/gfwlist +server=/.naitik.net/127.0.0.1#5353 +ipset=/.naitik.net/gfwlist +server=/.nakido.com/127.0.0.1#5353 +ipset=/.nakido.com/gfwlist +server=/.nalandabodhi.org/127.0.0.1#5353 +ipset=/.nalandabodhi.org/gfwlist +server=/.nalandawest.org/127.0.0.1#5353 +ipset=/.nalandawest.org/gfwlist +server=/.namgyal.org/127.0.0.1#5353 +ipset=/.namgyal.org/gfwlist +server=/.namgyalmonastery.org/127.0.0.1#5353 +ipset=/.namgyalmonastery.org/gfwlist +server=/.namsisi.com/127.0.0.1#5353 +ipset=/.namsisi.com/gfwlist +server=/.nankan.gov.tw/127.0.0.1#5353 +ipset=/.nankan.gov.tw/gfwlist +server=/.nanyang.com/127.0.0.1#5353 +ipset=/.nanyang.com/gfwlist +server=/.nanyangpost.com/127.0.0.1#5353 +ipset=/.nanyangpost.com/gfwlist +server=/.nanzao.com/127.0.0.1#5353 +ipset=/.nanzao.com/gfwlist +server=/.naol.ca/127.0.0.1#5353 +ipset=/.naol.ca/gfwlist +server=/.naol.cc/127.0.0.1#5353 +ipset=/.naol.cc/gfwlist +server=/.nat.gov.tw/127.0.0.1#5353 +ipset=/.nat.gov.tw/gfwlist +server=/.nat.moe/127.0.0.1#5353 +ipset=/.nat.moe/gfwlist +server=/.national-lottery.co.uk/127.0.0.1#5353 +ipset=/.national-lottery.co.uk/gfwlist +server=/.nationwide.com/127.0.0.1#5353 +ipset=/.nationwide.com/gfwlist +server=/.naughtyamerica.com/127.0.0.1#5353 +ipset=/.naughtyamerica.com/gfwlist +server=/.navyfamily.navy.mil/127.0.0.1#5353 +ipset=/.navyfamily.navy.mil/gfwlist +server=/.navyreserve.navy.mil/127.0.0.1#5353 +ipset=/.navyreserve.navy.mil/gfwlist +server=/.naweeklytimes.com/127.0.0.1#5353 +ipset=/.naweeklytimes.com/gfwlist +server=/.nbtvpn.com/127.0.0.1#5353 +ipset=/.nbtvpn.com/gfwlist +server=/.nccwatch.org.tw/127.0.0.1#5353 +ipset=/.nccwatch.org.tw/gfwlist +server=/.nch.com.tw/127.0.0.1#5353 +ipset=/.nch.com.tw/gfwlist +server=/.ncn.org/127.0.0.1#5353 +ipset=/.ncn.org/gfwlist +server=/.ncree.gov.tw/127.0.0.1#5353 +ipset=/.ncree.gov.tw/gfwlist +server=/.nde.de/127.0.0.1#5353 +ipset=/.nde.de/gfwlist +server=/.ndr.de/127.0.0.1#5353 +ipset=/.ndr.de/gfwlist +server=/.necoast-nsa.gov.tw/127.0.0.1#5353 +ipset=/.necoast-nsa.gov.tw/gfwlist +server=/.ned.org/127.0.0.1#5353 +ipset=/.ned.org/gfwlist +server=/.nekoslovakia.net/127.0.0.1#5353 +ipset=/.nekoslovakia.net/gfwlist +server=/.neo-miracle.com/127.0.0.1#5353 +ipset=/.neo-miracle.com/gfwlist +server=/.nepusoku.com/127.0.0.1#5353 +ipset=/.nepusoku.com/gfwlist +server=/.ner.gov.tw/127.0.0.1#5353 +ipset=/.ner.gov.tw/gfwlist +server=/.net-fits.pro/127.0.0.1#5353 +ipset=/.net-fits.pro/gfwlist +server=/.netbirds.com/127.0.0.1#5353 +ipset=/.netbirds.com/gfwlist +server=/.netcolony.com/127.0.0.1#5353 +ipset=/.netcolony.com/gfwlist +server=/.netflix.com/127.0.0.1#5353 +ipset=/.netflix.com/gfwlist +server=/.netme.cc/127.0.0.1#5353 +ipset=/.netme.cc/gfwlist +server=/.netsneak.com/127.0.0.1#5353 +ipset=/.netsneak.com/gfwlist +server=/.network54.com/127.0.0.1#5353 +ipset=/.network54.com/gfwlist +server=/.networkedblogs.com/127.0.0.1#5353 +ipset=/.networkedblogs.com/gfwlist +server=/.networktunnel.net/127.0.0.1#5353 +ipset=/.networktunnel.net/gfwlist +server=/.neue.v2ex.com/127.0.0.1#5353 +ipset=/.neue.v2ex.com/gfwlist +server=/.neverforget8964.org/127.0.0.1#5353 +ipset=/.neverforget8964.org/gfwlist +server=/.new-3lunch.net/127.0.0.1#5353 +ipset=/.new-3lunch.net/gfwlist +server=/.new-akiba.com/127.0.0.1#5353 +ipset=/.new-akiba.com/gfwlist +server=/.new96.ca/127.0.0.1#5353 +ipset=/.new96.ca/gfwlist +server=/.newcenturymc.com/127.0.0.1#5353 +ipset=/.newcenturymc.com/gfwlist +server=/.newcenturynews.com/127.0.0.1#5353 +ipset=/.newcenturynews.com/gfwlist +server=/.newchen.com/127.0.0.1#5353 +ipset=/.newchen.com/gfwlist +server=/.newgrounds.com/127.0.0.1#5353 +ipset=/.newgrounds.com/gfwlist +server=/.newipnow.com/127.0.0.1#5353 +ipset=/.newipnow.com/gfwlist +server=/.newlandmagazine.com.au/127.0.0.1#5353 +ipset=/.newlandmagazine.com.au/gfwlist +server=/.newnews.ca/127.0.0.1#5353 +ipset=/.newnews.ca/gfwlist +server=/.news.cnyes.com/127.0.0.1#5353 +ipset=/.news.cnyes.com/gfwlist +server=/.news.hk.msn.com/127.0.0.1#5353 +ipset=/.news.hk.msn.com/gfwlist +server=/.news.hkpeanut.com/127.0.0.1#5353 +ipset=/.news.hkpeanut.com/gfwlist +server=/.news.msn.com.tw/127.0.0.1#5353 +ipset=/.news.msn.com.tw/gfwlist +server=/.news.now.com/127.0.0.1#5353 +ipset=/.news.now.com/gfwlist +server=/.news.omy.sg/127.0.0.1#5353 +ipset=/.news.omy.sg/gfwlist +server=/.news.seehua.com/127.0.0.1#5353 +ipset=/.news.seehua.com/gfwlist +server=/.news.sina.com.hk/127.0.0.1#5353 +ipset=/.news.sina.com.hk/gfwlist +server=/.news.sina.com.tw/127.0.0.1#5353 +ipset=/.news.sina.com.tw/gfwlist +server=/.news.sinchew.com.my/127.0.0.1#5353 +ipset=/.news.sinchew.com.my/gfwlist +server=/.news.singtao.ca/127.0.0.1#5353 +ipset=/.news.singtao.ca/gfwlist +server=/.news.tvbs.com.tw/127.0.0.1#5353 +ipset=/.news.tvbs.com.tw/gfwlist +server=/.news100.com.tw/127.0.0.1#5353 +ipset=/.news100.com.tw/gfwlist +server=/.newsancai.com/127.0.0.1#5353 +ipset=/.newsancai.com/gfwlist +server=/.newschinacomment.org/127.0.0.1#5353 +ipset=/.newschinacomment.org/gfwlist +server=/.newscn.org/127.0.0.1#5353 +ipset=/.newscn.org/gfwlist +server=/.newsdetox.ca/127.0.0.1#5353 +ipset=/.newsdetox.ca/gfwlist +server=/.newsdh.com/127.0.0.1#5353 +ipset=/.newsdh.com/gfwlist +server=/.newstamago.com/127.0.0.1#5353 +ipset=/.newstamago.com/gfwlist +server=/.newstapa.org/127.0.0.1#5353 +ipset=/.newstapa.org/gfwlist +server=/.newstarnet.com/127.0.0.1#5353 +ipset=/.newstarnet.com/gfwlist +server=/.newtaiwan.com.tw/127.0.0.1#5353 +ipset=/.newtaiwan.com.tw/gfwlist +server=/.newtalk.tw/127.0.0.1#5353 +ipset=/.newtalk.tw/gfwlist +server=/.newyorktimes.com/127.0.0.1#5353 +ipset=/.newyorktimes.com/gfwlist +server=/.nexon.com/127.0.0.1#5353 +ipset=/.nexon.com/gfwlist +server=/.next11.co.jp/127.0.0.1#5353 +ipset=/.next11.co.jp/gfwlist +server=/.nextmag.com.tw/127.0.0.1#5353 +ipset=/.nextmag.com.tw/gfwlist +server=/.nextmedia.com/127.0.0.1#5353 +ipset=/.nextmedia.com/gfwlist +server=/.nexton-net.jp/127.0.0.1#5353 +ipset=/.nexton-net.jp/gfwlist +server=/.nexttv.com.tw/127.0.0.1#5353 +ipset=/.nexttv.com.tw/gfwlist +server=/.nf.id.au/127.0.0.1#5353 +ipset=/.nf.id.au/gfwlist +server=/.nfjtyd.com/127.0.0.1#5353 +ipset=/.nfjtyd.com/gfwlist +server=/.nflxext.com/127.0.0.1#5353 +ipset=/.nflxext.com/gfwlist +server=/.nflximg.com/127.0.0.1#5353 +ipset=/.nflximg.com/gfwlist +server=/.nflximg.net/127.0.0.1#5353 +ipset=/.nflximg.net/gfwlist +server=/.nflxso.net/127.0.0.1#5353 +ipset=/.nflxso.net/gfwlist +server=/.nflxvideo.net/127.0.0.1#5353 +ipset=/.nflxvideo.net/gfwlist +server=/.nga.mil/127.0.0.1#5353 +ipset=/.nga.mil/gfwlist +server=/.ngensis.com/127.0.0.1#5353 +ipset=/.ngensis.com/gfwlist +server=/.nhentai.net/127.0.0.1#5353 +ipset=/.nhentai.net/gfwlist +server=/.nhi.gov.tw/127.0.0.1#5353 +ipset=/.nhi.gov.tw/gfwlist +server=/.nhk-ondemand.jp/127.0.0.1#5353 +ipset=/.nhk-ondemand.jp/gfwlist +server=/.nic.cz.cc/127.0.0.1#5353 +ipset=/.nic.cz.cc/gfwlist +server=/.nic.google/127.0.0.1#5353 +ipset=/.nic.google/gfwlist +server=/.nic.gov/127.0.0.1#5353 +ipset=/.nic.gov/gfwlist +server=/.nighost.org/127.0.0.1#5353 +ipset=/.nighost.org/gfwlist +server=/.nikkei.com/127.0.0.1#5353 +ipset=/.nikkei.com/gfwlist +server=/.ninecommentaries.com/127.0.0.1#5353 +ipset=/.ninecommentaries.com/gfwlist +server=/.ninjacloak.com/127.0.0.1#5353 +ipset=/.ninjacloak.com/gfwlist +server=/.ninjaproxy.ninja/127.0.0.1#5353 +ipset=/.ninjaproxy.ninja/gfwlist +server=/.nintendium.com/127.0.0.1#5353 +ipset=/.nintendium.com/gfwlist +server=/.ninth.biz/127.0.0.1#5353 +ipset=/.ninth.biz/gfwlist +server=/.niusnews.com/127.0.0.1#5353 +ipset=/.niusnews.com/gfwlist +server=/.njactb.org/127.0.0.1#5353 +ipset=/.njactb.org/gfwlist +server=/.njuice.com/127.0.0.1#5353 +ipset=/.njuice.com/gfwlist +server=/.nko.navy.mil/127.0.0.1#5353 +ipset=/.nko.navy.mil/gfwlist +server=/.nlfreevpn.com/127.0.0.1#5353 +ipset=/.nlfreevpn.com/gfwlist +server=/.nmmba.gov.tw/127.0.0.1#5353 +ipset=/.nmmba.gov.tw/gfwlist +server=/.nmp.gov.tw/127.0.0.1#5353 +ipset=/.nmp.gov.tw/gfwlist +server=/.nmvttc.gov.tw/127.0.0.1#5353 +ipset=/.nmvttc.gov.tw/gfwlist +server=/.no-ip.org/127.0.0.1#5353 +ipset=/.no-ip.org/gfwlist +server=/.nobel.se/127.0.0.1#5353 +ipset=/.nobel.se/gfwlist +server=/.nobodycanstop.us/127.0.0.1#5353 +ipset=/.nobodycanstop.us/gfwlist +server=/.nofile.io/127.0.0.1#5353 +ipset=/.nofile.io/gfwlist +server=/.nokogiri.org/127.0.0.1#5353 +ipset=/.nokogiri.org/gfwlist +server=/.nokola.com/127.0.0.1#5353 +ipset=/.nokola.com/gfwlist +server=/.noodlevpn.com/127.0.0.1#5353 +ipset=/.noodlevpn.com/gfwlist +server=/.norbulingka.org/127.0.0.1#5353 +ipset=/.norbulingka.org/gfwlist +server=/.nordstrom.com/127.0.0.1#5353 +ipset=/.nordstrom.com/gfwlist +server=/.nordstromimage.com/127.0.0.1#5353 +ipset=/.nordstromimage.com/gfwlist +server=/.nordstromrack.com/127.0.0.1#5353 +ipset=/.nordstromrack.com/gfwlist +server=/.nordvpn.com/127.0.0.1#5353 +ipset=/.nordvpn.com/gfwlist +server=/.northguan-nsa.gov.tw/127.0.0.1#5353 +ipset=/.northguan-nsa.gov.tw/gfwlist +server=/.notify.dropboxapi.com/127.0.0.1#5353 +ipset=/.notify.dropboxapi.com/gfwlist +server=/.nottinghampost.com/127.0.0.1#5353 +ipset=/.nottinghampost.com/gfwlist +server=/.novelasia.com/127.0.0.1#5353 +ipset=/.novelasia.com/gfwlist +server=/.now.com/127.0.0.1#5353 +ipset=/.now.com/gfwlist +server=/.now.im/127.0.0.1#5353 +ipset=/.now.im/gfwlist +server=/.nownews.com/127.0.0.1#5353 +ipset=/.nownews.com/gfwlist +server=/.nowtorrents.com/127.0.0.1#5353 +ipset=/.nowtorrents.com/gfwlist +server=/.noypf.com/127.0.0.1#5353 +ipset=/.noypf.com/gfwlist +server=/.npa.go.jp/127.0.0.1#5353 +ipset=/.npa.go.jp/gfwlist +server=/.npa.gov.tw/127.0.0.1#5353 +ipset=/.npa.gov.tw/gfwlist +server=/.npm.gov.tw/127.0.0.1#5353 +ipset=/.npm.gov.tw/gfwlist +server=/.npnt.me/127.0.0.1#5353 +ipset=/.npnt.me/gfwlist +server=/.nps.gov/127.0.0.1#5353 +ipset=/.nps.gov/gfwlist +server=/.nradio.me/127.0.0.1#5353 +ipset=/.nradio.me/gfwlist +server=/.nrk.no/127.0.0.1#5353 +ipset=/.nrk.no/gfwlist +server=/.ns01.biz/127.0.0.1#5353 +ipset=/.ns01.biz/gfwlist +server=/.ns01.info/127.0.0.1#5353 +ipset=/.ns01.info/gfwlist +server=/.ns01.us/127.0.0.1#5353 +ipset=/.ns01.us/gfwlist +server=/.ns02.biz/127.0.0.1#5353 +ipset=/.ns02.biz/gfwlist +server=/.ns02.info/127.0.0.1#5353 +ipset=/.ns02.info/gfwlist +server=/.ns02.us/127.0.0.1#5353 +ipset=/.ns02.us/gfwlist +server=/.ns1.name/127.0.0.1#5353 +ipset=/.ns1.name/gfwlist +server=/.ns2.name/127.0.0.1#5353 +ipset=/.ns2.name/gfwlist +server=/.ns3.name/127.0.0.1#5353 +ipset=/.ns3.name/gfwlist +server=/.nsc.gov.tw/127.0.0.1#5353 +ipset=/.nsc.gov.tw/gfwlist +server=/.nstm.gov.tw/127.0.0.1#5353 +ipset=/.nstm.gov.tw/gfwlist +server=/.ntbk.gov.tw/127.0.0.1#5353 +ipset=/.ntbk.gov.tw/gfwlist +server=/.ntbna.gov.tw/127.0.0.1#5353 +ipset=/.ntbna.gov.tw/gfwlist +server=/.ntbt.gov.tw/127.0.0.1#5353 +ipset=/.ntbt.gov.tw/gfwlist +server=/.ntd.tv/127.0.0.1#5353 +ipset=/.ntd.tv/gfwlist +server=/.ntdmh.gov.tw/127.0.0.1#5353 +ipset=/.ntdmh.gov.tw/gfwlist +server=/.ntdtv.ca/127.0.0.1#5353 +ipset=/.ntdtv.ca/gfwlist +server=/.ntdtv.co.kr/127.0.0.1#5353 +ipset=/.ntdtv.co.kr/gfwlist +server=/.ntdtv.com/127.0.0.1#5353 +ipset=/.ntdtv.com/gfwlist +server=/.ntdtv.cz/127.0.0.1#5353 +ipset=/.ntdtv.cz/gfwlist +server=/.ntdtv.org/127.0.0.1#5353 +ipset=/.ntdtv.org/gfwlist +server=/.ntdtv.ru/127.0.0.1#5353 +ipset=/.ntdtv.ru/gfwlist +server=/.ntdtvla.com/127.0.0.1#5353 +ipset=/.ntdtvla.com/gfwlist +server=/.ntl.gov.tw/127.0.0.1#5353 +ipset=/.ntl.gov.tw/gfwlist +server=/.ntrfun.com/127.0.0.1#5353 +ipset=/.ntrfun.com/gfwlist +server=/.ntsec.gov.tw/127.0.0.1#5353 +ipset=/.ntsec.gov.tw/gfwlist +server=/.ntsna.gov.tw/127.0.0.1#5353 +ipset=/.ntsna.gov.tw/gfwlist +server=/.ntuh.gov.tw/127.0.0.1#5353 +ipset=/.ntuh.gov.tw/gfwlist +server=/.nubiles.net/127.0.0.1#5353 +ipset=/.nubiles.net/gfwlist +server=/.nuexpo.com/127.0.0.1#5353 +ipset=/.nuexpo.com/gfwlist +server=/.nukistream.com/127.0.0.1#5353 +ipset=/.nukistream.com/gfwlist +server=/.nurgo-software.com/127.0.0.1#5353 +ipset=/.nurgo-software.com/gfwlist +server=/.nusatrip.com/127.0.0.1#5353 +ipset=/.nusatrip.com/gfwlist +server=/.nutaku.net/127.0.0.1#5353 +ipset=/.nutaku.net/gfwlist +server=/.nuuvem.com/127.0.0.1#5353 +ipset=/.nuuvem.com/gfwlist +server=/.nuvid.com/127.0.0.1#5353 +ipset=/.nuvid.com/gfwlist +server=/.nuzcom.com/127.0.0.1#5353 +ipset=/.nuzcom.com/gfwlist +server=/.nvdst.com/127.0.0.1#5353 +ipset=/.nvdst.com/gfwlist +server=/.nvquan.org/127.0.0.1#5353 +ipset=/.nvquan.org/gfwlist +server=/.nvri.gov.tw/127.0.0.1#5353 +ipset=/.nvri.gov.tw/gfwlist +server=/.nvtongzhisheng.org/127.0.0.1#5353 +ipset=/.nvtongzhisheng.org/gfwlist +server=/.nwtca.org/127.0.0.1#5353 +ipset=/.nwtca.org/gfwlist +server=/.ny.stgloballink.com/127.0.0.1#5353 +ipset=/.ny.stgloballink.com/gfwlist +server=/.ny.visiontimes.com/127.0.0.1#5353 +ipset=/.ny.visiontimes.com/gfwlist +server=/.nyaa.eu/127.0.0.1#5353 +ipset=/.nyaa.eu/gfwlist +server=/.nydus.ca/127.0.0.1#5353 +ipset=/.nydus.ca/gfwlist +server=/.nylon-angel.com/127.0.0.1#5353 +ipset=/.nylon-angel.com/gfwlist +server=/.nylonstockingsonline.com/127.0.0.1#5353 +ipset=/.nylonstockingsonline.com/gfwlist +server=/.nyt.com/127.0.0.1#5353 +ipset=/.nyt.com/gfwlist +server=/.nytchina.com/127.0.0.1#5353 +ipset=/.nytchina.com/gfwlist +server=/.nytcn.me/127.0.0.1#5353 +ipset=/.nytcn.me/gfwlist +server=/.nytco.com/127.0.0.1#5353 +ipset=/.nytco.com/gfwlist +server=/.nytimes.com/127.0.0.1#5353 +ipset=/.nytimes.com/gfwlist +server=/.nytimes.map.fastly.net/127.0.0.1#5353 +ipset=/.nytimes.map.fastly.net/gfwlist +server=/.nytimg.com/127.0.0.1#5353 +ipset=/.nytimg.com/gfwlist +server=/.nytstyle.com/127.0.0.1#5353 +ipset=/.nytstyle.com/gfwlist +server=/.nzchinese.com/127.0.0.1#5353 +ipset=/.nzchinese.com/gfwlist +server=/.nzchinese.net.nz/127.0.0.1#5353 +ipset=/.nzchinese.net.nz/gfwlist +server=/.observechina.net/127.0.0.1#5353 +ipset=/.observechina.net/gfwlist +server=/.obutu.com/127.0.0.1#5353 +ipset=/.obutu.com/gfwlist +server=/.ocaspro.com/127.0.0.1#5353 +ipset=/.ocaspro.com/gfwlist +server=/.occupytiananmen.com/127.0.0.1#5353 +ipset=/.occupytiananmen.com/gfwlist +server=/.oclp.hk/127.0.0.1#5353 +ipset=/.oclp.hk/gfwlist +server=/.ocreampies.com/127.0.0.1#5353 +ipset=/.ocreampies.com/gfwlist +server=/.ocry.com/127.0.0.1#5353 +ipset=/.ocry.com/gfwlist +server=/.october-review.org/127.0.0.1#5353 +ipset=/.october-review.org/gfwlist +server=/.oculus.com/127.0.0.1#5353 +ipset=/.oculus.com/gfwlist +server=/.oculuscdn.com/127.0.0.1#5353 +ipset=/.oculuscdn.com/gfwlist +server=/.oex.com/127.0.0.1#5353 +ipset=/.oex.com/gfwlist +server=/.offbeatchina.com/127.0.0.1#5353 +ipset=/.offbeatchina.com/gfwlist +server=/.officeoftibet.com/127.0.0.1#5353 +ipset=/.officeoftibet.com/gfwlist +server=/.ofile.org/127.0.0.1#5353 +ipset=/.ofile.org/gfwlist +server=/.ogaoga.org/127.0.0.1#5353 +ipset=/.ogaoga.org/gfwlist +server=/.ogate.org/127.0.0.1#5353 +ipset=/.ogate.org/gfwlist +server=/.oiktv.com/127.0.0.1#5353 +ipset=/.oiktv.com/gfwlist +server=/.oizoblog.com/127.0.0.1#5353 +ipset=/.oizoblog.com/gfwlist +server=/.ok.ru/127.0.0.1#5353 +ipset=/.ok.ru/gfwlist +server=/.okayfreedom.com/127.0.0.1#5353 +ipset=/.okayfreedom.com/gfwlist +server=/.okex.com/127.0.0.1#5353 +ipset=/.okex.com/gfwlist +server=/.okk.tw/127.0.0.1#5353 +ipset=/.okk.tw/gfwlist +server=/.old-cat.net/127.0.0.1#5353 +ipset=/.old-cat.net/gfwlist +server=/.old.nabble.com/127.0.0.1#5353 +ipset=/.old.nabble.com/gfwlist +server=/.olumpo.com/127.0.0.1#5353 +ipset=/.olumpo.com/gfwlist +server=/.olympicwatch.org/127.0.0.1#5353 +ipset=/.olympicwatch.org/gfwlist +server=/.omgili.com/127.0.0.1#5353 +ipset=/.omgili.com/gfwlist +server=/.omni7.jp/127.0.0.1#5353 +ipset=/.omni7.jp/gfwlist +server=/.omnitalk.com/127.0.0.1#5353 +ipset=/.omnitalk.com/gfwlist +server=/.omnitalk.org/127.0.0.1#5353 +ipset=/.omnitalk.org/gfwlist +server=/.on.cc/127.0.0.1#5353 +ipset=/.on.cc/gfwlist +server=/.on2.com/127.0.0.1#5353 +ipset=/.on2.com/gfwlist +server=/.onapp.com/127.0.0.1#5353 +ipset=/.onapp.com/gfwlist +server=/.onedrive.live.com/127.0.0.1#5353 +ipset=/.onedrive.live.com/gfwlist +server=/.onedumb.com/127.0.0.1#5353 +ipset=/.onedumb.com/gfwlist +server=/.onejav.com/127.0.0.1#5353 +ipset=/.onejav.com/gfwlist +server=/.onion.city/127.0.0.1#5353 +ipset=/.onion.city/gfwlist +server=/.online.recoveryversion.org/127.0.0.1#5353 +ipset=/.online.recoveryversion.org/gfwlist +server=/.onlinecha.com/127.0.0.1#5353 +ipset=/.onlinecha.com/gfwlist +server=/.onlineyoutube.com/127.0.0.1#5353 +ipset=/.onlineyoutube.com/gfwlist +server=/.onlytweets.com/127.0.0.1#5353 +ipset=/.onlytweets.com/gfwlist +server=/.onmoon.com/127.0.0.1#5353 +ipset=/.onmoon.com/gfwlist +server=/.onmoon.net/127.0.0.1#5353 +ipset=/.onmoon.net/gfwlist +server=/.onmypc.biz/127.0.0.1#5353 +ipset=/.onmypc.biz/gfwlist +server=/.onmypc.info/127.0.0.1#5353 +ipset=/.onmypc.info/gfwlist +server=/.onmypc.net/127.0.0.1#5353 +ipset=/.onmypc.net/gfwlist +server=/.onmypc.org/127.0.0.1#5353 +ipset=/.onmypc.org/gfwlist +server=/.onmypc.us/127.0.0.1#5353 +ipset=/.onmypc.us/gfwlist +server=/.onthehunt.com/127.0.0.1#5353 +ipset=/.onthehunt.com/gfwlist +server=/.ontrac.com/127.0.0.1#5353 +ipset=/.ontrac.com/gfwlist +server=/.oopsforum.com/127.0.0.1#5353 +ipset=/.oopsforum.com/gfwlist +server=/.open.com.hk/127.0.0.1#5353 +ipset=/.open.com.hk/gfwlist +server=/.openallweb.com/127.0.0.1#5353 +ipset=/.openallweb.com/gfwlist +server=/.opendemocracy.net/127.0.0.1#5353 +ipset=/.opendemocracy.net/gfwlist +server=/.opendn.xyz/127.0.0.1#5353 +ipset=/.opendn.xyz/gfwlist +server=/.openervpn.in/127.0.0.1#5353 +ipset=/.openervpn.in/gfwlist +server=/.openid.net/127.0.0.1#5353 +ipset=/.openid.net/gfwlist +server=/.openleaks.org/127.0.0.1#5353 +ipset=/.openleaks.org/gfwlist +server=/.openvpn.net/127.0.0.1#5353 +ipset=/.openvpn.net/gfwlist +server=/.openwebster.com/127.0.0.1#5353 +ipset=/.openwebster.com/gfwlist +server=/.openwrt.org.cn/127.0.0.1#5353 +ipset=/.openwrt.org.cn/gfwlist +server=/.opml.radiotime.com/127.0.0.1#5353 +ipset=/.opml.radiotime.com/gfwlist +server=/.opus-gaming.com/127.0.0.1#5353 +ipset=/.opus-gaming.com/gfwlist +server=/.organcare.org.tw/127.0.0.1#5353 +ipset=/.organcare.org.tw/gfwlist +server=/.organharvestinvestigation.net/127.0.0.1#5353 +ipset=/.organharvestinvestigation.net/gfwlist +server=/.organiccrap.com/127.0.0.1#5353 +ipset=/.organiccrap.com/gfwlist +server=/.orgasm.com/127.0.0.1#5353 +ipset=/.orgasm.com/gfwlist +server=/.orgfree.com/127.0.0.1#5353 +ipset=/.orgfree.com/gfwlist +server=/.orient-doll.com/127.0.0.1#5353 +ipset=/.orient-doll.com/gfwlist +server=/.orientaldaily.com.my/127.0.0.1#5353 +ipset=/.orientaldaily.com.my/gfwlist +server=/.orn.jp/127.0.0.1#5353 +ipset=/.orn.jp/gfwlist +server=/.orzistic.org/127.0.0.1#5353 +ipset=/.orzistic.org/gfwlist +server=/.osfoora.com/127.0.0.1#5353 +ipset=/.osfoora.com/gfwlist +server=/.otnd.org/127.0.0.1#5353 +ipset=/.otnd.org/gfwlist +server=/.otto.de/127.0.0.1#5353 +ipset=/.otto.de/gfwlist +server=/.otzo.com/127.0.0.1#5353 +ipset=/.otzo.com/gfwlist +server=/.ourdearamy.com/127.0.0.1#5353 +ipset=/.ourdearamy.com/gfwlist +server=/.ourhobby.com/127.0.0.1#5353 +ipset=/.ourhobby.com/gfwlist +server=/.oursogo.com/127.0.0.1#5353 +ipset=/.oursogo.com/gfwlist +server=/.oursteps.com.au/127.0.0.1#5353 +ipset=/.oursteps.com.au/gfwlist +server=/.oursweb.net/127.0.0.1#5353 +ipset=/.oursweb.net/gfwlist +server=/.ourtv.hk/127.0.0.1#5353 +ipset=/.ourtv.hk/gfwlist +server=/.overplay.net/127.0.0.1#5353 +ipset=/.overplay.net/gfwlist +server=/.oversea.istarshine.com/127.0.0.1#5353 +ipset=/.oversea.istarshine.com/gfwlist +server=/.ow.ly/127.0.0.1#5353 +ipset=/.ow.ly/gfwlist +server=/.owl.li/127.0.0.1#5353 +ipset=/.owl.li/gfwlist +server=/.oyax.com/127.0.0.1#5353 +ipset=/.oyax.com/gfwlist +server=/.ozvoice.org/127.0.0.1#5353 +ipset=/.ozvoice.org/gfwlist +server=/.ozxw.com/127.0.0.1#5353 +ipset=/.ozxw.com/gfwlist +server=/.ozyoyo.com/127.0.0.1#5353 +ipset=/.ozyoyo.com/gfwlist +server=/.pachosting.com/127.0.0.1#5353 +ipset=/.pachosting.com/gfwlist +server=/.pacificpoker.com/127.0.0.1#5353 +ipset=/.pacificpoker.com/gfwlist +server=/.packetix.net/127.0.0.1#5353 +ipset=/.packetix.net/gfwlist +server=/.pacopacomama.com/127.0.0.1#5353 +ipset=/.pacopacomama.com/gfwlist +server=/.padmanet.com/127.0.0.1#5353 +ipset=/.padmanet.com/gfwlist +server=/.page.bid.yahoo.com/127.0.0.1#5353 +ipset=/.page.bid.yahoo.com/gfwlist +server=/.page2rss.com/127.0.0.1#5353 +ipset=/.page2rss.com/gfwlist +server=/.pagespeed.v2ex.com/127.0.0.1#5353 +ipset=/.pagespeed.v2ex.com/gfwlist +server=/.pagodabox.com/127.0.0.1#5353 +ipset=/.pagodabox.com/gfwlist +server=/.palacemoon.com/127.0.0.1#5353 +ipset=/.palacemoon.com/gfwlist +server=/.paldengyal.com/127.0.0.1#5353 +ipset=/.paldengyal.com/gfwlist +server=/.paljorpublications.com/127.0.0.1#5353 +ipset=/.paljorpublications.com/gfwlist +server=/.paltalk.com/127.0.0.1#5353 +ipset=/.paltalk.com/gfwlist +server=/.panamapapers.sueddeutsche.de/127.0.0.1#5353 +ipset=/.panamapapers.sueddeutsche.de/gfwlist +server=/.pandapow.co/127.0.0.1#5353 +ipset=/.pandapow.co/gfwlist +server=/.pandapow.net/127.0.0.1#5353 +ipset=/.pandapow.net/gfwlist +server=/.pandavpn-jp.com/127.0.0.1#5353 +ipset=/.pandavpn-jp.com/gfwlist +server=/.pandora.com/127.0.0.1#5353 +ipset=/.pandora.com/gfwlist +server=/.pandora.tv/127.0.0.1#5353 +ipset=/.pandora.tv/gfwlist +server=/.panluan.net/127.0.0.1#5353 +ipset=/.panluan.net/gfwlist +server=/.panoramio.com/127.0.0.1#5353 +ipset=/.panoramio.com/gfwlist +server=/.pao-pao.net/127.0.0.1#5353 +ipset=/.pao-pao.net/gfwlist +server=/.paper.li/127.0.0.1#5353 +ipset=/.paper.li/gfwlist +server=/.paperb.us/127.0.0.1#5353 +ipset=/.paperb.us/gfwlist +server=/.paradisehill.cc/127.0.0.1#5353 +ipset=/.paradisehill.cc/gfwlist +server=/.paradisepoker.com/127.0.0.1#5353 +ipset=/.paradisepoker.com/gfwlist +server=/.parkansky.com/127.0.0.1#5353 +ipset=/.parkansky.com/gfwlist +server=/.partycasino.com/127.0.0.1#5353 +ipset=/.partycasino.com/gfwlist +server=/.partypoker.com/127.0.0.1#5353 +ipset=/.partypoker.com/gfwlist +server=/.passion.com/127.0.0.1#5353 +ipset=/.passion.com/gfwlist +server=/.passiontimes.hk/127.0.0.1#5353 +ipset=/.passiontimes.hk/gfwlist +server=/.paste.ee/127.0.0.1#5353 +ipset=/.paste.ee/gfwlist +server=/.pastebin.com/127.0.0.1#5353 +ipset=/.pastebin.com/gfwlist +server=/.pastie.org/127.0.0.1#5353 +ipset=/.pastie.org/gfwlist +server=/.pbwiki.com/127.0.0.1#5353 +ipset=/.pbwiki.com/gfwlist +server=/.pbworks.com/127.0.0.1#5353 +ipset=/.pbworks.com/gfwlist +server=/.pbxes.com/127.0.0.1#5353 +ipset=/.pbxes.com/gfwlist +server=/.pbxes.org/127.0.0.1#5353 +ipset=/.pbxes.org/gfwlist +server=/.pcanywhere.net/127.0.0.1#5353 +ipset=/.pcanywhere.net/gfwlist +server=/.pcc.gov.tw/127.0.0.1#5353 +ipset=/.pcc.gov.tw/gfwlist +server=/.pcdvd.com.tw/127.0.0.1#5353 +ipset=/.pcdvd.com.tw/gfwlist +server=/.pchome.com.tw/127.0.0.1#5353 +ipset=/.pchome.com.tw/gfwlist +server=/.pcij.org/127.0.0.1#5353 +ipset=/.pcij.org/gfwlist +server=/.pcstore.com.tw/127.0.0.1#5353 +ipset=/.pcstore.com.tw/gfwlist +server=/.pct.org.tw/127.0.0.1#5353 +ipset=/.pct.org.tw/gfwlist +server=/.pdetails.com/127.0.0.1#5353 +ipset=/.pdetails.com/gfwlist +server=/.pdproxy.com/127.0.0.1#5353 +ipset=/.pdproxy.com/gfwlist +server=/.pds.nasa.gov/127.0.0.1#5353 +ipset=/.pds.nasa.gov/gfwlist +server=/.peace.ca/127.0.0.1#5353 +ipset=/.peace.ca/gfwlist +server=/.peacefire.org/127.0.0.1#5353 +ipset=/.peacefire.org/gfwlist +server=/.peacehall.com/127.0.0.1#5353 +ipset=/.peacehall.com/gfwlist +server=/.pearlher.org/127.0.0.1#5353 +ipset=/.pearlher.org/gfwlist +server=/.peeasian.com/127.0.0.1#5353 +ipset=/.peeasian.com/gfwlist +server=/.pekingduck.org/127.0.0.1#5353 +ipset=/.pekingduck.org/gfwlist +server=/.pemulihan.or.id/127.0.0.1#5353 +ipset=/.pemulihan.or.id/gfwlist +server=/.pen.io/127.0.0.1#5353 +ipset=/.pen.io/gfwlist +server=/.penchinese.com/127.0.0.1#5353 +ipset=/.penchinese.com/gfwlist +server=/.penchinese.net/127.0.0.1#5353 +ipset=/.penchinese.net/gfwlist +server=/.penghu-nsa.gov.tw/127.0.0.1#5353 +ipset=/.penghu-nsa.gov.tw/gfwlist +server=/.pengyulong.com/127.0.0.1#5353 +ipset=/.pengyulong.com/gfwlist +server=/.penisbot.com/127.0.0.1#5353 +ipset=/.penisbot.com/gfwlist +server=/.penthouse.com/127.0.0.1#5353 +ipset=/.penthouse.com/gfwlist +server=/.peoplebookcafe.com/127.0.0.1#5353 +ipset=/.peoplebookcafe.com/gfwlist +server=/.peoplenews.tw/127.0.0.1#5353 +ipset=/.peoplenews.tw/gfwlist +server=/.peopo.org/127.0.0.1#5353 +ipset=/.peopo.org/gfwlist +server=/.percy.in/127.0.0.1#5353 +ipset=/.percy.in/gfwlist +server=/.perfectgirls.net/127.0.0.1#5353 +ipset=/.perfectgirls.net/gfwlist +server=/.perfectvpn.net/127.0.0.1#5353 +ipset=/.perfectvpn.net/gfwlist +server=/.periscope.tv/127.0.0.1#5353 +ipset=/.periscope.tv/gfwlist +server=/.persecutionblog.com/127.0.0.1#5353 +ipset=/.persecutionblog.com/gfwlist +server=/.persiankitty.com/127.0.0.1#5353 +ipset=/.persiankitty.com/gfwlist +server=/.pfd.org.hk/127.0.0.1#5353 +ipset=/.pfd.org.hk/gfwlist +server=/.phapluan.org/127.0.0.1#5353 +ipset=/.phapluan.org/gfwlist +server=/.phayul.com/127.0.0.1#5353 +ipset=/.phayul.com/gfwlist +server=/.philborges.com/127.0.0.1#5353 +ipset=/.philborges.com/gfwlist +server=/.philly.com/127.0.0.1#5353 +ipset=/.philly.com/gfwlist +server=/.phmsociety.org/127.0.0.1#5353 +ipset=/.phmsociety.org/gfwlist +server=/.phncdn.com/127.0.0.1#5353 +ipset=/.phncdn.com/gfwlist +server=/.phosphation13.rssing.com/127.0.0.1#5353 +ipset=/.phosphation13.rssing.com/gfwlist +server=/.photodharma.net/127.0.0.1#5353 +ipset=/.photodharma.net/gfwlist +server=/.photofocus.com/127.0.0.1#5353 +ipset=/.photofocus.com/gfwlist +server=/.phuquocservices.com/127.0.0.1#5353 +ipset=/.phuquocservices.com/gfwlist +server=/.picacomic.com/127.0.0.1#5353 +ipset=/.picacomic.com/gfwlist +server=/.picacomiccn.com/127.0.0.1#5353 +ipset=/.picacomiccn.com/gfwlist +server=/.picasaweb.com/127.0.0.1#5353 +ipset=/.picasaweb.com/gfwlist +server=/.picidae.net/127.0.0.1#5353 +ipset=/.picidae.net/gfwlist +server=/.pictures.playboy.com/127.0.0.1#5353 +ipset=/.pictures.playboy.com/gfwlist +server=/.picturesocial.com/127.0.0.1#5353 +ipset=/.picturesocial.com/gfwlist +server=/.pin-cong.com/127.0.0.1#5353 +ipset=/.pin-cong.com/gfwlist +server=/.pin6.com/127.0.0.1#5353 +ipset=/.pin6.com/gfwlist +server=/.ping.fm/127.0.0.1#5353 +ipset=/.ping.fm/gfwlist +server=/.pinimg.com/127.0.0.1#5353 +ipset=/.pinimg.com/gfwlist +server=/.pinkrod.com/127.0.0.1#5353 +ipset=/.pinkrod.com/gfwlist +server=/.pinoy-n.com/127.0.0.1#5353 +ipset=/.pinoy-n.com/gfwlist +server=/.pinterest.at/127.0.0.1#5353 +ipset=/.pinterest.at/gfwlist +server=/.pinterest.co.kr/127.0.0.1#5353 +ipset=/.pinterest.co.kr/gfwlist +server=/.pinterest.co.uk/127.0.0.1#5353 +ipset=/.pinterest.co.uk/gfwlist +server=/.pinterest.com/127.0.0.1#5353 +ipset=/.pinterest.com/gfwlist +server=/.pinterest.de/127.0.0.1#5353 +ipset=/.pinterest.de/gfwlist +server=/.pinterest.dk/127.0.0.1#5353 +ipset=/.pinterest.dk/gfwlist +server=/.pinterest.fr/127.0.0.1#5353 +ipset=/.pinterest.fr/gfwlist +server=/.pinterest.jp/127.0.0.1#5353 +ipset=/.pinterest.jp/gfwlist +server=/.pinterest.nl/127.0.0.1#5353 +ipset=/.pinterest.nl/gfwlist +server=/.pinterest.se/127.0.0.1#5353 +ipset=/.pinterest.se/gfwlist +server=/.pioneer-worker.forums-free.com/127.0.0.1#5353 +ipset=/.pioneer-worker.forums-free.com/gfwlist +server=/.pipii.tv/127.0.0.1#5353 +ipset=/.pipii.tv/gfwlist +server=/.piposay.com/127.0.0.1#5353 +ipset=/.piposay.com/gfwlist +server=/.piraattilahti.org/127.0.0.1#5353 +ipset=/.piraattilahti.org/gfwlist +server=/.piring.com/127.0.0.1#5353 +ipset=/.piring.com/gfwlist +server=/.pixelqi.com/127.0.0.1#5353 +ipset=/.pixelqi.com/gfwlist +server=/.pixiv.net/127.0.0.1#5353 +ipset=/.pixiv.net/gfwlist +server=/.pixnet.net/127.0.0.1#5353 +ipset=/.pixnet.net/gfwlist +server=/.pk.com/127.0.0.1#5353 +ipset=/.pk.com/gfwlist +server=/.placemix.com/127.0.0.1#5353 +ipset=/.placemix.com/gfwlist +server=/.playboy.com/127.0.0.1#5353 +ipset=/.playboy.com/gfwlist +server=/.playboyplus.com/127.0.0.1#5353 +ipset=/.playboyplus.com/gfwlist +server=/.player.fm/127.0.0.1#5353 +ipset=/.player.fm/gfwlist +server=/.playno1.com/127.0.0.1#5353 +ipset=/.playno1.com/gfwlist +server=/.playpcesor.com/127.0.0.1#5353 +ipset=/.playpcesor.com/gfwlist +server=/.plays.com.tw/127.0.0.1#5353 +ipset=/.plays.com.tw/gfwlist +server=/.plm.org.hk/127.0.0.1#5353 +ipset=/.plm.org.hk/gfwlist +server=/.plunder.com/127.0.0.1#5353 +ipset=/.plunder.com/gfwlist +server=/.plurk.com/127.0.0.1#5353 +ipset=/.plurk.com/gfwlist +server=/.plus28.com/127.0.0.1#5353 +ipset=/.plus28.com/gfwlist +server=/.plusbb.com/127.0.0.1#5353 +ipset=/.plusbb.com/gfwlist +server=/.pmatehunter.com/127.0.0.1#5353 +ipset=/.pmatehunter.com/gfwlist +server=/.pmates.com/127.0.0.1#5353 +ipset=/.pmates.com/gfwlist +server=/.po2b.com/127.0.0.1#5353 +ipset=/.po2b.com/gfwlist +server=/.pobieramy.top/127.0.0.1#5353 +ipset=/.pobieramy.top/gfwlist +server=/.podictionary.com/127.0.0.1#5353 +ipset=/.podictionary.com/gfwlist +server=/.pokerstars.com/127.0.0.1#5353 +ipset=/.pokerstars.com/gfwlist +server=/.pokerstars.net/127.0.0.1#5353 +ipset=/.pokerstars.net/gfwlist +server=/.politicalchina.org/127.0.0.1#5353 +ipset=/.politicalchina.org/gfwlist +server=/.politicalconsultation.org/127.0.0.1#5353 +ipset=/.politicalconsultation.org/gfwlist +server=/.politiscales.net/127.0.0.1#5353 +ipset=/.politiscales.net/gfwlist +server=/.poloniex.com/127.0.0.1#5353 +ipset=/.poloniex.com/gfwlist +server=/.polymer-project.org/127.0.0.1#5353 +ipset=/.polymer-project.org/gfwlist +server=/.polymerhk.com/127.0.0.1#5353 +ipset=/.polymerhk.com/gfwlist +server=/.popo.tw/127.0.0.1#5353 +ipset=/.popo.tw/gfwlist +server=/.popvote.hk/127.0.0.1#5353 +ipset=/.popvote.hk/gfwlist +server=/.popyard.com/127.0.0.1#5353 +ipset=/.popyard.com/gfwlist +server=/.popyard.org/127.0.0.1#5353 +ipset=/.popyard.org/gfwlist +server=/.porn.com/127.0.0.1#5353 +ipset=/.porn.com/gfwlist +server=/.porn2.com/127.0.0.1#5353 +ipset=/.porn2.com/gfwlist +server=/.porn5.com/127.0.0.1#5353 +ipset=/.porn5.com/gfwlist +server=/.pornbase.org/127.0.0.1#5353 +ipset=/.pornbase.org/gfwlist +server=/.pornerbros.com/127.0.0.1#5353 +ipset=/.pornerbros.com/gfwlist +server=/.pornhd.com/127.0.0.1#5353 +ipset=/.pornhd.com/gfwlist +server=/.pornhost.com/127.0.0.1#5353 +ipset=/.pornhost.com/gfwlist +server=/.pornhub.com/127.0.0.1#5353 +ipset=/.pornhub.com/gfwlist +server=/.pornhubdeutsch.net/127.0.0.1#5353 +ipset=/.pornhubdeutsch.net/gfwlist +server=/.pornmm.net/127.0.0.1#5353 +ipset=/.pornmm.net/gfwlist +server=/.pornoxo.com/127.0.0.1#5353 +ipset=/.pornoxo.com/gfwlist +server=/.pornrapidshare.com/127.0.0.1#5353 +ipset=/.pornrapidshare.com/gfwlist +server=/.pornsharing.com/127.0.0.1#5353 +ipset=/.pornsharing.com/gfwlist +server=/.pornsocket.com/127.0.0.1#5353 +ipset=/.pornsocket.com/gfwlist +server=/.pornstarclub.com/127.0.0.1#5353 +ipset=/.pornstarclub.com/gfwlist +server=/.porntube.com/127.0.0.1#5353 +ipset=/.porntube.com/gfwlist +server=/.porntubenews.com/127.0.0.1#5353 +ipset=/.porntubenews.com/gfwlist +server=/.porntvblog.com/127.0.0.1#5353 +ipset=/.porntvblog.com/gfwlist +server=/.pornvisit.com/127.0.0.1#5353 +ipset=/.pornvisit.com/gfwlist +server=/.port25.biz/127.0.0.1#5353 +ipset=/.port25.biz/gfwlist +server=/.portablevpn.nl/127.0.0.1#5353 +ipset=/.portablevpn.nl/gfwlist +server=/.poskotanews.com/127.0.0.1#5353 +ipset=/.poskotanews.com/gfwlist +server=/.post.gov.tw/127.0.0.1#5353 +ipset=/.post.gov.tw/gfwlist +server=/.post01.com/127.0.0.1#5353 +ipset=/.post01.com/gfwlist +server=/.post76.com/127.0.0.1#5353 +ipset=/.post76.com/gfwlist +server=/.post852.com/127.0.0.1#5353 +ipset=/.post852.com/gfwlist +server=/.postadult.com/127.0.0.1#5353 +ipset=/.postadult.com/gfwlist +server=/.postimg.org/127.0.0.1#5353 +ipset=/.postimg.org/gfwlist +server=/.potvpn.com/127.0.0.1#5353 +ipset=/.potvpn.com/gfwlist +server=/.power.com/127.0.0.1#5353 +ipset=/.power.com/gfwlist +server=/.powercx.com/127.0.0.1#5353 +ipset=/.powercx.com/gfwlist +server=/.powerphoto.org/127.0.0.1#5353 +ipset=/.powerphoto.org/gfwlist +server=/.prayforchina.net/127.0.0.1#5353 +ipset=/.prayforchina.net/gfwlist +server=/.premeforwindows7.com/127.0.0.1#5353 +ipset=/.premeforwindows7.com/gfwlist +server=/.presentationzen.com/127.0.0.1#5353 +ipset=/.presentationzen.com/gfwlist +server=/.presidentlee.tw/127.0.0.1#5353 +ipset=/.presidentlee.tw/gfwlist +server=/.prestige-av.com/127.0.0.1#5353 +ipset=/.prestige-av.com/gfwlist +server=/.prisoneralert.com/127.0.0.1#5353 +ipset=/.prisoneralert.com/gfwlist +server=/.pritunl.com/127.0.0.1#5353 +ipset=/.pritunl.com/gfwlist +server=/.privacybox.de/127.0.0.1#5353 +ipset=/.privacybox.de/gfwlist +server=/.privateinternetaccess.com/127.0.0.1#5353 +ipset=/.privateinternetaccess.com/gfwlist +server=/.privatepaste.com/127.0.0.1#5353 +ipset=/.privatepaste.com/gfwlist +server=/.privatetunnel.com/127.0.0.1#5353 +ipset=/.privatetunnel.com/gfwlist +server=/.privatevpn.com/127.0.0.1#5353 +ipset=/.privatevpn.com/gfwlist +server=/.procopytips.com/127.0.0.1#5353 +ipset=/.procopytips.com/gfwlist +server=/.prosiben.de/127.0.0.1#5353 +ipset=/.prosiben.de/gfwlist +server=/.protonvpn.com/127.0.0.1#5353 +ipset=/.protonvpn.com/gfwlist +server=/.provideocoalition.com/127.0.0.1#5353 +ipset=/.provideocoalition.com/gfwlist +server=/.provpnaccounts.com/127.0.0.1#5353 +ipset=/.provpnaccounts.com/gfwlist +server=/.proxfree.com/127.0.0.1#5353 +ipset=/.proxfree.com/gfwlist +server=/.proxifier.com/127.0.0.1#5353 +ipset=/.proxifier.com/gfwlist +server=/.proxomitron.info/127.0.0.1#5353 +ipset=/.proxomitron.info/gfwlist +server=/.proxpn.com/127.0.0.1#5353 +ipset=/.proxpn.com/gfwlist +server=/.proxyanonimo.es/127.0.0.1#5353 +ipset=/.proxyanonimo.es/gfwlist +server=/.proxydns.com/127.0.0.1#5353 +ipset=/.proxydns.com/gfwlist +server=/.proxylist.org.uk/127.0.0.1#5353 +ipset=/.proxylist.org.uk/gfwlist +server=/.proxynetwork.org.uk/127.0.0.1#5353 +ipset=/.proxynetwork.org.uk/gfwlist +server=/.proxypy.net/127.0.0.1#5353 +ipset=/.proxypy.net/gfwlist +server=/.proxyroad.com/127.0.0.1#5353 +ipset=/.proxyroad.com/gfwlist +server=/.proxytunnel.net/127.0.0.1#5353 +ipset=/.proxytunnel.net/gfwlist +server=/.proyectoclubes.com/127.0.0.1#5353 +ipset=/.proyectoclubes.com/gfwlist +server=/.prozz.net/127.0.0.1#5353 +ipset=/.prozz.net/gfwlist +server=/.psblog.name/127.0.0.1#5353 +ipset=/.psblog.name/gfwlist +server=/.pscp.tv/127.0.0.1#5353 +ipset=/.pscp.tv/gfwlist +server=/.psiphon.ca/127.0.0.1#5353 +ipset=/.psiphon.ca/gfwlist +server=/.psiphon.civisec.org/127.0.0.1#5353 +ipset=/.psiphon.civisec.org/gfwlist +server=/.psiphon3.com/127.0.0.1#5353 +ipset=/.psiphon3.com/gfwlist +server=/.psiphontoday.com/127.0.0.1#5353 +ipset=/.psiphontoday.com/gfwlist +server=/.pts.org.tw/127.0.0.1#5353 +ipset=/.pts.org.tw/gfwlist +server=/.ptt.cc/127.0.0.1#5353 +ipset=/.ptt.cc/gfwlist +server=/.pttvan.org/127.0.0.1#5353 +ipset=/.pttvan.org/gfwlist +server=/.pubu.com.tw/127.0.0.1#5353 +ipset=/.pubu.com.tw/gfwlist +server=/.puffinbrowser.com/127.0.0.1#5353 +ipset=/.puffinbrowser.com/gfwlist +server=/.puffstore.com/127.0.0.1#5353 +ipset=/.puffstore.com/gfwlist +server=/.pullfolio.com/127.0.0.1#5353 +ipset=/.pullfolio.com/gfwlist +server=/.pulse.yahoo.com/127.0.0.1#5353 +ipset=/.pulse.yahoo.com/gfwlist +server=/.pure18.com/127.0.0.1#5353 +ipset=/.pure18.com/gfwlist +server=/.pureconcepts.net/127.0.0.1#5353 +ipset=/.pureconcepts.net/gfwlist +server=/.pureinsight.org/127.0.0.1#5353 +ipset=/.pureinsight.org/gfwlist +server=/.purepdf.com/127.0.0.1#5353 +ipset=/.purepdf.com/gfwlist +server=/.purevpn.com/127.0.0.1#5353 +ipset=/.purevpn.com/gfwlist +server=/.purplelotus.org/127.0.0.1#5353 +ipset=/.purplelotus.org/gfwlist +server=/.pursuestar.com/127.0.0.1#5353 +ipset=/.pursuestar.com/gfwlist +server=/.pushchinawall.com/127.0.0.1#5353 +ipset=/.pushchinawall.com/gfwlist +server=/.pussyspace.com/127.0.0.1#5353 +ipset=/.pussyspace.com/gfwlist +server=/.putihome.org/127.0.0.1#5353 +ipset=/.putihome.org/gfwlist +server=/.putty.org/127.0.0.1#5353 +ipset=/.putty.org/gfwlist +server=/.puuko.com/127.0.0.1#5353 +ipset=/.puuko.com/gfwlist +server=/.pwned.com/127.0.0.1#5353 +ipset=/.pwned.com/gfwlist +server=/.python.com/127.0.0.1#5353 +ipset=/.python.com/gfwlist +server=/.pytorch.org/127.0.0.1#5353 +ipset=/.pytorch.org/gfwlist +server=/.qanote.com/127.0.0.1#5353 +ipset=/.qanote.com/gfwlist +server=/.qgirl.com.tw/127.0.0.1#5353 +ipset=/.qgirl.com.tw/gfwlist +server=/.qhigh.com/127.0.0.1#5353 +ipset=/.qhigh.com/gfwlist +server=/.qi-gong.me/127.0.0.1#5353 +ipset=/.qi-gong.me/gfwlist +server=/.qiandao.today/127.0.0.1#5353 +ipset=/.qiandao.today/gfwlist +server=/.qiangyou.org/127.0.0.1#5353 +ipset=/.qiangyou.org/gfwlist +server=/.qidian.ca/127.0.0.1#5353 +ipset=/.qidian.ca/gfwlist +server=/.qienkuen.org/127.0.0.1#5353 +ipset=/.qienkuen.org/gfwlist +server=/.qiwen.lu/127.0.0.1#5353 +ipset=/.qiwen.lu/gfwlist +server=/.qixianglu.cn/127.0.0.1#5353 +ipset=/.qixianglu.cn/gfwlist +server=/.qkshare.com/127.0.0.1#5353 +ipset=/.qkshare.com/gfwlist +server=/.qoos.com/127.0.0.1#5353 +ipset=/.qoos.com/gfwlist +server=/.qpoe.com/127.0.0.1#5353 +ipset=/.qpoe.com/gfwlist +server=/.qq.co.za/127.0.0.1#5353 +ipset=/.qq.co.za/gfwlist +server=/.qstatus.com/127.0.0.1#5353 +ipset=/.qstatus.com/gfwlist +server=/.qtrac.eu/127.0.0.1#5353 +ipset=/.qtrac.eu/gfwlist +server=/.qtweeter.com/127.0.0.1#5353 +ipset=/.qtweeter.com/gfwlist +server=/.quannengshen.org/127.0.0.1#5353 +ipset=/.quannengshen.org/gfwlist +server=/.quantumbooter.net/127.0.0.1#5353 +ipset=/.quantumbooter.net/gfwlist +server=/.questvisual.com/127.0.0.1#5353 +ipset=/.questvisual.com/gfwlist +server=/.quitccp.net/127.0.0.1#5353 +ipset=/.quitccp.net/gfwlist +server=/.quitccp.org/127.0.0.1#5353 +ipset=/.quitccp.org/gfwlist +server=/.quora.com/127.0.0.1#5353 +ipset=/.quora.com/gfwlist +server=/.quran.com/127.0.0.1#5353 +ipset=/.quran.com/gfwlist +server=/.quranexplorer.com/127.0.0.1#5353 +ipset=/.quranexplorer.com/gfwlist +server=/.qusi8.net/127.0.0.1#5353 +ipset=/.qusi8.net/gfwlist +server=/.qvodzy.org/127.0.0.1#5353 +ipset=/.qvodzy.org/gfwlist +server=/.qxbbs.org/127.0.0.1#5353 +ipset=/.qxbbs.org/gfwlist +server=/.r18.com/127.0.0.1#5353 +ipset=/.r18.com/gfwlist +server=/.ra.gg/127.0.0.1#5353 +ipset=/.ra.gg/gfwlist +server=/.radicalparty.org/127.0.0.1#5353 +ipset=/.radicalparty.org/gfwlist +server=/.radiko.jp/127.0.0.1#5353 +ipset=/.radiko.jp/gfwlist +server=/.radioaustralia.net.au/127.0.0.1#5353 +ipset=/.radioaustralia.net.au/gfwlist +server=/.radiohilight.net/127.0.0.1#5353 +ipset=/.radiohilight.net/gfwlist +server=/.radiovaticana.org/127.0.0.1#5353 +ipset=/.radiovaticana.org/gfwlist +server=/.radiovncr.com/127.0.0.1#5353 +ipset=/.radiovncr.com/gfwlist +server=/.rael.org/127.0.0.1#5353 +ipset=/.rael.org/gfwlist +server=/.raggedbanner.com/127.0.0.1#5353 +ipset=/.raggedbanner.com/gfwlist +server=/.raidcall.com.tw/127.0.0.1#5353 +ipset=/.raidcall.com.tw/gfwlist +server=/.raidtalk.com.tw/127.0.0.1#5353 +ipset=/.raidtalk.com.tw/gfwlist +server=/.raizoji.or.jp/127.0.0.1#5353 +ipset=/.raizoji.or.jp/gfwlist +server=/.ramcity.com.au/127.0.0.1#5353 +ipset=/.ramcity.com.au/gfwlist +server=/.rangwang.biz/127.0.0.1#5353 +ipset=/.rangwang.biz/gfwlist +server=/.rangzen.com/127.0.0.1#5353 +ipset=/.rangzen.com/gfwlist +server=/.rangzen.net/127.0.0.1#5353 +ipset=/.rangzen.net/gfwlist +server=/.rangzen.org/127.0.0.1#5353 +ipset=/.rangzen.org/gfwlist +server=/.ranyunfei.com/127.0.0.1#5353 +ipset=/.ranyunfei.com/gfwlist +server=/.rapbull.net/127.0.0.1#5353 +ipset=/.rapbull.net/gfwlist +server=/.rapidmoviez.com/127.0.0.1#5353 +ipset=/.rapidmoviez.com/gfwlist +server=/.rapidvpn.com/127.0.0.1#5353 +ipset=/.rapidvpn.com/gfwlist +server=/.raremovie.cc/127.0.0.1#5353 +ipset=/.raremovie.cc/gfwlist +server=/.raremovie.net/127.0.0.1#5353 +ipset=/.raremovie.net/gfwlist +server=/.rawgit.com/127.0.0.1#5353 +ipset=/.rawgit.com/gfwlist +server=/.rawgithub.com/127.0.0.1#5353 +ipset=/.rawgithub.com/gfwlist +server=/.razyboard.com/127.0.0.1#5353 +ipset=/.razyboard.com/gfwlist +server=/.rcam.target.com/127.0.0.1#5353 +ipset=/.rcam.target.com/gfwlist +server=/.rcinet.ca/127.0.0.1#5353 +ipset=/.rcinet.ca/gfwlist +server=/.rconversation.blogs.com/127.0.0.1#5353 +ipset=/.rconversation.blogs.com/gfwlist +server=/.rd.com/127.0.0.1#5353 +ipset=/.rd.com/gfwlist +server=/.rdio.com/127.0.0.1#5353 +ipset=/.rdio.com/gfwlist +server=/.read01.com/127.0.0.1#5353 +ipset=/.read01.com/gfwlist +server=/.read100.com/127.0.0.1#5353 +ipset=/.read100.com/gfwlist +server=/.readingtimes.com.tw/127.0.0.1#5353 +ipset=/.readingtimes.com.tw/gfwlist +server=/.readmoo.com/127.0.0.1#5353 +ipset=/.readmoo.com/gfwlist +server=/.readydown.com/127.0.0.1#5353 +ipset=/.readydown.com/gfwlist +server=/.realcourage.org/127.0.0.1#5353 +ipset=/.realcourage.org/gfwlist +server=/.realforum.zkiz.com/127.0.0.1#5353 +ipset=/.realforum.zkiz.com/gfwlist +server=/.realitykings.com/127.0.0.1#5353 +ipset=/.realitykings.com/gfwlist +server=/.realraptalk.com/127.0.0.1#5353 +ipset=/.realraptalk.com/gfwlist +server=/.realsexpass.com/127.0.0.1#5353 +ipset=/.realsexpass.com/gfwlist +server=/.rebatesrule.net/127.0.0.1#5353 +ipset=/.rebatesrule.net/gfwlist +server=/.recordhistory.org/127.0.0.1#5353 +ipset=/.recordhistory.org/gfwlist +server=/.recovery.org.tw/127.0.0.1#5353 +ipset=/.recovery.org.tw/gfwlist +server=/.recoveryversion.com.tw/127.0.0.1#5353 +ipset=/.recoveryversion.com.tw/gfwlist +server=/.red-lang.org/127.0.0.1#5353 +ipset=/.red-lang.org/gfwlist +server=/.redballoonsolidarity.org/127.0.0.1#5353 +ipset=/.redballoonsolidarity.org/gfwlist +server=/.redchinacn.net/127.0.0.1#5353 +ipset=/.redchinacn.net/gfwlist +server=/.redchinacn.org/127.0.0.1#5353 +ipset=/.redchinacn.org/gfwlist +server=/.redd.it/127.0.0.1#5353 +ipset=/.redd.it/gfwlist +server=/.reddit.com/127.0.0.1#5353 +ipset=/.reddit.com/gfwlist +server=/.redditmedia.com/127.0.0.1#5353 +ipset=/.redditmedia.com/gfwlist +server=/.redditstatic.com/127.0.0.1#5353 +ipset=/.redditstatic.com/gfwlist +server=/.redhotlabs.com/127.0.0.1#5353 +ipset=/.redhotlabs.com/gfwlist +server=/.redirector.gvt1.com/127.0.0.1#5353 +ipset=/.redirector.gvt1.com/gfwlist +server=/.redtube.com/127.0.0.1#5353 +ipset=/.redtube.com/gfwlist +server=/.referer.us/127.0.0.1#5353 +ipset=/.referer.us/gfwlist +server=/.reflectivecode.com/127.0.0.1#5353 +ipset=/.reflectivecode.com/gfwlist +server=/.registry.google/127.0.0.1#5353 +ipset=/.registry.google/gfwlist +server=/.relaxbbs.com/127.0.0.1#5353 +ipset=/.relaxbbs.com/gfwlist +server=/.relay.com.tw/127.0.0.1#5353 +ipset=/.relay.com.tw/gfwlist +server=/.releaseinternational.org/127.0.0.1#5353 +ipset=/.releaseinternational.org/gfwlist +server=/.religioustolerance.org/127.0.0.1#5353 +ipset=/.religioustolerance.org/gfwlist +server=/.renminbao.com/127.0.0.1#5353 +ipset=/.renminbao.com/gfwlist +server=/.renyurenquan.org/127.0.0.1#5353 +ipset=/.renyurenquan.org/gfwlist +server=/.resilio.com/127.0.0.1#5353 +ipset=/.resilio.com/gfwlist +server=/.retweeteffect.com/127.0.0.1#5353 +ipset=/.retweeteffect.com/gfwlist +server=/.retweetist.com/127.0.0.1#5353 +ipset=/.retweetist.com/gfwlist +server=/.retweetrank.com/127.0.0.1#5353 +ipset=/.retweetrank.com/gfwlist +server=/.reuters.com/127.0.0.1#5353 +ipset=/.reuters.com/gfwlist +server=/.reutersmedia.net/127.0.0.1#5353 +ipset=/.reutersmedia.net/gfwlist +server=/.revleft.com/127.0.0.1#5353 +ipset=/.revleft.com/gfwlist +server=/.revver.com/127.0.0.1#5353 +ipset=/.revver.com/gfwlist +server=/.rfa.org/127.0.0.1#5353 +ipset=/.rfa.org/gfwlist +server=/.rfachina.com/127.0.0.1#5353 +ipset=/.rfachina.com/gfwlist +server=/.rfalive1.akacast.akamaistream.net/127.0.0.1#5353 +ipset=/.rfalive1.akacast.akamaistream.net/gfwlist +server=/.rfamobile.org/127.0.0.1#5353 +ipset=/.rfamobile.org/gfwlist +server=/.rfaweb.org/127.0.0.1#5353 +ipset=/.rfaweb.org/gfwlist +server=/.rferl.org/127.0.0.1#5353 +ipset=/.rferl.org/gfwlist +server=/.rfi.fr/127.0.0.1#5353 +ipset=/.rfi.fr/gfwlist +server=/.rightbtc.com/127.0.0.1#5353 +ipset=/.rightbtc.com/gfwlist +server=/.rigpa.org/127.0.0.1#5353 +ipset=/.rigpa.org/gfwlist +server=/.rileyguide.com/127.0.0.1#5353 +ipset=/.rileyguide.com/gfwlist +server=/.riseup.net/127.0.0.1#5353 +ipset=/.riseup.net/gfwlist +server=/.ritouki.jp/127.0.0.1#5353 +ipset=/.ritouki.jp/gfwlist +server=/.ritter.vg/127.0.0.1#5353 +ipset=/.ritter.vg/gfwlist +server=/.rlwlw.com/127.0.0.1#5353 +ipset=/.rlwlw.com/gfwlist +server=/.rmjdw.com/127.0.0.1#5353 +ipset=/.rmjdw.com/gfwlist +server=/.rmjdw132.info/127.0.0.1#5353 +ipset=/.rmjdw132.info/gfwlist +server=/.roadshow.hk/127.0.0.1#5353 +ipset=/.roadshow.hk/gfwlist +server=/.roboforex.com/127.0.0.1#5353 +ipset=/.roboforex.com/gfwlist +server=/.robustnessiskey.com/127.0.0.1#5353 +ipset=/.robustnessiskey.com/gfwlist +server=/.rocket-inc.net/127.0.0.1#5353 +ipset=/.rocket-inc.net/gfwlist +server=/.rocksdb.org/127.0.0.1#5353 +ipset=/.rocksdb.org/gfwlist +server=/.rojo.com/127.0.0.1#5353 +ipset=/.rojo.com/gfwlist +server=/.rolia.net/127.0.0.1#5353 +ipset=/.rolia.net/gfwlist +server=/.ronjoneswriter.com/127.0.0.1#5353 +ipset=/.ronjoneswriter.com/gfwlist +server=/.roodo.com/127.0.0.1#5353 +ipset=/.roodo.com/gfwlist +server=/.rosechina.net/127.0.0.1#5353 +ipset=/.rosechina.net/gfwlist +server=/.rotten.com/127.0.0.1#5353 +ipset=/.rotten.com/gfwlist +server=/.rsdlmonitor.com/127.0.0.1#5353 +ipset=/.rsdlmonitor.com/gfwlist +server=/.rsf-chinese.org/127.0.0.1#5353 +ipset=/.rsf-chinese.org/gfwlist +server=/.rsf.org/127.0.0.1#5353 +ipset=/.rsf.org/gfwlist +server=/.rsgamen.org/127.0.0.1#5353 +ipset=/.rsgamen.org/gfwlist +server=/.rssmeme.com/127.0.0.1#5353 +ipset=/.rssmeme.com/gfwlist +server=/.rtalabel.org/127.0.0.1#5353 +ipset=/.rtalabel.org/gfwlist +server=/.rthk.hk/127.0.0.1#5353 +ipset=/.rthk.hk/gfwlist +server=/.rthk.org.hk/127.0.0.1#5353 +ipset=/.rthk.org.hk/gfwlist +server=/.rthklive2-lh.akamaihd.net/127.0.0.1#5353 +ipset=/.rthklive2-lh.akamaihd.net/gfwlist +server=/.rti.org.tw/127.0.0.1#5353 +ipset=/.rti.org.tw/gfwlist +server=/.rtycminnesota.org/127.0.0.1#5353 +ipset=/.rtycminnesota.org/gfwlist +server=/.rukor.org/127.0.0.1#5353 +ipset=/.rukor.org/gfwlist +server=/.rushbee.com/127.0.0.1#5353 +ipset=/.rushbee.com/gfwlist +server=/.ruten.com.tw/127.0.0.1#5353 +ipset=/.ruten.com.tw/gfwlist +server=/.rutube.ru/127.0.0.1#5353 +ipset=/.rutube.ru/gfwlist +server=/.ruyiseek.com/127.0.0.1#5353 +ipset=/.ruyiseek.com/gfwlist +server=/.rxhj.net/127.0.0.1#5353 +ipset=/.rxhj.net/gfwlist +server=/.s-cute.com/127.0.0.1#5353 +ipset=/.s-cute.com/gfwlist +server=/.s-dragon.org/127.0.0.1#5353 +ipset=/.s-dragon.org/gfwlist +server=/.s1.nudezz.com/127.0.0.1#5353 +ipset=/.s1.nudezz.com/gfwlist +server=/.s1heng.com/127.0.0.1#5353 +ipset=/.s1heng.com/gfwlist +server=/.s1s1s1.com/127.0.0.1#5353 +ipset=/.s1s1s1.com/gfwlist +server=/.s3-ap-northeast-1.amazonaws.com/127.0.0.1#5353 +ipset=/.s3-ap-northeast-1.amazonaws.com/gfwlist +server=/.s3-ap-southeast-2.amazonaws.com/127.0.0.1#5353 +ipset=/.s3-ap-southeast-2.amazonaws.com/gfwlist +server=/.s8forum.com/127.0.0.1#5353 +ipset=/.s8forum.com/gfwlist +server=/.sa.hao123.com/127.0.0.1#5353 +ipset=/.sa.hao123.com/gfwlist +server=/.sacks.com/127.0.0.1#5353 +ipset=/.sacks.com/gfwlist +server=/.sacom.hk/127.0.0.1#5353 +ipset=/.sacom.hk/gfwlist +server=/.sadistic-v.com/127.0.0.1#5353 +ipset=/.sadistic-v.com/gfwlist +server=/.sadpanda.us/127.0.0.1#5353 +ipset=/.sadpanda.us/gfwlist +server=/.safebrowsing.googleapis.com/127.0.0.1#5353 +ipset=/.safebrowsing.googleapis.com/gfwlist +server=/.safervpn.com/127.0.0.1#5353 +ipset=/.safervpn.com/gfwlist +server=/.saintyculture.com/127.0.0.1#5353 +ipset=/.saintyculture.com/gfwlist +server=/.saiq.me/127.0.0.1#5353 +ipset=/.saiq.me/gfwlist +server=/.sakuralive.com/127.0.0.1#5353 +ipset=/.sakuralive.com/gfwlist +server=/.sakya.org/127.0.0.1#5353 +ipset=/.sakya.org/gfwlist +server=/.salvation.org.hk/127.0.0.1#5353 +ipset=/.salvation.org.hk/gfwlist +server=/.sambhota.org/127.0.0.1#5353 +ipset=/.sambhota.org/gfwlist +server=/.sanmin.com.tw/127.0.0.1#5353 +ipset=/.sanmin.com.tw/gfwlist +server=/.sapikachu.net/127.0.0.1#5353 +ipset=/.sapikachu.net/gfwlist +server=/.saveliuxiaobo.com/127.0.0.1#5353 +ipset=/.saveliuxiaobo.com/gfwlist +server=/.savemedia.com/127.0.0.1#5353 +ipset=/.savemedia.com/gfwlist +server=/.savethedate.foo/127.0.0.1#5353 +ipset=/.savethedate.foo/gfwlist +server=/.savetibet.de/127.0.0.1#5353 +ipset=/.savetibet.de/gfwlist +server=/.savetibet.fr/127.0.0.1#5353 +ipset=/.savetibet.fr/gfwlist +server=/.savetibet.nl/127.0.0.1#5353 +ipset=/.savetibet.nl/gfwlist +server=/.savetibet.org/127.0.0.1#5353 +ipset=/.savetibet.org/gfwlist +server=/.savetibet.ru/127.0.0.1#5353 +ipset=/.savetibet.ru/gfwlist +server=/.savetibetstore.org/127.0.0.1#5353 +ipset=/.savetibetstore.org/gfwlist +server=/.savevid.com/127.0.0.1#5353 +ipset=/.savevid.com/gfwlist +server=/.say2.info/127.0.0.1#5353 +ipset=/.say2.info/gfwlist +server=/.sbme.me/127.0.0.1#5353 +ipset=/.sbme.me/gfwlist +server=/.scache.vzw.com/127.0.0.1#5353 +ipset=/.scache.vzw.com/gfwlist +server=/.scache1.vzw.com/127.0.0.1#5353 +ipset=/.scache1.vzw.com/gfwlist +server=/.scache2.vzw.com/127.0.0.1#5353 +ipset=/.scache2.vzw.com/gfwlist +server=/.scasino.com/127.0.0.1#5353 +ipset=/.scasino.com/gfwlist +server=/.schema.org/127.0.0.1#5353 +ipset=/.schema.org/gfwlist +server=/.sciencenets.com/127.0.0.1#5353 +ipset=/.sciencenets.com/gfwlist +server=/.scieron.com/127.0.0.1#5353 +ipset=/.scieron.com/gfwlist +server=/.scmp.com/127.0.0.1#5353 +ipset=/.scmp.com/gfwlist +server=/.scmpchinese.com/127.0.0.1#5353 +ipset=/.scmpchinese.com/gfwlist +server=/.scramble.io/127.0.0.1#5353 +ipset=/.scramble.io/gfwlist +server=/.scribd.com/127.0.0.1#5353 +ipset=/.scribd.com/gfwlist +server=/.scriptspot.com/127.0.0.1#5353 +ipset=/.scriptspot.com/gfwlist +server=/.seapuff.com/127.0.0.1#5353 +ipset=/.seapuff.com/gfwlist +server=/.search.aol.com/127.0.0.1#5353 +ipset=/.search.aol.com/gfwlist +server=/.search.disconnect.me/127.0.0.1#5353 +ipset=/.search.disconnect.me/gfwlist +server=/.search.yahoo.co.jp/127.0.0.1#5353 +ipset=/.search.yahoo.co.jp/gfwlist +server=/.searchtruth.com/127.0.0.1#5353 +ipset=/.searchtruth.com/gfwlist +server=/.secretchina.com/127.0.0.1#5353 +ipset=/.secretchina.com/gfwlist +server=/.secretgarden.no/127.0.0.1#5353 +ipset=/.secretgarden.no/gfwlist +server=/.secretsline.biz/127.0.0.1#5353 +ipset=/.secretsline.biz/gfwlist +server=/.secure.hustler.com/127.0.0.1#5353 +ipset=/.secure.hustler.com/gfwlist +server=/.secure.logmein.com/127.0.0.1#5353 +ipset=/.secure.logmein.com/gfwlist +server=/.secure.raxcdn.com/127.0.0.1#5353 +ipset=/.secure.raxcdn.com/gfwlist +server=/.securetunnel.com/127.0.0.1#5353 +ipset=/.securetunnel.com/gfwlist +server=/.securityinabox.org/127.0.0.1#5353 +ipset=/.securityinabox.org/gfwlist +server=/.securitykiss.com/127.0.0.1#5353 +ipset=/.securitykiss.com/gfwlist +server=/.seed4.me/127.0.0.1#5353 +ipset=/.seed4.me/gfwlist +server=/.seesmic.com/127.0.0.1#5353 +ipset=/.seesmic.com/gfwlist +server=/.seevpn.com/127.0.0.1#5353 +ipset=/.seevpn.com/gfwlist +server=/.seezone.net/127.0.0.1#5353 +ipset=/.seezone.net/gfwlist +server=/.sejie.com/127.0.0.1#5353 +ipset=/.sejie.com/gfwlist +server=/.sellclassics.com/127.0.0.1#5353 +ipset=/.sellclassics.com/gfwlist +server=/.sendsmtp.com/127.0.0.1#5353 +ipset=/.sendsmtp.com/gfwlist +server=/.sendspace.com/127.0.0.1#5353 +ipset=/.sendspace.com/gfwlist +server=/.servehttp.com/127.0.0.1#5353 +ipset=/.servehttp.com/gfwlist +server=/.serveuser.com/127.0.0.1#5353 +ipset=/.serveuser.com/gfwlist +server=/.serveusers.com/127.0.0.1#5353 +ipset=/.serveusers.com/gfwlist +server=/.sesawe.net/127.0.0.1#5353 +ipset=/.sesawe.net/gfwlist +server=/.sesawe.org/127.0.0.1#5353 +ipset=/.sesawe.org/gfwlist +server=/.sethwklein.net/127.0.0.1#5353 +ipset=/.sethwklein.net/gfwlist +server=/.setn.com/127.0.0.1#5353 +ipset=/.setn.com/gfwlist +server=/.settv.com.tw/127.0.0.1#5353 +ipset=/.settv.com.tw/gfwlist +server=/.sevenload.com/127.0.0.1#5353 +ipset=/.sevenload.com/gfwlist +server=/.sex-11.com/127.0.0.1#5353 +ipset=/.sex-11.com/gfwlist +server=/.sex.com/127.0.0.1#5353 +ipset=/.sex.com/gfwlist +server=/.sex3.com/127.0.0.1#5353 +ipset=/.sex3.com/gfwlist +server=/.sex8.cc/127.0.0.1#5353 +ipset=/.sex8.cc/gfwlist +server=/.sexandsubmission.com/127.0.0.1#5353 +ipset=/.sexandsubmission.com/gfwlist +server=/.sexbot.com/127.0.0.1#5353 +ipset=/.sexbot.com/gfwlist +server=/.sexhu.com/127.0.0.1#5353 +ipset=/.sexhu.com/gfwlist +server=/.sexhuang.com/127.0.0.1#5353 +ipset=/.sexhuang.com/gfwlist +server=/.sexidude.com/127.0.0.1#5353 +ipset=/.sexidude.com/gfwlist +server=/.sexinsex.net/127.0.0.1#5353 +ipset=/.sexinsex.net/gfwlist +server=/.sextvx.com/127.0.0.1#5353 +ipset=/.sextvx.com/gfwlist +server=/.sexxxy.biz/127.0.0.1#5353 +ipset=/.sexxxy.biz/gfwlist +server=/.sfileydy.com/127.0.0.1#5353 +ipset=/.sfileydy.com/gfwlist +server=/.sfshibao.com/127.0.0.1#5353 +ipset=/.sfshibao.com/gfwlist +server=/.sftindia.org/127.0.0.1#5353 +ipset=/.sftindia.org/gfwlist +server=/.sftuk.org/127.0.0.1#5353 +ipset=/.sftuk.org/gfwlist +server=/.shadeyouvpn.com/127.0.0.1#5353 +ipset=/.shadeyouvpn.com/gfwlist +server=/.shadow.ma/127.0.0.1#5353 +ipset=/.shadow.ma/gfwlist +server=/.shadowsky.xyz/127.0.0.1#5353 +ipset=/.shadowsky.xyz/gfwlist +server=/.shadowsocks-r.com/127.0.0.1#5353 +ipset=/.shadowsocks-r.com/gfwlist +server=/.shadowsocks.asia/127.0.0.1#5353 +ipset=/.shadowsocks.asia/gfwlist +server=/.shadowsocks.be/127.0.0.1#5353 +ipset=/.shadowsocks.be/gfwlist +server=/.shadowsocks.com/127.0.0.1#5353 +ipset=/.shadowsocks.com/gfwlist +server=/.shadowsocks.org/127.0.0.1#5353 +ipset=/.shadowsocks.org/gfwlist +server=/.shadowsocks9.com/127.0.0.1#5353 +ipset=/.shadowsocks9.com/gfwlist +server=/.shambalapost.com/127.0.0.1#5353 +ipset=/.shambalapost.com/gfwlist +server=/.shambhalasun.com/127.0.0.1#5353 +ipset=/.shambhalasun.com/gfwlist +server=/.shangfang.org/127.0.0.1#5353 +ipset=/.shangfang.org/gfwlist +server=/.shapeservices.com/127.0.0.1#5353 +ipset=/.shapeservices.com/gfwlist +server=/.share.dmhy.org/127.0.0.1#5353 +ipset=/.share.dmhy.org/gfwlist +server=/.share.youthwant.com.tw/127.0.0.1#5353 +ipset=/.share.youthwant.com.tw/gfwlist +server=/.sharebee.com/127.0.0.1#5353 +ipset=/.sharebee.com/gfwlist +server=/.sharecool.org/127.0.0.1#5353 +ipset=/.sharecool.org/gfwlist +server=/.sharpdaily.com.hk/127.0.0.1#5353 +ipset=/.sharpdaily.com.hk/gfwlist +server=/.sharpdaily.hk/127.0.0.1#5353 +ipset=/.sharpdaily.hk/gfwlist +server=/.sharpdaily.tw/127.0.0.1#5353 +ipset=/.sharpdaily.tw/gfwlist +server=/.shat-tibet.com/127.0.0.1#5353 +ipset=/.shat-tibet.com/gfwlist +server=/.shattered.io/127.0.0.1#5353 +ipset=/.shattered.io/gfwlist +server=/.sheikyermami.com/127.0.0.1#5353 +ipset=/.sheikyermami.com/gfwlist +server=/.shellfire.de/127.0.0.1#5353 +ipset=/.shellfire.de/gfwlist +server=/.shenshou.org/127.0.0.1#5353 +ipset=/.shenshou.org/gfwlist +server=/.shenyun.com/127.0.0.1#5353 +ipset=/.shenyun.com/gfwlist +server=/.shenyunperformingarts.org/127.0.0.1#5353 +ipset=/.shenyunperformingarts.org/gfwlist +server=/.shenzhoufilm.com/127.0.0.1#5353 +ipset=/.shenzhoufilm.com/gfwlist +server=/.sherabgyaltsen.com/127.0.0.1#5353 +ipset=/.sherabgyaltsen.com/gfwlist +server=/.shiatv.net/127.0.0.1#5353 +ipset=/.shiatv.net/gfwlist +server=/.shicheng.org/127.0.0.1#5353 +ipset=/.shicheng.org/gfwlist +server=/.shiksha.com/127.0.0.1#5353 +ipset=/.shiksha.com/gfwlist +server=/.shinychan.com/127.0.0.1#5353 +ipset=/.shinychan.com/gfwlist +server=/.shipcamouflage.com/127.0.0.1#5353 +ipset=/.shipcamouflage.com/gfwlist +server=/.shireyishunjian.com/127.0.0.1#5353 +ipset=/.shireyishunjian.com/gfwlist +server=/.shitaotv.org/127.0.0.1#5353 +ipset=/.shitaotv.org/gfwlist +server=/.shixiao.org/127.0.0.1#5353 +ipset=/.shixiao.org/gfwlist +server=/.shizhao.org/127.0.0.1#5353 +ipset=/.shizhao.org/gfwlist +server=/.shodanhq.com/127.0.0.1#5353 +ipset=/.shodanhq.com/gfwlist +server=/.shooshtime.com/127.0.0.1#5353 +ipset=/.shooshtime.com/gfwlist +server=/.shop2000.com.tw/127.0.0.1#5353 +ipset=/.shop2000.com.tw/gfwlist +server=/.shopping.com/127.0.0.1#5353 +ipset=/.shopping.com/gfwlist +server=/.showbiz.omy.sg/127.0.0.1#5353 +ipset=/.showbiz.omy.sg/gfwlist +server=/.showhaotu.com/127.0.0.1#5353 +ipset=/.showhaotu.com/gfwlist +server=/.showtime.jp/127.0.0.1#5353 +ipset=/.showtime.jp/gfwlist +server=/.shutterstock.com/127.0.0.1#5353 +ipset=/.shutterstock.com/gfwlist +server=/.shwchurch.org/127.0.0.1#5353 +ipset=/.shwchurch.org/gfwlist +server=/.shwchurch3.com/127.0.0.1#5353 +ipset=/.shwchurch3.com/gfwlist +server=/.siddharthasintent.org/127.0.0.1#5353 +ipset=/.siddharthasintent.org/gfwlist +server=/.sidelinesnews.com/127.0.0.1#5353 +ipset=/.sidelinesnews.com/gfwlist +server=/.sidelinessportseatery.com/127.0.0.1#5353 +ipset=/.sidelinessportseatery.com/gfwlist +server=/.sierrafriendsoftibet.org/127.0.0.1#5353 +ipset=/.sierrafriendsoftibet.org/gfwlist +server=/.sijihuisuo.club/127.0.0.1#5353 +ipset=/.sijihuisuo.club/gfwlist +server=/.sijihuisuo.com/127.0.0.1#5353 +ipset=/.sijihuisuo.com/gfwlist +server=/.sikaozhe1997.github.io/127.0.0.1#5353 +ipset=/.sikaozhe1997.github.io/gfwlist +server=/.silkbook.com/127.0.0.1#5353 +ipset=/.silkbook.com/gfwlist +server=/.simbolostwitter.com/127.0.0.1#5353 +ipset=/.simbolostwitter.com/gfwlist +server=/.simplecd.me/127.0.0.1#5353 +ipset=/.simplecd.me/gfwlist +server=/.simplecd.org/127.0.0.1#5353 +ipset=/.simplecd.org/gfwlist +server=/.simpleproductivityblog.com/127.0.0.1#5353 +ipset=/.simpleproductivityblog.com/gfwlist +server=/.singaporepools.com.sg/127.0.0.1#5353 +ipset=/.singaporepools.com.sg/gfwlist +server=/.singfortibet.com/127.0.0.1#5353 +ipset=/.singfortibet.com/gfwlist +server=/.singpao.com.hk/127.0.0.1#5353 +ipset=/.singpao.com.hk/gfwlist +server=/.singtao.com/127.0.0.1#5353 +ipset=/.singtao.com/gfwlist +server=/.singtaousa.com/127.0.0.1#5353 +ipset=/.singtaousa.com/gfwlist +server=/.sino-monthly.com/127.0.0.1#5353 +ipset=/.sino-monthly.com/gfwlist +server=/.sinoants.com/127.0.0.1#5353 +ipset=/.sinoants.com/gfwlist +server=/.sinocast.com/127.0.0.1#5353 +ipset=/.sinocast.com/gfwlist +server=/.sinocism.com/127.0.0.1#5353 +ipset=/.sinocism.com/gfwlist +server=/.sinomontreal.ca/127.0.0.1#5353 +ipset=/.sinomontreal.ca/gfwlist +server=/.sinonet.ca/127.0.0.1#5353 +ipset=/.sinonet.ca/gfwlist +server=/.sinopitt.info/127.0.0.1#5353 +ipset=/.sinopitt.info/gfwlist +server=/.sinoquebec.com/127.0.0.1#5353 +ipset=/.sinoquebec.com/gfwlist +server=/.siraya-nsa.gov.tw/127.0.0.1#5353 +ipset=/.siraya-nsa.gov.tw/gfwlist +server=/.sis.xxx/127.0.0.1#5353 +ipset=/.sis.xxx/gfwlist +server=/.sis001.com/127.0.0.1#5353 +ipset=/.sis001.com/gfwlist +server=/.sis001.us/127.0.0.1#5353 +ipset=/.sis001.us/gfwlist +server=/.site.locql.com/127.0.0.1#5353 +ipset=/.site.locql.com/gfwlist +server=/.site2unblock.com/127.0.0.1#5353 +ipset=/.site2unblock.com/gfwlist +server=/.site90.net/127.0.0.1#5353 +ipset=/.site90.net/gfwlist +server=/.sitebro.tw/127.0.0.1#5353 +ipset=/.sitebro.tw/gfwlist +server=/.sitekreator.com/127.0.0.1#5353 +ipset=/.sitekreator.com/gfwlist +server=/.siteks.uk.to/127.0.0.1#5353 +ipset=/.siteks.uk.to/gfwlist +server=/.sitemaps.org/127.0.0.1#5353 +ipset=/.sitemaps.org/gfwlist +server=/.sixth.biz/127.0.0.1#5353 +ipset=/.sixth.biz/gfwlist +server=/.sjrt.org/127.0.0.1#5353 +ipset=/.sjrt.org/gfwlist +server=/.sjum.cn/127.0.0.1#5353 +ipset=/.sjum.cn/gfwlist +server=/.sketchappsources.com/127.0.0.1#5353 +ipset=/.sketchappsources.com/gfwlist +server=/.skimtube.com/127.0.0.1#5353 +ipset=/.skimtube.com/gfwlist +server=/.skybet.com/127.0.0.1#5353 +ipset=/.skybet.com/gfwlist +server=/.skyking.com.tw/127.0.0.1#5353 +ipset=/.skyking.com.tw/gfwlist +server=/.skyvegas.com/127.0.0.1#5353 +ipset=/.skyvegas.com/gfwlist +server=/.skyxvpn.com/127.0.0.1#5353 +ipset=/.skyxvpn.com/gfwlist +server=/.slacker.com/127.0.0.1#5353 +ipset=/.slacker.com/gfwlist +server=/.slaytizle.com/127.0.0.1#5353 +ipset=/.slaytizle.com/gfwlist +server=/.sleazydream.com/127.0.0.1#5353 +ipset=/.sleazydream.com/gfwlist +server=/.slheng.com/127.0.0.1#5353 +ipset=/.slheng.com/gfwlist +server=/.slickvpn.com/127.0.0.1#5353 +ipset=/.slickvpn.com/gfwlist +server=/.slideshare.net/127.0.0.1#5353 +ipset=/.slideshare.net/gfwlist +server=/.slinkset.com/127.0.0.1#5353 +ipset=/.slinkset.com/gfwlist +server=/.slutload.com/127.0.0.1#5353 +ipset=/.slutload.com/gfwlist +server=/.slutmoonbeam.com/127.0.0.1#5353 +ipset=/.slutmoonbeam.com/gfwlist +server=/.slyip.com/127.0.0.1#5353 +ipset=/.slyip.com/gfwlist +server=/.slyip.net/127.0.0.1#5353 +ipset=/.slyip.net/gfwlist +server=/.sm-miracle.com/127.0.0.1#5353 +ipset=/.sm-miracle.com/gfwlist +server=/.smartdnsproxy.com/127.0.0.1#5353 +ipset=/.smartdnsproxy.com/gfwlist +server=/.smarthide.com/127.0.0.1#5353 +ipset=/.smarthide.com/gfwlist +server=/.smchbooks.com/127.0.0.1#5353 +ipset=/.smchbooks.com/gfwlist +server=/.smhric.org/127.0.0.1#5353 +ipset=/.smhric.org/gfwlist +server=/.smyxy.org/127.0.0.1#5353 +ipset=/.smyxy.org/gfwlist +server=/.snapchat.com/127.0.0.1#5353 +ipset=/.snapchat.com/gfwlist +server=/.snaptu.com/127.0.0.1#5353 +ipset=/.snaptu.com/gfwlist +server=/.sndcdn.com/127.0.0.1#5353 +ipset=/.sndcdn.com/gfwlist +server=/.sneakme.net/127.0.0.1#5353 +ipset=/.sneakme.net/gfwlist +server=/.snowlionpub.com/127.0.0.1#5353 +ipset=/.snowlionpub.com/gfwlist +server=/.sobees.com/127.0.0.1#5353 +ipset=/.sobees.com/gfwlist +server=/.soc.mil/127.0.0.1#5353 +ipset=/.soc.mil/gfwlist +server=/.socialwhale.com/127.0.0.1#5353 +ipset=/.socialwhale.com/gfwlist +server=/.sockscap64.com/127.0.0.1#5353 +ipset=/.sockscap64.com/gfwlist +server=/.sockslist.net/127.0.0.1#5353 +ipset=/.sockslist.net/gfwlist +server=/.socrec.org/127.0.0.1#5353 +ipset=/.socrec.org/gfwlist +server=/.sod.co.jp/127.0.0.1#5353 +ipset=/.sod.co.jp/gfwlist +server=/.sodatea.github.io/127.0.0.1#5353 +ipset=/.sodatea.github.io/gfwlist +server=/.softether-download.com/127.0.0.1#5353 +ipset=/.softether-download.com/gfwlist +server=/.softether.co.jp/127.0.0.1#5353 +ipset=/.softether.co.jp/gfwlist +server=/.softether.org/127.0.0.1#5353 +ipset=/.softether.org/gfwlist +server=/.softwarebychuck.com/127.0.0.1#5353 +ipset=/.softwarebychuck.com/gfwlist +server=/.softwaredownload.gitbooks.io/127.0.0.1#5353 +ipset=/.softwaredownload.gitbooks.io/gfwlist +server=/.sogclub.com/127.0.0.1#5353 +ipset=/.sogclub.com/gfwlist +server=/.sogrady.me/127.0.0.1#5353 +ipset=/.sogrady.me/gfwlist +server=/.soh.tw/127.0.0.1#5353 +ipset=/.soh.tw/gfwlist +server=/.sohcradio.com/127.0.0.1#5353 +ipset=/.sohcradio.com/gfwlist +server=/.sohfrance.org/127.0.0.1#5353 +ipset=/.sohfrance.org/gfwlist +server=/.sokamonline.com/127.0.0.1#5353 +ipset=/.sokamonline.com/gfwlist +server=/.sokmil.com/127.0.0.1#5353 +ipset=/.sokmil.com/gfwlist +server=/.solarsystem.nasa.gov/127.0.0.1#5353 +ipset=/.solarsystem.nasa.gov/gfwlist +server=/.solidaritetibet.org/127.0.0.1#5353 +ipset=/.solidaritetibet.org/gfwlist +server=/.solidfiles.com/127.0.0.1#5353 +ipset=/.solidfiles.com/gfwlist +server=/.somee.com/127.0.0.1#5353 +ipset=/.somee.com/gfwlist +server=/.songjianjun.com/127.0.0.1#5353 +ipset=/.songjianjun.com/gfwlist +server=/.sonicbbs.cc/127.0.0.1#5353 +ipset=/.sonicbbs.cc/gfwlist +server=/.sonidodelaesperanza.org/127.0.0.1#5353 +ipset=/.sonidodelaesperanza.org/gfwlist +server=/.sopcast.com/127.0.0.1#5353 +ipset=/.sopcast.com/gfwlist +server=/.sopcast.org/127.0.0.1#5353 +ipset=/.sopcast.org/gfwlist +server=/.sorazone.net/127.0.0.1#5353 +ipset=/.sorazone.net/gfwlist +server=/.sorting-algorithms.com/127.0.0.1#5353 +ipset=/.sorting-algorithms.com/gfwlist +server=/.sos.org/127.0.0.1#5353 +ipset=/.sos.org/gfwlist +server=/.sosreader.com/127.0.0.1#5353 +ipset=/.sosreader.com/gfwlist +server=/.sostibet.org/127.0.0.1#5353 +ipset=/.sostibet.org/gfwlist +server=/.soubory.com/127.0.0.1#5353 +ipset=/.soubory.com/gfwlist +server=/.soul-plus.net/127.0.0.1#5353 +ipset=/.soul-plus.net/gfwlist +server=/.soulcaliburhentai.net/127.0.0.1#5353 +ipset=/.soulcaliburhentai.net/gfwlist +server=/.soumo.info/127.0.0.1#5353 +ipset=/.soumo.info/gfwlist +server=/.soundcloud.com/127.0.0.1#5353 +ipset=/.soundcloud.com/gfwlist +server=/.soundofhope.kr/127.0.0.1#5353 +ipset=/.soundofhope.kr/gfwlist +server=/.soundofhope.org/127.0.0.1#5353 +ipset=/.soundofhope.org/gfwlist +server=/.soup.io/127.0.0.1#5353 +ipset=/.soup.io/gfwlist +server=/.soupofmedia.com/127.0.0.1#5353 +ipset=/.soupofmedia.com/gfwlist +server=/.sourcewadio.com/127.0.0.1#5353 +ipset=/.sourcewadio.com/gfwlist +server=/.southnews.com.tw/127.0.0.1#5353 +ipset=/.southnews.com.tw/gfwlist +server=/.sowers.org.hk/127.0.0.1#5353 +ipset=/.sowers.org.hk/gfwlist +server=/.soylentnews.org/127.0.0.1#5353 +ipset=/.soylentnews.org/gfwlist +server=/.spankbang.com/127.0.0.1#5353 +ipset=/.spankbang.com/gfwlist +server=/.spankingtube.com/127.0.0.1#5353 +ipset=/.spankingtube.com/gfwlist +server=/.spankwire.com/127.0.0.1#5353 +ipset=/.spankwire.com/gfwlist +server=/.spb.com/127.0.0.1#5353 +ipset=/.spb.com/gfwlist +server=/.speakerdeck.com/127.0.0.1#5353 +ipset=/.speakerdeck.com/gfwlist +server=/.specxinzl.jigsy.com/127.0.0.1#5353 +ipset=/.specxinzl.jigsy.com/gfwlist +server=/.speedify.com/127.0.0.1#5353 +ipset=/.speedify.com/gfwlist +server=/.spem.at/127.0.0.1#5353 +ipset=/.spem.at/gfwlist +server=/.spencertipping.com/127.0.0.1#5353 +ipset=/.spencertipping.com/gfwlist +server=/.spicevpn.com/127.0.0.1#5353 +ipset=/.spicevpn.com/gfwlist +server=/.spideroak.com/127.0.0.1#5353 +ipset=/.spideroak.com/gfwlist +server=/.spike.com/127.0.0.1#5353 +ipset=/.spike.com/gfwlist +server=/.sports.williamhill.com/127.0.0.1#5353 +ipset=/.sports.williamhill.com/gfwlist +server=/.spotflux.com/127.0.0.1#5353 +ipset=/.spotflux.com/gfwlist +server=/.spotify.com/127.0.0.1#5353 +ipset=/.spotify.com/gfwlist +server=/.spreadshirt.es/127.0.0.1#5353 +ipset=/.spreadshirt.es/gfwlist +server=/.spring4u.info/127.0.0.1#5353 +ipset=/.spring4u.info/gfwlist +server=/.springboardplatform.com/127.0.0.1#5353 +ipset=/.springboardplatform.com/gfwlist +server=/.sprite.org/127.0.0.1#5353 +ipset=/.sprite.org/gfwlist +server=/.sproutcore.com/127.0.0.1#5353 +ipset=/.sproutcore.com/gfwlist +server=/.sproxy.info/127.0.0.1#5353 +ipset=/.sproxy.info/gfwlist +server=/.squirly.info/127.0.0.1#5353 +ipset=/.squirly.info/gfwlist +server=/.srocket.us/127.0.0.1#5353 +ipset=/.srocket.us/gfwlist +server=/.ss-link.com/127.0.0.1#5353 +ipset=/.ss-link.com/gfwlist +server=/.ss.carryzhou.com/127.0.0.1#5353 +ipset=/.ss.carryzhou.com/gfwlist +server=/.ss.levyhsu.com/127.0.0.1#5353 +ipset=/.ss.levyhsu.com/gfwlist +server=/.ss7.vzw.com/127.0.0.1#5353 +ipset=/.ss7.vzw.com/gfwlist +server=/.ssglobal.co/127.0.0.1#5353 +ipset=/.ssglobal.co/gfwlist +server=/.ssglobal.me/127.0.0.1#5353 +ipset=/.ssglobal.me/gfwlist +server=/.ssh91.com/127.0.0.1#5353 +ipset=/.ssh91.com/gfwlist +server=/.ssl.gstatic.com/127.0.0.1#5353 +ipset=/.ssl.gstatic.com/gfwlist +server=/.ssl.webpack.de/127.0.0.1#5353 +ipset=/.ssl.webpack.de/gfwlist +server=/.ssl443.org/127.0.0.1#5353 +ipset=/.ssl443.org/gfwlist +server=/.sspro.ml/127.0.0.1#5353 +ipset=/.sspro.ml/gfwlist +server=/.ssrshare.com/127.0.0.1#5353 +ipset=/.ssrshare.com/gfwlist +server=/.sss.camp/127.0.0.1#5353 +ipset=/.sss.camp/gfwlist +server=/.sstmlt.moe/127.0.0.1#5353 +ipset=/.sstmlt.moe/gfwlist +server=/.sstmlt.net/127.0.0.1#5353 +ipset=/.sstmlt.net/gfwlist +server=/.stage64.hk/127.0.0.1#5353 +ipset=/.stage64.hk/gfwlist +server=/.standupfortibet.org/127.0.0.1#5353 +ipset=/.standupfortibet.org/gfwlist +server=/.starfishfx.com/127.0.0.1#5353 +ipset=/.starfishfx.com/gfwlist +server=/.starp2p.com/127.0.0.1#5353 +ipset=/.starp2p.com/gfwlist +server=/.startpage.com/127.0.0.1#5353 +ipset=/.startpage.com/gfwlist +server=/.startuplivingchina.com/127.0.0.1#5353 +ipset=/.startuplivingchina.com/gfwlist +server=/.stat.gov.tw/127.0.0.1#5353 +ipset=/.stat.gov.tw/gfwlist +server=/.static-economist.com/127.0.0.1#5353 +ipset=/.static-economist.com/gfwlist +server=/.static.comico.tw/127.0.0.1#5353 +ipset=/.static.comico.tw/gfwlist +server=/.static.shemalez.com/127.0.0.1#5353 +ipset=/.static.shemalez.com/gfwlist +server=/.static.soup.io/127.0.0.1#5353 +ipset=/.static.soup.io/gfwlist +server=/.static.typepad.com/127.0.0.1#5353 +ipset=/.static.typepad.com/gfwlist +server=/.static.v2ex.com/127.0.0.1#5353 +ipset=/.static.v2ex.com/gfwlist +server=/.static01.nyt.com/127.0.0.1#5353 +ipset=/.static01.nyt.com/gfwlist +server=/.staticflickr.com/127.0.0.1#5353 +ipset=/.staticflickr.com/gfwlist +server=/.statueofdemocracy.org/127.0.0.1#5353 +ipset=/.statueofdemocracy.org/gfwlist +server=/.stc.com.sa/127.0.0.1#5353 +ipset=/.stc.com.sa/gfwlist +server=/.stdtime.gov.tw/127.0.0.1#5353 +ipset=/.stdtime.gov.tw/gfwlist +server=/.steamcommunity.com/127.0.0.1#5353 +ipset=/.steamcommunity.com/gfwlist +server=/.steel-storm.com/127.0.0.1#5353 +ipset=/.steel-storm.com/gfwlist +server=/.steganos.com/127.0.0.1#5353 +ipset=/.steganos.com/gfwlist +server=/.steganos.net/127.0.0.1#5353 +ipset=/.steganos.net/gfwlist +server=/.stepchina.com/127.0.0.1#5353 +ipset=/.stepchina.com/gfwlist +server=/.stephaniered.com/127.0.0.1#5353 +ipset=/.stephaniered.com/gfwlist +server=/.sthoo.com/127.0.0.1#5353 +ipset=/.sthoo.com/gfwlist +server=/.stickam.com/127.0.0.1#5353 +ipset=/.stickam.com/gfwlist +server=/.stileproject.com/127.0.0.1#5353 +ipset=/.stileproject.com/gfwlist +server=/.sto.cc/127.0.0.1#5353 +ipset=/.sto.cc/gfwlist +server=/.stoporganharvesting.org/127.0.0.1#5353 +ipset=/.stoporganharvesting.org/gfwlist +server=/.stoptibetcrisis.net/127.0.0.1#5353 +ipset=/.stoptibetcrisis.net/gfwlist +server=/.storage.googleapis.com/127.0.0.1#5353 +ipset=/.storage.googleapis.com/gfwlist +server=/.storagenewsletter.com/127.0.0.1#5353 +ipset=/.storagenewsletter.com/gfwlist +server=/.store.sprite.org/127.0.0.1#5353 +ipset=/.store.sprite.org/gfwlist +server=/.stories.google/127.0.0.1#5353 +ipset=/.stories.google/gfwlist +server=/.storify.com/127.0.0.1#5353 +ipset=/.storify.com/gfwlist +server=/.storm.mg/127.0.0.1#5353 +ipset=/.storm.mg/gfwlist +server=/.stormmediagroup.com/127.0.0.1#5353 +ipset=/.stormmediagroup.com/gfwlist +server=/.stoweboyd.com/127.0.0.1#5353 +ipset=/.stoweboyd.com/gfwlist +server=/.stranabg.com/127.0.0.1#5353 +ipset=/.stranabg.com/gfwlist +server=/.straplessdildo.com/127.0.0.1#5353 +ipset=/.straplessdildo.com/gfwlist +server=/.streamingthe.net/127.0.0.1#5353 +ipset=/.streamingthe.net/gfwlist +server=/.strikingly.com/127.0.0.1#5353 +ipset=/.strikingly.com/gfwlist +server=/.strongvpn.com/127.0.0.1#5353 +ipset=/.strongvpn.com/gfwlist +server=/.strongwindpress.com/127.0.0.1#5353 +ipset=/.strongwindpress.com/gfwlist +server=/.studentsforafreetibet.org/127.0.0.1#5353 +ipset=/.studentsforafreetibet.org/gfwlist +server=/.stumbleupon.com/127.0.0.1#5353 +ipset=/.stumbleupon.com/gfwlist +server=/.stupidvideos.com/127.0.0.1#5353 +ipset=/.stupidvideos.com/gfwlist +server=/.subacme.rerouted.org/127.0.0.1#5353 +ipset=/.subacme.rerouted.org/gfwlist +server=/.successfn.com/127.0.0.1#5353 +ipset=/.successfn.com/gfwlist +server=/.sugarsync.com/127.0.0.1#5353 +ipset=/.sugarsync.com/gfwlist +server=/.sugobbs.com/127.0.0.1#5353 +ipset=/.sugobbs.com/gfwlist +server=/.sugumiru18.com/127.0.0.1#5353 +ipset=/.sugumiru18.com/gfwlist +server=/.suissl.com/127.0.0.1#5353 +ipset=/.suissl.com/gfwlist +server=/.sujiatun.wordpress.com/127.0.0.1#5353 +ipset=/.sujiatun.wordpress.com/gfwlist +server=/.sukebei.nyaa.si/127.0.0.1#5353 +ipset=/.sukebei.nyaa.si/gfwlist +server=/.sulian.me/127.0.0.1#5353 +ipset=/.sulian.me/gfwlist +server=/.summify.com/127.0.0.1#5353 +ipset=/.summify.com/gfwlist +server=/.sumrando.com/127.0.0.1#5353 +ipset=/.sumrando.com/gfwlist +server=/.sun1911.com/127.0.0.1#5353 +ipset=/.sun1911.com/gfwlist +server=/.sunmedia.ca/127.0.0.1#5353 +ipset=/.sunmedia.ca/gfwlist +server=/.sunmoonlake.gov.tw/127.0.0.1#5353 +ipset=/.sunmoonlake.gov.tw/gfwlist +server=/.sunporno.com/127.0.0.1#5353 +ipset=/.sunporno.com/gfwlist +server=/.sunskyforum.com/127.0.0.1#5353 +ipset=/.sunskyforum.com/gfwlist +server=/.sunta.com.tw/127.0.0.1#5353 +ipset=/.sunta.com.tw/gfwlist +server=/.sunvpn.net/127.0.0.1#5353 +ipset=/.sunvpn.net/gfwlist +server=/.sunwinism.joinbbs.net/127.0.0.1#5353 +ipset=/.sunwinism.joinbbs.net/gfwlist +server=/.suoluo.org/127.0.0.1#5353 +ipset=/.suoluo.org/gfwlist +server=/.supchina.com/127.0.0.1#5353 +ipset=/.supchina.com/gfwlist +server=/.superfreevpn.com/127.0.0.1#5353 +ipset=/.superfreevpn.com/gfwlist +server=/.superokayama.com/127.0.0.1#5353 +ipset=/.superokayama.com/gfwlist +server=/.superpages.com/127.0.0.1#5353 +ipset=/.superpages.com/gfwlist +server=/.supervpn.net/127.0.0.1#5353 +ipset=/.supervpn.net/gfwlist +server=/.superzooi.com/127.0.0.1#5353 +ipset=/.superzooi.com/gfwlist +server=/.suppig.net/127.0.0.1#5353 +ipset=/.suppig.net/gfwlist +server=/.suprememastertv.com/127.0.0.1#5353 +ipset=/.suprememastertv.com/gfwlist +server=/.surfeasy.com/127.0.0.1#5353 +ipset=/.surfeasy.com/gfwlist +server=/.suroot.com/127.0.0.1#5353 +ipset=/.suroot.com/gfwlist +server=/.surrenderat20.net/127.0.0.1#5353 +ipset=/.surrenderat20.net/gfwlist +server=/.suyangg.com/127.0.0.1#5353 +ipset=/.suyangg.com/gfwlist +server=/.svsfx.com/127.0.0.1#5353 +ipset=/.svsfx.com/gfwlist +server=/.swagbucks.com/127.0.0.1#5353 +ipset=/.swagbucks.com/gfwlist +server=/.swissvpn.net/127.0.0.1#5353 +ipset=/.swissvpn.net/gfwlist +server=/.switch1.jp/127.0.0.1#5353 +ipset=/.switch1.jp/gfwlist +server=/.switchvpn.net/127.0.0.1#5353 +ipset=/.switchvpn.net/gfwlist +server=/.sydneytoday.com/127.0.0.1#5353 +ipset=/.sydneytoday.com/gfwlist +server=/.sylfoundation.org/127.0.0.1#5353 +ipset=/.sylfoundation.org/gfwlist +server=/.syncback.com/127.0.0.1#5353 +ipset=/.syncback.com/gfwlist +server=/.synergyse.com/127.0.0.1#5353 +ipset=/.synergyse.com/gfwlist +server=/.sysresccd.org/127.0.0.1#5353 +ipset=/.sysresccd.org/gfwlist +server=/.sytes.net/127.0.0.1#5353 +ipset=/.sytes.net/gfwlist +server=/.szbbs.net/127.0.0.1#5353 +ipset=/.szbbs.net/gfwlist +server=/.szetowah.org.hk/127.0.0.1#5353 +ipset=/.szetowah.org.hk/gfwlist +server=/.t-g.com/127.0.0.1#5353 +ipset=/.t-g.com/gfwlist +server=/.t.co/127.0.0.1#5353 +ipset=/.t.co/gfwlist +server=/.t.me/127.0.0.1#5353 +ipset=/.t.me/gfwlist +server=/.t.orzdream.com/127.0.0.1#5353 +ipset=/.t.orzdream.com/gfwlist +server=/.t35.com/127.0.0.1#5353 +ipset=/.t35.com/gfwlist +server=/.t66y.com/127.0.0.1#5353 +ipset=/.t66y.com/gfwlist +server=/.taa-usa.org/127.0.0.1#5353 +ipset=/.taa-usa.org/gfwlist +server=/.taaze.tw/127.0.0.1#5353 +ipset=/.taaze.tw/gfwlist +server=/.tabtter.jp/127.0.0.1#5353 +ipset=/.tabtter.jp/gfwlist +server=/.tacc.cwb.gov.tw/127.0.0.1#5353 +ipset=/.tacc.cwb.gov.tw/gfwlist +server=/.tacem.org/127.0.0.1#5353 +ipset=/.tacem.org/gfwlist +server=/.taconet.com.tw/127.0.0.1#5353 +ipset=/.taconet.com.tw/gfwlist +server=/.taedp.org.tw/127.0.0.1#5353 +ipset=/.taedp.org.tw/gfwlist +server=/.tafm.org/127.0.0.1#5353 +ipset=/.tafm.org/gfwlist +server=/.tagwa.org.au/127.0.0.1#5353 +ipset=/.tagwa.org.au/gfwlist +server=/.tagwalk.com/127.0.0.1#5353 +ipset=/.tagwalk.com/gfwlist +server=/.tahr.org.tw/127.0.0.1#5353 +ipset=/.tahr.org.tw/gfwlist +server=/.taipei.gov.tw/127.0.0.1#5353 +ipset=/.taipei.gov.tw/gfwlist +server=/.taipeisociety.org/127.0.0.1#5353 +ipset=/.taipeisociety.org/gfwlist +server=/.taitung-house.gov.tw/127.0.0.1#5353 +ipset=/.taitung-house.gov.tw/gfwlist +server=/.taiwan-sex.com/127.0.0.1#5353 +ipset=/.taiwan-sex.com/gfwlist +server=/.taiwanbible.com/127.0.0.1#5353 +ipset=/.taiwanbible.com/gfwlist +server=/.taiwancon.com/127.0.0.1#5353 +ipset=/.taiwancon.com/gfwlist +server=/.taiwandaily.net/127.0.0.1#5353 +ipset=/.taiwandaily.net/gfwlist +server=/.taiwandc.org/127.0.0.1#5353 +ipset=/.taiwandc.org/gfwlist +server=/.taiwanjobs.gov.tw/127.0.0.1#5353 +ipset=/.taiwanjobs.gov.tw/gfwlist +server=/.taiwanjustice.com/127.0.0.1#5353 +ipset=/.taiwanjustice.com/gfwlist +server=/.taiwankiss.com/127.0.0.1#5353 +ipset=/.taiwankiss.com/gfwlist +server=/.taiwannation.50webs.com/127.0.0.1#5353 +ipset=/.taiwannation.50webs.com/gfwlist +server=/.taiwannation.com/127.0.0.1#5353 +ipset=/.taiwannation.com/gfwlist +server=/.taiwanncf.org.tw/127.0.0.1#5353 +ipset=/.taiwanncf.org.tw/gfwlist +server=/.taiwannews.com.tw/127.0.0.1#5353 +ipset=/.taiwannews.com.tw/gfwlist +server=/.taiwantp.net/127.0.0.1#5353 +ipset=/.taiwantp.net/gfwlist +server=/.taiwantt.org.tw/127.0.0.1#5353 +ipset=/.taiwantt.org.tw/gfwlist +server=/.taiwanus.net/127.0.0.1#5353 +ipset=/.taiwanus.net/gfwlist +server=/.taiwanyes.com/127.0.0.1#5353 +ipset=/.taiwanyes.com/gfwlist +server=/.taiwanyes.ning.com/127.0.0.1#5353 +ipset=/.taiwanyes.ning.com/gfwlist +server=/.talk853.com/127.0.0.1#5353 +ipset=/.talk853.com/gfwlist +server=/.talkboxapp.com/127.0.0.1#5353 +ipset=/.talkboxapp.com/gfwlist +server=/.talkonly.net/127.0.0.1#5353 +ipset=/.talkonly.net/gfwlist +server=/.tamiaode.tk/127.0.0.1#5353 +ipset=/.tamiaode.tk/gfwlist +server=/.tanc.org/127.0.0.1#5353 +ipset=/.tanc.org/gfwlist +server=/.tangben.com/127.0.0.1#5353 +ipset=/.tangben.com/gfwlist +server=/.tangren.us/127.0.0.1#5353 +ipset=/.tangren.us/gfwlist +server=/.taoism.net/127.0.0.1#5353 +ipset=/.taoism.net/gfwlist +server=/.taolun.info/127.0.0.1#5353 +ipset=/.taolun.info/gfwlist +server=/.taoyuan.gov.tw/127.0.0.1#5353 +ipset=/.taoyuan.gov.tw/gfwlist +server=/.tapanwap.com/127.0.0.1#5353 +ipset=/.tapanwap.com/gfwlist +server=/.tapatalk.com/127.0.0.1#5353 +ipset=/.tapatalk.com/gfwlist +server=/.tascn.com.au/127.0.0.1#5353 +ipset=/.tascn.com.au/gfwlist +server=/.taup.net/127.0.0.1#5353 +ipset=/.taup.net/gfwlist +server=/.taweet.com/127.0.0.1#5353 +ipset=/.taweet.com/gfwlist +server=/.tax.nat.gov.tw/127.0.0.1#5353 +ipset=/.tax.nat.gov.tw/gfwlist +server=/.tbcollege.org/127.0.0.1#5353 +ipset=/.tbcollege.org/gfwlist +server=/.tbi.org.hk/127.0.0.1#5353 +ipset=/.tbi.org.hk/gfwlist +server=/.tbicn.org/127.0.0.1#5353 +ipset=/.tbicn.org/gfwlist +server=/.tbjyt.org/127.0.0.1#5353 +ipset=/.tbjyt.org/gfwlist +server=/.tbpic.info/127.0.0.1#5353 +ipset=/.tbpic.info/gfwlist +server=/.tbrc.org/127.0.0.1#5353 +ipset=/.tbrc.org/gfwlist +server=/.tbs-rainbow.org/127.0.0.1#5353 +ipset=/.tbs-rainbow.org/gfwlist +server=/.tbsec.org/127.0.0.1#5353 +ipset=/.tbsec.org/gfwlist +server=/.tbskkinabalu.page.tl/127.0.0.1#5353 +ipset=/.tbskkinabalu.page.tl/gfwlist +server=/.tbsmalaysia.org/127.0.0.1#5353 +ipset=/.tbsmalaysia.org/gfwlist +server=/.tbsn.org/127.0.0.1#5353 +ipset=/.tbsn.org/gfwlist +server=/.tbsseattle.org/127.0.0.1#5353 +ipset=/.tbsseattle.org/gfwlist +server=/.tbssqh.org/127.0.0.1#5353 +ipset=/.tbssqh.org/gfwlist +server=/.tbswd.org/127.0.0.1#5353 +ipset=/.tbswd.org/gfwlist +server=/.tbtemple.org.uk/127.0.0.1#5353 +ipset=/.tbtemple.org.uk/gfwlist +server=/.tbthouston.org/127.0.0.1#5353 +ipset=/.tbthouston.org/gfwlist +server=/.tccwonline.org/127.0.0.1#5353 +ipset=/.tccwonline.org/gfwlist +server=/.tcewf.org/127.0.0.1#5353 +ipset=/.tcewf.org/gfwlist +server=/.tchrd.org/127.0.0.1#5353 +ipset=/.tchrd.org/gfwlist +server=/.tcnynj.org/127.0.0.1#5353 +ipset=/.tcnynj.org/gfwlist +server=/.tcpspeed.co/127.0.0.1#5353 +ipset=/.tcpspeed.co/gfwlist +server=/.tcpspeed.com/127.0.0.1#5353 +ipset=/.tcpspeed.com/gfwlist +server=/.tcsofbc.org/127.0.0.1#5353 +ipset=/.tcsofbc.org/gfwlist +server=/.tcsovi.org/127.0.0.1#5353 +ipset=/.tcsovi.org/gfwlist +server=/.tdm.com.mo/127.0.0.1#5353 +ipset=/.tdm.com.mo/gfwlist +server=/.teachparentstech.org/127.0.0.1#5353 +ipset=/.teachparentstech.org/gfwlist +server=/.teamamericany.com/127.0.0.1#5353 +ipset=/.teamamericany.com/gfwlist +server=/.techviz.net/127.0.0.1#5353 +ipset=/.techviz.net/gfwlist +server=/.teck.in/127.0.0.1#5353 +ipset=/.teck.in/gfwlist +server=/.teco-hk.org/127.0.0.1#5353 +ipset=/.teco-hk.org/gfwlist +server=/.teco-mo.org/127.0.0.1#5353 +ipset=/.teco-mo.org/gfwlist +server=/.teddysun.com/127.0.0.1#5353 +ipset=/.teddysun.com/gfwlist +server=/.teeniefuck.net/127.0.0.1#5353 +ipset=/.teeniefuck.net/gfwlist +server=/.teensinasia.com/127.0.0.1#5353 +ipset=/.teensinasia.com/gfwlist +server=/.telecomspace.com/127.0.0.1#5353 +ipset=/.telecomspace.com/gfwlist +server=/.telegram.dog/127.0.0.1#5353 +ipset=/.telegram.dog/gfwlist +server=/.telegram.me/127.0.0.1#5353 +ipset=/.telegram.me/gfwlist +server=/.telegram.org/127.0.0.1#5353 +ipset=/.telegram.org/gfwlist +server=/.telegramdownload.com/127.0.0.1#5353 +ipset=/.telegramdownload.com/gfwlist +server=/.telegraph.co.uk/127.0.0.1#5353 +ipset=/.telegraph.co.uk/gfwlist +server=/.telesco.pe/127.0.0.1#5353 +ipset=/.telesco.pe/gfwlist +server=/.tellme.pw/127.0.0.1#5353 +ipset=/.tellme.pw/gfwlist +server=/.tenacy.com/127.0.0.1#5353 +ipset=/.tenacy.com/gfwlist +server=/.tensorflow.org/127.0.0.1#5353 +ipset=/.tensorflow.org/gfwlist +server=/.tenzinpalmo.com/127.0.0.1#5353 +ipset=/.tenzinpalmo.com/gfwlist +server=/.terminus2049.github.io/127.0.0.1#5353 +ipset=/.terminus2049.github.io/gfwlist +server=/.tew.org/127.0.0.1#5353 +ipset=/.tew.org/gfwlist +server=/.textnow.me/127.0.0.1#5353 +ipset=/.textnow.me/gfwlist +server=/.th.hao123.com/127.0.0.1#5353 +ipset=/.th.hao123.com/gfwlist +server=/.thaicn.com/127.0.0.1#5353 +ipset=/.thaicn.com/gfwlist +server=/.thb.gov.tw/127.0.0.1#5353 +ipset=/.thb.gov.tw/gfwlist +server=/.theatrum-belli.com/127.0.0.1#5353 +ipset=/.theatrum-belli.com/gfwlist +server=/.thebcomplex.com/127.0.0.1#5353 +ipset=/.thebcomplex.com/gfwlist +server=/.theblemish.com/127.0.0.1#5353 +ipset=/.theblemish.com/gfwlist +server=/.thebobs.com/127.0.0.1#5353 +ipset=/.thebobs.com/gfwlist +server=/.thebodyshop-usa.com/127.0.0.1#5353 +ipset=/.thebodyshop-usa.com/gfwlist +server=/.thecenter.mit.edu/127.0.0.1#5353 +ipset=/.thecenter.mit.edu/gfwlist +server=/.thechinabeat.org/127.0.0.1#5353 +ipset=/.thechinabeat.org/gfwlist +server=/.thedalailamamovie.com/127.0.0.1#5353 +ipset=/.thedalailamamovie.com/gfwlist +server=/.thedw.us/127.0.0.1#5353 +ipset=/.thedw.us/gfwlist +server=/.thefacebook.com/127.0.0.1#5353 +ipset=/.thefacebook.com/gfwlist +server=/.thegly.com/127.0.0.1#5353 +ipset=/.thegly.com/gfwlist +server=/.thehots.info/127.0.0.1#5353 +ipset=/.thehots.info/gfwlist +server=/.thehousenews.com/127.0.0.1#5353 +ipset=/.thehousenews.com/gfwlist +server=/.thehun.net/127.0.0.1#5353 +ipset=/.thehun.net/gfwlist +server=/.theinitium.com/127.0.0.1#5353 +ipset=/.theinitium.com/gfwlist +server=/.thenewslens.com/127.0.0.1#5353 +ipset=/.thenewslens.com/gfwlist +server=/.thepiratebay.org/127.0.0.1#5353 +ipset=/.thepiratebay.org/gfwlist +server=/.theportalwiki.com/127.0.0.1#5353 +ipset=/.theportalwiki.com/gfwlist +server=/.thereallove.kr/127.0.0.1#5353 +ipset=/.thereallove.kr/gfwlist +server=/.therock.net.nz/127.0.0.1#5353 +ipset=/.therock.net.nz/gfwlist +server=/.thespeeder.com/127.0.0.1#5353 +ipset=/.thespeeder.com/gfwlist +server=/.thestandnews.com/127.0.0.1#5353 +ipset=/.thestandnews.com/gfwlist +server=/.thetibetcenter.org/127.0.0.1#5353 +ipset=/.thetibetcenter.org/gfwlist +server=/.thetibetconnection.org/127.0.0.1#5353 +ipset=/.thetibetconnection.org/gfwlist +server=/.thetibetmuseum.org/127.0.0.1#5353 +ipset=/.thetibetmuseum.org/gfwlist +server=/.thetibetpost.com/127.0.0.1#5353 +ipset=/.thetibetpost.com/gfwlist +server=/.thetinhat.com/127.0.0.1#5353 +ipset=/.thetinhat.com/gfwlist +server=/.thetrotskymovie.com/127.0.0.1#5353 +ipset=/.thetrotskymovie.com/gfwlist +server=/.thevivekspot.com/127.0.0.1#5353 +ipset=/.thevivekspot.com/gfwlist +server=/.thewgo.org/127.0.0.1#5353 +ipset=/.thewgo.org/gfwlist +server=/.theync.com/127.0.0.1#5353 +ipset=/.theync.com/gfwlist +server=/.thinkingtaiwan.com/127.0.0.1#5353 +ipset=/.thinkingtaiwan.com/gfwlist +server=/.thinkwithgoogle.com/127.0.0.1#5353 +ipset=/.thinkwithgoogle.com/gfwlist +server=/.thisav.com/127.0.0.1#5353 +ipset=/.thisav.com/gfwlist +server=/.thlib.org/127.0.0.1#5353 +ipset=/.thlib.org/gfwlist +server=/.thomasbernhard.org/127.0.0.1#5353 +ipset=/.thomasbernhard.org/gfwlist +server=/.thongdreams.com/127.0.0.1#5353 +ipset=/.thongdreams.com/gfwlist +server=/.threatchaos.com/127.0.0.1#5353 +ipset=/.threatchaos.com/gfwlist +server=/.throughnightsfire.com/127.0.0.1#5353 +ipset=/.throughnightsfire.com/gfwlist +server=/.thumbzilla.com/127.0.0.1#5353 +ipset=/.thumbzilla.com/gfwlist +server=/.thywords.com/127.0.0.1#5353 +ipset=/.thywords.com/gfwlist +server=/.tiananmenduizhi.com/127.0.0.1#5353 +ipset=/.tiananmenduizhi.com/gfwlist +server=/.tiananmenmother.org/127.0.0.1#5353 +ipset=/.tiananmenmother.org/gfwlist +server=/.tiananmenuniv.com/127.0.0.1#5353 +ipset=/.tiananmenuniv.com/gfwlist +server=/.tiananmenuniv.net/127.0.0.1#5353 +ipset=/.tiananmenuniv.net/gfwlist +server=/.tiandixing.org/127.0.0.1#5353 +ipset=/.tiandixing.org/gfwlist +server=/.tianhuayuan.com/127.0.0.1#5353 +ipset=/.tianhuayuan.com/gfwlist +server=/.tianlawoffice.com/127.0.0.1#5353 +ipset=/.tianlawoffice.com/gfwlist +server=/.tianti.io/127.0.0.1#5353 +ipset=/.tianti.io/gfwlist +server=/.tiantibooks.org/127.0.0.1#5353 +ipset=/.tiantibooks.org/gfwlist +server=/.tianyantong.org.cn/127.0.0.1#5353 +ipset=/.tianyantong.org.cn/gfwlist +server=/.tianzhu.org/127.0.0.1#5353 +ipset=/.tianzhu.org/gfwlist +server=/.tibet-envoy.eu/127.0.0.1#5353 +ipset=/.tibet-envoy.eu/gfwlist +server=/.tibet-foundation.org/127.0.0.1#5353 +ipset=/.tibet-foundation.org/gfwlist +server=/.tibet-house-trust.co.uk/127.0.0.1#5353 +ipset=/.tibet-house-trust.co.uk/gfwlist +server=/.tibet-info.net/127.0.0.1#5353 +ipset=/.tibet-info.net/gfwlist +server=/.tibet-initiative.de/127.0.0.1#5353 +ipset=/.tibet-initiative.de/gfwlist +server=/.tibet-munich.de/127.0.0.1#5353 +ipset=/.tibet-munich.de/gfwlist +server=/.tibet.a.se/127.0.0.1#5353 +ipset=/.tibet.a.se/gfwlist +server=/.tibet.at/127.0.0.1#5353 +ipset=/.tibet.at/gfwlist +server=/.tibet.ca/127.0.0.1#5353 +ipset=/.tibet.ca/gfwlist +server=/.tibet.com/127.0.0.1#5353 +ipset=/.tibet.com/gfwlist +server=/.tibet.fr/127.0.0.1#5353 +ipset=/.tibet.fr/gfwlist +server=/.tibet.net/127.0.0.1#5353 +ipset=/.tibet.net/gfwlist +server=/.tibet.nu/127.0.0.1#5353 +ipset=/.tibet.nu/gfwlist +server=/.tibet.org/127.0.0.1#5353 +ipset=/.tibet.org/gfwlist +server=/.tibet.sk/127.0.0.1#5353 +ipset=/.tibet.sk/gfwlist +server=/.tibet.to/127.0.0.1#5353 +ipset=/.tibet.to/gfwlist +server=/.tibet3rdpole.org/127.0.0.1#5353 +ipset=/.tibet3rdpole.org/gfwlist +server=/.tibetaction.net/127.0.0.1#5353 +ipset=/.tibetaction.net/gfwlist +server=/.tibetaid.org/127.0.0.1#5353 +ipset=/.tibetaid.org/gfwlist +server=/.tibetalk.com/127.0.0.1#5353 +ipset=/.tibetalk.com/gfwlist +server=/.tibetan-alliance.org/127.0.0.1#5353 +ipset=/.tibetan-alliance.org/gfwlist +server=/.tibetan.fr/127.0.0.1#5353 +ipset=/.tibetan.fr/gfwlist +server=/.tibetanaidproject.org/127.0.0.1#5353 +ipset=/.tibetanaidproject.org/gfwlist +server=/.tibetanarts.org/127.0.0.1#5353 +ipset=/.tibetanarts.org/gfwlist +server=/.tibetanbuddhistinstitute.org/127.0.0.1#5353 +ipset=/.tibetanbuddhistinstitute.org/gfwlist +server=/.tibetancommunity.org/127.0.0.1#5353 +ipset=/.tibetancommunity.org/gfwlist +server=/.tibetancommunityuk.net/127.0.0.1#5353 +ipset=/.tibetancommunityuk.net/gfwlist +server=/.tibetanculture.org/127.0.0.1#5353 +ipset=/.tibetanculture.org/gfwlist +server=/.tibetanfeministcollective.org/127.0.0.1#5353 +ipset=/.tibetanfeministcollective.org/gfwlist +server=/.tibetanjournal.com/127.0.0.1#5353 +ipset=/.tibetanjournal.com/gfwlist +server=/.tibetanlanguage.org/127.0.0.1#5353 +ipset=/.tibetanlanguage.org/gfwlist +server=/.tibetanliberation.org/127.0.0.1#5353 +ipset=/.tibetanliberation.org/gfwlist +server=/.tibetanpaintings.com/127.0.0.1#5353 +ipset=/.tibetanpaintings.com/gfwlist +server=/.tibetanphotoproject.com/127.0.0.1#5353 +ipset=/.tibetanphotoproject.com/gfwlist +server=/.tibetanpoliticalreview.org/127.0.0.1#5353 +ipset=/.tibetanpoliticalreview.org/gfwlist +server=/.tibetanreview.net/127.0.0.1#5353 +ipset=/.tibetanreview.net/gfwlist +server=/.tibetansports.org/127.0.0.1#5353 +ipset=/.tibetansports.org/gfwlist +server=/.tibetanwomen.org/127.0.0.1#5353 +ipset=/.tibetanwomen.org/gfwlist +server=/.tibetanyouth.org/127.0.0.1#5353 +ipset=/.tibetanyouth.org/gfwlist +server=/.tibetanyouthcongress.org/127.0.0.1#5353 +ipset=/.tibetanyouthcongress.org/gfwlist +server=/.tibetcharity.dk/127.0.0.1#5353 +ipset=/.tibetcharity.dk/gfwlist +server=/.tibetcharity.in/127.0.0.1#5353 +ipset=/.tibetcharity.in/gfwlist +server=/.tibetchild.org/127.0.0.1#5353 +ipset=/.tibetchild.org/gfwlist +server=/.tibetcity.com/127.0.0.1#5353 +ipset=/.tibetcity.com/gfwlist +server=/.tibetcollection.com/127.0.0.1#5353 +ipset=/.tibetcollection.com/gfwlist +server=/.tibetcorps.org/127.0.0.1#5353 +ipset=/.tibetcorps.org/gfwlist +server=/.tibetexpress.net/127.0.0.1#5353 +ipset=/.tibetexpress.net/gfwlist +server=/.tibetfocus.com/127.0.0.1#5353 +ipset=/.tibetfocus.com/gfwlist +server=/.tibetfund.org/127.0.0.1#5353 +ipset=/.tibetfund.org/gfwlist +server=/.tibetgermany.com/127.0.0.1#5353 +ipset=/.tibetgermany.com/gfwlist +server=/.tibetgermany.de/127.0.0.1#5353 +ipset=/.tibetgermany.de/gfwlist +server=/.tibethaus.com/127.0.0.1#5353 +ipset=/.tibethaus.com/gfwlist +server=/.tibetheritagefund.org/127.0.0.1#5353 +ipset=/.tibetheritagefund.org/gfwlist +server=/.tibethouse.jp/127.0.0.1#5353 +ipset=/.tibethouse.jp/gfwlist +server=/.tibethouse.org/127.0.0.1#5353 +ipset=/.tibethouse.org/gfwlist +server=/.tibethouse.us/127.0.0.1#5353 +ipset=/.tibethouse.us/gfwlist +server=/.tibetinfonet.net/127.0.0.1#5353 +ipset=/.tibetinfonet.net/gfwlist +server=/.tibetjustice.org/127.0.0.1#5353 +ipset=/.tibetjustice.org/gfwlist +server=/.tibetkomite.dk/127.0.0.1#5353 +ipset=/.tibetkomite.dk/gfwlist +server=/.tibetlibre.free.fr/127.0.0.1#5353 +ipset=/.tibetlibre.free.fr/gfwlist +server=/.tibetmuseum.org/127.0.0.1#5353 +ipset=/.tibetmuseum.org/gfwlist +server=/.tibetnetwork.org/127.0.0.1#5353 +ipset=/.tibetnetwork.org/gfwlist +server=/.tibetoffice.ch/127.0.0.1#5353 +ipset=/.tibetoffice.ch/gfwlist +server=/.tibetoffice.com.au/127.0.0.1#5353 +ipset=/.tibetoffice.com.au/gfwlist +server=/.tibetoffice.eu/127.0.0.1#5353 +ipset=/.tibetoffice.eu/gfwlist +server=/.tibetoffice.org/127.0.0.1#5353 +ipset=/.tibetoffice.org/gfwlist +server=/.tibetonline.com/127.0.0.1#5353 +ipset=/.tibetonline.com/gfwlist +server=/.tibetonline.tv/127.0.0.1#5353 +ipset=/.tibetonline.tv/gfwlist +server=/.tibetoralhistory.org/127.0.0.1#5353 +ipset=/.tibetoralhistory.org/gfwlist +server=/.tibetpolicy.eu/127.0.0.1#5353 +ipset=/.tibetpolicy.eu/gfwlist +server=/.tibetrelieffund.co.uk/127.0.0.1#5353 +ipset=/.tibetrelieffund.co.uk/gfwlist +server=/.tibetsites.com/127.0.0.1#5353 +ipset=/.tibetsites.com/gfwlist +server=/.tibetsociety.com/127.0.0.1#5353 +ipset=/.tibetsociety.com/gfwlist +server=/.tibetsun.com/127.0.0.1#5353 +ipset=/.tibetsun.com/gfwlist +server=/.tibetsupportgroup.org/127.0.0.1#5353 +ipset=/.tibetsupportgroup.org/gfwlist +server=/.tibetswiss.ch/127.0.0.1#5353 +ipset=/.tibetswiss.ch/gfwlist +server=/.tibettelegraph.com/127.0.0.1#5353 +ipset=/.tibettelegraph.com/gfwlist +server=/.tibettimes.net/127.0.0.1#5353 +ipset=/.tibettimes.net/gfwlist +server=/.tibetwrites.org/127.0.0.1#5353 +ipset=/.tibetwrites.org/gfwlist +server=/.ticket.com.tw/127.0.0.1#5353 +ipset=/.ticket.com.tw/gfwlist +server=/.tigervpn.com/127.0.0.1#5353 +ipset=/.tigervpn.com/gfwlist +server=/.tiltbrush.com/127.0.0.1#5353 +ipset=/.tiltbrush.com/gfwlist +server=/.timdir.com/127.0.0.1#5353 +ipset=/.timdir.com/gfwlist +server=/.time.com/127.0.0.1#5353 +ipset=/.time.com/gfwlist +server=/.times.hinet.net/127.0.0.1#5353 +ipset=/.times.hinet.net/gfwlist +server=/.timsah.com/127.0.0.1#5353 +ipset=/.timsah.com/gfwlist +server=/.tineye.com/127.0.0.1#5353 +ipset=/.tineye.com/gfwlist +server=/.tintuc101.com/127.0.0.1#5353 +ipset=/.tintuc101.com/gfwlist +server=/.tiny.cc/127.0.0.1#5353 +ipset=/.tiny.cc/gfwlist +server=/.tinychat.com/127.0.0.1#5353 +ipset=/.tinychat.com/gfwlist +server=/.tinypaste.com/127.0.0.1#5353 +ipset=/.tinypaste.com/gfwlist +server=/.tipo.gov.tw/127.0.0.1#5353 +ipset=/.tipo.gov.tw/gfwlist +server=/.tistory.com/127.0.0.1#5353 +ipset=/.tistory.com/gfwlist +server=/.tkcs-collins.com/127.0.0.1#5353 +ipset=/.tkcs-collins.com/gfwlist +server=/.tma.co.jp/127.0.0.1#5353 +ipset=/.tma.co.jp/gfwlist +server=/.tmagazine.com/127.0.0.1#5353 +ipset=/.tmagazine.com/gfwlist +server=/.tmdfish.com/127.0.0.1#5353 +ipset=/.tmdfish.com/gfwlist +server=/.tmi.me/127.0.0.1#5353 +ipset=/.tmi.me/gfwlist +server=/.tmpp.org/127.0.0.1#5353 +ipset=/.tmpp.org/gfwlist +server=/.tn1.shemalez.com/127.0.0.1#5353 +ipset=/.tn1.shemalez.com/gfwlist +server=/.tn2.shemalez.com/127.0.0.1#5353 +ipset=/.tn2.shemalez.com/gfwlist +server=/.tn3.shemalez.com/127.0.0.1#5353 +ipset=/.tn3.shemalez.com/gfwlist +server=/.tnaflix.com/127.0.0.1#5353 +ipset=/.tnaflix.com/gfwlist +server=/.tngrnow.com/127.0.0.1#5353 +ipset=/.tngrnow.com/gfwlist +server=/.tngrnow.net/127.0.0.1#5353 +ipset=/.tngrnow.net/gfwlist +server=/.tnp.org/127.0.0.1#5353 +ipset=/.tnp.org/gfwlist +server=/.to-porno.com/127.0.0.1#5353 +ipset=/.to-porno.com/gfwlist +server=/.togetter.com/127.0.0.1#5353 +ipset=/.togetter.com/gfwlist +server=/.toh.info/127.0.0.1#5353 +ipset=/.toh.info/gfwlist +server=/.tokyo-247.com/127.0.0.1#5353 +ipset=/.tokyo-247.com/gfwlist +server=/.tokyo-hot.com/127.0.0.1#5353 +ipset=/.tokyo-hot.com/gfwlist +server=/.tokyo-porn-tube.com/127.0.0.1#5353 +ipset=/.tokyo-porn-tube.com/gfwlist +server=/.tokyocn.com/127.0.0.1#5353 +ipset=/.tokyocn.com/gfwlist +server=/.tongil.or.kr/127.0.0.1#5353 +ipset=/.tongil.or.kr/gfwlist +server=/.tono-oka.jp/127.0.0.1#5353 +ipset=/.tono-oka.jp/gfwlist +server=/.tonyyan.net/127.0.0.1#5353 +ipset=/.tonyyan.net/gfwlist +server=/.toodoc.com/127.0.0.1#5353 +ipset=/.toodoc.com/gfwlist +server=/.tools.google.com/127.0.0.1#5353 +ipset=/.tools.google.com/gfwlist +server=/.toonel.net/127.0.0.1#5353 +ipset=/.toonel.net/gfwlist +server=/.top.tv/127.0.0.1#5353 +ipset=/.top.tv/gfwlist +server=/.top81.ws/127.0.0.1#5353 +ipset=/.top81.ws/gfwlist +server=/.topbtc.com/127.0.0.1#5353 +ipset=/.topbtc.com/gfwlist +server=/.topic.youthwant.com.tw/127.0.0.1#5353 +ipset=/.topic.youthwant.com.tw/gfwlist +server=/.topnews.in/127.0.0.1#5353 +ipset=/.topnews.in/gfwlist +server=/.toppornsites.com/127.0.0.1#5353 +ipset=/.toppornsites.com/gfwlist +server=/.topshareware.com/127.0.0.1#5353 +ipset=/.topshareware.com/gfwlist +server=/.topsy.com/127.0.0.1#5353 +ipset=/.topsy.com/gfwlist +server=/.toptip.ca/127.0.0.1#5353 +ipset=/.toptip.ca/gfwlist +server=/.tor.blingblingsquad.net/127.0.0.1#5353 +ipset=/.tor.blingblingsquad.net/gfwlist +server=/.tor.updatestar.com/127.0.0.1#5353 +ipset=/.tor.updatestar.com/gfwlist +server=/.tora.to/127.0.0.1#5353 +ipset=/.tora.to/gfwlist +server=/.torcn.com/127.0.0.1#5353 +ipset=/.torcn.com/gfwlist +server=/.torguard.net/127.0.0.1#5353 +ipset=/.torguard.net/gfwlist +server=/.torproject.org/127.0.0.1#5353 +ipset=/.torproject.org/gfwlist +server=/.torrentprivacy.com/127.0.0.1#5353 +ipset=/.torrentprivacy.com/gfwlist +server=/.torrentproject.se/127.0.0.1#5353 +ipset=/.torrentproject.se/gfwlist +server=/.torrenty.org/127.0.0.1#5353 +ipset=/.torrenty.org/gfwlist +server=/.torrentz.eu/127.0.0.1#5353 +ipset=/.torrentz.eu/gfwlist +server=/.torvpn.com/127.0.0.1#5353 +ipset=/.torvpn.com/gfwlist +server=/.tosh.comedycentral.com/127.0.0.1#5353 +ipset=/.tosh.comedycentral.com/gfwlist +server=/.totalvpn.com/127.0.0.1#5353 +ipset=/.totalvpn.com/gfwlist +server=/.toutiaoabc.com/127.0.0.1#5353 +ipset=/.toutiaoabc.com/gfwlist +server=/.towngain.com/127.0.0.1#5353 +ipset=/.towngain.com/gfwlist +server=/.toypark.in/127.0.0.1#5353 +ipset=/.toypark.in/gfwlist +server=/.toythieves.com/127.0.0.1#5353 +ipset=/.toythieves.com/gfwlist +server=/.toytractorshow.com/127.0.0.1#5353 +ipset=/.toytractorshow.com/gfwlist +server=/.tparents.org/127.0.0.1#5353 +ipset=/.tparents.org/gfwlist +server=/.tpde.aide.gov.tw/127.0.0.1#5353 +ipset=/.tpde.aide.gov.tw/gfwlist +server=/.tphcc.gov.tw/127.0.0.1#5353 +ipset=/.tphcc.gov.tw/gfwlist +server=/.tpi.org.tw/127.0.0.1#5353 +ipset=/.tpi.org.tw/gfwlist +server=/.tracfone.com/127.0.0.1#5353 +ipset=/.tracfone.com/gfwlist +server=/.traffichaus.com/127.0.0.1#5353 +ipset=/.traffichaus.com/gfwlist +server=/.translate.google.cn/127.0.0.1#5353 +ipset=/.translate.google.cn/gfwlist +server=/.translate.googleapis.com/127.0.0.1#5353 +ipset=/.translate.googleapis.com/gfwlist +server=/.transparency.org/127.0.0.1#5353 +ipset=/.transparency.org/gfwlist +server=/.treemall.com.tw/127.0.0.1#5353 +ipset=/.treemall.com.tw/gfwlist +server=/.trendsmap.com/127.0.0.1#5353 +ipset=/.trendsmap.com/gfwlist +server=/.trialofccp.org/127.0.0.1#5353 +ipset=/.trialofccp.org/gfwlist +server=/.trickip.net/127.0.0.1#5353 +ipset=/.trickip.net/gfwlist +server=/.trickip.org/127.0.0.1#5353 +ipset=/.trickip.org/gfwlist +server=/.trimt-nsa.gov.tw/127.0.0.1#5353 +ipset=/.trimt-nsa.gov.tw/gfwlist +server=/.trouw.nl/127.0.0.1#5353 +ipset=/.trouw.nl/gfwlist +server=/.trt.net.tr/127.0.0.1#5353 +ipset=/.trt.net.tr/gfwlist +server=/.trtc.com.tw/127.0.0.1#5353 +ipset=/.trtc.com.tw/gfwlist +server=/.truebuddha-md.org/127.0.0.1#5353 +ipset=/.truebuddha-md.org/gfwlist +server=/.trulyergonomic.com/127.0.0.1#5353 +ipset=/.trulyergonomic.com/gfwlist +server=/.truth101.co.tv/127.0.0.1#5353 +ipset=/.truth101.co.tv/gfwlist +server=/.truthontour.org/127.0.0.1#5353 +ipset=/.truthontour.org/gfwlist +server=/.truveo.com/127.0.0.1#5353 +ipset=/.truveo.com/gfwlist +server=/.tryheart.jp/127.0.0.1#5353 +ipset=/.tryheart.jp/gfwlist +server=/.tsctv.net/127.0.0.1#5353 +ipset=/.tsctv.net/gfwlist +server=/.tsdr.uspto.gov/127.0.0.1#5353 +ipset=/.tsdr.uspto.gov/gfwlist +server=/.tsemtulku.com/127.0.0.1#5353 +ipset=/.tsemtulku.com/gfwlist +server=/.tsquare.tv/127.0.0.1#5353 +ipset=/.tsquare.tv/gfwlist +server=/.tsu.org.tw/127.0.0.1#5353 +ipset=/.tsu.org.tw/gfwlist +server=/.tsunagarumon.com/127.0.0.1#5353 +ipset=/.tsunagarumon.com/gfwlist +server=/.tt-rss.org/127.0.0.1#5353 +ipset=/.tt-rss.org/gfwlist +server=/.tt1069.com/127.0.0.1#5353 +ipset=/.tt1069.com/gfwlist +server=/.tttan.com/127.0.0.1#5353 +ipset=/.tttan.com/gfwlist +server=/.tu8964.com/127.0.0.1#5353 +ipset=/.tu8964.com/gfwlist +server=/.tubaholic.com/127.0.0.1#5353 +ipset=/.tubaholic.com/gfwlist +server=/.tube.com/127.0.0.1#5353 +ipset=/.tube.com/gfwlist +server=/.tube8.com/127.0.0.1#5353 +ipset=/.tube8.com/gfwlist +server=/.tube911.com/127.0.0.1#5353 +ipset=/.tube911.com/gfwlist +server=/.tubecup.com/127.0.0.1#5353 +ipset=/.tubecup.com/gfwlist +server=/.tubegals.com/127.0.0.1#5353 +ipset=/.tubegals.com/gfwlist +server=/.tubeislam.com/127.0.0.1#5353 +ipset=/.tubeislam.com/gfwlist +server=/.tubepornclassic.com/127.0.0.1#5353 +ipset=/.tubepornclassic.com/gfwlist +server=/.tubestack.com/127.0.0.1#5353 +ipset=/.tubestack.com/gfwlist +server=/.tubewolf.com/127.0.0.1#5353 +ipset=/.tubewolf.com/gfwlist +server=/.tui.orzdream.com/127.0.0.1#5353 +ipset=/.tui.orzdream.com/gfwlist +server=/.tuibeitu.net/127.0.0.1#5353 +ipset=/.tuibeitu.net/gfwlist +server=/.tuidang.net/127.0.0.1#5353 +ipset=/.tuidang.net/gfwlist +server=/.tuidang.org/127.0.0.1#5353 +ipset=/.tuidang.org/gfwlist +server=/.tuidang.se/127.0.0.1#5353 +ipset=/.tuidang.se/gfwlist +server=/.tuitwit.com/127.0.0.1#5353 +ipset=/.tuitwit.com/gfwlist +server=/.tumblr.com/127.0.0.1#5353 +ipset=/.tumblr.com/gfwlist +server=/.tumutanzi.com/127.0.0.1#5353 +ipset=/.tumutanzi.com/gfwlist +server=/.tumview.com/127.0.0.1#5353 +ipset=/.tumview.com/gfwlist +server=/.tunein.com/127.0.0.1#5353 +ipset=/.tunein.com/gfwlist +server=/.tunnelbear.com/127.0.0.1#5353 +ipset=/.tunnelbear.com/gfwlist +server=/.tunnelr.com/127.0.0.1#5353 +ipset=/.tunnelr.com/gfwlist +server=/.tuo8.blue/127.0.0.1#5353 +ipset=/.tuo8.blue/gfwlist +server=/.tuo8.cc/127.0.0.1#5353 +ipset=/.tuo8.cc/gfwlist +server=/.tuo8.club/127.0.0.1#5353 +ipset=/.tuo8.club/gfwlist +server=/.tuo8.fit/127.0.0.1#5353 +ipset=/.tuo8.fit/gfwlist +server=/.tuo8.hk/127.0.0.1#5353 +ipset=/.tuo8.hk/gfwlist +server=/.tuo8.in/127.0.0.1#5353 +ipset=/.tuo8.in/gfwlist +server=/.tuo8.ninja/127.0.0.1#5353 +ipset=/.tuo8.ninja/gfwlist +server=/.tuo8.org/127.0.0.1#5353 +ipset=/.tuo8.org/gfwlist +server=/.tuo8.pw/127.0.0.1#5353 +ipset=/.tuo8.pw/gfwlist +server=/.tuo8.red/127.0.0.1#5353 +ipset=/.tuo8.red/gfwlist +server=/.tuo8.space/127.0.0.1#5353 +ipset=/.tuo8.space/gfwlist +server=/.turansam.org/127.0.0.1#5353 +ipset=/.turansam.org/gfwlist +server=/.turbobit.net/127.0.0.1#5353 +ipset=/.turbobit.net/gfwlist +server=/.turbohide.com/127.0.0.1#5353 +ipset=/.turbohide.com/gfwlist +server=/.turbotwitter.com/127.0.0.1#5353 +ipset=/.turbotwitter.com/gfwlist +server=/.turntable.fm/127.0.0.1#5353 +ipset=/.turntable.fm/gfwlist +server=/.tushycash.com/127.0.0.1#5353 +ipset=/.tushycash.com/gfwlist +server=/.tuvpn.com/127.0.0.1#5353 +ipset=/.tuvpn.com/gfwlist +server=/.tuzaijidi.com/127.0.0.1#5353 +ipset=/.tuzaijidi.com/gfwlist +server=/.tv.com/127.0.0.1#5353 +ipset=/.tv.com/gfwlist +server=/.tvants.com/127.0.0.1#5353 +ipset=/.tvants.com/gfwlist +server=/.tvboxnow.com/127.0.0.1#5353 +ipset=/.tvboxnow.com/gfwlist +server=/.tvider.com/127.0.0.1#5353 +ipset=/.tvider.com/gfwlist +server=/.tvmost.com.hk/127.0.0.1#5353 +ipset=/.tvmost.com.hk/gfwlist +server=/.tvplayvideos.com/127.0.0.1#5353 +ipset=/.tvplayvideos.com/gfwlist +server=/.tvunetworks.com/127.0.0.1#5353 +ipset=/.tvunetworks.com/gfwlist +server=/.tw-blog.com/127.0.0.1#5353 +ipset=/.tw-blog.com/gfwlist +server=/.tw-npo.org/127.0.0.1#5353 +ipset=/.tw-npo.org/gfwlist +server=/.tw.answers.yahoo.com/127.0.0.1#5353 +ipset=/.tw.answers.yahoo.com/gfwlist +server=/.tw.bid.yahoo.com/127.0.0.1#5353 +ipset=/.tw.bid.yahoo.com/gfwlist +server=/.tw.gigacircle.com/127.0.0.1#5353 +ipset=/.tw.gigacircle.com/gfwlist +server=/.tw.hao123.com/127.0.0.1#5353 +ipset=/.tw.hao123.com/gfwlist +server=/.tw.jiepang.com/127.0.0.1#5353 +ipset=/.tw.jiepang.com/gfwlist +server=/.tw.knowledge.yahoo.com/127.0.0.1#5353 +ipset=/.tw.knowledge.yahoo.com/gfwlist +server=/.tw.mall.yahoo.com/127.0.0.1#5353 +ipset=/.tw.mall.yahoo.com/gfwlist +server=/.tw.mobi.yahoo.com/127.0.0.1#5353 +ipset=/.tw.mobi.yahoo.com/gfwlist +server=/.tw.money.yahoo.com/127.0.0.1#5353 +ipset=/.tw.money.yahoo.com/gfwlist +server=/.tw.myblog.yahoo.com/127.0.0.1#5353 +ipset=/.tw.myblog.yahoo.com/gfwlist +server=/.tw.news.yahoo.com/127.0.0.1#5353 +ipset=/.tw.news.yahoo.com/gfwlist +server=/.tw.streetvoice.com/127.0.0.1#5353 +ipset=/.tw.streetvoice.com/gfwlist +server=/.tw.tomonews.net/127.0.0.1#5353 +ipset=/.tw.tomonews.net/gfwlist +server=/.tw.voa.mobi/127.0.0.1#5353 +ipset=/.tw.voa.mobi/gfwlist +server=/.tw.yahoo.com/127.0.0.1#5353 +ipset=/.tw.yahoo.com/gfwlist +server=/.tw01.org/127.0.0.1#5353 +ipset=/.tw01.org/gfwlist +server=/.twaitter.com/127.0.0.1#5353 +ipset=/.twaitter.com/gfwlist +server=/.twapperkeeper.com/127.0.0.1#5353 +ipset=/.twapperkeeper.com/gfwlist +server=/.twaud.io/127.0.0.1#5353 +ipset=/.twaud.io/gfwlist +server=/.twavi.com/127.0.0.1#5353 +ipset=/.twavi.com/gfwlist +server=/.twbbs.net.tw/127.0.0.1#5353 +ipset=/.twbbs.net.tw/gfwlist +server=/.twbbs.org/127.0.0.1#5353 +ipset=/.twbbs.org/gfwlist +server=/.twbbs.tw/127.0.0.1#5353 +ipset=/.twbbs.tw/gfwlist +server=/.twblogger.com/127.0.0.1#5353 +ipset=/.twblogger.com/gfwlist +server=/.tweepguide.com/127.0.0.1#5353 +ipset=/.tweepguide.com/gfwlist +server=/.tweeplike.me/127.0.0.1#5353 +ipset=/.tweeplike.me/gfwlist +server=/.tweepmag.com/127.0.0.1#5353 +ipset=/.tweepmag.com/gfwlist +server=/.tweepml.org/127.0.0.1#5353 +ipset=/.tweepml.org/gfwlist +server=/.tweetbackup.com/127.0.0.1#5353 +ipset=/.tweetbackup.com/gfwlist +server=/.tweetboard.com/127.0.0.1#5353 +ipset=/.tweetboard.com/gfwlist +server=/.tweetboner.biz/127.0.0.1#5353 +ipset=/.tweetboner.biz/gfwlist +server=/.tweetcs.com/127.0.0.1#5353 +ipset=/.tweetcs.com/gfwlist +server=/.tweetdeck.com/127.0.0.1#5353 +ipset=/.tweetdeck.com/gfwlist +server=/.tweetedtimes.com/127.0.0.1#5353 +ipset=/.tweetedtimes.com/gfwlist +server=/.tweetmylast.fm/127.0.0.1#5353 +ipset=/.tweetmylast.fm/gfwlist +server=/.tweetphoto.com/127.0.0.1#5353 +ipset=/.tweetphoto.com/gfwlist +server=/.tweetrans.com/127.0.0.1#5353 +ipset=/.tweetrans.com/gfwlist +server=/.tweetree.com/127.0.0.1#5353 +ipset=/.tweetree.com/gfwlist +server=/.tweettunnel.com/127.0.0.1#5353 +ipset=/.tweettunnel.com/gfwlist +server=/.tweetwally.com/127.0.0.1#5353 +ipset=/.tweetwally.com/gfwlist +server=/.tweetymail.com/127.0.0.1#5353 +ipset=/.tweetymail.com/gfwlist +server=/.tweez.net/127.0.0.1#5353 +ipset=/.tweez.net/gfwlist +server=/.twelve.today/127.0.0.1#5353 +ipset=/.twelve.today/gfwlist +server=/.twerkingbutt.com/127.0.0.1#5353 +ipset=/.twerkingbutt.com/gfwlist +server=/.twftp.org/127.0.0.1#5353 +ipset=/.twftp.org/gfwlist +server=/.twgreatdaily.com/127.0.0.1#5353 +ipset=/.twgreatdaily.com/gfwlist +server=/.twibase.com/127.0.0.1#5353 +ipset=/.twibase.com/gfwlist +server=/.twibble.de/127.0.0.1#5353 +ipset=/.twibble.de/gfwlist +server=/.twibbon.com/127.0.0.1#5353 +ipset=/.twibbon.com/gfwlist +server=/.twibs.com/127.0.0.1#5353 +ipset=/.twibs.com/gfwlist +server=/.twicountry.org/127.0.0.1#5353 +ipset=/.twicountry.org/gfwlist +server=/.twicsy.com/127.0.0.1#5353 +ipset=/.twicsy.com/gfwlist +server=/.twiends.com/127.0.0.1#5353 +ipset=/.twiends.com/gfwlist +server=/.twifan.com/127.0.0.1#5353 +ipset=/.twifan.com/gfwlist +server=/.twiffo.com/127.0.0.1#5353 +ipset=/.twiffo.com/gfwlist +server=/.twiggit.org/127.0.0.1#5353 +ipset=/.twiggit.org/gfwlist +server=/.twilightsex.com/127.0.0.1#5353 +ipset=/.twilightsex.com/gfwlist +server=/.twilog.org/127.0.0.1#5353 +ipset=/.twilog.org/gfwlist +server=/.twimbow.com/127.0.0.1#5353 +ipset=/.twimbow.com/gfwlist +server=/.twimg.com/127.0.0.1#5353 +ipset=/.twimg.com/gfwlist +server=/.twindexx.com/127.0.0.1#5353 +ipset=/.twindexx.com/gfwlist +server=/.twip.me/127.0.0.1#5353 +ipset=/.twip.me/gfwlist +server=/.twipple.jp/127.0.0.1#5353 +ipset=/.twipple.jp/gfwlist +server=/.twishort.com/127.0.0.1#5353 +ipset=/.twishort.com/gfwlist +server=/.twistar.cc/127.0.0.1#5353 +ipset=/.twistar.cc/gfwlist +server=/.twister.net.co/127.0.0.1#5353 +ipset=/.twister.net.co/gfwlist +server=/.twisterio.com/127.0.0.1#5353 +ipset=/.twisterio.com/gfwlist +server=/.twisternow.com/127.0.0.1#5353 +ipset=/.twisternow.com/gfwlist +server=/.twistory.net/127.0.0.1#5353 +ipset=/.twistory.net/gfwlist +server=/.twit2d.com/127.0.0.1#5353 +ipset=/.twit2d.com/gfwlist +server=/.twitbrowser.net/127.0.0.1#5353 +ipset=/.twitbrowser.net/gfwlist +server=/.twitcause.com/127.0.0.1#5353 +ipset=/.twitcause.com/gfwlist +server=/.twitch.tv/127.0.0.1#5353 +ipset=/.twitch.tv/gfwlist +server=/.twitgether.com/127.0.0.1#5353 +ipset=/.twitgether.com/gfwlist +server=/.twitgoo.com/127.0.0.1#5353 +ipset=/.twitgoo.com/gfwlist +server=/.twitiq.com/127.0.0.1#5353 +ipset=/.twitiq.com/gfwlist +server=/.twitlonger.com/127.0.0.1#5353 +ipset=/.twitlonger.com/gfwlist +server=/.twitmania.com/127.0.0.1#5353 +ipset=/.twitmania.com/gfwlist +server=/.twitoaster.com/127.0.0.1#5353 +ipset=/.twitoaster.com/gfwlist +server=/.twitonmsn.com/127.0.0.1#5353 +ipset=/.twitonmsn.com/gfwlist +server=/.twitpic.com/127.0.0.1#5353 +ipset=/.twitpic.com/gfwlist +server=/.twitstat.com/127.0.0.1#5353 +ipset=/.twitstat.com/gfwlist +server=/.twittbot.net/127.0.0.1#5353 +ipset=/.twittbot.net/gfwlist +server=/.twitter.com/127.0.0.1#5353 +ipset=/.twitter.com/gfwlist +server=/.twitter.jp/127.0.0.1#5353 +ipset=/.twitter.jp/gfwlist +server=/.twitter4j.org/127.0.0.1#5353 +ipset=/.twitter4j.org/gfwlist +server=/.twittercounter.com/127.0.0.1#5353 +ipset=/.twittercounter.com/gfwlist +server=/.twitterfeed.com/127.0.0.1#5353 +ipset=/.twitterfeed.com/gfwlist +server=/.twittergadget.com/127.0.0.1#5353 +ipset=/.twittergadget.com/gfwlist +server=/.twitterkr.com/127.0.0.1#5353 +ipset=/.twitterkr.com/gfwlist +server=/.twittermail.com/127.0.0.1#5353 +ipset=/.twittermail.com/gfwlist +server=/.twitterrific.com/127.0.0.1#5353 +ipset=/.twitterrific.com/gfwlist +server=/.twittertim.es/127.0.0.1#5353 +ipset=/.twittertim.es/gfwlist +server=/.twitthat.com/127.0.0.1#5353 +ipset=/.twitthat.com/gfwlist +server=/.twitturk.com/127.0.0.1#5353 +ipset=/.twitturk.com/gfwlist +server=/.twitturly.com/127.0.0.1#5353 +ipset=/.twitturly.com/gfwlist +server=/.twitvid.com/127.0.0.1#5353 +ipset=/.twitvid.com/gfwlist +server=/.twitzap.com/127.0.0.1#5353 +ipset=/.twitzap.com/gfwlist +server=/.twiyia.com/127.0.0.1#5353 +ipset=/.twiyia.com/gfwlist +server=/.twnorth.org.tw/127.0.0.1#5353 +ipset=/.twnorth.org.tw/gfwlist +server=/.twskype.com/127.0.0.1#5353 +ipset=/.twskype.com/gfwlist +server=/.twstar.net/127.0.0.1#5353 +ipset=/.twstar.net/gfwlist +server=/.twt.tl/127.0.0.1#5353 +ipset=/.twt.tl/gfwlist +server=/.twtkr.com/127.0.0.1#5353 +ipset=/.twtkr.com/gfwlist +server=/.twtr2src.ogaoga.org/127.0.0.1#5353 +ipset=/.twtr2src.ogaoga.org/gfwlist +server=/.twtrland.com/127.0.0.1#5353 +ipset=/.twtrland.com/gfwlist +server=/.twttr.com/127.0.0.1#5353 +ipset=/.twttr.com/gfwlist +server=/.twurl.nl/127.0.0.1#5353 +ipset=/.twurl.nl/gfwlist +server=/.twyac.org/127.0.0.1#5353 +ipset=/.twyac.org/gfwlist +server=/.txxx.com/127.0.0.1#5353 +ipset=/.txxx.com/gfwlist +server=/.tycool.com/127.0.0.1#5353 +ipset=/.tycool.com/gfwlist +server=/.typepad.com/127.0.0.1#5353 +ipset=/.typepad.com/gfwlist +server=/.u9un.com/127.0.0.1#5353 +ipset=/.u9un.com/gfwlist +server=/.ub0.cc/127.0.0.1#5353 +ipset=/.ub0.cc/gfwlist +server=/.ubddns.org/127.0.0.1#5353 +ipset=/.ubddns.org/gfwlist +server=/.uberproxy.net/127.0.0.1#5353 +ipset=/.uberproxy.net/gfwlist +server=/.uc-japan.org/127.0.0.1#5353 +ipset=/.uc-japan.org/gfwlist +server=/.ucdc1998.org/127.0.0.1#5353 +ipset=/.ucdc1998.org/gfwlist +server=/.uderzo.it/127.0.0.1#5353 +ipset=/.uderzo.it/gfwlist +server=/.udn.com/127.0.0.1#5353 +ipset=/.udn.com/gfwlist +server=/.uforadio.com.tw/127.0.0.1#5353 +ipset=/.uforadio.com.tw/gfwlist +server=/.ufreevpn.com/127.0.0.1#5353 +ipset=/.ufreevpn.com/gfwlist +server=/.ugo.com/127.0.0.1#5353 +ipset=/.ugo.com/gfwlist +server=/.uhdwallpapers.org/127.0.0.1#5353 +ipset=/.uhdwallpapers.org/gfwlist +server=/.uhrp.org/127.0.0.1#5353 +ipset=/.uhrp.org/gfwlist +server=/.uighur.narod.ru/127.0.0.1#5353 +ipset=/.uighur.narod.ru/gfwlist +server=/.uighur.nl/127.0.0.1#5353 +ipset=/.uighur.nl/gfwlist +server=/.uighurbiz.net/127.0.0.1#5353 +ipset=/.uighurbiz.net/gfwlist +server=/.ukcdp.co.uk/127.0.0.1#5353 +ipset=/.ukcdp.co.uk/gfwlist +server=/.ukliferadio.co.uk/127.0.0.1#5353 +ipset=/.ukliferadio.co.uk/gfwlist +server=/.uku.im/127.0.0.1#5353 +ipset=/.uku.im/gfwlist +server=/.ulike.net/127.0.0.1#5353 +ipset=/.ulike.net/gfwlist +server=/.ulop.net/127.0.0.1#5353 +ipset=/.ulop.net/gfwlist +server=/.ultravpn.fr/127.0.0.1#5353 +ipset=/.ultravpn.fr/gfwlist +server=/.ultraxs.com/127.0.0.1#5353 +ipset=/.ultraxs.com/gfwlist +server=/.uluai.com.cn/127.0.0.1#5353 +ipset=/.uluai.com.cn/gfwlist +server=/.unblock-us.com/127.0.0.1#5353 +ipset=/.unblock-us.com/gfwlist +server=/.unblock.cn.com/127.0.0.1#5353 +ipset=/.unblock.cn.com/gfwlist +server=/.unblockdmm.com/127.0.0.1#5353 +ipset=/.unblockdmm.com/gfwlist +server=/.unblocker.yt/127.0.0.1#5353 +ipset=/.unblocker.yt/gfwlist +server=/.unblocksit.es/127.0.0.1#5353 +ipset=/.unblocksit.es/gfwlist +server=/.uncyclomedia.org/127.0.0.1#5353 +ipset=/.uncyclomedia.org/gfwlist +server=/.uncyclopedia.hk/127.0.0.1#5353 +ipset=/.uncyclopedia.hk/gfwlist +server=/.uncyclopedia.tw/127.0.0.1#5353 +ipset=/.uncyclopedia.tw/gfwlist +server=/.underwoodammo.com/127.0.0.1#5353 +ipset=/.underwoodammo.com/gfwlist +server=/.unholyknight.com/127.0.0.1#5353 +ipset=/.unholyknight.com/gfwlist +server=/.uni.cc/127.0.0.1#5353 +ipset=/.uni.cc/gfwlist +server=/.unification.net/127.0.0.1#5353 +ipset=/.unification.net/gfwlist +server=/.unification.org.tw/127.0.0.1#5353 +ipset=/.unification.org.tw/gfwlist +server=/.unirule.cloud/127.0.0.1#5353 +ipset=/.unirule.cloud/gfwlist +server=/.unitedsocialpress.com/127.0.0.1#5353 +ipset=/.unitedsocialpress.com/gfwlist +server=/.unix100.com/127.0.0.1#5353 +ipset=/.unix100.com/gfwlist +server=/.unknownspace.org/127.0.0.1#5353 +ipset=/.unknownspace.org/gfwlist +server=/.unodedos.com/127.0.0.1#5353 +ipset=/.unodedos.com/gfwlist +server=/.unpo.org/127.0.0.1#5353 +ipset=/.unpo.org/gfwlist +server=/.unseen.is/127.0.0.1#5353 +ipset=/.unseen.is/gfwlist +server=/.untraceable.us/127.0.0.1#5353 +ipset=/.untraceable.us/gfwlist +server=/.uocn.org/127.0.0.1#5353 +ipset=/.uocn.org/gfwlist +server=/.upcoming.yahoo.com/127.0.0.1#5353 +ipset=/.upcoming.yahoo.com/gfwlist +server=/.update.googleapis.com/127.0.0.1#5353 +ipset=/.update.googleapis.com/gfwlist +server=/.updates.tdesktop.com/127.0.0.1#5353 +ipset=/.updates.tdesktop.com/gfwlist +server=/.upholdjustice.org/127.0.0.1#5353 +ipset=/.upholdjustice.org/gfwlist +server=/.upload4u.info/127.0.0.1#5353 +ipset=/.upload4u.info/gfwlist +server=/.upmedia.mg/127.0.0.1#5353 +ipset=/.upmedia.mg/gfwlist +server=/.upornia.com/127.0.0.1#5353 +ipset=/.upornia.com/gfwlist +server=/.uproxy.org/127.0.0.1#5353 +ipset=/.uproxy.org/gfwlist +server=/.upwill.org/127.0.0.1#5353 +ipset=/.upwill.org/gfwlist +server=/.ur7s.com/127.0.0.1#5353 +ipset=/.ur7s.com/gfwlist +server=/.uraban.me/127.0.0.1#5353 +ipset=/.uraban.me/gfwlist +server=/.urbansurvival.com/127.0.0.1#5353 +ipset=/.urbansurvival.com/gfwlist +server=/.urchin.com/127.0.0.1#5353 +ipset=/.urchin.com/gfwlist +server=/.urlborg.com/127.0.0.1#5353 +ipset=/.urlborg.com/gfwlist +server=/.urlparser.com/127.0.0.1#5353 +ipset=/.urlparser.com/gfwlist +server=/.us.to/127.0.0.1#5353 +ipset=/.us.to/gfwlist +server=/.usacn.com/127.0.0.1#5353 +ipset=/.usacn.com/gfwlist +server=/.usaip.eu/127.0.0.1#5353 +ipset=/.usaip.eu/gfwlist +server=/.userapi.nytlog.com/127.0.0.1#5353 +ipset=/.userapi.nytlog.com/gfwlist +server=/.usfk.mil/127.0.0.1#5353 +ipset=/.usfk.mil/gfwlist +server=/.ushuarencity.echainhost.com/127.0.0.1#5353 +ipset=/.ushuarencity.echainhost.com/gfwlist +server=/.usinfo.state.gov/127.0.0.1#5353 +ipset=/.usinfo.state.gov/gfwlist +server=/.usma.edu/127.0.0.1#5353 +ipset=/.usma.edu/gfwlist +server=/.usmc.mil/127.0.0.1#5353 +ipset=/.usmc.mil/gfwlist +server=/.usno.navy.mil/127.0.0.1#5353 +ipset=/.usno.navy.mil/gfwlist +server=/.usocctn.com/127.0.0.1#5353 +ipset=/.usocctn.com/gfwlist +server=/.ustream.tv/127.0.0.1#5353 +ipset=/.ustream.tv/gfwlist +server=/.usunitednews.com/127.0.0.1#5353 +ipset=/.usunitednews.com/gfwlist +server=/.usus.cc/127.0.0.1#5353 +ipset=/.usus.cc/gfwlist +server=/.utopianpal.com/127.0.0.1#5353 +ipset=/.utopianpal.com/gfwlist +server=/.uu-gg.com/127.0.0.1#5353 +ipset=/.uu-gg.com/gfwlist +server=/.uvwxyz.xyz/127.0.0.1#5353 +ipset=/.uvwxyz.xyz/gfwlist +server=/.uwants.com/127.0.0.1#5353 +ipset=/.uwants.com/gfwlist +server=/.uwants.net/127.0.0.1#5353 +ipset=/.uwants.net/gfwlist +server=/.uyghur-j.org/127.0.0.1#5353 +ipset=/.uyghur-j.org/gfwlist +server=/.uyghur.co.uk/127.0.0.1#5353 +ipset=/.uyghur.co.uk/gfwlist +server=/.uyghuramerican.org/127.0.0.1#5353 +ipset=/.uyghuramerican.org/gfwlist +server=/.uyghurcanadiansociety.org/127.0.0.1#5353 +ipset=/.uyghurcanadiansociety.org/gfwlist +server=/.uyghurcongress.org/127.0.0.1#5353 +ipset=/.uyghurcongress.org/gfwlist +server=/.uyghurensemble.co.uk/127.0.0.1#5353 +ipset=/.uyghurensemble.co.uk/gfwlist +server=/.uyghurpen.org/127.0.0.1#5353 +ipset=/.uyghurpen.org/gfwlist +server=/.uyghurpress.com/127.0.0.1#5353 +ipset=/.uyghurpress.com/gfwlist +server=/.uyghurstudies.org/127.0.0.1#5353 +ipset=/.uyghurstudies.org/gfwlist +server=/.uygur.org/127.0.0.1#5353 +ipset=/.uygur.org/gfwlist +server=/.v2ex.com/127.0.0.1#5353 +ipset=/.v2ex.com/gfwlist +server=/.v2ray.com/127.0.0.1#5353 +ipset=/.v2ray.com/gfwlist +server=/.v6.facebook.com/127.0.0.1#5353 +ipset=/.v6.facebook.com/gfwlist +server=/.van001.com/127.0.0.1#5353 +ipset=/.van001.com/gfwlist +server=/.van698.com/127.0.0.1#5353 +ipset=/.van698.com/gfwlist +server=/.vanemu.cn/127.0.0.1#5353 +ipset=/.vanemu.cn/gfwlist +server=/.vanilla-jp.com/127.0.0.1#5353 +ipset=/.vanilla-jp.com/gfwlist +server=/.vanpeople.com/127.0.0.1#5353 +ipset=/.vanpeople.com/gfwlist +server=/.vansky.com/127.0.0.1#5353 +ipset=/.vansky.com/gfwlist +server=/.vatn.org/127.0.0.1#5353 +ipset=/.vatn.org/gfwlist +server=/.vcf-online.org/127.0.0.1#5353 +ipset=/.vcf-online.org/gfwlist +server=/.vcfbuilder.org/127.0.0.1#5353 +ipset=/.vcfbuilder.org/gfwlist +server=/.vegas.williamhill.com/127.0.0.1#5353 +ipset=/.vegas.williamhill.com/gfwlist +server=/.vegasred.com/127.0.0.1#5353 +ipset=/.vegasred.com/gfwlist +server=/.velkaepocha.sk/127.0.0.1#5353 +ipset=/.velkaepocha.sk/gfwlist +server=/.venbbs.com/127.0.0.1#5353 +ipset=/.venbbs.com/gfwlist +server=/.venchina.com/127.0.0.1#5353 +ipset=/.venchina.com/gfwlist +server=/.venetianmacao.com/127.0.0.1#5353 +ipset=/.venetianmacao.com/gfwlist +server=/.ventureswell.com/127.0.0.1#5353 +ipset=/.ventureswell.com/gfwlist +server=/.veoh.com/127.0.0.1#5353 +ipset=/.veoh.com/gfwlist +server=/.vermonttibet.org/127.0.0.1#5353 +ipset=/.vermonttibet.org/gfwlist +server=/.versavpn.com/127.0.0.1#5353 +ipset=/.versavpn.com/gfwlist +server=/.verybs.com/127.0.0.1#5353 +ipset=/.verybs.com/gfwlist +server=/.vevo.com/127.0.0.1#5353 +ipset=/.vevo.com/gfwlist +server=/.vft.com.tw/127.0.0.1#5353 +ipset=/.vft.com.tw/gfwlist +server=/.vghks.gov.tw/127.0.0.1#5353 +ipset=/.vghks.gov.tw/gfwlist +server=/.vghtc.gov.tw/127.0.0.1#5353 +ipset=/.vghtc.gov.tw/gfwlist +server=/.vghtpe.gov.tw/127.0.0.1#5353 +ipset=/.vghtpe.gov.tw/gfwlist +server=/.viber.com/127.0.0.1#5353 +ipset=/.viber.com/gfwlist +server=/.vica.info/127.0.0.1#5353 +ipset=/.vica.info/gfwlist +server=/.victimsofcommunism.org/127.0.0.1#5353 +ipset=/.victimsofcommunism.org/gfwlist +server=/.vid.me/127.0.0.1#5353 +ipset=/.vid.me/gfwlist +server=/.vidble.com/127.0.0.1#5353 +ipset=/.vidble.com/gfwlist +server=/.video.aol.com/127.0.0.1#5353 +ipset=/.video.aol.com/gfwlist +server=/.video.ap.org/127.0.0.1#5353 +ipset=/.video.ap.org/gfwlist +server=/.video.fdbox.com/127.0.0.1#5353 +ipset=/.video.fdbox.com/gfwlist +server=/.video.foxbusiness.com/127.0.0.1#5353 +ipset=/.video.foxbusiness.com/gfwlist +server=/.video.pbs.org/127.0.0.1#5353 +ipset=/.video.pbs.org/gfwlist +server=/.video.yahoo.com/127.0.0.1#5353 +ipset=/.video.yahoo.com/gfwlist +server=/.videobam.com/127.0.0.1#5353 +ipset=/.videobam.com/gfwlist +server=/.videodetective.com/127.0.0.1#5353 +ipset=/.videodetective.com/gfwlist +server=/.videomega.tv/127.0.0.1#5353 +ipset=/.videomega.tv/gfwlist +server=/.videomo.com/127.0.0.1#5353 +ipset=/.videomo.com/gfwlist +server=/.videopediaworld.com/127.0.0.1#5353 +ipset=/.videopediaworld.com/gfwlist +server=/.videopress.com/127.0.0.1#5353 +ipset=/.videopress.com/gfwlist +server=/.vietdaikynguyen.com/127.0.0.1#5353 +ipset=/.vietdaikynguyen.com/gfwlist +server=/.vijayatemple.org/127.0.0.1#5353 +ipset=/.vijayatemple.org/gfwlist +server=/.vimeo.com/127.0.0.1#5353 +ipset=/.vimeo.com/gfwlist +server=/.vimperator.org/127.0.0.1#5353 +ipset=/.vimperator.org/gfwlist +server=/.vincnd.com/127.0.0.1#5353 +ipset=/.vincnd.com/gfwlist +server=/.vine.co/127.0.0.1#5353 +ipset=/.vine.co/gfwlist +server=/.vinniev.com/127.0.0.1#5353 +ipset=/.vinniev.com/gfwlist +server=/.vip-enterprise.com/127.0.0.1#5353 +ipset=/.vip-enterprise.com/gfwlist +server=/.virtualrealporn.com/127.0.0.1#5353 +ipset=/.virtualrealporn.com/gfwlist +server=/.visibletweets.com/127.0.0.1#5353 +ipset=/.visibletweets.com/gfwlist +server=/.vital247.org/127.0.0.1#5353 +ipset=/.vital247.org/gfwlist +server=/.viu.com/127.0.0.1#5353 +ipset=/.viu.com/gfwlist +server=/.vivahentai4u.net/127.0.0.1#5353 +ipset=/.vivahentai4u.net/gfwlist +server=/.vivatube.com/127.0.0.1#5353 +ipset=/.vivatube.com/gfwlist +server=/.vivthomas.com/127.0.0.1#5353 +ipset=/.vivthomas.com/gfwlist +server=/.vizvaz.com/127.0.0.1#5353 +ipset=/.vizvaz.com/gfwlist +server=/.vjav.com/127.0.0.1#5353 +ipset=/.vjav.com/gfwlist +server=/.vjmedia.com.hk/127.0.0.1#5353 +ipset=/.vjmedia.com.hk/gfwlist +server=/.vllcs.org/127.0.0.1#5353 +ipset=/.vllcs.org/gfwlist +server=/.vlog.xuite.net/127.0.0.1#5353 +ipset=/.vlog.xuite.net/gfwlist +server=/.vmixcore.com/127.0.0.1#5353 +ipset=/.vmixcore.com/gfwlist +server=/.vmpsoft.com/127.0.0.1#5353 +ipset=/.vmpsoft.com/gfwlist +server=/.vn.hao123.com/127.0.0.1#5353 +ipset=/.vn.hao123.com/gfwlist +server=/.vnet.link/127.0.0.1#5353 +ipset=/.vnet.link/gfwlist +server=/.voa-11.akacast.akamaistream.net/127.0.0.1#5353 +ipset=/.voa-11.akacast.akamaistream.net/gfwlist +server=/.voacantonese.com/127.0.0.1#5353 +ipset=/.voacantonese.com/gfwlist +server=/.voachinese.com/127.0.0.1#5353 +ipset=/.voachinese.com/gfwlist +server=/.voachineseblog.com/127.0.0.1#5353 +ipset=/.voachineseblog.com/gfwlist +server=/.voagd.com/127.0.0.1#5353 +ipset=/.voagd.com/gfwlist +server=/.voanews.com/127.0.0.1#5353 +ipset=/.voanews.com/gfwlist +server=/.voatibetan.com/127.0.0.1#5353 +ipset=/.voatibetan.com/gfwlist +server=/.voatibetanenglish.com/127.0.0.1#5353 +ipset=/.voatibetanenglish.com/gfwlist +server=/.vocativ.com/127.0.0.1#5353 +ipset=/.vocativ.com/gfwlist +server=/.vocn.tv/127.0.0.1#5353 +ipset=/.vocn.tv/gfwlist +server=/.vod-abematv.akamaized.net/127.0.0.1#5353 +ipset=/.vod-abematv.akamaized.net/gfwlist +server=/.vod.wwe.com/127.0.0.1#5353 +ipset=/.vod.wwe.com/gfwlist +server=/.vot.org/127.0.0.1#5353 +ipset=/.vot.org/gfwlist +server=/.vovo2000.com/127.0.0.1#5353 +ipset=/.vovo2000.com/gfwlist +server=/.voxer.com/127.0.0.1#5353 +ipset=/.voxer.com/gfwlist +server=/.voy.com/127.0.0.1#5353 +ipset=/.voy.com/gfwlist +server=/.vpn.ac/127.0.0.1#5353 +ipset=/.vpn.ac/gfwlist +server=/.vpn.cjb.net/127.0.0.1#5353 +ipset=/.vpn.cjb.net/gfwlist +server=/.vpn.cmu.edu/127.0.0.1#5353 +ipset=/.vpn.cmu.edu/gfwlist +server=/.vpn.sv.cmu.edu/127.0.0.1#5353 +ipset=/.vpn.sv.cmu.edu/gfwlist +server=/.vpn4all.com/127.0.0.1#5353 +ipset=/.vpn4all.com/gfwlist +server=/.vpnaccount.org/127.0.0.1#5353 +ipset=/.vpnaccount.org/gfwlist +server=/.vpnaccounts.com/127.0.0.1#5353 +ipset=/.vpnaccounts.com/gfwlist +server=/.vpnbook.com/127.0.0.1#5353 +ipset=/.vpnbook.com/gfwlist +server=/.vpncomparison.org/127.0.0.1#5353 +ipset=/.vpncomparison.org/gfwlist +server=/.vpncoupons.com/127.0.0.1#5353 +ipset=/.vpncoupons.com/gfwlist +server=/.vpncup.com/127.0.0.1#5353 +ipset=/.vpncup.com/gfwlist +server=/.vpndada.com/127.0.0.1#5353 +ipset=/.vpndada.com/gfwlist +server=/.vpnfan.com/127.0.0.1#5353 +ipset=/.vpnfan.com/gfwlist +server=/.vpnfire.com/127.0.0.1#5353 +ipset=/.vpnfire.com/gfwlist +server=/.vpnfires.biz/127.0.0.1#5353 +ipset=/.vpnfires.biz/gfwlist +server=/.vpnforgame.net/127.0.0.1#5353 +ipset=/.vpnforgame.net/gfwlist +server=/.vpngate.jp/127.0.0.1#5353 +ipset=/.vpngate.jp/gfwlist +server=/.vpngate.net/127.0.0.1#5353 +ipset=/.vpngate.net/gfwlist +server=/.vpngratis.net/127.0.0.1#5353 +ipset=/.vpngratis.net/gfwlist +server=/.vpnhq.com/127.0.0.1#5353 +ipset=/.vpnhq.com/gfwlist +server=/.vpninja.net/127.0.0.1#5353 +ipset=/.vpninja.net/gfwlist +server=/.vpnintouch.com/127.0.0.1#5353 +ipset=/.vpnintouch.com/gfwlist +server=/.vpnintouch.net/127.0.0.1#5353 +ipset=/.vpnintouch.net/gfwlist +server=/.vpnjack.com/127.0.0.1#5353 +ipset=/.vpnjack.com/gfwlist +server=/.vpnmaster.com/127.0.0.1#5353 +ipset=/.vpnmaster.com/gfwlist +server=/.vpnmentor.com/127.0.0.1#5353 +ipset=/.vpnmentor.com/gfwlist +server=/.vpnpick.com/127.0.0.1#5353 +ipset=/.vpnpick.com/gfwlist +server=/.vpnpop.com/127.0.0.1#5353 +ipset=/.vpnpop.com/gfwlist +server=/.vpnpronet.com/127.0.0.1#5353 +ipset=/.vpnpronet.com/gfwlist +server=/.vpnreactor.com/127.0.0.1#5353 +ipset=/.vpnreactor.com/gfwlist +server=/.vpnreviewz.com/127.0.0.1#5353 +ipset=/.vpnreviewz.com/gfwlist +server=/.vpnsecure.me/127.0.0.1#5353 +ipset=/.vpnsecure.me/gfwlist +server=/.vpnshazam.com/127.0.0.1#5353 +ipset=/.vpnshazam.com/gfwlist +server=/.vpnshieldapp.com/127.0.0.1#5353 +ipset=/.vpnshieldapp.com/gfwlist +server=/.vpnsp.com/127.0.0.1#5353 +ipset=/.vpnsp.com/gfwlist +server=/.vpntraffic.com/127.0.0.1#5353 +ipset=/.vpntraffic.com/gfwlist +server=/.vpntunnel.com/127.0.0.1#5353 +ipset=/.vpntunnel.com/gfwlist +server=/.vpnuk.info/127.0.0.1#5353 +ipset=/.vpnuk.info/gfwlist +server=/.vpnunlimitedapp.com/127.0.0.1#5353 +ipset=/.vpnunlimitedapp.com/gfwlist +server=/.vpnvip.com/127.0.0.1#5353 +ipset=/.vpnvip.com/gfwlist +server=/.vpnworldwide.com/127.0.0.1#5353 +ipset=/.vpnworldwide.com/gfwlist +server=/.vporn.com/127.0.0.1#5353 +ipset=/.vporn.com/gfwlist +server=/.vpser.net/127.0.0.1#5353 +ipset=/.vpser.net/gfwlist +server=/.vraiesagesse.net/127.0.0.1#5353 +ipset=/.vraiesagesse.net/gfwlist +server=/.vrmtr.com/127.0.0.1#5353 +ipset=/.vrmtr.com/gfwlist +server=/.vrsmash.com/127.0.0.1#5353 +ipset=/.vrsmash.com/gfwlist +server=/.vtunnel.com/127.0.0.1#5353 +ipset=/.vtunnel.com/gfwlist +server=/.vuku.cc/127.0.0.1#5353 +ipset=/.vuku.cc/gfwlist +server=/.w3schools.com/127.0.0.1#5353 +ipset=/.w3schools.com/gfwlist +server=/.waffle1999.com/127.0.0.1#5353 +ipset=/.waffle1999.com/gfwlist +server=/.wahas.com/127.0.0.1#5353 +ipset=/.wahas.com/gfwlist +server=/.waigaobu.com/127.0.0.1#5353 +ipset=/.waigaobu.com/gfwlist +server=/.wailaike.net/127.0.0.1#5353 +ipset=/.wailaike.net/gfwlist +server=/.waiwaier.com/127.0.0.1#5353 +ipset=/.waiwaier.com/gfwlist +server=/.wallmama.com/127.0.0.1#5353 +ipset=/.wallmama.com/gfwlist +server=/.wallornot.org/127.0.0.1#5353 +ipset=/.wallornot.org/gfwlist +server=/.wallpapercasa.com/127.0.0.1#5353 +ipset=/.wallpapercasa.com/gfwlist +server=/.wallproxy.com/127.0.0.1#5353 +ipset=/.wallproxy.com/gfwlist +server=/.waltermartin.com/127.0.0.1#5353 +ipset=/.waltermartin.com/gfwlist +server=/.waltermartin.org/127.0.0.1#5353 +ipset=/.waltermartin.org/gfwlist +server=/.wanderinghorse.net/127.0.0.1#5353 +ipset=/.wanderinghorse.net/gfwlist +server=/.wanfang.gov.tw/127.0.0.1#5353 +ipset=/.wanfang.gov.tw/gfwlist +server=/.wangafu.net/127.0.0.1#5353 +ipset=/.wangafu.net/gfwlist +server=/.wangjinbo.org/127.0.0.1#5353 +ipset=/.wangjinbo.org/gfwlist +server=/.wanglixiong.com/127.0.0.1#5353 +ipset=/.wanglixiong.com/gfwlist +server=/.wango.org/127.0.0.1#5353 +ipset=/.wango.org/gfwlist +server=/.wangruoshui.net/127.0.0.1#5353 +ipset=/.wangruoshui.net/gfwlist +server=/.want-daily.com/127.0.0.1#5353 +ipset=/.want-daily.com/gfwlist +server=/.wanz-factory.com/127.0.0.1#5353 +ipset=/.wanz-factory.com/gfwlist +server=/.warbler.iconfactory.net/127.0.0.1#5353 +ipset=/.warbler.iconfactory.net/gfwlist +server=/.waselpro.com/127.0.0.1#5353 +ipset=/.waselpro.com/gfwlist +server=/.washeng.net/127.0.0.1#5353 +ipset=/.washeng.net/gfwlist +server=/.watch8x.com/127.0.0.1#5353 +ipset=/.watch8x.com/gfwlist +server=/.watchinese.com/127.0.0.1#5353 +ipset=/.watchinese.com/gfwlist +server=/.watchmygf.net/127.0.0.1#5353 +ipset=/.watchmygf.net/gfwlist +server=/.wattpad.com/127.0.0.1#5353 +ipset=/.wattpad.com/gfwlist +server=/.wav.tv/127.0.0.1#5353 +ipset=/.wav.tv/gfwlist +server=/.waveprotocol.org/127.0.0.1#5353 +ipset=/.waveprotocol.org/gfwlist +server=/.waymo.com/127.0.0.1#5353 +ipset=/.waymo.com/gfwlist +server=/.wda.gov.tw/127.0.0.1#5353 +ipset=/.wda.gov.tw/gfwlist +server=/.wdf5.com/127.0.0.1#5353 +ipset=/.wdf5.com/gfwlist +server=/.wearehairy.com/127.0.0.1#5353 +ipset=/.wearehairy.com/gfwlist +server=/.wearn.com/127.0.0.1#5353 +ipset=/.wearn.com/gfwlist +server=/.web2project.net/127.0.0.1#5353 +ipset=/.web2project.net/gfwlist +server=/.webbang.net/127.0.0.1#5353 +ipset=/.webbang.net/gfwlist +server=/.webevader.org/127.0.0.1#5353 +ipset=/.webevader.org/gfwlist +server=/.webfreer.com/127.0.0.1#5353 +ipset=/.webfreer.com/gfwlist +server=/.webjb.org/127.0.0.1#5353 +ipset=/.webjb.org/gfwlist +server=/.weblagu.com/127.0.0.1#5353 +ipset=/.weblagu.com/gfwlist +server=/.webmproject.org/127.0.0.1#5353 +ipset=/.webmproject.org/gfwlist +server=/.webrtc.org/127.0.0.1#5353 +ipset=/.webrtc.org/gfwlist +server=/.webrush.net/127.0.0.1#5353 +ipset=/.webrush.net/gfwlist +server=/.webs-tv.net/127.0.0.1#5353 +ipset=/.webs-tv.net/gfwlist +server=/.website.informer.com/127.0.0.1#5353 +ipset=/.website.informer.com/gfwlist +server=/.webwarper.net/127.0.0.1#5353 +ipset=/.webwarper.net/gfwlist +server=/.webworkerdaily.com/127.0.0.1#5353 +ipset=/.webworkerdaily.com/gfwlist +server=/.weekmag.info/127.0.0.1#5353 +ipset=/.weekmag.info/gfwlist +server=/.wefightcensorship.org/127.0.0.1#5353 +ipset=/.wefightcensorship.org/gfwlist +server=/.wefong.com/127.0.0.1#5353 +ipset=/.wefong.com/gfwlist +server=/.wego.here.com/127.0.0.1#5353 +ipset=/.wego.here.com/gfwlist +server=/.weiboleak.com/127.0.0.1#5353 +ipset=/.weiboleak.com/gfwlist +server=/.weiboscope.jmsc.hku.hk/127.0.0.1#5353 +ipset=/.weiboscope.jmsc.hku.hk/gfwlist +server=/.weihuo.org/127.0.0.1#5353 +ipset=/.weihuo.org/gfwlist +server=/.weijingsheng.org/127.0.0.1#5353 +ipset=/.weijingsheng.org/gfwlist +server=/.weiming.info/127.0.0.1#5353 +ipset=/.weiming.info/gfwlist +server=/.weiquanwang.org/127.0.0.1#5353 +ipset=/.weiquanwang.org/gfwlist +server=/.weisuo.ws/127.0.0.1#5353 +ipset=/.weisuo.ws/gfwlist +server=/.welovecock.com/127.0.0.1#5353 +ipset=/.welovecock.com/gfwlist +server=/.wemigrate.org/127.0.0.1#5353 +ipset=/.wemigrate.org/gfwlist +server=/.wengewang.com/127.0.0.1#5353 +ipset=/.wengewang.com/gfwlist +server=/.wengewang.org/127.0.0.1#5353 +ipset=/.wengewang.org/gfwlist +server=/.wenhui.ch/127.0.0.1#5353 +ipset=/.wenhui.ch/gfwlist +server=/.wenxuecity.com/127.0.0.1#5353 +ipset=/.wenxuecity.com/gfwlist +server=/.wenyunchao.com/127.0.0.1#5353 +ipset=/.wenyunchao.com/gfwlist +server=/.wenzhao.ca/127.0.0.1#5353 +ipset=/.wenzhao.ca/gfwlist +server=/.westca.com/127.0.0.1#5353 +ipset=/.westca.com/gfwlist +server=/.westernshugdensociety.org/127.0.0.1#5353 +ipset=/.westernshugdensociety.org/gfwlist +server=/.westernwolves.com/127.0.0.1#5353 +ipset=/.westernwolves.com/gfwlist +server=/.westkit.net/127.0.0.1#5353 +ipset=/.westkit.net/gfwlist +server=/.westpoint.edu/127.0.0.1#5353 +ipset=/.westpoint.edu/gfwlist +server=/.wetplace.com/127.0.0.1#5353 +ipset=/.wetplace.com/gfwlist +server=/.wetpussygames.com/127.0.0.1#5353 +ipset=/.wetpussygames.com/gfwlist +server=/.wexiaobo.org/127.0.0.1#5353 +ipset=/.wexiaobo.org/gfwlist +server=/.wezhiyong.org/127.0.0.1#5353 +ipset=/.wezhiyong.org/gfwlist +server=/.wezone.net/127.0.0.1#5353 +ipset=/.wezone.net/gfwlist +server=/.wforum.com/127.0.0.1#5353 +ipset=/.wforum.com/gfwlist +server=/.wha.la/127.0.0.1#5353 +ipset=/.wha.la/gfwlist +server=/.whatblocked.com/127.0.0.1#5353 +ipset=/.whatblocked.com/gfwlist +server=/.whatbrowser.org/127.0.0.1#5353 +ipset=/.whatbrowser.org/gfwlist +server=/.whatsapp.com/127.0.0.1#5353 +ipset=/.whatsapp.com/gfwlist +server=/.whatsapp.net/127.0.0.1#5353 +ipset=/.whatsapp.net/gfwlist +server=/.wheatseeds.org/127.0.0.1#5353 +ipset=/.wheatseeds.org/gfwlist +server=/.wheelockslatin.com/127.0.0.1#5353 +ipset=/.wheelockslatin.com/gfwlist +server=/.whereiswerner.com/127.0.0.1#5353 +ipset=/.whereiswerner.com/gfwlist +server=/.wheretowatch.com/127.0.0.1#5353 +ipset=/.wheretowatch.com/gfwlist +server=/.whippedass.com/127.0.0.1#5353 +ipset=/.whippedass.com/gfwlist +server=/.whitebear.freebearblog.org/127.0.0.1#5353 +ipset=/.whitebear.freebearblog.org/gfwlist +server=/.whodns.xyz/127.0.0.1#5353 +ipset=/.whodns.xyz/gfwlist +server=/.whoer.net/127.0.0.1#5353 +ipset=/.whoer.net/gfwlist +server=/.whotalking.com/127.0.0.1#5353 +ipset=/.whotalking.com/gfwlist +server=/.whylover.com/127.0.0.1#5353 +ipset=/.whylover.com/gfwlist +server=/.whyx.org/127.0.0.1#5353 +ipset=/.whyx.org/gfwlist +server=/.widevine.com/127.0.0.1#5353 +ipset=/.widevine.com/gfwlist +server=/.wikaba.com/127.0.0.1#5353 +ipset=/.wikaba.com/gfwlist +server=/.wiki.cnitter.com/127.0.0.1#5353 +ipset=/.wiki.cnitter.com/gfwlist +server=/.wiki.gamerp.jp/127.0.0.1#5353 +ipset=/.wiki.gamerp.jp/gfwlist +server=/.wiki.jqueryui.com/127.0.0.1#5353 +ipset=/.wiki.jqueryui.com/gfwlist +server=/.wiki.moegirl.org/127.0.0.1#5353 +ipset=/.wiki.moegirl.org/gfwlist +server=/.wiki.oauth.net/127.0.0.1#5353 +ipset=/.wiki.oauth.net/gfwlist +server=/.wiki.phonegap.com/127.0.0.1#5353 +ipset=/.wiki.phonegap.com/gfwlist +server=/.wikileaks-forum.com/127.0.0.1#5353 +ipset=/.wikileaks-forum.com/gfwlist +server=/.wikileaks.ch/127.0.0.1#5353 +ipset=/.wikileaks.ch/gfwlist +server=/.wikileaks.com/127.0.0.1#5353 +ipset=/.wikileaks.com/gfwlist +server=/.wikileaks.de/127.0.0.1#5353 +ipset=/.wikileaks.de/gfwlist +server=/.wikileaks.eu/127.0.0.1#5353 +ipset=/.wikileaks.eu/gfwlist +server=/.wikileaks.lu/127.0.0.1#5353 +ipset=/.wikileaks.lu/gfwlist +server=/.wikileaks.org/127.0.0.1#5353 +ipset=/.wikileaks.org/gfwlist +server=/.wikileaks.pl/127.0.0.1#5353 +ipset=/.wikileaks.pl/gfwlist +server=/.wikimapia.org/127.0.0.1#5353 +ipset=/.wikimapia.org/gfwlist +server=/.wikiwiki.jp/127.0.0.1#5353 +ipset=/.wikiwiki.jp/gfwlist +server=/.wildammo.com/127.0.0.1#5353 +ipset=/.wildammo.com/gfwlist +server=/.williamhill.com/127.0.0.1#5353 +ipset=/.williamhill.com/gfwlist +server=/.willw.net/127.0.0.1#5353 +ipset=/.willw.net/gfwlist +server=/.windowsphoneme.com/127.0.0.1#5353 +ipset=/.windowsphoneme.com/gfwlist +server=/.windscribe.com/127.0.0.1#5353 +ipset=/.windscribe.com/gfwlist +server=/.wingamestore.com/127.0.0.1#5353 +ipset=/.wingamestore.com/gfwlist +server=/.wingy.site/127.0.0.1#5353 +ipset=/.wingy.site/gfwlist +server=/.winning11.com/127.0.0.1#5353 +ipset=/.winning11.com/gfwlist +server=/.winwhispers.info/127.0.0.1#5353 +ipset=/.winwhispers.info/gfwlist +server=/.wire.com/127.0.0.1#5353 +ipset=/.wire.com/gfwlist +server=/.wiredbytes.com/127.0.0.1#5353 +ipset=/.wiredbytes.com/gfwlist +server=/.wiredpen.com/127.0.0.1#5353 +ipset=/.wiredpen.com/gfwlist +server=/.wisdompubs.org/127.0.0.1#5353 +ipset=/.wisdompubs.org/gfwlist +server=/.wisevid.com/127.0.0.1#5353 +ipset=/.wisevid.com/gfwlist +server=/.withgoogle.com/127.0.0.1#5353 +ipset=/.withgoogle.com/gfwlist +server=/.withyoutube.com/127.0.0.1#5353 +ipset=/.withyoutube.com/gfwlist +server=/.witnessleeteaching.com/127.0.0.1#5353 +ipset=/.witnessleeteaching.com/gfwlist +server=/.witopia.net/127.0.0.1#5353 +ipset=/.witopia.net/gfwlist +server=/.wizcrafts.net/127.0.0.1#5353 +ipset=/.wizcrafts.net/gfwlist +server=/.wjbk.org/127.0.0.1#5353 +ipset=/.wjbk.org/gfwlist +server=/.wlcnew.jigsy.com/127.0.0.1#5353 +ipset=/.wlcnew.jigsy.com/gfwlist +server=/.wlx.sowiki.net/127.0.0.1#5353 +ipset=/.wlx.sowiki.net/gfwlist +server=/.wn.com/127.0.0.1#5353 +ipset=/.wn.com/gfwlist +server=/.wnacg.com/127.0.0.1#5353 +ipset=/.wnacg.com/gfwlist +server=/.wnacg.org/127.0.0.1#5353 +ipset=/.wnacg.org/gfwlist +server=/.wo.tc/127.0.0.1#5353 +ipset=/.wo.tc/gfwlist +server=/.wo3ttt.wordpress.com/127.0.0.1#5353 +ipset=/.wo3ttt.wordpress.com/gfwlist +server=/.woeser.com/127.0.0.1#5353 +ipset=/.woeser.com/gfwlist +server=/.wokar.org/127.0.0.1#5353 +ipset=/.wokar.org/gfwlist +server=/.wolfax.com/127.0.0.1#5353 +ipset=/.wolfax.com/gfwlist +server=/.woolyss.com/127.0.0.1#5353 +ipset=/.woolyss.com/gfwlist +server=/.woopie.jp/127.0.0.1#5353 +ipset=/.woopie.jp/gfwlist +server=/.woopie.tv/127.0.0.1#5353 +ipset=/.woopie.tv/gfwlist +server=/.wordpress.com/127.0.0.1#5353 +ipset=/.wordpress.com/gfwlist +server=/.workatruna.com/127.0.0.1#5353 +ipset=/.workatruna.com/gfwlist +server=/.workerdemo.org.hk/127.0.0.1#5353 +ipset=/.workerdemo.org.hk/gfwlist +server=/.workersthebig.net/127.0.0.1#5353 +ipset=/.workersthebig.net/gfwlist +server=/.workspace.v2ex.com/127.0.0.1#5353 +ipset=/.workspace.v2ex.com/gfwlist +server=/.worldcat.org/127.0.0.1#5353 +ipset=/.worldcat.org/gfwlist +server=/.worldjournal.com/127.0.0.1#5353 +ipset=/.worldjournal.com/gfwlist +server=/.worldvpn.net/127.0.0.1#5353 +ipset=/.worldvpn.net/gfwlist +server=/.wow-life.net/127.0.0.1#5353 +ipset=/.wow-life.net/gfwlist +server=/.wow.com/127.0.0.1#5353 +ipset=/.wow.com/gfwlist +server=/.wowgirls.com/127.0.0.1#5353 +ipset=/.wowgirls.com/gfwlist +server=/.wowlegacy.ml/127.0.0.1#5353 +ipset=/.wowlegacy.ml/gfwlist +server=/.wowporn.com/127.0.0.1#5353 +ipset=/.wowporn.com/gfwlist +server=/.wowrk.com/127.0.0.1#5353 +ipset=/.wowrk.com/gfwlist +server=/.woxinghuiguo.com/127.0.0.1#5353 +ipset=/.woxinghuiguo.com/gfwlist +server=/.woyaolian.org/127.0.0.1#5353 +ipset=/.woyaolian.org/gfwlist +server=/.wozy.in/127.0.0.1#5353 +ipset=/.wozy.in/gfwlist +server=/.wp.com/127.0.0.1#5353 +ipset=/.wp.com/gfwlist +server=/.wpoforum.com/127.0.0.1#5353 +ipset=/.wpoforum.com/gfwlist +server=/.wqyd.org/127.0.0.1#5353 +ipset=/.wqyd.org/gfwlist +server=/.wrchina.org/127.0.0.1#5353 +ipset=/.wrchina.org/gfwlist +server=/.wretch.cc/127.0.0.1#5353 +ipset=/.wretch.cc/gfwlist +server=/.writer.zoho.com/127.0.0.1#5353 +ipset=/.writer.zoho.com/gfwlist +server=/.wsgzao.github.io/127.0.0.1#5353 +ipset=/.wsgzao.github.io/gfwlist +server=/.wsj.com/127.0.0.1#5353 +ipset=/.wsj.com/gfwlist +server=/.wsj.net/127.0.0.1#5353 +ipset=/.wsj.net/gfwlist +server=/.wsjhk.com/127.0.0.1#5353 +ipset=/.wsjhk.com/gfwlist +server=/.wtbn.org/127.0.0.1#5353 +ipset=/.wtbn.org/gfwlist +server=/.wtfpeople.com/127.0.0.1#5353 +ipset=/.wtfpeople.com/gfwlist +server=/.wuerkaixi.com/127.0.0.1#5353 +ipset=/.wuerkaixi.com/gfwlist +server=/.wufafangwen.com/127.0.0.1#5353 +ipset=/.wufafangwen.com/gfwlist +server=/.wufi.org.tw/127.0.0.1#5353 +ipset=/.wufi.org.tw/gfwlist +server=/.wuguoguang.com/127.0.0.1#5353 +ipset=/.wuguoguang.com/gfwlist +server=/.wujie.net/127.0.0.1#5353 +ipset=/.wujie.net/gfwlist +server=/.wujieliulan.com/127.0.0.1#5353 +ipset=/.wujieliulan.com/gfwlist +server=/.wukangrui.net/127.0.0.1#5353 +ipset=/.wukangrui.net/gfwlist +server=/.wuu.wikipedia.org/127.0.0.1#5353 +ipset=/.wuu.wikipedia.org/gfwlist +server=/.wuw.red/127.0.0.1#5353 +ipset=/.wuw.red/gfwlist +server=/.wuyanblog.com/127.0.0.1#5353 +ipset=/.wuyanblog.com/gfwlist +server=/.wwitv.com/127.0.0.1#5353 +ipset=/.wwitv.com/gfwlist +server=/.www.abclite.net/127.0.0.1#5353 +ipset=/.www.abclite.net/gfwlist +server=/.www.ajsands.com/127.0.0.1#5353 +ipset=/.www.ajsands.com/gfwlist +server=/.www.americorps.gov/127.0.0.1#5353 +ipset=/.www.americorps.gov/gfwlist +server=/.www.antd.org/127.0.0.1#5353 +ipset=/.www.antd.org/gfwlist +server=/.www.aolnews.com/127.0.0.1#5353 +ipset=/.www.aolnews.com/gfwlist +server=/.www.citizenlab.org/127.0.0.1#5353 +ipset=/.www.citizenlab.org/gfwlist +server=/.www.cmoinc.org/127.0.0.1#5353 +ipset=/.www.cmoinc.org/gfwlist +server=/.www.dwheeler.com/127.0.0.1#5353 +ipset=/.www.dwheeler.com/gfwlist +server=/.www.exblog.jp/127.0.0.1#5353 +ipset=/.www.exblog.jp/gfwlist +server=/.www.ftchinese.com/127.0.0.1#5353 +ipset=/.www.ftchinese.com/gfwlist +server=/.www.gmiddle.com/127.0.0.1#5353 +ipset=/.www.gmiddle.com/gfwlist +server=/.www.gmiddle.net/127.0.0.1#5353 +ipset=/.www.gmiddle.net/gfwlist +server=/.www.hustlercash.com/127.0.0.1#5353 +ipset=/.www.hustlercash.com/gfwlist +server=/.www.idlcoyote.com/127.0.0.1#5353 +ipset=/.www.idlcoyote.com/gfwlist +server=/.www.kindleren.com/127.0.0.1#5353 +ipset=/.www.kindleren.com/gfwlist +server=/.www.klip.me/127.0.0.1#5353 +ipset=/.www.klip.me/gfwlist +server=/.www.kodingen.com/127.0.0.1#5353 +ipset=/.www.kodingen.com/gfwlist +server=/.www.lamenhu.com/127.0.0.1#5353 +ipset=/.www.lamenhu.com/gfwlist +server=/.www.lightnovel.cn/127.0.0.1#5353 +ipset=/.www.lightnovel.cn/gfwlist +server=/.www.linksalpha.com/127.0.0.1#5353 +ipset=/.www.linksalpha.com/gfwlist +server=/.www.m-sport.co.uk/127.0.0.1#5353 +ipset=/.www.m-sport.co.uk/gfwlist +server=/.www.monlamit.org/127.0.0.1#5353 +ipset=/.www.monlamit.org/gfwlist +server=/.www.moztw.org/127.0.0.1#5353 +ipset=/.www.moztw.org/gfwlist +server=/.www.orchidbbs.com/127.0.0.1#5353 +ipset=/.www.orchidbbs.com/gfwlist +server=/.www.owind.com/127.0.0.1#5353 +ipset=/.www.owind.com/gfwlist +server=/.www.oxid.it/127.0.0.1#5353 +ipset=/.www.oxid.it/gfwlist +server=/.www.powerpointninja.com/127.0.0.1#5353 +ipset=/.www.powerpointninja.com/gfwlist +server=/.www.s4miniarchive.com/127.0.0.1#5353 +ipset=/.www.s4miniarchive.com/gfwlist +server=/.www.shadowsocks.com/127.0.0.1#5353 +ipset=/.www.shadowsocks.com/gfwlist +server=/.www.shwchurch.org/127.0.0.1#5353 +ipset=/.www.shwchurch.org/gfwlist +server=/.www.taup.org.tw/127.0.0.1#5353 +ipset=/.www.taup.org.tw/gfwlist +server=/.www.typepad.com/127.0.0.1#5353 +ipset=/.www.typepad.com/gfwlist +server=/.www.v2ex.com/127.0.0.1#5353 +ipset=/.www.v2ex.com/gfwlist +server=/.www.wan-press.org/127.0.0.1#5353 +ipset=/.www.wan-press.org/gfwlist +server=/.www.wangruowang.org/127.0.0.1#5353 +ipset=/.www.wangruowang.org/gfwlist +server=/.www.websnapr.com/127.0.0.1#5353 +ipset=/.www.websnapr.com/gfwlist +server=/.www1.biz/127.0.0.1#5353 +ipset=/.www1.biz/gfwlist +server=/.wwwhost.biz/127.0.0.1#5353 +ipset=/.wwwhost.biz/gfwlist +server=/.x-art.com/127.0.0.1#5353 +ipset=/.x-art.com/gfwlist +server=/.x-berry.com/127.0.0.1#5353 +ipset=/.x-berry.com/gfwlist +server=/.x-wall.org/127.0.0.1#5353 +ipset=/.x-wall.org/gfwlist +server=/.x.company/127.0.0.1#5353 +ipset=/.x.company/gfwlist +server=/.x1949x.com/127.0.0.1#5353 +ipset=/.x1949x.com/gfwlist +server=/.x24hr.com/127.0.0.1#5353 +ipset=/.x24hr.com/gfwlist +server=/.x365x.com/127.0.0.1#5353 +ipset=/.x365x.com/gfwlist +server=/.xa.yimg.com/127.0.0.1#5353 +ipset=/.xa.yimg.com/gfwlist +server=/.xanga.com/127.0.0.1#5353 +ipset=/.xanga.com/gfwlist +server=/.xbabe.com/127.0.0.1#5353 +ipset=/.xbabe.com/gfwlist +server=/.xbookcn.com/127.0.0.1#5353 +ipset=/.xbookcn.com/gfwlist +server=/.xbtce.com/127.0.0.1#5353 +ipset=/.xbtce.com/gfwlist +server=/.xcafe.in/127.0.0.1#5353 +ipset=/.xcafe.in/gfwlist +server=/.xcity.jp/127.0.0.1#5353 +ipset=/.xcity.jp/gfwlist +server=/.xcritic.com/127.0.0.1#5353 +ipset=/.xcritic.com/gfwlist +server=/.xerotica.com/127.0.0.1#5353 +ipset=/.xerotica.com/gfwlist +server=/.xfinity.com/127.0.0.1#5353 +ipset=/.xfinity.com/gfwlist +server=/.xfm.pp.ru/127.0.0.1#5353 +ipset=/.xfm.pp.ru/gfwlist +server=/.xgmyd.com/127.0.0.1#5353 +ipset=/.xgmyd.com/gfwlist +server=/.xhamster.com/127.0.0.1#5353 +ipset=/.xhamster.com/gfwlist +server=/.xianba.net/127.0.0.1#5353 +ipset=/.xianba.net/gfwlist +server=/.xianchawang.net/127.0.0.1#5353 +ipset=/.xianchawang.net/gfwlist +server=/.xianjian.tw/127.0.0.1#5353 +ipset=/.xianjian.tw/gfwlist +server=/.xianqiao.net/127.0.0.1#5353 +ipset=/.xianqiao.net/gfwlist +server=/.xiaobaiwu.com/127.0.0.1#5353 +ipset=/.xiaobaiwu.com/gfwlist +server=/.xiaochuncnjp.com/127.0.0.1#5353 +ipset=/.xiaochuncnjp.com/gfwlist +server=/.xiaod.in/127.0.0.1#5353 +ipset=/.xiaod.in/gfwlist +server=/.xiaohexie.com/127.0.0.1#5353 +ipset=/.xiaohexie.com/gfwlist +server=/.xiaolan.me/127.0.0.1#5353 +ipset=/.xiaolan.me/gfwlist +server=/.xiaoma.org/127.0.0.1#5353 +ipset=/.xiaoma.org/gfwlist +server=/.xiezhua.com/127.0.0.1#5353 +ipset=/.xiezhua.com/gfwlist +server=/.xihua.es/127.0.0.1#5353 +ipset=/.xihua.es/gfwlist +server=/.xijie.wordpress.com/127.0.0.1#5353 +ipset=/.xijie.wordpress.com/gfwlist +server=/.xing.com/127.0.0.1#5353 +ipset=/.xing.com/gfwlist +server=/.xinhuanet.org/127.0.0.1#5353 +ipset=/.xinhuanet.org/gfwlist +server=/.xinmiao.com.hk/127.0.0.1#5353 +ipset=/.xinmiao.com.hk/gfwlist +server=/.xinqimeng.over-blog.com/127.0.0.1#5353 +ipset=/.xinqimeng.over-blog.com/gfwlist +server=/.xinsheng.net/127.0.0.1#5353 +ipset=/.xinsheng.net/gfwlist +server=/.xinshijue.com/127.0.0.1#5353 +ipset=/.xinshijue.com/gfwlist +server=/.xinyubbs.net/127.0.0.1#5353 +ipset=/.xinyubbs.net/gfwlist +server=/.xiongpian.com/127.0.0.1#5353 +ipset=/.xiongpian.com/gfwlist +server=/.xiuren.org/127.0.0.1#5353 +ipset=/.xiuren.org/gfwlist +server=/.xizang-zhiye.org/127.0.0.1#5353 +ipset=/.xizang-zhiye.org/gfwlist +server=/.xjp.cc/127.0.0.1#5353 +ipset=/.xjp.cc/gfwlist +server=/.xjtravelguide.com/127.0.0.1#5353 +ipset=/.xjtravelguide.com/gfwlist +server=/.xlfmtalk.com/127.0.0.1#5353 +ipset=/.xlfmtalk.com/gfwlist +server=/.xlfmwz.info/127.0.0.1#5353 +ipset=/.xlfmwz.info/gfwlist +server=/.xm.com/127.0.0.1#5353 +ipset=/.xm.com/gfwlist +server=/.xml-training-guide.com/127.0.0.1#5353 +ipset=/.xml-training-guide.com/gfwlist +server=/.xmovies.com/127.0.0.1#5353 +ipset=/.xmovies.com/gfwlist +server=/.xn--4gq171p.com/127.0.0.1#5353 +ipset=/.xn--4gq171p.com/gfwlist +server=/.xn--czq75pvv1aj5c.org/127.0.0.1#5353 +ipset=/.xn--czq75pvv1aj5c.org/gfwlist +server=/.xn--i2ru8q2qg.com/127.0.0.1#5353 +ipset=/.xn--i2ru8q2qg.com/gfwlist +server=/.xn--ngstr-lra8j.com/127.0.0.1#5353 +ipset=/.xn--ngstr-lra8j.com/gfwlist +server=/.xn--oiq.cc/127.0.0.1#5353 +ipset=/.xn--oiq.cc/gfwlist +server=/.xn--p8j9a0d9c9a.xn--q9jyb4c/127.0.0.1#5353 +ipset=/.xn--p8j9a0d9c9a.xn--q9jyb4c/gfwlist +server=/.xnxx.com/127.0.0.1#5353 +ipset=/.xnxx.com/gfwlist +server=/.xpdo.net/127.0.0.1#5353 +ipset=/.xpdo.net/gfwlist +server=/.xpud.org/127.0.0.1#5353 +ipset=/.xpud.org/gfwlist +server=/.xrentdvd.com/127.0.0.1#5353 +ipset=/.xrentdvd.com/gfwlist +server=/.xskywalker.com/127.0.0.1#5353 +ipset=/.xskywalker.com/gfwlist +server=/.xskywalker.net/127.0.0.1#5353 +ipset=/.xskywalker.net/gfwlist +server=/.xtube.com/127.0.0.1#5353 +ipset=/.xtube.com/gfwlist +server=/.xuchao.net/127.0.0.1#5353 +ipset=/.xuchao.net/gfwlist +server=/.xuchao.org/127.0.0.1#5353 +ipset=/.xuchao.org/gfwlist +server=/.xuehua.us/127.0.0.1#5353 +ipset=/.xuehua.us/gfwlist +server=/.xuzhiyong.net/127.0.0.1#5353 +ipset=/.xuzhiyong.net/gfwlist +server=/.xvideo.cc/127.0.0.1#5353 +ipset=/.xvideo.cc/gfwlist +server=/.xvideos.com/127.0.0.1#5353 +ipset=/.xvideos.com/gfwlist +server=/.xvideos.es/127.0.0.1#5353 +ipset=/.xvideos.es/gfwlist +server=/.xx.wwwhost.biz/127.0.0.1#5353 +ipset=/.xx.wwwhost.biz/gfwlist +server=/.xxbbx.com/127.0.0.1#5353 +ipset=/.xxbbx.com/gfwlist +server=/.xxlmovies.com/127.0.0.1#5353 +ipset=/.xxlmovies.com/gfwlist +server=/.xxuz.com/127.0.0.1#5353 +ipset=/.xxuz.com/gfwlist +server=/.xxx.com/127.0.0.1#5353 +ipset=/.xxx.com/gfwlist +server=/.xxx.xxx/127.0.0.1#5353 +ipset=/.xxx.xxx/gfwlist +server=/.xxxfuckmom.com/127.0.0.1#5353 +ipset=/.xxxfuckmom.com/gfwlist +server=/.xxxx.com.au/127.0.0.1#5353 +ipset=/.xxxx.com.au/gfwlist +server=/.xxxy.biz/127.0.0.1#5353 +ipset=/.xxxy.biz/gfwlist +server=/.xxxy.info/127.0.0.1#5353 +ipset=/.xxxy.info/gfwlist +server=/.xxxymovies.com/127.0.0.1#5353 +ipset=/.xxxymovies.com/gfwlist +server=/.xys.dxiong.com/127.0.0.1#5353 +ipset=/.xys.dxiong.com/gfwlist +server=/.xys.org/127.0.0.1#5353 +ipset=/.xys.org/gfwlist +server=/.xysblogs.org/127.0.0.1#5353 +ipset=/.xysblogs.org/gfwlist +server=/.xyy69.com/127.0.0.1#5353 +ipset=/.xyy69.com/gfwlist +server=/.xyy69.info/127.0.0.1#5353 +ipset=/.xyy69.info/gfwlist +server=/.yahoo.cn/127.0.0.1#5353 +ipset=/.yahoo.cn/gfwlist +server=/.yahoo.com.hk/127.0.0.1#5353 +ipset=/.yahoo.com.hk/gfwlist +server=/.yakbutterblues.com/127.0.0.1#5353 +ipset=/.yakbutterblues.com/gfwlist +server=/.yam.com/127.0.0.1#5353 +ipset=/.yam.com/gfwlist +server=/.yam.org.tw/127.0.0.1#5353 +ipset=/.yam.org.tw/gfwlist +server=/.yanghengjun.com/127.0.0.1#5353 +ipset=/.yanghengjun.com/gfwlist +server=/.yangjianli.com/127.0.0.1#5353 +ipset=/.yangjianli.com/gfwlist +server=/.yasni.co.uk/127.0.0.1#5353 +ipset=/.yasni.co.uk/gfwlist +server=/.yatsen.gov.tw/127.0.0.1#5353 +ipset=/.yatsen.gov.tw/gfwlist +server=/.yda.gov.tw/127.0.0.1#5353 +ipset=/.yda.gov.tw/gfwlist +server=/.ydy.com/127.0.0.1#5353 +ipset=/.ydy.com/gfwlist +server=/.yeahteentube.com/127.0.0.1#5353 +ipset=/.yeahteentube.com/gfwlist +server=/.yecl.net/127.0.0.1#5353 +ipset=/.yecl.net/gfwlist +server=/.yeelou.com/127.0.0.1#5353 +ipset=/.yeelou.com/gfwlist +server=/.yeeyi.com/127.0.0.1#5353 +ipset=/.yeeyi.com/gfwlist +server=/.yegle.net/127.0.0.1#5353 +ipset=/.yegle.net/gfwlist +server=/.yes-news.com/127.0.0.1#5353 +ipset=/.yes-news.com/gfwlist +server=/.yes.xxx/127.0.0.1#5353 +ipset=/.yes.xxx/gfwlist +server=/.yes123.com.tw/127.0.0.1#5353 +ipset=/.yes123.com.tw/gfwlist +server=/.yesasia.com/127.0.0.1#5353 +ipset=/.yesasia.com/gfwlist +server=/.yespornplease.com/127.0.0.1#5353 +ipset=/.yespornplease.com/gfwlist +server=/.yeyeclub.com/127.0.0.1#5353 +ipset=/.yeyeclub.com/gfwlist +server=/.ygto.com/127.0.0.1#5353 +ipset=/.ygto.com/gfwlist +server=/.yhcw.net/127.0.0.1#5353 +ipset=/.yhcw.net/gfwlist +server=/.yibada.com/127.0.0.1#5353 +ipset=/.yibada.com/gfwlist +server=/.yibaochina.com/127.0.0.1#5353 +ipset=/.yibaochina.com/gfwlist +server=/.yidio.com/127.0.0.1#5353 +ipset=/.yidio.com/gfwlist +server=/.yilubbs.com/127.0.0.1#5353 +ipset=/.yilubbs.com/gfwlist +server=/.yingsuoss.com/127.0.0.1#5353 +ipset=/.yingsuoss.com/gfwlist +server=/.yipub.com/127.0.0.1#5353 +ipset=/.yipub.com/gfwlist +server=/.yizhihongxing.com/127.0.0.1#5353 +ipset=/.yizhihongxing.com/gfwlist +server=/.yobit.net/127.0.0.1#5353 +ipset=/.yobit.net/gfwlist +server=/.yobt.com/127.0.0.1#5353 +ipset=/.yobt.com/gfwlist +server=/.yobt.tv/127.0.0.1#5353 +ipset=/.yobt.tv/gfwlist +server=/.yogichen.org/127.0.0.1#5353 +ipset=/.yogichen.org/gfwlist +server=/.yolasite.com/127.0.0.1#5353 +ipset=/.yolasite.com/gfwlist +server=/.yomiuri.co.jp/127.0.0.1#5353 +ipset=/.yomiuri.co.jp/gfwlist +server=/.yong.hu/127.0.0.1#5353 +ipset=/.yong.hu/gfwlist +server=/.yorkbbs.ca/127.0.0.1#5353 +ipset=/.yorkbbs.ca/gfwlist +server=/.youdontcare.com/127.0.0.1#5353 +ipset=/.youdontcare.com/gfwlist +server=/.youjizz.com/127.0.0.1#5353 +ipset=/.youjizz.com/gfwlist +server=/.youmaker.com/127.0.0.1#5353 +ipset=/.youmaker.com/gfwlist +server=/.youngpornvideos.com/127.0.0.1#5353 +ipset=/.youngpornvideos.com/gfwlist +server=/.youngspiration.hk/127.0.0.1#5353 +ipset=/.youngspiration.hk/gfwlist +server=/.youpai.org/127.0.0.1#5353 +ipset=/.youpai.org/gfwlist +server=/.youporn.com/127.0.0.1#5353 +ipset=/.youporn.com/gfwlist +server=/.youporngay.com/127.0.0.1#5353 +ipset=/.youporngay.com/gfwlist +server=/.your-freedom.net/127.0.0.1#5353 +ipset=/.your-freedom.net/gfwlist +server=/.yourepeat.com/127.0.0.1#5353 +ipset=/.yourepeat.com/gfwlist +server=/.yourlisten.com/127.0.0.1#5353 +ipset=/.yourlisten.com/gfwlist +server=/.yourlust.com/127.0.0.1#5353 +ipset=/.yourlust.com/gfwlist +server=/.yourprivatevpn.com/127.0.0.1#5353 +ipset=/.yourprivatevpn.com/gfwlist +server=/.yourtrap.com/127.0.0.1#5353 +ipset=/.yourtrap.com/gfwlist +server=/.yousendit.com/127.0.0.1#5353 +ipset=/.yousendit.com/gfwlist +server=/.youshun12.com/127.0.0.1#5353 +ipset=/.youshun12.com/gfwlist +server=/.youtu.be/127.0.0.1#5353 +ipset=/.youtu.be/gfwlist +server=/.youtube-nocookie.com/127.0.0.1#5353 +ipset=/.youtube-nocookie.com/gfwlist +server=/.youtube.com/127.0.0.1#5353 +ipset=/.youtube.com/gfwlist +server=/.youtubecn.com/127.0.0.1#5353 +ipset=/.youtubecn.com/gfwlist +server=/.youtubeeducation.com/127.0.0.1#5353 +ipset=/.youtubeeducation.com/gfwlist +server=/.youtubegaming.com/127.0.0.1#5353 +ipset=/.youtubegaming.com/gfwlist +server=/.youversion.com/127.0.0.1#5353 +ipset=/.youversion.com/gfwlist +server=/.youwin.com/127.0.0.1#5353 +ipset=/.youwin.com/gfwlist +server=/.youxu.info/127.0.0.1#5353 +ipset=/.youxu.info/gfwlist +server=/.yt.be/127.0.0.1#5353 +ipset=/.yt.be/gfwlist +server=/.ytht.net/127.0.0.1#5353 +ipset=/.ytht.net/gfwlist +server=/.ytimg.com/127.0.0.1#5353 +ipset=/.ytimg.com/gfwlist +server=/.ytn.co.kr/127.0.0.1#5353 +ipset=/.ytn.co.kr/gfwlist +server=/.yuanming.net/127.0.0.1#5353 +ipset=/.yuanming.net/gfwlist +server=/.yuanzhengtang.org/127.0.0.1#5353 +ipset=/.yuanzhengtang.org/gfwlist +server=/.yulghun.com/127.0.0.1#5353 +ipset=/.yulghun.com/gfwlist +server=/.yunchao.net/127.0.0.1#5353 +ipset=/.yunchao.net/gfwlist +server=/.yuntipub.com/127.0.0.1#5353 +ipset=/.yuntipub.com/gfwlist +server=/.yuvutu.com/127.0.0.1#5353 +ipset=/.yuvutu.com/gfwlist +server=/.yvesgeleyn.com/127.0.0.1#5353 +ipset=/.yvesgeleyn.com/gfwlist +server=/.yx51.net/127.0.0.1#5353 +ipset=/.yx51.net/gfwlist +server=/.yyii.org/127.0.0.1#5353 +ipset=/.yyii.org/gfwlist +server=/.yzzk.com/127.0.0.1#5353 +ipset=/.yzzk.com/gfwlist +server=/.zacebook.com/127.0.0.1#5353 +ipset=/.zacebook.com/gfwlist +server=/.zalmos.com/127.0.0.1#5353 +ipset=/.zalmos.com/gfwlist +server=/.zannel.com/127.0.0.1#5353 +ipset=/.zannel.com/gfwlist +server=/.zaobao.com/127.0.0.1#5353 +ipset=/.zaobao.com/gfwlist +server=/.zaozon.com/127.0.0.1#5353 +ipset=/.zaozon.com/gfwlist +server=/.zapto.org/127.0.0.1#5353 +ipset=/.zapto.org/gfwlist +server=/.zattoo.com/127.0.0.1#5353 +ipset=/.zattoo.com/gfwlist +server=/.zb.com/127.0.0.1#5353 +ipset=/.zb.com/gfwlist +server=/.zdnet.com.tw/127.0.0.1#5353 +ipset=/.zdnet.com.tw/gfwlist +server=/.zello.com/127.0.0.1#5353 +ipset=/.zello.com/gfwlist +server=/.zengjinyan.org/127.0.0.1#5353 +ipset=/.zengjinyan.org/gfwlist +server=/.zenmate.com/127.0.0.1#5353 +ipset=/.zenmate.com/gfwlist +server=/.zeronet.io/127.0.0.1#5353 +ipset=/.zeronet.io/gfwlist +server=/.zeutch.com/127.0.0.1#5353 +ipset=/.zeutch.com/gfwlist +server=/.zfreet.com/127.0.0.1#5353 +ipset=/.zfreet.com/gfwlist +server=/.zgsddh.com/127.0.0.1#5353 +ipset=/.zgsddh.com/gfwlist +server=/.zgzcjj.net/127.0.0.1#5353 +ipset=/.zgzcjj.net/gfwlist +server=/.zh-yue.wikipedia.org/127.0.0.1#5353 +ipset=/.zh-yue.wikipedia.org/gfwlist +server=/.zh.ecdm.wikia.com/127.0.0.1#5353 +ipset=/.zh.ecdm.wikia.com/gfwlist +server=/.zh.m.wikipedia.org/127.0.0.1#5353 +ipset=/.zh.m.wikipedia.org/gfwlist +server=/.zh.pokerstrategy.com/127.0.0.1#5353 +ipset=/.zh.pokerstrategy.com/gfwlist +server=/.zh.uncyclopedia.wikia.com/127.0.0.1#5353 +ipset=/.zh.uncyclopedia.wikia.com/gfwlist +server=/.zh.wikinews.org/127.0.0.1#5353 +ipset=/.zh.wikinews.org/gfwlist +server=/.zh.wikipedia.org/127.0.0.1#5353 +ipset=/.zh.wikipedia.org/gfwlist +server=/.zh.wikisource.org/127.0.0.1#5353 +ipset=/.zh.wikisource.org/gfwlist +server=/.zhanbin.net/127.0.0.1#5353 +ipset=/.zhanbin.net/gfwlist +server=/.zhangboli.net/127.0.0.1#5353 +ipset=/.zhangboli.net/gfwlist +server=/.zhangtianliang.com/127.0.0.1#5353 +ipset=/.zhangtianliang.com/gfwlist +server=/.zhanlve.org/127.0.0.1#5353 +ipset=/.zhanlve.org/gfwlist +server=/.zhao.1984.city/127.0.0.1#5353 +ipset=/.zhao.1984.city/gfwlist +server=/.zhao.jinhai.de/127.0.0.1#5353 +ipset=/.zhao.jinhai.de/gfwlist +server=/.zhenghui.org/127.0.0.1#5353 +ipset=/.zhenghui.org/gfwlist +server=/.zhengjian.org/127.0.0.1#5353 +ipset=/.zhengjian.org/gfwlist +server=/.zhengwunet.org/127.0.0.1#5353 +ipset=/.zhengwunet.org/gfwlist +server=/.zhenlibu.info/127.0.0.1#5353 +ipset=/.zhenlibu.info/gfwlist +server=/.zhenlibu1984.com/127.0.0.1#5353 +ipset=/.zhenlibu1984.com/gfwlist +server=/.zhenxiang.biz/127.0.0.1#5353 +ipset=/.zhenxiang.biz/gfwlist +server=/.zhinengluyou.com/127.0.0.1#5353 +ipset=/.zhinengluyou.com/gfwlist +server=/.zhongguo.ca/127.0.0.1#5353 +ipset=/.zhongguo.ca/gfwlist +server=/.zhongguorenquan.org/127.0.0.1#5353 +ipset=/.zhongguorenquan.org/gfwlist +server=/.zhongguotese.net/127.0.0.1#5353 +ipset=/.zhongguotese.net/gfwlist +server=/.zhongmeng.org/127.0.0.1#5353 +ipset=/.zhongmeng.org/gfwlist +server=/.zhoushuguang.com/127.0.0.1#5353 +ipset=/.zhoushuguang.com/gfwlist +server=/.zhreader.com/127.0.0.1#5353 +ipset=/.zhreader.com/gfwlist +server=/.zhuangbi.me/127.0.0.1#5353 +ipset=/.zhuangbi.me/gfwlist +server=/.zhuanxing.cn/127.0.0.1#5353 +ipset=/.zhuanxing.cn/gfwlist +server=/.zhuatieba.com/127.0.0.1#5353 +ipset=/.zhuatieba.com/gfwlist +server=/.zhuichaguoji.org/127.0.0.1#5353 +ipset=/.zhuichaguoji.org/gfwlist +server=/.zillionk.com/127.0.0.1#5353 +ipset=/.zillionk.com/gfwlist +server=/.zim.vn/127.0.0.1#5353 +ipset=/.zim.vn/gfwlist +server=/.zinio.com/127.0.0.1#5353 +ipset=/.zinio.com/gfwlist +server=/.ziporn.com/127.0.0.1#5353 +ipset=/.ziporn.com/gfwlist +server=/.zippyshare.com/127.0.0.1#5353 +ipset=/.zippyshare.com/gfwlist +server=/.zkaip.com/127.0.0.1#5353 +ipset=/.zkaip.com/gfwlist +server=/.zmw.cn/127.0.0.1#5353 +ipset=/.zmw.cn/gfwlist +server=/.zodgame.us/127.0.0.1#5353 +ipset=/.zodgame.us/gfwlist +server=/.zomobo.net/127.0.0.1#5353 +ipset=/.zomobo.net/gfwlist +server=/.zonaeuropa.com/127.0.0.1#5353 +ipset=/.zonaeuropa.com/gfwlist +server=/.zonghexinwen.com/127.0.0.1#5353 +ipset=/.zonghexinwen.com/gfwlist +server=/.zonghexinwen.net/127.0.0.1#5353 +ipset=/.zonghexinwen.net/gfwlist +server=/.zoogvpn.com/127.0.0.1#5353 +ipset=/.zoogvpn.com/gfwlist +server=/.zootool.com/127.0.0.1#5353 +ipset=/.zootool.com/gfwlist +server=/.zoozle.net/127.0.0.1#5353 +ipset=/.zoozle.net/gfwlist +server=/.zorrovpn.com/127.0.0.1#5353 +ipset=/.zorrovpn.com/gfwlist +server=/.zozotown.com/127.0.0.1#5353 +ipset=/.zozotown.com/gfwlist +server=/.zpn.im/127.0.0.1#5353 +ipset=/.zpn.im/gfwlist +server=/.zspeeder.me/127.0.0.1#5353 +ipset=/.zspeeder.me/gfwlist +server=/.zsrhao.com/127.0.0.1#5353 +ipset=/.zsrhao.com/gfwlist +server=/.zuo.la/127.0.0.1#5353 +ipset=/.zuo.la/gfwlist +server=/.zuobiao.me/127.0.0.1#5353 +ipset=/.zuobiao.me/gfwlist +server=/.zuola.com/127.0.0.1#5353 +ipset=/.zuola.com/gfwlist +server=/.zvereff.com/127.0.0.1#5353 +ipset=/.zvereff.com/gfwlist +server=/.zynaima.com/127.0.0.1#5353 +ipset=/.zynaima.com/gfwlist +server=/.zynamics.com/127.0.0.1#5353 +ipset=/.zynamics.com/gfwlist +server=/.zyns.com/127.0.0.1#5353 +ipset=/.zyns.com/gfwlist +server=/.zyzc9.com/127.0.0.1#5353 +ipset=/.zyzc9.com/gfwlist +server=/.zzcartoon.com/127.0.0.1#5353 +ipset=/.zzcartoon.com/gfwlist +server=/.zzux.com/127.0.0.1#5353 +ipset=/.zzux.com/gfwlist diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr new file mode 100755 index 000000000..fb674621b --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -0,0 +1,484 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +START=90 +STOP=15 + +SERVICE_DAEMONIZE=1 +NAME=shadowsocksr +EXTRA_COMMANDS=rules +CONFIG_FILE=/var/etc/${NAME}.json +CONFIG_UDP_FILE=/var/etc/${NAME}_u.json +CONFIG_SOCK5_FILE=/var/etc/${NAME}_s.json +server_count=0 +redir_tcp=0 +redir_udp=0 +tunnel_enable=0 +local_enable=0 +kcp_enable_flag=0 +kcp_flag=0 +pdnsd_enable_flag=0 +switch_enable=0 +switch_server=$1 +MAXFD=32768 +CRON_FILE=/etc/crontabs/root + +uci_get_by_name() { + local ret=$(uci get $NAME.$1.$2 2>/dev/null) + echo ${ret:=$3} +} + +uci_get_by_type() { + local ret=$(uci get $NAME.@$1[0].$2 2>/dev/null) + echo ${ret:=$3} +} + +add_cron() +{ + sed -i '/ssrplus.log/d' $CRON_FILE + echo '0 */1 * * * /usr/share/shadowsocksr/ssr-watchdog >> /tmp/ssrplus.log 2>&1' >> $CRON_FILE + echo '0 1 * * 0 echo "" > /tmp/ssrplus.log' >> $CRON_FILE + [ -n "$(grep -w "/usr/share/shadowsocksr/subscribe.sh" $CRON_FILE)" ] && sed -i '/\/usr\/share\/shadowsocksr\/subscribe.sh/d' $CRON_FILE + [ $(uci_get_by_type server_subscribe auto_update 0) -eq 1 ] && echo "0 $(uci_get_by_type server_subscribe auto_update_time) * * * /usr/share/shadowsocksr/subscribe.sh" >> $CRON_FILE + [ -z "$(grep -w "/usr/share/shadowsocksr/update.sh" $CRON_FILE)" ] && echo "0 5 * * 0 /usr/share/shadowsocksr/update.sh" >> $CRON_FILE + crontab $CRON_FILE +} + +del_cron() +{ + sed -i '/shadowsocksr/d' $CRON_FILE + sed -i '/ssrplus.log/d' $CRON_FILE + /etc/init.d/cron restart +} + +run_mode=$(uci_get_by_type global run_mode) + +gen_config_file() { + local host=$(uci_get_by_name $1 server) + if echo $host|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$">/dev/null; then + hostip=${host} + elif [ "$host" != "${host#*:[0-9a-fA-F]}" ] ;then + hostip=${host} + else + hostip=`ping ${host} -s 1 -c 1 | grep PING | cut -d'(' -f 2 | cut -d')' -f1` + if echo $hostip|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$">/dev/null; then + hostip=${hostip} + else + hostip=`cat /etc/ssr_ip` + fi + fi + [ $2 = "0" -a $kcp_flag = "1" ] && hostip="127.0.0.1" + + if [ $2 = "0" ] ;then + config_file=$CONFIG_FILE + elif [ $2 = "1" ]; then + config_file=$CONFIG_UDP_FILE + else + config_file=$CONFIG_SOCK5_FILE + fi + if [ $(uci_get_by_name $1 fast_open) = "1" ] ;then + fastopen="true"; + else + fastopen="false"; + fi + cat <<-EOF >$config_file + { + + "server": "$hostip", + "server_port": $(uci_get_by_name $1 server_port), + "local_address": "0.0.0.0", + "local_port": $(uci_get_by_name $1 local_port), + "password": "$(uci_get_by_name $1 password)", + "timeout": $(uci_get_by_name $1 timeout 60), + "method": "$(uci_get_by_name $1 encrypt_method)", + "protocol": "$(uci_get_by_name $1 protocol)", + "protocol_param": "$(uci_get_by_name $1 protocol_param)", + "obfs": "$(uci_get_by_name $1 obfs)", + "obfs_param": "$(uci_get_by_name $1 obfs_param)", + "fast_open": $fastopen + } +EOF +} + +get_arg_out() { + case "$(uci_get_by_type access_control router_proxy 1)" in + 1) echo "-o";; + 2) echo "-O";; + esac +} + +start_rules() { + local server=$(uci_get_by_name $GLOBAL_SERVER server) + #resolve name + if echo $server|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$">/dev/null; then + server=${server} + elif [ "$server" != "${server#*:[0-9a-fA-F]}" ] ;then + server=${server} + else + server=`ping ${server} -s 1 -c 1 | grep PING | cut -d'(' -f 2 | cut -d')' -f1` + if echo $server|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$">/dev/null; then + echo $server >/etc/ssr_ip + else + server=`cat /etc/ssr_ip` + fi + fi + + kcp_server=$server + + local kcp_enable=$(uci_get_by_name $GLOBAL_SERVER kcp_enable) + if [ $kcp_enable = "1" ] ;then + kcp_flag=1 + fi + + local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port) + local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips) + local lan_ac_mode="b" + local router_proxy=$(uci_get_by_type access_control router_proxy) + if [ "$GLOBAL_SERVER" = "$UDP_RELAY_SERVER" -a $kcp_flag = 0 ]; then + ARG_UDP="-u" + elif [ -n "$UDP_RELAY_SERVER" ]; then + ARG_UDP="-U" + local udp_server=$(uci_get_by_name $UDP_RELAY_SERVER server) + local udp_local_port=$(uci_get_by_name $UDP_RELAY_SERVER local_port) + fi + + if [ -n "$lan_ac_ips" ]; then + case "$lan_ac_mode" in + w|W|b|B) local ac_ips="$lan_ac_mode$lan_ac_ips";; + esac + fi + +#deal gfw firewall rule + local gfwmode="" + if [ "$run_mode" = "gfw" ]; then + gfwmode="-g" + fi + + + /usr/bin/ssr-rules \ + -s "$server" \ + -l "$local_port" \ + -S "$udp_server" \ + -L "$udp_local_port" \ + -a "$ac_ips" \ + -i "$(uci_get_by_type access_control wan_bp_list)" \ + -b "$(uci_get_by_type access_control wan_bp_ips)" \ + -w "$(uci_get_by_type access_control wan_fw_ips)" \ + -p "$(uci_get_by_type access_control lan_fp_ips)" \ + $(get_arg_out) $gfwmode $ARG_UDP + + return $? +} + +start_pdnsd() { + local usr_dns="$1" + local usr_port="$2" + + local tcp_dns_list="208.67.222.222, 208.67.220.220" + [ -z "$usr_dns" ] && usr_dns="8.8.8.8" + [ -z "$usr_port" ] && usr_port="53" + + [ -d /var/etc ] || mkdir -p /var/etc + + if [ ! -d /var/pdnsd ];then + mkdir -p /var/pdnsd + echo -ne "pd13\000\000\000\000" >/var/pdnsd/pdnsd.cache + chown -R nobody:nogroup /var/pdnsd + fi + + cat > /var/etc/pdnsd.conf </dev/null + start_pdnsd $dnsserver $dnsport + pdnsd_enable_flag=1 + fi + fi + + if [ "$(uci_get_by_type global enable_switch)" = "1" ] ;then + if [ "$(uci_get_by_name $GLOBAL_SERVER switch_enable)" = "1" ] ;then + if [ -z "$switch_server" ] ;then + local switch_time=$(uci_get_by_type global switch_time) + local switch_timeout=$(uci_get_by_type global switch_timeout) + service_start /usr/bin/ssr-switch start $switch_time $switch_timeout + switch_enable=1 + fi + fi + fi + + return $? +} + +gen_service_file() { + if [ $(uci_get_by_name $1 fast_open) = "1" ] ;then + fastopen="true"; + else + fastopen="false"; + fi + cat <<-EOF >$2 + { + "server": "$(uci_get_by_name $1 server)", + "server_port": $(uci_get_by_name $1 server_port), + "password": "$(uci_get_by_name $1 password)", + "timeout": $(uci_get_by_name $1 timeout 60), + "method": "$(uci_get_by_name $1 encrypt_method)", + "protocol": "$(uci_get_by_name $1 protocol)", + "protocol_param": "$(uci_get_by_name $1 protocol_param)", + "obfs": "$(uci_get_by_name $1 obfs)", + "obfs_param": "$(uci_get_by_name $1 obfs_param)", + "fast_open": $fastopen + } +EOF +} + +start_service() { +[ $(uci_get_by_name $1 enable) = "0" ] && return 1 +let server_count=server_count+1 +if [ $server_count = 1 ] ;then +iptables -N SSR-SERVER-RULE && \ +iptables -t filter -I INPUT -j SSR-SERVER-RULE +fi + +gen_service_file $1 /var/etc/${NAME}_${server_count}.json +/usr/bin/ssr-server -c /var/etc/${NAME}_${server_count}.json -u -f /var/run/ssr-server${server_count}.pid +iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT +iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT +return 0 +} +gen_serv_include() { +FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null) +[ -n "$FWI" ] || return 0 +if [ ! -f $FWI ] ;then +echo '#!/bin/sh' >$FWI +fi +extract_rules() { +echo "*filter" +iptables-save -t filter | grep SSR-SERVER-RULE|sed -e "s/^-A INPUT/-I INPUT/" +echo 'COMMIT' +} + cat <<-EOF >>$FWI + iptables-save -c | grep -v "SSR-SERVER" | iptables-restore -c + iptables-restore -n <<-EOT + $(extract_rules) + EOT +EOF + +} +start_server() { + SERVER_ENABLE=$(uci_get_by_type server_global enable_server) + [ "$SERVER_ENABLE" = 0 ] && return 0 + mkdir -p /var/run /var/etc + + config_load $NAME + config_foreach start_service server_config + gen_serv_include + return 0 +} + +start_local() { + local local_server=$(uci_get_by_type socks5_proxy server) + [ "$local_server" = "nil" ] && return 1 + mkdir -p /var/run /var/etc + gen_config_file $local_server 2 + /usr/bin/ssr-local -c $CONFIG_SOCK5_FILE -u \ + -l $(uci_get_by_type socks5_proxy local_port 1080) \ + -b $(uci_get_by_type socks5_proxy local_address 0.0.0.0) \ + -f /var/run/ssr-local.pid + local_enable=1 +} + +rules() { + [ "$GLOBAL_SERVER" = "nil" ] && return 1 + mkdir -p /var/run /var/etc + UDP_RELAY_SERVER=$(uci_get_by_type global udp_relay_server) + [ "$UDP_RELAY_SERVER" = "same" ] && UDP_RELAY_SERVER=$GLOBAL_SERVER + if start_rules ;then + return 0 + else + return 1 + fi +} + +start() { + if [ -z "$switch_server" ] ;then + GLOBAL_SERVER=$(uci_get_by_type global global_server) + else + GLOBAL_SERVER=$switch_server + switch_enable=1 + fi + if rules ;then + start_redir + + if ! [ "$run_mode" = "gfw" ] ;then + case "$(uci_get_by_type global tunnel_enable)" in + 1|on|true|yes|enabled) + start_tunnel + ;; + esac + else + mkdir -p /tmp/dnsmasq.d + cat > /tmp/dnsmasq.d/dnsmasq-ssr.conf </dev/null 2>&1) & +} + +stop() { + /usr/bin/ssr-rules -f + srulecount=`iptables -L|grep SSR-SERVER-RULE|wc -l` + if [ $srulecount -gt 0 ] ;then + iptables -F SSR-SERVER-RULE + iptables -t filter -D INPUT -j SSR-SERVER-RULE + iptables -X SSR-SERVER-RULE 2>/dev/null + fi + if [ -z "$switch_server" ] ;then + kill -9 $(ps | grep ssr-switch | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + fi + killall -q -9 ssr-redir + killall -q -9 ssr-tunnel + killall -q -9 ssr-server + killall -q -9 ssr-kcptun + killall -q -9 ssr-local + kill $(cat /var/run/pdnsd.pid) >/dev/null 2>&1 || kill -9 $(ps | grep pdnsd | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + + if [ -f "/tmp/dnsmasq.d/dnsmasq-ssr.conf" ]; then + rm -f /tmp/dnsmasq.d/dnsmasq-ssr.conf + /etc/init.d/dnsmasq restart + fi + del_cron +} diff --git a/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus b/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus new file mode 100755 index 000000000..97aa54a46 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus @@ -0,0 +1,18 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@shadowsocksr[-1] + add ucitrack shadowsocksr + set ucitrack.@shadowsocksr[-1].init=shadowsocksr + commit ucitrack + delete firewall.shadowsocksr + set firewall.shadowsocksr=include + set firewall.shadowsocksr.type=script + set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include + set firewall.shadowsocksr.reload=1 + commit firewall +EOF + +/usr/share/shadowsocksr/gfw2ipset.sh +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad new file mode 100755 index 000000000..668a26266 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-ad @@ -0,0 +1,6 @@ +#!/bin/sh -e + +if [ -f /tmp/adnew.conf ]; then + cat /tmp/adnew.conf | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/ad.conf +fi + diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw new file mode 100755 index 000000000..64822d566 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-gfw @@ -0,0 +1,31 @@ +#!/bin/sh -e + +generate_china_banned() +{ + + cat $1 | base64 -d > /tmp/gfwlist.txt + rm -f $1 + + + cat /tmp/gfwlist.txt | sort -u | + sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' | + sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /byr\.cn/d; /jlike\.com/d; /weibo\.com/d; /zhongsou\.com/d; /youdao\.com/d; /sogou\.com/d; /so\.com/d; /soso\.com/d; /aliyun\.com/d; /taobao\.com/d; /jd\.com/d; /qq\.com/d' | + sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' | + grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | sort -u | + awk ' +BEGIN { prev = "________"; } { + cur = $0; + if (index(cur, prev) == 1 && substr(cur, 1 + length(prev) ,1) == ".") { + } else { + print cur; + prev = cur; + } +}' | sort -u + +} + +generate_china_banned /tmp/gfw.b64 > /tmp/gfw.txt +rm -f /tmp/gfwlist.txt +sed '/.*/s/.*/server=\/\.&\/127.0.0.1#5353\nipset=\/\.&\/gfwlist/' /tmp/gfw.txt >/tmp/gfwnew.txt +rm -f /tmp/gfw.txt + diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor new file mode 100755 index 000000000..3d5710c35 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-monitor @@ -0,0 +1,151 @@ +#!/bin/sh +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + + +NAME=shadowsocksr + +uci_get_by_name() { + local ret=$(uci get $NAME.$1.$2 2>/dev/null) + echo ${ret:=$3} +} + +uci_get_by_type() { + local ret=$(uci get $NAME.@$1[0].$2 2>/dev/null) + echo ${ret:=$3} +} + +server_process_count=$1 +redir_tcp_process=$2 +redir_udp_process=$3 +tunnel_process=$4 +kcp_process=$5 +local_process=$6 +pdnsd_process=$7 +if [ -z "$pdnsd_process" ] ;then +pdnsd_process=0 +fi + +i=0 + +GLOBAL_SERVER=$(uci_get_by_type global global_server) +local server=$(uci_get_by_name $GLOBAL_SERVER server) +local kcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port) +local server_port=$(uci_get_by_name $GLOBAL_SERVER server_port) +local password=$(uci_get_by_name $GLOBAL_SERVER kcp_password) +local kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param) +[ "$password" != "" ] && password="--key "${password} + +local sock5_port=$(uci_get_by_type socks5_proxy local_port 1080) + +if echo $server|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$">/dev/null; then + server=${server} + else + server=`cat /etc/ssr_ip` +fi + +while [ "1" = "1" ] #死循环 +do + sleep 30 +#redir tcp + if [ $redir_tcp_process -gt 0 ] ;then + icount=`ps -w | grep ssr-retcp |grep -v grep| wc -l` + if [ $icount = 0 ] ;then + logger -t "$NAME" "ssr redir tcp error.restart!" + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi +#redir udp + if [ $redir_udp_process -gt 0 ] ;then + icount=`ps -w | grep ssr-reudp|grep -v grep| wc -l` + if [ $icount = 0 ] ;then + logger -t "$NAME" "ssr redir udp error.restart!" + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi +#ssr-dns tunnel + if [ $tunnel_process -gt 0 ] ;then + icount=`ps -w | grep ssr-tunnel |grep -v grep| wc -l` + if [ $icount = 0 ] ;then + logger -t "$NAME" "ssr tunnel error.restart!" + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi +#server + if [ $server_process_count -gt 0 ] ;then + icount=`ps -w | grep ssr-server |grep -v grep| wc -l` + if [ $icount -lt $server_process_count ] #如果进程挂掉就重启它 + then + logger -t "$NAME" "ssr server error.restart!" + killall -q -9 ssr-server + for i in `seq $server_process_count` + do + /usr/bin/ssr-server -c /var/etc/shadowsocksr_$i.json -u -f /var/run/ssr-server$i.pid + done + fi + fi +#kcptun + if [ $kcp_process -gt 0 ] ;then + icount=`ps -w | grep ssr-kcptun |grep -v grep| wc -l` + if [ $icount -lt $kcp_process ] #如果进程挂掉就重启它 + then + logger -t "$NAME" "ssr kcptun error.restart!" + killall -q -9 ssr-kcptun + + ( /usr/bin/ssr-kcptun -r $server:$kcp_port -l :$server_port $password $kcp_param &) + fi + fi +#local + if [ $local_process -gt 0 ] ;then + icount=`ps -w | grep ssr-local |grep -v grep| wc -l` + if [ $icount -lt $local_process ] #如果进程挂掉就重启它 + then + logger -t "$NAME" "ssr local error.restart!" + killall -q -9 ssr-local + + ( /usr/bin/ssr-local -c /var/etc/shadowsocksr_s.json -u -l $sock5_port -f /var/run/ssr-local.pid &) + fi + fi +#pdnsd + if [ $pdnsd_process -gt 0 ] ;then + icount=`ps -w | grep pdnsd |grep -v grep| wc -l` + if [ $icount -lt $pdnsd_process ] #如果进程挂掉就重启它 + then + logger -t "$NAME" "pdnsd tunnel error.restart!" + killall -q -9 pdnsd + + ( /usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d &) + fi + fi +#udp2raw + if [ $(uci_get_by_type udp2raw udp2raw_enable) = 1 ] ;then + ucount=`ps -w | grep udp2raw |grep -v grep| wc -l` + if [ $ucount = 0 ] ;then + /usr/bin/udp2raw --clear >/dev/null + /usr/bin/udp2raw --conf-file /var/etc/udp2raw.conf >/dev/null 2>&1 & + fi + fi +#udpspeeder + if [ $(uci_get_by_type udpspeeder udpspeeder_enable) = 1 ] ;then + scount=`ps -w | grep udpspeeder |grep -v grep| wc -l` + if [ $scount = 0 ] ;then + /usr/bin/udpspeeder -c -l0.0.0.0:$(uci_get_by_type udpspeeder local_port) \ + -r$(uci_get_by_type udpspeeder server):$(uci_get_by_type udpspeeder server_port) \ + -k $(uci_get_by_type udpspeeder key) \ + --mode $(uci_get_by_type udpspeeder speeder_mode) \ + --mtu $(uci_get_by_type udpspeeder mtu) \ + -f$(uci_get_by_type udpspeeder fec) \ + -q$(uci_get_by_type udpspeeder queue_len) \ + --timeout $(uci_get_by_type udpspeeder timeout) \ + >/dev/null 2>&1 & + fi + fi +done diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules new file mode 100755 index 000000000..2c75b8ec9 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -0,0 +1,306 @@ +#!/bin/sh +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +TAG="_SS_SPEC_RULE_" # comment tag +IPT="iptables -t nat" # alias of iptables +FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null) # firewall include file + +usage() { + cat <<-EOF + Usage: ssr-rules [options] + + Valid options are: + + -s ip address of shadowsocksr remote server + -l port number of shadowsocksr local server + -S ip address of shadowsocksr remote UDP server + -L port number of shadowsocksr local UDP server + -i a file content is bypassed ip list + -a lan ip of access control, need a prefix to + define access control mode + -b wan ip of will be bypassed + -w wan ip of will be forwarded + -p lan ip of will be global proxy + -e extra options for iptables + -o apply the rules to the OUTPUT chain + -O apply the global rules to the OUTPUT chain + -u enable udprelay mode, TPROXY is required + -U enable udprelay mode, using different IP + and ports for TCP and UDP + -f flush the rules + -g gfw list mode + -h show this help message and exit +EOF + exit $1 +} + +loger() { + # 1.alert 2.crit 3.err 4.warn 5.notice 6.info 7.debug + logger -st ssr-rules[$$] -p$1 $2 +} + +flush_r() { + flush_iptables() { + local ipt="iptables -t $1" + local DAT=$(iptables-save -t $1) + eval $(echo "$DAT" | grep "$TAG" | sed -e 's/^-A/$ipt -D/' -e 's/$/;/') + for chain in $(echo "$DAT" | awk '/^:SS_SPEC/{print $1}'); do + $ipt -F ${chain:1} 2>/dev/null && $ipt -X ${chain:1} + done + } + flush_iptables nat + flush_iptables mangle + ip rule del fwmark 0x01/0x01 table 100 2>/dev/null + ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null + ipset -X ss_spec_lan_ac 2>/dev/null + ipset -X ss_spec_wan_ac 2>/dev/null + ipset -X ssr_gen_router 2>/dev/null + ipset -X fplan 2>/dev/null + [ -n "$FWI" ] && echo '#!/bin/sh' >$FWI + return 0 +} + +ipset_r() { + if [ -z "$GFWMODE" ] ;then + ipset -! -R <<-EOF || return 1 + create ss_spec_wan_ac hash:net + $(gen_iplist | sed -e "s/^/add ss_spec_wan_ac /") + $(for ip in $WAN_FW_IP; do echo "add ss_spec_wan_ac $ip nomatch"; done) +EOF + $IPT -N SS_SPEC_WAN_AC && \ + $IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN && \ + $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW + else + ipset -N gfwlist iphash 2>/dev/null + for ip in $WAN_FW_IP; do ipset add gfwlist $ip ; done + $IPT -N SS_SPEC_WAN_AC + $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW + + ipset -N fplan iphash 2>/dev/null + for ip in $LAN_FP_IP; do ipset add fplan $ip ; done + $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW + fi + return $? +} + +fw_rule() { + $IPT -N SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN + $IPT -A SS_SPEC_WAN_FW -p tcp \ + -j REDIRECT --to-ports $local_port 2>/dev/null || { + loger 3 "Can't redirect, please check the iptables." + exit 1 + } + return $? +} + +ac_rule() { + if [ -n "$LAN_AC_IP" ]; then + case "${LAN_AC_IP:0:1}" in + w|W) + MATCH_SET="-m set --match-set ss_spec_lan_ac src" + ;; + b|B) + MATCH_SET="-m set ! --match-set ss_spec_lan_ac src" + ;; + *) + loger 3 "Bad argument \`-a $LAN_AC_IP\`." + return 2 + ;; + esac + fi + IFNAME=$(uci get -P/var/state network.lan.ifname 2>/dev/null) + ipset -! -R <<-EOF || return 1 + create ss_spec_lan_ac hash:net + $(for ip in ${LAN_AC_IP:1}; do echo "add ss_spec_lan_ac $ip"; done) +EOF + $IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET \ + -m comment --comment "$TAG" -j SS_SPEC_WAN_AC + if [ "$OUTPUT" = 1 ]; then + $IPT -I OUTPUT 1 -p tcp $EXT_ARGS \ + -m comment --comment "$TAG" -j SS_SPEC_WAN_AC + elif [ "$OUTPUT" = 2 ]; then + ipset -! -R <<-EOF || return 1 + create ssr_gen_router hash:net + $(gen_spec_iplist | sed -e "s/^/add ssr_gen_router /") +EOF + $IPT -N SS_SPEC_ROUTER && \ + $IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN && \ + $IPT -A SS_SPEC_ROUTER -j SS_SPEC_WAN_FW + $IPT -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_ROUTER + fi + return $? +} + +tp_rule() { + [ -n "$TPROXY" ] || return 0 + ip rule add fwmark 0x01/0x01 table 100 + ip route add local 0.0.0.0/0 dev lo table 100 + local ipt="iptables -t mangle" + $ipt -N SS_SPEC_TPROXY + if [ -z "$GFWMODE" ] ;then + $ipt -A SS_SPEC_TPROXY -p udp -m set ! --match-set ss_spec_wan_ac dst \ + -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + else + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gfwlist dst \ + -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + fi + $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \ + -m comment --comment "$TAG" -j SS_SPEC_TPROXY + return $? +} + +get_wan_ip() { + cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}" + $server + $SERVER + $WAN_BP_IP +EOF +} + +gen_iplist() { + cat <<-EOF + 0.0.0.0/8 + 10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.0/8 + 169.254.0.0/16 + 172.16.0.0/12 + 192.0.0.0/24 + 192.0.2.0/24 + 192.88.99.0/24 + 192.168.0.0/16 + 198.18.0.0/15 + 198.51.100.0/24 + 203.0.113.0/24 + 224.0.0.0/4 + 240.0.0.0/4 + 255.255.255.255 + $(get_wan_ip) + $(cat ${IGNORE_LIST:=/dev/null} 2>/dev/null) +EOF +} + +gen_spec_iplist() { + cat <<-EOF + 0.0.0.0/8 + 10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.0/8 + 169.254.0.0/16 + 172.16.0.0/12 + 192.0.0.0/24 + 192.0.2.0/24 + 192.88.99.0/24 + 192.168.0.0/16 + 198.18.0.0/15 + 198.51.100.0/24 + 203.0.113.0/24 + 224.0.0.0/4 + 240.0.0.0/4 + 255.255.255.255 + $(get_wan_ip) +EOF +} + +gen_include() { + [ -n "$FWI" ] || return 0 + extract_rules() { + echo "*$1" + iptables-save -t $1 | grep SS_SPEC_ |\ + sed -e "s/^-A \(OUTPUT\|PREROUTING\)/-I \1 1/" + echo 'COMMIT' + } + cat <<-EOF >>$FWI + iptables-save -c | grep -v "SS_SPEC" | iptables-restore -c + iptables-restore -n <<-EOT + $(extract_rules nat) + $(extract_rules mangle) + EOT +EOF + return 0 +} + +while getopts ":s:l:S:L:i:e:a:b:w:p:oOuUfgh" arg; do + case "$arg" in + s) + server=$OPTARG + ;; + l) + local_port=$OPTARG + ;; + S) + SERVER=$OPTARG + ;; + L) + LOCAL_PORT=$OPTARG + ;; + i) + IGNORE_LIST=$OPTARG + ;; + e) + EXT_ARGS=$OPTARG + ;; + a) + LAN_AC_IP=$OPTARG + ;; + b) + WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done) + ;; + w) + WAN_FW_IP=$OPTARG + ;; + p) + LAN_FP_IP=$OPTARG + ;; + o) + OUTPUT=1 + ;; + O) + OUTPUT=2 + ;; + u) + TPROXY=1 + ;; + U) + TPROXY=2 + ;; + g) + GFWMODE=1 + ;; + f) + flush_r + exit 0 + ;; + h) + usage 0 + ;; + esac +done + +if [ -z "$server" -o -z "$local_port" ]; then + usage 2 +fi + +if [ "$TPROXY" = 1 ]; then + SERVER=$server + LOCAL_PORT=$local_port +elif [ "$TPROXY" = 2 ]; then + : ${SERVER:?"You must assign an ip for the udp relay server."} + : ${LOCAL_PORT:?"You must assign a port for the udp relay server."} +fi + +flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include +[ "$?" = 0 ] || loger 3 "Start failed!" +exit $? diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch new file mode 100755 index 000000000..e46de0a2a --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-switch @@ -0,0 +1,173 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +cycle_time=60 +switch_time=3 +normal_flag=0 +server_locate=0 +server_count=0 +NAME=shadowsocksr +ENABLE_SERVER=nil +CONFIG_SWTICH_FILE=/var/etc/${NAME}_t.json + + +[ -n "$1" ] && cycle_time=$1 +[ -n "$2" ] && switch_time=$2 + +uci_get_by_name() { + local ret=$(uci get $NAME.$1.$2 2>/dev/null) + echo ${ret:=$3} +} + +uci_get_by_type() { + local ret=$(uci get $NAME.@$1[0].$2 2>/dev/null) + echo ${ret:=$3} +} + +DEFAULT_SERVER=$(uci_get_by_type global global_server) +CURRENT_SERVER=$DEFAULT_SERVER + +#判断代理是否正常 +check_proxy() { +/usr/bin/ssr-check www.google.com 80 $switch_time 1 +if [ "$?" == "0" ]; then + return 0 +else + /usr/bin/ssr-check www.baidu.com 80 $switch_time 1 + if [ "$?" == "0" ]; then + #goole不通baidu通则不正常 + return 1 + else + return 2 + fi +fi +return 0 +} + + +test_proxy() { +local servername=$(uci_get_by_name $1 server) +local serverport=$(uci_get_by_name $1 server_port) +ret=$(ping -c 3 $servername | grep 'loss' | awk -F ',' '{ print $3 }' | awk -F "%" '{ print $1 }') +[ -z "$ret" ] && return 1 +[ "$ret" -gt "50" ] && return 1 +ipset add ss_spec_wan_ac $servername 2>/dev/null +ret=$? +/usr/bin/ssr-check $servername $serverport $switch_time +local ret2=$? +if [ "$ret" = "0" ] ;then +ipset del ss_spec_wan_ac $servername 2>/dev/null +fi +if [ "$ret2" = "0" ] ;then +return 0 +else +return 1 +fi +} + +search_proxy() { +let server_count=server_count+1 +[ "$normal_flag" = "1" -a "$server_count" -le "$server_locate" ] && return 0 +[ "$(uci_get_by_name $1 switch_enable)" != "1" ] && return 1 +[ $ENABLE_SERVER != nil ] && return 0 +[ "$1" = "$CURRENT_SERVER" ] && return 0 +local servername=$(uci_get_by_name $1 server) +local serverport=$(uci_get_by_name $1 server_port) +ipset add ss_spec_wan_ac $servername 2>/dev/null +ret=$? + /usr/bin/ssr-check $servername $serverport $switch_time + local ret2=$? +if [ "$ret" = "0" ] ;then +ipset del ss_spec_wan_ac $servername 2>/dev/null +fi +if [ "$ret2" = "0" ] ;then +server_locate=$server_count +ENABLE_SERVER=$1 +return 0 +else +return 1 +fi + +} +#选择可用的代理 +select_proxy() { + +config_load $NAME +ENABLE_SERVER=nil +mkdir -p /var/run /var/etc +server_count=0 +config_foreach search_proxy servers + +} + +#切换代理 +switch_proxy() { +/etc/init.d/shadowsocksr restart $1 +return 0 +} + +start() { +#不支持kcptun启用时的切换 +[ $(uci_get_by_name $DEFAULT_SERVER kcp_enable) = "1" ] && return 1 + +while [ "1" = "1" ] #死循环 +do + sleep $cycle_time + + LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") + + + #判断当前代理是否为缺省服务器 + if [ "$CURRENT_SERVER" != "$DEFAULT_SERVER" ] ;then + #echo "not default proxy" + echo "$(date "+%Y-%m-%d %H:%M:%S") Current server is not default Main server, try to switch back." >> /tmp/ssrplus.log + + #检查缺省服务器是否正常 + if test_proxy $DEFAULT_SERVER ;then + #echo "switch to default proxy" + echo "$(date "+%Y-%m-%d %H:%M:%S") Main server is avilable." >> /tmp/ssrplus.log + #缺省服务器正常,切换回来 + CURRENT_SERVER=$DEFAULT_SERVER + switch_proxy $CURRENT_SERVER + echo "switch to default ["$(uci_get_by_name $CURRENT_SERVER server)"] proxy!" >> /tmp/ssrplus.log + continue + else + echo "$(date "+%Y-%m-%d %H:%M:%S") Main server is NOT avilable.Continue using current server." >> /tmp/ssrplus.log + fi + fi + + #判断当前代理是否正常 + check_proxy + current_ret=$? + + if [ "$current_ret" = "1" ] ;then + #当前代理错误,判断有无可用的服务器 + #echo "current error" + echo "$(date "+%Y-%m-%d %H:%M:%S") Current server error, try to switch another server." >> /tmp/ssrplus.log + + select_proxy + if [ "$ENABLE_SERVER" != nil ] ;then + #有其他服务器可用,进行切换 + #echo $(uci_get_by_name $new_proxy server) + echo "$(date "+%Y-%m-%d %H:%M:%S") Another server is avilable, now switching server." >> /tmp/ssrplus.log + CURRENT_SERVER=$ENABLE_SERVER + switch_proxy $CURRENT_SERVER + normal_flag=1 + echo "$(date "+%Y-%m-%d %H:%M:%S") ShadowsocksR server switch OK" >> /tmp/ssrplus.log + else + normal_flag=0 + fi + else + normal_flag=0 + echo "$(date "+%Y-%m-%d %H:%M:%S") ShadowsocksR No Problem." >> /tmp/ssrplus.log + fi + + +done +} \ No newline at end of file diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh new file mode 100755 index 000000000..d620beb4d --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"gfwlist"'\n",$0)}' /etc/config/gfw.list > /etc/dnsmasq.ssr/custom_forward.conf +awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5353"'\n",$0)}' /etc/config/gfw.list >> /etc/dnsmasq.ssr/custom_forward.conf + diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssr-watchdog b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssr-watchdog new file mode 100755 index 000000000..1a51873f9 --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssr-watchdog @@ -0,0 +1,17 @@ +#!/bin/sh + +LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") + +/usr/bin/ssr-check www.google.com 80 3 1 + +if [ "$?" == "0" ]; then + echo "$LOGTIME ShadowsocksR No Problem." +else + /usr/bin/ssr-check www.baidu.com 80 3 1 + if [ "$?" == "0" ]; then + echo "$LOGTIME Problem decteted, restarting ShadowsocksR..." + /etc/init.d/shadowsocksr restart + else + echo "$LOGTIME Network Problem. Do nothing." + fi +fi diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.sh new file mode 100755 index 000000000..9cd15593d --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.sh @@ -0,0 +1,157 @@ +#!/bin/bash +# Copyright (C) 2017 XiaoShan https://www.mivm.cn + +urlsafe_b64decode() { + local d="====" data=$(echo $1 | sed 's/_/\//g; s/-/+/g') + local mod4=$((${#data}%4)) + [ $mod4 -gt 0 ] && data=${data}${d:mod4} + echo $data | base64 -d +} + +CheckIPAddr() { + echo $1 | grep "^[0-9]\{1,3\}\.\([0-9]\{1,3\}\.\)\{2\}[0-9]\{1,3\}$" >/dev/null 2>&1 + [ $? -ne 0 ] && return 1 + local ipaddr=($(echo $1 | sed 's/\./ /g')) + [ ${#ipaddr[@]} -ne 4 ] && return 1 + for ((i=0;i<${#ipaddr[@]};i++)) + do + [ ${ipaddr[i]} -gt 255 -a ${ipaddr[i]} -lt 0 ] && return 1 + done + return 0 +} + +Server_Update() { + local uci_set="uci -q set $name.$1." + ${uci_set}alias="[$ssr_group] $ssr_remarks" + ${uci_set}auth_enable="0" + ${uci_set}switch_enable="1" + ${uci_set}server="$ssr_host" + ${uci_set}server_port="$ssr_port" + ${uci_set}local_port="1234" + uci -q get $name.@servers[$1].timeout >/dev/null || ${uci_set}timeout="60" + ${uci_set}password="$ssr_passwd" + ${uci_set}encrypt_method="$ssr_method" + ${uci_set}protocol="$ssr_protocol" + ${uci_set}protocol_param="$ssr_protoparam" + ${uci_set}obfs="$ssr_obfs" + ${uci_set}obfs_param="$ssr_obfsparam" + ${uci_set}fast_open="0" + ${uci_set}kcp_enable="0" + ${uci_set}kcp_port="0" + ${uci_set}kcp_param="--nocomp" +} + +name=shadowsocksr +subscribe_url=($(uci get $name.@server_subscribe[0].subscribe_url)) +[ ${#subscribe_url[@]} -eq 0 ] && exit 1 +[ $(uci -q get $name.@server_subscribe[0].proxy || echo 0) -eq 0 ] && /etc/init.d/$name stop >/dev/null 2>&1 +log_name=${name}_subscribe +for ((o=0;o<${#subscribe_url[@]};o++)) +do + subscribe_data=$(wget-ssl --user-agent="User-Agent: Mozilla" --no-check-certificate -T 3 -O- ${subscribe_url[o]}) + curl_code=$? + if [ $curl_code -eq 0 ];then + ssr_url=($(echo $subscribe_data | base64 -d | sed 's/\r//g')) # 瑙g爜鏁版嵁骞跺垹闄 \r 鎹㈣绗 + subscribe_max=$(echo ${ssr_url[0]} | grep -i MAX= | awk -F = '{print $2}') + subscribe_max_x=() + if [ -n "$subscribe_max" ]; then + while [ ${#subscribe_max_x[@]} -ne $subscribe_max ] + do + if [ ${#ssr_url[@]} -ge 10 ]; then + if [ $((${RANDOM:0:2}%2)) -eq 0 ]; then + temp_x=${RANDOM:0:1} + else + temp_x=${RANDOM:0:2} + fi + else + temp_x=${RANDOM:0:1} + fi + [ $temp_x -lt ${#ssr_url[@]} -a -z "$(echo "${subscribe_max_x[*]}" | grep -w ${temp_x})" ] && subscribe_max_x[${#subscribe_max_x[@]}]="$temp_x" + done + else + subscribe_max=${#ssr_url[@]} + fi + ssr_group=$(urlsafe_b64decode $(urlsafe_b64decode ${ssr_url[$((${#ssr_url[@]} - 1))]//ssr:\/\//} | sed 's/&/\n/g' | grep group= | awk -F = '{print $2}')) + if [ -n "$ssr_group" ]; then + subscribe_i=0 + subscribe_n=0 + subscribe_o=0 + subscribe_x="" + temp_host_o=() + curr_ssr=$(uci show $name | grep @servers | grep -c server=) + for ((x=0;x<$curr_ssr;x++)) # 寰幆宸叉湁鏈嶅姟鍣ㄤ俊鎭紝鍖归厤褰撳墠璁㈤槄缇ょ粍 + do + temp_alias=$(uci -q get $name.@servers[$x].alias | grep "\[$ssr_group\]") + [ -n "$temp_alias" ] && temp_host_o[${#temp_host_o[@]}]=$(uci get $name.@servers[$x].server) + done + for ((x=0;x<$subscribe_max;x++)) # 寰幆閾炬帴 + do + [ ${#subscribe_max_x[@]} -eq 0 ] && temp_x=$x || temp_x=${subscribe_max_x[x]} + temp_info=$(urlsafe_b64decode ${ssr_url[temp_x]//ssr:\/\//}) # 瑙g爜 SSR 閾炬帴 + # 渚濇鑾峰彇鍩烘湰淇℃伅 + info=${temp_info///?*/} + temp_info_array=(${info//:/ }) + ssr_host=${temp_info_array[0]} + ssr_port=${temp_info_array[1]} + ssr_protocol=${temp_info_array[2]} + ssr_method=${temp_info_array[3]} + ssr_obfs=${temp_info_array[4]} + ssr_passwd=$(urlsafe_b64decode ${temp_info_array[5]}) + info=${temp_info:$((${#info} + 2))} + info=(${info//&/ }) + ssr_protoparam="" + ssr_obfsparam="" + ssr_remarks="$temp_x" + for ((i=0;i<${#info[@]};i++)) # 寰幆鎵╁睍淇℃伅 + do + temp_info=($(echo ${info[i]} | sed 's/=/ /g')) + case "${temp_info[0]}" in + protoparam) + ssr_protoparam=$(urlsafe_b64decode ${temp_info[1]}) + ;; + obfsparam) + ssr_obfsparam=$(urlsafe_b64decode ${temp_info[1]}) + ;; + remarks) + ssr_remarks=$(urlsafe_b64decode ${temp_info[1]}) + ;; + esac + done + + uci_name_tmp=$(uci show $name | grep -w $ssr_host | awk -F . '{print $2}') + if [ -z "$uci_name_tmp" ]; then # 鍒ゆ柇褰撳墠鏈嶅姟鍣ㄤ俊鎭槸鍚﹀瓨鍦 + uci_name_tmp=$(uci add $name servers) + subscribe_n=$(($subscribe_n + 1)) + fi + Server_Update $uci_name_tmp + subscribe_x=${subscribe_x}$ssr_host" " + + # echo "鏈嶅姟鍣ㄥ湴鍧: $ssr_host" + # echo "鏈嶅姟鍣ㄧ鍙 $ssr_port" + # echo "瀵嗙爜: $ssr_passwd" + # echo "鍔犲瘑: $ssr_method" + # echo "鍗忚: $ssr_protocol" + # echo "鍗忚鍙傛暟: $ssr_protoparam" + # echo "娣锋穯: $ssr_obfs" + # echo "娣锋穯鍙傛暟: $ssr_obfsparam" + # echo "澶囨敞: $ssr_remarks" + done + for ((x=0;x<${#temp_host_o[@]};x++)) # 鏂版棫鏈嶅姟鍣ㄤ俊鎭尮閰嶏紝濡傛灉鏃ф湇鍔″櫒淇℃伅涓嶅瓨鍦ㄤ簬鏂版湇鍔″櫒淇℃伅鍒欏垹闄 + do + if [ -z "$(echo "$subscribe_x" | grep -w ${temp_host_o[x]})" ]; then + uci_name_tmp=$(uci show $name | grep ${temp_host_o[x]} | awk -F . '{print $2}') + uci delete $name.$uci_name_tmp + subscribe_o=$(($subscribe_o + 1)) + fi + done + subscribe_log="$ssr_group 鏈嶅姟鍣ㄨ闃呮洿鏂版垚鍔 鏈嶅姟鍣ㄦ暟閲: ${#ssr_url[@]} 鏂板鏈嶅姟鍣: $subscribe_n 鍒犻櫎鏈嶅姟鍣: $subscribe_o" + logger -st $log_name[$$] -p6 "$subscribe_log" + uci commit $name + else + logger -st $log_name[$$] -p3 "${subscribe_url[$o]} 璁㈤槄鏁版嵁瑙f瀽澶辫触 鏃犳硶鑾峰彇 Group" + fi + else + logger -st $log_name[$$] -p3 "${subscribe_url[$o]} 璁㈤槄鏁版嵁鑾峰彇澶辫触 閿欒浠g爜: $curl_code" + fi +done +/etc/init.d/$name restart >/dev/null 2>&1 diff --git a/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh new file mode 100755 index 000000000..01ab7f90f --- /dev/null +++ b/package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +chnroute_data=$(wget -O- -t 3 -T 3 http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest) +[ $? -eq 0 ] && { + echo "$chnroute_data" | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/china_ssr.txt +} + +if [ -s "/tmp/china_ssr.txt" ];then + if ( ! cmp -s /tmp/china_ssr.txt /etc/china_ssr.txt );then + mv /tmp/china_ssr.txt /etc/china_ssr.txt + fi +fi + +wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfw.b64 +/usr/bin/ssr-gfw + +if [ -s "/tmp/gfwnew.txt" ];then + if ( ! cmp -s /tmp/gfwnew.txt /etc/dnsmasq.ssr/gfw_list.conf );then + mv /tmp/gfwnew.txt /etc/dnsmasq.ssr/gfw_list.conf + echo "copy" + fi +fi + +/etc/init.d/shadowsocksr restart \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/Makefile b/package/lean/luci-app-ssrserver-python/Makefile new file mode 100644 index 000000000..7d7a31755 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/Makefile @@ -0,0 +1,19 @@ +# +# Copyright (C) 2008-2014 The LuCI Team +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI for SSR Server Python +LUCI_DEPENDS:=+python +LUCI_PKGARCH:=all +PKG_VERSION:=3.2.0 +PKG_RELEASE:=6 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-ssrserver-python/luasrc/controller/ssrs.lua b/package/lean/luci-app-ssrserver-python/luasrc/controller/ssrs.lua new file mode 100644 index 000000000..01095ec59 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/luasrc/controller/ssrs.lua @@ -0,0 +1,21 @@ +module("luci.controller.ssrs",package.seeall) + +function index() +if not nixio.fs.access("/etc/config/ssrs")then + return +end + +entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false + +local page + +entry({"admin","vpn","ssrs"},cbi("ssrs"),_("SSR Python Server"),4).dependent=true +entry({"admin","vpn","ssrs","status"},call("act_status")).leaf=true +end + +function act_status() + local e={} + e.running=luci.sys.call("ps | grep server.py |grep -v grep >/dev/null") == 0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-ssrserver-python/luasrc/model/cbi/ssrs.lua b/package/lean/luci-app-ssrserver-python/luasrc/model/cbi/ssrs.lua new file mode 100644 index 000000000..889aca8a6 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/luasrc/model/cbi/ssrs.lua @@ -0,0 +1,75 @@ +local a,t,e +local m, s +local o=require"nixio.fs" +local n={ +"none", +"aes-128-ctr", +"aes-192-ctr", +"aes-256-ctr", +"aes-128-cfb", +"aes-192-cfb", +"aes-256-cfb", +"rc4", +"rc4-md5", +"rc4-md5-6", +} +local s={ +"origin", +"verify_deflate", +"auth_sha1_v4", +"auth_aes128_md5", +"auth_aes128_sha1", +"auth_chain_a", +"auth_chain_b", +"auth_chain_c", +"auth_chain_d", +"auth_chain_e", +"auth_chain_f", +} +local i={ +"plain", +"http_simple", +"http_post", +"random_head", +"tls1.2_ticket_auth", +"tls1.2_ticket_fastauth", +} +local o={ +"false", +"true", +} + +a= Map("ssrs", translate("ShadowSocksR Server Config")) +a.description = translate("ShadowsocksR Python Server is a fork of the Shadowsocks project, claimed to be superior in terms of security and stability") + +a:section(SimpleSection).template = "ssrs/ssrs_status" + +t=a:section(TypedSection,"server",translate("")) +t.anonymous=true +t.addremove=false + +e=t:option(Flag,"enable",translate("Enable")) +e.rmempty=false + +e=t:option(Value,"server_port",translate("Server Port")) +e.datatype="port" +e.rmempty=false +e.default=139 + +e=t:option(Value,"password",translate("Password")) +e.password=true +e.rmempty=false + +e=t:option(ListValue,"encrypt_method",translate("Encrypt Method")) +for a,t in ipairs(n)do e:value(t)end +e.rmempty=false + +e=t:option(ListValue,"protocol",translate("Protocol")) +for a,t in ipairs(s)do e:value(t)end +e.rmempty=false + +e=t:option(ListValue,"obfs",translate("Obfs")) +for a,t in ipairs(i)do e:value(t)end +e.rmempty=false + +return a diff --git a/package/lean/luci-app-ssrserver-python/luasrc/view/ssrs/ssrs_status.htm b/package/lean/luci-app-ssrserver-python/luasrc/view/ssrs/ssrs_status.htm new file mode 100644 index 000000000..043620d08 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/luasrc/view/ssrs/ssrs_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
\ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/po/zh-cn/ssrs.po b/package/lean/luci-app-ssrserver-python/po/zh-cn/ssrs.po new file mode 100644 index 000000000..e3b31875f --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/po/zh-cn/ssrs.po @@ -0,0 +1,35 @@ +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8\n" + +msgid "SSR Python Server" +msgstr "SSR Python 鏈嶅姟鍣" + +msgid "ShadowSocksR Server Config" +msgstr "ShadowsocksR Python 鏈嶅姟鍣ㄨ缃" + +msgid "Global Setting" +msgstr "鍏ㄥ眬璁剧疆" + +msgid "Encrypt Method" +msgstr "鍔犲瘑" + +msgid "Protocol_param" +msgstr "鍗忚鍙傛暟" + +msgid "Obfs" +msgstr "娣锋穯" + +msgid "Obfs_param" +msgstr "娣锋穯鍙傛暟" + +msgid "redirect" +msgstr "閲嶅畾鍚" + +msgid "Connection Timeout" +msgstr "杩炴帴瓒呮椂鏃堕棿" + +msgid "ShadowsocksR Python Server is a fork of the Shadowsocks project, claimed to be superior in terms of security and stability" +msgstr "ShadowsocksR Python 鏈嶅姟鍣ㄦ槸涓涓鍔犱簡鍗忚鍙傛暟鍜屾贩娣嗙殑鍏ㄥ姛鑳界増鏈" + +msgid "ShadowsocksR Python Server" +msgstr "ShadowsocksR Python 鏈嶅姟鍣" diff --git a/package/lean/luci-app-ssrserver-python/root/etc/config/ssrs b/package/lean/luci-app-ssrserver-python/root/etc/config/ssrs new file mode 100644 index 000000000..a85b5ca5e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/etc/config/ssrs @@ -0,0 +1,11 @@ + +config server 'ssrs' + option password '12345678' + option timeout '300' + option fast_open 'true' + option encrypt_method 'rc4-md5' + option protocol 'auth_sha1_v4' + option obfs 'http_simple' + option server_port '10240' + option enable '0' + diff --git a/package/lean/luci-app-ssrserver-python/root/etc/init.d/ssrs b/package/lean/luci-app-ssrserver-python/root/etc/init.d/ssrs new file mode 100755 index 000000000..63a473b3f --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/etc/init.d/ssrs @@ -0,0 +1,95 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (C) 2015 OpenWrt-dist +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +START=91 + +CONFIG=ssrs +CONFIG_FILE=/var/etc/$CONFIG.json +PID_FILE=/var/run/$CONFIG.pid +LOG_FILE=/var/log/$CONFIG.log + +uci_get_by_type() { + local index=0 + if [ -n $4 ]; then + index=$4 + fi + local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null) + echo ${ret:=$3} +} + +is_true() { + case $1 in + 1|on|true|yes|enabled) echo 0;; + *) echo 1;; + esac +} + +load_config() { + ENABLED=$(uci_get_by_type server enable) + return $(is_true $ENABLED) +} + +start_server() { + mkdir -p /var/etc + /usr/bin/python \ + /usr/share/ssr/shadowsocks/server.py \ + -c $CONFIG_FILE \ + --pid-file $PID_FILE \ + --log-file $LOG_FILE \ + -d start \ + >/dev/null 2>&1 & +} + +gen_config_file() { + cat <<-EOF >$CONFIG_FILE + { + "server": "0.0.0.0", + "server_port": $(uci_get_by_type server server_port), + "local_address":"127.0.0.1", + "local_port":1086, + "password": "$(uci_get_by_type server password)", + "timeout": $(uci_get_by_type server timeout 60), + "method": "$(uci_get_by_type server encrypt_method)", + "protocol": "$(uci_get_by_type server protocol)", + "protocol_param": "$(uci_get_by_type server protocol_param)", + "obfs": "$(uci_get_by_type server obfs)", + "obfs_param": "$(uci_get_by_type server obfs_param)", + "redirect": "$(uci_get_by_type server redirect)", + "fast_open": "$(uci_get_by_type server fast_open)" + } +EOF +} + + +add_rule() { + serverport=$(uci_get_by_type server server_port) + uci set firewall.ssrs.dest_port=$serverport && uci commit firewall && /etc/init.d/firewall restart +} + +del_rule() { + serverport=$(uci_get_by_type server server_port) +} + +start() { + ! load_config && exit 0 + gen_config_file "server" + start_server + add_rule +} + +stop() { + del_rule + /usr/bin/python \ + /usr/share/ssr/shadowsocks/server.py \ + -c $CONFIG_FILE \ + --pid-file $PID_FILE \ + --log-file $LOG_FILE \ + -d stop \ + >/dev/null 2>&1 & + rm -f $LOG_FILE +} \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/root/etc/uci-defaults/luci-app-ssrs b/package/lean/luci-app-ssrserver-python/root/etc/uci-defaults/luci-app-ssrs new file mode 100755 index 000000000..a38759098 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/etc/uci-defaults/luci-app-ssrs @@ -0,0 +1,19 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@ssrs[-1] + add ucitrack ssrs + set ucitrack.@ssrs[-1].init=ssrs + commit ucitrack + delete firewall.ssrs + add firewall rule + rename firewall.@rule[-1]="ssrs" + set firewall.@rule[-1].name="ssrs" + set firewall.@rule[-1].target="ACCEPT" + set firewall.@rule[-1].src="wan" + set firewall.@rule[-1].proto="tcp" + set firewall.@rule[-1].dest_port="10240" +EOF + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/.travis.yml b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/.travis.yml new file mode 100644 index 000000000..014fa0714 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/.travis.yml @@ -0,0 +1,21 @@ +language: python +python: + - 2.6 + - 2.7 + - 3.3 + - 3.4 +cache: + directories: + - dante-1.4.0 +before_install: + - sudo apt-get update -qq + - sudo apt-get install -qq build-essential dnsutils iproute nginx bc + - sudo dd if=/dev/urandom of=/usr/share/nginx/www/file bs=1M count=10 + - sudo sh -c "echo '127.0.0.1 localhost' > /etc/hosts" + - sudo service nginx restart + - pip install pep8 pyflakes nose coverage PySocks cymysql + - sudo tests/socksify/install.sh + - sudo tests/libsodium/install.sh + - sudo tests/setup_tc.sh +script: + - tests/jenkins.sh diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/CHANGES b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/CHANGES new file mode 100644 index 000000000..0cd91768e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/CHANGES @@ -0,0 +1,342 @@ +3.4.0 2017-07-27 +- add auth_chain_b +- add initmudbjson.sh +- allow set speed limit in runtime +- fix bugs & mem leak + +3.3.3 2017-06-03 +- add DNS cache +- add tls1.2_ticket_fastauth +- fix bugs + +3.3.2 2017-05-20 +- revert http reply +- refine tls1.2_ticket_auth error detector + +3.3.1 2017-05-18 +- fix stop script +- Async DNS query under UDP +- fix old version of OpenSSL +- http reply + +3.3.0 2017-05-11 +- connect_log include local addr & port +- fix auth_chain_a UDP bug +- add "additional_ports_only" +- add interface legendsockssr +- run with newest python version +- parse comment in hosts +- update mujson_mgr +- add cymysql setup script +- new speed tester +- fix leaks +- bugs fixed + +3.2.0 2017-04-27 +- add auth_chain_a +- remove auth_aes128, auth_sha1, auth_sha1_v2, verify_simple, auth_simple, verify_sha1 + +3.1.2 2017-04-07 +- display UID +- auto adjust TCP MSS + +3.1.1 2017-03-25 +- add "New session ticket" +- ignore bind 10.0.0.0/8 and 192.168.0.0/16 by default +- improve rand size under auth_aes128_* +- fix bugs + +3.1.0 2017-03-16 +- add "glzjinmod" interface +- rate limit +- add additional_ports in config + +3.0.4 2017-01-08 +- multi-user in single port + +3.0.1 2017-01-03 +- remove auth_aes128_*_compatible + +3.0.0 2016-12-23 +- http_simple fix bugs +- tls1.2_ticket_auth fix bug & defaule time diff set to 86400s + +2.9.7 2016-11-22 +- manage client with LRUCache +- catch bind error +- fix import error of resource on windows +- print RLIMIT_NOFILE +- always close cymysql objects +- add init script + +2.9.6 2016-10-17 +- tls1.2_ticket_auth random packet size + +2.9.5.1 2016-10-16 +- UDP bind address + +2.9.5 2016-10-13 +- add auth_aes128_md5 and auth_aes128_sha1 + +2.9.4 2016-10-11 +- sync client version + +2.6.13 2015-11-02 +- add protocol setting + +2.6.12 2015-10-27 +- IPv6 first +- Fix mem leaks +- auth_simple plugin +- remove FORCE_NEW_PROTOCOL +- optimize code + +2.6.11 2015-10-20 +- Obfs plugin +- Obfs parameters +- UDP over TCP +- TCP over UDP (experimental) +- Fix socket leaks +- Catch abnormal UDP package + +2.6.10 2015-06-08 +- Optimize LRU cache +- Refine logging + +2.6.9 2015-05-19 +- Fix a stability issue on Windows + +2.6.8 2015-02-10 +- Support multiple server ip on client side +- Support --version +- Minor fixes + +2.6.7 2015-02-02 +- Support --user +- Support CIDR format in --forbidden-ip +- Minor fixes + +2.6.6 2015-01-23 +- Fix a crash in forbidden list + +2.6.5 2015-01-18 +- Try both 32 bit and 64 bit dll on Windows + +2.6.4 2015-01-14 +- Also search lib* when searching libraries + +2.6.3 2015-01-12 +- Support --forbidden-ip to ban some IP, i.e. localhost +- Search OpenSSL and libsodium harder +- Now works on OpenWRT + +2.6.2 2015-01-03 +- Log client IP + +2.6.1 2014-12-26 +- Fix a problem with TCP Fast Open on local side +- Fix sometimes daemon_start returns wrong exit status + +2.6 2014-12-21 +- Add daemon support + +2.5 2014-12-11 +- Add salsa20 and chacha20 + +2.4.3 2014-11-10 +- Fix an issue on Python 3 +- Fix an issue with IPv6 + +2.4.2 2014-11-06 +- Fix command line arguments on Python 3 +- Support table on Python 3 +- Fix TCP Fast Open on Python 3 + +2.4.1 2014-11-01 +- Fix setup.py for non-utf8 locales on Python 3 + +2.4 2014-11-01 +- Python 3 support +- Performance improvement +- Fix LRU cache behavior + +2.3.2 2014-10-11 +- Fix OpenSSL on Windows + +2.3.1 2014-10-09 +- Does not require M2Crypto any more + +2.3 2014-09-23 +- Support CFB1, CFB8 and CTR mode of AES +- Do not require password config when using port_password +- Use SIGTERM instead of SIGQUIT on Windows + +2.2.2 2014-09-14 +- Fix when multiple DNS set, IPv6 only sites are broken + +2.2.1 2014-09-10 +- Support graceful shutdown +- Fix some bugs + +2.2.0 2014-09-09 +- Add RC4-MD5 encryption + +2.1.0 2014-08-10 +- Use only IPv4 DNS server +- Does not ship config.json +- Better error message + +2.0.12 2014-07-26 +- Support -q quiet mode +- Exit 0 when showing help with -h + +2.0.11 2014-07-12 +- Prefers IP addresses over hostnames, more friendly with socksify and openvpn + +2.0.10 2014-07-11 +- Fix UDP on local + +2.0.9 2014-07-06 +- Fix EWOULDBLOCK on Windows +- Fix Unicode config problem on some platforms + +2.0.8 2014-06-23 +- Use multiple DNS to query hostnames + +2.0.7 2014-06-21 +- Fix fastopen on local +- Fallback when fastopen is not available +- Add verbose logging mode -vv +- Verify if hostname is valid + +2.0.6 2014-06-19 +- Fix CPU 100% on POLL_HUP +- More friendly logging + +2.0.5 2014-06-18 +- Support a simple config format for multiple ports + +2.0.4 2014-06-12 +- Fix worker master + +2.0.3 2014-06-11 +- Fix table encryption with UDP + +2.0.2 2014-06-11 +- Add asynchronous DNS in TCP relay + +2.0.1 2014-06-05 +- Better logging +- Maybe fix bad file descriptor + +2.0 2014-06-05 +- Use a new event model +- Remove gevent +- Refuse to use default password +- Fix a problem when using multiple passwords with table encryption + +1.4.5 2014-05-24 +- Add timeout in TCP server +- Close sockets in master process + +1.4.4 2014-05-17 +- Support multiple workers + +1.4.3 2014-05-13 +- Fix Windows + +1.4.2 2014-05-10 +- Add salsa20-ctr cipher + +1.4.1 2014-05-03 +- Fix error log +- Fix EINPROGESS with some version of gevent + +1.4.0 2014-05-02 +- Adds UDP relay +- TCP fast open support on Linux 3.7+ + +1.3.7 2014-04-10 +- Fix a typo in help + +1.3.6 2014-04-10 +- Fix a typo in help + +1.3.5 2014-04-07 +- Add help +- Change default local binding address into 127.0.0.1 + +1.3.4 2014-02-17 +- Fix a bug when no config file exists +- Client now support multiple server ports and multiple server/port pairs +- Better error message with bad config.json format and wrong password + +1.3.3 2013-07-09 +- Fix default key length of rc2 + +1.3.2 2013-07-04 +- Server will listen at server IP specified in config +- Check config file and show some warning messages + +1.3.1 2013-06-29 +- Fix -c arg + +1.3.0 2013-06-22 +- Move to pypi + +1.2.3 2013-06-14 +- add bind address + +1.2.2 2013-05-31 +- local can listen at ::0 with -6 arg; bump 1.2.2 + +1.2.1 2013-05-23 +- Fix an OpenSSL crash + +1.2 2013-05-22 +- Use random iv, we finally have strong encryption + +1.1.1 2013-05-21 +- Add encryption, AES, blowfish, etc. + +1.1 2013-05-16 +- Support IPv6 addresses (type 4) +- Drop Python 2.5 support + +1.0 2013-04-03 +- Fix -6 IPv6 + +0.9.4 2013-03-04 +- Support Python 2.5 + +0.9.3 2013-01-14 +- Fix conn termination null data + +0.9.2 2013-01-05 +- Change default timeout + +0.9.1 2013-01-05 +- Add Travis-CI test + +0.9 2012-12-30 +- Replace send with sendall, fix FreeBSD + +0.6 2012-12-06 +- Support args + +0.5 2012-11-08 +- Fix encryption with negative md5sum + +0.4 2012-11-02 +- Move config into a JSON file +- Auto-detect config path + +0.3 2012-06-06 +- Move socks5 negotiation to local + +0.2 2012-05-11 +- Add -6 arg for IPv6 +- Fix socket.error + +0.1 2012-04-20 +- Initial version diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/CONTRIBUTING.md b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/CONTRIBUTING.md new file mode 100644 index 000000000..fbdb9c11b --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/CONTRIBUTING.md @@ -0,0 +1,29 @@ +How to Contribute +================= + +Pull Requests +------------- + +1. Pull requests are welcome. If you would like to add a large feature +or make a significant change, make sure to open an issue to discuss with +people first. +2. Follow PEP8. +3. Make sure to pass the unit tests. Write unit tests for new modules if +needed. + +Issues +------ + +1. Only bugs and feature requests are accepted here. +2. We'll only work on important features. If the feature you're asking only +benefits a few people, you'd better implement the feature yourself and send us +a pull request, or ask some of your friends to do so. +3. We don't answer questions of any other types here. Since very few people +are watching the issue tracker here, you'll probably get no help from here. +Read [Troubleshooting] and get help from forums or [mailing lists]. +4. Issues in languages other than English will be Google translated into English +later. + + +[Troubleshooting]: https://github.com/clowwindy/shadowsocks/wiki/Troubleshooting +[mailing lists]: https://groups.google.com/forum/#!forum/shadowsocks diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/Dockerfile b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/Dockerfile new file mode 100644 index 000000000..ec7b2c6e7 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/Dockerfile @@ -0,0 +1,31 @@ +FROM alpine:3.6 + +ENV SERVER_ADDR 0.0.0.0 +ENV SERVER_PORT 51348 +ENV PASSWORD psw +ENV METHOD aes-128-ctr +ENV PROTOCOL auth_aes128_md5 +ENV PROTOCOLPARAM 32 +ENV OBFS tls1.2_ticket_auth_compatible +ENV TIMEOUT 300 +ENV DNS_ADDR 8.8.8.8 +ENV DNS_ADDR_2 8.8.4.4 + +ARG BRANCH=manyuser +ARG WORK=~ + + +RUN apk --no-cache add python \ + libsodium \ + wget + + +RUN mkdir -p $WORK && \ + wget -qO- --no-check-certificate https://github.com/shadowsocksr/shadowsocksr/archive/$BRANCH.tar.gz | tar -xzf - -C $WORK + + +WORKDIR $WORK/shadowsocksr-$BRANCH/shadowsocks + + +EXPOSE $SERVER_PORT +CMD python server.py -p $SERVER_PORT -k $PASSWORD -m $METHOD -O $PROTOCOL -o $OBFS -G $PROTOCOLPARAM diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/LICENSE b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/MANIFEST.in b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/MANIFEST.in new file mode 100644 index 000000000..1882dd7dc --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/MANIFEST.in @@ -0,0 +1,3 @@ +recursive-include shadowsocks *.py +include README.rst +include LICENSE diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/README.md b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/README.md new file mode 100644 index 000000000..53eafeaa8 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/README.md @@ -0,0 +1,105 @@ +ShadowsocksR +=========== + +[![Build Status]][Travis CI] + +A fast tunnel proxy that helps you bypass firewalls. + +Server +------ + +### Install + +Debian / Ubuntu: + + apt-get install git + git clone https://github.com/shadowsocksr/shadowsocksr.git + +CentOS: + + yum install git + git clone https://github.com/shadowsocksr/shadowsocksr.git + +Windows: + + git clone https://github.com/shadowsocksr/shadowsocksr.git + +### Usage for single user on linux platform + +If you clone it into "~/shadowsocksr" +move to "~/shadowsocksr", then run: + + bash initcfg.sh + +move to "~/shadowsocksr/shadowsocks", then run: + + python server.py -p 443 -k password -m aes-128-cfb -O auth_aes128_md5 -o tls1.2_ticket_auth_compatible + +Check all the options via `-h`. + +You can also use a configuration file instead (recommend), move to "~/shadowsocksr" and edit the file "user-config.json", then move to "~/shadowsocksr/shadowsocks" again, just run: + + python server.py + +To run in the background: + + ./logrun.sh + +To stop: + + ./stop.sh + +To monitor the log: + + ./tail.sh + + +Client +------ + +* [Windows] / [macOS] +* [Android] / [iOS] +* [OpenWRT] + +Use GUI clients on your local PC/phones. Check the README of your client +for more information. + +Documentation +------------- + +You can find all the documentation in the [Wiki]. + +License +------- + +Copyright 2015 clowwindy + +Licensed under the Apache License, Version 2.0 (the "License"); you may +not use this file except in compliance with the License. You may obtain +a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations +under the License. + +Bugs and Issues +---------------- + +* [Issue Tracker] + + + +[Android]: https://github.com/shadowsocksr/shadowsocksr-android +[Build Status]: https://travis-ci.org/shadowsocksr/shadowsocksr.svg?branch=manyuser +[Debian sid]: https://packages.debian.org/unstable/python/shadowsocks +[iOS]: https://github.com/shadowsocks/shadowsocks-iOS/wiki/Help +[Issue Tracker]: https://github.com/shadowsocksr/shadowsocksr/issues?state=open +[OpenWRT]: https://github.com/shadowsocks/openwrt-shadowsocks +[macOS]: https://github.com/shadowsocksr/ShadowsocksX-NG +[Travis CI]: https://travis-ci.org/shadowsocksr/shadowsocksr +[Windows]: https://github.com/shadowsocksr/shadowsocksr-csharp +[Wiki]: https://github.com/breakwa11/shadowsocks-rss/wiki diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/README.rst b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/README.rst new file mode 100644 index 000000000..bf2a3ec32 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/README.rst @@ -0,0 +1,113 @@ +shadowsocks +=========== + +|PyPI version| |Build Status| |Coverage Status| + +A fast tunnel proxy that helps you bypass firewalls. + +Server +------ + +Install +~~~~~~~ + +Debian / Ubuntu: + +:: + + apt-get install python-pip + pip install shadowsocks + +CentOS: + +:: + + yum install python-setuptools && easy_install pip + pip install shadowsocks + +Windows: + +See `Install Server on +Windows `__ + +Usage +~~~~~ + +:: + + ssserver -p 443 -k password -m rc4-md5 + +To run in the background: + +:: + + sudo ssserver -p 443 -k password -m rc4-md5 --user nobody -d start + +To stop: + +:: + + sudo ssserver -d stop + +To check the log: + +:: + + sudo less /var/log/shadowsocks.log + +Check all the options via ``-h``. You can also use a +`Configuration `__ +file instead. + +Client +------ + +- `Windows `__ + / `OS + X `__ +- `Android `__ + / `iOS `__ +- `OpenWRT `__ + +Use GUI clients on your local PC/phones. Check the README of your client +for more information. + +Documentation +------------- + +You can find all the documentation in the +`Wiki `__. + +License +------- + +Copyright 2015 clowwindy + +Licensed under the Apache License, Version 2.0 (the "License"); you may +not use this file except in compliance with the License. You may obtain +a copy of the License at + +:: + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Bugs and Issues +--------------- + +- `Troubleshooting `__ +- `Issue + Tracker `__ +- `Mailing list `__ + +.. |PyPI version| image:: https://img.shields.io/pypi/v/shadowsocks.svg?style=flat + :target: https://pypi.python.org/pypi/shadowsocks +.. |Build Status| image:: https://img.shields.io/travis/shadowsocks/shadowsocks/master.svg?style=flat + :target: https://travis-ci.org/shadowsocks/shadowsocks +.. |Coverage Status| image:: https://jenkins.shadowvpn.org/result/shadowsocks + :target: https://jenkins.shadowvpn.org/job/Shadowsocks/ws/PYENV/py34/label/linux/htmlcov/index.html diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/apiconfig.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/apiconfig.py new file mode 100644 index 000000000..5ee8be127 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/apiconfig.py @@ -0,0 +1,15 @@ +锘# Config +API_INTERFACE = 'sspanelv2' #mudbjson, sspanelv2, sspanelv3, sspanelv3ssr, glzjinmod, legendsockssr, muapiv2(not support) +UPDATE_TIME = 60 +SERVER_PUB_ADDR = '127.0.0.1' # mujson_mgr need this to generate ssr link + +#mudb +MUDB_FILE = 'mudb.json' + +# Mysql +MYSQL_CONFIG = 'usermysql.json' + +# API +MUAPI_CONFIG = 'usermuapi.json' + + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/asyncmgr.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/asyncmgr.py new file mode 100644 index 000000000..9bf4d0936 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/asyncmgr.py @@ -0,0 +1,99 @@ +锘#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2014 clowwindy +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +import time +import os +import socket +import struct +import re +import logging +from shadowsocks import common +from shadowsocks import lru_cache +from shadowsocks import eventloop +import server_pool +import Config + +class ServerMgr(object): + + def __init__(self): + self._loop = None + self._request_id = 1 + self._hosts = {} + self._hostname_status = {} + self._hostname_to_cb = {} + self._cb_to_hostname = {} + self._last_time = time.time() + self._sock = None + self._servers = None + + def add_to_loop(self, loop): + if self._loop: + raise Exception('already add to loop') + self._loop = loop + # TODO when dns server is IPv6 + self._sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + self._sock.bind((Config.MANAGE_BIND_IP, Config.MANAGE_PORT)) + self._sock.setblocking(False) + loop.add(self._sock, eventloop.POLL_IN, self) + + def _handle_data(self, sock): + data, addr = sock.recvfrom(128) + #manage pwd:port:passwd:action + args = data.split(':') + if len(args) < 4: + return + if args[0] == Config.MANAGE_PASS: + if args[3] == '0': + server_pool.ServerPool.get_instance().cb_del_server(args[1]) + elif args[3] == '1': + server_pool.ServerPool.get_instance().new_server(args[1], args[2]) + + def handle_event(self, sock, fd, event): + if sock != self._sock: + return + if event & eventloop.POLL_ERR: + logging.error('mgr socket err') + self._loop.remove(self._sock) + self._sock.close() + # TODO when dns server is IPv6 + self._sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + self._sock.setblocking(False) + self._loop.add(self._sock, eventloop.POLL_IN, self) + else: + self._handle_data(sock) + + def close(self): + if self._sock: + if self._loop: + self._loop.remove(self._sock) + self._sock.close() + self._sock = None + + +def test(): + pass + +if __name__ == '__main__': + test() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/config.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/config.json new file mode 100644 index 000000000..55f12b5f4 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/config.json @@ -0,0 +1,25 @@ +{ + "server": "0.0.0.0", + "server_ipv6": "::", + "server_port": 8388, + "local_address": "127.0.0.1", + "local_port": 1080, + + "password": "m", + "method": "aes-128-ctr", + "protocol": "auth_aes128_md5", + "protocol_param": "", + "obfs": "tls1.2_ticket_auth_compatible", + "obfs_param": "", + "speed_limit_per_con": 0, + "speed_limit_per_user": 0, + + "additional_ports" : {}, // only works under multi-user mode + "additional_ports_only" : false, // only works under multi-user mode + "timeout": 120, + "udp_timeout": 60, + "dns_ipv6": false, + "connect_verbose_info": 0, + "redirect": "", + "fast_open": false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/configloader.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/configloader.py new file mode 100644 index 000000000..cf9d61961 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/configloader.py @@ -0,0 +1,15 @@ +锘#!/usr/bin/python +# -*- coding: UTF-8 -*- +import importloader + +g_config = None + +def load_config(): + global g_config + g_config = importloader.loads(['userapiconfig', 'apiconfig']) + +def get_config(): + return g_config + +load_config() + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/db_transfer.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/db_transfer.py new file mode 100644 index 000000000..67bda6083 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/db_transfer.py @@ -0,0 +1,631 @@ +锘#!/usr/bin/python +# -*- coding: UTF-8 -*- + +import logging +import time +import sys +from server_pool import ServerPool +import traceback +from shadowsocks import common, shell, lru_cache, obfs +from configloader import load_config, get_config +import importloader + +switchrule = None +db_instance = None + +class TransferBase(object): + def __init__(self): + import threading + self.event = threading.Event() + self.key_list = ['port', 'u', 'd', 'transfer_enable', 'passwd', 'enable'] + self.last_get_transfer = {} #涓婁竴娆$殑瀹為檯娴侀噺 + self.last_update_transfer = {} #涓婁竴娆℃洿鏂板埌鐨勬祦閲忥紙灏忎簬绛変簬瀹為檯娴侀噺锛 + self.force_update_transfer = set() #寮哄埗鎺ㄥ叆鏁版嵁搴撶殑ID + self.port_uid_table = {} #绔彛鍒皍id鐨勬槧灏勶紙浠卾3浠ヤ笂鏈夌敤锛 + self.onlineuser_cache = lru_cache.LRUCache(timeout=60*30) #鐢ㄦ埛鍦ㄧ嚎鐘舵佽褰 + self.pull_ok = False #璁板綍鏄惁宸茬粡鎷夊嚭杩囨暟鎹 + self.mu_ports = {} + + def load_cfg(self): + pass + + def push_db_all_user(self): + if self.pull_ok is False: + return + #鏇存柊鐢ㄦ埛娴侀噺鍒版暟鎹簱 + last_transfer = self.last_update_transfer + curr_transfer = ServerPool.get_instance().get_servers_transfer() + #涓婃鍜屾湰娆$殑澧為噺 + dt_transfer = {} + for id in self.force_update_transfer: #姝よ〃涓殑鐢ㄦ埛缁熻涓婃鏈鍏ョ殑娴侀噺 + if id in self.last_get_transfer and id in last_transfer: + dt_transfer[id] = [self.last_get_transfer[id][0] - last_transfer[id][0], self.last_get_transfer[id][1] - last_transfer[id][1]] + + for id in curr_transfer.keys(): + if id in self.force_update_transfer or id in self.mu_ports: + continue + #绠楀嚭涓庝笂娆¤褰曠殑娴侀噺宸硷紝淇濆瓨浜巇t_transfer琛 + if id in last_transfer: + if curr_transfer[id][0] + curr_transfer[id][1] - last_transfer[id][0] - last_transfer[id][1] <= 0: + continue + dt_transfer[id] = [curr_transfer[id][0] - last_transfer[id][0], + curr_transfer[id][1] - last_transfer[id][1]] + else: + if curr_transfer[id][0] + curr_transfer[id][1] <= 0: + continue + dt_transfer[id] = [curr_transfer[id][0], curr_transfer[id][1]] + + #鏈夋祦閲忕殑锛屽厛璁板綍鍦ㄧ嚎鐘舵 + if id in self.last_get_transfer: + if curr_transfer[id][0] + curr_transfer[id][1] > self.last_get_transfer[id][0] + self.last_get_transfer[id][1]: + self.onlineuser_cache[id] = curr_transfer[id][0] + curr_transfer[id][1] + else: + self.onlineuser_cache[id] = curr_transfer[id][0] + curr_transfer[id][1] + + self.onlineuser_cache.sweep() + + update_transfer = self.update_all_user(dt_transfer) #杩斿洖鏈夋洿鏂扮殑琛 + for id in update_transfer.keys(): #鍏跺閲忓姞鍦ㄦ琛 + if id not in self.force_update_transfer: #浣嗘帓闄ゅ湪force_update_transfer鍐呯殑 + last = self.last_update_transfer.get(id, [0,0]) + self.last_update_transfer[id] = [last[0] + update_transfer[id][0], last[1] + update_transfer[id][1]] + self.last_get_transfer = curr_transfer + for id in self.force_update_transfer: + if id in self.last_update_transfer: + del self.last_update_transfer[id] + if id in self.last_get_transfer: + del self.last_get_transfer[id] + self.force_update_transfer = set() + + def del_server_out_of_bound_safe(self, last_rows, rows): + #鍋滄瓒呮祦閲忕殑鏈嶅姟 + #鍚姩娌¤秴娴侀噺鐨勬湇鍔 + try: + switchrule = importloader.load('switchrule') + except Exception as e: + logging.error('load switchrule.py fail') + cur_servers = {} + new_servers = {} + allow_users = {} + mu_servers = {} + config = shell.get_config(False) + for row in rows: + try: + allow = switchrule.isTurnOn(row) and row['enable'] == 1 and row['u'] + row['d'] < row['transfer_enable'] + except Exception as e: + allow = False + + port = row['port'] + passwd = common.to_bytes(row['passwd']) + if hasattr(passwd, 'encode'): + passwd = passwd.encode('utf-8') + cfg = {'password': passwd} + if 'id' in row: + self.port_uid_table[row['port']] = row['id'] + + read_config_keys = ['method', 'obfs', 'obfs_param', 'protocol', 'protocol_param', 'forbidden_ip', 'forbidden_port', 'speed_limit_per_con', 'speed_limit_per_user'] + for name in read_config_keys: + if name in row and row[name]: + cfg[name] = row[name] + + merge_config_keys = ['password'] + read_config_keys + for name in cfg.keys(): + if hasattr(cfg[name], 'encode'): + try: + cfg[name] = cfg[name].encode('utf-8') + except Exception as e: + logging.warning('encode cfg key "%s" fail, val "%s"' % (name, cfg[name])) + + if port not in cur_servers: + cur_servers[port] = passwd + else: + logging.error('more than one user use the same port [%s]' % (port,)) + continue + + if 'protocol' in cfg and 'protocol_param' in cfg and common.to_str(cfg['protocol']) in obfs.mu_protocol(): + if '#' in common.to_str(cfg['protocol_param']): + mu_servers[port] = passwd + allow = True + + if allow: + if port not in mu_servers: + allow_users[port] = cfg + + cfgchange = False + if port in ServerPool.get_instance().tcp_servers_pool: + relay = ServerPool.get_instance().tcp_servers_pool[port] + for name in merge_config_keys: + if name in cfg and not self.cmp(cfg[name], relay._config[name]): + cfgchange = True + break + if not cfgchange and port in ServerPool.get_instance().tcp_ipv6_servers_pool: + relay = ServerPool.get_instance().tcp_ipv6_servers_pool[port] + for name in merge_config_keys: + if (name in cfg) and ((name not in relay._config) or not self.cmp(cfg[name], relay._config[name])): + cfgchange = True + break + + if port in mu_servers: + if ServerPool.get_instance().server_is_run(port) > 0: + if cfgchange: + logging.info('db stop server at port [%s] reason: config changed: %s' % (port, cfg)) + ServerPool.get_instance().cb_del_server(port) + self.force_update_transfer.add(port) + new_servers[port] = (passwd, cfg) + else: + self.new_server(port, passwd, cfg) + else: + if ServerPool.get_instance().server_is_run(port) > 0: + if config['additional_ports_only'] or not allow: + logging.info('db stop server at port [%s]' % (port,)) + ServerPool.get_instance().cb_del_server(port) + self.force_update_transfer.add(port) + else: + if cfgchange: + logging.info('db stop server at port [%s] reason: config changed: %s' % (port, cfg)) + ServerPool.get_instance().cb_del_server(port) + self.force_update_transfer.add(port) + new_servers[port] = (passwd, cfg) + + elif not config['additional_ports_only'] and allow and port > 0 and port < 65536 and ServerPool.get_instance().server_run_status(port) is False: + self.new_server(port, passwd, cfg) + + for row in last_rows: + if row['port'] in cur_servers: + pass + else: + logging.info('db stop server at port [%s] reason: port not exist' % (row['port'])) + ServerPool.get_instance().cb_del_server(row['port']) + self.clear_cache(row['port']) + if row['port'] in self.port_uid_table: + del self.port_uid_table[row['port']] + + if len(new_servers) > 0: + from shadowsocks import eventloop + self.event.wait(eventloop.TIMEOUT_PRECISION + eventloop.TIMEOUT_PRECISION / 2) + for port in new_servers.keys(): + passwd, cfg = new_servers[port] + self.new_server(port, passwd, cfg) + + logging.debug('db allow users %s \nmu_servers %s' % (allow_users, mu_servers)) + for port in mu_servers: + ServerPool.get_instance().update_mu_users(port, allow_users) + + self.mu_ports = mu_servers + + def clear_cache(self, port): + if port in self.force_update_transfer: del self.force_update_transfer[port] + if port in self.last_get_transfer: del self.last_get_transfer[port] + if port in self.last_update_transfer: del self.last_update_transfer[port] + + def new_server(self, port, passwd, cfg): + protocol = cfg.get('protocol', ServerPool.get_instance().config.get('protocol', 'origin')) + method = cfg.get('method', ServerPool.get_instance().config.get('method', 'None')) + obfs = cfg.get('obfs', ServerPool.get_instance().config.get('obfs', 'plain')) + logging.info('db start server at port [%s] pass [%s] protocol [%s] method [%s] obfs [%s]' % (port, passwd, protocol, method, obfs)) + ServerPool.get_instance().new_server(port, cfg) + + def cmp(self, val1, val2): + if type(val1) is bytes: + val1 = common.to_str(val1) + if type(val2) is bytes: + val2 = common.to_str(val2) + return val1 == val2 + + @staticmethod + def del_servers(): + for port in [v for v in ServerPool.get_instance().tcp_servers_pool.keys()]: + if ServerPool.get_instance().server_is_run(port) > 0: + ServerPool.get_instance().cb_del_server(port) + for port in [v for v in ServerPool.get_instance().tcp_ipv6_servers_pool.keys()]: + if ServerPool.get_instance().server_is_run(port) > 0: + ServerPool.get_instance().cb_del_server(port) + + @staticmethod + def thread_db(obj): + import socket + import time + global db_instance + timeout = 60 + socket.setdefaulttimeout(timeout) + last_rows = [] + db_instance = obj() + ServerPool.get_instance() + shell.log_shadowsocks_version() + + try: + import resource + logging.info('current process RLIMIT_NOFILE resource: soft %d hard %d' % resource.getrlimit(resource.RLIMIT_NOFILE)) + except: + pass + + try: + while True: + load_config() + db_instance.load_cfg() + try: + db_instance.push_db_all_user() + rows = db_instance.pull_db_all_user() + if rows: + db_instance.pull_ok = True + config = shell.get_config(False) + for port in config['additional_ports']: + val = config['additional_ports'][port] + val['port'] = int(port) + val['enable'] = 1 + val['transfer_enable'] = 1024 ** 7 + val['u'] = 0 + val['d'] = 0 + if "password" in val: + val["passwd"] = val["password"] + rows.append(val) + db_instance.del_server_out_of_bound_safe(last_rows, rows) + last_rows = rows + except Exception as e: + trace = traceback.format_exc() + logging.error(trace) + #logging.warn('db thread except:%s' % e) + if db_instance.event.wait(get_config().UPDATE_TIME) or not ServerPool.get_instance().thread.is_alive(): + break + except KeyboardInterrupt as e: + pass + db_instance.del_servers() + ServerPool.get_instance().stop() + db_instance = None + + @staticmethod + def thread_db_stop(): + global db_instance + db_instance.event.set() + +class DbTransfer(TransferBase): + def __init__(self): + super(DbTransfer, self).__init__() + self.user_pass = {} #璁板綍鏇存柊姝ょ敤鎴锋祦閲忔椂琚烦杩囧灏戞 + self.cfg = { + "host": "127.0.0.1", + "port": 3306, + "user": "ss", + "password": "pass", + "db": "shadowsocks", + "node_id": 0, + "transfer_mul": 1.0, + "ssl_enable": 0, + "ssl_ca": "", + "ssl_cert": "", + "ssl_key": ""} + self.load_cfg() + + def load_cfg(self): + import json + config_path = get_config().MYSQL_CONFIG + cfg = None + with open(config_path, 'rb+') as f: + cfg = json.loads(f.read().decode('utf8')) + + if cfg: + self.cfg.update(cfg) + + def update_all_user(self, dt_transfer): + import cymysql + update_transfer = {} + + query_head = 'UPDATE user' + query_sub_when = '' + query_sub_when2 = '' + query_sub_in = None + last_time = time.time() + + for id in dt_transfer.keys(): + transfer = dt_transfer[id] + #灏忎簬鏈浣庢洿鏂版祦閲忕殑鍏堜笉鏇存柊 + update_trs = 1024 * (2048 - self.user_pass.get(id, 0) * 64) + if transfer[0] + transfer[1] < update_trs and id not in self.force_update_transfer: + self.user_pass[id] = self.user_pass.get(id, 0) + 1 + continue + if id in self.user_pass: + del self.user_pass[id] + + query_sub_when += ' WHEN %s THEN u+%s' % (id, int(transfer[0] * self.cfg["transfer_mul"])) + query_sub_when2 += ' WHEN %s THEN d+%s' % (id, int(transfer[1] * self.cfg["transfer_mul"])) + update_transfer[id] = transfer + + if query_sub_in is not None: + query_sub_in += ',%s' % id + else: + query_sub_in = '%s' % id + + if query_sub_when == '': + return update_transfer + query_sql = query_head + ' SET u = CASE port' + query_sub_when + \ + ' END, d = CASE port' + query_sub_when2 + \ + ' END, t = ' + str(int(last_time)) + \ + ' WHERE port IN (%s)' % query_sub_in + if self.cfg["ssl_enable"] == 1: + conn = cymysql.connect(host=self.cfg["host"], port=self.cfg["port"], + user=self.cfg["user"], passwd=self.cfg["password"], + db=self.cfg["db"], charset='utf8', + ssl={'ca':self.cfg["ssl_ca"],'cert':self.cfg["ssl_cert"],'key':self.cfg["ssl_key"]}) + else: + conn = cymysql.connect(host=self.cfg["host"], port=self.cfg["port"], + user=self.cfg["user"], passwd=self.cfg["password"], + db=self.cfg["db"], charset='utf8') + + try: + cur = conn.cursor() + try: + cur.execute(query_sql) + except Exception as e: + logging.error(e) + update_transfer = {} + + cur.close() + conn.commit() + except Exception as e: + logging.error(e) + update_transfer = {} + finally: + conn.close() + + return update_transfer + + def pull_db_all_user(self): + import cymysql + #鏁版嵁搴撴墍鏈夌敤鎴蜂俊鎭 + if self.cfg["ssl_enable"] == 1: + conn = cymysql.connect(host=self.cfg["host"], port=self.cfg["port"], + user=self.cfg["user"], passwd=self.cfg["password"], + db=self.cfg["db"], charset='utf8', + ssl={'ca':self.cfg["ssl_ca"],'cert':self.cfg["ssl_cert"],'key':self.cfg["ssl_key"]}) + else: + conn = cymysql.connect(host=self.cfg["host"], port=self.cfg["port"], + user=self.cfg["user"], passwd=self.cfg["password"], + db=self.cfg["db"], charset='utf8') + + try: + rows = self.pull_db_users(conn) + finally: + conn.close() + + if not rows: + logging.warn('no user in db') + return rows + + def pull_db_users(self, conn): + try: + switchrule = importloader.load('switchrule') + keys = switchrule.getKeys(self.key_list) + except Exception as e: + keys = self.key_list + + cur = conn.cursor() + cur.execute("SELECT " + ','.join(keys) + " FROM user") + rows = [] + for r in cur.fetchall(): + d = {} + for column in range(len(keys)): + d[keys[column]] = r[column] + rows.append(d) + cur.close() + return rows + +class Dbv3Transfer(DbTransfer): + def __init__(self): + super(Dbv3Transfer, self).__init__() + self.update_node_state = True if get_config().API_INTERFACE != 'legendsockssr' else False + if self.update_node_state: + self.key_list += ['id'] + self.key_list += ['method'] + if self.update_node_state: + self.ss_node_info_name = 'ss_node_info_log' + if get_config().API_INTERFACE == 'sspanelv3ssr': + self.key_list += ['obfs', 'protocol'] + if get_config().API_INTERFACE == 'glzjinmod': + self.key_list += ['obfs', 'protocol'] + self.ss_node_info_name = 'ss_node_info' + else: + self.key_list += ['obfs', 'protocol'] + self.start_time = time.time() + + def update_all_user(self, dt_transfer): + import cymysql + update_transfer = {} + + query_head = 'UPDATE user' + query_sub_when = '' + query_sub_when2 = '' + query_sub_in = None + last_time = time.time() + + alive_user_count = len(self.onlineuser_cache) + bandwidth_thistime = 0 + + if self.cfg["ssl_enable"] == 1: + conn = cymysql.connect(host=self.cfg["host"], port=self.cfg["port"], + user=self.cfg["user"], passwd=self.cfg["password"], + db=self.cfg["db"], charset='utf8', + ssl={'ca':self.cfg["ssl_ca"],'cert':self.cfg["ssl_cert"],'key':self.cfg["ssl_key"]}) + else: + conn = cymysql.connect(host=self.cfg["host"], port=self.cfg["port"], + user=self.cfg["user"], passwd=self.cfg["password"], + db=self.cfg["db"], charset='utf8') + conn.autocommit(True) + + for id in dt_transfer.keys(): + transfer = dt_transfer[id] + bandwidth_thistime = bandwidth_thistime + transfer[0] + transfer[1] + + update_trs = 1024 * (2048 - self.user_pass.get(id, 0) * 64) + if transfer[0] + transfer[1] < update_trs: + self.user_pass[id] = self.user_pass.get(id, 0) + 1 + continue + if id in self.user_pass: + del self.user_pass[id] + + query_sub_when += ' WHEN %s THEN u+%s' % (id, int(transfer[0] * self.cfg["transfer_mul"])) + query_sub_when2 += ' WHEN %s THEN d+%s' % (id, int(transfer[1] * self.cfg["transfer_mul"])) + update_transfer[id] = transfer + + if self.update_node_state: + cur = conn.cursor() + try: + if id in self.port_uid_table: + cur.execute("INSERT INTO `user_traffic_log` (`id`, `user_id`, `u`, `d`, `node_id`, `rate`, `traffic`, `log_time`) VALUES (NULL, '" + \ + str(self.port_uid_table[id]) + "', '" + str(transfer[0]) + "', '" + str(transfer[1]) + "', '" + \ + str(self.cfg["node_id"]) + "', '" + str(self.cfg["transfer_mul"]) + "', '" + \ + self.traffic_format((transfer[0] + transfer[1]) * self.cfg["transfer_mul"]) + "', unix_timestamp()); ") + except: + logging.warn('no `user_traffic_log` in db') + cur.close() + + if query_sub_in is not None: + query_sub_in += ',%s' % id + else: + query_sub_in = '%s' % id + + if query_sub_when != '': + query_sql = query_head + ' SET u = CASE port' + query_sub_when + \ + ' END, d = CASE port' + query_sub_when2 + \ + ' END, t = ' + str(int(last_time)) + \ + ' WHERE port IN (%s)' % query_sub_in + cur = conn.cursor() + try: + cur.execute(query_sql) + except Exception as e: + logging.error(e) + cur.close() + + if self.update_node_state: + try: + cur = conn.cursor() + try: + cur.execute("INSERT INTO `ss_node_online_log` (`id`, `node_id`, `online_user`, `log_time`) VALUES (NULL, '" + \ + str(self.cfg["node_id"]) + "', '" + str(alive_user_count) + "', unix_timestamp()); ") + except Exception as e: + logging.error(e) + cur.close() + + cur = conn.cursor() + try: + cur.execute("INSERT INTO `" + self.ss_node_info_name + "` (`id`, `node_id`, `uptime`, `load`, `log_time`) VALUES (NULL, '" + \ + str(self.cfg["node_id"]) + "', '" + str(self.uptime()) + "', '" + \ + str(self.load()) + "', unix_timestamp()); ") + except Exception as e: + logging.error(e) + cur.close() + except: + logging.warn('no `ss_node_online_log` or `" + self.ss_node_info_name + "` in db') + + conn.close() + return update_transfer + + def pull_db_users(self, conn): + try: + switchrule = importloader.load('switchrule') + keys = switchrule.getKeys(self.key_list) + except Exception as e: + keys = self.key_list + + cur = conn.cursor() + + if self.update_node_state: + node_info_keys = ['traffic_rate'] + try: + cur.execute("SELECT " + ','.join(node_info_keys) +" FROM ss_node where `id`='" + str(self.cfg["node_id"]) + "'") + nodeinfo = cur.fetchone() + except Exception as e: + logging.error(e) + nodeinfo = None + + if nodeinfo == None: + rows = [] + cur.close() + conn.commit() + logging.warn('None result when select node info from ss_node in db, maybe you set the incorrect node id') + return rows + cur.close() + + node_info_dict = {} + for column in range(len(nodeinfo)): + node_info_dict[node_info_keys[column]] = nodeinfo[column] + self.cfg['transfer_mul'] = float(node_info_dict['traffic_rate']) + + cur = conn.cursor() + try: + rows = [] + cur.execute("SELECT " + ','.join(keys) + " FROM user") + for r in cur.fetchall(): + d = {} + for column in range(len(keys)): + d[keys[column]] = r[column] + rows.append(d) + except Exception as e: + logging.error(e) + cur.close() + return rows + + def load(self): + import os + return os.popen("cat /proc/loadavg | awk '{ print $1\" \"$2\" \"$3 }'").readlines()[0] + + def uptime(self): + return time.time() - self.start_time + + def traffic_format(self, traffic): + if traffic < 1024 * 8: + return str(int(traffic)) + "B"; + + if traffic < 1024 * 1024 * 2: + return str(round((traffic / 1024.0), 2)) + "KB"; + + return str(round((traffic / 1048576.0), 2)) + "MB"; + +class MuJsonTransfer(TransferBase): + def __init__(self): + super(MuJsonTransfer, self).__init__() + + def update_all_user(self, dt_transfer): + import json + rows = None + + config_path = get_config().MUDB_FILE + with open(config_path, 'rb+') as f: + rows = json.loads(f.read().decode('utf8')) + for row in rows: + if "port" in row: + port = row["port"] + if port in dt_transfer: + row["u"] += dt_transfer[port][0] + row["d"] += dt_transfer[port][1] + + if rows: + output = json.dumps(rows, sort_keys=True, indent=4, separators=(',', ': ')) + with open(config_path, 'r+') as f: + f.write(output) + f.truncate() + + return dt_transfer + + def pull_db_all_user(self): + import json + rows = None + + config_path = get_config().MUDB_FILE + with open(config_path, 'rb+') as f: + rows = json.loads(f.read().decode('utf8')) + for row in rows: + try: + if 'forbidden_ip' in row: + row['forbidden_ip'] = common.IPNetwork(row['forbidden_ip']) + except Exception as e: + logging.error(e) + try: + if 'forbidden_port' in row: + row['forbidden_port'] = common.PortRange(row['forbidden_port']) + except Exception as e: + logging.error(e) + + if not rows: + logging.warn('no user in json file') + return rows + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/changelog b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/changelog new file mode 100644 index 000000000..4e7ad163f --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/changelog @@ -0,0 +1,5 @@ +shadowsocks (2.1.0-1) unstable; urgency=low + + * Initial release (Closes: #758900) + + -- Shell.Xu Sat, 23 Aug 2014 00:56:04 +0800 diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/compat b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/compat new file mode 100644 index 000000000..45a4fb75d --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/compat @@ -0,0 +1 @@ +8 diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/config.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/config.json new file mode 100644 index 000000000..35cb14a6c --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/config.json @@ -0,0 +1,11 @@ +{ + "server":"my_server_ip", + "server_port":8388, + "local_address": "127.0.0.1", + "local_port":1080, + "password":"mypassword", + "timeout":300, + "method":"aes-256-cfb", + "fast_open": false, + "workers": 1 +} \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/control b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/control new file mode 100644 index 000000000..da0092004 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/control @@ -0,0 +1,19 @@ +Source: shadowsocks +Section: python +Priority: extra +Maintainer: Shell.Xu +Build-Depends: debhelper (>= 8), python-all (>= 2.6.6-3~), python-setuptools +Standards-Version: 3.9.5 +Homepage: https://github.com/clowwindy/shadowsocks +Vcs-Git: git://github.com/shell909090/shadowsocks.git +Vcs-Browser: http://github.com/shell909090/shadowsocks + +Package: shadowsocks +Architecture: all +Pre-Depends: dpkg (>= 1.15.6~) +Depends: ${misc:Depends}, ${python:Depends}, python-pkg-resources, python-m2crypto +Description: Fast tunnel proxy that helps you bypass firewalls + A secure socks5 proxy, designed to protect your Internet traffic. + . + This package contain local and server part of shadowsocks, a fast, + powerful tunnel proxy to bypass firewalls. \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/copyright b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/copyright new file mode 100644 index 000000000..7be81625e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/copyright @@ -0,0 +1,30 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: shadowsocks +Source: https://github.com/clowwindy/shadowsocks + +Files: debian/* +Copyright: 2014 Shell.Xu +License: Expat + +Files: * +Copyright: 2014 clowwindy +License: Expat + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/docs b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/docs new file mode 100644 index 000000000..0208fc1fe --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/docs @@ -0,0 +1,2 @@ +README.md +README.rst diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/init.d b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/init.d new file mode 100644 index 000000000..2f4f3521e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/init.d @@ -0,0 +1,149 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: shadowsocks +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Fast tunnel proxy that helps you bypass firewalls +# Description: A secure socks5 proxy, designed to protect your Internet traffic. +# This package contain local and server part of shadowsocks, a fast, +# powerful tunnel proxy to bypass firewalls. +### END INIT INFO + +# Author: Shell.Xu + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=shadowsocks # Introduce a short description here +NAME=shadowsocks # Introduce the short server's name here +DAEMON=/usr/bin/ssserver # Introduce the server's location here +DAEMON_ARGS="" # Arguments to run the daemon with +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +LOGFILE=/var/log/$NAME.log + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \ + --background --make-pidfile --chdir / --chuid $USERID --no-close --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \ + --background --make-pidfile --chdir / --chuid $USERID --no-close -- \ + $DAEMON_ARGS $DAEMON_OPTS >> $LOGFILE 2>&1 \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/install b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/install new file mode 100644 index 000000000..a61486462 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/install @@ -0,0 +1 @@ +debian/config.json etc/shadowsocks/ \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/rules b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/rules new file mode 100755 index 000000000..62e2bb6f6 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/rules @@ -0,0 +1,5 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +%: + dh $@ --with python2 --buildsystem=python_distutils diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/shadowsocks.default b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/shadowsocks.default new file mode 100644 index 000000000..a52060279 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/shadowsocks.default @@ -0,0 +1,12 @@ +# Defaults for shadowsocks initscript +# sourced by /etc/init.d/shadowsocks +# installed at /etc/default/shadowsocks by the maintainer scripts + +USERID="nobody" + +# +# This is a POSIX shell fragment +# + +# Additional options that are passed to the Daemon. +DAEMON_OPTS="-q -c /etc/shadowsocks/config.json" diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/shadowsocks.manpages b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/shadowsocks.manpages new file mode 100644 index 000000000..3df8a3341 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/shadowsocks.manpages @@ -0,0 +1,2 @@ +debian/sslocal.1 +debian/ssserver.1 \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/source/format b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/source/format new file mode 100644 index 000000000..163aaf8d8 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/sslocal.1 b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/sslocal.1 new file mode 100644 index 000000000..0c2cf5165 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/sslocal.1 @@ -0,0 +1,59 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" (C) Copyright 2014 Shell.Xu , +.\" +.TH SHADOWSOCKS 1 "August 23, 2014" +.SH NAME +shadowsocks \- Fast tunnel proxy that helps you bypass firewalls +.SH SYNOPSIS +.B ssserver +.RI [ options ] +.br +.B sslocal +.RI [ options ] +.SH DESCRIPTION +shadowsocks is a tunnel proxy helps you bypass firewall. +.B ssserver +is the server part, and +.B sslocal +is the local part. +.SH OPTIONS +.TP +.B \-h, \-\-help +Show this help message and exit. +.TP +.B \-s SERVER_ADDR +Server address, default: 0.0.0.0. +.TP +.B \-p SERVER_PORT +Server port, default: 8388. +.TP +.B \-k PASSWORD +Password. +.TP +.B \-m METHOD +Encryption method, default: aes-256-cfb. +.TP +.B \-t TIMEOUT +Timeout in seconds, default: 300. +.TP +.B \-c CONFIG +Path to config file. +.TP +.B \-\-fast-open +Use TCP_FASTOPEN, requires Linux 3.7+. +.TP +.B \-\-workers WORKERS +Number of workers, available on Unix/Linux. +.TP +.B \-v, \-vv +Verbose mode. +.TP +.B \-q, \-qq +Quiet mode, only show warnings/errors. +.SH SEE ALSO +.br +The programs are documented fully by +.IR "Shell Xu " +and +.IR "Clowwindy ", +available via the Info system. diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/ssserver.1 b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/ssserver.1 new file mode 100644 index 000000000..0c2cf5165 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/debian/ssserver.1 @@ -0,0 +1,59 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" (C) Copyright 2014 Shell.Xu , +.\" +.TH SHADOWSOCKS 1 "August 23, 2014" +.SH NAME +shadowsocks \- Fast tunnel proxy that helps you bypass firewalls +.SH SYNOPSIS +.B ssserver +.RI [ options ] +.br +.B sslocal +.RI [ options ] +.SH DESCRIPTION +shadowsocks is a tunnel proxy helps you bypass firewall. +.B ssserver +is the server part, and +.B sslocal +is the local part. +.SH OPTIONS +.TP +.B \-h, \-\-help +Show this help message and exit. +.TP +.B \-s SERVER_ADDR +Server address, default: 0.0.0.0. +.TP +.B \-p SERVER_PORT +Server port, default: 8388. +.TP +.B \-k PASSWORD +Password. +.TP +.B \-m METHOD +Encryption method, default: aes-256-cfb. +.TP +.B \-t TIMEOUT +Timeout in seconds, default: 300. +.TP +.B \-c CONFIG +Path to config file. +.TP +.B \-\-fast-open +Use TCP_FASTOPEN, requires Linux 3.7+. +.TP +.B \-\-workers WORKERS +Number of workers, available on Unix/Linux. +.TP +.B \-v, \-vv +Verbose mode. +.TP +.B \-q, \-qq +Quiet mode, only show warnings/errors. +.SH SEE ALSO +.br +The programs are documented fully by +.IR "Shell Xu " +and +.IR "Clowwindy ", +available via the Info system. diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/importloader.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/importloader.py new file mode 100644 index 000000000..c917cb7d9 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/importloader.py @@ -0,0 +1,24 @@ +锘#!/usr/bin/python +# -*- coding: UTF-8 -*- + +def load(name): + try: + obj = __import__(name) + reload(obj) + return obj + except: + pass + + try: + import importlib + obj = importlib.__import__(name) + importlib.reload(obj) + return obj + except: + pass + +def loads(namelist): + for name in namelist: + obj = load(name) + if obj is not None: + return obj diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initcfg.bat b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initcfg.bat new file mode 100644 index 000000000..6d0bce695 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initcfg.bat @@ -0,0 +1,4 @@ +@echo off +If Not Exist "userapiconfig.py" Copy "apiconfig.py" "userapiconfig.py" +If Not Exist "user-config.json" Copy "config.json" "user-config.json" +If Not Exist "usermysql.json" Copy "mysql.json" "usermysql.json" diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initcfg.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initcfg.sh new file mode 100755 index 000000000..862d1abed --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initcfg.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +chmod +x *.sh +chmod +x shadowsocks/*.sh +cp -n apiconfig.py userapiconfig.py +cp -n config.json user-config.json +cp -n mysql.json usermysql.json + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initmudbjson.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initmudbjson.sh new file mode 100755 index 000000000..09b07f332 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/initmudbjson.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +bash initcfg.sh +sed -i "s/API_INTERFACE = .\+\?\#/API_INTERFACE = \'mudbjson\' \#/g" userapiconfig.py +ip_addr=`ifconfig -a|grep inet|grep -v inet6|grep -v "127.0.0."|grep -v -e "192\.168\..[0-9]\+\.[0-9]\+"|grep -v -e "10\.[0-9]\+\.[0-9]\+\.[0-9]\+"|awk '{print $2}'|tr -d "addr:"` +ip_count=`echo $ip_addr|grep -e "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$" -c` + +if [[ $ip_count == 1 ]]; then + ip_addr=`ip a|grep inet|grep -v inet6|grep -v "127.0.0."|grep -v -e "192\.168\..[0-9]\+\.[0-9]\+"|grep -v -e "10\.[0-9]\+\.[0-9]\+\.[0-9]\+"|awk '{print $2}'` + ip_addr=${ip_addr%/*} + ip_count=`echo $ip_addr|grep -e "^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$" -c` +fi +if [[ $ip_count == 1 ]]; then + echo "server IP is "${ip_addr} + sed -i "s/SERVER_PUB_ADDR = .\+/SERVER_PUB_ADDR = \'"${ip_addr}"\'/g" userapiconfig.py + user_count=`python mujson_mgr.py -l|grep -c -e "[0-9]"` + if [[ $user_count == 0 ]]; then + port=`python -c 'import random;print(random.randint(10000, 65536))'` + python mujson_mgr.py -a -p ${port} + fi +else + echo "unable to detect server IP" +fi + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/logrun.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/logrun.sh new file mode 100755 index 000000000..94153fe9e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/logrun.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd `dirname $0` +python_ver=$(ls /usr/bin|grep -e "^python[23]\.[1-9]\+$"|tail -1) +eval $(ps -ef | grep "[0-9] ${python_ver} server\\.py m" | awk '{print "kill "$2}') +ulimit -n 512000 +nohup ${python_ver} server.py m>> ssserver.log 2>&1 & + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mudb.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mudb.json new file mode 100644 index 000000000..0d4f101c7 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mudb.json @@ -0,0 +1,2 @@ +[ +] diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mujson_mgr.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mujson_mgr.py new file mode 100644 index 000000000..2eb05d59d --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mujson_mgr.py @@ -0,0 +1,358 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- + +import traceback +from shadowsocks import shell, common +from configloader import load_config, get_config +import random +import getopt +import sys +import json +import base64 + + +class MuJsonLoader(object): + def __init__(self): + self.json = None + + def load(self, path): + l = "[]" + try: + with open(path, 'rb+') as f: + l = f.read().decode('utf8') + except: + pass + self.json = json.loads(l) + + def save(self, path): + if self.json is not None: + output = json.dumps(self.json, sort_keys=True, indent=4, separators=(',', ': ')) + with open(path, 'a'): + pass + with open(path, 'rb+') as f: + f.write(output.encode('utf8')) + f.truncate() + + +class MuMgr(object): + def __init__(self): + self.config_path = get_config().MUDB_FILE + try: + self.server_addr = get_config().SERVER_PUB_ADDR + except: + self.server_addr = '127.0.0.1' + self.data = MuJsonLoader() + + if self.server_addr == '127.0.0.1': + self.server_addr = self.getipaddr() + + def getipaddr(self, ifname='eth0'): + import socket + import struct + ret = '127.0.0.1' + try: + ret = socket.gethostbyname(socket.getfqdn(socket.gethostname())) + except: + pass + if ret == '127.0.0.1': + try: + import fcntl + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + ret = socket.inet_ntoa(fcntl.ioctl(s.fileno(), 0x8915, struct.pack('256s', ifname[:15]))[20:24]) + except: + pass + return ret + + def ssrlink(self, user, encode, muid): + protocol = user.get('protocol', '') + obfs = user.get('obfs', '') + protocol = protocol.replace("_compatible", "") + obfs = obfs.replace("_compatible", "") + protocol_param = '' + if muid is not None: + protocol_param_ = user.get('protocol_param', '') + param = protocol_param_.split('#') + if len(param) == 2: + for row in self.data.json: + if int(row['port']) == muid: + param = str(muid) + ':' + row['passwd'] + protocol_param = '/?protoparam=' + common.to_str(base64.urlsafe_b64encode(common.to_bytes(param))).replace("=", "") + break + link = ("%s:%s:%s:%s:%s:%s" % (self.server_addr, user['port'], protocol, user['method'], obfs, common.to_str(base64.urlsafe_b64encode(common.to_bytes(user['passwd']))).replace("=", ""))) + protocol_param + return "ssr://" + (encode and common.to_str(base64.urlsafe_b64encode(common.to_bytes(link))).replace("=", "") or link) + + def userinfo(self, user, muid = None): + ret = "" + key_list = ['user', 'port', 'method', 'passwd', 'protocol', 'protocol_param', 'obfs', 'obfs_param', 'transfer_enable', 'u', 'd'] + for key in sorted(user): + if key not in key_list: + key_list.append(key) + for key in key_list: + if key in ['enable'] or key not in user: + continue + ret += '\n' + if (muid is not None) and (key in ['protocol_param']): + for row in self.data.json: + if int(row['port']) == muid: + ret += " %s : %s" % (key, str(muid) + ':' + row['passwd']) + break + elif key in ['transfer_enable', 'u', 'd']: + if muid is not None: + for row in self.data.json: + if int(row['port']) == muid: + val = row[key] + break + else: + val = user[key] + if val / 1024 < 4: + ret += " %s : %s" % (key, val) + elif val / 1024 ** 2 < 4: + val /= float(1024) + ret += " %s : %s K Bytes" % (key, val) + elif val / 1024 ** 3 < 4: + val /= float(1024 ** 2) + ret += " %s : %s M Bytes" % (key, val) + else: + val /= float(1024 ** 3) + ret += " %s : %s G Bytes" % (key, val) + else: + ret += " %s : %s" % (key, user[key]) + ret += "\n " + self.ssrlink(user, False, muid) + ret += "\n " + self.ssrlink(user, True, muid) + return ret + + def rand_pass(self): + return ''.join([random.choice('''ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789~-_=+(){}[]^&%$@''') for i in range(8)]) + + def add(self, user): + up = {'enable': 1, 'u': 0, 'd': 0, 'method': "aes-128-ctr", + 'protocol': "auth_aes128_md5", + 'obfs': "tls1.2_ticket_auth_compatible", + 'transfer_enable': 9007199254740992} + up['passwd'] = self.rand_pass() + up.update(user) + + self.data.load(self.config_path) + for row in self.data.json: + match = False + if 'user' in user and row['user'] == user['user']: + match = True + if 'port' in user and row['port'] == user['port']: + match = True + if match: + print("user [%s] port [%s] already exist" % (row['user'], row['port'])) + return + self.data.json.append(up) + print("### add user info %s" % self.userinfo(up)) + self.data.save(self.config_path) + + def edit(self, user): + self.data.load(self.config_path) + for row in self.data.json: + match = True + if 'user' in user and row['user'] != user['user']: + match = False + if 'port' in user and row['port'] != user['port']: + match = False + if match: + print("edit user [%s]" % (row['user'],)) + row.update(user) + print("### new user info %s" % self.userinfo(row)) + break + self.data.save(self.config_path) + + def delete(self, user): + self.data.load(self.config_path) + index = 0 + for row in self.data.json: + match = True + if 'user' in user and row['user'] != user['user']: + match = False + if 'port' in user and row['port'] != user['port']: + match = False + if match: + print("delete user [%s]" % row['user']) + del self.data.json[index] + break + index += 1 + self.data.save(self.config_path) + + def clear_ud(self, user): + up = {'u': 0, 'd': 0} + self.data.load(self.config_path) + for row in self.data.json: + match = True + if 'user' in user and row['user'] != user['user']: + match = False + if 'port' in user and row['port'] != user['port']: + match = False + if match: + row.update(up) + print("clear user [%s]" % row['user']) + self.data.save(self.config_path) + + def list_user(self, user): + self.data.load(self.config_path) + if not user: + for row in self.data.json: + print("user [%s] port %s" % (row['user'], row['port'])) + return + for row in self.data.json: + match = True + if 'user' in user and row['user'] != user['user']: + match = False + if 'port' in user and row['port'] != user['port']: + match = False + if match: + muid = None + if 'muid' in user: + muid = user['muid'] + print("### user [%s] info %s" % (row['user'], self.userinfo(row, muid))) + + +def print_server_help(): + print('''usage: python mujson_manage.py -a|-d|-e|-c|-l [OPTION]... + +Actions: + -a add/edit a user + -d delete a user + -e edit a user + -c set u&d to zero + -l display a user infomation or all users infomation + +Options: + -u USER the user name + -p PORT server port (only this option must be set if add a user) + -k PASSWORD password + -m METHOD encryption method, default: aes-128-ctr + -O PROTOCOL protocol plugin, default: auth_aes128_md5 + -o OBFS obfs plugin, default: tls1.2_ticket_auth_compatible + -G PROTOCOL_PARAM protocol plugin param + -g OBFS_PARAM obfs plugin param + -t TRANSFER max transfer for G bytes, default: 8388608 (8 PB or 8192 TB) + -f FORBID set forbidden ports. Example (ban 1~79 and 81~100): -f "1-79,81-100" + -i MUID set sub id to display (only work with -l) + -s SPEED set speed_limit_per_con + -S SPEED set speed_limit_per_user + +General options: + -h, --help show this help message and exit +''') + + +def main(): + shortopts = 'adeclu:i:p:k:O:o:G:g:m:t:f:hs:S:' + longopts = ['help'] + action = None + user = {} + fast_set_obfs = {'0': 'plain', + '+1': 'http_simple_compatible', + '1': 'http_simple', + '+2': 'tls1.2_ticket_auth_compatible', + '2': 'tls1.2_ticket_auth'} + fast_set_protocol = {'0': 'origin', + 's4': 'auth_sha1_v4', + '+s4': 'auth_sha1_v4_compatible', + 'am': 'auth_aes128_md5', + 'as': 'auth_aes128_sha1', + 'ca': 'auth_chain_a', + } + fast_set_method = {'0': 'none', + 'a1c': 'aes-128-cfb', + 'a2c': 'aes-192-cfb', + 'a3c': 'aes-256-cfb', + 'r': 'rc4-md5', + 'r6': 'rc4-md5-6', + 'c': 'chacha20', + 'ci': 'chacha20-ietf', + 's': 'salsa20', + 'a1': 'aes-128-ctr', + 'a2': 'aes-192-ctr', + 'a3': 'aes-256-ctr'} + try: + optlist, args = getopt.getopt(sys.argv[1:], shortopts, longopts) + for key, value in optlist: + if key == '-a': + action = 1 + elif key == '-d': + action = 2 + elif key == '-e': + action = 3 + elif key == '-l': + action = 4 + elif key == '-c': + action = 0 + elif key == '-u': + user['user'] = value + elif key == '-i': + user['muid'] = int(value) + elif key == '-p': + user['port'] = int(value) + elif key == '-k': + user['passwd'] = value + elif key == '-o': + if value in fast_set_obfs: + user['obfs'] = fast_set_obfs[value] + else: + user['obfs'] = value + elif key == '-O': + if value in fast_set_protocol: + user['protocol'] = fast_set_protocol[value] + else: + user['protocol'] = value + elif key == '-g': + user['obfs_param'] = value + elif key == '-G': + user['protocol_param'] = value + elif key == '-s': + user['speed_limit_per_con'] = int(value) + elif key == '-S': + user['speed_limit_per_user'] = int(value) + elif key == '-m': + if value in fast_set_method: + user['method'] = fast_set_method[value] + else: + user['method'] = value + elif key == '-f': + user['forbidden_port'] = value + elif key == '-t': + val = float(value) + try: + val = int(value) + except: + pass + user['transfer_enable'] = int(val * 1024) * (1024 ** 2) + elif key in ('-h', '--help'): + print_server_help() + sys.exit(0) + except getopt.GetoptError as e: + print(e) + sys.exit(2) + + manage = MuMgr() + if action == 0: + manage.clear_ud(user) + elif action == 1: + if 'user' not in user and 'port' in user: + user['user'] = str(user['port']) + if 'user' in user and 'port' in user: + manage.add(user) + else: + print("You have to set the port with -p") + elif action == 2: + if 'user' in user or 'port' in user: + manage.delete(user) + else: + print("You have to set the user name or port with -u/-p") + elif action == 3: + if 'user' in user or 'port' in user: + manage.edit(user) + else: + print("You have to set the user name or port with -u/-p") + elif action == 4: + manage.list_user(user) + elif action is None: + print_server_help() + +if __name__ == '__main__': + main() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mysql.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mysql.json new file mode 100644 index 000000000..1849e9e81 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/mysql.json @@ -0,0 +1,13 @@ +{ + "host": "127.0.0.1", + "port": 3306, + "user": "ss", + "password": "pass", + "db": "sspanel", + "node_id": 0, + "transfer_mul": 1.0, + "ssl_enable": 0, + "ssl_ca": "", + "ssl_cert": "", + "ssl_key": "" +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/run.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/run.sh new file mode 100755 index 000000000..0de8d204c --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/run.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd `dirname $0` +python_ver=$(ls /usr/bin|grep -e "^python[23]\.[1-9]\+$"|tail -1) +eval $(ps -ef | grep "[0-9] ${python_ver} server\\.py m" | awk '{print "kill "$2}') +ulimit -n 512000 +nohup ${python_ver} server.py m>> /dev/null 2>&1 & + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/server.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/server.py new file mode 100644 index 000000000..ba863b684 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/server.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 breakwall +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import time +import sys +import threading +import os + +if __name__ == '__main__': + import inspect + os.chdir(os.path.dirname(os.path.realpath(inspect.getfile(inspect.currentframe())))) + +import server_pool +import db_transfer +from shadowsocks import shell +from configloader import load_config, get_config + +class MainThread(threading.Thread): + def __init__(self, obj): + super(MainThread, self).__init__() + self.daemon = True + self.obj = obj + + def run(self): + self.obj.thread_db(self.obj) + + def stop(self): + self.obj.thread_db_stop() + +def main(): + shell.check_python() + if False: + db_transfer.DbTransfer.thread_db() + else: + if get_config().API_INTERFACE == 'mudbjson': + thread = MainThread(db_transfer.MuJsonTransfer) + elif get_config().API_INTERFACE == 'sspanelv2': + thread = MainThread(db_transfer.DbTransfer) + else: + thread = MainThread(db_transfer.Dbv3Transfer) + thread.start() + try: + while thread.is_alive(): + thread.join(10.0) + except (KeyboardInterrupt, IOError, OSError) as e: + import traceback + traceback.print_exc() + thread.stop() + +if __name__ == '__main__': + main() + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/server_pool.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/server_pool.py new file mode 100644 index 000000000..d159817a3 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/server_pool.py @@ -0,0 +1,293 @@ +锘#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2014 clowwindy +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +import os +import logging +import struct +import time +from shadowsocks import shell, eventloop, tcprelay, udprelay, asyncdns, common +import threading +import sys +import traceback +from socket import * +from configloader import load_config, get_config + +class MainThread(threading.Thread): + def __init__(self, params): + super(MainThread, self).__init__() + self.params = params + + def run(self): + ServerPool._loop(*self.params) + +class ServerPool(object): + + instance = None + + def __init__(self): + shell.check_python() + self.config = shell.get_config(False) + self.dns_resolver = asyncdns.DNSResolver() + if not self.config.get('dns_ipv6', False): + asyncdns.IPV6_CONNECTION_SUPPORT = False + + self.mgr = None #asyncmgr.ServerMgr() + + self.tcp_servers_pool = {} + self.tcp_ipv6_servers_pool = {} + self.udp_servers_pool = {} + self.udp_ipv6_servers_pool = {} + self.stat_counter = {} + + self.loop = eventloop.EventLoop() + self.thread = MainThread( (self.loop, self.dns_resolver, self.mgr) ) + self.thread.start() + + @staticmethod + def get_instance(): + if ServerPool.instance is None: + ServerPool.instance = ServerPool() + return ServerPool.instance + + def stop(self): + self.loop.stop() + + @staticmethod + def _loop(loop, dns_resolver, mgr): + try: + if mgr is not None: + mgr.add_to_loop(loop) + dns_resolver.add_to_loop(loop) + loop.run() + except (KeyboardInterrupt, IOError, OSError) as e: + logging.error(e) + traceback.print_exc() + os.exit(0) + except Exception as e: + logging.error(e) + traceback.print_exc() + + def server_is_run(self, port): + port = int(port) + ret = 0 + if port in self.tcp_servers_pool: + ret = 1 + if port in self.tcp_ipv6_servers_pool: + ret |= 2 + return ret + + def server_run_status(self, port): + if 'server' in self.config: + if port not in self.tcp_servers_pool: + return False + if 'server_ipv6' in self.config: + if port not in self.tcp_ipv6_servers_pool: + return False + return True + + def new_server(self, port, user_config): + ret = True + port = int(port) + ipv6_ok = False + + if 'server_ipv6' in self.config: + if port in self.tcp_ipv6_servers_pool: + logging.info("server already at %s:%d" % (self.config['server_ipv6'], port)) + return 'this port server is already running' + else: + a_config = self.config.copy() + a_config.update(user_config) + if len(a_config['server_ipv6']) > 2 and a_config['server_ipv6'][0] == "[" and a_config['server_ipv6'][-1] == "]": + a_config['server_ipv6'] = a_config['server_ipv6'][1:-1] + a_config['server'] = a_config['server_ipv6'] + a_config['server_port'] = port + a_config['max_connect'] = 128 + a_config['method'] = common.to_str(a_config['method']) + try: + logging.info("starting server at [%s]:%d" % (common.to_str(a_config['server']), port)) + + tcp_server = tcprelay.TCPRelay(a_config, self.dns_resolver, False, stat_counter=self.stat_counter) + tcp_server.add_to_loop(self.loop) + self.tcp_ipv6_servers_pool.update({port: tcp_server}) + + udp_server = udprelay.UDPRelay(a_config, self.dns_resolver, False, stat_counter=self.stat_counter) + udp_server.add_to_loop(self.loop) + self.udp_ipv6_servers_pool.update({port: udp_server}) + + if common.to_str(a_config['server_ipv6']) == "::": + ipv6_ok = True + except Exception as e: + logging.warn("IPV6 %s " % (e,)) + + if 'server' in self.config: + if port in self.tcp_servers_pool: + logging.info("server already at %s:%d" % (common.to_str(self.config['server']), port)) + return 'this port server is already running' + else: + a_config = self.config.copy() + a_config.update(user_config) + a_config['server_port'] = port + a_config['max_connect'] = 128 + a_config['method'] = common.to_str(a_config['method']) + try: + logging.info("starting server at %s:%d" % (common.to_str(a_config['server']), port)) + + tcp_server = tcprelay.TCPRelay(a_config, self.dns_resolver, False) + tcp_server.add_to_loop(self.loop) + self.tcp_servers_pool.update({port: tcp_server}) + + udp_server = udprelay.UDPRelay(a_config, self.dns_resolver, False) + udp_server.add_to_loop(self.loop) + self.udp_servers_pool.update({port: udp_server}) + + except Exception as e: + if not ipv6_ok: + logging.warn("IPV4 %s " % (e,)) + + return True + + def del_server(self, port): + port = int(port) + logging.info("del server at %d" % port) + try: + udpsock = socket(AF_INET, SOCK_DGRAM) + udpsock.sendto('%s:%s:0:0' % (get_config().MANAGE_PASS, port), (get_config().MANAGE_BIND_IP, get_config().MANAGE_PORT)) + udpsock.close() + except Exception as e: + logging.warn(e) + return True + + def cb_del_server(self, port): + port = int(port) + + if port not in self.tcp_servers_pool: + logging.info("stopped server at %s:%d already stop" % (self.config['server'], port)) + else: + logging.info("stopped server at %s:%d" % (self.config['server'], port)) + try: + self.tcp_servers_pool[port].close(True) + del self.tcp_servers_pool[port] + except Exception as e: + logging.warn(e) + try: + self.udp_servers_pool[port].close(True) + del self.udp_servers_pool[port] + except Exception as e: + logging.warn(e) + + if 'server_ipv6' in self.config: + if port not in self.tcp_ipv6_servers_pool: + logging.info("stopped server at [%s]:%d already stop" % (self.config['server_ipv6'], port)) + else: + logging.info("stopped server at [%s]:%d" % (self.config['server_ipv6'], port)) + try: + self.tcp_ipv6_servers_pool[port].close(True) + del self.tcp_ipv6_servers_pool[port] + except Exception as e: + logging.warn(e) + try: + self.udp_ipv6_servers_pool[port].close(True) + del self.udp_ipv6_servers_pool[port] + except Exception as e: + logging.warn(e) + + return True + + def update_mu_users(self, port, users): + port = int(port) + if port in self.tcp_servers_pool: + try: + self.tcp_servers_pool[port].update_users(users) + except Exception as e: + logging.warn(e) + try: + self.udp_servers_pool[port].update_users(users) + except Exception as e: + logging.warn(e) + if port in self.tcp_ipv6_servers_pool: + try: + self.tcp_ipv6_servers_pool[port].update_users(users) + except Exception as e: + logging.warn(e) + try: + self.udp_ipv6_servers_pool[port].update_users(users) + except Exception as e: + logging.warn(e) + + def get_server_transfer(self, port): + port = int(port) + uid = struct.pack(' 63: + return None + results.append(common.chr(l)) + results.append(label) + results.append(b'\0') + return b''.join(results) + + +def build_request(address, qtype): + request_id = os.urandom(2) + header = struct.pack('!BBHHHH', 1, 0, 1, 0, 0, 0) + addr = build_address(address) + qtype_qclass = struct.pack('!HH', qtype, QCLASS_IN) + return request_id + header + addr + qtype_qclass + + +def parse_ip(addrtype, data, length, offset): + if addrtype == QTYPE_A: + return socket.inet_ntop(socket.AF_INET, data[offset:offset + length]) + elif addrtype == QTYPE_AAAA: + return socket.inet_ntop(socket.AF_INET6, data[offset:offset + length]) + elif addrtype in [QTYPE_CNAME, QTYPE_NS]: + return parse_name(data, offset)[1] + else: + return data[offset:offset + length] + + +def parse_name(data, offset): + p = offset + labels = [] + l = common.ord(data[p]) + while l > 0: + if (l & (128 + 64)) == (128 + 64): + # pointer + pointer = struct.unpack('!H', data[p:p + 2])[0] + pointer &= 0x3FFF + r = parse_name(data, pointer) + labels.append(r[1]) + p += 2 + # pointer is the end + return p - offset, b'.'.join(labels) + else: + labels.append(data[p + 1:p + 1 + l]) + p += 1 + l + l = common.ord(data[p]) + return p - offset + 1, b'.'.join(labels) + + +# rfc1035 +# record +# 1 1 1 1 1 1 +# 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | | +# / / +# / NAME / +# | | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | TYPE | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | CLASS | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | TTL | +# | | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | RDLENGTH | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| +# / RDATA / +# / / +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +def parse_record(data, offset, question=False): + nlen, name = parse_name(data, offset) + if not question: + record_type, record_class, record_ttl, record_rdlength = struct.unpack( + '!HHiH', data[offset + nlen:offset + nlen + 10] + ) + ip = parse_ip(record_type, data, record_rdlength, offset + nlen + 10) + return nlen + 10 + record_rdlength, \ + (name, ip, record_type, record_class, record_ttl) + else: + record_type, record_class = struct.unpack( + '!HH', data[offset + nlen:offset + nlen + 4] + ) + return nlen + 4, (name, None, record_type, record_class, None, None) + + +def parse_header(data): + if len(data) >= 12: + header = struct.unpack('!HBBHHHH', data[:12]) + res_id = header[0] + res_qr = header[1] & 128 + res_tc = header[1] & 2 + res_ra = header[2] & 128 + res_rcode = header[2] & 15 + # assert res_tc == 0 + # assert res_rcode in [0, 3] + res_qdcount = header[3] + res_ancount = header[4] + res_nscount = header[5] + res_arcount = header[6] + return (res_id, res_qr, res_tc, res_ra, res_rcode, res_qdcount, + res_ancount, res_nscount, res_arcount) + return None + + +def parse_response(data): + try: + if len(data) >= 12: + header = parse_header(data) + if not header: + return None + res_id, res_qr, res_tc, res_ra, res_rcode, res_qdcount, \ + res_ancount, res_nscount, res_arcount = header + + qds = [] + ans = [] + offset = 12 + for i in range(0, res_qdcount): + l, r = parse_record(data, offset, True) + offset += l + if r: + qds.append(r) + for i in range(0, res_ancount): + l, r = parse_record(data, offset) + offset += l + if r: + ans.append(r) + for i in range(0, res_nscount): + l, r = parse_record(data, offset) + offset += l + for i in range(0, res_arcount): + l, r = parse_record(data, offset) + offset += l + response = DNSResponse() + if qds: + response.hostname = qds[0][0] + for an in qds: + response.questions.append((an[1], an[2], an[3])) + for an in ans: + response.answers.append((an[1], an[2], an[3])) + return response + except Exception as e: + shell.print_exception(e) + return None + + +def is_valid_hostname(hostname): + if len(hostname) > 255: + return False + if hostname[-1] == b'.': + hostname = hostname[:-1] + return all(VALID_HOSTNAME.match(x) for x in hostname.split(b'.')) + + +class DNSResponse(object): + def __init__(self): + self.hostname = None + self.questions = [] # each: (addr, type, class) + self.answers = [] # each: (addr, type, class) + + def __str__(self): + return '%s: %s' % (self.hostname, str(self.answers)) + + +STATUS_IPV4 = 0 +STATUS_IPV6 = 1 + + +class DNSResolver(object): + def __init__(self, black_hostname_list=None): + self._loop = None + self._hosts = {} + self._hostname_status = {} + self._hostname_to_cb = {} + self._cb_to_hostname = {} + self._cache = lru_cache.LRUCache(timeout=300) + # read black_hostname_list from config + if type(black_hostname_list) != list: + self._black_hostname_list = [] + else: + self._black_hostname_list = list(map( + (lambda t: t if type(t) == bytes else t.encode('utf8')), + black_hostname_list + )) + logging.info('black_hostname_list init as : ' + str(self._black_hostname_list)) + self._sock = None + self._servers = None + self._parse_resolv() + self._parse_hosts() + # TODO monitor hosts change and reload hosts + # TODO parse /etc/gai.conf and follow its rules + + def _parse_resolv(self): + self._servers = [] + try: + with open('dns.conf', 'rb') as f: + content = f.readlines() + for line in content: + line = line.strip() + if line: + parts = line.split(b' ', 1) + if len(parts) >= 2: + server = parts[0] + port = int(parts[1]) + else: + server = parts[0] + port = 53 + if common.is_ip(server) == socket.AF_INET: + if type(server) != str: + server = server.decode('utf8') + self._servers.append((server, port)) + except IOError: + pass + if not self._servers: + try: + with open('/etc/resolv.conf', 'rb') as f: + content = f.readlines() + for line in content: + line = line.strip() + if line: + if line.startswith(b'nameserver'): + parts = line.split() + if len(parts) >= 2: + server = parts[1] + if common.is_ip(server) == socket.AF_INET: + if type(server) != str: + server = server.decode('utf8') + self._servers.append((server, 53)) + except IOError: + pass + if not self._servers: + self._servers = [('8.8.4.4', 53), ('8.8.8.8', 53)] + logging.info('dns server: %s' % (self._servers,)) + + def _parse_hosts(self): + etc_path = '/etc/hosts' + if 'WINDIR' in os.environ: + etc_path = os.environ['WINDIR'] + '/system32/drivers/etc/hosts' + try: + with open(etc_path, 'rb') as f: + for line in f.readlines(): + line = line.strip() + if b"#" in line: + line = line[:line.find(b'#')] + parts = line.split() + if len(parts) >= 2: + ip = parts[0] + if common.is_ip(ip): + for i in range(1, len(parts)): + hostname = parts[i] + if hostname: + self._hosts[hostname] = ip + except IOError: + self._hosts['localhost'] = '127.0.0.1' + + def add_to_loop(self, loop): + if self._loop: + raise Exception('already add to loop') + self._loop = loop + # TODO when dns server is IPv6 + self._sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + self._sock.setblocking(False) + loop.add(self._sock, eventloop.POLL_IN, self) + loop.add_periodic(self.handle_periodic) + + def _call_callback(self, hostname, ip, error=None): + callbacks = self._hostname_to_cb.get(hostname, []) + for callback in callbacks: + if callback in self._cb_to_hostname: + del self._cb_to_hostname[callback] + if ip or error: + callback((hostname, ip), error) + else: + callback((hostname, None), + Exception('unable to parse hostname %s' % hostname)) + if hostname in self._hostname_to_cb: + del self._hostname_to_cb[hostname] + if hostname in self._hostname_status: + del self._hostname_status[hostname] + + def _handle_data(self, data): + response = parse_response(data) + if response and response.hostname: + hostname = response.hostname + ip = None + for answer in response.answers: + if answer[1] in (QTYPE_A, QTYPE_AAAA) and \ + answer[2] == QCLASS_IN: + ip = answer[0] + break + if IPV6_CONNECTION_SUPPORT: + if not ip and self._hostname_status.get(hostname, STATUS_IPV4) \ + == STATUS_IPV6: + self._hostname_status[hostname] = STATUS_IPV4 + self._send_req(hostname, QTYPE_A) + else: + if ip: + self._cache[hostname] = ip + self._call_callback(hostname, ip) + elif self._hostname_status.get(hostname, None) == STATUS_IPV4: + for question in response.questions: + if question[1] == QTYPE_A: + self._call_callback(hostname, None) + break + else: + if not ip and self._hostname_status.get(hostname, STATUS_IPV6) \ + == STATUS_IPV4: + self._hostname_status[hostname] = STATUS_IPV6 + self._send_req(hostname, QTYPE_AAAA) + else: + if ip: + self._cache[hostname] = ip + self._call_callback(hostname, ip) + elif self._hostname_status.get(hostname, None) == STATUS_IPV6: + for question in response.questions: + if question[1] == QTYPE_AAAA: + self._call_callback(hostname, None) + break + + def handle_event(self, sock, fd, event): + if sock != self._sock: + return + if event & eventloop.POLL_ERR: + logging.error('dns socket err') + self._loop.remove(self._sock) + self._sock.close() + # TODO when dns server is IPv6 + self._sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + self._sock.setblocking(False) + self._loop.add(self._sock, eventloop.POLL_IN, self) + else: + data, addr = sock.recvfrom(1024) + if addr not in self._servers: + logging.warn('received a packet other than our dns') + return + self._handle_data(data) + + def handle_periodic(self): + self._cache.sweep() + + def remove_callback(self, callback): + hostname = self._cb_to_hostname.get(callback) + if hostname: + del self._cb_to_hostname[callback] + arr = self._hostname_to_cb.get(hostname, None) + if arr: + arr.remove(callback) + if not arr: + del self._hostname_to_cb[hostname] + if hostname in self._hostname_status: + del self._hostname_status[hostname] + + def _send_req(self, hostname, qtype): + req = build_request(hostname, qtype) + for server in self._servers: + logging.debug('resolving %s with type %d using server %s', + hostname, qtype, server) + self._sock.sendto(req, server) + + def resolve(self, hostname, callback): + if type(hostname) != bytes: + hostname = hostname.encode('utf8') + if not hostname: + callback(None, Exception('empty hostname')) + elif common.is_ip(hostname): + callback((hostname, hostname), None) + elif hostname in self._hosts: + logging.debug('hit hosts: %s', hostname) + ip = self._hosts[hostname] + callback((hostname, ip), None) + elif hostname in self._cache: + logging.debug('hit cache: %s ==>> %s', hostname, self._cache[hostname]) + ip = self._cache[hostname] + callback((hostname, ip), None) + elif any(hostname.endswith(t) for t in self._black_hostname_list): + callback(None, Exception('hostname <%s> is block by the black hostname list' % hostname)) + return + else: + if not is_valid_hostname(hostname): + callback(None, Exception('invalid hostname: %s' % hostname)) + return + if False: + addrs = socket.getaddrinfo(hostname, 0, 0, + socket.SOCK_DGRAM, socket.SOL_UDP) + if addrs: + af, socktype, proto, canonname, sa = addrs[0] + logging.debug('DNS resolve %s %s' % (hostname, sa[0])) + self._cache[hostname] = sa[0] + callback((hostname, sa[0]), None) + return + arr = self._hostname_to_cb.get(hostname, None) + if not arr: + if IPV6_CONNECTION_SUPPORT: + self._hostname_status[hostname] = STATUS_IPV6 + self._send_req(hostname, QTYPE_AAAA) + else: + self._hostname_status[hostname] = STATUS_IPV4 + self._send_req(hostname, QTYPE_A) + self._hostname_to_cb[hostname] = [callback] + self._cb_to_hostname[callback] = hostname + else: + arr.append(callback) + # TODO send again only if waited too long + if IPV6_CONNECTION_SUPPORT: + self._send_req(hostname, QTYPE_AAAA) + else: + self._send_req(hostname, QTYPE_A) + + def close(self): + if self._sock: + if self._loop: + self._loop.remove_periodic(self.handle_periodic) + self._loop.remove(self._sock) + self._sock.close() + self._sock = None + + +def test(): + black_hostname_list = [ + 'baidu.com', + 'yahoo.com', + ] + dns_resolver = DNSResolver(black_hostname_list=black_hostname_list) + loop = eventloop.EventLoop() + dns_resolver.add_to_loop(loop) + + global counter + counter = 0 + + def make_callback(): + global counter + + def callback(result, error): + global counter + # TODO: what can we assert? + print(result, error) + counter += 1 + if counter == 12: + dns_resolver.close() + loop.stop() + + a_callback = callback + return a_callback + + assert (make_callback() != make_callback()) + + dns_resolver.resolve(b'google.com', make_callback()) + dns_resolver.resolve('google.com', make_callback()) + dns_resolver.resolve('baidu.com', make_callback()) + dns_resolver.resolve('map.baidu.com', make_callback()) + dns_resolver.resolve('yahoo.com', make_callback()) + dns_resolver.resolve('example.com', make_callback()) + dns_resolver.resolve('ipv6.google.com', make_callback()) + dns_resolver.resolve('www.facebook.com', make_callback()) + dns_resolver.resolve('ns2.google.com', make_callback()) + dns_resolver.resolve('invalid.@!#$%^&$@.hostname', make_callback()) + dns_resolver.resolve('toooooooooooooooooooooooooooooooooooooooooooooooooo' + 'ooooooooooooooooooooooooooooooooooooooooooooooooooo' + 'long.hostname', make_callback()) + dns_resolver.resolve('toooooooooooooooooooooooooooooooooooooooooooooooooo' + 'ooooooooooooooooooooooooooooooooooooooooooooooooooo' + 'ooooooooooooooooooooooooooooooooooooooooooooooooooo' + 'ooooooooooooooooooooooooooooooooooooooooooooooooooo' + 'ooooooooooooooooooooooooooooooooooooooooooooooooooo' + 'ooooooooooooooooooooooooooooooooooooooooooooooooooo' + 'long.hostname', make_callback()) + loop.run() + # test black_hostname_list + dns_resolver = DNSResolver(black_hostname_list=[]) + assert type(dns_resolver._black_hostname_list) == list + assert len(dns_resolver._black_hostname_list) == 0 + dns_resolver.close() + dns_resolver = DNSResolver(black_hostname_list=123) + assert type(dns_resolver._black_hostname_list) == list + assert len(dns_resolver._black_hostname_list) == 0 + dns_resolver.close() + dns_resolver = DNSResolver(black_hostname_list=None) + assert type(dns_resolver._black_hostname_list) == list + assert len(dns_resolver._black_hostname_list) == 0 + dns_resolver.close() + dns_resolver = DNSResolver() + assert type(dns_resolver._black_hostname_list) == list + assert dns_resolver._black_hostname_list.__len__() == 0 + dns_resolver.close() + + +if __name__ == '__main__': + test() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/common.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/common.py new file mode 100644 index 000000000..c4484c046 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/common.py @@ -0,0 +1,418 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2013-2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import socket +import struct +import logging +import binascii +import re + +from shadowsocks import lru_cache + +def compat_ord(s): + if type(s) == int: + return s + return _ord(s) + + +def compat_chr(d): + if bytes == str: + return _chr(d) + return bytes([d]) + + +_ord = ord +_chr = chr +ord = compat_ord +chr = compat_chr + +connect_log = logging.debug + +def to_bytes(s): + if bytes != str: + if type(s) == str: + return s.encode('utf-8') + return s + + +def to_str(s): + if bytes != str: + if type(s) == bytes: + return s.decode('utf-8') + return s + +def int32(x): + if x > 0xFFFFFFFF or x < 0: + x &= 0xFFFFFFFF + if x > 0x7FFFFFFF: + x = int(0x100000000 - x) + if x < 0x80000000: + return -x + else: + return -2147483648 + return x + +def inet_ntop(family, ipstr): + if family == socket.AF_INET: + return to_bytes(socket.inet_ntoa(ipstr)) + elif family == socket.AF_INET6: + import re + v6addr = ':'.join(('%02X%02X' % (ord(i), ord(j))).lstrip('0') + for i, j in zip(ipstr[::2], ipstr[1::2])) + v6addr = re.sub('::+', '::', v6addr, count=1) + return to_bytes(v6addr) + + +def inet_pton(family, addr): + addr = to_str(addr) + if family == socket.AF_INET: + return socket.inet_aton(addr) + elif family == socket.AF_INET6: + if '.' in addr: # a v4 addr + v4addr = addr[addr.rindex(':') + 1:] + v4addr = socket.inet_aton(v4addr) + v4addr = ['%02X' % ord(x) for x in v4addr] + v4addr.insert(2, ':') + newaddr = addr[:addr.rindex(':') + 1] + ''.join(v4addr) + return inet_pton(family, newaddr) + dbyts = [0] * 8 # 8 groups + grps = addr.split(':') + for i, v in enumerate(grps): + if v: + dbyts[i] = int(v, 16) + else: + for j, w in enumerate(grps[::-1]): + if w: + dbyts[7 - j] = int(w, 16) + else: + break + break + return b''.join((chr(i // 256) + chr(i % 256)) for i in dbyts) + else: + raise RuntimeError("What family?") + + +def is_ip(address): + for family in (socket.AF_INET, socket.AF_INET6): + try: + if type(address) != str: + address = address.decode('utf8') + inet_pton(family, address) + return family + except (TypeError, ValueError, OSError, IOError): + pass + return False + + +def match_regex(regex, text): + regex = re.compile(regex) + for item in regex.findall(text): + return True + return False + + +def patch_socket(): + if not hasattr(socket, 'inet_pton'): + socket.inet_pton = inet_pton + + if not hasattr(socket, 'inet_ntop'): + socket.inet_ntop = inet_ntop + + +patch_socket() + + +ADDRTYPE_IPV4 = 1 +ADDRTYPE_IPV6 = 4 +ADDRTYPE_HOST = 3 + + +def pack_addr(address): + address_str = to_str(address) + for family in (socket.AF_INET, socket.AF_INET6): + try: + r = socket.inet_pton(family, address_str) + if family == socket.AF_INET6: + return b'\x04' + r + else: + return b'\x01' + r + except (TypeError, ValueError, OSError, IOError): + pass + if len(address) > 255: + address = address[:255] # TODO + return b'\x03' + chr(len(address)) + address + +def pre_parse_header(data): + if not data: + return None + datatype = ord(data[0]) + if datatype == 0x80: + if len(data) <= 2: + return None + rand_data_size = ord(data[1]) + if rand_data_size + 2 >= len(data): + logging.warn('header too short, maybe wrong password or ' + 'encryption method') + return None + data = data[rand_data_size + 2:] + elif datatype == 0x81: + data = data[1:] + elif datatype == 0x82: + if len(data) <= 3: + return None + rand_data_size = struct.unpack('>H', data[1:3])[0] + if rand_data_size + 3 >= len(data): + logging.warn('header too short, maybe wrong password or ' + 'encryption method') + return None + data = data[rand_data_size + 3:] + elif datatype == 0x88 or (~datatype & 0xff) == 0x88: + if len(data) <= 7 + 7: + return None + data_size = struct.unpack('>H', data[1:3])[0] + ogn_data = data + data = data[:data_size] + crc = binascii.crc32(data) & 0xffffffff + if crc != 0xffffffff: + logging.warn('uncorrect CRC32, maybe wrong password or ' + 'encryption method') + return None + start_pos = 3 + ord(data[3]) + data = data[start_pos:-4] + if data_size < len(ogn_data): + data += ogn_data[data_size:] + return data + +def parse_header(data): + addrtype = ord(data[0]) + dest_addr = None + dest_port = None + header_length = 0 + connecttype = (addrtype & 0x8) and 1 or 0 + addrtype &= ~0x8 + if addrtype == ADDRTYPE_IPV4: + if len(data) >= 7: + dest_addr = socket.inet_ntoa(data[1:5]) + dest_port = struct.unpack('>H', data[5:7])[0] + header_length = 7 + else: + logging.warn('header is too short') + elif addrtype == ADDRTYPE_HOST: + if len(data) > 2: + addrlen = ord(data[1]) + if len(data) >= 4 + addrlen: + dest_addr = data[2:2 + addrlen] + dest_port = struct.unpack('>H', data[2 + addrlen:4 + + addrlen])[0] + header_length = 4 + addrlen + else: + logging.warn('header is too short') + else: + logging.warn('header is too short') + elif addrtype == ADDRTYPE_IPV6: + if len(data) >= 19: + dest_addr = socket.inet_ntop(socket.AF_INET6, data[1:17]) + dest_port = struct.unpack('>H', data[17:19])[0] + header_length = 19 + else: + logging.warn('header is too short') + else: + logging.warn('unsupported addrtype %d, maybe wrong password or ' + 'encryption method' % addrtype) + if dest_addr is None: + return None + return connecttype, addrtype, to_bytes(dest_addr), dest_port, header_length + + +class IPNetwork(object): + ADDRLENGTH = {socket.AF_INET: 32, socket.AF_INET6: 128, False: 0} + + def __init__(self, addrs): + self.addrs_str = addrs + self._network_list_v4 = [] + self._network_list_v6 = [] + if type(addrs) == str: + addrs = addrs.split(',') + list(map(self.add_network, addrs)) + + def add_network(self, addr): + if addr is "": + return + block = addr.split('/') + addr_family = is_ip(block[0]) + addr_len = IPNetwork.ADDRLENGTH[addr_family] + if addr_family is socket.AF_INET: + ip, = struct.unpack("!I", socket.inet_aton(block[0])) + elif addr_family is socket.AF_INET6: + hi, lo = struct.unpack("!QQ", inet_pton(addr_family, block[0])) + ip = (hi << 64) | lo + else: + raise Exception("Not a valid CIDR notation: %s" % addr) + if len(block) is 1: + prefix_size = 0 + while (ip & 1) == 0 and ip is not 0: + ip >>= 1 + prefix_size += 1 + logging.warn("You did't specify CIDR routing prefix size for %s, " + "implicit treated as %s/%d" % (addr, addr, addr_len)) + elif block[1].isdigit() and int(block[1]) <= addr_len: + prefix_size = addr_len - int(block[1]) + ip >>= prefix_size + else: + raise Exception("Not a valid CIDR notation: %s" % addr) + if addr_family is socket.AF_INET: + self._network_list_v4.append((ip, prefix_size)) + else: + self._network_list_v6.append((ip, prefix_size)) + + def __contains__(self, addr): + addr_family = is_ip(addr) + if addr_family is socket.AF_INET: + ip, = struct.unpack("!I", socket.inet_aton(addr)) + return any(map(lambda n_ps: n_ps[0] == ip >> n_ps[1], + self._network_list_v4)) + elif addr_family is socket.AF_INET6: + hi, lo = struct.unpack("!QQ", inet_pton(addr_family, addr)) + ip = (hi << 64) | lo + return any(map(lambda n_ps: n_ps[0] == ip >> n_ps[1], + self._network_list_v6)) + else: + return False + + def __cmp__(self, other): + return cmp(self.addrs_str, other.addrs_str) + + def __eq__(self, other): + return self.addrs_str == other.addrs_str + + def __ne__(self, other): + return self.addrs_str != other.addrs_str + +class PortRange(object): + def __init__(self, range_str): + self.range_str = to_str(range_str) + self.range = set() + range_str = to_str(range_str).split(',') + for item in range_str: + try: + int_range = item.split('-') + if len(int_range) == 1: + if item: + self.range.add(int(item)) + elif len(int_range) == 2: + int_range[0] = int(int_range[0]) + int_range[1] = int(int_range[1]) + if int_range[0] < 0: + int_range[0] = 0 + if int_range[1] > 65535: + int_range[1] = 65535 + i = int_range[0] + while i <= int_range[1]: + self.range.add(i) + i += 1 + except Exception as e: + logging.error(e) + + def __contains__(self, val): + return val in self.range + + def __cmp__(self, other): + return cmp(self.range_str, other.range_str) + + def __eq__(self, other): + return self.range_str == other.range_str + + def __ne__(self, other): + return self.range_str != other.range_str + +class UDPAsyncDNSHandler(object): + dns_cache = lru_cache.LRUCache(timeout=1800) + def __init__(self, params): + self.params = params + self.remote_addr = None + self.call_back = None + + def resolve(self, dns_resolver, remote_addr, call_back): + if remote_addr in UDPAsyncDNSHandler.dns_cache: + if call_back: + call_back("", remote_addr, UDPAsyncDNSHandler.dns_cache[remote_addr], self.params) + else: + self.call_back = call_back + self.remote_addr = remote_addr + dns_resolver.resolve(remote_addr[0], self._handle_dns_resolved) + UDPAsyncDNSHandler.dns_cache.sweep() + + def _handle_dns_resolved(self, result, error): + if error: + logging.error("%s when resolve DNS" % (error,)) #drop + return self.call_back(error, self.remote_addr, None, self.params) + if result: + ip = result[1] + if ip: + return self.call_back("", self.remote_addr, ip, self.params) + logging.warning("can't resolve %s" % (self.remote_addr,)) + return self.call_back("fail to resolve", self.remote_addr, None, self.params) + +def test_inet_conv(): + ipv4 = b'8.8.4.4' + b = inet_pton(socket.AF_INET, ipv4) + assert inet_ntop(socket.AF_INET, b) == ipv4 + ipv6 = b'2404:6800:4005:805::1011' + b = inet_pton(socket.AF_INET6, ipv6) + assert inet_ntop(socket.AF_INET6, b) == ipv6 + + +def test_parse_header(): + assert parse_header(b'\x03\x0ewww.google.com\x00\x50') == \ + (0, b'www.google.com', 80, 18) + assert parse_header(b'\x01\x08\x08\x08\x08\x00\x35') == \ + (0, b'8.8.8.8', 53, 7) + assert parse_header((b'\x04$\x04h\x00@\x05\x08\x05\x00\x00\x00\x00\x00' + b'\x00\x10\x11\x00\x50')) == \ + (0, b'2404:6800:4005:805::1011', 80, 19) + + +def test_pack_header(): + assert pack_addr(b'8.8.8.8') == b'\x01\x08\x08\x08\x08' + assert pack_addr(b'2404:6800:4005:805::1011') == \ + b'\x04$\x04h\x00@\x05\x08\x05\x00\x00\x00\x00\x00\x00\x10\x11' + assert pack_addr(b'www.google.com') == b'\x03\x0ewww.google.com' + + +def test_ip_network(): + ip_network = IPNetwork('127.0.0.0/24,::ff:1/112,::1,192.168.1.1,192.0.2.0') + assert '127.0.0.1' in ip_network + assert '127.0.1.1' not in ip_network + assert ':ff:ffff' in ip_network + assert '::ffff:1' not in ip_network + assert '::1' in ip_network + assert '::2' not in ip_network + assert '192.168.1.1' in ip_network + assert '192.168.1.2' not in ip_network + assert '192.0.2.1' in ip_network + assert '192.0.3.1' in ip_network # 192.0.2.0 is treated as 192.0.2.0/23 + assert 'www.google.com' not in ip_network + + +if __name__ == '__main__': + test_inet_conv() + test_parse_header() + test_pack_header() + test_ip_network() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/__init__.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/__init__.py new file mode 100644 index 000000000..401c7b726 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/__init__.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/ctypes_libsodium.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/ctypes_libsodium.py new file mode 100644 index 000000000..efecfd415 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/ctypes_libsodium.py @@ -0,0 +1,135 @@ +#!/usr/bin/env python + +# Copyright (c) 2014 clowwindy +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import logging +from ctypes import CDLL, c_char_p, c_int, c_ulonglong, byref, \ + create_string_buffer, c_void_p + +__all__ = ['ciphers'] + +libsodium = None +loaded = False + +buf_size = 2048 + +# for salsa20 and chacha20 +BLOCK_SIZE = 64 + + +def load_libsodium(): + global loaded, libsodium, buf + + from ctypes.util import find_library + for p in ('sodium',): + libsodium_path = find_library(p) + if libsodium_path: + break + else: + raise Exception('libsodium not found') + logging.info('loading libsodium from %s', libsodium_path) + libsodium = CDLL(libsodium_path) + libsodium.sodium_init.restype = c_int + libsodium.crypto_stream_salsa20_xor_ic.restype = c_int + libsodium.crypto_stream_salsa20_xor_ic.argtypes = (c_void_p, c_char_p, + c_ulonglong, + c_char_p, c_ulonglong, + c_char_p) + libsodium.crypto_stream_chacha20_xor_ic.restype = c_int + libsodium.crypto_stream_chacha20_xor_ic.argtypes = (c_void_p, c_char_p, + c_ulonglong, + c_char_p, c_ulonglong, + c_char_p) + + libsodium.sodium_init() + + buf = create_string_buffer(buf_size) + loaded = True + + +class Salsa20Crypto(object): + def __init__(self, cipher_name, key, iv, op): + if not loaded: + load_libsodium() + self.key = key + self.iv = iv + self.key_ptr = c_char_p(key) + self.iv_ptr = c_char_p(iv) + if cipher_name == b'salsa20': + self.cipher = libsodium.crypto_stream_salsa20_xor_ic + elif cipher_name == b'chacha20': + self.cipher = libsodium.crypto_stream_chacha20_xor_ic + else: + raise Exception('Unknown cipher') + # byte counter, not block counter + self.counter = 0 + + def update(self, data): + global buf_size, buf + l = len(data) + + # we can only prepend some padding to make the encryption align to + # blocks + padding = self.counter % BLOCK_SIZE + if buf_size < padding + l: + buf_size = (padding + l) * 2 + buf = create_string_buffer(buf_size) + + if padding: + data = (b'\0' * padding) + data + self.cipher(byref(buf), c_char_p(data), padding + l, + self.iv_ptr, int(self.counter / BLOCK_SIZE), self.key_ptr) + self.counter += l + # buf is copied to a str object when we access buf.raw + # strip off the padding + return buf.raw[padding:padding + l] + + +ciphers = { + b'salsa20': (32, 8, Salsa20Crypto), + b'chacha20': (32, 8, Salsa20Crypto), +} + + +def test_salsa20(): + from shadowsocks.crypto import util + + cipher = Salsa20Crypto(b'salsa20', b'k' * 32, b'i' * 16, 1) + decipher = Salsa20Crypto(b'salsa20', b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +def test_chacha20(): + from shadowsocks.crypto import util + + cipher = Salsa20Crypto(b'chacha20', b'k' * 32, b'i' * 16, 1) + decipher = Salsa20Crypto(b'chacha20', b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +if __name__ == '__main__': + test_chacha20() + test_salsa20() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/ctypes_openssl.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/ctypes_openssl.py new file mode 100644 index 000000000..0ef8ce0f8 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/ctypes_openssl.py @@ -0,0 +1,188 @@ +#!/usr/bin/env python + +# Copyright (c) 2014 clowwindy +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import logging +from ctypes import CDLL, c_char_p, c_int, c_long, byref,\ + create_string_buffer, c_void_p + +__all__ = ['ciphers'] + +libcrypto = None +loaded = False + +buf_size = 2048 + + +def load_openssl(): + global loaded, libcrypto, buf + + from ctypes.util import find_library + for p in ('crypto', 'eay32', 'libeay32'): + libcrypto_path = find_library(p) + if libcrypto_path: + break + else: + raise Exception('libcrypto(OpenSSL) not found') + logging.info('loading libcrypto from %s', libcrypto_path) + libcrypto = CDLL(libcrypto_path) + libcrypto.EVP_get_cipherbyname.restype = c_void_p + libcrypto.EVP_CIPHER_CTX_new.restype = c_void_p + + libcrypto.EVP_CipherInit_ex.argtypes = (c_void_p, c_void_p, c_char_p, + c_char_p, c_char_p, c_int) + + libcrypto.EVP_CipherUpdate.argtypes = (c_void_p, c_void_p, c_void_p, + c_char_p, c_int) + + libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) + libcrypto.EVP_CIPHER_CTX_free.argtypes = (c_void_p,) + if hasattr(libcrypto, 'OpenSSL_add_all_ciphers'): + libcrypto.OpenSSL_add_all_ciphers() + + buf = create_string_buffer(buf_size) + loaded = True + + +def load_cipher(cipher_name): + func_name = b'EVP_' + cipher_name.replace(b'-', b'_') + if bytes != str: + func_name = str(func_name, 'utf-8') + cipher = getattr(libcrypto, func_name, None) + if cipher: + cipher.restype = c_void_p + return cipher() + return None + + +class CtypesCrypto(object): + def __init__(self, cipher_name, key, iv, op): + if not loaded: + load_openssl() + self._ctx = None + cipher = libcrypto.EVP_get_cipherbyname(cipher_name) + if not cipher: + cipher = load_cipher(cipher_name) + if not cipher: + raise Exception('cipher %s not found in libcrypto' % cipher_name) + key_ptr = c_char_p(key) + iv_ptr = c_char_p(iv) + self._ctx = libcrypto.EVP_CIPHER_CTX_new() + if not self._ctx: + raise Exception('can not create cipher context') + r = libcrypto.EVP_CipherInit_ex(self._ctx, cipher, None, + key_ptr, iv_ptr, c_int(op)) + if not r: + self.clean() + raise Exception('can not initialize cipher context') + + def update(self, data): + global buf_size, buf + cipher_out_len = c_long(0) + l = len(data) + if buf_size < l: + buf_size = l * 2 + buf = create_string_buffer(buf_size) + libcrypto.EVP_CipherUpdate(self._ctx, byref(buf), + byref(cipher_out_len), c_char_p(data), l) + # buf is copied to a str object when we access buf.raw + return buf.raw[:cipher_out_len.value] + + def __del__(self): + self.clean() + + def clean(self): + if self._ctx: + libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx) + libcrypto.EVP_CIPHER_CTX_free(self._ctx) + + +ciphers = { + b'aes-128-cfb': (16, 16, CtypesCrypto), + b'aes-192-cfb': (24, 16, CtypesCrypto), + b'aes-256-cfb': (32, 16, CtypesCrypto), + b'aes-128-ofb': (16, 16, CtypesCrypto), + b'aes-192-ofb': (24, 16, CtypesCrypto), + b'aes-256-ofb': (32, 16, CtypesCrypto), + b'aes-128-ctr': (16, 16, CtypesCrypto), + b'aes-192-ctr': (24, 16, CtypesCrypto), + b'aes-256-ctr': (32, 16, CtypesCrypto), + b'aes-128-cfb8': (16, 16, CtypesCrypto), + b'aes-192-cfb8': (24, 16, CtypesCrypto), + b'aes-256-cfb8': (32, 16, CtypesCrypto), + b'aes-128-cfb1': (16, 16, CtypesCrypto), + b'aes-192-cfb1': (24, 16, CtypesCrypto), + b'aes-256-cfb1': (32, 16, CtypesCrypto), + b'bf-cfb': (16, 8, CtypesCrypto), + b'camellia-128-cfb': (16, 16, CtypesCrypto), + b'camellia-192-cfb': (24, 16, CtypesCrypto), + b'camellia-256-cfb': (32, 16, CtypesCrypto), + b'cast5-cfb': (16, 8, CtypesCrypto), + b'des-cfb': (8, 8, CtypesCrypto), + b'idea-cfb': (16, 8, CtypesCrypto), + b'rc2-cfb': (16, 8, CtypesCrypto), + b'rc4': (16, 0, CtypesCrypto), + b'seed-cfb': (16, 16, CtypesCrypto), +} + + +def run_method(method): + from shadowsocks.crypto import util + + cipher = CtypesCrypto(method, b'k' * 32, b'i' * 16, 1) + decipher = CtypesCrypto(method, b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +def test_aes_128_cfb(): + run_method(b'aes-128-cfb') + + +def test_aes_256_cfb(): + run_method(b'aes-256-cfb') + + +def test_aes_128_cfb8(): + run_method(b'aes-128-cfb8') + + +def test_aes_256_ofb(): + run_method(b'aes-256-ofb') + + +def test_aes_256_ctr(): + run_method(b'aes-256-ctr') + + +def test_bf_cfb(): + run_method(b'bf-cfb') + + +def test_rc4(): + run_method(b'rc4') + + +if __name__ == '__main__': + test_aes_128_cfb() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/openssl.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/openssl.py new file mode 100644 index 000000000..0a8ca53fb --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/openssl.py @@ -0,0 +1,199 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +from ctypes import c_char_p, c_int, c_long, byref,\ + create_string_buffer, c_void_p + +from shadowsocks import common +from shadowsocks.crypto import util + +__all__ = ['ciphers'] + +libcrypto = None +loaded = False + +buf_size = 2048 + + +def load_openssl(): + global loaded, libcrypto, buf + + libcrypto = util.find_library(('crypto', 'eay32'), + 'EVP_get_cipherbyname', + 'libcrypto') + if libcrypto is None: + raise Exception('libcrypto(OpenSSL) not found') + + libcrypto.EVP_get_cipherbyname.restype = c_void_p + libcrypto.EVP_CIPHER_CTX_new.restype = c_void_p + + libcrypto.EVP_CipherInit_ex.argtypes = (c_void_p, c_void_p, c_char_p, + c_char_p, c_char_p, c_int) + + libcrypto.EVP_CipherUpdate.argtypes = (c_void_p, c_void_p, c_void_p, + c_char_p, c_int) + + if hasattr(libcrypto, "EVP_CIPHER_CTX_cleanup"): + libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) + else: + libcrypto.EVP_CIPHER_CTX_reset.argtypes = (c_void_p,) + libcrypto.EVP_CIPHER_CTX_free.argtypes = (c_void_p,) + + libcrypto.RAND_bytes.restype = c_int + libcrypto.RAND_bytes.argtypes = (c_void_p, c_int) + + if hasattr(libcrypto, 'OpenSSL_add_all_ciphers'): + libcrypto.OpenSSL_add_all_ciphers() + + buf = create_string_buffer(buf_size) + loaded = True + + +def load_cipher(cipher_name): + func_name = 'EVP_' + cipher_name.replace('-', '_') + cipher = getattr(libcrypto, func_name, None) + if cipher: + cipher.restype = c_void_p + return cipher() + return None + +def rand_bytes(length): + if not loaded: + load_openssl() + buf = create_string_buffer(length) + r = libcrypto.RAND_bytes(buf, length) + if r <= 0: + raise Exception('RAND_bytes return error') + return buf.raw + +class OpenSSLCrypto(object): + def __init__(self, cipher_name, key, iv, op): + self._ctx = None + if not loaded: + load_openssl() + cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(cipher_name)) + if not cipher: + cipher = load_cipher(cipher_name) + if not cipher: + raise Exception('cipher %s not found in libcrypto' % cipher_name) + key_ptr = c_char_p(key) + iv_ptr = c_char_p(iv) + self._ctx = libcrypto.EVP_CIPHER_CTX_new() + if not self._ctx: + raise Exception('can not create cipher context') + r = libcrypto.EVP_CipherInit_ex(self._ctx, cipher, None, + key_ptr, iv_ptr, c_int(op)) + if not r: + self.clean() + raise Exception('can not initialize cipher context') + + def update(self, data): + global buf_size, buf + cipher_out_len = c_long(0) + l = len(data) + if buf_size < l: + buf_size = l * 2 + buf = create_string_buffer(buf_size) + libcrypto.EVP_CipherUpdate(self._ctx, byref(buf), + byref(cipher_out_len), c_char_p(data), l) + # buf is copied to a str object when we access buf.raw + return buf.raw[:cipher_out_len.value] + + def __del__(self): + self.clean() + + def clean(self): + if self._ctx: + if hasattr(libcrypto, "EVP_CIPHER_CTX_cleanup"): + libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx) + else: + libcrypto.EVP_CIPHER_CTX_reset(self._ctx) + libcrypto.EVP_CIPHER_CTX_free(self._ctx) + + +ciphers = { + 'aes-128-cbc': (16, 16, OpenSSLCrypto), + 'aes-192-cbc': (24, 16, OpenSSLCrypto), + 'aes-256-cbc': (32, 16, OpenSSLCrypto), + 'aes-128-cfb': (16, 16, OpenSSLCrypto), + 'aes-192-cfb': (24, 16, OpenSSLCrypto), + 'aes-256-cfb': (32, 16, OpenSSLCrypto), + 'aes-128-ofb': (16, 16, OpenSSLCrypto), + 'aes-192-ofb': (24, 16, OpenSSLCrypto), + 'aes-256-ofb': (32, 16, OpenSSLCrypto), + 'aes-128-ctr': (16, 16, OpenSSLCrypto), + 'aes-192-ctr': (24, 16, OpenSSLCrypto), + 'aes-256-ctr': (32, 16, OpenSSLCrypto), + 'aes-128-cfb8': (16, 16, OpenSSLCrypto), + 'aes-192-cfb8': (24, 16, OpenSSLCrypto), + 'aes-256-cfb8': (32, 16, OpenSSLCrypto), + 'aes-128-cfb1': (16, 16, OpenSSLCrypto), + 'aes-192-cfb1': (24, 16, OpenSSLCrypto), + 'aes-256-cfb1': (32, 16, OpenSSLCrypto), + 'bf-cfb': (16, 8, OpenSSLCrypto), + 'camellia-128-cfb': (16, 16, OpenSSLCrypto), + 'camellia-192-cfb': (24, 16, OpenSSLCrypto), + 'camellia-256-cfb': (32, 16, OpenSSLCrypto), + 'cast5-cfb': (16, 8, OpenSSLCrypto), + 'des-cfb': (8, 8, OpenSSLCrypto), + 'idea-cfb': (16, 8, OpenSSLCrypto), + 'rc2-cfb': (16, 8, OpenSSLCrypto), + 'rc4': (16, 0, OpenSSLCrypto), + 'seed-cfb': (16, 16, OpenSSLCrypto), +} + + +def run_method(method): + + cipher = OpenSSLCrypto(method, b'k' * 32, b'i' * 16, 1) + decipher = OpenSSLCrypto(method, b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +def test_aes_128_cfb(): + run_method('aes-128-cfb') + + +def test_aes_256_cfb(): + run_method('aes-256-cfb') + + +def test_aes_128_cfb8(): + run_method('aes-128-cfb8') + + +def test_aes_256_ofb(): + run_method('aes-256-ofb') + + +def test_aes_256_ctr(): + run_method('aes-256-ctr') + + +def test_bf_cfb(): + run_method('bf-cfb') + + +def test_rc4(): + run_method('rc4') + + +if __name__ == '__main__': + test_aes_128_cfb() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/rc4_md5.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/rc4_md5.py new file mode 100644 index 000000000..b0105ec29 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/rc4_md5.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import hashlib + +from shadowsocks.crypto import openssl + +__all__ = ['ciphers'] + + +def create_cipher(alg, key, iv, op, key_as_bytes=0, d=None, salt=None, + i=1, padding=1): + md5 = hashlib.md5() + md5.update(key) + md5.update(iv) + rc4_key = md5.digest() + return openssl.OpenSSLCrypto(b'rc4', rc4_key, b'', op) + + +ciphers = { + 'rc4-md5': (16, 16, create_cipher), + 'rc4-md5-6': (16, 6, create_cipher), +} + + +def test(): + from shadowsocks.crypto import util + + cipher = create_cipher('rc4-md5', b'k' * 32, b'i' * 16, 1) + decipher = create_cipher('rc4-md5', b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +if __name__ == '__main__': + test() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/sodium.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/sodium.py new file mode 100644 index 000000000..51d476bed --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/sodium.py @@ -0,0 +1,140 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +from ctypes import c_char_p, c_int, c_ulong, c_ulonglong, byref, \ + create_string_buffer, c_void_p + +from shadowsocks.crypto import util + +__all__ = ['ciphers'] + +libsodium = None +loaded = False + +buf_size = 2048 + +# for salsa20 and chacha20 and chacha20-ietf +BLOCK_SIZE = 64 + + +def load_libsodium(): + global loaded, libsodium, buf + + libsodium = util.find_library('sodium', 'crypto_stream_salsa20_xor_ic', + 'libsodium') + if libsodium is None: + raise Exception('libsodium not found') + + libsodium.crypto_stream_salsa20_xor_ic.restype = c_int + libsodium.crypto_stream_salsa20_xor_ic.argtypes = (c_void_p, c_char_p, + c_ulonglong, + c_char_p, c_ulonglong, + c_char_p) + libsodium.crypto_stream_chacha20_xor_ic.restype = c_int + libsodium.crypto_stream_chacha20_xor_ic.argtypes = (c_void_p, c_char_p, + c_ulonglong, + c_char_p, c_ulonglong, + c_char_p) + + try: + libsodium.crypto_stream_chacha20_ietf_xor_ic.restype = c_int + libsodium.crypto_stream_chacha20_ietf_xor_ic.argtypes = (c_void_p, c_char_p, + c_ulonglong, + c_char_p, c_ulong, + c_char_p) + except: + pass + + buf = create_string_buffer(buf_size) + loaded = True + + +class SodiumCrypto(object): + def __init__(self, cipher_name, key, iv, op): + if not loaded: + load_libsodium() + self.key = key + self.iv = iv + self.key_ptr = c_char_p(key) + self.iv_ptr = c_char_p(iv) + if cipher_name == 'salsa20': + self.cipher = libsodium.crypto_stream_salsa20_xor_ic + elif cipher_name == 'chacha20': + self.cipher = libsodium.crypto_stream_chacha20_xor_ic + elif cipher_name == 'chacha20-ietf': + self.cipher = libsodium.crypto_stream_chacha20_ietf_xor_ic + else: + raise Exception('Unknown cipher') + # byte counter, not block counter + self.counter = 0 + + def update(self, data): + global buf_size, buf + l = len(data) + + # we can only prepend some padding to make the encryption align to + # blocks + padding = self.counter % BLOCK_SIZE + if buf_size < padding + l: + buf_size = (padding + l) * 2 + buf = create_string_buffer(buf_size) + + if padding: + data = (b'\0' * padding) + data + self.cipher(byref(buf), c_char_p(data), padding + l, + self.iv_ptr, int(self.counter / BLOCK_SIZE), self.key_ptr) + self.counter += l + # buf is copied to a str object when we access buf.raw + # strip off the padding + return buf.raw[padding:padding + l] + + +ciphers = { + 'salsa20': (32, 8, SodiumCrypto), + 'chacha20': (32, 8, SodiumCrypto), + 'chacha20-ietf': (32, 12, SodiumCrypto), +} + + +def test_salsa20(): + cipher = SodiumCrypto('salsa20', b'k' * 32, b'i' * 16, 1) + decipher = SodiumCrypto('salsa20', b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +def test_chacha20(): + + cipher = SodiumCrypto('chacha20', b'k' * 32, b'i' * 16, 1) + decipher = SodiumCrypto('chacha20', b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + + +def test_chacha20_ietf(): + + cipher = SodiumCrypto('chacha20-ietf', b'k' * 32, b'i' * 16, 1) + decipher = SodiumCrypto('chacha20-ietf', b'k' * 32, b'i' * 16, 0) + + util.run_cipher(cipher, decipher) + +if __name__ == '__main__': + test_chacha20_ietf() + test_chacha20() + test_salsa20() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/table.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/table.py new file mode 100644 index 000000000..60c2f2451 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/crypto/table.py @@ -0,0 +1,181 @@ +# !/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import string +import struct +import hashlib + + +__all__ = ['ciphers'] + +cached_tables = {} + +if hasattr(string, 'maketrans'): + maketrans = string.maketrans + translate = string.translate +else: + maketrans = bytes.maketrans + translate = bytes.translate + + +def get_table(key): + m = hashlib.md5() + m.update(key) + s = m.digest() + a, b = struct.unpack(' 0: + # parent waits for its child + time.sleep(5) + sys.exit(0) + + # child signals its parent to exit + ppid = os.getppid() + pid = os.getpid() + if write_pid_file(pid_file, pid) != 0: + os.kill(ppid, signal.SIGINT) + sys.exit(1) + + os.setsid() + signal.signal(signal.SIG_IGN, signal.SIGHUP) + + print('started') + os.kill(ppid, signal.SIGTERM) + + sys.stdin.close() + try: + freopen(log_file, 'a', sys.stdout) + freopen(log_file, 'a', sys.stderr) + except IOError as e: + shell.print_exception(e) + sys.exit(1) + + +def daemon_stop(pid_file): + import errno + try: + with open(pid_file) as f: + buf = f.read() + pid = common.to_str(buf) + if not buf: + logging.error('not running') + except IOError as e: + shell.print_exception(e) + if e.errno == errno.ENOENT: + # always exit 0 if we are sure daemon is not running + logging.error('not running') + return + sys.exit(1) + pid = int(pid) + if pid > 0: + try: + os.kill(pid, signal.SIGTERM) + except OSError as e: + if e.errno == errno.ESRCH: + logging.error('not running') + # always exit 0 if we are sure daemon is not running + return + shell.print_exception(e) + sys.exit(1) + else: + logging.error('pid is not positive: %d', pid) + + # sleep for maximum 10s + for i in range(0, 200): + try: + # query for the pid + os.kill(pid, 0) + except OSError as e: + if e.errno == errno.ESRCH: + break + time.sleep(0.05) + else: + logging.error('timed out when stopping pid %d', pid) + sys.exit(1) + print('stopped') + os.unlink(pid_file) + + +def set_user(username): + if username is None: + return + + import pwd + import grp + + try: + pwrec = pwd.getpwnam(username) + except KeyError: + logging.error('user not found: %s' % username) + raise + user = pwrec[0] + uid = pwrec[2] + gid = pwrec[3] + + cur_uid = os.getuid() + if uid == cur_uid: + return + if cur_uid != 0: + logging.error('can not set user as nonroot user') + # will raise later + + # inspired by supervisor + if hasattr(os, 'setgroups'): + groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] + groups.insert(0, gid) + os.setgroups(groups) + os.setgid(gid) + os.setuid(uid) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/encrypt.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/encrypt.py new file mode 100644 index 000000000..44f905250 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/encrypt.py @@ -0,0 +1,236 @@ +#!/usr/bin/env python +# +# Copyright 2012-2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import hashlib +import logging + +from shadowsocks import common +from shadowsocks.crypto import rc4_md5, openssl, sodium, table + + +method_supported = {} +method_supported.update(rc4_md5.ciphers) +method_supported.update(openssl.ciphers) +method_supported.update(sodium.ciphers) +method_supported.update(table.ciphers) + + +def random_string(length): + try: + return os.urandom(length) + except NotImplementedError as e: + return openssl.rand_bytes(length) + +cached_keys = {} + + +def try_cipher(key, method=None): + Encryptor(key, method) + + +def EVP_BytesToKey(password, key_len, iv_len): + # equivalent to OpenSSL's EVP_BytesToKey() with count 1 + # so that we make the same key and iv as nodejs version + if hasattr(password, 'encode'): + password = password.encode('utf-8') + cached_key = '%s-%d-%d' % (password, key_len, iv_len) + r = cached_keys.get(cached_key, None) + if r: + return r + m = [] + i = 0 + while len(b''.join(m)) < (key_len + iv_len): + md5 = hashlib.md5() + data = password + if i > 0: + data = m[i - 1] + password + md5.update(data) + m.append(md5.digest()) + i += 1 + ms = b''.join(m) + key = ms[:key_len] + iv = ms[key_len:key_len + iv_len] + cached_keys[cached_key] = (key, iv) + return key, iv + + +class Encryptor(object): + def __init__(self, key, method, iv = None): + self.key = key + self.method = method + self.iv = None + self.iv_sent = False + self.cipher_iv = b'' + self.iv_buf = b'' + self.cipher_key = b'' + self.decipher = None + method = method.lower() + self._method_info = self.get_method_info(method) + if self._method_info: + if iv is None or len(iv) != self._method_info[1]: + self.cipher = self.get_cipher(key, method, 1, + random_string(self._method_info[1])) + else: + self.cipher = self.get_cipher(key, method, 1, iv) + else: + logging.error('method %s not supported' % method) + sys.exit(1) + + def get_method_info(self, method): + method = method.lower() + m = method_supported.get(method) + return m + + def iv_len(self): + return len(self.cipher_iv) + + def get_cipher(self, password, method, op, iv): + password = common.to_bytes(password) + m = self._method_info + if m[0] > 0: + key, iv_ = EVP_BytesToKey(password, m[0], m[1]) + else: + # key_length == 0 indicates we should use the key directly + key, iv = password, b'' + + iv = iv[:m[1]] + if op == 1: + # this iv is for cipher not decipher + self.cipher_iv = iv[:m[1]] + self.cipher_key = key + return m[2](method, key, iv, op) + + def encrypt(self, buf): + if len(buf) == 0: + return buf + if self.iv_sent: + return self.cipher.update(buf) + else: + self.iv_sent = True + return self.cipher_iv + self.cipher.update(buf) + + def decrypt(self, buf): + if len(buf) == 0: + return buf + if self.decipher is not None: #optimize + return self.decipher.update(buf) + + decipher_iv_len = self._method_info[1] + if len(self.iv_buf) <= decipher_iv_len: + self.iv_buf += buf + if len(self.iv_buf) > decipher_iv_len: + decipher_iv = self.iv_buf[:decipher_iv_len] + self.decipher = self.get_cipher(self.key, self.method, 0, + iv=decipher_iv) + buf = self.iv_buf[decipher_iv_len:] + del self.iv_buf + return self.decipher.update(buf) + else: + return b'' + +def encrypt_all(password, method, op, data): + result = [] + method = method.lower() + (key_len, iv_len, m) = method_supported[method] + if key_len > 0: + key, _ = EVP_BytesToKey(password, key_len, iv_len) + else: + key = password + if op: + iv = random_string(iv_len) + result.append(iv) + else: + iv = data[:iv_len] + data = data[iv_len:] + cipher = m(method, key, iv, op) + result.append(cipher.update(data)) + return b''.join(result) + +def encrypt_key(password, method): + method = method.lower() + (key_len, iv_len, m) = method_supported[method] + if key_len > 0: + key, _ = EVP_BytesToKey(password, key_len, iv_len) + else: + key = password + return key + +def encrypt_iv_len(method): + method = method.lower() + (key_len, iv_len, m) = method_supported[method] + return iv_len + +def encrypt_new_iv(method): + method = method.lower() + (key_len, iv_len, m) = method_supported[method] + return random_string(iv_len) + +def encrypt_all_iv(key, method, op, data, ref_iv): + result = [] + method = method.lower() + (key_len, iv_len, m) = method_supported[method] + if op: + iv = ref_iv[0] + result.append(iv) + else: + iv = data[:iv_len] + data = data[iv_len:] + ref_iv[0] = iv + cipher = m(method, key, iv, op) + result.append(cipher.update(data)) + return b''.join(result) + + +CIPHERS_TO_TEST = [ + 'aes-128-cfb', + 'aes-256-cfb', + 'rc4-md5', + 'salsa20', + 'chacha20', + 'table', +] + + +def test_encryptor(): + from os import urandom + plain = urandom(10240) + for method in CIPHERS_TO_TEST: + logging.warn(method) + encryptor = Encryptor(b'key', method) + decryptor = Encryptor(b'key', method) + cipher = encryptor.encrypt(plain) + plain2 = decryptor.decrypt(cipher) + assert plain == plain2 + + +def test_encrypt_all(): + from os import urandom + plain = urandom(10240) + for method in CIPHERS_TO_TEST: + logging.warn(method) + cipher = encrypt_all(b'key', method, 1, plain) + plain2 = encrypt_all(b'key', method, 0, cipher) + assert plain == plain2 + + +if __name__ == '__main__': + test_encrypt_all() + test_encryptor() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/encrypt_test.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/encrypt_test.py new file mode 100644 index 000000000..d5e507789 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/encrypt_test.py @@ -0,0 +1,51 @@ +from __future__ import absolute_import, division, print_function, \ + with_statement + +import sys +import os + +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '../')) + + +from shadowsocks.crypto import rc4_md5 +from shadowsocks.crypto import openssl +from shadowsocks.crypto import sodium +from shadowsocks.crypto import table + +def run(func): + try: + func() + except: + pass + +def run_n(func, name): + try: + func(name) + except: + pass + +def main(): + print("\n""rc4_md5") + rc4_md5.test() + print("\n""aes-256-cfb") + openssl.test_aes_256_cfb() + print("\n""aes-128-cfb") + openssl.test_aes_128_cfb() + print("\n""bf-cfb") + run(openssl.test_bf_cfb) + print("\n""camellia-128-cfb") + run_n(openssl.run_method, "camellia-128-cfb") + print("\n""cast5-cfb") + run_n(openssl.run_method, "cast5-cfb") + print("\n""idea-cfb") + run_n(openssl.run_method, "idea-cfb") + print("\n""seed-cfb") + run_n(openssl.run_method, "seed-cfb") + print("\n""salsa20") + run(sodium.test_salsa20) + print("\n""chacha20") + run(sodium.test_chacha20) + +if __name__ == '__main__': + main() + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/eventloop.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/eventloop.py new file mode 100644 index 000000000..341620efd --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/eventloop.py @@ -0,0 +1,258 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2013-2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# from ssloop +# https://github.com/clowwindy/ssloop + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import time +import socket +import select +import errno +import logging +from collections import defaultdict + +from shadowsocks import shell + + +__all__ = ['EventLoop', 'POLL_NULL', 'POLL_IN', 'POLL_OUT', 'POLL_ERR', + 'POLL_HUP', 'POLL_NVAL', 'EVENT_NAMES'] + +POLL_NULL = 0x00 +POLL_IN = 0x01 +POLL_OUT = 0x04 +POLL_ERR = 0x08 +POLL_HUP = 0x10 +POLL_NVAL = 0x20 + + +EVENT_NAMES = { + POLL_NULL: 'POLL_NULL', + POLL_IN: 'POLL_IN', + POLL_OUT: 'POLL_OUT', + POLL_ERR: 'POLL_ERR', + POLL_HUP: 'POLL_HUP', + POLL_NVAL: 'POLL_NVAL', +} + +# we check timeouts every TIMEOUT_PRECISION seconds +TIMEOUT_PRECISION = 2 + + +class KqueueLoop(object): + + MAX_EVENTS = 1024 + + def __init__(self): + self._kqueue = select.kqueue() + self._fds = {} + + def _control(self, fd, mode, flags): + events = [] + if mode & POLL_IN: + events.append(select.kevent(fd, select.KQ_FILTER_READ, flags)) + if mode & POLL_OUT: + events.append(select.kevent(fd, select.KQ_FILTER_WRITE, flags)) + for e in events: + self._kqueue.control([e], 0) + + def poll(self, timeout): + if timeout < 0: + timeout = None # kqueue behaviour + events = self._kqueue.control(None, KqueueLoop.MAX_EVENTS, timeout) + results = defaultdict(lambda: POLL_NULL) + for e in events: + fd = e.ident + if e.filter == select.KQ_FILTER_READ: + results[fd] |= POLL_IN + elif e.filter == select.KQ_FILTER_WRITE: + results[fd] |= POLL_OUT + return results.items() + + def register(self, fd, mode): + self._fds[fd] = mode + self._control(fd, mode, select.KQ_EV_ADD) + + def unregister(self, fd): + self._control(fd, self._fds[fd], select.KQ_EV_DELETE) + del self._fds[fd] + + def modify(self, fd, mode): + self.unregister(fd) + self.register(fd, mode) + + def close(self): + self._kqueue.close() + + +class SelectLoop(object): + + def __init__(self): + self._r_list = set() + self._w_list = set() + self._x_list = set() + + def poll(self, timeout): + r, w, x = select.select(self._r_list, self._w_list, self._x_list, + timeout) + results = defaultdict(lambda: POLL_NULL) + for p in [(r, POLL_IN), (w, POLL_OUT), (x, POLL_ERR)]: + for fd in p[0]: + results[fd] |= p[1] + return results.items() + + def register(self, fd, mode): + if mode & POLL_IN: + self._r_list.add(fd) + if mode & POLL_OUT: + self._w_list.add(fd) + if mode & POLL_ERR: + self._x_list.add(fd) + + def unregister(self, fd): + if fd in self._r_list: + self._r_list.remove(fd) + if fd in self._w_list: + self._w_list.remove(fd) + if fd in self._x_list: + self._x_list.remove(fd) + + def modify(self, fd, mode): + self.unregister(fd) + self.register(fd, mode) + + def close(self): + pass + + +class EventLoop(object): + def __init__(self): + if hasattr(select, 'epoll'): + self._impl = select.epoll() + model = 'epoll' + elif hasattr(select, 'kqueue'): + self._impl = KqueueLoop() + model = 'kqueue' + elif hasattr(select, 'select'): + self._impl = SelectLoop() + model = 'select' + else: + raise Exception('can not find any available functions in select ' + 'package') + self._fdmap = {} # (f, handler) + self._last_time = time.time() + self._periodic_callbacks = [] + self._stopping = False + logging.debug('using event model: %s', model) + + def poll(self, timeout=None): + events = self._impl.poll(timeout) + return [(self._fdmap[fd][0], fd, event) for fd, event in events] + + def add(self, f, mode, handler): + fd = f.fileno() + self._fdmap[fd] = (f, handler) + self._impl.register(fd, mode) + + def remove(self, f): + fd = f.fileno() + del self._fdmap[fd] + self._impl.unregister(fd) + + def removefd(self, fd): + del self._fdmap[fd] + self._impl.unregister(fd) + + def add_periodic(self, callback): + self._periodic_callbacks.append(callback) + + def remove_periodic(self, callback): + self._periodic_callbacks.remove(callback) + + def modify(self, f, mode): + fd = f.fileno() + self._impl.modify(fd, mode) + + def stop(self): + self._stopping = True + + def run(self): + events = [] + while not self._stopping: + asap = False + try: + events = self.poll(TIMEOUT_PRECISION) + except (OSError, IOError) as e: + if errno_from_exception(e) in (errno.EPIPE, errno.EINTR): + # EPIPE: Happens when the client closes the connection + # EINTR: Happens when received a signal + # handles them as soon as possible + asap = True + logging.debug('poll:%s', e) + else: + logging.error('poll:%s', e) + import traceback + traceback.print_exc() + continue + + handle = False + for sock, fd, event in events: + handler = self._fdmap.get(fd, None) + if handler is not None: + handler = handler[1] + try: + handle = handler.handle_event(sock, fd, event) or handle + except (OSError, IOError) as e: + shell.print_exception(e) + now = time.time() + if asap or now - self._last_time >= TIMEOUT_PRECISION: + for callback in self._periodic_callbacks: + callback() + self._last_time = now + if events and not handle: + time.sleep(0.001) + + def __del__(self): + self._impl.close() + + +# from tornado +def errno_from_exception(e): + """Provides the errno from an Exception object. + + There are cases that the errno attribute was not set so we pull + the errno out of the args but if someone instatiates an Exception + without any args you will get a tuple error. So this function + abstracts all that behavior to give you a safe way to get the + errno. + """ + + if hasattr(e, 'errno'): + return e.errno + elif e.args: + return e.args[0] + else: + return None + + +# from tornado +def get_sock_error(sock): + error_number = sock.getsockopt(socket.SOL_SOCKET, socket.SO_ERROR) + return socket.error(error_number, os.strerror(error_number)) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/local.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/local.py new file mode 100755 index 000000000..9f54d9306 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/local.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Copyright 2012-2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import sys +import os +import logging +import signal + +if __name__ == '__main__': + import inspect + file_path = os.path.dirname(os.path.realpath(inspect.getfile(inspect.currentframe()))) + sys.path.insert(0, os.path.join(file_path, '../')) + +from shadowsocks import shell, daemon, eventloop, tcprelay, udprelay, asyncdns + + +def main(): + shell.check_python() + + # fix py2exe + if hasattr(sys, "frozen") and sys.frozen in \ + ("windows_exe", "console_exe"): + p = os.path.dirname(os.path.abspath(sys.executable)) + os.chdir(p) + + config = shell.get_config(True) + + if not config.get('dns_ipv6', False): + asyncdns.IPV6_CONNECTION_SUPPORT = False + + daemon.daemon_exec(config) + logging.info("local start with protocol[%s] password [%s] method [%s] obfs [%s] obfs_param [%s]" % + (config['protocol'], config['password'], config['method'], config['obfs'], config['obfs_param'])) + + try: + logging.info("starting local at %s:%d" % + (config['local_address'], config['local_port'])) + + dns_resolver = asyncdns.DNSResolver() + tcp_server = tcprelay.TCPRelay(config, dns_resolver, True) + udp_server = udprelay.UDPRelay(config, dns_resolver, True) + loop = eventloop.EventLoop() + dns_resolver.add_to_loop(loop) + tcp_server.add_to_loop(loop) + udp_server.add_to_loop(loop) + + def handler(signum, _): + logging.warn('received SIGQUIT, doing graceful shutting down..') + tcp_server.close(next_tick=True) + udp_server.close(next_tick=True) + signal.signal(getattr(signal, 'SIGQUIT', signal.SIGTERM), handler) + + def int_handler(signum, _): + sys.exit(1) + signal.signal(signal.SIGINT, int_handler) + + daemon.set_user(config.get('user', None)) + loop.run() + except Exception as e: + shell.print_exception(e) + sys.exit(1) + +if __name__ == '__main__': + main() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/logrun.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/logrun.sh new file mode 100755 index 000000000..fc081e1d2 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/logrun.sh @@ -0,0 +1,8 @@ +#!/bin/bash +cd `dirname $0` +python_ver=$(ls /usr/bin|grep -e "^python[23]\.[1-9]\+$"|tail -1) +eval $(ps -ef | grep "[0-9] ${python_ver} server\\.py a" | awk '{print "kill "$2}') +ulimit -n 512000 +nohup ${python_ver} server.py a>> ssserver.log 2>&1 & + + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/lru_cache.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/lru_cache.py new file mode 100644 index 000000000..ab0d21086 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/lru_cache.py @@ -0,0 +1,179 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import collections +import logging +import time + +if __name__ == '__main__': + import os, sys, inspect + file_path = os.path.dirname(os.path.realpath(inspect.getfile(inspect.currentframe()))) + sys.path.insert(0, os.path.join(file_path, '../')) + +try: + from collections import OrderedDict +except: + from shadowsocks.ordereddict import OrderedDict + +# this LRUCache is optimized for concurrency, not QPS +# n: concurrency, keys stored in the cache +# m: visits not timed out, proportional to QPS * timeout +# get & set is O(1), not O(n). thus we can support very large n +# sweep is O((n - m)) or O(1024) at most, +# no metter how large the cache or timeout value is + +SWEEP_MAX_ITEMS = 1024 + +class LRUCache(collections.MutableMapping): + """This class is not thread safe""" + + def __init__(self, timeout=60, close_callback=None, *args, **kwargs): + self.timeout = timeout + self.close_callback = close_callback + self._store = {} + self._keys_to_last_time = OrderedDict() + self.update(dict(*args, **kwargs)) # use the free update to set keys + + def __getitem__(self, key): + # O(1) + t = time.time() + last_t = self._keys_to_last_time[key] + del self._keys_to_last_time[key] + self._keys_to_last_time[key] = t + return self._store[key] + + def __setitem__(self, key, value): + # O(1) + t = time.time() + if key in self._keys_to_last_time: + del self._keys_to_last_time[key] + self._keys_to_last_time[key] = t + self._store[key] = value + + def __delitem__(self, key): + # O(1) + last_t = self._keys_to_last_time[key] + del self._store[key] + del self._keys_to_last_time[key] + + def __contains__(self, key): + return key in self._store + + def __iter__(self): + return iter(self._store) + + def __len__(self): + return len(self._store) + + def first(self): + if len(self._keys_to_last_time) > 0: + for key in self._keys_to_last_time: + return key + + def sweep(self, sweep_item_cnt = SWEEP_MAX_ITEMS): + # O(n - m) + now = time.time() + c = 0 + while c < sweep_item_cnt: + if len(self._keys_to_last_time) == 0: + break + for key in self._keys_to_last_time: + break + last_t = self._keys_to_last_time[key] + if now - last_t <= self.timeout: + break + value = self._store[key] + del self._store[key] + del self._keys_to_last_time[key] + if self.close_callback is not None: + self.close_callback(value) + c += 1 + if c: + logging.debug('%d keys swept' % c) + return c < SWEEP_MAX_ITEMS + + def clear(self, keep): + now = time.time() + c = 0 + while len(self._keys_to_last_time) > keep: + if len(self._keys_to_last_time) == 0: + break + for key in self._keys_to_last_time: + break + last_t = self._keys_to_last_time[key] + value = self._store[key] + if self.close_callback is not None: + self.close_callback(value) + del self._store[key] + del self._keys_to_last_time[key] + c += 1 + if c: + logging.debug('%d keys swept' % c) + return c < SWEEP_MAX_ITEMS + +def test(): + c = LRUCache(timeout=0.3) + + c['a'] = 1 + assert c['a'] == 1 + c['a'] = 1 + + time.sleep(0.5) + c.sweep() + assert 'a' not in c + + c['a'] = 2 + c['b'] = 3 + time.sleep(0.2) + c.sweep() + assert c['a'] == 2 + assert c['b'] == 3 + + time.sleep(0.2) + c.sweep() + c['b'] + time.sleep(0.2) + c.sweep() + assert 'a' not in c + assert c['b'] == 3 + + time.sleep(0.5) + c.sweep() + assert 'a' not in c + assert 'b' not in c + + global close_cb_called + close_cb_called = False + + def close_cb(t): + global close_cb_called + assert not close_cb_called + close_cb_called = True + + c = LRUCache(timeout=0.1, close_callback=close_cb) + c['s'] = 1 + c['s'] + time.sleep(0.1) + c['s'] + time.sleep(0.3) + c.sweep() + +if __name__ == '__main__': + test() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/manager.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/manager.py new file mode 100644 index 000000000..80d0a320b --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/manager.py @@ -0,0 +1,291 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import errno +import traceback +import socket +import logging +import json +import collections + +from shadowsocks import common, eventloop, tcprelay, udprelay, asyncdns, shell + + +BUF_SIZE = 1506 +STAT_SEND_LIMIT = 50 + + +class Manager(object): + + def __init__(self, config): + self._config = config + self._relays = {} # (tcprelay, udprelay) + self._loop = eventloop.EventLoop() + self._dns_resolver = asyncdns.DNSResolver() + self._dns_resolver.add_to_loop(self._loop) + + self._statistics = collections.defaultdict(int) + self._control_client_addr = None + try: + manager_address = common.to_str(config['manager_address']) + if ':' in manager_address: + addr = manager_address.rsplit(':', 1) + addr = addr[0], int(addr[1]) + addrs = socket.getaddrinfo(addr[0], addr[1]) + if addrs: + family = addrs[0][0] + else: + logging.error('invalid address: %s', manager_address) + exit(1) + else: + addr = manager_address + family = socket.AF_UNIX + self._control_socket = socket.socket(family, + socket.SOCK_DGRAM) + self._control_socket.bind(addr) + self._control_socket.setblocking(False) + except (OSError, IOError) as e: + logging.error(e) + logging.error('can not bind to manager address') + exit(1) + self._loop.add(self._control_socket, + eventloop.POLL_IN, self) + self._loop.add_periodic(self.handle_periodic) + + port_password = config['port_password'] + del config['port_password'] + for port, password in port_password.items(): + a_config = config.copy() + a_config['server_port'] = int(port) + a_config['password'] = password + self.add_port(a_config) + + def add_port(self, config): + port = int(config['server_port']) + servers = self._relays.get(port, None) + if servers: + logging.error("server already exists at %s:%d" % (config['server'], + port)) + return + logging.info("adding server at %s:%d" % (config['server'], port)) + t = tcprelay.TCPRelay(config, self._dns_resolver, False, + stat_callback=self.stat_callback) + u = udprelay.UDPRelay(config, self._dns_resolver, False, + stat_callback=self.stat_callback) + t.add_to_loop(self._loop) + u.add_to_loop(self._loop) + self._relays[port] = (t, u) + + def remove_port(self, config): + port = int(config['server_port']) + servers = self._relays.get(port, None) + if servers: + logging.info("removing server at %s:%d" % (config['server'], port)) + t, u = servers + t.close(next_tick=False) + u.close(next_tick=False) + del self._relays[port] + else: + logging.error("server not exist at %s:%d" % (config['server'], + port)) + + def handle_event(self, sock, fd, event): + if sock == self._control_socket and event == eventloop.POLL_IN: + data, self._control_client_addr = sock.recvfrom(BUF_SIZE) + parsed = self._parse_command(data) + if parsed: + command, config = parsed + a_config = self._config.copy() + if config: + # let the command override the configuration file + a_config.update(config) + if 'server_port' not in a_config: + logging.error('can not find server_port in config') + else: + if command == 'add': + self.add_port(a_config) + self._send_control_data(b'ok') + elif command == 'remove': + self.remove_port(a_config) + self._send_control_data(b'ok') + elif command == 'ping': + self._send_control_data(b'pong') + else: + logging.error('unknown command %s', command) + + def _parse_command(self, data): + # commands: + # add: {"server_port": 8000, "password": "foobar"} + # remove: {"server_port": 8000"} + data = common.to_str(data) + parts = data.split(':', 1) + if len(parts) < 2: + return data, None + command, config_json = parts + try: + config = shell.parse_json_in_str(config_json) + return command, config + except Exception as e: + logging.error(e) + return None + + def stat_callback(self, port, data_len): + self._statistics[port] += data_len + + def handle_periodic(self): + r = {} + i = 0 + + def send_data(data_dict): + if data_dict: + # use compact JSON format (without space) + data = common.to_bytes(json.dumps(data_dict, + separators=(',', ':'))) + self._send_control_data(b'stat: ' + data) + + for k, v in self._statistics.items(): + r[k] = v + i += 1 + # split the data into segments that fit in UDP packets + if i >= STAT_SEND_LIMIT: + send_data(r) + r.clear() + i = 0 + if len(r) > 0 : + send_data(r) + self._statistics.clear() + + def _send_control_data(self, data): + if self._control_client_addr: + try: + self._control_socket.sendto(data, self._control_client_addr) + except (socket.error, OSError, IOError) as e: + error_no = eventloop.errno_from_exception(e) + if error_no in (errno.EAGAIN, errno.EINPROGRESS, + errno.EWOULDBLOCK): + return + else: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + + def run(self): + self._loop.run() + + +def run(config): + Manager(config).run() + + +def test(): + import time + import threading + import struct + from shadowsocks import encrypt + + logging.basicConfig(level=5, + format='%(asctime)s %(levelname)-8s %(message)s', + datefmt='%Y-%m-%d %H:%M:%S') + enc = [] + eventloop.TIMEOUT_PRECISION = 1 + + def run_server(): + config = shell.get_config(True) + config = config.copy() + a_config = { + 'server': '127.0.0.1', + 'local_port': 1081, + 'port_password': { + '8381': 'foobar1', + '8382': 'foobar2' + }, + 'method': 'aes-256-cfb', + 'manager_address': '127.0.0.1:6001', + 'timeout': 60, + 'fast_open': False, + 'verbose': 2 + } + config.update(a_config) + manager = Manager(config) + enc.append(manager) + manager.run() + + t = threading.Thread(target=run_server) + t.start() + time.sleep(1) + manager = enc[0] + cli = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + cli.connect(('127.0.0.1', 6001)) + + # test add and remove + time.sleep(1) + cli.send(b'add: {"server_port":7001, "password":"asdfadsfasdf"}') + time.sleep(1) + assert 7001 in manager._relays + data, addr = cli.recvfrom(1506) + assert b'ok' in data + + cli.send(b'remove: {"server_port":8381}') + time.sleep(1) + assert 8381 not in manager._relays + data, addr = cli.recvfrom(1506) + assert b'ok' in data + logging.info('add and remove test passed') + + # test statistics for TCP + header = common.pack_addr(b'google.com') + struct.pack('>H', 80) + data = encrypt.encrypt_all(b'asdfadsfasdf', 'aes-256-cfb', 1, + header + b'GET /\r\n\r\n') + tcp_cli = socket.socket() + tcp_cli.connect(('127.0.0.1', 7001)) + tcp_cli.send(data) + tcp_cli.recv(4096) + tcp_cli.close() + + data, addr = cli.recvfrom(1506) + data = common.to_str(data) + assert data.startswith('stat: ') + data = data.split('stat:')[1] + stats = shell.parse_json_in_str(data) + assert '7001' in stats + logging.info('TCP statistics test passed') + + # test statistics for UDP + header = common.pack_addr(b'127.0.0.1') + struct.pack('>H', 80) + data = encrypt.encrypt_all(b'foobar2', 'aes-256-cfb', 1, + header + b'test') + udp_cli = socket.socket(type=socket.SOCK_DGRAM) + udp_cli.sendto(data, ('127.0.0.1', 8382)) + tcp_cli.close() + + data, addr = cli.recvfrom(1506) + data = common.to_str(data) + assert data.startswith('stat: ') + data = data.split('stat:')[1] + stats = json.loads(data) + assert '8382' in stats + logging.info('UDP statistics test passed') + + manager._loop.stop() + t.join() + + +if __name__ == '__main__': + test() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfs.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfs.py new file mode 100644 index 000000000..3dfdb141f --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfs.py @@ -0,0 +1,114 @@ +#!/usr/bin/env python +# +# Copyright 2015-2015 breakwa11 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import hashlib +import logging + +from shadowsocks import common +from shadowsocks.obfsplugin import plain, http_simple, obfs_tls, verify, auth, auth_chain + + +method_supported = {} +method_supported.update(plain.obfs_map) +method_supported.update(http_simple.obfs_map) +method_supported.update(obfs_tls.obfs_map) +method_supported.update(verify.obfs_map) +method_supported.update(auth.obfs_map) +method_supported.update(auth_chain.obfs_map) + +def mu_protocol(): + return ["auth_aes128_md5", "auth_aes128_sha1", "auth_chain_a"] + +class server_info(object): + def __init__(self, data): + self.data = data + +class obfs(object): + def __init__(self, method): + method = common.to_str(method) + self.method = method + self._method_info = self.get_method_info(method) + if self._method_info: + self.obfs = self.get_obfs(method) + else: + raise Exception('obfs plugin [%s] not supported' % method) + + def init_data(self): + return self.obfs.init_data() + + def set_server_info(self, server_info): + return self.obfs.set_server_info(server_info) + + def get_server_info(self): + return self.obfs.get_server_info() + + def get_method_info(self, method): + method = method.lower() + m = method_supported.get(method) + return m + + def get_obfs(self, method): + m = self._method_info + return m[0](method) + + def get_overhead(self, direction): + return self.obfs.get_overhead(direction) + + def client_pre_encrypt(self, buf): + return self.obfs.client_pre_encrypt(buf) + + def client_encode(self, buf): + return self.obfs.client_encode(buf) + + def client_decode(self, buf): + return self.obfs.client_decode(buf) + + def client_post_decrypt(self, buf): + return self.obfs.client_post_decrypt(buf) + + def server_pre_encrypt(self, buf): + return self.obfs.server_pre_encrypt(buf) + + def server_encode(self, buf): + return self.obfs.server_encode(buf) + + def server_decode(self, buf): + return self.obfs.server_decode(buf) + + def server_post_decrypt(self, buf): + return self.obfs.server_post_decrypt(buf) + + def client_udp_pre_encrypt(self, buf): + return self.obfs.client_udp_pre_encrypt(buf) + + def client_udp_post_decrypt(self, buf): + return self.obfs.client_udp_post_decrypt(buf) + + def server_udp_pre_encrypt(self, buf, uid): + return self.obfs.server_udp_pre_encrypt(buf, uid) + + def server_udp_post_decrypt(self, buf): + return self.obfs.server_udp_post_decrypt(buf) + + def dispose(self): + self.obfs.dispose() + del self.obfs + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/__init__.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/__init__.py new file mode 100644 index 000000000..401c7b726 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/__init__.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/auth.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/auth.py new file mode 100755 index 000000000..a745e098f --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/auth.py @@ -0,0 +1,787 @@ +#!/usr/bin/env python +# +# Copyright 2015-2015 breakwa11 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import hashlib +import logging +import binascii +import base64 +import time +import datetime +import random +import math +import struct +import zlib +import hmac +import hashlib + +import shadowsocks +from shadowsocks import common, lru_cache, encrypt +from shadowsocks.obfsplugin import plain +from shadowsocks.common import to_bytes, to_str, ord, chr + +def create_auth_sha1_v4(method): + return auth_sha1_v4(method) + +def create_auth_aes128_md5(method): + return auth_aes128_sha1(method, hashlib.md5) + +def create_auth_aes128_sha1(method): + return auth_aes128_sha1(method, hashlib.sha1) + +obfs_map = { + 'auth_sha1_v4': (create_auth_sha1_v4,), + 'auth_sha1_v4_compatible': (create_auth_sha1_v4,), + 'auth_aes128_md5': (create_auth_aes128_md5,), + 'auth_aes128_sha1': (create_auth_aes128_sha1,), +} + +def match_begin(str1, str2): + if len(str1) >= len(str2): + if str1[:len(str2)] == str2: + return True + return False + +class auth_base(plain.plain): + def __init__(self, method): + super(auth_base, self).__init__(method) + self.method = method + self.no_compatible_method = '' + self.overhead = 7 + + def init_data(self): + return '' + + def get_overhead(self, direction): # direction: true for c->s false for s->c + return self.overhead + + def set_server_info(self, server_info): + self.server_info = server_info + + def client_encode(self, buf): + return buf + + def client_decode(self, buf): + return (buf, False) + + def server_encode(self, buf): + return buf + + def server_decode(self, buf): + return (buf, True, False) + + def not_match_return(self, buf): + self.raw_trans = True + self.overhead = 0 + if self.method == self.no_compatible_method: + return (b'E'*2048, False) + return (buf, False) + +class client_queue(object): + def __init__(self, begin_id): + self.front = begin_id - 64 + self.back = begin_id + 1 + self.alloc = {} + self.enable = True + self.last_update = time.time() + + def update(self): + self.last_update = time.time() + + def is_active(self): + return time.time() - self.last_update < 60 * 3 + + def re_enable(self, connection_id): + self.enable = True + self.front = connection_id - 64 + self.back = connection_id + 1 + self.alloc = {} + + def insert(self, connection_id): + if not self.enable: + logging.warn('obfs auth: not enable') + return False + if not self.is_active(): + self.re_enable(connection_id) + self.update() + if connection_id < self.front: + logging.warn('obfs auth: deprecated id, someone replay attack') + return False + if connection_id > self.front + 0x4000: + logging.warn('obfs auth: wrong id') + return False + if connection_id in self.alloc: + logging.warn('obfs auth: duplicate id, someone replay attack') + return False + if self.back <= connection_id: + self.back = connection_id + 1 + self.alloc[connection_id] = 1 + while (self.front in self.alloc) or self.front + 0x1000 < self.back: + if self.front in self.alloc: + del self.alloc[self.front] + self.front += 1 + return True + +class obfs_auth_v2_data(object): + def __init__(self): + self.client_id = lru_cache.LRUCache() + self.local_client_id = b'' + self.connection_id = 0 + self.set_max_client(64) # max active client count + + def update(self, client_id, connection_id): + if client_id in self.client_id: + self.client_id[client_id].update() + + def set_max_client(self, max_client): + self.max_client = max_client + self.max_buffer = max(self.max_client * 2, 1024) + + def insert(self, client_id, connection_id): + if self.client_id.get(client_id, None) is None or not self.client_id[client_id].enable: + if self.client_id.first() is None or len(self.client_id) < self.max_client: + if client_id not in self.client_id: + #TODO: check + self.client_id[client_id] = client_queue(connection_id) + else: + self.client_id[client_id].re_enable(connection_id) + return self.client_id[client_id].insert(connection_id) + + if not self.client_id[self.client_id.first()].is_active(): + del self.client_id[self.client_id.first()] + if client_id not in self.client_id: + #TODO: check + self.client_id[client_id] = client_queue(connection_id) + else: + self.client_id[client_id].re_enable(connection_id) + return self.client_id[client_id].insert(connection_id) + + logging.warn('auth_sha1_v2: no inactive client') + return False + else: + return self.client_id[client_id].insert(connection_id) + +class auth_sha1_v4(auth_base): + def __init__(self, method): + super(auth_sha1_v4, self).__init__(method) + self.recv_buf = b'' + self.unit_len = 8100 + self.decrypt_packet_num = 0 + self.raw_trans = False + self.has_sent_header = False + self.has_recv_header = False + self.client_id = 0 + self.connection_id = 0 + self.max_time_dif = 60 * 60 * 24 # time dif (second) setting + self.salt = b"auth_sha1_v4" + self.no_compatible_method = 'auth_sha1_v4' + + def init_data(self): + return obfs_auth_v2_data() + + def set_server_info(self, server_info): + self.server_info = server_info + try: + max_client = int(server_info.protocol_param) + except: + max_client = 64 + self.server_info.data.set_max_client(max_client) + + def rnd_data(self, buf_size): + if buf_size > 1200: + return b'\x01' + + if buf_size > 400: + rnd_data = os.urandom(common.ord(os.urandom(1)[0]) % 256) + else: + rnd_data = os.urandom(struct.unpack('>H', os.urandom(2))[0] % 512) + + if len(rnd_data) < 128: + return common.chr(len(rnd_data) + 1) + rnd_data + else: + return common.chr(255) + struct.pack('>H', len(rnd_data) + 3) + rnd_data + + def pack_data(self, buf): + data = self.rnd_data(len(buf)) + buf + data_len = len(data) + 8 + crc = binascii.crc32(struct.pack('>H', data_len)) & 0xFFFF + data = struct.pack('H', data_len) + data + adler32 = zlib.adler32(data) & 0xFFFFFFFF + data += struct.pack('H', data_len) + self.salt + self.server_info.key) & 0xFFFFFFFF + data = struct.pack('H', data_len) + data + data += hmac.new(self.server_info.iv + self.server_info.key, data, hashlib.sha1).digest()[:10] + return data + + def auth_data(self): + utc_time = int(time.time()) & 0xFFFFFFFF + if self.server_info.data.connection_id > 0xFF000000: + self.server_info.data.local_client_id = b'' + if not self.server_info.data.local_client_id: + self.server_info.data.local_client_id = os.urandom(4) + logging.debug("local_client_id %s" % (binascii.hexlify(self.server_info.data.local_client_id),)) + self.server_info.data.connection_id = struct.unpack(' self.unit_len: + ret += self.pack_data(buf[:self.unit_len]) + buf = buf[self.unit_len:] + ret += self.pack_data(buf) + return ret + + def client_post_decrypt(self, buf): + if self.raw_trans: + return buf + self.recv_buf += buf + out_buf = b'' + while len(self.recv_buf) > 4: + crc = struct.pack('H', self.recv_buf[:2])[0] + if length >= 8192 or length < 7: + self.raw_trans = True + self.recv_buf = b'' + raise Exception('client_post_decrypt data error') + if length > len(self.recv_buf): + break + + if struct.pack('H', self.recv_buf[5:7])[0] + 4 + out_buf += self.recv_buf[pos:length - 4] + self.recv_buf = self.recv_buf[length:] + + if out_buf: + self.decrypt_packet_num += 1 + return out_buf + + def server_pre_encrypt(self, buf): + if self.raw_trans: + return buf + ret = b'' + while len(buf) > self.unit_len: + ret += self.pack_data(buf[:self.unit_len]) + buf = buf[self.unit_len:] + ret += self.pack_data(buf) + return ret + + def server_post_decrypt(self, buf): + if self.raw_trans: + return (buf, False) + self.recv_buf += buf + out_buf = b'' + sendback = False + + if not self.has_recv_header: + if len(self.recv_buf) <= 6: + return (b'', False) + crc = struct.pack('H', self.recv_buf[:2])[0] + if length > len(self.recv_buf): + return (b'', False) + sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] + if sha1data != self.recv_buf[length - 10:length]: + logging.error('auth_sha1_v4 data uncorrect auth HMAC-SHA1') + return self.not_match_return(self.recv_buf) + pos = common.ord(self.recv_buf[6]) + if pos < 255: + pos += 6 + else: + pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6 + out_buf = self.recv_buf[pos:length - 10] + if len(out_buf) < 12: + logging.info('auth_sha1_v4: too short, data %s' % (binascii.hexlify(self.recv_buf),)) + return self.not_match_return(self.recv_buf) + utc_time = struct.unpack(' self.max_time_dif: + logging.info('auth_sha1_v4: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),)) + return self.not_match_return(self.recv_buf) + elif self.server_info.data.insert(client_id, connection_id): + self.has_recv_header = True + out_buf = out_buf[12:] + self.client_id = client_id + self.connection_id = connection_id + else: + logging.info('auth_sha1_v4: auth fail, data %s' % (binascii.hexlify(out_buf),)) + return self.not_match_return(self.recv_buf) + self.recv_buf = self.recv_buf[length:] + self.has_recv_header = True + sendback = True + + while len(self.recv_buf) > 4: + crc = struct.pack('H', self.recv_buf[:2])[0] + if length >= 8192 or length < 7: + self.raw_trans = True + self.recv_buf = b'' + if self.decrypt_packet_num == 0: + logging.info('auth_sha1_v4: over size') + return (b'E'*2048, False) + else: + raise Exception('server_post_decrype data error') + if length > len(self.recv_buf): + break + + if struct.pack('H', self.recv_buf[5:7])[0] + 4 + out_buf += self.recv_buf[pos:length - 4] + self.recv_buf = self.recv_buf[length:] + if pos == length - 4: + sendback = True + + if out_buf: + self.server_info.data.update(self.client_id, self.connection_id) + self.decrypt_packet_num += 1 + return (out_buf, sendback) + +class obfs_auth_mu_data(object): + def __init__(self): + self.user_id = {} + self.local_client_id = b'' + self.connection_id = 0 + self.set_max_client(64) # max active client count + + def update(self, user_id, client_id, connection_id): + if user_id not in self.user_id: + self.user_id[user_id] = lru_cache.LRUCache() + local_client_id = self.user_id[user_id] + + if client_id in local_client_id: + local_client_id[client_id].update() + + def set_max_client(self, max_client): + self.max_client = max_client + self.max_buffer = max(self.max_client * 2, 1024) + + def insert(self, user_id, client_id, connection_id): + if user_id not in self.user_id: + self.user_id[user_id] = lru_cache.LRUCache() + local_client_id = self.user_id[user_id] + + if local_client_id.get(client_id, None) is None or not local_client_id[client_id].enable: + if local_client_id.first() is None or len(local_client_id) < self.max_client: + if client_id not in local_client_id: + #TODO: check + local_client_id[client_id] = client_queue(connection_id) + else: + local_client_id[client_id].re_enable(connection_id) + return local_client_id[client_id].insert(connection_id) + + if not local_client_id[local_client_id.first()].is_active(): + del local_client_id[local_client_id.first()] + if client_id not in local_client_id: + #TODO: check + local_client_id[client_id] = client_queue(connection_id) + else: + local_client_id[client_id].re_enable(connection_id) + return local_client_id[client_id].insert(connection_id) + + logging.warn('auth_aes128: no inactive client') + return False + else: + return local_client_id[client_id].insert(connection_id) + +class auth_aes128_sha1(auth_base): + def __init__(self, method, hashfunc): + super(auth_aes128_sha1, self).__init__(method) + self.hashfunc = hashfunc + self.recv_buf = b'' + self.unit_len = 8100 + self.raw_trans = False + self.has_sent_header = False + self.has_recv_header = False + self.client_id = 0 + self.connection_id = 0 + self.max_time_dif = 60 * 60 * 24 # time dif (second) setting + self.salt = hashfunc == hashlib.md5 and b"auth_aes128_md5" or b"auth_aes128_sha1" + self.no_compatible_method = hashfunc == hashlib.md5 and "auth_aes128_md5" or 'auth_aes128_sha1' + self.extra_wait_size = struct.unpack('>H', os.urandom(2))[0] % 1024 + self.pack_id = 1 + self.recv_id = 1 + self.user_id = None + self.user_key = None + self.last_rnd_len = 0 + self.overhead = 9 + + def init_data(self): + return obfs_auth_mu_data() + + def get_overhead(self, direction): # direction: true for c->s false for s->c + return self.overhead + + def set_server_info(self, server_info): + self.server_info = server_info + try: + max_client = int(server_info.protocol_param.split('#')[0]) + except: + max_client = 64 + self.server_info.data.set_max_client(max_client) + + def trapezoid_random_float(self, d): + if d == 0: + return random.random() + s = random.random() + a = 1 - d + return (math.sqrt(a * a + 4 * d * s) - a) / (2 * d) + + def trapezoid_random_int(self, max_val, d): + v = self.trapezoid_random_float(d) + return int(v * max_val) + + def rnd_data_len(self, buf_size, full_buf_size): + if full_buf_size >= self.server_info.buffer_size: + return 0 + tcp_mss = self.server_info.tcp_mss + rev_len = tcp_mss - buf_size - 9 + if rev_len == 0: + return 0 + if rev_len < 0: + if rev_len > -tcp_mss: + return self.trapezoid_random_int(rev_len + tcp_mss, -0.3) + return common.ord(os.urandom(1)[0]) % 32 + if buf_size > 900: + return struct.unpack('>H', os.urandom(2))[0] % rev_len + return self.trapezoid_random_int(rev_len, -0.3) + + def rnd_data(self, buf_size, full_buf_size): + data_len = self.rnd_data_len(buf_size, full_buf_size) + + if data_len < 128: + return common.chr(data_len + 1) + os.urandom(data_len) + + return common.chr(255) + struct.pack(' 400: + rnd_len = struct.unpack(' 0xFF000000: + self.server_info.data.local_client_id = b'' + if not self.server_info.data.local_client_id: + self.server_info.data.local_client_id = os.urandom(4) + logging.debug("local_client_id %s" % (binascii.hexlify(self.server_info.data.local_client_id),)) + self.server_info.data.connection_id = struct.unpack(' self.unit_len: + ret += self.pack_data(buf[:self.unit_len], ogn_data_len) + buf = buf[self.unit_len:] + ret += self.pack_data(buf, ogn_data_len) + self.last_rnd_len = ogn_data_len + return ret + + def client_post_decrypt(self, buf): + if self.raw_trans: + return buf + self.recv_buf += buf + out_buf = b'' + while len(self.recv_buf) > 4: + mac_key = self.user_key + struct.pack('= 8192 or length < 7: + self.raw_trans = True + self.recv_buf = b'' + raise Exception('client_post_decrypt data error') + if length > len(self.recv_buf): + break + + if hmac.new(mac_key, self.recv_buf[:length - 4], self.hashfunc).digest()[:4] != self.recv_buf[length - 4:length]: + self.raw_trans = True + self.recv_buf = b'' + raise Exception('client_post_decrypt data uncorrect checksum') + + self.recv_id = (self.recv_id + 1) & 0xFFFFFFFF + pos = common.ord(self.recv_buf[4]) + if pos < 255: + pos += 4 + else: + pos = struct.unpack(' self.unit_len: + ret += self.pack_data(buf[:self.unit_len], ogn_data_len) + buf = buf[self.unit_len:] + ret += self.pack_data(buf, ogn_data_len) + self.last_rnd_len = ogn_data_len + return ret + + def server_post_decrypt(self, buf): + if self.raw_trans: + return (buf, False) + self.recv_buf += buf + out_buf = b'' + sendback = False + + if not self.has_recv_header: + if len(self.recv_buf) >= 7 or len(self.recv_buf) in [2, 3]: + recv_len = min(len(self.recv_buf), 7) + mac_key = self.server_info.recv_iv + self.server_info.key + sha1data = hmac.new(mac_key, self.recv_buf[:1], self.hashfunc).digest()[:recv_len - 1] + if sha1data != self.recv_buf[1:recv_len]: + return self.not_match_return(self.recv_buf) + + if len(self.recv_buf) < 31: + return (b'', False) + sha1data = hmac.new(mac_key, self.recv_buf[7:27], self.hashfunc).digest()[:4] + if sha1data != self.recv_buf[27:31]: + logging.error('%s data uncorrect auth HMAC-SHA1 from %s:%d, data %s' % (self.no_compatible_method, self.server_info.client, self.server_info.client_port, binascii.hexlify(self.recv_buf))) + if len(self.recv_buf) < 31 + self.extra_wait_size: + return (b'', False) + return self.not_match_return(self.recv_buf) + + uid = self.recv_buf[7:11] + if uid in self.server_info.users: + self.user_id = uid + self.user_key = self.hashfunc(self.server_info.users[uid]).digest() + self.server_info.update_user_func(uid) + else: + if not self.server_info.users: + self.user_key = self.server_info.key + else: + self.user_key = self.server_info.recv_iv + encryptor = encrypt.Encryptor(to_bytes(base64.b64encode(self.user_key)) + self.salt, 'aes-128-cbc') + head = encryptor.decrypt(b'\x00' * 16 + self.recv_buf[11:27] + b'\x00') # need an extra byte or recv empty + length = struct.unpack(' self.max_time_dif: + logging.info('%s: wrong timestamp, time_dif %d, data %s' % (self.no_compatible_method, time_dif, binascii.hexlify(head))) + return self.not_match_return(self.recv_buf) + elif self.server_info.data.insert(self.user_id, client_id, connection_id): + self.has_recv_header = True + out_buf = self.recv_buf[31 + rnd_len:length - 4] + self.client_id = client_id + self.connection_id = connection_id + else: + logging.info('%s: auth fail, data %s' % (self.no_compatible_method, binascii.hexlify(out_buf))) + return self.not_match_return(self.recv_buf) + self.recv_buf = self.recv_buf[length:] + self.has_recv_header = True + sendback = True + + while len(self.recv_buf) > 4: + mac_key = self.user_key + struct.pack('= 8192 or length < 7: + self.raw_trans = True + self.recv_buf = b'' + if self.recv_id == 0: + logging.info(self.no_compatible_method + ': over size') + return (b'E'*2048, False) + else: + raise Exception('server_post_decrype data error') + if length > len(self.recv_buf): + break + + if hmac.new(mac_key, self.recv_buf[:length - 4], self.hashfunc).digest()[:4] != self.recv_buf[length - 4:length]: + logging.info('%s: checksum error, data %s' % (self.no_compatible_method, binascii.hexlify(self.recv_buf[:length]))) + self.raw_trans = True + self.recv_buf = b'' + if self.recv_id == 0: + return (b'E'*2048, False) + else: + raise Exception('server_post_decrype data uncorrect checksum') + + self.recv_id = (self.recv_id + 1) & 0xFFFFFFFF + pos = common.ord(self.recv_buf[4]) + if pos < 255: + pos += 4 + else: + pos = struct.unpack('> 17) ^ (y >> 26)) & xorshift128plus.max_int + self.v1 = x + return (x + y) & xorshift128plus.max_int + + def init_from_bin(self, bin): + bin += b'\0' * 16 + self.v0 = struct.unpack('= len(str2): + if str1[:len(str2)] == str2: + return True + return False + + +class auth_base(plain.plain): + def __init__(self, method): + super(auth_base, self).__init__(method) + self.method = method + self.no_compatible_method = '' + self.overhead = 4 + + def init_data(self): + return '' + + def get_overhead(self, direction): # direction: true for c->s false for s->c + return self.overhead + + def set_server_info(self, server_info): + self.server_info = server_info + + def client_encode(self, buf): + return buf + + def client_decode(self, buf): + return (buf, False) + + def server_encode(self, buf): + return buf + + def server_decode(self, buf): + return (buf, True, False) + + def not_match_return(self, buf): + self.raw_trans = True + self.overhead = 0 + if self.method == self.no_compatible_method: + return (b'E' * 2048, False) + return (buf, False) + + +class client_queue(object): + def __init__(self, begin_id): + self.front = begin_id - 64 + self.back = begin_id + 1 + self.alloc = {} + self.enable = True + self.last_update = time.time() + self.ref = 0 + + def update(self): + self.last_update = time.time() + + def addref(self): + self.ref += 1 + + def delref(self): + if self.ref > 0: + self.ref -= 1 + + def is_active(self): + return (self.ref > 0) and (time.time() - self.last_update < 60 * 10) + + def re_enable(self, connection_id): + self.enable = True + self.front = connection_id - 64 + self.back = connection_id + 1 + self.alloc = {} + + def insert(self, connection_id): + if not self.enable: + logging.warn('obfs auth: not enable') + return False + if not self.is_active(): + self.re_enable(connection_id) + self.update() + if connection_id < self.front: + logging.warn('obfs auth: deprecated id, someone replay attack') + return False + if connection_id > self.front + 0x4000: + logging.warn('obfs auth: wrong id') + return False + if connection_id in self.alloc: + logging.warn('obfs auth: duplicate id, someone replay attack') + return False + if self.back <= connection_id: + self.back = connection_id + 1 + self.alloc[connection_id] = 1 + while (self.front in self.alloc) or self.front + 0x1000 < self.back: + if self.front in self.alloc: + del self.alloc[self.front] + self.front += 1 + self.addref() + return True + + +class obfs_auth_chain_data(object): + def __init__(self, name): + self.name = name + self.user_id = {} + self.local_client_id = b'' + self.connection_id = 0 + self.set_max_client(64) # max active client count + + def update(self, user_id, client_id, connection_id): + if user_id not in self.user_id: + self.user_id[user_id] = lru_cache.LRUCache() + local_client_id = self.user_id[user_id] + + if client_id in local_client_id: + local_client_id[client_id].update() + + def set_max_client(self, max_client): + self.max_client = max_client + self.max_buffer = max(self.max_client * 2, 1024) + + def insert(self, user_id, client_id, connection_id): + if user_id not in self.user_id: + self.user_id[user_id] = lru_cache.LRUCache() + local_client_id = self.user_id[user_id] + + if local_client_id.get(client_id, None) is None or not local_client_id[client_id].enable: + if local_client_id.first() is None or len(local_client_id) < self.max_client: + if client_id not in local_client_id: + # TODO: check + local_client_id[client_id] = client_queue(connection_id) + else: + local_client_id[client_id].re_enable(connection_id) + return local_client_id[client_id].insert(connection_id) + + if not local_client_id[local_client_id.first()].is_active(): + del local_client_id[local_client_id.first()] + if client_id not in local_client_id: + # TODO: check + local_client_id[client_id] = client_queue(connection_id) + else: + local_client_id[client_id].re_enable(connection_id) + return local_client_id[client_id].insert(connection_id) + + logging.warn(self.name + ': no inactive client') + return False + else: + return local_client_id[client_id].insert(connection_id) + + def remove(self, user_id, client_id): + if user_id in self.user_id: + local_client_id = self.user_id[user_id] + if client_id in local_client_id: + local_client_id[client_id].delref() + + +class auth_chain_a(auth_base): + def __init__(self, method): + super(auth_chain_a, self).__init__(method) + self.hashfunc = hashlib.md5 + self.recv_buf = b'' + self.unit_len = 2800 + self.raw_trans = False + self.has_sent_header = False + self.has_recv_header = False + self.client_id = 0 + self.connection_id = 0 + self.max_time_dif = 60 * 60 * 24 # time dif (second) setting + self.salt = b"auth_chain_a" + self.no_compatible_method = 'auth_chain_a' + self.pack_id = 1 + self.recv_id = 1 + self.user_id = None + self.user_id_num = 0 + self.user_key = None + self.overhead = 4 + self.client_over_head = 4 + self.last_client_hash = b'' + self.last_server_hash = b'' + self.random_client = xorshift128plus() + self.random_server = xorshift128plus() + self.encryptor = None + + def init_data(self): + return obfs_auth_chain_data(self.method) + + def get_overhead(self, direction): # direction: true for c->s false for s->c + return self.overhead + + def set_server_info(self, server_info): + self.server_info = server_info + try: + max_client = int(server_info.protocol_param.split('#')[0]) + except: + max_client = 64 + self.server_info.data.set_max_client(max_client) + + def trapezoid_random_float(self, d): + if d == 0: + return random.random() + s = random.random() + a = 1 - d + return (math.sqrt(a * a + 4 * d * s) - a) / (2 * d) + + def trapezoid_random_int(self, max_val, d): + v = self.trapezoid_random_float(d) + return int(v * max_val) + + def rnd_data_len(self, buf_size, last_hash, random): + if buf_size > 1440: + return 0 + random.init_from_bin_len(last_hash, buf_size) + if buf_size > 1300: + return random.next() % 31 + if buf_size > 900: + return random.next() % 127 + if buf_size > 400: + return random.next() % 521 + return random.next() % 1021 + + def udp_rnd_data_len(self, last_hash, random): + random.init_from_bin(last_hash) + return random.next() % 127 + + def rnd_start_pos(self, rand_len, random): + if rand_len > 0: + return random.next() % 8589934609 % rand_len + return 0 + + def rnd_data(self, buf_size, buf, last_hash, random): + rand_len = self.rnd_data_len(buf_size, last_hash, random) + + rnd_data_buf = os.urandom(rand_len) + + if buf_size == 0: + return rnd_data_buf + else: + if rand_len > 0: + start_pos = self.rnd_start_pos(rand_len, random) + return rnd_data_buf[:start_pos] + buf + rnd_data_buf[start_pos:] + else: + return buf + + def pack_client_data(self, buf): + buf = self.encryptor.encrypt(buf) + data = self.rnd_data(len(buf), buf, self.last_client_hash, self.random_client) + data_len = len(data) + 8 + mac_key = self.user_key + struct.pack(' 0xFF000000: + self.server_info.data.local_client_id = b'' + if not self.server_info.data.local_client_id: + self.server_info.data.local_client_id = os.urandom(4) + logging.debug("local_client_id %s" % (binascii.hexlify(self.server_info.data.local_client_id),)) + self.server_info.data.connection_id = struct.unpack(' self.unit_len: + ret += self.pack_client_data(buf[:self.unit_len]) + buf = buf[self.unit_len:] + ret += self.pack_client_data(buf) + return ret + + def client_post_decrypt(self, buf): + if self.raw_trans: + return buf + self.recv_buf += buf + out_buf = b'' + while len(self.recv_buf) > 4: + mac_key = self.user_key + struct.pack('= 4096: + self.raw_trans = True + self.recv_buf = b'' + raise Exception('client_post_decrypt data error') + + if length + 4 > len(self.recv_buf): + break + + server_hash = hmac.new(mac_key, self.recv_buf[:length + 2], self.hashfunc).digest() + if server_hash[:2] != self.recv_buf[length + 2: length + 4]: + logging.info('%s: checksum error, data %s' + % (self.no_compatible_method, binascii.hexlify(self.recv_buf[:length]))) + self.raw_trans = True + self.recv_buf = b'' + raise Exception('client_post_decrypt data uncorrect checksum') + + pos = 2 + if data_len > 0 and rand_len > 0: + pos = 2 + self.rnd_start_pos(rand_len, self.random_server) + out_buf += self.encryptor.decrypt(self.recv_buf[pos: data_len + pos]) + self.last_server_hash = server_hash + if self.recv_id == 1: + self.server_info.tcp_mss = struct.unpack(' self.unit_len: + ret += self.pack_server_data(buf[:self.unit_len]) + buf = buf[self.unit_len:] + ret += self.pack_server_data(buf) + return ret + + def server_post_decrypt(self, buf): + if self.raw_trans: + return (buf, False) + self.recv_buf += buf + out_buf = b'' + sendback = False + + if not self.has_recv_header: + if len(self.recv_buf) >= 12 or len(self.recv_buf) in [7, 8]: + recv_len = min(len(self.recv_buf), 12) + mac_key = self.server_info.recv_iv + self.server_info.key + md5data = hmac.new(mac_key, self.recv_buf[:4], self.hashfunc).digest() + if md5data[:recv_len - 4] != self.recv_buf[4:recv_len]: + return self.not_match_return(self.recv_buf) + + if len(self.recv_buf) < 12 + 24: + return (b'', False) + + self.last_client_hash = md5data + uid = struct.unpack(' self.max_time_dif: + logging.info('%s: wrong timestamp, time_dif %d, data %s' % ( + self.no_compatible_method, time_dif, binascii.hexlify(head) + )) + return self.not_match_return(self.recv_buf) + elif self.server_info.data.insert(self.user_id, client_id, connection_id): + self.has_recv_header = True + self.client_id = client_id + self.connection_id = connection_id + else: + logging.info('%s: auth fail, data %s' % (self.no_compatible_method, binascii.hexlify(out_buf))) + return self.not_match_return(self.recv_buf) + + self.encryptor = encrypt.Encryptor( + to_bytes(base64.b64encode(self.user_key)) + to_bytes(base64.b64encode(self.last_client_hash)), 'rc4') + self.recv_buf = self.recv_buf[36:] + self.has_recv_header = True + sendback = True + + while len(self.recv_buf) > 4: + mac_key = self.user_key + struct.pack('= 4096: + self.raw_trans = True + self.recv_buf = b'' + if self.recv_id == 0: + logging.info(self.no_compatible_method + ': over size') + return (b'E' * 2048, False) + else: + raise Exception('server_post_decrype data error') + + if length + 4 > len(self.recv_buf): + break + + client_hash = hmac.new(mac_key, self.recv_buf[:length + 2], self.hashfunc).digest() + if client_hash[:2] != self.recv_buf[length + 2: length + 4]: + logging.info('%s: checksum error, data %s' % ( + self.no_compatible_method, binascii.hexlify(self.recv_buf[:length]) + )) + self.raw_trans = True + self.recv_buf = b'' + if self.recv_id == 0: + return (b'E' * 2048, False) + else: + raise Exception('server_post_decrype data uncorrect checksum') + + self.recv_id = (self.recv_id + 1) & 0xFFFFFFFF + pos = 2 + if data_len > 0 and rand_len > 0: + pos = 2 + self.rnd_start_pos(rand_len, self.random_client) + out_buf += self.encryptor.decrypt(self.recv_buf[pos: data_len + pos]) + self.last_client_hash = client_hash + self.recv_buf = self.recv_buf[length + 4:] + if data_len == 0: + sendback = True + + if out_buf: + self.server_info.data.update(self.user_id, self.client_id, self.connection_id) + return (out_buf, sendback) + + def client_udp_pre_encrypt(self, buf): + if self.user_key is None: + if b':' in to_bytes(self.server_info.protocol_param): + try: + items = to_bytes(self.server_info.protocol_param).split(':') + self.user_key = self.hashfunc(items[1]).digest() + self.user_id = struct.pack('= 1440: + return 0 + random.init_from_bin_len(last_hash, buf_size) + pos = bisect.bisect_left(self.data_size_list, buf_size + self.server_info.overhead) + final_pos = pos + random.next() % (len(self.data_size_list)) + # 鍋囪random鍧囧寑鍒嗗竷锛屽垯瓒婇暱鐨勫師濮嬫暟鎹暱搴﹁秺瀹规槗if false + if final_pos < len(self.data_size_list): + return self.data_size_list[final_pos] - buf_size - self.server_info.overhead + + # 涓婇潰if false鍚庨夋嫨2鍙疯ˉ鍏ㄦ暟缁勶紝姝ゅ鏈夋洿绮剧粏鐨勯暱搴﹀垎娈 + pos = bisect.bisect_left(self.data_size_list2, buf_size + self.server_info.overhead) + final_pos = pos + random.next() % (len(self.data_size_list2)) + if final_pos < len(self.data_size_list2): + return self.data_size_list2[final_pos] - buf_size - self.server_info.overhead + # final_pos 鎬绘槸鍒嗗竷鍦╬os~(data_size_list2.len-1)涔嬮棿 + if final_pos < pos + len(self.data_size_list2) - 1: + return 0 + # 鏈1/len(self.data_size_list2)鐨勬鐜囦笉婊¤冻涓婁竴涓猧f ? + # 鐞嗚涓婁笉浼氳繍琛屽埌姝ゅ锛屽洜姝ゅ彲浠ユ彃鍏ヨ繍琛屾柇瑷 ? + # assert False + + if buf_size > 1300: + return random.next() % 31 + if buf_size > 900: + return random.next() % 127 + if buf_size > 400: + return random.next() % 521 + return random.next() % 1021 + + +class auth_chain_c(auth_chain_b): + def __init__(self, method): + super(auth_chain_c, self).__init__(method) + self.salt = b"auth_chain_c" + self.no_compatible_method = 'auth_chain_c' + self.data_size_list0 = [] + + def init_data_size(self, key): + if self.data_size_list0: + self.data_size_list0 = [] + random = xorshift128plus() + random.init_from_bin(key) + # 琛ュ叏鏁扮粍闀夸负12~24-1 + list_len = random.next() % (8 + 16) + (4 + 8) + for i in range(0, list_len): + self.data_size_list0.append((int)(random.next() % 2340 % 2040 % 1440)) + self.data_size_list0.sort() + + def set_server_info(self, server_info): + self.server_info = server_info + try: + max_client = int(server_info.protocol_param.split('#')[0]) + except: + max_client = 64 + self.server_info.data.set_max_client(max_client) + self.init_data_size(self.server_info.key) + + def rnd_data_len(self, buf_size, last_hash, random): + other_data_size = buf_size + self.server_info.overhead + # 涓瀹氳鍦╮andom浣跨敤鍓嶅垵濮嬪寲锛屼互淇濊瘉鏈嶅姟鍣ㄤ笌瀹㈡埛绔悓姝ワ紝淇濊瘉鍖呭ぇ灏忛獙璇佺粨鏋滄纭 + random.init_from_bin_len(last_hash, buf_size) + # final_pos 鎬绘槸鍒嗗竷鍦╬os~(data_size_list0.len-1)涔嬮棿 + # 闄ら潪data_size_list0涓殑浠讳綍鍊煎潎杩囧皬浣垮叾鍏ㄩ儴閮芥棤娉曞绾砨uf + if other_data_size >= self.data_size_list0[-1]: + if other_data_size >= 1440: + return 0 + if other_data_size > 1300: + return random.next() % 31 + if other_data_size > 900: + return random.next() % 127 + if other_data_size > 400: + return random.next() % 521 + return random.next() % 1021 + + pos = bisect.bisect_left(self.data_size_list0, other_data_size) + # random select a size in the leftover data_size_list0 + final_pos = pos + random.next() % (len(self.data_size_list0) - pos) + return self.data_size_list0[final_pos] - other_data_size + + +class auth_chain_d(auth_chain_b): + def __init__(self, method): + super(auth_chain_d, self).__init__(method) + self.salt = b"auth_chain_d" + self.no_compatible_method = 'auth_chain_d' + self.data_size_list0 = [] + + def check_and_patch_data_size(self, random): + # append new item + # when the biggest item(first time) or the last append item(other time) are not big enough. + # but set a limit size (64) to avoid stack overflow. + if self.data_size_list0[-1] < 1300 and len(self.data_size_list0) < 64: + self.data_size_list0.append((int)(random.next() % 2340 % 2040 % 1440)) + self.check_and_patch_data_size(random) + + def init_data_size(self, key): + if self.data_size_list0: + self.data_size_list0 = [] + random = xorshift128plus() + random.init_from_bin(key) + # 琛ュ叏鏁扮粍闀夸负12~24-1 + list_len = random.next() % (8 + 16) + (4 + 8) + for i in range(0, list_len): + self.data_size_list0.append((int)(random.next() % 2340 % 2040 % 1440)) + self.data_size_list0.sort() + old_len = len(self.data_size_list0) + self.check_and_patch_data_size(random) + # if check_and_patch_data_size are work, re-sort again. + if old_len != len(self.data_size_list0): + self.data_size_list0.sort() + + def set_server_info(self, server_info): + self.server_info = server_info + try: + max_client = int(server_info.protocol_param.split('#')[0]) + except: + max_client = 64 + self.server_info.data.set_max_client(max_client) + self.init_data_size(self.server_info.key) + + def rnd_data_len(self, buf_size, last_hash, random): + other_data_size = buf_size + self.server_info.overhead + # if other_data_size > the bigest item in data_size_list0, not padding any data + if other_data_size >= self.data_size_list0[-1]: + return 0 + + random.init_from_bin_len(last_hash, buf_size) + pos = bisect.bisect_left(self.data_size_list0, other_data_size) + # random select a size in the leftover data_size_list0 + final_pos = pos + random.next() % (len(self.data_size_list0) - pos) + return self.data_size_list0[final_pos] - other_data_size diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/http_simple.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/http_simple.py new file mode 100644 index 000000000..ff3c5fdfb --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/http_simple.py @@ -0,0 +1,315 @@ +#!/usr/bin/env python +# +# Copyright 2015-2015 breakwa11 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import hashlib +import logging +import binascii +import struct +import base64 +import datetime +import random + +from shadowsocks import common +from shadowsocks.obfsplugin import plain +from shadowsocks.common import to_bytes, to_str, ord, chr + +def create_http_simple_obfs(method): + return http_simple(method) + +def create_http_post_obfs(method): + return http_post(method) + +def create_random_head_obfs(method): + return random_head(method) + +obfs_map = { + 'http_simple': (create_http_simple_obfs,), + 'http_simple_compatible': (create_http_simple_obfs,), + 'http_post': (create_http_post_obfs,), + 'http_post_compatible': (create_http_post_obfs,), + 'random_head': (create_random_head_obfs,), + 'random_head_compatible': (create_random_head_obfs,), +} + +def match_begin(str1, str2): + if len(str1) >= len(str2): + if str1[:len(str2)] == str2: + return True + return False + +class http_simple(plain.plain): + def __init__(self, method): + self.method = method + self.has_sent_header = False + self.has_recv_header = False + self.host = None + self.port = 0 + self.recv_buffer = b'' + # TODO user config user_agent + self.user_agent = [b"Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0", + b"Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/44.0", + b"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36", + b"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/27.0.1453.93 Chrome/27.0.1453.93 Safari/537.36", + b"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0", + b"Mozilla/5.0 (compatible; WOW64; MSIE 10.0; Windows NT 6.2)", + b"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27", + b"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)", + b"Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", + b"Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/BuildID) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36", + b"Mozilla/5.0 (iPad; CPU OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3", + b"Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3"] + + def encode_head(self, buf): + hexstr = binascii.hexlify(buf) + chs = [] + for i in range(0, len(hexstr), 2): + chs.append(b"%" + hexstr[i:i+2]) + return b''.join(chs) + + def client_encode(self, buf): + if self.has_sent_header: + return buf + head_size = len(self.server_info.iv) + self.server_info.head_len + if len(buf) - head_size > 64: + headlen = head_size + random.randint(0, 64) + else: + headlen = len(buf) + headdata = buf[:headlen] + buf = buf[headlen:] + port = b'' + if self.server_info.port != 80: + port = b':' + to_bytes(str(self.server_info.port)) + body = None + hosts = (self.server_info.obfs_param or self.server_info.host) + pos = hosts.find("#") + if pos >= 0: + body = hosts[pos + 1:].replace("\n", "\r\n") + body = body.replace("\\n", "\r\n") + hosts = hosts[:pos] + hosts = hosts.split(',') + host = random.choice(hosts) + http_head = b"GET /" + self.encode_head(headdata) + b" HTTP/1.1\r\n" + http_head += b"Host: " + to_bytes(host) + port + b"\r\n" + if body: + http_head += body + "\r\n\r\n" + else: + http_head += b"User-Agent: " + random.choice(self.user_agent) + b"\r\n" + http_head += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\n\r\n" + self.has_sent_header = True + return http_head + buf + + def client_decode(self, buf): + if self.has_recv_header: + return (buf, False) + pos = buf.find(b'\r\n\r\n') + if pos >= 0: + self.has_recv_header = True + return (buf[pos + 4:], False) + else: + return (b'', False) + + def server_encode(self, buf): + if self.has_sent_header: + return buf + + header = b'HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nContent-Type: text/html\r\nDate: ' + header += to_bytes(datetime.datetime.now().strftime('%a, %d %b %Y %H:%M:%S GMT')) + header += b'\r\nServer: nginx\r\nVary: Accept-Encoding\r\n\r\n' + self.has_sent_header = True + return header + buf + + def get_data_from_http_header(self, buf): + ret_buf = b'' + lines = buf.split(b'\r\n') + if lines and len(lines) > 1: + hex_items = lines[0].split(b'%') + if hex_items and len(hex_items) > 1: + for index in range(1, len(hex_items)): + if len(hex_items[index]) < 2: + ret_buf += binascii.unhexlify('0' + hex_items[index]) + break + elif len(hex_items[index]) > 2: + ret_buf += binascii.unhexlify(hex_items[index][:2]) + break + else: + ret_buf += binascii.unhexlify(hex_items[index]) + return ret_buf + return b'' + + def get_host_from_http_header(self, buf): + ret_buf = b'' + lines = buf.split(b'\r\n') + if lines and len(lines) > 1: + for line in lines: + if match_begin(line, b"Host: "): + return common.to_str(line[6:]) + + def not_match_return(self, buf): + self.has_sent_header = True + self.has_recv_header = True + if self.method == 'http_simple': + return (b'E'*2048, False, False) + return (buf, True, False) + + def error_return(self, buf): + self.has_sent_header = True + self.has_recv_header = True + return (b'E'*2048, False, False) + + def server_decode(self, buf): + if self.has_recv_header: + return (buf, True, False) + + self.recv_buffer += buf + buf = self.recv_buffer + if len(buf) > 10: + if match_begin(buf, b'GET ') or match_begin(buf, b'POST '): + if len(buf) > 65536: + self.recv_buffer = None + logging.warn('http_simple: over size') + return self.not_match_return(buf) + else: #not http header, run on original protocol + self.recv_buffer = None + logging.debug('http_simple: not match begin') + return self.not_match_return(buf) + else: + return (b'', True, False) + + if b'\r\n\r\n' in buf: + datas = buf.split(b'\r\n\r\n', 1) + ret_buf = self.get_data_from_http_header(buf) + host = self.get_host_from_http_header(buf) + if host and self.server_info.obfs_param: + pos = host.find(":") + if pos >= 0: + host = host[:pos] + hosts = self.server_info.obfs_param.split(',') + if host not in hosts: + return self.not_match_return(buf) + if len(ret_buf) < 4: + return self.error_return(buf) + if len(datas) > 1: + ret_buf += datas[1] + if len(ret_buf) >= 13: + self.has_recv_header = True + return (ret_buf, True, False) + return self.not_match_return(buf) + else: + return (b'', True, False) + +class http_post(http_simple): + def __init__(self, method): + super(http_post, self).__init__(method) + + def boundary(self): + return to_bytes(''.join([random.choice("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") for i in range(32)])) + + def client_encode(self, buf): + if self.has_sent_header: + return buf + head_size = len(self.server_info.iv) + self.server_info.head_len + if len(buf) - head_size > 64: + headlen = head_size + random.randint(0, 64) + else: + headlen = len(buf) + headdata = buf[:headlen] + buf = buf[headlen:] + port = b'' + if self.server_info.port != 80: + port = b':' + to_bytes(str(self.server_info.port)) + body = None + hosts = (self.server_info.obfs_param or self.server_info.host) + pos = hosts.find("#") + if pos >= 0: + body = hosts[pos + 1:].replace("\\n", "\r\n") + hosts = hosts[:pos] + hosts = hosts.split(',') + host = random.choice(hosts) + http_head = b"POST /" + self.encode_head(headdata) + b" HTTP/1.1\r\n" + http_head += b"Host: " + to_bytes(host) + port + b"\r\n" + if body: + http_head += body + "\r\n\r\n" + else: + http_head += b"User-Agent: " + random.choice(self.user_agent) + b"\r\n" + http_head += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.8\r\nAccept-Encoding: gzip, deflate\r\n" + http_head += b"Content-Type: multipart/form-data; boundary=" + self.boundary() + b"\r\nDNT: 1\r\n" + http_head += b"Connection: keep-alive\r\n\r\n" + self.has_sent_header = True + return http_head + buf + + def not_match_return(self, buf): + self.has_sent_header = True + self.has_recv_header = True + if self.method == 'http_post': + return (b'E'*2048, False, False) + return (buf, True, False) + +class random_head(plain.plain): + def __init__(self, method): + self.method = method + self.has_sent_header = False + self.has_recv_header = False + self.raw_trans_sent = False + self.raw_trans_recv = False + self.send_buffer = b'' + + def client_encode(self, buf): + if self.raw_trans_sent: + return buf + self.send_buffer += buf + if not self.has_sent_header: + self.has_sent_header = True + data = os.urandom(common.ord(os.urandom(1)[0]) % 96 + 4) + crc = (0xffffffff - binascii.crc32(data)) & 0xffffffff + return data + struct.pack('= len(str2): + if str1[:len(str2)] == str2: + return True + return False + +class obfs_auth_data(object): + def __init__(self): + self.client_data = lru_cache.LRUCache(60 * 5) + self.client_id = os.urandom(32) + self.startup_time = int(time.time() - 60 * 30) & 0xFFFFFFFF + self.ticket_buf = {} + +class tls_ticket_auth(plain.plain): + def __init__(self, method): + self.method = method + self.handshake_status = 0 + self.send_buffer = b'' + self.recv_buffer = b'' + self.client_id = b'' + self.max_time_dif = 60 * 60 * 24 # time dif (second) setting + self.tls_version = b'\x03\x03' + self.overhead = 5 + + def init_data(self): + return obfs_auth_data() + + def get_overhead(self, direction): # direction: true for c->s false for s->c + return self.overhead + + def sni(self, url): + url = common.to_bytes(url) + data = b"\x00" + struct.pack('>H', len(url)) + url + data = b"\x00\x00" + struct.pack('>H', len(data) + 2) + struct.pack('>H', len(data)) + data + return data + + def pack_auth_data(self, client_id): + utc_time = int(time.time()) & 0xFFFFFFFF + data = struct.pack('>I', utc_time) + os.urandom(18) + data += hmac.new(self.server_info.key + client_id, data, hashlib.sha1).digest()[:10] + return data + + def client_encode(self, buf): + if self.handshake_status == -1: + return buf + if self.handshake_status == 8: + ret = b'' + while len(buf) > 2048: + size = min(struct.unpack('>H', os.urandom(2))[0] % 4096 + 100, len(buf)) + ret += b"\x17" + self.tls_version + struct.pack('>H', size) + buf[:size] + buf = buf[size:] + if len(buf) > 0: + ret += b"\x17" + self.tls_version + struct.pack('>H', len(buf)) + buf + return ret + if len(buf) > 0: + self.send_buffer += b"\x17" + self.tls_version + struct.pack('>H', len(buf)) + buf + if self.handshake_status == 0: + self.handshake_status = 1 + data = self.tls_version + self.pack_auth_data(self.server_info.data.client_id) + b"\x20" + self.server_info.data.client_id + binascii.unhexlify(b"001cc02bc02fcca9cca8cc14cc13c00ac014c009c013009c0035002f000a" + b"0100") + ext = binascii.unhexlify(b"ff01000100") + host = self.server_info.obfs_param or self.server_info.host + if host and host[-1] in string.digits: + host = '' + hosts = host.split(',') + host = random.choice(hosts) + ext += self.sni(host) + ext += b"\x00\x17\x00\x00" + if host not in self.server_info.data.ticket_buf: + self.server_info.data.ticket_buf[host] = os.urandom((struct.unpack('>H', os.urandom(2))[0] % 17 + 8) * 16) + ext += b"\x00\x23" + struct.pack('>H', len(self.server_info.data.ticket_buf[host])) + self.server_info.data.ticket_buf[host] + ext += binascii.unhexlify(b"000d001600140601060305010503040104030301030302010203") + ext += binascii.unhexlify(b"000500050100000000") + ext += binascii.unhexlify(b"00120000") + ext += binascii.unhexlify(b"75500000") + ext += binascii.unhexlify(b"000b00020100") + ext += binascii.unhexlify(b"000a0006000400170018") + data += struct.pack('>H', len(ext)) + ext + data = b"\x01\x00" + struct.pack('>H', len(data)) + data + data = b"\x16\x03\x01" + struct.pack('>H', len(data)) + data + return data + elif self.handshake_status == 1 and len(buf) == 0: + data = b"\x14" + self.tls_version + b"\x00\x01\x01" #ChangeCipherSpec + data += b"\x16" + self.tls_version + b"\x00\x20" + os.urandom(22) #Finished + data += hmac.new(self.server_info.key + self.server_info.data.client_id, data, hashlib.sha1).digest()[:10] + ret = data + self.send_buffer + self.send_buffer = b'' + self.handshake_status = 8 + return ret + return b'' + + def client_decode(self, buf): + if self.handshake_status == -1: + return (buf, False) + + if self.handshake_status == 8: + ret = b'' + self.recv_buffer += buf + while len(self.recv_buffer) > 5: + if ord(self.recv_buffer[0]) != 0x17: + logging.info("data = %s" % (binascii.hexlify(self.recv_buffer))) + raise Exception('server_decode appdata error') + size = struct.unpack('>H', self.recv_buffer[3:5])[0] + if len(self.recv_buffer) < size + 5: + break + buf = self.recv_buffer[5:size+5] + ret += buf + self.recv_buffer = self.recv_buffer[size+5:] + return (ret, False) + + if len(buf) < 11 + 32 + 1 + 32: + raise Exception('client_decode data error') + verify = buf[11:33] + if hmac.new(self.server_info.key + self.server_info.data.client_id, verify, hashlib.sha1).digest()[:10] != buf[33:43]: + raise Exception('client_decode data error') + if hmac.new(self.server_info.key + self.server_info.data.client_id, buf[:-10], hashlib.sha1).digest()[:10] != buf[-10:]: + raise Exception('client_decode data error') + return (b'', True) + + def server_encode(self, buf): + if self.handshake_status == -1: + return buf + if (self.handshake_status & 8) == 8: + ret = b'' + while len(buf) > 2048: + size = min(struct.unpack('>H', os.urandom(2))[0] % 4096 + 100, len(buf)) + ret += b"\x17" + self.tls_version + struct.pack('>H', size) + buf[:size] + buf = buf[size:] + if len(buf) > 0: + ret += b"\x17" + self.tls_version + struct.pack('>H', len(buf)) + buf + return ret + self.handshake_status |= 8 + data = self.tls_version + self.pack_auth_data(self.client_id) + b"\x20" + self.client_id + binascii.unhexlify(b"c02f000005ff01000100") + data = b"\x02\x00" + struct.pack('>H', len(data)) + data #server hello + data = b"\x16" + self.tls_version + struct.pack('>H', len(data)) + data + if random.randint(0, 8) < 1: + ticket = os.urandom((struct.unpack('>H', os.urandom(2))[0] % 164) * 2 + 64) + ticket = struct.pack('>H', len(ticket) + 4) + b"\x04\x00" + struct.pack('>H', len(ticket)) + ticket + data += b"\x16" + self.tls_version + ticket #New session ticket + data += b"\x14" + self.tls_version + b"\x00\x01\x01" #ChangeCipherSpec + finish_len = random.choice([32, 40]) + data += b"\x16" + self.tls_version + struct.pack('>H', finish_len) + os.urandom(finish_len - 10) #Finished + data += hmac.new(self.server_info.key + self.client_id, data, hashlib.sha1).digest()[:10] + if buf: + data += self.server_encode(buf) + return data + + def decode_error_return(self, buf): + self.handshake_status = -1 + if self.overhead > 0: + self.server_info.overhead -= self.overhead + self.overhead = 0 + if self.method in ['tls1.2_ticket_auth', 'tls1.2_ticket_fastauth']: + return (b'E'*2048, False, False) + return (buf, True, False) + + def server_decode(self, buf): + if self.handshake_status == -1: + return (buf, True, False) + + if (self.handshake_status & 4) == 4: + ret = b'' + self.recv_buffer += buf + while len(self.recv_buffer) > 5: + if ord(self.recv_buffer[0]) != 0x17 or ord(self.recv_buffer[1]) != 0x3 or ord(self.recv_buffer[2]) != 0x3: + logging.info("data = %s" % (binascii.hexlify(self.recv_buffer))) + raise Exception('server_decode appdata error') + size = struct.unpack('>H', self.recv_buffer[3:5])[0] + if len(self.recv_buffer) < size + 5: + break + ret += self.recv_buffer[5:size+5] + self.recv_buffer = self.recv_buffer[size+5:] + return (ret, True, False) + + if (self.handshake_status & 1) == 1: + self.recv_buffer += buf + buf = self.recv_buffer + verify = buf + if len(buf) < 11: + raise Exception('server_decode data error') + if not match_begin(buf, b"\x14" + self.tls_version + b"\x00\x01\x01"): #ChangeCipherSpec + raise Exception('server_decode data error') + buf = buf[6:] + if not match_begin(buf, b"\x16" + self.tls_version + b"\x00"): #Finished + raise Exception('server_decode data error') + verify_len = struct.unpack('>H', buf[3:5])[0] + 1 # 11 - 10 + if len(verify) < verify_len + 10: + return (b'', False, False) + if hmac.new(self.server_info.key + self.client_id, verify[:verify_len], hashlib.sha1).digest()[:10] != verify[verify_len:verify_len+10]: + raise Exception('server_decode data error') + self.recv_buffer = verify[verify_len + 10:] + status = self.handshake_status + self.handshake_status |= 4 + ret = self.server_decode(b'') + return ret; + + #raise Exception("handshake data = %s" % (binascii.hexlify(buf))) + self.recv_buffer += buf + buf = self.recv_buffer + ogn_buf = buf + if len(buf) < 3: + return (b'', False, False) + if not match_begin(buf, b'\x16\x03\x01'): + return self.decode_error_return(ogn_buf) + buf = buf[3:] + header_len = struct.unpack('>H', buf[:2])[0] + if header_len > len(buf) - 2: + return (b'', False, False) + + self.recv_buffer = self.recv_buffer[header_len + 5:] + self.handshake_status = 1 + buf = buf[2:header_len + 2] + if not match_begin(buf, b'\x01\x00'): #client hello + logging.info("tls_auth not client hello message") + return self.decode_error_return(ogn_buf) + buf = buf[2:] + if struct.unpack('>H', buf[:2])[0] != len(buf) - 2: + logging.info("tls_auth wrong message size") + return self.decode_error_return(ogn_buf) + buf = buf[2:] + if not match_begin(buf, self.tls_version): + logging.info("tls_auth wrong tls version") + return self.decode_error_return(ogn_buf) + buf = buf[2:] + verifyid = buf[:32] + buf = buf[32:] + sessionid_len = ord(buf[0]) + if sessionid_len < 32: + logging.info("tls_auth wrong sessionid_len") + return self.decode_error_return(ogn_buf) + sessionid = buf[1:sessionid_len + 1] + buf = buf[sessionid_len+1:] + self.client_id = sessionid + sha1 = hmac.new(self.server_info.key + sessionid, verifyid[:22], hashlib.sha1).digest()[:10] + utc_time = struct.unpack('>I', verifyid[:4])[0] + time_dif = common.int32((int(time.time()) & 0xffffffff) - utc_time) + if self.server_info.obfs_param: + try: + self.max_time_dif = int(self.server_info.obfs_param) + except: + pass + if self.max_time_dif > 0 and (time_dif < -self.max_time_dif or time_dif > self.max_time_dif \ + or common.int32(utc_time - self.server_info.data.startup_time) < -self.max_time_dif / 2): + logging.info("tls_auth wrong time") + return self.decode_error_return(ogn_buf) + if sha1 != verifyid[22:]: + logging.info("tls_auth wrong sha1") + return self.decode_error_return(ogn_buf) + if self.server_info.data.client_data.get(verifyid[:22]): + logging.info("replay attack detect, id = %s" % (binascii.hexlify(verifyid))) + return self.decode_error_return(ogn_buf) + self.server_info.data.client_data.sweep() + self.server_info.data.client_data[verifyid[:22]] = sessionid + if len(self.recv_buffer) >= 11: + ret = self.server_decode(b'') + return (ret[0], True, True) + # (buffer_to_recv, is_need_decrypt, is_need_to_encode_and_send_back) + return (b'', False, True) + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/plain.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/plain.py new file mode 100644 index 000000000..8c6355c38 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/plain.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python +# +# Copyright 2015-2015 breakwa11 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import hashlib +import logging + +from shadowsocks.common import ord + +def create_obfs(method): + return plain(method) + +obfs_map = { + 'plain': (create_obfs,), + 'origin': (create_obfs,), +} + +class plain(object): + def __init__(self, method): + self.method = method + self.server_info = None + + def init_data(self): + return b'' + + def get_overhead(self, direction): # direction: true for c->s false for s->c + return 0 + + def get_server_info(self): + return self.server_info + + def set_server_info(self, server_info): + self.server_info = server_info + + def client_pre_encrypt(self, buf): + return buf + + def client_encode(self, buf): + return buf + + def client_decode(self, buf): + # (buffer_to_recv, is_need_to_encode_and_send_back) + return (buf, False) + + def client_post_decrypt(self, buf): + return buf + + def server_pre_encrypt(self, buf): + return buf + + def server_encode(self, buf): + return buf + + def server_decode(self, buf): + # (buffer_to_recv, is_need_decrypt, is_need_to_encode_and_send_back) + return (buf, True, False) + + def server_post_decrypt(self, buf): + return (buf, False) + + def client_udp_pre_encrypt(self, buf): + return buf + + def client_udp_post_decrypt(self, buf): + return buf + + def server_udp_pre_encrypt(self, buf, uid): + return buf + + def server_udp_post_decrypt(self, buf): + return (buf, None) + + def dispose(self): + pass + + def get_head_size(self, buf, def_value): + if len(buf) < 2: + return def_value + head_type = ord(buf[0]) & 0x7 + if head_type == 1: + return 7 + if head_type == 4: + return 19 + if head_type == 3: + return 4 + ord(buf[1]) + return def_value + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/verify.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/verify.py new file mode 100644 index 000000000..0dc0ca6d1 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/obfsplugin/verify.py @@ -0,0 +1,154 @@ +#!/usr/bin/env python +# +# Copyright 2015-2015 breakwa11 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import hashlib +import logging +import binascii +import base64 +import time +import datetime +import random +import struct +import zlib +import hmac +import hashlib + +import shadowsocks +from shadowsocks import common +from shadowsocks.obfsplugin import plain +from shadowsocks.common import to_bytes, to_str, ord, chr + +def create_verify_deflate(method): + return verify_deflate(method) + +obfs_map = { + 'verify_deflate': (create_verify_deflate,), +} + +def match_begin(str1, str2): + if len(str1) >= len(str2): + if str1[:len(str2)] == str2: + return True + return False + +class obfs_verify_data(object): + def __init__(self): + pass + +class verify_base(plain.plain): + def __init__(self, method): + super(verify_base, self).__init__(method) + self.method = method + + def init_data(self): + return obfs_verify_data() + + def set_server_info(self, server_info): + self.server_info = server_info + + def client_encode(self, buf): + return buf + + def client_decode(self, buf): + return (buf, False) + + def server_encode(self, buf): + return buf + + def server_decode(self, buf): + return (buf, True, False) + +class verify_deflate(verify_base): + def __init__(self, method): + super(verify_deflate, self).__init__(method) + self.recv_buf = b'' + self.unit_len = 32700 + self.decrypt_packet_num = 0 + self.raw_trans = False + + def pack_data(self, buf): + if len(buf) == 0: + return b'' + data = zlib.compress(buf) + data = struct.pack('>H', len(data)) + data[2:] + return data + + def client_pre_encrypt(self, buf): + ret = b'' + while len(buf) > self.unit_len: + ret += self.pack_data(buf[:self.unit_len]) + buf = buf[self.unit_len:] + ret += self.pack_data(buf) + return ret + + def client_post_decrypt(self, buf): + if self.raw_trans: + return buf + self.recv_buf += buf + out_buf = b'' + while len(self.recv_buf) > 2: + length = struct.unpack('>H', self.recv_buf[:2])[0] + if length >= 32768 or length < 6: + self.raw_trans = True + self.recv_buf = b'' + raise Exception('client_post_decrypt data error') + if length > len(self.recv_buf): + break + + out_buf += zlib.decompress(b'x\x9c' + self.recv_buf[2:length]) + self.recv_buf = self.recv_buf[length:] + + if out_buf: + self.decrypt_packet_num += 1 + return out_buf + + def server_pre_encrypt(self, buf): + ret = b'' + while len(buf) > self.unit_len: + ret += self.pack_data(buf[:self.unit_len]) + buf = buf[self.unit_len:] + ret += self.pack_data(buf) + return ret + + def server_post_decrypt(self, buf): + if self.raw_trans: + return (buf, False) + self.recv_buf += buf + out_buf = b'' + while len(self.recv_buf) > 2: + length = struct.unpack('>H', self.recv_buf[:2])[0] + if length >= 32768 or length < 6: + self.raw_trans = True + self.recv_buf = b'' + if self.decrypt_packet_num == 0: + return (b'E'*2048, False) + else: + raise Exception('server_post_decrype data error') + if length > len(self.recv_buf): + break + + out_buf += zlib.decompress(b'\x78\x9c' + self.recv_buf[2:length]) + self.recv_buf = self.recv_buf[length:] + + if out_buf: + self.decrypt_packet_num += 1 + return (out_buf, False) + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/ordereddict.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/ordereddict.py new file mode 100644 index 000000000..e1918f5e0 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/ordereddict.py @@ -0,0 +1,214 @@ +import collections + +################################################################################ +### OrderedDict +################################################################################ + +class OrderedDict(dict): + 'Dictionary that remembers insertion order' + # An inherited dict maps keys to values. + # The inherited dict provides __getitem__, __len__, __contains__, and get. + # The remaining methods are order-aware. + # Big-O running times for all methods are the same as regular dictionaries. + + # The internal self.__map dict maps keys to links in a doubly linked list. + # The circular doubly linked list starts and ends with a sentinel element. + # The sentinel element never gets deleted (this simplifies the algorithm). + # Each link is stored as a list of length three: [PREV, NEXT, KEY]. + + def __init__(*args, **kwds): + '''Initialize an ordered dictionary. The signature is the same as + regular dictionaries, but keyword arguments are not recommended because + their insertion order is arbitrary. + + ''' + if not args: + raise TypeError("descriptor '__init__' of 'OrderedDict' object " + "needs an argument") + self = args[0] + args = args[1:] + if len(args) > 1: + raise TypeError('expected at most 1 arguments, got %d' % len(args)) + try: + self.__root + except AttributeError: + self.__root = root = [] # sentinel node + root[:] = [root, root, None] + self.__map = {} + self.__update(*args, **kwds) + + def __setitem__(self, key, value, dict_setitem=dict.__setitem__): + 'od.__setitem__(i, y) <==> od[i]=y' + # Setting a new item creates a new link at the end of the linked list, + # and the inherited dictionary is updated with the new key/value pair. + if key not in self: + root = self.__root + last = root[0] + last[1] = root[0] = self.__map[key] = [last, root, key] + return dict_setitem(self, key, value) + + def __delitem__(self, key, dict_delitem=dict.__delitem__): + 'od.__delitem__(y) <==> del od[y]' + # Deleting an existing item uses self.__map to find the link which gets + # removed by updating the links in the predecessor and successor nodes. + dict_delitem(self, key) + link_prev, link_next, _ = self.__map.pop(key) + link_prev[1] = link_next # update link_prev[NEXT] + link_next[0] = link_prev # update link_next[PREV] + + def __iter__(self): + 'od.__iter__() <==> iter(od)' + # Traverse the linked list in order. + root = self.__root + curr = root[1] # start at the first node + while curr is not root: + yield curr[2] # yield the curr[KEY] + curr = curr[1] # move to next node + + def __reversed__(self): + 'od.__reversed__() <==> reversed(od)' + # Traverse the linked list in reverse order. + root = self.__root + curr = root[0] # start at the last node + while curr is not root: + yield curr[2] # yield the curr[KEY] + curr = curr[0] # move to previous node + + def clear(self): + 'od.clear() -> None. Remove all items from od.' + root = self.__root + root[:] = [root, root, None] + self.__map.clear() + dict.clear(self) + + # -- the following methods do not depend on the internal structure -- + + def keys(self): + 'od.keys() -> list of keys in od' + return list(self) + + def values(self): + 'od.values() -> list of values in od' + return [self[key] for key in self] + + def items(self): + 'od.items() -> list of (key, value) pairs in od' + return [(key, self[key]) for key in self] + + def iterkeys(self): + 'od.iterkeys() -> an iterator over the keys in od' + return iter(self) + + def itervalues(self): + 'od.itervalues -> an iterator over the values in od' + for k in self: + yield self[k] + + def iteritems(self): + 'od.iteritems -> an iterator over the (key, value) pairs in od' + for k in self: + yield (k, self[k]) + + update = collections.MutableMapping.update + + __update = update # let subclasses override update without breaking __init__ + + __marker = object() + + def pop(self, key, default=__marker): + '''od.pop(k[,d]) -> v, remove specified key and return the corresponding + value. If key is not found, d is returned if given, otherwise KeyError + is raised. + + ''' + if key in self: + result = self[key] + del self[key] + return result + if default is self.__marker: + raise KeyError(key) + return default + + def setdefault(self, key, default=None): + 'od.setdefault(k[,d]) -> od.get(k,d), also set od[k]=d if k not in od' + if key in self: + return self[key] + self[key] = default + return default + + def popitem(self, last=True): + '''od.popitem() -> (k, v), return and remove a (key, value) pair. + Pairs are returned in LIFO order if last is true or FIFO order if false. + + ''' + if not self: + raise KeyError('dictionary is empty') + key = next(reversed(self) if last else iter(self)) + value = self.pop(key) + return key, value + + def __repr__(self, _repr_running={}): + 'od.__repr__() <==> repr(od)' + call_key = id(self), _get_ident() + if call_key in _repr_running: + return '...' + _repr_running[call_key] = 1 + try: + if not self: + return '%s()' % (self.__class__.__name__,) + return '%s(%r)' % (self.__class__.__name__, self.items()) + finally: + del _repr_running[call_key] + + def __reduce__(self): + 'Return state information for pickling' + items = [[k, self[k]] for k in self] + inst_dict = vars(self).copy() + for k in vars(OrderedDict()): + inst_dict.pop(k, None) + if inst_dict: + return (self.__class__, (items,), inst_dict) + return self.__class__, (items,) + + def copy(self): + 'od.copy() -> a shallow copy of od' + return self.__class__(self) + + @classmethod + def fromkeys(cls, iterable, value=None): + '''OD.fromkeys(S[, v]) -> New ordered dictionary with keys from S. + If not specified, the value defaults to None. + + ''' + self = cls() + for key in iterable: + self[key] = value + return self + + def __eq__(self, other): + '''od.__eq__(y) <==> od==y. Comparison to another OD is order-sensitive + while comparison to a regular mapping is order-insensitive. + + ''' + if isinstance(other, OrderedDict): + return dict.__eq__(self, other) and all(_imap(_eq, self, other)) + return dict.__eq__(self, other) + + def __ne__(self, other): + 'od.__ne__(y) <==> od!=y' + return not self == other + + # -- the following methods support python 3.x style dictionary views -- + + def viewkeys(self): + "od.viewkeys() -> a set-like object providing a view on od's keys" + return KeysView(self) + + def viewvalues(self): + "od.viewvalues() -> an object providing a view on od's values" + return ValuesView(self) + + def viewitems(self): + "od.viewitems() -> a set-like object providing a view on od's items" + return ItemsView(self) + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/run.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/run.sh new file mode 100755 index 000000000..43720308d --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/run.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd `dirname $0` +python_ver=$(ls /usr/bin|grep -e "^python[23]\.[1-9]\+$"|tail -1) +eval $(ps -ef | grep "[0-9] ${python_ver} server\\.py a" | awk '{print "kill "$2}') +ulimit -n 512000 +nohup ${python_ver} server.py a>> /dev/null 2>&1 & + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/server.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/server.py new file mode 100755 index 000000000..081538933 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/server.py @@ -0,0 +1,221 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import sys +import os +import logging +import signal + +if __name__ == '__main__': + import inspect + + file_path = os.path.dirname(os.path.realpath(inspect.getfile(inspect.currentframe()))) + sys.path.insert(0, os.path.join(file_path, '../')) + +from shadowsocks import shell, daemon, eventloop, tcprelay, udprelay, \ + asyncdns, manager, common + + +def main(): + shell.check_python() + + config = shell.get_config(False) + + shell.log_shadowsocks_version() + + daemon.daemon_exec(config) + + try: + import resource + logging.info( + 'current process RLIMIT_NOFILE resource: soft %d hard %d' % resource.getrlimit(resource.RLIMIT_NOFILE)) + except ImportError: + pass + + if config['port_password']: + pass + else: + config['port_password'] = {} + server_port = config['server_port'] + if type(server_port) == list: + for a_server_port in server_port: + config['port_password'][a_server_port] = config['password'] + else: + config['port_password'][str(server_port)] = config['password'] + + if not config.get('dns_ipv6', False): + asyncdns.IPV6_CONNECTION_SUPPORT = False + + if config.get('manager_address', 0): + logging.info('entering manager mode') + manager.run(config) + return + + tcp_servers = [] + udp_servers = [] + dns_resolver = asyncdns.DNSResolver(config['black_hostname_list']) + if int(config['workers']) > 1: + stat_counter_dict = None + else: + stat_counter_dict = {} + port_password = config['port_password'] + config_password = config.get('password', 'm') + del config['port_password'] + for port, password_obfs in port_password.items(): + method = config["method"] + protocol = config.get("protocol", 'origin') + protocol_param = config.get("protocol_param", '') + obfs = config.get("obfs", 'plain') + obfs_param = config.get("obfs_param", '') + bind = config.get("out_bind", '') + bindv6 = config.get("out_bindv6", '') + if type(password_obfs) == list: + password = password_obfs[0] + obfs = common.to_str(password_obfs[1]) + if len(password_obfs) > 2: + protocol = common.to_str(password_obfs[2]) + elif type(password_obfs) == dict: + password = password_obfs.get('password', config_password) + method = common.to_str(password_obfs.get('method', method)) + protocol = common.to_str(password_obfs.get('protocol', protocol)) + protocol_param = common.to_str(password_obfs.get('protocol_param', protocol_param)) + obfs = common.to_str(password_obfs.get('obfs', obfs)) + obfs_param = common.to_str(password_obfs.get('obfs_param', obfs_param)) + bind = password_obfs.get('out_bind', bind) + bindv6 = password_obfs.get('out_bindv6', bindv6) + else: + password = password_obfs + a_config = config.copy() + ipv6_ok = False + logging.info("server start with protocol[%s] password [%s] method [%s] obfs [%s] obfs_param [%s]" % + (protocol, password, method, obfs, obfs_param)) + if 'server_ipv6' in a_config: + try: + if len(a_config['server_ipv6']) > 2 and a_config['server_ipv6'][0] == "[" and a_config['server_ipv6'][ + -1] == "]": + a_config['server_ipv6'] = a_config['server_ipv6'][1:-1] + a_config['server_port'] = int(port) + a_config['password'] = password + a_config['method'] = method + a_config['protocol'] = protocol + a_config['protocol_param'] = protocol_param + a_config['obfs'] = obfs + a_config['obfs_param'] = obfs_param + a_config['out_bind'] = bind + a_config['out_bindv6'] = bindv6 + a_config['server'] = a_config['server_ipv6'] + logging.info("starting server at [%s]:%d" % + (a_config['server'], int(port))) + tcp_servers.append(tcprelay.TCPRelay(a_config, dns_resolver, False, stat_counter=stat_counter_dict)) + udp_servers.append(udprelay.UDPRelay(a_config, dns_resolver, False, stat_counter=stat_counter_dict)) + if a_config['server_ipv6'] == b"::": + ipv6_ok = True + except Exception as e: + shell.print_exception(e) + + try: + a_config = config.copy() + a_config['server_port'] = int(port) + a_config['password'] = password + a_config['method'] = method + a_config['protocol'] = protocol + a_config['protocol_param'] = protocol_param + a_config['obfs'] = obfs + a_config['obfs_param'] = obfs_param + a_config['out_bind'] = bind + a_config['out_bindv6'] = bindv6 + logging.info("starting server at %s:%d" % + (a_config['server'], int(port))) + tcp_servers.append(tcprelay.TCPRelay(a_config, dns_resolver, False, stat_counter=stat_counter_dict)) + udp_servers.append(udprelay.UDPRelay(a_config, dns_resolver, False, stat_counter=stat_counter_dict)) + except Exception as e: + if not ipv6_ok: + shell.print_exception(e) + + def run_server(): + def child_handler(signum, _): + logging.warn('received SIGQUIT, doing graceful shutting down..') + list(map(lambda s: s.close(next_tick=True), + tcp_servers + udp_servers)) + + signal.signal(getattr(signal, 'SIGQUIT', signal.SIGTERM), + child_handler) + + def int_handler(signum, _): + sys.exit(1) + + signal.signal(signal.SIGINT, int_handler) + + try: + loop = eventloop.EventLoop() + dns_resolver.add_to_loop(loop) + list(map(lambda s: s.add_to_loop(loop), tcp_servers + udp_servers)) + + daemon.set_user(config.get('user', None)) + loop.run() + except Exception as e: + shell.print_exception(e) + sys.exit(1) + + if int(config['workers']) > 1: + if os.name == 'posix': + children = [] + is_child = False + for i in range(0, int(config['workers'])): + r = os.fork() + if r == 0: + logging.info('worker started') + is_child = True + run_server() + break + else: + children.append(r) + if not is_child: + def handler(signum, _): + for pid in children: + try: + os.kill(pid, signum) + os.waitpid(pid, 0) + except OSError: # child may already exited + pass + sys.exit() + + signal.signal(signal.SIGTERM, handler) + signal.signal(signal.SIGQUIT, handler) + signal.signal(signal.SIGINT, handler) + + # master + for a_tcp_server in tcp_servers: + a_tcp_server.close() + for a_udp_server in udp_servers: + a_udp_server.close() + dns_resolver.close() + + for child in children: + os.waitpid(child, 0) + else: + logging.warn('worker is only available on Unix/Linux') + run_server() + else: + run_server() + + +if __name__ == '__main__': + main() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/shell.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/shell.py new file mode 100755 index 000000000..a1547d082 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/shell.py @@ -0,0 +1,451 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import json +import sys +import getopt +import logging +from shadowsocks.common import to_bytes, to_str, IPNetwork, PortRange +from shadowsocks import encrypt + +VERBOSE_LEVEL = 5 + +verbose = 0 + + +def check_python(): + info = sys.version_info + if info[0] == 2 and not info[1] >= 6: + print('Python 2.6+ required') + sys.exit(1) + elif info[0] == 3 and not info[1] >= 3: + print('Python 3.3+ required') + sys.exit(1) + elif info[0] not in [2, 3]: + print('Python version not supported') + sys.exit(1) + + +def print_exception(e): + global verbose + logging.error(e) + if verbose > 0: + import traceback + traceback.print_exc() + + +def __version(): + version_str = '' + try: + import pkg_resources + version_str = pkg_resources.get_distribution('shadowsocks').version + except Exception: + try: + from shadowsocks import version + version_str = version.version() + except Exception: + pass + return version_str + + +def print_shadowsocks(): + print('ShadowsocksR %s' % __version()) + + +def log_shadowsocks_version(): + logging.info('ShadowsocksR %s' % __version()) + + +def find_config(): + user_config_path = 'user-config.json' + config_path = 'config.json' + + def sub_find(file_name): + if os.path.exists(file_name): + return file_name + file_name = os.path.join(os.path.abspath('..'), file_name) + return file_name if os.path.exists(file_name) else None + + return sub_find(user_config_path) or sub_find(config_path) + + +def check_config(config, is_local): + if config.get('daemon', None) == 'stop': + # no need to specify configuration for daemon stop + return + + if is_local and not config.get('password', None): + logging.error('password not specified') + print_help(is_local) + sys.exit(2) + + if not is_local and not config.get('password', None) \ + and not config.get('port_password', None): + logging.error('password or port_password not specified') + print_help(is_local) + sys.exit(2) + + if 'local_port' in config: + config['local_port'] = int(config['local_port']) + + if 'server_port' in config and type(config['server_port']) != list: + config['server_port'] = int(config['server_port']) + + if config.get('local_address', '') in [b'0.0.0.0']: + logging.warning('warning: local set to listen on 0.0.0.0, it\'s not safe') + if config.get('server', '') in ['127.0.0.1', 'localhost']: + logging.warning('warning: server set to listen on %s:%s, are you sure?' % + (to_str(config['server']), config['server_port'])) + if config.get('timeout', 300) < 100: + logging.warning('warning: your timeout %d seems too short' % + int(config.get('timeout'))) + if config.get('timeout', 300) > 600: + logging.warning('warning: your timeout %d seems too long' % + int(config.get('timeout'))) + if config.get('password') in [b'mypassword']: + logging.error('DON\'T USE DEFAULT PASSWORD! Please change it in your ' + 'config.json!') + sys.exit(1) + if config.get('user', None) is not None: + if os.name != 'posix': + logging.error('user can be used only on Unix') + sys.exit(1) + + encrypt.try_cipher(config['password'], config['method']) + + +def get_config(is_local): + global verbose + config = {} + config_path = None + logging.basicConfig(level=logging.INFO, + format='%(levelname)-s: %(message)s') + if is_local: + shortopts = 'hd:s:b:p:k:l:m:O:o:G:g:c:t:vq' + longopts = ['help', 'fast-open', 'pid-file=', 'log-file=', 'user=', + 'version'] + else: + shortopts = 'hd:s:p:k:m:O:o:G:g:c:t:vq' + longopts = ['help', 'fast-open', 'pid-file=', 'log-file=', 'workers=', + 'forbidden-ip=', 'user=', 'manager-address=', 'version'] + try: + optlist, args = getopt.getopt(sys.argv[1:], shortopts, longopts) + for key, value in optlist: + if key == '-c': + config_path = value + elif key in ('-h', '--help'): + print_help(is_local) + sys.exit(0) + elif key == '--version': + print_shadowsocks() + sys.exit(0) + else: + continue + + if config_path is None: + config_path = find_config() + + if config_path: + logging.debug('loading config from %s' % config_path) + with open(config_path, 'rb') as f: + try: + config = parse_json_in_str(remove_comment(f.read().decode('utf8'))) + except ValueError as e: + logging.error('found an error in config.json: %s', str(e)) + sys.exit(1) + + v_count = 0 + for key, value in optlist: + if key == '-p': + config['server_port'] = int(value) + elif key == '-k': + config['password'] = to_bytes(value) + elif key == '-l': + config['local_port'] = int(value) + elif key == '-s': + config['server'] = to_str(value) + elif key == '-m': + config['method'] = to_str(value) + elif key == '-O': + config['protocol'] = to_str(value) + elif key == '-o': + config['obfs'] = to_str(value) + elif key == '-G': + config['protocol_param'] = to_str(value) + elif key == '-g': + config['obfs_param'] = to_str(value) + elif key == '-b': + config['local_address'] = to_str(value) + elif key == '-v': + v_count += 1 + # '-vv' turns on more verbose mode + config['verbose'] = v_count + elif key == '-t': + config['timeout'] = int(value) + elif key == '--fast-open': + config['fast_open'] = True + elif key == '--workers': + config['workers'] = int(value) + elif key == '--manager-address': + config['manager_address'] = value + elif key == '--user': + config['user'] = to_str(value) + elif key == '--forbidden-ip': + config['forbidden_ip'] = to_str(value) + + elif key == '-d': + config['daemon'] = to_str(value) + elif key == '--pid-file': + config['pid-file'] = to_str(value) + elif key == '--log-file': + config['log-file'] = to_str(value) + elif key == '-q': + v_count -= 1 + config['verbose'] = v_count + else: + continue + except getopt.GetoptError as e: + print(e, file=sys.stderr) + print_help(is_local) + sys.exit(2) + + if not config: + logging.error('config not specified') + print_help(is_local) + sys.exit(2) + + config['password'] = to_bytes(config.get('password', b'')) + config['method'] = to_str(config.get('method', 'aes-256-cfb')) + config['protocol'] = to_str(config.get('protocol', 'origin')) + config['protocol_param'] = to_str(config.get('protocol_param', '')) + config['obfs'] = to_str(config.get('obfs', 'plain')) + config['obfs_param'] = to_str(config.get('obfs_param', '')) + config['port_password'] = config.get('port_password', None) + config['additional_ports'] = config.get('additional_ports', {}) + config['additional_ports_only'] = config.get('additional_ports_only', False) + config['timeout'] = int(config.get('timeout', 300)) + config['udp_timeout'] = int(config.get('udp_timeout', 120)) + config['udp_cache'] = int(config.get('udp_cache', 64)) + config['fast_open'] = config.get('fast_open', False) + config['workers'] = config.get('workers', 1) + config['pid-file'] = config.get('pid-file', '/var/run/shadowsocksr.pid') + config['log-file'] = config.get('log-file', '/var/log/shadowsocksr.log') + config['verbose'] = config.get('verbose', False) + config['connect_verbose_info'] = config.get('connect_verbose_info', 0) + config['local_address'] = to_str(config.get('local_address', '127.0.0.1')) + config['local_port'] = config.get('local_port', 1080) + if is_local: + if config.get('server', None) is None: + logging.error('server addr not specified') + print_local_help() + sys.exit(2) + else: + config['server'] = to_str(config['server']) + else: + config['server'] = to_str(config.get('server', '0.0.0.0')) + config['black_hostname_list'] = to_str(config.get('black_hostname_list', '')).split(',') + if len(config['black_hostname_list']) == 1 and config['black_hostname_list'][0] == '': + config['black_hostname_list'] = [] + try: + config['forbidden_ip'] = \ + IPNetwork(config.get('forbidden_ip', '127.0.0.0/8,::1/128')) + except Exception as e: + logging.error(e) + sys.exit(2) + try: + config['forbidden_port'] = PortRange(config.get('forbidden_port', '')) + except Exception as e: + logging.error(e) + sys.exit(2) + try: + config['ignore_bind'] = \ + IPNetwork(config.get('ignore_bind', '127.0.0.0/8,::1/128,10.0.0.0/8,192.168.0.0/16')) + except Exception as e: + logging.error(e) + sys.exit(2) + config['server_port'] = config.get('server_port', 8388) + + logging.getLogger('').handlers = [] + logging.addLevelName(VERBOSE_LEVEL, 'VERBOSE') + if config['verbose'] >= 2: + level = VERBOSE_LEVEL + elif config['verbose'] == 1: + level = logging.DEBUG + elif config['verbose'] == -1: + level = logging.WARN + elif config['verbose'] <= -2: + level = logging.ERROR + else: + level = logging.INFO + verbose = config['verbose'] + logging.basicConfig(level=level, + format='%(asctime)s %(levelname)-8s %(filename)s:%(lineno)s %(message)s', + datefmt='%Y-%m-%d %H:%M:%S') + + check_config(config, is_local) + + return config + + +def print_help(is_local): + if is_local: + print_local_help() + else: + print_server_help() + + +def print_local_help(): + print('''usage: sslocal [OPTION]... +A fast tunnel proxy that helps you bypass firewalls. + +You can supply configurations via either config file or command line arguments. + +Proxy options: + -c CONFIG path to config file + -s SERVER_ADDR server address + -p SERVER_PORT server port, default: 8388 + -b LOCAL_ADDR local binding address, default: 127.0.0.1 + -l LOCAL_PORT local port, default: 1080 + -k PASSWORD password + -m METHOD encryption method, default: aes-256-cfb + -o OBFS obfsplugin, default: http_simple + -t TIMEOUT timeout in seconds, default: 300 + --fast-open use TCP_FASTOPEN, requires Linux 3.7+ + +General options: + -h, --help show this help message and exit + -d start/stop/restart daemon mode + --pid-file PID_FILE pid file for daemon mode + --log-file LOG_FILE log file for daemon mode + --user USER username to run as + -v, -vv verbose mode + -q, -qq quiet mode, only show warnings/errors + --version show version information + +Online help: +''') + + +def print_server_help(): + print('''usage: ssserver [OPTION]... +A fast tunnel proxy that helps you bypass firewalls. + +You can supply configurations via either config file or command line arguments. + +Proxy options: + -c CONFIG path to config file + -s SERVER_ADDR server address, default: 0.0.0.0 + -p SERVER_PORT server port, default: 8388 + -k PASSWORD password + -m METHOD encryption method, default: aes-256-cfb + -o OBFS obfsplugin, default: http_simple + -t TIMEOUT timeout in seconds, default: 300 + --fast-open use TCP_FASTOPEN, requires Linux 3.7+ + --workers WORKERS number of workers, available on Unix/Linux + --forbidden-ip IPLIST comma seperated IP list forbidden to connect + --manager-address ADDR optional server manager UDP address, see wiki + +General options: + -h, --help show this help message and exit + -d start/stop/restart daemon mode + --pid-file PID_FILE pid file for daemon mode + --log-file LOG_FILE log file for daemon mode + --user USER username to run as + -v, -vv verbose mode + -q, -qq quiet mode, only show warnings/errors + --version show version information + +Online help: +''') + + +def _decode_list(data): + rv = [] + for item in data: + if hasattr(item, 'encode'): + item = item.encode('utf-8') + elif isinstance(item, list): + item = _decode_list(item) + elif isinstance(item, dict): + item = _decode_dict(item) + rv.append(item) + return rv + + +def _decode_dict(data): + rv = {} + for key, value in data.items(): + if hasattr(value, 'encode'): + value = value.encode('utf-8') + elif isinstance(value, list): + value = _decode_list(value) + elif isinstance(value, dict): + value = _decode_dict(value) + rv[key] = value + return rv + + +class JSFormat: + def __init__(self): + self.state = 0 + + def push(self, ch): + ch = ord(ch) + if self.state == 0: + if ch == ord('"'): + self.state = 1 + return to_str(chr(ch)) + elif ch == ord('/'): + self.state = 3 + else: + return to_str(chr(ch)) + elif self.state == 1: + if ch == ord('"'): + self.state = 0 + return to_str(chr(ch)) + elif ch == ord('\\'): + self.state = 2 + return to_str(chr(ch)) + elif self.state == 2: + self.state = 1 + if ch == ord('"'): + return to_str(chr(ch)) + return "\\" + to_str(chr(ch)) + elif self.state == 3: + if ch == ord('/'): + self.state = 4 + else: + return "/" + to_str(chr(ch)) + elif self.state == 4: + if ch == ord('\n'): + self.state = 0 + return "\n" + return "" + + +def remove_comment(json): + fmt = JSFormat() + return "".join([fmt.push(c) for c in json]) + + +def parse_json_in_str(data): + # parse json and convert everything from unicode to str + return json.loads(data, object_hook=_decode_dict) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/stop.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/stop.sh new file mode 100755 index 000000000..d7d29589e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/stop.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +python_ver=$(ls /usr/bin|grep -e "^python[23]\.[1-9]\+$"|tail -1) +eval $(ps -ef | grep "[0-9] ${python_ver} server\\.py a" | awk '{print "kill "$2}') + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/tail.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/tail.sh new file mode 100755 index 000000000..aa3713939 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/tail.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +tail -f ssserver.log diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/tcprelay.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/tcprelay.py new file mode 100644 index 000000000..595e2be73 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/tcprelay.py @@ -0,0 +1,1476 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import time +import socket +import errno +import struct +import logging +import binascii +import traceback +import random +import platform +import threading + +from shadowsocks import encrypt, obfs, eventloop, shell, common, lru_cache, version +from shadowsocks.common import pre_parse_header, parse_header + +# we clear at most TIMEOUTS_CLEAN_SIZE timeouts each time +TIMEOUTS_CLEAN_SIZE = 512 + +MSG_FASTOPEN = 0x20000000 + +# SOCKS command definition +CMD_CONNECT = 1 +CMD_BIND = 2 +CMD_UDP_ASSOCIATE = 3 + +# for each opening port, we have a TCP Relay + +# for each connection, we have a TCP Relay Handler to handle the connection + +# for each handler, we have 2 sockets: +# local: connected to the client +# remote: connected to remote server + +# for each handler, it could be at one of several stages: + +# as sslocal: +# stage 0 SOCKS hello received from local, send hello to local +# stage 1 addr received from local, query DNS for remote +# stage 2 UDP assoc +# stage 3 DNS resolved, connect to remote +# stage 4 still connecting, more data from local received +# stage 5 remote connected, piping local and remote + +# as ssserver: +# stage 0 just jump to stage 1 +# stage 1 addr received from local, query DNS for remote +# stage 3 DNS resolved, connect to remote +# stage 4 still connecting, more data from local received +# stage 5 remote connected, piping local and remote + +STAGE_INIT = 0 +STAGE_ADDR = 1 +STAGE_UDP_ASSOC = 2 +STAGE_DNS = 3 +STAGE_CONNECTING = 4 +STAGE_STREAM = 5 +STAGE_DESTROYED = -1 + +# for each handler, we have 2 stream directions: +# upstream: from client to server direction +# read local and write to remote +# downstream: from server to client direction +# read remote and write to local + +STREAM_UP = 0 +STREAM_DOWN = 1 + +# for each stream, it's waiting for reading, or writing, or both +WAIT_STATUS_INIT = 0 +WAIT_STATUS_READING = 1 +WAIT_STATUS_WRITING = 2 +WAIT_STATUS_READWRITING = WAIT_STATUS_READING | WAIT_STATUS_WRITING + +NETWORK_MTU = 1500 +TCP_MSS = NETWORK_MTU - 40 +BUF_SIZE = 32 * 1024 +UDP_MAX_BUF_SIZE = 65536 + +class SpeedTester(object): + def __init__(self, max_speed = 0): + self.max_speed = max_speed * 1024 + self.last_time = time.time() + self.sum_len = 0 + + def update_limit(self, max_speed): + self.max_speed = max_speed * 1024 + + def add(self, data_len): + if self.max_speed > 0: + cut_t = time.time() + self.sum_len -= (cut_t - self.last_time) * self.max_speed + if self.sum_len < 0: + self.sum_len = 0 + self.last_time = cut_t + self.sum_len += data_len + + def isExceed(self): + if self.max_speed > 0: + cut_t = time.time() + self.sum_len -= (cut_t - self.last_time) * self.max_speed + if self.sum_len < 0: + self.sum_len = 0 + self.last_time = cut_t + return self.sum_len >= self.max_speed + return False + +class TCPRelayHandler(object): + def __init__(self, server, fd_to_handlers, loop, local_sock, config, + dns_resolver, is_local): + self._server = server + self._fd_to_handlers = fd_to_handlers + self._loop = loop + self._local_sock = local_sock + self._remote_sock = None + self._remote_sock_v6 = None + self._local_sock_fd = None + self._remote_sock_fd = None + self._remotev6_sock_fd = None + self._remote_udp = False + self._config = config + self._dns_resolver = dns_resolver + self._add_ref = 0 + if not self._create_encryptor(config): + return + + self._client_address = local_sock.getpeername()[:2] + self._accept_address = local_sock.getsockname()[:2] + self._user = None + self._user_id = server._listen_port + self._update_tcp_mss(local_sock) + + # TCP Relay works as either sslocal or ssserver + # if is_local, this is sslocal + self._is_local = is_local + self._encrypt_correct = True + self._obfs = obfs.obfs(config['obfs']) + self._protocol = obfs.obfs(config['protocol']) + self._overhead = self._obfs.get_overhead(self._is_local) + self._protocol.get_overhead(self._is_local) + self._recv_buffer_size = BUF_SIZE - self._overhead + + server_info = obfs.server_info(server.obfs_data) + server_info.host = config['server'] + server_info.port = server._listen_port + #server_info.users = server.server_users + #server_info.update_user_func = self._update_user + server_info.client = self._client_address[0] + server_info.client_port = self._client_address[1] + server_info.protocol_param = '' + server_info.obfs_param = config['obfs_param'] + server_info.iv = self._encryptor.cipher_iv + server_info.recv_iv = b'' + server_info.key_str = common.to_bytes(config['password']) + server_info.key = self._encryptor.cipher_key + server_info.head_len = 30 + server_info.tcp_mss = self._tcp_mss + server_info.buffer_size = self._recv_buffer_size + server_info.overhead = self._overhead + self._obfs.set_server_info(server_info) + + server_info = obfs.server_info(server.protocol_data) + server_info.host = config['server'] + server_info.port = server._listen_port + server_info.users = server.server_users + server_info.update_user_func = self._update_user + server_info.client = self._client_address[0] + server_info.client_port = self._client_address[1] + server_info.protocol_param = config['protocol_param'] + server_info.obfs_param = '' + server_info.iv = self._encryptor.cipher_iv + server_info.recv_iv = b'' + server_info.key_str = common.to_bytes(config['password']) + server_info.key = self._encryptor.cipher_key + server_info.head_len = 30 + server_info.tcp_mss = self._tcp_mss + server_info.buffer_size = self._recv_buffer_size + server_info.overhead = self._overhead + self._protocol.set_server_info(server_info) + + self._redir_list = config.get('redirect', ["*#0.0.0.0:0"]) + self._is_redirect = False + self._bind = config.get('out_bind', '') + self._bindv6 = config.get('out_bindv6', '') + self._ignore_bind_list = config.get('ignore_bind', []) + + self._fastopen_connected = False + self._data_to_write_to_local = [] + self._data_to_write_to_remote = [] + self._udp_data_send_buffer = b'' + self._upstream_status = WAIT_STATUS_READING + self._downstream_status = WAIT_STATUS_INIT + self._remote_address = None + + self._forbidden_iplist = config.get('forbidden_ip', None) + self._forbidden_portset = config.get('forbidden_port', None) + if is_local: + self._chosen_server = self._get_a_server() + + self.last_activity = 0 + self._update_activity() + self._server.add_connection(1) + self._server.stat_add(self._client_address[0], 1) + self._add_ref = 1 + self.speed_tester_u = SpeedTester(config.get("speed_limit_per_con", 0)) + self.speed_tester_d = SpeedTester(config.get("speed_limit_per_con", 0)) + self._recv_u_max_size = BUF_SIZE + self._recv_d_max_size = BUF_SIZE + self._recv_pack_id = 0 + self._udp_send_pack_id = 0 + self._udpv6_send_pack_id = 0 + + local_sock.setblocking(False) + local_sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) + self._local_sock_fd = local_sock.fileno() + fd_to_handlers[self._local_sock_fd] = self + loop.add(local_sock, eventloop.POLL_IN | eventloop.POLL_ERR, self._server) + self._stage = STAGE_INIT + + def __hash__(self): + # default __hash__ is id / 16 + # we want to eliminate collisions + return id(self) + + @property + def remote_address(self): + return self._remote_address + + def _get_a_server(self): + server = self._config['server'] + server_port = self._config['server_port'] + if type(server_port) == list: + server_port = random.choice(server_port) + if type(server) == list: + server = random.choice(server) + logging.debug('chosen server: %s:%d', server, server_port) + return server, server_port + + def _update_tcp_mss(self, local_sock): + self._tcp_mss = TCP_MSS + try: + tcp_mss = local_sock.getsockopt(socket.SOL_TCP, socket.TCP_MAXSEG) + if tcp_mss > 500 and tcp_mss <= 1500: + self._tcp_mss = tcp_mss + logging.debug("TCP MSS = %d" % (self._tcp_mss,)) + except: + pass + + def _create_encryptor(self, config): + try: + self._encryptor = encrypt.Encryptor(config['password'], + config['method']) + return True + except Exception: + self._stage = STAGE_DESTROYED + logging.error('create encryptor fail at port %d', self._server._listen_port) + + def _update_user(self, user): + self._user = user + self._user_id = struct.unpack(' 6: + length = struct.unpack('>H', self._udp_data_send_buffer[:2])[0] + + if length > len(self._udp_data_send_buffer): + break + + data = self._udp_data_send_buffer[:length] + self._udp_data_send_buffer = self._udp_data_send_buffer[length:] + + frag = common.ord(data[2]) + if frag != 0: + logging.warn('drop a message since frag is %d' % (frag,)) + continue + else: + data = data[3:] + header_result = parse_header(data) + if header_result is None: + continue + connecttype, addrtype, dest_addr, dest_port, header_length = header_result + if (addrtype & 7) == 3: + af = common.is_ip(dest_addr) + if af == False: + handler = common.UDPAsyncDNSHandler(data[header_length:]) + handler.resolve(self._dns_resolver, (dest_addr, dest_port), self._handle_server_dns_resolved) + else: + return self._handle_server_dns_resolved("", (dest_addr, dest_port), dest_addr, data[header_length:]) + else: + return self._handle_server_dns_resolved("", (dest_addr, dest_port), dest_addr, data[header_length:]) + + except Exception as e: + #trace = traceback.format_exc() + #logging.error(trace) + error_no = eventloop.errno_from_exception(e) + if error_no in (errno.EAGAIN, errno.EINPROGRESS, + errno.EWOULDBLOCK): + uncomplete = True + else: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return False + return True + else: + try: + if self._encrypt_correct: + if sock == self._remote_sock: + self._server.add_transfer_u(self._user, len(data)) + self._update_activity(len(data)) + if data: + l = len(data) + s = sock.send(data) + if s < l: + data = data[s:] + uncomplete = True + else: + return + except (OSError, IOError) as e: + error_no = eventloop.errno_from_exception(e) + if error_no in (errno.EAGAIN, errno.EINPROGRESS, + errno.EWOULDBLOCK): + uncomplete = True + else: + #traceback.print_exc() + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return False + except Exception as e: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return False + if uncomplete: + if sock == self._local_sock: + self._data_to_write_to_local.append(data) + self._update_stream(STREAM_DOWN, WAIT_STATUS_WRITING) + elif sock == self._remote_sock: + self._data_to_write_to_remote.append(data) + self._update_stream(STREAM_UP, WAIT_STATUS_WRITING) + else: + logging.error('write_all_to_sock:unknown socket from %s:%d' % (self._client_address[0], self._client_address[1])) + else: + if sock == self._local_sock: + self._update_stream(STREAM_DOWN, WAIT_STATUS_READING) + elif sock == self._remote_sock: + self._update_stream(STREAM_UP, WAIT_STATUS_READING) + else: + logging.error('write_all_to_sock:unknown socket from %s:%d' % (self._client_address[0], self._client_address[1])) + return True + + def _handle_server_dns_resolved(self, error, remote_addr, server_addr, data): + if error: + return + try: + addrs = socket.getaddrinfo(server_addr, remote_addr[1], 0, socket.SOCK_DGRAM, socket.SOL_UDP) + if not addrs: # drop + return + af, socktype, proto, canonname, sa = addrs[0] + if af == socket.AF_INET6: + self._remote_sock_v6.sendto(data, (server_addr, remote_addr[1])) + if self._udpv6_send_pack_id == 0: + addr, port = self._remote_sock_v6.getsockname()[:2] + common.connect_log('UDPv6 sendto %s(%s):%d from %s:%d by user %d' % + (common.to_str(remote_addr[0]), common.to_str(server_addr), remote_addr[1], addr, port, self._user_id)) + self._udpv6_send_pack_id += 1 + else: + self._remote_sock.sendto(data, (server_addr, remote_addr[1])) + if self._udp_send_pack_id == 0: + addr, port = self._remote_sock.getsockname()[:2] + common.connect_log('UDP sendto %s(%s):%d from %s:%d by user %d' % + (common.to_str(remote_addr[0]), common.to_str(server_addr), remote_addr[1], addr, port, self._user_id)) + self._udp_send_pack_id += 1 + return True + except Exception as e: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + + def _get_redirect_host(self, client_address, ogn_data): + host_list = self._redir_list or ["*#0.0.0.0:0"] + + if type(host_list) != list: + host_list = [host_list] + + items_sum = common.to_str(host_list[0]).rsplit('#', 1) + if len(items_sum) < 2: + hash_code = binascii.crc32(ogn_data) + addrs = socket.getaddrinfo(client_address[0], client_address[1], 0, socket.SOCK_STREAM, socket.SOL_TCP) + af, socktype, proto, canonname, sa = addrs[0] + address_bytes = common.inet_pton(af, sa[0]) + if af == socket.AF_INET6: + addr = struct.unpack('>Q', address_bytes[8:])[0] + elif af == socket.AF_INET: + addr = struct.unpack('>I', address_bytes)[0] + else: + addr = 0 + + host_port = [] + match_port = False + for host in host_list: + items = common.to_str(host).rsplit(':', 1) + if len(items) > 1: + try: + port = int(items[1]) + if port == self._server._listen_port: + match_port = True + host_port.append((items[0], port)) + except: + pass + else: + host_port.append((host, 80)) + + if match_port: + last_host_port = host_port + host_port = [] + for host in last_host_port: + if host[1] == self._server._listen_port: + host_port.append(host) + + return host_port[((hash_code & 0xffffffff) + addr) % len(host_port)] + + else: + host_port = [] + for host in host_list: + items_sum = common.to_str(host).rsplit('#', 1) + items_match = common.to_str(items_sum[0]).rsplit(':', 1) + items = common.to_str(items_sum[1]).rsplit(':', 1) + if len(items_match) > 1: + if items_match[1] != "*": + try: + if self._server._listen_port != int(items_match[1]) and int(items_match[1]) != 0: + continue + except: + pass + + if items_match[0] != "*" and common.match_regex( + items_match[0], ogn_data) == False: + continue + if len(items) > 1: + try: + port = int(items[1]) + return (items[0], port) + except: + pass + else: + return (items[0], 80) + + return ("0.0.0.0", 0) + + def _handel_protocol_error(self, client_address, ogn_data): + logging.warn("Protocol ERROR, TCP ogn data %s from %s:%d via port %d by UID %d" % (binascii.hexlify(ogn_data), client_address[0], client_address[1], self._server._listen_port, self._user_id)) + self._encrypt_correct = False + #create redirect or disconnect by hash code + host, port = self._get_redirect_host(client_address, ogn_data) + if port == 0: + raise Exception('can not parse header') + data = b"\x03" + common.to_bytes(common.chr(len(host))) + common.to_bytes(host) + struct.pack('>H', port) + self._is_redirect = True + logging.warn("TCP data redir %s:%d %s" % (host, port, binascii.hexlify(data))) + return data + ogn_data + + def _handle_stage_connecting(self, data): + if self._is_local: + if self._encryptor is not None: + data = self._protocol.client_pre_encrypt(data) + data = self._encryptor.encrypt(data) + data = self._obfs.client_encode(data) + if data: + self._data_to_write_to_remote.append(data) + if self._is_local and not self._fastopen_connected and \ + self._config['fast_open']: + # for sslocal and fastopen, we basically wait for data and use + # sendto to connect + try: + # only connect once + self._fastopen_connected = True + remote_sock = \ + self._create_remote_socket(self._chosen_server[0], + self._chosen_server[1]) + self._loop.add(remote_sock, eventloop.POLL_ERR, self._server) + data = b''.join(self._data_to_write_to_remote) + l = len(data) + s = remote_sock.sendto(data, MSG_FASTOPEN, self._chosen_server) + if s < l: + data = data[s:] + self._data_to_write_to_remote = [data] + else: + self._data_to_write_to_remote = [] + self._update_stream(STREAM_UP, WAIT_STATUS_READWRITING) + except (OSError, IOError) as e: + if eventloop.errno_from_exception(e) == errno.EINPROGRESS: + # in this case data is not sent at all + self._update_stream(STREAM_UP, WAIT_STATUS_READWRITING) + elif eventloop.errno_from_exception(e) == errno.ENOTCONN: + logging.error('fast open not supported on this OS') + self._config['fast_open'] = False + self.destroy() + else: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + + def _get_head_size(self, buf, def_value): + if len(buf) < 2: + return def_value + head_type = common.ord(buf[0]) & 0xF + if head_type == 1: + return 7 + if head_type == 4: + return 19 + if head_type == 3: + return 4 + common.ord(buf[1]) + return def_value + + def _handle_stage_addr(self, ogn_data, data): + try: + if self._is_local: + cmd = common.ord(data[1]) + if cmd == CMD_UDP_ASSOCIATE: + logging.debug('UDP associate') + if self._local_sock.family == socket.AF_INET6: + header = b'\x05\x00\x00\x04' + else: + header = b'\x05\x00\x00\x01' + addr, port = self._local_sock.getsockname()[:2] + addr_to_send = socket.inet_pton(self._local_sock.family, + addr) + port_to_send = struct.pack('>H', port) + self._write_to_sock(header + addr_to_send + port_to_send, + self._local_sock) + self._stage = STAGE_UDP_ASSOC + # just wait for the client to disconnect + return + elif cmd == CMD_CONNECT: + # just trim VER CMD RSV + data = data[3:] + else: + logging.error('invalid command %d', cmd) + self.destroy() + return + + before_parse_data = data + if self._is_local: + header_result = parse_header(data) + else: + data = pre_parse_header(data) + if data is None: + data = self._handel_protocol_error(self._client_address, ogn_data) + header_result = parse_header(data) + if header_result is not None: + try: + common.to_str(header_result[2]) + except Exception as e: + header_result = None + if header_result is None: + data = self._handel_protocol_error(self._client_address, ogn_data) + header_result = parse_header(data) + self._overhead = self._obfs.get_overhead(self._is_local) + self._protocol.get_overhead(self._is_local) + self._recv_buffer_size = BUF_SIZE - self._overhead + server_info = self._obfs.get_server_info() + server_info.buffer_size = self._recv_buffer_size + server_info = self._protocol.get_server_info() + server_info.buffer_size = self._recv_buffer_size + connecttype, addrtype, remote_addr, remote_port, header_length = header_result + if connecttype != 0: + pass + #common.connect_log('UDP over TCP by user %d' % + # (self._user_id, )) + else: + common.connect_log('TCP request %s:%d by user %d' % + (common.to_str(remote_addr), remote_port, self._user_id)) + self._remote_address = (common.to_str(remote_addr), remote_port) + self._remote_udp = (connecttype != 0) + # pause reading + self._update_stream(STREAM_UP, WAIT_STATUS_WRITING) + self._stage = STAGE_DNS + if self._is_local: + # forward address to remote + self._write_to_sock((b'\x05\x00\x00\x01' + b'\x00\x00\x00\x00\x10\x10'), + self._local_sock) + head_len = self._get_head_size(data, 30) + self._obfs.obfs.server_info.head_len = head_len + self._protocol.obfs.server_info.head_len = head_len + if self._encryptor is not None: + data = self._protocol.client_pre_encrypt(data) + data_to_send = self._encryptor.encrypt(data) + data_to_send = self._obfs.client_encode(data_to_send) + if data_to_send: + self._data_to_write_to_remote.append(data_to_send) + # notice here may go into _handle_dns_resolved directly + self._dns_resolver.resolve(self._chosen_server[0], + self._handle_dns_resolved) + else: + if len(data) > header_length: + self._data_to_write_to_remote.append(data[header_length:]) + # notice here may go into _handle_dns_resolved directly + self._dns_resolver.resolve(remote_addr, + self._handle_dns_resolved) + except Exception as e: + self._log_error(e) + if self._config['verbose']: + traceback.print_exc() + self.destroy() + + def _socket_bind_addr(self, sock, af): + bind_addr = '' + if self._bind and af == socket.AF_INET: + bind_addr = self._bind + elif self._bindv6 and af == socket.AF_INET6: + bind_addr = self._bindv6 + else: + bind_addr = self._accept_address[0] + + bind_addr = bind_addr.replace("::ffff:", "") + if bind_addr in self._ignore_bind_list: + bind_addr = None + if bind_addr: + local_addrs = socket.getaddrinfo(bind_addr, 0, 0, socket.SOCK_STREAM, socket.SOL_TCP) + if local_addrs[0][0] == af: + logging.debug("bind %s" % (bind_addr,)) + try: + sock.bind((bind_addr, 0)) + except Exception as e: + logging.warn("bind %s fail" % (bind_addr,)) + + def _create_remote_socket(self, ip, port): + if self._remote_udp: + addrs_v6 = socket.getaddrinfo("::", 0, 0, socket.SOCK_DGRAM, socket.SOL_UDP) + addrs = socket.getaddrinfo("0.0.0.0", 0, 0, socket.SOCK_DGRAM, socket.SOL_UDP) + else: + addrs = socket.getaddrinfo(ip, port, 0, socket.SOCK_STREAM, socket.SOL_TCP) + if len(addrs) == 0: + raise Exception("getaddrinfo failed for %s:%d" % (ip, port)) + af, socktype, proto, canonname, sa = addrs[0] + if not self._remote_udp and not self._is_redirect: + if self._forbidden_iplist: + if common.to_str(sa[0]) in self._forbidden_iplist: + if self._remote_address: + raise Exception('IP %s is in forbidden list, when connect to %s:%d via port %d by UID %d' % + (common.to_str(sa[0]), self._remote_address[0], self._remote_address[1], self._server._listen_port, self._user_id)) + raise Exception('IP %s is in forbidden list, reject' % + common.to_str(sa[0])) + if self._forbidden_portset: + if sa[1] in self._forbidden_portset: + if self._remote_address: + raise Exception('Port %d is in forbidden list, when connect to %s:%d via port %d by UID %d' % + (sa[1], self._remote_address[0], self._remote_address[1], self._server._listen_port, self._user_id)) + raise Exception('Port %d is in forbidden list, reject' % sa[1]) + remote_sock = socket.socket(af, socktype, proto) + self._remote_sock = remote_sock + self._remote_sock_fd = remote_sock.fileno() + self._fd_to_handlers[self._remote_sock_fd] = self + + if self._remote_udp: + af, socktype, proto, canonname, sa = addrs_v6[0] + remote_sock_v6 = socket.socket(af, socktype, proto) + self._remote_sock_v6 = remote_sock_v6 + self._remotev6_sock_fd = remote_sock_v6.fileno() + self._fd_to_handlers[self._remotev6_sock_fd] = self + + remote_sock.setblocking(False) + if self._remote_udp: + remote_sock_v6.setblocking(False) + + if not self._is_local: + self._socket_bind_addr(remote_sock, af) + self._socket_bind_addr(remote_sock_v6, af) + else: + remote_sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) + if not self._is_local: + self._socket_bind_addr(remote_sock, af) + return remote_sock + + def _handle_dns_resolved(self, result, error): + if error: + self._log_error(error) + self.destroy() + return + if result: + ip = result[1] + if ip: + try: + self._stage = STAGE_CONNECTING + remote_addr = ip + if self._is_local: + remote_port = self._chosen_server[1] + else: + remote_port = self._remote_address[1] + + if self._is_local and self._config['fast_open']: + # for fastopen: + # wait for more data to arrive and send them in one SYN + self._stage = STAGE_CONNECTING + # we don't have to wait for remote since it's not + # created + self._update_stream(STREAM_UP, WAIT_STATUS_READING) + # TODO when there is already data in this packet + else: + # else do connect + remote_sock = self._create_remote_socket(remote_addr, + remote_port) + if self._remote_udp: + self._loop.add(remote_sock, + eventloop.POLL_IN, + self._server) + if self._remote_sock_v6: + self._loop.add(self._remote_sock_v6, + eventloop.POLL_IN, + self._server) + else: + try: + remote_sock.connect((remote_addr, remote_port)) + except (OSError, IOError) as e: + if eventloop.errno_from_exception(e) in (errno.EINPROGRESS, + errno.EWOULDBLOCK): + pass # always goto here + else: + raise e + addr, port = self._remote_sock.getsockname()[:2] + common.connect_log('TCP connecting %s(%s):%d from %s:%d by user %d' % + (common.to_str(self._remote_address[0]), common.to_str(remote_addr), remote_port, addr, port, self._user_id)) + + self._loop.add(remote_sock, + eventloop.POLL_ERR | eventloop.POLL_OUT, + self._server) + self._stage = STAGE_CONNECTING + self._update_stream(STREAM_UP, WAIT_STATUS_READWRITING) + self._update_stream(STREAM_DOWN, WAIT_STATUS_READING) + if self._remote_udp: + while self._data_to_write_to_remote: + data = self._data_to_write_to_remote[0] + del self._data_to_write_to_remote[0] + self._write_to_sock(data, self._remote_sock) + return + except Exception as e: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + + def _get_read_size(self, sock, recv_buffer_size, up): + if self._overhead == 0: + return recv_buffer_size + buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK)) + frame_size = self._tcp_mss - self._overhead + if up: + buffer_size = min(buffer_size, self._recv_u_max_size) + self._recv_u_max_size = min(self._recv_u_max_size + frame_size, BUF_SIZE) + else: + buffer_size = min(buffer_size, self._recv_d_max_size) + self._recv_d_max_size = min(self._recv_d_max_size + frame_size, BUF_SIZE) + if buffer_size == recv_buffer_size: + return buffer_size + if buffer_size > frame_size: + buffer_size = int(buffer_size / frame_size) * frame_size + return buffer_size + + def _on_local_read(self): + # handle all local read events and dispatch them to methods for + # each stage + if not self._local_sock: + return + is_local = self._is_local + if is_local: + recv_buffer_size = self._get_read_size(self._local_sock, self._recv_buffer_size, True) + else: + recv_buffer_size = BUF_SIZE + data = None + try: + data = self._local_sock.recv(recv_buffer_size) + except (OSError, IOError) as e: + if eventloop.errno_from_exception(e) in \ + (errno.ETIMEDOUT, errno.EAGAIN, errno.EWOULDBLOCK): + return + if not data: + self.destroy() + return + + self.speed_tester_u.add(len(data)) + self._server.speed_tester_u(self._user_id).add(len(data)) + ogn_data = data + if not is_local: + if self._encryptor is not None: + if self._encrypt_correct: + try: + obfs_decode = self._obfs.server_decode(data) + if self._stage == STAGE_INIT: + self._overhead = self._obfs.get_overhead(self._is_local) + self._protocol.get_overhead(self._is_local) + server_info = self._protocol.get_server_info() + server_info.overhead = self._overhead + except Exception as e: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return + if obfs_decode[2]: + data = self._obfs.server_encode(b'') + try: + self._write_to_sock(data, self._local_sock) + except Exception as e: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return + if obfs_decode[1]: + if not self._protocol.obfs.server_info.recv_iv: + iv_len = len(self._protocol.obfs.server_info.iv) + self._protocol.obfs.server_info.recv_iv = obfs_decode[0][:iv_len] + data = self._encryptor.decrypt(obfs_decode[0]) + else: + data = obfs_decode[0] + try: + data, sendback = self._protocol.server_post_decrypt(data) + if sendback: + backdata = self._protocol.server_pre_encrypt(b'') + backdata = self._encryptor.encrypt(backdata) + backdata = self._obfs.server_encode(backdata) + try: + self._write_to_sock(backdata, self._local_sock) + except Exception as e: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return + except Exception as e: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return + else: + return + if not data: + return + if self._stage == STAGE_STREAM: + if self._is_local: + if self._encryptor is not None: + data = self._protocol.client_pre_encrypt(data) + data = self._encryptor.encrypt(data) + data = self._obfs.client_encode(data) + self._write_to_sock(data, self._remote_sock) + elif is_local and self._stage == STAGE_INIT: + # TODO check auth method + self._write_to_sock(b'\x05\00', self._local_sock) + self._stage = STAGE_ADDR + elif self._stage == STAGE_CONNECTING: + self._handle_stage_connecting(data) + elif (is_local and self._stage == STAGE_ADDR) or \ + (not is_local and self._stage == STAGE_INIT): + self._handle_stage_addr(ogn_data, data) + + def _on_remote_read(self, is_remote_sock): + # handle all remote read events + data = None + try: + if self._remote_udp: + if is_remote_sock: + data, addr = self._remote_sock.recvfrom(UDP_MAX_BUF_SIZE) + else: + data, addr = self._remote_sock_v6.recvfrom(UDP_MAX_BUF_SIZE) + port = struct.pack('>H', addr[1]) + try: + ip = socket.inet_aton(addr[0]) + data = b'\x00\x01' + ip + port + data + except Exception as e: + ip = socket.inet_pton(socket.AF_INET6, addr[0]) + data = b'\x00\x04' + ip + port + data + size = len(data) + 2 + data = struct.pack('>H', size) + data + #logging.info('UDP over TCP recvfrom %s:%d %d bytes to %s:%d' % (addr[0], addr[1], len(data), self._client_address[0], self._client_address[1])) + else: + if self._is_local: + recv_buffer_size = BUF_SIZE + else: + recv_buffer_size = self._get_read_size(self._remote_sock, self._recv_buffer_size, False) + data = self._remote_sock.recv(recv_buffer_size) + self._recv_pack_id += 1 + except (OSError, IOError) as e: + if eventloop.errno_from_exception(e) in \ + (errno.ETIMEDOUT, errno.EAGAIN, errno.EWOULDBLOCK, 10035): #errno.WSAEWOULDBLOCK + return + if not data: + self.destroy() + return + + self.speed_tester_d.add(len(data)) + self._server.speed_tester_d(self._user_id).add(len(data)) + if self._encryptor is not None: + if self._is_local: + try: + obfs_decode = self._obfs.client_decode(data) + except Exception as e: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return + if obfs_decode[1]: + send_back = self._obfs.client_encode(b'') + self._write_to_sock(send_back, self._remote_sock) + if not self._protocol.obfs.server_info.recv_iv: + iv_len = len(self._protocol.obfs.server_info.iv) + self._protocol.obfs.server_info.recv_iv = obfs_decode[0][:iv_len] + data = self._encryptor.decrypt(obfs_decode[0]) + try: + data = self._protocol.client_post_decrypt(data) + if self._recv_pack_id == 1: + self._tcp_mss = self._protocol.get_server_info().tcp_mss + except Exception as e: + shell.print_exception(e) + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + return + else: + if self._encrypt_correct: + data = self._protocol.server_pre_encrypt(data) + data = self._encryptor.encrypt(data) + data = self._obfs.server_encode(data) + self._server.add_transfer_d(self._user, len(data)) + self._update_activity(len(data)) + else: + return + try: + self._write_to_sock(data, self._local_sock) + except Exception as e: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + + def _on_local_write(self): + # handle local writable event + if self._data_to_write_to_local: + data = b''.join(self._data_to_write_to_local) + self._data_to_write_to_local = [] + self._write_to_sock(data, self._local_sock) + else: + self._update_stream(STREAM_DOWN, WAIT_STATUS_READING) + + def _on_remote_write(self): + # handle remote writable event + self._stage = STAGE_STREAM + if self._data_to_write_to_remote: + data = b''.join(self._data_to_write_to_remote) + self._data_to_write_to_remote = [] + self._write_to_sock(data, self._remote_sock) + else: + self._update_stream(STREAM_UP, WAIT_STATUS_READING) + + def _on_local_error(self): + if self._local_sock: + err = eventloop.get_sock_error(self._local_sock) + if err.errno not in [errno.ECONNRESET, errno.EPIPE]: + logging.error(err) + logging.error("local error, exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + + def _on_remote_error(self): + if self._remote_sock: + err = eventloop.get_sock_error(self._remote_sock) + if err.errno not in [errno.ECONNRESET]: + logging.error(err) + if self._remote_address: + logging.error("remote error, when connect to %s:%d" % (self._remote_address[0], self._remote_address[1])) + else: + logging.error("remote error, exception from %s:%d" % (self._client_address[0], self._client_address[1])) + self.destroy() + + def handle_event(self, sock, fd, event): + # handle all events in this handler and dispatch them to methods + handle = False + if self._stage == STAGE_DESTROYED: + logging.debug('ignore handle_event: destroyed') + return True + if self._user is not None and self._user not in self._server.server_users: + self.destroy() + return True + if fd == self._remote_sock_fd or fd == self._remotev6_sock_fd: + if event & eventloop.POLL_ERR: + handle = True + self._on_remote_error() + elif event & (eventloop.POLL_IN | eventloop.POLL_HUP): + if not self.speed_tester_d.isExceed() and not self._server.speed_tester_d(self._user_id).isExceed(): + handle = True + self._on_remote_read(sock == self._remote_sock) + else: + self._recv_d_max_size = self._tcp_mss - self._overhead + elif event & eventloop.POLL_OUT: + handle = True + self._on_remote_write() + elif fd == self._local_sock_fd: + if event & eventloop.POLL_ERR: + handle = True + self._on_local_error() + elif event & (eventloop.POLL_IN | eventloop.POLL_HUP): + if not self.speed_tester_u.isExceed() and not self._server.speed_tester_u(self._user_id).isExceed(): + handle = True + self._on_local_read() + else: + self._recv_u_max_size = self._tcp_mss - self._overhead + elif event & eventloop.POLL_OUT: + handle = True + self._on_local_write() + else: + logging.warn('unknown socket from %s:%d' % (self._client_address[0], self._client_address[1])) + try: + self._loop.removefd(fd) + except Exception as e: + shell.print_exception(e) + try: + del self._fd_to_handlers[fd] + except Exception as e: + shell.print_exception(e) + sock.close() + + return handle + + def _log_error(self, e): + logging.error('%s when handling connection from %s:%d' % + (e, self._client_address[0], self._client_address[1])) + + def stage(self): + return self._stage + + def destroy(self): + # destroy the handler and release any resources + # promises: + # 1. destroy won't make another destroy() call inside + # 2. destroy releases resources so it prevents future call to destroy + # 3. destroy won't raise any exceptions + # if any of the promises are broken, it indicates a bug has been + # introduced! mostly likely memory leaks, etc + if self._stage == STAGE_DESTROYED: + # this couldn't happen + logging.debug('already destroyed') + return + self._stage = STAGE_DESTROYED + if self._remote_address: + logging.debug('destroy: %s:%d' % + self._remote_address) + else: + logging.debug('destroy') + if self._remote_sock: + logging.debug('destroying remote') + try: + self._loop.removefd(self._remote_sock_fd) + except Exception as e: + shell.print_exception(e) + try: + if self._remote_sock_fd is not None: + del self._fd_to_handlers[self._remote_sock_fd] + except Exception as e: + shell.print_exception(e) + self._remote_sock.close() + self._remote_sock = None + if self._remote_sock_v6: + logging.debug('destroying remote_v6') + try: + self._loop.removefd(self._remotev6_sock_fd) + except Exception as e: + shell.print_exception(e) + try: + if self._remotev6_sock_fd is not None: + del self._fd_to_handlers[self._remotev6_sock_fd] + except Exception as e: + shell.print_exception(e) + self._remote_sock_v6.close() + self._remote_sock_v6 = None + if self._local_sock: + logging.debug('destroying local') + try: + self._loop.removefd(self._local_sock_fd) + except Exception as e: + shell.print_exception(e) + try: + if self._local_sock_fd is not None: + del self._fd_to_handlers[self._local_sock_fd] + except Exception as e: + shell.print_exception(e) + self._local_sock.close() + self._local_sock = None + if self._obfs: + self._obfs.dispose() + self._obfs = None + if self._protocol: + self._protocol.dispose() + self._protocol = None + self._encryptor = None + self._dns_resolver.remove_callback(self._handle_dns_resolved) + self._server.remove_handler(self) + if self._add_ref > 0: + self._server.add_connection(-1) + self._server.stat_add(self._client_address[0], -1) + +class TCPRelay(object): + def __init__(self, config, dns_resolver, is_local, stat_callback=None, stat_counter=None): + self._config = config + self._is_local = is_local + self._dns_resolver = dns_resolver + self._closed = False + self._eventloop = None + self._fd_to_handlers = {} + self.server_transfer_ul = 0 + self.server_transfer_dl = 0 + self.server_users = {} + self.server_users_cfg = {} + self.server_user_transfer_ul = {} + self.server_user_transfer_dl = {} + self.mu = False + self._speed_tester_u = {} + self._speed_tester_d = {} + self.server_connections = 0 + self.protocol_data = obfs.obfs(config['protocol']).init_data() + self.obfs_data = obfs.obfs(config['obfs']).init_data() + + if config.get('connect_verbose_info', 0) > 0: + common.connect_log = logging.info + + self._timeout = config['timeout'] + self._timeout_cache = lru_cache.LRUCache(timeout=self._timeout, + close_callback=self._close_tcp_client) + + if is_local: + listen_addr = config['local_address'] + listen_port = config['local_port'] + else: + listen_addr = config['server'] + listen_port = config['server_port'] + self._listen_port = listen_port + + if common.to_str(config['protocol']) in obfs.mu_protocol(): + self._update_users(None, None) + + addrs = socket.getaddrinfo(listen_addr, listen_port, 0, + socket.SOCK_STREAM, socket.SOL_TCP) + if len(addrs) == 0: + raise Exception("can't get addrinfo for %s:%d" % + (listen_addr, listen_port)) + af, socktype, proto, canonname, sa = addrs[0] + server_socket = socket.socket(af, socktype, proto) + server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + server_socket.bind(sa) + server_socket.setblocking(False) + if config['fast_open']: + try: + server_socket.setsockopt(socket.SOL_TCP, 23, 5) + except socket.error: + logging.error('warning: fast open is not available') + self._config['fast_open'] = False + server_socket.listen(config.get('max_connect', 1024)) + self._server_socket = server_socket + self._server_socket_fd = server_socket.fileno() + self._stat_counter = stat_counter + self._stat_callback = stat_callback + + def add_to_loop(self, loop): + if self._eventloop: + raise Exception('already add to loop') + if self._closed: + raise Exception('already closed') + self._eventloop = loop + self._eventloop.add(self._server_socket, + eventloop.POLL_IN | eventloop.POLL_ERR, self) + self._eventloop.add_periodic(self.handle_periodic) + + def remove_handler(self, client): + if hash(client) in self._timeout_cache: + del self._timeout_cache[hash(client)] + + def add_connection(self, val): + self.server_connections += val + logging.debug('server port %5d connections = %d' % (self._listen_port, self.server_connections,)) + + def get_ud(self): + return (self.server_transfer_ul, self.server_transfer_dl) + + def get_users_ud(self): + return (self.server_user_transfer_ul.copy(), self.server_user_transfer_dl.copy()) + + def _update_users(self, protocol_param, acl): + if protocol_param is None: + protocol_param = self._config['protocol_param'] + param = common.to_bytes(protocol_param).split(b'#') + if len(param) == 2: + self.mu = True + user_list = param[1].split(b',') + if user_list: + for user in user_list: + items = user.split(b':') + if len(items) == 2: + user_int_id = int(items[0]) + uid = struct.pack('= stat_dict.get(-1, 0) + connections_step: + logging.info('port %d connections up to %d' % (port, newval)) + stat_dict[-1] = stat_dict.get(-1, 0) + connections_step + elif newval <= stat_dict.get(-1, 0) - connections_step: + logging.info('port %d connections down to %d' % (port, newval)) + stat_dict[-1] = stat_dict.get(-1, 0) - connections_step + + def stat_add(self, local_addr, val): + if self._stat_counter is not None: + if self._listen_port not in self._stat_counter: + self._stat_counter[self._listen_port] = {} + newval = self._stat_counter[self._listen_port].get(local_addr, 0) + val + logging.debug('port %d addr %s connections %d' % (self._listen_port, local_addr, newval)) + self._stat_counter[self._listen_port][local_addr] = newval + self.update_stat(self._listen_port, self._stat_counter[self._listen_port], val) + if newval <= 0: + if local_addr in self._stat_counter[self._listen_port]: + del self._stat_counter[self._listen_port][local_addr] + + newval = self._stat_counter.get(0, 0) + val + self._stat_counter[0] = newval + logging.debug('Total connections %d' % newval) + + connections_step = 50 + if newval >= self._stat_counter.get(-1, 0) + connections_step: + logging.info('Total connections up to %d' % newval) + self._stat_counter[-1] = self._stat_counter.get(-1, 0) + connections_step + elif newval <= self._stat_counter.get(-1, 0) - connections_step: + logging.info('Total connections down to %d' % newval) + self._stat_counter[-1] = self._stat_counter.get(-1, 0) - connections_step + + def update_activity(self, client, data_len): + if data_len and self._stat_callback: + self._stat_callback(self._listen_port, data_len) + + self._timeout_cache[hash(client)] = client + + def _sweep_timeout(self): + self._timeout_cache.sweep() + + def _close_tcp_client(self, client): + if client.remote_address: + logging.debug('timed out: %s:%d' % + client.remote_address) + else: + logging.debug('timed out') + client.destroy() + + def handle_event(self, sock, fd, event): + # handle events and dispatch to handlers + handle = False + if sock: + logging.log(shell.VERBOSE_LEVEL, 'fd %d %s', fd, + eventloop.EVENT_NAMES.get(event, event)) + if sock == self._server_socket: + if event & eventloop.POLL_ERR: + # TODO + raise Exception('server_socket error') + handler = None + handle = True + try: + logging.debug('accept') + conn = self._server_socket.accept() + handler = TCPRelayHandler(self, self._fd_to_handlers, + self._eventloop, conn[0], self._config, + self._dns_resolver, self._is_local) + if handler.stage() == STAGE_DESTROYED: + conn[0].close() + except (OSError, IOError) as e: + error_no = eventloop.errno_from_exception(e) + if error_no in (errno.EAGAIN, errno.EINPROGRESS, + errno.EWOULDBLOCK): + return + else: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + if handler: + handler.destroy() + else: + if sock: + handler = self._fd_to_handlers.get(fd, None) + if handler: + handle = handler.handle_event(sock, fd, event) + else: + logging.warn('unknown fd') + handle = True + try: + self._eventloop.removefd(fd) + except Exception as e: + shell.print_exception(e) + sock.close() + else: + logging.warn('poll removed fd') + handle = True + if fd in self._fd_to_handlers: + try: + del self._fd_to_handlers[fd] + except Exception as e: + shell.print_exception(e) + return handle + + def handle_periodic(self): + if self._closed: + if self._server_socket: + self._eventloop.removefd(self._server_socket_fd) + self._server_socket.close() + self._server_socket = None + logging.info('closed TCP port %d', self._listen_port) + for handler in list(self._fd_to_handlers.values()): + handler.destroy() + self._sweep_timeout() + + def close(self, next_tick=False): + logging.debug('TCP close') + self._closed = True + if not next_tick: + if self._eventloop: + self._eventloop.remove_periodic(self.handle_periodic) + self._eventloop.removefd(self._server_socket_fd) + self._server_socket.close() + for handler in list(self._fd_to_handlers.values()): + handler.destroy() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/udprelay.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/udprelay.py new file mode 100644 index 000000000..b9606cd81 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/udprelay.py @@ -0,0 +1,656 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SOCKS5 UDP Request +# +----+------+------+----------+----------+----------+ +# |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA | +# +----+------+------+----------+----------+----------+ +# | 2 | 1 | 1 | Variable | 2 | Variable | +# +----+------+------+----------+----------+----------+ + +# SOCKS5 UDP Response +# +----+------+------+----------+----------+----------+ +# |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA | +# +----+------+------+----------+----------+----------+ +# | 2 | 1 | 1 | Variable | 2 | Variable | +# +----+------+------+----------+----------+----------+ + +# shadowsocks UDP Request (before encrypted) +# +------+----------+----------+----------+ +# | ATYP | DST.ADDR | DST.PORT | DATA | +# +------+----------+----------+----------+ +# | 1 | Variable | 2 | Variable | +# +------+----------+----------+----------+ + +# shadowsocks UDP Response (before encrypted) +# +------+----------+----------+----------+ +# | ATYP | DST.ADDR | DST.PORT | DATA | +# +------+----------+----------+----------+ +# | 1 | Variable | 2 | Variable | +# +------+----------+----------+----------+ + +# shadowsocks UDP Request and Response (after encrypted) +# +-------+--------------+ +# | IV | PAYLOAD | +# +-------+--------------+ +# | Fixed | Variable | +# +-------+--------------+ + +# HOW TO NAME THINGS +# ------------------ +# `dest` means destination server, which is from DST fields in the SOCKS5 +# request +# `local` means local server of shadowsocks +# `remote` means remote server of shadowsocks +# `client` means UDP clients that connects to other servers +# `server` means the UDP server that handles user requests + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import time +import socket +import logging +import struct +import errno +import random +import binascii +import traceback +import threading + +from shadowsocks import encrypt, obfs, eventloop, lru_cache, common, shell +from shadowsocks.common import pre_parse_header, parse_header, pack_addr + +# for each handler, we have 2 stream directions: +# upstream: from client to server direction +# read local and write to remote +# downstream: from server to client direction +# read remote and write to local + +STREAM_UP = 0 +STREAM_DOWN = 1 + +# for each stream, it's waiting for reading, or writing, or both +WAIT_STATUS_INIT = 0 +WAIT_STATUS_READING = 1 +WAIT_STATUS_WRITING = 2 +WAIT_STATUS_READWRITING = WAIT_STATUS_READING | WAIT_STATUS_WRITING + +BUF_SIZE = 65536 +DOUBLE_SEND_BEG_IDS = 16 +POST_MTU_MIN = 500 +POST_MTU_MAX = 1400 +SENDING_WINDOW_SIZE = 8192 + +STAGE_INIT = 0 +STAGE_RSP_ID = 1 +STAGE_DNS = 2 +STAGE_CONNECTING = 3 +STAGE_STREAM = 4 +STAGE_DESTROYED = -1 + +CMD_CONNECT = 0 +CMD_RSP_CONNECT = 1 +CMD_CONNECT_REMOTE = 2 +CMD_RSP_CONNECT_REMOTE = 3 +CMD_POST = 4 +CMD_SYN_STATUS = 5 +CMD_POST_64 = 6 +CMD_SYN_STATUS_64 = 7 +CMD_DISCONNECT = 8 + +CMD_VER_STR = b"\x08" + +RSP_STATE_EMPTY = b"" +RSP_STATE_REJECT = b"\x00" +RSP_STATE_CONNECTED = b"\x01" +RSP_STATE_CONNECTEDREMOTE = b"\x02" +RSP_STATE_ERROR = b"\x03" +RSP_STATE_DISCONNECT = b"\x04" +RSP_STATE_REDIRECT = b"\x05" + +def client_key(source_addr, server_af): + # notice this is server af, not dest af + return '%s:%s:%d' % (source_addr[0], source_addr[1], server_af) + +class UDPRelay(object): + def __init__(self, config, dns_resolver, is_local, stat_callback=None, stat_counter=None): + self._config = config + if config.get('connect_verbose_info', 0) > 0: + common.connect_log = logging.info + if is_local: + self._listen_addr = config['local_address'] + self._listen_port = config['local_port'] + self._remote_addr = config['server'] + self._remote_port = config['server_port'] + else: + self._listen_addr = config['server'] + self._listen_port = config['server_port'] + self._remote_addr = None + self._remote_port = None + self._dns_resolver = dns_resolver + self._password = common.to_bytes(config['password']) + self._method = config['method'] + self._timeout = config['timeout'] + self._is_local = is_local + self._udp_cache_size = config['udp_cache'] + self._cache = lru_cache.LRUCache(timeout=config['udp_timeout'], + close_callback=self._close_client_pair) + self._cache_dns_client = lru_cache.LRUCache(timeout=10, + close_callback=self._close_client_pair) + self._client_fd_to_server_addr = {} + #self._dns_cache = lru_cache.LRUCache(timeout=1800) + self._eventloop = None + self._closed = False + self.server_transfer_ul = 0 + self.server_transfer_dl = 0 + self.server_users = {} + self.server_user_transfer_ul = {} + self.server_user_transfer_dl = {} + + if common.to_bytes(config['protocol']) in obfs.mu_protocol(): + self._update_users(None, None) + + self.protocol_data = obfs.obfs(config['protocol']).init_data() + self._protocol = obfs.obfs(config['protocol']) + server_info = obfs.server_info(self.protocol_data) + server_info.host = self._listen_addr + server_info.port = self._listen_port + server_info.users = self.server_users + server_info.protocol_param = config['protocol_param'] + server_info.obfs_param = '' + server_info.iv = b'' + server_info.recv_iv = b'' + server_info.key_str = common.to_bytes(config['password']) + server_info.key = encrypt.encrypt_key(self._password, self._method) + server_info.head_len = 30 + server_info.tcp_mss = 1452 + server_info.buffer_size = BUF_SIZE + server_info.overhead = 0 + self._protocol.set_server_info(server_info) + + self._sockets = set() + self._fd_to_handlers = {} + self._reqid_to_hd = {} + self._data_to_write_to_server_socket = [] + + self._timeout_cache = lru_cache.LRUCache(timeout=self._timeout, + close_callback=self._close_tcp_client) + + self._bind = config.get('out_bind', '') + self._bindv6 = config.get('out_bindv6', '') + self._ignore_bind_list = config.get('ignore_bind', []) + + if 'forbidden_ip' in config: + self._forbidden_iplist = config['forbidden_ip'] + else: + self._forbidden_iplist = None + if 'forbidden_port' in config: + self._forbidden_portset = config['forbidden_port'] + else: + self._forbidden_portset = None + + addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0, + socket.SOCK_DGRAM, socket.SOL_UDP) + if len(addrs) == 0: + raise Exception("can't get addrinfo for %s:%d" % + (self._listen_addr, self._listen_port)) + af, socktype, proto, canonname, sa = addrs[0] + server_socket = socket.socket(af, socktype, proto) + server_socket.bind((self._listen_addr, self._listen_port)) + server_socket.setblocking(False) + self._server_socket = server_socket + self._stat_callback = stat_callback + + def _get_a_server(self): + server = self._config['server'] + server_port = self._config['server_port'] + if type(server_port) == list: + server_port = random.choice(server_port) + if type(server) == list: + server = random.choice(server) + logging.debug('chosen server: %s:%d', server, server_port) + return server, server_port + + def get_ud(self): + return (self.server_transfer_ul, self.server_transfer_dl) + + def get_users_ud(self): + ret = (self.server_user_transfer_ul.copy(), self.server_user_transfer_dl.copy()) + return ret + + def _update_users(self, protocol_param, acl): + if protocol_param is None: + protocol_param = self._config['protocol_param'] + param = common.to_bytes(protocol_param).split(b'#') + if len(param) == 2: + user_list = param[1].split(b',') + if user_list: + for user in user_list: + items = user.split(b':') + if len(items) == 2: + user_int_id = int(items[0]) + uid = struct.pack(' header_length + 13 and data[header_length + 4 : header_length + 12] == b"\x00\x01\x00\x00\x00\x00\x00\x00": + is_dns = True + else: + pass + if sa[1] == 53 and is_dns: #DNS + logging.debug("DNS query %s from %s:%d" % (common.to_str(sa[0]), r_addr[0], r_addr[1])) + self._cache_dns_client[key] = (client, uid) + else: + self._cache[key] = (client, uid) + self._client_fd_to_server_addr[client.fileno()] = (r_addr, af) + + self._sockets.add(client.fileno()) + self._eventloop.add(client, eventloop.POLL_IN, self) + + logging.debug('UDP port %5d sockets %d' % (self._listen_port, len(self._sockets))) + + if uid is not None: + user_id = struct.unpack(' 255: + # drop + return + data = pack_addr(r_addr[0]) + struct.pack('>H', r_addr[1]) + data + ref_iv = [encrypt.encrypt_new_iv(self._method)] + self._protocol.obfs.server_info.iv = ref_iv[0] + data = self._protocol.server_udp_pre_encrypt(data, client_uid) + response = encrypt.encrypt_all_iv(self._protocol.obfs.server_info.key, self._method, 1, + data, ref_iv) + if not response: + return + else: + ref_iv = [0] + data = encrypt.encrypt_all_iv(self._protocol.obfs.server_info.key, self._method, 0, + data, ref_iv) + if not data: + return + self._protocol.obfs.server_info.recv_iv = ref_iv[0] + data = self._protocol.client_udp_post_decrypt(data) + header_result = parse_header(data) + if header_result is None: + return + #connecttype, dest_addr, dest_port, header_length = header_result + #logging.debug('UDP handle_client %s:%d to %s:%d' % (common.to_str(r_addr[0]), r_addr[1], dest_addr, dest_port)) + + response = b'\x00\x00\x00' + data + + if client_addr: + if client_uid: + self.add_transfer_d(client_uid, len(response)) + else: + self.server_transfer_dl += len(response) + self.write_to_server_socket(response, client_addr[0]) + if client_dns_pair: + logging.debug("remove dns client %s:%d" % (client_addr[0][0], client_addr[0][1])) + del self._cache_dns_client[key] + self._close_client(client_dns_pair[0]) + else: + # this packet is from somewhere else we know + # simply drop that packet + pass + + def write_to_server_socket(self, data, addr): + uncomplete = False + retry = 0 + try: + self._server_socket.sendto(data, addr) + data = None + while self._data_to_write_to_server_socket: + data_buf = self._data_to_write_to_server_socket[0] + retry = data_buf[1] + 1 + del self._data_to_write_to_server_socket[0] + data, addr = data_buf[0] + self._server_socket.sendto(data, addr) + except (OSError, IOError) as e: + error_no = eventloop.errno_from_exception(e) + uncomplete = True + if error_no in (errno.EWOULDBLOCK,): + pass + else: + shell.print_exception(e) + return False + #if uncomplete and data is not None and retry < 3: + # self._data_to_write_to_server_socket.append([(data, addr), retry]) + #''' + + def add_to_loop(self, loop): + if self._eventloop: + raise Exception('already add to loop') + if self._closed: + raise Exception('already closed') + self._eventloop = loop + + server_socket = self._server_socket + self._eventloop.add(server_socket, + eventloop.POLL_IN | eventloop.POLL_ERR, self) + loop.add_periodic(self.handle_periodic) + + def remove_handler(self, client): + if hash(client) in self._timeout_cache: + del self._timeout_cache[hash(client)] + + def update_activity(self, client): + self._timeout_cache[hash(client)] = client + + def _sweep_timeout(self): + self._timeout_cache.sweep() + + def _close_tcp_client(self, client): + if client.remote_address: + logging.debug('timed out: %s:%d' % + client.remote_address) + else: + logging.debug('timed out') + client.destroy() + client.destroy_local() + + def handle_event(self, sock, fd, event): + if sock == self._server_socket: + if event & eventloop.POLL_ERR: + logging.error('UDP server_socket err') + try: + self._handle_server() + except Exception as e: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + elif sock and (fd in self._sockets): + if event & eventloop.POLL_ERR: + logging.error('UDP client_socket err') + try: + self._handle_client(sock) + except Exception as e: + shell.print_exception(e) + if self._config['verbose']: + traceback.print_exc() + else: + if sock: + handler = self._fd_to_handlers.get(fd, None) + if handler: + handler.handle_event(sock, event) + else: + logging.warn('poll removed fd') + + def handle_periodic(self): + if self._closed: + self._cache.clear(0) + self._cache_dns_client.clear(0) + if self._eventloop: + self._eventloop.remove_periodic(self.handle_periodic) + self._eventloop.remove(self._server_socket) + if self._server_socket: + self._server_socket.close() + self._server_socket = None + logging.info('closed UDP port %d', self._listen_port) + else: + before_sweep_size = len(self._sockets) + self._cache.sweep() + self._cache_dns_client.sweep() + if before_sweep_size != len(self._sockets): + logging.debug('UDP port %5d sockets %d' % (self._listen_port, len(self._sockets))) + self._sweep_timeout() + + def close(self, next_tick=False): + logging.debug('UDP close') + self._closed = True + if not next_tick: + if self._eventloop: + self._eventloop.remove_periodic(self.handle_periodic) + self._eventloop.remove(self._server_socket) + self._server_socket.close() + self._cache.clear(0) + self._cache_dns_client.clear(0) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/version.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/version.py new file mode 100644 index 000000000..f3e1ef796 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/shadowsocks/version.py @@ -0,0 +1,20 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2017 breakwa11 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +def version(): + return '3.4.0 2017-07-27' + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/stop.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/stop.sh new file mode 100755 index 000000000..56567daa0 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/stop.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +python_ver=$(ls /usr/bin|grep -e "^python[23]\.[1-9]\+$"|tail -1) +eval $(ps -ef | grep "[0-9] ${python_ver} server\\.py m" | awk '{print "kill "$2}') + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/switchrule.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/switchrule.py new file mode 100644 index 000000000..6687e12cf --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/switchrule.py @@ -0,0 +1,8 @@ +def getKeys(key_list): + return key_list + #return key_list + ['plan'] # append the column name 'plan' + +def isTurnOn(row): + return True + #return row['plan'] == 'B' # then judge here + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tail.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tail.sh new file mode 100755 index 000000000..f36f605ee --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tail.sh @@ -0,0 +1,3 @@ +#!/bin/bash +cd `dirname $0` +tail -f ssserver.log diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-cfb1.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-cfb1.json new file mode 100644 index 000000000..40d0b2107 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-cfb1.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-cfb1", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-cfb8.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-cfb8.json new file mode 100644 index 000000000..fb7014b1e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-cfb8.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-cfb8", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-ctr.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-ctr.json new file mode 100644 index 000000000..1fed8a8c7 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes-ctr.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-ctr", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes.json new file mode 100644 index 000000000..a3d95b9b5 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/aes.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-cfb", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/assert.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/assert.sh new file mode 100755 index 000000000..b0c679cbc --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/assert.sh @@ -0,0 +1,148 @@ +#!/bin/bash +# assert.sh 1.0 - bash unit testing framework +# Copyright (C) 2009, 2010, 2011, 2012 Robert Lehmann +# +# http://github.com/lehmannro/assert.sh +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +export DISCOVERONLY=${DISCOVERONLY:-} +export DEBUG=${DEBUG:-} +export STOP=${STOP:-} +export INVARIANT=${INVARIANT:-} +export CONTINUE=${CONTINUE:-} + +args="$(getopt -n "$0" -l \ + verbose,help,stop,discover,invariant,continue vhxdic $*)" \ +|| exit -1 +for arg in $args; do + case "$arg" in + -h) + echo "$0 [-vxidc]" \ + "[--verbose] [--stop] [--invariant] [--discover] [--continue]" + echo "`sed 's/./ /g' <<< "$0"` [-h] [--help]" + exit 0;; + --help) + cat < [stdin] + (( tests_ran++ )) || : + [[ -n "$DISCOVERONLY" ]] && return || true + # printf required for formatting + printf -v expected "x${2:-}" # x required to overwrite older results + result="$(eval 2>/dev/null $1 <<< ${3:-})" || true + # Note: $expected is already decorated + if [[ "x$result" == "$expected" ]]; then + [[ -n "$DEBUG" ]] && echo -n . || true + return + fi + result="$(sed -e :a -e '$!N;s/\n/\\n/;ta' <<< "$result")" + [[ -z "$result" ]] && result="nothing" || result="\"$result\"" + [[ -z "$2" ]] && expected="nothing" || expected="\"$2\"" + _assert_fail "expected $expected${_indent}got $result" "$1" "$3" +} + +assert_raises() { + # assert_raises [stdin] + (( tests_ran++ )) || : + [[ -n "$DISCOVERONLY" ]] && return || true + status=0 + (eval $1 <<< ${3:-}) > /dev/null 2>&1 || status=$? + expected=${2:-0} + if [[ "$status" -eq "$expected" ]]; then + [[ -n "$DEBUG" ]] && echo -n . || true + return + fi + _assert_fail "program terminated with code $status instead of $expected" "$1" "$3" +} + +_assert_fail() { + # _assert_fail + [[ -n "$DEBUG" ]] && echo -n X + report="test #$tests_ran \"$2${3:+ <<< $3}\" failed:${_indent}$1" + if [[ -n "$STOP" ]]; then + [[ -n "$DEBUG" ]] && echo + echo "$report" + exit 1 + fi + tests_errors[$tests_failed]="$report" + (( tests_failed++ )) || : +} + +_assert_reset +: ${tests_suite_status:=0} # remember if any of the tests failed so far +_assert_cleanup() { + local status=$? + # modify exit code if it's not already non-zero + [[ $status -eq 0 && -z $CONTINUE ]] && exit $tests_suite_status +} +trap _assert_cleanup EXIT diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/chacha20.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/chacha20.json new file mode 100644 index 000000000..541a9beb5 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/chacha20.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"salsa20_password", + "timeout":60, + "method":"chacha20", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/client-multi-server-ip.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/client-multi-server-ip.json new file mode 100644 index 000000000..1823c2a75 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/client-multi-server-ip.json @@ -0,0 +1,10 @@ +{ + "server":["127.0.0.1", "127.0.0.1"], + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-cfb", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/coverage_server.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/coverage_server.py new file mode 100644 index 000000000..23cc8cd71 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/coverage_server.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +if __name__ == '__main__': + import tornado.ioloop + import tornado.web + import urllib + + class MainHandler(tornado.web.RequestHandler): + def get(self, project): + try: + with open('/tmp/%s-coverage' % project, 'rb') as f: + coverage = f.read().strip() + n = int(coverage.strip('%')) + if n >= 80: + color = 'brightgreen' + else: + color = 'yellow' + self.redirect(('https://img.shields.io/badge/' + 'coverage-%s-%s.svg' + '?style=flat') % + (urllib.quote(coverage), color)) + except IOError: + raise tornado.web.HTTPError(404) + + application = tornado.web.Application([ + (r"/([a-zA-Z0-9\-_]+)", MainHandler), + ]) + + if __name__ == "__main__": + application.listen(8888, address='127.0.0.1') + tornado.ioloop.IOLoop.instance().start() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/fastopen.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/fastopen.json new file mode 100644 index 000000000..f3980b65e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/fastopen.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"fastopen_password", + "timeout":60, + "method":"aes-256-cfb", + "local_address":"127.0.0.1", + "fast_open":true +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/ipv6-client-side.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/ipv6-client-side.json new file mode 100644 index 000000000..6c3cfaf8d --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/ipv6-client-side.json @@ -0,0 +1,10 @@ +{ + "server":"::1", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-cfb", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/ipv6.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/ipv6.json new file mode 100644 index 000000000..d855f9c47 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/ipv6.json @@ -0,0 +1,10 @@ +{ + "server":"::", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"aes-256-cfb", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/jenkins.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/jenkins.sh new file mode 100755 index 000000000..ea5c1630b --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/jenkins.sh @@ -0,0 +1,82 @@ +#!/bin/bash + +result=0 + +function run_test { + printf '\e[0;36m' + echo "running test: $command $@" + printf '\e[0m' + + $command "$@" + status=$? + if [ $status -ne 0 ]; then + printf '\e[0;31m' + echo "test failed: $command $@" + printf '\e[0m' + echo + result=1 + else + printf '\e[0;32m' + echo OK + printf '\e[0m' + echo + fi + return 0 +} + +python --version +coverage erase +mkdir tmp +run_test pep8 --ignore=E402 . +run_test pyflakes . +run_test coverage run tests/nose_plugin.py -v +run_test python setup.py sdist +run_test tests/test_daemon.sh +run_test python tests/test.py --with-coverage -c tests/aes.json +run_test python tests/test.py --with-coverage -c tests/aes-ctr.json +run_test python tests/test.py --with-coverage -c tests/aes-cfb1.json +run_test python tests/test.py --with-coverage -c tests/aes-cfb8.json +run_test python tests/test.py --with-coverage -c tests/rc4-md5.json +run_test python tests/test.py --with-coverage -c tests/salsa20.json +run_test python tests/test.py --with-coverage -c tests/chacha20.json +run_test python tests/test.py --with-coverage -c tests/table.json +run_test python tests/test.py --with-coverage -c tests/server-multi-ports.json +run_test python tests/test.py --with-coverage -s tests/aes.json -c tests/client-multi-server-ip.json +run_test python tests/test.py --with-coverage -s tests/server-multi-passwd.json -c tests/server-multi-passwd-client-side.json +run_test python tests/test.py --with-coverage -c tests/workers.json +run_test python tests/test.py --with-coverage -s tests/ipv6.json -c tests/ipv6-client-side.json +run_test python tests/test.py --with-coverage -b "-m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -q" -a "-m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -vv" +run_test python tests/test.py --with-coverage -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --workers 1" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -qq -b 127.0.0.1" +run_test python tests/test.py --with-coverage --should-fail --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip=127.0.0.1,::1,8.8.8.8" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1" + +# test if DNS works +run_test python tests/test.py --with-coverage -c tests/aes.json --url="https://clients1.google.com/generate_204" + +# test localhost is in the forbidden list by default +run_test python tests/test.py --with-coverage --should-fail --tcp-only --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1" + +# test localhost is available when forbidden list is empty +run_test python tests/test.py --with-coverage --tcp-only --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip=" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1" + +if [ -f /proc/sys/net/ipv4/tcp_fastopen ] ; then + if [ 3 -eq `cat /proc/sys/net/ipv4/tcp_fastopen` ] ; then + # we have to run it twice: + # the first time there's no syn cookie + # the second time there is syn cookie + run_test python tests/test.py --with-coverage -c tests/fastopen.json + run_test python tests/test.py --with-coverage -c tests/fastopen.json + fi +fi + +run_test tests/test_large_file.sh +run_test tests/test_udp_src.sh +run_test tests/test_command.sh + +coverage combine && coverage report --include=shadowsocks/* +rm -rf htmlcov +rm -rf tmp +coverage html --include=shadowsocks/* + +coverage report --include=shadowsocks/* | tail -n1 | rev | cut -d' ' -f 1 | rev > /tmp/shadowsocks-coverage + +exit $result diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/libsodium/install.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/libsodium/install.sh new file mode 100755 index 000000000..b0e35fa13 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/libsodium/install.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ! -d libsodium-1.0.1 ]; then + wget https://github.com/jedisct1/libsodium/releases/download/1.0.1/libsodium-1.0.1.tar.gz || exit 1 + tar xf libsodium-1.0.1.tar.gz || exit 1 +fi +pushd libsodium-1.0.1 +./configure && make -j2 && make install || exit 1 +sudo ldconfig +popd diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/nose_plugin.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/nose_plugin.py new file mode 100644 index 000000000..86b1a8653 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/nose_plugin.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import nose +from nose.plugins.base import Plugin + + +class ExtensionPlugin(Plugin): + + name = "ExtensionPlugin" + + def options(self, parser, env): + Plugin.options(self, parser, env) + + def configure(self, options, config): + Plugin.configure(self, options, config) + self.enabled = True + + def wantFile(self, file): + return file.endswith('.py') + + def wantDirectory(self, directory): + return True + + def wantModule(self, file): + return True + + +if __name__ == '__main__': + nose.main(addplugins=[ExtensionPlugin()]) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/rc4-md5.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/rc4-md5.json new file mode 100644 index 000000000..26ba0dfa7 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/rc4-md5.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"aes_password", + "timeout":60, + "method":"rc4-md5", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/salsa20-ctr.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/salsa20-ctr.json new file mode 100644 index 000000000..5ca6c45f5 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/salsa20-ctr.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"salsa20_password", + "timeout":60, + "method":"salsa20-ctr", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/salsa20.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/salsa20.json new file mode 100644 index 000000000..7e303800d --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/salsa20.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"salsa20_password", + "timeout":60, + "method":"salsa20", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd-client-side.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd-client-side.json new file mode 100644 index 000000000..c822c98b9 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd-client-side.json @@ -0,0 +1,8 @@ +{ + "server": "127.0.0.1", + "server_port": "8385", + "local_port": 1081, + "password": "foobar5", + "timeout": 60, + "method": "aes-256-cfb" +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd-table.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd-table.json new file mode 100644 index 000000000..a2c0a8089 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd-table.json @@ -0,0 +1,19 @@ +{ + "server": "127.0.0.1", + "server_port": 8384, + "local_port": 1081, + "password": "foobar4", + "port_password": { + "8381": "foobar1", + "8382": "foobar2", + "8383": "foobar3", + "8384": "foobar4", + "8385": "foobar5", + "8386": "foobar6", + "8387": "foobar7", + "8388": "foobar8", + "8389": "foobar9" + }, + "timeout": 60, + "method": "table" +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd.json new file mode 100644 index 000000000..b1407f0a1 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-passwd.json @@ -0,0 +1,17 @@ +{ + "server": "127.0.0.1", + "local_port": 1081, + "port_password": { + "8381": "foobar1", + "8382": "foobar2", + "8383": "foobar3", + "8384": "foobar4", + "8385": "foobar5", + "8386": "foobar6", + "8387": "foobar7", + "8388": "foobar8", + "8389": "foobar9" + }, + "timeout": 60, + "method": "aes-256-cfb" +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-ports.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-ports.json new file mode 100644 index 000000000..5bdbcab64 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/server-multi-ports.json @@ -0,0 +1,8 @@ +{ + "server": "127.0.0.1", + "server_port": [8384, 8345, 8346, 8347], + "local_port": 1081, + "password": "foobar4", + "timeout": 60, + "method": "aes-256-cfb" +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/setup_tc.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/setup_tc.sh new file mode 100755 index 000000000..1a5fa208b --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/setup_tc.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +DEV=lo +PORT=8388 +DELAY=100ms + +type tc 2> /dev/null && ( + tc qdisc add dev $DEV root handle 1: htb + tc class add dev $DEV parent 1: classid 1:1 htb rate 2mbps + tc class add dev $DEV parent 1:1 classid 1:6 htb rate 2mbps ceil 1mbps prio 0 + tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 6 fw flowid 1:6 + + tc filter add dev $DEV parent 1:0 protocol ip u32 match ip dport $PORT 0xffff flowid 1:6 + tc filter add dev $DEV parent 1:0 protocol ip u32 match ip sport $PORT 0xffff flowid 1:6 + + tc qdisc show dev lo +) + diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/socksify/install.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/socksify/install.sh new file mode 100755 index 000000000..8eff72df0 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/socksify/install.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ! -d dante-1.4.0 ]; then + wget http://www.inet.no/dante/files/dante-1.4.0.tar.gz || exit 1 + tar xf dante-1.4.0.tar.gz || exit 1 +fi +pushd dante-1.4.0 +./configure && make -j4 && make install || exit 1 +popd +cp tests/socksify/socks.conf /etc/ || exit 1 diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/socksify/socks.conf b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/socksify/socks.conf new file mode 100644 index 000000000..13db772fd --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/socksify/socks.conf @@ -0,0 +1,5 @@ +route { + from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 1081 + proxyprotocol: socks_v5 + method: none +} \ No newline at end of file diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/table.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/table.json new file mode 100644 index 000000000..cca6ac27e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/table.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"table_password", + "timeout":60, + "method":"table", + "local_address":"127.0.0.1", + "fast_open":false +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test.py new file mode 100755 index 000000000..408340134 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright 2015 clowwindy +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import sys +import os +import signal +import select +import time +import argparse +from subprocess import Popen, PIPE + +python = ['python'] + +default_url = 'http://localhost/' + +parser = argparse.ArgumentParser(description='test Shadowsocks') +parser.add_argument('-c', '--client-conf', type=str, default=None) +parser.add_argument('-s', '--server-conf', type=str, default=None) +parser.add_argument('-a', '--client-args', type=str, default=None) +parser.add_argument('-b', '--server-args', type=str, default=None) +parser.add_argument('--with-coverage', action='store_true', default=None) +parser.add_argument('--should-fail', action='store_true', default=None) +parser.add_argument('--tcp-only', action='store_true', default=None) +parser.add_argument('--url', type=str, default=default_url) +parser.add_argument('--dns', type=str, default='8.8.8.8') + +config = parser.parse_args() + +if config.with_coverage: + python = ['coverage', 'run', '-p'] + +client_args = python + ['shadowsocks/local.py', '-v'] +server_args = python + ['shadowsocks/server.py', '-v'] + +if config.client_conf: + client_args.extend(['-c', config.client_conf]) + if config.server_conf: + server_args.extend(['-c', config.server_conf]) + else: + server_args.extend(['-c', config.client_conf]) +if config.client_args: + client_args.extend(config.client_args.split()) + if config.server_args: + server_args.extend(config.server_args.split()) + else: + server_args.extend(config.client_args.split()) +if config.url == default_url: + server_args.extend(['--forbidden-ip', '']) + +p1 = Popen(server_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) +p2 = Popen(client_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) +p3 = None +p4 = None +p3_fin = False +p4_fin = False + +# 1 shadowsocks started +# 2 curl started +# 3 curl finished +# 4 dig started +# 5 dig finished +stage = 1 + +try: + local_ready = False + server_ready = False + fdset = [p1.stdout, p2.stdout, p1.stderr, p2.stderr] + while True: + r, w, e = select.select(fdset, [], fdset) + if e: + break + + for fd in r: + line = fd.readline() + if not line: + if stage == 2 and fd == p3.stdout: + stage = 3 + if stage == 4 and fd == p4.stdout: + stage = 5 + if bytes != str: + line = str(line, 'utf8') + sys.stderr.write(line) + if line.find('starting local') >= 0: + local_ready = True + if line.find('starting server') >= 0: + server_ready = True + + if stage == 1: + time.sleep(2) + + p3 = Popen(['curl', config.url, '-v', '-L', + '--socks5-hostname', '127.0.0.1:1081', + '-m', '15', '--connect-timeout', '10'], + stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) + if p3 is not None: + fdset.append(p3.stdout) + fdset.append(p3.stderr) + stage = 2 + else: + sys.exit(1) + + if stage == 3 and p3 is not None: + fdset.remove(p3.stdout) + fdset.remove(p3.stderr) + r = p3.wait() + if config.should_fail: + if r == 0: + sys.exit(1) + else: + if r != 0: + sys.exit(1) + if config.tcp_only: + break + p4 = Popen(['socksify', 'dig', '@%s' % config.dns, + 'www.google.com'], + stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) + if p4 is not None: + fdset.append(p4.stdout) + fdset.append(p4.stderr) + stage = 4 + else: + sys.exit(1) + + if stage == 5: + r = p4.wait() + if config.should_fail: + if r == 0: + sys.exit(1) + print('test passed (expecting failure)') + else: + if r != 0: + sys.exit(1) + print('test passed') + break +finally: + for p in [p1, p2]: + try: + os.kill(p.pid, signal.SIGINT) + os.waitpid(p.pid, 0) + except OSError: + pass diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_command.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_command.sh new file mode 100755 index 000000000..a1a777b0d --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_command.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +. tests/assert.sh + +PYTHON="coverage run -p" +LOCAL="$PYTHON shadowsocks/local.py" +SERVER="$PYTHON shadowsocks/server.py" + +assert "$LOCAL --version 2>&1 | grep Shadowsocks | awk -F\" \" '{print \$1}'" "Shadowsocks" +assert "$SERVER --version 2>&1 | grep Shadowsocks | awk -F\" \" '{print \$1}'" "Shadowsocks" + + +assert "$LOCAL 2>&1 -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d start | grep WARNING | awk -F\"WARNING\" '{print \$2}'" " warning: server set to listen on 127.0.0.1:8388, are you sure?" +$LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop + +assert "$LOCAL 2>&1 -m rc4-md5 -k testrc4 -s 0.0.0.0 -p 8388 -t10 -d start | grep WARNING | awk -F\"WARNING\" '{print \$2}'" " warning: your timeout 10 seems too short" +$LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop + +assert "$LOCAL 2>&1 -m rc4-md5 -k testrc4 -s 0.0.0.0 -p 8388 -t1000 -d start | grep WARNING | awk -F\"WARNING\" '{print \$2}'" " warning: your timeout 1000 seems too long" +$LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop + +assert "$LOCAL 2>&1 -m rc4 -k testrc4 -s 0.0.0.0 -p 8388 -d start | grep WARNING | awk -F\"WARNING\" '{print \$2}'" " warning: RC4 is not safe; please use a safer cipher, like AES-256-CFB" +$LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop + +assert "$LOCAL 2>&1 -m rc4-md5 -k mypassword -s 0.0.0.0 -p 8388 -d start | grep ERROR | awk -F\"ERROR\" '{print \$2}'" " DON'T USE DEFAULT PASSWORD! Please change it in your config.json!" +$LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop + + +assert "$SERVER 2>&1 --forbidden-ip 127.0.0.1/4a -m rc4-md5 -k 12345 -p 8388 -s 0.0.0.0 -d start | grep ERROR | awk -F\"ERROR\" '{print \$2}'" ": Not a valid CIDR notation: 127.0.0.1/4a" +$LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop + +assert_end command diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_daemon.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_daemon.sh new file mode 100755 index 000000000..7a192bdb1 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_daemon.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +function run_test { + expected=$1 + shift + echo "running test: $command $@" + $command $@ + status=$? + if [ $status -ne $expected ]; then + echo "exit $status != $expected" + exit 1 + fi + echo "exit status $status == $expected" + echo OK + return +} + +for module in local server +do + +command="coverage run -p shadowsocks/$module.py" + +mkdir -p tmp + +run_test 0 -c tests/aes.json -d stop --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log + +run_test 0 -c tests/aes.json -d start --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log +run_test 0 -c tests/aes.json -d stop --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log + +run_test 0 -c tests/aes.json -d start --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log +run_test 1 -c tests/aes.json -d start --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log +run_test 0 -c tests/aes.json -d stop --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log + +run_test 0 -c tests/aes.json -d start --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log +run_test 0 -c tests/aes.json -d restart --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log +run_test 0 -c tests/aes.json -d stop --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log + +run_test 0 -c tests/aes.json -d restart --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log +run_test 0 -c tests/aes.json -d stop --pid-file tmp/shadowsocks.pid --log-file tmp/shadowsocks.log + +run_test 1 -c tests/aes.json -d start --pid-file tmp/not_exist/shadowsocks.pid --log-file tmp/shadowsocks.log + +done diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_large_file.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_large_file.sh new file mode 100755 index 000000000..7a61caff1 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_large_file.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +PYTHON="coverage run -p" +URL=http://127.0.0.1/file + +mkdir -p tmp + +$PYTHON shadowsocks/local.py -c tests/aes.json & +LOCAL=$! + +$PYTHON shadowsocks/server.py -c tests/aes.json --forbidden-ip "" & +SERVER=$! + +sleep 3 + +time curl -o tmp/expected $URL +time curl -o tmp/result --socks5-hostname 127.0.0.1:1081 $URL + +kill -s SIGINT $LOCAL +kill -s SIGINT $SERVER + +sleep 2 + +diff tmp/expected tmp/result || exit 1 diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_udp_src.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_udp_src.py new file mode 100644 index 000000000..e8fa5057e --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_udp_src.py @@ -0,0 +1,83 @@ +#!/usr/bin/python + +import socket +import socks + + +SERVER_IP = '127.0.0.1' +SERVER_PORT = 1081 + + +if __name__ == '__main__': + # Test 1: same source port IPv4 + sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT) + sock_out.bind(('127.0.0.1', 9000)) + + sock_in1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + sock_in2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + + sock_in1.bind(('127.0.0.1', 9001)) + sock_in2.bind(('127.0.0.1', 9002)) + + sock_out.sendto(b'data', ('127.0.0.1', 9001)) + result1 = sock_in1.recvfrom(8) + + sock_out.sendto(b'data', ('127.0.0.1', 9002)) + result2 = sock_in2.recvfrom(8) + + sock_out.close() + sock_in1.close() + sock_in2.close() + + # make sure they're from the same source port + assert result1 == result2 + + # Test 2: same source port IPv6 + # try again from the same port but IPv6 + sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT) + sock_out.bind(('127.0.0.1', 9000)) + + sock_in1 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM, + socket.SOL_UDP) + sock_in2 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM, + socket.SOL_UDP) + + sock_in1.bind(('::1', 9001)) + sock_in2.bind(('::1', 9002)) + + sock_out.sendto(b'data', ('::1', 9001)) + result1 = sock_in1.recvfrom(8) + + sock_out.sendto(b'data', ('::1', 9002)) + result2 = sock_in2.recvfrom(8) + + sock_out.close() + sock_in1.close() + sock_in2.close() + + # make sure they're from the same source port + assert result1 == result2 + + # Test 3: different source ports IPv6 + sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM, + socket.SOL_UDP) + sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT) + sock_out.bind(('127.0.0.1', 9003)) + + sock_in1 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM, + socket.SOL_UDP) + sock_in1.bind(('::1', 9001)) + sock_out.sendto(b'data', ('::1', 9001)) + result3 = sock_in1.recvfrom(8) + + # make sure they're from different source ports + assert result1 != result3 + + sock_out.close() + sock_in1.close() diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_udp_src.sh b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_udp_src.sh new file mode 100755 index 000000000..6a778abc1 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/test_udp_src.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +PYTHON="coverage run -p" + +mkdir -p tmp + +$PYTHON shadowsocks/local.py -c tests/aes.json -v & +LOCAL=$! + +$PYTHON shadowsocks/server.py -c tests/aes.json --forbidden-ip "" -v & +SERVER=$! + +sleep 3 + +python tests/test_udp_src.py +r=$? + +kill -s SIGINT $LOCAL +kill -s SIGINT $SERVER + +sleep 2 + +exit $r diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/workers.json b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/workers.json new file mode 100644 index 000000000..2015ff6c6 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/tests/workers.json @@ -0,0 +1,10 @@ +{ + "server":"127.0.0.1", + "server_port":8388, + "local_port":1081, + "password":"workers_password", + "timeout":60, + "method":"aes-256-cfb", + "local_address":"127.0.0.1", + "workers": 4 +} diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/README.md b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/README.md new file mode 100644 index 000000000..f624309c7 --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/README.md @@ -0,0 +1,9 @@ +Useful Tools +=========== + +autoban.py +---------- + +Automatically ban IPs that try to brute force crack the server. + +See https://github.com/shadowsocks/shadowsocks/wiki/Ban-Brute-Force-Crackers diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/autoban.py b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/autoban.py new file mode 100755 index 000000000..1bbb65c9b --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/autoban.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2015 clowwindy +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + +from __future__ import absolute_import, division, print_function, \ + with_statement + +import os +import sys +import argparse + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='See README') + parser.add_argument('-c', '--count', default=3, type=int, + help='with how many failure times it should be ' + 'considered as an attack') + config = parser.parse_args() + ips = {} + banned = set() + for line in sys.stdin: + if 'can not parse header when' in line: + ip = line.split()[-1].split(':')[0] + if ip not in ips: + ips[ip] = 1 + print(ip) + sys.stdout.flush() + else: + ips[ip] += 1 + if ip not in banned and ips[ip] >= config.count: + banned.add(ip) + cmd = 'iptables -A INPUT -s %s -j DROP' % ip + print(cmd, file=sys.stderr) + sys.stderr.flush() + os.system(cmd) diff --git a/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/fail2ban/shadowsocks.conf b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/fail2ban/shadowsocks.conf new file mode 100644 index 000000000..9b1c7ec7a --- /dev/null +++ b/package/lean/luci-app-ssrserver-python/root/usr/share/ssr/utils/fail2ban/shadowsocks.conf @@ -0,0 +1,5 @@ +[Definition] + +_daemon = shadowsocks + +failregex = ^\s+ERROR\s+can not parse header when handling connection from :\d+$ diff --git a/package/lean/luci-app-syncdial/Makefile b/package/lean/luci-app-syncdial/Makefile new file mode 100755 index 000000000..70da33861 --- /dev/null +++ b/package/lean/luci-app-syncdial/Makefile @@ -0,0 +1,17 @@ +# +# Copyright (C) 2008-2014 The LuCI Team +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=Virtual WAN config generator +LUCI_DEPENDS:=+kmod-macvlan +luci-app-mwan3 +PKG_VERSION:=2.0 +PKG_RELEASE:=25 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature +#Makefile for syncdial diff --git a/package/lean/luci-app-syncdial/luasrc/controller/syncdial.lua b/package/lean/luci-app-syncdial/luasrc/controller/syncdial.lua new file mode 100644 index 000000000..bb5f48d75 --- /dev/null +++ b/package/lean/luci-app-syncdial/luasrc/controller/syncdial.lua @@ -0,0 +1,25 @@ +--[[ +Sync Dial Luci configuration page. +Copyright (C) 2015 GuoGuo +]]-- + +module("luci.controller.syncdial", package.seeall) + +function index() + + if not nixio.fs.access("/etc/config/syncdial") then + return + end + + local page + page = entry({"admin", "network", "syncdial"}, cbi("syncdial"), _("铏氭嫙WAN")) + page.dependent = true + + page = entry({"admin", "network", "macvlan_redial"}, call("redial"), nil) + page.leaf = true + +end + +function redial() + os.execute("killall -9 pppd") +end diff --git a/package/lean/luci-app-syncdial/luasrc/model/cbi/syncdial.lua b/package/lean/luci-app-syncdial/luasrc/model/cbi/syncdial.lua new file mode 100644 index 000000000..95e540255 --- /dev/null +++ b/package/lean/luci-app-syncdial/luasrc/model/cbi/syncdial.lua @@ -0,0 +1,37 @@ +--[[ +Sync Dial Luci configuration page. +Copyright (C) 2015 GuoGuo +]]-- + +local fs = require "nixio.fs" + +local cmd = "mwan3 status | grep -c \"is online and tracking is active\"" +local shellpipe = io.popen(cmd,"r") +local ifnum = shellpipe:read("*a") +shellpipe:close() + + +m = Map("syncdial", translate("鍒涘缓铏氭嫙WAN鎺ュ彛"), + translatef("浣跨敤macvlan椹卞姩鍒涘缓澶氫釜铏氭嫙WAN鍙c
褰撳墠鍦ㄧ嚎鎺ュ彛鏁伴噺锛")..ifnum) + +s = m:section(TypedSection, "syncdial", translate(" ")) +s.anonymous = true + +switch = s:option(Flag, "enabled", "鍚敤") +switch.rmempty = false + +--s:option(Flag, "force_redial", "寮哄埗鍏ㄩ儴閲嶆嫧", "濡傛灉鏈夋帴鍙f帀绾垮垯寮哄埗鎵鏈夋帴鍙d笅绾块噸鎷ㄣ").rmempty = false + +wannum = s:option(Value, "wannum", "铏氭嫙WAN鎺ュ彛鏁伴噺") +wannum.datatype = "range(0,20)" +wannum.optional = false + +s:option(Flag, "old_frame", "浣跨敤鏃х殑macvlan鍒涘缓鏂瑰紡").rmempty = false + +o = s:option(DummyValue, "_redial", "閲嶆柊骞跺彂鎷ㄥ彿") +o.template = "syncdial/redial_button" +o.width = "10%" + +return m + + diff --git a/package/lean/luci-app-syncdial/luasrc/view/syncdial/redial_button.htm b/package/lean/luci-app-syncdial/luasrc/view/syncdial/redial_button.htm new file mode 100644 index 000000000..e8c4f0739 --- /dev/null +++ b/package/lean/luci-app-syncdial/luasrc/view/syncdial/redial_button.htm @@ -0,0 +1,17 @@ +<%+cbi/valueheader%> + + + + +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-syncdial/root/bin/genwancfg b/package/lean/luci-app-syncdial/root/bin/genwancfg new file mode 100755 index 000000000..d24a0ea96 --- /dev/null +++ b/package/lean/luci-app-syncdial/root/bin/genwancfg @@ -0,0 +1,143 @@ +#!/bin/sh +#macvlan鍙奝PPoE鎷ㄥ彿鎺ュ彛閰嶇疆鎵归噺鑷姩鐢熸垚鑴氭湰 +#Copyright (C) 2015 GuoGuo +. /lib/functions.sh + +#妫娴婭P鍒楄〃 +chk_ip_list="$(cat /tmp/resolv.conf.auto | grep nameserver | cut -d' ' -f2 | sort -u | tr '\n' ' ') 115.239.210.27 115.239.211.112 220.181.112.244 220.181.111.188 114.114.114.114 114.114.115.115" +fw_str="wan wan6" + +#娣诲姞MWAN璐熻浇鍧囪 鐩稿叧閰嶇疆 +#$1:鎺ュ彛鍚嶇О +mwan_cfg_add() { + #gen mwan3_interface + uci set mwan3.${1}=interface + uci set mwan3.${1}.enabled=1 + uci set mwan3.${1}.count=1 + uci set mwan3.${1}.timeout=2 + uci set mwan3.${1}.interval=5 + uci set mwan3.${1}.down=3 + uci set mwan3.${1}.up=2 + for i in $chk_ip_list + do + uci add_list mwan3.${1}.track_ip="$i" + done + uci set mwan3.${1}.reliability=1 + #gen mwan3_member + uci set mwan3.${1}_m1_w1=member + uci set mwan3.${1}_m1_w1.interface=${1} + uci set mwan3.${1}_m1_w1.metric=1 + uci set mwan3.${1}_m1_w1.weight=1 + #gen mwan3_policy + uci add_list mwan3.balanced.use_member=${1}_m1_w1 +} + +#鍒犻櫎MWAN璐熻浇鍧囪 鐩稿叧閰嶇疆 +#$1:鎺ュ彛鍚嶇О +mwan_cfg_del() { + uci del mwan3.${1} + uci del mwan3.${1}_m1_w1 + uci del_list mwan3.balanced.use_member=${1}_m1_w1 +} + +#娣诲姞macvlan璁惧 +#$1:璁捐櫄鎷熷鍚嶇О $2:鍘熷璁惧鍚嶇О +macvlan_dev_add() { + uci set network.macvlandev_${1}=device + uci set network.macvlandev_${1}.name=${1} + uci set network.macvlandev_${1}.ifname=${2} + uci set network.macvlandev_${1}.type=macvlan +} + +#娣诲姞PPPoE鎺ュ彛 +#$1:鎺ュ彛鍚嶇О $2:璁惧鍚嶇О $3:璐︽埛 $4:瀵嗙爜 $5:缃戝叧璺冪偣 +pppoe_if_add() { + #gen wan if + uci set network.${1}=interface + uci set network.${1}.ifname=${2} + uci set network.${1}.proto=pppoe + uci set network.${1}.username=${3} + uci set network.${1}.password=${4} + uci set network.${1}.metric=${5} + #gen firewall + fw_str="${fw_str} ${1}" +} + +apply_cfg() { + uci commit + /etc/init.d/network restart + killall pppconnectcheck + /etc/init.d/firewall restart + mwan3 restart +} + +general_config_load() { + config_load 'syncdial' + config_get_bool enabled 'config' 'enabled' + config_get_bool old_frame 'config' 'old_frame' + [ $enabled -eq 0 ] && { + echo "Disabled.Exit now." + apply_cfg + exit 1 + } + config_get wannum 'config' 'wannum' + + config_load 'network' + config_get pppoe_user 'wan' 'username' + config_get pppoe_password 'wan' 'password' + pppoe_ifname=$(uci get network.wan.ifname) +} + +check_remove_device() { + local devcfg=${1} + [ ${devcfg::11} == 'macvlandev_' ] && uci del network.${devcfg} +} + +check_remove_interface() { + local ifcfg=${1} + [ ${ifcfg::4} == 'vwan' ] && { + uci del network.${ifcfg} + mwan_cfg_del ${ifcfg} + } +} + +general_config_remove() { + config_load network + config_foreach check_remove_device 'device' + config_foreach check_remove_interface 'interface' + [ $(uci get network.wan.proto) == "none" ] && { + uci set network.wan.proto=pppoe + } + mwan_cfg_del 'wan' + uci set firewall.@zone[1].network="wan wan6" +} + + +general_config_remove +general_config_load + +uci set network.wan.metric=40 +[ $old_frame -eq 1 ] && { + uci set network.wan.proto=none + ifname=$(uci get network.wan.ifname) + for i in $(seq 1 $wannum) + do + ip link add link $ifname name macvlan$i type macvlan + ifconfig macvlan$i hw ether $(echo $(cat /sys/class/net/$ifname/address|awk -F ":" '{print $1":"$2":"$3":"$4":"$5":" }')$(echo "" | awk -F ":" '{printf("%X\n", 16+i);}' i=$i)) + ifconfig macvlan$i up + done +} +[ $old_frame -eq 0 ] && mwan_cfg_add wan + +for i in $(seq 1 $wannum) +do + [ $old_frame -eq 0 ] && macvlan_dev_add macvlan$i $pppoe_ifname + pppoe_if_add vwan$i macvlan$i $pppoe_user $pppoe_password $((40+$i)) + mwan_cfg_add vwan$i +done + +uci set firewall.@zone[1].network="$fw_str" + +apply_cfg + +return 0 diff --git a/package/lean/luci-app-syncdial/root/etc/config/syncdial b/package/lean/luci-app-syncdial/root/etc/config/syncdial new file mode 100644 index 000000000..9adeb2d70 --- /dev/null +++ b/package/lean/luci-app-syncdial/root/etc/config/syncdial @@ -0,0 +1,7 @@ +config syncdial 'config' + option 'enabled' '0' + option 'wannum' '2' + option 'dialchk' '0' + option 'dialnum' '1' + option 'dialwait' '25' + option 'old_frame' '1' diff --git a/package/lean/luci-app-syncdial/root/etc/hotplug.d/iface/01-mvifcreate b/package/lean/luci-app-syncdial/root/etc/hotplug.d/iface/01-mvifcreate new file mode 100644 index 000000000..426341fed --- /dev/null +++ b/package/lean/luci-app-syncdial/root/etc/hotplug.d/iface/01-mvifcreate @@ -0,0 +1,16 @@ +#!/bin/sh +[ "$(uci get syncdial.config.enabled)" = "1" ] && \ + [ "$(uci get syncdial.config.old_frame)" = "1" ] && \ + [ "$DEVICE" = "$(uci get network.wan.ifname)" ] && \ + [ "$ACTION" = "ifup" ] && { + ifname=$(uci get network.wan.ifname) + wannum=$(uci get syncdial.config.wannum) + for i in $(seq 1 $wannum) + do + [ -d /sys/class/net/macvlan$i ] || { + ip link add link $ifname name macvlan$i type macvlan + ifconfig macvlan$i hw ether $(echo $(cat /sys/class/net/$ifname/address|awk -F ":" '{print $1":"$2":"$3":"$4":"$5":" }')$(echo "" | awk -F ":" '{printf("%X\n", 16+i);}' i=$i)) + ifconfig macvlan$i up + } + done +} diff --git a/package/lean/luci-app-syncdial/root/etc/uci-defaults/luci-syncdial b/package/lean/luci-app-syncdial/root/etc/uci-defaults/luci-syncdial new file mode 100755 index 000000000..5394164cc --- /dev/null +++ b/package/lean/luci-app-syncdial/root/etc/uci-defaults/luci-syncdial @@ -0,0 +1,12 @@ +#!/bin/sh +touch /etc/config/syncdial + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@syncdial[-1] + add ucitrack syncdial + set ucitrack.@syncdial[-1].exec='/bin/genwancfg' + commit ucitrack +EOF + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-v2ray-pro/Makefile b/package/lean/luci-app-v2ray-pro/Makefile new file mode 100644 index 000000000..2b8563c4a --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/Makefile @@ -0,0 +1,16 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for V2Ray +LUCI_DEPENDS:=+iptables-mod-tproxy +kmod-ipt-tproxy +ip +ipset-lists +pdnsd-alt +coreutils +coreutils-base64 +coreutils-nohup +dnsmasq-full +v2ray +ca-certificates +lua-cjson +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=11 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/package/lean/luci-app-v2ray-pro/luasrc/controller/v2raypro.lua b/package/lean/luci-app-v2ray-pro/luasrc/controller/v2raypro.lua new file mode 100644 index 000000000..7ee22abd5 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/luasrc/controller/v2raypro.lua @@ -0,0 +1,17 @@ +module("luci.controller.v2raypro", package.seeall) +function index() + if not nixio.fs.access("/etc/config/v2raypro") then + return + end + local page + page = entry({"admin", "services", "v2raypro"}, cbi("v2raypro"), _("V2Ray Pro")) + page.dependent = true + entry({"admin","services","v2raypro","status"},call("act_status")).leaf=true +end + +function act_status() + local e={} + e.running=luci.sys.call("pgrep v2ray >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-v2ray-pro/luasrc/model/cbi/v2raypro.lua b/package/lean/luci-app-v2ray-pro/luasrc/model/cbi/v2raypro.lua new file mode 100644 index 000000000..12f203a5f --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/luasrc/model/cbi/v2raypro.lua @@ -0,0 +1,243 @@ + +local fs = require "nixio.fs" +local NXFS = require "nixio.fs" +local WLFS = require "nixio.fs" +local SYS = require "luci.sys" +local ND = SYS.exec("cat /etc/gfwlist/china-banned | wc -l") +local conf = "/etc/v2ray/base-gfwlist.txt" +local watch = "/tmp/v2ray_watchdog.log" +local dog = "/tmp/v2raypro.log" +local http = luci.http +local ucursor = require "luci.model.uci".cursor() + +m = Map("v2raypro") +m.title = translate("V2Ray Transparent Proxy") +m.description = translate("A fast secure tunnel proxy that help you get through firewalls on your router") + +m:section(SimpleSection).template = "v2raypro/v2raypro_status" + +s = m:section(TypedSection, "v2raypro") +s.anonymous = true + +-- --------------------------------------------------- + +s:tab("basic", translate("Base Setting")) + + +switch = s:taboption("basic",Flag, "enabled", translate("Enable")) +switch.rmempty = false + +proxy_mode = s:taboption("basic",ListValue, "proxy_mode", translate("Proxy Mode")) +proxy_mode:value("M", translate("Base on GFW-List Auto Proxy Mode(Recommend)")) +proxy_mode:value("S", translate("Bypassing China Manland IP Mode(Be caution when using P2P download锛)")) +proxy_mode:value("G", translate("Global Mode")) +proxy_mode:value("V", translate("Overseas users watch China video website Mode")) + +cronup = s:taboption("basic", Flag, "cron_mode", translate("Auto Update GFW-List"), + translate(string.format("GFW-List Lines锛 %s Lines", ND))) +cronup.default = 0 +cronup.rmempty = false + +updatead = s:taboption("basic", Button, "updatead", translate("Manually force update GFW-List"), translate("Note: It needs to download and convert the rules. The background process may takes 60-120 seconds to run.
After completed it would automatically refresh, please do not duplicate click!")) +updatead.inputtitle = translate("Manually force update GFW-List") +updatead.inputstyle = "apply" +updatead.write = function() + SYS.call("nohup sh /etc/v2ray/up-gfwlist.sh > /tmp/gfwupdate.log 2>&1 &") +end + +safe_dns_tcp = s:taboption("basic",Flag, "safe_dns_tcp", translate("DNS uses TCP"), + translate("Through the server transfer mode inquires DNS pollution prevention (Safer and recommended)")) +safe_dns_tcp.rmempty = false +-- safe_dns_tcp:depends("more", "1") + +-- timeout = s:taboption("basic",Value, "timeout", translate("Timeout")) +-- timeout.datatype = "range(0,10000)" +-- timeout.placeholder = "60" +-- timeout.optional = false +-- timeout:depends("more", "1") + +-- safe_dns = s:taboption("basic",Value, "safe_dns", translate("Safe DNS"), +-- translate("8.8.8.8 or 8.8.4.4 is recommended")) +-- safe_dns.datatype = "ip4addr" +-- safe_dns.optional = false +-- safe_dns:depends("more", "1") + +-- safe_dns_port = s:taboption("basic",Value, "safe_dns_port", translate("Safe DNS Port"), +-- translate("Foreign DNS on UDP port 53 might be polluted")) +-- safe_dns_port.datatype = "range(1,65535)" +-- safe_dns_port.placeholder = "53" +-- safe_dns_port.optional = false +-- safe_dns_port:depends("more", "1") + +--fast_open =s:taboption("basic",Flag, "fast_open", translate("TCP Fast Open"), +-- translate("Enable TCP fast open, only available on kernel > 3.7.0")) + +s:tab("main", translate("Server Setting")) + +server = s:taboption("main",Value, "address", translate("Server Address")) +server.datatype = "host" +server.rmempty = false + +server_port = s:taboption("main",Value, "port", translate("Server Port")) +server_port.datatype = "range(0,65535)" +server_port.rmempty = false + +id = s:taboption("main",Value, "id", translate("ID")) +id.password = true + +alterId = s:taboption("main",Value, "alterId", translate("Alter ID")) +alterId.datatype = "range(1,65535)" +alterId.rmempty = false + +security = s:taboption("main",ListValue, "security", translate("Security")) +security:value("none") +security:value("auto") +security:value("aes-128-cfb") +security:value("aes-128-gcm") +security:value("chacha20-poly1305") + +network_type = s:taboption("main",ListValue, "network_type", translate("Network Type")) +network_type:value("tcp") +network_type:value("kcp") +network_type:value("ws") + +-- tcp settings +tcp_obfs = s:taboption("main",ListValue, "tcp_obfs", translate("TCP Obfs")) +tcp_obfs:value("none") +tcp_obfs:value("http") +tcp_obfs:depends("network_type", "tcp") + +tcp_path = s:taboption("main",DynamicList, "tcp_path", translate("TCP Obfs Path")) +tcp_path:depends("tcp_obfs", "http") + +tcp_host = s:taboption("main",DynamicList, "tcp_host", translate("TCP Obfs Header")) +tcp_host:depends("tcp_obfs", "http") +tcp_host.datatype = "host" + +-- kcp settings +kcp_obfs = s:taboption("main",ListValue, "kcp_obfs", translate("KCP Obfs")) +kcp_obfs:value("none") +kcp_obfs:value("srtp") +kcp_obfs:value("utp") +kcp_obfs:value("wechat-video") +kcp_obfs:value("dtls") +kcp_obfs:value("wireguard") +kcp_obfs:depends("network_type", "kcp") + +kcp_mtu = s:taboption("main",Value, "kcp_mtu", translate("KCP MTU")) +kcp_mtu.datatype = "range(576,1460)" +kcp_mtu:depends("network_type", "kcp") + +kcp_tti = s:taboption("main",Value, "kcp_tti", translate("KCP TTI")) +kcp_tti.datatype = "range(10,100)" +kcp_tti:depends("network_type", "kcp") + +kcp_uplink = s:taboption("main",Value, "kcp_uplink", translate("KCP uplinkCapacity")) +kcp_uplink.datatype = "range(0,1000)" +kcp_uplink:depends("network_type", "kcp") + +kcp_downlink = s:taboption("main",Value, "kcp_downlink", translate("KCP downlinkCapacity")) +kcp_downlink.datatype = "range(0,1000)" +kcp_downlink:depends("network_type", "kcp") + +kcp_readbuf = s:taboption("main",Value, "kcp_readbuf", translate("KCP readBufferSize")) +kcp_readbuf.datatype = "range(0,100)" +kcp_readbuf:depends("network_type", "kcp") + +kcp_writebuf = s:taboption("main",Value, "kcp_writebuf", translate("KCP writeBufferSize")) +kcp_writebuf.datatype = "range(0,100)" +kcp_writebuf:depends("network_type", "kcp") + +kcp_congestion = s:taboption("main",Flag, "kcp_congestion", translate("KCP Congestion")) +kcp_congestion:depends("network_type", "kcp") + +-- websocket settings +ws_path = s:taboption("main",Value, "ws_path", translate("WebSocket Path")) +ws_path:depends("network_type", "ws") + +ws_headers = s:taboption("main",Value, "ws_headers", translate("WebSocket Header")) +ws_headers:depends("network_type", "ws") +ws_headers.datatype = "host" + +-- others +tls = s:taboption("main",Flag, "tls", translate("TLS")) +tls.rmempty = false + +mux = s:taboption("main",Flag, "mux", translate("Mux")) +mux.rmempty = false + +s:tab("list", translate("User-defined GFW-List")) +gfwlist = s:taboption("list", TextValue, "conf") +gfwlist.description = translate("
锛!锛塏ote: When the domain name is entered and will automatically merge with the online GFW-List. Please manually update the GFW-List list after applying.") +gfwlist.rows = 13 +gfwlist.wrap = "off" +gfwlist.cfgvalue = function(self, section) + return NXFS.readfile(conf) or "" +end +gfwlist.write = function(self, section, value) + NXFS.writefile(conf, value:gsub("\r\n", "\n")) +end + +local addipconf = "/etc/v2ray/addinip.txt" + +s:tab("addip", translate("GFW-List Add-in IP")) +gfwaddin = s:taboption("addip", TextValue, "addipconf") +gfwaddin.description = translate("
锛!锛塏ote: IP add-in to GFW-List. Such as Telegram Messenger") +gfwaddin.rows = 13 +gfwaddin.wrap = "off" +gfwaddin.cfgvalue = function(self, section) + return NXFS.readfile(addipconf) or "" +end +gfwaddin.write = function(self, section, value) + NXFS.writefile(addipconf, value:gsub("\r\n", "\n")) +end + +s:tab("status", translate("Status and Tools")) +s:taboption("status", DummyValue,"opennewwindow" , + translate("")) + + +s:tab("watchdog", translate("Watchdog Log")) +log = s:taboption("watchdog", TextValue, "sylogtext") +log.template = "cbi/tvalue" +log.rows = 13 +log.wrap = "off" +log.readonly="readonly" + +function log.cfgvalue(self, section) + SYS.exec("[ -f /tmp/v2ray_watchdog.log ] && sed '1!G;h;$!d' /tmp/v2ray_watchdog.log > /tmp/v2raypro.log") + return nixio.fs.readfile(dog) +end + +function log.write(self, section, value) + value = value:gsub("\r\n?", "\n") + nixio.fs.writefile(dog, value) +end + + + +t=m:section(TypedSection,"acl_rule",translate("Client Proxy Mode Settings"), +translate("Proxy mode settings can be set to specific LAN clients ( No Proxy, Global Proxy, Game Mode) . Does not need to be set by default.")) +t.template="cbi/tblsection" +t.sortable=true +t.anonymous=true +t.addremove=true +e=t:option(Value,"ipaddr",translate("IP Address")) +e.width="40%" +e.datatype="ip4addr" +e.placeholder="0.0.0.0/0" +luci.ip.neighbors({ family = 4 }, function(entry) + if entry.reachable then + e:value(entry.dest:string()) + end +end) + +e=t:option(ListValue,"filter_mode",translate("Proxy Mode")) +e.width="40%" +e.default="disable" +e.rmempty=false +e:value("disable",translate("No Proxy")) +e:value("global",translate("Global Proxy")) +e:value("game",translate("Game Mode")) + +return m diff --git a/package/lean/luci-app-v2ray-pro/luasrc/view/cbi/other_upload2.htm b/package/lean/luci-app-v2ray-pro/luasrc/view/cbi/other_upload2.htm new file mode 100644 index 000000000..322616d71 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/luasrc/view/cbi/other_upload2.htm @@ -0,0 +1,6 @@ +<%+cbi/valueheader%> + + + + +<%+cbi/valuefooter%> diff --git a/package/lean/luci-app-v2ray-pro/luasrc/view/v2raypro/v2raypro_status.htm b/package/lean/luci-app-v2ray-pro/luasrc/view/v2raypro/v2raypro_status.htm new file mode 100644 index 000000000..003fa120f --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/luasrc/view/v2raypro/v2raypro_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
diff --git a/package/lean/luci-app-v2ray-pro/po/zh-cn/v2raypro.po b/package/lean/luci-app-v2ray-pro/po/zh-cn/v2raypro.po new file mode 100644 index 000000000..ee3ffb44f --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/po/zh-cn/v2raypro.po @@ -0,0 +1,116 @@ +msgid "V2Ray is Running" +msgstr "V2Ray 姝e湪杩愯" + +msgid "V2Ray is Not Running" +msgstr "V2Ray 娌℃湁杩愯" + +msgid "V2Ray Transparent Proxy" +msgstr "V2Ray 閫忔槑浠g悊" + +msgid "A fast secure tunnel proxy that help you get through firewalls on your router" +msgstr "涓涓揩閫熷畨鍏ㄩ毀閬撲唬鐞嗭紝甯姪鎮ㄧ┛杩囬槻鐏" + +msgid "Base Setting" +msgstr "鍩烘湰璁剧疆" + +msgid "Proxy Mode" +msgstr "浠g悊妯″紡" + +msgid "Base on GFW-List Auto Proxy Mode(Recommend)" +msgstr "鍩轰簬GFW-List鑷姩浠g悊(鎺ㄨ崘)" + +msgid "Bypassing China Manland IP Mode(Be caution when using P2P download锛)" +msgstr "缁曡繃涓浗澶ч檰IP鍦板潃(P2P 涓嬭浇鎱庣敤锛)" + +msgid "Global Mode" +msgstr "鍏ㄥ眬浠g悊" + +msgid "Overseas users watch China video website Mode" +msgstr "娴峰鐢ㄦ埛鍥炲浗鐪嬭棰" + +msgid "Auto Update GFW-List" +msgstr "鑷姩鏇存柊GFW-List" + +msgid "Manually force update GFW-List" +msgstr "鎵嬪姩寮哄埗鏇存柊GFW-List" + +msgid "DNS uses TCP" +msgstr "鍚敤DNS TCP闃叉薄鏌" + +msgid "Through the server transfer mode inquires DNS pollution prevention (Safer and recommended)" +msgstr "寰鍥藉鐨凞NS璇锋眰灏嗛氳繃鏈嶅姟鍣ㄤ腑杞彂鍑猴紙鏇村畨鍏紝鎺ㄨ崘锛" + +msgid "Server Setting" +msgstr "鏈嶅姟鍣ㄨ缃" + +msgid "Server Address" +msgstr "鏈嶅姟鍣ㄥ湴鍧锛堟敮鎸佸煙鍚嶏級" + +msgid "Server Port" +msgstr "鏈嶅姟鍣ㄧ鍙" + +msgid "ID" +msgstr "ID" + +msgid "Alter ID" +msgstr "棰濆ID" + +msgid "Security" +msgstr "鍔犲瘑鏂瑰紡" + +msgid "Network Type" +msgstr "浼犺緭鍗忚" + +msgid "User-defined GFW-List" +msgstr "鐢ㄦ埛鑷畾涔塆FW-List" + +msgid "
锛!锛塏ote: When the domain name is entered and will automatically merge with the online GFW-List. Please manually update the GFW-List list after applying." +msgstr "鐢ㄦ埛鑷畾涔塆FW-List灏嗕細鍜岃嚜鍔ㄦ洿鏂扮殑鑷姩鍚堝苟銆傚鏋滆鏂板姞鍏ュ煙鍚嶉┈涓婄敓鏁堬紝璇峰簲鐢ㄥ悗鐐瑰嚮鎵嬪姩寮哄埗鏇存柊GFW-List" + +msgid "Status and Tools" +msgstr "鐘舵佷笌宸ュ叿" + +msgid "Watchdog Log" +msgstr "瀹堟姢鏃ュ織" + +msgid "Client Proxy Mode Settings" +msgstr "瀹㈡埛绔唬鐞嗘ā寮忚缃" + +msgid "Proxy mode settings can be set to specific LAN clients ( No Proxy, Global Proxy, Game Mode) . Does not need to be set by default." +msgstr "鍙互涓哄眬鍩熺綉瀹㈡埛绔垎鍒缃笉鍚岀殑浠g悊妯″紡 ( 涓嶄唬鐞, 鍏ㄥ眬浠g悊, 娓告垙妯″紡).榛樿鏃犻渶璁剧疆" + +msgid "GFW-List Add-in IP" +msgstr "GFW-List闄勫姞IP" + +msgid "
锛!锛塏ote: IP add-in to GFW-List. Such as Telegram Messenger" +msgstr "
锛!锛夋敞鎰忥細鏈変簺搴旂敤浣跨敤IP鑰屼笉鏄煙鍚嶏紝渚嬪 Telegram Messenger 锛屾偍闇瑕佹妸IP鍦板潃鍔犲叆杩欓噷" + +msgid "No Proxy" +msgstr "涓嶄唬鐞" + +msgid "Global Proxy" +msgstr "鍏ㄥ眬浠g悊" + +msgid "Game Mode" +msgstr "娓告垙妯″紡" + +msgid "Config File Type" +msgstr "閰嶇疆鏂囦欢绫诲瀷" + +msgid "Use Config File" +msgstr "浣跨敤閰嶇疆鏂囦欢" + +msgid "Warning: Can't find v2ctl. You can only choose Protobuf." +msgstr "娉ㄦ剰锛氭病鏈夋壘鍒 v2ctl 鍙墽琛岀▼搴忋備綘鍙兘閫夋嫨浣跨敤 Protobuf." + +msgid "If you choose to upload a new file, please do not modify and this configuration will be overwritten automatically." +msgstr "濡傛灉浣犲湪涓嬫柟閫夋嫨浜嗕笂浼犳柊鐨勯厤缃枃浠讹紝閭d綘涓嶉渶瑕佹敼鍔ㄨ繖涓妗嗛噷鐨勫唴瀹广備笂浼犲畬鎴愬悗灏嗕細鑷姩濉厖銆" + +msgid "Create upload file error." +msgstr "涓婁紶鏂囦欢澶辫触銆" + +msgid "File saved to" +msgstr "鏂囦欢宸蹭繚瀛樺埌" + +msgid "No specify upload file." +msgstr "鏈寚瀹氫笂浼犳枃浠" diff --git a/package/lean/luci-app-v2ray-pro/root/etc/config/v2raypro b/package/lean/luci-app-v2ray-pro/root/etc/config/v2raypro new file mode 100644 index 000000000..18dff0474 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/config/v2raypro @@ -0,0 +1,18 @@ + +config v2raypro 'v2raypro' + option gfwlist 'china-banned' + option proxy_mode 'M' + option safe_dns_tcp '1' + option cron_mode '1' + option address '4.4.4.4' + option port '443' + option id '00755892-0921-4433-bd92-04242abd92af' + option alterId '64' + option security 'aes-128-gcm' + option network_type 'ws' + option tls '1' + option mux '1' + option ws_path '/v2ray' + option ws_headers 'www.baidu.com' + option enabled '0' + diff --git a/package/lean/luci-app-v2ray-pro/root/etc/init.d/v2raypro b/package/lean/luci-app-v2ray-pro/root/etc/init.d/v2raypro new file mode 100755 index 000000000..16362ce83 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/init.d/v2raypro @@ -0,0 +1,378 @@ +#!/bin/sh /etc/rc.common +# +# + +START=99 +STOP=10 + +EXTRA_COMMANDS="reload_rule" + +V2RAY_REDIR_PORT=7070 +V2RAY_REDIR_PIDFILE=/var/run/v2ray-redir-go.pid +PDNSD_LOCAL_PORT=7453 +V2RAYCONF=/tmp/config.json +CRON_FILE=/etc/crontabs/root +V2_CONF_GENERATE_LUA=/etc/v2ray/gen_config.lua +CONFIG=v2raypro +KEEP_GFWLIST=Y +vt_np_ipset="china" + +get_config() +{ + config_get_bool vt_enabled $1 enabled 0 + config_get vt_server_addr $1 address + config_get vt_server_port $1 server_port + config_get vt_password $1 password + config_get vt_method $1 method + config_get vt_protocol $1 protocol + config_get vt_protoparam $1 protoparam + config_get vt_obfs $1 obfs + config_get obfs_param $1 obfs_param + config_get vt_proxy_mode $1 proxy_mode + config_get vt_timeout $1 timeout + config_get vt_safe_dns $1 safe_dns + config_get vt_timeout $1 timeout + config_get vt_safe_dns $1 safe_dns + config_get vt_safe_dns_port $1 safe_dns_port + config_get vt_safe_dns_tcp $1 safe_dns_tcp + config_get cron_mode $1 cron_mode 1 +} + + + + +# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + # Get LAN settings as default parameters + [ -f /lib/functions/network.sh ] && . /lib/functions/network.sh + network_get_subnet covered_subnets lan + network_get_ipaddr local_addresses lan + +# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + +__gfwlist_by_mode() +{ + case "$1" in + V) echo unblock-youku;; + *) echo china-banned;; + esac +} + +start() +{ + config_load v2raypro + config_foreach get_config v2raypro + + [ -f /etc/init.d/pdnsd ] && /etc/init.d/pdnsd disable 2>/dev/null + + if [ "$vt_enabled" = 0 ]; then + echo "WARNING: v2ray is disabled." + exit 0 + fi + + local vt_gfwlist=`__gfwlist_by_mode $vt_proxy_mode` + [ -z "$vt_proxy_mode" ] && vt_proxy_mode=M + [ -z "$vt_method" ] && vt_method=table + [ -z "$vt_timeout" ] && vt_timeout=60 + case "$vt_proxy_mode" in + M|S|G) + [ -z "$vt_safe_dns" ] && vt_safe_dns="8.8.8.8" + [ -z "$vt_safe_dns_tcp" ] && vt_safe_dns_tcp=1 + ;; + esac + [ -z "$vt_safe_dns_port" ] && vt_safe_dns_port=53 + + # ----------------------------------------------------------------- + ###### v2ray ###### + /usr/bin/lua $V2_CONF_GENERATE_LUA $CONFIG $V2RAYCONF + /usr/bin/v2ray/v2ray -config=$V2RAYCONF & + + echo "V2Ray started" + + + # IPv4 firewall rules + add_rule + + # ----------------------------------------------------------------- + mkdir -p /var/etc/dnsmasq-go.d + ###### Anti-pollution configuration ###### + if [ -n "$vt_safe_dns" ]; then + if [ "$vt_safe_dns_tcp" = 1 ]; then + start_pdnsd "$vt_safe_dns" + awk -vs="127.0.0.1#$PDNSD_LOCAL_PORT" '!/^$/&&!/^#/{printf("server=/%s/%s\n",$0,s)}' \ + /etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/01-pollution.conf + else + awk -vs="$vt_safe_dns#$vt_safe_dns_port" '!/^$/&&!/^#/{printf("server=/%s/%s\n",$0,s)}' \ + /etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/01-pollution.conf + fi + else + echo "WARNING: Not using secure DNS, DNS resolution might be polluted if you are in China." + fi + + ###### dnsmasq-to-ipset configuration ###### + case "$vt_proxy_mode" in + M|V) + awk '!/^$/&&!/^#/{printf("ipset=/%s/'"$vt_gfwlist"'\n",$0)}' \ + /etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/02-ipset.conf + ;; + esac + + # ----------------------------------------------------------------- + ###### Restart main 'dnsmasq' service if needed ###### + if ls /var/etc/dnsmasq-go.d/* >/dev/null 2>&1; then + mkdir -p /tmp/dnsmasq.d + cat > /tmp/dnsmasq.d/dnsmasq-go.conf </dev/null + del_cron +} + + +reload_rule() +{ + config_load v2raypro + config_foreach get_config v2raypro + + local vt_gfwlist=`__gfwlist_by_mode $vt_proxy_mode` + + KEEP_GFWLIST=Y + del_rule + add_rule + if [ "$vt_safe_dns_tcp" = 1 ]; then + stop_pdnsd + start_pdnsd + fi +} + +restart() +{ + KEEP_GFWLIST=Y + stop + start +} + + +# $1: upstream DNS server +start_pdnsd() +{ + local safe_dns="$1" + + local tcp_dns_list="208.67.222.222, 208.67.220.220" + [ -n "$safe_dns" ] && tcp_dns_list="$safe_dns,$tcp_dns_list" + + #killall -9 pdnsd 2>/dev/null && sleep 1 + kill -9 $(cat /var/run/pdnsd.pid) >/dev/null 2>&1 + + mkdir -p /var/etc /var/pdnsd + if ! test -f "/var/pdnsd/pdnsd.cache"; then + dd if=/dev/zero of="/var/pdnsd/pdnsd.cache" bs=1 count=4 2> /dev/null + chown -R nobody.nogroup /var/pdnsd + fi + + cat > /var/etc/pdnsd.conf </dev/null; then + while iptables -t nat -D OUTPUT -p tcp --dport 53 -j pdnsd_output 2>/dev/null; do :; done + iptables -t nat -X pdnsd_output + fi + killall -9 pdnsd 2>/dev/null + rm -rf /var/pdnsd + rm -f /var/etc/pdnsd.conf +} + +add_cron() +{ + sed -i '/up-gfwlist.sh/d' $CRON_FILE + sed -i '/v2ray_watchdog.log/d' $CRON_FILE + if [ $cron_mode -eq 1 ]; then + echo '0 5 * * * /etc/v2ray/up-gfwlist.sh > /tmp/gfwupdate.log 2>&1' >> $CRON_FILE + fi + echo '0 */1 * * * /etc/v2ray/v2ray-watchdog >> /tmp/v2ray_watchdog.log 2>&1' >> $CRON_FILE + echo '0 1 * * 0 echo "" > /tmp/v2ray_watchdog.log' >> $CRON_FILE + crontab $CRON_FILE +} + +del_cron() +{ + sed -i '/up-gfwlist.sh/d' $CRON_FILE + sed -i '/v2ray_watchdog.log/d' $CRON_FILE + /etc/init.d/cron restart +} + + + +uci_get_by_name() { + local ret=$(uci get $CONFIG.$1.$2 2>/dev/null) + echo ${ret:=$3} +} + +uci_get_by_type() { + local index=0 + if [ -n $4 ]; then + index=$4 + fi + local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null) + echo ${ret:=$3} +} + +add_rule() +{ + iptables -t nat -N v2ray_pre + iptables -t nat -F v2ray_pre + iptables -t nat -A v2ray_pre -m set --match-set local dst -j RETURN || { + iptables -t nat -A v2ray_pre -d 10.0.0.0/8 -j RETURN + iptables -t nat -A v2ray_pre -d 127.0.0.0/8 -j RETURN + iptables -t nat -A v2ray_pre -d 172.16.0.0/12 -j RETURN + iptables -t nat -A v2ray_pre -d 192.168.0.0/16 -j RETURN + iptables -t nat -A v2ray_pre -d 127.0.0.0/8 -j RETURN + iptables -t nat -A v2ray_pre -d 224.0.0.0/3 -j RETURN + } + iptables -t nat -A v2ray_pre -d $vt_server_addr -j RETURN + + iptables -N gameboost -t mangle + ipset -! create gameuser hash:ip maxelem 65536 2>/dev/null + ip rule add fwmark 0x01/0x01 table 100 + ip route add local 0.0.0.0/0 dev lo table 100 + iptables -t mangle -A gameboost -p udp -m set --match-set local dst -j RETURN + iptables -t mangle -A gameboost -p udp -m set --match-set china dst -j RETURN + iptables -t mangle -A gameboost -p udp --dport 53 -j RETURN + iptables -t mangle -A gameboost -p udp -j TPROXY --on-port 7070 --tproxy-mark 0x01/0x01 + iptables -t mangle -A PREROUTING -m set --match-set gameuser src -j gameboost + + for i in $(seq 0 100) + do + local ip=$(uci_get_by_type acl_rule ipaddr '' $i) + local mode=$(uci_get_by_type acl_rule filter_mode '' $i) + case "$mode" in + disable) + iptables -t nat -A v2ray_pre -s $ip -j RETURN + ;; + global) + iptables -t nat -A v2ray_pre -s $ip -p tcp -j REDIRECT --to $V2RAY_REDIR_PORT + iptables -t nat -A v2ray_pre -s $ip -j RETURN + ;; + game) + iptables -t nat -A v2ray_pre -p tcp -s $ip -m set ! --match-set china dst -j REDIRECT --to $V2RAY_REDIR_PORT + ipset -! add gameuser $ip + ;; + esac + done + + case "$vt_proxy_mode" in + G) : ;; + S) + iptables -t nat -A v2ray_pre -m set --match-set $vt_np_ipset dst -j RETURN + iptables -t nat -I OUTPUT -p tcp -m multiport --dports 80,443 -m set ! --match-set $vt_np_ipset dst -j REDIRECT --to $V2RAY_REDIR_PORT + ;; + M) + ipset -! create $vt_gfwlist hash:ip maxelem 65536 2>/dev/null + awk '!/^$/&&!/^#/{printf("add vt_gfwlist %s'" "'\n",$0)}' /etc/v2ray/addinip.txt > /tmp/addinip.ipset + sed -i "s/vt_gfwlist/$vt_gfwlist/g" /tmp/addinip.ipset + ipset -! restore < /tmp/addinip.ipset + iptables -t nat -A v2ray_pre -m set ! --match-set $vt_gfwlist dst -j RETURN + iptables -t nat -A v2ray_pre -m set --match-set $vt_np_ipset dst -j RETURN + iptables -t nat -I OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set $vt_gfwlist dst -j REDIRECT --to $V2RAY_REDIR_PORT + ;; + V) + vt_np_ipset="" + ipset -! create $vt_gfwlist hash:ip maxelem 65536 2>/dev/null + iptables -t nat -A v2ray_pre -m set ! --match-set $vt_gfwlist dst -j RETURN + ;; + esac + local subnet + for subnet in $covered_subnets; do + iptables -t nat -A v2ray_pre -s $subnet -p tcp -j REDIRECT --to $V2RAY_REDIR_PORT + done + iptables -t nat -I PREROUTING -p tcp -j v2ray_pre +} + +del_rule() +{ + if iptables -t nat -F v2ray_pre 2>/dev/null; then + while iptables -t nat -D PREROUTING -p tcp -j v2ray_pre 2>/dev/null; do :; done + iptables -t nat -X v2ray_pre 2>/dev/null + fi + + iptables -t nat -D OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set china-banned dst -j REDIRECT --to $V2RAY_REDIR_PORT 2>/dev/null + iptables -t nat -D OUTPUT -p tcp -m multiport --dports 80,443 -m set ! --match-set $vt_np_ipset dst -j REDIRECT --to $V2RAY_REDIR_PORT 2>/dev/null + + /usr/bin/ip rule del fwmark 0x01/0x01 table 100 + /usr/bin/ip route del local 0.0.0.0/0 dev lo table 100 + if iptables -t mangle -F gameboost 2>/dev/null; then + while iptables -t mangle -D PREROUTING -m set --match-set gameuser src -j gameboost 2>/dev/null; do :; done + iptables -t mangle -X gameboost 2>/dev/null + fi + + ipset destroy gameuser 2>/dev/null + + + # ----------------------------------------------------------------- + [ "$KEEP_GFWLIST" = Y ] || ipset destroy "$vt_gfwlist" 2>/dev/null +} + diff --git a/package/lean/luci-app-v2ray-pro/root/etc/uci-defaults/v2raypro b/package/lean/luci-app-v2ray-pro/root/etc/uci-defaults/v2raypro new file mode 100755 index 000000000..fe6731cce --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/uci-defaults/v2raypro @@ -0,0 +1,20 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@v2raypro[-1] + add ucitrack v2raypro + set ucitrack.@v2raypro[-1].init=v2raypro + commit ucitrack + delete firewall.v2raypro + set firewall.v2raypro=include + set firewall.v2raypro.type=script + set firewall.v2raypro.path=/etc/v2raypro.include + set firewall.v2raypro.reload=1 + commit firewall +EOF + +/etc/init.d/v2raypro stop +/etc/init.d/v2raypro enable + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2ray/addinip.txt b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/addinip.txt new file mode 100755 index 000000000..d9caab65b --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/addinip.txt @@ -0,0 +1,7 @@ +149.154.160.0/20 +149.154.164.0/22 +149.154.168.0/21 +67.198.55.0/24 +91.108.4.0/22 +91.108.56.0/22 +109.239.140.0/24 \ No newline at end of file diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2ray/base-gfwlist.txt b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/base-gfwlist.txt new file mode 100755 index 000000000..607a90247 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/base-gfwlist.txt @@ -0,0 +1,2940 @@ +0rz.tw +0to255.com +10musume.com +123rf.com +12bet.com +12vpn.com +141hongkong.com +173ng.com +1984bbs.com +1984bbs.org +1-apple.com.tw +1bao.org +1eew.com +1pondo.tv +2000fun.com +2008xianzhang.info +21andy.com +247realmedia.com +24smile.org +2-hand.info +2mdn.net +2shared.com +301works.org +315lz.com +32red.com +365singles.com.ar +36rain.com +4bluestones.biz +4chan.org +4pppc.gov.tw +4shared.com +4sq.com +51.ca +5i01.com +5maodang.com +64tianwang.com +64wiki.com +666kb.com +6park.com +7capture.com +881903.com +888.com +89-64.org +9001700.com +91porn.com +921.gov.tw +92ccav.com +9bis.com +9bis.net +9city.me +a5.com.ru +abc.pp.ru +abitno.linpie.com +ablwang.com +aboluowang.com +aboutgfw.com +acgkj.com +ac.jiruan.net +ac.playstation.net +actimes.com.au +aculo.us +ad1.nownews.com +addictedtocoffee.de +ads.backchina.com +adultfriendfinder.com +adultkeep.net +advanscene.com +advertfan.com +aec.gov.tw +aenhancers.com +af.mil +aftygh.gov.tw +aide.gov.tw +aiph.net +aisex.com +ait.org.tw +aiweiweiblog.com +aiweiwei.com +ajaxplorer.info +akamaihd.net +akiba-online.com +alabout.com +alasbarricadas.org +alexlur.org +aliengu.com +alkasir.com +allaboutalpha.com +allgirlsallowed.org +alliance.org.hk +allinfa.com +allinfo.com +allmovie.com +allonlinux.free.fr +all-that-is-interesting.com +al-qimmah.net +alternate-tools.com +altrec.com +alvinalexander.com +alwaysdata.com +alwaysdata.net +am730.com.hk +amazonaws.com +ameblo.jp +americangreencard.com +amiblockedornot.com +amnesty.org +amnestyusa.org +amoiist.com +amzs.me +analyze-v.com +anchorfree.com +andfaraway.net +android.com +angularjs.org +animecrazy.net +anobii.com +anontext.com +anonymizer.com +a-normal-day.com +answering-islam.org +anthonycalzadilla.com +anti.anti.cnn.googlepages.com +antidrm.hpg.ig.com.br +antiwave.net +aobo.com.au +aolchannels.aol.com +aomiwang.com +apetube.com +apiary.io +apidocs.linksalpha.com +apigee.com +api.linksalpha.com +api.proxlet.com +api.supertweet.net +app.heywire.com +app.hkatvnews.com +appledaily.com +appledaily.com.tw +apps.hloli.net +appspot.com +archive.is +archive.org +arctosia.com +areca-backup.org +army.mil +arte.gov.tw +art-or-porn.com +artsy.net +asahichinese.com +asdfg.jp +asiafriendfinder.com +asiaharvest.org +asianews.it +asianwomensfilm.de +askstudent.com +askynz.net +assembla.com +astonmartinnews.com +atchinese.com +atc.org.au +atgfw.org +atj.org.tw +atlaspost.com +atnext.com +autoproxy.org +avaaz.org +avdb.in +avidemux.org +avoision.com +awardwinningfjords.com +axureformac.com +babynet.com.hk +backchina.com +backpackers.com.tw +badassjs.com +badoo.com +baidu.jp +baixing.me +bannedbook.org +barnabu.co.uk +basetimesheightdividedby2.com +bayvoice.net +bbcchinese.com +bbc.com +bbc.co.uk +bbci.co.uk +bbcimg.co.uk +bbc.in +bbg.gov +bbs2.newsgroup.la +bbs.ecstart.com +bbsfeed.com +bbs.kimy.com.tw +bbsland.com +bbs.morbell.com +bbs.mychat.to +bbs.newsgroup.la +bbs.ozchinese.com +bbs.qmzdd.com +bbs.sina.com +bbs.skykiwi.com +bbs.tuitui.info +bb.ttv.com.tw +bcc.com.tw +bcchinese.net +bdhr.gov.tw +bd.zhe.la +bebo.com +beeg.com +beijing1989.com +beijingspring.com +benjaminste.in +berlintwitterwall.com +bestforchina.org +bestvpnservice.com +bet365.com +beta.iset.com.tw +beta.usejump.com +betfair.com +bettween.com +betvictor.com +bewww.net +beyondfirewall.com +bfnn.org +biantailajiao.com +biantailajiao.in +bigfools.com +bignews.org +bigsound.org +bill2-software.com +billywr.com +bill.zhong.pp.ru +bipic.net +bitcointalk.org +bit.ly +bitly.com +bitshare.com +bjzc.org +blinkx.com +blinw.com +blip.tv +blockcn.com +blog.birdhouseapp.com +blog.bitly.com +blogblog.com +blog.boxcar.io +blogcatalog.com +blog.davidziegler.net +blog.dayoneapp.com +blog.de +blog.dribbble.com +blog.exblog.co.jp +blog.expofutures.com +blog.fizzik.com +blog.foolsmountain.com +blogger.com +blog.gowalla.com +blog.hotpotato.com +blog.ifttt.com +blogimg.jp +blog.instagram.com +blog.instapaper.com +blog.iphone-dev.org +blog.istef.info +blog.jackjia.com +blog.joeyrobert.org +blog.kangye.org +blog.kickstarter.com +blog.kl.am +blog.klip.me +blog.lester850.info +blog.lightbox.com +bloglines.com +bloglovin.com +blog.mongodb.org +blog.openinkpot.org +blog.palm.com +blog.path.com +blog.pathtosharepoint.com +blog.pchome.com.tw +blog.pentalogic.net +blog.pikchur.com +blog.pilotmoon.com +blog.redren.com +blog.rockmelt.com +blog.romanandreg.com +blog.s135.com +blogs.icerocket.com +blog.sina.com.tw +blog.sogoo.org +blog.sparrowmailapp.com +blogspot.com +blogspot.co.uk +blogspot.de +blogspot.fr +blogspot.in +blogspot.jp +blogs.tampabay.com +blog.summify.com +blogs.yahoo.co.jp +blog.syx86.cn +blog.syx86.com +blog.taragana.com +blogtd.net +blogtd.org +blog.tiney.com +blog.topify.com +blog.usa.gov +blog.xuite.net +blog.youthwant.com.tw +blog.youxu.info +bloodshed.net +bloomberg.cn +bloomberg.com +bloomberg.de +bloomfortune.com +bmediaasia.com +bnrmetal.com +boardreader.com +bobulate.com +bolin.netfirms.com +bonbonme.com +bonjourlesgeeks.com +boobstagram.com +books.com.tw +bookshelfporn.com +botanwang.com +bot.nu +bowenpress.com +boxunblog.com +boxunclub.com +boxun.com +boxun.tv +bralio.com +branch.com +brandonhutchinson.com +braumeister.org +break.com +breakingtweets.com +briefdream.com +brightcove.com +brightkite.com +brizzly.com +broadbook.com +br.st +brucewang.net +bt95.com +btdigg.org +btrd.net +budaedu.org +bugclub.org +builtwithbootstrap.com +bullogger.com +bullog.org +businesstimes.com.cn +businessweek.com +buugaa.com +buy.yahoo.com.tw +buzzurl.jp +bwbx.io +bwsj.hk +bx.tl +c1522.mooo.com +cacnw.com +cactusvpn.com +cafepress.com +cahr.org.tw +calameo.com +calebelston.com +cams.com +cams.org.sg +canadameet.com +canyu.org +caobian.info +caochangqing.com +cao.im +cari.com.my +catch22.net +catfightpayperview.xxx +catholic.org.hk +catholic.org.tw +cbs.ntu.edu.tw +cc9007.spaces.live.com +ccavtop10.com +ccdtr.org +ccim.org +cclife.org +ccthere.com +cctongbao.com +ccue.ca +ccue.com +cdig.info +cdjp.org +cdnews.com.tw +cdn.printfriendly.com +cdp1998.org +cdp2006.org +cdp.sinica.edu.tw +cdpusa.org +cdpweb.org +cdpwu.org +cdw.com +cecc.gov +cellulo.info +cenci.tk +cenews.eu +centralnation.com +centurys.net +c-est-simple.com +cfhks.org.hk +cftfc.com +cgdepot.org +chandoo.org +change.org +changp.com +chaos.e-spacy.com +chapm25.com +chartbeat.net +chaturbate.com +chccc.gov.tw +chengmingmag.com +chenguangcheng.com +chenpokong.com +chenyehao.spaces.live.com +cherrysave.com +chevronwp7.com +chicagoncmtv.com +china101.com +china21.com +china21.org +china5000.us +chinaaffairs.org +chinaaid.me +chinaaid.net +chinaaid.org +chinaaid.us +chinachange.org +chinachannel.hk +chinacomments.org +chinadigitaltimes.net +chinaeweekly.com +chinafreepress.org +chinagate.com +chinageeks.org +chinagfw.org +chinagreenparty.org +china-green-party.spaces.live.com +chinahush.com +chinainperspective.com +chinainperspective.net +chinainperspective.org +chinainterimgov.org +chinalawandpolicy.com +chinalawtranslate.com +chinamule.com +chinamz.org +chinarightsia.org +chinasocialdemocraticparty.com +chinaso.com +chinasoul.org +chinatimes.com +chinatweeps.com +chinaway.org +china-week.com +chinaworker.info +chinaxchina.com +chinayouth.org.hk +chinayuanmin.org +chinesedailynews.com +chinese.engadget.com +chinese-hermit.net +chinese-memorial.org +chinesen.de +chinesenewsnet.com +chinesepen.org +chinese.rnw.nl +chinese.soifind.com +chinesetalks.net +chinese.wsj.com +chingcheong.com +chn.chosun.com +chrispederick.com +chrispederick.net +christianstudy.com +christiantimes.org.hk +christusrex.org +chrlawyers.hk +chrlcg-hk.org +chromeadblock.com +chrome.com +ch.shvoong.com +chubun.com +chuizi.net +chukuang.gov.tw +circlethebayfortibet.org +citizenlab.org +citizensradio.org +city9x.com +civicparty.hk +civilhrfront.org +civilmedia.tw +cjb.net +ck101.com +classicalguitarblog.net +clb.org.hk +cl.d0z.net +clientsfromhell.net +clipfish.de +cl.ly +cloudfront.net +club.backchina.com +cms.gov +cmule.com +cn2.streetvoice.com +cna.com.tw +cnavista.com.tw +cn.calameo.com +cn.dayabook.com +cnd.org +cn.fmnnow.com +cn.ibtimes.com +cnn.com +cn.news.cnyes.com +cn.streetvoice.com +cn.uncyclopedia.wikia.com +cn.voa.mobi +cochina.org +cocoapods.org +cocoa.zonble.net +code1984.com +codeboxapp.com +codeshare.io +collateralmurder.com +collateralmurder.org +comefromchina.com +comnews.gio.gov.tw +compileheart.com +connectedchina.reuters.com +connect.facebook.net +conoyo.com +contactmagazine.net +contests.twilio.com +conviva.com +cookingtothegoodlife.com +coolaler.com +coolder.com +coolloud.org.tw +corpus4u.org +corumcollege.com +cotweet.com +couchdbwiki.com +coveringweb.com +cp-house.gov.tw +cpj.org +crackle.com +crd-net.org +creaders.net +cromotc.nat.gov.tw +crossthewall.net +csdparty.com +c-spanvideo.org +css.pixnet.in +csuchen.de +cts.com.tw +cubicle17.com +cuhkacs.org +cuihua.org +cuiweiping.net +culture.tw +curvefish.com +cwb.gov.tw +cyanogenmod.org +cyberghost.natado.com +cyberghostvpn.com +cycab.gov.tw +cydia.ifuckgfw.com +cynscribe.com +cytode.us +dabr.co.uk +dabr.me +dabr.mobi +dadazim.com +dadi360.com +dafagood.com +dafahao.com +dailidaili.com +dailymotion.com +dailynews.sina.com +dajiyuan.com +dajiyuan.eu +dajusha.baywords.com +dalailama.com +dalailama.ru +dalailamaworld.com +dalianmeng.org +danke4china.net +danwei.org +daolan.net +dapu-house.gov.tw +darpa.mil +date.fm +davidslog.com +daxa.cn +dayaarmongol.ning.com +daylife.com +ddc.com.tw +deck.ly +default.secureserver.net +delcamp.net +delicious.com +democrats.org +demo.opera-mini.net +derekhsu.homeip.net +de-sci.org +designerol.com +destiny.xfiles.to +deutsche-welle.de +dev102.com +developers.box.net +deviantart.com +deviantart.net +devio.us +devpn.com +dfas.mil +df.gov.tw +diaoyuislands.org +digitalnomadsproject.org +diigo.com +dimitrik.free.fr +dipity.com +directcreative.com +discuss.com.hk +disp.cc +dit-inc.us +dizhidizhi.com +djangosnippets.org +dl.box.net +dl-laby.jp +dl.playstation.net +dlsite.com +dmcdn.net +dmtip.gov.tw +dns2go.com +dnscrypt.org +docstoc.com +dojin.com +dok-forum.net +dolc.de +dollf.com +domain.club.tw +domainhelp.search.com +dongde.com +dongtaiwang.com +dongtaiwang.net +dongyangjing.com +dontfilter.us +dontmovetochina.com +dotheyfolloweachother.com +dotplane.com +dotsub.com +doubleaf.com +doubleclick.net +dougscripts.com +dowei.org +download.syniumsoftware.com +doxygen.org +dphk.org +dpp.org.tw +drewolanoff.com +drgan.net +dropbox.com +dropboxusercontent.com +drsunacademy.com +drtuber.com +dscn.info +dtiblog.com +dtic.mil +dtiserv2.com +duckduckgo.com +duckload.com +duckmylife.com +duihuahrjournal.org +duihua.org +duoweitimes.com +duping.net +duplicati.com +dupola.com +dupola.net +dvorak.org +dw.de +dwnews.com +dwnews.net +dw-world.com +dw-world.de +dy24k.info +dynawebinc.com +dyndns.org +dzze.com +e123.hk +eamonnbrennan.com +earthquake.usgs.gov +easy-share.com +ebookbrowse.com +ebookee.com +echofon.com +ecministry.net +edicypages.com +edoors.com +edubridge.com +eevpn.com +efcc.org.hk +efksoft.com +efmoe.com +e-gold.com +eic-av.com +e-info.org.tw +electionsmeter.com +elpais.com +eltondisney.com +emacsblog.org +embr.in +emory.edu +emule-ed2k.com +emuparadise.me +enewstree.com +en.favotter.net +englishfromengland.co.uk +entermap.com +en.wikipedia.org +epochtimes-bg.com +epochtimes.co.il +epochtimes.co.kr +epochtimes.com +epochtimes.de +epochtimes.fr +epochtimes.ie +epochtimes.jp +epochtimes-romania.com +epochtimes.ru +epochtimes.se +epochtimestr.com +epochweekly.com +erabaru.net +erepublik.com +erepublik.net +erights.net +eriversoft.com +ernestmandel.org +etaiwannews.com +etizer.org +etools.ncol.com +e-traderland.net +etraining.gov.tw +ettoday.net +evchk.wikia.com +eventful.com +everyday-carry.com +exblog.jp +expatshield.com +exploader.net +extremetube.com +eyespirit.info +eyevio.jp +eyny.com +ezpc.tk +ezpeer.com +facebook.com +facebook.net +facesofnyfw.com +fail.hk +faiththedog.info +fakku.net +falsefire.com +falunart.org +falundafamuseum.org +falundafa.org +falunhr.org +famunion.com +fangbinxing.com +fangeming.com +fanglizhi.info +fangongheike.com +fangong.org +fan-qiang.com +fanqianghou.com +fanqiangyakexi.net +fanswong.com +fanyue.info +fapdu.com +farwestchina.com +farxian.com +fastpic.ru +faststone.org +favorious.com +favstar.fm +fawanghuihui.org +faydao.com +fbcdn.net +fb.com +fb.me +fbsbx.com +fc2china.com +fc2.com +f.cl.ly +fdc89.jp +feedbooks.mobi +feedburner.com +feeds2.feedburner.com +feeds.feedburner.com +feedzshare.com +feelssh.com +feer.com +felixcat.net +feministteacher.com +fengzhenghu.com +fetchvideo.com +ff.im +fflick.com +fgmtv.net +fgmtv.org +filefactory.com +files2me.com +fileserve.com +fillthesquare.org +finalion.jp +findbook.tw +finler.net +fireofliberty.org +firstfivefollowers.com +flecheinthepeche.fr +fleshbot.com +flickr.com +flickrhivemind.net +flightcaster.com +flowerofhappiness.spaces.live.com +focustaiwan.tw +focusvpn.com +fofg.org +fooooo.com +footwiball.com +forum.baby-kingdom.com +forum.cyberctm.com +forum.idsam.com +forum.iset.com.tw +forum.my903.com +forum.mymaji.com +forum.newsgroup.la +forum.nownews.com +forum.omy.sg +forum.palmislife.com +forum.pchome.com.tw +forum.setty.com.tw +forum.sina.com.hk +forum.slime.com.tw +forum.tvb.com +forum.yorkbbs.ca +fotop.net +fourface.nodesnoop.com +fourthinternational.org +foxdie.us +foxsub.com +foxtang.com +fqrouter.com +franklc.com +freakshare.com +fredwilson.vc +free4u.com.ar +freealim.com +freechal.com +freedomhouse.org +free.fr +freegao.com +freegateget.googlepages.com +free-gate.org +free-hada-now.org +freelotto.com +freeman2.com +freemoren.com +freemorenews.com +freenet-china.org +freenetproject.org +freenewscn.com +freeopenvpn.com +freeoz.org +free-ssh.com +freessh.us +freetibet.org +freevpn.nl +freewallpaper4.me +freewebs.com +freeweibo.com +freexinwen.com +freeyoutubeproxy.net +friendfeed.com +friendfeed-media.com +fring.com +fringenetwork.com +frommel.net +frontlinedefenders.org +fscked.org +fsurf.com +ftchinese.com +fuckcnnic.net +fuckgfw.com +fuckgfw.org +fulue.com +funf.tw +funp.com +furinkan.com +furl.net +futurechinaforum.org +futureme.org +futuremessage.org +fuyin.net +fw.cm +fxnetworks.com +fzh999.com +fzh999.net +gabocorp.com +gaeproxy.com +gaeproxy.googlecode.com +galenwu.com +game735.com +gamebase.com.tw +gamer.com.tw +gamez.com.tw +ganges.com +gaoming.net +gaopi.net +gaozhisheng.net +gaozhisheng.org +gardennetworks.com +gardennetworks.org +gartlive.com +gather.com +gaymap.cc +gazotube.com +gcc.org.hk +gclooney.com +g.co +gcpnews.com +gdbt.net +gdzf.org +geek-art.net +geekerhome.com +geekmade.co.uk +geekmanuals.com +generesis.com +genuitec.com +geocities.co.jp +geocities.com +geocities.jp +geohot.com +geometrictools.com +getchu.com +getcloudapp.com +get-digital-help.com +getfoxyproxy.org +getfreedur.com +getiton.com +getjetso.com +getlantern.org +getsmartlinks.com +getsocialscope.com +gfwinterceptor.googlecode.com +gfw.org.ua +ggpht.com +ggssl.com +ghost.org +ghut.org +giga-web.jp +gigporno.ru +gimpshop.com +girlbanker.com +github.com +git-scm.com +givemesomethingtoread.com +glennhilton.com +globaljihad.net +globalmuseumoncommunism.org +globalrescue.net +globalvoicesonline.org +gmail.com +gmbd.cn +gmhz.org +gmodules.com +gmozomg.izihost.org +gnci.org.hk +goagent.biz +goagent.googlecode.com +goagentplus.com +godfootsteps.org +golang.org +goldbetsports.com +goldwave.com +gongmeng.info +gongm.in +gongminliliang.com +gongwt.com +goodreaders.com +goodreads.com +goofind.com +goo.gl +googleadservices.com +google-analytics.com +googleapis.com +googlecode.com +google.co.jp +google.com +google.com.hk +google.com.sg +google.com.tw +google.com.uk +googledomains.com +googledrive.com +googleearth.com +googlehosted.com +googlelabs.com +googlemail.com +googleplus.com +googlesile.com +googlesource.com +googlesyndication.com +googletagmanager.com +googletagservices.com +googleusercontent.com +googlevideo.com +gopetition.com +gospelherald.com +gov.tw +gpass1.com +grandtrial.org +graphis.ne.jp +gravatar.com +graylog2.org +grb.gov.tw +greatfire.org +greatfirewall.biz +great-firewall.com +greatfirewallofchina.net +greatfirewallofchina.org +great-roc.org +greatroc.org +greatroc.tw +greatzhonghua.org +greenparty.org.tw +greenvpn.net +gs-discuss.com +gseeker.com +gsn-cert.nat.gov.tw +gstatic.com +gtap.googlecode.com +gtricks.com +guancha.org +gufeng521.spaces.live.com +guishan.org +gunsamerica.com +gun-world.net +guomin.us +gutteruncensored.com +gvm.com.tw +gyalwarinpoche.com +gysd.nyc.gov.tw +gzm.tv +gzone-anime.info +h1n1china.org +hacken.cc +hackthatphone.net +hahlo.com +hakkatv.org.tw +hanunyi.com +hardsextube.com +hasaowall.com +have8.com +haygo.com +hcc.gov.tw +hchcc.gov.tw +h-china.org +hdtvb.net +heartyit.com +hecaitou.net +hechaji.com +heix.pp.ru +heiyo.info +helloandroid.com +hellonewyork.us +helloqueer.com +hellotxt.com +hellouk.org +helpeachpeople.com +helplinfen.com +help.linksalpha.com +help.opera.com +helpzhuling.org +hen.bao.li +hengchuen.gov.tw +heqinglian.net +here4news.com +heungkongdiscuss.com +hgseav.com +hidden-advent.org +hidecloud.com +hideipvpn.com +hidemyass.com +higfw.com +highrockmedia.com +hihiforum.com +hihistory.net +hiitch.com +hikinggfw.org +himemix.com +himemix.net +hjclub.info +hk32168.com +hkbc.net +hkbf.org +hkchurch.org +hkdailynews.com.hk +hkday.net +hkej.com +hkepc.com +hkfront.org +hk.geocities.com +hkgolden.com +hkgreenradio.org +hkg.westkit.net +hkheadline.com +hkhkhk.com +hkjc.com +hk.jiepang.com +hkjp.easyweb.hk +hkjp.org +hk.knowledge.yahoo.com +hk.myblog.yahoo.com +hk.news.yahoo.com +hkptu.org +hk-pub.com +hk.rd.yahoo.com +hkreporter.com +hkreporter.loved.hk +hk.search.yahoo.com +hk.video.news.yahoo.com +hkwcc.org.hk +hk.yahoo.com +hkzone.org +hnjhj.com +hola.com +holyspiritspeaks.org +holz.byethost8.com +homeservershow.com +home.sina.com +home.so-net.net.tw +honeonet.spaces.live.com +hongmeimei.com +hongzhi.li +hootsuite.com +hotpot.hk +hotshame.com +hotspotshield.com +hougaige.com +howtoforge.com +hqcdp.org +hrcir.com +hrichina.org +hrw.org +hsinchu-cc.gov.tw +hsjp.net +hsselite.com +htkou.net +htl.li +ht.ly +htmldog.com +huaglad.com +huajiadi.spaces.live.com +huanghuagang.org +huaren.us +huaxia-news.com +huaxin.ph +hua-yue.net +hudatoriq.web.id +hugoroy.eu +huhamhire.com +hujiachina.spaces.live.com +hulu.com +huluim.com +humanities.uchicago.edu +hungerstrikeforaids.org +hung-ya.com +huping.net +hutianyi.net +hutong9.net +hwinfo.com +hyperrate.com +hypeshell.com +i1.hk +i2runner.com +ialmostlaugh.com +iask.bz +iask.ca +ibiblio.org +iblogserv-f.net +ibros.org +icij.org +icl-fi.org +iconpaper.org +icu-project.org +idemocracy.asia +identi.ca +idiomconnection.com +idouga.com +idv.tw +ieasynews.net +ied2k.net +ieemdai.spaces.live.com +ifan.cz.cc +ifanqiang.com +ifanr.com +ifcss.org +ifjc.org +igfw.net +ignitedetroit.net +igvita.com +ihakka.net +iicns.com +illusionfactory.com +ilove80.be +im88.tw +imageflea.com +imagesblog.gio.gov.tw +imageshack.us +imagevenue.com +imagezilla.net +ime.baidu.jp +img.ly +imkev.com +imlive.com +immigration.gov.tw +imrworldwide.com +im.tv +incredibox.fr +iner.gov.tw +initiativesforchina.org +inmediahk.net +innermongolia.org +instagram.com +interestinglaugh.com +interfaceaddiction.com +internationalrivers.org +internetdefenseleague.org +internetfreedom.org +internetpopculture.com +inxian.com +iphone4hongkong.com +iphonehacks.com +iphonix.fr +ipicture.ru +ipobar.com +ippotv.com +iptorrents.com +ipvanish.com +iredmail.org +ironbigfools.compython.net +ironicsoftware.com +ironpython.net +isaacmao.com +isgreat.org +islamicity.com +islam.org.hk +ismprofessional.net +isohunt.com +israbox.com +istockphoto.com +isunaffairs.com +isuntv.com +itaboo.info +ithelp.ithome.com.tw +itrc.gov.tw +itshidden.com +itweet.net +iu45.com +iverycd.com +ixquick.com +izaobao.us +izles.net +japan-whores.com +jayparkinsonmd.com +jbtalks.cc +jbtalks.com +jbtalks.my +jeanyim.com +jgoodies.com +jiaoyou8.com +jiehua.cz +jieshibaobao.com +jike.com +jimoparty.com +jinbushe.org +jingpin.org +jitouch.com +jkforum.net +j.mp +joachims.org +jobso.tv +joeedelman.com +journalofdemocracy.org +jpopforum.net +juliereyc.com +junauza.com +junefourth-20.net +justfreevpn.com +justtristan.com +juziyue.com +jwmusic.org +jyxf.net +jyzj.waqn.com +k2.xrea.com +kagyuoffice.org.tw +kaiyuan.de +kakao.com +kanzhongguo.com +kanzhongguo.eu +karayou.com +ka-wai.com +kcsoftwares.com +kechara.com +keepandshare.com +kendincos.net +kenengba.com +keontech.net +khcc.gov.tw +khms.gov.tw +khmusic.com.tw +killwall.com +kineox.free.fr +kingdomsalvation.org +kinghost.com +kingstone.com.tw +kissbbao.cn +kissyoutube.com +kk.gov.tw +klccab.gov.tw +klra.gov.tw +klsio.gov.tw +kmh.gov.tw +kmseh.gov.tw +knowledgerush.com +kodingen.com +kompozer.net +koolsolutions.com +koornk.com +kt.kcome.org +kui.name +kun.im +kurtmunger.com +kusocity.com +kwongwah.com.my +kyohk.net +kzeng.info +labiennale.org +ladbrokes.com +la-forum.org +lagranepoca.com +lalulalu.com +laogai.org +laomiu.com +laoyang.info +laptoplockdown.com +laqingdan.net +larsgeorge.com +lastfm.es +latelinenews.com +latimesblogs.latimes.com +lazarsearlymusic.com +leecheukyan.org +legaltech.law.com +lematin.ch +lemonde.fr +lenwhite.com +lerosua.org +lesoir.be +lesscss.org +letscorp.net +liansi.org +lianyue.net +liaowangxizang.net +liberal.org.hk +libertytimes.com.tw +lich355.megabyet.net +lidecheng.com +life.fly4ever.me +limiao.net +line.me +linglingfa.com +lingvodics.com +linkideo.com +linuxconfig.org +linux-engineer.net +linuxreviews.org +linuxtoy.org +lipuman.com +listentoyoutube.com +list.ly +listorious.com +lists.debian.org +lists.w3.org +littlebigdetails.com +liudejun.com +liuhanyu.com +liujianshu.com +liu.lu +liuxiaotong.com +liveleak.com +livestation.com +livestream.com +livevideo.com +livingonline.us +livingstream.com +lizhizhuangbi.com +lkcn.net +localpresshk.com +lockdown.com +lockestek.com +logbot.net +logiqx.com +logmike.com +log.riku.me +london.neighborhoodr.com +longhair.hk +longtermly.net +lookatgame.com +lookingglasstheatre.org +lookpic.com +lotuslight.org.tw +lovequicksilver.com +lovesphinx.tk +lrfz.com +lsd.org.hk +lsforum.net +lsmchinese.org +lsmkorean.org +lsm.org +lsxszzg.com +lua.org +lua-users.org +lungtanhr.gov.tw +luntan.zaobao.com +lupm.org +lushstories.com +lvhai.org +lyricsquote.com +mad-ar.ch +madmenunbuttoned.com +magazines.sina.com.tw +maiio.net +mail-archive.com +maiplus.com +makemymood.com +makzhou.warehouse333.com +malaysiakini.com +marc.info +marco.org +marguerite.su +marines.mil +markmilian.com +martau.com +martincartoons.com +maruta.be +marxist.com +marxist.net +marxists.org +mashable.com +mash.to +matainja.com +mathiew-badimon.com +matsu-news.gov.tw +matsushimakaede.com +maxgif.com +mayimayi.com +mcadforums.com +mcfog.com +md-t.org +mediafire.com +meetup.com +mefeedia.com +megaporn.com +megarotic.com +megavideo.com +megurineluka.com +meirixiaochao.com +melon-peach.com +memedia.cn +meme.yahoo.com +memrijttm.org +merit-times.com.tw +mesotw.com +metacafe.com +meteorshowersonline.com +metrolife.ca +mgoon.com +mgstage.com +mh4u.org +mhradio.org +michaelanti.com +michaelmarketl.com +middle-way.net +mihk.hk +mihua.org +mike.cz.cc +mimivip.com +minghui.org +minghui-school.org +mingjinglishi.com +mingjingnews.com +mingpaocanada.com +mingpao.com +mingpaomonthly.com +mingpaonews.com +mingpaony.com +mingpaosf.com +mingpaotor.com +mingpaovan.com +minimalmac.com +mininova.org +minzhuhua.net +minzhuzhongguo.org +miroguide.com +mirrorbooks.com +mitbbs.com +mixedmedialabs.com +mixero.com +mixpod.com +mixx.com +mizzmona.com +mk5000.com +mlcool.com +mmaaxx.com +mmmca.com +mobatek.net +mobile01.com +mobileways.de +mobypicture.com +moby.to +modfetish.com +moe.gov.tw +mog.com +molihua.org +mondex.org +monitorchina.org +moonriver7.files.wordpress.com +morningsun.org +m.oulove.org +movabletype.com +moviefap.com +mp3ye.eu +mpettis.com +mpfinance.com +mpinews.com +m.plixi.com +mrdoob.com +mrtweet.com +msguancha.com +m.slandr.net +m-team.cc +mthruf.com +m.tweete.net +mtw.tl +multiply.com +multiproxy.org +multiupload.com +muouju.com +muselinks.co.jp +music.jwmusic.org +muzi.com +muzi.net +muzu.tv +mvdis.gov.tw +mx981.com +myactimes.com +my-addr.com +myaudiocast.com +myav.com.tw +my.backchina.com +myboooks.googlepages.com +mychinamyhome.com +myeclipseide.com +myforum.com.hk +myforum.com.uk +myfreshnet.com +my.keso.cn +myopenid.com +my.opera.com +mypaper.pchome.com.tw +myparagliding.com +mypopescu.com +my-proxy.com +myshare.url.com.tw +mysinablog.com +myspace.com +myvlog.im.tv +naacoalition.org +naitik.net +nakido.com +namsisi.com +nanyang.com +nanyangpost.com +nanzao.com +naol.ca +national-lottery.co.uk +navicat.com +navigeaters.com +navy.mil +nccwatch.org.tw +ncdr.nat.gov.tw +nch.com.tw +ncn.org +ncree.gov.tw +nde.de +ndr.de +nekoslovakia.net +nerch.gov.tw +ner.gov.tw +nerhl.gov.tw +nertt.gov.tw +netcolony.com +netflix.com +netme.cc +networkedblogs.com +neverforget8964.org +new-3lunch.net +new-akiba.com +newcenturymc.com +newcenturynews.com +newchen.com +newgrounds.com +newlandmagazine.com.au +news100.com.tw +newsancai.com +news.atebits.com +news.backchina.com +news.bbc.co.uk +newscn.org +news.cnyes.com +newsforums.bbc.co.uk +news.ghostery.com +news.google.com.hk +newsminer.com +news.msn.com.tw +news.omy.sg +news.pchome.com.tw +newspeak.cc +newspp.org +news.sina.com.hk +news.sina.com.tw +news.singtao.ca +newstapa.org +newtaiwan.com.tw +newtalk.tw +newyorktimes.com +nexton-net.jp +nexttv.com.tw +nf.id.au +nga.mil +ngensis.com +nhri.gov.tw +nic.cz.cc +nici.nat.gov.tw +nicovideo.tw +nict.gov.tw +nighost.org +nintendium.com +nintendowifi.net +njactb.org +njuice.com +nlfreevpn.com +nmh.gov.tw +nmmba.gov.tw +nmp.gov.tw +nmtl.gov.tw +nmvttc.gov.tw +nobelprize.org +nobel.se +nobodycanstop.us +nokogiri.org +nokola.com +noobbox.com +notes.alexdong.com +novelasia.com +nownews.com +nowtorrents.com +noypf.com +npa.go.jp +npm.gov.tw +nps.gov +nrk.no +nsc.gov.tw +nspo.gov.tw +nstm.gov.tw +ntdmh.gov.tw +ntdtv.ca +ntdtv.co +ntdtv.com +ntdtv.org +ntdtv.ru +ntl.gov.tw +ntsec.gov.tw +ntuh.gov.tw +nuexpo.com +nurgo-software.com +nuvid.com +nuzcom.com +nvquan.org +nvri.gov.tw +nydus.ca +nysingtao.com +nytco.com +nyt.com +nytimes.com +nytimg.com +nzchinese.net.nz +observechina.net +oclp.hk +october-review.org +offbeatchina.com +ogaoga.org +oikos.com.tw +oiktv.com +oizoblog.com +okayfreedom.com +old-cat.net +old.nabble.com +olumpo.com +olympicwatch.org +omgili.com +omnitalk.com +on.cc +one.xthost.info +onlylady.cn +onmoon.com +onmoon.net +oopsforum.com +ooyala.com +open.com.hk +opendemocracy.net +openid.net +openleaks.org +openvpn.net +openvpn.org +openwebster.com +opml.radiotime.com +opnir.com +orientaldaily.com.my +orient-doll.com +orn.jp +orzistic.org +osfoora.com +ourdearamy.com +oursogo.com +oursteps.com.au +overlapr.com +owl.li +ow.ly +oyax.com +ozchinese.com +ozyoyo.com +pabp.gov.tw +pacificpoker.com +packages.debian.org +packetix.net +page2rss.com +page.bid.yahoo.com +pagodabox.com +paint.net +palacemoon.com +pandora.com +pandora.tv +panluan.net +panoramio.com +pao-pao.net +paperb.us +paper.li +paper-replika.com +parade.com +parislemon.com +pastebin.com +pastie.org +patehr.gov.tw +pbs.org +pbwiki.com +pbworks.com +pbxes.com +pbxes.org +pcdiscuss.com +pcdvd.com.tw +pchome.com.tw +pct.org.tw +pcworld.com +pdetails.com +pdproxy.com +peacefire.org +peacehall.com +peeasian.com +peerpong.com +pekingduck.org +penchinese.com +penchinese.net +pengyulong.com +penthouse.com +peopo.org +percy.in +perfectgirls.net +perfectvpn.net +perfspot.com +perlhowto.com +pet.gov.tw +philly.com +photofocus.com +photos.dailyme.com +photo.utom.us +phuquocservices.com +picasaweb.google.com +picidae.net +picturesocial.com +pictures.playboy.com +pidown.com +pign.net +pimg.tw +pin6.com +ping.fm +pinoy-n.com +pioneer-worker.forums-free.com +piring.com +pixanalytics.com +pixelqi.com +pixfs.net +pixnet.cc +pixnet.net +pixplug.in +pk.com +placemix.com +planetsuzy.org +playboy.com +plays.com.tw +plm.org.hk +plunder.com +plurk.com +plurktop.mmdays.com +plus28.com +plusbb.com +pmates.com +po2b.com +podictionary.com +pokerstars.com +politicalchina.org +popvote.hk +popyard.com +popyard.org +porn2.com +pornbase.org +porn.com +pornhub.com +pornmm.net +pornoxo.com +pornrapidshare.com +pornstarclub.com +porntube.com +pornvisit.com +portis21.spaces.live.com +pose.com +postadult.com +post.anyu.org +posterous.com +post.ly +powerapple.com +power.com +powercx.com +prayforchina.net +premeforwindows7.com +presentationzen.com +president.gov.tw +prestige-av.com +previewshots.com +privacybox.de +privateinternetaccess.com +privatepaste.com +privatetunnel.com +procopytips.com +program-think.spaces.live.com +prosiben.de +provideocoalition.com +proxifier.com +proxomitron.info +proxy.org +proxypy.net +proxyroad.com +prozz.net +psblog.name +psiphon.ca +psiphon.civisec.org +pts.org.tw +ptt.cc +pubu.com.tw +puffinbrowser.com +puffstore.com +pullfolio.com +pulse.yahoo.com +pure18.com +pureconcepts.net +purepdf.com +purevpn.com +putlocker.com +puttycm.free.fr +pwned.com +python.com +python.com.tw +qanote.com +qidian.ca +qienkuen.org +qi-gong.me +qiwen.lu +qixianglu.cn +qkshare.com +qoos.com +qq.co.za +qstatus.com +qtrac.eu +qtweeter.com +quadedge.com +qusi8.net +qvodzy.org +qxbbs.org +radicalparty.org +radioaustralia.net.au +radiovaticana.org +radiovncr.com +raidcall.com.tw +rangzen.org +ranyunfei.com +rapbull.net +rapidshare8.com +rapidsharedata.com +rayfme.com +rcinet.ca +rconversation.blogs.com +rdio.com +read100.com +readingtimes.com.tw +readmoo.com +realraptalk.com +recordhistory.org +redchinacn.org +redtube.com +referer.us +reflectivecode.com +relaxbbs.com +renminbao.com +renyurenquan.org +retweeteffect.com +retweetist.com +retweetrank.com +revleft.com +revsci.net +revver.com +rfachina.com +rfamobile.org +rfa.org +rferl.org +rfi.fr +rhcloud.com +riku.me +rileyguide.com +rlwlw.com +rmjdw.com +rnw.nl +robtex.com +robustnessiskey.com +rocmp.org +rojo.com +ronjoneswriter.com +roodo.com +rotten.com +rsf-chinese.org +rsf.org +rssmeme.com +rthk.hk +rthk.org.hk +rti.org.tw +ruanyifeng.com +rushbee.com +rutube.ru +ruyiseek.com +rxhj.net +s1heng.com +s8forum.com +sacom.hk +sadpanda.us +saiq.me +salvation.org.hk +samair.ru +sammyjs.org +samsoff.es +sandnoble.com +sankaizok.com +sanmin.com.tw +sapikachu.net +savemedia.com +savetibet.de +savetibet.fr +savetibet.nl +savetibet.org +savetibet.ru +savevid.com +say2.info +scanscout.com +scmpchinese.com +scmp.com +scorecardresearch.com +scribd.com +scriptspot.com +seapuff.com +secretchina.com +secretgarden.no +secure.wikimedia.org +securitykiss.com +seesmic.com +seevpn.com +seezone.net +sejie.com +sendoid.com +sendspace.com +sesawe.net +sesawe.org +sethwklein.net +sevenload.com +sex-11.com +sex3.com +sex8.cc +sexandsubmission.com +sex.com +sexhuang.com +sexhu.com +sexinsex.net +sfileydy.com +shadow.ma +shadowsocks.org +shahamat-english.com +shangfang.org +shapeservices.com +sharebee.com +sharecool.org +share.ovi.com +share.skype.com +share.youthwant.com.tw +sharkdolphin.com +sharpdaily.com.hk +sharpdaily.hk +shaunthesheep.com +sheikyermami.com +shellmix.com +shenshou.org +shenyunperformingarts.org +shenzhoufilm.com +shifeike.blog125.fc2blog.net +shinychan.com +shitaotv.org +shixiao.org +shizhao.org +shkspr.mobi +shodanhq.com +shopping.com +showbiz.omy.sg +showtime.jp +shwchurch3.com +sidelinesnews.com +sidelinessportseatery.com +simplecd.me +simplecd.org +simpleproductivityblog.com +sina.com.tw +singtao.com +singularitys.spaces.live.com +sinoants.com +sinocast.com +sinocism.com +sino-monthly.com +sinomontreal.ca +sinonet.ca +sinopitt.info +sinoquebec.com +sis001.com +sis001.us +sis.xxx +site90.net +sitebro.tw +siteks.uk.to +site.locql.com +sitemaps.org +sites.google.com +sitetag.us +siyi123123123.spaces.live.com +skimtube.com +skybet.com +skyvegas.com +slacker.com +slavasoft.com +slheng.com +slickvpn.com +slideshare.net +slinkset.com +slutload.com +smhric.org +snapchat.com +snaptu.com +sndcdn.com +sneakme.net +snooper.co.uk +sobees.com +socialwhale.com +sockslist.net +so.com +sod.co.jp +softether.co.jp +softether-download.com +softether.org +softwarebychuck.com +so-ga.net +sogclub.com +sogou.com +sogrady.me +sohcradio.com +sohfrance.org +soh.tw +sokamonline.com +solozorro.tk +somee.com +so-news.com +songjianjun.com +sonidodelaesperanza.org +sopcast.com +sopcast.org +sorting-algorithms.com +soso.com +soumo.info +soundcloud.com +soundofhope.kr +soundofhope.org +soupofmedia.com +sourceforge.net +southnews.com.tw +sowers.org.hk +space-scape.com +spankwire.com +spb.com +speckleapp.com +speedpluss.org +spencertipping.com +spinejs.com +sports.williamhill.com +spotify.com +sproutcore.com +squarespace.com +srcf.ucam.org +ssh91.com +sshtunnel.googlecode.com +sstatic.net +stag.gov.tw +standupfortibet.org +starp2p.com +startpage.com +statcounter.com +state168.com +static.apple.nextmedia.com +static.digg.com +staticflickr.com +static.nownews.com +static.soup.io +static.typepad.com +status.twhirl.org +stdtime.gov.tw +steel-storm.com +sthoo.com +stickam.com +stickeraction.com +stonegames.net +stoneip.info +stoptibetcrisis.net +storagenewsletter.com +stoweboyd.com +streamingthe.net +strongvpn.com +student.tw +stuffimreading.com +stuffimreading.net +stupidvideos.com +subacme.rerouted.org +sublexical.spaces.live.com +sufeng.org +sugarsync.com +summify.com +sun1911.com +suoluo.org +surfeasy.com.au +svwind.com +sweux.com +swift-tools.net +s.xiaod.in +sydneytoday.com +sylfoundation.org +syncback.com +sysadmin1138.net +sysresccd.org +sytes.net +szbbs.net +szetowah.org.hk +t35.com +t66y.com +taa-usa.org +tabtter.jp +tacem.org +tafaward.com +tagwalk.com +taipei.gov.tw +taipeisociety.org +taitung-house.gov.tw +taiwandaily.net +taiwankiss.com +taiwannation.50webs.com +taiwannation.com +taiwannation.com.tw +taiwannews.com.tw +taiwan-sex.com +taiwantt.org.tw +taiwanus.net +taiwanyes.com +taiwanyes.ning.com +tamiaode.tk +tanc.org +tangben.com +taolun.info +taoyuan.gov.tw +tap11.com +target.com +taweet.com +tax.nat.gov.tw +tbpic.info +tbsec.org +tbsn.org +tbsseattle.org +tchb.gov.tw +tchrd.org +t.co +tcsac.gov.tw +teamseesmic.com +teashark.com +techlifeweb.com +techparaiso.com +telecomspace.com +telegraph.co.uk +tenacy.com +thbstc.gov.tw +theampfactory.com +theappleblog.com +theatrum-belli.com +thebcomplex.com +theblemish.com +thebodyshop-usa.com +thechinabeat.org +thedailywh.at +thedieline.com +thedw.us +thegatesnotes.com +thehots.info +thehousenews.com +thehungrydudes.com +thehun.net +theinternetwishlist.com +thelifeyoucansave.com +thelius.org +thepiratebay.org +thepiratebay.se +theqii.info +thereallove.kr +thesartorialist.com +thespeeder.com +the-sun.on.cc +thetibetpost.com +thetrotskymovie.com +thevivekspot.com +thewgo.org +thisav.com +thisiswhyyouarefat.com +thkphoto.com +thomasbernhard.org +threatchaos.com +throughnightsfire.com +t.huhaitai.com +thumbzilla.com +thywords.com +tiananmenmother.org +tiananmenuniv.com +tiananmenuniv.net +tiandixing.org +tianhuayuan.com +tiantibooks.org +tianzhu.org +tibetalk.com +tibetanyouthcongress.org +tibet.at +tibet.com +tibetcorps.org +tibetfund.org +tibetjustice.org +tibet.net +tibetoffice.org +tibetonline.com +tibetonline.tv +tibet.org.tw +tibetsun.com +tibetwrites.org +tidyread.com +time.com +times.hinet.net +tinychat.com +tinypaste.com +tinypng.com +tistory.com +tjholowaychuk.com +tkcs-collins.com +tkforum.tk +t.kun.im +tmagazine.com +tmi.me +tnaflix.com +tncsec.gov.tw +t.neolee.cn +togetter.com +tokyo-247.com +tokyocn.com +tokyo-hot.com +tomayko.com +tomsc.com +tono-oka.jp +tonyyan.net +toodoc.com +toonel.net +topic.youthwant.com.tw +topnews.in +topshare.us +topshareware.com +topstyle4.com +topsy.com +tora.to +tor.blingblingsquad.net +torproject.org +torrentcrazy.com +torrentproject.se +tor.updatestar.com +torvpn.com +t.orzdream.com +tosh.comedycentral.com +touch99.com +toutfr.com +tpde.aide.gov.tw +tphcc.gov.tw +tpi.org.tw +transgressionism.org +transparency.org +travelinlocal.com +trendsmap.com +trialofccp.org +tripod.com +trouw.nl +trtc.com.tw +trt.net.tr +trulyergonomic.com +trustedbi.com +truth101.co.tv +truthcn.com +truveo.com +tsctv.net +tsemtulku.com +tsquare.tv +tsunagarumon.com +tt1069.com +tttan.com +tuanzt.com +tube8.com +tubecao.com +tube.com +tubewolf.com +tuidang.net +tuidang.org +tui.orzdream.com +tuite.googlecode.com +tumblr.awflasher.com +tumblweed.org +tumutanzi.com +tunein.com +tunnelbear.com +turbobit.net +turbotwitter.com +turningtorso.com +turntable.fm +tuxtraining.com +tvants.com +tvboxnow.com +tv.com +tvider.com +tv-intros.com +tv.on.cc +tvunetworks.com +twapperkeeper.com +twa.sh +twaud.io +twbbs.net.tw +twbbs.org +twbbs.tw +twblogger.com +tweepguide.com +tweeplike.me +tweepmag.com +tweepml.org +tweetbackup.com +tweetboard.com +tweetboner.biz +tweetdeck.com +tweetedtimes.com +tweetmeme.com +tweetmylast.fm +tweetphoto.com +tweetrans.com +tweetree.com +tweetwally.com +tweetymail.com +twftp.org +twibase.com +twibble.de +twibbon.com +twibs.com +twicsy.com +twifan.com +twiffo.com +twiggit.org +twilog.org +twimbow.com +twimg.com +twimg.edgesuite.net +tw.img.nextmedia.com +twindexx.com +twipple.jp +twistar.cc +twisternow.com +twistory.net +twit2d.com +twitbrowser.net +twitcause.com +twitese.spaces.live.com +twitgether.com +twitgoo.com +twitiq.com +twitlonger.com +twitoaster.com +twitonmsn.com +twitpic.com +twitreferral.com +twitstat.com +twittbot.net +twitter4j.org +twitter.com +twittercounter.com +twitterfeed.com +twittergadget.com +twitter.jp +twitterkr.com +twittermail.com +twittertim.es +twitthat.com +twitturk.com +twitturly.com +twitvid.com +twitzap.com +twiyia.com +tw.jiepang.com +tw.myblog.yahoo.com +tw.news.yahoo.com +tw-npo.org +tw.rd.yahoo.com +twreg.info +twstar.net +tw.streetvoice.com +twt.fm +twtkr.com +twtr2src.ogaoga.org +twtrland.com +twt.tl +twttr.com +twurl.nl +tw.voa.mobi +twyac.org +tw.yahoo.com +tycool.com +tynsoe.org +typepad.com +tzangms.com +ub0.cc +uberproxy.net +ucdc1998.org +uderzo.it +udn.com +ufreevpn.com +ugo.com +uhrp.org +uighurbiz.net +ukliferadio.co.uk +ulike.net +ultravpn.fr +ultraxs.com +unblock.cn.com +unblocksit.es +uncyclomedia.org +uncyclopedia.info +uncyclopedia.tw +unholyknight.com +uni.cc +unicode.org +uniteddaily.com.my +unix100.com +unknownspace.org +unpo.org +uocn.org +upcoming.yahoo.com +update.playstation.net +upload4u.info +upload.backchina.com +uploaded.to +uploadstation.com +upload.wikimedia.org +urlborg.com +urlparser.com +usacn.com +usfk.mil +usinfo.state.gov +usmc.mil +us.to +ustream.tv +usus.cc +uushare.com +uwants.com +uwants.net +uyghurcongress.org +uygur.org +v70.us +vaayoo.com +value-domain.com +van698.com +vanemu.cn +vanilla-jp.com +vansky.com +vapurl.com +vatn.org +vcfbuilder.org +vcf-online.org +veempiire.com +velkaepocha.sk +venbbs.com +venchina.com +ventureswell.com +veoh.com +verizon.net +verybs.com +vevo.com +vft.com.tw +vghks.gov.tw +vghtc.gov.tw +vghtpe.gov.tw +video.aol.ca +video.aol.com +video.aol.co.uk +video.ap.org +videobam.com +video.fdbox.com +video.foxbusiness.com +videomo.com +video.tiscali.it +video.yahoo.com +vidoemo.com +views.fm +viki.com +vimeocdn.com +vimeo.com +vimgolf.com +vimperator.org +vincnd.com +vinniev.com +vllcs.org +vlog.xuite.net +vmixcore.com +voacantonese.com +voachineseblog.com +voachinese.com +voagd.com +voanews.com +voatibetan.com +vocn.tv +vot.org +vpnbook.com +vpnfire.com +vpngate.jp +vpngate.net +vpnpop.com +vpnpronet.com +v-state.org +vtunnel.com +w3schools.com +waffle1999.com +wahas.com +waigaobu.com +waikeung.org +waiwaier.com +wallornot.org +wallpapercasa.com +wanderinghorse.net +wanfang.gov.tw +wangafu.net +wangjinbo.org +wanglixiong.com +wangruoshui.net +wangyi64.spaces.live.com +want-daily.com +wapedia.mobi +washeng.net +watchmygf.net +wattpad.com +wdf5.com +wearn.com +web2project.net +webbang.net +webfee.tk +weblagu.com +webmproject.org +webshots.com +websitepulse.com +webs-tv.net +webworkerdaily.com +weeewooo.net +weekmag.info +wefong.com +weiboleak.com +weigegebyc.dreamhosters.com +weijingsheng.org +weiming.info +weiquanwang.org +weisuo.ws +wellplacedpixels.com +wengewang.com +wengewang.org +wenhui.ch +wenku.com +wenxuecity.com +wenyunchao.com +wenyunchao.spaces.live.com +wepn.info +westca.com +westernwolves.com +wetplace.com +wetpussygames.com +wexiaobo.org +wezhiyong.org +wezone.net +wforum.com +whatblocked.com +whereiswerner.com +whippedass.com +whitebear.freebearblog.org +whydidyoubuymethat.com +whylover.com +whyx.org +w.idaiwan.com +wiki.cnitter.com +wiki.jqueryui.com +wiki.keso.cn +wikileaks.ch +wikileaks.de +wikileaks.eu +wikileaks.lu +wikileaks.org +wikileaks.pl +wikilivres.info +wikimapia.org +wikimedia.org.mo +wiki.moegirl.org +wikinet.org +wiki.oauth.net +wikipedia.org +wiki.phonegap.com +wikiwiki.jp +wikkii.com +williamlong.spaces.live.com +willw.net +windowsphoneme.com +winwhispers.info +wiredbytes.com +wiredpen.com +wireshark.org +wisevid.com +witnessleeteaching.com +witopia.net +wlx.sowiki.net +woeser.com +wolfax.com +womenbusiness.nyc.gov.tw +womensrightsofchina.org +woopie.jp +woopie.tv +wordboner.com +wordpress.com +wordsandturds.com +w.org +workatruna.com +worldcat.org +worldjournal.com +worstthingieverate.com +wo.tc +wowlegacy.ml +wow-life.net +woxinghuiguo.com +wozy.in +wp.com +wpoforum.com +wqlhw.com +wqyd.org +wrchina.org +wretch.cc +writer.zoho.com +wsj.com +wsj.net +wtfpeople.com +wuala.com +wuerkaixi.com +wufi.org.tw +wuguoguang.com +wujieliulan.com +wujie.net +wukangrui.net +wwitv.com +www.6v6dota.com +www.ajsands.com +www.antd.org +www.aolnews.com +www.bulbous.freeserve.co.uk +www.cmoinc.org +www.dfanning.com +www.dwheeler.com +www.eulam.com +www.exblog.jp +www.forum4hk.com +www.freetibet.org +www.getyouram.com +www.goldenmelody.com.tw +www.idlcoyote.com +www.immigration.gov.tw +www.klip.me +www.kodingen.com +www.linksalpha.com +www.loiclemeur.com +www.macrovpn.com +www.monlamit.org +www.moztw.org +www.mycould.com +www.ned.org +www.nownews.com +www.orchidbbs.com +www.owind.com +www.oxid.it +www.parkansky.com +www.powerpointninja.com +www.rnw.nl +www.somee.com +www.stackfile.com +www.supertweet.net +www.tiffanyarment.com +www.tripod.com +www.tv.com +www.twtrland.com +www.typepad.com +www.urbanoutfitters.com +www.vegorpedersen.com +www.voy.com +www.vpncup.com +www.wangruowang.org +www.wan-press.org +www.wet123.com +www.zaurus.org.uk +wzyboy.im +x1949x.com +x365x.com +xanga.com +x-art.com +xa.yimg.com +xbabe.com +xbookcn.com +xcafe.in +xcritic.com +xfm.pp.ru +xgmyd.com +xh4n.cn +xhamster.com +xiaochuncnjp.com +xiaohexie.com +xiaoma.org +xiezhua.com +xing.com +xinhuanet.org +xinmiao.com.hk +xinqimeng.over-blog.com +xinsheng.net +xinshijue.com +xinyubbs.net +xizang-zhiye.org +xjp.cc +xml-training-guide.com +xmovies.com +xmusic.fm +xnxx.com +xpdo.net +xpud.org +xskywalker.com +xtube.com +xuchao.net +xuchao.org +xuzhiyong.net +xuzhuoer.com +xvedios.com +xvideos.com +x-wall.org +xxbbx.com +x.xcity.jp +xxxx.com.au +xysblogs.org +xys.dxiong.com +xys.org +xyy69.com +xyy69.info +yahoo.cn +yahoo.com.hk +yam.com +yanghengjun.spaces.live.com +yasni.co.uk +yasukuni.or.jp +yatsen.gov.tw +ydy.com +yeelou.com +yeeyi.com +yegle.net +yezimary.spaces.live.com +yfrog.com +yhcw.net +yidio.com +yilubbs.com +yi.org +yipub.com +ym.backchina.com +yogichen.org +yong.hu +yorkbbs.ca +youdao.com +youjizz.com +youmaker.com +youpai.org +youporn.com +your-freedom.net +yousendit.com +youthbao.com +youthnetradio.org +youtu.be +youtubecn.com +youtube.com +youtube-nocookie.com +youversion.com +youxu.info +ytht.net +ytimg.com +yuanming.net +yuming.flnet.org +yunchao.net +yvesgeleyn.com +yvtc.gov.tw +yx51.net +yyii.org +yymaya.com +yzzk.com +zacebook.com +zannel.com +zaobao.com +zaobao.com.sg +zaozon.com +zarias.com +zattoo.com +zdnet.com.tw +zengjinyan.org +zengjinyan.spaces.live.com +zeutch.com +zgzcjj.net +zhanbin.net +zhao.jinhai.de +zhenghui.org +zhenlibu.info +zhinengluyou.com +zhllg.spaces.live.com +zh.m.wikipedia.org +zh.netlog.com +zhonggtuotese.net +zhongguotese.net +zhongmeng.org +zhongsou.com +zh.pokerstrategy.com +zhreader.com +zh-tw.justin.tv +zhuichaguoji.org +zh.uncyclopedia.wikia.com +zh.wikinews.org +zh.wikipedia.org +zh.wikisource.org +ziddu.com +zillionk.com +zinio.com +ziplib.com +zkaip.com +zmw.cn +zomobo.net +zonaeuropa.com +zootool.com +zoozle.net +zozotown.com +zshare.net +zsrhao.com +zuo.la +zuola.com +zvereff.com +zyzc9.com +zyzg.us \ No newline at end of file diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen-gfwlist.sh b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen-gfwlist.sh new file mode 100755 index 000000000..d1a40ed7c --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen-gfwlist.sh @@ -0,0 +1,29 @@ +#!/bin/sh -e + +generate_china_banned() +{ + if [ ! -f /tmp/gfwlist.txt ]; then + wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfwlist.b64 >&2 + cat /tmp/gfwlist.b64 | base64 -d > /tmp/gfwlist.txt + rm -f /tmp/gfwlist.b64 + fi + + cat /tmp/gfwlist.txt | sort -u | + sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' | + sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /byr\.cn/d; /jlike\.com/d; /weibo\.com/d; /zhongsou\.com/d; /youdao\.com/d; /sogou\.com/d; /so\.com/d; /soso\.com/d; /aliyun\.com/d; /taobao\.com/d; /jd\.com/d; /qq\.com/d' | + sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' | + grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | sort -u | + awk ' +BEGIN { prev = "________"; } { + cur = $0; + if (index(cur, prev) == 1 && substr(cur, 1 + length(prev) ,1) == ".") { + } else { + print cur; + prev = cur; + } +}' | sort -u + +} + + +generate_china_banned diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen_config.lua b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen_config.lua new file mode 100644 index 000000000..1b467eb9b --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen_config.lua @@ -0,0 +1,169 @@ +--[[ + Auto generate config for Project V + Author: @libc0607 +]]-- + +local conf_path, json_path = ... +conf_path = conf_path or "v2raypro" +json_path = json_path or "/tmp/config.json" + +local local_listen_port = 7070 + +local cjson = require "cjson.safe" +local ucursor = require "luci.model.uci".cursor() +local lip = require "luci.ip" + +local v2ray_stream_mode = ucursor:get(conf_path, "v2raypro", "network_type") -- tcp/kcp/ws + +function v2ray_get_conf_list(op) + local t = {} + for k, v in pairs(ucursor:get_list(conf_path, 'v2ray', op)) do + table.insert(t, v) + end + return t +end + +function check_addr_type(addr) + local ip = luci.ip.new(addr, 32) + if ip == nil then + return "domain" + elseif ip:is4() then + return "ipv4" + elseif ip:is6() then + return "ipv6" + end +end + +function get_ip_list_by_domain(domain) + local domain_list = {} + local cmd = io.popen("nslookup " .. domain .. " |grep Address | awk {'print $3'}") + for cmd_line in cmd:lines() do + if check_addr_type(cmd_line) == "ipv4" then + table.insert(domain_list, cmd_line) + elseif check_addr_type(cmd_line) == "ipv6" then + table.insert(domain_list, cmd_line) + end + end + return domain_list +end + +local v2ray = { + log = { + access = "", + error = "", + loglevel = "none" + }, + inbound = { + protocol = "dokodemo-door", + port = local_listen_port, + domainOverride = {"tls", "http"}, + address = "", + settings = { + network = "tcp,udp", + timeout = 30, + followRedirect = true + }, + }, + outbound = { + protocol = "vmess", + settings = { + vnext = { + [1] = { + address = ucursor:get(conf_path, "v2raypro", "address"), + port = tonumber(ucursor:get(conf_path, "v2raypro", "port")), + users = { + [1] = { + id = ucursor:get(conf_path, "v2raypro", "id"), + alterId = tonumber(ucursor:get(conf_path, "v2raypro", "alterId")), + security = ucursor:get(conf_path, "v2raypro", "security") + }, + }, + }, + }, + }, + streamSettings = { + network = ucursor:get(conf_path, "v2raypro", "network_type"), + security = (ucursor:get(conf_path, "v2raypro", "tls") == '1') and "tls" or "none", + tcpSettings = (v2ray_stream_mode == "tcp" and ucursor:get(conf_path, "v2raypro", "tcp_obfs") == "http") and { + connectionReuse = true, + header = { + type = ucursor:get(conf_path, "v2raypro", "tcp_obfs"), + request = { + version = "1.1", + method = "GET", + path = v2ray_get_conf_list('tcp_path'), + headers = { + Host = v2ray_get_conf_list('tcp_host'), + User_Agent = { + "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36", + "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46" + }, + Accept_Encoding = {"gzip, deflate"}, + Connection = {"keep-alive"}, + Pragma = "no-cache" + }, + }, + response = { + version = "1.1", + status = "200", + reason = "OK", + headers = { + Content_Type = {"application/octet-stream","video/mpeg"}, + Transfer_Encoding = {"chunked"}, + Connection= {"keep-alive"}, + Pragma = "no-cache" + }, + }, + } + } or nil, + + kcpSettings = (v2ray_stream_mode == "kcp") and { + mtu = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_mtu")), + tti = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_tti")), + uplinkCapacity = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_uplink")), + downlinkCapacity = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_downlink")), + congestion = (ucursor:get(conf_path, "v2raypro", "kcp_congestion") == "1") and true or false, + readBufferSize = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_readbuf")), + writeBufferSize = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_writebuf")), + header = { + type = ucursor:get(conf_path, "v2raypro", "kcp_obfs") + } + } or nil, + + wsSettings = (v2ray_stream_mode == "ws") and { + connectionReuse = true, + path = ucursor:get(conf_path, "v2raypro", "ws_path"), + headers = (ucursor:get(conf_path, "v2raypro", "ws_headers") ~= nil) and { + Host = ucursor:get(conf_path, "v2raypro", "ws_headers") + } or nil, + } or nil, + }, + mux = { + enabled = (ucursor:get(conf_path, "v2raypro", "mux") == "1") and true or false + }, + }, + dns = { + servers = { + "localhost" + }, + }, +} + +-- Generate config json to +local json_raw = cjson.encode(v2ray) +local json_file = io.open(json_path, "w+") +io.output(json_file) +io.write(json_raw) +io.close(json_file) + +-- change '_' to '-' +local keys_including_minus = {"User_Agent", "Content_Type", "Accept_Encoding", "Transfer_Encoding"} +local keys_corrected = {"User-Agent", "Content-Type", "Accept-Encoding", "Transfer-Encoding"} +for k, v in pairs(keys_including_minus) do + os.execute("sed -i 's/" ..v.. "/" ..keys_corrected[k].. "/g' " .. json_path) +end + +-- change "\/" to "/" +os.execute("sed -i 's/\\\\\\//\\//g' ".. json_path) + +print("V2ray config generated at " .. json_path) diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2ray/up-gfwlist.sh b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/up-gfwlist.sh new file mode 100755 index 000000000..3e7ee5083 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/up-gfwlist.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +/etc/v2ray/gen-gfwlist.sh > /tmp/ol-gfw.txt + +if [ -s "/tmp/ol-gfw.txt" ];then + sort -u /etc/v2ray/base-gfwlist.txt /tmp/ol-gfw.txt > /tmp/china-banned + if ( ! cmp -s /tmp/china-banned /etc/gfwlist/china-banned );then + if [ -s "/tmp/china-banned" ];then + mv /tmp/china-banned /etc/gfwlist/china-banned + echo "Update GFW-List Done!" + fi + else + echo "GFW-List No Change!" + fi +fi + +rm -f /tmp/gfwlist.txt +rm -f /tmp/ol-gfw.txt + +/etc/init.d/v2raypro restart diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2ray/v2ray-watchdog b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/v2ray-watchdog new file mode 100755 index 000000000..671a24b01 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2ray/v2ray-watchdog @@ -0,0 +1,26 @@ +#!/bin/sh + +LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") +#GOOGLE=$(ping -4 www.gstatic.com -c 1 -w 5| sed '1{s/[^(]*(//;s/).*//;q}') + +#iptables -t nat -I OUTPUT -p tcp -d $GOOGLE -j REDIRECT --to-port 7070 + +#sleep 3 + +/usr/bin/wget --spider --quiet --tries=1 --timeout=3 www.gstatic.com/generate_204 + +if [ "$?" == "0" ]; then + echo '['$LOGTIME'] V2Ray No Problem.' +else + /usr/bin/wget --spider --quiet --tries=1 --timeout=3 www.baidu.com + if [ "$?" == "0" ]; then + echo '['$LOGTIME'] Problem decteted, restarting V2Ray...' + /etc/init.d/v2raypro restart + else + echo '['$LOGTIME'] Network Problem. Do nothing.' + fi +fi + +#sleep 3 + +#iptables -t nat -D OUTPUT -p tcp -d $GOOGLE -j REDIRECT --to-port 7070 diff --git a/package/lean/luci-app-v2ray-pro/root/etc/v2raypro.include b/package/lean/luci-app-v2ray-pro/root/etc/v2raypro.include new file mode 100755 index 000000000..47da9eb97 --- /dev/null +++ b/package/lean/luci-app-v2ray-pro/root/etc/v2raypro.include @@ -0,0 +1,11 @@ +#!/bin/sh + +v2ray_enable=$(uci get v2raypro.@v2raypro[0].enabled 2>/dev/null) + +if [ $v2ray_enable -eq 1 ]; then + if pidof v2ray>/dev/null; then + /etc/init.d/v2raypro reload_rule + else + /etc/init.d/v2raypro restart + fi +fi diff --git a/package/lean/luci-app-vlmcsd/Makefile b/package/lean/luci-app-vlmcsd/Makefile new file mode 100644 index 000000000..3a854b208 --- /dev/null +++ b/package/lean/luci-app-vlmcsd/Makefile @@ -0,0 +1,18 @@ +# +# Copyright (C) 2008-2014 The LuCI Team +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI page for KMS +LUCI_DEPENDS:=+vlmcsd +PKG_VERSION:=1.0 +PKG_RELEASE:=2 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-vlmcsd/luasrc/controller/vlmcsd.lua b/package/lean/luci-app-vlmcsd/luasrc/controller/vlmcsd.lua new file mode 100644 index 000000000..f540847cb --- /dev/null +++ b/package/lean/luci-app-vlmcsd/luasrc/controller/vlmcsd.lua @@ -0,0 +1,19 @@ +module("luci.controller.vlmcsd", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/vlmcsd") then + return + end + local page + page = entry({"admin", "services", "vlmcsd"}, cbi("vlmcsd"), _("KMS Server"), 100) + page.i18n = "vlmcsd" + page.dependent = true + entry({"admin","services","vlmcsd","status"},call("act_status")).leaf=true +end + +function act_status() + local e={} + e.running=luci.sys.call("pgrep vlmcsd >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-vlmcsd/luasrc/model/cbi/vlmcsd.lua b/package/lean/luci-app-vlmcsd/luasrc/model/cbi/vlmcsd.lua new file mode 100644 index 000000000..98c3e16fb --- /dev/null +++ b/package/lean/luci-app-vlmcsd/luasrc/model/cbi/vlmcsd.lua @@ -0,0 +1,35 @@ + + +m = Map("vlmcsd") +m.title = translate("vlmcsd config") +m.description = translate("A KMS Serever Emulator to active your Windows or Office") + +m:section(SimpleSection).template = "vlmcsd/vlmcsd_status" + +s = m:section(TypedSection, "vlmcsd") +s.addremove = false +s.anonymous = true + +s:tab("basic", translate("Basic Setting")) +enable = s:taboption("basic",Flag, "enabled", translate("Enable")) +enable.rmempty = false + +autoactivate = s:taboption("basic", Flag, "autoactivate", translate("Auto activate")) +autoactivate.rmempty = false + +s:tab("config", translate("Config File")) +config = s:taboption("config", Value, "config", translate("configfile"), translate("This file is /etc/vlmcsd.ini."), "") +config.template = "cbi/tvalue" +config.rows = 13 +config.wrap = "off" + +function config.cfgvalue(self, section) + return nixio.fs.readfile("/etc/vlmcsd.ini") +end + +function config.write(self, section, value) + value = value:gsub("\r\n?", "\n") + nixio.fs.writefile("/etc/vlmcsd.ini", value) +end + +return m diff --git a/package/lean/luci-app-vlmcsd/luasrc/view/vlmcsd/vlmcsd_status.htm b/package/lean/luci-app-vlmcsd/luasrc/view/vlmcsd/vlmcsd_status.htm new file mode 100644 index 000000000..d711300e2 --- /dev/null +++ b/package/lean/luci-app-vlmcsd/luasrc/view/vlmcsd/vlmcsd_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
\ No newline at end of file diff --git a/package/lean/luci-app-vlmcsd/po/zh-cn/vlmcsd.zh-cn.po b/package/lean/luci-app-vlmcsd/po/zh-cn/vlmcsd.zh-cn.po new file mode 100644 index 000000000..1b7f2e39a --- /dev/null +++ b/package/lean/luci-app-vlmcsd/po/zh-cn/vlmcsd.zh-cn.po @@ -0,0 +1,38 @@ +msgid "" +msgstr "" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +msgid "vlmcsd config" +msgstr "KMS鏈嶅姟鍣ㄨ缃" + +msgid "KMS Server" +msgstr "KMS鏈嶅姟鍣" + +msgid "Basic Setting" +msgstr "鍩烘湰璁剧疆" + +msgid "Config File" +msgstr "閰嶇疆鏂囦欢" + + +msgid "Vlmcsd is running." +msgstr "KMS 鏈嶅姟鍣ㄨ繍琛屼腑" + +msgid "Vlmcsd is not running." +msgstr "KMS 鏈嶅姟鍣ㄦ湭杩愯" + +msgid "Enable" +msgstr "鍚敤" + +msgid "Auto activate" +msgstr "鑷姩婵娲诲眬鍩熺綉瀹㈡埛绔" + +msgid "configfile" +msgstr "閰嶇疆鏂囦欢" + +msgid "This file is /etc/vlmcsd.ini." +msgstr "杩欎釜鏂囦欢鍦 /etc/vlmcsd.ini 涓嬶紝鍙互澧炲姞鏂扮殑浜у搧涓诲瘑閽ャ" diff --git a/package/lean/luci-app-vlmcsd/root/etc/config/vlmcsd b/package/lean/luci-app-vlmcsd/root/etc/config/vlmcsd new file mode 100644 index 000000000..8940d0c0d --- /dev/null +++ b/package/lean/luci-app-vlmcsd/root/etc/config/vlmcsd @@ -0,0 +1,5 @@ + +config vlmcsd 'config' + option autoactivate '1' + option enabled '1' + diff --git a/package/lean/luci-app-vlmcsd/root/etc/init.d/vlmcsd b/package/lean/luci-app-vlmcsd/root/etc/init.d/vlmcsd new file mode 100755 index 000000000..c2ebab1b3 --- /dev/null +++ b/package/lean/luci-app-vlmcsd/root/etc/init.d/vlmcsd @@ -0,0 +1,38 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2011-2015 OpenWrt.org + +START=90 + +get_config() +{ + config_get_bool enabled $1 enabled 0 + config_get autoactivate $1 autoactivate 1 +} + +start(){ + config_load vlmcsd + config_foreach get_config vlmcsd + [ $enabled -eq 0 ] && exit 0 + /usr/bin/vlmcsd -i /etc/vlmcsd.ini -L 0.0.0.0:1688 + + HOSTNAME=`uci get system.@system[0].hostname` + host_name=$(awk -F ',' '/^[ \t]*srv-host=_vlmcs\._tcp/{print $2}' /etc/dnsmasq.conf) + + echo $HOSTNAME + echo $host_name + + if [ "$HOSTNAME" != "$host_name" ];then + sed -i '/^[ \t]*srv-host=_vlmcs\._tcp/d' /etc/dnsmasq.conf + sed -i '$a\srv-host=_vlmcs\._tcp,'"$HOSTNAME"','"1688"',0,100' /etc/dnsmasq.conf + /etc/init.d/dnsmasq restart + fi + + echo "KMS Server has started." +} + +stop(){ + pid=`pgrep /usr/bin/vlmcsd` + kill -9 $pid + echo "KMS Server has stopped." +} + diff --git a/package/lean/luci-app-vlmcsd/root/etc/uci-defaults/luci-app-vlmcsd b/package/lean/luci-app-vlmcsd/root/etc/uci-defaults/luci-app-vlmcsd new file mode 100755 index 000000000..c1b0882cc --- /dev/null +++ b/package/lean/luci-app-vlmcsd/root/etc/uci-defaults/luci-app-vlmcsd @@ -0,0 +1,21 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@vlmcsd[-1] + add ucitrack vlmcsd + set ucitrack.@vlmcsd[-1].init=vlmcsd + commit ucitrack +EOF + +uci delete firewall.kms +uci add firewall rule +uci rename firewall.@rule[-1]="kms" +uci set firewall.@rule[-1].name="kms" +uci set firewall.@rule[-1].target="ACCEPT" +uci set firewall.@rule[-1].src="wan" +uci set firewall.@rule[-1].proto="tcp" +uci set firewall.@rule[-1].dest_port="1688" +uci commit firewall + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-vsftpd/Makefile b/package/lean/luci-app-vsftpd/Makefile new file mode 100644 index 000000000..97d181f01 --- /dev/null +++ b/package/lean/luci-app-vsftpd/Makefile @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for VSFTPD +LUCI_DEPENDS:=+vsftpd-alt +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=2 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + diff --git a/package/lean/luci-app-vsftpd/luasrc/controller/vsftpd.lua b/package/lean/luci-app-vsftpd/luasrc/controller/vsftpd.lua new file mode 100644 index 000000000..de44711dc --- /dev/null +++ b/package/lean/luci-app-vsftpd/luasrc/controller/vsftpd.lua @@ -0,0 +1,47 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Weijie Gao + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +require("luci.sys") + +module("luci.controller.vsftpd", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/vsftpd") then + return + end + + entry({"admin", "nas"}, firstchild(), "NAS", 44).dependent = false + entry({"admin", "nas", "vsftpd"}, + alias("admin", "nas", "vsftpd", "general"), + _("FTP Server")) + + entry({"admin", "nas", "vsftpd", "general"}, + cbi("vsftpd/general"), + _("General Settings"), 10).leaf = true + + entry({"admin", "nas", "vsftpd", "users"}, + cbi("vsftpd/users"), + _("Virtual Users"), 20).leaf = true + + entry({"admin", "nas", "vsftpd", "anonymous"}, + cbi("vsftpd/anonymous"), + _("Anonymous User"), 30).leaf = true + + entry({"admin", "nas", "vsftpd", "log"}, + cbi("vsftpd/log"), + _("Log Settings"), 40).leaf = true + + entry({"admin", "nas", "vsftpd", "item"}, + cbi("vsftpd/item"), nil).leaf = true +end diff --git a/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/anonymous.lua b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/anonymous.lua new file mode 100644 index 000000000..3ebbb4ba9 --- /dev/null +++ b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/anonymous.lua @@ -0,0 +1,44 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Weijie Gao + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("vsftpd", translate("FTP Server - Anonymous Settings")) + +sa = m:section(NamedSection, "anonymous", "anonymous", translate("Anonymous Settings")) + +o = sa:option(Flag, "enabled", translate("Enabled")) +o.default = false + +o = sa:option(Value, "username", translate("Username"), translate("An actual local user to handle anonymous user")) +o.default = "ftp" + +o = sa:option(Value, "root", translate("Root directory")) +o.default = "/home/ftp" + +o = sa:option(Value, "umask", translate("File mode umask")) +o.default = "022" + +o = sa:option(Value, "maxrate", translate("Max transmit rate"), translate("0 means no limitation")) +o.default = "0" + +o = sa:option(Flag, "writemkdir", translate("Enable write/mkdir")) +o.default = false + +o = sa:option(Flag, "upload", translate("Enable upload")) +o.default = false + +o = sa:option(Flag, "others", translate("Enable other rights"), translate("Include rename, deletion ...")) +o.default = false + + +return m diff --git a/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/general.lua b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/general.lua new file mode 100644 index 000000000..74dbcad6e --- /dev/null +++ b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/general.lua @@ -0,0 +1,114 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Weijie Gao + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("vsftpd", translate("FTP Server - General Settings")) + +sl = m:section(NamedSection, "listen", "listen", translate("Listening Settings")) + +o = sl:option(Flag, "enable4", translate("Enable IPv4")) +o.rmempty = false +o.default = true + +o = sl:option(Value, "ipv4", translate("IPv4 Address")) +o.datatype = "ip4addr" +o.default = "0.0.0.0" + +o = sl:option(Flag, "enable6", translate("Enable IPv6")) +o.rmempty = false + +o = sl:option(Value, "ipv6", translate("IPv6 Address")) +o.datatype = "ip6addr" +o.default = "::" + +o = sl:option(Value, "port", translate("Listen Port")) +o.datatype = "uinteger" +o.default = "21" + +o = sl:option(Value, "dataport", translate("Data Port")) +o.datatype = "uinteger" +o.default = "20" + + +sg = m:section(NamedSection, "global", "global", translate("Global Settings")) + +o = sg:option(Flag, "write", translate("Enable write"), translate("When disabled, all write request will give permission denied.")); +o.default = true + +o = sg:option(Flag, "download", translate("Enable download"), translate("When disabled, all download request will give permission denied.")); +o.default = true + +o = sg:option(Flag, "dirlist", translate("Enable directory list"), translate("When disabled, list commands will give permission denied.")) +o.default = true + +o = sg:option(Flag, "lsrecurse", translate("Allow directory recursely list")) + +o = sg:option(Flag, "dotfile", translate("Show dot files"), translate(". and .. are excluded.")); +o.default = true + +o = sg:option(Value, "umask", translate("File mode umask"), translate("Uploaded file mode will be 666 - <umask>; directory mode will be 777 - <umask>.")) +o.default = "022" + +o = sg:option(Value, "banner", translate("FTP Banner")) + +o = sg:option(Flag, "dirmessage", translate("Enable directory message"), translate("A message will be displayed when entering a directory.")) + +o = sg:option(Value, "dirmsgfile", translate("Directory message filename")) +o.default = ".message" + + +sl = m:section(NamedSection, "local", "local", translate("Local Users")) + +o = sl:option(Flag, "enabled", translate("Enable local user")) +o.rmempty = false + +o = sl:option(Value, "root", translate("Root directory"), translate("Leave empty will use user's home directory")) +o.default = "" + + +sc = m:section(NamedSection, "connection", "connection", translate("Connection Settings")) + +o = sc:option(Flag, "portmode", translate("Enable PORT mode")) +o = sc:option(Flag, "pasvmode", translate("Enable PASV mode")) + +o = sc:option(ListValue, "ascii", translate("ASCII mode")) +o:value("disabled", translate("Disabled")) +o:value("download", translate("Download only")) +o:value("upload", translate("Upload only")) +o:value("both", translate("Both download and upload")) +o.default = "both" + +o = sc:option(Value, "idletimeout", translate("Idle session timeout"), translate("in seconds")) +o.datatype = "uinteger" +o.default = "1800" +o = sc:option(Value, "conntimeout", translate("Connection timeout"), translate("in seconds")) +o.datatype = "uinteger" +o.default = "120" +o = sc:option(Value, "dataconntimeout", translate("Data connection timeout"), translate("in seconds")) +o.datatype = "uinteger" +o.default = "120" +o = sc:option(Value, "maxclient", translate("Max clients"), translate("0 means no limitation")) +o.datatype = "uinteger" +o.default = "0" +o = sc:option(Value, "maxperip", translate("Max clients per IP"), translate("0 means no limitation")) +o.datatype = "uinteger" +o.default = "0" +o = sc:option(Value, "maxrate", translate("Max transmit rate"), translate("in KB/s, 0 means no limitation")) +o.datatype = "uinteger" +o.default = "0" +o = sc:option(Value, "maxretry", translate("Max login fail count"), translate("Can not be zero, default is 3")) +o.datatype = "uinteger" +o.default = "3" + + +return m diff --git a/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/item.lua b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/item.lua new file mode 100644 index 000000000..2a0003c8b --- /dev/null +++ b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/item.lua @@ -0,0 +1,70 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Weijie Gao + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +local sid = arg[1] +local utl = require "luci.util" + +m = Map("vsftpd", translate("FTP Server - Virtual User <new>")) + +m.redirect = luci.dispatcher.build_url("admin/nas/vsftpd/users") + +if m.uci:get("vsftpd", sid) ~= "user" then + luci.http.redirect(m.redirect) + return +end + +m.uci:foreach("vsftpd", "user", + function(s) + if s['.name'] == sid and s.username then + m.title = translatef("FTP Server - Virtual User %q", s.username) + return false + end + end) + +s = m:section(NamedSection, sid, "settings", translate("User Settings")) +s.addremove = false + +o = s:option(Value, "username", translate("Username")) +o.rmempty = false + +function o.validate(self, value) + if value == "" then + return nil, translate("Username cannot be empty") + end + return value +end + +o = s:option(Value, "password", translate("Password")) +o.password = true + +o = s:option(Value, "home", translate("Home directory")) +o.default = "/home/ftp" + +o = s:option(Value, "umask", translate("File mode umask")) +o.default = "022" + +o = s:option(Value, "maxrate", translate("Max transmit rate"), translate("0 means no limitation")) +o.default = "0" + +o = s:option(Flag, "writemkdir", translate("Enable write/mkdir")) +o.default = false + +o = s:option(Flag, "upload", translate("Enable upload")) +o.default = false + +o = s:option(Flag, "others", translate("Enable other rights"), translate("Include rename, deletion ...")) +o.default = false + + +return m diff --git a/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/log.lua b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/log.lua new file mode 100644 index 000000000..969ce817c --- /dev/null +++ b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/log.lua @@ -0,0 +1,29 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Weijie Gao + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("vsftpd", translate("FTP Server - Log Settings")) + +sl = m:section(NamedSection, "log", "log", translate("Log Settings")) + +o = sl:option(Flag, "syslog", translate("Enable syslog")) +o.default = false + +o = sl:option(Flag, "xreflog", translate("Enable file log")) +o.default = true + +o = sl:option(Value, "file", translate("Log file")) +o.default = "/var/log/vsftpd.log" + + +return m diff --git a/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/users.lua b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/users.lua new file mode 100644 index 000000000..2ffaf759d --- /dev/null +++ b/package/lean/luci-app-vsftpd/luasrc/model/cbi/vsftpd/users.lua @@ -0,0 +1,54 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Weijie Gao + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("vsftpd", translate("FTP Server - Virtual User Settings")) + +sv = m:section(NamedSection, "vuser", "vuser", translate("Settings")) + +o = sv:option(Flag, "enabled", translate("Enabled")) +o.default = false + +o = sv:option(Value, "username", translate("Username"), translate("An actual local user to handle virtual users")) +o.default = "ftp" + +s = m:section(TypedSection, "user", translate("User lists")) +s.template = "cbi/tblsection" +s.extedit = luci.dispatcher.build_url("admin/nas/vsftpd/item/%s") +s.addremove = true +s.anonymous = true + +function s.create(...) + local id = TypedSection.create(...) + luci.http.redirect(s.extedit % id) +end + +function s.remove(self, section) + return TypedSection.remove(self, section) +end + +o = s:option(DummyValue, "username", translate("Username")) +function o.cfgvalue(...) + local v = Value.cfgvalue(...) or ("<%s>" % translate("Unknown")) + return v +end +o.rmempty = false + +o = s:option(DummyValue, "home", translate("Home directory")) +function o.cfgvalue(...) + local v = Value.cfgvalue(...) or ("/home/ftp") + return v +end +o.rmempty = false + +return m diff --git a/package/lean/luci-app-vsftpd/po/zh-cn/vsftpd.po b/package/lean/luci-app-vsftpd/po/zh-cn/vsftpd.po new file mode 100644 index 000000000..f8e3ba64a --- /dev/null +++ b/package/lean/luci-app-vsftpd/po/zh-cn/vsftpd.po @@ -0,0 +1,229 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2016-02-17 18:00+0800\n"\ +"Last-Translator: Weijie Gao \n" +"Language-Team: \n" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Pootle 2.0.6\n" + +msgid "NAS" +msgstr "缃戠粶瀛樺偍" + +msgid ". and .. are excluded." +msgstr ". 鍜 .. 灏嗚蹇界暐銆" + +msgid "0 means no limitation" +msgstr "0 琛ㄦ槑涓嶉檺鍒" + +msgid "A message will be displayed when entering a directory." +msgstr "鍦ㄨ繘鍏ヤ竴涓柊鐩綍鏃跺皢鏄剧ず鐨勬秷鎭" + +msgid "ASCII mode" +msgstr "ASCII 妯″紡" + +msgid "Allow directory recursely list" +msgstr "鍏佽閫掑綊鍒楃洰褰" + +msgid "An actual local user to handle anonymous user" +msgstr "鎵胯浇鍖垮悕鐢ㄦ埛鐨勬湰鍦扮敤鎴" + +msgid "An actual local user to handle virtual users" +msgstr "鎵胯浇铏氭嫙鐢ㄦ埛鐨勬湰鍦扮敤鎴" + +msgid "Anonymous Settings" +msgstr "鍖垮悕鐢ㄦ埛璁剧疆" + +msgid "Anonymous User" +msgstr "鍖垮悕鐢ㄦ埛" + +msgid "Both download and upload" +msgstr "涓嬭浇鍜屼笂浼" + +msgid "Can not be zero, default is 3" +msgstr "涓嶈兘涓 0锛岄粯璁や负 3" + +msgid "Connection Settings" +msgstr "杩炴帴璁剧疆" + +msgid "Connection timeout" +msgstr "杩炴帴瓒呮椂" + +msgid "Data Port" +msgstr "鏁版嵁绔彛" + +msgid "Data connection timeout" +msgstr "鏁版嵁杩炴帴瓒呮椂" + +msgid "Directory message filename" +msgstr "鐩綍娑堟伅鏂囦欢鍚" + +msgid "Download only" +msgstr "浠呬笅杞" + +msgid "Enable IPv4" +msgstr "鍚敤 IPv4" + +msgid "Enable IPv6" +msgstr "鍚敤 IPv6" + +msgid "Enable PASV mode" +msgstr "鍚敤 PASV 妯″紡" + +msgid "Enable PORT mode" +msgstr "鍚敤 PORT 妯″紡" + +msgid "Enable directory list" +msgstr "鍏佽鍒楃洰褰" + +msgid "Enable directory message" +msgstr "鍚敤鐩綍娑堟伅" + +msgid "Enable download" +msgstr "鍏佽涓嬭浇" + +msgid "Enable file log" +msgstr "鍚敤鏂囦欢鏃ュ織" + +msgid "Enable local user" +msgstr "鍚敤鏈湴鐢ㄦ埛" + +msgid "Enable other rights" +msgstr "鍏佽鍏跺畠鏉冮檺" + +msgid "Enable syslog" +msgstr "鍚敤绯荤粺鏃ュ織" + +msgid "Enable upload" +msgstr "鍏佽涓婁紶" + +msgid "Enable write" +msgstr "鍏佽鍐" + +msgid "Enable write/mkdir" +msgstr "鍏佽鍐/鍒涘缓鐩綍" + +msgid "FTP Banner" +msgstr "FTP 娆㈣繋鎻愮ず" + +msgid "FTP Server" +msgstr "FTP 鏈嶅姟鍣" + +msgid "FTP Server - Anonymous Settings" +msgstr "FTP 鏈嶅姟鍣 - 鍖垮悕鐢ㄦ埛璁剧疆" + +msgid "FTP Server - General Settings" +msgstr "FTP 鏈嶅姟鍣 - 甯歌璁剧疆" + +msgid "FTP Server - Log Settings" +msgstr "FTP 鏈嶅姟鍣 - 鏃ュ織璁剧疆" + +msgid "FTP Server - Virtual User %q" +msgstr "FTP 鏈嶅姟鍣 - 铏氭嫙鐢ㄦ埛 %q" + +msgid "FTP Server - Virtual User <new>" +msgstr "FTP 鏈嶅姟鍣 - 铏氭嫙鐢ㄦ埛 <鏂扮敤鎴>" + +msgid "FTP Server - Virtual User Settings" +msgstr "FTP 鏈嶅姟鍣 - 铏氭嫙鐢ㄦ埛璁剧疆" + +msgid "File mode umask" +msgstr "鏂囦欢鏉冮檺鎺╃爜" + +msgid "General Settings" +msgstr "甯歌璁剧疆" + +msgid "Global Settings" +msgstr "鍏ㄥ眬璁剧疆" + +msgid "Home directory" +msgstr "涓荤洰褰" + +msgid "IPv4 Address" +msgstr "IPv4 鍦板潃" + +msgid "IPv6 Address" +msgstr "IPv6 鍦板潃" + +msgid "Idle session timeout" +msgstr "绌洪棽鍥炶瘽瓒呮椂" + +msgid "Include rename, deletion ..." +msgstr "鍖呮嫭閲嶅懡鍚嶃佸垹闄 ..." + +msgid "Leave empty will use user's home directory" +msgstr "鐣欑┖灏嗕娇鐢ㄧ敤鎴蜂富鐩綍" + +msgid "Listen Port" +msgstr "鐩戝惉绔彛" + +msgid "Listening Settings" +msgstr "鐩戝惉璁剧疆" + +msgid "Local Users" +msgstr "鏈湴鐢ㄦ埛" + +msgid "Log Settings" +msgstr "鏃ュ織璁剧疆" + +msgid "Log file" +msgstr "鏃ュ織鏂囦欢" + +msgid "Max clients" +msgstr "鏈澶ц繛鎺ユ暟" + +msgid "Max clients per IP" +msgstr "鍚屼竴 IP 鐨勬渶澶ц繛鎺ユ暟" + +msgid "Max login fail count" +msgstr "鏈澶х櫥褰曞皾璇曟暟" + +msgid "Max transmit rate" +msgstr "鏈澶т紶杈撻熺巼" + +msgid "Root directory" +msgstr "鏍圭洰褰" + +msgid "Settings" +msgstr "璁剧疆" + +msgid "Show dot files" +msgstr "鏄剧ず浠ョ偣寮澶寸殑鏂囦欢 (闅愯棌鏂囦欢)" + +msgid "Upload only" +msgstr "浠呬笂浼" + +msgid "Uploaded file mode will be 666 - <umask>; directory mode will be 777 - <umask>." +msgstr "涓婁紶鐨勬枃浠舵潈闄愬皢琚缃负 666 - <鎺╃爜>锛涚洰褰曟潈闄愬皢琚缃负 777 - <鎺╃爜>銆" + +msgid "User Settings" +msgstr "鐢ㄦ埛璁剧疆" + +msgid "User lists" +msgstr "鐢ㄦ埛鍒楄〃" + +msgid "Username cannot be empty" +msgstr "鐢ㄦ埛鍚嶄笉鑳戒负绌" + +msgid "When disabled, all download request will give permission denied." +msgstr "濡傛灉绂佹锛屾墍鏈夌殑涓嬭浇璇锋眰閮藉皢琚嫆缁濄" + +msgid "When disabled, all write request will give permission denied." +msgstr "濡傛灉绂佹锛屾墍鏈夌殑鍐欑被鍨嬭姹傞兘灏嗚鎷掔粷銆" + +msgid "When disabled, list commands will give permission denied." +msgstr "濡傛灉绂佹锛屽垪鐩綍鍛戒护灏嗚鎷掔粷銆" + +msgid "Virtual Users" +msgstr "铏氭嫙鐢ㄦ埛" + +msgid "in seconds" +msgstr "鍗曚綅涓虹" + +msgid "in KB/s, 0 means no limitation" +msgstr "鍗曚綅涓 KB/s锛0 琛ㄦ槑涓嶉檺鍒" diff --git a/package/lean/luci-app-vsftpd/root/etc/uci-defaults/luci-vsftpd b/package/lean/luci-app-vsftpd/root/etc/uci-defaults/luci-vsftpd new file mode 100755 index 000000000..aa2f71a36 --- /dev/null +++ b/package/lean/luci-app-vsftpd/root/etc/uci-defaults/luci-vsftpd @@ -0,0 +1,11 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@vsftpd[-1] + add ucitrack vsftpd + set ucitrack.@vsftpd[-1].init=vsftpd + commit ucitrack +EOF + +rm -f /tmp/luci-vsftpd +exit 0 diff --git a/package/lean/luci-app-wrtbwmon/Makefile b/package/lean/luci-app-wrtbwmon/Makefile new file mode 100644 index 000000000..19dc241cc --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/Makefile @@ -0,0 +1,17 @@ +# Copyright (C) 2016 Openwrt.org +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI support for Wrtbwmon +LUCI_DEPENDS:=+luci-app-nlbwmon +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=5 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + diff --git a/package/lean/luci-app-wrtbwmon/htdocs/luci-static/wrtbwmon.js b/package/lean/luci-app-wrtbwmon/htdocs/luci-static/wrtbwmon.js new file mode 100644 index 000000000..36812e723 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/htdocs/luci-static/wrtbwmon.js @@ -0,0 +1,562 @@ +var wrt = { + // variables for auto-update, interval is in seconds + scheduleTimeout: undefined, + updateTimeout: undefined, + isScheduled: true, + interval: 5, + // option on whether to show per host sub-totals + perHostTotals: false, + // variables for sorting + sortData: { + column: 7, + elId: 'thTotal', + dir: 'desc', + cache: {} + } +}; + +(function () { + var oldDate, oldValues = []; + + // find base path + var re = /(.*?admin\/nlbw\/[^/]+)/; + var basePath = window.location.pathname.match(re)[1]; + + //---------------------- + // HELPER FUNCTIONS + //---------------------- + + /** + * Human readable text for size + * @param size + * @returns {string} + */ + function getSize(size) { + var prefix = [' ', 'k', 'M', 'G', 'T', 'P', 'E', 'Z']; + var precision, base = 1000, pos = 0; + while (size > base) { + size /= base; + pos++; + } + if (pos > 2) precision = 1000; else precision = 1; + return (Math.round(size * precision) / precision) + ' ' + prefix[pos] + 'B'; + } + + /** + * Human readable text for date + * @param date + * @returns {string} + */ + function dateToString(date) { + return date.toString().substring(0, 24); + } + + /** + * Gets the string representation of the date received from BE + * @param value + * @returns {*} + */ + function getDateString(value) { + var tmp = value.split('_'), + str = tmp[0].split('-').reverse().join('-') + 'T' + tmp[1]; + return dateToString(new Date(str)); + } + + /** + * Create a `tr` element with content + * @param content + * @returns {string} + */ + function createTR(content) { + var res = '' + data[2], {title: data[1]}), + createTD(getSize(dlSpeed) + '/s', {right: true}), + createTD(getSize(upSpeed) + '/s', {right: true}), + createTD(getSize(data[3]), {right: true}), + createTD(getSize(data[4]), {right: true}), + createTD(getSize(data[5]), {right: true}), + createTD(getDateString(data[6])), + createTD(getDateString(data[7])) + ]; + + // display row data + var result = ''; + for (var k = 0; k < displayData.length; k++) { + result += displayData[k]; + } + result = createTR(result); + return [result, rowData]; + } + + /** + * Creates the HTML output based on the `data` and `totals` inputs + * @param data + * @param totals + * @returns {string} HTML output + */ + function getDisplayData(data, totals) { + var result = + createTH('瀹㈡埛绔', {id: 'thClient'}) + + createTH('涓嬭浇甯﹀', {id: 'thDownload'}) + + createTH('涓婁紶甯﹀', {id: 'thUpload'}) + + createTH('鎬讳笅杞芥祦閲', {id: 'thTotalDown'}) + + createTH('鎬讳笂浼犳祦閲', {id: 'thTotalUp'}) + + createTH('娴侀噺鍚堣', {id: 'thTotal'}) + + createTH('棣栨涓婄嚎鏃堕棿', {id: 'thFirstSeen'}) + + createTH('鏈鍚庝笂绾挎椂闂', {id: 'thLastSeen'}); + result = createTR(result); + for (var k = 0; k < data.length; k++) { + result += data[k][0]; + } + var totalsRow = createTH('鎬昏'); + for (var m = 0; m < totals.length; m++) { + var t = totals[m]; + totalsRow += createTD(getSize(t) + (m < 2 ? '/s' : ''), {right: true}); + } + result += createTR(totalsRow); + return result; + } + + /** + * Calculates per host sub-totals and adds them in the data input + * @param data The data input + */ + function aggregateHostTotals(data) { + if (!wrt.perHostTotals) return; + + var curHost = 0, insertAt = 1; + while (curHost < data.length && insertAt < data.length) { + // grab the current hostname/mac, and walk the data looking for rows with the same host/mac + var hostName = data[curHost][1][0].toLowerCase(); + for (var k = curHost + 1; k < data.length; k++) { + if (data[k][1][0].toLowerCase() === hostName) { + // this is another row for the same host, group it with any other rows for this host + data.splice(insertAt, 0, data.splice(k, 1)[0]); + insertAt++; + } + } + + // if we found more than one row for the host, add a subtotal row + if (insertAt > curHost + 1) { + var hostTotals = [data[curHost][1][0], '', '', 0, 0, 0, 0, 0]; + for (var i = curHost; i < insertAt && i < data.length; i++) { + for (var j = 3; j < hostTotals.length; j++) { + hostTotals[j] += data[i][1][j]; + } + } + var hostTotalRow = createTH(data[curHost][1][0] + '
(host total)', {title: data[curHost][1][1]}); + for (var m = 3; m < hostTotals.length; m++) { + var t = hostTotals[m]; + hostTotalRow += createTD(getSize(t) + (m < 5 ? '/s' : ''), {right: true}); + } + hostTotalRow = createTR(hostTotalRow); + data.splice(insertAt, 0, [hostTotalRow, hostTotals]); + } + curHost = insertAt; + insertAt = curHost + 1; + } + } + + /** + * Sorting function used to sort the `data`. Uses the global sort settings + * @param x first item to compare + * @param y second item to compare + * @returns {number} 1 for desc, -1 for asc, 0 for equal + */ + function sortingFunction(x, y) { + // get data from global variable + var sortColumn = wrt.sortData.column, sortDirection = wrt.sortData.dir; + var a = x[1][sortColumn]; + var b = y[1][sortColumn]; + if (a === b) { + return 0; + } else if (sortDirection === 'desc') { + return a < b ? 1 : -1; + } else { + return a > b ? 1 : -1; + } + } + + /** + * Sets the relevant global sort variables and re-renders the table to apply the new sorting + * @param elId + * @param column + */ + function setSortColumn(elId, column) { + if (column === wrt.sortData.column) { + // same column clicked, switch direction + wrt.sortData.dir = wrt.sortData.dir === 'desc' ? 'asc' : 'desc'; + } else { + // change sort column + wrt.sortData.column = column; + // reset sort direction + wrt.sortData.dir = 'desc'; + } + wrt.sortData.elId = elId; + + // render table data from cache + renderTableData(wrt.sortData.cache.data, wrt.sortData.cache.totals); + } + + /** + * Registers the table events handlers for sorting when clicking the column headers + */ + function registerTableEventHandlers() { + // note these ordinals are into the data array, not the table output + document.getElementById('thClient').addEventListener('click', function () { + setSortColumn(this.id, 0); // hostname + }); + document.getElementById('thDownload').addEventListener('click', function () { + setSortColumn(this.id, 3); // dl speed + }); + document.getElementById('thUpload').addEventListener('click', function () { + setSortColumn(this.id, 4); // ul speed + }); + document.getElementById('thTotalDown').addEventListener('click', function () { + setSortColumn(this.id, 5); // total down + }); + document.getElementById('thTotalUp').addEventListener('click', function () { + setSortColumn(this.id, 6); // total up + }); + document.getElementById('thTotal').addEventListener('click', function () { + setSortColumn(this.id, 7); // total + }); + } + + /** + * Fetches and handles the updated `values` from the BE + * @param once If set to true, it re-schedules itself for execution based on selected interval + */ + function receiveData(once) { + var ajax = new XMLHttpRequest(); + ajax.onreadystatechange = function () { + // noinspection EqualityComparisonWithCoercionJS + if (this.readyState == 4 && this.status == 200) { + var re = /(var values = new Array[^;]*;)/, + match = ajax.responseText.match(re); + if (!match) { + handleError(); + } else { + // evaluate values + eval(match[1]); + //noinspection JSUnresolvedVariable + var v = values; + if (!v) { + handleError(); + } else { + handleValues(v); + // set old values + oldValues = v; + // set old date + oldDate = new Date(); + document.getElementById('updated').innerHTML = '鏁版嵁鏇存柊鏃堕棿 ' + dateToString(oldDate); + } + } + var int = wrt.interval; + if (!once && int > 0) reschedule(int); + } + }; + ajax.open('GET', basePath + '/usage_data', true); + ajax.send(); + } + + /** + * Registers DOM event listeners for user interaction + */ + function addEventListeners() { + document.getElementById('intervalSelect').addEventListener('change', function () { + var int = wrt.interval = this.value; + if (int > 0) { + // it is not scheduled, schedule it + if (!wrt.isScheduled) { + reschedule(int); + } + } else { + // stop the scheduling + stopSchedule(); + } + }); + + document.getElementById('resetDatabase').addEventListener('click', function () { + if (confirm('This will delete the database file. Are you sure?')) { + var ajax = new XMLHttpRequest(); + ajax.onreadystatechange = function () { + // noinspection EqualityComparisonWithCoercionJS + if (this.readyState == 4 && this.status == 204) { + location.reload(); + } + }; + ajax.open('GET', basePath + '/usage_reset', true); + ajax.send(); + } + }); + + document.getElementById('perHostTotals').addEventListener('change', function () { + wrt.perHostTotals = !wrt.perHostTotals; + }); + } + + //---------------------- + // AUTO-UPDATE + //---------------------- + + /** + * Stop auto-update schedule + */ + function stopSchedule() { + window.clearTimeout(wrt.scheduleTimeout); + window.clearTimeout(wrt.updateTimeout); + setUpdateMessage(''); + wrt.isScheduled = false; + } + + /** + * Start auto-update schedule + * @param seconds + */ + function reschedule(seconds) { + wrt.isScheduled = true; + seconds = seconds || 60; + updateSeconds(seconds); + wrt.scheduleTimeout = window.setTimeout(receiveData, seconds * 1000); + } + + /** + * Sets the text of the `#updating` element + * @param msg + */ + function setUpdateMessage(msg) { + document.getElementById('updating').innerHTML = msg; + } + + /** + * Updates the 'Updating in X seconds' message + * @param start + */ + function updateSeconds(start) { + setUpdateMessage('鍊掓暟 ' + start + ' 绉掑悗鍒锋柊.'); + if (start > 0) { + wrt.updateTimeout = window.setTimeout(function () { + updateSeconds(start - 1); + }, 1000); + } + } + + //---------------------- + // END AUTO-UPDATE + //---------------------- + + /** + * Check for dependency, and if all is well, run callback + * @param cb Callback function + */ + function checkForDependency(cb) { + var ajax = new XMLHttpRequest(); + ajax.onreadystatechange = function () { + // noinspection EqualityComparisonWithCoercionJS + if (this.readyState == 4 && this.status == 200) { + // noinspection EqualityComparisonWithCoercionJS + if (ajax.responseText == "1") { + cb(); + } else { + alert("wrtbwmon is not installed!"); + } + } + }; + ajax.open('GET', basePath + '/check_dependency', true); + ajax.send(); + } + + checkForDependency(function () { + // register events + addEventListeners(); + // Main entry point + receiveData(); + }); + +})(); diff --git a/package/lean/luci-app-wrtbwmon/luasrc/controller/wrtbwmon.lua b/package/lean/luci-app-wrtbwmon/luasrc/controller/wrtbwmon.lua new file mode 100644 index 000000000..25909c846 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/luasrc/controller/wrtbwmon.lua @@ -0,0 +1,43 @@ +module("luci.controller.wrtbwmon", package.seeall) + +function index() + entry({"admin", "nlbw", "usage"}, alias("admin", "nlbw", "usage", "details"), _("Usage"), 60) + entry({"admin", "nlbw", "usage", "details"}, template("wrtbwmon"), _("Details"), 10).leaf=true + entry({"admin", "nlbw", "usage", "config"}, cbi("wrtbwmon/config"), _("Configuration"), 20).leaf=true + entry({"admin", "nlbw", "usage", "custom"}, form("wrtbwmon/custom"), _("User file"), 30).leaf=true + entry({"admin", "nlbw", "usage", "check_dependency"}, call("check_dependency")).dependent=true + entry({"admin", "nlbw", "usage", "usage_data"}, call("usage_data")).dependent=true + entry({"admin", "nlbw", "usage", "usage_reset"}, call("usage_reset")).dependent=true +end + +function usage_database_path() + local cursor = luci.model.uci.cursor() + if cursor:get("wrtbwmon", "general", "persist") == "1" then + return "/etc/config/usage.db" + else + return "/tmp/usage.db" + end +end + +function check_dependency() + local ret = "0" + if require("luci.model.ipkg").installed('iptables') then + ret = "1" + end + luci.http.prepare_content("text/plain") + luci.http.write(ret) +end + +function usage_data() + local db = usage_database_path() + local publish_cmd = "wrtbwmon publish " .. db .. " /tmp/usage.htm /etc/config/wrtbwmon.user" + local cmd = "wrtbwmon update " .. db .. " && " .. publish_cmd .. " && cat /tmp/usage.htm" + luci.http.prepare_content("text/html") + luci.http.write(luci.sys.exec(cmd)) +end + +function usage_reset() + local db = usage_database_path() + local ret = luci.sys.call("wrtbwmon update " .. db .. " && rm " .. db) + luci.http.status(204) +end diff --git a/package/lean/luci-app-wrtbwmon/luasrc/model/cbi/wrtbwmon/config.lua b/package/lean/luci-app-wrtbwmon/luasrc/model/cbi/wrtbwmon/config.lua new file mode 100644 index 000000000..10edc41cf --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/luasrc/model/cbi/wrtbwmon/config.lua @@ -0,0 +1,18 @@ +local m = Map("wrtbwmon", "璇︾粏璁剧疆") + +local s = m:section(NamedSection, "general", "wrtbwmon", "閫氱敤璁剧疆") + +local o = s:option(Flag, "persist", "鍐欏叆鏁版嵁搴撳埌ROM", + "鎶婄粺璁℃暟鎹啓鍏 /etc/config 涓伩鍏嶉噸鍚垨鑰呭崌绾у悗涓㈠け 锛堥渶瑕佸崰鐢≧OM绌洪棿骞堕檷浣庨棯瀛樺鍛斤級") +o.rmempty = false + +function o.write(self, section, value) + if value == '1' then + luci.sys.call("mv /tmp/usage.db /etc/config/usage.db") + elseif value == '0' then + luci.sys.call("mv /etc/config/usage.db /tmp/usage.db") + end + return Flag.write(self, section ,value) +end + +return m diff --git a/package/lean/luci-app-wrtbwmon/luasrc/model/cbi/wrtbwmon/custom.lua b/package/lean/luci-app-wrtbwmon/luasrc/model/cbi/wrtbwmon/custom.lua new file mode 100644 index 000000000..f8e3eeeb7 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/luasrc/model/cbi/wrtbwmon/custom.lua @@ -0,0 +1,23 @@ +local USER_FILE_PATH = "/etc/config/wrtbwmon.user" + +local fs = require "nixio.fs" + +local f = SimpleForm("wrtbwmon", + "鑷畾涔塎AC鍦板潃瀵瑰簲鐨勪富鏈哄悕", + "姣忎竴琛岀殑鏍煎紡涓 00:aa:bb:cc:ee:ff,username 锛堜笉鏀寔涓枃涓绘満鍚嶏級") + +local o = f:field(Value, "_custom") + +o.template = "cbi/tvalue" +o.rows = 20 + +function o.cfgvalue(self, section) + return fs.readfile(USER_FILE_PATH) +end + +function o.write(self, section, value) + value = value:gsub("\r\n?", "\n") + fs.writefile(USER_FILE_PATH, value) +end + +return f diff --git a/package/lean/luci-app-wrtbwmon/luasrc/view/wrtbwmon.htm b/package/lean/luci-app-wrtbwmon/luasrc/view/wrtbwmon.htm new file mode 100644 index 000000000..21bac7a45 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/luasrc/view/wrtbwmon.htm @@ -0,0 +1,46 @@ +<%+header%> +

瀹㈡埛绔疄鏃舵祦閲忕洃娴 (鏆備笉鍏煎SFE鍜孎LOW鍔犻)

+

+ +

+

+ + + +
+ + + +

+ + +
Loading...
+ + +<%+footer%> diff --git a/package/lean/luci-app-wrtbwmon/po/zh-cn/wrtbwmon.po b/package/lean/luci-app-wrtbwmon/po/zh-cn/wrtbwmon.po new file mode 100644 index 000000000..47e8ea29d --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/po/zh-cn/wrtbwmon.po @@ -0,0 +1,30 @@ +msgid "Usage" +msgstr "瀹炴椂娴侀噺鐩戞祴" + +msgid "Details" +msgstr "璇︾粏淇℃伅" + +msgid "Configuration" +msgstr "閰嶇疆" + +msgid "User file" +msgstr "鑷畾涔変富鏈轰俊鎭" + +msgid "Usage - Configuration" +msgstr "璇︾粏璁剧疆" + +msgid "General settings" +msgstr "閫氱敤璁剧疆" + +msgid "Persist database" +msgstr "鍐欏叆鏁版嵁搴撳埌纭洏" + +msgid "Check this to persist the database file under /etc/config. " +msgstr "鎶婄粺璁℃暟鎹啓鍏 /etc/config 涓伩鍏嶉噸鍚垨鑰呭崌绾у悗涓㈠け 锛堥渶瑕佸崰鐢ㄧ┖闂村苟闄嶄綆ROM瀵垮懡锛" + +msgid "Usage - Custom User File" +msgstr "鑷畾涔塎AC鍦板潃瀵瑰簲鐨勪富鏈哄悕" + +msgid "This file is used to match users with MAC addresses and it must have the following format: 00:aa:bb:cc:ee:ff,username" +msgstr "姣忎竴琛岀殑鏍煎紡涓 00:aa:bb:cc:ee:ff,username 锛堜笉鏀寔涓枃涓绘満鍚嶏級" + diff --git a/package/lean/luci-app-wrtbwmon/root/etc/config/wrtbwmon b/package/lean/luci-app-wrtbwmon/root/etc/config/wrtbwmon new file mode 100644 index 000000000..419270dba --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/root/etc/config/wrtbwmon @@ -0,0 +1,4 @@ + +config wrtbwmon 'general' + option persist '0' + diff --git a/package/lean/luci-app-wrtbwmon/root/etc/init.d/wrtbwmon b/package/lean/luci-app-wrtbwmon/root/etc/init.d/wrtbwmon new file mode 100755 index 000000000..d57c09ae1 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/root/etc/init.d/wrtbwmon @@ -0,0 +1,22 @@ +#!/bin/sh /etc/rc.common +# +# start/stop wrtbwmon bandwidth monitor + +### BEGIN INIT INFO +# Provides: wrtbwmon +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: iptables-based bandwidth monitor +### END INIT INFO + +START=91 + +start(){ + /usr/sbin/wrtbwmon setup /tmp/usage.db +} + +stop(){ + /usr/sbin/wrtbwmon remove +} diff --git a/package/lean/luci-app-wrtbwmon/root/etc/uci-defaults/luci-wrtbwmon b/package/lean/luci-app-wrtbwmon/root/etc/uci-defaults/luci-wrtbwmon new file mode 100755 index 000000000..c86001a6f --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/root/etc/uci-defaults/luci-wrtbwmon @@ -0,0 +1,5 @@ +#!/bin/sh + +/etc/init.d/wrtbwmon enable +/etc/init.d/wrtbwmon start +exit 0 diff --git a/package/lean/luci-app-wrtbwmon/root/usr/sbin/readDB.awk b/package/lean/luci-app-wrtbwmon/root/usr/sbin/readDB.awk new file mode 100755 index 000000000..fe67e4ae8 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/root/usr/sbin/readDB.awk @@ -0,0 +1,157 @@ +#!/usr/bin/awk + +function inInterfaces(host){ + return(interfaces ~ "(^| )"host"($| )") +} + +function newRule(arp_ip, + ipt_cmd){ + # checking for existing rules shouldn't be necessary if newRule is + # always called after db is read, arp table is read, and existing + # iptables rules are read. + ipt_cmd="iptables -t mangle -j RETURN -s " arp_ip + system(ipt_cmd " -C RRDIPT_FORWARD 2>/dev/null || " ipt_cmd " -A RRDIPT_FORWARD") + ipt_cmd="iptables -t mangle -j RETURN -d " arp_ip + system(ipt_cmd " -C RRDIPT_FORWARD 2>/dev/null || " ipt_cmd " -A RRDIPT_FORWARD") +} + +function total(i){ + return(bw[i "/in"] + bw[i "/out"]) +} + +function date( cmd, d){ + cmd="date +%d-%m-%Y_%H:%M:%S" + cmd | getline d + close(cmd) + #!@todo could start a process with "while true; do date ...; done" + return(d) +} + +BEGIN { + od="" + fid=1 + debug=0 + rrd=0 +} + +/^#/ { # get DB filename + FS="," + dbFile=FILENAME + next +} + +# data from database; first file +FNR==NR { #!@todo this doesn't help if the DB file is empty. + if($2 == "NA") + #!@todo could get interface IP here + n=$1 + else + n=$2 + + hosts[n] = "" # add this host/interface to hosts + mac[n] = $1 + ip[n] = $2 + inter[n] = $3 + bw[n "/in"] = $4 + bw[n "/out"] = $5 + firstDate[n] = $7 + lastDate[n] = $8 + next +} + +# not triggered on the first file +FNR==1 { + FS=" " + fid++ #!@todo use fid for all files; may be problematic for empty files + next +} + +# arp: ip hw flags hw_addr mask device +fid==2 { + #!@todo regex match IPs and MACs for sanity + arp_ip = $1 + arp_flags = $3 + arp_mac = $4 + arp_dev = $6 + if(arp_flags != "0x0" && !(arp_ip in ip)){ + if(debug) + print "new host:", arp_ip, arp_flags > "/dev/stderr" + hosts[arp_ip] = "" + mac[arp_ip] = arp_mac + ip[arp_ip] = arp_ip + inter[arp_ip] = arp_dev + bw[arp_ip "/in"] = bw[arp_ip "/out"] = 0 + firstDate[arp_ip] = lastDate[arp_ip] = date() + } + next +} + +#!@todo could use mangle chain totals or tailing "unnact" rules to +# account for data for new hosts from their first presence on the +# network to rule creation. The "unnact" rules would have to be +# maintained at the end of the list, and new rules would be inserted +# at the top. + +# skip line +# read the chain name and deal with the data accordingly +fid==3 && $1 == "Chain"{ + rrd=$2 ~ /RRDIPT_.*/ + next +} + +fid==3 && rrd && (NF < 9 || $1=="pkts"){ next } + +fid==3 && rrd { # iptables input + if($6 != "*"){ + m=$6 + n=m "/out" + } else if($7 != "*"){ + m=$7 + n=m "/in" + } else if($8 != "0.0.0.0/0"){ + m=$8 + n=m "/out" + } else { # $9 != "0.0.0.0/0" + m=$9 + n=m "/in" + } + + # remove host from array; any hosts left in array at END get new + # iptables rules + + #!@todo this deletes a host if any rule exists; if only one + # directional rule is removed, this will not remedy the situation + delete hosts[m] + + if($2 > 0){ # counted some bytes + if(mode == "diff" || mode == "noUpdate") + print n, $2 + if(mode!="noUpdate"){ + if(inInterfaces(m)){ # if label is an interface + if(!(m in mac)){ # if label was not in db (also not in + # arp table, but interfaces won't be + # there anyway) + firstDate[m] = date() + mac[m] = inter[m] = m + ip[m] = "NA" + bw[m "/in"]=bw[m "/out"]= 0 + } + } + bw[n]+=$2 + lastDate[m] = date() + } + } +} + +END { + if(mode=="noUpdate") exit + close(dbFile) + system("rm -f " dbFile) + print "#mac,ip,iface,in,out,total,first_date,last_date" > dbFile + OFS="," + for(i in mac) + print mac[i], ip[i], inter[i], bw[i "/in"], bw[i "/out"], total(i), firstDate[i], lastDate[i] > dbFile + close(dbFile) + # for hosts without rules + for(host in hosts) if(!inInterfaces(host)) newRule(host) +} diff --git a/package/lean/luci-app-wrtbwmon/root/usr/sbin/wrtbwmon b/package/lean/luci-app-wrtbwmon/root/usr/sbin/wrtbwmon new file mode 100755 index 000000000..b2c0b9a07 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/root/usr/sbin/wrtbwmon @@ -0,0 +1,301 @@ +#!/bin/sh +# +# wrtbwmon: traffic logging tool for routers +# +# Peter Bailey (peter.eldridge.bailey+wrtbwmon AT gmail.com) +# +# Based on work by: +# Emmanuel Brucy (e.brucy AT qut.edu.au) +# Fredrik Erlandsson (erlis AT linux.nu) +# twist - http://wiki.openwrt.org/RrdTrafficWatch + +trap "rm -f /tmp/*_$$.tmp; kill $$" INT +binDir=/usr/sbin +dataDir=/usr/share/wrtbwmon +lockDir=/tmp/wrtbwmon.lock +pidFile=$lockDir/pid +networkFuncs=/lib/functions/network.sh +uci=`which uci 2>/dev/null` +nslookup=`which nslookup 2>/dev/null` +nvram=`which nvram 2>/dev/null` + +chains='INPUT OUTPUT FORWARD' +DEBUG= +interfaces='eth0 tun0' # in addition to detected WAN +DB=$2 +mode= + +# DNS server for reverse lookups provided in "DNS". +# don't perform reverse DNS lookups by default +DO_RDNS=${DNS-} + +header="#mac,ip,iface,in,out,total,first_date,last_date" + +createDbIfMissing() +{ + [ ! -f "$DB" ] && echo $header > "$DB" +} + +checkDbArg() +{ + [ -z "$DB" ] && echo "ERROR: Missing argument 2 (database file)" && exit 1 +} + +checkDB() +{ + [ ! -f "$DB" ] && echo "ERROR: $DB does not exist" && exit 1 + [ ! -w "$DB" ] && echo "ERROR: $DB is not writable" && exit 1 +} + +checkWAN() +{ + [ -z "$wan" ] && echo "Warning: failed to detect WAN interface." +} + +lookup() +{ + MAC=$1 + IP=$2 + userDB=$3 + for USERSFILE in $userDB /tmp/dhcp.leases /tmp/dnsmasq.conf /etc/dnsmasq.conf /etc/hosts; do + [ -e "$USERSFILE" ] || continue + case $USERSFILE in + /tmp/dhcp.leases ) + USER=$(grep -i "$MAC" $USERSFILE | cut -f4 -s -d' ') + ;; + /etc/hosts ) + USER=$(grep "^$IP " $USERSFILE | cut -f2 -s -d' ') + ;; + * ) + USER=$(grep -i "$MAC" "$USERSFILE" | cut -f2 -s -d,) + ;; + esac + [ "$USER" = "*" ] && USER= + [ -n "$USER" ] && break + done + if [ -n "$DO_RDNS" -a -z "$USER" -a "$IP" != "NA" -a -n "$nslookup" ]; then + USER=`$nslookup $IP $DNS | awk '!/server can/{if($4){print $4; exit}}' | sed -re 's/[.]$//'` + fi + [ -z "$USER" ] && USER=${MAC} + echo $USER +} + +detectIF() +{ + if [ -f "$networkFuncs" ]; then + IF=`. $networkFuncs; network_get_device netdev $1; echo $netdev` + [ -n "$IF" ] && echo $IF && return + fi + + if [ -n "$uci" -a -x "$uci" ]; then + IF=`$uci get network.${1}.ifname 2>/dev/null` + [ $? -eq 0 -a -n "$IF" ] && echo $IF && return + fi + + if [ -n "$nvram" -a -x "$nvram" ]; then + IF=`$nvram get ${1}_ifname 2>/dev/null` + [ $? -eq 0 -a -n "$IF" ] && echo $IF && return + fi +} + +detectLAN() +{ + [ -e /sys/class/net/br-lan ] && echo br-lan && return + lan=$(detectIF lan) + [ -n "$lan" ] && echo $lan && return +} + +detectWAN() +{ + [ -n "$WAN_IF" ] && echo $WAN_IF && return + wan=$(detectIF wan) + [ -n "$wan" ] && echo $wan && return + wan=$(ip route show 2>/dev/null | grep default | sed -re '/^default/ s/default.*dev +([^ ]+).*/\1/') + [ -n "$wan" ] && echo $wan && return + [ -f "$networkFuncs" ] && wan=$(. $networkFuncs; network_find_wan wan; echo $wan) + [ -n "$wan" ] && echo $wan && return +} + +lock() +{ + attempts=0 + while [ $attempts -lt 10 ]; do + mkdir $lockDir 2>/dev/null && break + attempts=$((attempts+1)) + pid=`cat $pidFile 2>/dev/null` + if [ -n "$pid" ]; then + if [ -d "/proc/$pid" ]; then + [ -n "$DEBUG" ] && echo "WARNING: Lockfile detected but process $(cat $pidFile) does not exist !" + rm -rf $lockDir + else + sleep 1 + fi + fi + done + mkdir $lockDir 2>/dev/null + echo $$ > $pidFile + [ -n "$DEBUG" ] && echo $$ "got lock after $attempts attempts" + trap '' INT +} + +unlock() +{ + rm -rf $lockDir + [ -n "$DEBUG" ] && echo $$ "released lock" + trap "rm -f /tmp/*_$$.tmp; kill $$" INT +} + +# chain +newChain() +{ + chain=$1 + # Create the RRDIPT_$chain chain (it doesn't matter if it already exists). + iptables -t mangle -N RRDIPT_$chain 2> /dev/null + + # Add the RRDIPT_$chain CHAIN to the $chain chain if not present + iptables -t mangle -C $chain -j RRDIPT_$chain 2>/dev/null + if [ $? -ne 0 ]; then + [ -n "$DEBUG" ] && echo "DEBUG: iptables chain misplaced, recreating it..." + iptables -t mangle -I $chain -j RRDIPT_$chain + fi +} + +# chain tun +newRuleIF() +{ + chain=$1 + IF=$2 + + #!@todo test + if [ "$chain" = "OUTPUT" ]; then + cmd="iptables -t mangle -o $IF -j RETURN" + eval $cmd " -C RRDIPT_$chain 2>/dev/null" || eval $cmd " -A RRDIPT_$chain" + elif [ "$chain" = "INPUT" ]; then + cmd="iptables -t mangle -i $IF -j RETURN" + eval $cmd " -C RRDIPT_$chain 2>/dev/null" || eval $cmd " -A RRDIPT_$chain" + fi +} + +update() +{ + #!@todo could let readDB.awk handle this; that would place header + #!info in fewer places + createDbIfMissing + + checkDB + checkWAN + + > /tmp/iptables_$$.tmp + lock + # only zero our own chains + for chain in $chains; do + iptables -nvxL RRDIPT_$chain -t mangle -Z >> /tmp/iptables_$$.tmp + done + # the iptables and readDB commands have to be separate. Otherwise, + # they will fight over iptables locks + awk -v mode="$mode" -v interfaces=\""$interfaces"\" -f $binDir/readDB.awk \ + $DB \ + /proc/net/arp \ + /tmp/iptables_$$.tmp + unlock +} + +############################################################ + +case $1 in + "dump" ) + checkDbArg + lock + tr ',' '\t' < "$DB" + unlock + ;; + + "update" ) + checkDbArg + wan=$(detectWAN) + interfaces="$interfaces $wan" + update + rm -f /tmp/*_$$.tmp + exit + ;; + + "publish" ) + checkDbArg + [ -z "$3" ] && echo "ERROR: Missing argument 3 (output html file)" && exit 1 + + # sort DB + lock + + # busybox sort truncates numbers to 32 bits + grep -v '^#' $DB | awk -F, '{OFS=","; a=sprintf("%f",$4/1e6); $4=""; print a,$0}' | tr -s ',' | sort -rn | awk -F, '{OFS=",";$1=sprintf("%f",$1*1e6);print}' > /tmp/sorted_$$.tmp + + # create HTML page + rm -f $3.tmp + cp $dataDir/usage.htm1 $3.tmp + + #!@todo fix publishing + while IFS=, read PEAKUSAGE_IN MAC IP IFACE PEAKUSAGE_OUT TOTAL FIRSTSEEN LASTSEEN + do + echo " +new Array(\"$(lookup $MAC $IP $4)\",\"$MAC\",\"$IP\", +$PEAKUSAGE_IN,$PEAKUSAGE_OUT,$TOTAL,\"$FIRSTSEEN\",\"$LASTSEEN\")," >> $3.tmp + done < /tmp/sorted_$$.tmp + echo "0);" >> $3.tmp + + sed "s/(date)/`date`/" < $dataDir/usage.htm2 >> $3.tmp + mv $3.tmp $3 + + unlock + + #Free some memory + rm -f /tmp/*_$$.tmp + ;; + + "setup" ) + checkDbArg + [ -w "$DB" ] && echo "Warning: using existing $DB" + createDbIfMissing + + for chain in $chains; do + newChain $chain + done + + #lan=$(detectLAN) + wan=$(detectWAN) + checkWAN + interfaces="$interfaces $wan" + + # track local data + for chain in INPUT OUTPUT; do + for interface in $interfaces; do + [ -n "$interface" ] && [ -e "/sys/class/net/$interface" ] && newRuleIF $chain $interface + done + done + + # this will add rules for hosts in arp table + update + + rm -f /tmp/*_$$.tmp + ;; + + "remove" ) + iptables-save | grep -v RRDIPT | iptables-restore + rm -rf "$lockDir" + ;; + + *) + echo \ +"Usage: $0 {setup|update|publish|remove} [options...] +Options: + $0 setup database_file + $0 update database_file + $0 publish database_file path_of_html_report [user_file] +Examples: + $0 setup /tmp/usage.db + $0 update /tmp/usage.db + $0 publish /tmp/usage.db /www/user/usage.htm /jffs/users.txt + $0 remove +Note: [user_file] is an optional file to match users with MAC addresses. + Its format is \"00:MA:CA:DD:RE:SS,username\", with one entry per line." + ;; +esac diff --git a/package/lean/luci-app-wrtbwmon/root/usr/share/wrtbwmon/usage.htm1 b/package/lean/luci-app-wrtbwmon/root/usr/share/wrtbwmon/usage.htm1 new file mode 100644 index 000000000..1f0c342a7 --- /dev/null +++ b/package/lean/luci-app-wrtbwmon/root/usr/share/wrtbwmon/usage.htm1 @@ -0,0 +1,23 @@ +Traffic + +

Total Usage:

+ + + + + + + + + +
UserDownloadUploadTotalFirst seenLast seen
+
This page was generated on (date) + diff --git a/package/lean/luci-app-xlnetacc/Makefile b/package/lean/luci-app-xlnetacc/Makefile new file mode 100644 index 000000000..f60c4e486 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/Makefile @@ -0,0 +1,69 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=luci-app-xlnetacc +PKG_VERSION:=1.0.3 +PKG_RELEASE:=9 + +PKG_LICENSE:=GPLv2 +PKG_MAINTAINER:=Sense + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=luci + CATEGORY:=LuCI + SUBMENU:=3. Applications + TITLE:=LuCI Support for XLNetAcc + PKGARCH:=all + DEPENDS:=+jshn +wget +openssl-util +endef + +define Package/$(PKG_NAME)/description + LuCI Support for XLNetAcc. +endef + +define Build/Prepare + $(foreach po,$(wildcard ${CURDIR}/files/luci/i18n/*.po), \ + po2lmo $(po) $(PKG_BUILD_DIR)/$(patsubst %.po,%.lmo,$(notdir $(po)));) +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/$(PKG_NAME)/postinst +#!/bin/sh +if [ -z "$${IPKG_INSTROOT}" ]; then + ( . /etc/uci-defaults/luci-xlnetacc ) && rm -f /etc/uci-defaults/luci-xlnetacc +fi +exit 0 +endef + +define Package/$(PKG_NAME)/conffiles + /etc/config/xlnetacc +endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n + $(INSTALL_DATA) $(PKG_BUILD_DIR)/xlnetacc.*.lmo $(1)/usr/lib/lua/luci/i18n/ + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller + $(INSTALL_DATA) ./files/luci/controller/*.lua $(1)/usr/lib/lua/luci/controller/ + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi + $(INSTALL_DATA) ./files/luci/model/cbi/*.lua $(1)/usr/lib/lua/luci/model/cbi/ + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/view/xlnetacc + $(INSTALL_DATA) ./files/luci/view/xlnetacc/*.htm $(1)/usr/lib/lua/luci/view/xlnetacc/ + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/root/etc/config/xlnetacc $(1)/etc/config/xlnetacc + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/root/etc/init.d/xlnetacc $(1)/etc/init.d/xlnetacc + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_BIN) ./files/root/etc/hotplug.d/iface/95-xlnetacc $(1)/etc/hotplug.d/iface/95-xlnetacc + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/root/etc/uci-defaults/luci-xlnetacc $(1)/etc/uci-defaults/luci-xlnetacc + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) ./files/root/usr/bin/xlnetacc.sh $(1)/usr/bin/xlnetacc.sh +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/lean/luci-app-xlnetacc/files/luci/controller/xlnetacc.lua b/package/lean/luci-app-xlnetacc/files/luci/controller/xlnetacc.lua new file mode 100644 index 000000000..ab9d92947 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/luci/controller/xlnetacc.lua @@ -0,0 +1,47 @@ +module("luci.controller.xlnetacc", package.seeall) + +function index() + if not nixio.fs.access("/etc/config/xlnetacc") then + return + end + + entry({"admin", "services", "xlnetacc"}, + firstchild(), _("XLNetAcc")).dependent = false + + entry({"admin", "services", "xlnetacc", "general"}, + cbi("xlnetacc"), _("Settings"), 1) + + entry({"admin", "services", "xlnetacc", "log"}, + template("xlnetacc/logview"), _("Log"), 2) + + entry({"admin", "services", "xlnetacc", "status"}, call("action_status")) + entry({"admin", "services", "xlnetacc", "logdata"}, call("action_log")) +end + +local function is_running() + return luci.sys.call("(ps | grep xlnetacc.sh | grep -v 'grep') >/dev/null" ) == 0 +end + +function action_status() + luci.http.prepare_content("application/json") + luci.http.write_json({ + run_state = is_running(), + down_state = nixio.fs.readfile("/var/state/xlnetacc_down_state") or "", + up_state = nixio.fs.readfile("/var/state/xlnetacc_up_state") or "" + }) +end + +function action_log() + local uci = require "luci.model.uci".cursor() + local util = require "luci.util" + local log_data = { } + + log_data.syslog = util.trim(util.exec("logread | grep xlnetacc")) + if uci:get("xlnetacc", "general", "logging") ~= "0" then + log_data.client = nixio.fs.readfile("/var/log/xlnetacc.log") or "" + end + uci:unload("xlnetacc") + + luci.http.prepare_content("application/json") + luci.http.write_json(log_data) +end diff --git a/package/lean/luci-app-xlnetacc/files/luci/i18n/xlnetacc.zh-cn.lmo b/package/lean/luci-app-xlnetacc/files/luci/i18n/xlnetacc.zh-cn.lmo new file mode 100644 index 000000000..3c0764141 Binary files /dev/null and b/package/lean/luci-app-xlnetacc/files/luci/i18n/xlnetacc.zh-cn.lmo differ diff --git a/package/lean/luci-app-xlnetacc/files/luci/i18n/xlnetacc.zh-cn.po b/package/lean/luci-app-xlnetacc/files/luci/i18n/xlnetacc.zh-cn.po new file mode 100644 index 000000000..80c6b9d23 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/luci/i18n/xlnetacc.zh-cn.po @@ -0,0 +1,92 @@ +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8\n" + +msgid "XLNetAcc" +msgstr "杩呴浄蹇笩" + +msgid "XLNetAcc is a Thunder joint broadband operators launched a commitment to help users solve the low broadband, slow Internet access, poor Internet experience of professional-grade broadband upgrade software." +msgstr "杩呴浄蹇笩鏄繀闆疯仈鍚堝甯﹁繍钀ュ晢鎺ㄥ嚭鐨勪竴娆捐嚧鍔涗簬甯姪鐢ㄦ埛瑙e喅瀹藉甫浣庛佺綉閫熸參銆佷笂缃戜綋楠屽樊鐨勪笓涓氱骇瀹藉甫鍔犻熻蒋浠躲" + +msgid "Settings" +msgstr "璁剧疆" + +msgid "Log" +msgstr "鏃ュ織" + +msgid "Running Status" +msgstr "杩愯鐘舵" + +msgid "XLNetAcc Running Status" +msgstr "蹇笩杩愯鐘舵" + +msgid "DownLink Upgrade Status" +msgstr "涓嬭鎻愰熺姸鎬" + +msgid "UpLink Upgrade Status" +msgstr "涓婅鎻愰熺姸鎬" + +msgid "RUNNING" +msgstr "杩愯涓" + +msgid "NOT RUNNING" +msgstr "鏈繍琛" + +msgid "No upgrade information" +msgstr "鏆傛棤鎻愰熶俊鎭" + +msgid "General Settings" +msgstr "鍩烘湰璁剧疆" + +msgid "Enabled" +msgstr "鍚敤" + +msgid "Enable DownLink Upgrade" +msgstr "寮鍚笅琛屾彁閫" + +msgid "Enable UpLink Upgrade" +msgstr "寮鍚笂琛屾彁閫" + +msgid "Enable Logging" +msgstr "鍚敤鏃ュ織璁板綍" + +msgid "Enable verbose logging" +msgstr "鍚敤璇︾粏鏃ュ織" + +msgid "Upgrade interface" +msgstr "鎸囧畾鎻愰熸帴鍙" + +msgid "XLNetAcc account" +msgstr "杩呴浄蹇笩甯愬彿" + +msgid "XLNetAcc password" +msgstr "杩呴浄蹇笩瀵嗙爜" + +msgid "Does not store the plaintext password, automatically emptied after start." +msgstr "涓嶅瓨鍌ㄦ槑鏂囧瘑鐮侊紝鍚姩鍚庤嚜鍔ㄦ竻绌恒" + +msgid "Encrypted password" +msgstr "鍔犲瘑鍚庣殑瀵嗙爜" + +msgid "Auto-generate in accordance with the plaintext password, do not modify it!" +msgstr "鏍规嵁鏄庢枃瀵嗙爜鑷姩鐢熸垚锛岃鍕夸慨鏀癸紒" + +msgid "Log Data" +msgstr "鏃ュ織鏁版嵁" + +msgid "Loading..." +msgstr "姝e湪鍔犺浇..." + +msgid "Refresh every 5 seconds." +msgstr "姣 5 绉掑埛鏂般" + +msgid "syslog:" +msgstr "绯荤粺鏃ュ織锛" + +msgid "log file:" +msgstr "鏃ュ織鏂囦欢锛" + +msgid "No log data." +msgstr "鏃犳棩蹇楁暟鎹" + +msgid "Error get log data." +msgstr "鑾峰彇鏃ュ織鏁版嵁澶辫触銆" diff --git a/package/lean/luci-app-xlnetacc/files/luci/model/cbi/xlnetacc.lua b/package/lean/luci-app-xlnetacc/files/luci/model/cbi/xlnetacc.lua new file mode 100644 index 000000000..9bef249ce --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/luci/model/cbi/xlnetacc.lua @@ -0,0 +1,36 @@ +local m, s, o +local uci = luci.model.uci.cursor() + +m = Map("xlnetacc", "%s - %s" %{translate("XLNetAcc"), translate("Settings")}, translate("XLNetAcc is a Thunder joint broadband operators launched a commitment to help users solve the low broadband, slow Internet access, poor Internet experience of professional-grade broadband upgrade software.")) +m:append(Template("xlnetacc/status")) + +s = m:section(NamedSection, "general", "general", translate("General Settings")) +s.anonymous = true +s.addremove = false + +o = s:option(Flag, "enabled", translate("Enabled")) +o.rmempty = false + +o = s:option(Flag, "down_acc", translate("Enable DownLink Upgrade")) + +o = s:option(Flag, "up_acc", translate("Enable UpLink Upgrade")) + +o = s:option(Flag, "logging", translate("Enable Logging")) +o.default = "1" + +o = s:option(Flag, "verbose", translate("Enable verbose logging")) +o:depends("logging", "1") + +o = s:option(ListValue, "network", translate("Upgrade interface")) +uci:foreach("network", "interface", function(section) + if section[".name"] ~= "loopback" then + o:value(section[".name"]) + end +end) + +o = s:option(Value, "account", translate("XLNetAcc account")) + +o = s:option(Value, "password", translate("XLNetAcc password")) +o.password = true + +return m diff --git a/package/lean/luci-app-xlnetacc/files/luci/view/xlnetacc/logview.htm b/package/lean/luci-app-xlnetacc/files/luci/view/xlnetacc/logview.htm new file mode 100644 index 000000000..a07a27112 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/luci/view/xlnetacc/logview.htm @@ -0,0 +1,49 @@ +<% css = [[ + #log_text { + padding: 10px; + text-align: left; + height: 500px; + overflow: auto; + } + #log_text pre { + word-break: break-all; + margin: 0; + } + .description { + color: #ffffff; + background-color: #0099ff; + } +]] +%> + +<%+header%> + +
+

<%:XLNetAcc%> - <%:Log Data%>

+
+
+
<%:Loading...%><%:Collecting data...%>
+
<%:Refresh every 5 seconds.%>
+
+
+
+ + + + +<%+footer%> diff --git a/package/lean/luci-app-xlnetacc/files/luci/view/xlnetacc/status.htm b/package/lean/luci-app-xlnetacc/files/luci/view/xlnetacc/status.htm new file mode 100644 index 000000000..3da9c4422 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/luci/view/xlnetacc/status.htm @@ -0,0 +1,21 @@ +
+ <%:Running Status%> + + + + +
<%:XLNetAcc Running Status%><%:Collecting data...%>
<%:DownLink Upgrade Status%><%:Collecting data...%>
<%:UpLink Upgrade Status%><%:Collecting data...%>
+
+ + diff --git a/package/lean/luci-app-xlnetacc/files/root/etc/config/xlnetacc b/package/lean/luci-app-xlnetacc/files/root/etc/config/xlnetacc new file mode 100644 index 000000000..4345070c4 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/root/etc/config/xlnetacc @@ -0,0 +1,5 @@ + +config general 'general' + option enabled '0' + option network 'wan' + diff --git a/package/lean/luci-app-xlnetacc/files/root/etc/hotplug.d/iface/95-xlnetacc b/package/lean/luci-app-xlnetacc/files/root/etc/hotplug.d/iface/95-xlnetacc new file mode 100644 index 000000000..be0271ad8 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/root/etc/hotplug.d/iface/95-xlnetacc @@ -0,0 +1,13 @@ +#!/bin/sh + +/etc/init.d/xlnetacc enabled || exit 0 +[ "$INTERFACE" != "$(uci get xlnetacc.general.network)" ] && exit 0 + +case "$ACTION" in + ifup) + /etc/init.d/xlnetacc start + ;; + ifdown) + /etc/init.d/xlnetacc stop + ;; +esac diff --git a/package/lean/luci-app-xlnetacc/files/root/etc/init.d/xlnetacc b/package/lean/luci-app-xlnetacc/files/root/etc/init.d/xlnetacc new file mode 100644 index 000000000..d15628113 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/root/etc/init.d/xlnetacc @@ -0,0 +1,49 @@ +#!/bin/sh /etc/rc.common + +START=95 +STOP=10 +SERVICE_DAEMONIZE=1 + +NAME=xlnetacc + +start() { + local retry=1 + while pidof "${NAME}.sh" >/dev/null 2>&1; do + [ $retry -ge 10 ] && return 1 || let retry++ + sleep 1 + done + + config_load "$NAME" + config_get_bool enabled "general" "enabled" 0 + config_get_bool down_acc "general" "down_acc" 0 + config_get_bool up_acc "general" "up_acc" 0 + config_get network "general" "network" + config_get username "general" "account" + config_get password "general" "password" + ( [ $enabled -eq 0 ] || [ $down_acc -eq 0 -a $up_acc -eq 0 ] || [ -z "$username" -o -z "$password" -o -z "$network" ] ) && return 2 + + logger -p "daemon.notice" -t "$NAME" "XLNetAcc is starting ..." + service_start /usr/bin/${NAME}.sh --start +} + +stop() { + ps | grep xlnetacc.sh | grep -v 'grep' >/dev/null 2>&1 || return 1 + + local pid spid + for pid in $(ps | grep xlnetacc.sh | grep -v 'grep' | awk '{print $1}'); do + echo "Stop XLNetAcc process PID: $pid" + kill -9 $pid >/dev/null 2>&1 + for spid in $(pgrep -P $pid "sleep"); do + echo "Stop XLNetAcc process SPID: $spid" + kill -9 $spid >/dev/null 2>&1 + done + done + logger -p "daemon.notice" -t "$NAME" "XLNetAcc has stoped." + return 0 +} + +restart() { + rm -rf /tmp/state/xlnetacc* + stop && sleep 1 + start +} diff --git a/package/lean/luci-app-xlnetacc/files/root/etc/uci-defaults/luci-xlnetacc b/package/lean/luci-app-xlnetacc/files/root/etc/uci-defaults/luci-xlnetacc new file mode 100644 index 000000000..632c02678 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/root/etc/uci-defaults/luci-xlnetacc @@ -0,0 +1,22 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@xlnetacc[-1] + add ucitrack xlnetacc + set ucitrack.@xlnetacc[-1].init=xlnetacc + commit ucitrack +EOF + +general=$(uci -q get xlnetacc.@general[-1]) +if [ -z "$general" ]; then + uci -q add xlnetacc general +fi +if [ "$general"x != "general"x ]; then + uci -q batch <<-EOF >/dev/null + rename xlnetacc.@general[-1]="general" + commit xlnetacc + EOF +fi + +rm -rf /tmp/luci-indexcache /tmp/luci-modulecache +exit 0 diff --git a/package/lean/luci-app-xlnetacc/files/root/usr/bin/xlnetacc.sh b/package/lean/luci-app-xlnetacc/files/root/usr/bin/xlnetacc.sh new file mode 100644 index 000000000..57fac717a --- /dev/null +++ b/package/lean/luci-app-xlnetacc/files/root/usr/bin/xlnetacc.sh @@ -0,0 +1,670 @@ +#!/bin/sh + +# 澹版槑甯搁噺 +readonly packageName='com.xunlei.vip.swjsq' +readonly protocolVersion=200 +readonly businessType=68 +readonly sdkVersion='2.1.1.177662' +readonly clientVersion='2.4.1.3' +readonly agent_xl="android-async-http/xl-acc-sdk/version-$sdkVersion" +readonly agent_down='okhttp/3.4.1' +readonly agent_up='android-async-http/xl-acc-sdk/version-1.0.0.1' +readonly client_type_down='android-swjsq' +readonly client_type_up='android-uplink' + +# 澹版槑鍏ㄥ眬鍙橀噺 +_bind_ip= +_http_cmd= +_peerid= +_devicesign= +_userid= +_loginkey= +_sessionid= +_portal_down= +_portal_up= +_dial_account= +access_url= +http_args= +user_agent= +link_cn= +lasterr= +sequence_xl=1000000 +sequence_down=$(( $(date +%s) / 6 )) +sequence_up=$sequence_down + +# 鍖呭惈鐢ㄤ簬瑙f瀽 JSON 鏍煎紡杩斿洖鍊肩殑鍑芥暟 +. /usr/share/libubox/jshn.sh + +# 璇诲彇 UCI 璁剧疆鐩稿叧鍑芥暟 +uci_get_by_name() { + local ret=$(uci get $NAME.$1.$2 2> /dev/null) + echo -n ${ret:=$3} +} +uci_get_by_type() { + local ret=$(uci get $NAME.@$1[-1].$2 2> /dev/null) + echo -n ${ret:=$3} +} +uci_get_by_bool() { + case $(uci_get_by_name "$1" "$2" "$3") in + 1|on|true|yes|enabled) echo -n 1;; + *) echo -n 0;; + esac +} + +# 鏃ュ織鍜岀姸鎬佹爮杈撳嚭銆1 鏃ュ織鏂囦欢, 2 绯荤粺鏃ュ織, 4 璇︾粏妯″紡, 8 涓嬭鐘舵佹爮, 16 涓婅鐘舵佹爮, 32 澶辫触鐘舵 +_log() { + local msg=$1 + local flag=$2 + [ -z "$msg" ] && return + [ -z "$flag" ] && flag=1 + local timestamp=$(date +'%Y/%m/%d %H:%M:%S') + + [ $logging -eq 0 -a $(( $flag & 1 )) -ne 0 ] && flag=$(( $flag ^ 1 )) + if [ $verbose -eq 0 -a $(( $flag & 4 )) -ne 0 ]; then + [ $(( $flag & 1 )) -ne 0 ] && flag=$(( $flag ^ 1 )) + [ $(( $flag & 2 )) -ne 0 ] && flag=$(( $flag ^ 2 )) + fi + if [ $down_acc -eq 0 -a $(( $flag & 8 )) -ne 0 ]; then + flag=$(( $flag ^ 8 )) + [ $up_acc -ne 0 ] && flag=$(( $flag | 16 )) + fi + if [ $up_acc -eq 0 -a $(( $flag & 16 )) -ne 0 ]; then + flag=$(( $flag ^ 16 )) + [ $down_acc -ne 0 ] && flag=$(( $flag | 8 )) + fi + + [ $(( $flag & 1 )) -ne 0 ] && echo "$timestamp $msg" >> $LOGFILE 2> /dev/null + [ $(( $flag & 2 )) -ne 0 ] && logger -p "daemon.info" -t "$NAME" "$msg" + + [ $(( $flag & 32 )) -eq 0 ] && local color="green" || local color="red" + [ $(( $flag & 8 )) -ne 0 ] && echo -n "$timestamp $msg" > $down_state_file 2> /dev/null + [ $(( $flag & 16 )) -ne 0 ] && echo -n "$timestamp $msg" > $up_state_file 2> /dev/null +} + +# 娓呯悊鏃ュ織 +clean_log() { + [ $logging -eq 1 -a -f "$LOGFILE" ] || return + [ $(wc -l "$LOGFILE" | awk '{print $1}') -le 800 ] && return + _log "娓呯悊鏃ュ織鏂囦欢" + local logdata=$(tail -n 500 "$LOGFILE") + echo "$logdata" > $LOGFILE 2> /dev/null + unset logdata +} + +# 鑾峰彇鎺ュ彛IP鍦板潃 +get_bind_ip() { + json_cleanup; json_load "$(ubus call network.interface.$network status 2> /dev/null)" >/dev/null 2>&1 + json_select "ipv4-address" >/dev/null 2>&1; json_select 1 >/dev/null 2>&1 + json_get_var _bind_ip "address" + if [ -z "$_bind_ip" -o "$_bind_ip"x == "0.0.0.0"x ]; then + _log "鑾峰彇缃戠粶 $network IP鍦板潃澶辫触" + return 1 + else + _log "缁戝畾IP鍦板潃: $_bind_ip" + return 0 + fi +} + +# 瀹氫箟鍩烘湰 HTTP 鍛戒护鍜屽弬鏁 +gen_http_cmd() { + _http_cmd="wget-ssl -nv -t 1 -T 5 -O - --no-check-certificate" + _http_cmd="$_http_cmd --bind-address=$_bind_ip" +} + +# 鐢熸垚璁惧鏍囪瘑 +gen_device_sign() { + local ifname macaddr + while : ; do + ifname=$(uci get "network.$network.ifname" 2> /dev/null) + [ "${ifname:0:1}" == "@" ] && network="${ifname:1}" || break + done + [ -z "$ifname" ] && { _log "鑾峰彇缃戠粶 $network 淇℃伅鍑洪敊"; return; } + json_cleanup; json_load "$(ubus call network.device status {\"name\":\"$ifname\"} 2> /dev/null)" >/dev/null 2>&1 + json_get_var macaddr "macaddr" + [ -z "$macaddr" ] && { _log "鑾峰彇缃戠粶 $network MAC鍦板潃鍑洪敊"; return; } + macaddr=$(echo -n "$macaddr" | awk '{print toupper($0)}') + + # 璁$畻peerID + local fake_peerid=$(awk -F- '{print toupper($5)}' '/proc/sys/kernel/random/uuid') + readonly _peerid="${fake_peerid}004V" + _log "_peerid is $_peerid" $(( 1 | 4 )) + + # 璁$畻devicesign + # sign = div.10?.device_id + md5(sha1(packageName + businessType + md5(a protocolVersion specific GUID))) + local fake_device_id=$(echo -n "${macaddr//:/}" | openssl dgst -md5 | awk '{print $2}') + local fake_device_sign=$(echo -n "${fake_device_id}${packageName}${businessType}c7f21687eed3cdb400ca11fc2263c998" \ + | openssl dgst -sha1 | awk '{print $2}') + readonly _devicesign="div101.${fake_device_id}"$(echo -n "$fake_device_sign" | openssl dgst -md5 | awk '{print $2}') + _log "_devicesign is $_devicesign" $(( 1 | 4 )) +} + +# 蹇笩甯愬彿閫氱敤鍙傛暟 +swjsq_json() { + let sequence_xl++ + # 鐢熸垚POST鏁版嵁 + json_init + json_add_string protocolVersion "$protocolVersion" + json_add_string sequenceNo "$sequence_xl" + json_add_string platformVersion '2' + json_add_string isCompressed '0' + json_add_string businessType "$businessType" + json_add_string clientVersion "$clientVersion" + json_add_string peerID "$_peerid" + json_add_string appName "ANDROID-$packageName" + json_add_string sdkVersion "${sdkVersion##*.}" + json_add_string devicesign "$_devicesign" + json_add_string deviceModel 'MI' + json_add_string deviceName 'Xiaomi Mi' + json_add_string OSVersion "7.1.1" +} + +# 甯愬彿鐧诲綍 +swjsq_login() { + swjsq_json + if [ -z "$_userid" -o -z "$_loginkey" ]; then + access_url='https://mobile-login.xunlei.com/login' + json_add_string userName "$username" + json_add_string passWord "$password" + json_add_string verifyKey + json_add_string verifyCode + else + access_url='https://mobile-login.xunlei.com/loginkey' + json_add_string userName "$_userid" + json_add_string loginKey "$_loginkey" + fi + json_close_object + + local ret=$($_http_cmd --user-agent="$agent_xl" "$access_url" --post-data="$(json_dump)") + case $? in + 0) + _log "login is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errorCode" + ;; + 2) lasterr=-2;; + 4) lasterr=-3;; + *) lasterr=-1;; + esac + + case ${lasterr:=-1} in + 0) + json_get_var _userid "userID" + json_get_var _loginkey "loginKey" + json_get_var _sessionid "sessionID" + _log "_sessionid is $_sessionid" $(( 1 | 4 )) + local outmsg="甯愬彿鐧诲綍鎴愬姛"; _log "$outmsg" $(( 1 | 8 )) + ;; + 15) # 韬唤淇℃伅宸插け鏁 + _userid=; _loginkey=;; + -1) + local outmsg="甯愬彿鐧诲綍澶辫触銆傝繀闆锋湇鍔″櫒鏈搷搴旓紝璇风◢鍊"; _log "$outmsg";; + -2) + local outmsg="Wget 鍙傛暟瑙f瀽閿欒锛岃鏇存柊 GNU Wget"; _log "$outmsg" $(( 1 | 8 | 32 ));; + -3) + local outmsg="Wget 缃戠粶閫氫俊澶辫触锛岃绋嶅"; _log "$outmsg";; + *) + local errorDesc; json_get_var errorDesc "errorDesc" + local outmsg="甯愬彿鐧诲綍澶辫触銆傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$errorDesc" ] && outmsg="${outmsg}锛屽師鍥: $errorDesc"; _log "$outmsg" $(( 1 | 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 甯愬彿娉ㄩ攢 +swjsq_logout() { + swjsq_json + json_add_string userID "$_userid" + json_add_string sessionID "$_sessionid" + json_close_object + + local ret=$($_http_cmd --user-agent="$agent_xl" 'https://mobile-login.xunlei.com/logout' --post-data="$(json_dump)") + _log "logout is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errorCode" + + case ${lasterr:=-1} in + 0) + _sessionid= + local outmsg="甯愬彿娉ㄩ攢鎴愬姛"; _log "$outmsg" $(( 1 | 8 ));; + -1) + local outmsg="甯愬彿娉ㄩ攢澶辫触銆傝繀闆锋湇鍔″櫒鏈搷搴旓紝璇风◢鍊"; _log "$outmsg";; + *) + local errorDesc; json_get_var errorDesc "errorDesc" + local outmsg="甯愬彿娉ㄩ攢澶辫触銆傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$errorDesc" ] && outmsg="${outmsg}锛屽師鍥: $errorDesc"; _log "$outmsg" $(( 1 | 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鑾峰彇鐢ㄦ埛淇℃伅 +swjsq_getuserinfo() { + [ $1 -eq 1 ] && local _vasid=14 || local _vasid=33 + swjsq_json + json_add_string userID "$_userid" + json_add_string sessionID "$_sessionid" + json_add_string vasid "$_vasid" + json_close_object + + local ret=$($_http_cmd --user-agent="$agent_xl" 'https://mobile-login.xunlei.com/getuserinfo' --post-data="$(json_dump)") + _log "getuserinfo $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errorCode" + + [ $1 -eq 1 ] && local outmsg="涓嬭鎻愰熶細鍛" || local outmsg="涓婅鎻愰熶細鍛" + case ${lasterr:=-1} in + 0) + local index vasid isVip isYear expireDate can_upgrade + json_select "vipList" >/dev/null 2>&1 + while : ; do + json_select ${index:=1} >/dev/null 2>&1 + [ $? -ne 0 ] && break + json_get_var vasid "vasid" + json_get_var isVip "isVip" + json_get_var isYear "isYear" + json_get_var expireDate "expireDate" + json_select ".." >/dev/null 2>&1 + let index++ + ([ $1 -eq 1 -a ${vasid:-0} -eq 2 ] || [ ${vasid:-0} -eq $_vasid ]) && \ + [ ${isVip:-0} -eq 1 -o ${isYear:-0} -eq 1 ] && { can_upgrade=1; break; } + done + if [ ${can_upgrade:-0} -eq 1 ]; then + outmsg="鑾峰彇${outmsg}淇℃伅鎴愬姛銆備細鍛樺埌鏈熸椂闂达細${expireDate:0:4}-${expireDate:4:2}-${expireDate:6:2}"; \ + _log "$outmsg" $(( 1 | $1 * 8 )) + else + if [ ${#expireDate} -ge 8 ]; then + outmsg="${outmsg}宸插埌鏈熴備細鍛樺埌鏈熸椂闂达細${expireDate:0:4}-${expireDate:4:2}-${expireDate:6:2}" + else + outmsg="${outmsg}鏃犳晥" + fi + _log "$outmsg" $(( 1 | $1 * 8 | 32 )) + [ $1 -eq 1 ] && down_acc=0 || up_acc=0 + fi + ;; + -1) + outmsg="鑾峰彇${outmsg}淇℃伅澶辫触銆傝繀闆锋湇鍔″櫒鏈搷搴旓紝璇风◢鍊"; _log "$outmsg";; + *) + local errorDesc; json_get_var errorDesc "errorDesc" + outmsg="鑾峰彇${outmsg}淇℃伅澶辫触銆傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$errorDesc" ] && outmsg="${outmsg}锛屽師鍥: $errorDesc"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鑾峰彇鎻愰熷叆鍙 +swjsq_portal() { + xlnetacc_var $1 + + [ $1 -eq 1 ] && access_url='http://api.portal.swjsq.vip.xunlei.com:81/v2/queryportal' || \ + access_url='http://api.upportal.swjsq.vip.xunlei.com/v2/queryportal' + local ret=$($_http_cmd --user-agent="$user_agent" "$access_url") + _log "portal $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errno" + + case ${lasterr:=-1} in + 0) + local interface_ip interface_port province sp + json_get_var interface_ip "interface_ip" + json_get_var interface_port "interface_port" + json_get_var province "province_name" + json_get_var sp "sp_name" + if [ $1 -eq 1 ]; then + _portal_down="http://$interface_ip:$interface_port/v2" + _log "_portal_down is $_portal_down" $(( 1 | 4 )) + else + _portal_up="http://$interface_ip:$interface_port/v2" + _log "_portal_up is $_portal_up" $(( 1 | 4 )) + fi + local outmsg="鑾峰彇${link_cn}鎻愰熷叆鍙f垚鍔"; \ + [ -n "$province" -a -n "$sp" ] && outmsg="${outmsg}銆傝繍钀ュ晢锛${province}${sp}"; _log "$outmsg" $(( 1 | $1 * 8 )) + ;; + -1) + local outmsg="鑾峰彇${link_cn}鎻愰熷叆鍙eけ璐ャ傝繀闆锋湇鍔″櫒鏈搷搴旓紝璇风◢鍊"; _log "$outmsg";; + *) + local message; json_get_var message "message" + local outmsg="鑾峰彇${link_cn}鎻愰熷叆鍙eけ璐ャ傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$message" ] && outmsg="${outmsg}锛屽師鍥: $message"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鑾峰彇缃戠粶甯﹀淇℃伅 +isp_bandwidth() { + xlnetacc_var $1 + + local ret=$($_http_cmd --user-agent="$user_agent" "$access_url/bandwidth?${http_args%&dial_account=*}") + _log "bandwidth $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errno" + + case ${lasterr:=-1} in + 0) + # 鑾峰彇甯﹀鏁版嵁 + local can_upgrade bind_dial_account dial_account stream cur_bandwidth max_bandwidth + [ $1 -eq 1 ] && stream="downstream" || stream="upstream" + json_get_var can_upgrade "can_upgrade" + json_get_var bind_dial_account "bind_dial_account" + json_get_var dial_account "dial_account" + json_select; json_select "bandwidth" >/dev/null 2>&1 + json_get_var cur_bandwidth "$stream" + json_select; json_select "max_bandwidth" >/dev/null 2>&1 + json_get_var max_bandwidth "$stream" + json_select + cur_bandwidth=$(expr ${cur_bandwidth:-0} / 1024) + max_bandwidth=$(expr ${max_bandwidth:-0} / 1024) + + if [ -n "$bind_dial_account" -a "$bind_dial_account" != "$dial_account" ]; then + local outmsg="缁戝畾瀹藉甫璐﹀彿 $bind_dial_account 涓庡綋鍓嶅甯﹁处鍙 $dial_account 涓嶄竴鑷达紝璇疯仈绯昏繀闆峰鏈嶈В缁戯紙姣忔湀浠呬竴娆★級"; \ + _log "$outmsg" $(( 1 | 8 | 32 )) + down_acc=0; up_acc=0 + elif [ $can_upgrade -eq 0 ]; then + local message; json_get_var message "richmessage"; [ -z "$message" ] && json_get_var message "message" + local outmsg="${link_cn}鏃犳硶鎻愰"; \ + [ -n "$message" ] && outmsg="${outmsg}锛屽師鍥: $message"; _log "$outmsg" $(( 1 | $1 * 8 | 32 )) + [ $1 -eq 1 ] && down_acc=0 || up_acc=0 + elif [ $cur_bandwidth -ge $max_bandwidth ]; then + local outmsg="${link_cn}鏃犻渶鎻愰熴傚綋鍓嶅甫瀹 ${cur_bandwidth}M锛岃秴杩囨渶澶у彲鎻愬崌甯﹀ ${max_bandwidth}M"; \ + _log "$outmsg" $(( 1 | $1 * 8 )) + [ $1 -eq 1 ] && down_acc=0 || up_acc=0 + else + if [ -z "$_dial_account" -a -n "$dial_account" ]; then + _dial_account=$dial_account + _log "_dial_account is $_dial_account" $(( 1 | 4 )) + fi + local outmsg="${link_cn}鍙互鎻愰熴傚綋鍓嶅甫瀹 ${cur_bandwidth}M锛屽彲鎻愬崌鑷 ${max_bandwidth}M"; _log "$outmsg" $(( 1 | $1 * 8 )) + fi + ;; + 724) # 724 璐﹀彿瀛樺湪寮傚父 + lasterr=-2 + local outmsg="鑾峰彇${link_cn}缃戠粶甯﹀淇℃伅澶辫触銆傚師鍥: 鎮ㄧ殑璐﹀彿瀛樺湪寮傚父锛岃鑱旂郴杩呴浄瀹㈡湇鍙嶉"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + 3103) # 3103 绾胯矾鏆備笉鏀寔 + lasterr=0 + local province sp + json_get_var province "province_name"; json_get_var sp "sp_name" + local outmsg="${link_cn}鏃犳硶鎻愰熴傚師鍥: ${province}${sp}绾胯矾鏆備笉鏀寔"; _log "$outmsg" $(( 1 | $1 * 8 | 32 )) + [ $1 -eq 1 ] && down_acc=0 || up_acc=0 + ;; + -1) + local outmsg="鑾峰彇${link_cn}缃戠粶甯﹀淇℃伅澶辫触銆傝繍钀ュ晢鏈嶅姟鍣ㄦ湭鍝嶅簲锛岃绋嶅"; _log "$outmsg";; + *) + local message; json_get_var message "richmessage"; [ -z "$message" ] && json_get_var message "message" + local outmsg="鑾峰彇${link_cn}缃戠粶甯﹀淇℃伅澶辫触銆傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$message" ] && outmsg="${outmsg}锛屽師鍥: $message"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鍙戦佸甫瀹芥彁閫熶俊鍙 +isp_upgrade() { + xlnetacc_var $1 + + local ret=$($_http_cmd --user-agent="$user_agent" "$access_url/upgrade?$http_args") + _log "upgrade $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errno" + + case ${lasterr:=-1} in + 0) + local bandwidth + json_select "bandwidth" >/dev/null 2>&1 + json_get_var bandwidth "downstream" + [ ${bandwidth:=0} -ge 1024 ] && bandwidth=$(( $bandwidth / 1024 )) + local outmsg="${link_cn}鎻愰熸垚鍔燂紝甯﹀宸叉彁鍗囧埌 ${bandwidth}M"; _log "$outmsg" $(( 1 | $1 * 8 )) + [ $1 -eq 1 ] && down_acc=2 || up_acc=2 + ;; + 812) # 812 宸插浜庢彁閫熺姸鎬 + lasterr=0 + local outmsg="${link_cn}鎻愰熸垚鍔燂紝褰撳墠瀹藉甫宸插浜庢彁閫熺姸鎬"; _log "$outmsg" $(( 1 | $1 * 8 )) + [ $1 -eq 1 ] && down_acc=2 || up_acc=2 + ;; + 724) # 724 璐﹀彿瀛樺湪寮傚父 + lasterr=-2 + local outmsg="${link_cn}鎻愰熷け璐ャ傚師鍥: 鎮ㄧ殑璐﹀彿瀛樺湪寮傚父锛岃鑱旂郴杩呴浄瀹㈡湇鍙嶉"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + -1) + local outmsg="${link_cn}鎻愰熷け璐ャ傝繍钀ュ晢鏈嶅姟鍣ㄦ湭鍝嶅簲锛岃绋嶅"; _log "$outmsg";; + *) + local message; json_get_var message "richmessage"; [ -z "$message" ] && json_get_var message "message" + local outmsg="${link_cn}鎻愰熷け璐ャ傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$message" ] && outmsg="${outmsg}锛屽師鍥: $message"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鍙戦佹彁閫熷績璺充俊鍙 +isp_keepalive() { + xlnetacc_var $1 + + local ret=$($_http_cmd --user-agent="$user_agent" "$access_url/keepalive?$http_args") + _log "keepalive $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errno" + + case ${lasterr:=-1} in + 0) + local outmsg="${link_cn}蹇冭烦淇″彿杩斿洖姝e父"; _log "$outmsg";; + 513) # 513 鎻愰熼氶亾涓嶅瓨鍦 + lasterr=-2 + local outmsg="${link_cn}鎻愰熻秴鏃讹紝鎻愰熼氶亾涓嶅瓨鍦"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + -1) + local outmsg="${link_cn}蹇冭烦淇″彿鍙戦佸け璐ャ傝繍钀ュ晢鏈嶅姟鍣ㄦ湭鍝嶅簲锛岃绋嶅"; _log "$outmsg";; + *) + local message; json_get_var message "richmessage"; [ -z "$message" ] && json_get_var message "message" + local outmsg="${link_cn}鎻愰熷け鏁堛傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$message" ] && outmsg="${outmsg}锛屽師鍥: $message"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鍙戦佸甫瀹芥仮澶嶄俊鍙 +isp_recover() { + xlnetacc_var $1 + + local ret=$($_http_cmd --user-agent="$user_agent" "$access_url/recover?$http_args") + _log "recover $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errno" + + case ${lasterr:=-1} in + 0) + local outmsg="${link_cn}甯﹀宸叉仮澶"; _log "$outmsg" $(( 1 | $1 * 8 )) + [ $1 -eq 1 ] && down_acc=1 || up_acc=1;; + -1) + local outmsg="${link_cn}甯﹀鎭㈠澶辫触銆傝繍钀ュ晢鏈嶅姟鍣ㄦ湭鍝嶅簲锛岃绋嶅"; _log "$outmsg";; + *) + local message; json_get_var message "richmessage"; [ -z "$message" ] && json_get_var message "message" + local outmsg="${link_cn}甯﹀鎭㈠澶辫触銆傞敊璇唬鐮: ${lasterr}"; \ + [ -n "$message" ] && outmsg="${outmsg}锛屽師鍥: $message"; _log "$outmsg" $(( 1 | $1 * 8 | 32 ));; + esac + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 鏌ヨ鎻愰熶俊鎭紝鏈娇鐢 +isp_query() { + xlnetacc_var $1 + + local ret=$($_http_cmd --user-agent="$user_agent" "$access_url/query_try_info?$http_args") + _log "query_try_info $1 is $ret" $(( 1 | 4 )) + json_cleanup; json_load "$ret" >/dev/null 2>&1 + json_get_var lasterr "errno" + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 璁剧疆鍙傛暟鍙橀噺 +xlnetacc_var() { + if [ $1 -eq 1 ]; then + let sequence_down++ + access_url=$_portal_down + http_args="sequence=${sequence_down}&client_type=${client_type_down}-${clientVersion}&client_version=${client_type_down//-/}-${clientVersion}&chanel=umeng-10900011&time_and=$(date +%s)000" + user_agent=$agent_down + link_cn="涓嬭" + else + let sequence_up++ + access_url=$_portal_up + http_args="sequence=${sequence_up}&client_type=${client_type_up}-${clientVersion}&client_version=${client_type_up//-/}-${clientVersion}" + user_agent=$agent_up + link_cn="涓婅" + fi + http_args="${http_args}&peerid=${_peerid}&userid=${_userid}&sessionid=${_sessionid}&user_type=1&os=android-7.1.1" + [ -n "$_dial_account" ] && http_args="${http_args}&dial_account=${_dial_account}" +} + +# 閲嶈瘯寰幆 +xlnetacc_retry() { + if [ $# -ge 3 -a $3 -ne 0 ]; then + [ $2 -eq 1 -a $down_acc -ne $3 ] && return 0 + [ $2 -eq 2 -a $up_acc -ne $3 ] && return 0 + fi + + local retry=1 + while : ; do + lasterr= + eval $1 $2 && break # 鎴愬姛 + [ $# -ge 4 -a $retry -ge $4 ] && break || let retry++ # 閲嶈瘯瓒呮椂 + case $lasterr in + -1) sleep 5s;; # 鏈嶅姟鍣ㄦ湭鍝嶅簲 + -2) break;; # 涓ラ噸閿欒 + *) sleep 3s;; # 鍏跺畠閿欒 + esac + done + + [ ${lasterr:-0} -eq 0 ] && return 0 || return 1 +} + +# 娉ㄩ攢宸茬櫥褰曞笎鍙 +xlnetacc_logout() { + [ -z "$_sessionid" ] && return 2 + [ $# -ge 1 ] && local retry=$1 || local retry=1 + + xlnetacc_retry 'isp_recover' 1 2 $retry + xlnetacc_retry 'isp_recover' 2 2 $retry + xlnetacc_retry 'swjsq_logout' 0 0 $retry + [ $down_acc -ne 0 ] && down_acc=1; [ $up_acc -ne 0 ] && up_acc=1 + _sessionid=; _dial_account= + + [ $lasterr -eq 0 ] && return 0 || return 1 +} + +# 涓淇″彿澶勭悊 +sigterm() { + _log "trap sigterm, exit" $(( 1 | 4 )) + xlnetacc_logout + rm -f "$down_state_file" "$up_state_file" + exit 0 +} + +# 鍒濆鍖 +xlnetacc_init() { + [ "$1" != "--start" ] && return 1 + + # 闃叉閲嶅鍚姩 + local pid + for pid in $(pidof "${0##*/}"); do + [ $pid -ne $$ ] && return 1 + done + + # 璇诲彇璁剧疆 + readonly NAME=xlnetacc + readonly LOGFILE=/var/log/${NAME}.log + readonly down_state_file=/var/state/${NAME}_down_state + readonly up_state_file=/var/state/${NAME}_up_state + down_acc=$(uci_get_by_bool "general" "down_acc" 0) + up_acc=$(uci_get_by_bool "general" "up_acc" 0) + readonly logging=$(uci_get_by_bool "general" "logging" 1) + readonly verbose=$(uci_get_by_bool "general" "verbose" 0) + network=$(uci_get_by_name "general" "network" "wan") + readonly username=$(uci_get_by_name "general" "account") + readonly password=$(uci_get_by_name "general" "password") + local enabled=$(uci_get_by_bool "general" "enabled" 0) + ([ $enabled -eq 0 ] || [ $down_acc -eq 0 -a $up_acc -eq 0 ] || [ -z "$username" -o -z "$password" -o -z "$network" ]) && return 2 + + [ $logging -eq 1 ] && [ ! -d /var/log ] && mkdir -p /var/log + [ -f "$LOGFILE" ] && _log "------------------------------" + _log "杩呴浄蹇笩姝e湪鍚姩..." + + # 妫鏌ュ閮ㄨ皟鐢ㄥ伐鍏 + command -v wget-ssl >/dev/null || { _log "GNU Wget 鏈畨瑁"; return 3; } + local opensslchk=$(echo -n 'openssl' | openssl dgst -sha1 | awk '{print $2}') + [ "$opensslchk" != 'c898fa1e7226427010e329971e82c669f8d8abb4' ] && { _log "openssl-util 鏈畨瑁呮垨璁$畻閿欒"; return 3; } + + # 鎹曡幏涓淇″彿 + trap 'sigterm' INT # Ctrl-C + trap 'sigterm' QUIT # Ctrl-\ + trap 'sigterm' TERM # kill + + # 鐢熸垚璁惧鏍囪瘑 + gen_device_sign + [ ${#_peerid} -ne 16 -o ${#_devicesign} -ne 71 ] && return 4 + + clean_log + [ -d /var/state ] || mkdir -p /var/state + return 0 +} + +# 绋嬪簭涓讳綋 +xlnetacc_main() { + while : ; do + # 鑾峰彇澶栫綉IP鍦板潃 + xlnetacc_retry 'get_bind_ip' + gen_http_cmd + + # 娉ㄩ攢蹇笩甯愬彿 + xlnetacc_logout 3 && sleep 3s + + # 鐧诲綍蹇笩甯愬彿 + while : ; do + lasterr= + swjsq_login + case $lasterr in + 0) break;; # 鐧诲綍鎴愬姛 + -1) sleep 5s;; # 鏈嶅姟鍣ㄦ湭鍝嶅簲 + -2) return 7;; # Wget 鍙傛暟瑙f瀽閿欒 + -3) sleep 3s;; # Wget 缃戠粶閫氫俊澶辫触 + 6) sleep 130m;; # 闇瑕佽緭鍏ラ獙璇佺爜 + 8) sleep 3m;; # 鏈嶅姟鍣ㄧ郴缁熺淮鎶 + 15) sleep 1s;; # 韬唤淇℃伅宸插け鏁 + *) return 5;; # 鐧诲綍澶辫触 + esac + done + + # 鑾峰彇鐢ㄦ埛淇℃伅 + xlnetacc_retry 'swjsq_getuserinfo' 1 1 + xlnetacc_retry 'swjsq_getuserinfo' 2 1 + [ $down_acc -eq 0 -a $up_acc -eq 0 ] && break + # 鑾峰彇鎻愰熷叆鍙 + xlnetacc_retry 'swjsq_portal' 1 1 + xlnetacc_retry 'swjsq_portal' 2 1 + # 鑾峰彇甯﹀淇℃伅 + xlnetacc_retry 'isp_bandwidth' 1 1 10 || { sleep 3m; continue; } + xlnetacc_retry 'isp_bandwidth' 2 1 10 || { sleep 3m; continue; } + [ $down_acc -eq 0 -a $up_acc -eq 0 ] && break + # 甯﹀鎻愰 + xlnetacc_retry 'isp_upgrade' 1 1 10 || { sleep 3m; continue; } + xlnetacc_retry 'isp_upgrade' 2 1 10 || { sleep 3m; continue; } + + # 蹇冭烦淇濇寔 +# local retry=1 + while : ; do + clean_log # 娓呯悊鏃ュ織 + sleep 10m +# [ $retry -ge 144 ] && break || let retry++ # 蹇冭烦鏈澶氫繚鎸24灏忔椂锛144=24*60/10 + xlnetacc_retry 'isp_keepalive' 1 2 5 || break + xlnetacc_retry 'isp_keepalive' 2 2 5 || break + done + done + xlnetacc_logout + _log "鏃犳硶鎻愰燂紝杩呴浄蹇笩宸插仠姝€" + return 6 +} + +# 绋嬪簭鍏ュ彛 +xlnetacc_init "$@" && xlnetacc_main +exit $? diff --git a/package/lean/luci-app-xlnetacc/tools/po2lmo/Makefile b/package/lean/luci-app-xlnetacc/tools/po2lmo/Makefile new file mode 100644 index 000000000..ad2c13320 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/tools/po2lmo/Makefile @@ -0,0 +1,12 @@ + +INSTALL = install +PREFIX = /usr/bin + +po2lmo: src/po2lmo.o src/template_lmo.o + $(CC) $(LDFLAGS) -o src/po2lmo src/po2lmo.o src/template_lmo.o + +install: + $(INSTALL) -m 755 src/po2lmo $(PREFIX) + +clean: + $(RM) src/po2lmo src/*.o diff --git a/package/lean/luci-app-xlnetacc/tools/po2lmo/src/po2lmo.c b/package/lean/luci-app-xlnetacc/tools/po2lmo/src/po2lmo.c new file mode 100644 index 000000000..0da792b68 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/tools/po2lmo/src/po2lmo.c @@ -0,0 +1,247 @@ +/* + * lmo - Lua Machine Objects - PO to LMO conversion tool + * + * Copyright (C) 2009-2012 Jo-Philipp Wich + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "template_lmo.h" + +static void die(const char *msg) +{ + fprintf(stderr, "Error: %s\n", msg); + exit(1); +} + +static void usage(const char *name) +{ + fprintf(stderr, "Usage: %s input.po output.lmo\n", name); + exit(1); +} + +static void print(const void *ptr, size_t size, size_t nmemb, FILE *stream) +{ + if( fwrite(ptr, size, nmemb, stream) == 0 ) + die("Failed to write stdout"); +} + +static int extract_string(const char *src, char *dest, int len) +{ + int pos = 0; + int esc = 0; + int off = -1; + + for( pos = 0; (pos < strlen(src)) && (pos < len); pos++ ) + { + if( (off == -1) && (src[pos] == '"') ) + { + off = pos + 1; + } + else if( off >= 0 ) + { + if( esc == 1 ) + { + switch (src[pos]) + { + case '"': + case '\\': + off++; + break; + } + dest[pos-off] = src[pos]; + esc = 0; + } + else if( src[pos] == '\\' ) + { + dest[pos-off] = src[pos]; + esc = 1; + } + else if( src[pos] != '"' ) + { + dest[pos-off] = src[pos]; + } + else + { + dest[pos-off] = '\0'; + break; + } + } + } + + return (off > -1) ? strlen(dest) : -1; +} + +static int cmp_index(const void *a, const void *b) +{ + uint32_t x = ((const lmo_entry_t *)a)->key_id; + uint32_t y = ((const lmo_entry_t *)b)->key_id; + + if (x < y) + return -1; + else if (x > y) + return 1; + + return 0; +} + +static void print_uint32(uint32_t x, FILE *out) +{ + uint32_t y = htonl(x); + print(&y, sizeof(uint32_t), 1, out); +} + +static void print_index(void *array, int n, FILE *out) +{ + lmo_entry_t *e; + + qsort(array, n, sizeof(*e), cmp_index); + + for (e = array; n > 0; n--, e++) + { + print_uint32(e->key_id, out); + print_uint32(e->val_id, out); + print_uint32(e->offset, out); + print_uint32(e->length, out); + } +} + +int main(int argc, char *argv[]) +{ + char line[4096]; + char key[4096]; + char val[4096]; + char tmp[4096]; + int state = 0; + int offset = 0; + int length = 0; + int n_entries = 0; + void *array = NULL; + lmo_entry_t *entry = NULL; + uint32_t key_id, val_id; + + FILE *in; + FILE *out; + + if( (argc != 3) || ((in = fopen(argv[1], "r")) == NULL) || ((out = fopen(argv[2], "w")) == NULL) ) + usage(argv[0]); + + memset(line, 0, sizeof(key)); + memset(key, 0, sizeof(val)); + memset(val, 0, sizeof(val)); + + while( (NULL != fgets(line, sizeof(line), in)) || (state >= 2 && feof(in)) ) + { + if( state == 0 && strstr(line, "msgid \"") == line ) + { + switch(extract_string(line, key, sizeof(key))) + { + case -1: + die("Syntax error in msgid"); + case 0: + state = 1; + break; + default: + state = 2; + } + } + else if( state == 1 || state == 2 ) + { + if( strstr(line, "msgstr \"") == line || state == 2 ) + { + switch(extract_string(line, val, sizeof(val))) + { + case -1: + state = 4; + break; + default: + state = 3; + } + } + else + { + switch(extract_string(line, tmp, sizeof(tmp))) + { + case -1: + state = 2; + break; + default: + strcat(key, tmp); + } + } + } + else if( state == 3 ) + { + switch(extract_string(line, tmp, sizeof(tmp))) + { + case -1: + state = 4; + break; + default: + strcat(val, tmp); + } + } + + if( state == 4 ) + { + if( strlen(key) > 0 && strlen(val) > 0 ) + { + key_id = sfh_hash(key, strlen(key)); + val_id = sfh_hash(val, strlen(val)); + + if( key_id != val_id ) + { + n_entries++; + array = realloc(array, n_entries * sizeof(lmo_entry_t)); + entry = (lmo_entry_t *)array + n_entries - 1; + + if (!array) + die("Out of memory"); + + entry->key_id = key_id; + entry->val_id = val_id; + entry->offset = offset; + entry->length = strlen(val); + + length = strlen(val) + ((4 - (strlen(val) % 4)) % 4); + + print(val, length, 1, out); + offset += length; + } + } + + state = 0; + memset(key, 0, sizeof(key)); + memset(val, 0, sizeof(val)); + } + + memset(line, 0, sizeof(line)); + } + + print_index(array, n_entries, out); + + if( offset > 0 ) + { + print_uint32(offset, out); + fsync(fileno(out)); + fclose(out); + } + else + { + fclose(out); + unlink(argv[2]); + } + + fclose(in); + return(0); +} diff --git a/package/lean/luci-app-xlnetacc/tools/po2lmo/src/template_lmo.c b/package/lean/luci-app-xlnetacc/tools/po2lmo/src/template_lmo.c new file mode 100644 index 000000000..27205a722 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/tools/po2lmo/src/template_lmo.c @@ -0,0 +1,328 @@ +/* + * lmo - Lua Machine Objects - Base functions + * + * Copyright (C) 2009-2010 Jo-Philipp Wich + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "template_lmo.h" + +/* + * Hash function from http://www.azillionmonkeys.com/qed/hash.html + * Copyright (C) 2004-2008 by Paul Hsieh + */ + +uint32_t sfh_hash(const char *data, int len) +{ + uint32_t hash = len, tmp; + int rem; + + if (len <= 0 || data == NULL) return 0; + + rem = len & 3; + len >>= 2; + + /* Main loop */ + for (;len > 0; len--) { + hash += sfh_get16(data); + tmp = (sfh_get16(data+2) << 11) ^ hash; + hash = (hash << 16) ^ tmp; + data += 2*sizeof(uint16_t); + hash += hash >> 11; + } + + /* Handle end cases */ + switch (rem) { + case 3: hash += sfh_get16(data); + hash ^= hash << 16; + hash ^= data[sizeof(uint16_t)] << 18; + hash += hash >> 11; + break; + case 2: hash += sfh_get16(data); + hash ^= hash << 11; + hash += hash >> 17; + break; + case 1: hash += *data; + hash ^= hash << 10; + hash += hash >> 1; + } + + /* Force "avalanching" of final 127 bits */ + hash ^= hash << 3; + hash += hash >> 5; + hash ^= hash << 4; + hash += hash >> 17; + hash ^= hash << 25; + hash += hash >> 6; + + return hash; +} + +uint32_t lmo_canon_hash(const char *str, int len) +{ + char res[4096]; + char *ptr, prev; + int off; + + if (!str || len >= sizeof(res)) + return 0; + + for (prev = ' ', ptr = res, off = 0; off < len; prev = *str, off++, str++) + { + if (isspace(*str)) + { + if (!isspace(prev)) + *ptr++ = ' '; + } + else + { + *ptr++ = *str; + } + } + + if ((ptr > res) && isspace(*(ptr-1))) + ptr--; + + return sfh_hash(res, ptr - res); +} + +lmo_archive_t * lmo_open(const char *file) +{ + int in = -1; + uint32_t idx_offset = 0; + struct stat s; + + lmo_archive_t *ar = NULL; + + if (stat(file, &s) == -1) + goto err; + + if ((in = open(file, O_RDONLY)) == -1) + goto err; + + if ((ar = (lmo_archive_t *)malloc(sizeof(*ar))) != NULL) + { + memset(ar, 0, sizeof(*ar)); + + ar->fd = in; + ar->size = s.st_size; + + fcntl(ar->fd, F_SETFD, fcntl(ar->fd, F_GETFD) | FD_CLOEXEC); + + if ((ar->mmap = mmap(NULL, ar->size, PROT_READ, MAP_SHARED, ar->fd, 0)) == MAP_FAILED) + goto err; + + idx_offset = ntohl(*((const uint32_t *) + (ar->mmap + ar->size - sizeof(uint32_t)))); + + if (idx_offset >= ar->size) + goto err; + + ar->index = (lmo_entry_t *)(ar->mmap + idx_offset); + ar->length = (ar->size - idx_offset - sizeof(uint32_t)) / sizeof(lmo_entry_t); + ar->end = ar->mmap + ar->size; + + return ar; + } + +err: + if (in > -1) + close(in); + + if (ar != NULL) + { + if ((ar->mmap != NULL) && (ar->mmap != MAP_FAILED)) + munmap(ar->mmap, ar->size); + + free(ar); + } + + return NULL; +} + +void lmo_close(lmo_archive_t *ar) +{ + if (ar != NULL) + { + if ((ar->mmap != NULL) && (ar->mmap != MAP_FAILED)) + munmap(ar->mmap, ar->size); + + close(ar->fd); + free(ar); + + ar = NULL; + } +} + + +lmo_catalog_t *_lmo_catalogs = NULL; +lmo_catalog_t *_lmo_active_catalog = NULL; + +int lmo_load_catalog(const char *lang, const char *dir) +{ + DIR *dh = NULL; + char pattern[16]; + char path[PATH_MAX]; + struct dirent *de = NULL; + + lmo_archive_t *ar = NULL; + lmo_catalog_t *cat = NULL; + + if (!lmo_change_catalog(lang)) + return 0; + + if (!dir || !(dh = opendir(dir))) + goto err; + + if (!(cat = malloc(sizeof(*cat)))) + goto err; + + memset(cat, 0, sizeof(*cat)); + + snprintf(cat->lang, sizeof(cat->lang), "%s", lang); + snprintf(pattern, sizeof(pattern), "*.%s.lmo", lang); + + while ((de = readdir(dh)) != NULL) + { + if (!fnmatch(pattern, de->d_name, 0)) + { + snprintf(path, sizeof(path), "%s/%s", dir, de->d_name); + ar = lmo_open(path); + + if (ar) + { + ar->next = cat->archives; + cat->archives = ar; + } + } + } + + closedir(dh); + + cat->next = _lmo_catalogs; + _lmo_catalogs = cat; + + if (!_lmo_active_catalog) + _lmo_active_catalog = cat; + + return 0; + +err: + if (dh) closedir(dh); + if (cat) free(cat); + + return -1; +} + +int lmo_change_catalog(const char *lang) +{ + lmo_catalog_t *cat; + + for (cat = _lmo_catalogs; cat; cat = cat->next) + { + if (!strncmp(cat->lang, lang, sizeof(cat->lang))) + { + _lmo_active_catalog = cat; + return 0; + } + } + + return -1; +} + +static lmo_entry_t * lmo_find_entry(lmo_archive_t *ar, uint32_t hash) +{ + unsigned int m, l, r; + uint32_t k; + + l = 0; + r = ar->length - 1; + + while (1) + { + m = l + ((r - l) / 2); + + if (r < l) + break; + + k = ntohl(ar->index[m].key_id); + + if (k == hash) + return &ar->index[m]; + + if (k > hash) + { + if (!m) + break; + + r = m - 1; + } + else + { + l = m + 1; + } + } + + return NULL; +} + +int lmo_translate(const char *key, int keylen, char **out, int *outlen) +{ + uint32_t hash; + lmo_entry_t *e; + lmo_archive_t *ar; + + if (!key || !_lmo_active_catalog) + return -2; + + hash = lmo_canon_hash(key, keylen); + + for (ar = _lmo_active_catalog->archives; ar; ar = ar->next) + { + if ((e = lmo_find_entry(ar, hash)) != NULL) + { + *out = ar->mmap + ntohl(e->offset); + *outlen = ntohl(e->length); + return 0; + } + } + + return -1; +} + +void lmo_close_catalog(const char *lang) +{ + lmo_archive_t *ar, *next; + lmo_catalog_t *cat, *prev; + + for (prev = NULL, cat = _lmo_catalogs; cat; prev = cat, cat = cat->next) + { + if (!strncmp(cat->lang, lang, sizeof(cat->lang))) + { + if (prev) + prev->next = cat->next; + else + _lmo_catalogs = cat->next; + + for (ar = cat->archives; ar; ar = next) + { + next = ar->next; + lmo_close(ar); + } + + free(cat); + break; + } + } +} diff --git a/package/lean/luci-app-xlnetacc/tools/po2lmo/src/template_lmo.h b/package/lean/luci-app-xlnetacc/tools/po2lmo/src/template_lmo.h new file mode 100644 index 000000000..57f59aa56 --- /dev/null +++ b/package/lean/luci-app-xlnetacc/tools/po2lmo/src/template_lmo.h @@ -0,0 +1,92 @@ +/* + * lmo - Lua Machine Objects - General header + * + * Copyright (C) 2009-2012 Jo-Philipp Wich + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _TEMPLATE_LMO_H_ +#define _TEMPLATE_LMO_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if (defined(__GNUC__) && defined(__i386__)) +#define sfh_get16(d) (*((const uint16_t *) (d))) +#else +#define sfh_get16(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8)\ + +(uint32_t)(((const uint8_t *)(d))[0]) ) +#endif + + +struct lmo_entry { + uint32_t key_id; + uint32_t val_id; + uint32_t offset; + uint32_t length; +} __attribute__((packed)); + +typedef struct lmo_entry lmo_entry_t; + + +struct lmo_archive { + int fd; + int length; + uint32_t size; + lmo_entry_t *index; + char *mmap; + char *end; + struct lmo_archive *next; +}; + +typedef struct lmo_archive lmo_archive_t; + + +struct lmo_catalog { + char lang[6]; + struct lmo_archive *archives; + struct lmo_catalog *next; +}; + +typedef struct lmo_catalog lmo_catalog_t; + + +uint32_t sfh_hash(const char *data, int len); +uint32_t lmo_canon_hash(const char *data, int len); + +lmo_archive_t * lmo_open(const char *file); +void lmo_close(lmo_archive_t *ar); + + +extern lmo_catalog_t *_lmo_catalogs; +extern lmo_catalog_t *_lmo_active_catalog; + +int lmo_load_catalog(const char *lang, const char *dir); +int lmo_change_catalog(const char *lang); +int lmo_translate(const char *key, int keylen, char **out, int *outlen); +void lmo_close_catalog(const char *lang); + +#endif diff --git a/package/lean/luci-app-zerotier/Makefile b/package/lean/luci-app-zerotier/Makefile new file mode 100644 index 000000000..4f8b6034d --- /dev/null +++ b/package/lean/luci-app-zerotier/Makefile @@ -0,0 +1,19 @@ +# +# Copyright (C) 2008-2014 The LuCI Team +# +# This is free software, licensed under the Apache License, Version 2.0 . +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI for Zerotier +LUCI_DEPENDS:=+zerotier +LUCI_PKGARCH:=all +PKG_VERSION:=1.0 +PKG_RELEASE:=12 + +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature + + diff --git a/package/lean/luci-app-zerotier/luasrc/controller/zerotier.lua b/package/lean/luci-app-zerotier/luasrc/controller/zerotier.lua new file mode 100644 index 000000000..fcbc28b68 --- /dev/null +++ b/package/lean/luci-app-zerotier/luasrc/controller/zerotier.lua @@ -0,0 +1,18 @@ +module("luci.controller.zerotier",package.seeall) + +function index() + if not nixio.fs.access("/etc/config/zerotier")then +return +end + +entry({"admin","vpn"}, firstchild(), "VPN", 45).dependent = false +entry({"admin","vpn","zerotier"},cbi("zerotier"),_("ZeroTier"),90).dependent=true +entry({"admin","vpn","zerotier","status"},call("act_status")).leaf=true +end + +function act_status() +local e={} + e.running=luci.sys.call("pgrep /usr/bin/zerotier-one >/dev/null")==0 + luci.http.prepare_content("application/json") + luci.http.write_json(e) +end diff --git a/package/lean/luci-app-zerotier/luasrc/model/cbi/zerotier.lua b/package/lean/luci-app-zerotier/luasrc/model/cbi/zerotier.lua new file mode 100644 index 000000000..c63848981 --- /dev/null +++ b/package/lean/luci-app-zerotier/luasrc/model/cbi/zerotier.lua @@ -0,0 +1,50 @@ +local e=require"nixio.fs" +local e=luci.http +local o=require"luci.model.network".init() +local a,t,e,b + +a=Map("zerotier",translate("ZeroTier"),translate("Zerotier is an open source, cross-platform and easy to use virtual LAN")) +a:section(SimpleSection).template = "zerotier/zerotier_status" + +t=a:section(NamedSection,"sample_config","zerotier") +t.anonymous=true +t.addremove=false + +t:tab("basic", translate("Base Setting")) + +e=t:taboption("basic", Flag,"enabled",translate("Enable")) +e.default=0 +e.rmempty=false + +e=t:taboption("basic", DynamicList,"join",translate('ZeroTier Network ID')) +e.password=true +e.rmempty=false + +e=t:taboption("basic", Flag,"nat",translate("Auto NAT Clients")) +e.default=0 +e.rmempty=false +e.description = translate("Allow zerotier clients access your LAN network") + +e=t:taboption("basic", DummyValue,"opennewwindow" , + translate("")) +e.description = translate("Create or manage your zerotier network, and auth clients who could access") + +local dog = "/tmp/zero.info" +t:tab("watchdog", translate("Interface Info")) +log = t:taboption("watchdog", TextValue, "sylogtext") +log.template = "cbi/tvalue" +log.rows = 8 +log.wrap = "off" +log.readonly="readonly" + +function log.cfgvalue(self, section) + luci.sys.exec("ifconfig $(ifconfig | grep zt | awk '{print $1}') > /tmp/zero.info") + return nixio.fs.readfile(dog) or "" +end + +function log.write(self, section, value) + value = value:gsub("\r\n?", "\n") + nixio.fs.writefile(dog, value) +end + +return a diff --git a/package/lean/luci-app-zerotier/luasrc/view/zerotier/zerotier_status.htm b/package/lean/luci-app-zerotier/luasrc/view/zerotier/zerotier_status.htm new file mode 100644 index 000000000..9d216c5d9 --- /dev/null +++ b/package/lean/luci-app-zerotier/luasrc/view/zerotier/zerotier_status.htm @@ -0,0 +1,22 @@ + + +
+

+ <%:Collecting data...%> +

+
diff --git a/package/lean/luci-app-zerotier/po/zh-cn/zerotier.po b/package/lean/luci-app-zerotier/po/zh-cn/zerotier.po new file mode 100644 index 000000000..3787a890d --- /dev/null +++ b/package/lean/luci-app-zerotier/po/zh-cn/zerotier.po @@ -0,0 +1,22 @@ +msgid "" +msgstr "" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Gtranslator 2.91.7\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +msgid "Zerotier is an open source, cross-platform and easy to use virtual LAN" +msgstr "Zerotier鏄竴涓紑婧愶紝璺ㄥ钩鍙帮紝鑰屼笖閫傚悎鍐呯綉绌块忎簰鑱旂殑鍌荤摐閰嶇疆铏氭嫙 VPN LAN" + +msgid "Auto NAT Clients" +msgstr "鑷姩鍏佽瀹㈡埛绔疦AT" + +msgid "Allow zerotier clients access your LAN network" +msgstr "鍏佽Zerotier鐨勬嫧鍏ュ鎴风璁块棶璺敱鍣↙AN璧勬簮锛堥渶瑕佸湪 Zerotier绠$悊椤甸潰璁惧畾鍒癓AN缃戞鐨勮矾鐢辫〃锛" + +msgid "Create or manage your zerotier network, and auth clients who could access" +msgstr "鐐瑰嚮璺宠浆鍒癦erotier瀹樼綉绠$悊骞冲彴锛屾柊寤烘垨鑰呯鐞嗙綉缁滐紝骞跺厑璁稿鎴风鎺ュ叆璁块棶浣犵浜虹綉璺紙鏂版帴鍏ョ殑鑺傜偣榛樿涓嶅厑璁歌闂級" + +msgid "Interface Info" +msgstr "鎺ュ彛淇℃伅" diff --git a/package/lean/luci-app-zerotier/root/etc/init.d/zerotier b/package/lean/luci-app-zerotier/root/etc/init.d/zerotier new file mode 100755 index 000000000..7acbc6e8e --- /dev/null +++ b/package/lean/luci-app-zerotier/root/etc/init.d/zerotier @@ -0,0 +1,99 @@ +#!/bin/sh /etc/rc.common + +START=90 + +USE_PROCD=1 + +PROG=/usr/bin/zerotier-one +CONFIG_PATH=/var/lib/zerotier-one + +section_enabled() { + config_get_bool enabled "$1" 'enabled' 0 + [ $enabled -gt 0 ] +} + +start_instance() { + local cfg="$1" + local port secret config_path + local ARGS="" + + if ! section_enabled "$cfg"; then + echo "disabled in config" + return 1 + fi + + config_get config_path $cfg 'config_path' + config_get_bool port $cfg 'port' + config_get secret $cfg 'secret' + + # Remove existing link or folder + rm -rf $CONFIG_PATH + + # Create link from CONFIG_PATH to config_path + if [ -n "$config_path" -a "$config_path" != $CONFIG_PATH ]; then + if [ ! -d "$config_path" ]; then + echo "ZeroTier config_path does not exist: $config_path" + return + fi + + ln -s $config_path $CONFIG_PATH + fi + + mkdir -p $CONFIG_PATH/networks.d + + if [ -n "$port" ]; then + ARGS="$ARGS -p$port" + fi + + if [ "$secret" = "generate" ]; then + echo "Generate secret - please wait..." + local sf="/tmp/zt.$cfg.secret" + + zerotier-idtool generate "$sf" > /dev/null + [ $? -ne 0 ] && return 1 + + secret="$(cat $sf)" + rm "$sf" + + uci set zerotier.$cfg.secret="$secret" + uci commit zerotier + fi + + if [ -n "$secret" ]; then + echo "$secret" > $CONFIG_PATH/identity.secret + # make sure there is not previous identity.public + rm -f $CONFIG_PATH/identity.public + fi + + add_join() { + # an (empty) config file will cause ZT to join a network + touch $CONFIG_PATH/networks.d/$1.conf + } + + config_list_foreach $cfg 'join' add_join + + procd_open_instance + procd_set_param command $PROG $ARGS $CONFIG_PATH + procd_set_param stderr 1 + procd_close_instance +} + +start_service() { + config_load 'zerotier' + config_foreach start_instance 'zerotier' + touch /tmp/zero.log && nohup /etc/zerotier.start > /tmp/zero.log 2>&1 & +} + +stop_instance() { + rm -f /tmp/zero.log + local cfg="$1" + + # Remove existing link or folder + rm -rf $CONFIG_PATH +} + +stop_service() { + config_load 'zerotier' + config_foreach stop_instance 'zerotier' +} + diff --git a/package/lean/luci-app-zerotier/root/etc/uci-defaults/40_luci-zerotier b/package/lean/luci-app-zerotier/root/etc/uci-defaults/40_luci-zerotier new file mode 100755 index 000000000..95f0ccfc9 --- /dev/null +++ b/package/lean/luci-app-zerotier/root/etc/uci-defaults/40_luci-zerotier @@ -0,0 +1,17 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@zerotier[-1] + add ucitrack zerotier + set ucitrack.@zerotier[-1].init=zerotier + commit ucitrack + delete firewall.zerotier + set firewall.zerotier=include + set firewall.zerotier.type=script + set firewall.zerotier.path=/etc/zerotier.start + set firewall.zerotier.reload=1 + commit firewall +EOF + +rm -f /tmp/luci-indexcache +exit 0 diff --git a/package/lean/luci-app-zerotier/root/etc/zerotier.start b/package/lean/luci-app-zerotier/root/etc/zerotier.start new file mode 100755 index 000000000..7bfc2acf5 --- /dev/null +++ b/package/lean/luci-app-zerotier/root/etc/zerotier.start @@ -0,0 +1,27 @@ +#!/bin/sh + +zero_enable=$(uci get zerotier.sample_config.enabled) + +if [ $zero_enable -eq 1 ]; then + +if [ -f /tmp/zero.log ];then +while [ "$(ifconfig | grep zt | awk '{print $1}')" = "" ] +do + sleep 1 +done +fi + +nat_enable=$(uci get zerotier.sample_config.nat) +zt0=$(ifconfig | grep zt | awk '{print $1}') +echo "zt interface $zt0 is started!" +echo $zt0 > /tmp/zt.nif +iptables -D FORWARD -i $zt0 -j ACCEPT 2>/dev/null +iptables -D FORWARD -o $zt0 -j ACCEPT 2>/dev/null +iptables -t nat -D POSTROUTING -o $zt0 -j MASQUERADE 2>/dev/null +if [ $nat_enable -eq 1 ]; then + iptables -I FORWARD -i $zt0 -j ACCEPT + iptables -I FORWARD -o $zt0 -j ACCEPT + iptables -t nat -I POSTROUTING -o $zt0 -j MASQUERADE +fi + +fi diff --git a/package/lean/luci-app-zerotier/root/etc/zerotier.stop b/package/lean/luci-app-zerotier/root/etc/zerotier.stop new file mode 100755 index 000000000..754c512b4 --- /dev/null +++ b/package/lean/luci-app-zerotier/root/etc/zerotier.stop @@ -0,0 +1,10 @@ +#!/bin/sh + +zt0=$(ifconfig | grep zt | awk '{print $1}') +if [ "$zt0" = "" ]; then + zt0=$(cat /tmp/cat /tmp/zt.nif) +fi +echo "zt interface $zt0 is stopped!" +iptables -D FORWARD -i $zt0 -j ACCEPT 2>/dev/null +iptables -D FORWARD -o $zt0 -j ACCEPT 2>/dev/null +iptables -t nat -D POSTROUTING -o $zt0 -j MASQUERADE 2>/dev/null diff --git a/package/lean/luci-lib-fs/Makefile b/package/lean/luci-lib-fs/Makefile new file mode 100644 index 000000000..9d78a2971 --- /dev/null +++ b/package/lean/luci-lib-fs/Makefile @@ -0,0 +1,49 @@ +# +# Copyright (C) 2009 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=luci-lib-fs +PKG_VERSION:=1.0 +PKG_RELEASE:=1 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/luci-lib-fs + SUBMENU:=Lua + SECTION:=lang + CATEGORY:=Languages + TITLE:=luci-lib-fs + PKGARCH:=all + URL:=https://github.com/lbthomsen/openwrt-luci + DEPENDS:=+luci +luci-lib-nixio +endef + +define Package/luci-lib-fs/description + luci-lib-fs +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Build/Install +endef + + +define Package/luci-lib-fs/install + $(INSTALL_DIR) $(1)/usr/lib/lua/luci + $(CP) ./files/*.lua $(1)/usr/lib/lua/luci + +endef + +$(eval $(call BuildPackage,luci-lib-fs)) diff --git a/package/lean/luci-lib-fs/files/fs.lua b/package/lean/luci-lib-fs/files/fs.lua new file mode 100644 index 000000000..a81ff675d --- /dev/null +++ b/package/lean/luci-lib-fs/files/fs.lua @@ -0,0 +1,244 @@ +--[[ +LuCI - Filesystem tools + +Description: +A module offering often needed filesystem manipulation functions + +FileId: +$Id$ + +License: +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +]]-- + +local io = require "io" +local os = require "os" +local ltn12 = require "luci.ltn12" +local fs = require "nixio.fs" +local nutil = require "nixio.util" + +local type = type + +--- LuCI filesystem library. +module "luci.fs" + +--- Test for file access permission on given path. +-- @class function +-- @name access +-- @param str String value containing the path +-- @return Number containing the return code, 0 on sucess or nil on error +-- @return String containing the error description (if any) +-- @return Number containing the os specific errno (if any) +access = fs.access + +--- Evaluate given shell glob pattern and return a table containing all matching +-- file and directory entries. +-- @class function +-- @name glob +-- @param filename String containing the path of the file to read +-- @return Table containing file and directory entries or nil if no matches +-- @return String containing the error description (if no matches) +-- @return Number containing the os specific errno (if no matches) +function glob(...) + local iter, code, msg = fs.glob(...) + if iter then + return nutil.consume(iter) + else + return nil, code, msg + end +end + +--- Checks wheather the given path exists and points to a regular file. +-- @param filename String containing the path of the file to test +-- @return Boolean indicating wheather given path points to regular file +function isfile(filename) + return fs.stat(filename, "type") == "reg" +end + +--- Checks wheather the given path exists and points to a directory. +-- @param dirname String containing the path of the directory to test +-- @return Boolean indicating wheather given path points to directory +function isdirectory(dirname) + return fs.stat(dirname, "type") == "dir" +end + +--- Read the whole content of the given file into memory. +-- @param filename String containing the path of the file to read +-- @return String containing the file contents or nil on error +-- @return String containing the error message on error +readfile = fs.readfile + +--- Write the contents of given string to given file. +-- @param filename String containing the path of the file to read +-- @param data String containing the data to write +-- @return Boolean containing true on success or nil on error +-- @return String containing the error message on error +writefile = fs.writefile + +--- Copies a file. +-- @param source Source file +-- @param dest Destination +-- @return Boolean containing true on success or nil on error +copy = fs.datacopy + +--- Renames a file. +-- @param source Source file +-- @param dest Destination +-- @return Boolean containing true on success or nil on error +rename = fs.move + +--- Get the last modification time of given file path in Unix epoch format. +-- @param path String containing the path of the file or directory to read +-- @return Number containing the epoch time or nil on error +-- @return String containing the error description (if any) +-- @return Number containing the os specific errno (if any) +function mtime(path) + return fs.stat(path, "mtime") +end + +--- Set the last modification time of given file path in Unix epoch format. +-- @param path String containing the path of the file or directory to read +-- @param mtime Last modification timestamp +-- @param atime Last accessed timestamp +-- @return 0 in case of success nil on error +-- @return String containing the error description (if any) +-- @return Number containing the os specific errno (if any) +function utime(path, mtime, atime) + return fs.utimes(path, atime, mtime) +end + +--- Return the last element - usually the filename - from the given path with +-- the directory component stripped. +-- @class function +-- @name basename +-- @param path String containing the path to strip +-- @return String containing the base name of given path +-- @see dirname +basename = fs.basename + +--- Return the directory component of the given path with the last element +-- stripped of. +-- @class function +-- @name dirname +-- @param path String containing the path to strip +-- @return String containing the directory component of given path +-- @see basename +dirname = fs.dirname + +--- Return a table containing all entries of the specified directory. +-- @class function +-- @name dir +-- @param path String containing the path of the directory to scan +-- @return Table containing file and directory entries or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +function dir(...) + local iter, code, msg = fs.dir(...) + if iter then + local t = nutil.consume(iter) + t[#t+1] = "." + t[#t+1] = ".." + return t + else + return nil, code, msg + end +end + +--- Create a new directory, recursively on demand. +-- @param path String with the name or path of the directory to create +-- @param recursive Create multiple directory levels (optional, default is true) +-- @return Number with the return code, 0 on sucess or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +function mkdir(path, recursive) + return recursive and fs.mkdirr(path) or fs.mkdir(path) +end + +--- Remove the given empty directory. +-- @class function +-- @name rmdir +-- @param path String containing the path of the directory to remove +-- @return Number with the return code, 0 on sucess or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +rmdir = fs.rmdir + +local stat_tr = { + reg = "regular", + dir = "directory", + lnk = "link", + chr = "character device", + blk = "block device", + fifo = "fifo", + sock = "socket" +} +--- Get information about given file or directory. +-- @class function +-- @name stat +-- @param path String containing the path of the directory to query +-- @return Table containing file or directory properties or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +function stat(path, key) + local data, code, msg = fs.stat(path) + if data then + data.mode = data.modestr + data.type = stat_tr[data.type] or "?" + end + return key and data and data[key] or data, code, msg +end + +--- Set permissions on given file or directory. +-- @class function +-- @name chmod +-- @param path String containing the path of the directory +-- @param perm String containing the permissions to set ([ugoa][+-][rwx]) +-- @return Number with the return code, 0 on sucess or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +chmod = fs.chmod + +--- Create a hard- or symlink from given file (or directory) to specified target +-- file (or directory) path. +-- @class function +-- @name link +-- @param path1 String containing the source path to link +-- @param path2 String containing the destination path for the link +-- @param symlink Boolean indicating wheather to create a symlink (optional) +-- @return Number with the return code, 0 on sucess or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +function link(src, dest, sym) + return sym and fs.symlink(src, dest) or fs.link(src, dest) +end + +--- Remove the given file. +-- @class function +-- @name unlink +-- @param path String containing the path of the file to remove +-- @return Number with the return code, 0 on sucess or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +unlink = fs.unlink + +--- Retrieve target of given symlink. +-- @class function +-- @name readlink +-- @param path String containing the path of the symlink to read +-- @return String containing the link target or nil on error +-- @return String containing the error description on error +-- @return Number containing the os specific errno on error +readlink = fs.readlink diff --git a/package/lean/open-vm-tools/Makefile b/package/lean/open-vm-tools/Makefile new file mode 100644 index 000000000..a5ed2ff28 --- /dev/null +++ b/package/lean/open-vm-tools/Makefile @@ -0,0 +1,129 @@ +# +# Copyright (C) 2018 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=open-vm-tools +PKG_VERSION:=10.3.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL=https://github.com/vmware/open-vm-tools.git +PKG_SOURCE_VERSION:=stable-$(PKG_VERSION) + +PKG_FIXUP:=autoreconf +PKG_LICENSE:=LGPL-2.1 + +include $(INCLUDE_DIR)/package.mk + +define Package/open-vm-tools + SECTION:=utils + CATEGORY:=Utilities + DEPENDS:=@TARGET_x86 +glib2 +libpthread +libtirpc + TITLE:=open-vm-tools + URL:=https://github.com/vmware/open-vm-tools +endef + +define Package/open-vm-tools-vm-tools/description + Open Virtual Machine Tools for VMware guest OS +endef + + +CONFIGURE_PATH = open-vm-tools +MAKE_PATH = open-vm-tools + +CONFIGURE_ARGS+= \ + --without-icu \ + --disable-multimon \ + --disable-docs \ + --disable-tests \ + --without-gtkmm \ + --without-gtkmm3 \ + --without-xerces \ + --without-pam \ + --disable-grabbitmqproxy \ + --disable-vgauth \ + --disable-deploypkg \ + --without-root-privileges \ + --without-kernel-modules \ + --without-dnet \ + --with-tirpc \ + --without-x \ + --without-gtk2 \ + --without-gtk3 \ + --without-xerces + + +define Package/open-vm-tools/install + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) ./files/vmtoolsd.init $(1)/etc/init.d/vmtoolsd + + $(INSTALL_DIR) $(1)/etc/vmware-tools/ + $(INSTALL_DATA) ./files/tools.conf $(1)/etc/vmware-tools/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/scripts/poweroff-vm-default $(1)/etc/vmware-tools/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/scripts/poweron-vm-default $(1)/etc/vmware-tools/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/scripts/resume-vm-default $(1)/etc/vmware-tools/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/scripts/suspend-vm-default $(1)/etc/vmware-tools/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/scripts/common/statechange.subr $(1)/etc/vmware-tools/ + + $(INSTALL_DIR) $(1)/etc/vmware-tools/scripts/vmware/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/scripts/linux/network $(1)/etc/vmware-tools/scripts/vmware/ + + $(INSTALL_DIR) $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/checkvm/.libs/vmware-checkvm $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/namespacetool/.libs/vmware-namespace-cmd $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/xferlogs/.libs/vmware-xferlogs $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/hgfsclient/.libs/vmware-hgfsclient $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/services/vmtoolsd/.libs/vmtoolsd $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/rpctool/vmware-rpctool $(1)/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/toolbox/.libs/vmware-toolbox-cmd $(1)/bin/ + + $(INSTALL_DIR) $(1)/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/open-vm-tools/hgfsmounter/mount.vmhgfs $(1)/sbin/ + $(INSTALL_BIN) ./files/shutdown $(1)/sbin/ + + $(INSTALL_DIR) $(1)/lib/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/libhgfs/.libs/libhgfs.so.0.0.0 $(1)/lib/ + $(LN) libhgfs.so.0.0.0 $(1)/lib/libhgfs.so.0 + $(LN) libhgfs.so.0.0.0 $(1)/lib/libhgfs.so + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/libguestlib/.libs/libguestlib.so.0.0.0 $(1)/lib/ + $(LN) libguestlib.so.0.0.0 $(1)/lib/libguestlib.so.0 + $(LN) libguestlib.so.0.0.0 $(1)/lib/libguestlib.so + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/libvmtools/.libs/libvmtools.so.0.0.0 $(1)/lib/ + $(LN) libvmtools.so.0.0.0 $(1)/lib/libvmtools.so.0 + $(LN) libvmtools.so.0.0.0 $(1)/lib/libvmtools.so + + $(INSTALL_DIR) $(1)/usr/lib/open-vm-tools/plugins/common/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/vix/.libs/libvix.so $(1)/usr/lib/open-vm-tools/plugins/common/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/hgfsServer/.libs/libhgfsServer.so $(1)/usr/lib/open-vm-tools/plugins/common/ + + $(INSTALL_DIR) $(1)/usr/lib/open-vm-tools/plugins/vmsvc/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/resolutionKMS/.libs/libresolutionKMS.so $(1)/usr/lib/open-vm-tools/plugins/vmsvc/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/powerOps/.libs/libpowerOps.so $(1)/usr/lib/open-vm-tools/plugins/vmsvc/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/timeSync/.libs/libtimeSync.so $(1)/usr/lib/open-vm-tools/plugins/vmsvc/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/guestInfo/.libs/libguestInfo.so $(1)/usr/lib/open-vm-tools/plugins/vmsvc/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/plugins/vmbackup/.libs/libvmbackup.so $(1)/usr/lib/open-vm-tools/plugins/vmsvc/ + + $(INSTALL_DIR) $(1)/lib/udev/rules.d/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/udev/99-vmware-scsi-udev.rules $(1)/lib/udev/rules.d/ + + $(INSTALL_DIR) $(1)/share/open-vm-tools/messages/ko/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/vmtoolsd/l10n/ko.vmsg $(1)/share/open-vm-tools/messages/ko/vmtoolsd.vmsg + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/toolbox/l10n/ko.vmsg $(1)/share/open-vm-tools/messages/ko/toolboxcmd.vmsg + $(INSTALL_DIR) $(1)/share/open-vm-tools/messages/de/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/vmtoolsd/l10n/de.vmsg $(1)/share/open-vm-tools/messages/de/vmtoolsd.vmsg + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/toolbox/l10n/de.vmsg $(1)/share/open-vm-tools/messages/de/toolboxcmd.vmsg + $(INSTALL_DIR) $(1)/share/open-vm-tools/messages/ja/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/services/vmtoolsd/l10n/ja.vmsg $(1)/share/open-vm-tools/messages/ja/vmtoolsd.vmsg + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/toolbox/l10n/ja.vmsg $(1)/share/open-vm-tools/messages/ja/toolboxcmd.vmsg + $(INSTALL_DIR) $(1)/share/open-vm-tools/messages/zh_CN/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/open-vm-tools/toolbox/l10n/zh_CN.vmsg $(1)/share/open-vm-tools/messages/zh_CN/toolboxcmd.vmsg +endef + +$(eval $(call BuildPackage,open-vm-tools)) diff --git a/package/lean/open-vm-tools/files/shutdown b/package/lean/open-vm-tools/files/shutdown new file mode 100644 index 000000000..e814571ff --- /dev/null +++ b/package/lean/open-vm-tools/files/shutdown @@ -0,0 +1,8 @@ +#!/bin/sh +#compatibility script for openvmtools + +if [ "$1" == "-r" ]; then + /sbin/reboot +else + /sbin/poweroff +fi diff --git a/package/lean/open-vm-tools/files/tools.conf b/package/lean/open-vm-tools/files/tools.conf new file mode 100644 index 000000000..f6cae70cc --- /dev/null +++ b/package/lean/open-vm-tools/files/tools.conf @@ -0,0 +1,2 @@ +[guestinfo] +disable-perf-mon=1 diff --git a/package/lean/open-vm-tools/files/vmtoolsd.init b/package/lean/open-vm-tools/files/vmtoolsd.init new file mode 100644 index 000000000..22a002088 --- /dev/null +++ b/package/lean/open-vm-tools/files/vmtoolsd.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common + +START=10 + +USE_PROCD=1 +PROG=/bin/vmtoolsd + +start_service() { + procd_open_instance + procd_set_param command "$PROG" + procd_set_param respawn + procd_close_instance +} + diff --git a/package/lean/open-vm-tools/patches/0001-configure.ac-don-t-use-dnet-config.patch b/package/lean/open-vm-tools/patches/0001-configure.ac-don-t-use-dnet-config.patch new file mode 100644 index 000000000..893beb986 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0001-configure.ac-don-t-use-dnet-config.patch @@ -0,0 +1,21 @@ +diff -urN a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac +--- a/open-vm-tools/configure.ac ++++ b/open-vm-tools/configure.ac +@@ -949,7 +949,7 @@ + AC_VMW_CHECK_LIB([dnet], + [DNET], + [], +- [dnet-config], ++ [], + [], + [dnet.h], + [intf_open], +@@ -959,7 +959,7 @@ + + if test $have_dnet = "no"; then + AC_MSG_ERROR( +- [dnet-config was not found on your PATH. Please configure without dnet (using --without-dnet) or install dnet - http://libdnet.sourceforge.net]) ++ [dnet was not found. Please configure without dnet (using --without-dnet) or install dnet - http://libdnet.sourceforge.net]) + fi + fi + diff --git a/package/lean/open-vm-tools/patches/0002-add-include-sys-sysmacros.h.patch b/package/lean/open-vm-tools/patches/0002-add-include-sys-sysmacros.h.patch new file mode 100644 index 000000000..accdb10a3 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0002-add-include-sys-sysmacros.h.patch @@ -0,0 +1,13 @@ +diff -urN a/open-vm-tools/lib/wiper/wiperPosix.c b/open-vm-tools/lib/wiper/wiperPosix.c +--- a/open-vm-tools/lib/wiper/wiperPosix.c ++++ b/open-vm-tools/lib/wiper/wiperPosix.c +@@ -43,6 +43,9 @@ + # include + # endif /* __FreeBSD_version >= 500000 */ + #endif ++#if defined(__linux__) ++#include ++#endif + #include + + #include "vmware.h" diff --git a/package/lean/open-vm-tools/patches/0003-Use-configure-test-for-struct-timespec.patch b/package/lean/open-vm-tools/patches/0003-Use-configure-test-for-struct-timespec.patch new file mode 100644 index 000000000..5b6785615 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0003-Use-configure-test-for-struct-timespec.patch @@ -0,0 +1,29 @@ +diff -urN a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac +--- a/open-vm-tools/configure.ac ++++ b/open-vm-tools/configure.ac +@@ -1208,6 +1208,7 @@ + AC_TYPE_PID_T + AC_TYPE_SIZE_T + AC_CHECK_MEMBERS([struct stat.st_rdev]) ++AC_CHECK_MEMBERS([struct timespec.tv_sec],[],[],[[#include ]]) + AC_HEADER_TIME + AC_STRUCT_TM + AC_C_VOLATILE +diff -urN a/open-vm-tools/lib/include/hgfsUtil.h b/open-vm-tools/lib/include/hgfsUtil.h +--- a/open-vm-tools/lib/include/hgfsUtil.h ++++ b/open-vm-tools/lib/include/hgfsUtil.h +@@ -53,13 +53,7 @@ + # include + # endif + # include "vm_basic_types.h" +-# if !defined _STRUCT_TIMESPEC && \ +- !defined _TIMESPEC_DECLARED && \ +- !defined __timespec_defined && \ +- !defined sun && \ +- !defined __FreeBSD__ && \ +- !__APPLE__ && \ +- !defined _WIN32 ++# if !defined HAVE_STRUCT_TIMESPEC_TV_SEC + struct timespec { + time_t tv_sec; + long tv_nsec; diff --git a/package/lean/open-vm-tools/patches/0004-Fix-definition-of-ALLPERMS-and-ACCESSPERMS.patch b/package/lean/open-vm-tools/patches/0004-Fix-definition-of-ALLPERMS-and-ACCESSPERMS.patch new file mode 100644 index 000000000..8c7aea993 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0004-Fix-definition-of-ALLPERMS-and-ACCESSPERMS.patch @@ -0,0 +1,40 @@ +diff -urN a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c +--- a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c ++++ b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c +@@ -105,11 +105,13 @@ + #endif + + /* +- * ALLPERMS (mode 07777) and ACCESSPERMS (mode 0777) are not defined in the +- * Solaris version of . ++ * ALLPERMS (mode 07777) and ACCESSPERMS (mode 0777) are not specified in ++ * POSIX. + */ +-#ifdef sun ++#ifndef ACCESSPERMS + # define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) ++#endif ++#ifndef ALLPERMS + # define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) + #endif + +diff -urN a/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c b/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c +--- a/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c ++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndLinux.c +@@ -52,7 +52,7 @@ + + #define DND_ROOTDIR_PERMS (S_IRWXU | S_IRWXG | S_IRWXO) + #define DND_STAGINGDIR_PERMS (S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) +-#ifdef sun ++#ifndef ACCESSPERMS + #define ACCESSPERMS (S_IRWXU | S_IRWXG | S_IRWXO) + #endif + #ifdef __ANDROID__ +@@ -61,7 +61,6 @@ + */ + #define NO_SETMNTENT + #define NO_ENDMNTENT +-#define ACCESSPERMS (S_IRWXU | S_IRWXG | S_IRWXO) + #endif + + diff --git a/package/lean/open-vm-tools/patches/0005-Use-configure-to-test-for-feature-instead-of-platfor.patch b/package/lean/open-vm-tools/patches/0005-Use-configure-to-test-for-feature-instead-of-platfor.patch new file mode 100644 index 000000000..de9882eac --- /dev/null +++ b/package/lean/open-vm-tools/patches/0005-Use-configure-to-test-for-feature-instead-of-platfor.patch @@ -0,0 +1,105 @@ +diff -urN a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac +--- a/open-vm-tools/configure.ac ++++ b/open-vm-tools/configure.ac +@@ -897,6 +897,7 @@ + + AC_CHECK_FUNCS([ecvt]) + AC_CHECK_FUNCS([fcvt]) ++AC_CHECK_FUNCS([getifaddrs getauxval issetugid __secure_getenv]) + + AC_CHECK_FUNC([mkdtemp], [have_mkdtemp=yes]) + +@@ -1145,10 +1146,13 @@ + ### + + AC_CHECK_HEADERS([crypt.h]) ++AC_CHECK_HEADERS([ifaddrs.h]) + AC_CHECK_HEADERS([inttypes.h]) + AC_CHECK_HEADERS([stdint.h]) + AC_CHECK_HEADERS([stdlib.h]) + AC_CHECK_HEADERS([wchar.h]) ++AC_CHECK_HEADERS([net/if.h]) ++AC_CHECK_HEADERS([sys/auxv.h]) + AC_CHECK_HEADERS([sys/inttypes.h]) + AC_CHECK_HEADERS([sys/io.h]) + AC_CHECK_HEADERS([sys/param.h]) # Required to make the sys/user.h check work correctly on FreeBSD +diff -urN a/open-vm-tools/lib/misc/idLinux.c b/open-vm-tools/lib/misc/idLinux.c +--- a/open-vm-tools/lib/misc/idLinux.c ++++ b/open-vm-tools/lib/misc/idLinux.c +@@ -27,12 +27,9 @@ + #include + #include + #include +-#ifdef __linux__ +-#if defined(__GLIBC__) && \ +- (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) ++#ifdef HAVE_SYS_AUXV_H + #include + #endif +-#endif + #ifdef __APPLE__ + #include + #include +@@ -997,31 +994,32 @@ + static Bool + IdIsSetUGid(void) + { +-#if defined(__ANDROID__) +- /* Android does not have a secure_getenv, so be conservative. */ +- return TRUE; +-#else + /* + * We use __secure_getenv, which returns NULL if the binary is +- * setuid or setgid. Alternatives include, ++ * setuid or setgid, when issetugid or getauxval(AT_SECURE) is not ++ * available. Alternatives include, + * +- * a) getauxval(AT_SECURE); not available until glibc 2.16. +- * b) __libc_enable_secure; may not be exported. ++ * a) issetugid(); not (yet?) available in glibc. ++ * b) getauxval(AT_SECURE); not available until glibc 2.16. ++ * c) __libc_enable_secure; may not be exported. + * +- * Use (a) when we are based on glibc 2.16, or newer. ++ * Use (b) when we are based on glibc 2.16, or newer. + */ + +-#if defined(__GLIBC__) && \ +- (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 16)) ++#if HAVE_ISSETUGID ++ return issetugid(); ++#elif HAVE_GETAUXVAL + return getauxval(AT_SECURE) != 0; +-#else ++#elif HAVE___SECURE_GETENV + static const char envName[] = "VMW_SETUGID_TEST"; + + if (setenv(envName, "1", TRUE) == -1) { + return TRUE; /* Conservative */ + } + return __secure_getenv(envName) == NULL; +-#endif ++#else ++ /* Android does not have a secure_getenv, so be conservative. */ ++ return TRUE; + #endif + } + #endif +diff -urN a/open-vm-tools/lib/nicInfo/nicInfoPosix.c b/open-vm-tools/lib/nicInfo/nicInfoPosix.c +--- a/open-vm-tools/lib/nicInfo/nicInfoPosix.c ++++ b/open-vm-tools/lib/nicInfo/nicInfoPosix.c +@@ -34,9 +34,13 @@ + #include + #include + #include +-#if defined(__FreeBSD__) || defined(__APPLE__) ++#if HAVE_SYS_SYSCTL_H + # include ++#endif ++#if HAVE_IFADDRS_H + # include ++#endif ++#if HAVE_NET_IF_H + # include + #endif + #ifndef NO_DNET diff --git a/package/lean/open-vm-tools/patches/0006-Use-configure-test-for-sys-stat.h-include.patch b/package/lean/open-vm-tools/patches/0006-Use-configure-test-for-sys-stat.h-include.patch new file mode 100644 index 000000000..b680558ae --- /dev/null +++ b/package/lean/open-vm-tools/patches/0006-Use-configure-test-for-sys-stat.h-include.patch @@ -0,0 +1,12 @@ +diff -urN a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c +--- a/open-vm-tools/services/plugins/vix/vixTools.c ++++ b/open-vm-tools/services/plugins/vix/vixTools.c +@@ -66,7 +66,7 @@ + #include + #endif + +-#if defined(sun) || defined(__FreeBSD__) || defined(__APPLE__) ++#ifdef HAVE_SYS_STAT_H + #include + #endif + diff --git a/package/lean/open-vm-tools/patches/0007-include-poll.h-instead-of-sys-poll.h.patch b/package/lean/open-vm-tools/patches/0007-include-poll.h-instead-of-sys-poll.h.patch new file mode 100644 index 000000000..f01c79012 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0007-include-poll.h-instead-of-sys-poll.h.patch @@ -0,0 +1,13 @@ +diff -urN a/open-vm-tools/lib/asyncsocket/asyncsocket.c b/open-vm-tools/lib/asyncsocket/asyncsocket.c +--- a/open-vm-tools/lib/asyncsocket/asyncsocket.c ++++ b/open-vm-tools/lib/asyncsocket/asyncsocket.c +@@ -69,8 +69,8 @@ + #else + #include + #include ++#include + #include +-#include + #include + #include + #include diff --git a/package/lean/open-vm-tools/patches/0008-Rename-poll.h-to-vm_poll.h.patch b/package/lean/open-vm-tools/patches/0008-Rename-poll.h-to-vm_poll.h.patch new file mode 100644 index 000000000..455259917 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0008-Rename-poll.h-to-vm_poll.h.patch @@ -0,0 +1,94 @@ +diff --git a/open-vm-tools/lib/asyncsocket/asyncsocket.c b/open-vm-tools/lib/asyncsocket/asyncsocket.c +index e0a68e7e..b9675674 100644 +--- a/open-vm-tools/lib/asyncsocket/asyncsocket.c ++++ b/open-vm-tools/lib/asyncsocket/asyncsocket.c +@@ -86,7 +86,7 @@ + #include "random.h" + #include "asyncsocket.h" + #include "asyncSocketBase.h" +-#include "poll.h" ++#include "vm_poll.h" + #include "log.h" + #include "err.h" + #include "hostinfo.h" +diff --git a/open-vm-tools/lib/hgfsServer/hgfsServer.c b/open-vm-tools/lib/hgfsServer/hgfsServer.c +index 991a7941..ed0c09f9 100644 +--- a/open-vm-tools/lib/hgfsServer/hgfsServer.c ++++ b/open-vm-tools/lib/hgfsServer/hgfsServer.c +@@ -48,7 +48,7 @@ + #include "hgfsServerOplock.h" + #include "hgfsDirNotify.h" + #include "userlock.h" +-#include "poll.h" ++#include "vm_poll.h" + #include "mutexRankLib.h" + #include "vm_basic_asm.h" + #include "unicodeOperations.h" +diff --git a/open-vm-tools/lib/include/asyncsocket.h b/open-vm-tools/lib/include/asyncsocket.h +index 524147ea..103f944f 100644 +--- a/open-vm-tools/lib/include/asyncsocket.h ++++ b/open-vm-tools/lib/include/asyncsocket.h +@@ -164,7 +164,7 @@ typedef struct AsyncSocket AsyncSocket; + * Or the client can specify its favorite poll class and locking behavior. + * Use of IVmdbPoll is only supported for regular sockets and for Attach. + */ +-#include "poll.h" ++#include "vm_poll.h" + struct IVmdbPoll; + typedef struct AsyncSocketPollParams { + int flags; /* Default 0, only POLL_FLAG_NO_BULL is valid */ +diff --git a/open-vm-tools/lib/include/pollImpl.h b/open-vm-tools/lib/include/pollImpl.h +index 46442e55..8bc66997 100644 +--- a/open-vm-tools/lib/include/pollImpl.h ++++ b/open-vm-tools/lib/include/pollImpl.h +@@ -44,7 +44,7 @@ + #define INCLUDE_ALLOW_USERLEVEL + #include "includeCheck.h" + +-#include "poll.h" ++#include "vm_poll.h" + #include "vm_basic_asm.h" + + #if defined(__cplusplus) +diff --git a/open-vm-tools/lib/include/poll.h b/open-vm-tools/lib/include/vm_poll.h +similarity index 99% +rename from a/open-vm-tools/lib/include/poll.h +rename to a/open-vm-tools/lib/include/vm_poll.h +index 988fe6d0..e9e74fb5 100644 +--- a/open-vm-tools/lib/include/poll.h ++++ b/open-vm-tools/lib/include/vm_poll.h +@@ -60,7 +60,7 @@ extern "C" { + #if !defined(TARGET_OS_IPHONE) || TARGET_OS_IPHONE == 0 + #include + #endif +-#include ++#include + #define HZ 100 + #endif + #ifdef __ANDROID__ +diff --git a/open-vm-tools/lib/rpcIn/rpcin.c b/open-vm-tools/lib/rpcIn/rpcin.c +index c2c51583..d6c62f10 100644 +--- a/open-vm-tools/lib/rpcIn/rpcin.c ++++ b/open-vm-tools/lib/rpcIn/rpcin.c +@@ -57,7 +57,7 @@ + + #if defined(VMTOOLS_USE_VSOCKET) + # include +-# include "poll.h" ++# include "vm_poll.h" + # include "asyncsocket.h" + # include "vmci_defs.h" + #include "dataMap.h" +diff --git a/open-vm-tools/services/plugins/grabbitmqProxy/grabbitmqProxyPlugin.c b/open-vm-tools/services/plugins/grabbitmqProxy/grabbitmqProxyPlugin.c +index 03700937..f0b49ad7 100644 +--- a/open-vm-tools/services/plugins/grabbitmqProxy/grabbitmqProxyPlugin.c ++++ b/open-vm-tools/services/plugins/grabbitmqProxy/grabbitmqProxyPlugin.c +@@ -48,7 +48,7 @@ + #include "rpcout.h" + #include "rabbitmqProxyConst.h" + #include "vm_basic_types.h" +-#include "poll.h" ++#include "vm_poll.h" + #ifdef OPEN_VM_TOOLS + #include "vmci_sockets.h" + #include "sslDirect.h" diff --git a/package/lean/open-vm-tools/patches/0009-use-posix-strerror_r-unless-on-gnu-libc-system.patch b/package/lean/open-vm-tools/patches/0009-use-posix-strerror_r-unless-on-gnu-libc-system.patch new file mode 100644 index 000000000..22735334d --- /dev/null +++ b/package/lean/open-vm-tools/patches/0009-use-posix-strerror_r-unless-on-gnu-libc-system.patch @@ -0,0 +1,28 @@ +diff -urN a/open-vm-tools/lib/err/errPosix.c b/open-vm-tools/lib/err/errPosix.c +--- a/open-vm-tools/lib/err/errPosix.c ++++ b/open-vm-tools/lib/err/errPosix.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include "vmware.h" + #include "errInt.h" +@@ -63,11 +64,13 @@ + { + char *p; + +-#if defined(__linux__) && !defined(__ANDROID__) ++#if defined(__GLIBC__) && !defined(__ANDROID__) + p = strerror_r(errorNumber, buf, bufSize); + #else +- p = strerror(errorNumber); +-#endif ++ if (strerror_r(errorNumber, buf, bufSize) != 0) ++ snprintf(buf, bufSize, "unknown error %i", errorNumber); ++ p = buf; ++#endif /* defined __GLIBC__ */ + ASSERT(p != NULL); + return p; + } diff --git a/package/lean/open-vm-tools/patches/0010-Use-uintmax_t-for-handling-rlim_t.patch b/package/lean/open-vm-tools/patches/0010-Use-uintmax_t-for-handling-rlim_t.patch new file mode 100644 index 000000000..73eb40307 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0010-Use-uintmax_t-for-handling-rlim_t.patch @@ -0,0 +1,14 @@ +diff -urN a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c +--- a/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c ++++ b/open-vm-tools/lib/hgfsServer/hgfsServerLinux.c +@@ -5294,8 +5294,8 @@ + goto exit; + } + +- LOG(6, ("%s: File Size limits: 0x%"FMT64"x 0x%"FMT64"x\n", +- __FUNCTION__, fileSize.rlim_cur, fileSize.rlim_max)); ++ LOG(6, ("%s: File Size limits: 0x%jx 0x%jx\n", ++ __FUNCTION__, (uintmax_t)fileSize.rlim_cur, (uintmax_t)fileSize.rlim_max)); + + /* + * Check the offset is within the file size range. diff --git a/package/lean/open-vm-tools/patches/0011-Use-off64_t-instead-of-__off64_t.patch b/package/lean/open-vm-tools/patches/0011-Use-off64_t-instead-of-__off64_t.patch new file mode 100644 index 000000000..2f68ac8a0 --- /dev/null +++ b/package/lean/open-vm-tools/patches/0011-Use-off64_t-instead-of-__off64_t.patch @@ -0,0 +1,16 @@ +diff -urN a/open-vm-tools/lib/file/fileIOPosix.c b/open-vm-tools/lib/file/fileIOPosix.c +--- a/open-vm-tools/lib/file/fileIOPosix.c ++++ b/open-vm-tools/lib/file/fileIOPosix.c +@@ -206,10 +206,10 @@ + * the symbols (and anyone building XOPEN<700 gets nothing). + */ + extern ssize_t preadv64(int fd, const struct iovec *iov, int iovcnt, +- __off64_t offset) __attribute__ ((weak)); ++ off64_t offset) __attribute__ ((weak)); + + extern ssize_t pwritev64(int fd, const struct iovec *iov, int iovcnt, +- __off64_t offset) __attribute__ ((weak)); ++ off64_t offset) __attribute__ ((weak)); + #else + #error "Large file support unavailable. Aborting." + #endif diff --git a/package/lean/openwrt-fullconenat/Makefile b/package/lean/openwrt-fullconenat/Makefile new file mode 100644 index 000000000..c0e8c9dcc --- /dev/null +++ b/package/lean/openwrt-fullconenat/Makefile @@ -0,0 +1,65 @@ +# +# Copyright (C) 2018 Chion Tang +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=fullconenat +PKG_VERSION:=1.0 +PKG_RELEASE:=4 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/Chion82/netfilter-full-cone-nat.git +PKG_SOURCE_VERSION:=ec14efee249ef11409827a87d6a23dd53deb5149 + +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=LICENSE + +include $(INCLUDE_DIR)/package.mk + +define Package/iptables-mod-fullconenat + SUBMENU:=Firewall + SECTION:=net + CATEGORY:=Network + TITLE:=FULLCONENAT iptables extension + DEPENDS:=+iptables +kmod-ipt-fullconenat + MAINTAINER:=Chion Tang +endef + +define Package/iptables-mod-fullconenat/install + $(INSTALL_DIR) $(1)/usr/lib/iptables + $(INSTALL_BIN) $(PKG_BUILD_DIR)/libipt_FULLCONENAT.so $(1)/usr/lib/iptables +endef + +define KernelPackage/ipt-fullconenat + SUBMENU:=Netfilter Extensions + TITLE:=FULLCONENAT netfilter module + DEPENDS:=+kmod-nf-ipt +kmod-nf-nat + MAINTAINER:=Chion Tang + KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y + FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko +endef + +include $(INCLUDE_DIR)/kernel-defaults.mk + +define Build/Prepare + $(call Build/Prepare/Default) + $(CP) ./files/Makefile $(PKG_BUILD_DIR)/ +endef + +define Build/Compile + +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + ARCH="$(LINUX_KARCH)" \ + SUBDIRS="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(BUILDFLAGS)" \ + modules + $(call Build/Compile/Default) +endef + +$(eval $(call BuildPackage,iptables-mod-fullconenat)) +$(eval $(call KernelPackage,ipt-fullconenat)) diff --git a/package/lean/openwrt-fullconenat/files/Makefile b/package/lean/openwrt-fullconenat/files/Makefile new file mode 100644 index 000000000..da52a2a4e --- /dev/null +++ b/package/lean/openwrt-fullconenat/files/Makefile @@ -0,0 +1,7 @@ +libipt_FULLCONENAT.so: libipt_FULLCONENAT.o + $(CC) -shared -lxtables -o $@ $^; +libipt_FULLCONENAT.o: libipt_FULLCONENAT.c + $(CC) ${CFLAGS} -fPIC -D_INIT=$*_init -c -o $@ $<; + +obj-m += xt_FULLCONENAT.o + diff --git a/package/lean/pdnsd-alt/Makefile b/package/lean/pdnsd-alt/Makefile new file mode 100644 index 000000000..bbe3ebf51 --- /dev/null +++ b/package/lean/pdnsd-alt/Makefile @@ -0,0 +1,54 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=pdnsd +PKG_VERSION:=1.2.9b-par +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/shadowsocks/pdnsd.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=a8e46ccba7b0fa2230d6c42ab6dcd92926f6c21d +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz +# PKG_MIRROR_MD5SUM:= +# CMAKE_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/pdnsd-alt + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + DEPENDS:=+libpthread + TITLE:=Proxy DNS Server +endef + +define Package/pdnsd-alt/description + pdnsd, is an IPv6 capable proxy DNS server with permanent caching (the cache + contents are written to hard disk on exit) that is designed to cope with + unreachable or down DNS servers (for example in dial-in networking). + + pdnsd can be used with applications that do dns lookups, eg on startup, and + can't be configured to change that behaviour, to prevent the often + minute-long hangs (or even crashes) that result from stalled dns queries. +endef + +TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include +#TARGET_CFLAGS += -ggdb3 + +CMAKE_OPTIONS += -DDEBUG=1 + +CONFIGURE_ARGS += \ + --with-cachedir=/var/pdnsd + +define Package/pdnsd-alt/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/pdnsd $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/pdnsd-ctl/pdnsd-ctl $(1)/usr/bin/ + #$(INSTALL_DIR) $(1)/etc/init.d + #$(INSTALL_BIN) ./files/pdnsd.init $(1)/etc/init.d/pdnsd + $(INSTALL_DIR) $(1)/etc + $(INSTALL_CONF) $(PKG_BUILD_DIR)/doc/pdnsd.conf $(1)/etc/ +endef + +$(eval $(call BuildPackage,pdnsd-alt)) diff --git a/package/lean/pdnsd-alt/files/pdnsd.init b/package/lean/pdnsd-alt/files/pdnsd.init new file mode 100644 index 000000000..e678d8d6a --- /dev/null +++ b/package/lean/pdnsd-alt/files/pdnsd.init @@ -0,0 +1,46 @@ +#!/bin/sh /etc/rc.common + +START=65 +NAME=pdnsd +DESC="proxy DNS server" + +DAEMON=/usr/sbin/pdnsd +PID_FILE=/var/run/$NAME.pid +CACHEDIR=/var/pdnsd +CACHE=$CACHEDIR/pdnsd.cache + +USER=nobody +GROUP=nogroup + +start() { + echo -n "Starting $DESC: $NAME" + + gen_cache + + $DAEMON --daemon -p $PID_FILE + echo " ." +} + +stop() { + echo -n "Stopping $DESC: $NAME" + kill `cat $PID_FILE` > /dev/null 2>&1 + rm -rf $PID_FILE + echo " ." +} + +restart() { + echo "Restarting $DESC: $NAME... " + stop + sleep 2 + start +} + +gen_cache() +{ + if ! test -f "$CACHE"; then + mkdir -p `dirname $CACHE` + dd if=/dev/zero of="$CACHE" bs=1 count=4 2> /dev/null + chown -R $USER.$GROUP $CACHEDIR + fi +} + diff --git a/package/lean/polarssl/Makefile b/package/lean/polarssl/Makefile new file mode 100644 index 000000000..57fa81e91 --- /dev/null +++ b/package/lean/polarssl/Makefile @@ -0,0 +1,74 @@ +# +# Copyright (C) 2011-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=polarssl +SRC_PKG_NAME:=mbedtls +PKG_VERSION:=1.3.16 +PKG_RELEASE:=1 +PKG_USE_MIPS16:=0 + +PKG_SOURCE:=$(SRC_PKG_NAME)-$(PKG_VERSION)-gpl.tgz +PKG_SOURCE_URL:=https://polarssl.org/download/ +PKG_MD5SUM:=66ebbbf67e8a9463041846822b0a1692 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(SRC_PKG_NAME)-$(PKG_VERSION) + +PKG_BUILD_PARALLEL:=1 +PKG_LICENSE:=GPL-2.0+ + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/polarssl/Default + SUBMENU:=SSL + TITLE:=Embedded SSL + URL:=http://polarssl.org/ +endef + +define Package/polarssl/Default/description +The aim of the PolarSSL project is to provide a quality, open-source +cryptographic library written in C and targeted at embedded systems. +endef + +define Package/libpolarssl +$(call Package/polarssl/Default) + SECTION:=libs + CATEGORY:=Libraries + TITLE+= (library) + ABI_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE) +endef + +define Package/libpolarssl/description +$(call Package/polarssl/Default/description) +This package contains the PolarSSL library. +endef + +PKG_INSTALL:=1 + +CMAKE_OPTIONS += \ + -DCMAKE_BUILD_TYPE:String="Release" \ + -DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \ + -DENABLE_TESTING:Bool=OFF \ + -DENABLE_PROGRAMS:Bool=OFF \ + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/polarssl $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so.* $(1)/usr/lib/ + $(LN) libmbedtls.so.$(PKG_VERSION) $(1)/usr/lib/libpolarssl.so +endef + +define Package/libpolarssl/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libmbedtls.so.* $(1)/usr/lib/ + $(LN) libmbedtls.so.$(PKG_VERSION) $(1)/usr/lib/libpolarssl.so +endef + +$(eval $(call BuildPackage,libpolarssl)) diff --git a/package/lean/polarssl/patches/100-disable_sslv3.patch b/package/lean/polarssl/patches/100-disable_sslv3.patch new file mode 100644 index 000000000..56c6c4d23 --- /dev/null +++ b/package/lean/polarssl/patches/100-disable_sslv3.patch @@ -0,0 +1,12 @@ +--- a/include/polarssl/config.h ++++ b/include/polarssl/config.h +@@ -1011,8 +1011,8 @@ + * POLARSSL_SHA1_C + * + * Comment this macro to disable support for SSL 3.0 +- */ + #define POLARSSL_SSL_PROTO_SSL3 ++ */ + + /** + * \def POLARSSL_SSL_PROTO_TLS1 diff --git a/package/lean/polarssl/patches/200-reduce_config.patch b/package/lean/polarssl/patches/200-reduce_config.patch new file mode 100644 index 000000000..6fef1a6f5 --- /dev/null +++ b/package/lean/polarssl/patches/200-reduce_config.patch @@ -0,0 +1,252 @@ +--- a/include/polarssl/config.h ++++ b/include/polarssl/config.h +@@ -432,8 +432,8 @@ + * Requires: POLARSSL_HMAC_DRBG_C + * + * Comment this macro to disable deterministic ECDSA. +- */ + #define POLARSSL_ECDSA_DETERMINISTIC ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED +@@ -454,8 +454,8 @@ + * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED +@@ -478,8 +478,8 @@ + * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_DHE_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED +@@ -498,8 +498,8 @@ + * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED +@@ -523,8 +523,8 @@ + * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA + * TLS_RSA_PSK_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED +@@ -602,8 +602,8 @@ + * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_RSA_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +@@ -626,8 +626,8 @@ + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +- */ + #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +@@ -650,8 +650,8 @@ + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +- */ + #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ++ */ + + /** + * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED +@@ -674,8 +674,8 @@ + * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- */ + #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ++ */ + + /** + * \def POLARSSL_PK_PARSE_EC_EXTENDED +@@ -835,8 +835,8 @@ + * \def POLARSSL_SELF_TEST + * + * Enable the checkup functions (*_self_test). +- */ + #define POLARSSL_SELF_TEST ++ */ + + /** + * \def POLARSSL_SSL_AEAD_RANDOM_IV +@@ -1151,8 +1151,8 @@ + * Requires: POLARSSL_VERSION_C + * + * Comment this to disable run-time checking and save ROM space +- */ + #define POLARSSL_VERSION_FEATURES ++ */ + + /** + * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 +@@ -1470,8 +1470,8 @@ + * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 + * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 + * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- */ + #define POLARSSL_CAMELLIA_C ++ */ + + /** + * \def POLARSSL_CCM_C +@@ -1498,8 +1498,8 @@ + * Requires: POLARSSL_PEM_PARSE_C + * + * This module is used for testing (ssl_client/server). +- */ + #define POLARSSL_CERTS_C ++ */ + + /** + * \def POLARSSL_CIPHER_C +@@ -1538,8 +1538,8 @@ + * library/ssl_tls.c + * + * This module provides debugging functions. +- */ + #define POLARSSL_DEBUG_C ++ */ + + /** + * \def POLARSSL_DES_C +@@ -1594,8 +1594,8 @@ + * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK + * + * Requires: POLARSSL_ECP_C +- */ + #define POLARSSL_ECDH_C ++ */ + + /** + * \def POLARSSL_ECDSA_C +@@ -1609,8 +1609,8 @@ + * ECDHE-ECDSA + * + * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C +- */ + #define POLARSSL_ECDSA_C ++ */ + + /** + * \def POLARSSL_ECP_C +@@ -1622,8 +1622,8 @@ + * library/ecdsa.c + * + * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED +- */ + #define POLARSSL_ECP_C ++ */ + + /** + * \def POLARSSL_ENTROPY_C +@@ -1662,8 +1662,8 @@ + * + * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other + * requisites are enabled as well. +- */ + #define POLARSSL_GCM_C ++ */ + + /** + * \def POLARSSL_HAVEGE_C +@@ -1699,8 +1699,8 @@ + * Requires: POLARSSL_MD_C + * + * Uncomment to enable the HMAC_DRBG random number geerator. +- */ + #define POLARSSL_HMAC_DRBG_C ++ */ + + /** + * \def POLARSSL_MD_C +@@ -1826,8 +1826,8 @@ + * Requires: POLARSSL_HAVE_ASM + * + * This modules adds support for the VIA PadLock on x86. +- */ + #define POLARSSL_PADLOCK_C ++ */ + + /** + * \def POLARSSL_PBKDF2_C +@@ -1992,8 +1992,8 @@ + * Module: library/ripemd160.c + * Caller: library/md.c + * +- */ + #define POLARSSL_RIPEMD160_C ++ */ + + /** + * \def POLARSSL_RSA_C +@@ -2072,8 +2072,8 @@ + * Caller: + * + * Requires: POLARSSL_SSL_CACHE_C +- */ + #define POLARSSL_SSL_CACHE_C ++ */ + + /** + * \def POLARSSL_SSL_CLI_C +@@ -2149,8 +2149,8 @@ + * Caller: library/havege.c + * + * This module is used by the HAVEGE random number generator. +- */ + #define POLARSSL_TIMING_C ++ */ + + /** + * \def POLARSSL_VERSION_C +@@ -2160,8 +2160,8 @@ + * Module: library/version.c + * + * This module provides run-time version information. +- */ + #define POLARSSL_VERSION_C ++ */ + + /** + * \def POLARSSL_X509_USE_C +@@ -2270,8 +2270,8 @@ + * + * Module: library/xtea.c + * Caller: +- */ + #define POLARSSL_XTEA_C ++ */ + + /* \} name SECTION: mbed TLS modules */ + diff --git a/package/lean/shadowsocksR-libev-full/Makefile b/package/lean/shadowsocksR-libev-full/Makefile new file mode 100644 index 000000000..d91fe2836 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/Makefile @@ -0,0 +1,232 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=shadowsocksR-libev +PKG_VERSION:=3.0.9 +PKG_RELEASE:=3 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.gz +PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=d4904568c0bd7e0861c0cbfeaa43740f404db214 +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_MAINTAINER:=breakwa11 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +PKG_INSTALL:=1 +PKG_FIXUP:=autoreconf +PKG_USE_MIPS16:=0 +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/shadowsocksr-libev/Default + SECTION:=net + CATEGORY:=Network + TITLE:=Lightweight Secured Socks5 Proxy + URL:=https://github.com/breakwa11/shadowsocks-libev +endef + +define Package/shadowsocksr-libev + $(call Package/shadowsocksr-libev/Default) + TITLE+= (OpenSSL) + VARIANT:=openssl + DEPENDS:=+libopenssl +libpthread +libpcre +zlib +endef + +define Package/shadowsocksr-libev-alt + $(call Package/shadowsocksr-libev/Default) + TITLE+= (OpenSSL) + VARIANT:=openssl + DEPENDS:=+libopenssl +libpthread +libpcre +zlib +endef + +define Package/shadowsocksr-libev-mini + $(call Package/shadowsocksr-libev/Default) + TITLE+= (PolarSSL) + VARIANT:=polarssl + DEPENDS:=+libpolarssl +libpthread +libpcre +endef + +define Package/shadowsocksr-libev-polarssl + $(call Package/shadowsocksr-libev/Default) + TITLE+= (PolarSSL) + VARIANT:=polarssl + DEPENDS:=+libpolarssl +libpthread +libpcre +endef + +define Package/shadowsocksr-libev-gfwlist + $(call Package/shadowsocksr-libev/Default) + TITLE+= (OpenSSL) + VARIANT:=openssl + DEPENDS:=+libopenssl +libpthread +dnsmasq-full +ipset +iptables +wget +libpcre +endef + +define Package/shadowsocksr-libev-gfwlist-polarssl + $(call Package/shadowsocksr-libev/Default) + TITLE+= (PolarSSL) + VARIANT:=polarssl + DEPENDS:=+libpolarssl +libpthread +dnsmasq-full +ipset +iptables +wget-nossl +libpcre +endef + +define Package/shadowsocksr-libev-gfwlist-4M + $(call Package/shadowsocksr-libev/Default) + TITLE+= (PolarSSL) + VARIANT:=polarssl + DEPENDS:=+libpolarssl +libpthread +dnsmasq-full +ipset +iptables +libpcre +endef + + +define Package/shadowsocksr-libev/description +ShadowsocksR-libev is a lightweight secured socks5 proxy for embedded devices and low end boxes. +endef + +Package/shadowsocksr-libev-mini/description=$(Package/shadowsocksr-libev/description) +Package/shadowsocksr-libev-alt/description=$(Package/shadowsocksr-libev/description) +Package/shadowsocksr-libev-polarssl/description=$(Package/shadowsocksr-libev/description) +Package/shadowsocksr-libev-gfwlist/description=$(Package/shadowsocksr-libev/description) +Package/shadowsocksr-libev-gfwlist-polarssl/description=$(Package/shadowsocksr-libev/description) +Package/shadowsocksr-libev-gfwlist-4M/description=$(Package/shadowsocksr-libev/description) + + +define Package/shadowsocksr-libev/conffiles +/etc/shadowsocksr.json +endef + +Package/shadowsocksr-libev-alt/conffiles = $(Package/shadowsocksr-libev/conffiles) +Package/shadowsocksr-libev-mini/conffiles = $(Package/shadowsocksr-libev/conffiles) +Package/shadowsocksr-libev-polarssl/conffiles = $(Package/shadowsocksr-libev/conffiles) + +define Package/shadowsocksr-libev-gfwlist/conffiles +/etc/shadowsocksr.json +/etc/dnsmasq.d/custom_list.conf +endef + +Package/shadowsocksr-libev-gfwlist-polarssl/conffiles = $(Package/shadowsocksr-libev-gfwlist/conffiles) +Package/shadowsocksr-libev-gfwlist-4M/conffiles = $(Package/shadowsocksr-libev-gfwlist/conffiles) + + + +Package/shadowsocksr-libev-server-polarssl/conffiles = $(Package/shadowsocksr-libev-server/conffiles) + +define Package/shadowsocksr-libev-gfwlist/postinst +#!/bin/sh +if [ ! -f /etc/dnsmasq.d/custom_list.conf ]; then + echo "ipset -N gfwlist iphash" >> /etc/firewall.user + echo "iptables -t nat -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080" >> /etc/firewall.user + echo "iptables -t nat -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080" >> /etc/firewall.user + + echo "cache-size=5000" >> /etc/dnsmasq.conf + echo "min-cache-ttl=1800" >> /etc/dnsmasq.conf + echo "conf-dir=/etc/dnsmasq.d" >> /etc/dnsmasq.conf + + echo "*/10 * * * * /root/ssr-watchdog >> /var/log/shadowsocksr_watchdog.log 2>&1" >> /etc/crontabs/root + echo "0 1 * * 0 echo \"\" > /var/log/shadowsocksr_watchdog.log" >> /etc/crontabs/root +fi + +if [ -z "$${IPKG_INSTROOT}" ]; then + ipset create gfwlist hash:ip + iptables -t nat -I PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080 + iptables -t nat -I OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080 + + /etc/init.d/dnsmasq restart + /etc/init.d/cron restart + /etc/init.d/shadowsocksr restart +fi +exit 0 +endef + +define Package/shadowsocks-libev-gfwlist/postrm +#!/bin/sh +if [ -z "$${IPKG_INSTROOT}" ]; then + sed -i '/cache-size=5000/d' /etc/dnsmasq.conf + sed -i '/min-cache-ttl=1800/d' /etc/dnsmasq.conf + sed -i '/conf-dir=\/etc\/dnsmasq.d/d' /etc/dnsmasq.conf + rm -rf /etc/dnsmasq.d + /etc/init.d/dnsmasq restart + + sed -i '/ipset create gfwlist hash:ip/d' /etc/firewall.user + sed -i '/iptables -t nat -I PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080/d' /etc/firewall.user + sed -i '/iptables -t nat -I OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1080/d' /etc/firewall.user + ipset flush gfwlist + + sed -i '/shadowsocksr_watchdog.log/d' /etc/crontabs/root + /etc/init.d/cron restart +fi +exit 0 +endef + +Package/shadowsocksr-libev-gfwlist-polarssl/postinst = $(Package/shadowsocksr-libev-gfwlist/postinst) +Package/shadowsocksr-libev-gfwlist-polarssl/postrm = $(Package/shadowsocksr-libev-gfwlist/postrm) +Package/shadowsocksr-libev-gfwlist-4M/postinst = $(Package/shadowsocksr-libev-gfwlist/postinst) +Package/shadowsocksr-libev-gfwlist-4M/postrm = $(Package/shadowsocksr-libev-gfwlist/postrm) + +CONFIGURE_ARGS += --disable-ssp + +ifeq ($(BUILD_VARIANT),polarssl) + CONFIGURE_ARGS += --with-crypto-library=polarssl +endif + +define Package/shadowsocksr-libev/install + #$(INSTALL_DIR) $(1)/etc/init.d + #$(INSTALL_BIN) ./files/shadowsocksr $(1)/etc/init.d/shadowsocksr + #$(INSTALL_CONF) ./files/shadowsocksr.json $(1)/etc/shadowsocksr.json + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check + $(LN) ssr-local $(1)/usr/bin/ssr-tunnel +endef + +define Package/shadowsocksr-libev-mini/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir +endef + +define Package/shadowsocksr-libev-alt/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir +endef + +Package/shadowsocksr-libev-polarssl/install=$(Package/shadowsocksr-libev/install) + +define Package/shadowsocksr-libev-gfwlist/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir + $(LN) ssr-local $(1)/usr/bin/ssr-tunnel + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/shadowsocksr-gfwlist $(1)/etc/init.d/shadowsocksr + $(INSTALL_CONF) ./files/shadowsocksr-gfwlist.json $(1)/etc/shadowsocksr.json.main + $(INSTALL_CONF) ./files/shadowsocksr-gfwlist.json $(1)/etc/shadowsocksr.json.backup + $(INSTALL_CONF) ./files/firewall.user $(1)/etc/firewall.user + $(INSTALL_CONF) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf + $(INSTALL_DIR) $(1)/etc/dnsmasq.d + $(INSTALL_CONF) ./files/gfw_list.conf $(1)/etc/dnsmasq.d/gfw_list.conf + $(INSTALL_CONF) ./files/custom_list.conf $(1)/etc/dnsmasq.d/custom_list.conf + $(INSTALL_DIR) $(1)/root + $(INSTALL_BIN) ./files/ssr-watchdog $(1)/root/ssr-watchdog + $(INSTALL_DIR) $(1)/etc/crontabs + $(INSTALL_CONF) ./files/root $(1)/etc/crontabs/root + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller + $(INSTALL_CONF) ./files/shadowsocksr-libev.lua $(1)/usr/lib/lua/luci/controller/shadowsocksr-libev.lua + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev + $(INSTALL_CONF) ./files/shadowsocksr-libev-general.lua $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev/shadowsocksr-libev-general.lua + $(INSTALL_CONF) ./files/shadowsocksr-libev-backup.lua $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev/shadowsocksr-libev-backup.lua + $(INSTALL_CONF) ./files/shadowsocksr-libev-custom.lua $(1)/usr/lib/lua/luci/model/cbi/shadowsocksr-libev/shadowsocksr-libev-custom.lua + $(INSTALL_DIR) $(1)/usr/lib/lua/luci/view/shadowsocksr-libev + $(INSTALL_CONF) ./files/gfwlistr.htm $(1)/usr/lib/lua/luci/view/shadowsocksr-libev/gfwlistr.htm + $(INSTALL_CONF) ./files/watchdogr.htm $(1)/usr/lib/lua/luci/view/shadowsocksr-libev/watchdogr.htm +endef + +Package/shadowsocksr-libev-gfwlist-polarssl/install = $(Package/shadowsocksr-libev-gfwlist/install) +Package/shadowsocksr-libev-gfwlist-4M/install = $(Package/shadowsocksr-libev-gfwlist/install) + + +$(eval $(call BuildPackage,shadowsocksr-libev)) +$(eval $(call BuildPackage,shadowsocksr-libev-mini)) +$(eval $(call BuildPackage,shadowsocksr-libev-alt)) +$(eval $(call BuildPackage,shadowsocksr-libev-polarssl)) +$(eval $(call BuildPackage,shadowsocksr-libev-gfwlist)) +$(eval $(call BuildPackage,shadowsocksr-libev-gfwlist-polarssl)) +$(eval $(call BuildPackage,shadowsocksr-libev-gfwlist-4M)) + diff --git a/package/lean/shadowsocksR-libev-full/files/custom_list.conf b/package/lean/shadowsocksR-libev-full/files/custom_list.conf new file mode 100644 index 000000000..006595f72 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/custom_list.conf @@ -0,0 +1,2 @@ +#server=/.baidu.com/127.0.0.1#5353 +#ipset=/.baidu.com/gfwlist diff --git a/package/lean/shadowsocksR-libev-full/files/dnsmasq.conf b/package/lean/shadowsocksR-libev-full/files/dnsmasq.conf new file mode 100644 index 000000000..cd0660a7b --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/dnsmasq.conf @@ -0,0 +1,41 @@ +# Change the following lines if you want dnsmasq to serve SRV +# records. +# You may add multiple srv-host lines. +# The fields are ,,,, + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 289 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 + +# Two SRV records for LDAP, each with different priorities +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 + +# A SRV record indicating that there is no LDAP server for the domain +# example.com +#srv-host=_ldap._tcp.example.com + +# The following line shows how to make dnsmasq serve an arbitrary PTR +# record. This is useful for DNS-SD. +# The fields are , +#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" + +# Change the following lines to enable dnsmasq to serve TXT records. +# These are used for things like SPF and zeroconf. +# The fields are ,,... + +#Example SPF. +#txt-record=example.com,"v=spf1 a -all" + +#Example zeroconf +#txt-record=_http._tcp.example.com,name=value,paper=A4 + +# Provide an alias for a "local" DNS name. Note that this _only_ works +# for targets which are names from DHCP or /etc/hosts. Give host +# "bert" another name, bertrand +# The fields are , +#cname=bertand,bert + +cache-size=1000 +min-cache-ttl=1800 +conf-dir=/etc/dnsmasq.d diff --git a/package/lean/shadowsocksR-libev-full/files/firewall.user b/package/lean/shadowsocksR-libev-full/files/firewall.user new file mode 100644 index 000000000..cf5b87454 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/firewall.user @@ -0,0 +1,11 @@ +# This file is interpreted as shell script. +# Put your custom iptables rules here, they will +# be executed with each firewall (re-)start. + +# Internal uci firewall chains are flushed and recreated on reload, so +# put custom rules into the root chains e.g. INPUT or FORWARD or into the +# special user chains, e.g. input_wan_rule or postrouting_lan_rule. + +ipset create gfwlist hash:ip +iptables -t nat -I PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 8989 +iptables -t nat -I OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 8989 diff --git a/package/lean/shadowsocksR-libev-full/files/gfw_list.conf b/package/lean/shadowsocksR-libev-full/files/gfw_list.conf new file mode 100644 index 000000000..56880fe6c --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/gfw_list.conf @@ -0,0 +1,6988 @@ +server=/.0to255.com/127.0.0.1#5353 +ipset=/.0to255.com/gfwlist +server=/.1000giri.net/127.0.0.1#5353 +ipset=/.1000giri.net/gfwlist +server=/.100ke.org/127.0.0.1#5353 +ipset=/.100ke.org/gfwlist +server=/.10conditionsoflove.com/127.0.0.1#5353 +ipset=/.10conditionsoflove.com/gfwlist +server=/.10musume.com/127.0.0.1#5353 +ipset=/.10musume.com/gfwlist +server=/.123rf.com/127.0.0.1#5353 +ipset=/.123rf.com/gfwlist +server=/.12bet.com/127.0.0.1#5353 +ipset=/.12bet.com/gfwlist +server=/.12vpn.com/127.0.0.1#5353 +ipset=/.12vpn.com/gfwlist +server=/.12vpn.net/127.0.0.1#5353 +ipset=/.12vpn.net/gfwlist +server=/.141hongkong.com/127.0.0.1#5353 +ipset=/.141hongkong.com/gfwlist +server=/.141tube.com/127.0.0.1#5353 +ipset=/.141tube.com/gfwlist +server=/.1688.com.au/127.0.0.1#5353 +ipset=/.1688.com.au/gfwlist +server=/.173ng.com/127.0.0.1#5353 +ipset=/.173ng.com/gfwlist +server=/.17t17p.com/127.0.0.1#5353 +ipset=/.17t17p.com/gfwlist +server=/.18onlygirls.com/127.0.0.1#5353 +ipset=/.18onlygirls.com/gfwlist +server=/.1949er.org/127.0.0.1#5353 +ipset=/.1949er.org/gfwlist +server=/.1984bbs.com/127.0.0.1#5353 +ipset=/.1984bbs.com/gfwlist +server=/.1984bbs.org/127.0.0.1#5353 +ipset=/.1984bbs.org/gfwlist +server=/.1998cdp.org/127.0.0.1#5353 +ipset=/.1998cdp.org/gfwlist +server=/.1bao.org/127.0.0.1#5353 +ipset=/.1bao.org/gfwlist +server=/.1e100.net/127.0.0.1#5353 +ipset=/.1e100.net/gfwlist +server=/.1eew.com/127.0.0.1#5353 +ipset=/.1eew.com/gfwlist +server=/.1pondo.tv/127.0.0.1#5353 +ipset=/.1pondo.tv/gfwlist +server=/.2000fun.com/127.0.0.1#5353 +ipset=/.2000fun.com/gfwlist +server=/.2008xianzhang.info/127.0.0.1#5353 +ipset=/.2008xianzhang.info/gfwlist +server=/.2017.hk/127.0.0.1#5353 +ipset=/.2017.hk/gfwlist +server=/.21andy.com/127.0.0.1#5353 +ipset=/.21andy.com/gfwlist +server=/.21pron.com/127.0.0.1#5353 +ipset=/.21pron.com/gfwlist +server=/.24smile.org/127.0.0.1#5353 +ipset=/.24smile.org/gfwlist +server=/.2-hand.info/127.0.0.1#5353 +ipset=/.2-hand.info/gfwlist +server=/.2lipstube.com/127.0.0.1#5353 +ipset=/.2lipstube.com/gfwlist +server=/.2shared.com/127.0.0.1#5353 +ipset=/.2shared.com/gfwlist +server=/.315lz.com/127.0.0.1#5353 +ipset=/.315lz.com/gfwlist +server=/.32red.com/127.0.0.1#5353 +ipset=/.32red.com/gfwlist +server=/.36rain.com/127.0.0.1#5353 +ipset=/.36rain.com/gfwlist +server=/.3a5a.com/127.0.0.1#5353 +ipset=/.3a5a.com/gfwlist +server=/.3boys2girls.com/127.0.0.1#5353 +ipset=/.3boys2girls.com/gfwlist +server=/.3ren.ca/127.0.0.1#5353 +ipset=/.3ren.ca/gfwlist +server=/.3tui.net/127.0.0.1#5353 +ipset=/.3tui.net/gfwlist +server=/.4bluestones.biz/127.0.0.1#5353 +ipset=/.4bluestones.biz/gfwlist +server=/.4chan.org/127.0.0.1#5353 +ipset=/.4chan.org/gfwlist +server=/.4irc.com/127.0.0.1#5353 +ipset=/.4irc.com/gfwlist +server=/.4shared.com/127.0.0.1#5353 +ipset=/.4shared.com/gfwlist +server=/.4sq.com/127.0.0.1#5353 +ipset=/.4sq.com/gfwlist +server=/.51.ca/127.0.0.1#5353 +ipset=/.51.ca/gfwlist +server=/.51luoben.com/127.0.0.1#5353 +ipset=/.51luoben.com/gfwlist +server=/.56cun04.jigsy.com/127.0.0.1#5353 +ipset=/.56cun04.jigsy.com/gfwlist +server=/.5i01.com/127.0.0.1#5353 +ipset=/.5i01.com/gfwlist +server=/.5isotoi5.org/127.0.0.1#5353 +ipset=/.5isotoi5.org/gfwlist +server=/.5maodang.com/127.0.0.1#5353 +ipset=/.5maodang.com/gfwlist +server=/.64museum.org/127.0.0.1#5353 +ipset=/.64museum.org/gfwlist +server=/.64tianwang.com/127.0.0.1#5353 +ipset=/.64tianwang.com/gfwlist +server=/.64wiki.com/127.0.0.1#5353 +ipset=/.64wiki.com/gfwlist +server=/.66.ca/127.0.0.1#5353 +ipset=/.66.ca/gfwlist +server=/.666kb.com/127.0.0.1#5353 +ipset=/.666kb.com/gfwlist +server=/.6park.com/127.0.0.1#5353 +ipset=/.6park.com/gfwlist +server=/.7capture.com/127.0.0.1#5353 +ipset=/.7capture.com/gfwlist +server=/.85.17.73.31/127.0.0.1#5353 +ipset=/.85.17.73.31/gfwlist +server=/.85st.com/127.0.0.1#5353 +ipset=/.85st.com/gfwlist +server=/.881903.com/127.0.0.1#5353 +ipset=/.881903.com/gfwlist +server=/.888.com/127.0.0.1#5353 +ipset=/.888.com/gfwlist +server=/.89-64.org/127.0.0.1#5353 +ipset=/.89-64.org/gfwlist +server=/.8-d.com/127.0.0.1#5353 +ipset=/.8-d.com/gfwlist +server=/.8z1.net/127.0.0.1#5353 +ipset=/.8z1.net/gfwlist +server=/.9001700.com/127.0.0.1#5353 +ipset=/.9001700.com/gfwlist +server=/.908taiwan.org/127.0.0.1#5353 +ipset=/.908taiwan.org/gfwlist +server=/.91porn.com/127.0.0.1#5353 +ipset=/.91porn.com/gfwlist +server=/.92ccav.com/127.0.0.1#5353 +ipset=/.92ccav.com/gfwlist +server=/.99btgc01.com/127.0.0.1#5353 +ipset=/.99btgc01.com/gfwlist +server=/.99cn.info/127.0.0.1#5353 +ipset=/.99cn.info/gfwlist +server=/.9bis.com/127.0.0.1#5353 +ipset=/.9bis.com/gfwlist +server=/.9bis.net/127.0.0.1#5353 +ipset=/.9bis.net/gfwlist +server=/.a248.e.akamai.net/127.0.0.1#5353 +ipset=/.a248.e.akamai.net/gfwlist +server=/.a5.com.ru/127.0.0.1#5353 +ipset=/.a5.com.ru/gfwlist +server=/.aamacau.com/127.0.0.1#5353 +ipset=/.aamacau.com/gfwlist +server=/.abc.com/127.0.0.1#5353 +ipset=/.abc.com/gfwlist +server=/.abc.pp.ru/127.0.0.1#5353 +ipset=/.abc.pp.ru/gfwlist +server=/.abc.xyz/127.0.0.1#5353 +ipset=/.abc.xyz/gfwlist +server=/.abchinese.com/127.0.0.1#5353 +ipset=/.abchinese.com/gfwlist +server=/.abitno.linpie.com/127.0.0.1#5353 +ipset=/.abitno.linpie.com/gfwlist +server=/.ablwang.com/127.0.0.1#5353 +ipset=/.ablwang.com/gfwlist +server=/.aboluowang.com/127.0.0.1#5353 +ipset=/.aboluowang.com/gfwlist +server=/.aboutgfw.com/127.0.0.1#5353 +ipset=/.aboutgfw.com/gfwlist +server=/.abs.edu/127.0.0.1#5353 +ipset=/.abs.edu/gfwlist +server=/.ac.jiruan.net/127.0.0.1#5353 +ipset=/.ac.jiruan.net/gfwlist +server=/.acevpn.com/127.0.0.1#5353 +ipset=/.acevpn.com/gfwlist +server=/.acgkj.com/127.0.0.1#5353 +ipset=/.acgkj.com/gfwlist +server=/.actimes.com.au/127.0.0.1#5353 +ipset=/.actimes.com.au/gfwlist +server=/.activpn.com/127.0.0.1#5353 +ipset=/.activpn.com/gfwlist +server=/.aculo.us/127.0.0.1#5353 +ipset=/.aculo.us/gfwlist +server=/.addictedtocoffee.de/127.0.0.1#5353 +ipset=/.addictedtocoffee.de/gfwlist +server=/.admob.com/127.0.0.1#5353 +ipset=/.admob.com/gfwlist +server=/.adpl.org.hk/127.0.0.1#5353 +ipset=/.adpl.org.hk/gfwlist +server=/.adult.friendfinder.com/127.0.0.1#5353 +ipset=/.adult.friendfinder.com/gfwlist +server=/.adultfriendfinder.com/127.0.0.1#5353 +ipset=/.adultfriendfinder.com/gfwlist +server=/.adultkeep.net/127.0.0.1#5353 +ipset=/.adultkeep.net/gfwlist +server=/.adult-sex-games.com/127.0.0.1#5353 +ipset=/.adult-sex-games.com/gfwlist +server=/.advanscene.com/127.0.0.1#5353 +ipset=/.advanscene.com/gfwlist +server=/.advertfan.com/127.0.0.1#5353 +ipset=/.advertfan.com/gfwlist +server=/.ae.hao123.com/127.0.0.1#5353 +ipset=/.ae.hao123.com/gfwlist +server=/.aenhancers.com/127.0.0.1#5353 +ipset=/.aenhancers.com/gfwlist +server=/.af.mil/127.0.0.1#5353 +ipset=/.af.mil/gfwlist +server=/.afantibbs.com/127.0.0.1#5353 +ipset=/.afantibbs.com/gfwlist +server=/.agnesb.fr/127.0.0.1#5353 +ipset=/.agnesb.fr/gfwlist +server=/.agoogleaday.com/127.0.0.1#5353 +ipset=/.agoogleaday.com/gfwlist +server=/.ai-kan.net/127.0.0.1#5353 +ipset=/.ai-kan.net/gfwlist +server=/.aiph.net/127.0.0.1#5353 +ipset=/.aiph.net/gfwlist +server=/.airvpn.org/127.0.0.1#5353 +ipset=/.airvpn.org/gfwlist +server=/.aisex.com/127.0.0.1#5353 +ipset=/.aisex.com/gfwlist +server=/.aiweiwei.com/127.0.0.1#5353 +ipset=/.aiweiwei.com/gfwlist +server=/.aiweiweiblog.com/127.0.0.1#5353 +ipset=/.aiweiweiblog.com/gfwlist +server=/.ai-wen.net/127.0.0.1#5353 +ipset=/.ai-wen.net/gfwlist +server=/.akamaihd.net/127.0.0.1#5353 +ipset=/.akamaihd.net/gfwlist +server=/.akiba-online.com/127.0.0.1#5353 +ipset=/.akiba-online.com/gfwlist +server=/.akiba-web.com/127.0.0.1#5353 +ipset=/.akiba-web.com/gfwlist +server=/.alabout.com/127.0.0.1#5353 +ipset=/.alabout.com/gfwlist +server=/.alasbarricadas.org/127.0.0.1#5353 +ipset=/.alasbarricadas.org/gfwlist +server=/.alexlur.org/127.0.0.1#5353 +ipset=/.alexlur.org/gfwlist +server=/.alforattv.net/127.0.0.1#5353 +ipset=/.alforattv.net/gfwlist +server=/.aliengu.com/127.0.0.1#5353 +ipset=/.aliengu.com/gfwlist +server=/.alien-ufos.com/127.0.0.1#5353 +ipset=/.alien-ufos.com/gfwlist +server=/.alkasir.com/127.0.0.1#5353 +ipset=/.alkasir.com/gfwlist +server=/.allconnected.co/127.0.0.1#5353 +ipset=/.allconnected.co/gfwlist +server=/.alldrawnsex.com/127.0.0.1#5353 +ipset=/.alldrawnsex.com/gfwlist +server=/.allgirlsallowed.org/127.0.0.1#5353 +ipset=/.allgirlsallowed.org/gfwlist +server=/.alliance.org.hk/127.0.0.1#5353 +ipset=/.alliance.org.hk/gfwlist +server=/.allinfa.com/127.0.0.1#5353 +ipset=/.allinfa.com/gfwlist +server=/.allmovie.com/127.0.0.1#5353 +ipset=/.allmovie.com/gfwlist +server=/.allonlinux.free.fr/127.0.0.1#5353 +ipset=/.allonlinux.free.fr/gfwlist +server=/.al-qimmah.net/127.0.0.1#5353 +ipset=/.al-qimmah.net/gfwlist +server=/.alternate-tools.com/127.0.0.1#5353 +ipset=/.alternate-tools.com/gfwlist +server=/.altrec.com/127.0.0.1#5353 +ipset=/.altrec.com/gfwlist +server=/.alvinalexander.com/127.0.0.1#5353 +ipset=/.alvinalexander.com/gfwlist +server=/.alwaysdata.com/127.0.0.1#5353 +ipset=/.alwaysdata.com/gfwlist +server=/.alwaysdata.net/127.0.0.1#5353 +ipset=/.alwaysdata.net/gfwlist +server=/.alwaysvpn.com/127.0.0.1#5353 +ipset=/.alwaysvpn.com/gfwlist +server=/.am730.com.hk/127.0.0.1#5353 +ipset=/.am730.com.hk/gfwlist +server=/.amazon.com/127.0.0.1#5353 +ipset=/.amazon.com/gfwlist +server=/.ameblo.jp/127.0.0.1#5353 +ipset=/.ameblo.jp/gfwlist +server=/.americangreencard.com/127.0.0.1#5353 +ipset=/.americangreencard.com/gfwlist +server=/.amiblockedornot.com/127.0.0.1#5353 +ipset=/.amiblockedornot.com/gfwlist +server=/.amnesty.org/127.0.0.1#5353 +ipset=/.amnesty.org/gfwlist +server=/.amnestyusa.org/127.0.0.1#5353 +ipset=/.amnestyusa.org/gfwlist +server=/.amnyemachen.org/127.0.0.1#5353 +ipset=/.amnyemachen.org/gfwlist +server=/.amoiist.com/127.0.0.1#5353 +ipset=/.amoiist.com/gfwlist +server=/.analyze-v.com/127.0.0.1#5353 +ipset=/.analyze-v.com/gfwlist +server=/.anchorfree.com/127.0.0.1#5353 +ipset=/.anchorfree.com/gfwlist +server=/.ancsconf.org/127.0.0.1#5353 +ipset=/.ancsconf.org/gfwlist +server=/.andfaraway.net/127.0.0.1#5353 +ipset=/.andfaraway.net/gfwlist +server=/.android.com/127.0.0.1#5353 +ipset=/.android.com/gfwlist +server=/.androidify.com/127.0.0.1#5353 +ipset=/.androidify.com/gfwlist +server=/.android-x86.org/127.0.0.1#5353 +ipset=/.android-x86.org/gfwlist +server=/.angularjs.org/127.0.0.1#5353 +ipset=/.angularjs.org/gfwlist +server=/.animecrazy.net/127.0.0.1#5353 +ipset=/.animecrazy.net/gfwlist +server=/.aniscartujo.com/127.0.0.1#5353 +ipset=/.aniscartujo.com/gfwlist +server=/.anobii.com/127.0.0.1#5353 +ipset=/.anobii.com/gfwlist +server=/.anontext.com/127.0.0.1#5353 +ipset=/.anontext.com/gfwlist +server=/.anonymitynetwork.com/127.0.0.1#5353 +ipset=/.anonymitynetwork.com/gfwlist +server=/.anonymizer.com/127.0.0.1#5353 +ipset=/.anonymizer.com/gfwlist +server=/.a-normal-day.com/127.0.0.1#5353 +ipset=/.a-normal-day.com/gfwlist +server=/.answering-islam.org/127.0.0.1#5353 +ipset=/.answering-islam.org/gfwlist +server=/.anthonycalzadilla.com/127.0.0.1#5353 +ipset=/.anthonycalzadilla.com/gfwlist +server=/.antiwave.net/127.0.0.1#5353 +ipset=/.antiwave.net/gfwlist +server=/.anysex.com/127.0.0.1#5353 +ipset=/.anysex.com/gfwlist +server=/.aobo.com.au/127.0.0.1#5353 +ipset=/.aobo.com.au/gfwlist +server=/.aolchannels.aol.com/127.0.0.1#5353 +ipset=/.aolchannels.aol.com/gfwlist +server=/.aomiwang.com/127.0.0.1#5353 +ipset=/.aomiwang.com/gfwlist +server=/.apetube.com/127.0.0.1#5353 +ipset=/.apetube.com/gfwlist +server=/.api.linksalpha.com/127.0.0.1#5353 +ipset=/.api.linksalpha.com/gfwlist +server=/.api.proxlet.com/127.0.0.1#5353 +ipset=/.api.proxlet.com/gfwlist +server=/.api.supertweet.net/127.0.0.1#5353 +ipset=/.api.supertweet.net/gfwlist +server=/.apiary.io/127.0.0.1#5353 +ipset=/.apiary.io/gfwlist +server=/.apidocs.linksalpha.com/127.0.0.1#5353 +ipset=/.apidocs.linksalpha.com/gfwlist +server=/.apigee.com/127.0.0.1#5353 +ipset=/.apigee.com/gfwlist +server=/.app.box.com/127.0.0.1#5353 +ipset=/.app.box.com/gfwlist +server=/.app.heywire.com/127.0.0.1#5353 +ipset=/.app.heywire.com/gfwlist +server=/.appledaily.com/127.0.0.1#5353 +ipset=/.appledaily.com/gfwlist +server=/.appspot.com/127.0.0.1#5353 +ipset=/.appspot.com/gfwlist +server=/.ar.hao123.com/127.0.0.1#5353 +ipset=/.ar.hao123.com/gfwlist +server=/.archive.is/127.0.0.1#5353 +ipset=/.archive.is/gfwlist +server=/.archive.org/127.0.0.1#5353 +ipset=/.archive.org/gfwlist +server=/.arctosia.com/127.0.0.1#5353 +ipset=/.arctosia.com/gfwlist +server=/.areca-backup.org/127.0.0.1#5353 +ipset=/.areca-backup.org/gfwlist +server=/.arethusa.su/127.0.0.1#5353 +ipset=/.arethusa.su/gfwlist +server=/.arlingtoncemetery.mil/127.0.0.1#5353 +ipset=/.arlingtoncemetery.mil/gfwlist +server=/.army.mil/127.0.0.1#5353 +ipset=/.army.mil/gfwlist +server=/.artsy.net/127.0.0.1#5353 +ipset=/.artsy.net/gfwlist +server=/.asahichinese.com/127.0.0.1#5353 +ipset=/.asahichinese.com/gfwlist +server=/.asdfg.jp/127.0.0.1#5353 +ipset=/.asdfg.jp/gfwlist +server=/.asg.to/127.0.0.1#5353 +ipset=/.asg.to/gfwlist +server=/.asiaharvest.org/127.0.0.1#5353 +ipset=/.asiaharvest.org/gfwlist +server=/.asianews.it/127.0.0.1#5353 +ipset=/.asianews.it/gfwlist +server=/.asianspiss.com/127.0.0.1#5353 +ipset=/.asianspiss.com/gfwlist +server=/.asianwomensfilm.de/127.0.0.1#5353 +ipset=/.asianwomensfilm.de/gfwlist +server=/.asiatgp.com/127.0.0.1#5353 +ipset=/.asiatgp.com/gfwlist +server=/.askstudent.com/127.0.0.1#5353 +ipset=/.askstudent.com/gfwlist +server=/.askynz.net/127.0.0.1#5353 +ipset=/.askynz.net/gfwlist +server=/.assembla.com/127.0.0.1#5353 +ipset=/.assembla.com/gfwlist +server=/.astonmartinnews.com/127.0.0.1#5353 +ipset=/.astonmartinnews.com/gfwlist +server=/.astrill.com/127.0.0.1#5353 +ipset=/.astrill.com/gfwlist +server=/.atc.org.au/127.0.0.1#5353 +ipset=/.atc.org.au/gfwlist +server=/.atchinese.com/127.0.0.1#5353 +ipset=/.atchinese.com/gfwlist +server=/.atdmt.com/127.0.0.1#5353 +ipset=/.atdmt.com/gfwlist +server=/.atgfw.org/127.0.0.1#5353 +ipset=/.atgfw.org/gfwlist +server=/.athenaeizou.com/127.0.0.1#5353 +ipset=/.athenaeizou.com/gfwlist +server=/.atlaspost.com/127.0.0.1#5353 +ipset=/.atlaspost.com/gfwlist +server=/.atnext.com/127.0.0.1#5353 +ipset=/.atnext.com/gfwlist +server=/.av.nightlife141.com/127.0.0.1#5353 +ipset=/.av.nightlife141.com/gfwlist +server=/.avaaz.org/127.0.0.1#5353 +ipset=/.avaaz.org/gfwlist +server=/.avcity.tv/127.0.0.1#5353 +ipset=/.avcity.tv/gfwlist +server=/.avcool.com/127.0.0.1#5353 +ipset=/.avcool.com/gfwlist +server=/.avdb.in/127.0.0.1#5353 +ipset=/.avdb.in/gfwlist +server=/.avdb.tv/127.0.0.1#5353 +ipset=/.avdb.tv/gfwlist +server=/.avfantasy.com/127.0.0.1#5353 +ipset=/.avfantasy.com/gfwlist +server=/.avidemux.org/127.0.0.1#5353 +ipset=/.avidemux.org/gfwlist +server=/.avoision.com/127.0.0.1#5353 +ipset=/.avoision.com/gfwlist +server=/.avyahoo.com/127.0.0.1#5353 +ipset=/.avyahoo.com/gfwlist +server=/.awardwinningfjords.com/127.0.0.1#5353 +ipset=/.awardwinningfjords.com/gfwlist +server=/.axureformac.com/127.0.0.1#5353 +ipset=/.axureformac.com/gfwlist +server=/.azerimix.com/127.0.0.1#5353 +ipset=/.azerimix.com/gfwlist +server=/.azubu.tv/127.0.0.1#5353 +ipset=/.azubu.tv/gfwlist +server=/.azurewebsites.net/127.0.0.1#5353 +ipset=/.azurewebsites.net/gfwlist +server=/.babynet.com.hk/127.0.0.1#5353 +ipset=/.babynet.com.hk/gfwlist +server=/.backchina.com/127.0.0.1#5353 +ipset=/.backchina.com/gfwlist +server=/.backtotiananmen.com/127.0.0.1#5353 +ipset=/.backtotiananmen.com/gfwlist +server=/.badoo.com/127.0.0.1#5353 +ipset=/.badoo.com/gfwlist +server=/.baidu.jp/127.0.0.1#5353 +ipset=/.baidu.jp/gfwlist +server=/.baixing.me/127.0.0.1#5353 +ipset=/.baixing.me/gfwlist +server=/.banana-vpn.com/127.0.0.1#5353 +ipset=/.banana-vpn.com/gfwlist +server=/.bangyoulater.com/127.0.0.1#5353 +ipset=/.bangyoulater.com/gfwlist +server=/.bannedbook.org/127.0.0.1#5353 +ipset=/.bannedbook.org/gfwlist +server=/.barenakedislam.com/127.0.0.1#5353 +ipset=/.barenakedislam.com/gfwlist +server=/.barnabu.co.uk/127.0.0.1#5353 +ipset=/.barnabu.co.uk/gfwlist +server=/.barracuda.com/127.0.0.1#5353 +ipset=/.barracuda.com/gfwlist +server=/.bayvoice.net/127.0.0.1#5353 +ipset=/.bayvoice.net/gfwlist +server=/.bbc.co/127.0.0.1#5353 +ipset=/.bbc.co/gfwlist +server=/.bbc.com/127.0.0.1#5353 +ipset=/.bbc.com/gfwlist +server=/.bbc.co.uk/127.0.0.1#5353 +ipset=/.bbc.co.uk/gfwlist +server=/.bbc.in/127.0.0.1#5353 +ipset=/.bbc.in/gfwlist +server=/.bbcchinese.com/127.0.0.1#5353 +ipset=/.bbcchinese.com/gfwlist +server=/.bbg.gov/127.0.0.1#5353 +ipset=/.bbg.gov/gfwlist +server=/.bbs.brockbbs.com/127.0.0.1#5353 +ipset=/.bbs.brockbbs.com/gfwlist +server=/.bbs.cantonese.asia/127.0.0.1#5353 +ipset=/.bbs.cantonese.asia/gfwlist +server=/.bbs.ecstart.com/127.0.0.1#5353 +ipset=/.bbs.ecstart.com/gfwlist +server=/.bbs.hanminzu.org/127.0.0.1#5353 +ipset=/.bbs.hanminzu.org/gfwlist +server=/.bbs.morbell.com/127.0.0.1#5353 +ipset=/.bbs.morbell.com/gfwlist +server=/.bbs.mychat.to/127.0.0.1#5353 +ipset=/.bbs.mychat.to/gfwlist +server=/.bbs.netbig.com/127.0.0.1#5353 +ipset=/.bbs.netbig.com/gfwlist +server=/.bbs.ozchinese.com/127.0.0.1#5353 +ipset=/.bbs.ozchinese.com/gfwlist +server=/.bbs.qmzdd.com/127.0.0.1#5353 +ipset=/.bbs.qmzdd.com/gfwlist +server=/.bbs.sina.com/127.0.0.1#5353 +ipset=/.bbs.sina.com/gfwlist +server=/.bbs.skykiwi.com/127.0.0.1#5353 +ipset=/.bbs.skykiwi.com/gfwlist +server=/.bbs.tuitui.info/127.0.0.1#5353 +ipset=/.bbs.tuitui.info/gfwlist +server=/.bbsdigest.com/127.0.0.1#5353 +ipset=/.bbsdigest.com/gfwlist +server=/.bbsfeed.com/127.0.0.1#5353 +ipset=/.bbsfeed.com/gfwlist +server=/.bbsland.com/127.0.0.1#5353 +ipset=/.bbsland.com/gfwlist +server=/.bbsone.com/127.0.0.1#5353 +ipset=/.bbsone.com/gfwlist +server=/.bcchinese.net/127.0.0.1#5353 +ipset=/.bcchinese.net/gfwlist +server=/.bebo.com/127.0.0.1#5353 +ipset=/.bebo.com/gfwlist +server=/.beeg.com/127.0.0.1#5353 +ipset=/.beeg.com/gfwlist +server=/.beevpn.com/127.0.0.1#5353 +ipset=/.beevpn.com/gfwlist +server=/.behindkink.com/127.0.0.1#5353 +ipset=/.behindkink.com/gfwlist +server=/.beijing1989.com/127.0.0.1#5353 +ipset=/.beijing1989.com/gfwlist +server=/.beijingspring.com/127.0.0.1#5353 +ipset=/.beijingspring.com/gfwlist +server=/.beric.me/127.0.0.1#5353 +ipset=/.beric.me/gfwlist +server=/.berlintwitterwall.com/127.0.0.1#5353 +ipset=/.berlintwitterwall.com/gfwlist +server=/.bestforchina.org/127.0.0.1#5353 +ipset=/.bestforchina.org/gfwlist +server=/.bestvpn.com/127.0.0.1#5353 +ipset=/.bestvpn.com/gfwlist +server=/.bestvpnservice.com/127.0.0.1#5353 +ipset=/.bestvpnservice.com/gfwlist +server=/.bestvpnusa.com/127.0.0.1#5353 +ipset=/.bestvpnusa.com/gfwlist +server=/.bet365.com/127.0.0.1#5353 +ipset=/.bet365.com/gfwlist +server=/.beta.usejump.com/127.0.0.1#5353 +ipset=/.beta.usejump.com/gfwlist +server=/.betfair.com/127.0.0.1#5353 +ipset=/.betfair.com/gfwlist +server=/.bettervpn.com/127.0.0.1#5353 +ipset=/.bettervpn.com/gfwlist +server=/.bettween.com/127.0.0.1#5353 +ipset=/.bettween.com/gfwlist +server=/.betvictor.com/127.0.0.1#5353 +ipset=/.betvictor.com/gfwlist +server=/.bewww.net/127.0.0.1#5353 +ipset=/.bewww.net/gfwlist +server=/.beyondfirewall.com/127.0.0.1#5353 +ipset=/.beyondfirewall.com/gfwlist +server=/.bfnn.org/127.0.0.1#5353 +ipset=/.bfnn.org/gfwlist +server=/.bfsh.hk/127.0.0.1#5353 +ipset=/.bfsh.hk/gfwlist +server=/.bgvpn.com/127.0.0.1#5353 +ipset=/.bgvpn.com/gfwlist +server=/.biantailajiao.com/127.0.0.1#5353 +ipset=/.biantailajiao.com/gfwlist +server=/.biantailajiao.in/127.0.0.1#5353 +ipset=/.biantailajiao.in/gfwlist +server=/.biblesforamerica.org/127.0.0.1#5353 +ipset=/.biblesforamerica.org/gfwlist +server=/.bic2011.org/127.0.0.1#5353 +ipset=/.bic2011.org/gfwlist +server=/.bigfools.com/127.0.0.1#5353 +ipset=/.bigfools.com/gfwlist +server=/.bigjapanesesex.com/127.0.0.1#5353 +ipset=/.bigjapanesesex.com/gfwlist +server=/.bignews.org/127.0.0.1#5353 +ipset=/.bignews.org/gfwlist +server=/.bigsound.org/127.0.0.1#5353 +ipset=/.bigsound.org/gfwlist +server=/.bill.zhong.pp.ru/127.0.0.1#5353 +ipset=/.bill.zhong.pp.ru/gfwlist +server=/.billypan.com/127.0.0.1#5353 +ipset=/.billypan.com/gfwlist +server=/.billywr.com/127.0.0.1#5353 +ipset=/.billywr.com/gfwlist +server=/.bipic.net/127.0.0.1#5353 +ipset=/.bipic.net/gfwlist +server=/.bit.ly/127.0.0.1#5353 +ipset=/.bit.ly/gfwlist +server=/.bitcointalk.org/127.0.0.1#5353 +ipset=/.bitcointalk.org/gfwlist +server=/.bitshare.com/127.0.0.1#5353 +ipset=/.bitshare.com/gfwlist +server=/.bitsnoop.com/127.0.0.1#5353 +ipset=/.bitsnoop.com/gfwlist +server=/.bjzc.org/127.0.0.1#5353 +ipset=/.bjzc.org/gfwlist +server=/.blacklogic.com/127.0.0.1#5353 +ipset=/.blacklogic.com/gfwlist +server=/.blackvpn.com/127.0.0.1#5353 +ipset=/.blackvpn.com/gfwlist +server=/.blinkx.com/127.0.0.1#5353 +ipset=/.blinkx.com/gfwlist +server=/.blinw.com/127.0.0.1#5353 +ipset=/.blinw.com/gfwlist +server=/.blip.tv/127.0.0.1#5353 +ipset=/.blip.tv/gfwlist +server=/.blockcn.com/127.0.0.1#5353 +ipset=/.blockcn.com/gfwlist +server=/.blog.cnyes.com/127.0.0.1#5353 +ipset=/.blog.cnyes.com/gfwlist +server=/.blog.de/127.0.0.1#5353 +ipset=/.blog.de/gfwlist +server=/.blog.exblog.co.jp/127.0.0.1#5353 +ipset=/.blog.exblog.co.jp/gfwlist +server=/.blog.excite.co.jp/127.0.0.1#5353 +ipset=/.blog.excite.co.jp/gfwlist +server=/.blog.expofutures.com/127.0.0.1#5353 +ipset=/.blog.expofutures.com/gfwlist +server=/.blog.fizzik.com/127.0.0.1#5353 +ipset=/.blog.fizzik.com/gfwlist +server=/.blog.foolsmountain.com/127.0.0.1#5353 +ipset=/.blog.foolsmountain.com/gfwlist +server=/.blog.istef.info/127.0.0.1#5353 +ipset=/.blog.istef.info/gfwlist +server=/.blog.jackjia.com/127.0.0.1#5353 +ipset=/.blog.jackjia.com/gfwlist +server=/.blog.kangye.org/127.0.0.1#5353 +ipset=/.blog.kangye.org/gfwlist +server=/.blog.lester850.info/127.0.0.1#5353 +ipset=/.blog.lester850.info/gfwlist +server=/.blog.openinkpot.org/127.0.0.1#5353 +ipset=/.blog.openinkpot.org/gfwlist +server=/.blog.pathtosharepoint.com/127.0.0.1#5353 +ipset=/.blog.pathtosharepoint.com/gfwlist +server=/.blog.pentalogic.net/127.0.0.1#5353 +ipset=/.blog.pentalogic.net/gfwlist +server=/.blog.qooza.hk/127.0.0.1#5353 +ipset=/.blog.qooza.hk/gfwlist +server=/.blog.ranxiang.com/127.0.0.1#5353 +ipset=/.blog.ranxiang.com/gfwlist +server=/.blog.sogoo.org/127.0.0.1#5353 +ipset=/.blog.sogoo.org/gfwlist +server=/.blog.syx86.cn/127.0.0.1#5353 +ipset=/.blog.syx86.cn/gfwlist +server=/.blog.syx86.com/127.0.0.1#5353 +ipset=/.blog.syx86.com/gfwlist +server=/.blog.taragana.com/127.0.0.1#5353 +ipset=/.blog.taragana.com/gfwlist +server=/.blog.tiney.com/127.0.0.1#5353 +ipset=/.blog.tiney.com/gfwlist +server=/.blog.xuite.net/127.0.0.1#5353 +ipset=/.blog.xuite.net/gfwlist +server=/.blog.youxu.info/127.0.0.1#5353 +ipset=/.blog.youxu.info/gfwlist +server=/.blogblog.com/127.0.0.1#5353 +ipset=/.blogblog.com/gfwlist +server=/.blogcatalog.com/127.0.0.1#5353 +ipset=/.blogcatalog.com/gfwlist +server=/.blogcity.me/127.0.0.1#5353 +ipset=/.blogcity.me/gfwlist +server=/.blogger.com/127.0.0.1#5353 +ipset=/.blogger.com/gfwlist +server=/.blogimg.jp/127.0.0.1#5353 +ipset=/.blogimg.jp/gfwlist +server=/.bloglines.com/127.0.0.1#5353 +ipset=/.bloglines.com/gfwlist +server=/.bloglovin.com/127.0.0.1#5353 +ipset=/.bloglovin.com/gfwlist +server=/.blogs.icerocket.com/127.0.0.1#5353 +ipset=/.blogs.icerocket.com/gfwlist +server=/.blogs.tampabay.com/127.0.0.1#5353 +ipset=/.blogs.tampabay.com/gfwlist +server=/.blogs.yahoo.co.jp/127.0.0.1#5353 +ipset=/.blogs.yahoo.co.jp/gfwlist +server=/.blogspot.com/127.0.0.1#5353 +ipset=/.blogspot.com/gfwlist +server=/.blogspot.hk/127.0.0.1#5353 +ipset=/.blogspot.hk/gfwlist +server=/.blogspot.it/127.0.0.1#5353 +ipset=/.blogspot.it/gfwlist +server=/.blogspot.jp/127.0.0.1#5353 +ipset=/.blogspot.jp/gfwlist +server=/.blogspot.sg/127.0.0.1#5353 +ipset=/.blogspot.sg/gfwlist +server=/.blogtd.net/127.0.0.1#5353 +ipset=/.blogtd.net/gfwlist +server=/.blogtd.org/127.0.0.1#5353 +ipset=/.blogtd.org/gfwlist +server=/.bloodshed.net/127.0.0.1#5353 +ipset=/.bloodshed.net/gfwlist +server=/.bloomberg.cn/127.0.0.1#5353 +ipset=/.bloomberg.cn/gfwlist +server=/.bloomberg.com/127.0.0.1#5353 +ipset=/.bloomberg.com/gfwlist +server=/.bloomberg.de/127.0.0.1#5353 +ipset=/.bloomberg.de/gfwlist +server=/.bloomfortune.com/127.0.0.1#5353 +ipset=/.bloomfortune.com/gfwlist +server=/.bnrmetal.com/127.0.0.1#5353 +ipset=/.bnrmetal.com/gfwlist +server=/.boardreader.com/127.0.0.1#5353 +ipset=/.boardreader.com/gfwlist +server=/.bod.asia/127.0.0.1#5353 +ipset=/.bod.asia/gfwlist +server=/.bolehvpn.net/127.0.0.1#5353 +ipset=/.bolehvpn.net/gfwlist +server=/.bolin.netfirms.com/127.0.0.1#5353 +ipset=/.bolin.netfirms.com/gfwlist +server=/.bonbonme.com/127.0.0.1#5353 +ipset=/.bonbonme.com/gfwlist +server=/.bonbonsex.com/127.0.0.1#5353 +ipset=/.bonbonsex.com/gfwlist +server=/.boobstagram.com/127.0.0.1#5353 +ipset=/.boobstagram.com/gfwlist +server=/.book.zi5.me/127.0.0.1#5353 +ipset=/.book.zi5.me/gfwlist +server=/.bookepub.com/127.0.0.1#5353 +ipset=/.bookepub.com/gfwlist +server=/.bot.nu/127.0.0.1#5353 +ipset=/.bot.nu/gfwlist +server=/.botanwang.com/127.0.0.1#5353 +ipset=/.botanwang.com/gfwlist +server=/.bowenpress.com/127.0.0.1#5353 +ipset=/.bowenpress.com/gfwlist +server=/.boxpn.com/127.0.0.1#5353 +ipset=/.boxpn.com/gfwlist +server=/.boxun.com/127.0.0.1#5353 +ipset=/.boxun.com/gfwlist +server=/.boxun.tv/127.0.0.1#5353 +ipset=/.boxun.tv/gfwlist +server=/.boxunblog.com/127.0.0.1#5353 +ipset=/.boxunblog.com/gfwlist +server=/.boxunclub.com/127.0.0.1#5353 +ipset=/.boxunclub.com/gfwlist +server=/.boyfriendtv.com/127.0.0.1#5353 +ipset=/.boyfriendtv.com/gfwlist +server=/.boysmaster.com/127.0.0.1#5353 +ipset=/.boysmaster.com/gfwlist +server=/.br.hao123.com/127.0.0.1#5353 +ipset=/.br.hao123.com/gfwlist +server=/.br.st/127.0.0.1#5353 +ipset=/.br.st/gfwlist +server=/.bralio.com/127.0.0.1#5353 +ipset=/.bralio.com/gfwlist +server=/.branch.com/127.0.0.1#5353 +ipset=/.branch.com/gfwlist +server=/.brandonhutchinson.com/127.0.0.1#5353 +ipset=/.brandonhutchinson.com/gfwlist +server=/.braumeister.org/127.0.0.1#5353 +ipset=/.braumeister.org/gfwlist +server=/.bravotube.net/127.0.0.1#5353 +ipset=/.bravotube.net/gfwlist +server=/.brazzers.com/127.0.0.1#5353 +ipset=/.brazzers.com/gfwlist +server=/.break.com/127.0.0.1#5353 +ipset=/.break.com/gfwlist +server=/.breakgfw.com/127.0.0.1#5353 +ipset=/.breakgfw.com/gfwlist +server=/.breakingtweets.com/127.0.0.1#5353 +ipset=/.breakingtweets.com/gfwlist +server=/.breakwall.net/127.0.0.1#5353 +ipset=/.breakwall.net/gfwlist +server=/.briefdream.com/127.0.0.1#5353 +ipset=/.briefdream.com/gfwlist +server=/.briian.com/127.0.0.1#5353 +ipset=/.briian.com/gfwlist +server=/.brizzly.com/127.0.0.1#5353 +ipset=/.brizzly.com/gfwlist +server=/.broadbook.com/127.0.0.1#5353 +ipset=/.broadbook.com/gfwlist +server=/.broadpressinc.com/127.0.0.1#5353 +ipset=/.broadpressinc.com/gfwlist +server=/.brucewang.net/127.0.0.1#5353 +ipset=/.brucewang.net/gfwlist +server=/.brutaltgp.com/127.0.0.1#5353 +ipset=/.brutaltgp.com/gfwlist +server=/.bt95.com/127.0.0.1#5353 +ipset=/.bt95.com/gfwlist +server=/.btdigg.org/127.0.0.1#5353 +ipset=/.btdigg.org/gfwlist +server=/.btku.me/127.0.0.1#5353 +ipset=/.btku.me/gfwlist +server=/.btspread.com/127.0.0.1#5353 +ipset=/.btspread.com/gfwlist +server=/.budaedu.org/127.0.0.1#5353 +ipset=/.budaedu.org/gfwlist +server=/.bugclub.org/127.0.0.1#5353 +ipset=/.bugclub.org/gfwlist +server=/.bullog.org/127.0.0.1#5353 +ipset=/.bullog.org/gfwlist +server=/.bullogger.com/127.0.0.1#5353 +ipset=/.bullogger.com/gfwlist +server=/.businessinsider.com/127.0.0.1#5353 +ipset=/.businessinsider.com/gfwlist +server=/.businessweek.com/127.0.0.1#5353 +ipset=/.businessweek.com/gfwlist +server=/.busu.org/127.0.0.1#5353 +ipset=/.busu.org/gfwlist +server=/.buugaa.com/127.0.0.1#5353 +ipset=/.buugaa.com/gfwlist +server=/.buzzhand.com/127.0.0.1#5353 +ipset=/.buzzhand.com/gfwlist +server=/.buzzhand.net/127.0.0.1#5353 +ipset=/.buzzhand.net/gfwlist +server=/.buzzurl.jp/127.0.0.1#5353 +ipset=/.buzzurl.jp/gfwlist +server=/.bwsj.hk/127.0.0.1#5353 +ipset=/.bwsj.hk/gfwlist +server=/.bx.tl/127.0.0.1#5353 +ipset=/.bx.tl/gfwlist +server=/.c1522.mooo.com/127.0.0.1#5353 +ipset=/.c1522.mooo.com/gfwlist +server=/.cachinese.com/127.0.0.1#5353 +ipset=/.cachinese.com/gfwlist +server=/.cacnw.com/127.0.0.1#5353 +ipset=/.cacnw.com/gfwlist +server=/.cactusvpn.com/127.0.0.1#5353 +ipset=/.cactusvpn.com/gfwlist +server=/.cafepress.com/127.0.0.1#5353 +ipset=/.cafepress.com/gfwlist +server=/.calameo.com/127.0.0.1#5353 +ipset=/.calameo.com/gfwlist +server=/.calebelston.com/127.0.0.1#5353 +ipset=/.calebelston.com/gfwlist +server=/.calgarychinese.ca/127.0.0.1#5353 +ipset=/.calgarychinese.ca/gfwlist +server=/.calgarychinese.com/127.0.0.1#5353 +ipset=/.calgarychinese.com/gfwlist +server=/.calgarychinese.net/127.0.0.1#5353 +ipset=/.calgarychinese.net/gfwlist +server=/.cam4.com/127.0.0.1#5353 +ipset=/.cam4.com/gfwlist +server=/.cam4.jp/127.0.0.1#5353 +ipset=/.cam4.jp/gfwlist +server=/.cam4.sg/127.0.0.1#5353 +ipset=/.cam4.sg/gfwlist +server=/.camfrog.com/127.0.0.1#5353 +ipset=/.camfrog.com/gfwlist +server=/.cams.com/127.0.0.1#5353 +ipset=/.cams.com/gfwlist +server=/.cams.org.sg/127.0.0.1#5353 +ipset=/.cams.org.sg/gfwlist +server=/.canadameet.com/127.0.0.1#5353 +ipset=/.canadameet.com/gfwlist +server=/.canyu.org/127.0.0.1#5353 +ipset=/.canyu.org/gfwlist +server=/.cao.im/127.0.0.1#5353 +ipset=/.cao.im/gfwlist +server=/.caobian.info/127.0.0.1#5353 +ipset=/.caobian.info/gfwlist +server=/.caochangqing.com/127.0.0.1#5353 +ipset=/.caochangqing.com/gfwlist +server=/.cap.org.hk/127.0.0.1#5353 +ipset=/.cap.org.hk/gfwlist +server=/.cardinalkungfoundation.org/127.0.0.1#5353 +ipset=/.cardinalkungfoundation.org/gfwlist +server=/.carfax.com/127.0.0.1#5353 +ipset=/.carfax.com/gfwlist +server=/.cari.com.my/127.0.0.1#5353 +ipset=/.cari.com.my/gfwlist +server=/.caribbeancom.com/127.0.0.1#5353 +ipset=/.caribbeancom.com/gfwlist +server=/.casatibet.org.mx/127.0.0.1#5353 +ipset=/.casatibet.org.mx/gfwlist +server=/.casinobellini.com/127.0.0.1#5353 +ipset=/.casinobellini.com/gfwlist +server=/.catch22.net/127.0.0.1#5353 +ipset=/.catch22.net/gfwlist +server=/.catfightpayperview.xxx/127.0.0.1#5353 +ipset=/.catfightpayperview.xxx/gfwlist +server=/.catholic.org.hk/127.0.0.1#5353 +ipset=/.catholic.org.hk/gfwlist +server=/.cattt.com/127.0.0.1#5353 +ipset=/.cattt.com/gfwlist +server=/.cbc.ca/127.0.0.1#5353 +ipset=/.cbc.ca/gfwlist +server=/.cbsnews.com/127.0.0.1#5353 +ipset=/.cbsnews.com/gfwlist +server=/.cbtc.org.hk/127.0.0.1#5353 +ipset=/.cbtc.org.hk/gfwlist +server=/.ccdtr.org/127.0.0.1#5353 +ipset=/.ccdtr.org/gfwlist +server=/.ccim.org/127.0.0.1#5353 +ipset=/.ccim.org/gfwlist +server=/.cclife.ca/127.0.0.1#5353 +ipset=/.cclife.ca/gfwlist +server=/.cclife.org/127.0.0.1#5353 +ipset=/.cclife.org/gfwlist +server=/.cclifefl.org/127.0.0.1#5353 +ipset=/.cclifefl.org/gfwlist +server=/.ccthere.com/127.0.0.1#5353 +ipset=/.ccthere.com/gfwlist +server=/.cctongbao.com/127.0.0.1#5353 +ipset=/.cctongbao.com/gfwlist +server=/.ccue.ca/127.0.0.1#5353 +ipset=/.ccue.ca/gfwlist +server=/.ccue.com/127.0.0.1#5353 +ipset=/.ccue.com/gfwlist +server=/.cdbook.org/127.0.0.1#5353 +ipset=/.cdbook.org/gfwlist +server=/.cdd.me/127.0.0.1#5353 +ipset=/.cdd.me/gfwlist +server=/.cdef.org/127.0.0.1#5353 +ipset=/.cdef.org/gfwlist +server=/.cdig.info/127.0.0.1#5353 +ipset=/.cdig.info/gfwlist +server=/.cdjp.org/127.0.0.1#5353 +ipset=/.cdjp.org/gfwlist +server=/.cdn.helixstudios.net/127.0.0.1#5353 +ipset=/.cdn.helixstudios.net/gfwlist +server=/.cdn.printfriendly.com/127.0.0.1#5353 +ipset=/.cdn.printfriendly.com/gfwlist +server=/.cdn.softlayer.net/127.0.0.1#5353 +ipset=/.cdn.softlayer.net/gfwlist +server=/.cdninstagram.com/127.0.0.1#5353 +ipset=/.cdninstagram.com/gfwlist +server=/.cdp1989.org/127.0.0.1#5353 +ipset=/.cdp1989.org/gfwlist +server=/.cdp1998.org/127.0.0.1#5353 +ipset=/.cdp1998.org/gfwlist +server=/.cdp2006.org/127.0.0.1#5353 +ipset=/.cdp2006.org/gfwlist +server=/.cdpeu.org/127.0.0.1#5353 +ipset=/.cdpeu.org/gfwlist +server=/.cdpusa.org/127.0.0.1#5353 +ipset=/.cdpusa.org/gfwlist +server=/.cdpweb.org/127.0.0.1#5353 +ipset=/.cdpweb.org/gfwlist +server=/.cdpwu.org/127.0.0.1#5353 +ipset=/.cdpwu.org/gfwlist +server=/.cdw.com/127.0.0.1#5353 +ipset=/.cdw.com/gfwlist +server=/.cecc.gov/127.0.0.1#5353 +ipset=/.cecc.gov/gfwlist +server=/.cellulo.info/127.0.0.1#5353 +ipset=/.cellulo.info/gfwlist +server=/.cenci.tk/127.0.0.1#5353 +ipset=/.cenci.tk/gfwlist +server=/.cenews.eu/127.0.0.1#5353 +ipset=/.cenews.eu/gfwlist +server=/.centauro.com.br/127.0.0.1#5353 +ipset=/.centauro.com.br/gfwlist +server=/.centerforhumanreprod.com/127.0.0.1#5353 +ipset=/.centerforhumanreprod.com/gfwlist +server=/.centralnation.com/127.0.0.1#5353 +ipset=/.centralnation.com/gfwlist +server=/.centurys.net/127.0.0.1#5353 +ipset=/.centurys.net/gfwlist +server=/.certificate.revocationcheck.com/127.0.0.1#5353 +ipset=/.certificate.revocationcheck.com/gfwlist +server=/.c-est-simple.com/127.0.0.1#5353 +ipset=/.c-est-simple.com/gfwlist +server=/.cfhks.org.hk/127.0.0.1#5353 +ipset=/.cfhks.org.hk/gfwlist +server=/.cftfc.com/127.0.0.1#5353 +ipset=/.cftfc.com/gfwlist +server=/.cgdepot.org/127.0.0.1#5353 +ipset=/.cgdepot.org/gfwlist +server=/.cgst.edu/127.0.0.1#5353 +ipset=/.cgst.edu/gfwlist +server=/.ch.shvoong.com/127.0.0.1#5353 +ipset=/.ch.shvoong.com/gfwlist +server=/.chandoo.org/127.0.0.1#5353 +ipset=/.chandoo.org/gfwlist +server=/.change.org/127.0.0.1#5353 +ipset=/.change.org/gfwlist +server=/.changp.com/127.0.0.1#5353 +ipset=/.changp.com/gfwlist +server=/.chapm25.com/127.0.0.1#5353 +ipset=/.chapm25.com/gfwlist +server=/.chaturbate.com/127.0.0.1#5353 +ipset=/.chaturbate.com/gfwlist +server=/.chengmingmag.com/127.0.0.1#5353 +ipset=/.chengmingmag.com/gfwlist +server=/.chenguangcheng.com/127.0.0.1#5353 +ipset=/.chenguangcheng.com/gfwlist +server=/.chenpokong.com/127.0.0.1#5353 +ipset=/.chenpokong.com/gfwlist +server=/.chenshan20042005.wordpress.com/127.0.0.1#5353 +ipset=/.chenshan20042005.wordpress.com/gfwlist +server=/.cherrysave.com/127.0.0.1#5353 +ipset=/.cherrysave.com/gfwlist +server=/.chhongbi.org/127.0.0.1#5353 +ipset=/.chhongbi.org/gfwlist +server=/.chicagoncmtv.com/127.0.0.1#5353 +ipset=/.chicagoncmtv.com/gfwlist +server=/.china.hket.com/127.0.0.1#5353 +ipset=/.china.hket.com/gfwlist +server=/.china.ucanews.com/127.0.0.1#5353 +ipset=/.china.ucanews.com/gfwlist +server=/.china101.com/127.0.0.1#5353 +ipset=/.china101.com/gfwlist +server=/.china18.org/127.0.0.1#5353 +ipset=/.china18.org/gfwlist +server=/.china21.com/127.0.0.1#5353 +ipset=/.china21.com/gfwlist +server=/.china21.org/127.0.0.1#5353 +ipset=/.china21.org/gfwlist +server=/.china5000.us/127.0.0.1#5353 +ipset=/.china5000.us/gfwlist +server=/.chinaaffairs.org/127.0.0.1#5353 +ipset=/.chinaaffairs.org/gfwlist +server=/.chinaaid.me/127.0.0.1#5353 +ipset=/.chinaaid.me/gfwlist +server=/.chinaaid.net/127.0.0.1#5353 +ipset=/.chinaaid.net/gfwlist +server=/.chinaaid.org/127.0.0.1#5353 +ipset=/.chinaaid.org/gfwlist +server=/.chinaaid.us/127.0.0.1#5353 +ipset=/.chinaaid.us/gfwlist +server=/.chinachange.org/127.0.0.1#5353 +ipset=/.chinachange.org/gfwlist +server=/.chinachannel.hk/127.0.0.1#5353 +ipset=/.chinachannel.hk/gfwlist +server=/.chinacitynews.be/127.0.0.1#5353 +ipset=/.chinacitynews.be/gfwlist +server=/.chinacomments.org/127.0.0.1#5353 +ipset=/.chinacomments.org/gfwlist +server=/.chinadigitaltimes.net/127.0.0.1#5353 +ipset=/.chinadigitaltimes.net/gfwlist +server=/.chinaelections.org/127.0.0.1#5353 +ipset=/.chinaelections.org/gfwlist +server=/.chinaeweekly.com/127.0.0.1#5353 +ipset=/.chinaeweekly.com/gfwlist +server=/.chinafreepress.org/127.0.0.1#5353 +ipset=/.chinafreepress.org/gfwlist +server=/.chinagate.com/127.0.0.1#5353 +ipset=/.chinagate.com/gfwlist +server=/.chinageeks.org/127.0.0.1#5353 +ipset=/.chinageeks.org/gfwlist +server=/.chinagfw.org/127.0.0.1#5353 +ipset=/.chinagfw.org/gfwlist +server=/.chinagreenparty.org/127.0.0.1#5353 +ipset=/.chinagreenparty.org/gfwlist +server=/.chinahorizon.org/127.0.0.1#5353 +ipset=/.chinahorizon.org/gfwlist +server=/.chinahush.com/127.0.0.1#5353 +ipset=/.chinahush.com/gfwlist +server=/.chinainperspective.com/127.0.0.1#5353 +ipset=/.chinainperspective.com/gfwlist +server=/.chinainperspective.net/127.0.0.1#5353 +ipset=/.chinainperspective.net/gfwlist +server=/.chinainperspective.org/127.0.0.1#5353 +ipset=/.chinainperspective.org/gfwlist +server=/.chinainterimgov.org/127.0.0.1#5353 +ipset=/.chinainterimgov.org/gfwlist +server=/.chinalaborwatch.org/127.0.0.1#5353 +ipset=/.chinalaborwatch.org/gfwlist +server=/.chinalawandpolicy.com/127.0.0.1#5353 +ipset=/.chinalawandpolicy.com/gfwlist +server=/.chinalawtranslate.com/127.0.0.1#5353 +ipset=/.chinalawtranslate.com/gfwlist +server=/.china-mmm.jp.net/127.0.0.1#5353 +ipset=/.china-mmm.jp.net/gfwlist +server=/.china-mmm.net/127.0.0.1#5353 +ipset=/.china-mmm.net/gfwlist +server=/.chinamule.com/127.0.0.1#5353 +ipset=/.chinamule.com/gfwlist +server=/.chinamz.org/127.0.0.1#5353 +ipset=/.chinamz.org/gfwlist +server=/.chinapress.com.my/127.0.0.1#5353 +ipset=/.chinapress.com.my/gfwlist +server=/.chinarightsia.org/127.0.0.1#5353 +ipset=/.chinarightsia.org/gfwlist +server=/.chinasmile.net/127.0.0.1#5353 +ipset=/.chinasmile.net/gfwlist +server=/.chinasocialdemocraticparty.com/127.0.0.1#5353 +ipset=/.chinasocialdemocraticparty.com/gfwlist +server=/.chinasoul.org/127.0.0.1#5353 +ipset=/.chinasoul.org/gfwlist +server=/.chinasucks.net/127.0.0.1#5353 +ipset=/.chinasucks.net/gfwlist +server=/.chinatimes.com/127.0.0.1#5353 +ipset=/.chinatimes.com/gfwlist +server=/.chinatopsex.com/127.0.0.1#5353 +ipset=/.chinatopsex.com/gfwlist +server=/.chinatweeps.com/127.0.0.1#5353 +ipset=/.chinatweeps.com/gfwlist +server=/.chinaway.org/127.0.0.1#5353 +ipset=/.chinaway.org/gfwlist +server=/.china-week.com/127.0.0.1#5353 +ipset=/.china-week.com/gfwlist +server=/.chinaworker.info/127.0.0.1#5353 +ipset=/.chinaworker.info/gfwlist +server=/.chinaxchina.com/127.0.0.1#5353 +ipset=/.chinaxchina.com/gfwlist +server=/.chinayouth.org.hk/127.0.0.1#5353 +ipset=/.chinayouth.org.hk/gfwlist +server=/.chinayuanmin.org/127.0.0.1#5353 +ipset=/.chinayuanmin.org/gfwlist +server=/.chinese.engadget.com/127.0.0.1#5353 +ipset=/.chinese.engadget.com/gfwlist +server=/.chinese.irib.ir/127.0.0.1#5353 +ipset=/.chinese.irib.ir/gfwlist +server=/.chinese.rnw.nl/127.0.0.1#5353 +ipset=/.chinese.rnw.nl/gfwlist +server=/.chinese.soifind.com/127.0.0.1#5353 +ipset=/.chinese.soifind.com/gfwlist +server=/.chinesedaily.com/127.0.0.1#5353 +ipset=/.chinesedaily.com/gfwlist +server=/.chinesedailynews.com/127.0.0.1#5353 +ipset=/.chinesedailynews.com/gfwlist +server=/.chinesedemocracy.com/127.0.0.1#5353 +ipset=/.chinesedemocracy.com/gfwlist +server=/.chinese-hermit.net/127.0.0.1#5353 +ipset=/.chinese-hermit.net/gfwlist +server=/.chinese-leaders.org/127.0.0.1#5353 +ipset=/.chinese-leaders.org/gfwlist +server=/.chinese-memorial.org/127.0.0.1#5353 +ipset=/.chinese-memorial.org/gfwlist +server=/.chinesen.de/127.0.0.1#5353 +ipset=/.chinesen.de/gfwlist +server=/.chinesepen.org/127.0.0.1#5353 +ipset=/.chinesepen.org/gfwlist +server=/.chinesetalks.net/127.0.0.1#5353 +ipset=/.chinesetalks.net/gfwlist +server=/.chingcheong.com/127.0.0.1#5353 +ipset=/.chingcheong.com/gfwlist +server=/.chithu.org/127.0.0.1#5353 +ipset=/.chithu.org/gfwlist +server=/.chn.chosun.com/127.0.0.1#5353 +ipset=/.chn.chosun.com/gfwlist +server=/.chrdnet.com/127.0.0.1#5353 +ipset=/.chrdnet.com/gfwlist +server=/.christianstudy.com/127.0.0.1#5353 +ipset=/.christianstudy.com/gfwlist +server=/.christiantimes.org.hk/127.0.0.1#5353 +ipset=/.christiantimes.org.hk/gfwlist +server=/.christusrex.org/127.0.0.1#5353 +ipset=/.christusrex.org/gfwlist +server=/.chrlawyers.hk/127.0.0.1#5353 +ipset=/.chrlawyers.hk/gfwlist +server=/.chrome.com/127.0.0.1#5353 +ipset=/.chrome.com/gfwlist +server=/.chromeadblock.com/127.0.0.1#5353 +ipset=/.chromeadblock.com/gfwlist +server=/.chromecast.com/127.0.0.1#5353 +ipset=/.chromecast.com/gfwlist +server=/.chromeexperiments.com/127.0.0.1#5353 +ipset=/.chromeexperiments.com/gfwlist +server=/.chromercise.com/127.0.0.1#5353 +ipset=/.chromercise.com/gfwlist +server=/.chromium.org/127.0.0.1#5353 +ipset=/.chromium.org/gfwlist +server=/.chuang-yen.org/127.0.0.1#5353 +ipset=/.chuang-yen.org/gfwlist +server=/.chuantupian.com/127.0.0.1#5353 +ipset=/.chuantupian.com/gfwlist +server=/.chubun.com/127.0.0.1#5353 +ipset=/.chubun.com/gfwlist +server=/.chuizi.net/127.0.0.1#5353 +ipset=/.chuizi.net/gfwlist +server=/.cipfg.org/127.0.0.1#5353 +ipset=/.cipfg.org/gfwlist +server=/.circlethebayfortibet.org/127.0.0.1#5353 +ipset=/.circlethebayfortibet.org/gfwlist +server=/.citizenlab.org/127.0.0.1#5353 +ipset=/.citizenlab.org/gfwlist +server=/.citizenscommission.hk/127.0.0.1#5353 +ipset=/.citizenscommission.hk/gfwlist +server=/.citizensradio.org/127.0.0.1#5353 +ipset=/.citizensradio.org/gfwlist +server=/.city365.ca/127.0.0.1#5353 +ipset=/.city365.ca/gfwlist +server=/.city9x.com/127.0.0.1#5353 +ipset=/.city9x.com/gfwlist +server=/.civicparty.hk/127.0.0.1#5353 +ipset=/.civicparty.hk/gfwlist +server=/.civilhrfront.org/127.0.0.1#5353 +ipset=/.civilhrfront.org/gfwlist +server=/.ck101.com/127.0.0.1#5353 +ipset=/.ck101.com/gfwlist +server=/.cl.d0z.net/127.0.0.1#5353 +ipset=/.cl.d0z.net/gfwlist +server=/.cl.ly/127.0.0.1#5353 +ipset=/.cl.ly/gfwlist +server=/.clarionproject.org/127.0.0.1#5353 +ipset=/.clarionproject.org/gfwlist +server=/.classicalguitarblog.net/127.0.0.1#5353 +ipset=/.classicalguitarblog.net/gfwlist +server=/.clb.org.hk/127.0.0.1#5353 +ipset=/.clb.org.hk/gfwlist +server=/.clearharmony.net/127.0.0.1#5353 +ipset=/.clearharmony.net/gfwlist +server=/.clearwisdom.net/127.0.0.1#5353 +ipset=/.clearwisdom.net/gfwlist +server=/.cling.omy.sg/127.0.0.1#5353 +ipset=/.cling.omy.sg/gfwlist +server=/.clipfish.de/127.0.0.1#5353 +ipset=/.clipfish.de/gfwlist +server=/.cloakpoint.com/127.0.0.1#5353 +ipset=/.cloakpoint.com/gfwlist +server=/.club1069.com/127.0.0.1#5353 +ipset=/.club1069.com/gfwlist +server=/.cmp.hku.hk/127.0.0.1#5353 +ipset=/.cmp.hku.hk/gfwlist +server=/.cms.gov/127.0.0.1#5353 +ipset=/.cms.gov/gfwlist +server=/.cmule.com/127.0.0.1#5353 +ipset=/.cmule.com/gfwlist +server=/.cmule.org/127.0.0.1#5353 +ipset=/.cmule.org/gfwlist +server=/.cn.calameo.com/127.0.0.1#5353 +ipset=/.cn.calameo.com/gfwlist +server=/.cn.dayabook.com/127.0.0.1#5353 +ipset=/.cn.dayabook.com/gfwlist +server=/.cn.fmnnow.com/127.0.0.1#5353 +ipset=/.cn.fmnnow.com/gfwlist +server=/.cn.freeones.com/127.0.0.1#5353 +ipset=/.cn.freeones.com/gfwlist +server=/.cn.giganews.com/127.0.0.1#5353 +ipset=/.cn.giganews.com/gfwlist +server=/.cn.ibtimes.com/127.0.0.1#5353 +ipset=/.cn.ibtimes.com/gfwlist +server=/.cn.shafaqna.com/127.0.0.1#5353 +ipset=/.cn.shafaqna.com/gfwlist +server=/.cn.streetvoice.com/127.0.0.1#5353 +ipset=/.cn.streetvoice.com/gfwlist +server=/.cn.uncyclopedia.wikia.com/127.0.0.1#5353 +ipset=/.cn.uncyclopedia.wikia.com/gfwlist +server=/.cn.voa.mobi/127.0.0.1#5353 +ipset=/.cn.voa.mobi/gfwlist +server=/.cn2.streetvoice.com/127.0.0.1#5353 +ipset=/.cn2.streetvoice.com/gfwlist +server=/.cn6.eu/127.0.0.1#5353 +ipset=/.cn6.eu/gfwlist +server=/.cnabc.com/127.0.0.1#5353 +ipset=/.cnabc.com/gfwlist +server=/.cnd.org/127.0.0.1#5353 +ipset=/.cnd.org/gfwlist +server=/.cnn.com/127.0.0.1#5353 +ipset=/.cnn.com/gfwlist +server=/.cnpolitics.org/127.0.0.1#5353 +ipset=/.cnpolitics.org/gfwlist +server=/.cochina.co/127.0.0.1#5353 +ipset=/.cochina.co/gfwlist +server=/.cochina.org/127.0.0.1#5353 +ipset=/.cochina.org/gfwlist +server=/.code1984.com/127.0.0.1#5353 +ipset=/.code1984.com/gfwlist +server=/.codeshare.io/127.0.0.1#5353 +ipset=/.codeshare.io/gfwlist +server=/.codeskulptor.org/127.0.0.1#5353 +ipset=/.codeskulptor.org/gfwlist +server=/.collateralmurder.com/127.0.0.1#5353 +ipset=/.collateralmurder.com/gfwlist +server=/.collateralmurder.org/127.0.0.1#5353 +ipset=/.collateralmurder.org/gfwlist +server=/.comefromchina.com/127.0.0.1#5353 +ipset=/.comefromchina.com/gfwlist +server=/.commentshk.com/127.0.0.1#5353 +ipset=/.commentshk.com/gfwlist +server=/.communistcrimes.org/127.0.0.1#5353 +ipset=/.communistcrimes.org/gfwlist +server=/.communitychoicecu.com/127.0.0.1#5353 +ipset=/.communitychoicecu.com/gfwlist +server=/.compileheart.com/127.0.0.1#5353 +ipset=/.compileheart.com/gfwlist +server=/.connect.facebook.net/127.0.0.1#5353 +ipset=/.connect.facebook.net/gfwlist +server=/.conoyo.com/127.0.0.1#5353 +ipset=/.conoyo.com/gfwlist +server=/.contactmagazine.net/127.0.0.1#5353 +ipset=/.contactmagazine.net/gfwlist +server=/.contests.twilio.com/127.0.0.1#5353 +ipset=/.contests.twilio.com/gfwlist +server=/.convio.net/127.0.0.1#5353 +ipset=/.convio.net/gfwlist +server=/.coobay.com/127.0.0.1#5353 +ipset=/.coobay.com/gfwlist +server=/.coolaler.com/127.0.0.1#5353 +ipset=/.coolaler.com/gfwlist +server=/.coolder.com/127.0.0.1#5353 +ipset=/.coolder.com/gfwlist +server=/.corumcollege.com/127.0.0.1#5353 +ipset=/.corumcollege.com/gfwlist +server=/.cotweet.com/127.0.0.1#5353 +ipset=/.cotweet.com/gfwlist +server=/.couchdbwiki.com/127.0.0.1#5353 +ipset=/.couchdbwiki.com/gfwlist +server=/.coveringweb.com/127.0.0.1#5353 +ipset=/.coveringweb.com/gfwlist +server=/.cpj.org/127.0.0.1#5353 +ipset=/.cpj.org/gfwlist +server=/.crackle.com/127.0.0.1#5353 +ipset=/.crackle.com/gfwlist +server=/.crchina.org/127.0.0.1#5353 +ipset=/.crchina.org/gfwlist +server=/.crd-net.org/127.0.0.1#5353 +ipset=/.crd-net.org/gfwlist +server=/.creaders.net/127.0.0.1#5353 +ipset=/.creaders.net/gfwlist +server=/.crossthewall.net/127.0.0.1#5353 +ipset=/.crossthewall.net/gfwlist +server=/.csdparty.com/127.0.0.1#5353 +ipset=/.csdparty.com/gfwlist +server=/.c-spanvideo.org/127.0.0.1#5353 +ipset=/.c-spanvideo.org/gfwlist +server=/.css.pixnet.in/127.0.0.1#5353 +ipset=/.css.pixnet.in/gfwlist +server=/.csuchen.de/127.0.0.1#5353 +ipset=/.csuchen.de/gfwlist +server=/.ctao.org/127.0.0.1#5353 +ipset=/.ctao.org/gfwlist +server=/.ctfriend.net/127.0.0.1#5353 +ipset=/.ctfriend.net/gfwlist +server=/.cuhkacs.org/127.0.0.1#5353 +ipset=/.cuhkacs.org/gfwlist +server=/.cuihua.org/127.0.0.1#5353 +ipset=/.cuihua.org/gfwlist +server=/.cuiweiping.net/127.0.0.1#5353 +ipset=/.cuiweiping.net/gfwlist +server=/.cumlouder.com/127.0.0.1#5353 +ipset=/.cumlouder.com/gfwlist +server=/.curvefish.com/127.0.0.1#5353 +ipset=/.curvefish.com/gfwlist +server=/.cusu.hk/127.0.0.1#5353 +ipset=/.cusu.hk/gfwlist +server=/.cweb-pix.com/127.0.0.1#5353 +ipset=/.cweb-pix.com/gfwlist +server=/.cyberghost.natado.com/127.0.0.1#5353 +ipset=/.cyberghost.natado.com/gfwlist +server=/.cyberghostvpn.com/127.0.0.1#5353 +ipset=/.cyberghostvpn.com/gfwlist +server=/.cynscribe.com/127.0.0.1#5353 +ipset=/.cynscribe.com/gfwlist +server=/.cytode.us/127.0.0.1#5353 +ipset=/.cytode.us/gfwlist +server=/.d100.net/127.0.0.1#5353 +ipset=/.d100.net/gfwlist +server=/.d2bay.com/127.0.0.1#5353 +ipset=/.d2bay.com/gfwlist +server=/.dabr.co.uk/127.0.0.1#5353 +ipset=/.dabr.co.uk/gfwlist +server=/.dabr.eu/127.0.0.1#5353 +ipset=/.dabr.eu/gfwlist +server=/.dabr.me/127.0.0.1#5353 +ipset=/.dabr.me/gfwlist +server=/.dabr.mobi/127.0.0.1#5353 +ipset=/.dabr.mobi/gfwlist +server=/.dadazim.com/127.0.0.1#5353 +ipset=/.dadazim.com/gfwlist +server=/.dadi360.com/127.0.0.1#5353 +ipset=/.dadi360.com/gfwlist +server=/.dafagood.com/127.0.0.1#5353 +ipset=/.dafagood.com/gfwlist +server=/.dafahao.com/127.0.0.1#5353 +ipset=/.dafahao.com/gfwlist +server=/.daftpunk.com/127.0.0.1#5353 +ipset=/.daftpunk.com/gfwlist +server=/.dailidaili.com/127.0.0.1#5353 +ipset=/.dailidaili.com/gfwlist +server=/.dailymotion.com/127.0.0.1#5353 +ipset=/.dailymotion.com/gfwlist +server=/.dailynews.sina.com/127.0.0.1#5353 +ipset=/.dailynews.sina.com/gfwlist +server=/.daiphapinfo.net/127.0.0.1#5353 +ipset=/.daiphapinfo.net/gfwlist +server=/.dajiyuan.com/127.0.0.1#5353 +ipset=/.dajiyuan.com/gfwlist +server=/.dajiyuan.de/127.0.0.1#5353 +ipset=/.dajiyuan.de/gfwlist +server=/.dajiyuan.eu/127.0.0.1#5353 +ipset=/.dajiyuan.eu/gfwlist +server=/.dajusha.baywords.com/127.0.0.1#5353 +ipset=/.dajusha.baywords.com/gfwlist +server=/.dalailama.com/127.0.0.1#5353 +ipset=/.dalailama.com/gfwlist +server=/.dalailama.ru/127.0.0.1#5353 +ipset=/.dalailama.ru/gfwlist +server=/.dalailama80.org/127.0.0.1#5353 +ipset=/.dalailama80.org/gfwlist +server=/.dalailamaprotesters.info/127.0.0.1#5353 +ipset=/.dalailamaprotesters.info/gfwlist +server=/.dalailamavisit.org.nz/127.0.0.1#5353 +ipset=/.dalailamavisit.org.nz/gfwlist +server=/.dalailamaworld.com/127.0.0.1#5353 +ipset=/.dalailamaworld.com/gfwlist +server=/.dalianmeng.org/127.0.0.1#5353 +ipset=/.dalianmeng.org/gfwlist +server=/.daliulian.org/127.0.0.1#5353 +ipset=/.daliulian.org/gfwlist +server=/.danke4china.net/127.0.0.1#5353 +ipset=/.danke4china.net/gfwlist +server=/.danwei.org/127.0.0.1#5353 +ipset=/.danwei.org/gfwlist +server=/.daodu14.jigsy.com/127.0.0.1#5353 +ipset=/.daodu14.jigsy.com/gfwlist +server=/.daolan.net/127.0.0.1#5353 +ipset=/.daolan.net/gfwlist +server=/.darktoy.net/127.0.0.1#5353 +ipset=/.darktoy.net/gfwlist +server=/.darpa.mil/127.0.0.1#5353 +ipset=/.darpa.mil/gfwlist +server=/.data-vocabulary.org/127.0.0.1#5353 +ipset=/.data-vocabulary.org/gfwlist +server=/.date.fm/127.0.0.1#5353 +ipset=/.date.fm/gfwlist +server=/.david-kilgour.com/127.0.0.1#5353 +ipset=/.david-kilgour.com/gfwlist +server=/.daxa.cn/127.0.0.1#5353 +ipset=/.daxa.cn/gfwlist +server=/.daylife.com/127.0.0.1#5353 +ipset=/.daylife.com/gfwlist +server=/.dbc.hk/127.0.0.1#5353 +ipset=/.dbc.hk/gfwlist +server=/.deck.ly/127.0.0.1#5353 +ipset=/.deck.ly/gfwlist +server=/.default.secureserver.net/127.0.0.1#5353 +ipset=/.default.secureserver.net/gfwlist +server=/.deja.com/127.0.0.1#5353 +ipset=/.deja.com/gfwlist +server=/.delcamp.net/127.0.0.1#5353 +ipset=/.delcamp.net/gfwlist +server=/.delicious.com/127.0.0.1#5353 +ipset=/.delicious.com/gfwlist +server=/.demo.opera-mini.net/127.0.0.1#5353 +ipset=/.demo.opera-mini.net/gfwlist +server=/.democrats.org/127.0.0.1#5353 +ipset=/.democrats.org/gfwlist +server=/.derekhsu.homeip.net/127.0.0.1#5353 +ipset=/.derekhsu.homeip.net/gfwlist +server=/.desc.se/127.0.0.1#5353 +ipset=/.desc.se/gfwlist +server=/.de-sci.org/127.0.0.1#5353 +ipset=/.de-sci.org/gfwlist +server=/.designerol.com/127.0.0.1#5353 +ipset=/.designerol.com/gfwlist +server=/.desipro.de/127.0.0.1#5353 +ipset=/.desipro.de/gfwlist +server=/.destiny.xfiles.to/127.0.0.1#5353 +ipset=/.destiny.xfiles.to/gfwlist +server=/.destroy-china.jp/127.0.0.1#5353 +ipset=/.destroy-china.jp/gfwlist +server=/.deutsche-welle.de/127.0.0.1#5353 +ipset=/.deutsche-welle.de/gfwlist +server=/.developers.box.net/127.0.0.1#5353 +ipset=/.developers.box.net/gfwlist +server=/.devio.us/127.0.0.1#5353 +ipset=/.devio.us/gfwlist +server=/.devpn.com/127.0.0.1#5353 +ipset=/.devpn.com/gfwlist +server=/.dfas.mil/127.0.0.1#5353 +ipset=/.dfas.mil/gfwlist +server=/.dfn.org/127.0.0.1#5353 +ipset=/.dfn.org/gfwlist +server=/.dharamsalanet.com/127.0.0.1#5353 +ipset=/.dharamsalanet.com/gfwlist +server=/.diaoyuislands.org/127.0.0.1#5353 +ipset=/.diaoyuislands.org/gfwlist +server=/.digitalnomadsproject.org/127.0.0.1#5353 +ipset=/.digitalnomadsproject.org/gfwlist +server=/.diigo.com/127.0.0.1#5353 +ipset=/.diigo.com/gfwlist +server=/.dimitrik.free.fr/127.0.0.1#5353 +ipset=/.dimitrik.free.fr/gfwlist +server=/.dipity.com/127.0.0.1#5353 +ipset=/.dipity.com/gfwlist +server=/.directcreative.com/127.0.0.1#5353 +ipset=/.directcreative.com/gfwlist +server=/.discogs.com/127.0.0.1#5353 +ipset=/.discogs.com/gfwlist +server=/.discuss.com.hk/127.0.0.1#5353 +ipset=/.discuss.com.hk/gfwlist +server=/.disp.cc/127.0.0.1#5353 +ipset=/.disp.cc/gfwlist +server=/.dit-inc.us/127.0.0.1#5353 +ipset=/.dit-inc.us/gfwlist +server=/.dizhidizhi.com/127.0.0.1#5353 +ipset=/.dizhidizhi.com/gfwlist +server=/.dizhuzhishang.com/127.0.0.1#5353 +ipset=/.dizhuzhishang.com/gfwlist +server=/.djangosnippets.org/127.0.0.1#5353 +ipset=/.djangosnippets.org/gfwlist +server=/.djorz.com/127.0.0.1#5353 +ipset=/.djorz.com/gfwlist +server=/.dl.box.net/127.0.0.1#5353 +ipset=/.dl.box.net/gfwlist +server=/.dl-laby.jp/127.0.0.1#5353 +ipset=/.dl-laby.jp/gfwlist +server=/.dlsite.com/127.0.0.1#5353 +ipset=/.dlsite.com/gfwlist +server=/.dmcdn.net/127.0.0.1#5353 +ipset=/.dmcdn.net/gfwlist +server=/.dmm.co.jp/127.0.0.1#5353 +ipset=/.dmm.co.jp/gfwlist +server=/.dns.v2ex.com/127.0.0.1#5353 +ipset=/.dns.v2ex.com/gfwlist +server=/.dns2go.com/127.0.0.1#5353 +ipset=/.dns2go.com/gfwlist +server=/.dnscrypt.org/127.0.0.1#5353 +ipset=/.dnscrypt.org/gfwlist +server=/.dnssec.net/127.0.0.1#5353 +ipset=/.dnssec.net/gfwlist +server=/.doctorvoice.org/127.0.0.1#5353 +ipset=/.doctorvoice.org/gfwlist +server=/.dogfartnetwork.com/127.0.0.1#5353 +ipset=/.dogfartnetwork.com/gfwlist +server=/.dojin.com/127.0.0.1#5353 +ipset=/.dojin.com/gfwlist +server=/.dok-forum.net/127.0.0.1#5353 +ipset=/.dok-forum.net/gfwlist +server=/.dolc.de/127.0.0.1#5353 +ipset=/.dolc.de/gfwlist +server=/.dolf.org.hk/127.0.0.1#5353 +ipset=/.dolf.org.hk/gfwlist +server=/.dollf.com/127.0.0.1#5353 +ipset=/.dollf.com/gfwlist +server=/.domainhelp.search.com/127.0.0.1#5353 +ipset=/.domainhelp.search.com/gfwlist +server=/.dongtaiwang.com/127.0.0.1#5353 +ipset=/.dongtaiwang.com/gfwlist +server=/.dongtaiwang.net/127.0.0.1#5353 +ipset=/.dongtaiwang.net/gfwlist +server=/.dongyangjing.com/127.0.0.1#5353 +ipset=/.dongyangjing.com/gfwlist +server=/.dontfilter.us/127.0.0.1#5353 +ipset=/.dontfilter.us/gfwlist +server=/.dontmovetochina.com/127.0.0.1#5353 +ipset=/.dontmovetochina.com/gfwlist +server=/.dotplane.com/127.0.0.1#5353 +ipset=/.dotplane.com/gfwlist +server=/.dotsub.com/127.0.0.1#5353 +ipset=/.dotsub.com/gfwlist +server=/.dougscripts.com/127.0.0.1#5353 +ipset=/.dougscripts.com/gfwlist +server=/.dowei.org/127.0.0.1#5353 +ipset=/.dowei.org/gfwlist +server=/.download.aircrack-ng.org/127.0.0.1#5353 +ipset=/.download.aircrack-ng.org/gfwlist +server=/.doxygen.org/127.0.0.1#5353 +ipset=/.doxygen.org/gfwlist +server=/.dphk.org/127.0.0.1#5353 +ipset=/.dphk.org/gfwlist +server=/.dreammask.org/127.0.0.1#5353 +ipset=/.dreammask.org/gfwlist +server=/.drepung.org/127.0.0.1#5353 +ipset=/.drepung.org/gfwlist +server=/.drgan.net/127.0.0.1#5353 +ipset=/.drgan.net/gfwlist +server=/.drmingxia.org/127.0.0.1#5353 +ipset=/.drmingxia.org/gfwlist +server=/.dropbox.com/127.0.0.1#5353 +ipset=/.dropbox.com/gfwlist +server=/.dropboxusercontent.com/127.0.0.1#5353 +ipset=/.dropboxusercontent.com/gfwlist +server=/.drsunacademy.com/127.0.0.1#5353 +ipset=/.drsunacademy.com/gfwlist +server=/.drtuber.com/127.0.0.1#5353 +ipset=/.drtuber.com/gfwlist +server=/.dscn.info/127.0.0.1#5353 +ipset=/.dscn.info/gfwlist +server=/.dtiblog.com/127.0.0.1#5353 +ipset=/.dtiblog.com/gfwlist +server=/.dtic.mil/127.0.0.1#5353 +ipset=/.dtic.mil/gfwlist +server=/.dtiserv2.com/127.0.0.1#5353 +ipset=/.dtiserv2.com/gfwlist +server=/.duckdns.org/127.0.0.1#5353 +ipset=/.duckdns.org/gfwlist +server=/.duckduckgo.com/127.0.0.1#5353 +ipset=/.duckduckgo.com/gfwlist +server=/.duckload.com/127.0.0.1#5353 +ipset=/.duckload.com/gfwlist +server=/.duckmylife.com/127.0.0.1#5353 +ipset=/.duckmylife.com/gfwlist +server=/.duihua.org/127.0.0.1#5353 +ipset=/.duihua.org/gfwlist +server=/.duihuahrjournal.org/127.0.0.1#5353 +ipset=/.duihuahrjournal.org/gfwlist +server=/.duoweitimes.com/127.0.0.1#5353 +ipset=/.duoweitimes.com/gfwlist +server=/.duping.net/127.0.0.1#5353 +ipset=/.duping.net/gfwlist +server=/.duplicati.com/127.0.0.1#5353 +ipset=/.duplicati.com/gfwlist +server=/.dupola.com/127.0.0.1#5353 +ipset=/.dupola.com/gfwlist +server=/.dupola.net/127.0.0.1#5353 +ipset=/.dupola.net/gfwlist +server=/.dushi.ca/127.0.0.1#5353 +ipset=/.dushi.ca/gfwlist +server=/.dvorak.org/127.0.0.1#5353 +ipset=/.dvorak.org/gfwlist +server=/.dw.com/127.0.0.1#5353 +ipset=/.dw.com/gfwlist +server=/.dw.de/127.0.0.1#5353 +ipset=/.dw.de/gfwlist +server=/.dwnews.com/127.0.0.1#5353 +ipset=/.dwnews.com/gfwlist +server=/.dwnews.net/127.0.0.1#5353 +ipset=/.dwnews.net/gfwlist +server=/.dw-world.com/127.0.0.1#5353 +ipset=/.dw-world.com/gfwlist +server=/.dw-world.de/127.0.0.1#5353 +ipset=/.dw-world.de/gfwlist +server=/.dynawebinc.com/127.0.0.1#5353 +ipset=/.dynawebinc.com/gfwlist +server=/.dyndns.org/127.0.0.1#5353 +ipset=/.dyndns.org/gfwlist +server=/.dzze.com/127.0.0.1#5353 +ipset=/.dzze.com/gfwlist +server=/.e123.hk/127.0.0.1#5353 +ipset=/.e123.hk/gfwlist +server=/.earthcam.com/127.0.0.1#5353 +ipset=/.earthcam.com/gfwlist +server=/.eastern-ark.com/127.0.0.1#5353 +ipset=/.eastern-ark.com/gfwlist +server=/.easternlightning.org/127.0.0.1#5353 +ipset=/.easternlightning.org/gfwlist +server=/.eastturkestan.com/127.0.0.1#5353 +ipset=/.eastturkestan.com/gfwlist +server=/.eastturkistan-gov.org/127.0.0.1#5353 +ipset=/.eastturkistan-gov.org/gfwlist +server=/.eastturkistangovernmentinexile.us/127.0.0.1#5353 +ipset=/.eastturkistangovernmentinexile.us/gfwlist +server=/.ebookbrowse.com/127.0.0.1#5353 +ipset=/.ebookbrowse.com/gfwlist +server=/.ebookee.com/127.0.0.1#5353 +ipset=/.ebookee.com/gfwlist +server=/.echofon.com/127.0.0.1#5353 +ipset=/.echofon.com/gfwlist +server=/.ecministry.net/127.0.0.1#5353 +ipset=/.ecministry.net/gfwlist +server=/.ecsm.vs.com/127.0.0.1#5353 +ipset=/.ecsm.vs.com/gfwlist +server=/.edgecastcdn.net/127.0.0.1#5353 +ipset=/.edgecastcdn.net/gfwlist +server=/.edicypages.com/127.0.0.1#5353 +ipset=/.edicypages.com/gfwlist +server=/.edmontonchina.cn/127.0.0.1#5353 +ipset=/.edmontonchina.cn/gfwlist +server=/.edoors.com/127.0.0.1#5353 +ipset=/.edoors.com/gfwlist +server=/.edubridge.com/127.0.0.1#5353 +ipset=/.edubridge.com/gfwlist +server=/.edupro.org/127.0.0.1#5353 +ipset=/.edupro.org/gfwlist +server=/.eeas.europa.eu/127.0.0.1#5353 +ipset=/.eeas.europa.eu/gfwlist +server=/.eevpn.com/127.0.0.1#5353 +ipset=/.eevpn.com/gfwlist +server=/.efcc.org.hk/127.0.0.1#5353 +ipset=/.efcc.org.hk/gfwlist +server=/.effers.com/127.0.0.1#5353 +ipset=/.effers.com/gfwlist +server=/.efksoft.com/127.0.0.1#5353 +ipset=/.efksoft.com/gfwlist +server=/.efmoe.com/127.0.0.1#5353 +ipset=/.efmoe.com/gfwlist +server=/.e-gold.com/127.0.0.1#5353 +ipset=/.e-gold.com/gfwlist +server=/.eic-av.com/127.0.0.1#5353 +ipset=/.eic-av.com/gfwlist +server=/.eisbb.com/127.0.0.1#5353 +ipset=/.eisbb.com/gfwlist +server=/.eksisozluk.com/127.0.0.1#5353 +ipset=/.eksisozluk.com/gfwlist +server=/.electionsmeter.com/127.0.0.1#5353 +ipset=/.electionsmeter.com/gfwlist +server=/.elephantvpn.com/127.0.0.1#5353 +ipset=/.elephantvpn.com/gfwlist +server=/.elgoog.im/127.0.0.1#5353 +ipset=/.elgoog.im/gfwlist +server=/.elpais.com/127.0.0.1#5353 +ipset=/.elpais.com/gfwlist +server=/.eltondisney.com/127.0.0.1#5353 +ipset=/.eltondisney.com/gfwlist +server=/.emacsblog.org/127.0.0.1#5353 +ipset=/.emacsblog.org/gfwlist +server=/.embr.in/127.0.0.1#5353 +ipset=/.embr.in/gfwlist +server=/.emilylau.org.hk/127.0.0.1#5353 +ipset=/.emilylau.org.hk/gfwlist +server=/.empfil.com/127.0.0.1#5353 +ipset=/.empfil.com/gfwlist +server=/.emule-ed2k.com/127.0.0.1#5353 +ipset=/.emule-ed2k.com/gfwlist +server=/.emuparadise.me/127.0.0.1#5353 +ipset=/.emuparadise.me/gfwlist +server=/.en.favotter.net/127.0.0.1#5353 +ipset=/.en.favotter.net/gfwlist +server=/.en.hao123.com/127.0.0.1#5353 +ipset=/.en.hao123.com/gfwlist +server=/.enewstree.com/127.0.0.1#5353 +ipset=/.enewstree.com/gfwlist +server=/.englishfromengland.co.uk/127.0.0.1#5353 +ipset=/.englishfromengland.co.uk/gfwlist +server=/.entermap.com/127.0.0.1#5353 +ipset=/.entermap.com/gfwlist +server=/.episcopalchurch.org/127.0.0.1#5353 +ipset=/.episcopalchurch.org/gfwlist +server=/.epochtimes.co.il/127.0.0.1#5353 +ipset=/.epochtimes.co.il/gfwlist +server=/.epochtimes.co.kr/127.0.0.1#5353 +ipset=/.epochtimes.co.kr/gfwlist +server=/.epochtimes.com/127.0.0.1#5353 +ipset=/.epochtimes.com/gfwlist +server=/.epochtimes.cz/127.0.0.1#5353 +ipset=/.epochtimes.cz/gfwlist +server=/.epochtimes.de/127.0.0.1#5353 +ipset=/.epochtimes.de/gfwlist +server=/.epochtimes.fr/127.0.0.1#5353 +ipset=/.epochtimes.fr/gfwlist +server=/.epochtimes.ie/127.0.0.1#5353 +ipset=/.epochtimes.ie/gfwlist +server=/.epochtimes.it/127.0.0.1#5353 +ipset=/.epochtimes.it/gfwlist +server=/.epochtimes.jp/127.0.0.1#5353 +ipset=/.epochtimes.jp/gfwlist +server=/.epochtimes.ru/127.0.0.1#5353 +ipset=/.epochtimes.ru/gfwlist +server=/.epochtimes.se/127.0.0.1#5353 +ipset=/.epochtimes.se/gfwlist +server=/.epochtimes-bg.com/127.0.0.1#5353 +ipset=/.epochtimes-bg.com/gfwlist +server=/.epochtimes-romania.com/127.0.0.1#5353 +ipset=/.epochtimes-romania.com/gfwlist +server=/.epochtimestr.com/127.0.0.1#5353 +ipset=/.epochtimestr.com/gfwlist +server=/.epochweek.com/127.0.0.1#5353 +ipset=/.epochweek.com/gfwlist +server=/.epochweekly.com/127.0.0.1#5353 +ipset=/.epochweekly.com/gfwlist +server=/.erabaru.net/127.0.0.1#5353 +ipset=/.erabaru.net/gfwlist +server=/.erepublik.com/127.0.0.1#5353 +ipset=/.erepublik.com/gfwlist +server=/.erights.net/127.0.0.1#5353 +ipset=/.erights.net/gfwlist +server=/.eriversoft.com/127.0.0.1#5353 +ipset=/.eriversoft.com/gfwlist +server=/.erktv.com/127.0.0.1#5353 +ipset=/.erktv.com/gfwlist +server=/.ernestmandel.org/127.0.0.1#5353 +ipset=/.ernestmandel.org/gfwlist +server=/.erodoujinworld.com/127.0.0.1#5353 +ipset=/.erodoujinworld.com/gfwlist +server=/.eslite.com/127.0.0.1#5353 +ipset=/.eslite.com/gfwlist +server=/.etaa.org.au/127.0.0.1#5353 +ipset=/.etaa.org.au/gfwlist +server=/.etaiwannews.com/127.0.0.1#5353 +ipset=/.etaiwannews.com/gfwlist +server=/.etizer.org/127.0.0.1#5353 +ipset=/.etizer.org/gfwlist +server=/.etools.ncol.com/127.0.0.1#5353 +ipset=/.etools.ncol.com/gfwlist +server=/.e-traderland.net/127.0.0.1#5353 +ipset=/.e-traderland.net/gfwlist +server=/.ettoday.net/127.0.0.1#5353 +ipset=/.ettoday.net/gfwlist +server=/.etvonline.hk/127.0.0.1#5353 +ipset=/.etvonline.hk/gfwlist +server=/.eu.org/127.0.0.1#5353 +ipset=/.eu.org/gfwlist +server=/.eulam.com/127.0.0.1#5353 +ipset=/.eulam.com/gfwlist +server=/.evchk.wikia.com/127.0.0.1#5353 +ipset=/.evchk.wikia.com/gfwlist +server=/.eventful.com/127.0.0.1#5353 +ipset=/.eventful.com/gfwlist +server=/.exblog.jp/127.0.0.1#5353 +ipset=/.exblog.jp/gfwlist +server=/.exchristian.hk/127.0.0.1#5353 +ipset=/.exchristian.hk/gfwlist +server=/.exmormon.org/127.0.0.1#5353 +ipset=/.exmormon.org/gfwlist +server=/.expatshield.com/127.0.0.1#5353 +ipset=/.expatshield.com/gfwlist +server=/.exploader.net/127.0.0.1#5353 +ipset=/.exploader.net/gfwlist +server=/.expressvpn.com/127.0.0.1#5353 +ipset=/.expressvpn.com/gfwlist +server=/.extremetube.com/127.0.0.1#5353 +ipset=/.extremetube.com/gfwlist +server=/.eyevio.jp/127.0.0.1#5353 +ipset=/.eyevio.jp/gfwlist +server=/.eyny.com/127.0.0.1#5353 +ipset=/.eyny.com/gfwlist +server=/.e-zone.com.hk/127.0.0.1#5353 +ipset=/.e-zone.com.hk/gfwlist +server=/.ezpc.tk/127.0.0.1#5353 +ipset=/.ezpc.tk/gfwlist +server=/.ezpeer.com/127.0.0.1#5353 +ipset=/.ezpeer.com/gfwlist +server=/.facebook.com/127.0.0.1#5353 +ipset=/.facebook.com/gfwlist +server=/.facebook.hu/127.0.0.1#5353 +ipset=/.facebook.hu/gfwlist +server=/.facebook.nl/127.0.0.1#5353 +ipset=/.facebook.nl/gfwlist +server=/.facebookquotes4u.com/127.0.0.1#5353 +ipset=/.facebookquotes4u.com/gfwlist +server=/.faceless.me/127.0.0.1#5353 +ipset=/.faceless.me/gfwlist +server=/.facesofnyfw.com/127.0.0.1#5353 +ipset=/.facesofnyfw.com/gfwlist +server=/.facesoftibetanselfimmolators.info/127.0.0.1#5353 +ipset=/.facesoftibetanselfimmolators.info/gfwlist +server=/.fail.hk/127.0.0.1#5353 +ipset=/.fail.hk/gfwlist +server=/.faithfuleye.com/127.0.0.1#5353 +ipset=/.faithfuleye.com/gfwlist +server=/.faiththedog.info/127.0.0.1#5353 +ipset=/.faiththedog.info/gfwlist +server=/.fakku.net/127.0.0.1#5353 +ipset=/.fakku.net/gfwlist +server=/.falsefire.com/127.0.0.1#5353 +ipset=/.falsefire.com/gfwlist +server=/.falun.caltech.edu/127.0.0.1#5353 +ipset=/.falun.caltech.edu/gfwlist +server=/.falunart.org/127.0.0.1#5353 +ipset=/.falunart.org/gfwlist +server=/.falunasia.info/127.0.0.1#5353 +ipset=/.falunasia.info/gfwlist +server=/.falun-co.org/127.0.0.1#5353 +ipset=/.falun-co.org/gfwlist +server=/.falundafa.org/127.0.0.1#5353 +ipset=/.falundafa.org/gfwlist +server=/.falundafa-dc.org/127.0.0.1#5353 +ipset=/.falundafa-dc.org/gfwlist +server=/.falundafa-florida.org/127.0.0.1#5353 +ipset=/.falundafa-florida.org/gfwlist +server=/.falundafaindia.org/127.0.0.1#5353 +ipset=/.falundafaindia.org/gfwlist +server=/.falundafamuseum.org/127.0.0.1#5353 +ipset=/.falundafamuseum.org/gfwlist +server=/.falundafa-nc.org/127.0.0.1#5353 +ipset=/.falundafa-nc.org/gfwlist +server=/.falundafa-pa.net/127.0.0.1#5353 +ipset=/.falundafa-pa.net/gfwlist +server=/.falungong.de/127.0.0.1#5353 +ipset=/.falungong.de/gfwlist +server=/.falungong.org.uk/127.0.0.1#5353 +ipset=/.falungong.org.uk/gfwlist +server=/.falunhr.org/127.0.0.1#5353 +ipset=/.falunhr.org/gfwlist +server=/.faluninfo.de/127.0.0.1#5353 +ipset=/.faluninfo.de/gfwlist +server=/.faluninfo.net/127.0.0.1#5353 +ipset=/.faluninfo.net/gfwlist +server=/.falun-ny.net/127.0.0.1#5353 +ipset=/.falun-ny.net/gfwlist +server=/.falunpilipinas.net/127.0.0.1#5353 +ipset=/.falunpilipinas.net/gfwlist +server=/.falunworld.net/127.0.0.1#5353 +ipset=/.falunworld.net/gfwlist +server=/.familyfed.org/127.0.0.1#5353 +ipset=/.familyfed.org/gfwlist +server=/.famunion.com/127.0.0.1#5353 +ipset=/.famunion.com/gfwlist +server=/.fangbinxing.com/127.0.0.1#5353 +ipset=/.fangbinxing.com/gfwlist +server=/.fangeming.com/127.0.0.1#5353 +ipset=/.fangeming.com/gfwlist +server=/.fang-lizhi.hxwk.org/127.0.0.1#5353 +ipset=/.fang-lizhi.hxwk.org/gfwlist +server=/.fanglizhi.info/127.0.0.1#5353 +ipset=/.fanglizhi.info/gfwlist +server=/.fangmincn.org/127.0.0.1#5353 +ipset=/.fangmincn.org/gfwlist +server=/.fangong.org/127.0.0.1#5353 +ipset=/.fangong.org/gfwlist +server=/.fangongheike.com/127.0.0.1#5353 +ipset=/.fangongheike.com/gfwlist +server=/.fan-qiang.com/127.0.0.1#5353 +ipset=/.fan-qiang.com/gfwlist +server=/.fanqianghou.com/127.0.0.1#5353 +ipset=/.fanqianghou.com/gfwlist +server=/.fanqiangyakexi.net/127.0.0.1#5353 +ipset=/.fanqiangyakexi.net/gfwlist +server=/.fanswong.com/127.0.0.1#5353 +ipset=/.fanswong.com/gfwlist +server=/.fanyue.info/127.0.0.1#5353 +ipset=/.fanyue.info/gfwlist +server=/.fapdu.com/127.0.0.1#5353 +ipset=/.fapdu.com/gfwlist +server=/.faproxy.com/127.0.0.1#5353 +ipset=/.faproxy.com/gfwlist +server=/.farwestchina.com/127.0.0.1#5353 +ipset=/.farwestchina.com/gfwlist +server=/.fastpic.ru/127.0.0.1#5353 +ipset=/.fastpic.ru/gfwlist +server=/.faststone.org/127.0.0.1#5353 +ipset=/.faststone.org/gfwlist +server=/.favstar.fm/127.0.0.1#5353 +ipset=/.favstar.fm/gfwlist +server=/.fawanghuihui.org/127.0.0.1#5353 +ipset=/.fawanghuihui.org/gfwlist +server=/.faydao.com/127.0.0.1#5353 +ipset=/.faydao.com/gfwlist +server=/.fb.com/127.0.0.1#5353 +ipset=/.fb.com/gfwlist +server=/.fb.me/127.0.0.1#5353 +ipset=/.fb.me/gfwlist +server=/.fbcdn.net/127.0.0.1#5353 +ipset=/.fbcdn.net/gfwlist +server=/.fbsbx.com/127.0.0.1#5353 +ipset=/.fbsbx.com/gfwlist +server=/.fc2.com/127.0.0.1#5353 +ipset=/.fc2.com/gfwlist +server=/.fc2blog.net/127.0.0.1#5353 +ipset=/.fc2blog.net/gfwlist +server=/.fc2china.com/127.0.0.1#5353 +ipset=/.fc2china.com/gfwlist +server=/.fc2cn.com/127.0.0.1#5353 +ipset=/.fc2cn.com/gfwlist +server=/.fdc89.jp/127.0.0.1#5353 +ipset=/.fdc89.jp/gfwlist +server=/.feedburner.com/127.0.0.1#5353 +ipset=/.feedburner.com/gfwlist +server=/.feeds.fileforum.com/127.0.0.1#5353 +ipset=/.feeds.fileforum.com/gfwlist +server=/.feedzshare.com/127.0.0.1#5353 +ipset=/.feedzshare.com/gfwlist +server=/.feelssh.com/127.0.0.1#5353 +ipset=/.feelssh.com/gfwlist +server=/.feer.com/127.0.0.1#5353 +ipset=/.feer.com/gfwlist +server=/.feitianacademy.org/127.0.0.1#5353 +ipset=/.feitianacademy.org/gfwlist +server=/.feitian-california.org/127.0.0.1#5353 +ipset=/.feitian-california.org/gfwlist +server=/.feministteacher.com/127.0.0.1#5353 +ipset=/.feministteacher.com/gfwlist +server=/.fengzhenghu.com/127.0.0.1#5353 +ipset=/.fengzhenghu.com/gfwlist +server=/.ff.im/127.0.0.1#5353 +ipset=/.ff.im/gfwlist +server=/.fflick.com/127.0.0.1#5353 +ipset=/.fflick.com/gfwlist +server=/.fgmtv.net/127.0.0.1#5353 +ipset=/.fgmtv.net/gfwlist +server=/.fgmtv.org/127.0.0.1#5353 +ipset=/.fgmtv.org/gfwlist +server=/.fhreports.net/127.0.0.1#5353 +ipset=/.fhreports.net/gfwlist +server=/.files2me.com/127.0.0.1#5353 +ipset=/.files2me.com/gfwlist +server=/.fileserve.com/127.0.0.1#5353 +ipset=/.fileserve.com/gfwlist +server=/.fillthesquare.org/127.0.0.1#5353 +ipset=/.fillthesquare.org/gfwlist +server=/.filmingfortibet.org/127.0.0.1#5353 +ipset=/.filmingfortibet.org/gfwlist +server=/.finalion.jp/127.0.0.1#5353 +ipset=/.finalion.jp/gfwlist +server=/.financetwitter.com/127.0.0.1#5353 +ipset=/.financetwitter.com/gfwlist +server=/.fingerdaily.com/127.0.0.1#5353 +ipset=/.fingerdaily.com/gfwlist +server=/.finler.net/127.0.0.1#5353 +ipset=/.finler.net/gfwlist +server=/.fireofliberty.org/127.0.0.1#5353 +ipset=/.fireofliberty.org/gfwlist +server=/.firstfivefollowers.com/127.0.0.1#5353 +ipset=/.firstfivefollowers.com/gfwlist +server=/.flecheinthepeche.fr/127.0.0.1#5353 +ipset=/.flecheinthepeche.fr/gfwlist +server=/.fleshbot.com/127.0.0.1#5353 +ipset=/.fleshbot.com/gfwlist +server=/.flgg.us/127.0.0.1#5353 +ipset=/.flgg.us/gfwlist +server=/.flickr.com/127.0.0.1#5353 +ipset=/.flickr.com/gfwlist +server=/.flickrhivemind.net/127.0.0.1#5353 +ipset=/.flickrhivemind.net/gfwlist +server=/.flightcaster.com/127.0.0.1#5353 +ipset=/.flightcaster.com/gfwlist +server=/.flipboard.com/127.0.0.1#5353 +ipset=/.flipboard.com/gfwlist +server=/.flitto.com/127.0.0.1#5353 +ipset=/.flitto.com/gfwlist +server=/.focusvpn.com/127.0.0.1#5353 +ipset=/.focusvpn.com/gfwlist +server=/.fofg.org/127.0.0.1#5353 +ipset=/.fofg.org/gfwlist +server=/.fofldfradio.org/127.0.0.1#5353 +ipset=/.fofldfradio.org/gfwlist +server=/.fooooo.com/127.0.0.1#5353 +ipset=/.fooooo.com/gfwlist +server=/.footwiball.com/127.0.0.1#5353 +ipset=/.footwiball.com/gfwlist +server=/.forum.baby-kingdom.com/127.0.0.1#5353 +ipset=/.forum.baby-kingdom.com/gfwlist +server=/.forum.cyberctm.com/127.0.0.1#5353 +ipset=/.forum.cyberctm.com/gfwlist +server=/.forum.idsam.com/127.0.0.1#5353 +ipset=/.forum.idsam.com/gfwlist +server=/.forum.my903.com/127.0.0.1#5353 +ipset=/.forum.my903.com/gfwlist +server=/.forum.mymaji.com/127.0.0.1#5353 +ipset=/.forum.mymaji.com/gfwlist +server=/.forum.omy.sg/127.0.0.1#5353 +ipset=/.forum.omy.sg/gfwlist +server=/.forum.palmislife.com/127.0.0.1#5353 +ipset=/.forum.palmislife.com/gfwlist +server=/.forum.sina.com.hk/127.0.0.1#5353 +ipset=/.forum.sina.com.hk/gfwlist +server=/.forum.tvb.com/127.0.0.1#5353 +ipset=/.forum.tvb.com/gfwlist +server=/.forum.xinbao.de/127.0.0.1#5353 +ipset=/.forum.xinbao.de/gfwlist +server=/.fotop.net/127.0.0.1#5353 +ipset=/.fotop.net/gfwlist +server=/.fourface.nodesnoop.com/127.0.0.1#5353 +ipset=/.fourface.nodesnoop.com/gfwlist +server=/.fourthinternational.org/127.0.0.1#5353 +ipset=/.fourthinternational.org/gfwlist +server=/.foxdie.us/127.0.0.1#5353 +ipset=/.foxdie.us/gfwlist +server=/.foxgay.com/127.0.0.1#5353 +ipset=/.foxgay.com/gfwlist +server=/.foxsub.com/127.0.0.1#5353 +ipset=/.foxsub.com/gfwlist +server=/.foxtang.com/127.0.0.1#5353 +ipset=/.foxtang.com/gfwlist +server=/.fpmt.org/127.0.0.1#5353 +ipset=/.fpmt.org/gfwlist +server=/.fpmtmexico.org/127.0.0.1#5353 +ipset=/.fpmtmexico.org/gfwlist +server=/.fpmt-osel.org/127.0.0.1#5353 +ipset=/.fpmt-osel.org/gfwlist +server=/.fqok.org/127.0.0.1#5353 +ipset=/.fqok.org/gfwlist +server=/.fqrouter.com/127.0.0.1#5353 +ipset=/.fqrouter.com/gfwlist +server=/.franklc.com/127.0.0.1#5353 +ipset=/.franklc.com/gfwlist +server=/.freakshare.com/127.0.0.1#5353 +ipset=/.freakshare.com/gfwlist +server=/.free.fr/127.0.0.1#5353 +ipset=/.free.fr/gfwlist +server=/.free4u.com.ar/127.0.0.1#5353 +ipset=/.free4u.com.ar/gfwlist +server=/.freealim.com/127.0.0.1#5353 +ipset=/.freealim.com/gfwlist +server=/.freebrowser.org/127.0.0.1#5353 +ipset=/.freebrowser.org/gfwlist +server=/.freechal.com/127.0.0.1#5353 +ipset=/.freechal.com/gfwlist +server=/.freechina.net/127.0.0.1#5353 +ipset=/.freechina.net/gfwlist +server=/.freedomchina.info/127.0.0.1#5353 +ipset=/.freedomchina.info/gfwlist +server=/.freedomcollection.org/127.0.0.1#5353 +ipset=/.freedomcollection.org/gfwlist +server=/.freedomhouse.org/127.0.0.1#5353 +ipset=/.freedomhouse.org/gfwlist +server=/.freedomsherald.org/127.0.0.1#5353 +ipset=/.freedomsherald.org/gfwlist +server=/.freeforums.org/127.0.0.1#5353 +ipset=/.freeforums.org/gfwlist +server=/.freefuckvids.com/127.0.0.1#5353 +ipset=/.freefuckvids.com/gfwlist +server=/.freegao.com/127.0.0.1#5353 +ipset=/.freegao.com/gfwlist +server=/.free-gate.org/127.0.0.1#5353 +ipset=/.free-gate.org/gfwlist +server=/.free-hada-now.org/127.0.0.1#5353 +ipset=/.free-hada-now.org/gfwlist +server=/.freeilhamtohti.org/127.0.0.1#5353 +ipset=/.freeilhamtohti.org/gfwlist +server=/.freeimage.us/127.0.0.1#5353 +ipset=/.freeimage.us/gfwlist +server=/.freelotto.com/127.0.0.1#5353 +ipset=/.freelotto.com/gfwlist +server=/.freeman2.com/127.0.0.1#5353 +ipset=/.freeman2.com/gfwlist +server=/.freemoren.com/127.0.0.1#5353 +ipset=/.freemoren.com/gfwlist +server=/.freemorenews.com/127.0.0.1#5353 +ipset=/.freemorenews.com/gfwlist +server=/.freenet-china.org/127.0.0.1#5353 +ipset=/.freenet-china.org/gfwlist +server=/.freenetproject.org/127.0.0.1#5353 +ipset=/.freenetproject.org/gfwlist +server=/.freenewscn.com/127.0.0.1#5353 +ipset=/.freenewscn.com/gfwlist +server=/.freeopenvpn.com/127.0.0.1#5353 +ipset=/.freeopenvpn.com/gfwlist +server=/.freeoz.org/127.0.0.1#5353 +ipset=/.freeoz.org/gfwlist +server=/.free-ssh.com/127.0.0.1#5353 +ipset=/.free-ssh.com/gfwlist +server=/.freessh.us/127.0.0.1#5353 +ipset=/.freessh.us/gfwlist +server=/.freetibet.net/127.0.0.1#5353 +ipset=/.freetibet.net/gfwlist +server=/.freetibet.org/127.0.0.1#5353 +ipset=/.freetibet.org/gfwlist +server=/.freetibetanheroes.org/127.0.0.1#5353 +ipset=/.freetibetanheroes.org/gfwlist +server=/.freevpn.nl/127.0.0.1#5353 +ipset=/.freevpn.nl/gfwlist +server=/.freewallpaper4.me/127.0.0.1#5353 +ipset=/.freewallpaper4.me/gfwlist +server=/.freewebs.com/127.0.0.1#5353 +ipset=/.freewebs.com/gfwlist +server=/.freeweibo.com/127.0.0.1#5353 +ipset=/.freeweibo.com/gfwlist +server=/.freexinwen.com/127.0.0.1#5353 +ipset=/.freexinwen.com/gfwlist +server=/.freeyoutubeproxy.net/127.0.0.1#5353 +ipset=/.freeyoutubeproxy.net/gfwlist +server=/.friendfeed.com/127.0.0.1#5353 +ipset=/.friendfeed.com/gfwlist +server=/.friendfeed-media.com/127.0.0.1#5353 +ipset=/.friendfeed-media.com/gfwlist +server=/.friendsoftibet.org/127.0.0.1#5353 +ipset=/.friendsoftibet.org/gfwlist +server=/.friends-of-tibet.org/127.0.0.1#5353 +ipset=/.friends-of-tibet.org/gfwlist +server=/.fring.com/127.0.0.1#5353 +ipset=/.fring.com/gfwlist +server=/.fringenetwork.com/127.0.0.1#5353 +ipset=/.fringenetwork.com/gfwlist +server=/.frommel.net/127.0.0.1#5353 +ipset=/.frommel.net/gfwlist +server=/.frontlinedefenders.org/127.0.0.1#5353 +ipset=/.frontlinedefenders.org/gfwlist +server=/.fscked.org/127.0.0.1#5353 +ipset=/.fscked.org/gfwlist +server=/.fsurf.com/127.0.0.1#5353 +ipset=/.fsurf.com/gfwlist +server=/.ftchinese.com/127.0.0.1#5353 +ipset=/.ftchinese.com/gfwlist +server=/.fuckcnnic.net/127.0.0.1#5353 +ipset=/.fuckcnnic.net/gfwlist +server=/.fuckgfw.org/127.0.0.1#5353 +ipset=/.fuckgfw.org/gfwlist +server=/.fullerconsideration.com/127.0.0.1#5353 +ipset=/.fullerconsideration.com/gfwlist +server=/.fulue.com/127.0.0.1#5353 +ipset=/.fulue.com/gfwlist +server=/.funp.com/127.0.0.1#5353 +ipset=/.funp.com/gfwlist +server=/.furhhdl.org/127.0.0.1#5353 +ipset=/.furhhdl.org/gfwlist +server=/.furinkan.com/127.0.0.1#5353 +ipset=/.furinkan.com/gfwlist +server=/.furl.net/127.0.0.1#5353 +ipset=/.furl.net/gfwlist +server=/.futurechinaforum.org/127.0.0.1#5353 +ipset=/.futurechinaforum.org/gfwlist +server=/.futureme.org/127.0.0.1#5353 +ipset=/.futureme.org/gfwlist +server=/.futuremessage.org/127.0.0.1#5353 +ipset=/.futuremessage.org/gfwlist +server=/.fuyin.net/127.0.0.1#5353 +ipset=/.fuyin.net/gfwlist +server=/.fw.cm/127.0.0.1#5353 +ipset=/.fw.cm/gfwlist +server=/.fxnetworks.com/127.0.0.1#5353 +ipset=/.fxnetworks.com/gfwlist +server=/.fzh999.com/127.0.0.1#5353 +ipset=/.fzh999.com/gfwlist +server=/.fzh999.net/127.0.0.1#5353 +ipset=/.fzh999.net/gfwlist +server=/.g.co/127.0.0.1#5353 +ipset=/.g.co/gfwlist +server=/.g.e-hentai.org/127.0.0.1#5353 +ipset=/.g.e-hentai.org/gfwlist +server=/.gabocorp.com/127.0.0.1#5353 +ipset=/.gabocorp.com/gfwlist +server=/.gaeproxy.com/127.0.0.1#5353 +ipset=/.gaeproxy.com/gfwlist +server=/.gaforum.org/127.0.0.1#5353 +ipset=/.gaforum.org/gfwlist +server=/.galenwu.com/127.0.0.1#5353 +ipset=/.galenwu.com/gfwlist +server=/.game735.com/127.0.0.1#5353 +ipset=/.game735.com/gfwlist +server=/.ganges.com/127.0.0.1#5353 +ipset=/.ganges.com/gfwlist +server=/.gaoming.net/127.0.0.1#5353 +ipset=/.gaoming.net/gfwlist +server=/.gaopi.net/127.0.0.1#5353 +ipset=/.gaopi.net/gfwlist +server=/.gaozhisheng.net/127.0.0.1#5353 +ipset=/.gaozhisheng.net/gfwlist +server=/.gaozhisheng.org/127.0.0.1#5353 +ipset=/.gaozhisheng.org/gfwlist +server=/.gardennetworks.com/127.0.0.1#5353 +ipset=/.gardennetworks.com/gfwlist +server=/.gardennetworks.org/127.0.0.1#5353 +ipset=/.gardennetworks.org/gfwlist +server=/.gartlive.com/127.0.0.1#5353 +ipset=/.gartlive.com/gfwlist +server=/.gather.com/127.0.0.1#5353 +ipset=/.gather.com/gfwlist +server=/.gaycn.net/127.0.0.1#5353 +ipset=/.gaycn.net/gfwlist +server=/.gaymap.cc/127.0.0.1#5353 +ipset=/.gaymap.cc/gfwlist +server=/.gaytube.com/127.0.0.1#5353 +ipset=/.gaytube.com/gfwlist +server=/.gazotube.com/127.0.0.1#5353 +ipset=/.gazotube.com/gfwlist +server=/.gcc.org.hk/127.0.0.1#5353 +ipset=/.gcc.org.hk/gfwlist +server=/.gclooney.com/127.0.0.1#5353 +ipset=/.gclooney.com/gfwlist +server=/.gcpnews.com/127.0.0.1#5353 +ipset=/.gcpnews.com/gfwlist +server=/.gdbt.net/127.0.0.1#5353 +ipset=/.gdbt.net/gfwlist +server=/.gdzf.org/127.0.0.1#5353 +ipset=/.gdzf.org/gfwlist +server=/.geek-art.net/127.0.0.1#5353 +ipset=/.geek-art.net/gfwlist +server=/.geekerhome.com/127.0.0.1#5353 +ipset=/.geekerhome.com/gfwlist +server=/.geekmanuals.com/127.0.0.1#5353 +ipset=/.geekmanuals.com/gfwlist +server=/.geocities.co.jp/127.0.0.1#5353 +ipset=/.geocities.co.jp/gfwlist +server=/.geocities.com/127.0.0.1#5353 +ipset=/.geocities.com/gfwlist +server=/.geocities.jp/127.0.0.1#5353 +ipset=/.geocities.jp/gfwlist +server=/.geohot.com/127.0.0.1#5353 +ipset=/.geohot.com/gfwlist +server=/.geometrictools.com/127.0.0.1#5353 +ipset=/.geometrictools.com/gfwlist +server=/.getchu.com/127.0.0.1#5353 +ipset=/.getchu.com/gfwlist +server=/.getcloak.com/127.0.0.1#5353 +ipset=/.getcloak.com/gfwlist +server=/.getcloudapp.com/127.0.0.1#5353 +ipset=/.getcloudapp.com/gfwlist +server=/.getfoxyproxy.org/127.0.0.1#5353 +ipset=/.getfoxyproxy.org/gfwlist +server=/.getfreedur.com/127.0.0.1#5353 +ipset=/.getfreedur.com/gfwlist +server=/.getgom.com/127.0.0.1#5353 +ipset=/.getgom.com/gfwlist +server=/.getiton.com/127.0.0.1#5353 +ipset=/.getiton.com/gfwlist +server=/.getjetso.com/127.0.0.1#5353 +ipset=/.getjetso.com/gfwlist +server=/.getlantern.org/127.0.0.1#5353 +ipset=/.getlantern.org/gfwlist +server=/.getmdl.io/127.0.0.1#5353 +ipset=/.getmdl.io/gfwlist +server=/.getsmartlinks.com/127.0.0.1#5353 +ipset=/.getsmartlinks.com/gfwlist +server=/.getsocialscope.com/127.0.0.1#5353 +ipset=/.getsocialscope.com/gfwlist +server=/.gettyimages.com/127.0.0.1#5353 +ipset=/.gettyimages.com/gfwlist +server=/.getuploader.com/127.0.0.1#5353 +ipset=/.getuploader.com/gfwlist +server=/.gfbv.de/127.0.0.1#5353 +ipset=/.gfbv.de/gfwlist +server=/.gfsale.com/127.0.0.1#5353 +ipset=/.gfsale.com/gfwlist +server=/.gfw.org.ua/127.0.0.1#5353 +ipset=/.gfw.org.ua/gfwlist +server=/.ggpht.com/127.0.0.1#5353 +ipset=/.ggpht.com/gfwlist +server=/.ggssl.com/127.0.0.1#5353 +ipset=/.ggssl.com/gfwlist +server=/.ghost.org/127.0.0.1#5353 +ipset=/.ghost.org/gfwlist +server=/.ghostpath.com/127.0.0.1#5353 +ipset=/.ghostpath.com/gfwlist +server=/.ghut.org/127.0.0.1#5353 +ipset=/.ghut.org/gfwlist +server=/.giga-web.jp/127.0.0.1#5353 +ipset=/.giga-web.jp/gfwlist +server=/.gigporno.ru/127.0.0.1#5353 +ipset=/.gigporno.ru/gfwlist +server=/.gimpshop.com/127.0.0.1#5353 +ipset=/.gimpshop.com/gfwlist +server=/.girlbanker.com/127.0.0.1#5353 +ipset=/.girlbanker.com/gfwlist +server=/.git-scm.com/127.0.0.1#5353 +ipset=/.git-scm.com/gfwlist +server=/.gizlen.net/127.0.0.1#5353 +ipset=/.gizlen.net/gfwlist +server=/.glass8.eu/127.0.0.1#5353 +ipset=/.glass8.eu/gfwlist +server=/.glennhilton.com/127.0.0.1#5353 +ipset=/.glennhilton.com/gfwlist +server=/.global.hkepc.com/127.0.0.1#5353 +ipset=/.global.hkepc.com/gfwlist +server=/.globaljihad.net/127.0.0.1#5353 +ipset=/.globaljihad.net/gfwlist +server=/.globalmuseumoncommunism.org/127.0.0.1#5353 +ipset=/.globalmuseumoncommunism.org/gfwlist +server=/.globalrescue.hopto.org/127.0.0.1#5353 +ipset=/.globalrescue.hopto.org/gfwlist +server=/.globalrescue.net/127.0.0.1#5353 +ipset=/.globalrescue.net/gfwlist +server=/.globaltm.org/127.0.0.1#5353 +ipset=/.globaltm.org/gfwlist +server=/.globalvoicesonline.org/127.0.0.1#5353 +ipset=/.globalvoicesonline.org/gfwlist +server=/.glype.com/127.0.0.1#5353 +ipset=/.glype.com/gfwlist +server=/.gmail.com/127.0.0.1#5353 +ipset=/.gmail.com/gfwlist +server=/.gmbd.cn/127.0.0.1#5353 +ipset=/.gmbd.cn/gfwlist +server=/.gmhz.org/127.0.0.1#5353 +ipset=/.gmhz.org/gfwlist +server=/.gmll.org/127.0.0.1#5353 +ipset=/.gmll.org/gfwlist +server=/.gmodules.com/127.0.0.1#5353 +ipset=/.gmodules.com/gfwlist +server=/.gmozomg.izihost.org/127.0.0.1#5353 +ipset=/.gmozomg.izihost.org/gfwlist +server=/.gnci.org.hk/127.0.0.1#5353 +ipset=/.gnci.org.hk/gfwlist +server=/.goagent.biz/127.0.0.1#5353 +ipset=/.goagent.biz/gfwlist +server=/.goagent.codeplex.com/127.0.0.1#5353 +ipset=/.goagent.codeplex.com/gfwlist +server=/.goagentplus.com/127.0.0.1#5353 +ipset=/.goagentplus.com/gfwlist +server=/.godfootsteps.org/127.0.0.1#5353 +ipset=/.godfootsteps.org/gfwlist +server=/.godsdirectcontact.org/127.0.0.1#5353 +ipset=/.godsdirectcontact.org/gfwlist +server=/.gokbayrak.com/127.0.0.1#5353 +ipset=/.gokbayrak.com/gfwlist +server=/.golang.org/127.0.0.1#5353 +ipset=/.golang.org/gfwlist +server=/.goldbetsports.com/127.0.0.1#5353 +ipset=/.goldbetsports.com/gfwlist +server=/.goldenfrog.com/127.0.0.1#5353 +ipset=/.goldenfrog.com/gfwlist +server=/.goldstep.net/127.0.0.1#5353 +ipset=/.goldstep.net/gfwlist +server=/.goldwave.com/127.0.0.1#5353 +ipset=/.goldwave.com/gfwlist +server=/.gongm.in/127.0.0.1#5353 +ipset=/.gongm.in/gfwlist +server=/.gongmeng.info/127.0.0.1#5353 +ipset=/.gongmeng.info/gfwlist +server=/.gongminliliang.com/127.0.0.1#5353 +ipset=/.gongminliliang.com/gfwlist +server=/.gongwt.com/127.0.0.1#5353 +ipset=/.gongwt.com/gfwlist +server=/.goo.gl/127.0.0.1#5353 +ipset=/.goo.gl/gfwlist +server=/.goodreaders.com/127.0.0.1#5353 +ipset=/.goodreaders.com/gfwlist +server=/.goodreads.com/127.0.0.1#5353 +ipset=/.goodreads.com/gfwlist +server=/.goodtv.tv/127.0.0.1#5353 +ipset=/.goodtv.tv/gfwlist +server=/.goofind.com/127.0.0.1#5353 +ipset=/.goofind.com/gfwlist +server=/.google.co.jp/127.0.0.1#5353 +ipset=/.google.co.jp/gfwlist +server=/.google.co.uk/127.0.0.1#5353 +ipset=/.google.co.uk/gfwlist +server=/.google.com/127.0.0.1#5353 +ipset=/.google.com/gfwlist +server=/.google.com.hk/127.0.0.1#5353 +ipset=/.google.com.hk/gfwlist +server=/.google.com.sg/127.0.0.1#5353 +ipset=/.google.com.sg/gfwlist +server=/.google.ro/127.0.0.1#5353 +ipset=/.google.ro/gfwlist +server=/.googleapis.com/127.0.0.1#5353 +ipset=/.googleapis.com/gfwlist +server=/.googleartproject.com/127.0.0.1#5353 +ipset=/.googleartproject.com/gfwlist +server=/.googlecode.com/127.0.0.1#5353 +ipset=/.googlecode.com/gfwlist +server=/.googlecommerce.com/127.0.0.1#5353 +ipset=/.googlecommerce.com/gfwlist +server=/.googledomains.com/127.0.0.1#5353 +ipset=/.googledomains.com/gfwlist +server=/.googledrive.com/127.0.0.1#5353 +ipset=/.googledrive.com/gfwlist +server=/.googleearth.com/127.0.0.1#5353 +ipset=/.googleearth.com/gfwlist +server=/.googlegroups.com/127.0.0.1#5353 +ipset=/.googlegroups.com/gfwlist +server=/.googlehosted.com/127.0.0.1#5353 +ipset=/.googlehosted.com/gfwlist +server=/.googlelabs.com/127.0.0.1#5353 +ipset=/.googlelabs.com/gfwlist +server=/.googlemail.com/127.0.0.1#5353 +ipset=/.googlemail.com/gfwlist +server=/.googleplay.com/127.0.0.1#5353 +ipset=/.googleplay.com/gfwlist +server=/.googleplus.com/127.0.0.1#5353 +ipset=/.googleplus.com/gfwlist +server=/.googlesile.com/127.0.0.1#5353 +ipset=/.googlesile.com/gfwlist +server=/.googlesource.com/127.0.0.1#5353 +ipset=/.googlesource.com/gfwlist +server=/.googleusercontent.com/127.0.0.1#5353 +ipset=/.googleusercontent.com/gfwlist +server=/.googlevideo.com/127.0.0.1#5353 +ipset=/.googlevideo.com/gfwlist +server=/.googlezip.net/127.0.0.1#5353 +ipset=/.googlezip.net/gfwlist +server=/.gopetition.com/127.0.0.1#5353 +ipset=/.gopetition.com/gfwlist +server=/.go-pki.com/127.0.0.1#5353 +ipset=/.go-pki.com/gfwlist +server=/.goproxing.net/127.0.0.1#5353 +ipset=/.goproxing.net/gfwlist +server=/.gospelherald.com/127.0.0.1#5353 +ipset=/.gospelherald.com/gfwlist +server=/.gotgeeks.com/127.0.0.1#5353 +ipset=/.gotgeeks.com/gfwlist +server=/.gotrusted.com/127.0.0.1#5353 +ipset=/.gotrusted.com/gfwlist +server=/.gotw.ca/127.0.0.1#5353 +ipset=/.gotw.ca/gfwlist +server=/.grammaly.com/127.0.0.1#5353 +ipset=/.grammaly.com/gfwlist +server=/.grandtrial.org/127.0.0.1#5353 +ipset=/.grandtrial.org/gfwlist +server=/.grangorz.org/127.0.0.1#5353 +ipset=/.grangorz.org/gfwlist +server=/.graphis.ne.jp/127.0.0.1#5353 +ipset=/.graphis.ne.jp/gfwlist +server=/.graylog2.org/127.0.0.1#5353 +ipset=/.graylog2.org/gfwlist +server=/.greasespot.net/127.0.0.1#5353 +ipset=/.greasespot.net/gfwlist +server=/.greatfire.org/127.0.0.1#5353 +ipset=/.greatfire.org/gfwlist +server=/.greatfirewall.biz/127.0.0.1#5353 +ipset=/.greatfirewall.biz/gfwlist +server=/.great-firewall.com/127.0.0.1#5353 +ipset=/.great-firewall.com/gfwlist +server=/.greatfirewallofchina.net/127.0.0.1#5353 +ipset=/.greatfirewallofchina.net/gfwlist +server=/.greatfirewallofchina.org/127.0.0.1#5353 +ipset=/.greatfirewallofchina.org/gfwlist +server=/.greatroc.org/127.0.0.1#5353 +ipset=/.greatroc.org/gfwlist +server=/.great-roc.org/127.0.0.1#5353 +ipset=/.great-roc.org/gfwlist +server=/.greatzhonghua.org/127.0.0.1#5353 +ipset=/.greatzhonghua.org/gfwlist +server=/.greenpeace.org/127.0.0.1#5353 +ipset=/.greenpeace.org/gfwlist +server=/.greenvpn.net/127.0.0.1#5353 +ipset=/.greenvpn.net/gfwlist +server=/.groups.google.cn/127.0.0.1#5353 +ipset=/.groups.google.cn/gfwlist +server=/.gs-discuss.com/127.0.0.1#5353 +ipset=/.gs-discuss.com/gfwlist +server=/.gstatic.com/127.0.0.1#5353 +ipset=/.gstatic.com/gfwlist +server=/.gtricks.com/127.0.0.1#5353 +ipset=/.gtricks.com/gfwlist +server=/.guancha.org/127.0.0.1#5353 +ipset=/.guancha.org/gfwlist +server=/.gu-chu-sum.org/127.0.0.1#5353 +ipset=/.gu-chu-sum.org/gfwlist +server=/.guishan.org/127.0.0.1#5353 +ipset=/.guishan.org/gfwlist +server=/.gunsamerica.com/127.0.0.1#5353 +ipset=/.gunsamerica.com/gfwlist +server=/.gun-world.net/127.0.0.1#5353 +ipset=/.gun-world.net/gfwlist +server=/.guruonline.hk/127.0.0.1#5353 +ipset=/.guruonline.hk/gfwlist +server=/.gutteruncensored.com/127.0.0.1#5353 +ipset=/.gutteruncensored.com/gfwlist +server=/.gvlib.com/127.0.0.1#5353 +ipset=/.gvlib.com/gfwlist +server=/.gvt0.com/127.0.0.1#5353 +ipset=/.gvt0.com/gfwlist +server=/.gvt1.com/127.0.0.1#5353 +ipset=/.gvt1.com/gfwlist +server=/.gvt1.com/127.0.0.1#5353 +ipset=/.gvt1.com/gfwlist +server=/.gvt2.com/127.0.0.1#5353 +ipset=/.gvt2.com/gfwlist +server=/.gvt3.com/127.0.0.1#5353 +ipset=/.gvt3.com/gfwlist +server=/.gyalwarinpoche.com/127.0.0.1#5353 +ipset=/.gyalwarinpoche.com/gfwlist +server=/.gyatsostudio.com/127.0.0.1#5353 +ipset=/.gyatsostudio.com/gfwlist +server=/.gzm.tv/127.0.0.1#5353 +ipset=/.gzm.tv/gfwlist +server=/.gzone-anime.info/127.0.0.1#5353 +ipset=/.gzone-anime.info/gfwlist +server=/.h1n1china.org/127.0.0.1#5353 +ipset=/.h1n1china.org/gfwlist +server=/.hacken.cc/127.0.0.1#5353 +ipset=/.hacken.cc/gfwlist +server=/.hackthatphone.net/127.0.0.1#5353 +ipset=/.hackthatphone.net/gfwlist +server=/.hahlo.com/127.0.0.1#5353 +ipset=/.hahlo.com/gfwlist +server=/.hanunyi.com/127.0.0.1#5353 +ipset=/.hanunyi.com/gfwlist +server=/.happy-vpn.com/127.0.0.1#5353 +ipset=/.happy-vpn.com/gfwlist +server=/.haproxy.org/127.0.0.1#5353 +ipset=/.haproxy.org/gfwlist +server=/.hardsextube.com/127.0.0.1#5353 +ipset=/.hardsextube.com/gfwlist +server=/.harunyahya.com/127.0.0.1#5353 +ipset=/.harunyahya.com/gfwlist +server=/.hasaowall.com/127.0.0.1#5353 +ipset=/.hasaowall.com/gfwlist +server=/.have8.com/127.0.0.1#5353 +ipset=/.have8.com/gfwlist +server=/.h-china.org/127.0.0.1#5353 +ipset=/.h-china.org/gfwlist +server=/.hdtvb.net/127.0.0.1#5353 +ipset=/.hdtvb.net/gfwlist +server=/.heartyit.com/127.0.0.1#5353 +ipset=/.heartyit.com/gfwlist +server=/.hecaitou.net/127.0.0.1#5353 +ipset=/.hecaitou.net/gfwlist +server=/.hechaji.com/127.0.0.1#5353 +ipset=/.hechaji.com/gfwlist +server=/.heix.pp.ru/127.0.0.1#5353 +ipset=/.heix.pp.ru/gfwlist +server=/.helloandroid.com/127.0.0.1#5353 +ipset=/.helloandroid.com/gfwlist +server=/.helloqueer.com/127.0.0.1#5353 +ipset=/.helloqueer.com/gfwlist +server=/.hellotxt.com/127.0.0.1#5353 +ipset=/.hellotxt.com/gfwlist +server=/.hellouk.org/127.0.0.1#5353 +ipset=/.hellouk.org/gfwlist +server=/.help.linksalpha.com/127.0.0.1#5353 +ipset=/.help.linksalpha.com/gfwlist +server=/.help.opera.com/127.0.0.1#5353 +ipset=/.help.opera.com/gfwlist +server=/.helpeachpeople.com/127.0.0.1#5353 +ipset=/.helpeachpeople.com/gfwlist +server=/.helplinfen.com/127.0.0.1#5353 +ipset=/.helplinfen.com/gfwlist +server=/.helpzhuling.org/127.0.0.1#5353 +ipset=/.helpzhuling.org/gfwlist +server=/.hentai.to/127.0.0.1#5353 +ipset=/.hentai.to/gfwlist +server=/.heqinglian.net/127.0.0.1#5353 +ipset=/.heqinglian.net/gfwlist +server=/.here4news.com/127.0.0.1#5353 +ipset=/.here4news.com/gfwlist +server=/.heungkongdiscuss.com/127.0.0.1#5353 +ipset=/.heungkongdiscuss.com/gfwlist +server=/.hexxeh.net/127.0.0.1#5353 +ipset=/.hexxeh.net/gfwlist +server=/.heyzo.com/127.0.0.1#5353 +ipset=/.heyzo.com/gfwlist +server=/.hgseav.com/127.0.0.1#5353 +ipset=/.hgseav.com/gfwlist +server=/.hidden-advent.org/127.0.0.1#5353 +ipset=/.hidden-advent.org/gfwlist +server=/.hide.me/127.0.0.1#5353 +ipset=/.hide.me/gfwlist +server=/.hidecloud.com/127.0.0.1#5353 +ipset=/.hidecloud.com/gfwlist +server=/.hideipvpn.com/127.0.0.1#5353 +ipset=/.hideipvpn.com/gfwlist +server=/.hideman.net/127.0.0.1#5353 +ipset=/.hideman.net/gfwlist +server=/.hideme.nl/127.0.0.1#5353 +ipset=/.hideme.nl/gfwlist +server=/.hidemyass.com/127.0.0.1#5353 +ipset=/.hidemyass.com/gfwlist +server=/.hidemycomp.com/127.0.0.1#5353 +ipset=/.hidemycomp.com/gfwlist +server=/.higfw.com/127.0.0.1#5353 +ipset=/.higfw.com/gfwlist +server=/.highpeakspureearth.com/127.0.0.1#5353 +ipset=/.highpeakspureearth.com/gfwlist +server=/.highrockmedia.com/127.0.0.1#5353 +ipset=/.highrockmedia.com/gfwlist +server=/.hihiforum.com/127.0.0.1#5353 +ipset=/.hihiforum.com/gfwlist +server=/.hihistory.net/127.0.0.1#5353 +ipset=/.hihistory.net/gfwlist +server=/.hiitch.com/127.0.0.1#5353 +ipset=/.hiitch.com/gfwlist +server=/.hikinggfw.org/127.0.0.1#5353 +ipset=/.hikinggfw.org/gfwlist +server=/.himalayan-foundation.org/127.0.0.1#5353 +ipset=/.himalayan-foundation.org/gfwlist +server=/.himemix.com/127.0.0.1#5353 +ipset=/.himemix.com/gfwlist +server=/.himemix.net/127.0.0.1#5353 +ipset=/.himemix.net/gfwlist +server=/.hjclub.info/127.0.0.1#5353 +ipset=/.hjclub.info/gfwlist +server=/.hk.geocities.com/127.0.0.1#5353 +ipset=/.hk.geocities.com/gfwlist +server=/.hk.gradconnection.com/127.0.0.1#5353 +ipset=/.hk.gradconnection.com/gfwlist +server=/.hk.hao123img.com/127.0.0.1#5353 +ipset=/.hk.hao123img.com/gfwlist +server=/.hk.jiepang.com/127.0.0.1#5353 +ipset=/.hk.jiepang.com/gfwlist +server=/.hk.knowledge.yahoo.com/127.0.0.1#5353 +ipset=/.hk.knowledge.yahoo.com/gfwlist +server=/.hk.myblog.yahoo.com/127.0.0.1#5353 +ipset=/.hk.myblog.yahoo.com/gfwlist +server=/.hk.news.yahoo.com/127.0.0.1#5353 +ipset=/.hk.news.yahoo.com/gfwlist +server=/.hk.rd.yahoo.com/127.0.0.1#5353 +ipset=/.hk.rd.yahoo.com/gfwlist +server=/.hk.search.yahoo.com/127.0.0.1#5353 +ipset=/.hk.search.yahoo.com/gfwlist +server=/.hk.video.news.yahoo.com/127.0.0.1#5353 +ipset=/.hk.video.news.yahoo.com/gfwlist +server=/.hk.yahoo.com/127.0.0.1#5353 +ipset=/.hk.yahoo.com/gfwlist +server=/.hk01.com/127.0.0.1#5353 +ipset=/.hk01.com/gfwlist +server=/.hk32168.com/127.0.0.1#5353 +ipset=/.hk32168.com/gfwlist +server=/.hkatvnews.com/127.0.0.1#5353 +ipset=/.hkatvnews.com/gfwlist +server=/.hkbc.net/127.0.0.1#5353 +ipset=/.hkbc.net/gfwlist +server=/.hkbf.org/127.0.0.1#5353 +ipset=/.hkbf.org/gfwlist +server=/.hkbookcity.com/127.0.0.1#5353 +ipset=/.hkbookcity.com/gfwlist +server=/.hkchurch.org/127.0.0.1#5353 +ipset=/.hkchurch.org/gfwlist +server=/.hkdailynews.com.hk/127.0.0.1#5353 +ipset=/.hkdailynews.com.hk/gfwlist +server=/.hkday.net/127.0.0.1#5353 +ipset=/.hkday.net/gfwlist +server=/.hkdf.org/127.0.0.1#5353 +ipset=/.hkdf.org/gfwlist +server=/.hkej.com/127.0.0.1#5353 +ipset=/.hkej.com/gfwlist +server=/.hkepc.com/127.0.0.1#5353 +ipset=/.hkepc.com/gfwlist +server=/.hkfront.org/127.0.0.1#5353 +ipset=/.hkfront.org/gfwlist +server=/.hkgolden.com/127.0.0.1#5353 +ipset=/.hkgolden.com/gfwlist +server=/.hkgreenradio.org/127.0.0.1#5353 +ipset=/.hkgreenradio.org/gfwlist +server=/.hkheadline.com/127.0.0.1#5353 +ipset=/.hkheadline.com/gfwlist +server=/.hkhkhk.com/127.0.0.1#5353 +ipset=/.hkhkhk.com/gfwlist +server=/.hkhrc.org.hk/127.0.0.1#5353 +ipset=/.hkhrc.org.hk/gfwlist +server=/.hkhrm.org.hk/127.0.0.1#5353 +ipset=/.hkhrm.org.hk/gfwlist +server=/.hkjc.com/127.0.0.1#5353 +ipset=/.hkjc.com/gfwlist +server=/.hkjp.org/127.0.0.1#5353 +ipset=/.hkjp.org/gfwlist +server=/.hklft.com/127.0.0.1#5353 +ipset=/.hklft.com/gfwlist +server=/.hklts.org.hk/127.0.0.1#5353 +ipset=/.hklts.org.hk/gfwlist +server=/.hkptu.org/127.0.0.1#5353 +ipset=/.hkptu.org/gfwlist +server=/.hk-pub.com/127.0.0.1#5353 +ipset=/.hk-pub.com/gfwlist +server=/.hkreporter.com/127.0.0.1#5353 +ipset=/.hkreporter.com/gfwlist +server=/.hkreporter.loved.hk/127.0.0.1#5353 +ipset=/.hkreporter.loved.hk/gfwlist +server=/.hkupop.hku.hk/127.0.0.1#5353 +ipset=/.hkupop.hku.hk/gfwlist +server=/.hkusu.net/127.0.0.1#5353 +ipset=/.hkusu.net/gfwlist +server=/.hkwcc.org.hk/127.0.0.1#5353 +ipset=/.hkwcc.org.hk/gfwlist +server=/.hkzone.org/127.0.0.1#5353 +ipset=/.hkzone.org/gfwlist +server=/.hmvdigital.ca/127.0.0.1#5353 +ipset=/.hmvdigital.ca/gfwlist +server=/.hmvdigital.com/127.0.0.1#5353 +ipset=/.hmvdigital.com/gfwlist +server=/.hnjhj.com/127.0.0.1#5353 +ipset=/.hnjhj.com/gfwlist +server=/.hola.com/127.0.0.1#5353 +ipset=/.hola.com/gfwlist +server=/.hola.org/127.0.0.1#5353 +ipset=/.hola.org/gfwlist +server=/.holyspiritspeaks.org/127.0.0.1#5353 +ipset=/.holyspiritspeaks.org/gfwlist +server=/.holz.byethost8.com/127.0.0.1#5353 +ipset=/.holz.byethost8.com/gfwlist +server=/.home.sina.com/127.0.0.1#5353 +ipset=/.home.sina.com/gfwlist +server=/.homedepot.com/127.0.0.1#5353 +ipset=/.homedepot.com/gfwlist +server=/.homeservershow.com/127.0.0.1#5353 +ipset=/.homeservershow.com/gfwlist +server=/.hongmeimei.com/127.0.0.1#5353 +ipset=/.hongmeimei.com/gfwlist +server=/.hongzhi.li/127.0.0.1#5353 +ipset=/.hongzhi.li/gfwlist +server=/.hootsuite.com/127.0.0.1#5353 +ipset=/.hootsuite.com/gfwlist +server=/.hornygamer.com/127.0.0.1#5353 +ipset=/.hornygamer.com/gfwlist +server=/.hotav.tv/127.0.0.1#5353 +ipset=/.hotav.tv/gfwlist +server=/.hotpot.hk/127.0.0.1#5353 +ipset=/.hotpot.hk/gfwlist +server=/.hotshame.com/127.0.0.1#5353 +ipset=/.hotshame.com/gfwlist +server=/.hotspotshield.com/127.0.0.1#5353 +ipset=/.hotspotshield.com/gfwlist +server=/.hougaige.com/127.0.0.1#5353 +ipset=/.hougaige.com/gfwlist +server=/.howtoforge.com/127.0.0.1#5353 +ipset=/.howtoforge.com/gfwlist +server=/.hqcdp.org/127.0.0.1#5353 +ipset=/.hqcdp.org/gfwlist +server=/.hqjapanesesex.com/127.0.0.1#5353 +ipset=/.hqjapanesesex.com/gfwlist +server=/.hrcchina.org/127.0.0.1#5353 +ipset=/.hrcchina.org/gfwlist +server=/.hrcir.com/127.0.0.1#5353 +ipset=/.hrcir.com/gfwlist +server=/.hrea.org/127.0.0.1#5353 +ipset=/.hrea.org/gfwlist +server=/.hrichina.org/127.0.0.1#5353 +ipset=/.hrichina.org/gfwlist +server=/.hrw.org/127.0.0.1#5353 +ipset=/.hrw.org/gfwlist +server=/.hrweb.org/127.0.0.1#5353 +ipset=/.hrweb.org/gfwlist +server=/.hsjp.net/127.0.0.1#5353 +ipset=/.hsjp.net/gfwlist +server=/.hsselite.com/127.0.0.1#5353 +ipset=/.hsselite.com/gfwlist +server=/.hstt.net/127.0.0.1#5353 +ipset=/.hstt.net/gfwlist +server=/.ht.ly/127.0.0.1#5353 +ipset=/.ht.ly/gfwlist +server=/.htkou.net/127.0.0.1#5353 +ipset=/.htkou.net/gfwlist +server=/.htl.li/127.0.0.1#5353 +ipset=/.htl.li/gfwlist +server=/.html5rocks.com/127.0.0.1#5353 +ipset=/.html5rocks.com/gfwlist +server=/.htmldog.com/127.0.0.1#5353 +ipset=/.htmldog.com/gfwlist +server=/.huaglad.com/127.0.0.1#5353 +ipset=/.huaglad.com/gfwlist +server=/.huanghuagang.org/127.0.0.1#5353 +ipset=/.huanghuagang.org/gfwlist +server=/.huaren.us/127.0.0.1#5353 +ipset=/.huaren.us/gfwlist +server=/.huaxiabao.org/127.0.0.1#5353 +ipset=/.huaxiabao.org/gfwlist +server=/.huaxia-news.com/127.0.0.1#5353 +ipset=/.huaxia-news.com/gfwlist +server=/.huaxin.ph/127.0.0.1#5353 +ipset=/.huaxin.ph/gfwlist +server=/.hua-yue.net/127.0.0.1#5353 +ipset=/.hua-yue.net/gfwlist +server=/.huayuworld.org/127.0.0.1#5353 +ipset=/.huayuworld.org/gfwlist +server=/.hudatoriq.web.id/127.0.0.1#5353 +ipset=/.hudatoriq.web.id/gfwlist +server=/.huffingtonpost.com/127.0.0.1#5353 +ipset=/.huffingtonpost.com/gfwlist +server=/.hugoroy.eu/127.0.0.1#5353 +ipset=/.hugoroy.eu/gfwlist +server=/.huhaitai.com/127.0.0.1#5353 +ipset=/.huhaitai.com/gfwlist +server=/.huhamhire.com/127.0.0.1#5353 +ipset=/.huhamhire.com/gfwlist +server=/.hulu.com/127.0.0.1#5353 +ipset=/.hulu.com/gfwlist +server=/.huluim.com/127.0.0.1#5353 +ipset=/.huluim.com/gfwlist +server=/.humanrightsbriefing.org/127.0.0.1#5353 +ipset=/.humanrightsbriefing.org/gfwlist +server=/.hungerstrikeforaids.org/127.0.0.1#5353 +ipset=/.hungerstrikeforaids.org/gfwlist +server=/.hung-ya.com/127.0.0.1#5353 +ipset=/.hung-ya.com/gfwlist +server=/.huping.net/127.0.0.1#5353 +ipset=/.huping.net/gfwlist +server=/.hustlercash.com/127.0.0.1#5353 +ipset=/.hustlercash.com/gfwlist +server=/.hutianyi.net/127.0.0.1#5353 +ipset=/.hutianyi.net/gfwlist +server=/.hutong9.net/127.0.0.1#5353 +ipset=/.hutong9.net/gfwlist +server=/.hwinfo.com/127.0.0.1#5353 +ipset=/.hwinfo.com/gfwlist +server=/.hxwq.org/127.0.0.1#5353 +ipset=/.hxwq.org/gfwlist +server=/.hybrid-analysis.com/127.0.0.1#5353 +ipset=/.hybrid-analysis.com/gfwlist +server=/.hyperrate.com/127.0.0.1#5353 +ipset=/.hyperrate.com/gfwlist +server=/.hypeshell.com/127.0.0.1#5353 +ipset=/.hypeshell.com/gfwlist +server=/.i1.hk/127.0.0.1#5353 +ipset=/.i1.hk/gfwlist +server=/.i2p2.de/127.0.0.1#5353 +ipset=/.i2p2.de/gfwlist +server=/.i2runner.com/127.0.0.1#5353 +ipset=/.i2runner.com/gfwlist +server=/.iam.soy/127.0.0.1#5353 +ipset=/.iam.soy/gfwlist +server=/.iask.bz/127.0.0.1#5353 +ipset=/.iask.bz/gfwlist +server=/.iask.ca/127.0.0.1#5353 +ipset=/.iask.ca/gfwlist +server=/.ibiblio.org/127.0.0.1#5353 +ipset=/.ibiblio.org/gfwlist +server=/.iblogserv-f.net/127.0.0.1#5353 +ipset=/.iblogserv-f.net/gfwlist +server=/.ibros.org/127.0.0.1#5353 +ipset=/.ibros.org/gfwlist +server=/.ibvpn.com/127.0.0.1#5353 +ipset=/.ibvpn.com/gfwlist +server=/.i-cable.com/127.0.0.1#5353 +ipset=/.i-cable.com/gfwlist +server=/.icij.org/127.0.0.1#5353 +ipset=/.icij.org/gfwlist +server=/.icl-fi.org/127.0.0.1#5353 +ipset=/.icl-fi.org/gfwlist +server=/.icoco.com/127.0.0.1#5353 +ipset=/.icoco.com/gfwlist +server=/.iconfactory.com/127.0.0.1#5353 +ipset=/.iconfactory.com/gfwlist +server=/.iconpaper.org/127.0.0.1#5353 +ipset=/.iconpaper.org/gfwlist +server=/.icu-project.org/127.0.0.1#5353 +ipset=/.icu-project.org/gfwlist +server=/.id.hao123.com/127.0.0.1#5353 +ipset=/.id.hao123.com/gfwlist +server=/.idemocracy.asia/127.0.0.1#5353 +ipset=/.idemocracy.asia/gfwlist +server=/.identi.ca/127.0.0.1#5353 +ipset=/.identi.ca/gfwlist +server=/.idiomconnection.com/127.0.0.1#5353 +ipset=/.idiomconnection.com/gfwlist +server=/.idouga.com/127.0.0.1#5353 +ipset=/.idouga.com/gfwlist +server=/.idreamx.com/127.0.0.1#5353 +ipset=/.idreamx.com/gfwlist +server=/.ieasynews.net/127.0.0.1#5353 +ipset=/.ieasynews.net/gfwlist +server=/.ied2k.net/127.0.0.1#5353 +ipset=/.ied2k.net/gfwlist +server=/.ienergy1.com/127.0.0.1#5353 +ipset=/.ienergy1.com/gfwlist +server=/.if.ttt/127.0.0.1#5353 +ipset=/.if.ttt/gfwlist +server=/.ifan.cz.cc/127.0.0.1#5353 +ipset=/.ifan.cz.cc/gfwlist +server=/.ifanqiang.com/127.0.0.1#5353 +ipset=/.ifanqiang.com/gfwlist +server=/.ifanr.com/127.0.0.1#5353 +ipset=/.ifanr.com/gfwlist +server=/.ifcss.org/127.0.0.1#5353 +ipset=/.ifcss.org/gfwlist +server=/.ifjc.org/127.0.0.1#5353 +ipset=/.ifjc.org/gfwlist +server=/.ifreewares.com/127.0.0.1#5353 +ipset=/.ifreewares.com/gfwlist +server=/.ift.tt/127.0.0.1#5353 +ipset=/.ift.tt/gfwlist +server=/.igfw.net/127.0.0.1#5353 +ipset=/.igfw.net/gfwlist +server=/.ignitedetroit.net/127.0.0.1#5353 +ipset=/.ignitedetroit.net/gfwlist +server=/.igvita.com/127.0.0.1#5353 +ipset=/.igvita.com/gfwlist +server=/.ihakka.net/127.0.0.1#5353 +ipset=/.ihakka.net/gfwlist +server=/.iicns.com/127.0.0.1#5353 +ipset=/.iicns.com/gfwlist +server=/.illusionfactory.com/127.0.0.1#5353 +ipset=/.illusionfactory.com/gfwlist +server=/.ilove80.be/127.0.0.1#5353 +ipset=/.ilove80.be/gfwlist +server=/.ilovelongtoes.com/127.0.0.1#5353 +ipset=/.ilovelongtoes.com/gfwlist +server=/.im.tv/127.0.0.1#5353 +ipset=/.im.tv/gfwlist +server=/.imgaa.com/127.0.0.1#5353 +ipset=/.imgaa.com/gfwlist +server=/.imagefap.com/127.0.0.1#5353 +ipset=/.imagefap.com/gfwlist +server=/.imageflea.com/127.0.0.1#5353 +ipset=/.imageflea.com/gfwlist +server=/.imageshack.us/127.0.0.1#5353 +ipset=/.imageshack.us/gfwlist +server=/.imageshot.eu/127.0.0.1#5353 +ipset=/.imageshot.eu/gfwlist +server=/.imagevenue.com/127.0.0.1#5353 +ipset=/.imagevenue.com/gfwlist +server=/.imagezilla.net/127.0.0.1#5353 +ipset=/.imagezilla.net/gfwlist +server=/.img.dlsite.jp/127.0.0.1#5353 +ipset=/.img.dlsite.jp/gfwlist +server=/.img.ly/127.0.0.1#5353 +ipset=/.img.ly/gfwlist +server=/.imgmega.com/127.0.0.1#5353 +ipset=/.imgmega.com/gfwlist +server=/.imkev.com/127.0.0.1#5353 +ipset=/.imkev.com/gfwlist +server=/.imlive.com/127.0.0.1#5353 +ipset=/.imlive.com/gfwlist +server=/.impp.mn/127.0.0.1#5353 +ipset=/.impp.mn/gfwlist +server=/.incredibox.fr/127.0.0.1#5353 +ipset=/.incredibox.fr/gfwlist +server=/.indiemerch.com/127.0.0.1#5353 +ipset=/.indiemerch.com/gfwlist +server=/.info-graf.fr/127.0.0.1#5353 +ipset=/.info-graf.fr/gfwlist +server=/.initiativesforchina.org/127.0.0.1#5353 +ipset=/.initiativesforchina.org/gfwlist +server=/.inmediahk.net/127.0.0.1#5353 +ipset=/.inmediahk.net/gfwlist +server=/.innermongolia.org/127.0.0.1#5353 +ipset=/.innermongolia.org/gfwlist +server=/.instagram.com/127.0.0.1#5353 +ipset=/.instagram.com/gfwlist +server=/.interfaceaddiction.com/127.0.0.1#5353 +ipset=/.interfaceaddiction.com/gfwlist +server=/.internationalrivers.org/127.0.0.1#5353 +ipset=/.internationalrivers.org/gfwlist +server=/.internet.org/127.0.0.1#5353 +ipset=/.internet.org/gfwlist +server=/.internetdefenseleague.org/127.0.0.1#5353 +ipset=/.internetdefenseleague.org/gfwlist +server=/.internetfreedom.org/127.0.0.1#5353 +ipset=/.internetfreedom.org/gfwlist +server=/.internetpopculture.com/127.0.0.1#5353 +ipset=/.internetpopculture.com/gfwlist +server=/.inxian.com/127.0.0.1#5353 +ipset=/.inxian.com/gfwlist +server=/.ipalter.com/127.0.0.1#5353 +ipset=/.ipalter.com/gfwlist +server=/.iphone4hongkong.com/127.0.0.1#5353 +ipset=/.iphone4hongkong.com/gfwlist +server=/.iphonehacks.com/127.0.0.1#5353 +ipset=/.iphonehacks.com/gfwlist +server=/.iphonix.fr/127.0.0.1#5353 +ipset=/.iphonix.fr/gfwlist +server=/.ipicture.ru/127.0.0.1#5353 +ipset=/.ipicture.ru/gfwlist +server=/.iportal.me/127.0.0.1#5353 +ipset=/.iportal.me/gfwlist +server=/.ippotv.com/127.0.0.1#5353 +ipset=/.ippotv.com/gfwlist +server=/.ipredator.se/127.0.0.1#5353 +ipset=/.ipredator.se/gfwlist +server=/.iptorrents.com/127.0.0.1#5353 +ipset=/.iptorrents.com/gfwlist +server=/.ipvanish.com/127.0.0.1#5353 +ipset=/.ipvanish.com/gfwlist +server=/.iredmail.org/127.0.0.1#5353 +ipset=/.iredmail.org/gfwlist +server=/.ironbigfools.compython.net/127.0.0.1#5353 +ipset=/.ironbigfools.compython.net/gfwlist +server=/.ironicsoftware.com/127.0.0.1#5353 +ipset=/.ironicsoftware.com/gfwlist +server=/.ironpython.net/127.0.0.1#5353 +ipset=/.ironpython.net/gfwlist +server=/.isaacmao.com/127.0.0.1#5353 +ipset=/.isaacmao.com/gfwlist +server=/.isgreat.org/127.0.0.1#5353 +ipset=/.isgreat.org/gfwlist +server=/.islam.org.hk/127.0.0.1#5353 +ipset=/.islam.org.hk/gfwlist +server=/.islamawareness.net/127.0.0.1#5353 +ipset=/.islamawareness.net/gfwlist +server=/.islamicity.com/127.0.0.1#5353 +ipset=/.islamicity.com/gfwlist +server=/.ismaelan.com/127.0.0.1#5353 +ipset=/.ismaelan.com/gfwlist +server=/.ismalltits.com/127.0.0.1#5353 +ipset=/.ismalltits.com/gfwlist +server=/.ismprofessional.net/127.0.0.1#5353 +ipset=/.ismprofessional.net/gfwlist +server=/.isohunt.com/127.0.0.1#5353 +ipset=/.isohunt.com/gfwlist +server=/.israbox.com/127.0.0.1#5353 +ipset=/.israbox.com/gfwlist +server=/.istockphoto.com/127.0.0.1#5353 +ipset=/.istockphoto.com/gfwlist +server=/.isunaffairs.com/127.0.0.1#5353 +ipset=/.isunaffairs.com/gfwlist +server=/.isuntv.com/127.0.0.1#5353 +ipset=/.isuntv.com/gfwlist +server=/.itaboo.info/127.0.0.1#5353 +ipset=/.itaboo.info/gfwlist +server=/.italiatibet.org/127.0.0.1#5353 +ipset=/.italiatibet.org/gfwlist +server=/.its.caltech.edu/127.0.0.1#5353 +ipset=/.its.caltech.edu/gfwlist +server=/.itshidden.com/127.0.0.1#5353 +ipset=/.itshidden.com/gfwlist +server=/.itsky.it/127.0.0.1#5353 +ipset=/.itsky.it/gfwlist +server=/.itweet.net/127.0.0.1#5353 +ipset=/.itweet.net/gfwlist +server=/.iu45.com/127.0.0.1#5353 +ipset=/.iu45.com/gfwlist +server=/.iuhrdf.org/127.0.0.1#5353 +ipset=/.iuhrdf.org/gfwlist +server=/.iuksky.com/127.0.0.1#5353 +ipset=/.iuksky.com/gfwlist +server=/.ivacy.com/127.0.0.1#5353 +ipset=/.ivacy.com/gfwlist +server=/.iverycd.com/127.0.0.1#5353 +ipset=/.iverycd.com/gfwlist +server=/.ivpn.net/127.0.0.1#5353 +ipset=/.ivpn.net/gfwlist +server=/.ixquick.com/127.0.0.1#5353 +ipset=/.ixquick.com/gfwlist +server=/.iyouport.com/127.0.0.1#5353 +ipset=/.iyouport.com/gfwlist +server=/.izaobao.us/127.0.0.1#5353 +ipset=/.izaobao.us/gfwlist +server=/.izles.net/127.0.0.1#5353 +ipset=/.izles.net/gfwlist +server=/.j.mp/127.0.0.1#5353 +ipset=/.j.mp/gfwlist +server=/.jamyangnorbu.com/127.0.0.1#5353 +ipset=/.jamyangnorbu.com/gfwlist +server=/.japanfirst.asianfreeforum.com/127.0.0.1#5353 +ipset=/.japanfirst.asianfreeforum.com/gfwlist +server=/.japan-whores.com/127.0.0.1#5353 +ipset=/.japan-whores.com/gfwlist +server=/.jav68.tv/127.0.0.1#5353 +ipset=/.jav68.tv/gfwlist +server=/.javakiba.org/127.0.0.1#5353 +ipset=/.javakiba.org/gfwlist +server=/.javbus.com/127.0.0.1#5353 +ipset=/.javbus.com/gfwlist +server=/.javfor.me/127.0.0.1#5353 +ipset=/.javfor.me/gfwlist +server=/.javhip.com/127.0.0.1#5353 +ipset=/.javhip.com/gfwlist +server=/.javhub.net/127.0.0.1#5353 +ipset=/.javhub.net/gfwlist +server=/.javhuge.com/127.0.0.1#5353 +ipset=/.javhuge.com/gfwlist +server=/.javlibrary.com/127.0.0.1#5353 +ipset=/.javlibrary.com/gfwlist +server=/.javmoo.com/127.0.0.1#5353 +ipset=/.javmoo.com/gfwlist +server=/.javseen.com/127.0.0.1#5353 +ipset=/.javseen.com/gfwlist +server=/.jbtalks.cc/127.0.0.1#5353 +ipset=/.jbtalks.cc/gfwlist +server=/.jbtalks.com/127.0.0.1#5353 +ipset=/.jbtalks.com/gfwlist +server=/.jbtalks.my/127.0.0.1#5353 +ipset=/.jbtalks.my/gfwlist +server=/.jdwsy.com/127.0.0.1#5353 +ipset=/.jdwsy.com/gfwlist +server=/.jeanyim.com/127.0.0.1#5353 +ipset=/.jeanyim.com/gfwlist +server=/.jgoodies.com/127.0.0.1#5353 +ipset=/.jgoodies.com/gfwlist +server=/.jiangweiping.com/127.0.0.1#5353 +ipset=/.jiangweiping.com/gfwlist +server=/.jiaoyou8.com/127.0.0.1#5353 +ipset=/.jiaoyou8.com/gfwlist +server=/.jiehua.cz/127.0.0.1#5353 +ipset=/.jiehua.cz/gfwlist +server=/.jieshibaobao.com/127.0.0.1#5353 +ipset=/.jieshibaobao.com/gfwlist +server=/.jigong1024.com/127.0.0.1#5353 +ipset=/.jigong1024.com/gfwlist +server=/.jinbushe.org/127.0.0.1#5353 +ipset=/.jinbushe.org/gfwlist +server=/.jingpin.org/127.0.0.1#5353 +ipset=/.jingpin.org/gfwlist +server=/.jingsim.org/127.0.0.1#5353 +ipset=/.jingsim.org/gfwlist +server=/.jitouch.com/127.0.0.1#5353 +ipset=/.jitouch.com/gfwlist +server=/.jizzthis.com/127.0.0.1#5353 +ipset=/.jizzthis.com/gfwlist +server=/.jjgirls.com/127.0.0.1#5353 +ipset=/.jjgirls.com/gfwlist +server=/.jkforum.net/127.0.0.1#5353 +ipset=/.jkforum.net/gfwlist +server=/.jma.go.jp/127.0.0.1#5353 +ipset=/.jma.go.jp/gfwlist +server=/.joachims.org/127.0.0.1#5353 +ipset=/.joachims.org/gfwlist +server=/.jobso.tv/127.0.0.1#5353 +ipset=/.jobso.tv/gfwlist +server=/.joeedelman.com/127.0.0.1#5353 +ipset=/.joeedelman.com/gfwlist +server=/.journalofdemocracy.org/127.0.0.1#5353 +ipset=/.journalofdemocracy.org/gfwlist +server=/.jp.hao123.com/127.0.0.1#5353 +ipset=/.jp.hao123.com/gfwlist +server=/.jpl.nasa.gov/127.0.0.1#5353 +ipset=/.jpl.nasa.gov/gfwlist +server=/.jpopforum.net/127.0.0.1#5353 +ipset=/.jpopforum.net/gfwlist +server=/.juhuaren.com/127.0.0.1#5353 +ipset=/.juhuaren.com/gfwlist +server=/.juliepost.com/127.0.0.1#5353 +ipset=/.juliepost.com/gfwlist +server=/.juliereyc.com/127.0.0.1#5353 +ipset=/.juliereyc.com/gfwlist +server=/.junauza.com/127.0.0.1#5353 +ipset=/.junauza.com/gfwlist +server=/.june4commemoration.org/127.0.0.1#5353 +ipset=/.june4commemoration.org/gfwlist +server=/.junefourth-20.net/127.0.0.1#5353 +ipset=/.junefourth-20.net/gfwlist +server=/.justfreevpn.com/127.0.0.1#5353 +ipset=/.justfreevpn.com/gfwlist +server=/.justicefortenzin.org/127.0.0.1#5353 +ipset=/.justicefortenzin.org/gfwlist +server=/.justpaste.it/127.0.0.1#5353 +ipset=/.justpaste.it/gfwlist +server=/.justtristan.com/127.0.0.1#5353 +ipset=/.justtristan.com/gfwlist +server=/.juyuange.org/127.0.0.1#5353 +ipset=/.juyuange.org/gfwlist +server=/.juziyue.com/127.0.0.1#5353 +ipset=/.juziyue.com/gfwlist +server=/.jwmusic.org/127.0.0.1#5353 +ipset=/.jwmusic.org/gfwlist +server=/.jyxf.net/127.0.0.1#5353 +ipset=/.jyxf.net/gfwlist +server=/.k2.xrea.com/127.0.0.1#5353 +ipset=/.k2.xrea.com/gfwlist +server=/.kagyuoffice.org/127.0.0.1#5353 +ipset=/.kagyuoffice.org/gfwlist +server=/.kaiyuan.de/127.0.0.1#5353 +ipset=/.kaiyuan.de/gfwlist +server=/.kakao.com/127.0.0.1#5353 +ipset=/.kakao.com/gfwlist +server=/.kanshifang.com/127.0.0.1#5353 +ipset=/.kanshifang.com/gfwlist +server=/.kanzhongguo.com/127.0.0.1#5353 +ipset=/.kanzhongguo.com/gfwlist +server=/.kanzhongguo.eu/127.0.0.1#5353 +ipset=/.kanzhongguo.eu/gfwlist +server=/.karayou.com/127.0.0.1#5353 +ipset=/.karayou.com/gfwlist +server=/.karkhung.com/127.0.0.1#5353 +ipset=/.karkhung.com/gfwlist +server=/.karmapa-teachings.org/127.0.0.1#5353 +ipset=/.karmapa-teachings.org/gfwlist +server=/.ka-wai.com/127.0.0.1#5353 +ipset=/.ka-wai.com/gfwlist +server=/.kawaiikawaii.jp/127.0.0.1#5353 +ipset=/.kawaiikawaii.jp/gfwlist +server=/.kba-tx.org/127.0.0.1#5353 +ipset=/.kba-tx.org/gfwlist +server=/.kcsoftwares.com/127.0.0.1#5353 +ipset=/.kcsoftwares.com/gfwlist +server=/.kebrum.com/127.0.0.1#5353 +ipset=/.kebrum.com/gfwlist +server=/.kechara.com/127.0.0.1#5353 +ipset=/.kechara.com/gfwlist +server=/.keepandshare.com/127.0.0.1#5353 +ipset=/.keepandshare.com/gfwlist +server=/.keepvid.com/127.0.0.1#5353 +ipset=/.keepvid.com/gfwlist +server=/.kendincos.net/127.0.0.1#5353 +ipset=/.kendincos.net/gfwlist +server=/.kenengba.com/127.0.0.1#5353 +ipset=/.kenengba.com/gfwlist +server=/.keontech.net/127.0.0.1#5353 +ipset=/.keontech.net/gfwlist +server=/.kepard.com/127.0.0.1#5353 +ipset=/.kepard.com/gfwlist +server=/.khabdha.org/127.0.0.1#5353 +ipset=/.khabdha.org/gfwlist +server=/.killwall.com/127.0.0.1#5353 +ipset=/.killwall.com/gfwlist +server=/.kindleren.com/127.0.0.1#5353 +ipset=/.kindleren.com/gfwlist +server=/.kineox.free.fr/127.0.0.1#5353 +ipset=/.kineox.free.fr/gfwlist +server=/.kingdomsalvation.org/127.0.0.1#5353 +ipset=/.kingdomsalvation.org/gfwlist +server=/.kinghost.com/127.0.0.1#5353 +ipset=/.kinghost.com/gfwlist +server=/.kir.jp/127.0.0.1#5353 +ipset=/.kir.jp/gfwlist +server=/.kissbbao.cn/127.0.0.1#5353 +ipset=/.kissbbao.cn/gfwlist +server=/.kiwi.kz/127.0.0.1#5353 +ipset=/.kiwi.kz/gfwlist +server=/.knowledgerush.com/127.0.0.1#5353 +ipset=/.knowledgerush.com/gfwlist +server=/.kodingen.com/127.0.0.1#5353 +ipset=/.kodingen.com/gfwlist +server=/.kompozer.net/127.0.0.1#5353 +ipset=/.kompozer.net/gfwlist +server=/.konachan.com/127.0.0.1#5353 +ipset=/.konachan.com/gfwlist +server=/.koolsolutions.com/127.0.0.1#5353 +ipset=/.koolsolutions.com/gfwlist +server=/.koornk.com/127.0.0.1#5353 +ipset=/.koornk.com/gfwlist +server=/.kui.name/127.0.0.1#5353 +ipset=/.kui.name/gfwlist +server=/.kuliwang.com/127.0.0.1#5353 +ipset=/.kuliwang.com/gfwlist +server=/.kun.im/127.0.0.1#5353 +ipset=/.kun.im/gfwlist +server=/.kurashsultan.com/127.0.0.1#5353 +ipset=/.kurashsultan.com/gfwlist +server=/.kurtmunger.com/127.0.0.1#5353 +ipset=/.kurtmunger.com/gfwlist +server=/.kusocity.com/127.0.0.1#5353 +ipset=/.kusocity.com/gfwlist +server=/.kwcg.ca/127.0.0.1#5353 +ipset=/.kwcg.ca/gfwlist +server=/.kwongwah.com.my/127.0.0.1#5353 +ipset=/.kwongwah.com.my/gfwlist +server=/.kyohk.net/127.0.0.1#5353 +ipset=/.kyohk.net/gfwlist +server=/.kzeng.info/127.0.0.1#5353 +ipset=/.kzeng.info/gfwlist +server=/.labiennale.org/127.0.0.1#5353 +ipset=/.labiennale.org/gfwlist +server=/.ladbrokes.com/127.0.0.1#5353 +ipset=/.ladbrokes.com/gfwlist +server=/.la-forum.org/127.0.0.1#5353 +ipset=/.la-forum.org/gfwlist +server=/.lagranepoca.com/127.0.0.1#5353 +ipset=/.lagranepoca.com/gfwlist +server=/.lalulalu.com/127.0.0.1#5353 +ipset=/.lalulalu.com/gfwlist +server=/.lamnia.co.uk/127.0.0.1#5353 +ipset=/.lamnia.co.uk/gfwlist +server=/.lamrim.com/127.0.0.1#5353 +ipset=/.lamrim.com/gfwlist +server=/.lantosfoundation.org/127.0.0.1#5353 +ipset=/.lantosfoundation.org/gfwlist +server=/.laogai.org/127.0.0.1#5353 +ipset=/.laogai.org/gfwlist +server=/.laomiu.com/127.0.0.1#5353 +ipset=/.laomiu.com/gfwlist +server=/.laoyang.info/127.0.0.1#5353 +ipset=/.laoyang.info/gfwlist +server=/.laptoplockdown.com/127.0.0.1#5353 +ipset=/.laptoplockdown.com/gfwlist +server=/.laqingdan.net/127.0.0.1#5353 +ipset=/.laqingdan.net/gfwlist +server=/.larsgeorge.com/127.0.0.1#5353 +ipset=/.larsgeorge.com/gfwlist +server=/.lastfm.es/127.0.0.1#5353 +ipset=/.lastfm.es/gfwlist +server=/.latelinenews.com/127.0.0.1#5353 +ipset=/.latelinenews.com/gfwlist +server=/.latibet.org/127.0.0.1#5353 +ipset=/.latibet.org/gfwlist +server=/.lazarsearlymusic.com/127.0.0.1#5353 +ipset=/.lazarsearlymusic.com/gfwlist +server=/.ld.hao123img.com/127.0.0.1#5353 +ipset=/.ld.hao123img.com/gfwlist +server=/.leecheukyan.org/127.0.0.1#5353 +ipset=/.leecheukyan.org/gfwlist +server=/.lefora.com/127.0.0.1#5353 +ipset=/.lefora.com/gfwlist +server=/.left21.hk/127.0.0.1#5353 +ipset=/.left21.hk/gfwlist +server=/.legaltech.law.com/127.0.0.1#5353 +ipset=/.legaltech.law.com/gfwlist +server=/.leirentv.ca/127.0.0.1#5353 +ipset=/.leirentv.ca/gfwlist +server=/.leisurecafe.ca/127.0.0.1#5353 +ipset=/.leisurecafe.ca/gfwlist +server=/.lematin.ch/127.0.0.1#5353 +ipset=/.lematin.ch/gfwlist +server=/.lemonde.fr/127.0.0.1#5353 +ipset=/.lemonde.fr/gfwlist +server=/.lenwhite.com/127.0.0.1#5353 +ipset=/.lenwhite.com/gfwlist +server=/.lerosua.org/127.0.0.1#5353 +ipset=/.lerosua.org/gfwlist +server=/.lesoir.be/127.0.0.1#5353 +ipset=/.lesoir.be/gfwlist +server=/.lesscss.org/127.0.0.1#5353 +ipset=/.lesscss.org/gfwlist +server=/.letscorp.net/127.0.0.1#5353 +ipset=/.letscorp.net/gfwlist +server=/.le-vpn.com/127.0.0.1#5353 +ipset=/.le-vpn.com/gfwlist +server=/.liangyou.net/127.0.0.1#5353 +ipset=/.liangyou.net/gfwlist +server=/.lianyue.net/127.0.0.1#5353 +ipset=/.lianyue.net/gfwlist +server=/.liaowangxizang.net/127.0.0.1#5353 +ipset=/.liaowangxizang.net/gfwlist +server=/.liberal.org.hk/127.0.0.1#5353 +ipset=/.liberal.org.hk/gfwlist +server=/.library.usc.cuhk.edu.hk/127.0.0.1#5353 +ipset=/.library.usc.cuhk.edu.hk/gfwlist +server=/.lidecheng.com/127.0.0.1#5353 +ipset=/.lidecheng.com/gfwlist +server=/.like.com/127.0.0.1#5353 +ipset=/.like.com/gfwlist +server=/.limiao.net/127.0.0.1#5353 +ipset=/.limiao.net/gfwlist +server=/.line.me/127.0.0.1#5353 +ipset=/.line.me/gfwlist +server=/.linglingfa.com/127.0.0.1#5353 +ipset=/.linglingfa.com/gfwlist +server=/.lingvodics.com/127.0.0.1#5353 +ipset=/.lingvodics.com/gfwlist +server=/.linkideo.com/127.0.0.1#5353 +ipset=/.linkideo.com/gfwlist +server=/.linkuswell.com/127.0.0.1#5353 +ipset=/.linkuswell.com/gfwlist +server=/.linuxconfig.org/127.0.0.1#5353 +ipset=/.linuxconfig.org/gfwlist +server=/.linux-engineer.net/127.0.0.1#5353 +ipset=/.linux-engineer.net/gfwlist +server=/.linuxreviews.org/127.0.0.1#5353 +ipset=/.linuxreviews.org/gfwlist +server=/.linuxtoy.org/127.0.0.1#5353 +ipset=/.linuxtoy.org/gfwlist +server=/.lipuman.com/127.0.0.1#5353 +ipset=/.lipuman.com/gfwlist +server=/.list.ly/127.0.0.1#5353 +ipset=/.list.ly/gfwlist +server=/.listentoyoutube.com/127.0.0.1#5353 +ipset=/.listentoyoutube.com/gfwlist +server=/.listorious.com/127.0.0.1#5353 +ipset=/.listorious.com/gfwlist +server=/.lists.debian.org/127.0.0.1#5353 +ipset=/.lists.debian.org/gfwlist +server=/.lists.w3.org/127.0.0.1#5353 +ipset=/.lists.w3.org/gfwlist +server=/.liu.lu/127.0.0.1#5353 +ipset=/.liu.lu/gfwlist +server=/.liudejun.com/127.0.0.1#5353 +ipset=/.liudejun.com/gfwlist +server=/.liuhanyu.com/127.0.0.1#5353 +ipset=/.liuhanyu.com/gfwlist +server=/.liujianshu.com/127.0.0.1#5353 +ipset=/.liujianshu.com/gfwlist +server=/.liuxiaotong.com/127.0.0.1#5353 +ipset=/.liuxiaotong.com/gfwlist +server=/.liveleak.com/127.0.0.1#5353 +ipset=/.liveleak.com/gfwlist +server=/.livestation.com/127.0.0.1#5353 +ipset=/.livestation.com/gfwlist +server=/.livestream.com/127.0.0.1#5353 +ipset=/.livestream.com/gfwlist +server=/.livevideo.com/127.0.0.1#5353 +ipset=/.livevideo.com/gfwlist +server=/.livingonline.us/127.0.0.1#5353 +ipset=/.livingonline.us/gfwlist +server=/.livingstream.com/127.0.0.1#5353 +ipset=/.livingstream.com/gfwlist +server=/.lizhizhuangbi.com/127.0.0.1#5353 +ipset=/.lizhizhuangbi.com/gfwlist +server=/.lkcn.net/127.0.0.1#5353 +ipset=/.lkcn.net/gfwlist +server=/.localdomain.ws/127.0.0.1#5353 +ipset=/.localdomain.ws/gfwlist +server=/.localpresshk.com/127.0.0.1#5353 +ipset=/.localpresshk.com/gfwlist +server=/.lockdown.com/127.0.0.1#5353 +ipset=/.lockdown.com/gfwlist +server=/.lockestek.com/127.0.0.1#5353 +ipset=/.lockestek.com/gfwlist +server=/.lofi.e-hentai.org/127.0.0.1#5353 +ipset=/.lofi.e-hentai.org/gfwlist +server=/.log.riku.me/127.0.0.1#5353 +ipset=/.log.riku.me/gfwlist +server=/.logbot.net/127.0.0.1#5353 +ipset=/.logbot.net/gfwlist +server=/.logiqx.com/127.0.0.1#5353 +ipset=/.logiqx.com/gfwlist +server=/.logmike.com/127.0.0.1#5353 +ipset=/.logmike.com/gfwlist +server=/.londonchinese.ca/127.0.0.1#5353 +ipset=/.londonchinese.ca/gfwlist +server=/.longhair.hk/127.0.0.1#5353 +ipset=/.longhair.hk/gfwlist +server=/.longtermly.net/127.0.0.1#5353 +ipset=/.longtermly.net/gfwlist +server=/.longtoes.com/127.0.0.1#5353 +ipset=/.longtoes.com/gfwlist +server=/.lookatgame.com/127.0.0.1#5353 +ipset=/.lookatgame.com/gfwlist +server=/.lookingglasstheatre.org/127.0.0.1#5353 +ipset=/.lookingglasstheatre.org/gfwlist +server=/.lookpic.com/127.0.0.1#5353 +ipset=/.lookpic.com/gfwlist +server=/.looktoronto.com/127.0.0.1#5353 +ipset=/.looktoronto.com/gfwlist +server=/.lotsawahouse.org/127.0.0.1#5353 +ipset=/.lotsawahouse.org/gfwlist +server=/.lotuslight.org.hk/127.0.0.1#5353 +ipset=/.lotuslight.org.hk/gfwlist +server=/.lrfz.com/127.0.0.1#5353 +ipset=/.lrfz.com/gfwlist +server=/.lrip.org/127.0.0.1#5353 +ipset=/.lrip.org/gfwlist +server=/.lsd.org.hk/127.0.0.1#5353 +ipset=/.lsd.org.hk/gfwlist +server=/.lsforum.net/127.0.0.1#5353 +ipset=/.lsforum.net/gfwlist +server=/.lsm.org/127.0.0.1#5353 +ipset=/.lsm.org/gfwlist +server=/.lsmchinese.org/127.0.0.1#5353 +ipset=/.lsmchinese.org/gfwlist +server=/.lsmkorean.org/127.0.0.1#5353 +ipset=/.lsmkorean.org/gfwlist +server=/.lsmradio.com/127.0.0.1#5353 +ipset=/.lsmradio.com/gfwlist +server=/.lsmwebcast.com/127.0.0.1#5353 +ipset=/.lsmwebcast.com/gfwlist +server=/.lsxszzg.com/127.0.0.1#5353 +ipset=/.lsxszzg.com/gfwlist +server=/.luke54.com/127.0.0.1#5353 +ipset=/.luke54.com/gfwlist +server=/.luke54.org/127.0.0.1#5353 +ipset=/.luke54.org/gfwlist +server=/.lupm.org/127.0.0.1#5353 +ipset=/.lupm.org/gfwlist +server=/.lushstories.com/127.0.0.1#5353 +ipset=/.lushstories.com/gfwlist +server=/.lvhai.org/127.0.0.1#5353 +ipset=/.lvhai.org/gfwlist +server=/.lvv2.com/127.0.0.1#5353 +ipset=/.lvv2.com/gfwlist +server=/.m.plixi.com/127.0.0.1#5353 +ipset=/.m.plixi.com/gfwlist +server=/.m.slandr.net/127.0.0.1#5353 +ipset=/.m.slandr.net/gfwlist +server=/.ma.hao123.com/127.0.0.1#5353 +ipset=/.ma.hao123.com/gfwlist +server=/.macgamestore.com/127.0.0.1#5353 +ipset=/.macgamestore.com/gfwlist +server=/.mad-ar.ch/127.0.0.1#5353 +ipset=/.mad-ar.ch/gfwlist +server=/.madonna-av.com/127.0.0.1#5353 +ipset=/.madonna-av.com/gfwlist +server=/.magic-net.info/127.0.0.1#5353 +ipset=/.magic-net.info/gfwlist +server=/.mahabodhi.org/127.0.0.1#5353 +ipset=/.mahabodhi.org/gfwlist +server=/.maiio.net/127.0.0.1#5353 +ipset=/.maiio.net/gfwlist +server=/.mail-archive.com/127.0.0.1#5353 +ipset=/.mail-archive.com/gfwlist +server=/.maiplus.com/127.0.0.1#5353 +ipset=/.maiplus.com/gfwlist +server=/.makemymood.com/127.0.0.1#5353 +ipset=/.makemymood.com/gfwlist +server=/.makzhou.warehouse333.com/127.0.0.1#5353 +ipset=/.makzhou.warehouse333.com/gfwlist +server=/.malaysiakini.com/127.0.0.1#5353 +ipset=/.malaysiakini.com/gfwlist +server=/.manicur4ik.ru/127.0.0.1#5353 +ipset=/.manicur4ik.ru/gfwlist +server=/.marc.info/127.0.0.1#5353 +ipset=/.marc.info/gfwlist +server=/.marguerite.su/127.0.0.1#5353 +ipset=/.marguerite.su/gfwlist +server=/.marines.mil/127.0.0.1#5353 +ipset=/.marines.mil/gfwlist +server=/.markmail.org/127.0.0.1#5353 +ipset=/.markmail.org/gfwlist +server=/.markmilian.com/127.0.0.1#5353 +ipset=/.markmilian.com/gfwlist +server=/.martau.com/127.0.0.1#5353 +ipset=/.martau.com/gfwlist +server=/.martincartoons.com/127.0.0.1#5353 +ipset=/.martincartoons.com/gfwlist +server=/.martsangkagyuofficial.org/127.0.0.1#5353 +ipset=/.martsangkagyuofficial.org/gfwlist +server=/.maruta.be/127.0.0.1#5353 +ipset=/.maruta.be/gfwlist +server=/.marxist.com/127.0.0.1#5353 +ipset=/.marxist.com/gfwlist +server=/.marxist.net/127.0.0.1#5353 +ipset=/.marxist.net/gfwlist +server=/.marxists.org/127.0.0.1#5353 +ipset=/.marxists.org/gfwlist +server=/.mash.to/127.0.0.1#5353 +ipset=/.mash.to/gfwlist +server=/.maskedip.com/127.0.0.1#5353 +ipset=/.maskedip.com/gfwlist +server=/.matainja.com/127.0.0.1#5353 +ipset=/.matainja.com/gfwlist +server=/.mathable.io/127.0.0.1#5353 +ipset=/.mathable.io/gfwlist +server=/.mathiew-badimon.com/127.0.0.1#5353 +ipset=/.mathiew-badimon.com/gfwlist +server=/.matsushimakaede.com/127.0.0.1#5353 +ipset=/.matsushimakaede.com/gfwlist +server=/.maturejp.com/127.0.0.1#5353 +ipset=/.maturejp.com/gfwlist +server=/.maxgif.com/127.0.0.1#5353 +ipset=/.maxgif.com/gfwlist +server=/.maxing.jp/127.0.0.1#5353 +ipset=/.maxing.jp/gfwlist +server=/.mayimayi.com/127.0.0.1#5353 +ipset=/.mayimayi.com/gfwlist +server=/.mcadforums.com/127.0.0.1#5353 +ipset=/.mcadforums.com/gfwlist +server=/.mcfog.com/127.0.0.1#5353 +ipset=/.mcfog.com/gfwlist +server=/.mcreasite.com/127.0.0.1#5353 +ipset=/.mcreasite.com/gfwlist +server=/.md-t.org/127.0.0.1#5353 +ipset=/.md-t.org/gfwlist +server=/.mediafire.com/127.0.0.1#5353 +ipset=/.mediafire.com/gfwlist +server=/.mediafreakcity.com/127.0.0.1#5353 +ipset=/.mediafreakcity.com/gfwlist +server=/.meetup.com/127.0.0.1#5353 +ipset=/.meetup.com/gfwlist +server=/.mefeedia.com/127.0.0.1#5353 +ipset=/.mefeedia.com/gfwlist +server=/.megaporn.com/127.0.0.1#5353 +ipset=/.megaporn.com/gfwlist +server=/.megaproxy.com/127.0.0.1#5353 +ipset=/.megaproxy.com/gfwlist +server=/.megarotic.com/127.0.0.1#5353 +ipset=/.megarotic.com/gfwlist +server=/.megavideo.com/127.0.0.1#5353 +ipset=/.megavideo.com/gfwlist +server=/.megurineluka.com/127.0.0.1#5353 +ipset=/.megurineluka.com/gfwlist +server=/.meirixiaochao.com/127.0.0.1#5353 +ipset=/.meirixiaochao.com/gfwlist +server=/.melon-peach.com/127.0.0.1#5353 +ipset=/.melon-peach.com/gfwlist +server=/.meme.yahoo.com/127.0.0.1#5353 +ipset=/.meme.yahoo.com/gfwlist +server=/.memedia.cn/127.0.0.1#5353 +ipset=/.memedia.cn/gfwlist +server=/.memehk.com/127.0.0.1#5353 +ipset=/.memehk.com/gfwlist +server=/.memorybbs.com/127.0.0.1#5353 +ipset=/.memorybbs.com/gfwlist +server=/.memrijttm.org/127.0.0.1#5353 +ipset=/.memrijttm.org/gfwlist +server=/.mercyprophet.org/127.0.0.1#5353 +ipset=/.mercyprophet.org/gfwlist +server=/.meshrep.com/127.0.0.1#5353 +ipset=/.meshrep.com/gfwlist +server=/.mesotw.com/127.0.0.1#5353 +ipset=/.mesotw.com/gfwlist +server=/.metacafe.com/127.0.0.1#5353 +ipset=/.metacafe.com/gfwlist +server=/.metarthunter.com/127.0.0.1#5353 +ipset=/.metarthunter.com/gfwlist +server=/.meteorshowersonline.com/127.0.0.1#5353 +ipset=/.meteorshowersonline.com/gfwlist +server=/.metrolife.ca/127.0.0.1#5353 +ipset=/.metrolife.ca/gfwlist +server=/.metroradio.com.hk/127.0.0.1#5353 +ipset=/.metroradio.com.hk/gfwlist +server=/.meyou.jp/127.0.0.1#5353 +ipset=/.meyou.jp/gfwlist +server=/.mfxmedia.com/127.0.0.1#5353 +ipset=/.mfxmedia.com/gfwlist +server=/.mgoon.com/127.0.0.1#5353 +ipset=/.mgoon.com/gfwlist +server=/.mgstage.com/127.0.0.1#5353 +ipset=/.mgstage.com/gfwlist +server=/.mh4u.org/127.0.0.1#5353 +ipset=/.mh4u.org/gfwlist +server=/.mhradio.org/127.0.0.1#5353 +ipset=/.mhradio.org/gfwlist +server=/.michaelanti.com/127.0.0.1#5353 +ipset=/.michaelanti.com/gfwlist +server=/.michaelmarketl.com/127.0.0.1#5353 +ipset=/.michaelmarketl.com/gfwlist +server=/.middle-way.net/127.0.0.1#5353 +ipset=/.middle-way.net/gfwlist +server=/.mihk.hk/127.0.0.1#5353 +ipset=/.mihk.hk/gfwlist +server=/.mihua.org/127.0.0.1#5353 +ipset=/.mihua.org/gfwlist +server=/.mike.cz.cc/127.0.0.1#5353 +ipset=/.mike.cz.cc/gfwlist +server=/.mimivip.com/127.0.0.1#5353 +ipset=/.mimivip.com/gfwlist +server=/.mimivv.com/127.0.0.1#5353 +ipset=/.mimivv.com/gfwlist +server=/.mindrolling.org/127.0.0.1#5353 +ipset=/.mindrolling.org/gfwlist +server=/.minghui.or.kr/127.0.0.1#5353 +ipset=/.minghui.or.kr/gfwlist +server=/.minghui.org/127.0.0.1#5353 +ipset=/.minghui.org/gfwlist +server=/.minghui-a.org/127.0.0.1#5353 +ipset=/.minghui-a.org/gfwlist +server=/.minghui-b.org/127.0.0.1#5353 +ipset=/.minghui-b.org/gfwlist +server=/.minghui-school.org/127.0.0.1#5353 +ipset=/.minghui-school.org/gfwlist +server=/.mingjinglishi.com/127.0.0.1#5353 +ipset=/.mingjinglishi.com/gfwlist +server=/.mingjingnews.com/127.0.0.1#5353 +ipset=/.mingjingnews.com/gfwlist +server=/.mingjingtimes.com/127.0.0.1#5353 +ipset=/.mingjingtimes.com/gfwlist +server=/.mingpao.com/127.0.0.1#5353 +ipset=/.mingpao.com/gfwlist +server=/.mingpaocanada.com/127.0.0.1#5353 +ipset=/.mingpaocanada.com/gfwlist +server=/.mingpaomonthly.com/127.0.0.1#5353 +ipset=/.mingpaomonthly.com/gfwlist +server=/.mingpaonews.com/127.0.0.1#5353 +ipset=/.mingpaonews.com/gfwlist +server=/.mingpaony.com/127.0.0.1#5353 +ipset=/.mingpaony.com/gfwlist +server=/.mingpaosf.com/127.0.0.1#5353 +ipset=/.mingpaosf.com/gfwlist +server=/.mingpaotor.com/127.0.0.1#5353 +ipset=/.mingpaotor.com/gfwlist +server=/.mingpaovan.com/127.0.0.1#5353 +ipset=/.mingpaovan.com/gfwlist +server=/.mingshengbao.com/127.0.0.1#5353 +ipset=/.mingshengbao.com/gfwlist +server=/.ministrybooks.org/127.0.0.1#5353 +ipset=/.ministrybooks.org/gfwlist +server=/.minzhuhua.net/127.0.0.1#5353 +ipset=/.minzhuhua.net/gfwlist +server=/.minzhuzhanxian.com/127.0.0.1#5353 +ipset=/.minzhuzhanxian.com/gfwlist +server=/.minzhuzhongguo.org/127.0.0.1#5353 +ipset=/.minzhuzhongguo.org/gfwlist +server=/.miroguide.com/127.0.0.1#5353 +ipset=/.miroguide.com/gfwlist +server=/.mirrorbooks.com/127.0.0.1#5353 +ipset=/.mirrorbooks.com/gfwlist +server=/.mitbbs.com/127.0.0.1#5353 +ipset=/.mitbbs.com/gfwlist +server=/.mixero.com/127.0.0.1#5353 +ipset=/.mixero.com/gfwlist +server=/.mixpod.com/127.0.0.1#5353 +ipset=/.mixpod.com/gfwlist +server=/.mixx.com/127.0.0.1#5353 +ipset=/.mixx.com/gfwlist +server=/.mizzmona.com/127.0.0.1#5353 +ipset=/.mizzmona.com/gfwlist +server=/.mjlsh.usc.cuhk.edu.hk/127.0.0.1#5353 +ipset=/.mjlsh.usc.cuhk.edu.hk/gfwlist +server=/.mk5000.com/127.0.0.1#5353 +ipset=/.mk5000.com/gfwlist +server=/.mlcool.com/127.0.0.1#5353 +ipset=/.mlcool.com/gfwlist +server=/.mmaaxx.com/127.0.0.1#5353 +ipset=/.mmaaxx.com/gfwlist +server=/.mmmca.com/127.0.0.1#5353 +ipset=/.mmmca.com/gfwlist +server=/.mobatek.net/127.0.0.1#5353 +ipset=/.mobatek.net/gfwlist +server=/.mobile01.com/127.0.0.1#5353 +ipset=/.mobile01.com/gfwlist +server=/.mobileways.de/127.0.0.1#5353 +ipset=/.mobileways.de/gfwlist +server=/.moby.to/127.0.0.1#5353 +ipset=/.moby.to/gfwlist +server=/.mobypicture.com/127.0.0.1#5353 +ipset=/.mobypicture.com/gfwlist +server=/.mog.com/127.0.0.1#5353 +ipset=/.mog.com/gfwlist +server=/.molihua.org/127.0.0.1#5353 +ipset=/.molihua.org/gfwlist +server=/.mondex.org/127.0.0.1#5353 +ipset=/.mondex.org/gfwlist +server=/.monitorchina.org/127.0.0.1#5353 +ipset=/.monitorchina.org/gfwlist +server=/.monster.com/127.0.0.1#5353 +ipset=/.monster.com/gfwlist +server=/.moodyz.com/127.0.0.1#5353 +ipset=/.moodyz.com/gfwlist +server=/.moonbbs.com/127.0.0.1#5353 +ipset=/.moonbbs.com/gfwlist +server=/.morningsun.org/127.0.0.1#5353 +ipset=/.morningsun.org/gfwlist +server=/.moroneta.com/127.0.0.1#5353 +ipset=/.moroneta.com/gfwlist +server=/.moviefap.com/127.0.0.1#5353 +ipset=/.moviefap.com/gfwlist +server=/.mp3ye.eu/127.0.0.1#5353 +ipset=/.mp3ye.eu/gfwlist +server=/.mpettis.com/127.0.0.1#5353 +ipset=/.mpettis.com/gfwlist +server=/.mpfinance.com/127.0.0.1#5353 +ipset=/.mpfinance.com/gfwlist +server=/.mpinews.com/127.0.0.1#5353 +ipset=/.mpinews.com/gfwlist +server=/.mrdoob.com/127.0.0.1#5353 +ipset=/.mrdoob.com/gfwlist +server=/.mrtweet.com/127.0.0.1#5353 +ipset=/.mrtweet.com/gfwlist +server=/.msguancha.com/127.0.0.1#5353 +ipset=/.msguancha.com/gfwlist +server=/.mswe1.org/127.0.0.1#5353 +ipset=/.mswe1.org/gfwlist +server=/.m-team.cc/127.0.0.1#5353 +ipset=/.m-team.cc/gfwlist +server=/.mthruf.com/127.0.0.1#5353 +ipset=/.mthruf.com/gfwlist +server=/.mtw.tl/127.0.0.1#5353 +ipset=/.mtw.tl/gfwlist +server=/.mullvad.net/127.0.0.1#5353 +ipset=/.mullvad.net/gfwlist +server=/.multiply.com/127.0.0.1#5353 +ipset=/.multiply.com/gfwlist +server=/.multiproxy.org/127.0.0.1#5353 +ipset=/.multiproxy.org/gfwlist +server=/.multiupload.com/127.0.0.1#5353 +ipset=/.multiupload.com/gfwlist +server=/.muouju.com/127.0.0.1#5353 +ipset=/.muouju.com/gfwlist +server=/.muselinks.co.jp/127.0.0.1#5353 +ipset=/.muselinks.co.jp/gfwlist +server=/.muzi.com/127.0.0.1#5353 +ipset=/.muzi.com/gfwlist +server=/.muzi.net/127.0.0.1#5353 +ipset=/.muzi.net/gfwlist +server=/.muzu.tv/127.0.0.1#5353 +ipset=/.muzu.tv/gfwlist +server=/.mvg.jp/127.0.0.1#5353 +ipset=/.mvg.jp/gfwlist +server=/.mx.hao123.com/127.0.0.1#5353 +ipset=/.mx.hao123.com/gfwlist +server=/.mx981.com/127.0.0.1#5353 +ipset=/.mx981.com/gfwlist +server=/.my.mail.ru/127.0.0.1#5353 +ipset=/.my.mail.ru/gfwlist +server=/.my.opera.com/127.0.0.1#5353 +ipset=/.my.opera.com/gfwlist +server=/.myactimes.com/127.0.0.1#5353 +ipset=/.myactimes.com/gfwlist +server=/.my-addr.com/127.0.0.1#5353 +ipset=/.my-addr.com/gfwlist +server=/.myaudiocast.com/127.0.0.1#5353 +ipset=/.myaudiocast.com/gfwlist +server=/.mychinamyhome.com/127.0.0.1#5353 +ipset=/.mychinamyhome.com/gfwlist +server=/.mychinanews.com/127.0.0.1#5353 +ipset=/.mychinanews.com/gfwlist +server=/.myeclipseide.com/127.0.0.1#5353 +ipset=/.myeclipseide.com/gfwlist +server=/.myforum.com.hk/127.0.0.1#5353 +ipset=/.myforum.com.hk/gfwlist +server=/.myforum.com.uk/127.0.0.1#5353 +ipset=/.myforum.com.uk/gfwlist +server=/.myfreshnet.com/127.0.0.1#5353 +ipset=/.myfreshnet.com/gfwlist +server=/.mymediarom.com/127.0.0.1#5353 +ipset=/.mymediarom.com/gfwlist +server=/.myopenid.com/127.0.0.1#5353 +ipset=/.myopenid.com/gfwlist +server=/.myparagliding.com/127.0.0.1#5353 +ipset=/.myparagliding.com/gfwlist +server=/.mypopescu.com/127.0.0.1#5353 +ipset=/.mypopescu.com/gfwlist +server=/.my-private-network.co.uk/127.0.0.1#5353 +ipset=/.my-private-network.co.uk/gfwlist +server=/.my-proxy.com/127.0.0.1#5353 +ipset=/.my-proxy.com/gfwlist +server=/.mysinablog.com/127.0.0.1#5353 +ipset=/.mysinablog.com/gfwlist +server=/.mysite.verizon.net/127.0.0.1#5353 +ipset=/.mysite.verizon.net/gfwlist +server=/.myspace.com/127.0.0.1#5353 +ipset=/.myspace.com/gfwlist +server=/.naacoalition.org/127.0.0.1#5353 +ipset=/.naacoalition.org/gfwlist +server=/.naitik.net/127.0.0.1#5353 +ipset=/.naitik.net/gfwlist +server=/.nakido.com/127.0.0.1#5353 +ipset=/.nakido.com/gfwlist +server=/.namsisi.com/127.0.0.1#5353 +ipset=/.namsisi.com/gfwlist +server=/.nanyang.com/127.0.0.1#5353 +ipset=/.nanyang.com/gfwlist +server=/.nanyangpost.com/127.0.0.1#5353 +ipset=/.nanyangpost.com/gfwlist +server=/.nanzao.com/127.0.0.1#5353 +ipset=/.nanzao.com/gfwlist +server=/.naol.ca/127.0.0.1#5353 +ipset=/.naol.ca/gfwlist +server=/.national-lottery.co.uk/127.0.0.1#5353 +ipset=/.national-lottery.co.uk/gfwlist +server=/.nationsonline.org/127.0.0.1#5353 +ipset=/.nationsonline.org/gfwlist +server=/.naughtyamerica.com/127.0.0.1#5353 +ipset=/.naughtyamerica.com/gfwlist +server=/.navicat.com/127.0.0.1#5353 +ipset=/.navicat.com/gfwlist +server=/.ncn.org/127.0.0.1#5353 +ipset=/.ncn.org/gfwlist +server=/.nde.de/127.0.0.1#5353 +ipset=/.nde.de/gfwlist +server=/.ndr.de/127.0.0.1#5353 +ipset=/.ndr.de/gfwlist +server=/.ned.org/127.0.0.1#5353 +ipset=/.ned.org/gfwlist +server=/.nekoslovakia.net/127.0.0.1#5353 +ipset=/.nekoslovakia.net/gfwlist +server=/.nemesis2.qx.net/127.0.0.1#5353 +ipset=/.nemesis2.qx.net/gfwlist +server=/.netbirds.com/127.0.0.1#5353 +ipset=/.netbirds.com/gfwlist +server=/.netcolony.com/127.0.0.1#5353 +ipset=/.netcolony.com/gfwlist +server=/.netflix.com/127.0.0.1#5353 +ipset=/.netflix.com/gfwlist +server=/.netme.cc/127.0.0.1#5353 +ipset=/.netme.cc/gfwlist +server=/.netsneak.com/127.0.0.1#5353 +ipset=/.netsneak.com/gfwlist +server=/.network54.com/127.0.0.1#5353 +ipset=/.network54.com/gfwlist +server=/.networkedblogs.com/127.0.0.1#5353 +ipset=/.networkedblogs.com/gfwlist +server=/.neverforget8964.org/127.0.0.1#5353 +ipset=/.neverforget8964.org/gfwlist +server=/.new-3lunch.net/127.0.0.1#5353 +ipset=/.new-3lunch.net/gfwlist +server=/.new96.ca/127.0.0.1#5353 +ipset=/.new96.ca/gfwlist +server=/.new-akiba.com/127.0.0.1#5353 +ipset=/.new-akiba.com/gfwlist +server=/.newcenturymc.com/127.0.0.1#5353 +ipset=/.newcenturymc.com/gfwlist +server=/.newcenturynews.com/127.0.0.1#5353 +ipset=/.newcenturynews.com/gfwlist +server=/.newchen.com/127.0.0.1#5353 +ipset=/.newchen.com/gfwlist +server=/.newgrounds.com/127.0.0.1#5353 +ipset=/.newgrounds.com/gfwlist +server=/.newlandmagazine.com.au/127.0.0.1#5353 +ipset=/.newlandmagazine.com.au/gfwlist +server=/.news.bbc.co.uk/127.0.0.1#5353 +ipset=/.news.bbc.co.uk/gfwlist +server=/.news.cnyes.com/127.0.0.1#5353 +ipset=/.news.cnyes.com/gfwlist +server=/.news.hkpeanut.com/127.0.0.1#5353 +ipset=/.news.hkpeanut.com/gfwlist +server=/.news.now.com/127.0.0.1#5353 +ipset=/.news.now.com/gfwlist +server=/.news.omy.sg/127.0.0.1#5353 +ipset=/.news.omy.sg/gfwlist +server=/.news.sina.com.hk/127.0.0.1#5353 +ipset=/.news.sina.com.hk/gfwlist +server=/.news.sinchew.com.my/127.0.0.1#5353 +ipset=/.news.sinchew.com.my/gfwlist +server=/.news.singtao.ca/127.0.0.1#5353 +ipset=/.news.singtao.ca/gfwlist +server=/.news.tvb.com/127.0.0.1#5353 +ipset=/.news.tvb.com/gfwlist +server=/.newsancai.com/127.0.0.1#5353 +ipset=/.newsancai.com/gfwlist +server=/.newscn.org/127.0.0.1#5353 +ipset=/.newscn.org/gfwlist +server=/.newsdh.com/127.0.0.1#5353 +ipset=/.newsdh.com/gfwlist +server=/.newsforums.bbc.co.uk/127.0.0.1#5353 +ipset=/.newsforums.bbc.co.uk/gfwlist +server=/.newsminer.com/127.0.0.1#5353 +ipset=/.newsminer.com/gfwlist +server=/.newspeak.cc/127.0.0.1#5353 +ipset=/.newspeak.cc/gfwlist +server=/.newstapa.org/127.0.0.1#5353 +ipset=/.newstapa.org/gfwlist +server=/.newstarnet.com/127.0.0.1#5353 +ipset=/.newstarnet.com/gfwlist +server=/.newyorktimes.com/127.0.0.1#5353 +ipset=/.newyorktimes.com/gfwlist +server=/.nexon.com/127.0.0.1#5353 +ipset=/.nexon.com/gfwlist +server=/.nextmedia.com/127.0.0.1#5353 +ipset=/.nextmedia.com/gfwlist +server=/.nexton-net.jp/127.0.0.1#5353 +ipset=/.nexton-net.jp/gfwlist +server=/.nf.id.au/127.0.0.1#5353 +ipset=/.nf.id.au/gfwlist +server=/.nga.mil/127.0.0.1#5353 +ipset=/.nga.mil/gfwlist +server=/.ngensis.com/127.0.0.1#5353 +ipset=/.ngensis.com/gfwlist +server=/.nhentai.net/127.0.0.1#5353 +ipset=/.nhentai.net/gfwlist +server=/.nic.cz.cc/127.0.0.1#5353 +ipset=/.nic.cz.cc/gfwlist +#server=/.nic.google/127.0.0.1#5353 +#ipset=/.nic.google/gfwlist +server=/.nicovideo.jp/127.0.0.1#5353 +ipset=/.nicovideo.jp/gfwlist +server=/.nighost.org/127.0.0.1#5353 +ipset=/.nighost.org/gfwlist +server=/.ninecommentaries.com/127.0.0.1#5353 +ipset=/.ninecommentaries.com/gfwlist +server=/.nintendium.com/127.0.0.1#5353 +ipset=/.nintendium.com/gfwlist +server=/.niusnews.com/127.0.0.1#5353 +ipset=/.niusnews.com/gfwlist +server=/.njactb.org/127.0.0.1#5353 +ipset=/.njactb.org/gfwlist +server=/.njuice.com/127.0.0.1#5353 +ipset=/.njuice.com/gfwlist +server=/.nlfreevpn.com/127.0.0.1#5353 +ipset=/.nlfreevpn.com/gfwlist +server=/.nobel.se/127.0.0.1#5353 +ipset=/.nobel.se/gfwlist +server=/.nobelprize.org/127.0.0.1#5353 +ipset=/.nobelprize.org/gfwlist +server=/.nobodycanstop.us/127.0.0.1#5353 +ipset=/.nobodycanstop.us/gfwlist +server=/.nokogiri.org/127.0.0.1#5353 +ipset=/.nokogiri.org/gfwlist +server=/.nokola.com/127.0.0.1#5353 +ipset=/.nokola.com/gfwlist +server=/.noodlevpn.com/127.0.0.1#5353 +ipset=/.noodlevpn.com/gfwlist +server=/.norbulingka.org/127.0.0.1#5353 +ipset=/.norbulingka.org/gfwlist +server=/.nordstrom.com/127.0.0.1#5353 +ipset=/.nordstrom.com/gfwlist +server=/.nordstromimage.com/127.0.0.1#5353 +ipset=/.nordstromimage.com/gfwlist +server=/.nordvpn.com/127.0.0.1#5353 +ipset=/.nordvpn.com/gfwlist +server=/.novelasia.com/127.0.0.1#5353 +ipset=/.novelasia.com/gfwlist +server=/.nownews.com/127.0.0.1#5353 +ipset=/.nownews.com/gfwlist +server=/.nowtorrents.com/127.0.0.1#5353 +ipset=/.nowtorrents.com/gfwlist +server=/.noypf.com/127.0.0.1#5353 +ipset=/.noypf.com/gfwlist +server=/.npa.go.jp/127.0.0.1#5353 +ipset=/.npa.go.jp/gfwlist +server=/.nps.gov/127.0.0.1#5353 +ipset=/.nps.gov/gfwlist +server=/.nrk.no/127.0.0.1#5353 +ipset=/.nrk.no/gfwlist +server=/.ntd.tv/127.0.0.1#5353 +ipset=/.ntd.tv/gfwlist +server=/.ntdtv.ca/127.0.0.1#5353 +ipset=/.ntdtv.ca/gfwlist +server=/.ntdtv.co.kr/127.0.0.1#5353 +ipset=/.ntdtv.co.kr/gfwlist +server=/.ntdtv.com/127.0.0.1#5353 +ipset=/.ntdtv.com/gfwlist +server=/.ntdtv.cz/127.0.0.1#5353 +ipset=/.ntdtv.cz/gfwlist +server=/.ntdtv.org/127.0.0.1#5353 +ipset=/.ntdtv.org/gfwlist +server=/.ntdtv.ru/127.0.0.1#5353 +ipset=/.ntdtv.ru/gfwlist +server=/.nubiles.net/127.0.0.1#5353 +ipset=/.nubiles.net/gfwlist +server=/.nuexpo.com/127.0.0.1#5353 +ipset=/.nuexpo.com/gfwlist +server=/.nurgo-software.com/127.0.0.1#5353 +ipset=/.nurgo-software.com/gfwlist +server=/.nuuvem.com/127.0.0.1#5353 +ipset=/.nuuvem.com/gfwlist +server=/.nuvid.com/127.0.0.1#5353 +ipset=/.nuvid.com/gfwlist +server=/.nuzcom.com/127.0.0.1#5353 +ipset=/.nuzcom.com/gfwlist +server=/.nvquan.org/127.0.0.1#5353 +ipset=/.nvquan.org/gfwlist +server=/.nwtca.org/127.0.0.1#5353 +ipset=/.nwtca.org/gfwlist +server=/.ny.visiontimes.com/127.0.0.1#5353 +ipset=/.ny.visiontimes.com/gfwlist +server=/.nyaa.se/127.0.0.1#5353 +ipset=/.nyaa.se/gfwlist +server=/.nydus.ca/127.0.0.1#5353 +ipset=/.nydus.ca/gfwlist +server=/.nysingtao.com/127.0.0.1#5353 +ipset=/.nysingtao.com/gfwlist +server=/.nyt.com/127.0.0.1#5353 +ipset=/.nyt.com/gfwlist +server=/.nytco.com/127.0.0.1#5353 +ipset=/.nytco.com/gfwlist +server=/.nyti.ms/127.0.0.1#5353 +ipset=/.nyti.ms/gfwlist +server=/.nytimes.com/127.0.0.1#5353 +ipset=/.nytimes.com/gfwlist +server=/.nytimg.com/127.0.0.1#5353 +ipset=/.nytimg.com/gfwlist +server=/.nzchinese.net.nz/127.0.0.1#5353 +ipset=/.nzchinese.net.nz/gfwlist +server=/.observechina.net/127.0.0.1#5353 +ipset=/.observechina.net/gfwlist +server=/.ocaspro.com/127.0.0.1#5353 +ipset=/.ocaspro.com/gfwlist +server=/.oclp.hk/127.0.0.1#5353 +ipset=/.oclp.hk/gfwlist +server=/.october-review.org/127.0.0.1#5353 +ipset=/.october-review.org/gfwlist +server=/.offbeatchina.com/127.0.0.1#5353 +ipset=/.offbeatchina.com/gfwlist +server=/.officeoftibet.com/127.0.0.1#5353 +ipset=/.officeoftibet.com/gfwlist +server=/.ogaoga.org/127.0.0.1#5353 +ipset=/.ogaoga.org/gfwlist +server=/.oiktv.com/127.0.0.1#5353 +ipset=/.oiktv.com/gfwlist +server=/.oizoblog.com/127.0.0.1#5353 +ipset=/.oizoblog.com/gfwlist +server=/.okayfreedom.com/127.0.0.1#5353 +ipset=/.okayfreedom.com/gfwlist +server=/.old.honeynet.org/127.0.0.1#5353 +ipset=/.old.honeynet.org/gfwlist +server=/.old.nabble.com/127.0.0.1#5353 +ipset=/.old.nabble.com/gfwlist +server=/.old-cat.net/127.0.0.1#5353 +ipset=/.old-cat.net/gfwlist +server=/.olumpo.com/127.0.0.1#5353 +ipset=/.olumpo.com/gfwlist +server=/.olympicwatch.org/127.0.0.1#5353 +ipset=/.olympicwatch.org/gfwlist +server=/.omgili.com/127.0.0.1#5353 +ipset=/.omgili.com/gfwlist +server=/.omnitalk.com/127.0.0.1#5353 +ipset=/.omnitalk.com/gfwlist +server=/.omnitalk.org/127.0.0.1#5353 +ipset=/.omnitalk.org/gfwlist +server=/.on.cc/127.0.0.1#5353 +ipset=/.on.cc/gfwlist +server=/.one.xthost.info/127.0.0.1#5353 +ipset=/.one.xthost.info/gfwlist +server=/.onedrive.live.com/127.0.0.1#5353 +ipset=/.onedrive.live.com/gfwlist +server=/.online.recoveryversion.org/127.0.0.1#5353 +ipset=/.online.recoveryversion.org/gfwlist +server=/.onlineyoutube.com/127.0.0.1#5353 +ipset=/.onlineyoutube.com/gfwlist +server=/.onlylady.cn/127.0.0.1#5353 +ipset=/.onlylady.cn/gfwlist +server=/.onmoon.com/127.0.0.1#5353 +ipset=/.onmoon.com/gfwlist +server=/.onmoon.net/127.0.0.1#5353 +ipset=/.onmoon.net/gfwlist +server=/.ontrac.com/127.0.0.1#5353 +ipset=/.ontrac.com/gfwlist +server=/.oopsforum.com/127.0.0.1#5353 +ipset=/.oopsforum.com/gfwlist +server=/.open.com.hk/127.0.0.1#5353 +ipset=/.open.com.hk/gfwlist +server=/.openallweb.com/127.0.0.1#5353 +ipset=/.openallweb.com/gfwlist +server=/.opendemocracy.net/127.0.0.1#5353 +ipset=/.opendemocracy.net/gfwlist +server=/.openid.net/127.0.0.1#5353 +ipset=/.openid.net/gfwlist +server=/.openleaks.org/127.0.0.1#5353 +ipset=/.openleaks.org/gfwlist +server=/.openvpn.net/127.0.0.1#5353 +ipset=/.openvpn.net/gfwlist +server=/.openwebster.com/127.0.0.1#5353 +ipset=/.openwebster.com/gfwlist +server=/.opml.radiotime.com/127.0.0.1#5353 +ipset=/.opml.radiotime.com/gfwlist +server=/.organharvestinvestigation.net/127.0.0.1#5353 +ipset=/.organharvestinvestigation.net/gfwlist +server=/.orientaldaily.com.my/127.0.0.1#5353 +ipset=/.orientaldaily.com.my/gfwlist +server=/.orient-doll.com/127.0.0.1#5353 +ipset=/.orient-doll.com/gfwlist +server=/.orn.jp/127.0.0.1#5353 +ipset=/.orn.jp/gfwlist +server=/.orzistic.org/127.0.0.1#5353 +ipset=/.orzistic.org/gfwlist +server=/.osaka69.com/127.0.0.1#5353 +ipset=/.osaka69.com/gfwlist +server=/.osfoora.com/127.0.0.1#5353 +ipset=/.osfoora.com/gfwlist +server=/.otnd.org/127.0.0.1#5353 +ipset=/.otnd.org/gfwlist +server=/.otto.de/127.0.0.1#5353 +ipset=/.otto.de/gfwlist +server=/.ourdearamy.com/127.0.0.1#5353 +ipset=/.ourdearamy.com/gfwlist +server=/.oursogo.com/127.0.0.1#5353 +ipset=/.oursogo.com/gfwlist +server=/.oursteps.com.au/127.0.0.1#5353 +ipset=/.oursteps.com.au/gfwlist +server=/.ourtv.hk/127.0.0.1#5353 +ipset=/.ourtv.hk/gfwlist +server=/.overlapr.com/127.0.0.1#5353 +ipset=/.overlapr.com/gfwlist +server=/.overplay.net/127.0.0.1#5353 +ipset=/.overplay.net/gfwlist +server=/.ow.ly/127.0.0.1#5353 +ipset=/.ow.ly/gfwlist +server=/.owl.li/127.0.0.1#5353 +ipset=/.owl.li/gfwlist +server=/.oyax.com/127.0.0.1#5353 +ipset=/.oyax.com/gfwlist +server=/.ozchinese.com/127.0.0.1#5353 +ipset=/.ozchinese.com/gfwlist +server=/.ozxw.com/127.0.0.1#5353 +ipset=/.ozxw.com/gfwlist +server=/.ozyoyo.com/127.0.0.1#5353 +ipset=/.ozyoyo.com/gfwlist +server=/.pacificpoker.com/127.0.0.1#5353 +ipset=/.pacificpoker.com/gfwlist +server=/.packages.debian.org/127.0.0.1#5353 +ipset=/.packages.debian.org/gfwlist +server=/.packetix.net/127.0.0.1#5353 +ipset=/.packetix.net/gfwlist +server=/.pacopacomama.com/127.0.0.1#5353 +ipset=/.pacopacomama.com/gfwlist +server=/.padmanet.com/127.0.0.1#5353 +ipset=/.padmanet.com/gfwlist +server=/.page.bid.yahoo.com/127.0.0.1#5353 +ipset=/.page.bid.yahoo.com/gfwlist +server=/.page2rss.com/127.0.0.1#5353 +ipset=/.page2rss.com/gfwlist +server=/.pagodabox.com/127.0.0.1#5353 +ipset=/.pagodabox.com/gfwlist +server=/.paint.net/127.0.0.1#5353 +ipset=/.paint.net/gfwlist +server=/.palacemoon.com/127.0.0.1#5353 +ipset=/.palacemoon.com/gfwlist +server=/.paldengyal.com/127.0.0.1#5353 +ipset=/.paldengyal.com/gfwlist +server=/.paljorpublications.com/127.0.0.1#5353 +ipset=/.paljorpublications.com/gfwlist +server=/.panacom.co.jp/127.0.0.1#5353 +ipset=/.panacom.co.jp/gfwlist +server=/.pandapow.net/127.0.0.1#5353 +ipset=/.pandapow.net/gfwlist +server=/.pandavpn-jp.com/127.0.0.1#5353 +ipset=/.pandavpn-jp.com/gfwlist +server=/.pandora.com/127.0.0.1#5353 +ipset=/.pandora.com/gfwlist +server=/.pandora.tv/127.0.0.1#5353 +ipset=/.pandora.tv/gfwlist +server=/.panluan.net/127.0.0.1#5353 +ipset=/.panluan.net/gfwlist +server=/.panoramio.com/127.0.0.1#5353 +ipset=/.panoramio.com/gfwlist +server=/.pao-pao.net/127.0.0.1#5353 +ipset=/.pao-pao.net/gfwlist +server=/.paper.li/127.0.0.1#5353 +ipset=/.paper.li/gfwlist +server=/.paperb.us/127.0.0.1#5353 +ipset=/.paperb.us/gfwlist +server=/.passion.com/127.0.0.1#5353 +ipset=/.passion.com/gfwlist +server=/.passiontimes.hk/127.0.0.1#5353 +ipset=/.passiontimes.hk/gfwlist +server=/.pastebin.com/127.0.0.1#5353 +ipset=/.pastebin.com/gfwlist +server=/.pastie.org/127.0.0.1#5353 +ipset=/.pastie.org/gfwlist +server=/.pbs.org/127.0.0.1#5353 +ipset=/.pbs.org/gfwlist +server=/.pbwiki.com/127.0.0.1#5353 +ipset=/.pbwiki.com/gfwlist +server=/.pbworks.com/127.0.0.1#5353 +ipset=/.pbworks.com/gfwlist +server=/.pbxes.com/127.0.0.1#5353 +ipset=/.pbxes.com/gfwlist +server=/.pbxes.org/127.0.0.1#5353 +ipset=/.pbxes.org/gfwlist +server=/.pcdiscuss.com/127.0.0.1#5353 +ipset=/.pcdiscuss.com/gfwlist +server=/.pcij.org/127.0.0.1#5353 +ipset=/.pcij.org/gfwlist +server=/.pdetails.com/127.0.0.1#5353 +ipset=/.pdetails.com/gfwlist +server=/.pdproxy.com/127.0.0.1#5353 +ipset=/.pdproxy.com/gfwlist +server=/.pds.nasa.gov/127.0.0.1#5353 +ipset=/.pds.nasa.gov/gfwlist +server=/.peace.ca/127.0.0.1#5353 +ipset=/.peace.ca/gfwlist +server=/.peacefire.org/127.0.0.1#5353 +ipset=/.peacefire.org/gfwlist +server=/.peacehall.com/127.0.0.1#5353 +ipset=/.peacehall.com/gfwlist +server=/.pearlher.org/127.0.0.1#5353 +ipset=/.pearlher.org/gfwlist +server=/.peeasian.com/127.0.0.1#5353 +ipset=/.peeasian.com/gfwlist +server=/.peerpong.com/127.0.0.1#5353 +ipset=/.peerpong.com/gfwlist +server=/.pekingduck.org/127.0.0.1#5353 +ipset=/.pekingduck.org/gfwlist +server=/.pemulihan.or.id/127.0.0.1#5353 +ipset=/.pemulihan.or.id/gfwlist +server=/.pen.io/127.0.0.1#5353 +ipset=/.pen.io/gfwlist +server=/.penchinese.com/127.0.0.1#5353 +ipset=/.penchinese.com/gfwlist +server=/.penchinese.net/127.0.0.1#5353 +ipset=/.penchinese.net/gfwlist +server=/.pengyulong.com/127.0.0.1#5353 +ipset=/.pengyulong.com/gfwlist +server=/.penthouse.com/127.0.0.1#5353 +ipset=/.penthouse.com/gfwlist +server=/.peopo.org/127.0.0.1#5353 +ipset=/.peopo.org/gfwlist +server=/.percy.in/127.0.0.1#5353 +ipset=/.percy.in/gfwlist +server=/.perfectgirls.net/127.0.0.1#5353 +ipset=/.perfectgirls.net/gfwlist +server=/.perfectvpn.net/127.0.0.1#5353 +ipset=/.perfectvpn.net/gfwlist +server=/.persecutionblog.com/127.0.0.1#5353 +ipset=/.persecutionblog.com/gfwlist +server=/.pfd.org.hk/127.0.0.1#5353 +ipset=/.pfd.org.hk/gfwlist +server=/.phayul.com/127.0.0.1#5353 +ipset=/.phayul.com/gfwlist +server=/.philly.com/127.0.0.1#5353 +ipset=/.philly.com/gfwlist +server=/.phncdn.com/127.0.0.1#5353 +ipset=/.phncdn.com/gfwlist +server=/.photodharma.net/127.0.0.1#5353 +ipset=/.photodharma.net/gfwlist +server=/.photofocus.com/127.0.0.1#5353 +ipset=/.photofocus.com/gfwlist +server=/.phuquocservices.com/127.0.0.1#5353 +ipset=/.phuquocservices.com/gfwlist +server=/.picasaweb.com/127.0.0.1#5353 +ipset=/.picasaweb.com/gfwlist +server=/.picidae.net/127.0.0.1#5353 +ipset=/.picidae.net/gfwlist +server=/.picturedip.com/127.0.0.1#5353 +ipset=/.picturedip.com/gfwlist +server=/.pictures.playboy.com/127.0.0.1#5353 +ipset=/.pictures.playboy.com/gfwlist +server=/.picturesocial.com/127.0.0.1#5353 +ipset=/.picturesocial.com/gfwlist +server=/.pin6.com/127.0.0.1#5353 +ipset=/.pin6.com/gfwlist +server=/.ping.fm/127.0.0.1#5353 +ipset=/.ping.fm/gfwlist +server=/.pinoy-n.com/127.0.0.1#5353 +ipset=/.pinoy-n.com/gfwlist +server=/.pioneer-worker.forums-free.com/127.0.0.1#5353 +ipset=/.pioneer-worker.forums-free.com/gfwlist +server=/.piposay.com/127.0.0.1#5353 +ipset=/.piposay.com/gfwlist +server=/.piring.com/127.0.0.1#5353 +ipset=/.piring.com/gfwlist +server=/.pixelqi.com/127.0.0.1#5353 +ipset=/.pixelqi.com/gfwlist +server=/.pixnet.net/127.0.0.1#5353 +ipset=/.pixnet.net/gfwlist +server=/.pk.com/127.0.0.1#5353 +ipset=/.pk.com/gfwlist +server=/.placemix.com/127.0.0.1#5353 +ipset=/.placemix.com/gfwlist +server=/.playboy.com/127.0.0.1#5353 +ipset=/.playboy.com/gfwlist +server=/.playboyplus.com/127.0.0.1#5353 +ipset=/.playboyplus.com/gfwlist +server=/.playno1.com/127.0.0.1#5353 +ipset=/.playno1.com/gfwlist +server=/.playpcesor.com/127.0.0.1#5353 +ipset=/.playpcesor.com/gfwlist +server=/.plm.org.hk/127.0.0.1#5353 +ipset=/.plm.org.hk/gfwlist +server=/.plunder.com/127.0.0.1#5353 +ipset=/.plunder.com/gfwlist +server=/.plurktop.mmdays.com/127.0.0.1#5353 +ipset=/.plurktop.mmdays.com/gfwlist +server=/.plus28.com/127.0.0.1#5353 +ipset=/.plus28.com/gfwlist +server=/.plusbb.com/127.0.0.1#5353 +ipset=/.plusbb.com/gfwlist +server=/.pmates.com/127.0.0.1#5353 +ipset=/.pmates.com/gfwlist +server=/.po2b.com/127.0.0.1#5353 +ipset=/.po2b.com/gfwlist +server=/.podictionary.com/127.0.0.1#5353 +ipset=/.podictionary.com/gfwlist +server=/.politicalchina.org/127.0.0.1#5353 +ipset=/.politicalchina.org/gfwlist +server=/.politicalconsultation.org/127.0.0.1#5353 +ipset=/.politicalconsultation.org/gfwlist +server=/.polymerhk.com/127.0.0.1#5353 +ipset=/.polymerhk.com/gfwlist +server=/.polymer-project.org/127.0.0.1#5353 +ipset=/.polymer-project.org/gfwlist +server=/.popvote.hk/127.0.0.1#5353 +ipset=/.popvote.hk/gfwlist +server=/.popyard.com/127.0.0.1#5353 +ipset=/.popyard.com/gfwlist +server=/.popyard.org/127.0.0.1#5353 +ipset=/.popyard.org/gfwlist +server=/.porn.com/127.0.0.1#5353 +ipset=/.porn.com/gfwlist +server=/.porn2.com/127.0.0.1#5353 +ipset=/.porn2.com/gfwlist +server=/.pornbase.org/127.0.0.1#5353 +ipset=/.pornbase.org/gfwlist +server=/.pornhd.com/127.0.0.1#5353 +ipset=/.pornhd.com/gfwlist +server=/.pornhost.com/127.0.0.1#5353 +ipset=/.pornhost.com/gfwlist +server=/.pornhub.com/127.0.0.1#5353 +ipset=/.pornhub.com/gfwlist +server=/.pornmm.net/127.0.0.1#5353 +ipset=/.pornmm.net/gfwlist +server=/.pornoxo.com/127.0.0.1#5353 +ipset=/.pornoxo.com/gfwlist +server=/.pornrapidshare.com/127.0.0.1#5353 +ipset=/.pornrapidshare.com/gfwlist +server=/.pornstarclub.com/127.0.0.1#5353 +ipset=/.pornstarclub.com/gfwlist +server=/.porntube.com/127.0.0.1#5353 +ipset=/.porntube.com/gfwlist +server=/.porntvblog.com/127.0.0.1#5353 +ipset=/.porntvblog.com/gfwlist +server=/.pornvisit.com/127.0.0.1#5353 +ipset=/.pornvisit.com/gfwlist +server=/.portablevpn.nl/127.0.0.1#5353 +ipset=/.portablevpn.nl/gfwlist +server=/.pose.com/127.0.0.1#5353 +ipset=/.pose.com/gfwlist +server=/.post.anyu.org/127.0.0.1#5353 +ipset=/.post.anyu.org/gfwlist +server=/.post.ly/127.0.0.1#5353 +ipset=/.post.ly/gfwlist +server=/.post852.com/127.0.0.1#5353 +ipset=/.post852.com/gfwlist +server=/.postadult.com/127.0.0.1#5353 +ipset=/.postadult.com/gfwlist +server=/.posterous.com/127.0.0.1#5353 +ipset=/.posterous.com/gfwlist +server=/.power.com/127.0.0.1#5353 +ipset=/.power.com/gfwlist +server=/.powerapple.com/127.0.0.1#5353 +ipset=/.powerapple.com/gfwlist +server=/.powercx.com/127.0.0.1#5353 +ipset=/.powercx.com/gfwlist +server=/.powerphoto.org/127.0.0.1#5353 +ipset=/.powerphoto.org/gfwlist +server=/.prayforchina.net/127.0.0.1#5353 +ipset=/.prayforchina.net/gfwlist +server=/.premeforwindows7.com/127.0.0.1#5353 +ipset=/.premeforwindows7.com/gfwlist +server=/.presentationzen.com/127.0.0.1#5353 +ipset=/.presentationzen.com/gfwlist +server=/.prestige-av.com/127.0.0.1#5353 +ipset=/.prestige-av.com/gfwlist +server=/.prisoneralert.com/127.0.0.1#5353 +ipset=/.prisoneralert.com/gfwlist +server=/.pritunl.com/127.0.0.1#5353 +ipset=/.pritunl.com/gfwlist +server=/.privacybox.de/127.0.0.1#5353 +ipset=/.privacybox.de/gfwlist +server=/.private.com/127.0.0.1#5353 +ipset=/.private.com/gfwlist +server=/.privateinternetaccess.com/127.0.0.1#5353 +ipset=/.privateinternetaccess.com/gfwlist +server=/.privatepaste.com/127.0.0.1#5353 +ipset=/.privatepaste.com/gfwlist +server=/.privatetunnel.com/127.0.0.1#5353 +ipset=/.privatetunnel.com/gfwlist +server=/.privatevpn.com/127.0.0.1#5353 +ipset=/.privatevpn.com/gfwlist +server=/.procopytips.com/127.0.0.1#5353 +ipset=/.procopytips.com/gfwlist +server=/.prosiben.de/127.0.0.1#5353 +ipset=/.prosiben.de/gfwlist +server=/.provideocoalition.com/127.0.0.1#5353 +ipset=/.provideocoalition.com/gfwlist +server=/.provpnaccounts.com/127.0.0.1#5353 +ipset=/.provpnaccounts.com/gfwlist +server=/.proxfree.com/127.0.0.1#5353 +ipset=/.proxfree.com/gfwlist +server=/.proxifier.com/127.0.0.1#5353 +ipset=/.proxifier.com/gfwlist +server=/.proxomitron.info/127.0.0.1#5353 +ipset=/.proxomitron.info/gfwlist +server=/.proxpn.com/127.0.0.1#5353 +ipset=/.proxpn.com/gfwlist +server=/.proxy.org/127.0.0.1#5353 +ipset=/.proxy.org/gfwlist +server=/.proxyanonimo.es/127.0.0.1#5353 +ipset=/.proxyanonimo.es/gfwlist +server=/.proxylist.org.uk/127.0.0.1#5353 +ipset=/.proxylist.org.uk/gfwlist +server=/.proxynetwork.org.uk/127.0.0.1#5353 +ipset=/.proxynetwork.org.uk/gfwlist +server=/.proxypy.net/127.0.0.1#5353 +ipset=/.proxypy.net/gfwlist +server=/.proxyroad.com/127.0.0.1#5353 +ipset=/.proxyroad.com/gfwlist +server=/.proxytunnel.net/127.0.0.1#5353 +ipset=/.proxytunnel.net/gfwlist +server=/.prozz.net/127.0.0.1#5353 +ipset=/.prozz.net/gfwlist +server=/.psblog.name/127.0.0.1#5353 +ipset=/.psblog.name/gfwlist +server=/.psiphon.ca/127.0.0.1#5353 +ipset=/.psiphon.ca/gfwlist +server=/.psiphon.civisec.org/127.0.0.1#5353 +ipset=/.psiphon.civisec.org/gfwlist +server=/.ptt.cc/127.0.0.1#5353 +ipset=/.ptt.cc/gfwlist +server=/.pttvan.org/127.0.0.1#5353 +ipset=/.pttvan.org/gfwlist +server=/.puffinbrowser.com/127.0.0.1#5353 +ipset=/.puffinbrowser.com/gfwlist +server=/.puffstore.com/127.0.0.1#5353 +ipset=/.puffstore.com/gfwlist +server=/.pullfolio.com/127.0.0.1#5353 +ipset=/.pullfolio.com/gfwlist +server=/.pulse.yahoo.com/127.0.0.1#5353 +ipset=/.pulse.yahoo.com/gfwlist +server=/.pure18.com/127.0.0.1#5353 +ipset=/.pure18.com/gfwlist +server=/.pureconcepts.net/127.0.0.1#5353 +ipset=/.pureconcepts.net/gfwlist +server=/.pureinsight.org/127.0.0.1#5353 +ipset=/.pureinsight.org/gfwlist +server=/.purepdf.com/127.0.0.1#5353 +ipset=/.purepdf.com/gfwlist +server=/.purevpn.com/127.0.0.1#5353 +ipset=/.purevpn.com/gfwlist +server=/.purplelotus.org/127.0.0.1#5353 +ipset=/.purplelotus.org/gfwlist +server=/.putlocker.com/127.0.0.1#5353 +ipset=/.putlocker.com/gfwlist +server=/.putty.org/127.0.0.1#5353 +ipset=/.putty.org/gfwlist +server=/.puttycm.free.fr/127.0.0.1#5353 +ipset=/.puttycm.free.fr/gfwlist +server=/.pwned.com/127.0.0.1#5353 +ipset=/.pwned.com/gfwlist +server=/.python.com/127.0.0.1#5353 +ipset=/.python.com/gfwlist +server=/.qanote.com/127.0.0.1#5353 +ipset=/.qanote.com/gfwlist +server=/.qidian.ca/127.0.0.1#5353 +ipset=/.qidian.ca/gfwlist +server=/.qienkuen.org/127.0.0.1#5353 +ipset=/.qienkuen.org/gfwlist +server=/.qi-gong.me/127.0.0.1#5353 +ipset=/.qi-gong.me/gfwlist +server=/.qiwen.lu/127.0.0.1#5353 +ipset=/.qiwen.lu/gfwlist +server=/.qixianglu.cn/127.0.0.1#5353 +ipset=/.qixianglu.cn/gfwlist +server=/.qkshare.com/127.0.0.1#5353 +ipset=/.qkshare.com/gfwlist +server=/.qoos.com/127.0.0.1#5353 +ipset=/.qoos.com/gfwlist +server=/.qq.co.za/127.0.0.1#5353 +ipset=/.qq.co.za/gfwlist +server=/.qstatus.com/127.0.0.1#5353 +ipset=/.qstatus.com/gfwlist +server=/.qtrac.eu/127.0.0.1#5353 +ipset=/.qtrac.eu/gfwlist +server=/.qtweeter.com/127.0.0.1#5353 +ipset=/.qtweeter.com/gfwlist +server=/.quitccp.net/127.0.0.1#5353 +ipset=/.quitccp.net/gfwlist +server=/.quitccp.org/127.0.0.1#5353 +ipset=/.quitccp.org/gfwlist +server=/.quran.com/127.0.0.1#5353 +ipset=/.quran.com/gfwlist +server=/.quranexplorer.com/127.0.0.1#5353 +ipset=/.quranexplorer.com/gfwlist +server=/.qusi8.net/127.0.0.1#5353 +ipset=/.qusi8.net/gfwlist +server=/.qvodzy.org/127.0.0.1#5353 +ipset=/.qvodzy.org/gfwlist +server=/.qxbbs.org/127.0.0.1#5353 +ipset=/.qxbbs.org/gfwlist +server=/.r18.com/127.0.0.1#5353 +ipset=/.r18.com/gfwlist +server=/.ra.gg/127.0.0.1#5353 +ipset=/.ra.gg/gfwlist +server=/.radicalparty.org/127.0.0.1#5353 +ipset=/.radicalparty.org/gfwlist +server=/.radiko.jp/127.0.0.1#5353 +ipset=/.radiko.jp/gfwlist +server=/.radioaustralia.net.au/127.0.0.1#5353 +ipset=/.radioaustralia.net.au/gfwlist +server=/.radiohilight.net/127.0.0.1#5353 +ipset=/.radiohilight.net/gfwlist +server=/.radiovaticana.org/127.0.0.1#5353 +ipset=/.radiovaticana.org/gfwlist +server=/.radiovncr.com/127.0.0.1#5353 +ipset=/.radiovncr.com/gfwlist +server=/.raizoji.or.jp/127.0.0.1#5353 +ipset=/.raizoji.or.jp/gfwlist +server=/.rangwang.biz/127.0.0.1#5353 +ipset=/.rangwang.biz/gfwlist +server=/.rangzen.com/127.0.0.1#5353 +ipset=/.rangzen.com/gfwlist +server=/.rangzen.net/127.0.0.1#5353 +ipset=/.rangzen.net/gfwlist +server=/.rangzen.org/127.0.0.1#5353 +ipset=/.rangzen.org/gfwlist +server=/.ranyunfei.com/127.0.0.1#5353 +ipset=/.ranyunfei.com/gfwlist +server=/.rapbull.net/127.0.0.1#5353 +ipset=/.rapbull.net/gfwlist +server=/.rapidgator.net/127.0.0.1#5353 +ipset=/.rapidgator.net/gfwlist +server=/.rapidshare8.com/127.0.0.1#5353 +ipset=/.rapidshare8.com/gfwlist +server=/.rapidsharedata.com/127.0.0.1#5353 +ipset=/.rapidsharedata.com/gfwlist +server=/.rapidvpn.com/127.0.0.1#5353 +ipset=/.rapidvpn.com/gfwlist +server=/.raremovie.cc/127.0.0.1#5353 +ipset=/.raremovie.cc/gfwlist +server=/.raremovie.net/127.0.0.1#5353 +ipset=/.raremovie.net/gfwlist +server=/.razyboard.com/127.0.0.1#5353 +ipset=/.razyboard.com/gfwlist +server=/.rcinet.ca/127.0.0.1#5353 +ipset=/.rcinet.ca/gfwlist +server=/.rconversation.blogs.com/127.0.0.1#5353 +ipset=/.rconversation.blogs.com/gfwlist +server=/.rd.com/127.0.0.1#5353 +ipset=/.rd.com/gfwlist +server=/.rdio.com/127.0.0.1#5353 +ipset=/.rdio.com/gfwlist +server=/.read100.com/127.0.0.1#5353 +ipset=/.read100.com/gfwlist +server=/.readmoo.com/127.0.0.1#5353 +ipset=/.readmoo.com/gfwlist +server=/.realcourage.org/127.0.0.1#5353 +ipset=/.realcourage.org/gfwlist +server=/.realraptalk.com/127.0.0.1#5353 +ipset=/.realraptalk.com/gfwlist +server=/.recaptcha.net/127.0.0.1#5353 +ipset=/.recaptcha.net/gfwlist +server=/.recordhistory.org/127.0.0.1#5353 +ipset=/.recordhistory.org/gfwlist +server=/.redchinacn.org/127.0.0.1#5353 +ipset=/.redchinacn.org/gfwlist +server=/.redtube.com/127.0.0.1#5353 +ipset=/.redtube.com/gfwlist +server=/.referer.us/127.0.0.1#5353 +ipset=/.referer.us/gfwlist +server=/.reflectivecode.com/127.0.0.1#5353 +ipset=/.reflectivecode.com/gfwlist +#server=/.registry.google/127.0.0.1#5353 +#ipset=/.registry.google/gfwlist +server=/.relaxbbs.com/127.0.0.1#5353 +ipset=/.relaxbbs.com/gfwlist +server=/.releaseinternational.org/127.0.0.1#5353 +ipset=/.releaseinternational.org/gfwlist +server=/.religioustolerance.org/127.0.0.1#5353 +ipset=/.religioustolerance.org/gfwlist +server=/.renminbao.com/127.0.0.1#5353 +ipset=/.renminbao.com/gfwlist +server=/.renyurenquan.org/127.0.0.1#5353 +ipset=/.renyurenquan.org/gfwlist +server=/.research.jmsc.hku.hk/127.0.0.1#5353 +ipset=/.research.jmsc.hku.hk/gfwlist +server=/.retweeteffect.com/127.0.0.1#5353 +ipset=/.retweeteffect.com/gfwlist +server=/.retweetist.com/127.0.0.1#5353 +ipset=/.retweetist.com/gfwlist +server=/.retweetrank.com/127.0.0.1#5353 +ipset=/.retweetrank.com/gfwlist +server=/.reuters.com/127.0.0.1#5353 +ipset=/.reuters.com/gfwlist +server=/.revleft.com/127.0.0.1#5353 +ipset=/.revleft.com/gfwlist +server=/.revver.com/127.0.0.1#5353 +ipset=/.revver.com/gfwlist +server=/.rfa.org/127.0.0.1#5353 +ipset=/.rfa.org/gfwlist +server=/.rfachina.com/127.0.0.1#5353 +ipset=/.rfachina.com/gfwlist +server=/.rfamobile.org/127.0.0.1#5353 +ipset=/.rfamobile.org/gfwlist +server=/.rfaweb.org/127.0.0.1#5353 +ipset=/.rfaweb.org/gfwlist +server=/.rferl.org/127.0.0.1#5353 +ipset=/.rferl.org/gfwlist +server=/.rfi.fr/127.0.0.1#5353 +ipset=/.rfi.fr/gfwlist +server=/.rfi.my/127.0.0.1#5353 +ipset=/.rfi.my/gfwlist +server=/.rhcloud.com/127.0.0.1#5353 +ipset=/.rhcloud.com/gfwlist +server=/.riku.me/127.0.0.1#5353 +ipset=/.riku.me/gfwlist +server=/.rileyguide.com/127.0.0.1#5353 +ipset=/.rileyguide.com/gfwlist +server=/.ritouki.jp/127.0.0.1#5353 +ipset=/.ritouki.jp/gfwlist +server=/.rlwlw.com/127.0.0.1#5353 +ipset=/.rlwlw.com/gfwlist +server=/.rmjdw.com/127.0.0.1#5353 +ipset=/.rmjdw.com/gfwlist +server=/.rmjdw132.info/127.0.0.1#5353 +ipset=/.rmjdw132.info/gfwlist +server=/.rnw.global.ssl.fastly.net/127.0.0.1#5353 +ipset=/.rnw.global.ssl.fastly.net/gfwlist +server=/.rnw.nl/127.0.0.1#5353 +ipset=/.rnw.nl/gfwlist +server=/.roadshow.hk/127.0.0.1#5353 +ipset=/.roadshow.hk/gfwlist +server=/.robtex.com/127.0.0.1#5353 +ipset=/.robtex.com/gfwlist +server=/.robustnessiskey.com/127.0.0.1#5353 +ipset=/.robustnessiskey.com/gfwlist +server=/.rocket-inc.net/127.0.0.1#5353 +ipset=/.rocket-inc.net/gfwlist +server=/.rocmp.org/127.0.0.1#5353 +ipset=/.rocmp.org/gfwlist +server=/.rojo.com/127.0.0.1#5353 +ipset=/.rojo.com/gfwlist +server=/.rolia.net/127.0.0.1#5353 +ipset=/.rolia.net/gfwlist +server=/.ronjoneswriter.com/127.0.0.1#5353 +ipset=/.ronjoneswriter.com/gfwlist +server=/.roodo.com/127.0.0.1#5353 +ipset=/.roodo.com/gfwlist +server=/.rosechina.net/127.0.0.1#5353 +ipset=/.rosechina.net/gfwlist +server=/.rotten.com/127.0.0.1#5353 +ipset=/.rotten.com/gfwlist +server=/.rsf.org/127.0.0.1#5353 +ipset=/.rsf.org/gfwlist +server=/.rsf-chinese.org/127.0.0.1#5353 +ipset=/.rsf-chinese.org/gfwlist +server=/.rsgamen.org/127.0.0.1#5353 +ipset=/.rsgamen.org/gfwlist +server=/.rssmeme.com/127.0.0.1#5353 +ipset=/.rssmeme.com/gfwlist +server=/.rthk.hk/127.0.0.1#5353 +ipset=/.rthk.hk/gfwlist +server=/.rthk.org.hk/127.0.0.1#5353 +ipset=/.rthk.org.hk/gfwlist +server=/.ruanyifeng.com/127.0.0.1#5353 +ipset=/.ruanyifeng.com/gfwlist +server=/.rushbee.com/127.0.0.1#5353 +ipset=/.rushbee.com/gfwlist +server=/.rutube.ru/127.0.0.1#5353 +ipset=/.rutube.ru/gfwlist +server=/.ruyiseek.com/127.0.0.1#5353 +ipset=/.ruyiseek.com/gfwlist +server=/.rxhj.net/127.0.0.1#5353 +ipset=/.rxhj.net/gfwlist +server=/.s.xiaod.in/127.0.0.1#5353 +ipset=/.s.xiaod.in/gfwlist +server=/.s1heng.com/127.0.0.1#5353 +ipset=/.s1heng.com/gfwlist +server=/.s1s1s1.com/127.0.0.1#5353 +ipset=/.s1s1s1.com/gfwlist +server=/.s8forum.com/127.0.0.1#5353 +ipset=/.s8forum.com/gfwlist +server=/.sa.hao123.com/127.0.0.1#5353 +ipset=/.sa.hao123.com/gfwlist +server=/.sacom.hk/127.0.0.1#5353 +ipset=/.sacom.hk/gfwlist +server=/.sadistic-v.com/127.0.0.1#5353 +ipset=/.sadistic-v.com/gfwlist +server=/.sadpanda.us/127.0.0.1#5353 +ipset=/.sadpanda.us/gfwlist +server=/.safervpn.com/127.0.0.1#5353 +ipset=/.safervpn.com/gfwlist +server=/.saiq.me/127.0.0.1#5353 +ipset=/.saiq.me/gfwlist +server=/.sakuralive.com/127.0.0.1#5353 +ipset=/.sakuralive.com/gfwlist +server=/.salvation.org.hk/127.0.0.1#5353 +ipset=/.salvation.org.hk/gfwlist +server=/.samair.ru/127.0.0.1#5353 +ipset=/.samair.ru/gfwlist +server=/.sambhota.org/127.0.0.1#5353 +ipset=/.sambhota.org/gfwlist +server=/.samsoff.es/127.0.0.1#5353 +ipset=/.samsoff.es/gfwlist +server=/.sankaizok.com/127.0.0.1#5353 +ipset=/.sankaizok.com/gfwlist +server=/.sapikachu.net/127.0.0.1#5353 +ipset=/.sapikachu.net/gfwlist +server=/.savemedia.com/127.0.0.1#5353 +ipset=/.savemedia.com/gfwlist +server=/.savetibet.de/127.0.0.1#5353 +ipset=/.savetibet.de/gfwlist +server=/.savetibet.fr/127.0.0.1#5353 +ipset=/.savetibet.fr/gfwlist +server=/.savetibet.nl/127.0.0.1#5353 +ipset=/.savetibet.nl/gfwlist +server=/.savetibet.org/127.0.0.1#5353 +ipset=/.savetibet.org/gfwlist +server=/.savetibet.ru/127.0.0.1#5353 +ipset=/.savetibet.ru/gfwlist +server=/.savevid.com/127.0.0.1#5353 +ipset=/.savevid.com/gfwlist +server=/.say2.info/127.0.0.1#5353 +ipset=/.say2.info/gfwlist +server=/.sciencenets.com/127.0.0.1#5353 +ipset=/.sciencenets.com/gfwlist +server=/.scihub.org/127.0.0.1#5353 +ipset=/.scihub.org/gfwlist +server=/.scmp.com/127.0.0.1#5353 +ipset=/.scmp.com/gfwlist +server=/.scmpchinese.com/127.0.0.1#5353 +ipset=/.scmpchinese.com/gfwlist +server=/.scribd.com/127.0.0.1#5353 +ipset=/.scribd.com/gfwlist +server=/.scriptspot.com/127.0.0.1#5353 +ipset=/.scriptspot.com/gfwlist +server=/.s-cute.com/127.0.0.1#5353 +ipset=/.s-cute.com/gfwlist +server=/.s-dragon.org/127.0.0.1#5353 +ipset=/.s-dragon.org/gfwlist +server=/.seapuff.com/127.0.0.1#5353 +ipset=/.seapuff.com/gfwlist +server=/.search.aol.com/127.0.0.1#5353 +ipset=/.search.aol.com/gfwlist +server=/.search.xxx/127.0.0.1#5353 +ipset=/.search.xxx/gfwlist +server=/.secretchina.com/127.0.0.1#5353 +ipset=/.secretchina.com/gfwlist +server=/.secretgarden.no/127.0.0.1#5353 +ipset=/.secretgarden.no/gfwlist +server=/.secretsline.biz/127.0.0.1#5353 +ipset=/.secretsline.biz/gfwlist +server=/.secure.hustler.com/127.0.0.1#5353 +ipset=/.secure.hustler.com/gfwlist +server=/.secure.logmein.com/127.0.0.1#5353 +ipset=/.secure.logmein.com/gfwlist +server=/.securetunnel.com/127.0.0.1#5353 +ipset=/.securetunnel.com/gfwlist +server=/.securitykiss.com/127.0.0.1#5353 +ipset=/.securitykiss.com/gfwlist +server=/.seesmic.com/127.0.0.1#5353 +ipset=/.seesmic.com/gfwlist +server=/.seevpn.com/127.0.0.1#5353 +ipset=/.seevpn.com/gfwlist +server=/.seezone.net/127.0.0.1#5353 +ipset=/.seezone.net/gfwlist +server=/.sejie.com/127.0.0.1#5353 +ipset=/.sejie.com/gfwlist +server=/.sendoid.com/127.0.0.1#5353 +ipset=/.sendoid.com/gfwlist +server=/.sendspace.com/127.0.0.1#5353 +ipset=/.sendspace.com/gfwlist +server=/.sesawe.net/127.0.0.1#5353 +ipset=/.sesawe.net/gfwlist +server=/.sesawe.org/127.0.0.1#5353 +ipset=/.sesawe.org/gfwlist +server=/.sethwklein.net/127.0.0.1#5353 +ipset=/.sethwklein.net/gfwlist +server=/.sevenload.com/127.0.0.1#5353 +ipset=/.sevenload.com/gfwlist +server=/.sex.com/127.0.0.1#5353 +ipset=/.sex.com/gfwlist +server=/.sex-11.com/127.0.0.1#5353 +ipset=/.sex-11.com/gfwlist +server=/.sex3.com/127.0.0.1#5353 +ipset=/.sex3.com/gfwlist +server=/.sex8.cc/127.0.0.1#5353 +ipset=/.sex8.cc/gfwlist +server=/.sexandsubmission.com/127.0.0.1#5353 +ipset=/.sexandsubmission.com/gfwlist +server=/.sexhu.com/127.0.0.1#5353 +ipset=/.sexhu.com/gfwlist +server=/.sexhuang.com/127.0.0.1#5353 +ipset=/.sexhuang.com/gfwlist +server=/.sexinsex.net/127.0.0.1#5353 +ipset=/.sexinsex.net/gfwlist +server=/.sf.net/127.0.0.1#5353 +ipset=/.sf.net/gfwlist +server=/.sfileydy.com/127.0.0.1#5353 +ipset=/.sfileydy.com/gfwlist +server=/.sftindia.org/127.0.0.1#5353 +ipset=/.sftindia.org/gfwlist +server=/.sftuk.org/127.0.0.1#5353 +ipset=/.sftuk.org/gfwlist +server=/.shadow.ma/127.0.0.1#5353 +ipset=/.shadow.ma/gfwlist +server=/.shadowsocks.org/127.0.0.1#5353 +ipset=/.shadowsocks.org/gfwlist +server=/.shahamat-english.com/127.0.0.1#5353 +ipset=/.shahamat-english.com/gfwlist +server=/.shangfang.org/127.0.0.1#5353 +ipset=/.shangfang.org/gfwlist +server=/.shapeservices.com/127.0.0.1#5353 +ipset=/.shapeservices.com/gfwlist +server=/.share.dmhy.org/127.0.0.1#5353 +ipset=/.share.dmhy.org/gfwlist +server=/.share.ovi.com/127.0.0.1#5353 +ipset=/.share.ovi.com/gfwlist +server=/.sharebee.com/127.0.0.1#5353 +ipset=/.sharebee.com/gfwlist +server=/.sharecool.org/127.0.0.1#5353 +ipset=/.sharecool.org/gfwlist +server=/.sharpdaily.com.hk/127.0.0.1#5353 +ipset=/.sharpdaily.com.hk/gfwlist +server=/.sharpdaily.hk/127.0.0.1#5353 +ipset=/.sharpdaily.hk/gfwlist +server=/.shat-tibet.com/127.0.0.1#5353 +ipset=/.shat-tibet.com/gfwlist +server=/.sheikyermami.com/127.0.0.1#5353 +ipset=/.sheikyermami.com/gfwlist +server=/.shenshou.org/127.0.0.1#5353 +ipset=/.shenshou.org/gfwlist +server=/.shenyun.com/127.0.0.1#5353 +ipset=/.shenyun.com/gfwlist +server=/.shenyunperformingarts.org/127.0.0.1#5353 +ipset=/.shenyunperformingarts.org/gfwlist +server=/.shenzhoufilm.com/127.0.0.1#5353 +ipset=/.shenzhoufilm.com/gfwlist +server=/.shicheng.org/127.0.0.1#5353 +ipset=/.shicheng.org/gfwlist +server=/.shinychan.com/127.0.0.1#5353 +ipset=/.shinychan.com/gfwlist +server=/.shitaotv.org/127.0.0.1#5353 +ipset=/.shitaotv.org/gfwlist +server=/.shixiao.org/127.0.0.1#5353 +ipset=/.shixiao.org/gfwlist +server=/.shizhao.org/127.0.0.1#5353 +ipset=/.shizhao.org/gfwlist +server=/.shkspr.mobi/127.0.0.1#5353 +ipset=/.shkspr.mobi/gfwlist +server=/.shodanhq.com/127.0.0.1#5353 +ipset=/.shodanhq.com/gfwlist +server=/.shopping.com/127.0.0.1#5353 +ipset=/.shopping.com/gfwlist +server=/.showbiz.omy.sg/127.0.0.1#5353 +ipset=/.showbiz.omy.sg/gfwlist +server=/.showtime.jp/127.0.0.1#5353 +ipset=/.showtime.jp/gfwlist +server=/.shutterstock.com/127.0.0.1#5353 +ipset=/.shutterstock.com/gfwlist +server=/.shwchurch.org/127.0.0.1#5353 +ipset=/.shwchurch.org/gfwlist +server=/.shwchurch3.com/127.0.0.1#5353 +ipset=/.shwchurch3.com/gfwlist +server=/.sidelinesnews.com/127.0.0.1#5353 +ipset=/.sidelinesnews.com/gfwlist +server=/.sidelinessportseatery.com/127.0.0.1#5353 +ipset=/.sidelinessportseatery.com/gfwlist +server=/.simplecd.org/127.0.0.1#5353 +ipset=/.simplecd.org/gfwlist +server=/.simpleproductivityblog.com/127.0.0.1#5353 +ipset=/.simpleproductivityblog.com/gfwlist +server=/.sinchew.com.my/127.0.0.1#5353 +ipset=/.sinchew.com.my/gfwlist +server=/.singaporepools.com.sg/127.0.0.1#5353 +ipset=/.singaporepools.com.sg/gfwlist +server=/.singtao.com/127.0.0.1#5353 +ipset=/.singtao.com/gfwlist +server=/.sinoants.com/127.0.0.1#5353 +ipset=/.sinoants.com/gfwlist +server=/.sinocast.com/127.0.0.1#5353 +ipset=/.sinocast.com/gfwlist +server=/.sinocism.com/127.0.0.1#5353 +ipset=/.sinocism.com/gfwlist +server=/.sino-monthly.com/127.0.0.1#5353 +ipset=/.sino-monthly.com/gfwlist +server=/.sinomontreal.ca/127.0.0.1#5353 +ipset=/.sinomontreal.ca/gfwlist +server=/.sinonet.ca/127.0.0.1#5353 +ipset=/.sinonet.ca/gfwlist +server=/.sinopitt.info/127.0.0.1#5353 +ipset=/.sinopitt.info/gfwlist +server=/.sinoquebec.com/127.0.0.1#5353 +ipset=/.sinoquebec.com/gfwlist +server=/.sipml5.org/127.0.0.1#5353 +ipset=/.sipml5.org/gfwlist +server=/.sis.xxx/127.0.0.1#5353 +ipset=/.sis.xxx/gfwlist +server=/.sis001.com/127.0.0.1#5353 +ipset=/.sis001.com/gfwlist +server=/.sis001.us/127.0.0.1#5353 +ipset=/.sis001.us/gfwlist +server=/.site90.net/127.0.0.1#5353 +ipset=/.site90.net/gfwlist +server=/.sitekreator.com/127.0.0.1#5353 +ipset=/.sitekreator.com/gfwlist +server=/.siteks.uk.to/127.0.0.1#5353 +ipset=/.siteks.uk.to/gfwlist +server=/.sitemaps.org/127.0.0.1#5353 +ipset=/.sitemaps.org/gfwlist +server=/.sitetag.us/127.0.0.1#5353 +ipset=/.sitetag.us/gfwlist +server=/.sjum.cn/127.0.0.1#5353 +ipset=/.sjum.cn/gfwlist +server=/.skimtube.com/127.0.0.1#5353 +ipset=/.skimtube.com/gfwlist +server=/.skybet.com/127.0.0.1#5353 +ipset=/.skybet.com/gfwlist +server=/.skyhighpremium.com/127.0.0.1#5353 +ipset=/.skyhighpremium.com/gfwlist +server=/.skyvegas.com/127.0.0.1#5353 +ipset=/.skyvegas.com/gfwlist +server=/.slacker.com/127.0.0.1#5353 +ipset=/.slacker.com/gfwlist +server=/.slavasoft.com/127.0.0.1#5353 +ipset=/.slavasoft.com/gfwlist +server=/.slheng.com/127.0.0.1#5353 +ipset=/.slheng.com/gfwlist +server=/.slickvpn.com/127.0.0.1#5353 +ipset=/.slickvpn.com/gfwlist +server=/.slideshare.net/127.0.0.1#5353 +ipset=/.slideshare.net/gfwlist +server=/.slinkset.com/127.0.0.1#5353 +ipset=/.slinkset.com/gfwlist +server=/.slutload.com/127.0.0.1#5353 +ipset=/.slutload.com/gfwlist +server=/.slyip.com/127.0.0.1#5353 +ipset=/.slyip.com/gfwlist +server=/.smh.com.au/127.0.0.1#5353 +ipset=/.smh.com.au/gfwlist +server=/.smhric.org/127.0.0.1#5353 +ipset=/.smhric.org/gfwlist +server=/.snapchat.com/127.0.0.1#5353 +ipset=/.snapchat.com/gfwlist +server=/.snaptu.com/127.0.0.1#5353 +ipset=/.snaptu.com/gfwlist +server=/.sndcdn.com/127.0.0.1#5353 +ipset=/.sndcdn.com/gfwlist +server=/.sneakme.net/127.0.0.1#5353 +ipset=/.sneakme.net/gfwlist +server=/.snooper.co.uk/127.0.0.1#5353 +ipset=/.snooper.co.uk/gfwlist +server=/.snowlionpub.com/127.0.0.1#5353 +ipset=/.snowlionpub.com/gfwlist +server=/.sobees.com/127.0.0.1#5353 +ipset=/.sobees.com/gfwlist +server=/.soc.mil/127.0.0.1#5353 +ipset=/.soc.mil/gfwlist +server=/.socialwhale.com/127.0.0.1#5353 +ipset=/.socialwhale.com/gfwlist +server=/.sockslist.net/127.0.0.1#5353 +ipset=/.sockslist.net/gfwlist +server=/.socrec.org/127.0.0.1#5353 +ipset=/.socrec.org/gfwlist +server=/.sod.co.jp/127.0.0.1#5353 +ipset=/.sod.co.jp/gfwlist +server=/.softether.co.jp/127.0.0.1#5353 +ipset=/.softether.co.jp/gfwlist +server=/.softether.org/127.0.0.1#5353 +ipset=/.softether.org/gfwlist +server=/.softether-download.com/127.0.0.1#5353 +ipset=/.softether-download.com/gfwlist +server=/.softwarebychuck.com/127.0.0.1#5353 +ipset=/.softwarebychuck.com/gfwlist +server=/.softwaredownload.gitbooks.io/127.0.0.1#5353 +ipset=/.softwaredownload.gitbooks.io/gfwlist +server=/.so-ga.net/127.0.0.1#5353 +ipset=/.so-ga.net/gfwlist +server=/.sogclub.com/127.0.0.1#5353 +ipset=/.sogclub.com/gfwlist +server=/.sogrady.me/127.0.0.1#5353 +ipset=/.sogrady.me/gfwlist +server=/.sohcradio.com/127.0.0.1#5353 +ipset=/.sohcradio.com/gfwlist +server=/.sohfrance.org/127.0.0.1#5353 +ipset=/.sohfrance.org/gfwlist +server=/.sokamonline.com/127.0.0.1#5353 +ipset=/.sokamonline.com/gfwlist +server=/.somee.com/127.0.0.1#5353 +ipset=/.somee.com/gfwlist +server=/.so-news.com/127.0.0.1#5353 +ipset=/.so-news.com/gfwlist +server=/.songjianjun.com/127.0.0.1#5353 +ipset=/.songjianjun.com/gfwlist +server=/.sonidodelaesperanza.org/127.0.0.1#5353 +ipset=/.sonidodelaesperanza.org/gfwlist +server=/.sopcast.com/127.0.0.1#5353 +ipset=/.sopcast.com/gfwlist +server=/.sopcast.org/127.0.0.1#5353 +ipset=/.sopcast.org/gfwlist +server=/.sorazone.net/127.0.0.1#5353 +ipset=/.sorazone.net/gfwlist +server=/.sorting-algorithms.com/127.0.0.1#5353 +ipset=/.sorting-algorithms.com/gfwlist +server=/.soulcaliburhentai.net/127.0.0.1#5353 +ipset=/.soulcaliburhentai.net/gfwlist +server=/.soul-plus.net/127.0.0.1#5353 +ipset=/.soul-plus.net/gfwlist +server=/.soumo.info/127.0.0.1#5353 +ipset=/.soumo.info/gfwlist +server=/.soundcloud.com/127.0.0.1#5353 +ipset=/.soundcloud.com/gfwlist +server=/.soundofhope.kr/127.0.0.1#5353 +ipset=/.soundofhope.kr/gfwlist +server=/.soundofhope.org/127.0.0.1#5353 +ipset=/.soundofhope.org/gfwlist +server=/.soup.io/127.0.0.1#5353 +ipset=/.soup.io/gfwlist +server=/.soupofmedia.com/127.0.0.1#5353 +ipset=/.soupofmedia.com/gfwlist +server=/.sourceforge.net/127.0.0.1#5353 +ipset=/.sourceforge.net/gfwlist +server=/.sourcewadio.com/127.0.0.1#5353 +ipset=/.sourcewadio.com/gfwlist +server=/.sowers.org.hk/127.0.0.1#5353 +ipset=/.sowers.org.hk/gfwlist +server=/.space-scape.com/127.0.0.1#5353 +ipset=/.space-scape.com/gfwlist +server=/.spankbang.com/127.0.0.1#5353 +ipset=/.spankbang.com/gfwlist +server=/.spankwire.com/127.0.0.1#5353 +ipset=/.spankwire.com/gfwlist +server=/.spb.com/127.0.0.1#5353 +ipset=/.spb.com/gfwlist +server=/.speakerdeck.com/127.0.0.1#5353 +ipset=/.speakerdeck.com/gfwlist +server=/.speckleapp.com/127.0.0.1#5353 +ipset=/.speckleapp.com/gfwlist +server=/.spem.at/127.0.0.1#5353 +ipset=/.spem.at/gfwlist +server=/.spencertipping.com/127.0.0.1#5353 +ipset=/.spencertipping.com/gfwlist +server=/.spicevpn.com/127.0.0.1#5353 +ipset=/.spicevpn.com/gfwlist +server=/.spike.com/127.0.0.1#5353 +ipset=/.spike.com/gfwlist +server=/.spinejs.com/127.0.0.1#5353 +ipset=/.spinejs.com/gfwlist +server=/.sports.williamhill.com/127.0.0.1#5353 +ipset=/.sports.williamhill.com/gfwlist +server=/.spotify.com/127.0.0.1#5353 +ipset=/.spotify.com/gfwlist +server=/.spring4u.info/127.0.0.1#5353 +ipset=/.spring4u.info/gfwlist +server=/.springboardplatform.com/127.0.0.1#5353 +ipset=/.springboardplatform.com/gfwlist +server=/.sproutcore.com/127.0.0.1#5353 +ipset=/.sproutcore.com/gfwlist +server=/.sproxy.info/127.0.0.1#5353 +ipset=/.sproxy.info/gfwlist +server=/.squarespace.com/127.0.0.1#5353 +ipset=/.squarespace.com/gfwlist +server=/.srcf.ucam.org/127.0.0.1#5353 +ipset=/.srcf.ucam.org/gfwlist +server=/.ssh91.com/127.0.0.1#5353 +ipset=/.ssh91.com/gfwlist +server=/.stackoverflow.com/127.0.0.1#5353 +ipset=/.stackoverflow.com/gfwlist +server=/.stage64.hk/127.0.0.1#5353 +ipset=/.stage64.hk/gfwlist +server=/.standupfortibet.org/127.0.0.1#5353 +ipset=/.standupfortibet.org/gfwlist +server=/.stanford.edu/127.0.0.1#5353 +ipset=/.stanford.edu/gfwlist +server=/.starp2p.com/127.0.0.1#5353 +ipset=/.starp2p.com/gfwlist +server=/.startpage.com/127.0.0.1#5353 +ipset=/.startpage.com/gfwlist +server=/.state168.com/127.0.0.1#5353 +ipset=/.state168.com/gfwlist +server=/.static.digg.com/127.0.0.1#5353 +ipset=/.static.digg.com/gfwlist +server=/.staticflickr.com/127.0.0.1#5353 +ipset=/.staticflickr.com/gfwlist +server=/.steel-storm.com/127.0.0.1#5353 +ipset=/.steel-storm.com/gfwlist +server=/.stephaniered.com/127.0.0.1#5353 +ipset=/.stephaniered.com/gfwlist +server=/.stepmania.com/127.0.0.1#5353 +ipset=/.stepmania.com/gfwlist +server=/.sthoo.com/127.0.0.1#5353 +ipset=/.sthoo.com/gfwlist +server=/.stickam.com/127.0.0.1#5353 +ipset=/.stickam.com/gfwlist +server=/.stickeraction.com/127.0.0.1#5353 +ipset=/.stickeraction.com/gfwlist +server=/.sto.cc/127.0.0.1#5353 +ipset=/.sto.cc/gfwlist +server=/.stoneip.info/127.0.0.1#5353 +ipset=/.stoneip.info/gfwlist +server=/.stoptibetcrisis.net/127.0.0.1#5353 +ipset=/.stoptibetcrisis.net/gfwlist +server=/.storagenewsletter.com/127.0.0.1#5353 +ipset=/.storagenewsletter.com/gfwlist +server=/.storify.com/127.0.0.1#5353 +ipset=/.storify.com/gfwlist +server=/.storm.mg/127.0.0.1#5353 +ipset=/.storm.mg/gfwlist +server=/.stormmediagroup.com/127.0.0.1#5353 +ipset=/.stormmediagroup.com/gfwlist +server=/.stoweboyd.com/127.0.0.1#5353 +ipset=/.stoweboyd.com/gfwlist +server=/.streamingthe.net/127.0.0.1#5353 +ipset=/.streamingthe.net/gfwlist +server=/.streema.com/127.0.0.1#5353 +ipset=/.streema.com/gfwlist +server=/.strongvpn.com/127.0.0.1#5353 +ipset=/.strongvpn.com/gfwlist +server=/.strongwindpress.com/127.0.0.1#5353 +ipset=/.strongwindpress.com/gfwlist +server=/.studentsforafreetibet.org/127.0.0.1#5353 +ipset=/.studentsforafreetibet.org/gfwlist +server=/.stuffimreading.net/127.0.0.1#5353 +ipset=/.stuffimreading.net/gfwlist +server=/.stumbleupon.com/127.0.0.1#5353 +ipset=/.stumbleupon.com/gfwlist +server=/.stupidvideos.com/127.0.0.1#5353 +ipset=/.stupidvideos.com/gfwlist +server=/.subacme.rerouted.org/127.0.0.1#5353 +ipset=/.subacme.rerouted.org/gfwlist +server=/.sugarsync.com/127.0.0.1#5353 +ipset=/.sugarsync.com/gfwlist +server=/.suissl.com/127.0.0.1#5353 +ipset=/.suissl.com/gfwlist +server=/.summify.com/127.0.0.1#5353 +ipset=/.summify.com/gfwlist +server=/.sun1911.com/127.0.0.1#5353 +ipset=/.sun1911.com/gfwlist +server=/.sunporno.com/127.0.0.1#5353 +ipset=/.sunporno.com/gfwlist +server=/.sunvpn.net/127.0.0.1#5353 +ipset=/.sunvpn.net/gfwlist +server=/.suoluo.org/127.0.0.1#5353 +ipset=/.suoluo.org/gfwlist +server=/.suprememastertv.com/127.0.0.1#5353 +ipset=/.suprememastertv.com/gfwlist +server=/.surfeasy.com/127.0.0.1#5353 +ipset=/.surfeasy.com/gfwlist +server=/.surfeasy.com.au/127.0.0.1#5353 +ipset=/.surfeasy.com.au/gfwlist +server=/.suroot.com/127.0.0.1#5353 +ipset=/.suroot.com/gfwlist +server=/.surrenderat20.net/127.0.0.1#5353 +ipset=/.surrenderat20.net/gfwlist +server=/.suyangg.com/127.0.0.1#5353 +ipset=/.suyangg.com/gfwlist +server=/.svwind.com/127.0.0.1#5353 +ipset=/.svwind.com/gfwlist +server=/.sweux.com/127.0.0.1#5353 +ipset=/.sweux.com/gfwlist +server=/.swift-tools.net/127.0.0.1#5353 +ipset=/.swift-tools.net/gfwlist +server=/.swissvpn.net/127.0.0.1#5353 +ipset=/.swissvpn.net/gfwlist +server=/.switch1.jp/127.0.0.1#5353 +ipset=/.switch1.jp/gfwlist +server=/.switchvpn.net/127.0.0.1#5353 +ipset=/.switchvpn.net/gfwlist +server=/.sydneytoday.com/127.0.0.1#5353 +ipset=/.sydneytoday.com/gfwlist +server=/.sylfoundation.org/127.0.0.1#5353 +ipset=/.sylfoundation.org/gfwlist +server=/.syncback.com/127.0.0.1#5353 +ipset=/.syncback.com/gfwlist +server=/.sysadmin1138.net/127.0.0.1#5353 +ipset=/.sysadmin1138.net/gfwlist +server=/.sysresccd.org/127.0.0.1#5353 +ipset=/.sysresccd.org/gfwlist +server=/.sytes.net/127.0.0.1#5353 +ipset=/.sytes.net/gfwlist +server=/.szbbs.net/127.0.0.1#5353 +ipset=/.szbbs.net/gfwlist +server=/.szetowah.org.hk/127.0.0.1#5353 +ipset=/.szetowah.org.hk/gfwlist +server=/.t.co/127.0.0.1#5353 +ipset=/.t.co/gfwlist +server=/.t.neolee.cn/127.0.0.1#5353 +ipset=/.t.neolee.cn/gfwlist +server=/.t.orzdream.com/127.0.0.1#5353 +ipset=/.t.orzdream.com/gfwlist +server=/.t35.com/127.0.0.1#5353 +ipset=/.t35.com/gfwlist +server=/.t66y.com/127.0.0.1#5353 +ipset=/.t66y.com/gfwlist +server=/.t88.ca/127.0.0.1#5353 +ipset=/.t88.ca/gfwlist +server=/.taa-usa.org/127.0.0.1#5353 +ipset=/.taa-usa.org/gfwlist +server=/.tabtter.jp/127.0.0.1#5353 +ipset=/.tabtter.jp/gfwlist +server=/.tacem.org/127.0.0.1#5353 +ipset=/.tacem.org/gfwlist +server=/.tafaward.com/127.0.0.1#5353 +ipset=/.tafaward.com/gfwlist +server=/.tafm.org/127.0.0.1#5353 +ipset=/.tafm.org/gfwlist +server=/.tagwa.org.au/127.0.0.1#5353 +ipset=/.tagwa.org.au/gfwlist +server=/.tagwalk.com/127.0.0.1#5353 +ipset=/.tagwalk.com/gfwlist +server=/.taipeisociety.org/127.0.0.1#5353 +ipset=/.taipeisociety.org/gfwlist +server=/.taiwanbible.com/127.0.0.1#5353 +ipset=/.taiwanbible.com/gfwlist +server=/.taiwandaily.net/127.0.0.1#5353 +ipset=/.taiwandaily.net/gfwlist +server=/.taiwanjustice.com/127.0.0.1#5353 +ipset=/.taiwanjustice.com/gfwlist +server=/.taiwankiss.com/127.0.0.1#5353 +ipset=/.taiwankiss.com/gfwlist +server=/.taiwannation.50webs.com/127.0.0.1#5353 +ipset=/.taiwannation.50webs.com/gfwlist +server=/.taiwannation.com/127.0.0.1#5353 +ipset=/.taiwannation.com/gfwlist +server=/.taiwan-sex.com/127.0.0.1#5353 +ipset=/.taiwan-sex.com/gfwlist +server=/.taiwantp.net/127.0.0.1#5353 +ipset=/.taiwantp.net/gfwlist +server=/.taiwanus.net/127.0.0.1#5353 +ipset=/.taiwanus.net/gfwlist +server=/.taiwanyes.com/127.0.0.1#5353 +ipset=/.taiwanyes.com/gfwlist +server=/.taiwanyes.ning.com/127.0.0.1#5353 +ipset=/.taiwanyes.ning.com/gfwlist +server=/.talk853.com/127.0.0.1#5353 +ipset=/.talk853.com/gfwlist +server=/.talkboxapp.com/127.0.0.1#5353 +ipset=/.talkboxapp.com/gfwlist +server=/.talkonly.net/127.0.0.1#5353 +ipset=/.talkonly.net/gfwlist +server=/.tamiaode.tk/127.0.0.1#5353 +ipset=/.tamiaode.tk/gfwlist +server=/.tanc.org/127.0.0.1#5353 +ipset=/.tanc.org/gfwlist +server=/.tangben.com/127.0.0.1#5353 +ipset=/.tangben.com/gfwlist +server=/.tangren.us/127.0.0.1#5353 +ipset=/.tangren.us/gfwlist +server=/.taolun.info/127.0.0.1#5353 +ipset=/.taolun.info/gfwlist +server=/.tapanwap.com/127.0.0.1#5353 +ipset=/.tapanwap.com/gfwlist +server=/.target.com/127.0.0.1#5353 +ipset=/.target.com/gfwlist +server=/.tarr.uspto.gov/127.0.0.1#5353 +ipset=/.tarr.uspto.gov/gfwlist +server=/.tascn.com.au/127.0.0.1#5353 +ipset=/.tascn.com.au/gfwlist +server=/.taup.net/127.0.0.1#5353 +ipset=/.taup.net/gfwlist +server=/.taweet.com/127.0.0.1#5353 +ipset=/.taweet.com/gfwlist +server=/.tbcollege.org/127.0.0.1#5353 +ipset=/.tbcollege.org/gfwlist +server=/.tbi.org.hk/127.0.0.1#5353 +ipset=/.tbi.org.hk/gfwlist +server=/.tbicn.org/127.0.0.1#5353 +ipset=/.tbicn.org/gfwlist +server=/.tbjyt.org/127.0.0.1#5353 +ipset=/.tbjyt.org/gfwlist +server=/.tbpic.info/127.0.0.1#5353 +ipset=/.tbpic.info/gfwlist +server=/.tbsec.org/127.0.0.1#5353 +ipset=/.tbsec.org/gfwlist +server=/.tbskkinabalu.page.tl/127.0.0.1#5353 +ipset=/.tbskkinabalu.page.tl/gfwlist +server=/.tbsmalaysia.org/127.0.0.1#5353 +ipset=/.tbsmalaysia.org/gfwlist +server=/.tbsn.org/127.0.0.1#5353 +ipset=/.tbsn.org/gfwlist +server=/.tbs-rainbow.org/127.0.0.1#5353 +ipset=/.tbs-rainbow.org/gfwlist +server=/.tbsseattle.org/127.0.0.1#5353 +ipset=/.tbsseattle.org/gfwlist +server=/.tbssqh.org/127.0.0.1#5353 +ipset=/.tbssqh.org/gfwlist +server=/.tbswd.org/127.0.0.1#5353 +ipset=/.tbswd.org/gfwlist +server=/.tbtemple.org.uk/127.0.0.1#5353 +ipset=/.tbtemple.org.uk/gfwlist +server=/.tbthouston.org/127.0.0.1#5353 +ipset=/.tbthouston.org/gfwlist +server=/.tccwonline.org/127.0.0.1#5353 +ipset=/.tccwonline.org/gfwlist +server=/.tcewf.org/127.0.0.1#5353 +ipset=/.tcewf.org/gfwlist +server=/.tchrd.org/127.0.0.1#5353 +ipset=/.tchrd.org/gfwlist +server=/.tech2.in.com/127.0.0.1#5353 +ipset=/.tech2.in.com/gfwlist +server=/.techlifeweb.com/127.0.0.1#5353 +ipset=/.techlifeweb.com/gfwlist +server=/.techparaiso.com/127.0.0.1#5353 +ipset=/.techparaiso.com/gfwlist +server=/.teck.in/127.0.0.1#5353 +ipset=/.teck.in/gfwlist +server=/.teeniefuck.net/127.0.0.1#5353 +ipset=/.teeniefuck.net/gfwlist +server=/.teensinasia.com/127.0.0.1#5353 +ipset=/.teensinasia.com/gfwlist +server=/.telecomspace.com/127.0.0.1#5353 +ipset=/.telecomspace.com/gfwlist +server=/.telegram.org/127.0.0.1#5353 +ipset=/.telegram.org/gfwlist +server=/.telegraph.co.uk/127.0.0.1#5353 +ipset=/.telegraph.co.uk/gfwlist +server=/.tenacy.com/127.0.0.1#5353 +ipset=/.tenacy.com/gfwlist +server=/.tew.org/127.0.0.1#5353 +ipset=/.tew.org/gfwlist +server=/.th.hao123.com/127.0.0.1#5353 +ipset=/.th.hao123.com/gfwlist +server=/.theatrum-belli.com/127.0.0.1#5353 +ipset=/.theatrum-belli.com/gfwlist +server=/.thebcomplex.com/127.0.0.1#5353 +ipset=/.thebcomplex.com/gfwlist +server=/.theblemish.com/127.0.0.1#5353 +ipset=/.theblemish.com/gfwlist +server=/.thebobs.com/127.0.0.1#5353 +ipset=/.thebobs.com/gfwlist +server=/.thebodyshop-usa.com/127.0.0.1#5353 +ipset=/.thebodyshop-usa.com/gfwlist +server=/.thechinabeat.org/127.0.0.1#5353 +ipset=/.thechinabeat.org/gfwlist +server=/.thedalailamamovie.com/127.0.0.1#5353 +ipset=/.thedalailamamovie.com/gfwlist +server=/.thedieline.com/127.0.0.1#5353 +ipset=/.thedieline.com/gfwlist +server=/.thedw.us/127.0.0.1#5353 +ipset=/.thedw.us/gfwlist +server=/.thefrontier.hk/127.0.0.1#5353 +ipset=/.thefrontier.hk/gfwlist +server=/.thegioitinhoc.vn/127.0.0.1#5353 +ipset=/.thegioitinhoc.vn/gfwlist +server=/.thegly.com/127.0.0.1#5353 +ipset=/.thegly.com/gfwlist +server=/.thehots.info/127.0.0.1#5353 +ipset=/.thehots.info/gfwlist +server=/.thehousenews.com/127.0.0.1#5353 +ipset=/.thehousenews.com/gfwlist +server=/.thehun.net/127.0.0.1#5353 +ipset=/.thehun.net/gfwlist +server=/.theinitium.com/127.0.0.1#5353 +ipset=/.theinitium.com/gfwlist +server=/.thelifeyoucansave.com/127.0.0.1#5353 +ipset=/.thelifeyoucansave.com/gfwlist +server=/.thenewslens.com/127.0.0.1#5353 +ipset=/.thenewslens.com/gfwlist +server=/.thepiratebay.org/127.0.0.1#5353 +ipset=/.thepiratebay.org/gfwlist +server=/.thereallove.kr/127.0.0.1#5353 +ipset=/.thereallove.kr/gfwlist +server=/.thesartorialist.com/127.0.0.1#5353 +ipset=/.thesartorialist.com/gfwlist +server=/.thespeeder.com/127.0.0.1#5353 +ipset=/.thespeeder.com/gfwlist +server=/.thestandnews.com/127.0.0.1#5353 +ipset=/.thestandnews.com/gfwlist +server=/.thetibetcenter.org/127.0.0.1#5353 +ipset=/.thetibetcenter.org/gfwlist +server=/.thetibetconnection.org/127.0.0.1#5353 +ipset=/.thetibetconnection.org/gfwlist +server=/.thetibetmuseum.org/127.0.0.1#5353 +ipset=/.thetibetmuseum.org/gfwlist +server=/.thetibetpost.com/127.0.0.1#5353 +ipset=/.thetibetpost.com/gfwlist +server=/.thetrotskymovie.com/127.0.0.1#5353 +ipset=/.thetrotskymovie.com/gfwlist +server=/.thevivekspot.com/127.0.0.1#5353 +ipset=/.thevivekspot.com/gfwlist +server=/.thewgo.org/127.0.0.1#5353 +ipset=/.thewgo.org/gfwlist +server=/.thinkingtaiwan.com/127.0.0.1#5353 +ipset=/.thinkingtaiwan.com/gfwlist +server=/.thinkwithgoogle.com/127.0.0.1#5353 +ipset=/.thinkwithgoogle.com/gfwlist +server=/.thisav.com/127.0.0.1#5353 +ipset=/.thisav.com/gfwlist +server=/.thomasbernhard.org/127.0.0.1#5353 +ipset=/.thomasbernhard.org/gfwlist +server=/.threatchaos.com/127.0.0.1#5353 +ipset=/.threatchaos.com/gfwlist +server=/.throughnightsfire.com/127.0.0.1#5353 +ipset=/.throughnightsfire.com/gfwlist +server=/.thumbzilla.com/127.0.0.1#5353 +ipset=/.thumbzilla.com/gfwlist +server=/.thywords.com/127.0.0.1#5353 +ipset=/.thywords.com/gfwlist +server=/.tiananmenduizhi.com/127.0.0.1#5353 +ipset=/.tiananmenduizhi.com/gfwlist +server=/.tiananmenmother.org/127.0.0.1#5353 +ipset=/.tiananmenmother.org/gfwlist +server=/.tiananmenuniv.com/127.0.0.1#5353 +ipset=/.tiananmenuniv.com/gfwlist +server=/.tiananmenuniv.net/127.0.0.1#5353 +ipset=/.tiananmenuniv.net/gfwlist +server=/.tiandixing.org/127.0.0.1#5353 +ipset=/.tiandixing.org/gfwlist +server=/.tianhuayuan.com/127.0.0.1#5353 +ipset=/.tianhuayuan.com/gfwlist +server=/.tianlawoffice.com/127.0.0.1#5353 +ipset=/.tianlawoffice.com/gfwlist +server=/.tiantibooks.org/127.0.0.1#5353 +ipset=/.tiantibooks.org/gfwlist +server=/.tianzhu.org/127.0.0.1#5353 +ipset=/.tianzhu.org/gfwlist +server=/.tibet.a.se/127.0.0.1#5353 +ipset=/.tibet.a.se/gfwlist +server=/.tibet.at/127.0.0.1#5353 +ipset=/.tibet.at/gfwlist +server=/.tibet.ca/127.0.0.1#5353 +ipset=/.tibet.ca/gfwlist +server=/.tibet.com/127.0.0.1#5353 +ipset=/.tibet.com/gfwlist +server=/.tibet.fr/127.0.0.1#5353 +ipset=/.tibet.fr/gfwlist +server=/.tibet.net/127.0.0.1#5353 +ipset=/.tibet.net/gfwlist +server=/.tibet.nu/127.0.0.1#5353 +ipset=/.tibet.nu/gfwlist +server=/.tibet.org/127.0.0.1#5353 +ipset=/.tibet.org/gfwlist +server=/.tibetaction.net/127.0.0.1#5353 +ipset=/.tibetaction.net/gfwlist +server=/.tibetaid.org/127.0.0.1#5353 +ipset=/.tibetaid.org/gfwlist +server=/.tibetalk.com/127.0.0.1#5353 +ipset=/.tibetalk.com/gfwlist +server=/.tibetan.fr/127.0.0.1#5353 +ipset=/.tibetan.fr/gfwlist +server=/.tibetan-alliance.org/127.0.0.1#5353 +ipset=/.tibetan-alliance.org/gfwlist +server=/.tibetanarts.org/127.0.0.1#5353 +ipset=/.tibetanarts.org/gfwlist +server=/.tibetanculture.org/127.0.0.1#5353 +ipset=/.tibetanculture.org/gfwlist +server=/.tibetanliberation.org/127.0.0.1#5353 +ipset=/.tibetanliberation.org/gfwlist +server=/.tibetanpaintings.com/127.0.0.1#5353 +ipset=/.tibetanpaintings.com/gfwlist +server=/.tibetanphotoproject.com/127.0.0.1#5353 +ipset=/.tibetanphotoproject.com/gfwlist +server=/.tibetanpoliticalreview.org/127.0.0.1#5353 +ipset=/.tibetanpoliticalreview.org/gfwlist +server=/.tibetanreview.net/127.0.0.1#5353 +ipset=/.tibetanreview.net/gfwlist +server=/.tibetanwomen.org/127.0.0.1#5353 +ipset=/.tibetanwomen.org/gfwlist +server=/.tibetanyouthcongress.org/127.0.0.1#5353 +ipset=/.tibetanyouthcongress.org/gfwlist +server=/.tibetcharity.dk/127.0.0.1#5353 +ipset=/.tibetcharity.dk/gfwlist +server=/.tibetcharity.in/127.0.0.1#5353 +ipset=/.tibetcharity.in/gfwlist +server=/.tibetcity.com/127.0.0.1#5353 +ipset=/.tibetcity.com/gfwlist +server=/.tibetcollection.com/127.0.0.1#5353 +ipset=/.tibetcollection.com/gfwlist +server=/.tibetcorps.org/127.0.0.1#5353 +ipset=/.tibetcorps.org/gfwlist +server=/.tibetexpress.net/127.0.0.1#5353 +ipset=/.tibetexpress.net/gfwlist +server=/.tibetfocus.com/127.0.0.1#5353 +ipset=/.tibetfocus.com/gfwlist +server=/.tibet-foundation.org/127.0.0.1#5353 +ipset=/.tibet-foundation.org/gfwlist +server=/.tibetfund.org/127.0.0.1#5353 +ipset=/.tibetfund.org/gfwlist +server=/.tibethouse.jp/127.0.0.1#5353 +ipset=/.tibethouse.jp/gfwlist +server=/.tibethouse.org/127.0.0.1#5353 +ipset=/.tibethouse.org/gfwlist +server=/.tibethouse.us/127.0.0.1#5353 +ipset=/.tibethouse.us/gfwlist +server=/.tibet-house-trust.co.uk/127.0.0.1#5353 +ipset=/.tibet-house-trust.co.uk/gfwlist +server=/.tibet-info.net/127.0.0.1#5353 +ipset=/.tibet-info.net/gfwlist +server=/.tibet-initiative.de/127.0.0.1#5353 +ipset=/.tibet-initiative.de/gfwlist +server=/.tibetjustice.org/127.0.0.1#5353 +ipset=/.tibetjustice.org/gfwlist +server=/.tibet-munich.de/127.0.0.1#5353 +ipset=/.tibet-munich.de/gfwlist +server=/.tibetmuseum.org/127.0.0.1#5353 +ipset=/.tibetmuseum.org/gfwlist +server=/.tibetnetwork.org/127.0.0.1#5353 +ipset=/.tibetnetwork.org/gfwlist +server=/.tibetoffice.ch/127.0.0.1#5353 +ipset=/.tibetoffice.ch/gfwlist +server=/.tibetoffice.com.au/127.0.0.1#5353 +ipset=/.tibetoffice.com.au/gfwlist +server=/.tibetoffice.eu/127.0.0.1#5353 +ipset=/.tibetoffice.eu/gfwlist +server=/.tibetoffice.org/127.0.0.1#5353 +ipset=/.tibetoffice.org/gfwlist +server=/.tibetonline.com/127.0.0.1#5353 +ipset=/.tibetonline.com/gfwlist +server=/.tibetonline.tv/127.0.0.1#5353 +ipset=/.tibetonline.tv/gfwlist +server=/.tibetoralhistory.org/127.0.0.1#5353 +ipset=/.tibetoralhistory.org/gfwlist +server=/.tibetpolicy.eu/127.0.0.1#5353 +ipset=/.tibetpolicy.eu/gfwlist +server=/.tibetrelieffund.co.uk/127.0.0.1#5353 +ipset=/.tibetrelieffund.co.uk/gfwlist +server=/.tibetsites.com/127.0.0.1#5353 +ipset=/.tibetsites.com/gfwlist +server=/.tibetsociety.com/127.0.0.1#5353 +ipset=/.tibetsociety.com/gfwlist +server=/.tibetsun.com/127.0.0.1#5353 +ipset=/.tibetsun.com/gfwlist +server=/.tibettimes.net/127.0.0.1#5353 +ipset=/.tibettimes.net/gfwlist +server=/.tibetwrites.org/127.0.0.1#5353 +ipset=/.tibetwrites.org/gfwlist +server=/.time.com/127.0.0.1#5353 +ipset=/.time.com/gfwlist +server=/.times.hinet.net/127.0.0.1#5353 +ipset=/.times.hinet.net/gfwlist +server=/.timesofindia.indiatimes.com/127.0.0.1#5353 +ipset=/.timesofindia.indiatimes.com/gfwlist +server=/.tiny.cc/127.0.0.1#5353 +ipset=/.tiny.cc/gfwlist +server=/.tinychat.com/127.0.0.1#5353 +ipset=/.tinychat.com/gfwlist +server=/.tinypaste.com/127.0.0.1#5353 +ipset=/.tinypaste.com/gfwlist +server=/.tistory.com/127.0.0.1#5353 +ipset=/.tistory.com/gfwlist +server=/.tkcs-collins.com/127.0.0.1#5353 +ipset=/.tkcs-collins.com/gfwlist +server=/.tkforum.tk/127.0.0.1#5353 +ipset=/.tkforum.tk/gfwlist +server=/.tl.gd/127.0.0.1#5353 +ipset=/.tl.gd/gfwlist +server=/.tma.co.jp/127.0.0.1#5353 +ipset=/.tma.co.jp/gfwlist +server=/.tmagazine.com/127.0.0.1#5353 +ipset=/.tmagazine.com/gfwlist +server=/.tmi.me/127.0.0.1#5353 +ipset=/.tmi.me/gfwlist +server=/.tnaflix.com/127.0.0.1#5353 +ipset=/.tnaflix.com/gfwlist +server=/.tnp.org/127.0.0.1#5353 +ipset=/.tnp.org/gfwlist +server=/.togetter.com/127.0.0.1#5353 +ipset=/.togetter.com/gfwlist +server=/.tokyo-247.com/127.0.0.1#5353 +ipset=/.tokyo-247.com/gfwlist +server=/.tokyocn.com/127.0.0.1#5353 +ipset=/.tokyocn.com/gfwlist +server=/.tokyo-hot.com/127.0.0.1#5353 +ipset=/.tokyo-hot.com/gfwlist +server=/.tomayko.com/127.0.0.1#5353 +ipset=/.tomayko.com/gfwlist +server=/.tongil.or.kr/127.0.0.1#5353 +ipset=/.tongil.or.kr/gfwlist +server=/.tono-oka.jp/127.0.0.1#5353 +ipset=/.tono-oka.jp/gfwlist +server=/.tonyyan.net/127.0.0.1#5353 +ipset=/.tonyyan.net/gfwlist +server=/.toodoc.com/127.0.0.1#5353 +ipset=/.toodoc.com/gfwlist +server=/.toonel.net/127.0.0.1#5353 +ipset=/.toonel.net/gfwlist +server=/.top81.ws/127.0.0.1#5353 +ipset=/.top81.ws/gfwlist +server=/.topnews.in/127.0.0.1#5353 +ipset=/.topnews.in/gfwlist +server=/.to-porno.com/127.0.0.1#5353 +ipset=/.to-porno.com/gfwlist +server=/.topshare.us/127.0.0.1#5353 +ipset=/.topshare.us/gfwlist +server=/.topshareware.com/127.0.0.1#5353 +ipset=/.topshareware.com/gfwlist +server=/.topstyle4.com/127.0.0.1#5353 +ipset=/.topstyle4.com/gfwlist +server=/.topsy.com/127.0.0.1#5353 +ipset=/.topsy.com/gfwlist +server=/.toptip.ca/127.0.0.1#5353 +ipset=/.toptip.ca/gfwlist +server=/.tor.blingblingsquad.net/127.0.0.1#5353 +ipset=/.tor.blingblingsquad.net/gfwlist +server=/.tor.cn.uptodown.com/127.0.0.1#5353 +ipset=/.tor.cn.uptodown.com/gfwlist +server=/.tor.updatestar.com/127.0.0.1#5353 +ipset=/.tor.updatestar.com/gfwlist +server=/.tora.to/127.0.0.1#5353 +ipset=/.tora.to/gfwlist +server=/.torcn.com/127.0.0.1#5353 +ipset=/.torcn.com/gfwlist +server=/.torguard.net/127.0.0.1#5353 +ipset=/.torguard.net/gfwlist +server=/.torproject.org/127.0.0.1#5353 +ipset=/.torproject.org/gfwlist +server=/.torrentcrazy.com/127.0.0.1#5353 +ipset=/.torrentcrazy.com/gfwlist +server=/.torrentkitty.com/127.0.0.1#5353 +ipset=/.torrentkitty.com/gfwlist +server=/.torrentkitty.net/127.0.0.1#5353 +ipset=/.torrentkitty.net/gfwlist +server=/.torrentprivacy.com/127.0.0.1#5353 +ipset=/.torrentprivacy.com/gfwlist +server=/.torrentproject.se/127.0.0.1#5353 +ipset=/.torrentproject.se/gfwlist +server=/.torrenty.org/127.0.0.1#5353 +ipset=/.torrenty.org/gfwlist +server=/.torrentz.eu/127.0.0.1#5353 +ipset=/.torrentz.eu/gfwlist +server=/.torvpn.com/127.0.0.1#5353 +ipset=/.torvpn.com/gfwlist +server=/.tosh.comedycentral.com/127.0.0.1#5353 +ipset=/.tosh.comedycentral.com/gfwlist +server=/.toshiba.com/127.0.0.1#5353 +ipset=/.toshiba.com/gfwlist +server=/.touch99.com/127.0.0.1#5353 +ipset=/.touch99.com/gfwlist +server=/.toutfr.com/127.0.0.1#5353 +ipset=/.toutfr.com/gfwlist +server=/.towngain.com/127.0.0.1#5353 +ipset=/.towngain.com/gfwlist +server=/.tparents.org/127.0.0.1#5353 +ipset=/.tparents.org/gfwlist +server=/.traffichaus.com/127.0.0.1#5353 +ipset=/.traffichaus.com/gfwlist +server=/.trans.wenweipo.com/127.0.0.1#5353 +ipset=/.trans.wenweipo.com/gfwlist +server=/.transgressionism.org/127.0.0.1#5353 +ipset=/.transgressionism.org/gfwlist +server=/.transparency.org/127.0.0.1#5353 +ipset=/.transparency.org/gfwlist +server=/.travelinlocal.com/127.0.0.1#5353 +ipset=/.travelinlocal.com/gfwlist +server=/.trendsmap.com/127.0.0.1#5353 +ipset=/.trendsmap.com/gfwlist +server=/.trialofccp.org/127.0.0.1#5353 +ipset=/.trialofccp.org/gfwlist +server=/.tripod.com/127.0.0.1#5353 +ipset=/.tripod.com/gfwlist +server=/.trouw.nl/127.0.0.1#5353 +ipset=/.trouw.nl/gfwlist +server=/.trt.net.tr/127.0.0.1#5353 +ipset=/.trt.net.tr/gfwlist +server=/.truebuddha-md.org/127.0.0.1#5353 +ipset=/.truebuddha-md.org/gfwlist +server=/.trulyergonomic.com/127.0.0.1#5353 +ipset=/.trulyergonomic.com/gfwlist +server=/.trustedbi.com/127.0.0.1#5353 +ipset=/.trustedbi.com/gfwlist +server=/.truth101.co.tv/127.0.0.1#5353 +ipset=/.truth101.co.tv/gfwlist +server=/.truthcn.com/127.0.0.1#5353 +ipset=/.truthcn.com/gfwlist +server=/.truveo.com/127.0.0.1#5353 +ipset=/.truveo.com/gfwlist +server=/.tsctv.net/127.0.0.1#5353 +ipset=/.tsctv.net/gfwlist +server=/.tsdr.uspto.gov/127.0.0.1#5353 +ipset=/.tsdr.uspto.gov/gfwlist +server=/.tsemtulku.com/127.0.0.1#5353 +ipset=/.tsemtulku.com/gfwlist +server=/.tsquare.tv/127.0.0.1#5353 +ipset=/.tsquare.tv/gfwlist +server=/.tsunagarumon.com/127.0.0.1#5353 +ipset=/.tsunagarumon.com/gfwlist +server=/.tt1069.com/127.0.0.1#5353 +ipset=/.tt1069.com/gfwlist +server=/.tt-rss.org/127.0.0.1#5353 +ipset=/.tt-rss.org/gfwlist +server=/.tttan.com/127.0.0.1#5353 +ipset=/.tttan.com/gfwlist +server=/.tu8964.com/127.0.0.1#5353 +ipset=/.tu8964.com/gfwlist +server=/.tuanzt.com/127.0.0.1#5353 +ipset=/.tuanzt.com/gfwlist +server=/.tube.com/127.0.0.1#5353 +ipset=/.tube.com/gfwlist +server=/.tube8.com/127.0.0.1#5353 +ipset=/.tube8.com/gfwlist +server=/.tube911.com/127.0.0.1#5353 +ipset=/.tube911.com/gfwlist +server=/.tubecao.com/127.0.0.1#5353 +ipset=/.tubecao.com/gfwlist +server=/.tubecup.com/127.0.0.1#5353 +ipset=/.tubecup.com/gfwlist +server=/.tubewolf.com/127.0.0.1#5353 +ipset=/.tubewolf.com/gfwlist +server=/.tui.orzdream.com/127.0.0.1#5353 +ipset=/.tui.orzdream.com/gfwlist +server=/.tuidang.net/127.0.0.1#5353 +ipset=/.tuidang.net/gfwlist +server=/.tuidang.org/127.0.0.1#5353 +ipset=/.tuidang.org/gfwlist +server=/.tuidang.se/127.0.0.1#5353 +ipset=/.tuidang.se/gfwlist +server=/.tuitwit.com/127.0.0.1#5353 +ipset=/.tuitwit.com/gfwlist +server=/.tumblr.com/127.0.0.1#5353 +ipset=/.tumblr.com/gfwlist +server=/.tumutanzi.com/127.0.0.1#5353 +ipset=/.tumutanzi.com/gfwlist +server=/.tunein.com/127.0.0.1#5353 +ipset=/.tunein.com/gfwlist +server=/.tunnelbear.com/127.0.0.1#5353 +ipset=/.tunnelbear.com/gfwlist +server=/.tuo8.cc/127.0.0.1#5353 +ipset=/.tuo8.cc/gfwlist +server=/.tuo8.hk/127.0.0.1#5353 +ipset=/.tuo8.hk/gfwlist +server=/.tuo8.org/127.0.0.1#5353 +ipset=/.tuo8.org/gfwlist +server=/.turbobit.net/127.0.0.1#5353 +ipset=/.turbobit.net/gfwlist +server=/.turbotwitter.com/127.0.0.1#5353 +ipset=/.turbotwitter.com/gfwlist +server=/.turningtorso.com/127.0.0.1#5353 +ipset=/.turningtorso.com/gfwlist +server=/.turntable.fm/127.0.0.1#5353 +ipset=/.turntable.fm/gfwlist +server=/.tuxtraining.com/127.0.0.1#5353 +ipset=/.tuxtraining.com/gfwlist +server=/.tuzaijidi.com/127.0.0.1#5353 +ipset=/.tuzaijidi.com/gfwlist +server=/.tv.com/127.0.0.1#5353 +ipset=/.tv.com/gfwlist +server=/.tvants.com/127.0.0.1#5353 +ipset=/.tvants.com/gfwlist +server=/.tvboxnow.com/127.0.0.1#5353 +ipset=/.tvboxnow.com/gfwlist +server=/.tvider.com/127.0.0.1#5353 +ipset=/.tvider.com/gfwlist +server=/.tv-intros.com/127.0.0.1#5353 +ipset=/.tv-intros.com/gfwlist +server=/.tvunetworks.com/127.0.0.1#5353 +ipset=/.tvunetworks.com/gfwlist +server=/.tw/127.0.0.1#5353 +ipset=/.tw/gfwlist +server=/.tw.gigacircle.com/127.0.0.1#5353 +ipset=/.tw.gigacircle.com/gfwlist +server=/.tw.hao123.com/127.0.0.1#5353 +ipset=/.tw.hao123.com/gfwlist +server=/.tw.jiepang.com/127.0.0.1#5353 +ipset=/.tw.jiepang.com/gfwlist +server=/.tw.knowledge.yahoo.com/127.0.0.1#5353 +ipset=/.tw.knowledge.yahoo.com/gfwlist +server=/.tw.myblog.yahoo.com/127.0.0.1#5353 +ipset=/.tw.myblog.yahoo.com/gfwlist +server=/.tw.news.yahoo.com/127.0.0.1#5353 +ipset=/.tw.news.yahoo.com/gfwlist +server=/.tw.streetvoice.com/127.0.0.1#5353 +ipset=/.tw.streetvoice.com/gfwlist +server=/.tw.tomonews.net/127.0.0.1#5353 +ipset=/.tw.tomonews.net/gfwlist +server=/.tw.voa.mobi/127.0.0.1#5353 +ipset=/.tw.voa.mobi/gfwlist +server=/.tw.yahoo.com/127.0.0.1#5353 +ipset=/.tw.yahoo.com/gfwlist +server=/.tw01.org/127.0.0.1#5353 +ipset=/.tw01.org/gfwlist +server=/.twapperkeeper.com/127.0.0.1#5353 +ipset=/.twapperkeeper.com/gfwlist +server=/.twaud.io/127.0.0.1#5353 +ipset=/.twaud.io/gfwlist +server=/.twbbs.org/127.0.0.1#5353 +ipset=/.twbbs.org/gfwlist +server=/.twblogger.com/127.0.0.1#5353 +ipset=/.twblogger.com/gfwlist +server=/.tweepguide.com/127.0.0.1#5353 +ipset=/.tweepguide.com/gfwlist +server=/.tweeplike.me/127.0.0.1#5353 +ipset=/.tweeplike.me/gfwlist +server=/.tweepmag.com/127.0.0.1#5353 +ipset=/.tweepmag.com/gfwlist +server=/.tweepml.org/127.0.0.1#5353 +ipset=/.tweepml.org/gfwlist +server=/.tweetbackup.com/127.0.0.1#5353 +ipset=/.tweetbackup.com/gfwlist +server=/.tweetboard.com/127.0.0.1#5353 +ipset=/.tweetboard.com/gfwlist +server=/.tweetboner.biz/127.0.0.1#5353 +ipset=/.tweetboner.biz/gfwlist +server=/.tweetdeck.com/127.0.0.1#5353 +ipset=/.tweetdeck.com/gfwlist +server=/.tweetedtimes.com/127.0.0.1#5353 +ipset=/.tweetedtimes.com/gfwlist +server=/.tweetmylast.fm/127.0.0.1#5353 +ipset=/.tweetmylast.fm/gfwlist +server=/.tweetphoto.com/127.0.0.1#5353 +ipset=/.tweetphoto.com/gfwlist +server=/.tweetrans.com/127.0.0.1#5353 +ipset=/.tweetrans.com/gfwlist +server=/.tweetree.com/127.0.0.1#5353 +ipset=/.tweetree.com/gfwlist +server=/.tweets.seraph.me/127.0.0.1#5353 +ipset=/.tweets.seraph.me/gfwlist +server=/.tweettunnel.com/127.0.0.1#5353 +ipset=/.tweettunnel.com/gfwlist +server=/.tweetwally.com/127.0.0.1#5353 +ipset=/.tweetwally.com/gfwlist +server=/.tweetymail.com/127.0.0.1#5353 +ipset=/.tweetymail.com/gfwlist +server=/.twerkingbutt.com/127.0.0.1#5353 +ipset=/.twerkingbutt.com/gfwlist +server=/.twftp.org/127.0.0.1#5353 +ipset=/.twftp.org/gfwlist +server=/.twibase.com/127.0.0.1#5353 +ipset=/.twibase.com/gfwlist +server=/.twibble.de/127.0.0.1#5353 +ipset=/.twibble.de/gfwlist +server=/.twibbon.com/127.0.0.1#5353 +ipset=/.twibbon.com/gfwlist +server=/.twibs.com/127.0.0.1#5353 +ipset=/.twibs.com/gfwlist +server=/.twicsy.com/127.0.0.1#5353 +ipset=/.twicsy.com/gfwlist +server=/.twifan.com/127.0.0.1#5353 +ipset=/.twifan.com/gfwlist +server=/.twiffo.com/127.0.0.1#5353 +ipset=/.twiffo.com/gfwlist +server=/.twiggit.org/127.0.0.1#5353 +ipset=/.twiggit.org/gfwlist +server=/.twilightsex.com/127.0.0.1#5353 +ipset=/.twilightsex.com/gfwlist +server=/.twilog.org/127.0.0.1#5353 +ipset=/.twilog.org/gfwlist +server=/.twimbow.com/127.0.0.1#5353 +ipset=/.twimbow.com/gfwlist +server=/.twimg.com/127.0.0.1#5353 +ipset=/.twimg.com/gfwlist +server=/.twindexx.com/127.0.0.1#5353 +ipset=/.twindexx.com/gfwlist +server=/.twip.me/127.0.0.1#5353 +ipset=/.twip.me/gfwlist +server=/.twipple.jp/127.0.0.1#5353 +ipset=/.twipple.jp/gfwlist +server=/.twistar.cc/127.0.0.1#5353 +ipset=/.twistar.cc/gfwlist +server=/.twister.net.co/127.0.0.1#5353 +ipset=/.twister.net.co/gfwlist +server=/.twisterio.com/127.0.0.1#5353 +ipset=/.twisterio.com/gfwlist +server=/.twisternow.com/127.0.0.1#5353 +ipset=/.twisternow.com/gfwlist +server=/.twistory.net/127.0.0.1#5353 +ipset=/.twistory.net/gfwlist +server=/.twit2d.com/127.0.0.1#5353 +ipset=/.twit2d.com/gfwlist +server=/.twitbrowser.net/127.0.0.1#5353 +ipset=/.twitbrowser.net/gfwlist +server=/.twitcause.com/127.0.0.1#5353 +ipset=/.twitcause.com/gfwlist +server=/.twitgether.com/127.0.0.1#5353 +ipset=/.twitgether.com/gfwlist +server=/.twitgoo.com/127.0.0.1#5353 +ipset=/.twitgoo.com/gfwlist +server=/.twitiq.com/127.0.0.1#5353 +ipset=/.twitiq.com/gfwlist +server=/.twitlonger.com/127.0.0.1#5353 +ipset=/.twitlonger.com/gfwlist +server=/.twitoaster.com/127.0.0.1#5353 +ipset=/.twitoaster.com/gfwlist +server=/.twitonmsn.com/127.0.0.1#5353 +ipset=/.twitonmsn.com/gfwlist +server=/.twitpic.com/127.0.0.1#5353 +ipset=/.twitpic.com/gfwlist +server=/.twitstat.com/127.0.0.1#5353 +ipset=/.twitstat.com/gfwlist +server=/.twittbot.net/127.0.0.1#5353 +ipset=/.twittbot.net/gfwlist +server=/.twitter.com/127.0.0.1#5353 +ipset=/.twitter.com/gfwlist +server=/.twitter.jp/127.0.0.1#5353 +ipset=/.twitter.jp/gfwlist +server=/.twitter4j.org/127.0.0.1#5353 +ipset=/.twitter4j.org/gfwlist +server=/.twittercounter.com/127.0.0.1#5353 +ipset=/.twittercounter.com/gfwlist +server=/.twitterfeed.com/127.0.0.1#5353 +ipset=/.twitterfeed.com/gfwlist +server=/.twittergadget.com/127.0.0.1#5353 +ipset=/.twittergadget.com/gfwlist +server=/.twitterkr.com/127.0.0.1#5353 +ipset=/.twitterkr.com/gfwlist +server=/.twittermail.com/127.0.0.1#5353 +ipset=/.twittermail.com/gfwlist +server=/.twittertim.es/127.0.0.1#5353 +ipset=/.twittertim.es/gfwlist +server=/.twitthat.com/127.0.0.1#5353 +ipset=/.twitthat.com/gfwlist +server=/.twitturk.com/127.0.0.1#5353 +ipset=/.twitturk.com/gfwlist +server=/.twitturly.com/127.0.0.1#5353 +ipset=/.twitturly.com/gfwlist +server=/.twitvid.com/127.0.0.1#5353 +ipset=/.twitvid.com/gfwlist +server=/.twitzap.com/127.0.0.1#5353 +ipset=/.twitzap.com/gfwlist +server=/.twiyia.com/127.0.0.1#5353 +ipset=/.twiyia.com/gfwlist +server=/.tw-npo.org/127.0.0.1#5353 +ipset=/.tw-npo.org/gfwlist +server=/.twstar.net/127.0.0.1#5353 +ipset=/.twstar.net/gfwlist +server=/.twt.fm/127.0.0.1#5353 +ipset=/.twt.fm/gfwlist +server=/.twt.tl/127.0.0.1#5353 +ipset=/.twt.tl/gfwlist +server=/.twtkr.com/127.0.0.1#5353 +ipset=/.twtkr.com/gfwlist +server=/.twtr2src.ogaoga.org/127.0.0.1#5353 +ipset=/.twtr2src.ogaoga.org/gfwlist +server=/.twtrland.com/127.0.0.1#5353 +ipset=/.twtrland.com/gfwlist +server=/.twttr.com/127.0.0.1#5353 +ipset=/.twttr.com/gfwlist +server=/.twurl.nl/127.0.0.1#5353 +ipset=/.twurl.nl/gfwlist +server=/.twyac.org/127.0.0.1#5353 +ipset=/.twyac.org/gfwlist +server=/.tycool.com/127.0.0.1#5353 +ipset=/.tycool.com/gfwlist +server=/.typepad.com/127.0.0.1#5353 +ipset=/.typepad.com/gfwlist +server=/.tzangms.com/127.0.0.1#5353 +ipset=/.tzangms.com/gfwlist +server=/.ub0.cc/127.0.0.1#5353 +ipset=/.ub0.cc/gfwlist +server=/.uberproxy.net/127.0.0.1#5353 +ipset=/.uberproxy.net/gfwlist +server=/.ucdc1998.org/127.0.0.1#5353 +ipset=/.ucdc1998.org/gfwlist +server=/.uchicago.edu/127.0.0.1#5353 +ipset=/.uchicago.edu/gfwlist +server=/.uc-japan.org/127.0.0.1#5353 +ipset=/.uc-japan.org/gfwlist +server=/.uderzo.it/127.0.0.1#5353 +ipset=/.uderzo.it/gfwlist +server=/.udn.com/127.0.0.1#5353 +ipset=/.udn.com/gfwlist +server=/.udnbkk.com/127.0.0.1#5353 +ipset=/.udnbkk.com/gfwlist +server=/.ufreevpn.com/127.0.0.1#5353 +ipset=/.ufreevpn.com/gfwlist +server=/.ugo.com/127.0.0.1#5353 +ipset=/.ugo.com/gfwlist +server=/.uhrp.org/127.0.0.1#5353 +ipset=/.uhrp.org/gfwlist +server=/.uighur.nl/127.0.0.1#5353 +ipset=/.uighur.nl/gfwlist +server=/.uighurbiz.net/127.0.0.1#5353 +ipset=/.uighurbiz.net/gfwlist +server=/.ukcdp.co.uk/127.0.0.1#5353 +ipset=/.ukcdp.co.uk/gfwlist +server=/.ukliferadio.co.uk/127.0.0.1#5353 +ipset=/.ukliferadio.co.uk/gfwlist +server=/.ulike.net/127.0.0.1#5353 +ipset=/.ulike.net/gfwlist +server=/.ultraimg.com/127.0.0.1#5353 +ipset=/.ultraimg.com/gfwlist +server=/.ultravpn.fr/127.0.0.1#5353 +ipset=/.ultravpn.fr/gfwlist +server=/.ultraxs.com/127.0.0.1#5353 +ipset=/.ultraxs.com/gfwlist +server=/.umich.edu/127.0.0.1#5353 +ipset=/.umich.edu/gfwlist +server=/.unblock.cn.com/127.0.0.1#5353 +ipset=/.unblock.cn.com/gfwlist +server=/.unblocksit.es/127.0.0.1#5353 +ipset=/.unblocksit.es/gfwlist +server=/.unblock-us.com/127.0.0.1#5353 +ipset=/.unblock-us.com/gfwlist +server=/.uncyclomedia.org/127.0.0.1#5353 +ipset=/.uncyclomedia.org/gfwlist +server=/.uncyclopedia.hk/127.0.0.1#5353 +ipset=/.uncyclopedia.hk/gfwlist +server=/.unholyknight.com/127.0.0.1#5353 +ipset=/.unholyknight.com/gfwlist +server=/.uni.cc/127.0.0.1#5353 +ipset=/.uni.cc/gfwlist +server=/.unicode.org/127.0.0.1#5353 +ipset=/.unicode.org/gfwlist +server=/.uniteddaily.com.my/127.0.0.1#5353 +ipset=/.uniteddaily.com.my/gfwlist +server=/.unitedsocialpress.com/127.0.0.1#5353 +ipset=/.unitedsocialpress.com/gfwlist +server=/.unix100.com/127.0.0.1#5353 +ipset=/.unix100.com/gfwlist +server=/.unknownspace.org/127.0.0.1#5353 +ipset=/.unknownspace.org/gfwlist +server=/.unpo.org/127.0.0.1#5353 +ipset=/.unpo.org/gfwlist +server=/.untraceable.us/127.0.0.1#5353 +ipset=/.untraceable.us/gfwlist +server=/.uocn.org/127.0.0.1#5353 +ipset=/.uocn.org/gfwlist +server=/.upcoming.yahoo.com/127.0.0.1#5353 +ipset=/.upcoming.yahoo.com/gfwlist +server=/.upholdjustice.org/127.0.0.1#5353 +ipset=/.upholdjustice.org/gfwlist +server=/.upload4u.info/127.0.0.1#5353 +ipset=/.upload4u.info/gfwlist +server=/.uploaded.net/127.0.0.1#5353 +ipset=/.uploaded.net/gfwlist +server=/.uploaded.to/127.0.0.1#5353 +ipset=/.uploaded.to/gfwlist +server=/.uploadstation.com/127.0.0.1#5353 +ipset=/.uploadstation.com/gfwlist +server=/.upornia.com/127.0.0.1#5353 +ipset=/.upornia.com/gfwlist +server=/.upwill.org/127.0.0.1#5353 +ipset=/.upwill.org/gfwlist +server=/.urbansurvival.com/127.0.0.1#5353 +ipset=/.urbansurvival.com/gfwlist +server=/.urlborg.com/127.0.0.1#5353 +ipset=/.urlborg.com/gfwlist +server=/.urlparser.com/127.0.0.1#5353 +ipset=/.urlparser.com/gfwlist +server=/.us.to/127.0.0.1#5353 +ipset=/.us.to/gfwlist +server=/.usacn.com/127.0.0.1#5353 +ipset=/.usacn.com/gfwlist +server=/.usaip.eu/127.0.0.1#5353 +ipset=/.usaip.eu/gfwlist +server=/.userapi.nytlog.com/127.0.0.1#5353 +ipset=/.userapi.nytlog.com/gfwlist +server=/.users.skynet.be/127.0.0.1#5353 +ipset=/.users.skynet.be/gfwlist +server=/.usfk.mil/127.0.0.1#5353 +ipset=/.usfk.mil/gfwlist +server=/.usinfo.state.gov/127.0.0.1#5353 +ipset=/.usinfo.state.gov/gfwlist +server=/.usma.edu/127.0.0.1#5353 +ipset=/.usma.edu/gfwlist +server=/.usmc.mil/127.0.0.1#5353 +ipset=/.usmc.mil/gfwlist +server=/.usmgtcg.ning.com/127.0.0.1#5353 +ipset=/.usmgtcg.ning.com/gfwlist +server=/.usno.navy.mil/127.0.0.1#5353 +ipset=/.usno.navy.mil/gfwlist +server=/.ustream.tv/127.0.0.1#5353 +ipset=/.ustream.tv/gfwlist +server=/.usus.cc/127.0.0.1#5353 +ipset=/.usus.cc/gfwlist +server=/.utopianpal.com/127.0.0.1#5353 +ipset=/.utopianpal.com/gfwlist +server=/.uwants.com/127.0.0.1#5353 +ipset=/.uwants.com/gfwlist +server=/.uwants.net/127.0.0.1#5353 +ipset=/.uwants.net/gfwlist +server=/.uyghur.co.uk/127.0.0.1#5353 +ipset=/.uyghur.co.uk/gfwlist +server=/.uyghuramerican.org/127.0.0.1#5353 +ipset=/.uyghuramerican.org/gfwlist +server=/.uyghurcanadiansociety.org/127.0.0.1#5353 +ipset=/.uyghurcanadiansociety.org/gfwlist +server=/.uyghurcongress.org/127.0.0.1#5353 +ipset=/.uyghurcongress.org/gfwlist +server=/.uyghurensemble.co.uk/127.0.0.1#5353 +ipset=/.uyghurensemble.co.uk/gfwlist +server=/.uyghur-j.org/127.0.0.1#5353 +ipset=/.uyghur-j.org/gfwlist +server=/.uyghurpen.org/127.0.0.1#5353 +ipset=/.uyghurpen.org/gfwlist +server=/.uyghurpress.com/127.0.0.1#5353 +ipset=/.uyghurpress.com/gfwlist +server=/.uygur.fc2web.com/127.0.0.1#5353 +ipset=/.uygur.fc2web.com/gfwlist +server=/.uygur.org/127.0.0.1#5353 +ipset=/.uygur.org/gfwlist +server=/.uymaarip.com/127.0.0.1#5353 +ipset=/.uymaarip.com/gfwlist +server=/.vaayoo.com/127.0.0.1#5353 +ipset=/.vaayoo.com/gfwlist +server=/.van001.com/127.0.0.1#5353 +ipset=/.van001.com/gfwlist +server=/.van698.com/127.0.0.1#5353 +ipset=/.van698.com/gfwlist +server=/.vanemu.cn/127.0.0.1#5353 +ipset=/.vanemu.cn/gfwlist +server=/.vanilla-jp.com/127.0.0.1#5353 +ipset=/.vanilla-jp.com/gfwlist +server=/.vansky.com/127.0.0.1#5353 +ipset=/.vansky.com/gfwlist +server=/.vatn.org/127.0.0.1#5353 +ipset=/.vatn.org/gfwlist +server=/.vcfbuilder.org/127.0.0.1#5353 +ipset=/.vcfbuilder.org/gfwlist +server=/.vcf-online.org/127.0.0.1#5353 +ipset=/.vcf-online.org/gfwlist +server=/.vds.rightster.com/127.0.0.1#5353 +ipset=/.vds.rightster.com/gfwlist +server=/.veempiire.com/127.0.0.1#5353 +ipset=/.veempiire.com/gfwlist +server=/.velkaepocha.sk/127.0.0.1#5353 +ipset=/.velkaepocha.sk/gfwlist +server=/.venbbs.com/127.0.0.1#5353 +ipset=/.venbbs.com/gfwlist +server=/.venchina.com/127.0.0.1#5353 +ipset=/.venchina.com/gfwlist +server=/.ventureswell.com/127.0.0.1#5353 +ipset=/.ventureswell.com/gfwlist +server=/.veoh.com/127.0.0.1#5353 +ipset=/.veoh.com/gfwlist +server=/.vermonttibet.org/127.0.0.1#5353 +ipset=/.vermonttibet.org/gfwlist +server=/.versavpn.com/127.0.0.1#5353 +ipset=/.versavpn.com/gfwlist +server=/.verybs.com/127.0.0.1#5353 +ipset=/.verybs.com/gfwlist +server=/.vevo.com/127.0.0.1#5353 +ipset=/.vevo.com/gfwlist +server=/.viber.com/127.0.0.1#5353 +ipset=/.viber.com/gfwlist +server=/.vica.info/127.0.0.1#5353 +ipset=/.vica.info/gfwlist +server=/.victimsofcommunism.org/127.0.0.1#5353 +ipset=/.victimsofcommunism.org/gfwlist +server=/.vid.me/127.0.0.1#5353 +ipset=/.vid.me/gfwlist +server=/.video.aol.ca/127.0.0.1#5353 +ipset=/.video.aol.ca/gfwlist +server=/.video.aol.co.uk/127.0.0.1#5353 +ipset=/.video.aol.co.uk/gfwlist +server=/.video.aol.com/127.0.0.1#5353 +ipset=/.video.aol.com/gfwlist +server=/.video.ap.org/127.0.0.1#5353 +ipset=/.video.ap.org/gfwlist +server=/.video.fdbox.com/127.0.0.1#5353 +ipset=/.video.fdbox.com/gfwlist +server=/.video.foxbusiness.com/127.0.0.1#5353 +ipset=/.video.foxbusiness.com/gfwlist +server=/.video.yahoo.com/127.0.0.1#5353 +ipset=/.video.yahoo.com/gfwlist +server=/.videobam.com/127.0.0.1#5353 +ipset=/.videobam.com/gfwlist +server=/.videomega.tv/127.0.0.1#5353 +ipset=/.videomega.tv/gfwlist +server=/.videomo.com/127.0.0.1#5353 +ipset=/.videomo.com/gfwlist +server=/.videopediaworld.com/127.0.0.1#5353 +ipset=/.videopediaworld.com/gfwlist +server=/.vidinfo.org/127.0.0.1#5353 +ipset=/.vidinfo.org/gfwlist +server=/.vidoemo.com/127.0.0.1#5353 +ipset=/.vidoemo.com/gfwlist +server=/.vietdaikynguyen.com/127.0.0.1#5353 +ipset=/.vietdaikynguyen.com/gfwlist +server=/.views.fm/127.0.0.1#5353 +ipset=/.views.fm/gfwlist +server=/.vijayatemple.org/127.0.0.1#5353 +ipset=/.vijayatemple.org/gfwlist +server=/.viki.com/127.0.0.1#5353 +ipset=/.viki.com/gfwlist +server=/.vimeo.com/127.0.0.1#5353 +ipset=/.vimeo.com/gfwlist +server=/.vimgolf.com/127.0.0.1#5353 +ipset=/.vimgolf.com/gfwlist +server=/.vimperator.org/127.0.0.1#5353 +ipset=/.vimperator.org/gfwlist +server=/.vincnd.com/127.0.0.1#5353 +ipset=/.vincnd.com/gfwlist +server=/.vinniev.com/127.0.0.1#5353 +ipset=/.vinniev.com/gfwlist +server=/.vital247.org/127.0.0.1#5353 +ipset=/.vital247.org/gfwlist +server=/.vivatube.com/127.0.0.1#5353 +ipset=/.vivatube.com/gfwlist +server=/.vivthomas.com/127.0.0.1#5353 +ipset=/.vivthomas.com/gfwlist +server=/.vjmedia.com.hk/127.0.0.1#5353 +ipset=/.vjmedia.com.hk/gfwlist +server=/.vllcs.org/127.0.0.1#5353 +ipset=/.vllcs.org/gfwlist +server=/.vlog.xuite.net/127.0.0.1#5353 +ipset=/.vlog.xuite.net/gfwlist +server=/.vmixcore.com/127.0.0.1#5353 +ipset=/.vmixcore.com/gfwlist +server=/.vn.hao123.com/127.0.0.1#5353 +ipset=/.vn.hao123.com/gfwlist +server=/.voa-11.akacast.akamaistream.net/127.0.0.1#5353 +ipset=/.voa-11.akacast.akamaistream.net/gfwlist +server=/.voacantonese.com/127.0.0.1#5353 +ipset=/.voacantonese.com/gfwlist +server=/.voachinese.com/127.0.0.1#5353 +ipset=/.voachinese.com/gfwlist +server=/.voachineseblog.com/127.0.0.1#5353 +ipset=/.voachineseblog.com/gfwlist +server=/.voagd.com/127.0.0.1#5353 +ipset=/.voagd.com/gfwlist +server=/.voanews.com/127.0.0.1#5353 +ipset=/.voanews.com/gfwlist +server=/.voatibetan.com/127.0.0.1#5353 +ipset=/.voatibetan.com/gfwlist +server=/.voatibetanenglish.com/127.0.0.1#5353 +ipset=/.voatibetanenglish.com/gfwlist +server=/.vocn.tv/127.0.0.1#5353 +ipset=/.vocn.tv/gfwlist +server=/.vot.org/127.0.0.1#5353 +ipset=/.vot.org/gfwlist +server=/.vpn.cjb.net/127.0.0.1#5353 +ipset=/.vpn.cjb.net/gfwlist +server=/.vpn4all.com/127.0.0.1#5353 +ipset=/.vpn4all.com/gfwlist +server=/.vpnbook.com/127.0.0.1#5353 +ipset=/.vpnbook.com/gfwlist +server=/.vpnfan.com/127.0.0.1#5353 +ipset=/.vpnfan.com/gfwlist +server=/.vpnfire.com/127.0.0.1#5353 +ipset=/.vpnfire.com/gfwlist +server=/.vpnforgame.net/127.0.0.1#5353 +ipset=/.vpnforgame.net/gfwlist +server=/.vpngate.jp/127.0.0.1#5353 +ipset=/.vpngate.jp/gfwlist +server=/.vpngate.net/127.0.0.1#5353 +ipset=/.vpngate.net/gfwlist +server=/.vpnhq.com/127.0.0.1#5353 +ipset=/.vpnhq.com/gfwlist +server=/.vpninja.net/127.0.0.1#5353 +ipset=/.vpninja.net/gfwlist +server=/.vpnmaster.com/127.0.0.1#5353 +ipset=/.vpnmaster.com/gfwlist +server=/.vpnpick.com/127.0.0.1#5353 +ipset=/.vpnpick.com/gfwlist +server=/.vpnpop.com/127.0.0.1#5353 +ipset=/.vpnpop.com/gfwlist +server=/.vpnpronet.com/127.0.0.1#5353 +ipset=/.vpnpronet.com/gfwlist +server=/.vpnreactor.com/127.0.0.1#5353 +ipset=/.vpnreactor.com/gfwlist +server=/.vpnreviewz.com/127.0.0.1#5353 +ipset=/.vpnreviewz.com/gfwlist +server=/.vpntunnel.com/127.0.0.1#5353 +ipset=/.vpntunnel.com/gfwlist +server=/.vpnuk.info/127.0.0.1#5353 +ipset=/.vpnuk.info/gfwlist +server=/.vpnvip.com/127.0.0.1#5353 +ipset=/.vpnvip.com/gfwlist +server=/.vporn.com/127.0.0.1#5353 +ipset=/.vporn.com/gfwlist +server=/.vraiesagesse.net/127.0.0.1#5353 +ipset=/.vraiesagesse.net/gfwlist +server=/.vtunnel.com/127.0.0.1#5353 +ipset=/.vtunnel.com/gfwlist +server=/.w.idaiwan.com/127.0.0.1#5353 +ipset=/.w.idaiwan.com/gfwlist +server=/.w.org/127.0.0.1#5353 +ipset=/.w.org/gfwlist +server=/.w3schools.com/127.0.0.1#5353 +ipset=/.w3schools.com/gfwlist +server=/.waffle1999.com/127.0.0.1#5353 +ipset=/.waffle1999.com/gfwlist +server=/.wahas.com/127.0.0.1#5353 +ipset=/.wahas.com/gfwlist +server=/.waigaobu.com/127.0.0.1#5353 +ipset=/.waigaobu.com/gfwlist +server=/.waikeung.org/127.0.0.1#5353 +ipset=/.waikeung.org/gfwlist +server=/.waiwaier.com/127.0.0.1#5353 +ipset=/.waiwaier.com/gfwlist +server=/.wallornot.org/127.0.0.1#5353 +ipset=/.wallornot.org/gfwlist +server=/.wallpapercasa.com/127.0.0.1#5353 +ipset=/.wallpapercasa.com/gfwlist +server=/.waltermartin.com/127.0.0.1#5353 +ipset=/.waltermartin.com/gfwlist +server=/.waltermartin.org/127.0.0.1#5353 +ipset=/.waltermartin.org/gfwlist +server=/.wanderinghorse.net/127.0.0.1#5353 +ipset=/.wanderinghorse.net/gfwlist +server=/.wangafu.net/127.0.0.1#5353 +ipset=/.wangafu.net/gfwlist +server=/.wangjinbo.org/127.0.0.1#5353 +ipset=/.wangjinbo.org/gfwlist +server=/.wanglixiong.com/127.0.0.1#5353 +ipset=/.wanglixiong.com/gfwlist +server=/.wango.org/127.0.0.1#5353 +ipset=/.wango.org/gfwlist +server=/.wangruoshui.net/127.0.0.1#5353 +ipset=/.wangruoshui.net/gfwlist +server=/.want-daily.com/127.0.0.1#5353 +ipset=/.want-daily.com/gfwlist +server=/.wanz-factory.com/127.0.0.1#5353 +ipset=/.wanz-factory.com/gfwlist +server=/.wapedia.mobi/127.0.0.1#5353 +ipset=/.wapedia.mobi/gfwlist +server=/.waselpro.com/127.0.0.1#5353 +ipset=/.waselpro.com/gfwlist +server=/.washeng.net/127.0.0.1#5353 +ipset=/.washeng.net/gfwlist +server=/.watchmygf.net/127.0.0.1#5353 +ipset=/.watchmygf.net/gfwlist +server=/.wattpad.com/127.0.0.1#5353 +ipset=/.wattpad.com/gfwlist +server=/.wav.tv/127.0.0.1#5353 +ipset=/.wav.tv/gfwlist +server=/.wdf5.com/127.0.0.1#5353 +ipset=/.wdf5.com/gfwlist +server=/.wearn.com/127.0.0.1#5353 +ipset=/.wearn.com/gfwlist +server=/.web2project.net/127.0.0.1#5353 +ipset=/.web2project.net/gfwlist +server=/.webbang.net/127.0.0.1#5353 +ipset=/.webbang.net/gfwlist +server=/.webfee.tk/127.0.0.1#5353 +ipset=/.webfee.tk/gfwlist +server=/.weblagu.com/127.0.0.1#5353 +ipset=/.weblagu.com/gfwlist +server=/.webmproject.org/127.0.0.1#5353 +ipset=/.webmproject.org/gfwlist +server=/.websitepulse.com/127.0.0.1#5353 +ipset=/.websitepulse.com/gfwlist +server=/.webs-tv.net/127.0.0.1#5353 +ipset=/.webs-tv.net/gfwlist +server=/.webworkerdaily.com/127.0.0.1#5353 +ipset=/.webworkerdaily.com/gfwlist +server=/.weekmag.info/127.0.0.1#5353 +ipset=/.weekmag.info/gfwlist +server=/.wefightcensorship.org/127.0.0.1#5353 +ipset=/.wefightcensorship.org/gfwlist +server=/.wefong.com/127.0.0.1#5353 +ipset=/.wefong.com/gfwlist +server=/.weiboleak.com/127.0.0.1#5353 +ipset=/.weiboleak.com/gfwlist +server=/.weijingsheng.org/127.0.0.1#5353 +ipset=/.weijingsheng.org/gfwlist +server=/.weiming.info/127.0.0.1#5353 +ipset=/.weiming.info/gfwlist +server=/.weiquanwang.org/127.0.0.1#5353 +ipset=/.weiquanwang.org/gfwlist +server=/.weisuo.ws/127.0.0.1#5353 +ipset=/.weisuo.ws/gfwlist +server=/.wemigrate.org/127.0.0.1#5353 +ipset=/.wemigrate.org/gfwlist +server=/.wengewang.com/127.0.0.1#5353 +ipset=/.wengewang.com/gfwlist +server=/.wengewang.org/127.0.0.1#5353 +ipset=/.wengewang.org/gfwlist +server=/.wenhui.ch/127.0.0.1#5353 +ipset=/.wenhui.ch/gfwlist +server=/.wenxuecity.com/127.0.0.1#5353 +ipset=/.wenxuecity.com/gfwlist +server=/.wenyunchao.com/127.0.0.1#5353 +ipset=/.wenyunchao.com/gfwlist +server=/.wepn.info/127.0.0.1#5353 +ipset=/.wepn.info/gfwlist +server=/.westca.com/127.0.0.1#5353 +ipset=/.westca.com/gfwlist +server=/.westernshugdensociety.org/127.0.0.1#5353 +ipset=/.westernshugdensociety.org/gfwlist +server=/.westernwolves.com/127.0.0.1#5353 +ipset=/.westernwolves.com/gfwlist +server=/.westkit.net/127.0.0.1#5353 +ipset=/.westkit.net/gfwlist +server=/.westpoint.edu/127.0.0.1#5353 +ipset=/.westpoint.edu/gfwlist +server=/.wetplace.com/127.0.0.1#5353 +ipset=/.wetplace.com/gfwlist +server=/.wetpussygames.com/127.0.0.1#5353 +ipset=/.wetpussygames.com/gfwlist +server=/.wexiaobo.org/127.0.0.1#5353 +ipset=/.wexiaobo.org/gfwlist +server=/.wezhiyong.org/127.0.0.1#5353 +ipset=/.wezhiyong.org/gfwlist +server=/.wezone.net/127.0.0.1#5353 +ipset=/.wezone.net/gfwlist +server=/.wforum.com/127.0.0.1#5353 +ipset=/.wforum.com/gfwlist +server=/.whatblocked.com/127.0.0.1#5353 +ipset=/.whatblocked.com/gfwlist +server=/.wheelockslatin.com/127.0.0.1#5353 +ipset=/.wheelockslatin.com/gfwlist +server=/.whereiswerner.com/127.0.0.1#5353 +ipset=/.whereiswerner.com/gfwlist +server=/.wheretowatch.com/127.0.0.1#5353 +ipset=/.wheretowatch.com/gfwlist +server=/.whippedass.com/127.0.0.1#5353 +ipset=/.whippedass.com/gfwlist +server=/.whitebear.freebearblog.org/127.0.0.1#5353 +ipset=/.whitebear.freebearblog.org/gfwlist +server=/.who.is/127.0.0.1#5353 +ipset=/.who.is/gfwlist +server=/.whylover.com/127.0.0.1#5353 +ipset=/.whylover.com/gfwlist +server=/.whyx.org/127.0.0.1#5353 +ipset=/.whyx.org/gfwlist +server=/.wiki.cnitter.com/127.0.0.1#5353 +ipset=/.wiki.cnitter.com/gfwlist +server=/.wiki.esu.im/127.0.0.1#5353 +ipset=/.wiki.esu.im/gfwlist +server=/.wiki.gamerp.jp/127.0.0.1#5353 +ipset=/.wiki.gamerp.jp/gfwlist +server=/.wiki.jqueryui.com/127.0.0.1#5353 +ipset=/.wiki.jqueryui.com/gfwlist +server=/.wiki.keso.cn/127.0.0.1#5353 +ipset=/.wiki.keso.cn/gfwlist +server=/.wiki.moegirl.org/127.0.0.1#5353 +ipset=/.wiki.moegirl.org/gfwlist +server=/.wiki.oauth.net/127.0.0.1#5353 +ipset=/.wiki.oauth.net/gfwlist +server=/.wiki.phonegap.com/127.0.0.1#5353 +ipset=/.wiki.phonegap.com/gfwlist +server=/.wikileaks.ch/127.0.0.1#5353 +ipset=/.wikileaks.ch/gfwlist +server=/.wikileaks.de/127.0.0.1#5353 +ipset=/.wikileaks.de/gfwlist +server=/.wikileaks.eu/127.0.0.1#5353 +ipset=/.wikileaks.eu/gfwlist +server=/.wikileaks.lu/127.0.0.1#5353 +ipset=/.wikileaks.lu/gfwlist +server=/.wikileaks.org/127.0.0.1#5353 +ipset=/.wikileaks.org/gfwlist +server=/.wikileaks.pl/127.0.0.1#5353 +ipset=/.wikileaks.pl/gfwlist +server=/.wikilivres.info/127.0.0.1#5353 +ipset=/.wikilivres.info/gfwlist +server=/.wikimapia.org/127.0.0.1#5353 +ipset=/.wikimapia.org/gfwlist +server=/.wikiwiki.jp/127.0.0.1#5353 +ipset=/.wikiwiki.jp/gfwlist +server=/.willw.net/127.0.0.1#5353 +ipset=/.willw.net/gfwlist +server=/.windowsphoneme.com/127.0.0.1#5353 +ipset=/.windowsphoneme.com/gfwlist +server=/.wingamestore.com/127.0.0.1#5353 +ipset=/.wingamestore.com/gfwlist +server=/.winwhispers.info/127.0.0.1#5353 +ipset=/.winwhispers.info/gfwlist +server=/.wiredbytes.com/127.0.0.1#5353 +ipset=/.wiredbytes.com/gfwlist +server=/.wiredpen.com/127.0.0.1#5353 +ipset=/.wiredpen.com/gfwlist +server=/.wireshark.org/127.0.0.1#5353 +ipset=/.wireshark.org/gfwlist +server=/.wisdompubs.org/127.0.0.1#5353 +ipset=/.wisdompubs.org/gfwlist +server=/.wisevid.com/127.0.0.1#5353 +ipset=/.wisevid.com/gfwlist +server=/.withgoogle.com/127.0.0.1#5353 +ipset=/.withgoogle.com/gfwlist +server=/.witnessleeteaching.com/127.0.0.1#5353 +ipset=/.witnessleeteaching.com/gfwlist +server=/.witopia.net/127.0.0.1#5353 +ipset=/.witopia.net/gfwlist +server=/.wjbk.org/127.0.0.1#5353 +ipset=/.wjbk.org/gfwlist +server=/.wlcnew.jigsy.com/127.0.0.1#5353 +ipset=/.wlcnew.jigsy.com/gfwlist +server=/.wlx.sowiki.net/127.0.0.1#5353 +ipset=/.wlx.sowiki.net/gfwlist +server=/.wn.com/127.0.0.1#5353 +ipset=/.wn.com/gfwlist +server=/.wnacg.com/127.0.0.1#5353 +ipset=/.wnacg.com/gfwlist +server=/.wo.tc/127.0.0.1#5353 +ipset=/.wo.tc/gfwlist +server=/.woeser.com/127.0.0.1#5353 +ipset=/.woeser.com/gfwlist +server=/.woesermiddle-way.net/127.0.0.1#5353 +ipset=/.woesermiddle-way.net/gfwlist +server=/.wokar.org/127.0.0.1#5353 +ipset=/.wokar.org/gfwlist +server=/.wolfax.com/127.0.0.1#5353 +ipset=/.wolfax.com/gfwlist +server=/.woopie.jp/127.0.0.1#5353 +ipset=/.woopie.jp/gfwlist +server=/.woopie.tv/127.0.0.1#5353 +ipset=/.woopie.tv/gfwlist +server=/.wordpress.com/127.0.0.1#5353 +ipset=/.wordpress.com/gfwlist +server=/.workatruna.com/127.0.0.1#5353 +ipset=/.workatruna.com/gfwlist +server=/.workerdemo.org.hk/127.0.0.1#5353 +ipset=/.workerdemo.org.hk/gfwlist +server=/.workersthebig.net/127.0.0.1#5353 +ipset=/.workersthebig.net/gfwlist +server=/.worldcat.org/127.0.0.1#5353 +ipset=/.worldcat.org/gfwlist +server=/.worldjournal.com/127.0.0.1#5353 +ipset=/.worldjournal.com/gfwlist +server=/.wowlegacy.ml/127.0.0.1#5353 +ipset=/.wowlegacy.ml/gfwlist +server=/.wow-life.net/127.0.0.1#5353 +ipset=/.wow-life.net/gfwlist +server=/.woxinghuiguo.com/127.0.0.1#5353 +ipset=/.woxinghuiguo.com/gfwlist +server=/.wozy.in/127.0.0.1#5353 +ipset=/.wozy.in/gfwlist +server=/.wp.com/127.0.0.1#5353 +ipset=/.wp.com/gfwlist +server=/.wpoforum.com/127.0.0.1#5353 +ipset=/.wpoforum.com/gfwlist +server=/.wqlhw.com/127.0.0.1#5353 +ipset=/.wqlhw.com/gfwlist +server=/.wqyd.org/127.0.0.1#5353 +ipset=/.wqyd.org/gfwlist +server=/.wrchina.org/127.0.0.1#5353 +ipset=/.wrchina.org/gfwlist +server=/.wretch.cc/127.0.0.1#5353 +ipset=/.wretch.cc/gfwlist +server=/.writer.zoho.com/127.0.0.1#5353 +ipset=/.writer.zoho.com/gfwlist +server=/.wsj.com/127.0.0.1#5353 +ipset=/.wsj.com/gfwlist +server=/.wsj.net/127.0.0.1#5353 +ipset=/.wsj.net/gfwlist +server=/.wsjhk.com/127.0.0.1#5353 +ipset=/.wsjhk.com/gfwlist +server=/.wtbn.org/127.0.0.1#5353 +ipset=/.wtbn.org/gfwlist +server=/.wtfpeople.com/127.0.0.1#5353 +ipset=/.wtfpeople.com/gfwlist +server=/.wuala.com/127.0.0.1#5353 +ipset=/.wuala.com/gfwlist +server=/.wuerkaixi.com/127.0.0.1#5353 +ipset=/.wuerkaixi.com/gfwlist +server=/.wufoo.com/127.0.0.1#5353 +ipset=/.wufoo.com/gfwlist +server=/.wuguoguang.com/127.0.0.1#5353 +ipset=/.wuguoguang.com/gfwlist +server=/.wujie.net/127.0.0.1#5353 +ipset=/.wujie.net/gfwlist +server=/.wujieliulan.com/127.0.0.1#5353 +ipset=/.wujieliulan.com/gfwlist +server=/.wukangrui.net/127.0.0.1#5353 +ipset=/.wukangrui.net/gfwlist +server=/.wwitv.com/127.0.0.1#5353 +ipset=/.wwitv.com/gfwlist +server=/.www.ajsands.com/127.0.0.1#5353 +ipset=/.www.ajsands.com/gfwlist +server=/.www.antd.org/127.0.0.1#5353 +ipset=/.www.antd.org/gfwlist +server=/.www.aolnews.com/127.0.0.1#5353 +ipset=/.www.aolnews.com/gfwlist +server=/.www.businessinsider.com.au/127.0.0.1#5353 +ipset=/.www.businessinsider.com.au/gfwlist +server=/.www.citizenlab.org/127.0.0.1#5353 +ipset=/.www.citizenlab.org/gfwlist +server=/.www.cmoinc.org/127.0.0.1#5353 +ipset=/.www.cmoinc.org/gfwlist +server=/.www.cool18.com/127.0.0.1#5353 +ipset=/.www.cool18.com/gfwlist +server=/.www.dfanning.com/127.0.0.1#5353 +ipset=/.www.dfanning.com/gfwlist +server=/.www.dw.com/127.0.0.1#5353 +ipset=/.www.dw.com/gfwlist +server=/.www.dwheeler.com/127.0.0.1#5353 +ipset=/.www.dwheeler.com/gfwlist +server=/.www.eastturkistan.net/127.0.0.1#5353 +ipset=/.www.eastturkistan.net/gfwlist +server=/.www.forum4hk.com/127.0.0.1#5353 +ipset=/.www.forum4hk.com/gfwlist +server=/.www.gmiddle.com/127.0.0.1#5353 +ipset=/.www.gmiddle.com/gfwlist +server=/.www.gmiddle.net/127.0.0.1#5353 +ipset=/.www.gmiddle.net/gfwlist +server=/.www.hustlercash.com/127.0.0.1#5353 +ipset=/.www.hustlercash.com/gfwlist +server=/.www.idlcoyote.com/127.0.0.1#5353 +ipset=/.www.idlcoyote.com/gfwlist +server=/.www.imdb.com/127.0.0.1#5353 +ipset=/.www.imdb.com/gfwlist +server=/.www.kindleren.com/127.0.0.1#5353 +ipset=/.www.kindleren.com/gfwlist +server=/.www.klip.me/127.0.0.1#5353 +ipset=/.www.klip.me/gfwlist +server=/.www.konachan.com/127.0.0.1#5353 +ipset=/.www.konachan.com/gfwlist +server=/.www.lamenhu.com/127.0.0.1#5353 +ipset=/.www.lamenhu.com/gfwlist +server=/.www.lib.virginia.edu/127.0.0.1#5353 +ipset=/.www.lib.virginia.edu/gfwlist +server=/.www.linksalpha.com/127.0.0.1#5353 +ipset=/.www.linksalpha.com/gfwlist +server=/.www.macrovpn.com/127.0.0.1#5353 +ipset=/.www.macrovpn.com/gfwlist +server=/.www.metro.taipei/127.0.0.1#5353 +ipset=/.www.metro.taipei/gfwlist +server=/.www.monlamit.org/127.0.0.1#5353 +ipset=/.www.monlamit.org/gfwlist +server=/.www.moztw.org/127.0.0.1#5353 +ipset=/.www.moztw.org/gfwlist +server=/.www.m-sport.co.uk/127.0.0.1#5353 +ipset=/.www.m-sport.co.uk/gfwlist +server=/.www.mycould.com/127.0.0.1#5353 +ipset=/.www.mycould.com/gfwlist +server=/.www.nbc.com/127.0.0.1#5353 +ipset=/.www.nbc.com/gfwlist +server=/.www.onion.city/127.0.0.1#5353 +ipset=/.www.onion.city/gfwlist +server=/.www.orchidbbs.com/127.0.0.1#5353 +ipset=/.www.orchidbbs.com/gfwlist +server=/.www.osmdroid.net/127.0.0.1#5353 +ipset=/.www.osmdroid.net/gfwlist +server=/.www.owind.com/127.0.0.1#5353 +ipset=/.www.owind.com/gfwlist +server=/.www.oxid.it/127.0.0.1#5353 +ipset=/.www.oxid.it/gfwlist +server=/.www.parkansky.com/127.0.0.1#5353 +ipset=/.www.parkansky.com/gfwlist +server=/.www.powerpointninja.com/127.0.0.1#5353 +ipset=/.www.powerpointninja.com/gfwlist +server=/.www.s4miniarchive.com/127.0.0.1#5353 +ipset=/.www.s4miniarchive.com/gfwlist +server=/.www.sciencemag.org/127.0.0.1#5353 +ipset=/.www.sciencemag.org/gfwlist +server=/.www.skype.com/127.0.0.1#5353 +ipset=/.www.skype.com/gfwlist +server=/.www.somee.com/127.0.0.1#5353 +ipset=/.www.somee.com/gfwlist +server=/.www.stackfile.com/127.0.0.1#5353 +ipset=/.www.stackfile.com/gfwlist +server=/.www.supertweet.net/127.0.0.1#5353 +ipset=/.www.supertweet.net/gfwlist +server=/.www.tablesgenerator.com/127.0.0.1#5353 +ipset=/.www.tablesgenerator.com/gfwlist +server=/.www.taiwanonline.cc/127.0.0.1#5353 +ipset=/.www.taiwanonline.cc/gfwlist +server=/.www.thechinastory.org/127.0.0.1#5353 +ipset=/.www.thechinastory.org/gfwlist +server=/.www.tsuru-bird.net/127.0.0.1#5353 +ipset=/.www.tsuru-bird.net/gfwlist +server=/.www.tv.com/127.0.0.1#5353 +ipset=/.www.tv.com/gfwlist +server=/.www.urbanoutfitters.com/127.0.0.1#5353 +ipset=/.www.urbanoutfitters.com/gfwlist +server=/.www.vegorpedersen.com/127.0.0.1#5353 +ipset=/.www.vegorpedersen.com/gfwlist +server=/.www.voy.com/127.0.0.1#5353 +ipset=/.www.voy.com/gfwlist +server=/.www.vpncup.com/127.0.0.1#5353 +ipset=/.www.vpncup.com/gfwlist +server=/.www.wangruowang.org/127.0.0.1#5353 +ipset=/.www.wangruowang.org/gfwlist +server=/.www.wan-press.org/127.0.0.1#5353 +ipset=/.www.wan-press.org/gfwlist +server=/.www.websnapr.com/127.0.0.1#5353 +ipset=/.www.websnapr.com/gfwlist +server=/.www.wet123.com/127.0.0.1#5353 +ipset=/.www.wet123.com/gfwlist +server=/.www.zaurus.org.uk/127.0.0.1#5353 +ipset=/.www.zaurus.org.uk/gfwlist +server=/.www.zensur.freerk.com/127.0.0.1#5353 +ipset=/.www.zensur.freerk.com/gfwlist +server=/.www.zfreet.com/127.0.0.1#5353 +ipset=/.www.zfreet.com/gfwlist +server=/.www1.american.edu/127.0.0.1#5353 +ipset=/.www1.american.edu/gfwlist +server=/.www2.ohchr.org/127.0.0.1#5353 +ipset=/.www2.ohchr.org/gfwlist +server=/.www2.rocketbbs.com/127.0.0.1#5353 +ipset=/.www2.rocketbbs.com/gfwlist +server=/.wzyboy.im/127.0.0.1#5353 +ipset=/.wzyboy.im/gfwlist +server=/.x.xcity.jp/127.0.0.1#5353 +ipset=/.x.xcity.jp/gfwlist +server=/.x1949x.com/127.0.0.1#5353 +ipset=/.x1949x.com/gfwlist +server=/.x365x.com/127.0.0.1#5353 +ipset=/.x365x.com/gfwlist +server=/.xa.yimg.com/127.0.0.1#5353 +ipset=/.xa.yimg.com/gfwlist +server=/.xanga.com/127.0.0.1#5353 +ipset=/.xanga.com/gfwlist +server=/.x-art.com/127.0.0.1#5353 +ipset=/.x-art.com/gfwlist +server=/.xbabe.com/127.0.0.1#5353 +ipset=/.xbabe.com/gfwlist +server=/.x-berry.com/127.0.0.1#5353 +ipset=/.x-berry.com/gfwlist +server=/.xbookcn.com/127.0.0.1#5353 +ipset=/.xbookcn.com/gfwlist +server=/.xcafe.in/127.0.0.1#5353 +ipset=/.xcafe.in/gfwlist +server=/.xcritic.com/127.0.0.1#5353 +ipset=/.xcritic.com/gfwlist +server=/.xda-developers.com/127.0.0.1#5353 +ipset=/.xda-developers.com/gfwlist +server=/.xfm.pp.ru/127.0.0.1#5353 +ipset=/.xfm.pp.ru/gfwlist +server=/.xgmyd.com/127.0.0.1#5353 +ipset=/.xgmyd.com/gfwlist +server=/.xh4n.cn/127.0.0.1#5353 +ipset=/.xh4n.cn/gfwlist +server=/.xhamster.com/127.0.0.1#5353 +ipset=/.xhamster.com/gfwlist +server=/.xianqiao.net/127.0.0.1#5353 +ipset=/.xianqiao.net/gfwlist +server=/.xiaochuncnjp.com/127.0.0.1#5353 +ipset=/.xiaochuncnjp.com/gfwlist +server=/.xiaohexie.com/127.0.0.1#5353 +ipset=/.xiaohexie.com/gfwlist +server=/.xiaolan.me/127.0.0.1#5353 +ipset=/.xiaolan.me/gfwlist +server=/.xiaoma.org/127.0.0.1#5353 +ipset=/.xiaoma.org/gfwlist +server=/.xiezhua.com/127.0.0.1#5353 +ipset=/.xiezhua.com/gfwlist +server=/.xing.com/127.0.0.1#5353 +ipset=/.xing.com/gfwlist +server=/.xinhuanet.org/127.0.0.1#5353 +ipset=/.xinhuanet.org/gfwlist +server=/.xinmiao.com.hk/127.0.0.1#5353 +ipset=/.xinmiao.com.hk/gfwlist +server=/.xinqimeng.over-blog.com/127.0.0.1#5353 +ipset=/.xinqimeng.over-blog.com/gfwlist +server=/.xinsheng.net/127.0.0.1#5353 +ipset=/.xinsheng.net/gfwlist +server=/.xinshijue.com/127.0.0.1#5353 +ipset=/.xinshijue.com/gfwlist +server=/.xinyubbs.net/127.0.0.1#5353 +ipset=/.xinyubbs.net/gfwlist +server=/.xiongpian.com/127.0.0.1#5353 +ipset=/.xiongpian.com/gfwlist +server=/.xiuren.org/127.0.0.1#5353 +ipset=/.xiuren.org/gfwlist +server=/.xizang-zhiye.org/127.0.0.1#5353 +ipset=/.xizang-zhiye.org/gfwlist +server=/.xjp.cc/127.0.0.1#5353 +ipset=/.xjp.cc/gfwlist +server=/.xlfmtalk.com/127.0.0.1#5353 +ipset=/.xlfmtalk.com/gfwlist +server=/.xlfmwz.info/127.0.0.1#5353 +ipset=/.xlfmwz.info/gfwlist +server=/.xml-training-guide.com/127.0.0.1#5353 +ipset=/.xml-training-guide.com/gfwlist +server=/.xmovies.com/127.0.0.1#5353 +ipset=/.xmovies.com/gfwlist +server=/.xn--4gq171p.com/127.0.0.1#5353 +ipset=/.xn--4gq171p.com/gfwlist +server=/.xn--p8j9a0d9c9a.xn--q9jyb4c/127.0.0.1#5353 +ipset=/.xn--p8j9a0d9c9a.xn--q9jyb4c/gfwlist +server=/.xnxx.com/127.0.0.1#5353 +ipset=/.xnxx.com/gfwlist +server=/.xpdo.net/127.0.0.1#5353 +ipset=/.xpdo.net/gfwlist +server=/.xpud.org/127.0.0.1#5353 +ipset=/.xpud.org/gfwlist +server=/.xskywalker.com/127.0.0.1#5353 +ipset=/.xskywalker.com/gfwlist +server=/.xtube.com/127.0.0.1#5353 +ipset=/.xtube.com/gfwlist +server=/.xuchao.net/127.0.0.1#5353 +ipset=/.xuchao.net/gfwlist +server=/.xuchao.org/127.0.0.1#5353 +ipset=/.xuchao.org/gfwlist +server=/.xuzhiyong.net/127.0.0.1#5353 +ipset=/.xuzhiyong.net/gfwlist +server=/.xvideos.com/127.0.0.1#5353 +ipset=/.xvideos.com/gfwlist +server=/.xvideos.es/127.0.0.1#5353 +ipset=/.xvideos.es/gfwlist +server=/.x-wall.org/127.0.0.1#5353 +ipset=/.x-wall.org/gfwlist +server=/.xxbbx.com/127.0.0.1#5353 +ipset=/.xxbbx.com/gfwlist +server=/.xxlmovies.com/127.0.0.1#5353 +ipset=/.xxlmovies.com/gfwlist +server=/.xxxx.com.au/127.0.0.1#5353 +ipset=/.xxxx.com.au/gfwlist +server=/.xys.dxiong.com/127.0.0.1#5353 +ipset=/.xys.dxiong.com/gfwlist +server=/.xys.org/127.0.0.1#5353 +ipset=/.xys.org/gfwlist +server=/.xysblogs.org/127.0.0.1#5353 +ipset=/.xysblogs.org/gfwlist +server=/.xyy69.com/127.0.0.1#5353 +ipset=/.xyy69.com/gfwlist +server=/.xyy69.info/127.0.0.1#5353 +ipset=/.xyy69.info/gfwlist +server=/.yahoo.com.hk/127.0.0.1#5353 +ipset=/.yahoo.com.hk/gfwlist +server=/.yakbutterblues.com/127.0.0.1#5353 +ipset=/.yakbutterblues.com/gfwlist +server=/.yam.com/127.0.0.1#5353 +ipset=/.yam.com/gfwlist +server=/.yangjianli.com/127.0.0.1#5353 +ipset=/.yangjianli.com/gfwlist +server=/.yasni.co.uk/127.0.0.1#5353 +ipset=/.yasni.co.uk/gfwlist +server=/.yasukuni.or.jp/127.0.0.1#5353 +ipset=/.yasukuni.or.jp/gfwlist +server=/.ydy.com/127.0.0.1#5353 +ipset=/.ydy.com/gfwlist +server=/.yeahteentube.com/127.0.0.1#5353 +ipset=/.yeahteentube.com/gfwlist +server=/.yecl.net/127.0.0.1#5353 +ipset=/.yecl.net/gfwlist +server=/.yeelou.com/127.0.0.1#5353 +ipset=/.yeelou.com/gfwlist +server=/.yeeyi.com/127.0.0.1#5353 +ipset=/.yeeyi.com/gfwlist +server=/.yegle.net/127.0.0.1#5353 +ipset=/.yegle.net/gfwlist +server=/.yesasia.com/127.0.0.1#5353 +ipset=/.yesasia.com/gfwlist +server=/.yesasia.com.hk/127.0.0.1#5353 +ipset=/.yesasia.com.hk/gfwlist +server=/.yes-news.com/127.0.0.1#5353 +ipset=/.yes-news.com/gfwlist +server=/.yhcw.net/127.0.0.1#5353 +ipset=/.yhcw.net/gfwlist +server=/.yi.org/127.0.0.1#5353 +ipset=/.yi.org/gfwlist +server=/.yibada.com/127.0.0.1#5353 +ipset=/.yibada.com/gfwlist +server=/.yibaochina.com/127.0.0.1#5353 +ipset=/.yibaochina.com/gfwlist +server=/.yidio.com/127.0.0.1#5353 +ipset=/.yidio.com/gfwlist +server=/.yilubbs.com/127.0.0.1#5353 +ipset=/.yilubbs.com/gfwlist +server=/.yinlei.org/127.0.0.1#5353 +ipset=/.yinlei.org/gfwlist +server=/.yipub.com/127.0.0.1#5353 +ipset=/.yipub.com/gfwlist +server=/.yobt.com/127.0.0.1#5353 +ipset=/.yobt.com/gfwlist +server=/.yogichen.org/127.0.0.1#5353 +ipset=/.yogichen.org/gfwlist +server=/.yong.hu/127.0.0.1#5353 +ipset=/.yong.hu/gfwlist +server=/.yorkbbs.ca/127.0.0.1#5353 +ipset=/.yorkbbs.ca/gfwlist +server=/.youjizz.com/127.0.0.1#5353 +ipset=/.youjizz.com/gfwlist +server=/.youmaker.com/127.0.0.1#5353 +ipset=/.youmaker.com/gfwlist +server=/.youpai.org/127.0.0.1#5353 +ipset=/.youpai.org/gfwlist +server=/.youporn.com/127.0.0.1#5353 +ipset=/.youporn.com/gfwlist +server=/.youporngay.com/127.0.0.1#5353 +ipset=/.youporngay.com/gfwlist +server=/.yourepeat.com/127.0.0.1#5353 +ipset=/.yourepeat.com/gfwlist +server=/.your-freedom.net/127.0.0.1#5353 +ipset=/.your-freedom.net/gfwlist +server=/.yousendit.com/127.0.0.1#5353 +ipset=/.yousendit.com/gfwlist +server=/.youthnetradio.org/127.0.0.1#5353 +ipset=/.youthnetradio.org/gfwlist +server=/.youtu.be/127.0.0.1#5353 +ipset=/.youtu.be/gfwlist +server=/.youtube.com/127.0.0.1#5353 +ipset=/.youtube.com/gfwlist +server=/.youtubecn.com/127.0.0.1#5353 +ipset=/.youtubecn.com/gfwlist +server=/.youtube-nocookie.com/127.0.0.1#5353 +ipset=/.youtube-nocookie.com/gfwlist +server=/.youversion.com/127.0.0.1#5353 +ipset=/.youversion.com/gfwlist +server=/.youxu.info/127.0.0.1#5353 +ipset=/.youxu.info/gfwlist +server=/.ytht.net/127.0.0.1#5353 +ipset=/.ytht.net/gfwlist +server=/.ytimg.com/127.0.0.1#5353 +ipset=/.ytimg.com/gfwlist +server=/.yuanming.net/127.0.0.1#5353 +ipset=/.yuanming.net/gfwlist +server=/.yuanzhengtang.org/127.0.0.1#5353 +ipset=/.yuanzhengtang.org/gfwlist +server=/.yuming.flnet.org/127.0.0.1#5353 +ipset=/.yuming.flnet.org/gfwlist +server=/.yunchao.net/127.0.0.1#5353 +ipset=/.yunchao.net/gfwlist +server=/.yvesgeleyn.com/127.0.0.1#5353 +ipset=/.yvesgeleyn.com/gfwlist +server=/.yx51.net/127.0.0.1#5353 +ipset=/.yx51.net/gfwlist +server=/.yyii.org/127.0.0.1#5353 +ipset=/.yyii.org/gfwlist +server=/.yymaya.com/127.0.0.1#5353 +ipset=/.yymaya.com/gfwlist +server=/.yzzk.com/127.0.0.1#5353 +ipset=/.yzzk.com/gfwlist +server=/.zacebook.com/127.0.0.1#5353 +ipset=/.zacebook.com/gfwlist +server=/.zalmos.com/127.0.0.1#5353 +ipset=/.zalmos.com/gfwlist +server=/.zannel.com/127.0.0.1#5353 +ipset=/.zannel.com/gfwlist +server=/.zaobao.com/127.0.0.1#5353 +ipset=/.zaobao.com/gfwlist +server=/.zaobao.com.sg/127.0.0.1#5353 +ipset=/.zaobao.com.sg/gfwlist +server=/.zaozon.com/127.0.0.1#5353 +ipset=/.zaozon.com/gfwlist +server=/.zarias.com/127.0.0.1#5353 +ipset=/.zarias.com/gfwlist +server=/.zattoo.com/127.0.0.1#5353 +ipset=/.zattoo.com/gfwlist +server=/.zengjinyan.org/127.0.0.1#5353 +ipset=/.zengjinyan.org/gfwlist +server=/.zgzcjj.net/127.0.0.1#5353 +ipset=/.zgzcjj.net/gfwlist +server=/.zh.m.wikipedia.org/127.0.0.1#5353 +ipset=/.zh.m.wikipedia.org/gfwlist +server=/.zh.pokerstrategy.com/127.0.0.1#5353 +ipset=/.zh.pokerstrategy.com/gfwlist +server=/.zh.uncyclopedia.wikia.com/127.0.0.1#5353 +ipset=/.zh.uncyclopedia.wikia.com/gfwlist +server=/.zh.wikibooks.org/127.0.0.1#5353 +ipset=/.zh.wikibooks.org/gfwlist +server=/.zh.wikinews.org/127.0.0.1#5353 +ipset=/.zh.wikinews.org/gfwlist +server=/.zh.wikipedia.org/127.0.0.1#5353 +ipset=/.zh.wikipedia.org/gfwlist +server=/.zh.wikisource.org/127.0.0.1#5353 +ipset=/.zh.wikisource.org/gfwlist +server=/.zh.wikivoyage.org/127.0.0.1#5353 +ipset=/.zh.wikivoyage.org/gfwlist +server=/.zh.wiktionary.org/127.0.0.1#5353 +ipset=/.zh.wiktionary.org/gfwlist +server=/.zhanbin.net/127.0.0.1#5353 +ipset=/.zhanbin.net/gfwlist +server=/.zhangboli.net/127.0.0.1#5353 +ipset=/.zhangboli.net/gfwlist +server=/.zhangtianliang.com/127.0.0.1#5353 +ipset=/.zhangtianliang.com/gfwlist +server=/.zhao.jinhai.de/127.0.0.1#5353 +ipset=/.zhao.jinhai.de/gfwlist +server=/.zhenghui.org/127.0.0.1#5353 +ipset=/.zhenghui.org/gfwlist +server=/.zhengwunet.org/127.0.0.1#5353 +ipset=/.zhengwunet.org/gfwlist +server=/.zhenlibu.info/127.0.0.1#5353 +ipset=/.zhenlibu.info/gfwlist +server=/.zhenxiang.biz/127.0.0.1#5353 +ipset=/.zhenxiang.biz/gfwlist +server=/.zhinengluyou.com/127.0.0.1#5353 +ipset=/.zhinengluyou.com/gfwlist +server=/.zhongguo.ca/127.0.0.1#5353 +ipset=/.zhongguo.ca/gfwlist +server=/.zhongguorenquan.org/127.0.0.1#5353 +ipset=/.zhongguorenquan.org/gfwlist +server=/.zhongguotese.net/127.0.0.1#5353 +ipset=/.zhongguotese.net/gfwlist +server=/.zhongmeng.org/127.0.0.1#5353 +ipset=/.zhongmeng.org/gfwlist +server=/.zhreader.com/127.0.0.1#5353 +ipset=/.zhreader.com/gfwlist +server=/.zhuanxing.cn/127.0.0.1#5353 +ipset=/.zhuanxing.cn/gfwlist +server=/.zhuatieba.com/127.0.0.1#5353 +ipset=/.zhuatieba.com/gfwlist +server=/.zhuichaguoji.org/127.0.0.1#5353 +ipset=/.zhuichaguoji.org/gfwlist +server=/.ziddu.com/127.0.0.1#5353 +ipset=/.ziddu.com/gfwlist +server=/.zillionk.com/127.0.0.1#5353 +ipset=/.zillionk.com/gfwlist +server=/.zinio.com/127.0.0.1#5353 +ipset=/.zinio.com/gfwlist +server=/.ziplib.com/127.0.0.1#5353 +ipset=/.ziplib.com/gfwlist +server=/.zkaip.com/127.0.0.1#5353 +ipset=/.zkaip.com/gfwlist +server=/.zlib.net/127.0.0.1#5353 +ipset=/.zlib.net/gfwlist +server=/.zmw.cn/127.0.0.1#5353 +ipset=/.zmw.cn/gfwlist +server=/.zomobo.net/127.0.0.1#5353 +ipset=/.zomobo.net/gfwlist +server=/.zonaeuropa.com/127.0.0.1#5353 +ipset=/.zonaeuropa.com/gfwlist +server=/.zootool.com/127.0.0.1#5353 +ipset=/.zootool.com/gfwlist +server=/.zoozle.net/127.0.0.1#5353 +ipset=/.zoozle.net/gfwlist +server=/.zozotown.com/127.0.0.1#5353 +ipset=/.zozotown.com/gfwlist +server=/.zshare.net/127.0.0.1#5353 +ipset=/.zshare.net/gfwlist +server=/.zsrhao.com/127.0.0.1#5353 +ipset=/.zsrhao.com/gfwlist +server=/.zuo.la/127.0.0.1#5353 +ipset=/.zuo.la/gfwlist +server=/.zuobiao.me/127.0.0.1#5353 +ipset=/.zuobiao.me/gfwlist +server=/.zuola.com/127.0.0.1#5353 +ipset=/.zuola.com/gfwlist +server=/.zvereff.com/127.0.0.1#5353 +ipset=/.zvereff.com/gfwlist +server=/.zyzc9.com/127.0.0.1#5353 +ipset=/.zyzc9.com/gfwlist diff --git a/package/lean/shadowsocksR-libev-full/files/gfwlistr.htm b/package/lean/shadowsocksR-libev-full/files/gfwlistr.htm new file mode 100644 index 000000000..1fa47faec --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/gfwlistr.htm @@ -0,0 +1,7 @@ +锘<%+header%> +

<%:ShadowsocksR - GFW List%>

+
ShadowsocksR鍐呯疆鐨 GFW 鍚嶅崟
+
+ +
+<%+footer%> diff --git a/package/lean/shadowsocksR-libev-full/files/root b/package/lean/shadowsocksR-libev-full/files/root new file mode 100644 index 000000000..9e3dfee9b --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/root @@ -0,0 +1,3 @@ +*/10 * * * * /root/ssr-watchdog >> /var/log/shadowsocksr_watchdog.log 2>&1 +0 1 * * 0 echo "" > /var/log/shadowsocksr_watchdog.log +#0 1 * * 0 sleep 70 && touch /etc/banner && reboot diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr b/package/lean/shadowsocksR-libev-full/files/shadowsocksr new file mode 100644 index 000000000..f82e04b7a --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr @@ -0,0 +1,21 @@ +#!/bin/sh /etc/rc.common + +START=95 + +SERVICE_USE_PID=1 +SERVICE_WRITE_PID=1 +SERVICE_DAEMONIZE=1 + +CONFIG=/etc/shadowsocksr.json + +start() { + service_start /usr/bin/ssr-local -c $CONFIG -l 8888 + #service_start /usr/bin/ssr-redir -c $CONFIG + #service_start /usr/bin/ssr-tunnel -c $CONFIG -l 5353 -L 8.8.8.8:53 -U +} + +stop() { + service_stop /usr/bin/ssr-local + #service_stop /usr/bin/ssr-redir + #service_stop /usr/bin/ssr-tunnel +} diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist new file mode 100644 index 000000000..e2dd33187 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist @@ -0,0 +1,26 @@ +#!/bin/sh /etc/rc.common + +START=95 + +SERVICE_USE_PID=1 +SERVICE_WRITE_PID=1 +SERVICE_DAEMONIZE=1 + +CONFIG=/etc/shadowsocksr.json +if [ ! -f $CONFIG ]; then + ln -sf /etc/shadowsocksr.json.main $CONFIG +fi + +start() { + service_start /usr/bin/ssr-redir -c $CONFIG -b 0.0.0.0 -l 8989 + sleep 1 + service_start /usr/bin/ssr-tunnel -c $CONFIG -b 0.0.0.0 -l 5353 -L 8.8.8.8:53 -U + sleep 1 +} + +stop() { + service_stop /usr/bin/ssr-redir + sleep 1 + service_stop /usr/bin/ssr-tunnel + sleep 1 +} diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist.json b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist.json new file mode 100644 index 000000000..c5e09e766 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-gfwlist.json @@ -0,0 +1,11 @@ +{ + "server": "serv-ro.ddns.info", + "server_port": 23143, + "password": "test.TEST", + "method": "aes-256-cfb", + "protocol": "origin", + "obfs": "plain", + "timeout": 120, + "supported_protocol": "origin, verify_simple, auth_simple, auth_sha1, auth_sha1_v2, auth_sha1_v4", + "supported_obfs": "plain, http_simple, tls1.0_session_auth, tls1.2_ticket_auth" +} diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-backup.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-backup.lua new file mode 100644 index 000000000..18e852cdd --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-backup.lua @@ -0,0 +1,23 @@ +local fs = require "nixio.fs" +local conffile = "/etc/shadowsocksr.json.backup" + +f = SimpleForm("general", translate("ShadowsocksR - 澶囦唤鏈嶅姟鍣ㄨ缃"), translate("ShadowsocksR 澶囦唤鏈嶅姟鍣ㄨ缃湴鍧锛屽綋涓绘湇鍔″櫒涓嶅彲鏃跺皢鑷姩杩炴帴鍒版鏈嶅姟鍣ㄣ 涓绘湇鍔″櫒鍙敤鏃跺皢鑷姩鍒囨崲鍥炰富鏈嶅姟鍣")) + +t = f:field(TextValue, "conf") +t.rmempty = true +t.rows = 20 +function t.cfgvalue() + return fs.readfile(conffile) or "" +end + +function f.handle(self, state, data) + if state == FORM_VALID then + if data.conf then + fs.writefile(conffile, data.conf:gsub("\r\n", "\n")) + luci.sys.call("/etc/init.d/shadowsocksr restart") + end + end + return true +end + +return f diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-custom.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-custom.lua new file mode 100644 index 000000000..4a20b6668 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-custom.lua @@ -0,0 +1,23 @@ +local fs = require "nixio.fs" +local conffile = "/etc/dnsmasq.d/custom_list.conf" + +f = SimpleForm("custom", translate("ShadowsocksR - 鑷畾涔夊垪琛"), translate("ShadowsocksR 鑷姩瀹氫箟缈诲鍩熷悕鐨勫垪琛ㄣ
璇峰弬鐓т互涓嬪啓娉曞幓鎺夊墠闈㈢殑 # 杈撳叆")) + +t = f:field(TextValue, "conf") +t.rmempty = true +t.rows = 20 +function t.cfgvalue() + return fs.readfile(conffile) or "" +end + +function f.handle(self, state, data) + if state == FORM_VALID then + if data.conf then + fs.writefile(conffile, data.conf:gsub("\r\n", "\n")) + luci.sys.call("/etc/init.d/dnsmasq restart && ipset flush gfwlist") + end + end + return true +end + +return f diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-general.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-general.lua new file mode 100644 index 000000000..bbd846088 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev-general.lua @@ -0,0 +1,23 @@ +local fs = require "nixio.fs" +local conffile = "/etc/shadowsocksr.json.main" + +f = SimpleForm("general", translate("ShadowsocksR - 涓绘湇鍔″櫒閰嶇疆"), translate("ShadowsocksR 涓绘湇鍔″櫒閰嶇疆鏂囦欢锛屾鏈嶅姟鍣ㄥ皢浼樺厛琚娇鐢")) + +t = f:field(TextValue, "conf") +t.rmempty = true +t.rows = 20 +function t.cfgvalue() + return fs.readfile(conffile) or "" +end + +function f.handle(self, state, data) + if state == FORM_VALID then + if data.conf then + fs.writefile(conffile, data.conf:gsub("\r\n", "\n")) + luci.sys.call("/etc/init.d/shadowsocksr restart") + end + end + return true +end + +return f diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev.lua b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev.lua new file mode 100644 index 000000000..b6fa84917 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-libev.lua @@ -0,0 +1,45 @@ +module("luci.controller.shadowsocksr-libev", package.seeall) + +function index() + if not nixio.fs.access("/etc/shadowsocksr.json") then + return + end + + entry({"admin", "services", "shadowsocksr-libev"}, + alias("admin", "services", "shadowsocksr-libev", "general"), + _("ShadowsocksR璁剧疆"), 10) + + entry({"admin", "services", "shadowsocksr-libev", "general"}, + cbi("shadowsocksr-libev/shadowsocksr-libev-general"), + _("涓绘湇鍔″櫒璁剧疆"), 10).leaf = true + + entry({"admin", "services", "shadowsocksr-libev", "backup"}, + cbi("shadowsocksr-libev/shadowsocksr-libev-backup"), + _("澶囦唤鏈嶅姟鍣ㄨ缃"), 20).leaf = true + + entry({"admin", "services", "shadowsocksr-libev", "gfwlist"}, + call("action_gfwlist"), + _("GFW 鍐呯疆鍚嶅崟"), 30).leaf = true + + entry({"admin", "services", "shadowsocksr-libev", "custom"}, + cbi("shadowsocksr-libev/shadowsocksr-libev-custom"), + _("鑷畾涔夊煙鍚嶅垪琛"), 40).leaf = true + + entry({"admin", "services", "shadowsocksr-libev", "watchdog"}, + call("action_watchdog"), + _("瀹堟姢杩涚▼鏃ュ織"), 50).leaf = true +end + +function action_gfwlist() + local fs = require "nixio.fs" + local conffile = "/etc/dnsmasq.d/gfw_list.conf" + local gfwlist = fs.readfile(conffile) or "" + luci.template.render("shadowsocksr-libev/gfwlistr", {gfwlist=gfwlist}) +end + +function action_watchdog() + local fs = require "nixio.fs" + local conffile = "/var/log/shadowsocksr_watchdog.log" + local watchdog = fs.readfile(conffile) or "" + luci.template.render("shadowsocksr-libev/watchdogr", {watchdog=watchdog}) +end diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server new file mode 100644 index 000000000..9c01f2787 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server @@ -0,0 +1,17 @@ +#!/bin/sh /etc/rc.common + +START=95 + +SERVICE_USE_PID=1 +SERVICE_WRITE_PID=1 +SERVICE_DAEMONIZE=1 + +CONFIG=/etc/shadowsocksr-server.json + +start() { + service_start /usr/bin/ssr-server -c $CONFIG -u +} + +stop() { + service_stop /usr/bin/ssr-server +} diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server.json b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server.json new file mode 100644 index 000000000..fa4f23fdd --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr-server.json @@ -0,0 +1,15 @@ +{ + "server": "0.0.0.0", + "server_ipv6": "::", + "server_port": 443, + "password": "password", + "method": "rc4-md5", + "timeout": 120, + "protocol": "origin", + "protocol_param": "", + "obfs": "plain", + "obfs_param": "", + "redirect": "", + "dns_ipv6": false, + "fast_open": false +} diff --git a/package/lean/shadowsocksR-libev-full/files/shadowsocksr.json b/package/lean/shadowsocksR-libev-full/files/shadowsocksr.json new file mode 100644 index 000000000..5347bc9ab --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/shadowsocksr.json @@ -0,0 +1,14 @@ +{ + "server": "serverip", + "server_port": 443, + "password": "password", + "method": "rc4-md5", + "local_address": "0.0.0.0", + "local_port": 1080, + "timeout": 120, + "protocol": "origin", + "protocol_param": "", + "obfs": "plain", + "obfs_param": "", + "fast_open": false +} diff --git a/package/lean/shadowsocksR-libev-full/files/ssr-watchdog b/package/lean/shadowsocksR-libev-full/files/ssr-watchdog new file mode 100644 index 000000000..adf4a6582 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/ssr-watchdog @@ -0,0 +1,47 @@ +#!/bin/sh + +LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") + +CURRENT=$(ls -l /etc/shadowsocksr.json | awk -F "." '{print $4}') + +if [ "$CURRENT" == "backup" ]; then + echo "[$LOGTIME] Backup server is running." + MAIN=$(cat /etc/shadowsocksr.json.main | awk -F '\"' '/\"server\"/ {print $4}') + PM=$(ping -c 3 $MAIN | grep 'loss' | awk -F ',' '{ print $3 }' | awk -F "%" '{ print $1 }') + if [ "$PM" -lt "50" ]; then + echo "[$LOGTIME] Main server up,$PM% packet loss, switch back." + ln -sf /etc/shadowsocksr.json.main /etc/shadowsocksr.json + CURRENT=$(ls -l /etc/shadowsocksr.json | awk -F "." '{print $4}') + /etc/init.d/shadowsocksr restart + sleep 3 + else + echo "[$LOGTIME] Main server down,$PM% packet loss." + fi +fi + +wget --spider --quiet -T 3 www.google.com.hk +if [ "$?" == "0" ]; then + echo "[$LOGTIME] No problem." + exit 0 +else + wget --spider --quiet -T 3 www.baidu.com + if [ "$?" == "0" ]; then + echo "[$LOGTIME] Problem decteted, restart ShadowsocksR." + /etc/init.d/shadowsocksr restart + if [ "$CURRENT" == "main" ]; then + sleep 3 + wget --spider --quiet -T 3 www.google.com.hk + if [ "$?" == "0" ]; then + echo "[$LOGTIME] ShadowsocksR recovered." + exit 0 + else + echo "[$LOGTIME] Main server down, switch to backup server." + ln -sf /etc/shadowsocksr.json.backup /etc/shadowsocksr.json + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi + else + echo "[$LOGTIME] Network problem. Do nothing." + fi +fi diff --git a/package/lean/shadowsocksR-libev-full/files/watchdogr.htm b/package/lean/shadowsocksR-libev-full/files/watchdogr.htm new file mode 100644 index 000000000..66a59a983 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/files/watchdogr.htm @@ -0,0 +1,7 @@ +<%+header%> +

<%:ShadowsocksR - 瀹堟姢杩涚▼鏃ュ織%>

+
ShadowsocksR 瀹堟姢杩涚▼鏃ュ織
+
+ +
+<%+footer%> diff --git a/package/lean/shadowsocksR-libev-full/patches/0001-ss-check-Backport.patch b/package/lean/shadowsocksR-libev-full/patches/0001-ss-check-Backport.patch new file mode 100644 index 000000000..5a9fb3f35 --- /dev/null +++ b/package/lean/shadowsocksR-libev-full/patches/0001-ss-check-Backport.patch @@ -0,0 +1,315 @@ +From 4a153bc0bb8ed20517871bddbf92ba69057bef97 Mon Sep 17 00:00:00 2001 +From: WouldChar +Date: Mon, 18 Dec 2017 19:33:51 +0800 +Subject: [PATCH 1/7] Backport ss-check + + * from https://github.com/ywb94/shadowsocks-libev +--- + src/Makefile.am | 5 ++ + src/check.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + src/redir.c | 2 +- + 3 files changed, 248 insertions(+), 1 deletion(-) + create mode 100644 src/check.c + +diff --git a/src/Makefile.am b/src/Makefile.am +index eea1300..d2c6d24 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -22,7 +22,7 @@ SS_COMMON_LIBS += $(top_builddir)/libev/libev.la \ + $(top_builddir)/libsodium/src/libsodium/libsodium.la + endif + +-bin_PROGRAMS = ss-local ++bin_PROGRAMS = ss-local ss-check + #bin_PROGRAMS += ss-tunnel + if !BUILD_WINCOMPAT + #bin_PROGRAMS += ss-server ss-manager +@@ -42,6 +43,8 @@ ss_local_SOURCES = utils.c \ + local.c \ + $(sni_src) + ++ss_check_SOURCES = check.c ++ + #ss_tunnel_SOURCES = utils.c \ + # jconf.c \ + # json.c \ +@@ -69,6 +72,7 @@ ss_local_SOURCES = utils.c \ + # manager.c + + ss_local_LDADD = $(SS_COMMON_LIBS) ++ss_check_LDADD = $(SS_COMMON_LIBS) + #ss_tunnel_LDADD = $(SS_COMMON_LIBS) + #ss_server_LDADD = $(SS_COMMON_LIBS) + #ss_manager_LDADD = $(SS_COMMON_LIBS) +@@ -83,6 +87,7 @@ ss_local_LDADD += $(top_builddir)/libudns/libudns.la + endif + + ss_local_CFLAGS = $(AM_CFLAGS) -DMODULE_LOCAL ++ss_check_CFLAGS = $(AM_CFLAGS) -DMODULE_CHECK + #ss_tunnel_CFLAGS = $(AM_CFLAGS) -DMODULE_TUNNEL + #ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE + #ss_manager_CFLAGS = $(AM_CFLAGS) -DMODULE_MANAGER +diff --git a/src/check.c b/src/check.c +new file mode 100644 +index 0000000..9243686 +--- /dev/null ++++ b/src/check.c +@@ -0,0 +1,242 @@ ++/* ++ * check.c - check remote shadowsocks server port ++ * ++ * Copyright (C) 2017, yushi studio ++ * ++ * This file is part of the shadowsocks-libev. ++ * ++ * shadowsocks-libev is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * shadowsocks-libev is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with shadowsocks-libev; see the file COPYING. If not, see ++ * . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++//#define __DEBUG__ ++#ifdef __DEBUG__ ++#define DEBUG(format,...) printf("File: "__FILE__", Line: %05d: "format"/n", __LINE__, ##__VA_ARGS__) ++#else ++#define DEBUG(format,...) ++#endif ++ ++static sigjmp_buf jmpbuf; ++ ++static void alarm_func() ++{ ++ siglongjmp(jmpbuf, 1); ++} ++ ++static struct hostent *timeGethostbyname(const char *domain, int timeout) ++{ ++ struct hostent *ipHostent = NULL; ++ signal(SIGALRM, alarm_func); ++ if (sigsetjmp(jmpbuf, 1) != 0) { ++ alarm(0); //timout ++ signal(SIGALRM, SIG_IGN); ++ return NULL; ++ } ++ alarm(timeout); //setting alarm ++ ipHostent = gethostbyname(domain); ++ signal(SIGALRM, SIG_IGN); ++ return ipHostent; ++} ++ ++ ++#define MY_HTTP_DEFAULT_PORT 80 ++#define BUFFER_SIZE 1024 ++#define HTTP_POST "POST /%s HTTP/1.1\r\nHOST: %s:%d\r\nAccept: */*\r\n"\ ++ "Content-Type:application/x-www-form-urlencoded\r\nContent-Length: %d\r\n\r\n%s" ++#define HTTP_GET "GET /%s HTTP/1.1\r\nHOST: %s:%d\r\nAccept: */*\r\n\r\n" ++ ++static int http_parse_url(const char *url, char *host, char *file, int *port) ++{ ++ char *ptr1, *ptr2; ++ int len = 0; ++ if (!url || !host || !file || !port) ++ return 1; ++ ++ ptr1 = (char *)url; ++ ++ if (!strncmp(ptr1, "http://", strlen("http://"))) ++ ptr1 += strlen("http://"); ++ else ++ return 1; ++ ++ ptr2 = strchr(ptr1, '/'); ++ if (ptr2) { ++ len = strlen(ptr1) - strlen(ptr2); ++ memcpy(host, ptr1, len); ++ host[len] = '\0'; ++ if (*(ptr2 + 1)) { ++ memcpy(file, ptr2 + 1, strlen(ptr2) - 1); ++ file[strlen(ptr2) - 1] = '\0'; ++ } ++ } ++ else { ++ memcpy(host,ptr1,strlen(ptr1)); ++ host[strlen(ptr1)] = '\0'; ++ } ++ ++ //get host and ip ++ ptr1 = strchr(host, ':'); ++ if (ptr1) { ++ *ptr1++ = '\0'; ++ *port = atoi(ptr1); ++ } ++ else ++ *port = MY_HTTP_DEFAULT_PORT; ++ ++ return 0; ++} ++ ++static int http_tcpclient_recv(int socket, char *lpbuff) ++{ ++ int recvnum = 0; ++ ++ recvnum = recv(socket, lpbuff, BUFFER_SIZE*4, 0); ++ ++ return recvnum; ++} ++ ++static int http_tcpclient_send(int socket, char *buff, int size) ++{ ++ int sent = 0, tmpres = 0; ++ ++ while (sent < size) { ++ tmpres = send(socket, buff + sent, size - sent, 0); ++ if (tmpres == -1) ++ return 1; ++ sent += tmpres; ++ } ++ return sent; ++} ++ ++int http_get(const char *url, int socket_fd) ++{ ++ char lpbuf[BUFFER_SIZE * 4] = {'\0'}; ++ ++ char host_addr[BUFFER_SIZE] = {'\0'}; ++ char file[BUFFER_SIZE] = {'\0'}; ++ int port = 0; ++ ++ if (!url) { ++ DEBUG("url failed\n"); ++ return 1; ++ } ++ ++ if (http_parse_url(url, host_addr, file, &port)) { ++ DEBUG("http_parse_url failed\n"); ++ return 1; ++ } ++ DEBUG("url: %s\thost_addr: %s\tfile: %s\t, %d\n", url, host_addr, file, port); ++ ++ if (socket_fd < 0) { ++ DEBUG("http_tcpclient_create failed\n"); ++ return 1; ++ } ++ ++ sprintf(lpbuf, HTTP_GET, file, host_addr, port); ++ ++ if (http_tcpclient_send(socket_fd, lpbuf, strlen(lpbuf)) < 0) { ++ DEBUG("http_tcpclient_send failed\n"); ++ return 1; ++ } ++ DEBUG("request:\n%s\n", lpbuf); ++ ++ if (http_tcpclient_recv(socket_fd, lpbuf) <= 0) { ++ DEBUG("http_tcpclient_recv failed\n"); ++ close(socket_fd); ++ return 1; ++ } ++ DEBUG("rec:\n%s\n", lpbuf); ++ close(socket_fd); ++ ++ //return http_parse_result(lpbuf); ++ return 0; ++} ++ ++int main(int argc, char *argv[]) ++{ ++ int fd, http_flag = 0, http_ret = 1; ++ struct sockaddr_in addr; ++ struct hostent *host; ++ struct timeval timeo = {3, 0}; ++ socklen_t len = sizeof(timeo); ++ ++ char http_url[100] = "http://"; ++ ++ fd = socket(AF_INET, SOCK_STREAM, 0); ++ if (argc >= 4) ++ timeo.tv_sec = atoi(argv[3]); ++ if (argc >= 5) ++ http_flag=1; ++ ++ if ((host = timeGethostbyname(argv[1], timeo.tv_sec)) == NULL) { ++ DEBUG("gethostbyname err\n"); ++ return 1; ++ } ++ ++ if (setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &timeo, len) == -1) { ++ DEBUG("setsockopt send err\n"); ++ return 1; ++ } ++ ++ if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &timeo, len) == -1) { ++ DEBUG("setsockopt recv err\n"); ++ return 1; ++ } ++ ++ addr.sin_family = AF_INET; ++ addr.sin_addr = *((struct in_addr *)host->h_addr); ++ //addr.sin_addr.s_addr = inet_addr(argv[1]); ++ addr.sin_port = htons(atoi(argv[2])); ++ ++ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { ++ if (errno == EINPROGRESS) { ++ DEBUG("timeout err\n"); ++ return 1; ++ } ++ DEBUG("connect err\n"); ++ return 1; ++ } ++ ++ if (http_flag == 0) { ++ close(fd); ++ return 0; ++ } ++ ++ strcat(http_url, argv[1]); ++ http_ret = http_get(http_url, fd); ++ ++ if (http_ret == 1) { ++ DEBUG("recv err"); ++ return 1; ++ } ++ else { ++ DEBUG("recv ok"); ++ return 0; ++ } ++} +diff --git a/src/redir.c b/src/redir.c +index 4345a36..e2bdd0e 100644 +--- a/src/redir.c ++++ b/src/redir.c +@@ -203,7 +203,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents) + // continue to wait for recv + return; + } else { +- ERROR("server recv"); ++ //ERROR("server recv"); + close_and_free_remote(EV_A_ remote); + close_and_free_server(EV_A_ server); + return; +-- +2.7.4 + diff --git a/package/lean/shortcut-fe/Makefile b/package/lean/shortcut-fe/Makefile new file mode 100644 index 000000000..5c9a80e57 --- /dev/null +++ b/package/lean/shortcut-fe/Makefile @@ -0,0 +1,121 @@ +# +# Copyright (c) 2014 The Linux Foundation. All rights reserved. +# Permission to use, copy, modify, and/or distribute this software for +# any purpose with or without fee is hereby granted, provided that the +# above copyright notice and this permission notice appear in all copies. +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=shortcut-fe +PKG_RELEASE:=2 + +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/shortcut-fe + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + DEPENDS:=@IPV6 @!LINUX_4_14 + TITLE:=Kernel driver for SFE + FILES:=$(PKG_BUILD_DIR)/shortcut-fe.ko $(PKG_BUILD_DIR)/shortcut-fe-ipv6.ko + KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_SHORTCUT_FE=y + AUTOLOAD:=$(call AutoProbe,shortcut-fe shortcut-fe-ipv6) +endef + +define KernelPackage/shortcut-fe/Description +Shortcut is an in-Linux-kernel IP packet forwarding engine. +endef + +define KernelPackage/shortcut-fe-cm + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe + TITLE:=Kernel driver for SFE + FILES:=$(PKG_BUILD_DIR)/shortcut-fe-cm.ko + KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y CONFIG_NF_CONNTRACK_MARK=y + AUTOLOAD:=$(call AutoProbe,shortcut-fe-cm) +endef + +define KernelPackage/shortcut-fe-cm/Description +Simple connection manager for the Shortcut forwarding engine. +endef + +define KernelPackage/fast-classifier + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + DEPENDS:=+kmod-ipt-conntrack +kmod-shortcut-fe + TITLE:=Kernel driver for FAST Classifier + FILES:=$(PKG_BUILD_DIR)/fast-classifier.ko + KCONFIG:=CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y CONFIG_NF_CONNTRACK_MARK=y + AUTOLOAD:=$(call AutoLoad,z,fast-classifier) + PROVIDES:=$(PKG_NAME) +endef + +define KernelPackage/fast-classifier/description +FAST Classifier connection manager for Shortcut forwarding engine. +It talks to SFE to make decisions about offloading connections. +endef + +define Package/fast-classifier-example + TITLE:=Example user space program for fast-classifier + DEPENDS:=+libnl +kmod-fast-classifier +endef + +define Package/fast-classifier-example/description +Example user space program that communicates with fast +classifier kernel module +endef + +MAKE_OPTS:= \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + SUBDIRS="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" + +define Build/Compile + $(MAKE) -C "$(LINUX_DIR)" \ + $(MAKE_OPTS) \ + modules + $(if $(CONFIG_PACKAGE_fast-classifier-example),$(Build/Compile/fast-classifier-example)) +endef + +define Build/Compile/fast-classifier-example + $(TARGET_CC) -o $(PKG_BUILD_DIR)/userspace_fast_classifier \ + -I $(PKG_BUILD_DIR) \ + -I$(STAGING_DIR)/usr/include/libnl \ + -I$(STAGING_DIR)/usr/include/libnl3 \ + -lnl-genl-3 -lnl-3 \ + $(PKG_BUILD_DIR)/nl_classifier_test.c +endef + +ifneq ($(CONFIG_PACKAGE_kmod-shortcut-fe)$(CONFIG_PACKAGE_kmod-shortcut-fe-cm)$(CONFIG_PACKAGE_kmod-fast-classifier),) +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/shortcut-fe + $(CP) -rf $(PKG_BUILD_DIR)/sfe.h $(1)/usr/include/shortcut-fe +ifneq ($(CONFIG_PACKAGE_kmod-fast-classifier),) + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_BUILD_DIR)/fast-classifier.h $(1)/usr/include/ +endif +endef +endif + +define Package/fast-classifier-example/install + $(INSTALL_DIR) $(1)/sbin + $(CP) $(PKG_BUILD_DIR)/userspace_fast_classifier $(1)/sbin/ +endef + +$(eval $(call KernelPackage,shortcut-fe)) +$(eval $(call KernelPackage,shortcut-fe-cm)) +$(eval $(call KernelPackage,fast-classifier)) +#$(eval $(call BuildPackage,fast-classifier-example)) + diff --git a/package/lean/shortcut-fe/src/Kconfig b/package/lean/shortcut-fe/src/Kconfig new file mode 100644 index 000000000..487f1e065 --- /dev/null +++ b/package/lean/shortcut-fe/src/Kconfig @@ -0,0 +1,14 @@ +# +# Shortcut forwarding engine +# + +config SHORTCUT_FE + tristate "Shortcut Forwarding Engine" + depends on NF_CONNTRACK + ---help--- + Shortcut is a fast in-kernel packet forwarding engine. + + To compile this code as a module, choose M here: the module will be + called shortcut-fe. + + If unsure, say N. diff --git a/package/lean/shortcut-fe/src/Makefile b/package/lean/shortcut-fe/src/Makefile new file mode 100644 index 000000000..88d95d232 --- /dev/null +++ b/package/lean/shortcut-fe/src/Makefile @@ -0,0 +1,14 @@ +# +# Makefile for Shortcut FE. +# + +obj-m += shortcut-fe.o shortcut-fe-ipv6.o shortcut-fe-cm.o fast-classifier.o + +shortcut-fe-objs := \ + sfe_ipv4.o + +shortcut-fe-ipv6-objs := \ + sfe_ipv6.o + +shortcut-fe-cm-objs := \ + sfe_cm.o diff --git a/package/lean/shortcut-fe/src/README b/package/lean/shortcut-fe/src/README new file mode 100644 index 000000000..1bf1cc255 --- /dev/null +++ b/package/lean/shortcut-fe/src/README @@ -0,0 +1,122 @@ +Shortcut Forwarding Engine +-------------------------- + +Welcome to "Shortcut" :-) + +Here's a quick FAQ: + + +Q) What is Shortcut? + +A) Shortcut is an in-Linux-kernel IP packet forwarding engine. It's designed +to offer very high speed IP packet forwarding based on IP connection tracking. +It's dramatically faster than the standard netfilter-based NAT forwarding path +but is designed to synchronise state back to netfilter/conntrack so that it +doesn't need to deal with all of the complexities of special cases. + + +Q) What versions of IP does it support? + +A) The current version only supports IPv4 but will be extended to support IPv6 in +the future. + + +Q) What transport protocols does it support? + +A) TCP and UDP. It also knows enough about ICMP to spot ICMP error messages +related to TCP and UDP and handle things accordingly. + + +Q) Is there a design spec for this software? + +A) Not at the moment. I'll write one when I get more time. The code is +intended to be a good tutorial though - it's very heavily commented. If you +find yourself reading something and not understanding it then I take that to +mean I've probably not done a sufficently good job of explaining what it's +doing in the comments. Let me know - I will try to fix it :-) + + +Q) Why was it written? + +A) It was written as a demonstration of what can be done to provide high +performance forwarding inside the kernel. There were two initial motivations: + +1) To provide a platform to enable research into how QoS analysis systems can +offload work and avoid huge Linux overheads. + +2) To provide a tool to investigate the behaviour of various processors, SoCs +and software sets so that we can characterize and design new network processor +SoCs. + + +Q) How much faster is it than the Linux kernel forwarding path? + +A) At the time of pushing this to github it's been tested on a QCA AP135. +This has a Scorpion (QCA Scopion, not the QMC one :-)) SoC, QCA9550. The +SoC's processor is a MIPS74K running at 720 MHz and with a DDR2 memory +subsystem that offers a peak of 600 MT/s (16-bit transfers). + +Running IPv4 NAT forwarding of UDP between the board's 2 GMAC ports and +using a SmartBits 200 as a traffic generator Linux is able to forward 70k PPS. +Once the SFE code is invoked this will increase to 350k PPS! + +There's also a slightly hacky mode which causes SFE to bypass the Linux +bridge layer, but this isn't really ready for use because it doesn't have +sufficient MAC address checks or integration of statistics back to the +Ethernet bridge, but that runs at 436k PPS. + + +Q) Are there any diagnostics? + +A) Yes, this is a research tool after all! There's a complex way to do this +that's more general purpose and a simple one - here's the simple one: + + mknod /dev/sfe c 253 0 + +The file /dev/sfe is an XML-ish output and provides details of all the +network connections currently being offloaded. It also reports the numbers +of packets that took various "exception" paths within the code. In addition +it provides a summary of the number of connections, attempts to accelerate +connections, cancel accelerations, etc. It also reports the numbers of +packets that were forwarded and not forwarded by the engine and has some +stats on the effectiveness of the hashing algorithm it uses. + + +Q) How does the code interact with Linux? + +A) There are four minor patches required to make this software run with +Linux. These are currently against a 3.3.8 or 3.4.0 kernel: + +* (net/core/dev.c) adds a hook to allow packets to be extracted out. + +* (net/netfilter/nf_conntrack_proto_tcp.c) exposes a state variable inside + netfilter that's necessary to enable TCP sequence and ACK checking within + the offload path. Note that this specific patch is against the QCA QSDK + patched version of 3.3.8 - there's a slightly braindead "performance" + patch in that kernel, courtesy of the OpenWrt community that makes the + Linux forwarding path slightly faster at the expense of losing + functionality :-( + +* (net/Kconfig) adds the shortcut-fe option. + +* (net/Makefile) adds the shortcut-fe build support. + +Once these are applied and the module is loaded then everything else +is automatic :-) The patches are in this git repo. + + +Q) Are any of the pieces reused from other projects? + +A) Yes! Some of the forwarding concepts are reused from the Ubicom Network +Accelerator that morphed into part of the Akronite NSS. This code has all +been substantially changed though to accomodate Linux's needs. + +There are also some pieces that I borrowed from the QCA "FastNAT" software +written by Xiaoping Fan . Xiaoping's code was the +first actual demonstration within QCA that this in-kernel concept could yield +signficant performance gains. + + +Enjoy! +Dave Hudson + diff --git a/package/lean/shortcut-fe/src/fast-classifier.c b/package/lean/shortcut-fe/src/fast-classifier.c new file mode 100644 index 000000000..48a2d27f4 --- /dev/null +++ b/package/lean/shortcut-fe/src/fast-classifier.c @@ -0,0 +1,1892 @@ +/* + * fast-classifier.c + * Shortcut forwarding engine connection manager. + * fast-classifier + * + * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "sfe_backport.h" +#include "sfe.h" +#include "sfe_cm.h" +#include "fast-classifier.h" + +typedef enum fast_classifier_exception { + FAST_CL_EXCEPTION_PACKET_BROADCAST, + FAST_CL_EXCEPTION_PACKET_MULTICAST, + FAST_CL_EXCEPTION_NO_IIF, + FAST_CL_EXCEPTION_NO_CT, + FAST_CL_EXCEPTION_CT_NO_TRACK, + FAST_CL_EXCEPTION_CT_NO_CONFIRM, + FAST_CL_EXCEPTION_CT_IS_ALG, + FAST_CL_EXCEPTION_IS_IPV4_MCAST, + FAST_CL_EXCEPTION_IS_IPV6_MCAST, + FAST_CL_EXCEPTION_TCP_NOT_ASSURED, + FAST_CL_EXCEPTION_TCP_NOT_ESTABLISHED, + FAST_CL_EXCEPTION_UNKNOW_PROTOCOL, + FAST_CL_EXCEPTION_NO_SRC_DEV, + FAST_CL_EXCEPTION_NO_SRC_XLATE_DEV, + FAST_CL_EXCEPTION_NO_DEST_DEV, + FAST_CL_EXCEPTION_NO_DEST_XLATE_DEV, + FAST_CL_EXCEPTION_NO_BRIDGE, + FAST_CL_EXCEPTION_LOCAL_OUT, + FAST_CL_EXCEPTION_WAIT_FOR_ACCELERATION, + FAST_CL_EXCEPTION_UPDATE_PROTOCOL_FAIL, + FAST_CL_EXCEPTION_CT_DESTROY_MISS, + FAST_CL_EXCEPTION_MAX +} fast_classifier_exception_t; + +static char *fast_classifier_exception_events_string[FAST_CL_EXCEPTION_MAX] = { + "PACKET_BROADCAST", + "PACKET_MULTICAST", + "NO_IIF", + "NO_CT", + "CT_NO_TRACK", + "CT_NO_CONFIRM", + "CT_IS_ALG", + "IS_IPV4_MCAST", + "IS_IPV6_MCAST", + "TCP_NOT_ASSURED", + "TCP_NOT_ESTABLISHED", + "UNKNOW_PROTOCOL", + "NO_SRC_DEV", + "NO_SRC_XLATE_DEV", + "NO_DEST_DEV", + "NO_DEST_XLATE_DEV", + "NO_BRIDGE", + "LOCAL_OUT", + "WAIT_FOR_ACCELERATION", + "UPDATE_PROTOCOL_FAIL", + "CT_DESTROY_MISS", +}; + +/* + * Per-module structure. + */ +struct fast_classifier { + spinlock_t lock; /* Lock for SMP correctness */ + + /* + * Control state. + */ + struct kobject *sys_fast_classifier; /* sysfs linkage */ + + /* + * Callback notifiers. + */ + struct notifier_block dev_notifier; /* Device notifier */ + struct notifier_block inet_notifier; /* IPv4 notifier */ + struct notifier_block inet6_notifier; /* IPv6 notifier */ + u32 exceptions[FAST_CL_EXCEPTION_MAX]; +}; + +static struct fast_classifier __fsc; + +static struct nla_policy fast_classifier_genl_policy[FAST_CLASSIFIER_A_MAX + 1] = { + [FAST_CLASSIFIER_A_TUPLE] = { + .type = NLA_UNSPEC, + .len = sizeof(struct fast_classifier_tuple) + }, +}; + +static struct genl_multicast_group fast_classifier_genl_mcgrp[] = { + { + .name = FAST_CLASSIFIER_GENL_MCGRP, + }, +}; + +static struct genl_family fast_classifier_gnl_family = { + .id = GENL_ID_GENERATE, + .hdrsize = FAST_CLASSIFIER_GENL_HDRSIZE, + .name = FAST_CLASSIFIER_GENL_NAME, + .version = FAST_CLASSIFIER_GENL_VERSION, + .maxattr = FAST_CLASSIFIER_A_MAX, +}; + +static int fast_classifier_offload_genl_msg(struct sk_buff *skb, struct genl_info *info); +static int fast_classifier_nl_genl_msg_DUMP(struct sk_buff *skb, struct netlink_callback *cb); + +static struct genl_ops fast_classifier_gnl_ops[] = { + { + .cmd = FAST_CLASSIFIER_C_OFFLOAD, + .flags = 0, + .policy = fast_classifier_genl_policy, + .doit = fast_classifier_offload_genl_msg, + .dumpit = NULL, + }, + { + .cmd = FAST_CLASSIFIER_C_OFFLOADED, + .flags = 0, + .policy = fast_classifier_genl_policy, + .doit = NULL, + .dumpit = fast_classifier_nl_genl_msg_DUMP, + }, + { + .cmd = FAST_CLASSIFIER_C_DONE, + .flags = 0, + .policy = fast_classifier_genl_policy, + .doit = NULL, + .dumpit = fast_classifier_nl_genl_msg_DUMP, + }, +}; + +static atomic_t offload_msgs = ATOMIC_INIT(0); +static atomic_t offload_no_match_msgs = ATOMIC_INIT(0); +static atomic_t offloaded_msgs = ATOMIC_INIT(0); +static atomic_t done_msgs = ATOMIC_INIT(0); + +static atomic_t offloaded_fail_msgs = ATOMIC_INIT(0); +static atomic_t done_fail_msgs = ATOMIC_INIT(0); + +/* + * Accelerate incoming packets destined for bridge device + * If a incoming packet is ultimatly destined for + * a bridge device we will first see the packet coming + * from the phyiscal device, we can skip straight to + * processing the packet like it came from the bridge + * for some more performance gains + * + * This only works when the hook is above the bridge. We + * only implement ingress for now, because for egress we + * want to have the bridge devices qdiscs be used. + */ +static bool skip_to_bridge_ingress; + +/* + * fast_classifier_incr_exceptions() + * increase an exception counter. + */ +static inline void fast_classifier_incr_exceptions(fast_classifier_exception_t except) +{ + struct fast_classifier *sc = &__fsc; + + spin_lock_bh(&sc->lock); + sc->exceptions[except]++; + spin_unlock_bh(&sc->lock); +} + +/* + * fast_classifier_recv() + * Handle packet receives. + * + * Returns 1 if the packet is forwarded or 0 if it isn't. + */ +static int fast_classifier_recv(struct sk_buff *skb) +{ + struct net_device *dev; + struct net_device *master_dev = NULL; + int ret = 0; + + /* + * We know that for the vast majority of packets we need the transport + * layer header so we may as well start to fetch it now! + */ + prefetch(skb->data + 32); + barrier(); + + dev = skb->dev; + + /* + * Process packet like it arrived on the bridge device + */ + if (skip_to_bridge_ingress && + (dev->priv_flags & IFF_BRIDGE_PORT)) { + master_dev = sfe_dev_get_master(dev); + if (!master_dev) { + DEBUG_WARN("master dev is NULL %s\n"); + goto rx_exit; + } + dev = master_dev; + } + +#ifdef CONFIG_NET_CLS_ACT + /* + * If ingress Qdisc configured, and packet not processed by ingress Qdisc yet + * We cannot accelerate this packet. + */ + if (dev->ingress_queue && !(skb->tc_verd & TC_NCLS)) { + goto rx_exit; + } +#endif + + /* + * We're only interested in IPv4 and IPv6 packets. + */ + if (likely(htons(ETH_P_IP) == skb->protocol)) { + struct in_device *in_dev; + + /* + * Does our input device support IP processing? + */ + in_dev = (struct in_device *)dev->ip_ptr; + if (unlikely(!in_dev)) { + DEBUG_TRACE("no IP processing for device: %s\n", dev->name); + goto rx_exit; + } + + /* + * Does it have an IP address? If it doesn't then we can't do anything + * interesting here! + */ + if (unlikely(!in_dev->ifa_list)) { + DEBUG_TRACE("no IP address for device: %s\n", dev->name); + goto rx_exit; + } + + ret = sfe_ipv4_recv(dev, skb); + + } else if (likely(htons(ETH_P_IPV6) == skb->protocol)) { + struct inet6_dev *in_dev; + + /* + * Does our input device support IPv6 processing? + */ + in_dev = (struct inet6_dev *)dev->ip6_ptr; + if (unlikely(!in_dev)) { + DEBUG_TRACE("no IPv6 processing for device: %s\n", dev->name); + goto rx_exit; + } + + /* + * Does it have an IPv6 address? If it doesn't then we can't do anything + * interesting here! + */ + if (unlikely(list_empty(&in_dev->addr_list))) { + DEBUG_TRACE("no IPv6 address for device: %s\n", dev->name); + goto rx_exit; + } + + ret = sfe_ipv6_recv(dev, skb); + + } else { + DEBUG_TRACE("not IP packet\n"); + } + +rx_exit: + if (master_dev) { + dev_put(master_dev); + } + + return ret; +} + +/* + * fast_classifier_find_dev_and_mac_addr() + * Find the device and MAC address for a given IPv4 address. + * + * Returns true if we find the device and MAC address, otherwise false. + * + * We look up the rtable entry for the address and, from its neighbour + * structure, obtain the hardware address. This means this function also + * works if the neighbours are routers too. + */ +static bool fast_classifier_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, bool is_v4) +{ + struct neighbour *neigh; + struct rtable *rt; + struct rt6_info *rt6; + struct dst_entry *dst; + struct net_device *mac_dev; + + /* + * Look up the rtable entry for the IP address then get the hardware + * address from its neighbour structure. This means this works when the + * neighbours are routers too. + */ + if (is_v4) { + rt = ip_route_output(&init_net, addr->ip, 0, 0, 0); + if (unlikely(IS_ERR(rt))) { + goto ret_fail; + } + + dst = (struct dst_entry *)rt; + } else { + rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0); + if (!rt6) { + goto ret_fail; + } + + dst = (struct dst_entry *)rt6; + } + + rcu_read_lock(); + neigh = dst_neigh_lookup(dst, addr); + if (unlikely(!neigh)) { + rcu_read_unlock(); + dst_release(dst); + goto ret_fail; + } + + if (unlikely(!(neigh->nud_state & NUD_VALID))) { + rcu_read_unlock(); + neigh_release(neigh); + dst_release(dst); + goto ret_fail; + } + + mac_dev = neigh->dev; + if (!mac_dev) { + rcu_read_unlock(); + neigh_release(neigh); + dst_release(dst); + goto ret_fail; + } + + memcpy(mac_addr, neigh->ha, (size_t)mac_dev->addr_len); + + dev_hold(mac_dev); + *dev = mac_dev; + rcu_read_unlock(); + neigh_release(neigh); + dst_release(dst); + + return true; + +ret_fail: + DEBUG_TRACE("failed to find MAC address for IP: %pIS\n", addr); + + return false; +} + +static DEFINE_SPINLOCK(sfe_connections_lock); + +struct sfe_connection { + struct hlist_node hl; + struct sfe_connection_create *sic; + struct nf_conn *ct; + int hits; + int offload_permit; + int offloaded; + bool is_v4; + unsigned char smac[ETH_ALEN]; + unsigned char dmac[ETH_ALEN]; +}; + +static int sfe_connections_size; + +#define FC_CONN_HASH_ORDER 13 +static DEFINE_HASHTABLE(fc_conn_ht, FC_CONN_HASH_ORDER); + +static u32 fc_conn_hash(sfe_ip_addr_t *saddr, sfe_ip_addr_t *daddr, + unsigned short sport, unsigned short dport, bool is_v4) +{ + u32 idx, cnt = ((is_v4 ? sizeof(saddr->ip) : sizeof(saddr->ip6))/sizeof(u32)); + u32 hash = 0; + + for (idx = 0; idx < cnt; idx++) { + hash ^= ((u32 *)saddr)[idx] ^ ((u32 *)daddr)[idx]; + } + + return hash ^ (sport | (dport << 16)); +} + +/* + * fast_classifier_update_protocol() + * Update sfe_ipv4_create struct with new protocol information before we offload + */ +static int fast_classifier_update_protocol(struct sfe_connection_create *p_sic, struct nf_conn *ct) +{ + switch (p_sic->protocol) { + case IPPROTO_TCP: + p_sic->src_td_window_scale = ct->proto.tcp.seen[0].td_scale; + p_sic->src_td_max_window = ct->proto.tcp.seen[0].td_maxwin; + p_sic->src_td_end = ct->proto.tcp.seen[0].td_end; + p_sic->src_td_max_end = ct->proto.tcp.seen[0].td_maxend; + p_sic->dest_td_window_scale = ct->proto.tcp.seen[1].td_scale; + p_sic->dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin; + p_sic->dest_td_end = ct->proto.tcp.seen[1].td_end; + p_sic->dest_td_max_end = ct->proto.tcp.seen[1].td_maxend; + + if (nf_ct_tcp_no_window_check + || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL) + || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { + p_sic->flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK; + } + + /* + * If the connection is shutting down do not manage it. + * state can not be SYN_SENT, SYN_RECV because connection is assured + * Not managed states: FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSE. + */ + spin_lock_bh(&ct->lock); + if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) { + spin_unlock_bh(&ct->lock); + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_TCP_NOT_ESTABLISHED); + DEBUG_TRACE("connection in termination state: %#x, s: %pI4:%u, d: %pI4:%u\n", + ct->proto.tcp.state, &p_sic->src_ip, ntohs(p_sic->src_port), + &p_sic->dest_ip, ntohs(p_sic->dest_port)); + return 0; + } + spin_unlock_bh(&ct->lock); + break; + + case IPPROTO_UDP: + break; + + default: + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_UNKNOW_PROTOCOL); + DEBUG_TRACE("unhandled protocol %d\n", p_sic->protocol); + return 0; + } + + return 1; +} + +/* fast_classifier_send_genl_msg() + * Function to send a generic netlink message + */ +static void fast_classifier_send_genl_msg(int msg, struct fast_classifier_tuple *fc_msg) +{ + struct sk_buff *skb; + int rc; + int buf_len; + int total_len; + void *msg_head; + + /* + * Calculate our packet payload size. + * Start with our family header. + */ + buf_len = fast_classifier_gnl_family.hdrsize; + + /* + * Add the nla_total_size of each attribute we're going to nla_put(). + */ + buf_len += nla_total_size(sizeof(*fc_msg)); + + /* + * Lastly we need to add space for the NL message header since + * genlmsg_new only accounts for the GENL header and not the + * outer NL header. To do this, we use a NL helper function which + * calculates the total size of a netlink message given a payload size. + * Note this value does not include the GENL header, but that's + * added automatically by genlmsg_new. + */ + total_len = nlmsg_total_size(buf_len); + skb = genlmsg_new(total_len, GFP_ATOMIC); + if (!skb) + return; + + msg_head = genlmsg_put(skb, 0, 0, &fast_classifier_gnl_family, 0, msg); + if (!msg_head) { + nlmsg_free(skb); + return; + } + + rc = nla_put(skb, FAST_CLASSIFIER_A_TUPLE, sizeof(struct fast_classifier_tuple), fc_msg); + if (rc != 0) { + genlmsg_cancel(skb, msg_head); + nlmsg_free(skb); + return; + } + + genlmsg_end(skb, msg_head); + if (rc < 0) { + genlmsg_cancel(skb, msg_head); + nlmsg_free(skb); + return; + } + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) + rc = genlmsg_multicast(&fast_classifier_gnl_family, skb, 0, 0, GFP_ATOMIC); +#else + rc = genlmsg_multicast(skb, 0, fast_classifier_genl_mcgrp[0].id, GFP_ATOMIC); +#endif + switch (msg) { + case FAST_CLASSIFIER_C_OFFLOADED: + atomic_inc(&offloaded_msgs); + if (rc != 0) + atomic_inc(&offloaded_fail_msgs); + break; + case FAST_CLASSIFIER_C_DONE: + atomic_inc(&done_msgs); + if (rc != 0) + atomic_inc(&done_fail_msgs); + break; + default: + DEBUG_ERROR("fast-classifer: Unknown message type sent!\n"); + break; + } + + DEBUG_TRACE("Notify NL message %d ", msg); + DEBUG_TRACE("sip=%pIS dip=%pIS ", &fc_msg->src_saddr, &fc_msg->dst_saddr); + DEBUG_TRACE("protocol=%d sport=%d dport=%d smac=%pM dmac=%pM\n", + fc_msg->proto, fc_msg->sport, fc_msg->dport, fc_msg->smac, fc_msg->dmac); +} + +/* + * fast_classifier_find_conn() + * find a connection object in the hash table + * @pre the sfe_connection_lock must be held before calling this function + */ +static struct sfe_connection * +fast_classifier_find_conn(sfe_ip_addr_t *saddr, sfe_ip_addr_t *daddr, + unsigned short sport, unsigned short dport, + unsigned char proto, bool is_v4) +{ + struct sfe_connection_create *p_sic; + struct sfe_connection *conn; + u32 key; + + key = fc_conn_hash(saddr, daddr, sport, dport, is_v4); + + sfe_hash_for_each_possible(fc_conn_ht, conn, hl, key) { + if (conn->is_v4 != is_v4) { + continue; + } + + p_sic = conn->sic; + + if (p_sic->protocol == proto && + p_sic->src_port == sport && + p_sic->dest_port == dport && + sfe_addr_equal(&p_sic->src_ip, saddr, is_v4) && + sfe_addr_equal(&p_sic->dest_ip, daddr, is_v4)) { + return conn; + } + } + + DEBUG_TRACE("connection not found\n"); + return NULL; +} + +/* + * fast_classifier_sb_find_conn() + * find a connection object in the hash table according to information of packet + * if not found, reverse the tuple and try again. + * @pre the sfe_connection_lock must be held before calling this function + */ +static struct sfe_connection * +fast_classifier_sb_find_conn(sfe_ip_addr_t *saddr, sfe_ip_addr_t *daddr, + unsigned short sport, unsigned short dport, + unsigned char proto, bool is_v4) +{ + struct sfe_connection_create *p_sic; + struct sfe_connection *conn; + u32 key; + + key = fc_conn_hash(saddr, daddr, sport, dport, is_v4); + + sfe_hash_for_each_possible(fc_conn_ht, conn, hl, key) { + if (conn->is_v4 != is_v4) { + continue; + } + + p_sic = conn->sic; + + if (p_sic->protocol == proto && + p_sic->src_port == sport && + p_sic->dest_port_xlate == dport && + sfe_addr_equal(&p_sic->src_ip, saddr, is_v4) && + sfe_addr_equal(&p_sic->dest_ip_xlate, daddr, is_v4)) { + return conn; + } + } + + /* + * Reverse the tuple and try again + */ + key = fc_conn_hash(daddr, saddr, dport, sport, is_v4); + + sfe_hash_for_each_possible(fc_conn_ht, conn, hl, key) { + if (conn->is_v4 != is_v4) { + continue; + } + + p_sic = conn->sic; + + if (p_sic->protocol == proto && + p_sic->src_port == dport && + p_sic->dest_port_xlate == sport && + sfe_addr_equal(&p_sic->src_ip, daddr, is_v4) && + sfe_addr_equal(&p_sic->dest_ip_xlate, saddr, is_v4)) { + return conn; + } + } + + DEBUG_TRACE("connection not found\n"); + return NULL; +} + +/* + * fast_classifier_add_conn() + * add a connection object in the hash table if no duplicate + * @conn connection to add + * @return conn if successful, NULL if duplicate + */ +static struct sfe_connection * +fast_classifier_add_conn(struct sfe_connection *conn) +{ + struct sfe_connection_create *sic = conn->sic; + u32 key; + + spin_lock_bh(&sfe_connections_lock); + if (fast_classifier_find_conn(&sic->src_ip, &sic->dest_ip, sic->src_port, + sic->dest_port, sic->protocol, conn->is_v4)) { + spin_unlock_bh(&sfe_connections_lock); + return NULL; + } + + key = fc_conn_hash(&sic->src_ip, &sic->dest_ip, + sic->src_port, sic->dest_port, conn->is_v4); + + hash_add(fc_conn_ht, &conn->hl, key); + sfe_connections_size++; + spin_unlock_bh(&sfe_connections_lock); + + DEBUG_TRACE(" -> adding item to sfe_connections, new size: %d\n", sfe_connections_size); + + DEBUG_TRACE("new offloadable: key: %u proto: %d src_ip: %pIS dst_ip: %pIS, src_port: %d, dst_port: %d\n", + key, sic->protocol, &(sic->src_ip), &(sic->dest_ip), sic->src_port, sic->dest_port); + + return conn; +} + +/* + * fast_classifier_offload_genl_msg() + * Called from user space to offload a connection + */ +static int +fast_classifier_offload_genl_msg(struct sk_buff *skb, struct genl_info *info) +{ + struct nlattr *na; + struct fast_classifier_tuple *fc_msg; + struct sfe_connection *conn; + + na = info->attrs[FAST_CLASSIFIER_A_TUPLE]; + fc_msg = nla_data(na); + + DEBUG_TRACE("want to offload: %d-%d, %pIS, %pIS, %d, %d SMAC=%pM DMAC=%pM\n", + fc_msg->ethertype, + fc_msg->proto, + &fc_msg->src_saddr, + &fc_msg->dst_saddr, + fc_msg->sport, + fc_msg->dport, + fc_msg->smac, + fc_msg->dmac); + + spin_lock_bh(&sfe_connections_lock); + conn = fast_classifier_sb_find_conn((sfe_ip_addr_t *)&fc_msg->src_saddr, + (sfe_ip_addr_t *)&fc_msg->dst_saddr, + fc_msg->sport, + fc_msg->dport, + fc_msg->proto, + (fc_msg->ethertype == AF_INET)); + if (!conn) { + spin_unlock_bh(&sfe_connections_lock); + DEBUG_TRACE("REQUEST OFFLOAD NO MATCH\n"); + atomic_inc(&offload_no_match_msgs); + return 0; + } + + conn->offload_permit = 1; + spin_unlock_bh(&sfe_connections_lock); + atomic_inc(&offload_msgs); + + DEBUG_TRACE("INFO: calling sfe rule creation!\n"); + return 0; +} + +/* + * fast_classifier_nl_genl_msg_DUMP() + * ignore fast_classifier_messages OFFLOADED and DONE + */ +static int fast_classifier_nl_genl_msg_DUMP(struct sk_buff *skb, + struct netlink_callback *cb) +{ + return 0; +} + +/* auto offload connection once we have this many packets*/ +static int offload_at_pkts = 128; + +/* + * fast_classifier_post_routing() + * Called for packets about to leave the box - either locally generated or forwarded from another interface + */ +static unsigned int fast_classifier_post_routing(struct sk_buff *skb, bool is_v4) +{ + int ret; + struct sfe_connection_create sic; + struct sfe_connection_create *p_sic; + struct net_device *in; + struct nf_conn *ct; + enum ip_conntrack_info ctinfo; + struct net_device *dev; + struct net_device *src_dev; + struct net_device *dest_dev; + struct net_device *src_br_dev = NULL; + struct net_device *dest_br_dev = NULL; + struct nf_conntrack_tuple orig_tuple; + struct nf_conntrack_tuple reply_tuple; + struct sfe_connection *conn; + SFE_NF_CONN_ACCT(acct); + + /* + * Don't process broadcast or multicast packets. + */ + if (unlikely(skb->pkt_type == PACKET_BROADCAST)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_PACKET_BROADCAST); + DEBUG_TRACE("broadcast, ignoring\n"); + return NF_ACCEPT; + } + if (unlikely(skb->pkt_type == PACKET_MULTICAST)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_PACKET_MULTICAST); + DEBUG_TRACE("multicast, ignoring\n"); + return NF_ACCEPT; + } + + /* + * Don't process packets that are not being forwarded. + */ + in = dev_get_by_index(&init_net, skb->skb_iif); + if (!in) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_IIF); + DEBUG_TRACE("packet not forwarding\n"); + return NF_ACCEPT; + } + + dev_put(in); + + /* + * Don't process packets that aren't being tracked by conntrack. + */ + ct = nf_ct_get(skb, &ctinfo); + if (unlikely(!ct)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_CT); + DEBUG_TRACE("no conntrack connection, ignoring\n"); + return NF_ACCEPT; + } + + /* + * Don't process untracked connections. + */ + if (unlikely(nf_ct_is_untracked(ct))) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_CT_NO_TRACK); + DEBUG_TRACE("untracked connection\n"); + return NF_ACCEPT; + } + + /* + * Unconfirmed connection may be dropped by Linux at the final step, + * So we don't process unconfirmed connections. + */ + if (!nf_ct_is_confirmed(ct)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_CT_NO_CONFIRM); + DEBUG_TRACE("unconfirmed connection\n"); + return NF_ACCEPT; + } + + /* + * Don't process connections that require support from a 'helper' (typically a NAT ALG). + */ + if (unlikely(nfct_help(ct))) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_CT_IS_ALG); + DEBUG_TRACE("connection has helper\n"); + return NF_ACCEPT; + } + + /* + * Check if the acceleration of a flow could be rejected quickly. + */ + acct = nf_conn_acct_find(ct); + if (acct) { + long long packets = atomic64_read(&SFE_ACCT_COUNTER(acct)[CTINFO2DIR(ctinfo)].packets); + if ((packets > 0xff) && (packets & 0xff)) { + /* + * Connection hits slow path at least 256 times, so it must be not able to accelerate. + * But we also give it a chance to walk through ECM every 256 packets + */ + return NF_ACCEPT; + } + } + + memset(&sic, 0, sizeof(sic)); + + /* + * Look up the details of our connection in conntrack. + * + * Note that the data we get from conntrack is for the "ORIGINAL" direction + * but our packet may actually be in the "REPLY" direction. + */ + orig_tuple = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; + reply_tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple; + sic.protocol = (s32)orig_tuple.dst.protonum; + + sic.flags = 0; + + /* + * Get addressing information, non-NAT first + */ + if (is_v4) { + u32 dscp; + + sic.src_ip.ip = (__be32)orig_tuple.src.u3.ip; + sic.dest_ip.ip = (__be32)orig_tuple.dst.u3.ip; + + if (ipv4_is_multicast(sic.src_ip.ip) || ipv4_is_multicast(sic.dest_ip.ip)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_IS_IPV4_MCAST); + DEBUG_TRACE("multicast address\n"); + return NF_ACCEPT; + } + + /* + * NAT'ed addresses - note these are as seen from the 'reply' direction + * When NAT does not apply to this connection these will be identical to the above. + */ + sic.src_ip_xlate.ip = (__be32)reply_tuple.dst.u3.ip; + sic.dest_ip_xlate.ip = (__be32)reply_tuple.src.u3.ip; + + dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; + if (dscp) { + sic.dest_dscp = dscp; + sic.src_dscp = sic.dest_dscp; + sic.flags |= SFE_CREATE_FLAG_REMARK_DSCP; + } + } else { + u32 dscp; + + sic.src_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.src.u3.in6); + sic.dest_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.dst.u3.in6); + + if (ipv6_addr_is_multicast((struct in6_addr *)sic.src_ip.ip6) || + ipv6_addr_is_multicast((struct in6_addr *)sic.dest_ip.ip6)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_IS_IPV6_MCAST); + DEBUG_TRACE("multicast address\n"); + return NF_ACCEPT; + } + + /* + * NAT'ed addresses - note these are as seen from the 'reply' direction + * When NAT does not apply to this connection these will be identical to the above. + */ + sic.src_ip_xlate.ip6[0] = *((struct sfe_ipv6_addr *)&reply_tuple.dst.u3.in6); + sic.dest_ip_xlate.ip6[0] = *((struct sfe_ipv6_addr *)&reply_tuple.src.u3.in6); + + dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; + if (dscp) { + sic.dest_dscp = dscp; + sic.src_dscp = sic.dest_dscp; + sic.flags |= SFE_CREATE_FLAG_REMARK_DSCP; + } + } + + switch (sic.protocol) { + case IPPROTO_TCP: + sic.src_port = orig_tuple.src.u.tcp.port; + sic.dest_port = orig_tuple.dst.u.tcp.port; + sic.src_port_xlate = reply_tuple.dst.u.tcp.port; + sic.dest_port_xlate = reply_tuple.src.u.tcp.port; + + /* + * Don't try to manage a non-established connection. + */ + if (!test_bit(IPS_ASSURED_BIT, &ct->status)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_TCP_NOT_ASSURED); + DEBUG_TRACE("non-established connection\n"); + return NF_ACCEPT; + } + + break; + + case IPPROTO_UDP: + sic.src_port = orig_tuple.src.u.udp.port; + sic.dest_port = orig_tuple.dst.u.udp.port; + sic.src_port_xlate = reply_tuple.dst.u.udp.port; + sic.dest_port_xlate = reply_tuple.src.u.udp.port; + break; + + default: + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_UNKNOW_PROTOCOL); + DEBUG_TRACE("unhandled protocol %d\n", sic.protocol); + return NF_ACCEPT; + } + +#ifdef CONFIG_XFRM + sic.original_accel = 1; + sic.reply_accel = 1; +#endif + + /* + * Get QoS information + */ + if (skb->priority) { + sic.dest_priority = skb->priority; + sic.src_priority = sic.dest_priority; + sic.flags |= SFE_CREATE_FLAG_REMARK_PRIORITY; + } + + DEBUG_TRACE("POST_ROUTE: checking new connection: %d src_ip: %pIS dst_ip: %pIS, src_port: %d, dst_port: %d\n", + sic.protocol, &sic.src_ip, &sic.dest_ip, sic.src_port, sic.dest_port); + + /* + * If we already have this connection in our list, skip it + * XXX: this may need to be optimized + */ + spin_lock_bh(&sfe_connections_lock); + + conn = fast_classifier_find_conn(&sic.src_ip, &sic.dest_ip, sic.src_port, sic.dest_port, sic.protocol, is_v4); + if (conn) { + conn->hits++; + + if (!conn->offloaded) { + if (conn->offload_permit || conn->hits >= offload_at_pkts) { + DEBUG_TRACE("OFFLOADING CONNECTION, TOO MANY HITS\n"); + + if (fast_classifier_update_protocol(conn->sic, conn->ct) == 0) { + spin_unlock_bh(&sfe_connections_lock); + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_UPDATE_PROTOCOL_FAIL); + DEBUG_TRACE("UNKNOWN PROTOCOL OR CONNECTION CLOSING, SKIPPING\n"); + return NF_ACCEPT; + } + + DEBUG_TRACE("INFO: calling sfe rule creation!\n"); + spin_unlock_bh(&sfe_connections_lock); + + ret = is_v4 ? sfe_ipv4_create_rule(conn->sic) : sfe_ipv6_create_rule(conn->sic); + if ((ret == 0) || (ret == -EADDRINUSE)) { + struct fast_classifier_tuple fc_msg; + + if (is_v4) { + fc_msg.ethertype = AF_INET; + fc_msg.src_saddr.in = *((struct in_addr *)&sic.src_ip); + fc_msg.dst_saddr.in = *((struct in_addr *)&sic.dest_ip_xlate); + } else { + fc_msg.ethertype = AF_INET6; + fc_msg.src_saddr.in6 = *((struct in6_addr *)&sic.src_ip); + fc_msg.dst_saddr.in6 = *((struct in6_addr *)&sic.dest_ip_xlate); + } + + fc_msg.proto = sic.protocol; + fc_msg.sport = sic.src_port; + fc_msg.dport = sic.dest_port_xlate; + memcpy(fc_msg.smac, conn->smac, ETH_ALEN); + memcpy(fc_msg.dmac, conn->dmac, ETH_ALEN); + fast_classifier_send_genl_msg(FAST_CLASSIFIER_C_OFFLOADED, &fc_msg); + conn->offloaded = 1; + } + + return NF_ACCEPT; + } + } + + spin_unlock_bh(&sfe_connections_lock); + if (conn->offloaded) { + is_v4 ? sfe_ipv4_update_rule(conn->sic) : sfe_ipv6_update_rule(conn->sic); + } + + DEBUG_TRACE("FOUND, SKIPPING\n"); + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_WAIT_FOR_ACCELERATION); + return NF_ACCEPT; + } + + spin_unlock_bh(&sfe_connections_lock); + + /* + * Get the net device and MAC addresses that correspond to the various source and + * destination host addresses. + */ + if (!fast_classifier_find_dev_and_mac_addr(&sic.src_ip, &src_dev, sic.src_mac, is_v4)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_SRC_DEV); + return NF_ACCEPT; + } + + if (!fast_classifier_find_dev_and_mac_addr(&sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_SRC_XLATE_DEV); + goto done1; + } + + dev_put(dev); + + if (!fast_classifier_find_dev_and_mac_addr(&sic.dest_ip, &dev, sic.dest_mac, is_v4)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_DEST_DEV); + goto done1; + } + + dev_put(dev); + + if (!fast_classifier_find_dev_and_mac_addr(&sic.dest_ip_xlate, &dest_dev, sic.dest_mac_xlate, is_v4)) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_DEST_XLATE_DEV); + goto done1; + } + + /* + * Our devices may actually be part of a bridge interface. If that's + * the case then find the bridge interface instead. + */ + if (src_dev->priv_flags & IFF_BRIDGE_PORT) { + src_br_dev = sfe_dev_get_master(src_dev); + if (!src_br_dev) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_BRIDGE); + DEBUG_TRACE("no bridge found for: %s\n", src_dev->name); + goto done2; + } + + src_dev = src_br_dev; + } + + if (dest_dev->priv_flags & IFF_BRIDGE_PORT) { + dest_br_dev = sfe_dev_get_master(dest_dev); + if (!dest_br_dev) { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_NO_BRIDGE); + DEBUG_TRACE("no bridge found for: %s\n", dest_dev->name); + goto done3; + } + + dest_dev = dest_br_dev; + } + + sic.src_dev = src_dev; + sic.dest_dev = dest_dev; + + sic.src_mtu = src_dev->mtu; + sic.dest_mtu = dest_dev->mtu; + + if (skb->mark) { + DEBUG_TRACE("SKB MARK NON ZERO %x\n", skb->mark); + } + sic.mark = skb->mark; + + conn = kmalloc(sizeof(*conn), GFP_ATOMIC); + if (!conn) { + printk(KERN_CRIT "ERROR: no memory for sfe\n"); + goto done3; + } + conn->hits = 0; + conn->offload_permit = 0; + conn->offloaded = 0; + conn->is_v4 = is_v4; + DEBUG_TRACE("Source MAC=%pM\n", sic.src_mac); + memcpy(conn->smac, sic.src_mac, ETH_ALEN); + memcpy(conn->dmac, sic.dest_mac_xlate, ETH_ALEN); + + p_sic = kmalloc(sizeof(*p_sic), GFP_ATOMIC); + if (!p_sic) { + printk(KERN_CRIT "ERROR: no memory for sfe\n"); + kfree(conn); + goto done3; + } + + memcpy(p_sic, &sic, sizeof(sic)); + conn->sic = p_sic; + conn->ct = ct; + + if (!fast_classifier_add_conn(conn)) { + kfree(conn->sic); + kfree(conn); + } + + /* + * If we had bridge ports then release them too. + */ + if (dest_br_dev) { + dev_put(dest_br_dev); + } + +done3: + if (src_br_dev) { + dev_put(src_br_dev); + } + +done2: + dev_put(dest_dev); + +done1: + dev_put(src_dev); + + return NF_ACCEPT; +} + +/* + * fast_classifier_ipv4_post_routing_hook() + * Called for packets about to leave the box - either locally generated or forwarded from another interface + */ +fast_classifier_ipv4_post_routing_hook(hooknum, ops, skb, in_unused, out, okfn) +{ + return fast_classifier_post_routing(skb, true); +} + +/* + * fast_classifier_ipv6_post_routing_hook() + * Called for packets about to leave the box - either locally generated or forwarded from another interface + */ +fast_classifier_ipv6_post_routing_hook(hooknum, ops, skb, in_unused, out, okfn) +{ + return fast_classifier_post_routing(skb, false); +} + +/* + * fast_classifier_update_mark() + * updates the mark for a fast-classifier connection + */ +static void fast_classifier_update_mark(struct sfe_connection_mark *mark, bool is_v4) +{ + struct sfe_connection *conn; + + spin_lock_bh(&sfe_connections_lock); + + conn = fast_classifier_find_conn(&mark->src_ip, &mark->dest_ip, + mark->src_port, mark->dest_port, + mark->protocol, is_v4); + if (conn) { + conn->sic->mark = mark->mark; + } + + spin_unlock_bh(&sfe_connections_lock); +} + +#ifdef CONFIG_NF_CONNTRACK_EVENTS +/* + * fast_classifier_conntrack_event() + * Callback event invoked when a conntrack connection's state changes. + */ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS +static int fast_classifier_conntrack_event(struct notifier_block *this, + unsigned long events, void *ptr) +#else +static int fast_classifier_conntrack_event(unsigned int events, struct nf_ct_event *item) +#endif +{ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + struct nf_ct_event *item = ptr; +#endif + struct sfe_connection_destroy sid; + struct nf_conn *ct = item->ct; + struct nf_conntrack_tuple orig_tuple; + struct sfe_connection *conn; + struct fast_classifier_tuple fc_msg; + int offloaded = 0; + bool is_v4; + + /* + * If we don't have a conntrack entry then we're done. + */ + if (unlikely(!ct)) { + DEBUG_WARN("no ct in conntrack event callback\n"); + return NOTIFY_DONE; + } + + /* + * If this is an untracked connection then we can't have any state either. + */ + if (unlikely(nf_ct_is_untracked(ct))) { + DEBUG_TRACE("ignoring untracked conn\n"); + return NOTIFY_DONE; + } + + orig_tuple = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; + sid.protocol = (s32)orig_tuple.dst.protonum; + + /* + * Extract information from the conntrack connection. We're only interested + * in nominal connection information (i.e. we're ignoring any NAT information). + */ + if (likely(nf_ct_l3num(ct) == AF_INET)) { + sid.src_ip.ip = (__be32)orig_tuple.src.u3.ip; + sid.dest_ip.ip = (__be32)orig_tuple.dst.u3.ip; + is_v4 = true; + } else if (likely(nf_ct_l3num(ct) == AF_INET6)) { + sid.src_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.src.u3.in6); + sid.dest_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.dst.u3.in6); + is_v4 = false; + } else { + DEBUG_TRACE("ignoring non-IPv4 and non-IPv6 connection\n"); + return NOTIFY_DONE; + } + + switch (sid.protocol) { + case IPPROTO_TCP: + sid.src_port = orig_tuple.src.u.tcp.port; + sid.dest_port = orig_tuple.dst.u.tcp.port; + break; + + case IPPROTO_UDP: + sid.src_port = orig_tuple.src.u.udp.port; + sid.dest_port = orig_tuple.dst.u.udp.port; + break; + + default: + DEBUG_TRACE("unhandled protocol: %d\n", sid.protocol); + return NOTIFY_DONE; + } + + /* + * Check for an updated mark + */ + if ((events & (1 << IPCT_MARK)) && (ct->mark != 0)) { + struct sfe_connection_mark mark; + + mark.protocol = sid.protocol; + mark.src_ip = sid.src_ip; + mark.dest_ip = sid.dest_ip; + mark.src_port = sid.src_port; + mark.dest_port = sid.dest_port; + mark.mark = ct->mark; + + is_v4 ? sfe_ipv4_mark_rule(&mark) : sfe_ipv6_mark_rule(&mark); + fast_classifier_update_mark(&mark, is_v4); + } + + /* + * We're only interested in destroy events at this point + */ + if (unlikely(!(events & (1 << IPCT_DESTROY)))) { + DEBUG_TRACE("ignoring non-destroy event\n"); + return NOTIFY_DONE; + } + + DEBUG_TRACE("Try to clean up: proto: %d src_ip: %pIS dst_ip: %pIS, src_port: %d, dst_port: %d\n", + sid.protocol, &sid.src_ip, &sid.dest_ip, sid.src_port, sid.dest_port); + + spin_lock_bh(&sfe_connections_lock); + + conn = fast_classifier_find_conn(&sid.src_ip, &sid.dest_ip, sid.src_port, sid.dest_port, sid.protocol, is_v4); + if (conn && conn->offloaded) { + if (is_v4) { + fc_msg.ethertype = AF_INET; + fc_msg.src_saddr.in = *((struct in_addr *)&conn->sic->src_ip); + fc_msg.dst_saddr.in = *((struct in_addr *)&conn->sic->dest_ip_xlate); + } else { + fc_msg.ethertype = AF_INET6; + fc_msg.src_saddr.in6 = *((struct in6_addr *)&conn->sic->src_ip); + fc_msg.dst_saddr.in6 = *((struct in6_addr *)&conn->sic->dest_ip_xlate); + } + + fc_msg.proto = conn->sic->protocol; + fc_msg.sport = conn->sic->src_port; + fc_msg.dport = conn->sic->dest_port_xlate; + memcpy(fc_msg.smac, conn->smac, ETH_ALEN); + memcpy(fc_msg.dmac, conn->dmac, ETH_ALEN); + offloaded = 1; + } + + if (conn) { + DEBUG_TRACE("Free connection\n"); + + hash_del(&conn->hl); + sfe_connections_size--; + kfree(conn->sic); + kfree(conn); + } else { + fast_classifier_incr_exceptions(FAST_CL_EXCEPTION_CT_DESTROY_MISS); + } + + spin_unlock_bh(&sfe_connections_lock); + + is_v4 ? sfe_ipv4_destroy_rule(&sid) : sfe_ipv6_destroy_rule(&sid); + + if (offloaded) { + fast_classifier_send_genl_msg(FAST_CLASSIFIER_C_DONE, &fc_msg); + } + + return NOTIFY_DONE; +} + +/* + * Netfilter conntrack event system to monitor connection tracking changes + */ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS +static struct notifier_block fast_classifier_conntrack_notifier = { + .notifier_call = fast_classifier_conntrack_event, +}; +#else +static struct nf_ct_event_notifier fast_classifier_conntrack_notifier = { + .fcn = fast_classifier_conntrack_event, +}; +#endif +#endif + +/* + * Structure to establish a hook into the post routing netfilter point - this + * will pick up local outbound and packets going from one interface to another. + * + * Note: see include/linux/netfilter_ipv4.h for info related to priority levels. + * We want to examine packets after NAT translation and any ALG processing. + */ +static struct nf_hook_ops fast_classifier_ops_post_routing[] __read_mostly = { + SFE_IPV4_NF_POST_ROUTING_HOOK(__fast_classifier_ipv4_post_routing_hook), + SFE_IPV6_NF_POST_ROUTING_HOOK(__fast_classifier_ipv6_post_routing_hook), +}; + +/* + * fast_classifier_sync_rule() + * Synchronize a connection's state. + */ +static void fast_classifier_sync_rule(struct sfe_connection_sync *sis) +{ + struct nf_conntrack_tuple_hash *h; + struct nf_conntrack_tuple tuple; + struct nf_conn *ct; + SFE_NF_CONN_ACCT(acct); + + /* + * Create a tuple so as to be able to look up a connection + */ + memset(&tuple, 0, sizeof(tuple)); + tuple.src.u.all = (__be16)sis->src_port; + tuple.dst.dir = IP_CT_DIR_ORIGINAL; + tuple.dst.protonum = (u8)sis->protocol; + tuple.dst.u.all = (__be16)sis->dest_port; + + if (sis->is_v6) { + tuple.src.u3.in6 = *((struct in6_addr *)sis->src_ip.ip6); + tuple.dst.u3.in6 = *((struct in6_addr *)sis->dest_ip.ip6); + tuple.src.l3num = AF_INET6; + + DEBUG_TRACE("update connection - p: %d, s: %pI6:%u, d: %pI6:%u\n", + (int)tuple.dst.protonum, + &tuple.src.u3.in6, (unsigned int)ntohs(tuple.src.u.all), + &tuple.dst.u3.in6, (unsigned int)ntohs(tuple.dst.u.all)); + } else { + tuple.src.u3.ip = sis->src_ip.ip; + tuple.dst.u3.ip = sis->dest_ip.ip; + tuple.src.l3num = AF_INET; + + DEBUG_TRACE("update connection - p: %d, s: %pI4:%u, d: %pI4:%u\n", + (int)tuple.dst.protonum, + &tuple.src.u3.ip, (unsigned int)ntohs(tuple.src.u.all), + &tuple.dst.u3.ip, (unsigned int)ntohs(tuple.dst.u.all)); + } + + /* + * Update packet count for ingress on bridge device + */ + if (skip_to_bridge_ingress) { + struct rtnl_link_stats64 nlstats; + nlstats.tx_packets = 0; + nlstats.tx_bytes = 0; + + if (sis->src_dev && IFF_EBRIDGE && + (sis->src_new_packet_count || sis->src_new_byte_count)) { + nlstats.rx_packets = sis->src_new_packet_count; + nlstats.rx_bytes = sis->src_new_byte_count; + spin_lock_bh(&sfe_connections_lock); + br_dev_update_stats(sis->src_dev, &nlstats); + spin_unlock_bh(&sfe_connections_lock); + } + if (sis->dest_dev && IFF_EBRIDGE && + (sis->dest_new_packet_count || sis->dest_new_byte_count)) { + nlstats.rx_packets = sis->dest_new_packet_count; + nlstats.rx_bytes = sis->dest_new_byte_count; + spin_lock_bh(&sfe_connections_lock); + br_dev_update_stats(sis->dest_dev, &nlstats); + spin_unlock_bh(&sfe_connections_lock); + } + } + + /* + * Look up conntrack connection + */ + h = nf_conntrack_find_get(&init_net, SFE_NF_CT_DEFAULT_ZONE, &tuple); + if (unlikely(!h)) { + DEBUG_TRACE("no connection found\n"); + return; + } + + ct = nf_ct_tuplehash_to_ctrack(h); + NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); + + /* + * Only update if this is not a fixed timeout + */ + if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { + spin_lock_bh(&ct->lock); +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) + ct->timeout += sis->delta_jiffies; +#else + ct->timeout.expires += sis->delta_jiffies; +#endif + spin_unlock_bh(&ct->lock); + } + + acct = nf_conn_acct_find(ct); + if (acct) { + spin_lock_bh(&ct->lock); + atomic64_add(sis->src_new_packet_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_ORIGINAL].packets); + atomic64_add(sis->src_new_byte_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_ORIGINAL].bytes); + atomic64_add(sis->dest_new_packet_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].packets); + atomic64_add(sis->dest_new_byte_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].bytes); + spin_unlock_bh(&ct->lock); + } + + switch (sis->protocol) { + case IPPROTO_TCP: + spin_lock_bh(&ct->lock); + if (ct->proto.tcp.seen[0].td_maxwin < sis->src_td_max_window) { + ct->proto.tcp.seen[0].td_maxwin = sis->src_td_max_window; + } + if ((s32)(ct->proto.tcp.seen[0].td_end - sis->src_td_end) < 0) { + ct->proto.tcp.seen[0].td_end = sis->src_td_end; + } + if ((s32)(ct->proto.tcp.seen[0].td_maxend - sis->src_td_max_end) < 0) { + ct->proto.tcp.seen[0].td_maxend = sis->src_td_max_end; + } + if (ct->proto.tcp.seen[1].td_maxwin < sis->dest_td_max_window) { + ct->proto.tcp.seen[1].td_maxwin = sis->dest_td_max_window; + } + if ((s32)(ct->proto.tcp.seen[1].td_end - sis->dest_td_end) < 0) { + ct->proto.tcp.seen[1].td_end = sis->dest_td_end; + } + if ((s32)(ct->proto.tcp.seen[1].td_maxend - sis->dest_td_max_end) < 0) { + ct->proto.tcp.seen[1].td_maxend = sis->dest_td_max_end; + } + spin_unlock_bh(&ct->lock); + break; + + case IPPROTO_UDP: + /* + * In Linux connection track, UDP flow has two timeout values: + * /proc/sys/net/netfilter/nf_conntrack_udp_timeout: + * this is for uni-direction UDP flow, normally its value is 60 seconds + * /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream: + * this is for bi-direction UDP flow, normally its value is 180 seconds + * + * Linux will update timer of UDP flow to stream timeout once it seen packets + * in reply direction. But if flow is accelerated by NSS or SFE, Linux won't + * see any packets. So we have to do the same thing in our stats sync message. + */ + if (!test_bit(IPS_ASSURED_BIT, &ct->status) && acct) { + u_int64_t reply_pkts = atomic64_read(&SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].packets); + + if (reply_pkts != 0) { + struct nf_conntrack_l4proto *l4proto; + unsigned int *timeouts; + + set_bit(IPS_SEEN_REPLY_BIT, &ct->status); + set_bit(IPS_ASSURED_BIT, &ct->status); + + l4proto = __nf_ct_l4proto_find((sis->is_v6 ? AF_INET6 : AF_INET), IPPROTO_UDP); + timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); + + spin_lock_bh(&ct->lock); +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) + ct->timeout = nfct_time_stamp + timeouts[UDP_CT_REPLIED]; +#else + ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; +#endif + spin_unlock_bh(&ct->lock); + } + } + break; + } + + /* + * Release connection + */ + nf_ct_put(ct); +} + +/* + * fast_classifier_device_event() + */ +static int fast_classifier_device_event(struct notifier_block *this, unsigned long event, void *ptr) +{ + struct net_device *dev = SFE_DEV_EVENT_PTR(ptr); + + if (dev && (event == NETDEV_DOWN)) { + sfe_ipv4_destroy_all_rules_for_dev(dev); + sfe_ipv6_destroy_all_rules_for_dev(dev); + } + + return NOTIFY_DONE; +} + +/* + * fast_classifier_inet_event() + */ +static int fast_classifier_inet_event(struct notifier_block *this, unsigned long event, void *ptr) +{ + struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; + + if (dev && (event == NETDEV_DOWN)) { + sfe_ipv4_destroy_all_rules_for_dev(dev); + } + + return NOTIFY_DONE; +} + +/* + * fast_classifier_inet6_event() + */ +static int fast_classifier_inet6_event(struct notifier_block *this, unsigned long event, void *ptr) +{ + struct net_device *dev = ((struct inet6_ifaddr *)ptr)->idev->dev; + + if (dev && (event == NETDEV_DOWN)) { + sfe_ipv6_destroy_all_rules_for_dev(dev); + } + + return NOTIFY_DONE; +} + +/* + * fast_classifier_get_offload_at_pkts() + */ +static ssize_t fast_classifier_get_offload_at_pkts(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + return snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", offload_at_pkts); +} + +/* + * fast_classifier_set_offload_at_pkts() + */ +static ssize_t fast_classifier_set_offload_at_pkts(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) +{ + long new; + int ret; + + ret = kstrtol(buf, 0, &new); + if (ret == -EINVAL || ((int)new != new)) + return -EINVAL; + + offload_at_pkts = new; + + return size; +} + +/* + * fast_classifier_get_debug_info() + */ +static ssize_t fast_classifier_get_debug_info(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + size_t len = 0; + struct sfe_connection *conn; + u32 i; + + spin_lock_bh(&sfe_connections_lock); + len += scnprintf(buf, PAGE_SIZE - len, "size=%d offload=%d offload_no_match=%d" + " offloaded=%d done=%d offl_dbg_msg_fail=%d done_dbg_msg_fail=%d\n", + sfe_connections_size, + atomic_read(&offload_msgs), + atomic_read(&offload_no_match_msgs), + atomic_read(&offloaded_msgs), + atomic_read(&done_msgs), + atomic_read(&offloaded_fail_msgs), + atomic_read(&done_fail_msgs)); + sfe_hash_for_each(fc_conn_ht, i, conn, hl) { + len += scnprintf(buf + len, PAGE_SIZE - len, + (conn->is_v4 ? "o=%d, p=%d [%pM]:%pI4:%u %pI4:%u:[%pM] m=%08x h=%d\n" : "o=%d, p=%d [%pM]:%pI6:%u %pI6:%u:[%pM] m=%08x h=%d\n"), + conn->offloaded, + conn->sic->protocol, + conn->sic->src_mac, + &conn->sic->src_ip, + conn->sic->src_port, + &conn->sic->dest_ip, + conn->sic->dest_port, + conn->sic->dest_mac_xlate, + conn->sic->mark, + conn->hits); + } + spin_unlock_bh(&sfe_connections_lock); + + return len; +} + +/* + * fast_classifier_get_skip_bridge_ingress() + */ +static ssize_t fast_classifier_get_skip_bridge_ingress(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + return snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", skip_to_bridge_ingress); +} + +/* + * fast_classifier_set_skip_bridge_ingress() + */ +static ssize_t fast_classifier_set_skip_bridge_ingress(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) +{ + long new; + int ret; + + ret = kstrtol(buf, 0, &new); + if (ret == -EINVAL || ((int)new != new)) + return -EINVAL; + + skip_to_bridge_ingress = new ? 1 : 0; + + return size; +} + +/* + * fast_classifier_get_exceptions + * dump exception counters + */ +static ssize_t fast_classifier_get_exceptions(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + int idx, len; + struct fast_classifier *sc = &__fsc; + + spin_lock_bh(&sc->lock); + for (len = 0, idx = 0; idx < FAST_CL_EXCEPTION_MAX; idx++) { + if (sc->exceptions[idx]) { + len += snprintf(buf + len, (ssize_t)(PAGE_SIZE - len), "%s = %d\n", fast_classifier_exception_events_string[idx], sc->exceptions[idx]); + } + } + spin_unlock_bh(&sc->lock); + + return len; +} + +/* + * sysfs attributes. + */ +static const struct device_attribute fast_classifier_attrs[] = { + __ATTR(offload_at_pkts, S_IWUSR | S_IRUGO, fast_classifier_get_offload_at_pkts, fast_classifier_set_offload_at_pkts), + __ATTR(debug_info, S_IRUGO, fast_classifier_get_debug_info, NULL), + __ATTR(skip_to_bridge_ingress, S_IWUSR | S_IRUGO, fast_classifier_get_skip_bridge_ingress, fast_classifier_set_skip_bridge_ingress), + __ATTR(exceptions, S_IRUGO, fast_classifier_get_exceptions, NULL), +}; + +/* + * fast_classifier_init() + */ +static int __init fast_classifier_init(void) +{ + struct fast_classifier *sc = &__fsc; + int result = -1; + size_t i, j; + + printk(KERN_ALERT "fast-classifier: starting up\n"); + DEBUG_INFO("SFE CM init\n"); + + hash_init(fc_conn_ht); + + /* + * Create sys/fast_classifier + */ + sc->sys_fast_classifier = kobject_create_and_add("fast_classifier", NULL); + if (!sc->sys_fast_classifier) { + DEBUG_ERROR("failed to register fast_classifier\n"); + goto exit1; + } + + for (i = 0; i < ARRAY_SIZE(fast_classifier_attrs); i++) { + result = sysfs_create_file(sc->sys_fast_classifier, &fast_classifier_attrs[i].attr); + if (result) { + DEBUG_ERROR("failed to register %s : %d\n", + fast_classifier_attrs[i].attr.name, result); + goto exit2; + } + } + + sc->dev_notifier.notifier_call = fast_classifier_device_event; + sc->dev_notifier.priority = 1; + register_netdevice_notifier(&sc->dev_notifier); + + sc->inet_notifier.notifier_call = fast_classifier_inet_event; + sc->inet_notifier.priority = 1; + register_inetaddr_notifier(&sc->inet_notifier); + + sc->inet6_notifier.notifier_call = fast_classifier_inet6_event; + sc->inet6_notifier.priority = 1; + register_inet6addr_notifier(&sc->inet6_notifier); + + /* + * Register our netfilter hooks. + */ + result = nf_register_hooks(fast_classifier_ops_post_routing, ARRAY_SIZE(fast_classifier_ops_post_routing)); + if (result < 0) { + DEBUG_ERROR("can't register nf post routing hook: %d\n", result); + goto exit3; + } + +#ifdef CONFIG_NF_CONNTRACK_EVENTS + /* + * Register a notifier hook to get fast notifications of expired connections. + * Note: In CONFIG_NF_CONNTRACK_CHAIN_EVENTS enabled case, nf_conntrack_register_notifier() + * function always returns 0. + */ + +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + (void)nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier); +#else + result = nf_conntrack_register_notifier(&init_net, &fast_classifier_conntrack_notifier); + if (result < 0) { + DEBUG_ERROR("can't register nf notifier hook: %d\n", result); + goto exit4; + } +#endif +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) + result = genl_register_family_with_ops_groups(&fast_classifier_gnl_family, + fast_classifier_gnl_ops, + fast_classifier_genl_mcgrp); + if (result) { + DEBUG_ERROR("failed to register genl ops: %d\n", result); + goto exit5; + } +#else + result = genl_register_family(&fast_classifier_gnl_family); + if (result) { + printk(KERN_CRIT "unable to register genl family\n"); + goto exit5; + } + + result = genl_register_ops(&fast_classifier_gnl_family, fast_classifier_gnl_ops); + if (result) { + printk(KERN_CRIT "unable to register ops\n"); + goto exit6; + } + + result = genl_register_mc_group(&fast_classifier_gnl_family, + fast_classifier_genl_mcgrp); + if (result) { + printk(KERN_CRIT "unable to register multicast group\n"); + goto exit6; + } +#endif + + printk(KERN_ALERT "fast-classifier: registered\n"); + + spin_lock_init(&sc->lock); + + /* + * Hook the receive path in the network stack. + */ + BUG_ON(fast_nat_recv); + RCU_INIT_POINTER(fast_nat_recv, fast_classifier_recv); + + /* + * Hook the shortcut sync callback. + */ + sfe_ipv4_register_sync_rule_callback(fast_classifier_sync_rule); + sfe_ipv6_register_sync_rule_callback(fast_classifier_sync_rule); + return 0; + +#if (LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0)) +exit6: + genl_unregister_family(&fast_classifier_gnl_family); +#endif + +exit5: +#ifdef CONFIG_NF_CONNTRACK_EVENTS + nf_conntrack_unregister_notifier(&init_net, &fast_classifier_conntrack_notifier); + +exit4: +#endif + nf_unregister_hooks(fast_classifier_ops_post_routing, ARRAY_SIZE(fast_classifier_ops_post_routing)); + +exit3: + unregister_inetaddr_notifier(&sc->inet_notifier); + unregister_inet6addr_notifier(&sc->inet6_notifier); + unregister_netdevice_notifier(&sc->dev_notifier); + +exit2: + for (j = 0; j < i; j++) { + sysfs_remove_file(sc->sys_fast_classifier, &fast_classifier_attrs[j].attr); + } + kobject_put(sc->sys_fast_classifier); + +exit1: + return result; +} + +/* + * fast_classifier_exit() + */ +static void __exit fast_classifier_exit(void) +{ + struct fast_classifier *sc = &__fsc; + int result = -1; + + DEBUG_INFO("SFE CM exit\n"); + printk(KERN_ALERT "fast-classifier: shutting down\n"); + + /* + * Unregister our sync callback. + */ + sfe_ipv4_register_sync_rule_callback(NULL); + sfe_ipv6_register_sync_rule_callback(NULL); + + /* + * Unregister our receive callback. + */ + RCU_INIT_POINTER(fast_nat_recv, NULL); + + /* + * Wait for all callbacks to complete. + */ + rcu_barrier(); + + /* + * Destroy all connections. + */ + sfe_ipv4_destroy_all_rules_for_dev(NULL); + sfe_ipv6_destroy_all_rules_for_dev(NULL); + +#if (LINUX_VERSION_CODE < KERNEL_VERSION(3, 13, 0)) + result = genl_unregister_ops(&fast_classifier_gnl_family, fast_classifier_gnl_ops); + if (result != 0) { + printk(KERN_CRIT "Unable to unreigster genl_ops\n"); + } +#endif + + result = genl_unregister_family(&fast_classifier_gnl_family); + if (result != 0) { + printk(KERN_CRIT "Unable to unreigster genl_family\n"); + } + +#ifdef CONFIG_NF_CONNTRACK_EVENTS + nf_conntrack_unregister_notifier(&init_net, &fast_classifier_conntrack_notifier); + +#endif + nf_unregister_hooks(fast_classifier_ops_post_routing, ARRAY_SIZE(fast_classifier_ops_post_routing)); + + unregister_inet6addr_notifier(&sc->inet6_notifier); + unregister_inetaddr_notifier(&sc->inet_notifier); + unregister_netdevice_notifier(&sc->dev_notifier); + + kobject_put(sc->sys_fast_classifier); +} + +module_init(fast_classifier_init) +module_exit(fast_classifier_exit) + +MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager"); +MODULE_LICENSE("Dual BSD/GPL"); + diff --git a/package/lean/shortcut-fe/src/fast-classifier.h b/package/lean/shortcut-fe/src/fast-classifier.h new file mode 100644 index 000000000..6b7a18cf6 --- /dev/null +++ b/package/lean/shortcut-fe/src/fast-classifier.h @@ -0,0 +1,57 @@ +/* + * User space header to send message to the fast classifier + * + * Copyright (c) 2013,2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#define FAST_CLASSIFIER_GENL_VERSION (1) +#define FAST_CLASSIFIER_GENL_NAME "FC" +#define FAST_CLASSIFIER_GENL_MCGRP "FC_MCGRP" +#define FAST_CLASSIFIER_GENL_HDRSIZE (0) + +enum { + FAST_CLASSIFIER_A_UNSPEC, + FAST_CLASSIFIER_A_TUPLE, + __FAST_CLASSIFIER_A_MAX, +}; + +#define FAST_CLASSIFIER_A_MAX (__FAST_CLASSIFIER_A_MAX - 1) + +enum { + FAST_CLASSIFIER_C_UNSPEC, + FAST_CLASSIFIER_C_OFFLOAD, + FAST_CLASSIFIER_C_OFFLOADED, + FAST_CLASSIFIER_C_DONE, + __FAST_CLASSIFIER_C_MAX, +}; + +#define FAST_CLASSIFIER_C_MAX (__FAST_CLASSIFIER_C_MAX - 1) + +struct fast_classifier_tuple { + unsigned short ethertype; + unsigned char proto; + union { + struct in_addr in; + struct in6_addr in6; + } src_saddr; + union { + struct in_addr in; + struct in6_addr in6; + } dst_saddr; + unsigned short sport; + unsigned short dport; + unsigned char smac[ETH_ALEN]; + unsigned char dmac[ETH_ALEN]; +}; diff --git a/package/lean/shortcut-fe/src/nl_classifier_test.c b/package/lean/shortcut-fe/src/nl_classifier_test.c new file mode 100644 index 000000000..639417964 --- /dev/null +++ b/package/lean/shortcut-fe/src/nl_classifier_test.c @@ -0,0 +1,281 @@ +/* + * Copyright (c) 2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include + +#define NL_CLASSIFIER_GENL_VERSION 1 +#define NL_CLASSIFIER_GENL_FAMILY "FC" +#define NL_CLASSIFIER_GENL_GROUP "FC_MCGRP" +#define NL_CLASSIFIER_GENL_HDRSIZE 0 + +enum NL_CLASSIFIER_CMD { + NL_CLASSIFIER_CMD_UNSPEC, + NL_CLASSIFIER_CMD_ACCEL, + NL_CLASSIFIER_CMD_ACCEL_OK, + NL_CLASSIFIER_CMD_CONNECTION_CLOSED, + NL_CLASSIFIER_CMD_MAX, +}; + +enum NL_CLASSIFIER_ATTR { + NL_CLASSIFIER_ATTR_UNSPEC, + NL_CLASSIFIER_ATTR_TUPLE, + NL_CLASSIFIER_ATTR_MAX, +}; + +union nl_classifier_tuple_ip { + struct in_addr in; + struct in6_addr in6; +}; + +struct nl_classifier_tuple { + unsigned short af; + unsigned char proto; + union nl_classifier_tuple_ip src_ip; + union nl_classifier_tuple_ip dst_ip; + unsigned short sport; + unsigned short dport; + unsigned char smac[6]; + unsigned char dmac[6]; +}; + +struct nl_classifier_instance { + struct nl_sock *sock; + int family_id; + int group_id; + int stop; +}; + +struct nl_classifier_instance nl_cls_inst; + +static struct nla_policy nl_classifier_genl_policy[(NL_CLASSIFIER_ATTR_MAX+1)] = { + [NL_CLASSIFIER_ATTR_TUPLE] = { .type = NLA_UNSPEC }, +}; + +void nl_classifier_dump_nl_tuple(struct nl_classifier_tuple *tuple) +{ + char ip_str[64]; + + printf("protocol = %s\n", (tuple->proto == IPPROTO_UDP) ? "udp" : ((tuple->proto == IPPROTO_TCP) ? "tcp" : "unknown")); + printf("source ip = %s\n", inet_ntop(tuple->af, &tuple->src_ip, ip_str, sizeof(ip_str))); + printf("destination ip = %s\n", inet_ntop(tuple->af, &tuple->dst_ip, ip_str, sizeof(ip_str))); + printf("source port = %d\n", ntohs(tuple->sport)); + printf("destination port = %d\n", ntohs(tuple->dport)); +} + +int nl_classifier_msg_recv(struct nl_msg *msg, void *arg) +{ + struct nlmsghdr *nlh = nlmsg_hdr(msg); + struct genlmsghdr *gnlh = nlmsg_data(nlh); + struct nlattr *attrs[(NL_CLASSIFIER_ATTR_MAX+1)]; + + genlmsg_parse(nlh, NL_CLASSIFIER_GENL_HDRSIZE, attrs, NL_CLASSIFIER_ATTR_MAX, nl_classifier_genl_policy); + + switch (gnlh->cmd) { + case NL_CLASSIFIER_CMD_ACCEL_OK: + printf("Acceleration successful:\n"); + nl_classifier_dump_nl_tuple(nla_data(attrs[NL_CLASSIFIER_ATTR_TUPLE])); + return NL_OK; + case NL_CLASSIFIER_CMD_CONNECTION_CLOSED: + printf("Connection is closed:\n"); + nl_classifier_dump_nl_tuple(nla_data(attrs[NL_CLASSIFIER_ATTR_TUPLE])); + return NL_OK; + default: + printf("nl classifier received unknow message %d\n", gnlh->cmd); + } + + return NL_SKIP; +} + +void nl_classifier_offload(struct nl_classifier_instance *inst, + unsigned char proto, unsigned long *src_saddr, + unsigned long *dst_saddr, unsigned short sport, + unsigned short dport, int af) +{ + struct nl_msg *msg; + int ret; + struct nl_classifier_tuple classifier_msg; + + memset(&classifier_msg, 0, sizeof(classifier_msg)); + classifier_msg.af = af; + classifier_msg.proto = proto; + memcpy(&classifier_msg.src_ip, src_saddr, (af == AF_INET ? 4 : 16)); + memcpy(&classifier_msg.dst_ip, dst_saddr, (af == AF_INET ? 4 : 16)); + classifier_msg.sport = sport; + classifier_msg.dport = dport; + + msg = nlmsg_alloc(); + if (!msg) { + printf("Unable to allocate message\n"); + return; + } + + genlmsg_put(msg, NL_AUTO_PID, NL_AUTO_SEQ, inst->family_id, + NL_CLASSIFIER_GENL_HDRSIZE, NLM_F_REQUEST, + NL_CLASSIFIER_CMD_ACCEL, NL_CLASSIFIER_GENL_VERSION); + nla_put(msg, NL_CLASSIFIER_ATTR_TUPLE, sizeof(classifier_msg), &classifier_msg); + + ret = nl_send_auto(inst->sock, msg); + if (ret < 0) { + printf("send netlink message failed.\n"); + nlmsg_free(msg); + return; + } + + nlmsg_free(msg); + printf("nl classifier offload connection successful\n"); +} + +int nl_classifier_init(struct nl_classifier_instance *inst) +{ + int ret; + + inst->sock = nl_socket_alloc(); + if (!inst->sock) { + printf("Unable to allocation socket.\n"); + return -1; + } + genl_connect(inst->sock); + + inst->family_id = genl_ctrl_resolve(inst->sock, NL_CLASSIFIER_GENL_FAMILY); + if (inst->family_id < 0) { + printf("Unable to resolve family %s\n", NL_CLASSIFIER_GENL_FAMILY); + goto init_failed; + } + + inst->group_id = genl_ctrl_resolve_grp(inst->sock, NL_CLASSIFIER_GENL_FAMILY, NL_CLASSIFIER_GENL_GROUP); + if (inst->group_id < 0) { + printf("Unable to resolve mcast group %s\n", NL_CLASSIFIER_GENL_GROUP); + goto init_failed; + } + + ret = nl_socket_add_membership(inst->sock, inst->group_id); + if (ret < 0) { + printf("Unable to add membership\n"); + goto init_failed; + } + + nl_socket_disable_seq_check(inst->sock); + nl_socket_modify_cb(inst->sock, NL_CB_VALID, NL_CB_CUSTOM, nl_classifier_msg_recv, NULL); + + printf("nl classifier init successful\n"); + return 0; + +init_failed: + if (inst->sock) { + nl_close(inst->sock); + nl_socket_free(inst->sock); + inst->sock = NULL; + } + return -1; +} + +void nl_classifier_exit(struct nl_classifier_instance *inst) +{ + if (inst->sock) { + nl_close(inst->sock); + nl_socket_free(inst->sock); + inst->sock = NULL; + } + printf("nl classifier exit successful\n"); +} + +int nl_classifier_parse_arg(int argc, char *argv[], unsigned char *proto, unsigned long *src_saddr, + unsigned long *dst_saddr, unsigned short *sport, unsigned short *dport, int *af) +{ + int ret; + unsigned short port; + + if (argc < 7) { + printf("help: nl_classifier \n"); + return -1; + } + + if (0 == strncmp(argv[1], "v4", 2)) { + *af = AF_INET; + } else if (0 == strncmp(argv[1], "v6", 2)) { + *af = AF_INET6; + } else { + printf("Address family is not supported"); + return -1; + } + + if (0 == strncmp(argv[2], "udp", 3)) { + *proto = IPPROTO_UDP; + } else if (0 == strncmp(argv[2], "tcp", 3)) { + *proto = IPPROTO_TCP; + } else { + printf("Protocol is not supported"); + return -1; + } + + ret = inet_pton(*af, argv[3], src_saddr); + if (ret <= 0) { + printf("source ip has wrong format\n"); + return -1; + } + + ret = inet_pton(*af, argv[4], dst_saddr); + if (ret <= 0) { + printf("destination ip has wrong format\n"); + return -1; + } + + port = strtol(argv[5], NULL, 0); + *sport = htons(port); + port = strtol(argv[6], NULL, 0); + *dport = htons(port); + + printf("nl classifier parse arguments successful\n"); + return 0; +} + +int main(int argc, char *argv[]) +{ + struct nl_classifier_instance *inst = &nl_cls_inst; + unsigned char proto; + unsigned long src_addr[4]; + unsigned long dst_addr[4]; + unsigned short sport; + unsigned short dport; + int af; + int ret; + + ret = nl_classifier_parse_arg(argc, argv, &proto, src_addr, dst_addr, &sport, &dport, &af); + if (ret < 0) { + printf("Failed to parse arguments\n"); + return ret; + } + + ret = nl_classifier_init(inst); + if (ret < 0) { + printf("Unable to init generic netlink\n"); + return ret; + } + + nl_classifier_offload(inst, proto, src_addr, dst_addr, sport, dport, af); + + /* main loop to listen on message */ + while (!inst->stop) { + nl_recvmsgs_default(inst->sock); + } + + nl_classifier_exit(inst); + + return 0; +} diff --git a/package/lean/shortcut-fe/src/sfe.h b/package/lean/shortcut-fe/src/sfe.h new file mode 100644 index 000000000..21a127556 --- /dev/null +++ b/package/lean/shortcut-fe/src/sfe.h @@ -0,0 +1,61 @@ +/* + * sfe.h + * Shortcut forwarding engine. + * + * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Debug output verbosity level. + */ +#define DEBUG_LEVEL 0 + +#if (DEBUG_LEVEL < 1) +#define DEBUG_ERROR(s, ...) +#else +#define DEBUG_ERROR(s, ...) \ +do { \ + printk("%s[%u]: ERROR:", __FILE__, __LINE__); \ + printk(s, ##__VA_ARGS__); \ +} while (0) +#endif + +#if (DEBUG_LEVEL < 2) +#define DEBUG_WARN(s, ...) +#else +#define DEBUG_WARN(s, ...) \ +do { \ + printk("%s[%u]: WARN:", __FILE__, __LINE__); \ + printk(s, ##__VA_ARGS__); \ +} while (0) +#endif + +#if (DEBUG_LEVEL < 3) +#define DEBUG_INFO(s, ...) +#else +#define DEBUG_INFO(s, ...) \ +do { \ + printk("%s[%u]: INFO:", __FILE__, __LINE__); \ + printk(s, ##__VA_ARGS__); \ +} while (0) +#endif + +#if (DEBUG_LEVEL < 4) +#define DEBUG_TRACE(s, ...) +#else +#define DEBUG_TRACE(s, ...) \ +do { \ + printk("%s[%u]: TRACE:", __FILE__, __LINE__); \ + printk(s, ##__VA_ARGS__); \ +} while (0) +#endif diff --git a/package/lean/shortcut-fe/src/sfe_backport.h b/package/lean/shortcut-fe/src/sfe_backport.h new file mode 100644 index 000000000..b24f6e67e --- /dev/null +++ b/package/lean/shortcut-fe/src/sfe_backport.h @@ -0,0 +1,138 @@ +/* + * sfe_backport.h + * Shortcut forwarding engine compatible header file. + * + * Copyright (c) 2014-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) +#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ +static unsigned int FN_NAME(void *priv, \ + struct sk_buff *SKB, \ + const struct nf_hook_state *state) +#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) +#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ +static unsigned int FN_NAME(const struct nf_hook_ops *OPS, \ + struct sk_buff *SKB, \ + const struct net_device *UNUSED, \ + const struct net_device *OUT, \ + int (*OKFN)(struct sk_buff *)) +#else +#define sfe_define_post_routing_hook(FN_NAME, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ +static unsigned int FN_NAME(unsigned int HOOKNUM, \ + struct sk_buff *SKB, \ + const struct net_device *UNUSED, \ + const struct net_device *OUT, \ + int (*OKFN)(struct sk_buff *)) +#endif + +#define sfe_cm_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__sfe_cm_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) +#define sfe_cm_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__sfe_cm_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) +#define fast_classifier_ipv4_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__fast_classifier_ipv4_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) +#define fast_classifier_ipv6_post_routing_hook(HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) \ + sfe_define_post_routing_hook(__fast_classifier_ipv6_post_routing_hook, HOOKNUM, OPS, SKB, UNUSED, OUT, OKFN) + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) +#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .pf = NFPROTO_IPV4, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP_PRI_NAT_SRC + 1, \ + } +#else +#define SFE_IPV4_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .owner = THIS_MODULE, \ + .pf = NFPROTO_IPV4, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP_PRI_NAT_SRC + 1, \ + } +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)) +#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .pf = NFPROTO_IPV6, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP_PRI_NAT_SRC + 1, \ + } +#else +#define SFE_IPV6_NF_POST_ROUTING_HOOK(fn) \ + { \ + .hook = fn, \ + .owner = THIS_MODULE, \ + .pf = NFPROTO_IPV6, \ + .hooknum = NF_INET_POST_ROUTING, \ + .priority = NF_IP6_PRI_NAT_SRC + 1, \ + } +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)) +#define SFE_NF_CT_DEFAULT_ZONE (&nf_ct_zone_dflt) +#else +#define SFE_NF_CT_DEFAULT_ZONE NF_CT_DEFAULT_ZONE +#endif + +/* + * sfe_dev_get_master + * get master of bridge port, and hold it + */ +static inline struct net_device *sfe_dev_get_master(struct net_device *dev) +{ + struct net_device *master; +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)) + rcu_read_lock(); + master = netdev_master_upper_dev_get_rcu(dev); + if (master) + dev_hold(master); + + rcu_read_unlock(); +#else + master = dev->master; + if (master) + dev_hold(master); +#endif + return master; +} + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)) +#define SFE_DEV_EVENT_PTR(PTR) netdev_notifier_info_to_dev(PTR) +#else +#define SFE_DEV_EVENT_PTR(PTR) (struct net_device *)(PTR) +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) +#define SFE_NF_CONN_ACCT(NM) struct nf_conn_acct *NM +#else +#define SFE_NF_CONN_ACCT(NM) struct nf_conn_counter *NM +#endif + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) +#define SFE_ACCT_COUNTER(NM) ((NM)->counter) +#else +#define SFE_ACCT_COUNTER(NM) (NM) +#endif + +#define sfe_hash_for_each_possible(name, obj, member, key) \ + hash_for_each_possible(name, obj, member, key) + +#define sfe_hash_for_each(name, bkt, obj, member) \ + hash_for_each(name, bkt, obj, member) diff --git a/package/lean/shortcut-fe/src/sfe_cm.c b/package/lean/shortcut-fe/src/sfe_cm.c new file mode 100644 index 000000000..6d3e21085 --- /dev/null +++ b/package/lean/shortcut-fe/src/sfe_cm.c @@ -0,0 +1,1203 @@ +/* + * sfe-cm.c + * Shortcut forwarding engine connection manager. + * + * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "sfe.h" +#include "sfe_cm.h" +#include "sfe_backport.h" + +typedef enum sfe_cm_exception { + SFE_CM_EXCEPTION_PACKET_BROADCAST, + SFE_CM_EXCEPTION_PACKET_MULTICAST, + SFE_CM_EXCEPTION_NO_IIF, + SFE_CM_EXCEPTION_NO_CT, + SFE_CM_EXCEPTION_CT_NO_TRACK, + SFE_CM_EXCEPTION_CT_NO_CONFIRM, + SFE_CM_EXCEPTION_CT_IS_ALG, + SFE_CM_EXCEPTION_IS_IPV4_MCAST, + SFE_CM_EXCEPTION_IS_IPV6_MCAST, + SFE_CM_EXCEPTION_TCP_NOT_ASSURED, + SFE_CM_EXCEPTION_TCP_NOT_ESTABLISHED, + SFE_CM_EXCEPTION_UNKNOW_PROTOCOL, + SFE_CM_EXCEPTION_NO_SRC_DEV, + SFE_CM_EXCEPTION_NO_SRC_XLATE_DEV, + SFE_CM_EXCEPTION_NO_DEST_DEV, + SFE_CM_EXCEPTION_NO_DEST_XLATE_DEV, + SFE_CM_EXCEPTION_NO_BRIDGE, + SFE_CM_EXCEPTION_LOCAL_OUT, + SFE_CM_EXCEPTION_MAX +} sfe_cm_exception_t; + +static char *sfe_cm_exception_events_string[SFE_CM_EXCEPTION_MAX] = { + "PACKET_BROADCAST", + "PACKET_MULTICAST", + "NO_IIF", + "NO_CT", + "CT_NO_TRACK", + "CT_NO_CONFIRM", + "CT_IS_ALG", + "IS_IPV4_MCAST", + "IS_IPV6_MCAST", + "TCP_NOT_ASSURED", + "TCP_NOT_ESTABLISHED", + "UNKNOW_PROTOCOL", + "NO_SRC_DEV", + "NO_SRC_XLATE_DEV", + "NO_DEST_DEV", + "NO_DEST_XLATE_DEV", + "NO_BRIDGE", + "LOCAL_OUT" +}; + +/* + * Per-module structure. + */ +struct sfe_cm { + spinlock_t lock; /* Lock for SMP correctness */ + + /* + * Control state. + */ + struct kobject *sys_sfe_cm; /* sysfs linkage */ + + /* + * Callback notifiers. + */ + struct notifier_block dev_notifier; /* Device notifier */ + struct notifier_block inet_notifier; /* IPv4 notifier */ + struct notifier_block inet6_notifier; /* IPv6 notifier */ + u32 exceptions[SFE_CM_EXCEPTION_MAX]; +}; + +static struct sfe_cm __sc; + + +/* + * sfe_cm_incr_exceptions() + * increase an exception counter. + */ +static inline void sfe_cm_incr_exceptions(sfe_cm_exception_t except) +{ + struct sfe_cm *sc = &__sc; + + spin_lock_bh(&sc->lock); + sc->exceptions[except]++; + spin_unlock_bh(&sc->lock); +} + +/* + * sfe_cm_recv() + * Handle packet receives. + * + * Returns 1 if the packet is forwarded or 0 if it isn't. + */ +static int sfe_cm_recv(struct sk_buff *skb) +{ + struct net_device *dev; + + /* + * We know that for the vast majority of packets we need the transport + * layer header so we may as well start to fetch it now! + */ + prefetch(skb->data + 32); + barrier(); + + dev = skb->dev; + +#ifdef CONFIG_NET_CLS_ACT + /* + * If ingress Qdisc configured, and packet not processed by ingress Qdisc yet + * We cannot accelerate this packet. + */ + if (dev->ingress_queue && !(skb->tc_verd & TC_NCLS)) { + return 0; + } +#endif + + /* + * We're only interested in IPv4 and IPv6 packets. + */ + if (likely(htons(ETH_P_IP) == skb->protocol)) { + struct in_device *in_dev; + + /* + * Does our input device support IP processing? + */ + in_dev = (struct in_device *)dev->ip_ptr; + if (unlikely(!in_dev)) { + DEBUG_TRACE("no IP processing for device: %s\n", dev->name); + return 0; + } + + /* + * Does it have an IP address? If it doesn't then we can't do anything + * interesting here! + */ + if (unlikely(!in_dev->ifa_list)) { + DEBUG_TRACE("no IP address for device: %s\n", dev->name); + return 0; + } + + return sfe_ipv4_recv(dev, skb); + } + + if (likely(htons(ETH_P_IPV6) == skb->protocol)) { + struct inet6_dev *in_dev; + + /* + * Does our input device support IPv6 processing? + */ + in_dev = (struct inet6_dev *)dev->ip6_ptr; + if (unlikely(!in_dev)) { + DEBUG_TRACE("no IPv6 processing for device: %s\n", dev->name); + return 0; + } + + /* + * Does it have an IPv6 address? If it doesn't then we can't do anything + * interesting here! + */ + if (unlikely(list_empty(&in_dev->addr_list))) { + DEBUG_TRACE("no IPv6 address for device: %s\n", dev->name); + return 0; + } + + return sfe_ipv6_recv(dev, skb); + } + + DEBUG_TRACE("not IP packet\n"); + return 0; +} + +/* + * sfe_cm_find_dev_and_mac_addr() + * Find the device and MAC address for a given IPv4/IPv6 address. + * + * Returns true if we find the device and MAC address, otherwise false. + * + * We look up the rtable entry for the address and, from its neighbour + * structure, obtain the hardware address. This means this function also + * works if the neighbours are routers too. + */ +static bool sfe_cm_find_dev_and_mac_addr(sfe_ip_addr_t *addr, struct net_device **dev, u8 *mac_addr, int is_v4) +{ + struct neighbour *neigh; + struct rtable *rt; + struct rt6_info *rt6; + struct dst_entry *dst; + struct net_device *mac_dev; + + /* + * Look up the rtable entry for the IP address then get the hardware + * address from its neighbour structure. This means this work when the + * neighbours are routers too. + */ + if (likely(is_v4)) { + rt = ip_route_output(&init_net, addr->ip, 0, 0, 0); + if (unlikely(IS_ERR(rt))) { + goto ret_fail; + } + + dst = (struct dst_entry *)rt; + } else { + rt6 = rt6_lookup(&init_net, (struct in6_addr *)addr->ip6, 0, 0, 0); + if (!rt6) { + goto ret_fail; + } + + dst = (struct dst_entry *)rt6; + } + + rcu_read_lock(); + neigh = dst_neigh_lookup(dst, addr); + if (unlikely(!neigh)) { + rcu_read_unlock(); + dst_release(dst); + goto ret_fail; + } + + if (unlikely(!(neigh->nud_state & NUD_VALID))) { + rcu_read_unlock(); + neigh_release(neigh); + dst_release(dst); + goto ret_fail; + } + + mac_dev = neigh->dev; + if (!mac_dev) { + rcu_read_unlock(); + neigh_release(neigh); + dst_release(dst); + goto ret_fail; + } + + memcpy(mac_addr, neigh->ha, (size_t)mac_dev->addr_len); + + dev_hold(mac_dev); + *dev = mac_dev; + rcu_read_unlock(); + neigh_release(neigh); + dst_release(dst); + + return true; + +ret_fail: + if (is_v4) { + DEBUG_TRACE("failed to find MAC address for IP: %pI4\n", &addr->ip); + + } else { + DEBUG_TRACE("failed to find MAC address for IP: %pI6\n", addr->ip6); + } + + return false; +} + +/* + * sfe_cm_post_routing() + * Called for packets about to leave the box - either locally generated or forwarded from another interface + */ +static unsigned int sfe_cm_post_routing(struct sk_buff *skb, int is_v4) +{ + struct sfe_connection_create sic; + struct net_device *in; + struct nf_conn *ct; + enum ip_conntrack_info ctinfo; + struct net_device *dev; + struct net_device *src_dev; + struct net_device *dest_dev; + struct net_device *src_br_dev = NULL; + struct net_device *dest_br_dev = NULL; + struct nf_conntrack_tuple orig_tuple; + struct nf_conntrack_tuple reply_tuple; + SFE_NF_CONN_ACCT(acct); + + /* + * Don't process broadcast or multicast packets. + */ + if (unlikely(skb->pkt_type == PACKET_BROADCAST)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_PACKET_BROADCAST); + DEBUG_TRACE("broadcast, ignoring\n"); + return NF_ACCEPT; + } + if (unlikely(skb->pkt_type == PACKET_MULTICAST)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_PACKET_MULTICAST); + DEBUG_TRACE("multicast, ignoring\n"); + return NF_ACCEPT; + } + +#ifdef CONFIG_XFRM + /* + * Packet to xfrm for encapsulation, we can't process it + */ + if (unlikely(skb_dst(skb)->xfrm)) { + DEBUG_TRACE("packet to xfrm, ignoring\n"); + return NF_ACCEPT; + } +#endif + + /* + * Don't process locally generated packets. + */ + if (skb->sk) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_LOCAL_OUT); + DEBUG_TRACE("skip local out packet\n"); + return NF_ACCEPT; + } + + /* + * Don't process packets that are not being forwarded. + */ + in = dev_get_by_index(&init_net, skb->skb_iif); + if (!in) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_IIF); + DEBUG_TRACE("packet not forwarding\n"); + return NF_ACCEPT; + } + + dev_put(in); + + /* + * Don't process packets that aren't being tracked by conntrack. + */ + ct = nf_ct_get(skb, &ctinfo); + if (unlikely(!ct)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_CT); + DEBUG_TRACE("no conntrack connection, ignoring\n"); + return NF_ACCEPT; + } + + /* + * Don't process untracked connections. + */ + if (unlikely(nf_ct_is_untracked(ct))) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_TRACK); + DEBUG_TRACE("untracked connection\n"); + return NF_ACCEPT; + } + + /* + * Unconfirmed connection may be dropped by Linux at the final step, + * So we don't process unconfirmed connections. + */ + if (!nf_ct_is_confirmed(ct)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_NO_CONFIRM); + DEBUG_TRACE("unconfirmed connection\n"); + return NF_ACCEPT; + } + + /* + * Don't process connections that require support from a 'helper' (typically a NAT ALG). + */ + if (unlikely(nfct_help(ct))) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_CT_IS_ALG); + DEBUG_TRACE("connection has helper\n"); + return NF_ACCEPT; + } + + /* + * Check if the acceleration of a flow could be rejected quickly. + */ + acct = nf_conn_acct_find(ct); + if (acct) { + long long packets = atomic64_read(&SFE_ACCT_COUNTER(acct)[CTINFO2DIR(ctinfo)].packets); + if ((packets > 0xff) && (packets & 0xff)) { + /* + * Connection hits slow path at least 256 times, so it must be not able to accelerate. + * But we also give it a chance to walk through ECM every 256 packets + */ + return NF_ACCEPT; + } + } + + /* + * Look up the details of our connection in conntrack. + * + * Note that the data we get from conntrack is for the "ORIGINAL" direction + * but our packet may actually be in the "REPLY" direction. + */ + orig_tuple = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; + reply_tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple; + sic.protocol = (s32)orig_tuple.dst.protonum; + + sic.flags = 0; + + /* + * Get addressing information, non-NAT first + */ + if (likely(is_v4)) { + u32 dscp; + + sic.src_ip.ip = (__be32)orig_tuple.src.u3.ip; + sic.dest_ip.ip = (__be32)orig_tuple.dst.u3.ip; + + if (ipv4_is_multicast(sic.src_ip.ip) || ipv4_is_multicast(sic.dest_ip.ip)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_IS_IPV4_MCAST); + DEBUG_TRACE("multicast address\n"); + return NF_ACCEPT; + } + + /* + * NAT'ed addresses - note these are as seen from the 'reply' direction + * When NAT does not apply to this connection these will be identical to the above. + */ + sic.src_ip_xlate.ip = (__be32)reply_tuple.dst.u3.ip; + sic.dest_ip_xlate.ip = (__be32)reply_tuple.src.u3.ip; + + dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; + if (dscp) { + sic.dest_dscp = dscp; + sic.src_dscp = sic.dest_dscp; + sic.flags |= SFE_CREATE_FLAG_REMARK_DSCP; + } + } else { + u32 dscp; + + sic.src_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.src.u3.in6); + sic.dest_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.dst.u3.in6); + + if (ipv6_addr_is_multicast((struct in6_addr *)sic.src_ip.ip6) || + ipv6_addr_is_multicast((struct in6_addr *)sic.dest_ip.ip6)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_IS_IPV6_MCAST); + DEBUG_TRACE("multicast address\n"); + return NF_ACCEPT; + } + + /* + * NAT'ed addresses - note these are as seen from the 'reply' direction + * When NAT does not apply to this connection these will be identical to the above. + */ + sic.src_ip_xlate.ip6[0] = *((struct sfe_ipv6_addr *)&reply_tuple.dst.u3.in6); + sic.dest_ip_xlate.ip6[0] = *((struct sfe_ipv6_addr *)&reply_tuple.src.u3.in6); + + dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; + if (dscp) { + sic.dest_dscp = dscp; + sic.src_dscp = sic.dest_dscp; + sic.flags |= SFE_CREATE_FLAG_REMARK_DSCP; + } + } + + switch (sic.protocol) { + case IPPROTO_TCP: + sic.src_port = orig_tuple.src.u.tcp.port; + sic.dest_port = orig_tuple.dst.u.tcp.port; + sic.src_port_xlate = reply_tuple.dst.u.tcp.port; + sic.dest_port_xlate = reply_tuple.src.u.tcp.port; + sic.src_td_window_scale = ct->proto.tcp.seen[0].td_scale; + sic.src_td_max_window = ct->proto.tcp.seen[0].td_maxwin; + sic.src_td_end = ct->proto.tcp.seen[0].td_end; + sic.src_td_max_end = ct->proto.tcp.seen[0].td_maxend; + sic.dest_td_window_scale = ct->proto.tcp.seen[1].td_scale; + sic.dest_td_max_window = ct->proto.tcp.seen[1].td_maxwin; + sic.dest_td_end = ct->proto.tcp.seen[1].td_end; + sic.dest_td_max_end = ct->proto.tcp.seen[1].td_maxend; + + if (nf_ct_tcp_no_window_check + || (ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_BE_LIBERAL) + || (ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_BE_LIBERAL)) { + sic.flags |= SFE_CREATE_FLAG_NO_SEQ_CHECK; + } + + /* + * Don't try to manage a non-established connection. + */ + if (!test_bit(IPS_ASSURED_BIT, &ct->status)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_TCP_NOT_ASSURED); + DEBUG_TRACE("non-established connection\n"); + return NF_ACCEPT; + } + + /* + * If the connection is shutting down do not manage it. + * state can not be SYN_SENT, SYN_RECV because connection is assured + * Not managed states: FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSE. + */ + spin_lock_bh(&ct->lock); + if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) { + spin_unlock_bh(&ct->lock); + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_TCP_NOT_ESTABLISHED); + DEBUG_TRACE("connection in termination state: %#x, s: %pI4:%u, d: %pI4:%u\n", + ct->proto.tcp.state, &sic.src_ip, ntohs(sic.src_port), + &sic.dest_ip, ntohs(sic.dest_port)); + return NF_ACCEPT; + } + spin_unlock_bh(&ct->lock); + break; + + case IPPROTO_UDP: + sic.src_port = orig_tuple.src.u.udp.port; + sic.dest_port = orig_tuple.dst.u.udp.port; + sic.src_port_xlate = reply_tuple.dst.u.udp.port; + sic.dest_port_xlate = reply_tuple.src.u.udp.port; + break; + + default: + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_UNKNOW_PROTOCOL); + DEBUG_TRACE("unhandled protocol %d\n", sic.protocol); + return NF_ACCEPT; + } + +#ifdef CONFIG_XFRM + sic.original_accel = 1; + sic.reply_accel = 1; + + /* + * For packets de-capsulated from xfrm, we still can accelerate it + * on the direction we just received the packet. + */ + if (unlikely(skb->sp)) { + if (sic.protocol == IPPROTO_TCP && + !(sic.flags & SFE_CREATE_FLAG_NO_SEQ_CHECK)) { + return NF_ACCEPT; + } + + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) { + sic.reply_accel = 0; + } else { + sic.original_accel = 0; + } + } +#endif + + /* + * Get QoS information + */ + if (skb->priority) { + sic.dest_priority = skb->priority; + sic.src_priority = sic.dest_priority; + sic.flags |= SFE_CREATE_FLAG_REMARK_PRIORITY; + } + + /* + * Get the net device and MAC addresses that correspond to the various source and + * destination host addresses. + */ + if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip, &src_dev, sic.src_mac, is_v4)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_DEV); + return NF_ACCEPT; + } + + if (!sfe_cm_find_dev_and_mac_addr(&sic.src_ip_xlate, &dev, sic.src_mac_xlate, is_v4)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_SRC_XLATE_DEV); + goto done1; + } + + dev_put(dev); + + if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip, &dev, sic.dest_mac, is_v4)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_DEV); + goto done1; + } + + dev_put(dev); + + if (!sfe_cm_find_dev_and_mac_addr(&sic.dest_ip_xlate, &dest_dev, sic.dest_mac_xlate, is_v4)) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_DEST_XLATE_DEV); + goto done1; + } + + /* + * Our devices may actually be part of a bridge interface. If that's + * the case then find the bridge interface instead. + */ + if (src_dev->priv_flags & IFF_BRIDGE_PORT) { + src_br_dev = sfe_dev_get_master(src_dev); + if (!src_br_dev) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_BRIDGE); + DEBUG_TRACE("no bridge found for: %s\n", src_dev->name); + goto done2; + } + + src_dev = src_br_dev; + } + + if (dest_dev->priv_flags & IFF_BRIDGE_PORT) { + dest_br_dev = sfe_dev_get_master(dest_dev); + if (!dest_br_dev) { + sfe_cm_incr_exceptions(SFE_CM_EXCEPTION_NO_BRIDGE); + DEBUG_TRACE("no bridge found for: %s\n", dest_dev->name); + goto done3; + } + + dest_dev = dest_br_dev; + } + + sic.src_dev = src_dev; + sic.dest_dev = dest_dev; + + sic.src_mtu = src_dev->mtu; + sic.dest_mtu = dest_dev->mtu; + sic.mark = skb->mark; + if (likely(is_v4)) { + sfe_ipv4_create_rule(&sic); + } else { + sfe_ipv6_create_rule(&sic); + } + + /* + * If we had bridge ports then release them too. + */ + if (dest_br_dev) { + dev_put(dest_br_dev); + } + +done3: + if (src_br_dev) { + dev_put(src_br_dev); + } + +done2: + dev_put(dest_dev); + +done1: + dev_put(src_dev); + + return NF_ACCEPT; +} + +/* + * sfe_cm_ipv4_post_routing_hook() + * Called for packets about to leave the box - either locally generated or forwarded from another interface + */ +sfe_cm_ipv4_post_routing_hook(hooknum, ops, skb, in_unused, out, okfn) +{ + return sfe_cm_post_routing(skb, true); +} + +/* + * sfe_cm_ipv6_post_routing_hook() + * Called for packets about to leave the box - either locally generated or forwarded from another interface + */ +sfe_cm_ipv6_post_routing_hook(hooknum, ops, skb, in_unused, out, okfn) +{ + return sfe_cm_post_routing(skb, false); +} + +#ifdef CONFIG_NF_CONNTRACK_EVENTS +/* + * sfe_cm_conntrack_event() + * Callback event invoked when a conntrack connection's state changes. + */ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS +static int sfe_cm_conntrack_event(struct notifier_block *this, + unsigned long events, void *ptr) +#else +static int sfe_cm_conntrack_event(unsigned int events, struct nf_ct_event *item) +#endif +{ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + struct nf_ct_event *item = ptr; +#endif + struct sfe_connection_destroy sid; + struct nf_conn *ct = item->ct; + struct nf_conntrack_tuple orig_tuple; + + /* + * If we don't have a conntrack entry then we're done. + */ + if (unlikely(!ct)) { + DEBUG_WARN("no ct in conntrack event callback\n"); + return NOTIFY_DONE; + } + + /* + * If this is an untracked connection then we can't have any state either. + */ + if (unlikely(nf_ct_is_untracked(ct))) { + DEBUG_TRACE("ignoring untracked conn\n"); + return NOTIFY_DONE; + } + + /* + * We're only interested in destroy events. + */ + if (unlikely(!(events & (1 << IPCT_DESTROY)))) { + DEBUG_TRACE("ignoring non-destroy event\n"); + return NOTIFY_DONE; + } + + orig_tuple = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; + sid.protocol = (s32)orig_tuple.dst.protonum; + + /* + * Extract information from the conntrack connection. We're only interested + * in nominal connection information (i.e. we're ignoring any NAT information). + */ + switch (sid.protocol) { + case IPPROTO_TCP: + sid.src_port = orig_tuple.src.u.tcp.port; + sid.dest_port = orig_tuple.dst.u.tcp.port; + break; + + case IPPROTO_UDP: + sid.src_port = orig_tuple.src.u.udp.port; + sid.dest_port = orig_tuple.dst.u.udp.port; + break; + + default: + DEBUG_TRACE("unhandled protocol: %d\n", sid.protocol); + return NOTIFY_DONE; + } + + if (likely(nf_ct_l3num(ct) == AF_INET)) { + sid.src_ip.ip = (__be32)orig_tuple.src.u3.ip; + sid.dest_ip.ip = (__be32)orig_tuple.dst.u3.ip; + + sfe_ipv4_destroy_rule(&sid); + } else if (likely(nf_ct_l3num(ct) == AF_INET6)) { + sid.src_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.src.u3.in6); + sid.dest_ip.ip6[0] = *((struct sfe_ipv6_addr *)&orig_tuple.dst.u3.in6); + + sfe_ipv6_destroy_rule(&sid); + } else { + DEBUG_TRACE("ignoring non-IPv4 and non-IPv6 connection\n"); + } + + return NOTIFY_DONE; +} + +/* + * Netfilter conntrack event system to monitor connection tracking changes + */ +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS +static struct notifier_block sfe_cm_conntrack_notifier = { + .notifier_call = sfe_cm_conntrack_event, +}; +#else +static struct nf_ct_event_notifier sfe_cm_conntrack_notifier = { + .fcn = sfe_cm_conntrack_event, +}; +#endif +#endif + +/* + * Structure to establish a hook into the post routing netfilter point - this + * will pick up local outbound and packets going from one interface to another. + * + * Note: see include/linux/netfilter_ipv4.h for info related to priority levels. + * We want to examine packets after NAT translation and any ALG processing. + */ +static struct nf_hook_ops sfe_cm_ops_post_routing[] __read_mostly = { + SFE_IPV4_NF_POST_ROUTING_HOOK(__sfe_cm_ipv4_post_routing_hook), + SFE_IPV6_NF_POST_ROUTING_HOOK(__sfe_cm_ipv6_post_routing_hook), +}; + +/* + * sfe_cm_sync_rule() + * Synchronize a connection's state. + */ +static void sfe_cm_sync_rule(struct sfe_connection_sync *sis) +{ + struct nf_conntrack_tuple_hash *h; + struct nf_conntrack_tuple tuple; + struct nf_conn *ct; + SFE_NF_CONN_ACCT(acct); + + /* + * Create a tuple so as to be able to look up a connection + */ + memset(&tuple, 0, sizeof(tuple)); + tuple.src.u.all = (__be16)sis->src_port; + tuple.dst.dir = IP_CT_DIR_ORIGINAL; + tuple.dst.protonum = (u8)sis->protocol; + tuple.dst.u.all = (__be16)sis->dest_port; + + if (sis->is_v6) { + tuple.src.u3.in6 = *((struct in6_addr *)sis->src_ip.ip6); + tuple.dst.u3.in6 = *((struct in6_addr *)sis->dest_ip.ip6); + tuple.src.l3num = AF_INET6; + + DEBUG_TRACE("update connection - p: %d, s: %pI6:%u, d: %pI6:%u\n", + (int)tuple.dst.protonum, + &tuple.src.u3.in6, (unsigned int)ntohs(tuple.src.u.all), + &tuple.dst.u3.in6, (unsigned int)ntohs(tuple.dst.u.all)); + } else { + tuple.src.u3.ip = sis->src_ip.ip; + tuple.dst.u3.ip = sis->dest_ip.ip; + tuple.src.l3num = AF_INET; + + DEBUG_TRACE("update connection - p: %d, s: %pI4:%u, d: %pI4:%u\n", + (int)tuple.dst.protonum, + &tuple.src.u3.ip, (unsigned int)ntohs(tuple.src.u.all), + &tuple.dst.u3.ip, (unsigned int)ntohs(tuple.dst.u.all)); + } + + /* + * Look up conntrack connection + */ + h = nf_conntrack_find_get(&init_net, SFE_NF_CT_DEFAULT_ZONE, &tuple); + if (unlikely(!h)) { + DEBUG_TRACE("no connection found\n"); + return; + } + + ct = nf_ct_tuplehash_to_ctrack(h); + NF_CT_ASSERT(ct->timeout.data == (unsigned long)ct); + + /* + * Only update if this is not a fixed timeout + */ + if (!test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status)) { + spin_lock_bh(&ct->lock); +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) + ct->timeout += sis->delta_jiffies; +#else + ct->timeout.expires += sis->delta_jiffies; +#endif + spin_unlock_bh(&ct->lock); + } + + acct = nf_conn_acct_find(ct); + if (acct) { + spin_lock_bh(&ct->lock); + atomic64_add(sis->src_new_packet_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_ORIGINAL].packets); + atomic64_add(sis->src_new_byte_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_ORIGINAL].bytes); + atomic64_add(sis->dest_new_packet_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].packets); + atomic64_add(sis->dest_new_byte_count, &SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].bytes); + spin_unlock_bh(&ct->lock); + } + + switch (sis->protocol) { + case IPPROTO_TCP: + spin_lock_bh(&ct->lock); + if (ct->proto.tcp.seen[0].td_maxwin < sis->src_td_max_window) { + ct->proto.tcp.seen[0].td_maxwin = sis->src_td_max_window; + } + if ((s32)(ct->proto.tcp.seen[0].td_end - sis->src_td_end) < 0) { + ct->proto.tcp.seen[0].td_end = sis->src_td_end; + } + if ((s32)(ct->proto.tcp.seen[0].td_maxend - sis->src_td_max_end) < 0) { + ct->proto.tcp.seen[0].td_maxend = sis->src_td_max_end; + } + if (ct->proto.tcp.seen[1].td_maxwin < sis->dest_td_max_window) { + ct->proto.tcp.seen[1].td_maxwin = sis->dest_td_max_window; + } + if ((s32)(ct->proto.tcp.seen[1].td_end - sis->dest_td_end) < 0) { + ct->proto.tcp.seen[1].td_end = sis->dest_td_end; + } + if ((s32)(ct->proto.tcp.seen[1].td_maxend - sis->dest_td_max_end) < 0) { + ct->proto.tcp.seen[1].td_maxend = sis->dest_td_max_end; + } + spin_unlock_bh(&ct->lock); + break; + case IPPROTO_UDP: + /* + * In Linux connection track, UDP flow has two timeout values: + * /proc/sys/net/netfilter/nf_conntrack_udp_timeout: + * this is for uni-direction UDP flow, normally its value is 60 seconds + * /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream: + * this is for bi-direction UDP flow, normally its value is 180 seconds + * + * Linux will update timer of UDP flow to stream timeout once it seen packets + * in reply direction. But if flow is accelerated by NSS or SFE, Linux won't + * see any packets. So we have to do the same thing in our stats sync message. + */ + if (!test_bit(IPS_ASSURED_BIT, &ct->status) && acct) { + u_int64_t reply_pkts = atomic64_read(&SFE_ACCT_COUNTER(acct)[IP_CT_DIR_REPLY].packets); + + if (reply_pkts != 0) { + struct nf_conntrack_l4proto *l4proto; + unsigned int *timeouts; + + set_bit(IPS_SEEN_REPLY_BIT, &ct->status); + set_bit(IPS_ASSURED_BIT, &ct->status); + + l4proto = __nf_ct_l4proto_find((sis->is_v6 ? AF_INET6 : AF_INET), IPPROTO_UDP); + timeouts = nf_ct_timeout_lookup(&init_net, ct, l4proto); + + spin_lock_bh(&ct->lock); +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) + ct->timeout = nfct_time_stamp + timeouts[UDP_CT_REPLIED]; +#else + ct->timeout.expires = jiffies + timeouts[UDP_CT_REPLIED]; +#endif + spin_unlock_bh(&ct->lock); + } + } + break; + } + + /* + * Release connection + */ + nf_ct_put(ct); +} + +/* + * sfe_cm_device_event() + */ +static int sfe_cm_device_event(struct notifier_block *this, unsigned long event, void *ptr) +{ + struct net_device *dev = SFE_DEV_EVENT_PTR(ptr); + + if (dev && (event == NETDEV_DOWN)) { + sfe_ipv4_destroy_all_rules_for_dev(dev); + sfe_ipv6_destroy_all_rules_for_dev(dev); + } + + return NOTIFY_DONE; +} + +/* + * sfe_cm_inet_event() + */ +static int sfe_cm_inet_event(struct notifier_block *this, unsigned long event, void *ptr) +{ + struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; + + if (dev && (event == NETDEV_DOWN)) { + sfe_ipv4_destroy_all_rules_for_dev(dev); + } + + return NOTIFY_DONE; +} + +/* + * sfe_cm_inet6_event() + */ +static int sfe_cm_inet6_event(struct notifier_block *this, unsigned long event, void *ptr) +{ + struct net_device *dev = ((struct inet6_ifaddr *)ptr)->idev->dev; + + if (dev && (event == NETDEV_DOWN)) { + sfe_ipv6_destroy_all_rules_for_dev(dev); + } + + return NOTIFY_DONE; +} + +/* + * sfe_cm_get_exceptions + * dump exception counters + */ +static ssize_t sfe_cm_get_exceptions(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + int idx, len; + struct sfe_cm *sc = &__sc; + + spin_lock_bh(&sc->lock); + for (len = 0, idx = 0; idx < SFE_CM_EXCEPTION_MAX; idx++) { + if (sc->exceptions[idx]) { + len += snprintf(buf + len, (ssize_t)(PAGE_SIZE - len), "%s = %d\n", sfe_cm_exception_events_string[idx], sc->exceptions[idx]); + } + } + spin_unlock_bh(&sc->lock); + + return len; +} + +/* + * sfe_cm_get_stop + * dump stop + */ +static ssize_t sfe_cm_get_stop(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + int (*fast_recv)(struct sk_buff *skb); + rcu_read_lock(); + fast_recv = rcu_dereference(fast_nat_recv); + rcu_read_unlock(); + return snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", fast_recv ? 0 : 1); +} + +static ssize_t sfe_cm_set_stop(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + int ret; + u32 num; + int (*fast_recv)(struct sk_buff *skb); + + ret = kstrtou32(buf, 0, &num); + if (ret) + return ret; + + /* + * Hook/Unhook the receive path in the network stack. + */ + if (num) { + RCU_INIT_POINTER(fast_nat_recv, NULL); + } else { + rcu_read_lock(); + fast_recv = rcu_dereference(fast_nat_recv); + rcu_read_unlock(); + if (!fast_recv) { + BUG_ON(fast_nat_recv); + RCU_INIT_POINTER(fast_nat_recv, sfe_cm_recv); + } + } + + DEBUG_TRACE("sfe_cm_stop = %d\n", num); + return count; +} + +/* + * sfe_cm_get_defunct_all + * dump state of SFE + */ +static ssize_t sfe_cm_get_defunct_all(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + return snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", 0); +} + +static ssize_t sfe_cm_set_defunct_all(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + sfe_ipv4_destroy_all_rules_for_dev(NULL); + sfe_ipv6_destroy_all_rules_for_dev(NULL); + return count; +} + +/* + * sysfs attributes. + */ +static const struct device_attribute sfe_attrs[] = { + __ATTR(exceptions, S_IRUGO, sfe_cm_get_exceptions, NULL), + __ATTR(stop, S_IWUSR | S_IRUGO, sfe_cm_get_stop, sfe_cm_set_stop), + __ATTR(defunct_all, S_IWUSR | S_IRUGO, sfe_cm_get_defunct_all, sfe_cm_set_defunct_all), +}; + +/* + * sfe_cm_init() + */ +static int __init sfe_cm_init(void) +{ + struct sfe_cm *sc = &__sc; + int result = -1; + size_t i, j; + + DEBUG_INFO("SFE CM init\n"); + + /* + * Create sys/sfe_cm + */ + sc->sys_sfe_cm = kobject_create_and_add("sfe_cm", NULL); + if (!sc->sys_sfe_cm) { + DEBUG_ERROR("failed to register sfe_cm\n"); + goto exit1; + } + + for (i = 0; i < ARRAY_SIZE(sfe_attrs); i++) { + result = sysfs_create_file(sc->sys_sfe_cm, &sfe_attrs[i].attr); + if (result) { + DEBUG_ERROR("failed to register %s : %d\n", + sfe_attrs[i].attr.name, result); + goto exit2; + } + } + + sc->dev_notifier.notifier_call = sfe_cm_device_event; + sc->dev_notifier.priority = 1; + register_netdevice_notifier(&sc->dev_notifier); + + sc->inet_notifier.notifier_call = sfe_cm_inet_event; + sc->inet_notifier.priority = 1; + register_inetaddr_notifier(&sc->inet_notifier); + + sc->inet6_notifier.notifier_call = sfe_cm_inet6_event; + sc->inet6_notifier.priority = 1; + register_inet6addr_notifier(&sc->inet6_notifier); + /* + * Register our netfilter hooks. + */ + result = nf_register_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); + if (result < 0) { + DEBUG_ERROR("can't register nf post routing hook: %d\n", result); + goto exit3; + } + +#ifdef CONFIG_NF_CONNTRACK_EVENTS + /* + * Register a notifier hook to get fast notifications of expired connections. + * Note: In CONFIG_NF_CONNTRACK_CHAIN_EVENTS enabled case, nf_conntrack_register_notifier() + * function always returns 0. + */ + +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + (void)nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier); +#else + result = nf_conntrack_register_notifier(&init_net, &sfe_cm_conntrack_notifier); + if (result < 0) { + DEBUG_ERROR("can't register nf notifier hook: %d\n", result); + goto exit4; + } +#endif +#endif + + spin_lock_init(&sc->lock); + + /* + * Hook the shortcut sync callback. + */ + sfe_ipv4_register_sync_rule_callback(sfe_cm_sync_rule); + sfe_ipv6_register_sync_rule_callback(sfe_cm_sync_rule); + return 0; + +#ifdef CONFIG_NF_CONNTRACK_EVENTS +#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS +exit4: + nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); +#endif +#endif +exit3: + unregister_inet6addr_notifier(&sc->inet6_notifier); + unregister_inetaddr_notifier(&sc->inet_notifier); + unregister_netdevice_notifier(&sc->dev_notifier); +exit2: + for (j = 0; j < i; j++) { + sysfs_remove_file(sc->sys_sfe_cm, &sfe_attrs[j].attr); + } + kobject_put(sc->sys_sfe_cm); + +exit1: + return result; +} + +/* + * sfe_cm_exit() + */ +static void __exit sfe_cm_exit(void) +{ + struct sfe_cm *sc = &__sc; + + DEBUG_INFO("SFE CM exit\n"); + + /* + * Unregister our sync callback. + */ + sfe_ipv4_register_sync_rule_callback(NULL); + sfe_ipv6_register_sync_rule_callback(NULL); + + /* + * Unregister our receive callback. + */ + RCU_INIT_POINTER(fast_nat_recv, NULL); + + /* + * Wait for all callbacks to complete. + */ + rcu_barrier(); + + /* + * Destroy all connections. + */ + sfe_ipv4_destroy_all_rules_for_dev(NULL); + sfe_ipv6_destroy_all_rules_for_dev(NULL); + +#ifdef CONFIG_NF_CONNTRACK_EVENTS + nf_conntrack_unregister_notifier(&init_net, &sfe_cm_conntrack_notifier); + +#endif + nf_unregister_hooks(sfe_cm_ops_post_routing, ARRAY_SIZE(sfe_cm_ops_post_routing)); + + unregister_inet6addr_notifier(&sc->inet6_notifier); + unregister_inetaddr_notifier(&sc->inet_notifier); + unregister_netdevice_notifier(&sc->dev_notifier); + + kobject_put(sc->sys_sfe_cm); +} + +module_init(sfe_cm_init) +module_exit(sfe_cm_exit) + +MODULE_DESCRIPTION("Shortcut Forwarding Engine - Connection Manager"); +MODULE_LICENSE("Dual BSD/GPL"); + diff --git a/package/lean/shortcut-fe/src/sfe_cm.h b/package/lean/shortcut-fe/src/sfe_cm.h new file mode 100644 index 000000000..6f2a819d1 --- /dev/null +++ b/package/lean/shortcut-fe/src/sfe_cm.h @@ -0,0 +1,222 @@ +/* + * sfe_cm.h + * Shortcut forwarding engine. + * + * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * connection flags. + */ +#define SFE_CREATE_FLAG_NO_SEQ_CHECK BIT(0) + /* Indicates that we should not check sequence numbers */ +#define SFE_CREATE_FLAG_REMARK_PRIORITY BIT(1) + /* Indicates that we should remark priority of skb */ +#define SFE_CREATE_FLAG_REMARK_DSCP BIT(2) + /* Indicates that we should remark DSCP of packet */ + +/* + * IPv6 address structure + */ +struct sfe_ipv6_addr { + __be32 addr[4]; +}; + +typedef union { + __be32 ip; + struct sfe_ipv6_addr ip6[1]; +} sfe_ip_addr_t; + +/* + * connection creation structure. + */ +struct sfe_connection_create { + int protocol; + struct net_device *src_dev; + struct net_device *dest_dev; + u32 flags; + u32 src_mtu; + u32 dest_mtu; + sfe_ip_addr_t src_ip; + sfe_ip_addr_t src_ip_xlate; + sfe_ip_addr_t dest_ip; + sfe_ip_addr_t dest_ip_xlate; + __be16 src_port; + __be16 src_port_xlate; + __be16 dest_port; + __be16 dest_port_xlate; + u8 src_mac[ETH_ALEN]; + u8 src_mac_xlate[ETH_ALEN]; + u8 dest_mac[ETH_ALEN]; + u8 dest_mac_xlate[ETH_ALEN]; + u8 src_td_window_scale; + u32 src_td_max_window; + u32 src_td_end; + u32 src_td_max_end; + u8 dest_td_window_scale; + u32 dest_td_max_window; + u32 dest_td_end; + u32 dest_td_max_end; + u32 mark; +#ifdef CONFIG_XFRM + u32 original_accel; + u32 reply_accel; +#endif + u32 src_priority; + u32 dest_priority; + u32 src_dscp; + u32 dest_dscp; +}; + +/* + * connection destruction structure. + */ +struct sfe_connection_destroy { + int protocol; + sfe_ip_addr_t src_ip; + sfe_ip_addr_t dest_ip; + __be16 src_port; + __be16 dest_port; +}; + +typedef enum sfe_sync_reason { + SFE_SYNC_REASON_STATS, /* Sync is to synchronize stats */ + SFE_SYNC_REASON_FLUSH, /* Sync is to flush a entry */ + SFE_SYNC_REASON_DESTROY /* Sync is to destroy a entry(requested by connection manager) */ +} sfe_sync_reason_t; + +/* + * Structure used to sync connection stats/state back within the system. + * + * NOTE: The addresses here are NON-NAT addresses, i.e. the true endpoint addressing. + * 'src' is the creator of the connection. + */ +struct sfe_connection_sync { + struct net_device *src_dev; + struct net_device *dest_dev; + int is_v6; /* Is it for ipv6? */ + int protocol; /* IP protocol number (IPPROTO_...) */ + sfe_ip_addr_t src_ip; /* Non-NAT source address, i.e. the creator of the connection */ + sfe_ip_addr_t src_ip_xlate; /* NATed source address */ + __be16 src_port; /* Non-NAT source port */ + __be16 src_port_xlate; /* NATed source port */ + sfe_ip_addr_t dest_ip; /* Non-NAT destination address, i.e. to whom the connection was created */ + sfe_ip_addr_t dest_ip_xlate; /* NATed destination address */ + __be16 dest_port; /* Non-NAT destination port */ + __be16 dest_port_xlate; /* NATed destination port */ + u32 src_td_max_window; + u32 src_td_end; + u32 src_td_max_end; + u64 src_packet_count; + u64 src_byte_count; + u32 src_new_packet_count; + u32 src_new_byte_count; + u32 dest_td_max_window; + u32 dest_td_end; + u32 dest_td_max_end; + u64 dest_packet_count; + u64 dest_byte_count; + u32 dest_new_packet_count; + u32 dest_new_byte_count; + u32 reason; /* reason for stats sync message, i.e. destroy, flush, period sync */ + u64 delta_jiffies; /* Time to be added to the current timeout to keep the connection alive */ +}; + +/* + * connection mark structure + */ +struct sfe_connection_mark { + int protocol; + sfe_ip_addr_t src_ip; + sfe_ip_addr_t dest_ip; + __be16 src_port; + __be16 dest_port; + u32 mark; +}; + +/* + * Expose the hook for the receive processing. + */ +extern int (*fast_nat_recv)(struct sk_buff *skb); + +/* + * Expose what should be a static flag in the TCP connection tracker. + */ +extern int nf_ct_tcp_no_window_check; + +/* + * This callback will be called in a timer + * at 100 times per second to sync stats back to + * Linux connection track. + * + * A RCU lock is taken to prevent this callback + * from unregistering. + */ +typedef void (*sfe_sync_rule_callback_t)(struct sfe_connection_sync *); + +/* + * IPv4 APIs used by connection manager + */ +int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb); +int sfe_ipv4_create_rule(struct sfe_connection_create *sic); +void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid); +void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev); +void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t callback); +void sfe_ipv4_update_rule(struct sfe_connection_create *sic); +void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark); + +/* + * IPv6 APIs used by connection manager + */ +int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb); +int sfe_ipv6_create_rule(struct sfe_connection_create *sic); +void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid); +void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev); +void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t callback); +void sfe_ipv6_update_rule(struct sfe_connection_create *sic); +void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark); + +/* + * sfe_ipv6_addr_equal() + * compare ipv6 address + * + * return: 1, equal; 0, no equal + */ +static inline int sfe_ipv6_addr_equal(struct sfe_ipv6_addr *a, + struct sfe_ipv6_addr *b) +{ + return a->addr[0] == b->addr[0] && + a->addr[1] == b->addr[1] && + a->addr[2] == b->addr[2] && + a->addr[3] == b->addr[3]; +} + +/* + * sfe_ipv4_addr_equal() + * compare ipv4 address + * + * return: 1, equal; 0, no equal + */ +#define sfe_ipv4_addr_equal(a, b) ((u32)(a) == (u32)(b)) + +/* + * sfe_addr_equal() + * compare ipv4 or ipv6 address + * + * return: 1, equal; 0, no equal + */ +static inline int sfe_addr_equal(sfe_ip_addr_t *a, + sfe_ip_addr_t *b, int is_v4) +{ + return is_v4 ? sfe_ipv4_addr_equal(a->ip, b->ip) : sfe_ipv6_addr_equal(a->ip6, b->ip6); +} diff --git a/package/lean/shortcut-fe/src/sfe_ipv4.c b/package/lean/shortcut-fe/src/sfe_ipv4.c new file mode 100644 index 000000000..34ed09b58 --- /dev/null +++ b/package/lean/shortcut-fe/src/sfe_ipv4.c @@ -0,0 +1,3369 @@ +/* + * sfe_ipv4.c + * Shortcut forwarding engine - IPv4 edition. + * + * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "sfe.h" +#include "sfe_cm.h" + +/* + * By default Linux IP header and transport layer header structures are + * unpacked, assuming that such headers should be 32-bit aligned. + * Unfortunately some wireless adaptors can't cope with this requirement and + * some CPUs can't handle misaligned accesses. For those platforms we + * define SFE_IPV4_UNALIGNED_IP_HEADER and mark the structures as packed. + * When we do this the compiler will generate slightly worse code than for the + * aligned case (on most platforms) but will be much quicker than fixing + * things up in an unaligned trap handler. + */ +#define SFE_IPV4_UNALIGNED_IP_HEADER 1 +#if SFE_IPV4_UNALIGNED_IP_HEADER +#define SFE_IPV4_UNALIGNED_STRUCT __attribute__((aligned(4))) +#else +#define SFE_IPV4_UNALIGNED_STRUCT +#endif + +/* + * An Ethernet header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV4_UNALIGNED_STRUCT) + */ +struct sfe_ipv4_eth_hdr { + __be16 h_dest[ETH_ALEN / 2]; + __be16 h_source[ETH_ALEN / 2]; + __be16 h_proto; +} SFE_IPV4_UNALIGNED_STRUCT; + +#define SFE_IPV4_DSCP_MASK 0x3 +#define SFE_IPV4_DSCP_SHIFT 2 + +/* + * An IPv4 header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV4_UNALIGNED_STRUCT) + */ +struct sfe_ipv4_ip_hdr { +#if defined(__LITTLE_ENDIAN_BITFIELD) + __u8 ihl:4, + version:4; +#elif defined (__BIG_ENDIAN_BITFIELD) + __u8 version:4, + ihl:4; +#else +#error "Please fix " +#endif + __u8 tos; + __be16 tot_len; + __be16 id; + __be16 frag_off; + __u8 ttl; + __u8 protocol; + __sum16 check; + __be32 saddr; + __be32 daddr; + + /* + * The options start here. + */ +} SFE_IPV4_UNALIGNED_STRUCT; + +/* + * A UDP header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV4_UNALIGNED_STRUCT) + */ +struct sfe_ipv4_udp_hdr { + __be16 source; + __be16 dest; + __be16 len; + __sum16 check; +} SFE_IPV4_UNALIGNED_STRUCT; + +/* + * A TCP header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV4_UNALIGNED_STRUCT) + */ +struct sfe_ipv4_tcp_hdr { + __be16 source; + __be16 dest; + __be32 seq; + __be32 ack_seq; +#if defined(__LITTLE_ENDIAN_BITFIELD) + __u16 res1:4, + doff:4, + fin:1, + syn:1, + rst:1, + psh:1, + ack:1, + urg:1, + ece:1, + cwr:1; +#elif defined(__BIG_ENDIAN_BITFIELD) + __u16 doff:4, + res1:4, + cwr:1, + ece:1, + urg:1, + ack:1, + psh:1, + rst:1, + syn:1, + fin:1; +#else +#error "Adjust your defines" +#endif + __be16 window; + __sum16 check; + __be16 urg_ptr; +} SFE_IPV4_UNALIGNED_STRUCT; + +/* + * Specifies the lower bound on ACK numbers carried in the TCP header + */ +#define SFE_IPV4_TCP_MAX_ACK_WINDOW 65520 + +/* + * IPv4 TCP connection match additional data. + */ +struct sfe_ipv4_tcp_connection_match { + u8 win_scale; /* Window scale */ + u32 max_win; /* Maximum window size seen */ + u32 end; /* Sequence number of the next byte to send (seq + segment length) */ + u32 max_end; /* Sequence number of the last byte to ack */ +}; + +/* + * Bit flags for IPv4 connection matching entry. + */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0) + /* Perform source translation */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1) + /* Perform destination translation */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2) + /* Ignore TCP sequence numbers */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3) + /* Fast Ethernet header write */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4) + /* Fast Ethernet header write */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5) + /* remark priority of SKB */ +#define SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6) + /* remark DSCP of packet */ + +/* + * IPv4 connection matching structure. + */ +struct sfe_ipv4_connection_match { + /* + * References to other objects. + */ + struct sfe_ipv4_connection_match *next; + struct sfe_ipv4_connection_match *prev; + struct sfe_ipv4_connection *connection; + struct sfe_ipv4_connection_match *counter_match; + /* Matches the flow in the opposite direction as the one in *connection */ + struct sfe_ipv4_connection_match *active_next; + struct sfe_ipv4_connection_match *active_prev; + bool active; /* Flag to indicate if we're on the active list */ + + /* + * Characteristics that identify flows that match this rule. + */ + struct net_device *match_dev; /* Network device */ + u8 match_protocol; /* Protocol */ + __be32 match_src_ip; /* Source IP address */ + __be32 match_dest_ip; /* Destination IP address */ + __be16 match_src_port; /* Source port/connection ident */ + __be16 match_dest_port; /* Destination port/connection ident */ + + /* + * Control the operations of the match. + */ + u32 flags; /* Bit flags */ +#ifdef CONFIG_XFRM + u32 flow_accel; /* The flow accelerated or not */ +#endif + + /* + * Connection state that we track once we match. + */ + union { /* Protocol-specific state */ + struct sfe_ipv4_tcp_connection_match tcp; + } protocol_state; + /* + * Stats recorded in a sync period. These stats will be added to + * rx_packet_count64/rx_byte_count64 after a sync period. + */ + u32 rx_packet_count; + u32 rx_byte_count; + + /* + * Packet translation information. + */ + __be32 xlate_src_ip; /* Address after source translation */ + __be16 xlate_src_port; /* Port/connection ident after source translation */ + u16 xlate_src_csum_adjustment; + /* Transport layer checksum adjustment after source translation */ + u16 xlate_src_partial_csum_adjustment; + /* Transport layer pseudo header checksum adjustment after source translation */ + + __be32 xlate_dest_ip; /* Address after destination translation */ + __be16 xlate_dest_port; /* Port/connection ident after destination translation */ + u16 xlate_dest_csum_adjustment; + /* Transport layer checksum adjustment after destination translation */ + u16 xlate_dest_partial_csum_adjustment; + /* Transport layer pseudo header checksum adjustment after destination translation */ + + /* + * QoS information + */ + u32 priority; + u32 dscp; + + /* + * Packet transmit information. + */ + struct net_device *xmit_dev; /* Network device on which to transmit */ + unsigned short int xmit_dev_mtu; + /* Interface MTU */ + u16 xmit_dest_mac[ETH_ALEN / 2]; + /* Destination MAC address to use when forwarding */ + u16 xmit_src_mac[ETH_ALEN / 2]; + /* Source MAC address to use when forwarding */ + + /* + * Summary stats. + */ + u64 rx_packet_count64; + u64 rx_byte_count64; +}; + +/* + * Per-connection data structure. + */ +struct sfe_ipv4_connection { + struct sfe_ipv4_connection *next; + /* Pointer to the next entry in a hash chain */ + struct sfe_ipv4_connection *prev; + /* Pointer to the previous entry in a hash chain */ + int protocol; /* IP protocol number */ + __be32 src_ip; /* Src IP addr pre-translation */ + __be32 src_ip_xlate; /* Src IP addr post-translation */ + __be32 dest_ip; /* Dest IP addr pre-translation */ + __be32 dest_ip_xlate; /* Dest IP addr post-translation */ + __be16 src_port; /* Src port pre-translation */ + __be16 src_port_xlate; /* Src port post-translation */ + __be16 dest_port; /* Dest port pre-translation */ + __be16 dest_port_xlate; /* Dest port post-translation */ + struct sfe_ipv4_connection_match *original_match; + /* Original direction matching structure */ + struct net_device *original_dev; + /* Original direction source device */ + struct sfe_ipv4_connection_match *reply_match; + /* Reply direction matching structure */ + struct net_device *reply_dev; /* Reply direction source device */ + u64 last_sync_jiffies; /* Jiffies count for the last sync */ + struct sfe_ipv4_connection *all_connections_next; + /* Pointer to the next entry in the list of all connections */ + struct sfe_ipv4_connection *all_connections_prev; + /* Pointer to the previous entry in the list of all connections */ + u32 mark; /* mark for outgoing packet */ + u32 debug_read_seq; /* sequence number for debug dump */ +}; + +/* + * IPv4 connections and hash table size information. + */ +#define SFE_IPV4_CONNECTION_HASH_SHIFT 12 +#define SFE_IPV4_CONNECTION_HASH_SIZE (1 << SFE_IPV4_CONNECTION_HASH_SHIFT) +#define SFE_IPV4_CONNECTION_HASH_MASK (SFE_IPV4_CONNECTION_HASH_SIZE - 1) + +enum sfe_ipv4_exception_events { + SFE_IPV4_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_UDP_NO_CONNECTION, + SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT, + SFE_IPV4_EXCEPTION_EVENT_UDP_SMALL_TTL, + SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION, + SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS, + SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS, + SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT, + SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL, + SFE_IPV4_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION, + SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS, + SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE, + SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS, + SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK, + SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS, + SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE, + SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE, + SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_NON_V4, + SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_IP_OPTIONS_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UDP_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_TCP_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UNHANDLED_PROTOCOL, + SFE_IPV4_EXCEPTION_EVENT_ICMP_NO_CONNECTION, + SFE_IPV4_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION, + SFE_IPV4_EXCEPTION_EVENT_HEADER_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_BAD_TOTAL_LENGTH, + SFE_IPV4_EXCEPTION_EVENT_NON_V4, + SFE_IPV4_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT, + SFE_IPV4_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE, + SFE_IPV4_EXCEPTION_EVENT_UNHANDLED_PROTOCOL, + SFE_IPV4_EXCEPTION_EVENT_CSUM_ERROR, + SFE_IPV4_EXCEPTION_EVENT_LAST +}; + +static char *sfe_ipv4_exception_events_string[SFE_IPV4_EXCEPTION_EVENT_LAST] = { + "UDP_HEADER_INCOMPLETE", + "UDP_NO_CONNECTION", + "UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT", + "UDP_SMALL_TTL", + "UDP_NEEDS_FRAGMENTATION", + "TCP_HEADER_INCOMPLETE", + "TCP_NO_CONNECTION_SLOW_FLAGS", + "TCP_NO_CONNECTION_FAST_FLAGS", + "TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT", + "TCP_SMALL_TTL", + "TCP_NEEDS_FRAGMENTATION", + "TCP_FLAGS", + "TCP_SEQ_EXCEEDS_RIGHT_EDGE", + "TCP_SMALL_DATA_OFFS", + "TCP_BAD_SACK", + "TCP_BIG_DATA_OFFS", + "TCP_SEQ_BEFORE_LEFT_EDGE", + "TCP_ACK_EXCEEDS_RIGHT_EDGE", + "TCP_ACK_BEFORE_LEFT_EDGE", + "ICMP_HEADER_INCOMPLETE", + "ICMP_UNHANDLED_TYPE", + "ICMP_IPV4_HEADER_INCOMPLETE", + "ICMP_IPV4_NON_V4", + "ICMP_IPV4_IP_OPTIONS_INCOMPLETE", + "ICMP_IPV4_UDP_HEADER_INCOMPLETE", + "ICMP_IPV4_TCP_HEADER_INCOMPLETE", + "ICMP_IPV4_UNHANDLED_PROTOCOL", + "ICMP_NO_CONNECTION", + "ICMP_FLUSHED_CONNECTION", + "HEADER_INCOMPLETE", + "BAD_TOTAL_LENGTH", + "NON_V4", + "NON_INITIAL_FRAGMENT", + "DATAGRAM_INCOMPLETE", + "IP_OPTIONS_INCOMPLETE", + "UNHANDLED_PROTOCOL", + "CSUM_ERROR" +}; + +/* + * Per-module structure. + */ +struct sfe_ipv4 { + spinlock_t lock; /* Lock for SMP correctness */ + struct sfe_ipv4_connection_match *active_head; + /* Head of the list of recently active connections */ + struct sfe_ipv4_connection_match *active_tail; + /* Tail of the list of recently active connections */ + struct sfe_ipv4_connection *all_connections_head; + /* Head of the list of all connections */ + struct sfe_ipv4_connection *all_connections_tail; + /* Tail of the list of all connections */ + unsigned int num_connections; /* Number of connections */ + struct timer_list timer; /* Timer used for periodic sync ops */ + sfe_sync_rule_callback_t __rcu sync_rule_callback; + /* Callback function registered by a connection manager for stats syncing */ + struct sfe_ipv4_connection *conn_hash[SFE_IPV4_CONNECTION_HASH_SIZE]; + /* Connection hash table */ + struct sfe_ipv4_connection_match *conn_match_hash[SFE_IPV4_CONNECTION_HASH_SIZE]; + /* Connection match hash table */ + + /* + * Stats recorded in a sync period. These stats will be added to + * connection_xxx64 after a sync period. + */ + u32 connection_create_requests; + /* Number of IPv4 connection create requests */ + u32 connection_create_collisions; + /* Number of IPv4 connection create requests that collided with existing hash table entries */ + u32 connection_destroy_requests; + /* Number of IPv4 connection destroy requests */ + u32 connection_destroy_misses; + /* Number of IPv4 connection destroy requests that missed our hash table */ + u32 connection_match_hash_hits; + /* Number of IPv4 connection match hash hits */ + u32 connection_match_hash_reorders; + /* Number of IPv4 connection match hash reorders */ + u32 connection_flushes; /* Number of IPv4 connection flushes */ + u32 packets_forwarded; /* Number of IPv4 packets forwarded */ + u32 packets_not_forwarded; /* Number of IPv4 packets not forwarded */ + u32 exception_events[SFE_IPV4_EXCEPTION_EVENT_LAST]; + + /* + * Summary statistics. + */ + u64 connection_create_requests64; + /* Number of IPv4 connection create requests */ + u64 connection_create_collisions64; + /* Number of IPv4 connection create requests that collided with existing hash table entries */ + u64 connection_destroy_requests64; + /* Number of IPv4 connection destroy requests */ + u64 connection_destroy_misses64; + /* Number of IPv4 connection destroy requests that missed our hash table */ + u64 connection_match_hash_hits64; + /* Number of IPv4 connection match hash hits */ + u64 connection_match_hash_reorders64; + /* Number of IPv4 connection match hash reorders */ + u64 connection_flushes64; /* Number of IPv4 connection flushes */ + u64 packets_forwarded64; /* Number of IPv4 packets forwarded */ + u64 packets_not_forwarded64; + /* Number of IPv4 packets not forwarded */ + u64 exception_events64[SFE_IPV4_EXCEPTION_EVENT_LAST]; + + /* + * Control state. + */ + struct kobject *sys_sfe_ipv4; /* sysfs linkage */ + int debug_dev; /* Major number of the debug char device */ + u32 debug_read_seq; /* sequence number for debug dump */ +}; + +/* + * Enumeration of the XML output. + */ +enum sfe_ipv4_debug_xml_states { + SFE_IPV4_DEBUG_XML_STATE_START, + SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_START, + SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_CONNECTION, + SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_END, + SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_START, + SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION, + SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_END, + SFE_IPV4_DEBUG_XML_STATE_STATS, + SFE_IPV4_DEBUG_XML_STATE_END, + SFE_IPV4_DEBUG_XML_STATE_DONE +}; + +/* + * XML write state. + */ +struct sfe_ipv4_debug_xml_write_state { + enum sfe_ipv4_debug_xml_states state; + /* XML output file state machine state */ + int iter_exception; /* Next exception iterator */ +}; + +typedef bool (*sfe_ipv4_debug_xml_write_method_t)(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws); + +static struct sfe_ipv4 __si; + +/* + * sfe_ipv4_gen_ip_csum() + * Generate the IP checksum for an IPv4 header. + * + * Note that this function assumes that we have only 20 bytes of IP header. + */ +static inline u16 sfe_ipv4_gen_ip_csum(struct sfe_ipv4_ip_hdr *iph) +{ + u32 sum; + u16 *i = (u16 *)iph; + + iph->check = 0; + + /* + * Generate the sum. + */ + sum = i[0] + i[1] + i[2] + i[3] + i[4] + i[5] + i[6] + i[7] + i[8] + i[9]; + + /* + * Fold it to ones-complement form. + */ + sum = (sum & 0xffff) + (sum >> 16); + sum = (sum & 0xffff) + (sum >> 16); + + return (u16)sum ^ 0xffff; +} + +/* + * sfe_ipv4_get_connection_match_hash() + * Generate the hash used in connection match lookups. + */ +static inline unsigned int sfe_ipv4_get_connection_match_hash(struct net_device *dev, u8 protocol, + __be32 src_ip, __be16 src_port, + __be32 dest_ip, __be16 dest_port) +{ + size_t dev_addr = (size_t)dev; + u32 hash = ((u32)dev_addr) ^ ntohl(src_ip ^ dest_ip) ^ protocol ^ ntohs(src_port ^ dest_port); + return ((hash >> SFE_IPV4_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV4_CONNECTION_HASH_MASK; +} + +/* + * sfe_ipv4_find_sfe_ipv4_connection_match() + * Get the IPv4 flow match info that corresponds to a particular 5-tuple. + * + * On entry we must be holding the lock that protects the hash table. + */ +static struct sfe_ipv4_connection_match * +sfe_ipv4_find_sfe_ipv4_connection_match(struct sfe_ipv4 *si, struct net_device *dev, u8 protocol, + __be32 src_ip, __be16 src_port, + __be32 dest_ip, __be16 dest_port) +{ + struct sfe_ipv4_connection_match *cm; + struct sfe_ipv4_connection_match *head; + unsigned int conn_match_idx; + + conn_match_idx = sfe_ipv4_get_connection_match_hash(dev, protocol, src_ip, src_port, dest_ip, dest_port); + cm = si->conn_match_hash[conn_match_idx]; + + /* + * If we don't have anything in this chain then bail. + */ + if (unlikely(!cm)) { + return NULL; + } + + /* + * Hopefully the first entry is the one we want. + */ + if ((cm->match_src_port == src_port) + && (cm->match_dest_port == dest_port) + && (cm->match_src_ip == src_ip) + && (cm->match_dest_ip == dest_ip) + && (cm->match_protocol == protocol) + && (cm->match_dev == dev)) { + si->connection_match_hash_hits++; + return cm; + } + + /* + * Unfortunately we didn't find it at head, so we search it in chain and + * move matching entry to the top of the hash chain. We presume that this + * will be reused again very quickly. + */ + head = cm; + do { + cm = cm->next; + } while (cm && (cm->match_src_port != src_port + || cm->match_dest_port != dest_port + || cm->match_src_ip != src_ip + || cm->match_dest_ip != dest_ip + || cm->match_protocol != protocol + || cm->match_dev != dev)); + + /* + * Not found then we're done. + */ + if (unlikely(!cm)) { + return NULL; + } + + /* + * We found a match so move it. + */ + if (cm->next) { + cm->next->prev = cm->prev; + } + cm->prev->next = cm->next; + cm->prev = NULL; + cm->next = head; + head->prev = cm; + si->conn_match_hash[conn_match_idx] = cm; + si->connection_match_hash_reorders++; + + return cm; +} + +/* + * sfe_ipv4_connection_match_update_summary_stats() + * Update the summary stats for a connection match entry. + */ +static inline void sfe_ipv4_connection_match_update_summary_stats(struct sfe_ipv4_connection_match *cm) +{ + cm->rx_packet_count64 += cm->rx_packet_count; + cm->rx_packet_count = 0; + cm->rx_byte_count64 += cm->rx_byte_count; + cm->rx_byte_count = 0; +} + +/* + * sfe_ipv4_connection_match_compute_translations() + * Compute port and address translations for a connection match entry. + */ +static void sfe_ipv4_connection_match_compute_translations(struct sfe_ipv4_connection_match *cm) +{ + /* + * Before we insert the entry look to see if this is tagged as doing address + * translations. If it is then work out the adjustment that we need to apply + * to the transport checksum. + */ + if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC) { + /* + * Precompute an incremental checksum adjustment so we can + * edit packets in this stream very quickly. The algorithm is from RFC1624. + */ + u16 src_ip_hi = cm->match_src_ip >> 16; + u16 src_ip_lo = cm->match_src_ip & 0xffff; + u32 xlate_src_ip = ~cm->xlate_src_ip; + u16 xlate_src_ip_hi = xlate_src_ip >> 16; + u16 xlate_src_ip_lo = xlate_src_ip & 0xffff; + u16 xlate_src_port = ~cm->xlate_src_port; + u32 adj; + + /* + * When we compute this fold it down to a 16-bit offset + * as that way we can avoid having to do a double + * folding of the twos-complement result because the + * addition of 2 16-bit values cannot cause a double + * wrap-around! + */ + adj = src_ip_hi + src_ip_lo + cm->match_src_port + + xlate_src_ip_hi + xlate_src_ip_lo + xlate_src_port; + adj = (adj & 0xffff) + (adj >> 16); + adj = (adj & 0xffff) + (adj >> 16); + cm->xlate_src_csum_adjustment = (u16)adj; + + } + + if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST) { + /* + * Precompute an incremental checksum adjustment so we can + * edit packets in this stream very quickly. The algorithm is from RFC1624. + */ + u16 dest_ip_hi = cm->match_dest_ip >> 16; + u16 dest_ip_lo = cm->match_dest_ip & 0xffff; + u32 xlate_dest_ip = ~cm->xlate_dest_ip; + u16 xlate_dest_ip_hi = xlate_dest_ip >> 16; + u16 xlate_dest_ip_lo = xlate_dest_ip & 0xffff; + u16 xlate_dest_port = ~cm->xlate_dest_port; + u32 adj; + + /* + * When we compute this fold it down to a 16-bit offset + * as that way we can avoid having to do a double + * folding of the twos-complement result because the + * addition of 2 16-bit values cannot cause a double + * wrap-around! + */ + adj = dest_ip_hi + dest_ip_lo + cm->match_dest_port + + xlate_dest_ip_hi + xlate_dest_ip_lo + xlate_dest_port; + adj = (adj & 0xffff) + (adj >> 16); + adj = (adj & 0xffff) + (adj >> 16); + cm->xlate_dest_csum_adjustment = (u16)adj; + } + + if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC) { + u32 adj = ~cm->match_src_ip + cm->xlate_src_ip; + if (adj < cm->xlate_src_ip) { + adj++; + } + + adj = (adj & 0xffff) + (adj >> 16); + adj = (adj & 0xffff) + (adj >> 16); + cm->xlate_src_partial_csum_adjustment = (u16)adj; + } + + if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST) { + u32 adj = ~cm->match_dest_ip + cm->xlate_dest_ip; + if (adj < cm->xlate_dest_ip) { + adj++; + } + + adj = (adj & 0xffff) + (adj >> 16); + adj = (adj & 0xffff) + (adj >> 16); + cm->xlate_dest_partial_csum_adjustment = (u16)adj; + } + +} + +/* + * sfe_ipv4_update_summary_stats() + * Update the summary stats. + */ +static void sfe_ipv4_update_summary_stats(struct sfe_ipv4 *si) +{ + int i; + + si->connection_create_requests64 += si->connection_create_requests; + si->connection_create_requests = 0; + si->connection_create_collisions64 += si->connection_create_collisions; + si->connection_create_collisions = 0; + si->connection_destroy_requests64 += si->connection_destroy_requests; + si->connection_destroy_requests = 0; + si->connection_destroy_misses64 += si->connection_destroy_misses; + si->connection_destroy_misses = 0; + si->connection_match_hash_hits64 += si->connection_match_hash_hits; + si->connection_match_hash_hits = 0; + si->connection_match_hash_reorders64 += si->connection_match_hash_reorders; + si->connection_match_hash_reorders = 0; + si->connection_flushes64 += si->connection_flushes; + si->connection_flushes = 0; + si->packets_forwarded64 += si->packets_forwarded; + si->packets_forwarded = 0; + si->packets_not_forwarded64 += si->packets_not_forwarded; + si->packets_not_forwarded = 0; + + for (i = 0; i < SFE_IPV4_EXCEPTION_EVENT_LAST; i++) { + si->exception_events64[i] += si->exception_events[i]; + si->exception_events[i] = 0; + } +} + +/* + * sfe_ipv4_insert_sfe_ipv4_connection_match() + * Insert a connection match into the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static inline void sfe_ipv4_insert_sfe_ipv4_connection_match(struct sfe_ipv4 *si, + struct sfe_ipv4_connection_match *cm) +{ + struct sfe_ipv4_connection_match **hash_head; + struct sfe_ipv4_connection_match *prev_head; + unsigned int conn_match_idx + = sfe_ipv4_get_connection_match_hash(cm->match_dev, cm->match_protocol, + cm->match_src_ip, cm->match_src_port, + cm->match_dest_ip, cm->match_dest_port); + + hash_head = &si->conn_match_hash[conn_match_idx]; + prev_head = *hash_head; + cm->prev = NULL; + if (prev_head) { + prev_head->prev = cm; + } + + cm->next = prev_head; + *hash_head = cm; +} + +/* + * sfe_ipv4_remove_sfe_ipv4_connection_match() + * Remove a connection match object from the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static inline void sfe_ipv4_remove_sfe_ipv4_connection_match(struct sfe_ipv4 *si, struct sfe_ipv4_connection_match *cm) +{ + /* + * Unlink the connection match entry from the hash. + */ + if (cm->prev) { + cm->prev->next = cm->next; + } else { + unsigned int conn_match_idx + = sfe_ipv4_get_connection_match_hash(cm->match_dev, cm->match_protocol, + cm->match_src_ip, cm->match_src_port, + cm->match_dest_ip, cm->match_dest_port); + si->conn_match_hash[conn_match_idx] = cm->next; + } + + if (cm->next) { + cm->next->prev = cm->prev; + } + + /* + * If the connection match entry is in the active list remove it. + */ + if (cm->active) { + if (likely(cm->active_prev)) { + cm->active_prev->active_next = cm->active_next; + } else { + si->active_head = cm->active_next; + } + + if (likely(cm->active_next)) { + cm->active_next->active_prev = cm->active_prev; + } else { + si->active_tail = cm->active_prev; + } + } +} + +/* + * sfe_ipv4_get_connection_hash() + * Generate the hash used in connection lookups. + */ +static inline unsigned int sfe_ipv4_get_connection_hash(u8 protocol, __be32 src_ip, __be16 src_port, + __be32 dest_ip, __be16 dest_port) +{ + u32 hash = ntohl(src_ip ^ dest_ip) ^ protocol ^ ntohs(src_port ^ dest_port); + return ((hash >> SFE_IPV4_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV4_CONNECTION_HASH_MASK; +} + +/* + * sfe_ipv4_find_sfe_ipv4_connection() + * Get the IPv4 connection info that corresponds to a particular 5-tuple. + * + * On entry we must be holding the lock that protects the hash table. + */ +static inline struct sfe_ipv4_connection *sfe_ipv4_find_sfe_ipv4_connection(struct sfe_ipv4 *si, u32 protocol, + __be32 src_ip, __be16 src_port, + __be32 dest_ip, __be16 dest_port) +{ + struct sfe_ipv4_connection *c; + unsigned int conn_idx = sfe_ipv4_get_connection_hash(protocol, src_ip, src_port, dest_ip, dest_port); + c = si->conn_hash[conn_idx]; + + /* + * If we don't have anything in this chain then bale. + */ + if (unlikely(!c)) { + return NULL; + } + + /* + * Hopefully the first entry is the one we want. + */ + if ((c->src_port == src_port) + && (c->dest_port == dest_port) + && (c->src_ip == src_ip) + && (c->dest_ip == dest_ip) + && (c->protocol == protocol)) { + return c; + } + + /* + * Unfortunately we didn't find it at head, so we search it in chain. + */ + do { + c = c->next; + } while (c && (c->src_port != src_port + || c->dest_port != dest_port + || c->src_ip != src_ip + || c->dest_ip != dest_ip + || c->protocol != protocol)); + + /* + * Will need connection entry for next create/destroy metadata, + * So no need to re-order entry for these requests + */ + return c; +} + +/* + * sfe_ipv4_mark_rule() + * Updates the mark for a current offloaded connection + * + * Will take hash lock upon entry + */ +void sfe_ipv4_mark_rule(struct sfe_connection_mark *mark) +{ + struct sfe_ipv4 *si = &__si; + struct sfe_ipv4_connection *c; + + spin_lock_bh(&si->lock); + c = sfe_ipv4_find_sfe_ipv4_connection(si, mark->protocol, + mark->src_ip.ip, mark->src_port, + mark->dest_ip.ip, mark->dest_port); + if (c) { + WARN_ON((0 != c->mark) && (0 == mark->mark)); + c->mark = mark->mark; + } + spin_unlock_bh(&si->lock); + + if (c) { + DEBUG_TRACE("Matching connection found for mark, " + "setting from %08x to %08x\n", + c->mark, mark->mark); + } +} + +/* + * sfe_ipv4_insert_sfe_ipv4_connection() + * Insert a connection into the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static void sfe_ipv4_insert_sfe_ipv4_connection(struct sfe_ipv4 *si, struct sfe_ipv4_connection *c) +{ + struct sfe_ipv4_connection **hash_head; + struct sfe_ipv4_connection *prev_head; + unsigned int conn_idx; + + /* + * Insert entry into the connection hash. + */ + conn_idx = sfe_ipv4_get_connection_hash(c->protocol, c->src_ip, c->src_port, + c->dest_ip, c->dest_port); + hash_head = &si->conn_hash[conn_idx]; + prev_head = *hash_head; + c->prev = NULL; + if (prev_head) { + prev_head->prev = c; + } + + c->next = prev_head; + *hash_head = c; + + /* + * Insert entry into the "all connections" list. + */ + if (si->all_connections_tail) { + c->all_connections_prev = si->all_connections_tail; + si->all_connections_tail->all_connections_next = c; + } else { + c->all_connections_prev = NULL; + si->all_connections_head = c; + } + + si->all_connections_tail = c; + c->all_connections_next = NULL; + si->num_connections++; + + /* + * Insert the connection match objects too. + */ + sfe_ipv4_insert_sfe_ipv4_connection_match(si, c->original_match); + sfe_ipv4_insert_sfe_ipv4_connection_match(si, c->reply_match); +} + +/* + * sfe_ipv4_remove_sfe_ipv4_connection() + * Remove a sfe_ipv4_connection object from the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static void sfe_ipv4_remove_sfe_ipv4_connection(struct sfe_ipv4 *si, struct sfe_ipv4_connection *c) +{ + /* + * Remove the connection match objects. + */ + sfe_ipv4_remove_sfe_ipv4_connection_match(si, c->reply_match); + sfe_ipv4_remove_sfe_ipv4_connection_match(si, c->original_match); + + /* + * Unlink the connection. + */ + if (c->prev) { + c->prev->next = c->next; + } else { + unsigned int conn_idx = sfe_ipv4_get_connection_hash(c->protocol, c->src_ip, c->src_port, + c->dest_ip, c->dest_port); + si->conn_hash[conn_idx] = c->next; + } + + if (c->next) { + c->next->prev = c->prev; + } + + /* + * Unlink connection from all_connections list + */ + if (c->all_connections_prev) { + c->all_connections_prev->all_connections_next = c->all_connections_next; + } else { + si->all_connections_head = c->all_connections_next; + } + + if (c->all_connections_next) { + c->all_connections_next->all_connections_prev = c->all_connections_prev; + } else { + si->all_connections_tail = c->all_connections_prev; + } + + si->num_connections--; +} + +/* + * sfe_ipv4_sync_sfe_ipv4_connection() + * Sync a connection. + * + * On entry to this function we expect that the lock for the connection is either + * already held or isn't required. + */ +static void sfe_ipv4_gen_sync_sfe_ipv4_connection(struct sfe_ipv4 *si, struct sfe_ipv4_connection *c, + struct sfe_connection_sync *sis, sfe_sync_reason_t reason, + u64 now_jiffies) +{ + struct sfe_ipv4_connection_match *original_cm; + struct sfe_ipv4_connection_match *reply_cm; + + /* + * Fill in the update message. + */ + sis->is_v6 = 0; + sis->protocol = c->protocol; + sis->src_ip.ip = c->src_ip; + sis->src_ip_xlate.ip = c->src_ip_xlate; + sis->dest_ip.ip = c->dest_ip; + sis->dest_ip_xlate.ip = c->dest_ip_xlate; + sis->src_port = c->src_port; + sis->src_port_xlate = c->src_port_xlate; + sis->dest_port = c->dest_port; + sis->dest_port_xlate = c->dest_port_xlate; + + original_cm = c->original_match; + reply_cm = c->reply_match; + sis->src_td_max_window = original_cm->protocol_state.tcp.max_win; + sis->src_td_end = original_cm->protocol_state.tcp.end; + sis->src_td_max_end = original_cm->protocol_state.tcp.max_end; + sis->dest_td_max_window = reply_cm->protocol_state.tcp.max_win; + sis->dest_td_end = reply_cm->protocol_state.tcp.end; + sis->dest_td_max_end = reply_cm->protocol_state.tcp.max_end; + + sis->src_new_packet_count = original_cm->rx_packet_count; + sis->src_new_byte_count = original_cm->rx_byte_count; + sis->dest_new_packet_count = reply_cm->rx_packet_count; + sis->dest_new_byte_count = reply_cm->rx_byte_count; + + sfe_ipv4_connection_match_update_summary_stats(original_cm); + sfe_ipv4_connection_match_update_summary_stats(reply_cm); + + sis->src_dev = original_cm->match_dev; + sis->src_packet_count = original_cm->rx_packet_count64; + sis->src_byte_count = original_cm->rx_byte_count64; + + sis->dest_dev = reply_cm->match_dev; + sis->dest_packet_count = reply_cm->rx_packet_count64; + sis->dest_byte_count = reply_cm->rx_byte_count64; + + sis->reason = reason; + + /* + * Get the time increment since our last sync. + */ + sis->delta_jiffies = now_jiffies - c->last_sync_jiffies; + c->last_sync_jiffies = now_jiffies; +} + +/* + * sfe_ipv4_flush_sfe_ipv4_connection() + * Flush a connection and free all associated resources. + * + * We need to be called with bottom halves disabled locally as we need to acquire + * the connection hash lock and release it again. In general we're actually called + * from within a BH and so we're fine, but we're also called when connections are + * torn down. + */ +static void sfe_ipv4_flush_sfe_ipv4_connection(struct sfe_ipv4 *si, + struct sfe_ipv4_connection *c, + sfe_sync_reason_t reason) +{ + struct sfe_connection_sync sis; + u64 now_jiffies; + sfe_sync_rule_callback_t sync_rule_callback; + + rcu_read_lock(); + spin_lock_bh(&si->lock); + si->connection_flushes++; + sync_rule_callback = rcu_dereference(si->sync_rule_callback); + spin_unlock_bh(&si->lock); + + if (sync_rule_callback) { + /* + * Generate a sync message and then sync. + */ + now_jiffies = get_jiffies_64(); + sfe_ipv4_gen_sync_sfe_ipv4_connection(si, c, &sis, reason, now_jiffies); + sync_rule_callback(&sis); + } + + rcu_read_unlock(); + + /* + * Release our hold of the source and dest devices and free the memory + * for our connection objects. + */ + dev_put(c->original_dev); + dev_put(c->reply_dev); + kfree(c->original_match); + kfree(c->reply_match); + kfree(c); +} + +/* + * sfe_ipv4_recv_udp() + * Handle UDP packet receives and forwarding. + */ +static int sfe_ipv4_recv_udp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, + unsigned int len, struct sfe_ipv4_ip_hdr *iph, unsigned int ihl, bool flush_on_find) +{ + struct sfe_ipv4_udp_hdr *udph; + __be32 src_ip; + __be32 dest_ip; + __be16 src_port; + __be16 dest_port; + struct sfe_ipv4_connection_match *cm; + u8 ttl; + struct net_device *xmit_dev; + + /* + * Is our packet too short to contain a valid UDP header? + */ + if (unlikely(!pskb_may_pull(skb, (sizeof(struct sfe_ipv4_udp_hdr) + ihl)))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("packet too short for UDP header\n"); + return 0; + } + + /* + * Read the IP address and port information. Read the IP header data first + * because we've almost certainly got that in the cache. We may not yet have + * the UDP header cached though so allow more time for any prefetching. + */ + src_ip = iph->saddr; + dest_ip = iph->daddr; + + udph = (struct sfe_ipv4_udp_hdr *)(skb->data + ihl); + src_port = udph->source; + dest_port = udph->dest; + + spin_lock_bh(&si->lock); + + /* + * Look for a connection match. + */ + cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, IPPROTO_UDP, src_ip, src_port, dest_ip, dest_port); + if (unlikely(!cm)) { + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_NO_CONNECTION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found\n"); + return 0; + } + + /* + * If our packet has beern marked as "flush on find" we can't actually + * forward it in the fast path, but now that we've found an associated + * connection we can flush that out before we process the packet. + */ + if (unlikely(flush_on_find)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("flush on find\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + +#ifdef CONFIG_XFRM + /* + * We can't accelerate the flow on this direction, just let it go + * through the slow path. + */ + if (unlikely(!cm->flow_accel)) { + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + return 0; + } +#endif + + /* + * Does our TTL allow forwarding? + */ + ttl = iph->ttl; + if (unlikely(ttl < 2)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_SMALL_TTL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("ttl too low\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * If our packet is larger than the MTU of the transmit interface then + * we can't forward it easily. + */ + if (unlikely(len > cm->xmit_dev_mtu)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("larger than mtu\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * From this point on we're good to modify the packet. + */ + + /* + * Update DSCP + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { + iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp; + } + + /* + * Decrement our TTL. + */ + iph->ttl = ttl - 1; + + /* + * Do we have to perform translations of the source address/port? + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC)) { + u16 udp_csum; + + iph->saddr = cm->xlate_src_ip; + udph->source = cm->xlate_src_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + udp_csum = udph->check; + if (likely(udp_csum)) { + u32 sum; + + if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { + sum = udp_csum + cm->xlate_src_partial_csum_adjustment; + } else { + sum = udp_csum + cm->xlate_src_csum_adjustment; + } + + sum = (sum & 0xffff) + (sum >> 16); + udph->check = (u16)sum; + } + } + + /* + * Do we have to perform translations of the destination address/port? + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST)) { + u16 udp_csum; + + iph->daddr = cm->xlate_dest_ip; + udph->dest = cm->xlate_dest_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + udp_csum = udph->check; + if (likely(udp_csum)) { + u32 sum; + + if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { + sum = udp_csum + cm->xlate_dest_partial_csum_adjustment; + } else { + sum = udp_csum + cm->xlate_dest_csum_adjustment; + } + + sum = (sum & 0xffff) + (sum >> 16); + udph->check = (u16)sum; + } + } + + /* + * Replace the IP checksum. + */ + iph->check = sfe_ipv4_gen_ip_csum(iph); + + /* + * Update traffic stats. + */ + cm->rx_packet_count++; + cm->rx_byte_count += len; + + /* + * If we're not already on the active list then insert ourselves at the tail + * of the current list. + */ + if (unlikely(!cm->active)) { + cm->active = true; + cm->active_prev = si->active_tail; + if (likely(si->active_tail)) { + si->active_tail->active_next = cm; + } else { + si->active_head = cm; + } + si->active_tail = cm; + } + + xmit_dev = cm->xmit_dev; + skb->dev = xmit_dev; + + /* + * Check to see if we need to write a header. + */ + if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { + if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { + dev_hard_header(skb, xmit_dev, ETH_P_IP, + cm->xmit_dest_mac, cm->xmit_src_mac, len); + } else { + /* + * For the simple case we write this really fast. + */ + struct sfe_ipv4_eth_hdr *eth = (struct sfe_ipv4_eth_hdr *)__skb_push(skb, ETH_HLEN); + eth->h_proto = htons(ETH_P_IP); + eth->h_dest[0] = cm->xmit_dest_mac[0]; + eth->h_dest[1] = cm->xmit_dest_mac[1]; + eth->h_dest[2] = cm->xmit_dest_mac[2]; + eth->h_source[0] = cm->xmit_src_mac[0]; + eth->h_source[1] = cm->xmit_src_mac[1]; + eth->h_source[2] = cm->xmit_src_mac[2]; + } + } + + /* + * Update priority of skb. + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { + skb->priority = cm->priority; + } + + /* + * Mark outgoing packet. + */ + skb->mark = cm->connection->mark; + if (skb->mark) { + DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); + } + + si->packets_forwarded++; + spin_unlock_bh(&si->lock); + + /* + * We're going to check for GSO flags when we transmit the packet so + * start fetching the necessary cache line now. + */ + prefetch(skb_shinfo(skb)); + + /* + * Mark that this packet has been fast forwarded. + */ + skb->fast_forwarded = 1; + + /* + * Send the packet on its way. + */ + dev_queue_xmit(skb); + + return 1; +} + +/* + * sfe_ipv4_process_tcp_option_sack() + * Parse TCP SACK option and update ack according + */ +static bool sfe_ipv4_process_tcp_option_sack(const struct sfe_ipv4_tcp_hdr *th, const u32 data_offs, + u32 *ack) +{ + u32 length = sizeof(struct sfe_ipv4_tcp_hdr); + u8 *ptr = (u8 *)th + length; + + /* + * Ignore processing if TCP packet has only TIMESTAMP option. + */ + if (likely(data_offs == length + TCPOLEN_TIMESTAMP + 1 + 1) + && likely(ptr[0] == TCPOPT_NOP) + && likely(ptr[1] == TCPOPT_NOP) + && likely(ptr[2] == TCPOPT_TIMESTAMP) + && likely(ptr[3] == TCPOLEN_TIMESTAMP)) { + return true; + } + + /* + * TCP options. Parse SACK option. + */ + while (length < data_offs) { + u8 size; + u8 kind; + + ptr = (u8 *)th + length; + kind = *ptr; + + /* + * NOP, for padding + * Not in the switch because to fast escape and to not calculate size + */ + if (kind == TCPOPT_NOP) { + length++; + continue; + } + + if (kind == TCPOPT_SACK) { + u32 sack = 0; + u8 re = 1 + 1; + + size = *(ptr + 1); + if ((size < (1 + 1 + TCPOLEN_SACK_PERBLOCK)) + || ((size - (1 + 1)) % (TCPOLEN_SACK_PERBLOCK)) + || (size > (data_offs - length))) { + return false; + } + + re += 4; + while (re < size) { + u32 sack_re; + u8 *sptr = ptr + re; + sack_re = (sptr[0] << 24) | (sptr[1] << 16) | (sptr[2] << 8) | sptr[3]; + if (sack_re > sack) { + sack = sack_re; + } + re += TCPOLEN_SACK_PERBLOCK; + } + if (sack > *ack) { + *ack = sack; + } + length += size; + continue; + } + if (kind == TCPOPT_EOL) { + return true; + } + size = *(ptr + 1); + if (size < 2) { + return false; + } + length += size; + } + + return true; +} + +/* + * sfe_ipv4_recv_tcp() + * Handle TCP packet receives and forwarding. + */ +static int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, + unsigned int len, struct sfe_ipv4_ip_hdr *iph, unsigned int ihl, bool flush_on_find) +{ + struct sfe_ipv4_tcp_hdr *tcph; + __be32 src_ip; + __be32 dest_ip; + __be16 src_port; + __be16 dest_port; + struct sfe_ipv4_connection_match *cm; + struct sfe_ipv4_connection_match *counter_cm; + u8 ttl; + u32 flags; + struct net_device *xmit_dev; + + /* + * Is our packet too short to contain a valid UDP header? + */ + if (unlikely(!pskb_may_pull(skb, (sizeof(struct sfe_ipv4_tcp_hdr) + ihl)))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("packet too short for TCP header\n"); + return 0; + } + + /* + * Read the IP address and port information. Read the IP header data first + * because we've almost certainly got that in the cache. We may not yet have + * the TCP header cached though so allow more time for any prefetching. + */ + src_ip = iph->saddr; + dest_ip = iph->daddr; + + tcph = (struct sfe_ipv4_tcp_hdr *)(skb->data + ihl); + src_port = tcph->source; + dest_port = tcph->dest; + flags = tcp_flag_word(tcph); + + spin_lock_bh(&si->lock); + + /* + * Look for a connection match. + */ + cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port); + if (unlikely(!cm)) { + /* + * We didn't get a connection but as TCP is connection-oriented that + * may be because this is a non-fast connection (not running established). + * For diagnostic purposes we differentiate this here. + */ + if (likely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) == TCP_FLAG_ACK)) { + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found - fast flags\n"); + return 0; + } + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found - slow flags: 0x%x\n", + flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); + return 0; + } + + /* + * If our packet has beern marked as "flush on find" we can't actually + * forward it in the fast path, but now that we've found an associated + * connection we can flush that out before we process the packet. + */ + if (unlikely(flush_on_find)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("flush on find\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + +#ifdef CONFIG_XFRM + /* + * We can't accelerate the flow on this direction, just let it go + * through the slow path. + */ + if (unlikely(!cm->flow_accel)) { + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + return 0; + } +#endif + /* + * Does our TTL allow forwarding? + */ + ttl = iph->ttl; + if (unlikely(ttl < 2)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("ttl too low\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * If our packet is larger than the MTU of the transmit interface then + * we can't forward it easily. + */ + if (unlikely((len > cm->xmit_dev_mtu) && !skb_is_gso(skb))) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("larger than mtu\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Look at our TCP flags. Anything missing an ACK or that has RST, SYN or FIN + * set is not a fast path packet. + */ + if (unlikely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) != TCP_FLAG_ACK)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP flags: 0x%x are not fast\n", + flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + counter_cm = cm->counter_match; + + /* + * Are we doing sequence number checking? + */ + if (likely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK))) { + u32 seq; + u32 ack; + u32 sack; + u32 data_offs; + u32 end; + u32 left_edge; + u32 scaled_win; + u32 max_end; + + /* + * Is our sequence fully past the right hand edge of the window? + */ + seq = ntohl(tcph->seq); + if (unlikely((s32)(seq - (cm->protocol_state.tcp.max_end + 1)) > 0)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("seq: %u exceeds right edge: %u\n", + seq, cm->protocol_state.tcp.max_end + 1); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Check that our TCP data offset isn't too short. + */ + data_offs = tcph->doff << 2; + if (unlikely(data_offs < sizeof(struct sfe_ipv4_tcp_hdr))) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP data offset: %u, too small\n", data_offs); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Update ACK according to any SACK option. + */ + ack = ntohl(tcph->ack_seq); + sack = ack; + if (unlikely(!sfe_ipv4_process_tcp_option_sack(tcph, data_offs, &sack))) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP option SACK size is wrong\n"); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Check that our TCP data offset isn't past the end of the packet. + */ + data_offs += sizeof(struct sfe_ipv4_ip_hdr); + if (unlikely(len < data_offs)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP data offset: %u, past end of packet: %u\n", + data_offs, len); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + end = seq + len - data_offs; + + /* + * Is our sequence fully before the left hand edge of the window? + */ + if (unlikely((s32)(end - (cm->protocol_state.tcp.end + - counter_cm->protocol_state.tcp.max_win - 1)) < 0)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("seq: %u before left edge: %u\n", + end, cm->protocol_state.tcp.end - counter_cm->protocol_state.tcp.max_win - 1); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Are we acking data that is to the right of what has been sent? + */ + if (unlikely((s32)(sack - (counter_cm->protocol_state.tcp.end + 1)) > 0)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("ack: %u exceeds right edge: %u\n", + sack, counter_cm->protocol_state.tcp.end + 1); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Is our ack too far before the left hand edge of the window? + */ + left_edge = counter_cm->protocol_state.tcp.end + - cm->protocol_state.tcp.max_win + - SFE_IPV4_TCP_MAX_ACK_WINDOW + - 1; + if (unlikely((s32)(sack - left_edge) < 0)) { + struct sfe_ipv4_connection *c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("ack: %u before left edge: %u\n", sack, left_edge); + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Have we just seen the largest window size yet for this connection? If yes + * then we need to record the new value. + */ + scaled_win = ntohs(tcph->window) << cm->protocol_state.tcp.win_scale; + scaled_win += (sack - ack); + if (unlikely(cm->protocol_state.tcp.max_win < scaled_win)) { + cm->protocol_state.tcp.max_win = scaled_win; + } + + /* + * If our sequence and/or ack numbers have advanced then record the new state. + */ + if (likely((s32)(end - cm->protocol_state.tcp.end) >= 0)) { + cm->protocol_state.tcp.end = end; + } + + max_end = sack + scaled_win; + if (likely((s32)(max_end - counter_cm->protocol_state.tcp.max_end) >= 0)) { + counter_cm->protocol_state.tcp.max_end = max_end; + } + } + + /* + * From this point on we're good to modify the packet. + */ + + /* + * Update DSCP + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { + iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp; + } + + /* + * Decrement our TTL. + */ + iph->ttl = ttl - 1; + + /* + * Do we have to perform translations of the source address/port? + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC)) { + u16 tcp_csum; + u32 sum; + + iph->saddr = cm->xlate_src_ip; + tcph->source = cm->xlate_src_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + tcp_csum = tcph->check; + if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { + sum = tcp_csum + cm->xlate_src_partial_csum_adjustment; + } else { + sum = tcp_csum + cm->xlate_src_csum_adjustment; + } + + sum = (sum & 0xffff) + (sum >> 16); + tcph->check = (u16)sum; + } + + /* + * Do we have to perform translations of the destination address/port? + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST)) { + u16 tcp_csum; + u32 sum; + + iph->daddr = cm->xlate_dest_ip; + tcph->dest = cm->xlate_dest_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + tcp_csum = tcph->check; + if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) { + sum = tcp_csum + cm->xlate_dest_partial_csum_adjustment; + } else { + sum = tcp_csum + cm->xlate_dest_csum_adjustment; + } + + sum = (sum & 0xffff) + (sum >> 16); + tcph->check = (u16)sum; + } + + /* + * Replace the IP checksum. + */ + iph->check = sfe_ipv4_gen_ip_csum(iph); + + /* + * Update traffic stats. + */ + cm->rx_packet_count++; + cm->rx_byte_count += len; + + /* + * If we're not already on the active list then insert ourselves at the tail + * of the current list. + */ + if (unlikely(!cm->active)) { + cm->active = true; + cm->active_prev = si->active_tail; + if (likely(si->active_tail)) { + si->active_tail->active_next = cm; + } else { + si->active_head = cm; + } + si->active_tail = cm; + } + + xmit_dev = cm->xmit_dev; + skb->dev = xmit_dev; + + /* + * Check to see if we need to write a header. + */ + if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { + if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { + dev_hard_header(skb, xmit_dev, ETH_P_IP, + cm->xmit_dest_mac, cm->xmit_src_mac, len); + } else { + /* + * For the simple case we write this really fast. + */ + struct sfe_ipv4_eth_hdr *eth = (struct sfe_ipv4_eth_hdr *)__skb_push(skb, ETH_HLEN); + eth->h_proto = htons(ETH_P_IP); + eth->h_dest[0] = cm->xmit_dest_mac[0]; + eth->h_dest[1] = cm->xmit_dest_mac[1]; + eth->h_dest[2] = cm->xmit_dest_mac[2]; + eth->h_source[0] = cm->xmit_src_mac[0]; + eth->h_source[1] = cm->xmit_src_mac[1]; + eth->h_source[2] = cm->xmit_src_mac[2]; + } + } + + /* + * Update priority of skb. + */ + if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { + skb->priority = cm->priority; + } + + /* + * Mark outgoing packet + */ + skb->mark = cm->connection->mark; + if (skb->mark) { + DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); + } + + si->packets_forwarded++; + spin_unlock_bh(&si->lock); + + /* + * We're going to check for GSO flags when we transmit the packet so + * start fetching the necessary cache line now. + */ + prefetch(skb_shinfo(skb)); + + /* + * Mark that this packet has been fast forwarded. + */ + skb->fast_forwarded = 1; + + /* + * Send the packet on its way. + */ + dev_queue_xmit(skb); + + return 1; +} + +/* + * sfe_ipv4_recv_icmp() + * Handle ICMP packet receives. + * + * ICMP packets aren't handled as a "fast path" and always have us process them + * through the default Linux stack. What we do need to do is look for any errors + * about connections we are handling in the fast path. If we find any such + * connections then we want to flush their state so that the ICMP error path + * within Linux has all of the correct state should it need it. + */ +static int sfe_ipv4_recv_icmp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, + unsigned int len, struct sfe_ipv4_ip_hdr *iph, unsigned int ihl) +{ + struct icmphdr *icmph; + struct sfe_ipv4_ip_hdr *icmp_iph; + unsigned int icmp_ihl_words; + unsigned int icmp_ihl; + u32 *icmp_trans_h; + struct sfe_ipv4_udp_hdr *icmp_udph; + struct sfe_ipv4_tcp_hdr *icmp_tcph; + __be32 src_ip; + __be32 dest_ip; + __be16 src_port; + __be16 dest_port; + struct sfe_ipv4_connection_match *cm; + struct sfe_ipv4_connection *c; + u32 pull_len = sizeof(struct icmphdr) + ihl; + + /* + * Is our packet too short to contain a valid ICMP header? + */ + len -= ihl; + if (!pskb_may_pull(skb, pull_len)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("packet too short for ICMP header\n"); + return 0; + } + + /* + * We only handle "destination unreachable" and "time exceeded" messages. + */ + icmph = (struct icmphdr *)(skb->data + ihl); + if ((icmph->type != ICMP_DEST_UNREACH) + && (icmph->type != ICMP_TIME_EXCEEDED)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("unhandled ICMP type: 0x%x\n", icmph->type); + return 0; + } + + /* + * Do we have the full embedded IP header? + */ + len -= sizeof(struct icmphdr); + pull_len += sizeof(struct sfe_ipv4_ip_hdr); + if (!pskb_may_pull(skb, pull_len)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Embedded IP header not complete\n"); + return 0; + } + + /* + * Is our embedded IP version wrong? + */ + icmp_iph = (struct sfe_ipv4_ip_hdr *)(icmph + 1); + if (unlikely(icmp_iph->version != 4)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_NON_V4]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("IP version: %u\n", icmp_iph->version); + return 0; + } + + /* + * Do we have the full embedded IP header, including any options? + */ + icmp_ihl_words = icmp_iph->ihl; + icmp_ihl = icmp_ihl_words << 2; + pull_len += icmp_ihl - sizeof(struct sfe_ipv4_ip_hdr); + if (!pskb_may_pull(skb, pull_len)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_IP_OPTIONS_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Embedded header not large enough for IP options\n"); + return 0; + } + + len -= icmp_ihl; + icmp_trans_h = ((u32 *)icmp_iph) + icmp_ihl_words; + + /* + * Handle the embedded transport layer header. + */ + switch (icmp_iph->protocol) { + case IPPROTO_UDP: + /* + * We should have 8 bytes of UDP header - that's enough to identify + * the connection. + */ + pull_len += 8; + if (!pskb_may_pull(skb, pull_len)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UDP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Incomplete embedded UDP header\n"); + return 0; + } + + icmp_udph = (struct sfe_ipv4_udp_hdr *)icmp_trans_h; + src_port = icmp_udph->source; + dest_port = icmp_udph->dest; + break; + + case IPPROTO_TCP: + /* + * We should have 8 bytes of TCP header - that's enough to identify + * the connection. + */ + pull_len += 8; + if (!pskb_may_pull(skb, pull_len)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_TCP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Incomplete embedded TCP header\n"); + return 0; + } + + icmp_tcph = (struct sfe_ipv4_tcp_hdr *)icmp_trans_h; + src_port = icmp_tcph->source; + dest_port = icmp_tcph->dest; + break; + + default: + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UNHANDLED_PROTOCOL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Unhandled embedded IP protocol: %u\n", icmp_iph->protocol); + return 0; + } + + src_ip = icmp_iph->saddr; + dest_ip = icmp_iph->daddr; + + spin_lock_bh(&si->lock); + + /* + * Look for a connection match. Note that we reverse the source and destination + * here because our embedded message contains a packet that was sent in the + * opposite direction to the one in which we just received it. It will have + * been sent on the interface from which we received it though so that's still + * ok to use. + */ + cm = sfe_ipv4_find_sfe_ipv4_connection_match(si, dev, icmp_iph->protocol, dest_ip, dest_port, src_ip, src_port); + if (unlikely(!cm)) { + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_NO_CONNECTION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found\n"); + return 0; + } + + /* + * We found a connection so now remove it from the connection list and flush + * its state. + */ + c = cm->connection; + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; +} + +/* + * sfe_ipv4_recv() + * Handle packet receives and forwaring. + * + * Returns 1 if the packet is forwarded or 0 if it isn't. + */ +int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb) +{ + struct sfe_ipv4 *si = &__si; + unsigned int len; + unsigned int tot_len; + unsigned int frag_off; + unsigned int ihl; + bool flush_on_find; + bool ip_options; + struct sfe_ipv4_ip_hdr *iph; + u32 protocol; + + /* + * Check that we have space for an IP header here. + */ + len = skb->len; + if (unlikely(!pskb_may_pull(skb, sizeof(struct sfe_ipv4_ip_hdr)))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("len: %u is too short\n", len); + return 0; + } + + /* + * Check that our "total length" is large enough for an IP header. + */ + iph = (struct sfe_ipv4_ip_hdr *)skb->data; + tot_len = ntohs(iph->tot_len); + if (unlikely(tot_len < sizeof(struct sfe_ipv4_ip_hdr))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_BAD_TOTAL_LENGTH]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("tot_len: %u is too short\n", tot_len); + return 0; + } + + /* + * Is our IP version wrong? + */ + if (unlikely(iph->version != 4)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_NON_V4]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("IP version: %u\n", iph->version); + return 0; + } + + /* + * Does our datagram fit inside the skb? + */ + if (unlikely(tot_len > len)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("tot_len: %u, exceeds len: %u\n", tot_len, len); + return 0; + } + + /* + * Do we have a non-initial fragment? + */ + frag_off = ntohs(iph->frag_off); + if (unlikely(frag_off & IP_OFFSET)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("non-initial fragment\n"); + return 0; + } + + /* + * If we have a (first) fragment then mark it to cause any connection to flush. + */ + flush_on_find = unlikely(frag_off & IP_MF) ? true : false; + + /* + * Do we have any IP options? That's definite a slow path! If we do have IP + * options we need to recheck our header size. + */ + ihl = iph->ihl << 2; + ip_options = unlikely(ihl != sizeof(struct sfe_ipv4_ip_hdr)) ? true : false; + if (unlikely(ip_options)) { + if (unlikely(len < ihl)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("len: %u is too short for header of size: %u\n", len, ihl); + return 0; + } + + flush_on_find = true; + } + + if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_CSUM_ERROR]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("checksum of ipv4 header is invalid\n"); + return 0; + } + + protocol = iph->protocol; + if (IPPROTO_UDP == protocol) { + return sfe_ipv4_recv_udp(si, skb, dev, len, iph, ihl, flush_on_find); + } + + if (IPPROTO_TCP == protocol) { + return sfe_ipv4_recv_tcp(si, skb, dev, len, iph, ihl, flush_on_find); + } + + if (IPPROTO_ICMP == protocol) { + return sfe_ipv4_recv_icmp(si, skb, dev, len, iph, ihl); + } + + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV4_EXCEPTION_EVENT_UNHANDLED_PROTOCOL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("not UDP, TCP or ICMP: %u\n", protocol); + return 0; +} + +static void +sfe_ipv4_update_tcp_state(struct sfe_ipv4_connection *c, + struct sfe_connection_create *sic) +{ + struct sfe_ipv4_connection_match *orig_cm; + struct sfe_ipv4_connection_match *repl_cm; + struct sfe_ipv4_tcp_connection_match *orig_tcp; + struct sfe_ipv4_tcp_connection_match *repl_tcp; + + orig_cm = c->original_match; + repl_cm = c->reply_match; + orig_tcp = &orig_cm->protocol_state.tcp; + repl_tcp = &repl_cm->protocol_state.tcp; + + /* update orig */ + if (orig_tcp->max_win < sic->src_td_max_window) { + orig_tcp->max_win = sic->src_td_max_window; + } + if ((s32)(orig_tcp->end - sic->src_td_end) < 0) { + orig_tcp->end = sic->src_td_end; + } + if ((s32)(orig_tcp->max_end - sic->src_td_max_end) < 0) { + orig_tcp->max_end = sic->src_td_max_end; + } + + /* update reply */ + if (repl_tcp->max_win < sic->dest_td_max_window) { + repl_tcp->max_win = sic->dest_td_max_window; + } + if ((s32)(repl_tcp->end - sic->dest_td_end) < 0) { + repl_tcp->end = sic->dest_td_end; + } + if ((s32)(repl_tcp->max_end - sic->dest_td_max_end) < 0) { + repl_tcp->max_end = sic->dest_td_max_end; + } + + /* update match flags */ + orig_cm->flags &= ~SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + repl_cm->flags &= ~SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { + orig_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + repl_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + } +} + +static void +sfe_ipv4_update_protocol_state(struct sfe_ipv4_connection *c, + struct sfe_connection_create *sic) +{ + switch (sic->protocol) { + case IPPROTO_TCP: + sfe_ipv4_update_tcp_state(c, sic); + break; + } +} + +void sfe_ipv4_update_rule(struct sfe_connection_create *sic) +{ + struct sfe_ipv4_connection *c; + struct sfe_ipv4 *si = &__si; + + spin_lock_bh(&si->lock); + + c = sfe_ipv4_find_sfe_ipv4_connection(si, + sic->protocol, + sic->src_ip.ip, + sic->src_port, + sic->dest_ip.ip, + sic->dest_port); + if (c != NULL) { + sfe_ipv4_update_protocol_state(c, sic); + } + + spin_unlock_bh(&si->lock); +} + +/* + * sfe_ipv4_create_rule() + * Create a forwarding rule. + */ +int sfe_ipv4_create_rule(struct sfe_connection_create *sic) +{ + struct sfe_ipv4 *si = &__si; + struct sfe_ipv4_connection *c; + struct sfe_ipv4_connection_match *original_cm; + struct sfe_ipv4_connection_match *reply_cm; + struct net_device *dest_dev; + struct net_device *src_dev; + + dest_dev = sic->dest_dev; + src_dev = sic->src_dev; + + if (unlikely((dest_dev->reg_state != NETREG_REGISTERED) || + (src_dev->reg_state != NETREG_REGISTERED))) { + return -EINVAL; + } + + spin_lock_bh(&si->lock); + si->connection_create_requests++; + + /* + * Check to see if there is already a flow that matches the rule we're + * trying to create. If there is then we can't create a new one. + */ + c = sfe_ipv4_find_sfe_ipv4_connection(si, + sic->protocol, + sic->src_ip.ip, + sic->src_port, + sic->dest_ip.ip, + sic->dest_port); + if (c != NULL) { + si->connection_create_collisions++; + + /* + * If we already have the flow then it's likely that this + * request to create the connection rule contains more + * up-to-date information. Check and update accordingly. + */ + sfe_ipv4_update_protocol_state(c, sic); + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" + " s: %s:%pM:%pI4:%u, d: %s:%pM:%pI4:%u\n", + sic->mark, sic->protocol, + sic->src_dev->name, sic->src_mac, &sic->src_ip.ip, ntohs(sic->src_port), + sic->dest_dev->name, sic->dest_mac, &sic->dest_ip.ip, ntohs(sic->dest_port)); + return -EADDRINUSE; + } + + /* + * Allocate the various connection tracking objects. + */ + c = (struct sfe_ipv4_connection *)kmalloc(sizeof(struct sfe_ipv4_connection), GFP_ATOMIC); + if (unlikely(!c)) { + spin_unlock_bh(&si->lock); + return -ENOMEM; + } + + original_cm = (struct sfe_ipv4_connection_match *)kmalloc(sizeof(struct sfe_ipv4_connection_match), GFP_ATOMIC); + if (unlikely(!original_cm)) { + spin_unlock_bh(&si->lock); + kfree(c); + return -ENOMEM; + } + + reply_cm = (struct sfe_ipv4_connection_match *)kmalloc(sizeof(struct sfe_ipv4_connection_match), GFP_ATOMIC); + if (unlikely(!reply_cm)) { + spin_unlock_bh(&si->lock); + kfree(original_cm); + kfree(c); + return -ENOMEM; + } + + /* + * Fill in the "original" direction connection matching object. + * Note that the transmit MAC address is "dest_mac_xlate" because + * we always know both ends of a connection by their translated + * addresses and not their public addresses. + */ + original_cm->match_dev = src_dev; + original_cm->match_protocol = sic->protocol; + original_cm->match_src_ip = sic->src_ip.ip; + original_cm->match_src_port = sic->src_port; + original_cm->match_dest_ip = sic->dest_ip.ip; + original_cm->match_dest_port = sic->dest_port; + original_cm->xlate_src_ip = sic->src_ip_xlate.ip; + original_cm->xlate_src_port = sic->src_port_xlate; + original_cm->xlate_dest_ip = sic->dest_ip_xlate.ip; + original_cm->xlate_dest_port = sic->dest_port_xlate; + original_cm->rx_packet_count = 0; + original_cm->rx_packet_count64 = 0; + original_cm->rx_byte_count = 0; + original_cm->rx_byte_count64 = 0; + original_cm->xmit_dev = dest_dev; + original_cm->xmit_dev_mtu = sic->dest_mtu; + memcpy(original_cm->xmit_src_mac, dest_dev->dev_addr, ETH_ALEN); + memcpy(original_cm->xmit_dest_mac, sic->dest_mac_xlate, ETH_ALEN); + original_cm->connection = c; + original_cm->counter_match = reply_cm; + original_cm->flags = 0; + if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { + original_cm->priority = sic->src_priority; + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; + } + if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { + original_cm->dscp = sic->src_dscp << SFE_IPV4_DSCP_SHIFT; + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK; + } +#ifdef CONFIG_XFRM + original_cm->flow_accel = sic->original_accel; +#endif + original_cm->active_next = NULL; + original_cm->active_prev = NULL; + original_cm->active = false; + + /* + * For PPP links we don't write an L2 header. For everything else we do. + */ + if (!(dest_dev->flags & IFF_POINTOPOINT)) { + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; + + /* + * If our dev writes Ethernet headers then we can write a really fast + * version. + */ + if (dest_dev->header_ops) { + if (dest_dev->header_ops->create == eth_header) { + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; + } + } + } + + /* + * Fill in the "reply" direction connection matching object. + */ + reply_cm->match_dev = dest_dev; + reply_cm->match_protocol = sic->protocol; + reply_cm->match_src_ip = sic->dest_ip_xlate.ip; + reply_cm->match_src_port = sic->dest_port_xlate; + reply_cm->match_dest_ip = sic->src_ip_xlate.ip; + reply_cm->match_dest_port = sic->src_port_xlate; + reply_cm->xlate_src_ip = sic->dest_ip.ip; + reply_cm->xlate_src_port = sic->dest_port; + reply_cm->xlate_dest_ip = sic->src_ip.ip; + reply_cm->xlate_dest_port = sic->src_port; + reply_cm->rx_packet_count = 0; + reply_cm->rx_packet_count64 = 0; + reply_cm->rx_byte_count = 0; + reply_cm->rx_byte_count64 = 0; + reply_cm->xmit_dev = src_dev; + reply_cm->xmit_dev_mtu = sic->src_mtu; + memcpy(reply_cm->xmit_src_mac, src_dev->dev_addr, ETH_ALEN); + memcpy(reply_cm->xmit_dest_mac, sic->src_mac, ETH_ALEN); + reply_cm->connection = c; + reply_cm->counter_match = original_cm; + reply_cm->flags = 0; + if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { + reply_cm->priority = sic->dest_priority; + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; + } + if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { + reply_cm->dscp = sic->dest_dscp << SFE_IPV4_DSCP_SHIFT; + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK; + } +#ifdef CONFIG_XFRM + reply_cm->flow_accel = sic->reply_accel; +#endif + reply_cm->active_next = NULL; + reply_cm->active_prev = NULL; + reply_cm->active = false; + + /* + * For PPP links we don't write an L2 header. For everything else we do. + */ + if (!(src_dev->flags & IFF_POINTOPOINT)) { + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; + + /* + * If our dev writes Ethernet headers then we can write a really fast + * version. + */ + if (src_dev->header_ops) { + if (src_dev->header_ops->create == eth_header) { + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; + } + } + } + + + if (sic->dest_ip.ip != sic->dest_ip_xlate.ip || sic->dest_port != sic->dest_port_xlate) { + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST; + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC; + } + + if (sic->src_ip.ip != sic->src_ip_xlate.ip || sic->src_port != sic->src_port_xlate) { + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC; + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST; + } + + c->protocol = sic->protocol; + c->src_ip = sic->src_ip.ip; + c->src_ip_xlate = sic->src_ip_xlate.ip; + c->src_port = sic->src_port; + c->src_port_xlate = sic->src_port_xlate; + c->original_dev = src_dev; + c->original_match = original_cm; + c->dest_ip = sic->dest_ip.ip; + c->dest_ip_xlate = sic->dest_ip_xlate.ip; + c->dest_port = sic->dest_port; + c->dest_port_xlate = sic->dest_port_xlate; + c->reply_dev = dest_dev; + c->reply_match = reply_cm; + c->mark = sic->mark; + c->debug_read_seq = 0; + c->last_sync_jiffies = get_jiffies_64(); + + /* + * Take hold of our source and dest devices for the duration of the connection. + */ + dev_hold(c->original_dev); + dev_hold(c->reply_dev); + + /* + * Initialize the protocol-specific information that we track. + */ + switch (sic->protocol) { + case IPPROTO_TCP: + original_cm->protocol_state.tcp.win_scale = sic->src_td_window_scale; + original_cm->protocol_state.tcp.max_win = sic->src_td_max_window ? sic->src_td_max_window : 1; + original_cm->protocol_state.tcp.end = sic->src_td_end; + original_cm->protocol_state.tcp.max_end = sic->src_td_max_end; + reply_cm->protocol_state.tcp.win_scale = sic->dest_td_window_scale; + reply_cm->protocol_state.tcp.max_win = sic->dest_td_max_window ? sic->dest_td_max_window : 1; + reply_cm->protocol_state.tcp.end = sic->dest_td_end; + reply_cm->protocol_state.tcp.max_end = sic->dest_td_max_end; + if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { + original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + } + break; + } + + sfe_ipv4_connection_match_compute_translations(original_cm); + sfe_ipv4_connection_match_compute_translations(reply_cm); + sfe_ipv4_insert_sfe_ipv4_connection(si, c); + + spin_unlock_bh(&si->lock); + + /* + * We have everything we need! + */ + DEBUG_INFO("new connection - mark: %08x, p: %d\n" + " s: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n" + " d: %s:%pM(%pM):%pI4(%pI4):%u(%u)\n", + sic->mark, sic->protocol, + sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, + &sic->src_ip.ip, &sic->src_ip_xlate.ip, ntohs(sic->src_port), ntohs(sic->src_port_xlate), + dest_dev->name, sic->dest_mac, sic->dest_mac_xlate, + &sic->dest_ip.ip, &sic->dest_ip_xlate.ip, ntohs(sic->dest_port), ntohs(sic->dest_port_xlate)); + + return 0; +} + +/* + * sfe_ipv4_destroy_rule() + * Destroy a forwarding rule. + */ +void sfe_ipv4_destroy_rule(struct sfe_connection_destroy *sid) +{ + struct sfe_ipv4 *si = &__si; + struct sfe_ipv4_connection *c; + + spin_lock_bh(&si->lock); + si->connection_destroy_requests++; + + /* + * Check to see if we have a flow that matches the rule we're trying + * to destroy. If there isn't then we can't destroy it. + */ + c = sfe_ipv4_find_sfe_ipv4_connection(si, sid->protocol, sid->src_ip.ip, sid->src_port, + sid->dest_ip.ip, sid->dest_port); + if (!c) { + si->connection_destroy_misses++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("connection does not exist - p: %d, s: %pI4:%u, d: %pI4:%u\n", + sid->protocol, &sid->src_ip, ntohs(sid->src_port), + &sid->dest_ip, ntohs(sid->dest_port)); + return; + } + + /* + * Remove our connection details from the hash tables. + */ + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + spin_unlock_bh(&si->lock); + + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_DESTROY); + + DEBUG_INFO("connection destroyed - p: %d, s: %pI4:%u, d: %pI4:%u\n", + sid->protocol, &sid->src_ip.ip, ntohs(sid->src_port), + &sid->dest_ip.ip, ntohs(sid->dest_port)); +} + +/* + * sfe_ipv4_register_sync_rule_callback() + * Register a callback for rule synchronization. + */ +void sfe_ipv4_register_sync_rule_callback(sfe_sync_rule_callback_t sync_rule_callback) +{ + struct sfe_ipv4 *si = &__si; + + spin_lock_bh(&si->lock); + rcu_assign_pointer(si->sync_rule_callback, sync_rule_callback); + spin_unlock_bh(&si->lock); +} + +/* + * sfe_ipv4_get_debug_dev() + */ +static ssize_t sfe_ipv4_get_debug_dev(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + struct sfe_ipv4 *si = &__si; + ssize_t count; + int num; + + spin_lock_bh(&si->lock); + num = si->debug_dev; + spin_unlock_bh(&si->lock); + + count = snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", num); + return count; +} + +/* + * sysfs attributes. + */ +static const struct device_attribute sfe_ipv4_debug_dev_attr = + __ATTR(debug_dev, S_IWUSR | S_IRUGO, sfe_ipv4_get_debug_dev, NULL); + +/* + * sfe_ipv4_destroy_all_rules_for_dev() + * Destroy all connections that match a particular device. + * + * If we pass dev as NULL then this destroys all connections. + */ +void sfe_ipv4_destroy_all_rules_for_dev(struct net_device *dev) +{ + struct sfe_ipv4 *si = &__si; + struct sfe_ipv4_connection *c; + +another_round: + spin_lock_bh(&si->lock); + + for (c = si->all_connections_head; c; c = c->all_connections_next) { + /* + * Does this connection relate to the device we are destroying? + */ + if (!dev + || (dev == c->original_dev) + || (dev == c->reply_dev)) { + break; + } + } + + if (c) { + sfe_ipv4_remove_sfe_ipv4_connection(si, c); + } + + spin_unlock_bh(&si->lock); + + if (c) { + sfe_ipv4_flush_sfe_ipv4_connection(si, c, SFE_SYNC_REASON_DESTROY); + goto another_round; + } +} + +/* + * sfe_ipv4_periodic_sync() + */ +static void sfe_ipv4_periodic_sync(unsigned long arg) +{ + struct sfe_ipv4 *si = (struct sfe_ipv4 *)arg; + u64 now_jiffies; + int quota; + sfe_sync_rule_callback_t sync_rule_callback; + + now_jiffies = get_jiffies_64(); + + rcu_read_lock(); + sync_rule_callback = rcu_dereference(si->sync_rule_callback); + if (!sync_rule_callback) { + rcu_read_unlock(); + goto done; + } + + spin_lock_bh(&si->lock); + sfe_ipv4_update_summary_stats(si); + + /* + * Get an estimate of the number of connections to parse in this sync. + */ + quota = (si->num_connections + 63) / 64; + + /* + * Walk the "active" list and sync the connection state. + */ + while (quota--) { + struct sfe_ipv4_connection_match *cm; + struct sfe_ipv4_connection_match *counter_cm; + struct sfe_ipv4_connection *c; + struct sfe_connection_sync sis; + + cm = si->active_head; + if (!cm) { + break; + } + + /* + * There's a possibility that our counter match is in the active list too. + * If it is then remove it. + */ + counter_cm = cm->counter_match; + if (counter_cm->active) { + counter_cm->active = false; + + /* + * We must have a connection preceding this counter match + * because that's the one that got us to this point, so we don't have + * to worry about removing the head of the list. + */ + counter_cm->active_prev->active_next = counter_cm->active_next; + + if (likely(counter_cm->active_next)) { + counter_cm->active_next->active_prev = counter_cm->active_prev; + } else { + si->active_tail = counter_cm->active_prev; + } + + counter_cm->active_next = NULL; + counter_cm->active_prev = NULL; + } + + /* + * Now remove the head of the active scan list. + */ + cm->active = false; + si->active_head = cm->active_next; + if (likely(cm->active_next)) { + cm->active_next->active_prev = NULL; + } else { + si->active_tail = NULL; + } + cm->active_next = NULL; + + /* + * Sync the connection state. + */ + c = cm->connection; + sfe_ipv4_gen_sync_sfe_ipv4_connection(si, c, &sis, SFE_SYNC_REASON_STATS, now_jiffies); + + /* + * We don't want to be holding the lock when we sync! + */ + spin_unlock_bh(&si->lock); + sync_rule_callback(&sis); + spin_lock_bh(&si->lock); + } + + spin_unlock_bh(&si->lock); + rcu_read_unlock(); + +done: + mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); +} + +#define CHAR_DEV_MSG_SIZE 768 + +/* + * sfe_ipv4_debug_dev_read_start() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_start(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + + si->debug_read_seq++; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv4_debug_dev_read_connections_start() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_connections_start(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv4_debug_dev_read_connections_connection() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_connections_connection(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + struct sfe_ipv4_connection *c; + struct sfe_ipv4_connection_match *original_cm; + struct sfe_ipv4_connection_match *reply_cm; + int bytes_read; + int protocol; + struct net_device *src_dev; + __be32 src_ip; + __be32 src_ip_xlate; + __be16 src_port; + __be16 src_port_xlate; + u64 src_rx_packets; + u64 src_rx_bytes; + struct net_device *dest_dev; + __be32 dest_ip; + __be32 dest_ip_xlate; + __be16 dest_port; + __be16 dest_port_xlate; + u64 dest_rx_packets; + u64 dest_rx_bytes; + u64 last_sync_jiffies; + u32 mark, src_priority, dest_priority, src_dscp, dest_dscp; + + spin_lock_bh(&si->lock); + + for (c = si->all_connections_head; c; c = c->all_connections_next) { + if (c->debug_read_seq < si->debug_read_seq) { + c->debug_read_seq = si->debug_read_seq; + break; + } + } + + /* + * If there were no connections then move to the next state. + */ + if (!c) { + spin_unlock_bh(&si->lock); + ws->state++; + return true; + } + + original_cm = c->original_match; + reply_cm = c->reply_match; + + protocol = c->protocol; + src_dev = c->original_dev; + src_ip = c->src_ip; + src_ip_xlate = c->src_ip_xlate; + src_port = c->src_port; + src_port_xlate = c->src_port_xlate; + src_priority = original_cm->priority; + src_dscp = original_cm->dscp >> SFE_IPV4_DSCP_SHIFT; + + sfe_ipv4_connection_match_update_summary_stats(original_cm); + sfe_ipv4_connection_match_update_summary_stats(reply_cm); + + src_rx_packets = original_cm->rx_packet_count64; + src_rx_bytes = original_cm->rx_byte_count64; + dest_dev = c->reply_dev; + dest_ip = c->dest_ip; + dest_ip_xlate = c->dest_ip_xlate; + dest_port = c->dest_port; + dest_port_xlate = c->dest_port_xlate; + dest_priority = reply_cm->priority; + dest_dscp = reply_cm->dscp >> SFE_IPV4_DSCP_SHIFT; + dest_rx_packets = reply_cm->rx_packet_count64; + dest_rx_bytes = reply_cm->rx_byte_count64; + last_sync_jiffies = get_jiffies_64() - c->last_sync_jiffies; + mark = c->mark; + + spin_unlock_bh(&si->lock); + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\t\n", + protocol, + src_dev->name, + &src_ip, &src_ip_xlate, + ntohs(src_port), ntohs(src_port_xlate), + src_priority, src_dscp, + src_rx_packets, src_rx_bytes, + dest_dev->name, + &dest_ip, &dest_ip_xlate, + ntohs(dest_port), ntohs(dest_port_xlate), + dest_priority, dest_dscp, + dest_rx_packets, dest_rx_bytes, + last_sync_jiffies, mark); + + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + return true; +} + +/* + * sfe_ipv4_debug_dev_read_connections_end() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_connections_end(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv4_debug_dev_read_exceptions_start() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_exceptions_start(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv4_debug_dev_read_exceptions_exception() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_exceptions_exception(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + u64 ct; + + spin_lock_bh(&si->lock); + ct = si->exception_events64[ws->iter_exception]; + spin_unlock_bh(&si->lock); + + if (ct) { + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, + "\t\t\n", + sfe_ipv4_exception_events_string[ws->iter_exception], + ct); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + } + + ws->iter_exception++; + if (ws->iter_exception >= SFE_IPV4_EXCEPTION_EVENT_LAST) { + ws->iter_exception = 0; + ws->state++; + } + + return true; +} + +/* + * sfe_ipv4_debug_dev_read_exceptions_end() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_exceptions_end(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv4_debug_dev_read_stats() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_stats(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + unsigned int num_connections; + u64 packets_forwarded; + u64 packets_not_forwarded; + u64 connection_create_requests; + u64 connection_create_collisions; + u64 connection_destroy_requests; + u64 connection_destroy_misses; + u64 connection_flushes; + u64 connection_match_hash_hits; + u64 connection_match_hash_reorders; + + spin_lock_bh(&si->lock); + sfe_ipv4_update_summary_stats(si); + + num_connections = si->num_connections; + packets_forwarded = si->packets_forwarded64; + packets_not_forwarded = si->packets_not_forwarded64; + connection_create_requests = si->connection_create_requests64; + connection_create_collisions = si->connection_create_collisions64; + connection_destroy_requests = si->connection_destroy_requests64; + connection_destroy_misses = si->connection_destroy_misses64; + connection_flushes = si->connection_flushes64; + connection_match_hash_hits = si->connection_match_hash_hits64; + connection_match_hash_reorders = si->connection_match_hash_reorders64; + spin_unlock_bh(&si->lock); + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n", + num_connections, + packets_forwarded, + packets_not_forwarded, + connection_create_requests, + connection_create_collisions, + connection_destroy_requests, + connection_destroy_misses, + connection_flushes, + connection_match_hash_hits, + connection_match_hash_reorders); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv4_debug_dev_read_end() + * Generate part of the XML output. + */ +static bool sfe_ipv4_debug_dev_read_end(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv4_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * Array of write functions that write various XML elements that correspond to + * our XML output state machine. + */ +static sfe_ipv4_debug_xml_write_method_t sfe_ipv4_debug_xml_write_methods[SFE_IPV4_DEBUG_XML_STATE_DONE] = { + sfe_ipv4_debug_dev_read_start, + sfe_ipv4_debug_dev_read_connections_start, + sfe_ipv4_debug_dev_read_connections_connection, + sfe_ipv4_debug_dev_read_connections_end, + sfe_ipv4_debug_dev_read_exceptions_start, + sfe_ipv4_debug_dev_read_exceptions_exception, + sfe_ipv4_debug_dev_read_exceptions_end, + sfe_ipv4_debug_dev_read_stats, + sfe_ipv4_debug_dev_read_end, +}; + +/* + * sfe_ipv4_debug_dev_read() + * Send info to userspace upon read request from user + */ +static ssize_t sfe_ipv4_debug_dev_read(struct file *filp, char *buffer, size_t length, loff_t *offset) +{ + char msg[CHAR_DEV_MSG_SIZE]; + int total_read = 0; + struct sfe_ipv4_debug_xml_write_state *ws; + struct sfe_ipv4 *si = &__si; + + ws = (struct sfe_ipv4_debug_xml_write_state *)filp->private_data; + while ((ws->state != SFE_IPV4_DEBUG_XML_STATE_DONE) && (length > CHAR_DEV_MSG_SIZE)) { + if ((sfe_ipv4_debug_xml_write_methods[ws->state])(si, buffer, msg, &length, &total_read, ws)) { + continue; + } + } + + return total_read; +} + +/* + * sfe_ipv4_debug_dev_write() + * Write to char device resets some stats + */ +static ssize_t sfe_ipv4_debug_dev_write(struct file *filp, const char *buffer, size_t length, loff_t *offset) +{ + struct sfe_ipv4 *si = &__si; + + spin_lock_bh(&si->lock); + sfe_ipv4_update_summary_stats(si); + + si->packets_forwarded64 = 0; + si->packets_not_forwarded64 = 0; + si->connection_create_requests64 = 0; + si->connection_create_collisions64 = 0; + si->connection_destroy_requests64 = 0; + si->connection_destroy_misses64 = 0; + si->connection_flushes64 = 0; + si->connection_match_hash_hits64 = 0; + si->connection_match_hash_reorders64 = 0; + spin_unlock_bh(&si->lock); + + return length; +} + +/* + * sfe_ipv4_debug_dev_open() + */ +static int sfe_ipv4_debug_dev_open(struct inode *inode, struct file *file) +{ + struct sfe_ipv4_debug_xml_write_state *ws; + + ws = (struct sfe_ipv4_debug_xml_write_state *)file->private_data; + if (!ws) { + ws = kzalloc(sizeof(struct sfe_ipv4_debug_xml_write_state), GFP_KERNEL); + if (!ws) { + return -ENOMEM; + } + + ws->state = SFE_IPV4_DEBUG_XML_STATE_START; + file->private_data = ws; + } + + return 0; +} + +/* + * sfe_ipv4_debug_dev_release() + */ +static int sfe_ipv4_debug_dev_release(struct inode *inode, struct file *file) +{ + struct sfe_ipv4_debug_xml_write_state *ws; + + ws = (struct sfe_ipv4_debug_xml_write_state *)file->private_data; + if (ws) { + /* + * We've finished with our output so free the write state. + */ + kfree(ws); + } + + return 0; +} + +/* + * File operations used in the debug char device + */ +static struct file_operations sfe_ipv4_debug_dev_fops = { + .read = sfe_ipv4_debug_dev_read, + .write = sfe_ipv4_debug_dev_write, + .open = sfe_ipv4_debug_dev_open, + .release = sfe_ipv4_debug_dev_release +}; + +/* + * sfe_ipv4_init() + */ +static int __init sfe_ipv4_init(void) +{ + struct sfe_ipv4 *si = &__si; + int result = -1; + + DEBUG_INFO("SFE IPv4 init\n"); + + /* + * Create sys/sfe_ipv4 + */ + si->sys_sfe_ipv4 = kobject_create_and_add("sfe_ipv4", NULL); + if (!si->sys_sfe_ipv4) { + DEBUG_ERROR("failed to register sfe_ipv4\n"); + goto exit1; + } + + /* + * Create files, one for each parameter supported by this module. + */ + result = sysfs_create_file(si->sys_sfe_ipv4, &sfe_ipv4_debug_dev_attr.attr); + if (result) { + DEBUG_ERROR("failed to register debug dev file: %d\n", result); + goto exit2; + } + + /* + * Register our debug char device. + */ + result = register_chrdev(0, "sfe_ipv4", &sfe_ipv4_debug_dev_fops); + if (result < 0) { + DEBUG_ERROR("Failed to register chrdev: %d\n", result); + goto exit3; + } + + si->debug_dev = result; + + /* + * Create a timer to handle periodic statistics. + */ + setup_timer(&si->timer, sfe_ipv4_periodic_sync, (unsigned long)si); + mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); + + spin_lock_init(&si->lock); + + return 0; + +exit3: + sysfs_remove_file(si->sys_sfe_ipv4, &sfe_ipv4_debug_dev_attr.attr); + +exit2: + kobject_put(si->sys_sfe_ipv4); + +exit1: + return result; +} + +/* + * sfe_ipv4_exit() + */ +static void __exit sfe_ipv4_exit(void) +{ + struct sfe_ipv4 *si = &__si; + + DEBUG_INFO("SFE IPv4 exit\n"); + + /* + * Destroy all connections. + */ + sfe_ipv4_destroy_all_rules_for_dev(NULL); + + del_timer_sync(&si->timer); + + unregister_chrdev(si->debug_dev, "sfe_ipv4"); + + sysfs_remove_file(si->sys_sfe_ipv4, &sfe_ipv4_debug_dev_attr.attr); + + kobject_put(si->sys_sfe_ipv4); + +} + +module_init(sfe_ipv4_init) +module_exit(sfe_ipv4_exit) + +EXPORT_SYMBOL(sfe_ipv4_recv); +EXPORT_SYMBOL(sfe_ipv4_create_rule); +EXPORT_SYMBOL(sfe_ipv4_destroy_rule); +EXPORT_SYMBOL(sfe_ipv4_destroy_all_rules_for_dev); +EXPORT_SYMBOL(sfe_ipv4_register_sync_rule_callback); +EXPORT_SYMBOL(sfe_ipv4_mark_rule); +EXPORT_SYMBOL(sfe_ipv4_update_rule); + +MODULE_DESCRIPTION("Shortcut Forwarding Engine - IPv4 edition"); +MODULE_LICENSE("Dual BSD/GPL"); + diff --git a/package/lean/shortcut-fe/src/sfe_ipv6.c b/package/lean/shortcut-fe/src/sfe_ipv6.c new file mode 100644 index 000000000..16f460723 --- /dev/null +++ b/package/lean/shortcut-fe/src/sfe_ipv6.c @@ -0,0 +1,3361 @@ +/* + * sfe_ipv6.c + * Shortcut forwarding engine - IPv6 support. + * + * Copyright (c) 2015-2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include + +#include "sfe.h" +#include "sfe_cm.h" + +/* + * By default Linux IP header and transport layer header structures are + * unpacked, assuming that such headers should be 32-bit aligned. + * Unfortunately some wireless adaptors can't cope with this requirement and + * some CPUs can't handle misaligned accesses. For those platforms we + * define SFE_IPV6_UNALIGNED_IP_HEADER and mark the structures as packed. + * When we do this the compiler will generate slightly worse code than for the + * aligned case (on most platforms) but will be much quicker than fixing + * things up in an unaligned trap handler. + */ +#define SFE_IPV6_UNALIGNED_IP_HEADER 1 +#if SFE_IPV6_UNALIGNED_IP_HEADER +#define SFE_IPV6_UNALIGNED_STRUCT __attribute__((aligned(4))) +#else +#define SFE_IPV6_UNALIGNED_STRUCT +#endif + +#define CHAR_DEV_MSG_SIZE 768 + +/* + * An Ethernet header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV6_UNALIGNED_STRUCT) + */ +struct sfe_ipv6_eth_hdr { + __be16 h_dest[ETH_ALEN / 2]; + __be16 h_source[ETH_ALEN / 2]; + __be16 h_proto; +} SFE_IPV6_UNALIGNED_STRUCT; + +#define SFE_IPV6_DSCP_MASK 0xf03f +#define SFE_IPV6_DSCP_SHIFT 2 + +/* + * An IPv6 header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV6_UNALIGNED_STRUCT) + */ +struct sfe_ipv6_ip_hdr { +#if defined(__LITTLE_ENDIAN_BITFIELD) + __u8 priority:4, + version:4; +#elif defined(__BIG_ENDIAN_BITFIELD) + __u8 version:4, + priority:4; +#else +#error "Please fix " +#endif + __u8 flow_lbl[3]; + __be16 payload_len; + __u8 nexthdr; + __u8 hop_limit; + struct sfe_ipv6_addr saddr; + struct sfe_ipv6_addr daddr; + + /* + * The extension header start here. + */ +} SFE_IPV6_UNALIGNED_STRUCT; + +#define SFE_IPV6_EXT_HDR_HOP 0 +#define SFE_IPV6_EXT_HDR_ROUTING 43 +#define SFE_IPV6_EXT_HDR_FRAG 44 +#define SFE_IPV6_EXT_HDR_ESP 50 +#define SFE_IPV6_EXT_HDR_AH 51 +#define SFE_IPV6_EXT_HDR_NONE 59 +#define SFE_IPV6_EXT_HDR_DST 60 +#define SFE_IPV6_EXT_HDR_MH 135 + +/* + * fragmentation header + */ + +struct sfe_ipv6_frag_hdr { + __u8 nexthdr; + __u8 reserved; + __be16 frag_off; + __be32 identification; +}; + +#define SFE_IPV6_FRAG_OFFSET 0xfff8 + +/* + * generic IPv6 extension header + */ +struct sfe_ipv6_ext_hdr { + __u8 next_hdr; + __u8 hdr_len; + __u8 padding[6]; +} SFE_IPV6_UNALIGNED_STRUCT; + +/* + * A UDP header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV6_UNALIGNED_STRUCT) + */ +struct sfe_ipv6_udp_hdr { + __be16 source; + __be16 dest; + __be16 len; + __sum16 check; +} SFE_IPV6_UNALIGNED_STRUCT; + +/* + * A TCP header, but with an optional "packed" attribute to + * help with performance on some platforms (see the definition of + * SFE_IPV6_UNALIGNED_STRUCT) + */ +struct sfe_ipv6_tcp_hdr { + __be16 source; + __be16 dest; + __be32 seq; + __be32 ack_seq; +#if defined(__LITTLE_ENDIAN_BITFIELD) + __u16 res1:4, + doff:4, + fin:1, + syn:1, + rst:1, + psh:1, + ack:1, + urg:1, + ece:1, + cwr:1; +#elif defined(__BIG_ENDIAN_BITFIELD) + __u16 doff:4, + res1:4, + cwr:1, + ece:1, + urg:1, + ack:1, + psh:1, + rst:1, + syn:1, + fin:1; +#else +#error "Adjust your defines" +#endif + __be16 window; + __sum16 check; + __be16 urg_ptr; +} SFE_IPV6_UNALIGNED_STRUCT; + +/* + * Specifies the lower bound on ACK numbers carried in the TCP header + */ +#define SFE_IPV6_TCP_MAX_ACK_WINDOW 65520 + +/* + * IPv6 TCP connection match additional data. + */ +struct sfe_ipv6_tcp_connection_match { + u8 win_scale; /* Window scale */ + u32 max_win; /* Maximum window size seen */ + u32 end; /* Sequence number of the next byte to send (seq + segment length) */ + u32 max_end; /* Sequence number of the last byte to ack */ +}; + +/* + * Bit flags for IPv6 connection matching entry. + */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0) + /* Perform source translation */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1) + /* Perform destination translation */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2) + /* Ignore TCP sequence numbers */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3) + /* Fast Ethernet header write */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4) + /* Fast Ethernet header write */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5) + /* remark priority of SKB */ +#define SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6) + /* remark DSCP of packet */ + +/* + * IPv6 connection matching structure. + */ +struct sfe_ipv6_connection_match { + /* + * References to other objects. + */ + struct sfe_ipv6_connection_match *next; + struct sfe_ipv6_connection_match *prev; + struct sfe_ipv6_connection *connection; + struct sfe_ipv6_connection_match *counter_match; + /* Matches the flow in the opposite direction as the one in connection */ + struct sfe_ipv6_connection_match *active_next; + struct sfe_ipv6_connection_match *active_prev; + bool active; /* Flag to indicate if we're on the active list */ + + /* + * Characteristics that identify flows that match this rule. + */ + struct net_device *match_dev; /* Network device */ + u8 match_protocol; /* Protocol */ + struct sfe_ipv6_addr match_src_ip[1]; /* Source IP address */ + struct sfe_ipv6_addr match_dest_ip[1]; /* Destination IP address */ + __be16 match_src_port; /* Source port/connection ident */ + __be16 match_dest_port; /* Destination port/connection ident */ + + /* + * Control the operations of the match. + */ + u32 flags; /* Bit flags */ +#ifdef CONFIG_XFRM + u32 flow_accel; /* The flow accelerated or not */ +#endif + + /* + * Connection state that we track once we match. + */ + union { /* Protocol-specific state */ + struct sfe_ipv6_tcp_connection_match tcp; + } protocol_state; + /* + * Stats recorded in a sync period. These stats will be added to + * rx_packet_count64/rx_byte_count64 after a sync period. + */ + u32 rx_packet_count; + u32 rx_byte_count; + + /* + * Packet translation information. + */ + struct sfe_ipv6_addr xlate_src_ip[1]; /* Address after source translation */ + __be16 xlate_src_port; /* Port/connection ident after source translation */ + u16 xlate_src_csum_adjustment; + /* Transport layer checksum adjustment after source translation */ + struct sfe_ipv6_addr xlate_dest_ip[1]; /* Address after destination translation */ + __be16 xlate_dest_port; /* Port/connection ident after destination translation */ + u16 xlate_dest_csum_adjustment; + /* Transport layer checksum adjustment after destination translation */ + + /* + * QoS information + */ + u32 priority; + u32 dscp; + + /* + * Packet transmit information. + */ + struct net_device *xmit_dev; /* Network device on which to transmit */ + unsigned short int xmit_dev_mtu; + /* Interface MTU */ + u16 xmit_dest_mac[ETH_ALEN / 2]; + /* Destination MAC address to use when forwarding */ + u16 xmit_src_mac[ETH_ALEN / 2]; + /* Source MAC address to use when forwarding */ + + /* + * Summary stats. + */ + u64 rx_packet_count64; + u64 rx_byte_count64; +}; + +/* + * Per-connection data structure. + */ +struct sfe_ipv6_connection { + struct sfe_ipv6_connection *next; + /* Pointer to the next entry in a hash chain */ + struct sfe_ipv6_connection *prev; + /* Pointer to the previous entry in a hash chain */ + int protocol; /* IP protocol number */ + struct sfe_ipv6_addr src_ip[1]; /* Src IP addr pre-translation */ + struct sfe_ipv6_addr src_ip_xlate[1]; /* Src IP addr post-translation */ + struct sfe_ipv6_addr dest_ip[1]; /* Dest IP addr pre-translation */ + struct sfe_ipv6_addr dest_ip_xlate[1]; /* Dest IP addr post-translation */ + __be16 src_port; /* Src port pre-translation */ + __be16 src_port_xlate; /* Src port post-translation */ + __be16 dest_port; /* Dest port pre-translation */ + __be16 dest_port_xlate; /* Dest port post-translation */ + struct sfe_ipv6_connection_match *original_match; + /* Original direction matching structure */ + struct net_device *original_dev; + /* Original direction source device */ + struct sfe_ipv6_connection_match *reply_match; + /* Reply direction matching structure */ + struct net_device *reply_dev; /* Reply direction source device */ + u64 last_sync_jiffies; /* Jiffies count for the last sync */ + struct sfe_ipv6_connection *all_connections_next; + /* Pointer to the next entry in the list of all connections */ + struct sfe_ipv6_connection *all_connections_prev; + /* Pointer to the previous entry in the list of all connections */ + u32 mark; /* mark for outgoing packet */ + u32 debug_read_seq; /* sequence number for debug dump */ +}; + +/* + * IPv6 connections and hash table size information. + */ +#define SFE_IPV6_CONNECTION_HASH_SHIFT 12 +#define SFE_IPV6_CONNECTION_HASH_SIZE (1 << SFE_IPV6_CONNECTION_HASH_SHIFT) +#define SFE_IPV6_CONNECTION_HASH_MASK (SFE_IPV6_CONNECTION_HASH_SIZE - 1) + +enum sfe_ipv6_exception_events { + SFE_IPV6_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_UDP_NO_CONNECTION, + SFE_IPV6_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT, + SFE_IPV6_EXCEPTION_EVENT_UDP_SMALL_TTL, + SFE_IPV6_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION, + SFE_IPV6_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS, + SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS, + SFE_IPV6_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT, + SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_TTL, + SFE_IPV6_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION, + SFE_IPV6_EXCEPTION_EVENT_TCP_FLAGS, + SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE, + SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS, + SFE_IPV6_EXCEPTION_EVENT_TCP_BAD_SACK, + SFE_IPV6_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS, + SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE, + SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE, + SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_NON_V6, + SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_IP_OPTIONS_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UDP_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_TCP_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UNHANDLED_PROTOCOL, + SFE_IPV6_EXCEPTION_EVENT_ICMP_NO_CONNECTION, + SFE_IPV6_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION, + SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_BAD_TOTAL_LENGTH, + SFE_IPV6_EXCEPTION_EVENT_NON_V6, + SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT, + SFE_IPV6_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE, + SFE_IPV6_EXCEPTION_EVENT_UNHANDLED_PROTOCOL, + SFE_IPV6_EXCEPTION_EVENT_FLOW_COOKIE_ADD_FAIL, + SFE_IPV6_EXCEPTION_EVENT_LAST +}; + +static char *sfe_ipv6_exception_events_string[SFE_IPV6_EXCEPTION_EVENT_LAST] = { + "UDP_HEADER_INCOMPLETE", + "UDP_NO_CONNECTION", + "UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT", + "UDP_SMALL_TTL", + "UDP_NEEDS_FRAGMENTATION", + "TCP_HEADER_INCOMPLETE", + "TCP_NO_CONNECTION_SLOW_FLAGS", + "TCP_NO_CONNECTION_FAST_FLAGS", + "TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT", + "TCP_SMALL_TTL", + "TCP_NEEDS_FRAGMENTATION", + "TCP_FLAGS", + "TCP_SEQ_EXCEEDS_RIGHT_EDGE", + "TCP_SMALL_DATA_OFFS", + "TCP_BAD_SACK", + "TCP_BIG_DATA_OFFS", + "TCP_SEQ_BEFORE_LEFT_EDGE", + "TCP_ACK_EXCEEDS_RIGHT_EDGE", + "TCP_ACK_BEFORE_LEFT_EDGE", + "ICMP_HEADER_INCOMPLETE", + "ICMP_UNHANDLED_TYPE", + "ICMP_IPV6_HEADER_INCOMPLETE", + "ICMP_IPV6_NON_V6", + "ICMP_IPV6_IP_OPTIONS_INCOMPLETE", + "ICMP_IPV6_UDP_HEADER_INCOMPLETE", + "ICMP_IPV6_TCP_HEADER_INCOMPLETE", + "ICMP_IPV6_UNHANDLED_PROTOCOL", + "ICMP_NO_CONNECTION", + "ICMP_FLUSHED_CONNECTION", + "HEADER_INCOMPLETE", + "BAD_TOTAL_LENGTH", + "NON_V6", + "NON_INITIAL_FRAGMENT", + "DATAGRAM_INCOMPLETE", + "IP_OPTIONS_INCOMPLETE", + "UNHANDLED_PROTOCOL", + "FLOW_COOKIE_ADD_FAIL" +}; + +/* + * Per-module structure. + */ +struct sfe_ipv6 { + spinlock_t lock; /* Lock for SMP correctness */ + struct sfe_ipv6_connection_match *active_head; + /* Head of the list of recently active connections */ + struct sfe_ipv6_connection_match *active_tail; + /* Tail of the list of recently active connections */ + struct sfe_ipv6_connection *all_connections_head; + /* Head of the list of all connections */ + struct sfe_ipv6_connection *all_connections_tail; + /* Tail of the list of all connections */ + unsigned int num_connections; /* Number of connections */ + struct timer_list timer; /* Timer used for periodic sync ops */ + sfe_sync_rule_callback_t __rcu sync_rule_callback; + /* Callback function registered by a connection manager for stats syncing */ + struct sfe_ipv6_connection *conn_hash[SFE_IPV6_CONNECTION_HASH_SIZE]; + /* Connection hash table */ + struct sfe_ipv6_connection_match *conn_match_hash[SFE_IPV6_CONNECTION_HASH_SIZE]; + /* Connection match hash table */ + + /* + * Stats recorded in a sync period. These stats will be added to + * connection_xxx64 after a sync period. + */ + u32 connection_create_requests; + /* Number of IPv6 connection create requests */ + u32 connection_create_collisions; + /* Number of IPv6 connection create requests that collided with existing hash table entries */ + u32 connection_destroy_requests; + /* Number of IPv6 connection destroy requests */ + u32 connection_destroy_misses; + /* Number of IPv6 connection destroy requests that missed our hash table */ + u32 connection_match_hash_hits; + /* Number of IPv6 connection match hash hits */ + u32 connection_match_hash_reorders; + /* Number of IPv6 connection match hash reorders */ + u32 connection_flushes; /* Number of IPv6 connection flushes */ + u32 packets_forwarded; /* Number of IPv6 packets forwarded */ + u32 packets_not_forwarded; /* Number of IPv6 packets not forwarded */ + u32 exception_events[SFE_IPV6_EXCEPTION_EVENT_LAST]; + + /* + * Summary statistics. + */ + u64 connection_create_requests64; + /* Number of IPv6 connection create requests */ + u64 connection_create_collisions64; + /* Number of IPv6 connection create requests that collided with existing hash table entries */ + u64 connection_destroy_requests64; + /* Number of IPv6 connection destroy requests */ + u64 connection_destroy_misses64; + /* Number of IPv6 connection destroy requests that missed our hash table */ + u64 connection_match_hash_hits64; + /* Number of IPv6 connection match hash hits */ + u64 connection_match_hash_reorders64; + /* Number of IPv6 connection match hash reorders */ + u64 connection_flushes64; /* Number of IPv6 connection flushes */ + u64 packets_forwarded64; /* Number of IPv6 packets forwarded */ + u64 packets_not_forwarded64; + /* Number of IPv6 packets not forwarded */ + u64 exception_events64[SFE_IPV6_EXCEPTION_EVENT_LAST]; + + /* + * Control state. + */ + struct kobject *sys_sfe_ipv6; /* sysfs linkage */ + int debug_dev; /* Major number of the debug char device */ + u32 debug_read_seq; /* sequence number for debug dump */ +}; + +/* + * Enumeration of the XML output. + */ +enum sfe_ipv6_debug_xml_states { + SFE_IPV6_DEBUG_XML_STATE_START, + SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_START, + SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_CONNECTION, + SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_END, + SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_START, + SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION, + SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_END, + SFE_IPV6_DEBUG_XML_STATE_STATS, + SFE_IPV6_DEBUG_XML_STATE_END, + SFE_IPV6_DEBUG_XML_STATE_DONE +}; + +/* + * XML write state. + */ +struct sfe_ipv6_debug_xml_write_state { + enum sfe_ipv6_debug_xml_states state; + /* XML output file state machine state */ + int iter_exception; /* Next exception iterator */ +}; + +typedef bool (*sfe_ipv6_debug_xml_write_method_t)(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws); + +static struct sfe_ipv6 __si6; + +/* + * sfe_ipv6_get_debug_dev() + */ +static ssize_t sfe_ipv6_get_debug_dev(struct device *dev, struct device_attribute *attr, char *buf); + +/* + * sysfs attributes. + */ +static const struct device_attribute sfe_ipv6_debug_dev_attr = + __ATTR(debug_dev, S_IWUSR | S_IRUGO, sfe_ipv6_get_debug_dev, NULL); + +/* + * sfe_ipv6_is_ext_hdr() + * check if we recognize ipv6 extension header + */ +static inline bool sfe_ipv6_is_ext_hdr(u8 hdr) +{ + return (hdr == SFE_IPV6_EXT_HDR_HOP) || + (hdr == SFE_IPV6_EXT_HDR_ROUTING) || + (hdr == SFE_IPV6_EXT_HDR_FRAG) || + (hdr == SFE_IPV6_EXT_HDR_AH) || + (hdr == SFE_IPV6_EXT_HDR_DST) || + (hdr == SFE_IPV6_EXT_HDR_MH); +} + +/* + * sfe_ipv6_change_dsfield() + * change dscp field in IPv6 packet + */ +static inline void sfe_ipv6_change_dsfield(struct sfe_ipv6_ip_hdr *iph, u8 dscp) +{ + __be16 *p = (__be16 *)iph; + + *p = ((*p & htons(SFE_IPV6_DSCP_MASK)) | htons((u16)dscp << 4)); +} + +/* + * sfe_ipv6_get_connection_match_hash() + * Generate the hash used in connection match lookups. + */ +static inline unsigned int sfe_ipv6_get_connection_match_hash(struct net_device *dev, u8 protocol, + struct sfe_ipv6_addr *src_ip, __be16 src_port, + struct sfe_ipv6_addr *dest_ip, __be16 dest_port) +{ + u32 idx, hash = 0; + size_t dev_addr = (size_t)dev; + + for (idx = 0; idx < 4; idx++) { + hash ^= src_ip->addr[idx] ^ dest_ip->addr[idx]; + } + hash = ((u32)dev_addr) ^ hash ^ protocol ^ ntohs(src_port ^ dest_port); + return ((hash >> SFE_IPV6_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV6_CONNECTION_HASH_MASK; +} + +/* + * sfe_ipv6_find_connection_match() + * Get the IPv6 flow match info that corresponds to a particular 5-tuple. + * + * On entry we must be holding the lock that protects the hash table. + */ +static struct sfe_ipv6_connection_match * +sfe_ipv6_find_connection_match(struct sfe_ipv6 *si, struct net_device *dev, u8 protocol, + struct sfe_ipv6_addr *src_ip, __be16 src_port, + struct sfe_ipv6_addr *dest_ip, __be16 dest_port) +{ + struct sfe_ipv6_connection_match *cm; + struct sfe_ipv6_connection_match *head; + unsigned int conn_match_idx; + + conn_match_idx = sfe_ipv6_get_connection_match_hash(dev, protocol, src_ip, src_port, dest_ip, dest_port); + cm = si->conn_match_hash[conn_match_idx]; + + /* + * If we don't have anything in this chain then bail. + */ + if (unlikely(!cm)) { + return NULL; + } + + /* + * Hopefully the first entry is the one we want. + */ + if ((cm->match_src_port == src_port) + && (cm->match_dest_port == dest_port) + && (sfe_ipv6_addr_equal(cm->match_src_ip, src_ip)) + && (sfe_ipv6_addr_equal(cm->match_dest_ip, dest_ip)) + && (cm->match_protocol == protocol) + && (cm->match_dev == dev)) { + si->connection_match_hash_hits++; + return cm; + } + + /* + * Unfortunately we didn't find it at head, so we search it in chain and + * move matching entry to the top of the hash chain. We presume that this + * will be reused again very quickly. + */ + head = cm; + do { + cm = cm->next; + } while (cm && (cm->match_src_port != src_port + || cm->match_dest_port != dest_port + || !sfe_ipv6_addr_equal(cm->match_src_ip, src_ip) + || !sfe_ipv6_addr_equal(cm->match_dest_ip, dest_ip) + || cm->match_protocol != protocol + || cm->match_dev != dev)); + + /* + * Not found then we're done. + */ + if (unlikely(!cm)) { + return NULL; + } + + /* + * We found a match so move it. + */ + if (cm->next) { + cm->next->prev = cm->prev; + } + cm->prev->next = cm->next; + cm->prev = NULL; + cm->next = head; + head->prev = cm; + si->conn_match_hash[conn_match_idx] = cm; + si->connection_match_hash_reorders++; + + return cm; +} + +/* + * sfe_ipv6_connection_match_update_summary_stats() + * Update the summary stats for a connection match entry. + */ +static inline void sfe_ipv6_connection_match_update_summary_stats(struct sfe_ipv6_connection_match *cm) +{ + cm->rx_packet_count64 += cm->rx_packet_count; + cm->rx_packet_count = 0; + cm->rx_byte_count64 += cm->rx_byte_count; + cm->rx_byte_count = 0; +} + +/* + * sfe_ipv6_connection_match_compute_translations() + * Compute port and address translations for a connection match entry. + */ +static void sfe_ipv6_connection_match_compute_translations(struct sfe_ipv6_connection_match *cm) +{ + u32 diff[9]; + u32 *idx_32; + u16 *idx_16; + + /* + * Before we insert the entry look to see if this is tagged as doing address + * translations. If it is then work out the adjustment that we need to apply + * to the transport checksum. + */ + if (cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC) { + u32 adj = 0; + u32 carry = 0; + + /* + * Precompute an incremental checksum adjustment so we can + * edit packets in this stream very quickly. The algorithm is from RFC1624. + */ + idx_32 = diff; + *(idx_32++) = cm->match_src_ip->addr[0]; + *(idx_32++) = cm->match_src_ip->addr[1]; + *(idx_32++) = cm->match_src_ip->addr[2]; + *(idx_32++) = cm->match_src_ip->addr[3]; + + idx_16 = (u16 *)idx_32; + *(idx_16++) = cm->match_src_port; + *(idx_16++) = ~cm->xlate_src_port; + idx_32 = (u32 *)idx_16; + + *(idx_32++) = ~cm->xlate_src_ip->addr[0]; + *(idx_32++) = ~cm->xlate_src_ip->addr[1]; + *(idx_32++) = ~cm->xlate_src_ip->addr[2]; + *(idx_32++) = ~cm->xlate_src_ip->addr[3]; + + /* + * When we compute this fold it down to a 16-bit offset + * as that way we can avoid having to do a double + * folding of the twos-complement result because the + * addition of 2 16-bit values cannot cause a double + * wrap-around! + */ + for (idx_32 = diff; idx_32 < diff + 9; idx_32++) { + u32 w = *idx_32; + adj += carry; + adj += w; + carry = (w > adj); + } + adj += carry; + adj = (adj & 0xffff) + (adj >> 16); + adj = (adj & 0xffff) + (adj >> 16); + cm->xlate_src_csum_adjustment = (u16)adj; + } + + if (cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST) { + u32 adj = 0; + u32 carry = 0; + + /* + * Precompute an incremental checksum adjustment so we can + * edit packets in this stream very quickly. The algorithm is from RFC1624. + */ + idx_32 = diff; + *(idx_32++) = cm->match_dest_ip->addr[0]; + *(idx_32++) = cm->match_dest_ip->addr[1]; + *(idx_32++) = cm->match_dest_ip->addr[2]; + *(idx_32++) = cm->match_dest_ip->addr[3]; + + idx_16 = (u16 *)idx_32; + *(idx_16++) = cm->match_dest_port; + *(idx_16++) = ~cm->xlate_dest_port; + idx_32 = (u32 *)idx_16; + + *(idx_32++) = ~cm->xlate_dest_ip->addr[0]; + *(idx_32++) = ~cm->xlate_dest_ip->addr[1]; + *(idx_32++) = ~cm->xlate_dest_ip->addr[2]; + *(idx_32++) = ~cm->xlate_dest_ip->addr[3]; + + /* + * When we compute this fold it down to a 16-bit offset + * as that way we can avoid having to do a double + * folding of the twos-complement result because the + * addition of 2 16-bit values cannot cause a double + * wrap-around! + */ + for (idx_32 = diff; idx_32 < diff + 9; idx_32++) { + u32 w = *idx_32; + adj += carry; + adj += w; + carry = (w > adj); + } + adj += carry; + adj = (adj & 0xffff) + (adj >> 16); + adj = (adj & 0xffff) + (adj >> 16); + cm->xlate_dest_csum_adjustment = (u16)adj; + } +} + +/* + * sfe_ipv6_update_summary_stats() + * Update the summary stats. + */ +static void sfe_ipv6_update_summary_stats(struct sfe_ipv6 *si) +{ + int i; + + si->connection_create_requests64 += si->connection_create_requests; + si->connection_create_requests = 0; + si->connection_create_collisions64 += si->connection_create_collisions; + si->connection_create_collisions = 0; + si->connection_destroy_requests64 += si->connection_destroy_requests; + si->connection_destroy_requests = 0; + si->connection_destroy_misses64 += si->connection_destroy_misses; + si->connection_destroy_misses = 0; + si->connection_match_hash_hits64 += si->connection_match_hash_hits; + si->connection_match_hash_hits = 0; + si->connection_match_hash_reorders64 += si->connection_match_hash_reorders; + si->connection_match_hash_reorders = 0; + si->connection_flushes64 += si->connection_flushes; + si->connection_flushes = 0; + si->packets_forwarded64 += si->packets_forwarded; + si->packets_forwarded = 0; + si->packets_not_forwarded64 += si->packets_not_forwarded; + si->packets_not_forwarded = 0; + + for (i = 0; i < SFE_IPV6_EXCEPTION_EVENT_LAST; i++) { + si->exception_events64[i] += si->exception_events[i]; + si->exception_events[i] = 0; + } +} + +/* + * sfe_ipv6_insert_connection_match() + * Insert a connection match into the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static inline void sfe_ipv6_insert_connection_match(struct sfe_ipv6 *si, + struct sfe_ipv6_connection_match *cm) +{ + struct sfe_ipv6_connection_match **hash_head; + struct sfe_ipv6_connection_match *prev_head; + unsigned int conn_match_idx + = sfe_ipv6_get_connection_match_hash(cm->match_dev, cm->match_protocol, + cm->match_src_ip, cm->match_src_port, + cm->match_dest_ip, cm->match_dest_port); + + hash_head = &si->conn_match_hash[conn_match_idx]; + prev_head = *hash_head; + cm->prev = NULL; + if (prev_head) { + prev_head->prev = cm; + } + + cm->next = prev_head; + *hash_head = cm; +} + +/* + * sfe_ipv6_remove_connection_match() + * Remove a connection match object from the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static inline void sfe_ipv6_remove_connection_match(struct sfe_ipv6 *si, struct sfe_ipv6_connection_match *cm) +{ + /* + * Unlink the connection match entry from the hash. + */ + if (cm->prev) { + cm->prev->next = cm->next; + } else { + unsigned int conn_match_idx + = sfe_ipv6_get_connection_match_hash(cm->match_dev, cm->match_protocol, + cm->match_src_ip, cm->match_src_port, + cm->match_dest_ip, cm->match_dest_port); + si->conn_match_hash[conn_match_idx] = cm->next; + } + + if (cm->next) { + cm->next->prev = cm->prev; + } + + /* + * If the connection match entry is in the active list remove it. + */ + if (cm->active) { + if (likely(cm->active_prev)) { + cm->active_prev->active_next = cm->active_next; + } else { + si->active_head = cm->active_next; + } + + if (likely(cm->active_next)) { + cm->active_next->active_prev = cm->active_prev; + } else { + si->active_tail = cm->active_prev; + } + } +} + +/* + * sfe_ipv6_get_connection_hash() + * Generate the hash used in connection lookups. + */ +static inline unsigned int sfe_ipv6_get_connection_hash(u8 protocol, struct sfe_ipv6_addr *src_ip, __be16 src_port, + struct sfe_ipv6_addr *dest_ip, __be16 dest_port) +{ + u32 idx, hash = 0; + + for (idx = 0; idx < 4; idx++) { + hash ^= src_ip->addr[idx] ^ dest_ip->addr[idx]; + } + hash = hash ^ protocol ^ ntohs(src_port ^ dest_port); + return ((hash >> SFE_IPV6_CONNECTION_HASH_SHIFT) ^ hash) & SFE_IPV6_CONNECTION_HASH_MASK; +} + +/* + * sfe_ipv6_find_connection() + * Get the IPv6 connection info that corresponds to a particular 5-tuple. + * + * On entry we must be holding the lock that protects the hash table. + */ +static inline struct sfe_ipv6_connection *sfe_ipv6_find_connection(struct sfe_ipv6 *si, u32 protocol, + struct sfe_ipv6_addr *src_ip, __be16 src_port, + struct sfe_ipv6_addr *dest_ip, __be16 dest_port) +{ + struct sfe_ipv6_connection *c; + unsigned int conn_idx = sfe_ipv6_get_connection_hash(protocol, src_ip, src_port, dest_ip, dest_port); + c = si->conn_hash[conn_idx]; + + /* + * If we don't have anything in this chain then bale. + */ + if (unlikely(!c)) { + return NULL; + } + + /* + * Hopefully the first entry is the one we want. + */ + if ((c->src_port == src_port) + && (c->dest_port == dest_port) + && (sfe_ipv6_addr_equal(c->src_ip, src_ip)) + && (sfe_ipv6_addr_equal(c->dest_ip, dest_ip)) + && (c->protocol == protocol)) { + return c; + } + + /* + * Unfortunately we didn't find it at head, so we search it in chain. + */ + do { + c = c->next; + } while (c && (c->src_port != src_port + || c->dest_port != dest_port + || !sfe_ipv6_addr_equal(c->src_ip, src_ip) + || !sfe_ipv6_addr_equal(c->dest_ip, dest_ip) + || c->protocol != protocol)); + + /* + * Will need connection entry for next create/destroy metadata, + * So no need to re-order entry for these requests + */ + return c; +} + +/* + * sfe_ipv6_mark_rule() + * Updates the mark for a current offloaded connection + * + * Will take hash lock upon entry + */ +void sfe_ipv6_mark_rule(struct sfe_connection_mark *mark) +{ + struct sfe_ipv6 *si = &__si6; + struct sfe_ipv6_connection *c; + + spin_lock_bh(&si->lock); + c = sfe_ipv6_find_connection(si, mark->protocol, + mark->src_ip.ip6, mark->src_port, + mark->dest_ip.ip6, mark->dest_port); + if (c) { + WARN_ON((0 != c->mark) && (0 == mark->mark)); + c->mark = mark->mark; + } + spin_unlock_bh(&si->lock); + + if (c) { + DEBUG_TRACE("Matching connection found for mark, " + "setting from %08x to %08x\n", + c->mark, mark->mark); + } +} + +/* + * sfe_ipv6_insert_connection() + * Insert a connection into the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static void sfe_ipv6_insert_connection(struct sfe_ipv6 *si, struct sfe_ipv6_connection *c) +{ + struct sfe_ipv6_connection **hash_head; + struct sfe_ipv6_connection *prev_head; + unsigned int conn_idx; + + /* + * Insert entry into the connection hash. + */ + conn_idx = sfe_ipv6_get_connection_hash(c->protocol, c->src_ip, c->src_port, + c->dest_ip, c->dest_port); + hash_head = &si->conn_hash[conn_idx]; + prev_head = *hash_head; + c->prev = NULL; + if (prev_head) { + prev_head->prev = c; + } + + c->next = prev_head; + *hash_head = c; + + /* + * Insert entry into the "all connections" list. + */ + if (si->all_connections_tail) { + c->all_connections_prev = si->all_connections_tail; + si->all_connections_tail->all_connections_next = c; + } else { + c->all_connections_prev = NULL; + si->all_connections_head = c; + } + + si->all_connections_tail = c; + c->all_connections_next = NULL; + si->num_connections++; + + /* + * Insert the connection match objects too. + */ + sfe_ipv6_insert_connection_match(si, c->original_match); + sfe_ipv6_insert_connection_match(si, c->reply_match); +} + +/* + * sfe_ipv6_remove_connection() + * Remove a sfe_ipv6_connection object from the hash. + * + * On entry we must be holding the lock that protects the hash table. + */ +static void sfe_ipv6_remove_connection(struct sfe_ipv6 *si, struct sfe_ipv6_connection *c) +{ + /* + * Remove the connection match objects. + */ + sfe_ipv6_remove_connection_match(si, c->reply_match); + sfe_ipv6_remove_connection_match(si, c->original_match); + + /* + * Unlink the connection. + */ + if (c->prev) { + c->prev->next = c->next; + } else { + unsigned int conn_idx = sfe_ipv6_get_connection_hash(c->protocol, c->src_ip, c->src_port, + c->dest_ip, c->dest_port); + si->conn_hash[conn_idx] = c->next; + } + + if (c->next) { + c->next->prev = c->prev; + } + + /* + * Unlink connection from all_connections list + */ + if (c->all_connections_prev) { + c->all_connections_prev->all_connections_next = c->all_connections_next; + } else { + si->all_connections_head = c->all_connections_next; + } + + if (c->all_connections_next) { + c->all_connections_next->all_connections_prev = c->all_connections_prev; + } else { + si->all_connections_tail = c->all_connections_prev; + } + + si->num_connections--; +} + +/* + * sfe_ipv6_gen_sync_connection() + * Sync a connection. + * + * On entry to this function we expect that the lock for the connection is either + * already held or isn't required. + */ +static void sfe_ipv6_gen_sync_connection(struct sfe_ipv6 *si, struct sfe_ipv6_connection *c, + struct sfe_connection_sync *sis, sfe_sync_reason_t reason, + u64 now_jiffies) +{ + struct sfe_ipv6_connection_match *original_cm; + struct sfe_ipv6_connection_match *reply_cm; + + /* + * Fill in the update message. + */ + sis->is_v6 = 1; + sis->protocol = c->protocol; + sis->src_ip.ip6[0] = c->src_ip[0]; + sis->src_ip_xlate.ip6[0] = c->src_ip_xlate[0]; + sis->dest_ip.ip6[0] = c->dest_ip[0]; + sis->dest_ip_xlate.ip6[0] = c->dest_ip_xlate[0]; + sis->src_port = c->src_port; + sis->src_port_xlate = c->src_port_xlate; + sis->dest_port = c->dest_port; + sis->dest_port_xlate = c->dest_port_xlate; + + original_cm = c->original_match; + reply_cm = c->reply_match; + sis->src_td_max_window = original_cm->protocol_state.tcp.max_win; + sis->src_td_end = original_cm->protocol_state.tcp.end; + sis->src_td_max_end = original_cm->protocol_state.tcp.max_end; + sis->dest_td_max_window = reply_cm->protocol_state.tcp.max_win; + sis->dest_td_end = reply_cm->protocol_state.tcp.end; + sis->dest_td_max_end = reply_cm->protocol_state.tcp.max_end; + + sis->src_new_packet_count = original_cm->rx_packet_count; + sis->src_new_byte_count = original_cm->rx_byte_count; + sis->dest_new_packet_count = reply_cm->rx_packet_count; + sis->dest_new_byte_count = reply_cm->rx_byte_count; + + sfe_ipv6_connection_match_update_summary_stats(original_cm); + sfe_ipv6_connection_match_update_summary_stats(reply_cm); + + sis->src_dev = original_cm->match_dev; + sis->src_packet_count = original_cm->rx_packet_count64; + sis->src_byte_count = original_cm->rx_byte_count64; + + sis->dest_dev = reply_cm->match_dev; + sis->dest_packet_count = reply_cm->rx_packet_count64; + sis->dest_byte_count = reply_cm->rx_byte_count64; + + sis->reason = reason; + + /* + * Get the time increment since our last sync. + */ + sis->delta_jiffies = now_jiffies - c->last_sync_jiffies; + c->last_sync_jiffies = now_jiffies; +} + +/* + * sfe_ipv6_flush_connection() + * Flush a connection and free all associated resources. + * + * We need to be called with bottom halves disabled locally as we need to acquire + * the connection hash lock and release it again. In general we're actually called + * from within a BH and so we're fine, but we're also called when connections are + * torn down. + */ +static void sfe_ipv6_flush_connection(struct sfe_ipv6 *si, + struct sfe_ipv6_connection *c, + sfe_sync_reason_t reason) +{ + struct sfe_connection_sync sis; + u64 now_jiffies; + sfe_sync_rule_callback_t sync_rule_callback; + + rcu_read_lock(); + spin_lock_bh(&si->lock); + si->connection_flushes++; + sync_rule_callback = rcu_dereference(si->sync_rule_callback); + spin_unlock_bh(&si->lock); + + if (sync_rule_callback) { + /* + * Generate a sync message and then sync. + */ + now_jiffies = get_jiffies_64(); + sfe_ipv6_gen_sync_connection(si, c, &sis, reason, now_jiffies); + sync_rule_callback(&sis); + } + + rcu_read_unlock(); + + /* + * Release our hold of the source and dest devices and free the memory + * for our connection objects. + */ + dev_put(c->original_dev); + dev_put(c->reply_dev); + kfree(c->original_match); + kfree(c->reply_match); + kfree(c); +} + +/* + * sfe_ipv6_recv_udp() + * Handle UDP packet receives and forwarding. + */ +static int sfe_ipv6_recv_udp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, + unsigned int len, struct sfe_ipv6_ip_hdr *iph, unsigned int ihl, bool flush_on_find) +{ + struct sfe_ipv6_udp_hdr *udph; + struct sfe_ipv6_addr *src_ip; + struct sfe_ipv6_addr *dest_ip; + __be16 src_port; + __be16 dest_port; + struct sfe_ipv6_connection_match *cm; + struct net_device *xmit_dev; + + /* + * Is our packet too short to contain a valid UDP header? + */ + if (!pskb_may_pull(skb, (sizeof(struct sfe_ipv6_udp_hdr) + ihl))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("packet too short for UDP header\n"); + return 0; + } + + /* + * Read the IP address and port information. Read the IP header data first + * because we've almost certainly got that in the cache. We may not yet have + * the UDP header cached though so allow more time for any prefetching. + */ + src_ip = &iph->saddr; + dest_ip = &iph->daddr; + + udph = (struct sfe_ipv6_udp_hdr *)(skb->data + ihl); + src_port = udph->source; + dest_port = udph->dest; + + spin_lock_bh(&si->lock); + + /* + * Look for a connection match. + */ + cm = sfe_ipv6_find_connection_match(si, dev, IPPROTO_UDP, src_ip, src_port, dest_ip, dest_port); + if (unlikely(!cm)) { + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_NO_CONNECTION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found\n"); + return 0; + } + + /* + * If our packet has beern marked as "flush on find" we can't actually + * forward it in the fast path, but now that we've found an associated + * connection we can flush that out before we process the packet. + */ + if (unlikely(flush_on_find)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("flush on find\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + +#ifdef CONFIG_XFRM + /* + * We can't accelerate the flow on this direction, just let it go + * through the slow path. + */ + if (unlikely(!cm->flow_accel)) { + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + return 0; + } +#endif + + /* + * Does our hop_limit allow forwarding? + */ + if (unlikely(iph->hop_limit < 2)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_SMALL_TTL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("hop_limit too low\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * If our packet is larger than the MTU of the transmit interface then + * we can't forward it easily. + */ + if (unlikely(len > cm->xmit_dev_mtu)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("larger than mtu\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * From this point on we're good to modify the packet. + */ + + /* + * Update DSCP + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { + sfe_ipv6_change_dsfield(iph, cm->dscp); + } + + /* + * Decrement our hop_limit. + */ + iph->hop_limit -= 1; + + /* + * Do we have to perform translations of the source address/port? + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC)) { + u16 udp_csum; + + iph->saddr = cm->xlate_src_ip[0]; + udph->source = cm->xlate_src_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + udp_csum = udph->check; + if (likely(udp_csum)) { + u32 sum = udp_csum + cm->xlate_src_csum_adjustment; + sum = (sum & 0xffff) + (sum >> 16); + udph->check = (u16)sum; + } + } + + /* + * Do we have to perform translations of the destination address/port? + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST)) { + u16 udp_csum; + + iph->daddr = cm->xlate_dest_ip[0]; + udph->dest = cm->xlate_dest_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + udp_csum = udph->check; + if (likely(udp_csum)) { + u32 sum = udp_csum + cm->xlate_dest_csum_adjustment; + sum = (sum & 0xffff) + (sum >> 16); + udph->check = (u16)sum; + } + } + + /* + * Update traffic stats. + */ + cm->rx_packet_count++; + cm->rx_byte_count += len; + + /* + * If we're not already on the active list then insert ourselves at the tail + * of the current list. + */ + if (unlikely(!cm->active)) { + cm->active = true; + cm->active_prev = si->active_tail; + if (likely(si->active_tail)) { + si->active_tail->active_next = cm; + } else { + si->active_head = cm; + } + si->active_tail = cm; + } + + xmit_dev = cm->xmit_dev; + skb->dev = xmit_dev; + + /* + * Check to see if we need to write a header. + */ + if (likely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { + if (unlikely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { + dev_hard_header(skb, xmit_dev, ETH_P_IPV6, + cm->xmit_dest_mac, cm->xmit_src_mac, len); + } else { + /* + * For the simple case we write this really fast. + */ + struct sfe_ipv6_eth_hdr *eth = (struct sfe_ipv6_eth_hdr *)__skb_push(skb, ETH_HLEN); + eth->h_proto = htons(ETH_P_IPV6); + eth->h_dest[0] = cm->xmit_dest_mac[0]; + eth->h_dest[1] = cm->xmit_dest_mac[1]; + eth->h_dest[2] = cm->xmit_dest_mac[2]; + eth->h_source[0] = cm->xmit_src_mac[0]; + eth->h_source[1] = cm->xmit_src_mac[1]; + eth->h_source[2] = cm->xmit_src_mac[2]; + } + } + + /* + * Update priority of skb. + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { + skb->priority = cm->priority; + } + + /* + * Mark outgoing packet. + */ + skb->mark = cm->connection->mark; + if (skb->mark) { + DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); + } + + si->packets_forwarded++; + spin_unlock_bh(&si->lock); + + /* + * We're going to check for GSO flags when we transmit the packet so + * start fetching the necessary cache line now. + */ + prefetch(skb_shinfo(skb)); + + /* + * Mark that this packet has been fast forwarded. + */ + skb->fast_forwarded = 1; + + /* + * Send the packet on its way. + */ + dev_queue_xmit(skb); + + return 1; +} + +/* + * sfe_ipv6_process_tcp_option_sack() + * Parse TCP SACK option and update ack according + */ +static bool sfe_ipv6_process_tcp_option_sack(const struct sfe_ipv6_tcp_hdr *th, const u32 data_offs, + u32 *ack) +{ + u32 length = sizeof(struct sfe_ipv6_tcp_hdr); + u8 *ptr = (u8 *)th + length; + + /* + * Ignore processing if TCP packet has only TIMESTAMP option. + */ + if (likely(data_offs == length + TCPOLEN_TIMESTAMP + 1 + 1) + && likely(ptr[0] == TCPOPT_NOP) + && likely(ptr[1] == TCPOPT_NOP) + && likely(ptr[2] == TCPOPT_TIMESTAMP) + && likely(ptr[3] == TCPOLEN_TIMESTAMP)) { + return true; + } + + /* + * TCP options. Parse SACK option. + */ + while (length < data_offs) { + u8 size; + u8 kind; + + ptr = (u8 *)th + length; + kind = *ptr; + + /* + * NOP, for padding + * Not in the switch because to fast escape and to not calculate size + */ + if (kind == TCPOPT_NOP) { + length++; + continue; + } + + if (kind == TCPOPT_SACK) { + u32 sack = 0; + u8 re = 1 + 1; + + size = *(ptr + 1); + if ((size < (1 + 1 + TCPOLEN_SACK_PERBLOCK)) + || ((size - (1 + 1)) % (TCPOLEN_SACK_PERBLOCK)) + || (size > (data_offs - length))) { + return false; + } + + re += 4; + while (re < size) { + u32 sack_re; + u8 *sptr = ptr + re; + sack_re = (sptr[0] << 24) | (sptr[1] << 16) | (sptr[2] << 8) | sptr[3]; + if (sack_re > sack) { + sack = sack_re; + } + re += TCPOLEN_SACK_PERBLOCK; + } + if (sack > *ack) { + *ack = sack; + } + length += size; + continue; + } + if (kind == TCPOPT_EOL) { + return true; + } + size = *(ptr + 1); + if (size < 2) { + return false; + } + length += size; + } + + return true; +} + +/* + * sfe_ipv6_recv_tcp() + * Handle TCP packet receives and forwarding. + */ +static int sfe_ipv6_recv_tcp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, + unsigned int len, struct sfe_ipv6_ip_hdr *iph, unsigned int ihl, bool flush_on_find) +{ + struct sfe_ipv6_tcp_hdr *tcph; + struct sfe_ipv6_addr *src_ip; + struct sfe_ipv6_addr *dest_ip; + __be16 src_port; + __be16 dest_port; + struct sfe_ipv6_connection_match *cm; + struct sfe_ipv6_connection_match *counter_cm; + u32 flags; + struct net_device *xmit_dev; + + /* + * Is our packet too short to contain a valid UDP header? + */ + if (!pskb_may_pull(skb, (sizeof(struct sfe_ipv6_tcp_hdr) + ihl))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("packet too short for TCP header\n"); + return 0; + } + + /* + * Read the IP address and port information. Read the IP header data first + * because we've almost certainly got that in the cache. We may not yet have + * the TCP header cached though so allow more time for any prefetching. + */ + src_ip = &iph->saddr; + dest_ip = &iph->daddr; + + tcph = (struct sfe_ipv6_tcp_hdr *)(skb->data + ihl); + src_port = tcph->source; + dest_port = tcph->dest; + flags = tcp_flag_word(tcph); + + spin_lock_bh(&si->lock); + + /* + * Look for a connection match. + */ + cm = sfe_ipv6_find_connection_match(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port); + if (unlikely(!cm)) { + /* + * We didn't get a connection but as TCP is connection-oriented that + * may be because this is a non-fast connection (not running established). + * For diagnostic purposes we differentiate this here. + */ + if (likely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) == TCP_FLAG_ACK)) { + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found - fast flags\n"); + return 0; + } + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found - slow flags: 0x%x\n", + flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); + return 0; + } + + /* + * If our packet has beern marked as "flush on find" we can't actually + * forward it in the fast path, but now that we've found an associated + * connection we can flush that out before we process the packet. + */ + if (unlikely(flush_on_find)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("flush on find\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + +#ifdef CONFIG_XFRM + /* + * We can't accelerate the flow on this direction, just let it go + * through the slow path. + */ + if (unlikely(!cm->flow_accel)) { + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + return 0; + } +#endif + + /* + * Does our hop_limit allow forwarding? + */ + if (unlikely(iph->hop_limit < 2)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_TTL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("hop_limit too low\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * If our packet is larger than the MTU of the transmit interface then + * we can't forward it easily. + */ + if (unlikely((len > cm->xmit_dev_mtu) && !skb_is_gso(skb))) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("larger than mtu\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Look at our TCP flags. Anything missing an ACK or that has RST, SYN or FIN + * set is not a fast path packet. + */ + if (unlikely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) != TCP_FLAG_ACK)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_FLAGS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP flags: 0x%x are not fast\n", + flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + counter_cm = cm->counter_match; + + /* + * Are we doing sequence number checking? + */ + if (likely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK))) { + u32 seq; + u32 ack; + u32 sack; + u32 data_offs; + u32 end; + u32 left_edge; + u32 scaled_win; + u32 max_end; + + /* + * Is our sequence fully past the right hand edge of the window? + */ + seq = ntohl(tcph->seq); + if (unlikely((s32)(seq - (cm->protocol_state.tcp.max_end + 1)) > 0)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("seq: %u exceeds right edge: %u\n", + seq, cm->protocol_state.tcp.max_end + 1); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Check that our TCP data offset isn't too short. + */ + data_offs = tcph->doff << 2; + if (unlikely(data_offs < sizeof(struct sfe_ipv6_tcp_hdr))) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP data offset: %u, too small\n", data_offs); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Update ACK according to any SACK option. + */ + ack = ntohl(tcph->ack_seq); + sack = ack; + if (unlikely(!sfe_ipv6_process_tcp_option_sack(tcph, data_offs, &sack))) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_BAD_SACK]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP option SACK size is wrong\n"); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Check that our TCP data offset isn't past the end of the packet. + */ + data_offs += sizeof(struct sfe_ipv6_ip_hdr); + if (unlikely(len < data_offs)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("TCP data offset: %u, past end of packet: %u\n", + data_offs, len); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + end = seq + len - data_offs; + + /* + * Is our sequence fully before the left hand edge of the window? + */ + if (unlikely((s32)(end - (cm->protocol_state.tcp.end + - counter_cm->protocol_state.tcp.max_win - 1)) < 0)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("seq: %u before left edge: %u\n", + end, cm->protocol_state.tcp.end - counter_cm->protocol_state.tcp.max_win - 1); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Are we acking data that is to the right of what has been sent? + */ + if (unlikely((s32)(sack - (counter_cm->protocol_state.tcp.end + 1)) > 0)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("ack: %u exceeds right edge: %u\n", + sack, counter_cm->protocol_state.tcp.end + 1); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Is our ack too far before the left hand edge of the window? + */ + left_edge = counter_cm->protocol_state.tcp.end + - cm->protocol_state.tcp.max_win + - SFE_IPV6_TCP_MAX_ACK_WINDOW + - 1; + if (unlikely((s32)(sack - left_edge) < 0)) { + struct sfe_ipv6_connection *c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("ack: %u before left edge: %u\n", sack, left_edge); + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; + } + + /* + * Have we just seen the largest window size yet for this connection? If yes + * then we need to record the new value. + */ + scaled_win = ntohs(tcph->window) << cm->protocol_state.tcp.win_scale; + scaled_win += (sack - ack); + if (unlikely(cm->protocol_state.tcp.max_win < scaled_win)) { + cm->protocol_state.tcp.max_win = scaled_win; + } + + /* + * If our sequence and/or ack numbers have advanced then record the new state. + */ + if (likely((s32)(end - cm->protocol_state.tcp.end) >= 0)) { + cm->protocol_state.tcp.end = end; + } + + max_end = sack + scaled_win; + if (likely((s32)(max_end - counter_cm->protocol_state.tcp.max_end) >= 0)) { + counter_cm->protocol_state.tcp.max_end = max_end; + } + } + + /* + * From this point on we're good to modify the packet. + */ + + /* + * Update DSCP + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK)) { + sfe_ipv6_change_dsfield(iph, cm->dscp); + } + + /* + * Decrement our hop_limit. + */ + iph->hop_limit -= 1; + + /* + * Do we have to perform translations of the source address/port? + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC)) { + u16 tcp_csum; + u32 sum; + + iph->saddr = cm->xlate_src_ip[0]; + tcph->source = cm->xlate_src_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + tcp_csum = tcph->check; + sum = tcp_csum + cm->xlate_src_csum_adjustment; + sum = (sum & 0xffff) + (sum >> 16); + tcph->check = (u16)sum; + } + + /* + * Do we have to perform translations of the destination address/port? + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST)) { + u16 tcp_csum; + u32 sum; + + iph->daddr = cm->xlate_dest_ip[0]; + tcph->dest = cm->xlate_dest_port; + + /* + * Do we have a non-zero UDP checksum? If we do then we need + * to update it. + */ + tcp_csum = tcph->check; + sum = tcp_csum + cm->xlate_dest_csum_adjustment; + sum = (sum & 0xffff) + (sum >> 16); + tcph->check = (u16)sum; + } + + /* + * Update traffic stats. + */ + cm->rx_packet_count++; + cm->rx_byte_count += len; + + /* + * If we're not already on the active list then insert ourselves at the tail + * of the current list. + */ + if (unlikely(!cm->active)) { + cm->active = true; + cm->active_prev = si->active_tail; + if (likely(si->active_tail)) { + si->active_tail->active_next = cm; + } else { + si->active_head = cm; + } + si->active_tail = cm; + } + + xmit_dev = cm->xmit_dev; + skb->dev = xmit_dev; + + /* + * Check to see if we need to write a header. + */ + if (likely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) { + if (unlikely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) { + dev_hard_header(skb, xmit_dev, ETH_P_IPV6, + cm->xmit_dest_mac, cm->xmit_src_mac, len); + } else { + /* + * For the simple case we write this really fast. + */ + struct sfe_ipv6_eth_hdr *eth = (struct sfe_ipv6_eth_hdr *)__skb_push(skb, ETH_HLEN); + eth->h_proto = htons(ETH_P_IPV6); + eth->h_dest[0] = cm->xmit_dest_mac[0]; + eth->h_dest[1] = cm->xmit_dest_mac[1]; + eth->h_dest[2] = cm->xmit_dest_mac[2]; + eth->h_source[0] = cm->xmit_src_mac[0]; + eth->h_source[1] = cm->xmit_src_mac[1]; + eth->h_source[2] = cm->xmit_src_mac[2]; + } + } + + /* + * Update priority of skb. + */ + if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) { + skb->priority = cm->priority; + } + + /* + * Mark outgoing packet + */ + skb->mark = cm->connection->mark; + if (skb->mark) { + DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark); + } + + si->packets_forwarded++; + spin_unlock_bh(&si->lock); + + /* + * We're going to check for GSO flags when we transmit the packet so + * start fetching the necessary cache line now. + */ + prefetch(skb_shinfo(skb)); + + /* + * Mark that this packet has been fast forwarded. + */ + skb->fast_forwarded = 1; + + /* + * Send the packet on its way. + */ + dev_queue_xmit(skb); + + return 1; +} + +/* + * sfe_ipv6_recv_icmp() + * Handle ICMP packet receives. + * + * ICMP packets aren't handled as a "fast path" and always have us process them + * through the default Linux stack. What we do need to do is look for any errors + * about connections we are handling in the fast path. If we find any such + * connections then we want to flush their state so that the ICMP error path + * within Linux has all of the correct state should it need it. + */ +static int sfe_ipv6_recv_icmp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, + unsigned int len, struct sfe_ipv6_ip_hdr *iph, unsigned int ihl) +{ + struct icmp6hdr *icmph; + struct sfe_ipv6_ip_hdr *icmp_iph; + struct sfe_ipv6_udp_hdr *icmp_udph; + struct sfe_ipv6_tcp_hdr *icmp_tcph; + struct sfe_ipv6_addr *src_ip; + struct sfe_ipv6_addr *dest_ip; + __be16 src_port; + __be16 dest_port; + struct sfe_ipv6_connection_match *cm; + struct sfe_ipv6_connection *c; + u8 next_hdr; + + /* + * Is our packet too short to contain a valid ICMP header? + */ + len -= ihl; + if (!pskb_may_pull(skb, ihl + sizeof(struct icmp6hdr))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("packet too short for ICMP header\n"); + return 0; + } + + /* + * We only handle "destination unreachable" and "time exceeded" messages. + */ + icmph = (struct icmp6hdr *)(skb->data + ihl); + if ((icmph->icmp6_type != ICMPV6_DEST_UNREACH) + && (icmph->icmp6_type != ICMPV6_TIME_EXCEED)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("unhandled ICMP type: 0x%x\n", icmph->icmp6_type); + return 0; + } + + /* + * Do we have the full embedded IP header? + * We should have 8 bytes of next L4 header - that's enough to identify + * the connection. + */ + len -= sizeof(struct icmp6hdr); + ihl += sizeof(struct icmp6hdr); + if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ip_hdr) + sizeof(struct sfe_ipv6_ext_hdr))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Embedded IP header not complete\n"); + return 0; + } + + /* + * Is our embedded IP version wrong? + */ + icmp_iph = (struct sfe_ipv6_ip_hdr *)(icmph + 1); + if (unlikely(icmp_iph->version != 6)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_NON_V6]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("IP version: %u\n", icmp_iph->version); + return 0; + } + + len -= sizeof(struct sfe_ipv6_ip_hdr); + ihl += sizeof(struct sfe_ipv6_ip_hdr); + next_hdr = icmp_iph->nexthdr; + while (unlikely(sfe_ipv6_is_ext_hdr(next_hdr))) { + struct sfe_ipv6_ext_hdr *ext_hdr; + unsigned int ext_hdr_len; + + ext_hdr = (struct sfe_ipv6_ext_hdr *)(skb->data + ihl); + if (next_hdr == SFE_IPV6_EXT_HDR_FRAG) { + struct sfe_ipv6_frag_hdr *frag_hdr = (struct sfe_ipv6_frag_hdr *)ext_hdr; + unsigned int frag_off = ntohs(frag_hdr->frag_off); + + if (frag_off & SFE_IPV6_FRAG_OFFSET) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("non-initial fragment\n"); + return 0; + } + } + + ext_hdr_len = ext_hdr->hdr_len; + ext_hdr_len <<= 3; + ext_hdr_len += sizeof(struct sfe_ipv6_ext_hdr); + len -= ext_hdr_len; + ihl += ext_hdr_len; + /* + * We should have 8 bytes of next header - that's enough to identify + * the connection. + */ + if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ext_hdr))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("extension header %d not completed\n", next_hdr); + return 0; + } + + next_hdr = ext_hdr->next_hdr; + } + + /* + * Handle the embedded transport layer header. + */ + switch (next_hdr) { + case IPPROTO_UDP: + icmp_udph = (struct sfe_ipv6_udp_hdr *)(skb->data + ihl); + src_port = icmp_udph->source; + dest_port = icmp_udph->dest; + break; + + case IPPROTO_TCP: + icmp_tcph = (struct sfe_ipv6_tcp_hdr *)(skb->data + ihl); + src_port = icmp_tcph->source; + dest_port = icmp_tcph->dest; + break; + + default: + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UNHANDLED_PROTOCOL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("Unhandled embedded IP protocol: %u\n", next_hdr); + return 0; + } + + src_ip = &icmp_iph->saddr; + dest_ip = &icmp_iph->daddr; + + spin_lock_bh(&si->lock); + + /* + * Look for a connection match. Note that we reverse the source and destination + * here because our embedded message contains a packet that was sent in the + * opposite direction to the one in which we just received it. It will have + * been sent on the interface from which we received it though so that's still + * ok to use. + */ + cm = sfe_ipv6_find_connection_match(si, dev, icmp_iph->nexthdr, dest_ip, dest_port, src_ip, src_port); + if (unlikely(!cm)) { + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_NO_CONNECTION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("no connection found\n"); + return 0; + } + + /* + * We found a connection so now remove it from the connection list and flush + * its state. + */ + c = cm->connection; + sfe_ipv6_remove_connection(si, c); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH); + return 0; +} + +/* + * sfe_ipv6_recv() + * Handle packet receives and forwaring. + * + * Returns 1 if the packet is forwarded or 0 if it isn't. + */ +int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb) +{ + struct sfe_ipv6 *si = &__si6; + unsigned int len; + unsigned int payload_len; + unsigned int ihl = sizeof(struct sfe_ipv6_ip_hdr); + bool flush_on_find = false; + struct sfe_ipv6_ip_hdr *iph; + u8 next_hdr; + + /* + * Check that we have space for an IP header and an uplayer header here. + */ + len = skb->len; + if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ext_hdr))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("len: %u is too short\n", len); + return 0; + } + + /* + * Is our IP version wrong? + */ + iph = (struct sfe_ipv6_ip_hdr *)skb->data; + if (unlikely(iph->version != 6)) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_NON_V6]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("IP version: %u\n", iph->version); + return 0; + } + + /* + * Does our datagram fit inside the skb? + */ + payload_len = ntohs(iph->payload_len); + if (unlikely(payload_len > (len - ihl))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("payload_len: %u, exceeds len: %u\n", payload_len, (len - sizeof(struct sfe_ipv6_ip_hdr))); + return 0; + } + + next_hdr = iph->nexthdr; + while (unlikely(sfe_ipv6_is_ext_hdr(next_hdr))) { + struct sfe_ipv6_ext_hdr *ext_hdr; + unsigned int ext_hdr_len; + + ext_hdr = (struct sfe_ipv6_ext_hdr *)(skb->data + ihl); + if (next_hdr == SFE_IPV6_EXT_HDR_FRAG) { + struct sfe_ipv6_frag_hdr *frag_hdr = (struct sfe_ipv6_frag_hdr *)ext_hdr; + unsigned int frag_off = ntohs(frag_hdr->frag_off); + + if (frag_off & SFE_IPV6_FRAG_OFFSET) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("non-initial fragment\n"); + return 0; + } + } + + ext_hdr_len = ext_hdr->hdr_len; + ext_hdr_len <<= 3; + ext_hdr_len += sizeof(struct sfe_ipv6_ext_hdr); + ihl += ext_hdr_len; + if (!pskb_may_pull(skb, ihl + sizeof(struct sfe_ipv6_ext_hdr))) { + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("extension header %d not completed\n", next_hdr); + return 0; + } + + flush_on_find = true; + next_hdr = ext_hdr->next_hdr; + } + + if (IPPROTO_UDP == next_hdr) { + return sfe_ipv6_recv_udp(si, skb, dev, len, iph, ihl, flush_on_find); + } + + if (IPPROTO_TCP == next_hdr) { + return sfe_ipv6_recv_tcp(si, skb, dev, len, iph, ihl, flush_on_find); + } + + if (IPPROTO_ICMPV6 == next_hdr) { + return sfe_ipv6_recv_icmp(si, skb, dev, len, iph, ihl); + } + + spin_lock_bh(&si->lock); + si->exception_events[SFE_IPV6_EXCEPTION_EVENT_UNHANDLED_PROTOCOL]++; + si->packets_not_forwarded++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("not UDP, TCP or ICMP: %u\n", next_hdr); + return 0; +} + +/* + * sfe_ipv6_update_tcp_state() + * update TCP window variables. + */ +static void +sfe_ipv6_update_tcp_state(struct sfe_ipv6_connection *c, + struct sfe_connection_create *sic) +{ + struct sfe_ipv6_connection_match *orig_cm; + struct sfe_ipv6_connection_match *repl_cm; + struct sfe_ipv6_tcp_connection_match *orig_tcp; + struct sfe_ipv6_tcp_connection_match *repl_tcp; + + orig_cm = c->original_match; + repl_cm = c->reply_match; + orig_tcp = &orig_cm->protocol_state.tcp; + repl_tcp = &repl_cm->protocol_state.tcp; + + /* update orig */ + if (orig_tcp->max_win < sic->src_td_max_window) { + orig_tcp->max_win = sic->src_td_max_window; + } + if ((s32)(orig_tcp->end - sic->src_td_end) < 0) { + orig_tcp->end = sic->src_td_end; + } + if ((s32)(orig_tcp->max_end - sic->src_td_max_end) < 0) { + orig_tcp->max_end = sic->src_td_max_end; + } + + /* update reply */ + if (repl_tcp->max_win < sic->dest_td_max_window) { + repl_tcp->max_win = sic->dest_td_max_window; + } + if ((s32)(repl_tcp->end - sic->dest_td_end) < 0) { + repl_tcp->end = sic->dest_td_end; + } + if ((s32)(repl_tcp->max_end - sic->dest_td_max_end) < 0) { + repl_tcp->max_end = sic->dest_td_max_end; + } + + /* update match flags */ + orig_cm->flags &= ~SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + repl_cm->flags &= ~SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { + orig_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + repl_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + } +} + +/* + * sfe_ipv6_update_protocol_state() + * update protocol specified state machine. + */ +static void +sfe_ipv6_update_protocol_state(struct sfe_ipv6_connection *c, + struct sfe_connection_create *sic) +{ + switch (sic->protocol) { + case IPPROTO_TCP: + sfe_ipv6_update_tcp_state(c, sic); + break; + } +} + +/* + * sfe_ipv6_update_rule() + * update forwarding rule after rule is created. + */ +void sfe_ipv6_update_rule(struct sfe_connection_create *sic) +{ + struct sfe_ipv6_connection *c; + struct sfe_ipv6 *si = &__si6; + + spin_lock_bh(&si->lock); + + c = sfe_ipv6_find_connection(si, + sic->protocol, + sic->src_ip.ip6, + sic->src_port, + sic->dest_ip.ip6, + sic->dest_port); + if (c != NULL) { + sfe_ipv6_update_protocol_state(c, sic); + } + + spin_unlock_bh(&si->lock); +} + +/* + * sfe_ipv6_create_rule() + * Create a forwarding rule. + */ +int sfe_ipv6_create_rule(struct sfe_connection_create *sic) +{ + struct sfe_ipv6 *si = &__si6; + struct sfe_ipv6_connection *c; + struct sfe_ipv6_connection_match *original_cm; + struct sfe_ipv6_connection_match *reply_cm; + struct net_device *dest_dev; + struct net_device *src_dev; + + dest_dev = sic->dest_dev; + src_dev = sic->src_dev; + + if (unlikely((dest_dev->reg_state != NETREG_REGISTERED) || + (src_dev->reg_state != NETREG_REGISTERED))) { + return -EINVAL; + } + + spin_lock_bh(&si->lock); + si->connection_create_requests++; + + /* + * Check to see if there is already a flow that matches the rule we're + * trying to create. If there is then we can't create a new one. + */ + c = sfe_ipv6_find_connection(si, + sic->protocol, + sic->src_ip.ip6, + sic->src_port, + sic->dest_ip.ip6, + sic->dest_port); + if (c != NULL) { + si->connection_create_collisions++; + + /* + * If we already have the flow then it's likely that this + * request to create the connection rule contains more + * up-to-date information. Check and update accordingly. + */ + sfe_ipv6_update_protocol_state(c, sic); + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("connection already exists - mark: %08x, p: %d\n" + " s: %s:%pM:%pI6:%u, d: %s:%pM:%pI6:%u\n", + sic->mark, sic->protocol, + sic->src_dev->name, sic->src_mac, sic->src_ip.ip6, ntohs(sic->src_port), + sic->dest_dev->name, sic->dest_mac, sic->dest_ip.ip6, ntohs(sic->dest_port)); + return -EADDRINUSE; + } + + /* + * Allocate the various connection tracking objects. + */ + c = (struct sfe_ipv6_connection *)kmalloc(sizeof(struct sfe_ipv6_connection), GFP_ATOMIC); + if (unlikely(!c)) { + spin_unlock_bh(&si->lock); + return -ENOMEM; + } + + original_cm = (struct sfe_ipv6_connection_match *)kmalloc(sizeof(struct sfe_ipv6_connection_match), GFP_ATOMIC); + if (unlikely(!original_cm)) { + spin_unlock_bh(&si->lock); + kfree(c); + return -ENOMEM; + } + + reply_cm = (struct sfe_ipv6_connection_match *)kmalloc(sizeof(struct sfe_ipv6_connection_match), GFP_ATOMIC); + if (unlikely(!reply_cm)) { + spin_unlock_bh(&si->lock); + kfree(original_cm); + kfree(c); + return -ENOMEM; + } + + /* + * Fill in the "original" direction connection matching object. + * Note that the transmit MAC address is "dest_mac_xlate" because + * we always know both ends of a connection by their translated + * addresses and not their public addresses. + */ + original_cm->match_dev = src_dev; + original_cm->match_protocol = sic->protocol; + original_cm->match_src_ip[0] = sic->src_ip.ip6[0]; + original_cm->match_src_port = sic->src_port; + original_cm->match_dest_ip[0] = sic->dest_ip.ip6[0]; + original_cm->match_dest_port = sic->dest_port; + original_cm->xlate_src_ip[0] = sic->src_ip_xlate.ip6[0]; + original_cm->xlate_src_port = sic->src_port_xlate; + original_cm->xlate_dest_ip[0] = sic->dest_ip_xlate.ip6[0]; + original_cm->xlate_dest_port = sic->dest_port_xlate; + original_cm->rx_packet_count = 0; + original_cm->rx_packet_count64 = 0; + original_cm->rx_byte_count = 0; + original_cm->rx_byte_count64 = 0; + original_cm->xmit_dev = dest_dev; + original_cm->xmit_dev_mtu = sic->dest_mtu; + memcpy(original_cm->xmit_src_mac, dest_dev->dev_addr, ETH_ALEN); + memcpy(original_cm->xmit_dest_mac, sic->dest_mac_xlate, ETH_ALEN); + original_cm->connection = c; + original_cm->counter_match = reply_cm; + original_cm->flags = 0; + if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { + original_cm->priority = sic->src_priority; + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; + } + if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { + original_cm->dscp = sic->src_dscp << SFE_IPV6_DSCP_SHIFT; + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK; + } +#ifdef CONFIG_XFRM + original_cm->flow_accel = sic->original_accel; +#endif + original_cm->active_next = NULL; + original_cm->active_prev = NULL; + original_cm->active = false; + + /* + * For PPP links we don't write an L2 header. For everything else we do. + */ + if (!(dest_dev->flags & IFF_POINTOPOINT)) { + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; + + /* + * If our dev writes Ethernet headers then we can write a really fast + * version. + */ + if (dest_dev->header_ops) { + if (dest_dev->header_ops->create == eth_header) { + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; + } + } + } + + /* + * Fill in the "reply" direction connection matching object. + */ + reply_cm->match_dev = dest_dev; + reply_cm->match_protocol = sic->protocol; + reply_cm->match_src_ip[0] = sic->dest_ip_xlate.ip6[0]; + reply_cm->match_src_port = sic->dest_port_xlate; + reply_cm->match_dest_ip[0] = sic->src_ip_xlate.ip6[0]; + reply_cm->match_dest_port = sic->src_port_xlate; + reply_cm->xlate_src_ip[0] = sic->dest_ip.ip6[0]; + reply_cm->xlate_src_port = sic->dest_port; + reply_cm->xlate_dest_ip[0] = sic->src_ip.ip6[0]; + reply_cm->xlate_dest_port = sic->src_port; + reply_cm->rx_packet_count = 0; + reply_cm->rx_packet_count64 = 0; + reply_cm->rx_byte_count = 0; + reply_cm->rx_byte_count64 = 0; + reply_cm->xmit_dev = src_dev; + reply_cm->xmit_dev_mtu = sic->src_mtu; + memcpy(reply_cm->xmit_src_mac, src_dev->dev_addr, ETH_ALEN); + memcpy(reply_cm->xmit_dest_mac, sic->src_mac, ETH_ALEN); + reply_cm->connection = c; + reply_cm->counter_match = original_cm; + reply_cm->flags = 0; + if (sic->flags & SFE_CREATE_FLAG_REMARK_PRIORITY) { + reply_cm->priority = sic->dest_priority; + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK; + } + if (sic->flags & SFE_CREATE_FLAG_REMARK_DSCP) { + reply_cm->dscp = sic->dest_dscp << SFE_IPV6_DSCP_SHIFT; + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK; + } +#ifdef CONFIG_XFRM + reply_cm->flow_accel = sic->reply_accel; +#endif + reply_cm->active_next = NULL; + reply_cm->active_prev = NULL; + reply_cm->active = false; + + /* + * For PPP links we don't write an L2 header. For everything else we do. + */ + if (!(src_dev->flags & IFF_POINTOPOINT)) { + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR; + + /* + * If our dev writes Ethernet headers then we can write a really fast + * version. + */ + if (src_dev->header_ops) { + if (src_dev->header_ops->create == eth_header) { + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR; + } + } + } + + + if (!sfe_ipv6_addr_equal(sic->dest_ip.ip6, sic->dest_ip_xlate.ip6) || sic->dest_port != sic->dest_port_xlate) { + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST; + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC; + } + + if (!sfe_ipv6_addr_equal(sic->src_ip.ip6, sic->src_ip_xlate.ip6) || sic->src_port != sic->src_port_xlate) { + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC; + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST; + } + + c->protocol = sic->protocol; + c->src_ip[0] = sic->src_ip.ip6[0]; + c->src_ip_xlate[0] = sic->src_ip_xlate.ip6[0]; + c->src_port = sic->src_port; + c->src_port_xlate = sic->src_port_xlate; + c->original_dev = src_dev; + c->original_match = original_cm; + c->dest_ip[0] = sic->dest_ip.ip6[0]; + c->dest_ip_xlate[0] = sic->dest_ip_xlate.ip6[0]; + c->dest_port = sic->dest_port; + c->dest_port_xlate = sic->dest_port_xlate; + c->reply_dev = dest_dev; + c->reply_match = reply_cm; + c->mark = sic->mark; + c->debug_read_seq = 0; + c->last_sync_jiffies = get_jiffies_64(); + + /* + * Take hold of our source and dest devices for the duration of the connection. + */ + dev_hold(c->original_dev); + dev_hold(c->reply_dev); + + /* + * Initialize the protocol-specific information that we track. + */ + switch (sic->protocol) { + case IPPROTO_TCP: + original_cm->protocol_state.tcp.win_scale = sic->src_td_window_scale; + original_cm->protocol_state.tcp.max_win = sic->src_td_max_window ? sic->src_td_max_window : 1; + original_cm->protocol_state.tcp.end = sic->src_td_end; + original_cm->protocol_state.tcp.max_end = sic->src_td_max_end; + reply_cm->protocol_state.tcp.win_scale = sic->dest_td_window_scale; + reply_cm->protocol_state.tcp.max_win = sic->dest_td_max_window ? sic->dest_td_max_window : 1; + reply_cm->protocol_state.tcp.end = sic->dest_td_end; + reply_cm->protocol_state.tcp.max_end = sic->dest_td_max_end; + if (sic->flags & SFE_CREATE_FLAG_NO_SEQ_CHECK) { + original_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + reply_cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK; + } + break; + } + + sfe_ipv6_connection_match_compute_translations(original_cm); + sfe_ipv6_connection_match_compute_translations(reply_cm); + sfe_ipv6_insert_connection(si, c); + + spin_unlock_bh(&si->lock); + + /* + * We have everything we need! + */ + DEBUG_INFO("new connection - mark: %08x, p: %d\n" + " s: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n" + " d: %s:%pM(%pM):%pI6(%pI6):%u(%u)\n", + sic->mark, sic->protocol, + sic->src_dev->name, sic->src_mac, sic->src_mac_xlate, + sic->src_ip.ip6, sic->src_ip_xlate.ip6, ntohs(sic->src_port), ntohs(sic->src_port_xlate), + dest_dev->name, sic->dest_mac, sic->dest_mac_xlate, + sic->dest_ip.ip6, sic->dest_ip_xlate.ip6, ntohs(sic->dest_port), ntohs(sic->dest_port_xlate)); + + return 0; +} + +/* + * sfe_ipv6_destroy_rule() + * Destroy a forwarding rule. + */ +void sfe_ipv6_destroy_rule(struct sfe_connection_destroy *sid) +{ + struct sfe_ipv6 *si = &__si6; + struct sfe_ipv6_connection *c; + + spin_lock_bh(&si->lock); + si->connection_destroy_requests++; + + /* + * Check to see if we have a flow that matches the rule we're trying + * to destroy. If there isn't then we can't destroy it. + */ + c = sfe_ipv6_find_connection(si, sid->protocol, sid->src_ip.ip6, sid->src_port, + sid->dest_ip.ip6, sid->dest_port); + if (!c) { + si->connection_destroy_misses++; + spin_unlock_bh(&si->lock); + + DEBUG_TRACE("connection does not exist - p: %d, s: %pI6:%u, d: %pI6:%u\n", + sid->protocol, sid->src_ip.ip6, ntohs(sid->src_port), + sid->dest_ip.ip6, ntohs(sid->dest_port)); + return; + } + + /* + * Remove our connection details from the hash tables. + */ + sfe_ipv6_remove_connection(si, c); + spin_unlock_bh(&si->lock); + + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_DESTROY); + + DEBUG_INFO("connection destroyed - p: %d, s: %pI6:%u, d: %pI6:%u\n", + sid->protocol, sid->src_ip.ip6, ntohs(sid->src_port), + sid->dest_ip.ip6, ntohs(sid->dest_port)); +} + +/* + * sfe_ipv6_register_sync_rule_callback() + * Register a callback for rule synchronization. + */ +void sfe_ipv6_register_sync_rule_callback(sfe_sync_rule_callback_t sync_rule_callback) +{ + struct sfe_ipv6 *si = &__si6; + + spin_lock_bh(&si->lock); + rcu_assign_pointer(si->sync_rule_callback, sync_rule_callback); + spin_unlock_bh(&si->lock); +} + +/* + * sfe_ipv6_get_debug_dev() + */ +static ssize_t sfe_ipv6_get_debug_dev(struct device *dev, + struct device_attribute *attr, + char *buf) +{ + struct sfe_ipv6 *si = &__si6; + ssize_t count; + int num; + + spin_lock_bh(&si->lock); + num = si->debug_dev; + spin_unlock_bh(&si->lock); + + count = snprintf(buf, (ssize_t)PAGE_SIZE, "%d\n", num); + return count; +} + +/* + * sfe_ipv6_destroy_all_rules_for_dev() + * Destroy all connections that match a particular device. + * + * If we pass dev as NULL then this destroys all connections. + */ +void sfe_ipv6_destroy_all_rules_for_dev(struct net_device *dev) +{ + struct sfe_ipv6 *si = &__si6; + struct sfe_ipv6_connection *c; + +another_round: + spin_lock_bh(&si->lock); + + for (c = si->all_connections_head; c; c = c->all_connections_next) { + /* + * Does this connection relate to the device we are destroying? + */ + if (!dev + || (dev == c->original_dev) + || (dev == c->reply_dev)) { + break; + } + } + + if (c) { + sfe_ipv6_remove_connection(si, c); + } + + spin_unlock_bh(&si->lock); + + if (c) { + sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_DESTROY); + goto another_round; + } +} + +/* + * sfe_ipv6_periodic_sync() + */ +static void sfe_ipv6_periodic_sync(unsigned long arg) +{ + struct sfe_ipv6 *si = (struct sfe_ipv6 *)arg; + u64 now_jiffies; + int quota; + sfe_sync_rule_callback_t sync_rule_callback; + + now_jiffies = get_jiffies_64(); + + rcu_read_lock(); + sync_rule_callback = rcu_dereference(si->sync_rule_callback); + if (!sync_rule_callback) { + rcu_read_unlock(); + goto done; + } + + spin_lock_bh(&si->lock); + sfe_ipv6_update_summary_stats(si); + + /* + * Get an estimate of the number of connections to parse in this sync. + */ + quota = (si->num_connections + 63) / 64; + + /* + * Walk the "active" list and sync the connection state. + */ + while (quota--) { + struct sfe_ipv6_connection_match *cm; + struct sfe_ipv6_connection_match *counter_cm; + struct sfe_ipv6_connection *c; + struct sfe_connection_sync sis; + + cm = si->active_head; + if (!cm) { + break; + } + + /* + * There's a possibility that our counter match is in the active list too. + * If it is then remove it. + */ + counter_cm = cm->counter_match; + if (counter_cm->active) { + counter_cm->active = false; + + /* + * We must have a connection preceding this counter match + * because that's the one that got us to this point, so we don't have + * to worry about removing the head of the list. + */ + counter_cm->active_prev->active_next = counter_cm->active_next; + + if (likely(counter_cm->active_next)) { + counter_cm->active_next->active_prev = counter_cm->active_prev; + } else { + si->active_tail = counter_cm->active_prev; + } + + counter_cm->active_next = NULL; + counter_cm->active_prev = NULL; + } + + /* + * Now remove the head of the active scan list. + */ + cm->active = false; + si->active_head = cm->active_next; + if (likely(cm->active_next)) { + cm->active_next->active_prev = NULL; + } else { + si->active_tail = NULL; + } + cm->active_next = NULL; + + /* + * Sync the connection state. + */ + c = cm->connection; + sfe_ipv6_gen_sync_connection(si, c, &sis, SFE_SYNC_REASON_STATS, now_jiffies); + + /* + * We don't want to be holding the lock when we sync! + */ + spin_unlock_bh(&si->lock); + sync_rule_callback(&sis); + spin_lock_bh(&si->lock); + } + + spin_unlock_bh(&si->lock); + rcu_read_unlock(); + +done: + mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); +} + +/* + * sfe_ipv6_debug_dev_read_start() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_start(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + + si->debug_read_seq++; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv6_debug_dev_read_connections_start() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_connections_start(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv6_debug_dev_read_connections_connection() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_connections_connection(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + struct sfe_ipv6_connection *c; + struct sfe_ipv6_connection_match *original_cm; + struct sfe_ipv6_connection_match *reply_cm; + int bytes_read; + int protocol; + struct net_device *src_dev; + struct sfe_ipv6_addr src_ip; + struct sfe_ipv6_addr src_ip_xlate; + __be16 src_port; + __be16 src_port_xlate; + u64 src_rx_packets; + u64 src_rx_bytes; + struct net_device *dest_dev; + struct sfe_ipv6_addr dest_ip; + struct sfe_ipv6_addr dest_ip_xlate; + __be16 dest_port; + __be16 dest_port_xlate; + u64 dest_rx_packets; + u64 dest_rx_bytes; + u64 last_sync_jiffies; + u32 mark, src_priority, dest_priority, src_dscp, dest_dscp; + + spin_lock_bh(&si->lock); + + for (c = si->all_connections_head; c; c = c->all_connections_next) { + if (c->debug_read_seq < si->debug_read_seq) { + c->debug_read_seq = si->debug_read_seq; + break; + } + } + + /* + * If there were no connections then move to the next state. + */ + if (!c) { + spin_unlock_bh(&si->lock); + ws->state++; + return true; + } + + original_cm = c->original_match; + reply_cm = c->reply_match; + + protocol = c->protocol; + src_dev = c->original_dev; + src_ip = c->src_ip[0]; + src_ip_xlate = c->src_ip_xlate[0]; + src_port = c->src_port; + src_port_xlate = c->src_port_xlate; + src_priority = original_cm->priority; + src_dscp = original_cm->dscp >> SFE_IPV6_DSCP_SHIFT; + + sfe_ipv6_connection_match_update_summary_stats(original_cm); + sfe_ipv6_connection_match_update_summary_stats(reply_cm); + + src_rx_packets = original_cm->rx_packet_count64; + src_rx_bytes = original_cm->rx_byte_count64; + dest_dev = c->reply_dev; + dest_ip = c->dest_ip[0]; + dest_ip_xlate = c->dest_ip_xlate[0]; + dest_port = c->dest_port; + dest_port_xlate = c->dest_port_xlate; + dest_priority = reply_cm->priority; + dest_dscp = reply_cm->dscp >> SFE_IPV6_DSCP_SHIFT; + dest_rx_packets = reply_cm->rx_packet_count64; + dest_rx_bytes = reply_cm->rx_byte_count64; + last_sync_jiffies = get_jiffies_64() - c->last_sync_jiffies; + mark = c->mark; + + spin_unlock_bh(&si->lock); + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\t\n", + protocol, + src_dev->name, + &src_ip, &src_ip_xlate, + ntohs(src_port), ntohs(src_port_xlate), + src_priority, src_dscp, + src_rx_packets, src_rx_bytes, + dest_dev->name, + &dest_ip, &dest_ip_xlate, + ntohs(dest_port), ntohs(dest_port_xlate), + dest_priority, dest_dscp, + dest_rx_packets, dest_rx_bytes, + last_sync_jiffies, mark); + + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + return true; +} + +/* + * sfe_ipv6_debug_dev_read_connections_end() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_connections_end(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv6_debug_dev_read_exceptions_start() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_exceptions_start(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv6_debug_dev_read_exceptions_exception() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_exceptions_exception(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + u64 ct; + + spin_lock_bh(&si->lock); + ct = si->exception_events64[ws->iter_exception]; + spin_unlock_bh(&si->lock); + + if (ct) { + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, + "\t\t\n", + sfe_ipv6_exception_events_string[ws->iter_exception], + ct); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + } + + ws->iter_exception++; + if (ws->iter_exception >= SFE_IPV6_EXCEPTION_EVENT_LAST) { + ws->iter_exception = 0; + ws->state++; + } + + return true; +} + +/* + * sfe_ipv6_debug_dev_read_exceptions_end() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_exceptions_end(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv6_debug_dev_read_stats() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_stats(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + unsigned int num_connections; + u64 packets_forwarded; + u64 packets_not_forwarded; + u64 connection_create_requests; + u64 connection_create_collisions; + u64 connection_destroy_requests; + u64 connection_destroy_misses; + u64 connection_flushes; + u64 connection_match_hash_hits; + u64 connection_match_hash_reorders; + + spin_lock_bh(&si->lock); + sfe_ipv6_update_summary_stats(si); + + num_connections = si->num_connections; + packets_forwarded = si->packets_forwarded64; + packets_not_forwarded = si->packets_not_forwarded64; + connection_create_requests = si->connection_create_requests64; + connection_create_collisions = si->connection_create_collisions64; + connection_destroy_requests = si->connection_destroy_requests64; + connection_destroy_misses = si->connection_destroy_misses64; + connection_flushes = si->connection_flushes64; + connection_match_hash_hits = si->connection_match_hash_hits64; + connection_match_hash_reorders = si->connection_match_hash_reorders64; + spin_unlock_bh(&si->lock); + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\t\n", + num_connections, + packets_forwarded, + packets_not_forwarded, + connection_create_requests, + connection_create_collisions, + connection_destroy_requests, + connection_destroy_misses, + connection_flushes, + connection_match_hash_hits, + connection_match_hash_reorders); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * sfe_ipv6_debug_dev_read_end() + * Generate part of the XML output. + */ +static bool sfe_ipv6_debug_dev_read_end(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length, + int *total_read, struct sfe_ipv6_debug_xml_write_state *ws) +{ + int bytes_read; + + bytes_read = snprintf(msg, CHAR_DEV_MSG_SIZE, "\n"); + if (copy_to_user(buffer + *total_read, msg, CHAR_DEV_MSG_SIZE)) { + return false; + } + + *length -= bytes_read; + *total_read += bytes_read; + + ws->state++; + return true; +} + +/* + * Array of write functions that write various XML elements that correspond to + * our XML output state machine. + */ +static sfe_ipv6_debug_xml_write_method_t sfe_ipv6_debug_xml_write_methods[SFE_IPV6_DEBUG_XML_STATE_DONE] = { + sfe_ipv6_debug_dev_read_start, + sfe_ipv6_debug_dev_read_connections_start, + sfe_ipv6_debug_dev_read_connections_connection, + sfe_ipv6_debug_dev_read_connections_end, + sfe_ipv6_debug_dev_read_exceptions_start, + sfe_ipv6_debug_dev_read_exceptions_exception, + sfe_ipv6_debug_dev_read_exceptions_end, + sfe_ipv6_debug_dev_read_stats, + sfe_ipv6_debug_dev_read_end, +}; + +/* + * sfe_ipv6_debug_dev_read() + * Send info to userspace upon read request from user + */ +static ssize_t sfe_ipv6_debug_dev_read(struct file *filp, char *buffer, size_t length, loff_t *offset) +{ + char msg[CHAR_DEV_MSG_SIZE]; + int total_read = 0; + struct sfe_ipv6_debug_xml_write_state *ws; + struct sfe_ipv6 *si = &__si6; + + ws = (struct sfe_ipv6_debug_xml_write_state *)filp->private_data; + while ((ws->state != SFE_IPV6_DEBUG_XML_STATE_DONE) && (length > CHAR_DEV_MSG_SIZE)) { + if ((sfe_ipv6_debug_xml_write_methods[ws->state])(si, buffer, msg, &length, &total_read, ws)) { + continue; + } + } + + return total_read; +} + +/* + * sfe_ipv6_debug_dev_write() + * Write to char device resets some stats + */ +static ssize_t sfe_ipv6_debug_dev_write(struct file *filp, const char *buffer, size_t length, loff_t *offset) +{ + struct sfe_ipv6 *si = &__si6; + + spin_lock_bh(&si->lock); + sfe_ipv6_update_summary_stats(si); + + si->packets_forwarded64 = 0; + si->packets_not_forwarded64 = 0; + si->connection_create_requests64 = 0; + si->connection_create_collisions64 = 0; + si->connection_destroy_requests64 = 0; + si->connection_destroy_misses64 = 0; + si->connection_flushes64 = 0; + si->connection_match_hash_hits64 = 0; + si->connection_match_hash_reorders64 = 0; + spin_unlock_bh(&si->lock); + + return length; +} + +/* + * sfe_ipv6_debug_dev_open() + */ +static int sfe_ipv6_debug_dev_open(struct inode *inode, struct file *file) +{ + struct sfe_ipv6_debug_xml_write_state *ws; + + ws = (struct sfe_ipv6_debug_xml_write_state *)file->private_data; + if (ws) { + return 0; + } + + ws = kzalloc(sizeof(struct sfe_ipv6_debug_xml_write_state), GFP_KERNEL); + if (!ws) { + return -ENOMEM; + } + + ws->state = SFE_IPV6_DEBUG_XML_STATE_START; + file->private_data = ws; + + return 0; +} + +/* + * sfe_ipv6_debug_dev_release() + */ +static int sfe_ipv6_debug_dev_release(struct inode *inode, struct file *file) +{ + struct sfe_ipv6_debug_xml_write_state *ws; + + ws = (struct sfe_ipv6_debug_xml_write_state *)file->private_data; + if (ws) { + /* + * We've finished with our output so free the write state. + */ + kfree(ws); + } + + return 0; +} + +/* + * File operations used in the debug char device + */ +static struct file_operations sfe_ipv6_debug_dev_fops = { + .read = sfe_ipv6_debug_dev_read, + .write = sfe_ipv6_debug_dev_write, + .open = sfe_ipv6_debug_dev_open, + .release = sfe_ipv6_debug_dev_release +}; + +/* + * sfe_ipv6_init() + */ +static int __init sfe_ipv6_init(void) +{ + struct sfe_ipv6 *si = &__si6; + int result = -1; + + DEBUG_INFO("SFE IPv6 init\n"); + + /* + * Create sys/sfe_ipv6 + */ + si->sys_sfe_ipv6 = kobject_create_and_add("sfe_ipv6", NULL); + if (!si->sys_sfe_ipv6) { + DEBUG_ERROR("failed to register sfe_ipv6\n"); + goto exit1; + } + + /* + * Create files, one for each parameter supported by this module. + */ + result = sysfs_create_file(si->sys_sfe_ipv6, &sfe_ipv6_debug_dev_attr.attr); + if (result) { + DEBUG_ERROR("failed to register debug dev file: %d\n", result); + goto exit2; + } + + /* + * Register our debug char device. + */ + result = register_chrdev(0, "sfe_ipv6", &sfe_ipv6_debug_dev_fops); + if (result < 0) { + DEBUG_ERROR("Failed to register chrdev: %d\n", result); + goto exit3; + } + + si->debug_dev = result; + + /* + * Create a timer to handle periodic statistics. + */ + setup_timer(&si->timer, sfe_ipv6_periodic_sync, (unsigned long)si); + mod_timer(&si->timer, jiffies + ((HZ + 99) / 100)); + + spin_lock_init(&si->lock); + + return 0; + +exit3: + sysfs_remove_file(si->sys_sfe_ipv6, &sfe_ipv6_debug_dev_attr.attr); + +exit2: + kobject_put(si->sys_sfe_ipv6); + +exit1: + return result; +} + +/* + * sfe_ipv6_exit() + */ +static void __exit sfe_ipv6_exit(void) +{ + struct sfe_ipv6 *si = &__si6; + + DEBUG_INFO("SFE IPv6 exit\n"); + + /* + * Destroy all connections. + */ + sfe_ipv6_destroy_all_rules_for_dev(NULL); + + del_timer_sync(&si->timer); + + unregister_chrdev(si->debug_dev, "sfe_ipv6"); + + sysfs_remove_file(si->sys_sfe_ipv6, &sfe_ipv6_debug_dev_attr.attr); + + kobject_put(si->sys_sfe_ipv6); +} + +module_init(sfe_ipv6_init) +module_exit(sfe_ipv6_exit) + +EXPORT_SYMBOL(sfe_ipv6_recv); +EXPORT_SYMBOL(sfe_ipv6_create_rule); +EXPORT_SYMBOL(sfe_ipv6_destroy_rule); +EXPORT_SYMBOL(sfe_ipv6_destroy_all_rules_for_dev); +EXPORT_SYMBOL(sfe_ipv6_register_sync_rule_callback); +EXPORT_SYMBOL(sfe_ipv6_mark_rule); +EXPORT_SYMBOL(sfe_ipv6_update_rule); + +MODULE_DESCRIPTION("Shortcut Forwarding Engine - IPv6 support"); +MODULE_LICENSE("Dual BSD/GPL"); + diff --git a/package/lean/shortcut-fe/src/userspace_example.c b/package/lean/shortcut-fe/src/userspace_example.c new file mode 100644 index 000000000..8bdd4670c --- /dev/null +++ b/package/lean/shortcut-fe/src/userspace_example.c @@ -0,0 +1,232 @@ +/* + * Copyright (c) 2013,2016 The Linux Foundation. All rights reserved. + * Permission to use, copy, modify, and/or distribute this software for + * any purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all copies. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include + +#include "fast-classifier.h" + +static struct nl_sock *sock; +static struct nl_sock *sock_event; +static int family; +static int grp_id; + +static struct nla_policy fast_classifier_genl_policy[FAST_CLASSIFIER_A_MAX + 1] = { + [FAST_CLASSIFIER_A_TUPLE] = { .type = NLA_UNSPEC }, +}; + +void dump_fc_tuple(struct fast_classifier_tuple *fc_msg) +{ + char src_str[INET_ADDRSTRLEN]; + char dst_str[INET_ADDRSTRLEN]; + + printf("TUPLE: %d, %s, %s, %d, %d" + " SMAC=%02x:%02x:%02x:%02x:%02x:%02x", + " DMAC=%02x:%02x:%02x:%02x:%02x:%02x\n", + fc_msg->proto, + inet_ntop(AF_INET, + &fc_msg->src_saddr.in.s_addr, + src_str, + INET_ADDRSTRLEN), + inet_ntop(AF_INET, + &fc_msg->dst_saddr.in.s_addr, + dst_str, + INET_ADDRSTRLEN), + fc_msg->sport, fc_msg->dport, + fc_msg->smac[0], fc_msg->smac[1], fc_msg->smac[2], + fc_msg->smac[3], fc_msg->smac[4], fc_msg->smac[5], + fc_msg->dmac[0], fc_msg->dmac[1], fc_msg->dmac[2], + fc_msg->dmac[3], fc_msg->dmac[4], fc_msg->dmac[5]); +} + +static int parse_cb(struct nl_msg *msg, void *arg) +{ + struct nlmsghdr *nlh = nlmsg_hdr(msg); + struct genlmsghdr *gnlh = nlmsg_data(nlh); + struct nlattr *attrs[FAST_CLASSIFIER_A_MAX]; + + genlmsg_parse(nlh, 0, attrs, FAST_CLASSIFIER_A_MAX, fast_classifier_genl_policy); + + switch (gnlh->cmd) { + case FAST_CLASSIFIER_C_OFFLOADED: + printf("Got a offloaded message\n"); + dump_fc_tuple(nla_data(attrs[FAST_CLASSIFIER_A_TUPLE])); + return NL_OK; + case FAST_CLASSIFIER_C_DONE: + printf("Got a done message\n"); + dump_fc_tuple(nla_data(attrs[FAST_CLASSIFIER_A_TUPLE])); + return NL_OK; + } + + return NL_SKIP; +} + +int fast_classifier_init(void) +{ + int err; + + sock = nl_socket_alloc(); + if (!sock) { + printf("Unable to allocation socket.\n"); + return -1; + } + genl_connect(sock); + + sock_event = nl_socket_alloc(); + if (!sock_event) { + nl_close(sock); + nl_socket_free(sock); + printf("Unable to allocation socket.\n"); + return -1; + } + genl_connect(sock_event); + + family = genl_ctrl_resolve(sock, FAST_CLASSIFIER_GENL_NAME); + if (family < 0) { + nl_close(sock_event); + nl_close(sock); + nl_socket_free(sock); + nl_socket_free(sock_event); + printf("Unable to resolve family\n"); + return -1; + } + + grp_id = genl_ctrl_resolve_grp(sock, FAST_CLASSIFIER_GENL_NAME, + FAST_CLASSIFIER_GENL_MCGRP); + if (grp_id < 0) { + printf("Unable to resolve mcast group\n"); + return -1; + } + + err = nl_socket_add_membership(sock_event, grp_id); + if (err < 0) { + printf("Unable to add membership\n"); + return -1; + } + + nl_socket_disable_seq_check(sock_event); + nl_socket_modify_cb(sock_event, NL_CB_VALID, NL_CB_CUSTOM, parse_cb, NULL); + + return 0; +} + +void fast_classifier_close(void) +{ + nl_close(sock_event); + nl_close(sock); + nl_socket_free(sock_event); + nl_socket_free(sock); +} + +void fast_classifier_ipv4_offload(unsigned char proto, unsigned long src_saddr, + unsigned long dst_saddr, unsigned short sport, + unsigned short dport) +{ + struct nl_msg *msg; + int ret; +#ifdef DEBUG + char src_str[INET_ADDRSTRLEN]; + char dst_str[INET_ADDRSTRLEN]; +#endif + struct fast_classifier_tuple fc_msg; + +#ifdef DEBUG + printf("DEBUG: would offload: %d, %s, %s, %d, %d\n", proto, + inet_ntop(AF_INET, &src_saddr, src_str, INET_ADDRSTRLEN), + inet_ntop(AF_INET, &dst_saddr, dst_str, INET_ADDRSTRLEN), + sport, dport); +#endif + + fc_msg.proto = proto; + fc_msg.src_saddr.in.s_addr = src_saddr; + fc_msg.dst_saddr.in.s_addr = dst_saddr; + fc_msg.sport = sport; + fc_msg.dport = dport; + fc_msg.smac[0] = 'a'; + fc_msg.smac[1] = 'b'; + fc_msg.smac[2] = 'c'; + fc_msg.smac[3] = 'd'; + fc_msg.smac[4] = 'e'; + fc_msg.smac[5] = 'f'; + fc_msg.dmac[0] = 'f'; + fc_msg.dmac[1] = 'e'; + fc_msg.dmac[2] = 'd'; + fc_msg.dmac[3] = 'c'; + fc_msg.dmac[4] = 'b'; + fc_msg.dmac[5] = 'a'; + + if (fast_classifier_init() < 0) { + printf("Unable to init generic netlink\n"); + exit(1); + } + + msg = nlmsg_alloc(); + if (!msg) { + nl_socket_free(sock); + printf("Unable to allocate message\n"); + return; + } + + genlmsg_put(msg, NL_AUTO_PID, NL_AUTO_SEQ, family, + FAST_CLASSIFIER_GENL_HDRSIZE, NLM_F_REQUEST, + FAST_CLASSIFIER_C_OFFLOAD, FAST_CLASSIFIER_GENL_VERSION); + nla_put(msg, 1, sizeof(fc_msg), &fc_msg); + + ret = nl_send_auto_complete(sock, msg); + + nlmsg_free(msg); + if (ret < 0) { + printf("nlmsg_free failed"); + nl_close(sock); + nl_socket_free(sock); + return; + } + + ret = nl_wait_for_ack(sock); + if (ret < 0) { + printf("wait for ack failed"); + nl_close(sock); + nl_socket_free(sock); + return; + } +} + +void fast_classifier_listen_for_messages(void) +{ + printf("waiting for netlink events\n"); + + while (1) { + nl_recvmsgs_default(sock_event); + } +} + +int main(int argc, char *argv[]) +{ + if (fast_classifier_init() < 0) { + printf("Unable to init generic netlink\n"); + exit(1); + } + + fast_classifier_ipv4_offload('a', 0, 0, 0, 0); + + /* this never returns */ + fast_classifier_listen_for_messages(); + + fast_classifier_close(); + + return 0; +} diff --git a/package/lean/softethervpn5/Makefile b/package/lean/softethervpn5/Makefile new file mode 100644 index 000000000..ef41c4c60 --- /dev/null +++ b/package/lean/softethervpn5/Makefile @@ -0,0 +1,166 @@ +# Based partially on the versions of el1n and Federico Di Marco + +include $(TOPDIR)/rules.mk + +PKG_NAME:=softethervpn +PKG_VERSION_NAME:=5.01 +PKG_RELEASE:=1 + +PKG_MAINTAINER:=Andy Walsh +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/SoftEtherVPN/SoftEtherVPN.git +PKG_SOURCE_DATE:=2018-10-03 +PKG_SOURCE_VERSION:=2271bf5fba410f815bf6834aae65d4b513cee1b2 +PKG_MIRROR_HASH:=bc921fa4646a54d523d0388e50c202943f020ebb1679d1fd858954aa585a11e3 + +HOST_BUILD_DEPENDS:=ncurses/host readline/host +PKG_BUILD_DEPENDS:=softethervpn5/host + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk +include $(INCLUDE_DIR)/nls.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/softethervpn5/Default + SECTION:=net + CATEGORY:=Network + SUBMENU:=VPN + TITLE:=softethervpn $(PKG_VERSION_NAME) + URL:=http://www.softether.org/ +endef + +define Package/softethervpn5/Default/description + SoftEther VPN supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec as a single VPN software. + SoftEther VPN is not only an alternative VPN server to existing VPN products (OpenVPN, IPsec and MS-SSTP), + but has also original strong SSL-VPN protocol to penetrate any kinds of firewalls. + Guide: https://wordpress.tirlins.com/2015/03/setting-up-softether-vpn-on-openwrt/ +endef + +define Package/softethervpn5-libs + $(call Package/softethervpn5/Default) + DEPENDS:=+libpthread +librt +libreadline +libopenssl +libncurses +kmod-tun +zlib $(ICONV_DEPENDS) + TITLE+= libs + HIDDEN:=1 +endef + +define Package/softethervpn5-server + $(call Package/softethervpn5/Default) + TITLE+= server + DEPENDS:= +softethervpn5-libs +endef +define Package/softethervpn5-server/description + $(call Package/softethervpn5/Default/description) + + Provides the vpnserver (daemon). +endef + +define Package/softethervpn5-bridge + $(call Package/softethervpn5/Default) + TITLE+= bridge + DEPENDS:= +softethervpn5-libs +endef +define Package/softethervpn5-bridge/description + $(call Package/softethervpn5/Default/description) + + Provides the vpnbridge (daemon). +endef + +define Package/softethervpn5-client + $(call Package/softethervpn5/Default) + TITLE+= client + DEPENDS:= +softethervpn5-libs +endef +define Package/softethervpn5-client/description + $(call Package/softethervpn5/Default/description) + + Provides the vpnclient (daemon). +endef + +export USE_MUSL=YES +# BUG: outdated host/include/elf.h +HOST_CFLAGS += $(FPIC) -DAT_HWCAP2=26 +TARGET_CFLAGS += $(FPIC) + +define Host/Compile + $(call Host/Compile/Default,hamcorebuilder) +endef + +define Host/Install + $(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/bin/ + $(INSTALL_BIN) $(HOST_BUILD_DIR)/tmp/hamcorebuilder $(STAGING_DIR_HOSTPKG)/bin/ +endef + +define Build/Prepare + $(Build/Prepare/Default) + # build as shared libs + $(SED) 's,STATIC,SHARED,g' $(PKG_BUILD_DIR)/src/Mayaqua/CMakeLists.txt + $(SED) 's,STATIC,SHARED,g' $(PKG_BUILD_DIR)/src/Cedar/CMakeLists.txt +endef + +define Build/Compile + $(call Build/Compile/Default,vpnserver vpnbridge vpnclient vpncmd hamcore-archive-build) +endef + +define Build/Install +endef + +define Package/softethervpn5-libs/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_BUILD_DIR)/tmp/Cedar/libcedar.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/tmp/Mayaqua/libmayaqua.so $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/libexec/softethervpn + $(CP) $(PKG_BUILD_DIR)/tmp/hamcore.se2 $(1)/usr/libexec/softethervpn/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/vpncmd/vpncmd $(1)/usr/libexec/softethervpn/ + $(INSTALL_BIN) files/launcher.sh $(1)/usr/libexec/softethervpn/ + $(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/lang.config + $(INSTALL_DIR) $(1)/usr/bin + $(LN) ../../usr/libexec/softethervpn/launcher.sh $(1)/usr/bin/vpncmd +endef + +define Package/softethervpn5-server/install + $(INSTALL_DIR) $(1)/usr/libexec/softethervpn + $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/vpnserver/vpnserver $(1)/usr/libexec/softethervpn/ + $(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_server.config + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) files/vpnserver.init $(1)/etc/init.d/softethervpnserver +endef + +define Package/softethervpn5-bridge/install + $(INSTALL_DIR) $(1)/usr/libexec/softethervpn + $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/vpnbridge/vpnbridge $(1)/usr/libexec/softethervpn/ + $(INSTALL_BIN) files/launcher.sh $(1)/usr/libexec/softethervpn/ + $(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_bridge.config + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) files/vpnbridge.init $(1)/etc/init.d/softethervpnbridge +endef + +define Package/softethervpn5-client/install + $(INSTALL_DIR) $(1)/usr/libexec/softethervpn + $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/vpnclient/vpnclient $(1)/usr/libexec/softethervpn/ + $(INSTALL_BIN) files/launcher.sh $(1)/usr/libexec/softethervpn/ + $(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_client.config + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) files/vpnclient.init $(1)/etc/init.d/softethervpnclient +endef + +define Package/softethervpn5-server/conffiles + /usr/libexec/softethervpn/vpn_server.config + /usr/libexec/softethervpn/lang.config +endef +define Package/softethervpn5-bridge/conffiles + /usr/libexec/softethervpn/vpn_bridge.config + /usr/libexec/softethervpn/lang.config +endef +define Package/softethervpn5-client/conffiles + /usr/libexec/softethervpn/vpn_client.config + /usr/libexec/softethervpn/lang.config +endef + +$(eval $(call HostBuild)) +$(eval $(call BuildPackage,softethervpn5-libs)) +$(eval $(call BuildPackage,softethervpn5-server)) +$(eval $(call BuildPackage,softethervpn5-bridge)) +$(eval $(call BuildPackage,softethervpn5-client)) diff --git a/package/lean/softethervpn5/files/dummy b/package/lean/softethervpn5/files/dummy new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/package/lean/softethervpn5/files/dummy @@ -0,0 +1 @@ + diff --git a/package/lean/softethervpn5/files/launcher.sh b/package/lean/softethervpn5/files/launcher.sh new file mode 100644 index 000000000..79707922a --- /dev/null +++ b/package/lean/softethervpn5/files/launcher.sh @@ -0,0 +1,2 @@ +#!/bin/sh +exec "/usr/libexec/softethervpn/${0##*/}" "$@" diff --git a/package/lean/softethervpn5/files/vpnbridge.init b/package/lean/softethervpn5/files/vpnbridge.init new file mode 100644 index 000000000..1311e652b --- /dev/null +++ b/package/lean/softethervpn5/files/vpnbridge.init @@ -0,0 +1,28 @@ +#!/bin/sh /etc/rc.common + +START=90 +USE_PROCD=1 + +start_service(){ + logger -t 'softethervpn5' "Starting softether bridge service." + + [ -d /var/softethervpn ] || mkdir -p -m 0775 /var/softethervpn + + [ -f /var/softethervpn/hamcore.se2 ] || ln -sf /usr/libexec/softethervpn/hamcore.se2 /var/softethervpn/ + [ -f /var/softethervpn/lang.config ] || ln -sf /usr/libexec/softethervpn/lang.config /var/softethervpn/ + + [ -f /var/softethervpn/vpnbridge ] || ln -sf /usr/libexec/softethervpn/vpnbridge /var/softethervpn/ + [ -f /var/softethervpn/vpn_bridge.config ] || ln -sf /usr/libexec/softethervpn/vpn_bridge.config /var/softethervpn/ + + procd_open_instance + procd_set_param env LANG=en_US.UTF-8 + procd_set_param command /var/softethervpn/vpnbridge start --foreground + procd_set_param respawn + procd_close_instance +} + +stop_service(){ + logger -t 'softethervpn5' "Stopping softether bridge service." + + /var/softethervpn/vpnbridge stop +} diff --git a/package/lean/softethervpn5/files/vpnclient.init b/package/lean/softethervpn5/files/vpnclient.init new file mode 100644 index 000000000..e4766f0fe --- /dev/null +++ b/package/lean/softethervpn5/files/vpnclient.init @@ -0,0 +1,28 @@ +#!/bin/sh /etc/rc.common + +START=92 +USE_PROCD=1 + +start_service(){ + logger -t 'softethervpn5' "Starting softether client service." + + [ -d /var/softethervpn ] || mkdir -p -m 0775 /var/softethervpn + + [ -f /var/softethervpn/hamcore.se2 ] || ln -sf /usr/libexec/softethervpn/hamcore.se2 /var/softethervpn/ + [ -f /var/softethervpn/lang.config ] || ln -sf /usr/libexec/softethervpn/lang.config /var/softethervpn/ + + [ -f /var/softethervpn/vpnclient ] || ln -sf /usr/libexec/softethervpn/vpnclient /var/softethervpn/ + [ -f /var/softethervpn/vpn_client.config ] || ln -sf /usr/libexec/softethervpn/vpn_client.config /var/softethervpn/ + + procd_open_instance + procd_set_param env LANG=en_US.UTF-8 + procd_set_param command /var/softethervpn/vpnclient start --foreground + procd_set_param respawn + procd_close_instance +} + +stop_service(){ + logger -t 'softethervpn5' "Stopping softether client service." + + /var/softethervpn/vpnclient stop +} diff --git a/package/lean/softethervpn5/files/vpnserver.init b/package/lean/softethervpn5/files/vpnserver.init new file mode 100644 index 000000000..e6f73da31 --- /dev/null +++ b/package/lean/softethervpn5/files/vpnserver.init @@ -0,0 +1,28 @@ +#!/bin/sh /etc/rc.common + +START=91 +USE_PROCD=1 + +start_service(){ + logger -t 'softethervpn5' "Starting softether vpnserver service." + + [ -d /var/softethervpn ] || mkdir -p -m 0775 /var/softethervpn + + [ -f /var/softethervpn/hamcore.se2 ] || ln -sf /usr/libexec/softethervpn/hamcore.se2 /var/softethervpn/ + [ -f /var/softethervpn/lang.config ] || ln -sf /usr/libexec/softethervpn/lang.config /var/softethervpn/ + + [ -f /var/softethervpn/vpnserver ] || ln -sf /usr/libexec/softethervpn/vpnserver /var/softethervpn/ + [ -f /var/softethervpn/vpn_server.config ] || ln -sf /usr/libexec/softethervpn/vpn_server.config /var/softethervpn/ + + procd_open_instance + procd_set_param env LANG=en_US.UTF-8 + procd_set_param command /var/softethervpn/vpnserver start --foreground + procd_set_param respawn + procd_close_instance +} + +stop_service(){ + logger -t 'softethervpn5' "Stopping softether vpnserver service." + + /var/softethervpn/vpnserver stop +} diff --git a/package/lean/softethervpn5/patches/100-increase-cfg-save-intervall.patch b/package/lean/softethervpn5/patches/100-increase-cfg-save-intervall.patch new file mode 100644 index 000000000..5ce814a7a --- /dev/null +++ b/package/lean/softethervpn5/patches/100-increase-cfg-save-intervall.patch @@ -0,0 +1,17 @@ +--- a/src/Cedar/Server.h 2018-07-21 ++++ b/src/Cedar/Server.h 2018-07-23 +@@ -138,10 +138,10 @@ extern char *SERVER_CONFIG_FILE_NAME; + #define SERVER_CONTROL_TCP_TIMEOUT (60 * 1000) + #define SERVER_FARM_CONTROL_INTERVAL (10 * 1000) + +-#define SERVER_FILE_SAVE_INTERVAL_DEFAULT (5 * 60 * 1000) +-#define SERVER_FILE_SAVE_INTERVAL_MIN (5 * 1000) +-#define SERVER_FILE_SAVE_INTERVAL_MAX (3600 * 1000) +-#define SERVER_FILE_SAVE_INTERVAL_USERMODE (1 * 60 * 1000) ++#define SERVER_FILE_SAVE_INTERVAL_DEFAULT (24 * 60 * 60 * 1000) ++#define SERVER_FILE_SAVE_INTERVAL_MIN (5 * 60 * 1000) ++#define SERVER_FILE_SAVE_INTERVAL_MAX (7 * 24 * 60 * 60 * 1000) ++#define SERVER_FILE_SAVE_INTERVAL_USERMODE (5 * 60 * 1000) + + #define SERVER_LICENSE_VIOLATION_SPAN (SERVER_FARM_CONTROL_INTERVAL * 2) + diff --git a/package/lean/softethervpn5/patches/101-add-config-write-syslog.patch b/package/lean/softethervpn5/patches/101-add-config-write-syslog.patch new file mode 100644 index 000000000..8f2ede5f9 --- /dev/null +++ b/package/lean/softethervpn5/patches/101-add-config-write-syslog.patch @@ -0,0 +1,22 @@ +--- a/src/Cedar/Server.c 2018-07-25 ++++ b/src/Cedar/Server.c 2018-07-26 +@@ -110,7 +110,7 @@ + + // Server.c + // VPN Server module +- ++#include + #include "CedarPch.h" + + static SERVER *server = NULL; +@@ -6601,6 +6601,10 @@ UINT SiWriteConfigurationFile(SERVER *s) + { + return 0; + } ++ ++ openlog("softethervpn-server", LOG_CONS | LOG_PID | LOG_NDELAY, LOG_DAEMON); ++ syslog(LOG_NOTICE, "Writing vpn_server.config (AutoSaveConfigSpan set to < %d > seconds)", (s->AutoSaveConfigSpan / 1000)); ++ closelog(); + + Lock(s->SaveCfgLock); + { diff --git a/package/lean/v2ray/Makefile b/package/lean/v2ray/Makefile new file mode 100644 index 000000000..fd888033b --- /dev/null +++ b/package/lean/v2ray/Makefile @@ -0,0 +1,109 @@ +# +# Copyright (C) 2015-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v3. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=v2ray +PKG_VERSION:=v3.47 +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) + +ifeq ($(ARCH),x86_64) + PKG_ARCH_V2RAY:=linux-64 +endif +ifeq ($(ARCH),mipsel) + PKG_ARCH_V2RAY:=linux-mipsle +endif +ifeq ($(ARCH),mips) + PKG_ARCH_V2RAY:=linux-mips +endif +ifeq ($(ARCH),i386) + PKG_ARCH_V2RAY:=linux-32 +endif +ifeq ($(ARCH),arm) + PKG_ARCH_V2RAY:=linux-arm +endif +ifeq ($(ARCH),aarch64) + PKG_ARCH_V2RAY:=linux-arm64 +endif + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=net + CATEGORY:=Network + TITLE:=V2Ray is a cross-platform proxy software + DEPENDS:= + URL:=https://github.com/v2ray/v2ray-core +endef + +define Package/$(PKG_NAME)/config +menu "V2Ray Configuration" + depends on PACKAGE_v2ray + +config PACKAGE_V2RAY_INCLUDE_V2RAY + bool "Include v2ray" + default y + +config PACKAGE_V2RAY_SOFTFLOAT + bool "Use soft-float binaries (mips/mipsle only)" + depends on PACKAGE_V2RAY_INCLUDE_V2RAY + default n + +config PACKAGE_V2RAY_INCLUDE_V2CTL + bool "Include v2ctl" + depends on PACKAGE_V2RAY_INCLUDE_V2RAY + default y + +config PACKAGE_V2RAY_INCLUDE_GEOIP + bool "Include geoip.dat" + depends on PACKAGE_V2RAY_INCLUDE_V2CTL + default n + +config PACKAGE_V2RAY_INCLUDE_GEOSITE + bool "Include geosite.dat" + depends on PACKAGE_V2RAY_INCLUDE_V2CTL + default n + +endmenu +endef + +define Package/$(PKG_NAME)/description +V2Ray is a cross-platform proxy software +endef + +define Build/Prepare + + wget https://github.com/v2ray/v2ray-core/releases/download/$(PKG_VERSION)/v2ray-$(PKG_ARCH_V2RAY).zip -O $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY).zip + unzip -o $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY).zip -d $(PKG_BUILD_DIR) +ifdef CONFIG_PACKAGE_V2RAY_SOFTFLOAT + [ -f $(PKG_BUILD_DIR)/v2ray_softfloat ] && mv $(PKG_BUILD_DIR)/v2ray_softfloat $(PKG_BUILD_DIR)/v2ray || echo "Can't find soft-float binary." + [ -f $(PKG_BUILD_DIR)/v2ctl_softfloat ] && mv $(PKG_BUILD_DIR)/v2ctl_softfloat $(PKG_BUILD_DIR)/v2ctl || echo "Can't find soft-float binary." +endif +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/usr/bin/v2ray +ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_V2RAY + $(INSTALL_BIN) $(PKG_BUILD_DIR)/v2ray $(1)/usr/bin/v2ray/ +endif +ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_V2CTL + $(INSTALL_BIN) $(PKG_BUILD_DIR)/v2ctl $(1)/usr/bin/v2ray/ +endif +ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_GEOIP + $(INSTALL_BIN) $(PKG_BUILD_DIR)/geoip.dat $(1)/usr/bin/v2ray/ +endif +ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_GEOSITE + $(INSTALL_BIN) $(PKG_BUILD_DIR)/geosite.dat $(1)/usr/bin/v2ray/ +endif +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/lean/vlmcsd/Makefile b/package/lean/vlmcsd/Makefile new file mode 100644 index 000000000..201754e82 --- /dev/null +++ b/package/lean/vlmcsd/Makefile @@ -0,0 +1,47 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=vlmcsd +PKG_VERSION:=svn1112 +PKG_RELEASE:=1 + +PKG_MAINTAINER:=fuyumi <280604399@qq.com> +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/etnperlong/vlmcsd.git +PKG_SOURCE_VERSION:=88007b3578cab6324241ae6e636d8e6503cd611c + +PKG_SOURCE_SUBDIR:=$(PKG_NAME) +PKG_SOURCE:=$(PKG_SOURCE_SUBDIR)-$(PKG_VERSION).tar.gz +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR) +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/vlmcsd + SECTION:=net + CATEGORY:=Network + TITLE:=vlmcsd for OpenWRT + URL:=http://forums.mydigitallife.info/threads/50234 + DEPENDS:=+libpthread +endef + +define Package/vlmcsd/description + vlmcsd is a KMS Emulator in C. +endef + +MAKE_FLAGS += \ + -C $(PKG_BUILD_DIR) + +define Package/vlmcsd/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vlmcsd $(1)/usr/bin/vlmcsd + #$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vlmcs $(1)/usr/bin/vlmcs + $(INSTALL_DIR) $(1)/etc + $(INSTALL_BIN) ./files/vlmcsd.ini $(1)/etc/vlmcsd.ini + #$(INSTALL_DIR) $(1)/etc/init.d + #$(INSTALL_BIN) ./files/vlmcsd.init $(1)/etc/init.d/vlmcsd +endef + +$(eval $(call BuildPackage,vlmcsd)) diff --git a/package/lean/vlmcsd/files/vlmcsd.ini b/package/lean/vlmcsd/files/vlmcsd.ini new file mode 100644 index 000000000..c69d079d1 --- /dev/null +++ b/package/lean/vlmcsd/files/vlmcsd.ini @@ -0,0 +1,59 @@ +#ePID/HwId璁剧疆涓篧indows鏄惧紡 +;55c92734-d682-4d71-983e-d6ec3f16059f = 06401-00206-271-392041-03-1033-9600.0000-3622014 / 01 02 03 04 05 06 07 08 + +#ePID璁剧疆涓篛ffice2010锛堝寘鍚玍isio鍜孭roject锛夋樉寮 +;59a52881-a989-479d-af46-f275c6370663 = 06401-00096-199-496023-03-1033-9600.0000-3622014 + +#ePID璁剧疆涓篛ffice2013锛堝寘鍚玍isio鍜孭roject锛夋樉寮 +;0ff1ce15-a989-479d-af46-f275c6370663 = 06401-00206-234-409313-03-1033-9600.0000-3622014 + +#浣跨敤鑷畾涔塗CP绔彛 +;Port = 1688 + +#鐩戝惉鎵鏈塈Pv4鍦板潃锛堥粯璁ょ鍙1688锛 +;Listen = 0.0.0.0:1688 + +#鐩戝惉鎵鏈塈Pv6鍦板潃锛堥粯璁ょ鍙1688锛 +;Listen = [::]:1688 + +#绋嬪簭鍚姩鏃堕殢鏈篹PIDs锛堝彧鏈夐偅浜涙湭鏄惧紡鎸囧畾鐨勶級 +;RandomizationLevel = 1 + +#鍦╡PIDs涓娇鐢ㄧ壒瀹氬尯鍩 (1033 = 缇庡浗鑻辫)锛屽嵆浣縠PID鏄殢鏈虹殑 +;LCID = 1033 + +#璁剧疆鏈澶4涓悓鏃跺伐浣滐紙鍒嗗弶杩涚▼鎴栫嚎绋嬶級 +;MaxWorkers = 4 + +#闂茬疆30绉掑悗鏂紑鐢ㄦ埛 +;ConnectionTimeout = 30 + +#姣忔璇锋眰鍚庣珛鍗虫柇寮瀹㈡埛绔 +;DisconnectClientsImmediately = yes + +#鍐欎竴涓猵id鏂囦欢锛堝寘鍚玽lmcsd鐨勮繘绋婭D鐨勬枃浠讹級 +;PidFile = /var/run/vlmcsd.pid + +#鍐欐棩蹇楀埌/var/log/vlmcsd.log +;LogFile = /var/log/vlmcsd.log + +#鍒涘缓璇︾粏鏃ュ織 +;LogVerbose = true + +#璁剧疆婵娲婚棿闅2灏忔椂 +;ActivationInterval = 2h + +#璁剧疆鏇存柊闂撮殧7澶 +;RenewalInterval = 7d + +#杩愯绋嬪簭鐨勭敤鎴蜂负vlmcsduser +;user = vlmcsduser + +#杩愯绋嬪簭鐨勭粍涓簐lmcsdgroup +;group = vlmcsdgroup + +#绂佺敤鎴栧惎鐢≧PC鐨凬DR64浼犺緭璇硶锛堥粯璁ゅ惎鐢級 +;UseNDR64 = true + +#绂佺敤鎴栧惎鐢≧PC鐨勭粦瀹氭椂闂寸壒鎬у崗鍟嗭紙榛樿鍚敤锛 +;UseBTFN = true diff --git a/package/lean/vlmcsd/files/vlmcsd.init b/package/lean/vlmcsd/files/vlmcsd.init new file mode 100644 index 000000000..fe628d708 --- /dev/null +++ b/package/lean/vlmcsd/files/vlmcsd.init @@ -0,0 +1,37 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2011-2015 OpenWrt.org + +START=90 + +start(){ + if [ ! -f "/tmp/vlmcsd.pid" ]; then + /usr/bin/vlmcsd -i /etc/vlmcsd.ini -p /tmp/vlmcsd.pid -L 0.0.0.0:1688 + iptables -D input_rule -p tcp --dport 1688 -j ACCEPT + iptables -A input_rule -p tcp --dport 1688 -j ACCEPT + sed -i '/## luci-app-vlmcsd/d' /etc/firewall.user + echo "iptables -A input_rule -p tcp --dport 1688 -j ACCEPT ## luci-app-vlmcsd" >> /etc/firewall.user + echo "KMS Server has started." + else + echo "KMS Server has already started." + fi +} + +stop(){ + if [ ! -f "/tmp/vlmcsd.pid" ]; then + echo "KMS Server is not running." + else + pid=`cat /tmp/vlmcsd.pid` + kill $pid + rm -f /tmp/vlmcsd.pid + iptables -D input_rule -p tcp --dport 1688 -j ACCEPT + sed -i '/## luci-app-vlmcsd/d' /etc/firewall.user + echo "KMS Server has stopped." + fi +} + +restart(){ + stop + sleep 2 + start + echo "KMS Server has restarted." +} diff --git a/package/lean/vsftpd-alt/Makefile b/package/lean/vsftpd-alt/Makefile new file mode 100644 index 000000000..d94026d85 --- /dev/null +++ b/package/lean/vsftpd-alt/Makefile @@ -0,0 +1,113 @@ +# +# Copyright (C) 2006-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=vsftpd-alt +PKG_VERSION:=3.0.3 +PKG_RELEASE:=5 + +PKG_SOURCE:=vsftpd-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://security.appspot.com/downloads/ +PKG_MD5SUM:=da119d084bd3f98664636ea05b5bb398 +PKG_LICENSE:=GPLv2 + +BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_BUILD_DIR:=$(BUILD_DIR)/vsftpd-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +define Package/vsftpd-alt/Default + SUBMENU:=File Transfer + SECTION:=net + CATEGORY:=Network + TITLE:=A fast and secure FTP server (with aio support) + URL:=http://vsftpd.beasts.org/ + MAINTAINER:=Cezary Jackiewicz + DEPENDS=+libuci + #+PACKAGE_libpam:libpam +endef + +define Package/vsftpd-alt/conffiles +/etc/vsftpd.conf +endef + +#EXTRA_LDFLAGS:= -lcrypt -lcrypto -lssl + +define Package/vsftpd-alt/config +config VSFTPD_USE_UCI_SCRIPTS + bool "Uses UCI scripts" + depends on PACKAGE_vsftpd-alt + default y +#config VSFTPD_ENABLE_AIO +# bool "Enable async I/O (Currently Buggy)" +# depends on PACKAGE_vsftpd-alt +# default n +endef + +ifneq ($(CONFIG_USE_MUSL),) + NLSSTRING:=-lcrypt +else + NLSSTRING:=-lcrypt -lnsl +endif + +TARGET_CFLAGS += -D_GNU_SOURCE -include fcntl.h + +#ifdef CONFIG_PACKAGE_libpam +# EXTRA_LDFLAGS += -lpam +#endif + +#ifeq ($(CONFIG_VSFTPD_ENABLE_AIO),y) +#define Package/vsftpd-alt +#$(call Package/vsftpd-alt/Default) +# DEPENDS=+PACKAGE_libpam:libpam +libopenssl +libuci +libaio +#endef +# EXTRA_LDFLAGS += -laio +# EXTRA_CFLAGS += -DVSFTPD_ASYNC_IO +#else +define Package/vsftpd-alt +$(call Package/vsftpd-alt/Default) +endef +#endif + + +define Build/Compile + $(SED) 's/-lcrypt -lnsl/$(NLSSTRING)/' $(PKG_BUILD_DIR)/Makefile + $(MAKE) -C $(PKG_BUILD_DIR) \ + CC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + vsftpd +endef + +ifeq ($(CONFIG_VSFTPD_USE_UCI_SCRIPTS),y) +define Package/vsftpd-alt/install +$(call Package/vsftpd-alt/install/default, $(1)) + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/config +ifdef CONFIG_PACKAGE_libpam + $(INSTALL_DIR) $(1)/etc/pam.d +endif + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/vsftpd $(1)/usr/sbin + $(INSTALL_BIN) ./files/vsftpd-uci.init $(1)/etc/init.d/vsftpd + $(INSTALL_BIN) ./files/vsftpd.uci $(1)/etc/config/vsftpd + $(INSTALL_BIN) ./files/vsftpd_wrapper $(1)/usr/sbin + $(INSTALL_BIN) ./files/vsftpd_prepare $(1)/usr/sbin +endef +else +define Package/vsftpd-alt/install +$(call Package/vsftpd-alt/install/default, $(1)) + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_CONF) ./files/vsftpd.conf $(1)/etc/vsftpd.conf + $(INSTALL_BIN) ./files/vsftpd.init $(1)/etc/init.d/vsftpd + $(INSTALL_BIN) $(PKG_BUILD_DIR)/vsftpd $(1)/usr/sbin +endef +endif + +$(eval $(call BuildPackage,vsftpd-alt)) diff --git a/package/lean/vsftpd-alt/files/vsftpd-uci.init b/package/lean/vsftpd-alt/files/vsftpd-uci.init new file mode 100644 index 000000000..a5af8b79b --- /dev/null +++ b/package/lean/vsftpd-alt/files/vsftpd-uci.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2011 OpenWrt.org + +START=50 + +start() { + /usr/sbin/vsftpd_prepare + service_start /usr/sbin/vsftpd_wrapper ipv4 + service_start /usr/sbin/vsftpd_wrapper ipv6 +} + +stop() { + service_stop /usr/sbin/vsftpd +} diff --git a/package/lean/vsftpd-alt/files/vsftpd.conf b/package/lean/vsftpd-alt/files/vsftpd.conf new file mode 100644 index 000000000..7d46506e9 --- /dev/null +++ b/package/lean/vsftpd-alt/files/vsftpd.conf @@ -0,0 +1,30 @@ +background=YES +listen=YES +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +check_shell=NO +#dirmessage_enable=YES +#ftpd_banner=Welcome to blah FTP service. +session_support=NO +#syslog_enable=YES +#userlist_enable=YES +#userlist_deny=NO +#userlist_file=/etc/vsftpd.users +#xferlog_enable=YES +#xferlog_file=/var/log/vsftpd.log +#xferlog_std_format=YES +### +### TLS/SSL options +### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/config/vsftpd_privkey.pem -out /etc/config/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt" +#ssl_enable=YES +#allow_anon_ssl=NO +#force_local_data_ssl=NO +#force_local_logins_ssl=NO +#ssl_tlsv1=YES +#ssl_sslv2=NO +#ssl_sslv3=NO +#rsa_cert_file=/etc/config/vsftpd_cert.pem +#rsa_private_key_file=/etc/config/vsftpd_privkey.pem + diff --git a/package/lean/vsftpd-alt/files/vsftpd.init b/package/lean/vsftpd-alt/files/vsftpd.init new file mode 100644 index 000000000..ad3e23da5 --- /dev/null +++ b/package/lean/vsftpd-alt/files/vsftpd.init @@ -0,0 +1,13 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2011 OpenWrt.org + +START=50 + +start() { + mkdir -m 0755 -p /var/run/vsftpd + service_start /usr/sbin/vsftpd +} + +stop() { + service_stop /usr/sbin/vsftpd +} diff --git a/package/lean/vsftpd-alt/files/vsftpd.uci b/package/lean/vsftpd-alt/files/vsftpd.uci new file mode 100644 index 000000000..e856c16dc --- /dev/null +++ b/package/lean/vsftpd-alt/files/vsftpd.uci @@ -0,0 +1,50 @@ + +config listen 'listen' + option enable4 '1' + option ipv4 '0.0.0.0' + option enable6 '0' + option ipv6 '::1' + option port '21' + option dataport '20' + +config local 'local' + option enabled '1' + +config global 'global' + option write '1' + option download '1' + option dotfile '0' + option umask '022' + option dirlist '1' + option dirmsgfile '.message' + +config connection 'connection' + option portmode '1' + option pasvmode '1' + option ascii 'both' + option idletimeout '1800' + option conntimeout '120' + option dataconntimeout '120' + option maxclient '0' + option maxperip '0' + option maxrate '0' + option maxretry '3' + +config anonymous 'anonymous' + option enabled '0' + option username 'ftp' + option root '/home/ftp' + option umask '022' + option writemkdir '0' + option upload '0' + option others '0' + option maxrate '0' + +config log 'log' + option syslog '0' + option xreflog '1' + option file '/var/log/vsftpd.log' + +config vuser 'vuser' + option enabled '0' + option username 'ftp' diff --git a/package/lean/vsftpd-alt/files/vsftpd_prepare b/package/lean/vsftpd-alt/files/vsftpd_prepare new file mode 100755 index 000000000..622671966 --- /dev/null +++ b/package/lean/vsftpd-alt/files/vsftpd_prepare @@ -0,0 +1,253 @@ +#!/bin/sh +# Copyright (C) 2005-2016 Weijie Gao + +. $IPKG_INSTROOT/lib/functions.sh + +output_field() +{ + local UCI_SECTION=$1 + local KEY=$2 + local INIFIELD=$3 + local DEFVALUE=$4 + local value + + if [ -z "$INIFIELD" ]; then INIFIELD=$KEY; fi + + config_get value "$UCI_SECTION" "$KEY" + if [ -z "$value" ]; then value=$DEFVALUE; fi + + echo "$INIFIELD=$value" >> $CONF +} + +output_bool() +{ + local UCI_SECTION=$1 + local KEY=$2 + local INIFIELD=$3 + local DEFVALUE=$4 + local value + + if [ -z "$INIFIELD" ]; then INIFIELD=$KEY; fi + + config_get value "$UCI_SECTION" "$KEY" + if [ -z "$value" ]; then value=$DEFVALUE; fi + if [ x"$value" != x0 ] && [ x"$value" != x1 ]; then value=0; fi + + if [ "$value" == 0 ]; then + value=NO + else + value=YES + fi + + echo "$INIFIELD=$value" >> $CONF +} + +output_const() +{ + local INIFIELD=$1 + local value=$2 + + echo "$INIFIELD=$value" >> $CONF +} + +get_value() +{ + local UCI_SECTION=$1 + local KEY=$2 + local value + + config_get value "$UCI_SECTION" "$KEY" + + echo $value +} + +vusers_iterate() +{ + local config=$1 + local name + local password + local owner + local home + local _umask + local maxrate + local write_enable + local upload_enable + local mkdir_enable + local others_enable + + config_get name "$config" username + config_get password "$config" password + config_get home "$config" home + config_get _umask "$config" "umask" + config_get maxrate "$config" maxrate + config_get write_enable "$config" writemkdir + config_get upload_enable "$config" upload + config_get others_enable "$config" others + + config_get owner "vuser" username + + rm -f $VUSER_CONF_DIR/$name + touch $VUSER_CONF_DIR/$name + + if [ -z $home ]; then home=$CHROOT_DIR; fi + + echo "local_root=$home" >> $VUSER_CONF_DIR/$name + + if [ x$write_enable = x1 ]; then write_enable=YES; else write_enable=NO; fi + if [ x$upload_enable = x1 ]; then upload_enable=YES; else upload_enable=NO; fi + if [ x$others_enable = x1 ]; then others_enable=YES; else others_enable=NO; fi + if [ -z $_umask ]; then _umask=022; fi + if [ -z $maxrate ]; then maxrate=0; fi + + echo "anon_world_readable_only=NO" >> $VUSER_CONF_DIR/$name + echo "anon_mkdir_write_enable=$write_enable" >> $VUSER_CONF_DIR/$name + echo "write_enable=$write_enable" >> $VUSER_CONF_DIR/$name + echo "anon_upload_enable=$upload_enable" >> $VUSER_CONF_DIR/$name + echo "anon_other_write_enable=$others_enable" >> $VUSER_CONF_DIR/$name + echo "anon_umask=$_umask" >> $VUSER_CONF_DIR/$name + echo "anon_max_rate=$maxrate" >> $VUSER_CONF_DIR/$name + + if ! [ -d "$home" ]; then + mkdir -p $home + chown $owner:$owner $home + chmod -R a+w $home + fi +} + +VAR=/var/run/vsftpd +CONF=$VAR/vsftpd.conf +VUSER_DB=$VAR/vusers +VUSER_CONF_DIR=$VAR/users +CHROOT_DIR=$VAR/empty + +rm -f $CONF +rm -rf $VUSER_CONF_DIR $CHROOT_DIR + +mkdir -m 0755 -p $VAR +mkdir -p $VUSER_CONF_DIR +mkdir -p $CHROOT_DIR + +config_load vsftpd + +# listen +output_const "background" YES +output_field listen port "listen_port" 21 +output_field listen dataport "ftp_data_port" 20 + +# global +output_bool global 'write' "write_enable" 1 +output_bool global download "download_enable" 1 +output_bool global dirlist "dirlist_enable" 1 +output_bool global lsrecurse "ls_recurse_enable" +output_bool global dotfile "force_dot_files" +output_field global 'umask' "local_umask" 022 + +ftpd_banner=`get_value global ftpd_banner` +if ! [ -z $ftpd_banner ]; then + output_const "ftpd_banner" $ftpd_banner +fi + +output_bool global dirmessage "dirmessage_enable" +output_field global dirmsgfile "message_file" ".message" + +# connection +output_bool connection portmode "port_enable" 1 +output_bool connection pasvmode "pasv_enable" 1 + +ascii_download_enable=NO +ascii_upload_enable=NO +case `get_value connection ascii` in +download) + ascii_download_enable=YES +;; +upload) + ascii_upload_enable=YES +;; +both) + ascii_download_enable=YES + ascii_upload_enable=YES +esac +output_const "ascii_download_enable" $ascii_download_enable +output_const "ascii_upload_enable" $ascii_upload_enable + +output_field connection idletimeout "idle_session_timeout" 1800 +output_field connection conntimeout "connect_timeout" 120 +output_field connection dataconntimeout "data_connection_timeout" 120 +output_field connection maxclient "max_clients" 0 +output_field connection maxperip "max_per_ip" 0 +output_field connection maxrate "local_max_rate" 0 + +max_login_fails=`get_value connection maxretry` +if [ -z $max_login_fails ] || [ $max_login_fails -lt 1 ]; then max_login_fails=3; fi +output_const "max_login_fails" $max_login_fails + +# anonymous +ftp_username=`get_value anonymous ftp_username` +if [ -z $ftp_username ]; then ftp_username="ftp"; fi +output_const "ftp_username" $ftp_username + +mkdir -m 0755 -p /home/$ftp_username +chown $ftp_username:$ftp_username /home/$ftp_username + +output_const "anon_world_readable_only" NO + +anon_enable=`get_value anonymous enabled` +if [ x$anon_enable = x1 ]; then + anon_root=`get_value anonymous root` + if [ -z $anon_root ]; then anon_root="/home/ftp"; fi + + output_const "anonymous_enable" YES + output_const "no_anon_password" YES + output_const "anon_root" $anon_root + output_field anonymous 'umask' "anon_umask" 022 + output_field anonymous maxrate "anon_max_rate" 0 + output_bool anonymous writemkdir "anon_mkdir_write_enable" 0 + output_bool anonymous upload "anon_upload_enable" 0 + output_bool anonymous others "anon_other_write_enable" 0 + + mkdir -p $anon_root + chown -R $ftp_username:$ftp_username $anon_root +else + output_const "anonymous_enable" NO +fi + +# log +output_bool log syslog "syslog_enable" 0 +output_bool log xreflog "xferlog_enable" 0 +output_field log 'file' "vsftpd_log_file" 0 + +# users +vuser_enabled=0 +if [ x`get_value vuser enabled` = x1 ]; then + vuser_enabled=1 + + output_const "guest_enable" YES + output_field vuser username "guest_username" ftp + + output_const "uci_config_name" vsftpd + output_const "user_config_dir" "/var/run/vsftpd/users" + + config_foreach vusers_iterate user +fi + +# local user +output_const "allow_writeable_chroot" YES +output_const "secure_chroot_dir" $CHROOT_DIR + +local_root=$(get_value 'local' root) +if ! [ -z $local_root ]; then + output_const "local_root" $local_root +fi + +local_enable=`get_value 'local' enabled` +if [ x$local_enable = x1 ]; then + output_const "local_enable" YES +else + if [ $vuser_enabled = 1 ]; then + output_const "local_enable" YES + else + output_const "local_enable" NO + fi +fi + +exit 0 diff --git a/package/lean/vsftpd-alt/files/vsftpd_wrapper b/package/lean/vsftpd-alt/files/vsftpd_wrapper new file mode 100755 index 000000000..73a2ef4ea --- /dev/null +++ b/package/lean/vsftpd-alt/files/vsftpd_wrapper @@ -0,0 +1,49 @@ +#!/bin/sh +# Copyright (C) 2005-2016 Weijie Gao + +. $IPKG_INSTROOT/lib/functions.sh + +VAR=/var/run/vsftpd +CONF=$VAR/vsftpd.conf +listen_addr= +enabled= +param="" +listen4= +listen6= +protocol=$1 + +config_load vsftpd + +if ! [ -f $CONF ]; then + echo "/usr/bin/vsftpd_prepare must be executed before this script" + exit 1 +fi + +case $protocol in +ipv6) + config_get enabled listen enable6 + + if [ x$enabled != x1 ]; then exit 0; fi + + config_get listen_addr listen ipv6 + param="6" + listen4="-olisten=NO" + listen6="-olisten_ipv6=YES" + + if [ -z $listen_addr ]; then listen_addr="::"; fi +;; +*) + config_get enabled listen enable4 + + if [ x$enabled != x1 ]; then exit 0; fi + + config_get listen_addr listen ipv4 + listen4="-olisten=YES" + listen6="-olisten_ipv6=NO" + + if [ -z $listen_addr ]; then listen_addr="0.0.0.0"; fi +esac + +exec /usr/sbin/vsftpd "-olisten_address${param}=${listen_addr}" ${listen4} ${listen6} $CONF + +exit 1 diff --git a/package/lean/vsftpd-alt/patches/001-destdir.patch b/package/lean/vsftpd-alt/patches/001-destdir.patch new file mode 100644 index 000000000..b0274ac86 --- /dev/null +++ b/package/lean/vsftpd-alt/patches/001-destdir.patch @@ -0,0 +1,47 @@ +--- a/Makefile ++++ b/Makefile +@@ -22,6 +22,8 @@ OBJS = main.o utility.o prelogin.o ftpcm + seccompsandbox.o + + ++DESTDIR = ++ + .c.o: + $(CC) -c $*.c $(CFLAGS) $(IFLAGS) + +@@ -29,21 +31,20 @@ vsftpd: $(OBJS) + $(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS) + + install: +- if [ -x /usr/local/sbin ]; then \ +- $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \ +- else \ +- $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi +- if [ -x /usr/local/man ]; then \ +- $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \ +- $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \ +- elif [ -x /usr/share/man ]; then \ +- $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \ +- $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \ +- else \ +- $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \ +- $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi +- if [ -x /etc/xinetd.d ]; then \ +- $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi ++ mkdir -p $(DESTDIR)/usr/sbin ++ $(INSTALL) -m 755 vsftpd $(DESTDIR)/usr/sbin/ ++ mkdir -p $(DESTDIR)/usr/share/man/man8 ++ $(INSTALL) -m 644 vsftpd.8 $(DESTDIR)/usr/share/man/man8/ ++ mkdir -p $(DESTDIR)/usr/share/man/man5 ++ $(INSTALL) -m 644 vsftpd.conf.5 $(DESTDIR)/usr/share/man/man5/ ++ mkdir -p $(DESTDIR)/etc/xinetd.d ++ $(INSTALL) -m 644 xinetd.d/vsftpd $(DESTDIR)/etc/xinetd.d/ ++ ++uninstall: ++ rm -f $(DESTDIR)/usr/sbin/vsftpd ++ rm -f $(DESTDIR)/usr/share/man/man8/vsftpd.8 ++ rm -f $(DESTDIR)/usr/share/man/man5/vsftpd.conf.5 ++ rm -f $(DESTDIR)/etc/xinetd.d/vsftpd + + clean: + rm -f *.o *.swp vsftpd diff --git a/package/lean/vsftpd-alt/patches/002-find_libs.patch b/package/lean/vsftpd-alt/patches/002-find_libs.patch new file mode 100644 index 000000000..4e95248ce --- /dev/null +++ b/package/lean/vsftpd-alt/patches/002-find_libs.patch @@ -0,0 +1,13 @@ +--- a/Makefile ++++ b/Makefile +@@ -8,8 +8,8 @@ CFLAGS = -O2 -fPIE -fstack-protector --p + -D_FORTIFY_SOURCE=2 \ + #-pedantic -Wconversion + +-LIBS = `./vsf_findlibs.sh` +-LINK = -Wl,-s ++LIBS = -lcrypt -lnsl -luci ++LINK = + LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now + + OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ diff --git a/package/lean/vsftpd-alt/patches/003-chroot.patch b/package/lean/vsftpd-alt/patches/003-chroot.patch new file mode 100644 index 000000000..8965da417 --- /dev/null +++ b/package/lean/vsftpd-alt/patches/003-chroot.patch @@ -0,0 +1,11 @@ +--- a/tunables.c ++++ b/tunables.c +@@ -254,7 +254,7 @@ tunables_load_defaults() + /* -rw------- */ + tunable_chown_upload_mode = 0600; + +- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); ++ install_str_setting("/var/run/vsftpd", &tunable_secure_chroot_dir); + install_str_setting("ftp", &tunable_ftp_username); + install_str_setting("root", &tunable_chown_username); + install_str_setting("/var/log/xferlog", &tunable_xferlog_file); diff --git a/package/lean/vsftpd-alt/patches/004-disable-capabilities.patch b/package/lean/vsftpd-alt/patches/004-disable-capabilities.patch new file mode 100644 index 000000000..7aa6330b8 --- /dev/null +++ b/package/lean/vsftpd-alt/patches/004-disable-capabilities.patch @@ -0,0 +1,12 @@ +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -165,6 +165,9 @@ + #endif + /* END config */ + ++#undef VSF_SYSDEP_HAVE_CAPABILITIES ++#undef VSF_SYSDEP_HAVE_LIBCAP ++ + /* PAM support - we include our own dummy version if the system lacks this */ + #include + diff --git a/package/lean/vsftpd-alt/patches/005-disable-pam.patch b/package/lean/vsftpd-alt/patches/005-disable-pam.patch new file mode 100644 index 000000000..ebb72447f --- /dev/null +++ b/package/lean/vsftpd-alt/patches/005-disable-pam.patch @@ -0,0 +1,11 @@ +--- a/builddefs.h ++++ b/builddefs.h +@@ -2,7 +2,7 @@ + #define VSF_BUILDDEFS_H + + #undef VSF_BUILD_TCPWRAPPERS +-#define VSF_BUILD_PAM ++#undef VSF_BUILD_PAM + #undef VSF_BUILD_SSL + + #endif /* VSF_BUILDDEFS_H */ diff --git a/package/lean/vsftpd-alt/patches/006-musl-compatibility.patch b/package/lean/vsftpd-alt/patches/006-musl-compatibility.patch new file mode 100644 index 000000000..9eefec79d --- /dev/null +++ b/package/lean/vsftpd-alt/patches/006-musl-compatibility.patch @@ -0,0 +1,13 @@ +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -58,7 +58,9 @@ + #define VSF_SYSDEP_HAVE_SHADOW + #define VSF_SYSDEP_HAVE_USERSHELL + #define VSF_SYSDEP_HAVE_LIBCAP +-#define VSF_SYSDEP_HAVE_UTMPX ++#if defined(__GLIBC__) || defined(__UCLIBC__) ++ #define VSF_SYSDEP_HAVE_UTMPX ++#endif + + #define __USE_GNU + #include diff --git a/package/lean/vsftpd-alt/patches/007-CVE-2015-1419.patch b/package/lean/vsftpd-alt/patches/007-CVE-2015-1419.patch new file mode 100644 index 000000000..173027a1d --- /dev/null +++ b/package/lean/vsftpd-alt/patches/007-CVE-2015-1419.patch @@ -0,0 +1,98 @@ +Description: CVE-2015-1419: config option deny_file is not handled correctly +Author: Marcus Meissner +Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922 +Last-Update: 2015-02-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/ls.c ++++ b/ls.c +@@ -7,6 +7,7 @@ + * Would you believe, code to handle directory listing. + */ + ++#include + #include "ls.h" + #include "access.h" + #include "defs.h" +@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct + struct mystr temp_str = INIT_MYSTR; + struct mystr brace_list_str = INIT_MYSTR; + struct mystr new_filter_str = INIT_MYSTR; ++ struct mystr normalize_filename_str = INIT_MYSTR; ++ const char *normname; ++ const char *path; + int ret = 0; + char last_token = 0; + int must_match_at_current_pos = 1; ++ + str_copy(&filter_remain_str, p_filter_str); +- str_copy(&name_remain_str, p_filename_str); ++ ++ /* normalize filepath */ ++ path = str_strdup(p_filename_str); ++ normname = realpath(path, NULL); ++ if (normname == NULL) ++ goto out; ++ str_alloc_text(&normalize_filename_str, normname); ++ ++ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) { ++ if (str_get_char_at(p_filter_str, 0) == '/') { ++ if (str_get_char_at(&normalize_filename_str, 0) != '/') { ++ str_getcwd (&name_remain_str); ++ ++ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ ++ str_append_char (&name_remain_str, '/'); ++ ++ str_append_str (&name_remain_str, &normalize_filename_str); ++ } ++ else ++ str_copy (&name_remain_str, &normalize_filename_str); ++ } else { ++ if (str_get_char_at(p_filter_str, 0) != '{') ++ str_basename (&name_remain_str, &normalize_filename_str); ++ else ++ str_copy (&name_remain_str, &normalize_filename_str); ++ } ++ } else ++ str_copy(&name_remain_str, &normalize_filename_str); + + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) + { +@@ -360,6 +392,9 @@ vsf_filename_passes_filter(const struct + ret = 0; + } + out: ++ free(normname); ++ free(path); ++ str_free(&normalize_filename_str); + str_free(&filter_remain_str); + str_free(&name_remain_str); + str_free(&temp_str); +--- a/str.c ++++ b/str.c +@@ -711,3 +711,14 @@ str_replace_unprintable(struct mystr* p_ + } + } + ++void ++str_basename (struct mystr* d_str, const struct mystr* path) ++{ ++ static struct mystr tmp; ++ ++ str_copy (&tmp, path); ++ str_split_char_reverse(&tmp, d_str, '/'); ++ ++ if (str_isempty(d_str)) ++ str_copy (d_str, path); ++} +--- a/str.h ++++ b/str.h +@@ -100,6 +100,7 @@ void str_replace_unprintable(struct myst + int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); ++void str_basename (struct mystr* d_str, const struct mystr* path); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will diff --git a/package/lean/vsftpd-alt/patches/100-add-uci-auth-support.patch b/package/lean/vsftpd-alt/patches/100-add-uci-auth-support.patch new file mode 100644 index 000000000..3b805645d --- /dev/null +++ b/package/lean/vsftpd-alt/patches/100-add-uci-auth-support.patch @@ -0,0 +1,127 @@ +--- a/parseconf.c ++++ b/parseconf.c +@@ -178,6 +178,7 @@ + { "rsa_private_key_file", &tunable_rsa_private_key_file }, + { "dsa_private_key_file", &tunable_dsa_private_key_file }, + { "ca_certs_file", &tunable_ca_certs_file }, ++ { "uci_config_name", &tunable_uci_config_name }, + { "cmds_denied", &tunable_cmds_denied }, + { 0, 0 } + }; +--- a/sysdeputil.c ++++ b/sysdeputil.c +@@ -175,6 +175,8 @@ + #include + #include + #include ++/* Include uci headers */ ++#include + #endif + + /* Prefer libcap based capabilities over raw syscall capabilities */ +@@ -237,14 +239,24 @@ + void vsf_remove_uwtmp(void); + + #ifndef VSF_SYSDEP_HAVE_PAM ++static int ++vsf_sysdep_check_auth_uci(struct mystr* p_user_str, ++ const struct mystr* p_pass_str); ++ + int + vsf_sysdep_check_auth(struct mystr* p_user_str, + const struct mystr* p_pass_str, + const struct mystr* p_remote_host) + { + const char* p_crypted; +- const struct passwd* p_pwd = getpwnam(str_getbuf(p_user_str)); ++ const struct passwd* p_pwd; + (void) p_remote_host; ++ ++ /* Try UCI first */ ++ if (vsf_sysdep_check_auth_uci(p_user_str, p_pass_str)) ++ return 1; ++ ++ p_pwd = getpwnam(str_getbuf(p_user_str)); + if (p_pwd == NULL) + { + return 0; +@@ -300,6 +312,51 @@ + return 0; + } + ++static int ++vsf_sysdep_check_auth_uci(struct mystr* p_user_str, ++ const struct mystr* p_pass_str) ++{ ++ struct uci_context *uctx; ++ struct uci_package *pkg = NULL; ++ struct uci_element *e = NULL; ++ struct uci_section *s; ++ const char *user, *passwd; ++ int ret = 0; ++ ++ if (!tunable_uci_config_name) ++ return 0; ++ ++ uctx = uci_alloc_context(); ++ if (!uctx) ++ return 0; ++ ++ if (uci_load(uctx, tunable_uci_config_name, &pkg) != UCI_OK) ++ goto cleanup; ++ ++ uci_foreach_element(&pkg->sections, e) ++ { ++ s = uci_to_section(e); ++ if (!(user = uci_lookup_option_string(uctx, s, "username"))) ++ continue; ++ if (vsf_sysutil_strcmp(user, str_getbuf(p_user_str))) ++ continue; ++ if (!(passwd = uci_lookup_option_string(uctx, s, "password"))) ++ continue; ++ if (!vsf_sysutil_strcmp(passwd, str_getbuf(p_pass_str))) ++ { ++ ret = 1; ++ break; ++ } ++ } ++ ++cleanup: ++ if (pkg) ++ uci_unload(uctx, pkg); ++ uci_free_context(uctx); ++ ++ return ret; ++} ++ + #else /* VSF_SYSDEP_HAVE_PAM */ + + #if (defined(__sun) || defined(__hpux)) && \ +--- a/tunables.c ++++ b/tunables.c +@@ -142,6 +142,7 @@ + const char* tunable_rsa_private_key_file; + const char* tunable_dsa_private_key_file; + const char* tunable_ca_certs_file; ++const char* tunable_uci_config_name; + + static void install_str_setting(const char* p_value, const char** p_storage); + +@@ -288,6 +289,7 @@ + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); ++ install_str_setting(0, &tunable_uci_config_name); + } + + void +--- a/tunables.h ++++ b/tunables.h +@@ -144,6 +144,7 @@ + extern const char* tunable_rsa_private_key_file; + extern const char* tunable_dsa_private_key_file; + extern const char* tunable_ca_certs_file; ++extern const char* tunable_uci_config_name; + extern const char* tunable_cmds_denied; + + #endif /* VSF_TUNABLES_H */ diff --git a/package/lean/vsftpd-alt/patches/101-enable-chroot-on-writable-dir.patch b/package/lean/vsftpd-alt/patches/101-enable-chroot-on-writable-dir.patch new file mode 100644 index 000000000..c7a6b05fd --- /dev/null +++ b/package/lean/vsftpd-alt/patches/101-enable-chroot-on-writable-dir.patch @@ -0,0 +1,14 @@ +--- a/secutil.c ++++ b/secutil.c +@@ -135,10 +135,12 @@ + if ((options & VSF_SECUTIL_OPTION_CHROOT) && + !(options & VSF_SECUTIL_OPTION_ALLOW_WRITEABLE_ROOT)) + { ++ /* + if (vsf_sysutil_write_access("/")) + { + die("vsftpd: refusing to run with writable root inside chroot()"); + } ++ */ + } + } diff --git a/package/lean/vsftpd-alt/patches/102-keep-local-user-rights.patch b/package/lean/vsftpd-alt/patches/102-keep-local-user-rights.patch new file mode 100644 index 000000000..f5ee25d76 --- /dev/null +++ b/package/lean/vsftpd-alt/patches/102-keep-local-user-rights.patch @@ -0,0 +1,11 @@ +--- a/twoprocess.c ++++ b/twoprocess.c +@@ -426,7 +426,7 @@ + */ + vsf_set_die_if_parent_dies(); + priv_sock_set_child_context(p_sess); +- if (tunable_guest_enable && !anon) ++ if (tunable_guest_enable && !anon && !str_getpwnam(p_user_str)) + { + p_sess->is_guest = 1; + /* Remap to the guest user */