From ef6133ce6cc9a6008f4eccde984651155845f096 Mon Sep 17 00:00:00 2001 From: LEAN-ESX Date: Sun, 29 Sep 2019 19:36:22 -0700 Subject: [PATCH] luci ssr plus: add port control --- package/lean/luci-app-ssr-plus/Makefile | 2 +- .../luasrc/model/cbi/shadowsocksr/client.lua | 5 ++++ .../luci-app-ssr-plus/po/zh-cn/ssr-plus.po | 9 +++++++ .../root/etc/init.d/shadowsocksr | 8 ++++++ .../luci-app-ssr-plus/root/usr/bin/ssr-rules | 25 ++++++++++++------- package/network/utils/iwinfo/Makefile | 8 +++--- 6 files changed, 43 insertions(+), 14 deletions(-) diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile index d957852ce..05d3750ec 100644 --- a/package/lean/luci-app-ssr-plus/Makefile +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ssr-plus PKG_VERSION:=1 -PKG_RELEASE:=99 +PKG_RELEASE:=100 PKG_CONFIG_DEPENDS:= CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray \ diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua index f2f1b74d0..db3e50447 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua @@ -59,6 +59,11 @@ o:value("all", translate("Global Mode")) o:value("oversea", translate("Oversea Mode")) o.default = gfw +o = s:option(ListValue, "dports", translate("Proxy Ports")) +o:value("1", translate("All Ports")) +o:value("2", translate("Only Common Ports")) +o.default = 1 + o = s:option(ListValue, "pdnsd_enable", translate("Resolve Dns Mode")) o:value("1", translate("Use Pdnsd tcp query and cache")) o:value("0", translate("Use Local DNS Service listen port 5335")) diff --git a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po index 56da600a0..ac7590ba4 100644 --- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po +++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po @@ -499,3 +499,12 @@ msgstr "4 线程" msgid "8 Threads" msgstr "8 线程" + +msgid "Proxy Ports" +msgstr "需要代理的端口" + +msgid "All Ports" +msgstr "所有端口(默认)" + +msgid "Only Common Ports" +msgstr "仅常用端口(不走P2P流量到代理)" diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index 3e3bb8a4e..bb8a6f75e 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -188,6 +188,12 @@ start_rules() { gfwmode="-z" fi + local dports=$(uci_get_by_type global dports 1) + if [ $dports = "1" ] ;then + proxyport=" " + else + proxyport="-m multiport --dports 22,53,80,443 " + fi /usr/bin/ssr-rules \ -s "$server" \ @@ -200,6 +206,7 @@ start_rules() { -w "$(uci_get_by_type access_control wan_fw_ips)" \ -p "$(uci_get_by_type access_control lan_fp_ips)" \ -G "$(uci_get_by_type access_control lan_gm_ips)" \ + -D "$proxyport" \ $(get_arg_out) $gfwmode $ARG_UDP return $? @@ -474,6 +481,7 @@ start() { GLOBAL_SERVER=$switch_server switch_enable=1 fi + if rules ;then start_redir diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules index 463f52b41..d30b3d569 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -28,6 +28,7 @@ usage() { -w wan ip of will be forwarded -p lan ip of will be global proxy -G lan ip of will be game mode proxy + -D proxy ports -e extra options for iptables -o apply the rules to the OUTPUT chain -O apply the global rules to the OUTPUT chain @@ -71,6 +72,9 @@ flush_r() { } ipset_r() { + ipset -N gmlan hash:net 2>/dev/null + for ip in $LAN_GM_IP; do ipset -! add gmlan $ip ; done + if [ "$RUNMODE" = "router" ] ;then ipset -! -R <<-EOF || return 1 create ss_spec_wan_ac hash:net @@ -88,8 +92,6 @@ EOF for ip in $WAN_FW_IP; do ipset -! add gfwlist $ip ; done $IPT -N SS_SPEC_WAN_AC $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW - ipset -N gmlan hash:net 2>/dev/null - for ip in $LAN_GM_IP; do ipset -! add gmlan $ip ; done $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN $IPT -I SS_SPEC_WAN_AC -d $server -j RETURN @@ -126,7 +128,7 @@ fw_rule() { $IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN $IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN $IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN - $IPT -A SS_SPEC_WAN_FW -p tcp \ + $IPT -A SS_SPEC_WAN_FW -p tcp $PROXY_PORTS \ -j REDIRECT --to-ports $local_port 2>/dev/null || { loger 3 "Can't redirect, please check the iptables." exit 1 @@ -189,26 +191,28 @@ tp_rule() { $ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN - $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set fplan src \ + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 if [ "$RUNMODE" = "router" ] ;then - $ipt -A SS_SPEC_TPROXY -p udp -m set ! --match-set ss_spec_wan_ac dst \ + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \ + -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 elif [ "$RUNMODE" = "gfw" ] ;then $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gfwlist dst \ + $ipt -A SS_SPEC_TPROXY -p udp -m set $PROXY_PORTS --match-set gfwlist dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 elif [ "$RUNMODE" = "oversea" ] ;then - $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst \ + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 elif [ "$RUNMODE" = "all" ] ;then - $ipt -A SS_SPEC_TPROXY -p udp -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 fi $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \ @@ -288,7 +292,7 @@ EOF return 0 } -while getopts ":s:l:S:L:i:e:a:b:w:p:G:oOuUfgrczh" arg; do +while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do case "$arg" in s) server=$OPTARG @@ -323,6 +327,9 @@ while getopts ":s:l:S:L:i:e:a:b:w:p:G:oOuUfgrczh" arg; do G) LAN_GM_IP=$OPTARG ;; + D) + PROXY_PORTS=$OPTARG + ;; o) OUTPUT=1 ;; diff --git a/package/network/utils/iwinfo/Makefile b/package/network/utils/iwinfo/Makefile index c737dd41e..7c4839d3e 100644 --- a/package/network/utils/iwinfo/Makefile +++ b/package/network/utils/iwinfo/Makefile @@ -11,9 +11,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git -PKG_SOURCE_DATE:=2018-12-25 -PKG_SOURCE_VERSION:=dd508af481406bbbe42eaa20a54226645f0301cc -PKG_MIRROR_HASH:=1137b2bc2bdb8157b0ed7dfd6902453285df765358469accc4916a79a7aab989 +PKG_SOURCE_DATE:=2019-09-22 +PKG_SOURCE_VERSION:=313e82709ba90f3a966f0dd348bcad007ca316be +PKG_MIRROR_HASH:=9d81fbc867eadb91ae6045aef334146c3928c0d353e4aa271f83b55bfa37999d PKG_MAINTAINER:=Jo-Philipp Wich PKG_LICENSE:=GPL-2.0 @@ -33,7 +33,7 @@ define Package/libiwinfo CATEGORY:=Libraries TITLE:=Generalized Wireless Information Library (iwinfo) DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny +libuci +libubus - ABI_VERSION:=$(PKG_RELEASE) + ABI_VERSION:=20181126 endef define Package/libiwinfo/description