From d509afb39899382841a97350735bb366a5fdb43d Mon Sep 17 00:00:00 2001
From: Tianling Shen <cnsztl@immortalwrt.org>
Date: Fri, 8 Apr 2022 02:13:15 +0800
Subject: [PATCH] luci-app-ssr-plus: improve v2ray ss support

1. Added ShadowSocks AEAD-2022 ciphers support
2. Added ShadowSocks SIP003 plugins support
3. Added ShadowSocks SUoT protocol support
4. Reused option `encrypt_method_ss`

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
---
 .../model/cbi/shadowsocksr/client-config.lua  | 52 +++++++------------
 .../model/cbi/shadowsocksr/server-config.lua  |  1 +
 .../luasrc/model/cbi/shadowsocksr/server.lua  |  1 +
 luci-app-ssr-plus/po/zh-cn/ssr-plus.po        |  6 +++
 .../root/etc/uci-defaults/luci-ssr-plus       | 35 +++++++------
 .../usr/share/shadowsocksr/gen_config.lua     |  9 ++--
 .../root/usr/share/shadowsocksr/subscribe.lua | 25 ++++-----
 7 files changed, 64 insertions(+), 65 deletions(-)

diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
index 7422b5a2f..f81a7c193 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@@ -6,7 +6,7 @@ require "luci.sys"
 require "luci.http"
 require "luci.model.ipkg"
 
-local m, s, o, kcp_enable
+local m, s, o
 local sid = arg[1]
 local uuid = luci.sys.exec("cat /proc/sys/kernel/random/uuid")
 
@@ -47,12 +47,16 @@ local encrypt_methods = {
 }
 
 local encrypt_methods_ss = {
+	-- plain
+	"none",
+	"plain",
 	-- aead
 	"aes-128-gcm",
 	"aes-192-gcm",
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
 	"xchacha20-ietf-poly1305",
+	-- aead 2022
 	"2022-blake3-aes-128-gcm",
 	"2022-blake3-aes-256-gcm",
 	"2022-blake3-chacha20-poly1305"
@@ -77,22 +81,6 @@ local encrypt_methods_ss = {
 	"chacha20-ietf" ]]
 }
 
-local encrypt_methods_v2ray_ss = {
-	-- xray_ss
-	"none",
-	"plain",
-	-- aead
-	"aes-128-gcm",
-	"aes-256-gcm",
-	"chacha20-poly1305",
-	"chacha20-ietf-poly1305",
-	"xchacha20-ietf-poly1305",
-	"aead_aes_128_gcm",
-	"aead_aes_256_gcm",
-	"aead_chacha20_poly1305",
-	"aead_xchacha20_poly1305"
-}
-
 local protocol = {
 	-- ssr
 	"origin",
@@ -108,7 +96,7 @@ local protocol = {
 	"auth_chain_f"
 }
 
-obfs = {
+local obfs = {
 	-- ssr
 	"plain",
 	"http_simple",
@@ -127,7 +115,7 @@ local securitys = {
 }
 
 local flows = {
-	-- xlts
+	-- xtls
 	"xtls-rprx-origin",
 	"xtls-rprx-origin-udp443",
 	"xtls-rprx-direct",
@@ -258,13 +246,13 @@ for _, v in ipairs(encrypt_methods_ss) do
 end
 o.rmempty = true
 o:depends("type", "ss")
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
 
-o = s:option(ListValue, "encrypt_method_v2ray_ss", translate("Encrypt Method"))
-for _, v in ipairs(encrypt_methods_v2ray_ss) do
-	o:value(v)
-end
+o = s:option(Flag, "uot", translate("UDP over TCP"))
+o.description = translate("Enable the SUoT protocol, requires server support.")
 o.rmempty = true
 o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
+o.default = "0"
 
 o = s:option(Flag, "ivCheck", translate("Bloom Filter"))
 o.rmempty = true
@@ -277,7 +265,7 @@ o:value("none", translate("None"))
 if is_finded("obfs-local") then
 	o:value("obfs-local", translate("obfs-local"))
 end
-if is_finded("v2ray-plugin") then
+if is_finded("v2ray-plugin") or is_installed("sagernet-core") then
 	o:value("v2ray-plugin", translate("v2ray-plugin"))
 end
 if is_finded("xray-plugin") then
@@ -285,12 +273,12 @@ if is_finded("xray-plugin") then
 end
 o.rmempty = true
 o:depends("type", "ss")
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
 
 o = s:option(Value, "plugin_opts", translate("Plugin Opts"))
 o.rmempty = true
-o:depends({type = "ss", plugin = "obfs-local"})
-o:depends({type = "ss", plugin = "v2ray-plugin"})
-o:depends({type = "ss", plugin = "xray-plugin"})
+o:depends("type", "ss")
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
 
 o = s:option(ListValue, "protocol", translate("Protocol"))
 for _, v in ipairs(protocol) do
@@ -650,11 +638,11 @@ o.default = 1234
 o.rmempty = false
 
 if is_finded("kcptun-client") then
-	kcp_enable = s:option(Flag, "kcp_enable", translate("KcpTun Enable"))
-	kcp_enable.rmempty = true
-	kcp_enable.default = "0"
-	kcp_enable:depends("type", "ssr")
-	kcp_enable:depends("type", "ss")
+	o = s:option(Flag, "kcp_enable", translate("KcpTun Enable"))
+	o.rmempty = true
+	o.default = "0"
+	o:depends("type", "ssr")
+	o:depends("type", "ss")
 
 	o = s:option(Value, "kcp_port", translate("KcpTun Port"))
 	o.datatype = "port"
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
index 16b7f4b3c..f9ac268ea 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
@@ -39,6 +39,7 @@ local encrypt_methods_ss = {
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
 	"xchacha20-ietf-poly1305",
+	-- aead 2022
 	"2022-blake3-aes-128-gcm",
 	"2022-blake3-aes-256-gcm",
 	"2022-blake3-chacha20-poly1305"
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
index 42b5174e3..6ef44c080 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
@@ -35,6 +35,7 @@ local encrypt_methods_ss = {
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
 	"xchacha20-ietf-poly1305",
+	-- aead 2022
 	"2022-blake3-aes-128-gcm",
 	"2022-blake3-aes-256-gcm",
 	"2022-blake3-chacha20-poly1305"
diff --git a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
index 621c05b5d..9750e59da 100644
--- a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@@ -61,6 +61,12 @@ msgstr "密码"
 msgid "Encrypt Method"
 msgstr "加密方式"
 
+msgid "Enable the SUoT protocol, requires server support."
+msgstr "启用 SUoT 协议，需要服务端支持。"
+
+msgid "Bloom Filter"
+msgstr "布隆过滤器"
+
 msgid "VLESS Encryption"
 msgstr "VLESS 加密"
 
diff --git a/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus b/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
index 3ff99ae46..736c05bd4 100755
--- a/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
+++ b/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
@@ -1,16 +1,19 @@
 #!/bin/sh
+
 uci -q batch <<-EOF >/dev/null
-delete ucitrack.@shadowsocksr[-1]
-add ucitrack shadowsocksr
-set ucitrack.@shadowsocksr[-1].init=shadowsocksr
-commit ucitrack
-delete firewall.shadowsocksr
-set firewall.shadowsocksr=include
-set firewall.shadowsocksr.type=script
-set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include
-set firewall.shadowsocksr.reload=1
-commit firewall
+	delete ucitrack.@shadowsocksr[-1]
+	add ucitrack shadowsocksr
+	set ucitrack.@shadowsocksr[-1].init=shadowsocksr
+	commit ucitrack
+
+	delete firewall.shadowsocksr
+	set firewall.shadowsocksr=include
+	set firewall.shadowsocksr.type=script
+	set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include
+	set firewall.shadowsocksr.reload=1
+	commit firewall
 EOF
+
 rm -rf /etc/config/shadowsocksr-opkg /etc/ssrplus/*opkg
 touch /etc/ssrplus/china_ssr.txt
 touch /etc/ssrplus/deny.list
@@ -23,15 +26,17 @@ touch /etc/ssrplus/gfw_list.conf
 touch /etc/ssrplus/oversea_list.conf
 touch /etc/ssrplus/ad.conf
 touch /etc/config/shadowsocksr
-if [ ! -s "/etc/config/shadowsocksr" ]; then
-/etc/init.d/shadowsocksr reset
-fi
-sed -i "s/option type 'vmess'"/"option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr
-sed -i "s/option type 'vless'"/"option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr
+[ -s "/etc/config/shadowsocksr" ] || /etc/init.d/shadowsocksr reset
+
+sed -i "s/option type 'vmess'/option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr
+sed -i "s/option type 'vless'/option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr
+sed -i "s/option encrypt_method_v2ray_ss/option encrypt_method_ss/g" /etc/config/shadowsocksr
+
 if [ -s "/etc/uwsgi/vassals/luci-webui.ini" ];then
 	limit=$(cat /etc/uwsgi/vassals/luci-webui.ini  | grep -Eo "limit-as.*"|grep -Eo "[0-9]+")
 	[ $limit -lt 5000 ] && sed -i '/limit-as/c\limit-as = 5000' /etc/uwsgi/vassals/luci-webui.ini && \
 	/etc/init.d/uwsgi restart
 fi
+
 rm -rf /tmp/luci-modulecache /tmp/luci-indexcache
 exit 0
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
index d210a0e4d..9881d0059 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@@ -32,14 +32,17 @@ function vmess_vless()
 end
 function trojan_shadowsocks()
 	outbound_settings = {
+		plugin = (server.v2ray_protocol == "shadowsocks") and server.plugin ~= "none" and server.plugin or nil,
+		pluginOpts = (server.v2ray_protocol == "shadowsocks") and server.plugin_opts or nil,
 		servers = {
 			{
 				address = server.server,
 				port = tonumber(server.server_port),
 				password = server.password,
-				method = (server.v2ray_protocol == "shadowsocks") and server.encrypt_method_v2ray_ss or nil,
-				flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil,
-				ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil
+				method = (server.v2ray_protocol == "shadowsocks") and server.encrypt_method_ss or nil,
+				uot = (server.v2ray_protocol == "shadowsocks") and server.uot or nil,
+				ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil,
+				flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil
 			}
 		}
 	}
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
index f158e4b17..b3d6d8507 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
@@ -33,12 +33,16 @@ local log = function(...)
 	print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " "))
 end
 local encrypt_methods_ss = {
+	-- plain
+	"none",
+	"plain",
 	-- aead
 	"aes-128-gcm",
 	"aes-192-gcm",
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
 	"xchacha20-ietf-poly1305",
+	-- aead 2022
 	"2022-blake3-aes-128-gcm",
 	"2022-blake3-aes-256-gcm",
 	"2022-blake3-chacha20-poly1305"
@@ -243,6 +247,8 @@ local function processData(szType, content)
 		local password = userinfo:sub(userinfo:find(":") + 1, #userinfo)
 		result.alias = UrlDecode(alias)
 		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
+		result.encrypt_method_ss = method
 		result.password = password
 		result.server = host[1]
 		if host[2]:find("/%?") then
@@ -273,33 +279,27 @@ local function processData(szType, content)
 		if not checkTabValue(encrypt_methods_ss)[method] then
 			-- 1202 年了还不支持 SS AEAD 的屑机场
 			result.server = nil
-		elseif v2_ss == "v2ray" then
-			result.v2ray_protocol = "shadowsocks"
-			result.encrypt_method_v2ray_ss = method
-		else
-			result.encrypt_method_ss = method
 		end
 	elseif szType == "sip008" then
 		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
 		result.server = content.server
 		result.server_port = content.server_port
 		result.password = content.password
+		result.encrypt_method_ss = content.method
 		result.plugin = content.plugin
 		result.plugin_opts = content.plugin_opts
 		result.alias = content.remarks
 		if not checkTabValue(encrypt_methods_ss)[content.method] then
 			result.server = nil
-		elseif v2_ss == "v2ray" then
-			result.v2ray_protocol = "shadowsocks"
-			result.encrypt_method_v2ray_ss = content.method
-		else
-			result.encrypt_method_ss = content.method
 		end
 	elseif szType == "ssd" then
 		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
 		result.server = content.server
 		result.server_port = content.port
 		result.password = content.password
+		result.encrypt_method_ss = content.method
 		result.plugin_opts = content.plugin_options
 		result.alias = "[" .. content.airport .. "] " .. content.remarks
 		if content.plugin == "simple-obfs" then
@@ -309,11 +309,6 @@ local function processData(szType, content)
 		end
 		if not checkTabValue(encrypt_methods_ss)[content.encryption] then
 			result.server = nil
-		elseif v2_ss == "v2ray" then
-			result.v2ray_protocol = "shadowsocks"
-			result.encrypt_method_v2ray_ss = content.method
-		else
-			result.encrypt_method_ss = content.method
 		end
 	elseif szType == "trojan" then
 		local idx_sp = 0