diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile
index b2af1198b..9d8a0b353 100644
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-ssr-plus
PKG_VERSION:=188
-PKG_RELEASE:=7
+PKG_RELEASE:=9
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
index 00ef47d6a..91579535b 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@@ -70,6 +70,10 @@ o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
o.description = translate("Customize Netflix IP Url")
o:depends("netflix_enable", "1")
+o = s:option(Flag, "apple_optimization", translate("Apple domains optimization"), translate("For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"))
+o.rmempty = false
+o.default = "1"
+
o = s:option(Flag, "adblock", translate("Enable adblock"))
o.rmempty = false
@@ -103,4 +107,78 @@ o.datatype = "port"
o.default = 1080
o.rmempty = false
+-- [[ fragmen Settings ]]--
+if is_finded("xray") then
+s = m:section(TypedSection, "global_xray_fragment", translate("Xray Fragment Settings"))
+s.anonymous = true
+
+o = s:option(Flag, "fragment", translate("Fragment"), translate("TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."))
+o.default = 0
+
+o = s:option(ListValue, "fragment_packets", translate("Fragment Packets"), translate("\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."))
+o.default = "tlshello"
+o:value("tlshello", "tlshello")
+o:value("1-2", "1-2")
+o:value("1-3", "1-3")
+o:value("1-5", "1-5")
+o:depends("fragment", true)
+
+o = s:option(Value, "fragment_length", translate("Fragment Length"), translate("Fragmented packet length (byte)"))
+o.default = "100-200"
+o:depends("fragment", true)
+
+o = s:option(Value, "fragment_interval", translate("Fragment Interval"), translate("Fragmentation interval (ms)"))
+o.default = "10-20"
+o:depends("fragment", true)
+
+o = s:option(Flag, "noise", translate("Noise"), translate("UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."))
+o.default = 0
+
+s = m:section(TypedSection, "xray_noise_packets", translate("Xray Noise Packets"))
+s.description = translate(
+ "" .. translate("To send noise packets, select \"Noise\" in Xray Settings.") .. "" ..
+ "
" .. translate("For specific usage, see: ") .. "" ..
+ "" ..
+ "" .. translate("Click to the page") .. "")
+s.template = "cbi/tblsection"
+s.sortable = true
+s.anonymous = true
+s.addremove = true
+
+s.remove = function(self, section)
+ for k, v in pairs(self.children) do
+ v.rmempty = true
+ v.validate = nil
+ end
+ TypedSection.remove(self, section)
+end
+
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(ListValue, "type", translate("Type"))
+o.default = "base64"
+o:value("rand", "rand")
+o:value("str", "str")
+o:value("base64", "base64")
+
+o = s:option(Value, "domainStrategy", translate("Domain Strategy"))
+o.default = "UseIP"
+o:value("AsIs", "AsIs")
+o:value("UseIP", "UseIP")
+o:value("UseIPv4", "UseIPv4")
+o:value("ForceIP", "ForceIP")
+o:value("ForceIPv4", "ForceIPv4")
+o.rmempty = false
+
+o = s:option(Value, "packet", translate("Packet"))
+o.datatype = "minlength(1)"
+o.rmempty = false
+
+o = s:option(Value, "delay", translate("Delay (ms)"))
+o.datatype = "or(uinteger,portrange)"
+o.rmempty = false
+end
+
return m
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
index c55e0ff09..1048aa495 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@@ -927,7 +927,6 @@ if is_finded("xray") then
o:value(v, translate(v))
end
o.rmempty = true
- o:depends("xtls", true)
o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", tls = true})
o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", reality = true})
diff --git a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
index 60ac526d3..f97309b39 100644
--- a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
@@ -209,7 +209,6 @@ msgstr "QUIC 连接接收窗口"
msgid "QUIC stream receive window"
msgstr "QUIC 流接收窗口"
-
msgid "Lazy Start"
msgstr "延迟启动"
@@ -459,6 +458,12 @@ msgstr "切换检查超时时间(秒)"
msgid "Check Try Count"
msgstr "切换检查重试次数"
+msgid "Apple domains optimization"
+msgstr "Apple 域名解析优化"
+
+msgid "For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"
+msgstr "配备中国大陆 CDN 的 Apple 域名,始终应答中国大陆 CDN 地址"
+
msgid "Enable adblock"
msgstr "启用广告屏蔽"
@@ -816,6 +821,63 @@ msgstr "本机服务端"
msgid "Global SOCKS5 Proxy Server"
msgstr "SOCKS5 代理服务端(全局)"
+msgid "Xray Fragment Settings"
+msgstr "Xray 分片设置"
+
+msgid "Fragment"
+msgstr "分片"
+
+msgid "TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."
+msgstr "TCP 分片,在某些情况下可以欺骗审查系统,比如绕过 SNI 黑名单。"
+
+msgid "Fragment Packets"
+msgstr "分片方式"
+
+msgid "\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."
+msgstr "\"1-3\" 是 TCP 的流切片,应用于客户端第 1 至第 3 次写数据。\"tlshello\" 是 TLS 握手包切片。"
+
+msgid "Fragment Length"
+msgstr "分片包长"
+
+msgid "Fragmented packet length (byte)"
+msgstr "分片包长 (byte)"
+
+msgid "Fragment Interval"
+msgstr "分片间隔"
+
+msgid "Fragmentation interval (ms)"
+msgstr "分片间隔(ms)"
+
+msgid "Noise"
+msgstr "噪声"
+
+msgid "UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."
+msgstr "UDP 噪声,在某些情况下可以绕过一些针对 UDP 协议的限制。"
+
+msgid "To send noise packets, select \"Noise\" in Xray Settings."
+msgstr "在 Xray 设置中勾选 “噪声” 以发送噪声包。"
+
+msgid "For specific usage, see: "
+msgstr "具体使用方法参见:"
+
+msgid "Click to the page"
+msgstr "点击前往"
+
+msgid "Xray Noise Packets"
+msgstr "Xray 噪声数据包"
+
+msgid "Type"
+msgstr "类型"
+
+msgid "Domain Strategy"
+msgstr "域名解析策略"
+
+msgid "Packet"
+msgstr "数据包"
+
+msgid "Delay (ms)"
+msgstr "延迟(ms)"
+
msgid "warning! Please do not reuse the port!"
msgstr "警告!请不要重复使用端口!"
diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
index ec19a6f01..9af87f1ec 100755
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@@ -17,7 +17,14 @@ LOCK_FILE=/var/lock/ssrplus.lock
LOG_FILE=/var/log/ssrplus.log
TMP_PATH=/var/etc/ssrplus
TMP_BIN_PATH=$TMP_PATH/bin
-TMP_DNSMASQ_PATH=/tmp/dnsmasq.d/dnsmasq-ssrplus.d
+# Get the default DNSMasq config ID from the UCI configuration
+DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}' | head -1)
+# Locate the dnsmasq.conf file that contains the conf-dir option
+DNSMASQ_CONF_PATH=$(grep -l "^conf-dir=" "/tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID}")
+# Extract the directory path from the conf-dir line
+DNSMASQ_CONF_DIR=$(grep '^conf-dir=' "$DNSMASQ_CONF_PATH" | cut -d'=' -f2 | head -n 1)
+# Check if a conf-dir value was found and set variables accordingly
+TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR%*/}/dnsmasq-ssrplus.d
chain_config_file= #generate shadowtls chain proxy config file
tcp_config_file=
@@ -220,6 +227,12 @@ start_dns() {
fi
fi
fi
+
+ if [ "$(uci_get_by_type global apple_optimization 1)" == "1" ]; then
+ echolog "Apple 域名中国大陆 CDN 的 优化规则正在加载。"
+ cp -f /etc/ssrplus/applechina.conf $TMP_DNSMASQ_PATH/
+ echolog "Apple 域名中国大陆 CDN 的 优化规则加载完毕。"
+ fi
}
gen_service_file() { #1-server.type 2-cfgname 3-file_path
@@ -390,7 +403,7 @@ start_udp() {
;;
v2ray)
gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port
- ln_start_bin $(first_type xray v2ray) v2ray run -config $udp_config_file
+ ln_start_bin $(first_type xray v2ray) v2ray run -c $udp_config_file
echolog "UDP TPROXY Relay:$($(first_type "xray" "v2ray") version | head -1) Started!"
;;
trojan) #client
@@ -472,7 +485,7 @@ start_shunt() {
v2ray)
local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
- ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+ ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
;;
@@ -592,7 +605,7 @@ start_local() {
v2ray)
if [ "$_local" == "2" ]; then
gen_config_file $LOCAL_SERVER $type 4 0 $local_port
- ln_start_bin $(first_type xray v2ray) v2ray run -config $local_config_file
+ ln_start_bin $(first_type xray v2ray) v2ray run -c $local_config_file
fi
echolog "Global_Socks5:$($(first_type "xray" "v2ray") version | head -1) Started!"
;;
@@ -687,7 +700,7 @@ Start_Run() {
;;
v2ray)
gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port
- ln_start_bin $(first_type xray v2ray) v2ray run -config $tcp_config_file
+ ln_start_bin $(first_type xray v2ray) v2ray run -c $tcp_config_file
echolog "Main node:$($(first_type xray v2ray) version | head -1) Started!"
;;
trojan)
@@ -989,8 +1002,8 @@ start_rules() {
start() {
set_lock
echolog "----------start------------"
- mkdir -p /var/run /var/lock /var/log /tmp/dnsmasq.d $TMP_BIN_PATH $TMP_DNSMASQ_PATH
- echo "conf-dir=${TMP_DNSMASQ_PATH}" >"/tmp/dnsmasq.d/dnsmasq-ssrplus.conf"
+ mkdir -p /var/run /var/lock /var/log $DNSMASQ_CONF_DIR $TMP_BIN_PATH $TMP_DNSMASQ_PATH
+ echo "conf-dir=${TMP_DNSMASQ_PATH}" >"$DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf"
if load_config; then
Start_Run
start_rules
@@ -1023,7 +1036,7 @@ start() {
boot() {
echolog "boot!"
- mkdir -p /var/run /var/lock /var/log /tmp/dnsmasq.d $TMP_BIN_PATH $TMP_DNSMASQ_PATH
+ mkdir -p /var/run /var/lock /var/log $DNSMASQ_CONF_DIR $TMP_BIN_PATH $TMP_DNSMASQ_PATH
start
}
@@ -1055,8 +1068,8 @@ stop() {
uci -q del "dhcp.@dnsmasq[0]._unused_ssrp_changed"
uci -q commit "dhcp"
fi
- if [ -f "/tmp/dnsmasq.d/dnsmasq-ssrplus.conf" ]; then
- rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
+ if [ -f "$DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf" ]; then
+ rm -rf $DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
uci -q delete firewall.shadowsocksr_server
@@ -1114,6 +1127,9 @@ reset() {
set shadowsocksr.@socks5_proxy[0].local_port='1080'
add shadowsocksr server_global
set shadowsocksr.@server_global[0].enable_server='0'
+ add shadowsocksr global_xray_fragment
+ set shadowsocksr.@global_xray_fragment[0].fragment='0'
+ set shadowsocksr.@global_xray_fragment[0].noise='0'
commit shadowsocksr
EOF
unset_lock
diff --git a/luci-app-ssr-plus/root/etc/ssrplus/applechina.conf b/luci-app-ssr-plus/root/etc/ssrplus/applechina.conf
new file mode 100644
index 000000000..bc8a7658f
--- /dev/null
+++ b/luci-app-ssr-plus/root/etc/ssrplus/applechina.conf
@@ -0,0 +1,173 @@
+server=/a1.mzstatic.com/114.114.114.114
+server=/a2.mzstatic.com/114.114.114.114
+server=/a3.mzstatic.com/114.114.114.114
+server=/a4.mzstatic.com/114.114.114.114
+server=/a5.mzstatic.com/114.114.114.114
+server=/adcdownload.apple.com.akadns.net/114.114.114.114
+server=/adcdownload.apple.com/114.114.114.114
+server=/amp-api-updates.apps.apple.com/114.114.114.114
+server=/amp-api.media.apple.com/114.114.114.114
+server=/api-p-ap-c.smoot.apple.com/114.114.114.114
+server=/api-p-ap-d.smoot.apple.com/114.114.114.114
+server=/api-p-ap-e.smoot.apple.com/114.114.114.114
+server=/app-site-association.cdn-apple.com/114.114.114.114
+server=/appldnld.apple.com/114.114.114.114
+server=/appldnld.g.aaplimg.com/114.114.114.114
+server=/appleid.cdn-apple.com/114.114.114.114
+server=/apps.apple.com/114.114.114.114
+server=/apps.mzstatic.com/114.114.114.114
+server=/bag-cdn.itunes-apple.com.akadns.net/114.114.114.114
+server=/cdn-cn1.apple-mapkit.com/114.114.114.114
+server=/cdn-cn2.apple-mapkit.com/114.114.114.114
+server=/cdn-cn3.apple-mapkit.com/114.114.114.114
+server=/cdn-cn4.apple-mapkit.com/114.114.114.114
+server=/cdn.apple-mapkit.com/114.114.114.114
+server=/cdn1.apple-mapkit.com/114.114.114.114
+server=/cdn2.apple-mapkit.com/114.114.114.114
+server=/cdn3.apple-mapkit.com/114.114.114.114
+server=/cdn4.apple-mapkit.com/114.114.114.114
+server=/cds-cdn.v.aaplimg.com/114.114.114.114
+server=/cds.apple.com.akadns.net/114.114.114.114
+server=/cds.apple.com/114.114.114.114
+server=/cdsassets.apple.com/114.114.114.114
+server=/cl1-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl1.apple.com/114.114.114.114
+server=/cl2-cn.apple.com/114.114.114.114
+server=/cl2.apple.com/114.114.114.114
+server=/cl3-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl3.apple.com/114.114.114.114
+server=/cl4-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl4-cn.apple.com/114.114.114.114
+server=/cl4.apple.com/114.114.114.114
+server=/cl5-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl5.apple.com/114.114.114.114
+server=/clientflow.apple.com.akadns.net/114.114.114.114
+server=/clientflow.apple.com/114.114.114.114
+server=/cn-smp-paymentservices.apple.com/114.114.114.114
+server=/configuration.apple.com.akadns.net/114.114.114.114
+server=/configuration.apple.com/114.114.114.114
+server=/crl.apple.com/114.114.114.114
+server=/cstat.apple.com/114.114.114.114
+server=/cstat.cdn-apple.com/114.114.114.114
+server=/dd-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/dejavu.apple.com/114.114.114.114
+server=/devstreaming-cdn.apple.com/114.114.114.114
+server=/download.developer.apple.com/114.114.114.114
+server=/experiments.apple.com/114.114.114.114
+server=/gs-loc-cn.apple.com/114.114.114.114
+server=/gs-loc.apple.com/114.114.114.114
+server=/gsp10-ssl-cn.ls.apple.com/114.114.114.114
+server=/gsp12-cn.ls.apple.com/114.114.114.114
+server=/gsp13-cn.ls.apple.com/114.114.114.114
+server=/gsp4-cn.ls.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/gsp4-cn.ls.apple.com.edgekey.net/114.114.114.114
+server=/gsp4-cn.ls.apple.com/114.114.114.114
+server=/gsp5-cn.ls.apple.com/114.114.114.114
+server=/gsp85-cn-ssl.ls.apple.com/114.114.114.114
+server=/gspe19-2-cn-ssl.ls-apple.com.akadns.net/114.114.114.114
+server=/gspe19-2-cn-ssl.ls.apple.com/114.114.114.114
+server=/gspe19-cn-ssl.ls.apple.com/114.114.114.114
+server=/gspe19-cn.ls-apple.com.akadns.net/114.114.114.114
+server=/gspe19-cn.ls.apple.com/114.114.114.114
+server=/gspe21-ssl.ls.apple.com/114.114.114.114
+server=/gspe21.ls.apple.com/114.114.114.114
+server=/gspe35-ssl.ls.apple.com/114.114.114.114
+server=/gspe79-cn-ssl.ls.apple.com/114.114.114.114
+server=/guzzoni-apple-com.v.aaplimg.com/114.114.114.114
+server=/guzzoni.apple.com/114.114.114.114
+server=/guzzoni.smoot.apple.com/114.114.114.114
+server=/iadsdk.apple.com/114.114.114.114
+server=/icloud-cdn.icloud.com.akadns.net/114.114.114.114
+server=/icloud.cdn-apple.com/114.114.114.114
+server=/images.apple.com.akadns.net/114.114.114.114
+server=/images.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/images.apple.com/114.114.114.114
+server=/init-kt.apple.com/114.114.114.114
+server=/init-p01md-lb.push-apple.com.akadns.net/114.114.114.114
+server=/init-p01md.apple.com/114.114.114.114
+server=/init-p01st-lb.push-apple.com.akadns.net/114.114.114.114
+server=/init-p01st.push.apple.com/114.114.114.114
+server=/init-s01st-lb.push-apple.com.akadns.net/114.114.114.114
+server=/init-s01st.push.apple.com/114.114.114.114
+server=/init.ess.apple.com/114.114.114.114
+server=/iosapps.itunes.g.aaplimg.com/114.114.114.114
+server=/ipcdn.apple.com/114.114.114.114
+server=/iphone-ld.apple.com/114.114.114.114
+server=/iphone-ld.origin-apple.com.akadns.net/114.114.114.114
+server=/is-ssl.mzstatic.com-cn-lb.itunes-apple.com.akadns.net/114.114.114.114
+server=/is1-ssl.mzstatic.com/114.114.114.114
+server=/is1.mzstatic.com/114.114.114.114
+server=/is2-ssl.mzstatic.com/114.114.114.114
+server=/is2.mzstatic.com/114.114.114.114
+server=/is3-ssl.mzstatic.com/114.114.114.114
+server=/is3.mzstatic.com/114.114.114.114
+server=/is4-ssl.mzstatic.com/114.114.114.114
+server=/is4.mzstatic.com/114.114.114.114
+server=/is5-ssl.mzstatic.com/114.114.114.114
+server=/is5.mzstatic.com/114.114.114.114
+server=/itunes-apple.com.akadns.net/114.114.114.114
+server=/itunes.apple.com/114.114.114.114
+server=/itunesconnect.apple.com/114.114.114.114
+server=/mesu-cdn.apple.com.akadns.net/114.114.114.114
+server=/mesu-china.apple.com.akadns.net/114.114.114.114
+server=/mesu.apple.com/114.114.114.114
+server=/ml.cdn-apple.com/114.114.114.114
+server=/music.apple.com/114.114.114.114
+server=/ocsp-lb.apple.com.akadns.net/114.114.114.114
+server=/ocsp.apple.com/114.114.114.114
+server=/ocsp2-lb.apple.com.akadns.net/114.114.114.114
+server=/ocsp2.apple.com/114.114.114.114
+server=/oscdn.apple.com/114.114.114.114
+server=/oscdn.origin-apple.com.akadns.net/114.114.114.114
+server=/osxapps.itunes.g.aaplimg.com/114.114.114.114
+server=/pancake.apple.com/114.114.114.114
+server=/pancake.cdn-apple.com.akadns.net/114.114.114.114
+server=/pba0.apple.com/114.114.114.114
+server=/probe.siri.apple.com/114.114.114.114
+server=/prod-support.apple-support.akadns.net/114.114.114.114
+server=/publicassets.cdn-apple.com/114.114.114.114
+server=/reserve-prime.apple.com/114.114.114.114
+server=/s.mzstatic.com/114.114.114.114
+server=/seed-sequoia.siri.apple.com/114.114.114.114
+server=/seed-swallow.siri.apple.com/114.114.114.114
+server=/seed.siri.apple.com/114.114.114.114
+server=/sequoia.apple.com/114.114.114.114
+server=/sh-pod2-smp-device.apple.com/114.114.114.114
+server=/shazam-insights.cdn-apple.com/114.114.114.114
+server=/smp-device-content.apple.com/114.114.114.114
+server=/static.gc.apple.com/114.114.114.114
+server=/stocks-sparkline-lb.apple.com.akadns.net/114.114.114.114
+server=/stocks-sparkline.apple.com/114.114.114.114
+server=/store.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/store.apple.com.edgekey.net/114.114.114.114
+server=/store.apple.com/114.114.114.114
+server=/store.storeimages.apple.com.akadns.net/114.114.114.114
+server=/store.storeimages.cdn-apple.com/114.114.114.114
+server=/support-china.apple-support.akadns.net/114.114.114.114
+server=/support.apple.com/114.114.114.114
+server=/swallow-apple-com.v.aaplimg.com/114.114.114.114
+server=/swallow.apple.com/114.114.114.114
+server=/swcatalog-cdn.apple.com.akadns.net/114.114.114.114
+server=/swcatalog.apple.com/114.114.114.114
+server=/swcdn.apple.com/114.114.114.114
+server=/swcdn.g.aaplimg.com/114.114.114.114
+server=/swdist.apple.com.akadns.net/114.114.114.114
+server=/swdist.apple.com/114.114.114.114
+server=/swscan-cdn.apple.com.akadns.net/114.114.114.114
+server=/swscan.apple.com/114.114.114.114
+server=/sylvan.apple.com/114.114.114.114
+server=/tj-pod1-smp-device.apple.com/114.114.114.114
+server=/updates-http.cdn-apple.com.akadns.net/114.114.114.114
+server=/updates-http.cdn-apple.com/114.114.114.114
+server=/updates.cdn-apple.com/114.114.114.114
+server=/valid.apple.com/114.114.114.114
+server=/valid.origin-apple.com.akadns.net/114.114.114.114
+server=/weather-data.apple.com.akadns.net/114.114.114.114
+server=/weather-data.apple.com/114.114.114.114
+server=/weather-map.apple.com/114.114.114.114
+server=/weather-map2.apple.com/114.114.114.114
+server=/weatherkit.apple.com/114.114.114.114
+server=/www.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/www.apple.com.edgekey.net/114.114.114.114
+server=/www.apple.com/114.114.114.114
+server=/xp.apple.com/114.114.114.114
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
index 8102cd385..e95b96ba3 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@@ -12,6 +12,8 @@ local chain = arg[5] or "0"
local chain_local_port = string.split(chain, "/")[2] or "0"
local server = ucursor:get_all("shadowsocksr", server_section)
+local xray_fragment = ucursor:get_all("shadowsocksr", "@global_xray_fragment[0]") or {}
+local xray_noise = ucursor:get_all("shadowsocksr", "@xray_noise_packets[0]") or {}
local outbound_settings = nil
function vmess_vless()
@@ -77,7 +79,7 @@ function wireguard()
allowedIPs = (server.allowedips) or nil,
}
},
- kernelMode = (server.kernelmode == "1") and true or false,
+ noKernelTun = (server.kernelmode == "1") and true or false,
reserved = {server.reserved} or nil,
mtu = tonumber(server.mtu)
}
@@ -124,165 +126,210 @@ local Xray = {
-- error = "/var/ssrplus.log",
loglevel = "warning"
},
+
+ -- 初始化 inbounds 表
+ inbounds = {},
+
+ -- 初始化 outbounds 表
+ outbounds = {},
+}
-- 传入连接
- inbound = (local_port ~= "0") and {
- -- listening
- port = tonumber(local_port),
- protocol = "dokodemo-door",
- settings = {network = proto, followRedirect = true},
- sniffing = {
- enabled = true,
- destOverride = {"http", "tls", "quic"},
- domainsExcluded = {
- "courier.push.apple.com",
- "rbsxbxp-mim.vivox.com",
- "rbsxbxp.www.vivox.com",
- "rbsxbxp-ws.vivox.com",
- "rbspsxp.www.vivox.com",
- "rbspsxp-mim.vivox.com",
- "rbspsxp-ws.vivox.com",
- "rbswxp.www.vivox.com",
- "rbswxp-mim.vivox.com",
- "disp-rbspsp-5-1.vivox.com",
- "disp-rbsxbp-5-1.vivox.com",
- "proxy.rbsxbp.vivox.com",
- "proxy.rbspsp.vivox.com",
- "proxy.rbswp.vivox.com",
- "rbswp.vivox.com",
- "rbsxbp.vivox.com",
- "rbspsp.vivox.com",
- "rbspsp.www.vivox.com",
- "rbswp.www.vivox.com",
- "rbsxbp.www.vivox.com",
- "rbsxbxp.vivox.com",
- "rbspsxp.vivox.com",
- "rbswxp.vivox.com",
- "Mijia Cloud",
- "dlg.io.mi.com"
+ -- 添加 dokodemo-door 配置,如果 local_port 不为 0
+if local_port ~= "0" then
+ table.insert(Xray.inbounds, {
+ -- listening
+ port = tonumber(local_port),
+ protocol = "dokodemo-door",
+ settings = {network = proto, followRedirect = true},
+ sniffing = {
+ enabled = true,
+ destOverride = {"http", "tls", "quic"},
+ metadataOnly = false,
+ domainsExcluded = {
+ "courier.push.apple.com",
+ "rbsxbxp-mim.vivox.com",
+ "rbsxbxp.www.vivox.com",
+ "rbsxbxp-ws.vivox.com",
+ "rbspsxp.www.vivox.com",
+ "rbspsxp-mim.vivox.com",
+ "rbspsxp-ws.vivox.com",
+ "rbswxp.www.vivox.com",
+ "rbswxp-mim.vivox.com",
+ "disp-rbspsp-5-1.vivox.com",
+ "disp-rbsxbp-5-1.vivox.com",
+ "proxy.rbsxbp.vivox.com",
+ "proxy.rbspsp.vivox.com",
+ "proxy.rbswp.vivox.com",
+ "rbswp.vivox.com",
+ "rbsxbp.vivox.com",
+ "rbspsp.vivox.com",
+ "rbspsp.www.vivox.com",
+ "rbswp.www.vivox.com",
+ "rbsxbp.www.vivox.com",
+ "rbsxbxp.vivox.com",
+ "rbspsxp.vivox.com",
+ "rbswxp.vivox.com",
+ "Mijia Cloud",
+ "dlg.io.mi.com"
+ }
}
- }
- } or nil,
+ })
+end
+
-- 开启 socks 代理
- inboundDetour = (proto:find("tcp") and socks_port ~= "0") and {
- {
- -- socks
- protocol = "socks",
- port = tonumber(socks_port),
- settings = {auth = "noauth", udp = true}
- }
- } or nil,
+ -- 检查是否启用 socks 代理
+if proto:find("tcp") and socks_port ~= "0" then
+ table.insert(Xray.inbounds, {
+ -- socks
+ protocol = "socks",
+ port = tonumber(socks_port),
+ settings = {auth = "noauth", udp = true}
+ })
+end
+
-- 传出连接
- outbound = {
- protocol = server.v2ray_protocol,
- settings = outbound_settings,
- -- 底层传输配置
- streamSettings = (server.v2ray_protocol ~= "wireguard") and {
- network = server.transport or "tcp",
- security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
- tlsSettings = (server.tls == '1') and (server.tls_host or server.fingerprint) and {
- -- tls
- alpn = server.tls_alpn,
- fingerprint = server.fingerprint,
- allowInsecure = (server.insecure == "1"),
- serverName = server.tls_host,
- certificates = server.certificate and {
- usage = "verify",
- certificateFile = server.certpath
+ Xray.outbounds = {
+ {
+ protocol = server.v2ray_protocol,
+ settings = outbound_settings,
+ -- 底层传输配置
+ streamSettings = (server.v2ray_protocol ~= "wireguard") and {
+ network = server.transport or "tcp",
+ security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
+ tlsSettings = (server.tls == '1') and {
+ -- tls
+ alpn = server.tls_alpn,
+ fingerprint = server.fingerprint,
+ allowInsecure = (server.insecure == "1"),
+ serverName = server.tls_host,
+ certificates = server.certificate and {
+ usage = "verify",
+ certificateFile = server.certpath
+ } or nil,
} or nil,
- } or nil,
- xtlsSettings = (server.xtls == '1') and server.tls_host and {
- -- xtls
- allowInsecure = (server.insecure == "1") and true or nil,
- serverName = server.tls_host,
- minVersion = "1.3"
- } or nil,
- realitySettings = (server.reality == '1') and {
- publicKey = server.reality_publickey,
- shortId = server.reality_shortid,
- spiderX = server.reality_spiderx,
- fingerprint = server.fingerprint,
- serverName = server.tls_host
- } or nil,
- tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
- -- tcp
- header = {
- type = server.tcp_guise,
- request = {
- -- request
- path = {server.http_path} or {"/"},
- headers = {Host = {server.http_host} or {}}
+ xtlsSettings = (server.xtls == '1') and server.tls_host and {
+ -- xtls
+ allowInsecure = (server.insecure == "1") and true or nil,
+ serverName = server.tls_host,
+ minVersion = "1.3"
+ } or nil,
+ realitySettings = (server.reality == '1') and {
+ publicKey = server.reality_publickey,
+ shortId = server.reality_shortid,
+ spiderX = server.reality_spiderx,
+ fingerprint = server.fingerprint,
+ serverName = server.tls_host
+ } or nil,
+ tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
+ -- tcp
+ header = {
+ type = server.tcp_guise,
+ request = {
+ -- request
+ path = {server.http_path} or {"/"},
+ headers = {Host = {server.http_host} or {}}
+ }
}
+ } or nil,
+ kcpSettings = (server.transport == "kcp") and {
+ -- kcp
+ mtu = tonumber(server.mtu),
+ tti = tonumber(server.tti),
+ uplinkCapacity = tonumber(server.uplink_capacity),
+ downlinkCapacity = tonumber(server.downlink_capacity),
+ congestion = (server.congestion == "1") and true or false,
+ readBufferSize = tonumber(server.read_buffer_size),
+ writeBufferSize = tonumber(server.write_buffer_size),
+ header = {type = server.kcp_guise},
+ seed = server.seed or nil
+ } or nil,
+ wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and {
+ -- ws
+ headers = (server.ws_host or server.tls_host) and {
+ -- headers
+ Host = server.ws_host or server.tls_host
+ } or nil,
+ path = server.ws_path,
+ maxEarlyData = tonumber(server.ws_ed) or nil,
+ earlyDataHeaderName = server.ws_ed_header or nil
+ } or nil,
+ httpupgradeSettings = (server.transport == "httpupgrade") and {
+ -- httpupgrade
+ host = (server.httpupgrade_host or server.tls_host) or nil,
+ path = server.httpupgrade_path or ""
+ } or nil,
+ splithttpSettings = (server.transport == "splithttp") and {
+ -- splithttp
+ host = (server.splithttp_host or server.tls_host) or nil,
+ path = server.splithttp_path or "/"
+ } or nil,
+ httpSettings = (server.transport == "h2") and {
+ -- h2
+ path = server.h2_path or "",
+ host = {server.h2_host} or nil,
+ read_idle_timeout = tonumber(server.read_idle_timeout) or nil,
+ health_check_timeout = tonumber(server.health_check_timeout) or nil
+ } or nil,
+ quicSettings = (server.transport == "quic") and {
+ -- quic
+ security = server.quic_security,
+ key = server.quic_key,
+ header = {type = server.quic_guise}
+ } or nil,
+ grpcSettings = (server.transport == "grpc") and {
+ -- grpc
+ serviceName = server.serviceName or "",
+ multiMode = (server.grpc_mode == "multi") and true or false,
+ idle_timeout = tonumber(server.idle_timeout) or nil,
+ health_check_timeout = tonumber(server.health_check_timeout) or nil,
+ permit_without_stream = (server.permit_without_stream == "1") and true or nil,
+ initial_windows_size = tonumber(server.initial_windows_size) or nil
+ } or nil,
+ sockopt = {
+ tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
+ tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
+ tcpcongestion = server.custom_tcpcongestion, -- 连接服务器节点的 TCP 拥塞控制算法
+ dialerProxy = (xray_fragment.fragment == "1" or xray_fragment.noise == "1") and "dialerproxy" or nil
}
} or nil,
- kcpSettings = (server.transport == "kcp") and {
- -- kcp
- mtu = tonumber(server.mtu),
- tti = tonumber(server.tti),
- uplinkCapacity = tonumber(server.uplink_capacity),
- downlinkCapacity = tonumber(server.downlink_capacity),
- congestion = (server.congestion == "1") and true or false,
- readBufferSize = tonumber(server.read_buffer_size),
- writeBufferSize = tonumber(server.write_buffer_size),
- header = {type = server.kcp_guise},
- seed = server.seed or nil
- } or nil,
- wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and {
- -- ws
- headers = (server.ws_host or server.tls_host) and {
- -- headers
- Host = server.ws_host or server.tls_host
- } or nil,
- path = server.ws_path,
- maxEarlyData = tonumber(server.ws_ed) or nil,
- earlyDataHeaderName = server.ws_ed_header or nil
- } or nil,
- httpupgradeSettings = (server.transport == "httpupgrade") and {
- -- httpupgrade
- host = (server.httpupgrade_host or server.tls_host) or nil,
- path = server.httpupgrade_path or ""
- } or nil,
- splithttpSettings = (server.transport == "splithttp") and {
- -- splithttp
- host = (server.splithttp_host or server.tls_host) or nil,
- path = server.splithttp_path or ""
- } or nil,
- httpSettings = (server.transport == "h2") and {
- -- h2
- path = server.h2_path or "",
- host = {server.h2_host} or nil,
- read_idle_timeout = tonumber(server.read_idle_timeout) or nil,
- health_check_timeout = tonumber(server.health_check_timeout) or nil
- } or nil,
- quicSettings = (server.transport == "quic") and {
- -- quic
- security = server.quic_security,
- key = server.quic_key,
- header = {type = server.quic_guise}
- } or nil,
- grpcSettings = (server.transport == "grpc") and {
- -- grpc
- serviceName = server.serviceName or "",
- multiMode = (server.grpc_mode == "multi") and true or false,
- idle_timeout = tonumber(server.idle_timeout) or nil,
- health_check_timeout = tonumber(server.health_check_timeout) or nil,
- permit_without_stream = (server.permit_without_stream == "1") and true or nil,
- initial_windows_size = tonumber(server.initial_windows_size) or nil
- } or nil,
- sockopt = {
- tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
- tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
- tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
- }
- } or nil,
- mux = (server.v2ray_protocol ~= "wireguard") and {
- -- mux
- enabled = (server.mux == "1") and true or false, -- Mux
- concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数
- xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数
- xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式
- } or nil
+ mux = (server.v2ray_protocol ~= "wireguard") and {
+ -- mux
+ enabled = (server.mux == "1") and true or false, -- Mux
+ concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数
+ xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数
+ xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式
+ } or nil
+ }
}
-}
+
+-- 添加带有 fragment 设置的 dialerproxy 配置
+if xray_fragment.fragment ~= "0" or (xray_fragment.noise ~= "0" and xray_noise.enabled ~= "0") then
+ table.insert(Xray.outbounds, {
+ protocol = "freedom",
+ tag = "dialerproxy",
+ settings = {
+ domainStrategy = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and xray_noise.domainStrategy,
+ fragment = (xray_fragment.fragment == "1") and {
+ packets = (xray_fragment.fragment_packets ~= "") and xray_fragment.fragment_packets or nil,
+ length = (xray_fragment.fragment_length ~= "") and xray_fragment.fragment_length or nil,
+ interval = (xray_fragment.fragment_interval ~= "") and xray_fragment.fragment_interval or nil
+ } or nil,
+ noises = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and {
+ {
+ type = xray_noise.type,
+ packet = xray_noise.packet,
+ delay = xray_noise.delay:find("-") and xray_noise.delay or tonumber(xray_noise.delay)
+ }
+ } or nil
+ },
+ streamSettings = {
+ sockopt = {
+ tcpNoDelay = true
+ }
+ }
+ })
+end
+
local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
local trojan = {
@@ -351,7 +398,7 @@ local hysteria = {
hopInterval = (server.port_range and (tonumber(server.hopinterval) .. "s") or nil)
} or nil)
} or nil,
---[[
+--[[
tcpTProxy = (proto:find("tcp") and local_port ~= "0") and {
listen = "0.0.0.0:" .. tonumber(local_port)
} or nil,
@@ -488,7 +535,7 @@ local tuic = {
},
["local"] = {
server = tonumber(socks_port) and "[::]:" .. (socks_port == "0" and local_port or tonumber(socks_port)),
- dual_stack = (server.tuic_dual_stack == "1") and true or nil,
+ dual_stack = (server.tuic_dual_stack == "1") and true or nil,
max_packet_size = tonumber(server.tuic_max_package_size)
}
}
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
index a6c2f7c60..34b095043 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
@@ -362,10 +362,9 @@ local function processData(szType, content)
result.vmess_id = url.user
result.vless_encryption = params.encryption or "none"
result.transport = params.type or "tcp"
- result.tls = (params.security == "tls") and "1" or "0"
+ result.tls = (params.security == "tls" or params.security == "xtls") and "1" or "0"
result.tls_host = params.sni
- result.xtls = (params.security == "xtls") and "1" or nil
- result.tls_flow = (result.tls == "1" or result.xtls == "1" or result.reality == "1") and params.flow or nil
+ result.tls_flow = (params.security == "tls" or params.security == "reality") and params.flow or nil
result.fingerprint = params.fp
result.reality = (params.security == "reality") and "1" or "0"
result.reality_publickey = params.pbk and UrlDecode(params.pbk) or nil
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
index e49825efa..7a179b87a 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
@@ -9,7 +9,7 @@ require "luci.model.uci"
local icount = 0
local args = arg[1]
local uci = luci.model.uci.cursor()
-local TMP_DNSMASQ_PATH = "/tmp/dnsmasq.d/dnsmasq-ssrplus.d"
+local TMP_DNSMASQ_PATH = "${DNSMASQ_CONF_DIR%*/}/dnsmasq-ssrplus.d"
local TMP_PATH = "/var/etc/ssrplus"
-- match comments/title/whitelist/ip address/excluded_domain
local comment_pattern = "^[!\\[@]+"
diff --git a/patch-luci-app-ssr-plus.patch b/patch-luci-app-ssr-plus.patch
index 1fafd6385..6985cf538 100644
--- a/patch-luci-app-ssr-plus.patch
+++ b/patch-luci-app-ssr-plus.patch
@@ -1,5 +1,5 @@
diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile
-index d07f167..b2af119 100644
+index 644ac0a..9d8a0b3 100644
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@@ -9,10 +9,9 @@ PKG_CONFIG_DEPENDS:= \
@@ -134,7 +134,7 @@ index 8ceaba7..f381a54 100644
page.acl_depends = { "luci-app-ssr-plus" }
entry({"admin", "services", "shadowsocksr", "client"}, cbi("shadowsocksr/client"), _("SSR Client"), 10).leaf = true
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
-index 0f8cd03..00ef47d 100644
+index 2f56e90..9157953 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@@ -70,45 +70,6 @@ o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
@@ -180,11 +180,11 @@ index 0f8cd03..00ef47d 100644
-o.rmempty = false
-o.default = "0"
-
- o = s:option(Flag, "adblock", translate("Enable adblock"))
+ o = s:option(Flag, "apple_optimization", translate("Apple domains optimization"), translate("For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"))
o.rmempty = false
-
+ o.default = "1"
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
-index 3b91739..b24183e 100644
+index 26de9ba..b24183e 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
@@ -10,7 +10,7 @@ local function is_finded(e)
@@ -232,7 +232,7 @@ index 3b91739..b24183e 100644
-o = s:option(Flag, "mosdns_ipv6", translate("Disable IPv6 in MOSDNS query mode"))
-o:depends("pdnsd_enable", "3")
-o.rmempty = false
--o.default = "0"
+-o.default = "1"
-
if is_finded("chinadns-ng") then
o = s:option(Value, "chinadns_forward", translate("Domestic DNS Server"))
@@ -430,10 +430,10 @@ index 7603d8c..7f841fa 100644
}
}
diff --git a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
-index 8184bee..60ac526 100644
+index da30ffc..f97309b 100644
--- a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
-@@ -552,27 +552,6 @@ msgstr "使用 DNS2TCP 查询"
+@@ -557,27 +557,6 @@ msgstr "使用 DNS2TCP 查询"
msgid "Use DNS2SOCKS query and cache"
msgstr "使用 DNS2SOCKS 查询并缓存"
@@ -462,10 +462,10 @@ index 8184bee..60ac526 100644
msgstr "DNS 服务器 IP:Port"
diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
-index b1570aa..ec19a6f 100755
+index 00e0448..9af87f1 100755
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
-@@ -178,23 +178,17 @@ ln_start_bin() {
+@@ -185,23 +185,17 @@ ln_start_bin() {
${file_func:-echolog " - ${ln_name}"} "$@" >/dev/null 2>&1 &
}
@@ -494,7 +494,7 @@ index b1570aa..ec19a6f 100755
case "$ssrplus_dns" in
1)
ln_start_bin $(first_type dns2tcp) dns2tcp -L 127.0.0.1#$dns_port -R ${dnsserver/:/#}
-@@ -205,26 +199,6 @@ start_dns() {
+@@ -212,26 +206,6 @@ start_dns() {
ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_dns_port $dnsserver 127.0.0.1:$dns_port -q
pdnsd_enable_flag=2
;;
@@ -521,7 +521,7 @@ index b1570aa..ec19a6f 100755
esac
if [ "$run_mode" = "router" ]; then
-@@ -479,33 +453,6 @@ start_udp() {
+@@ -492,33 +466,6 @@ start_udp() {
esac
}
@@ -555,7 +555,7 @@ index b1570aa..ec19a6f 100755
start_shunt() {
local type=$(uci_get_by_name $SHUNT_SERVER type)
case "$type" in
-@@ -519,14 +466,14 @@ start_shunt() {
+@@ -532,14 +479,14 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type ${type}local ${type}-local) ${type}-local -c $shunt_dns_config_file
fi
@@ -566,13 +566,13 @@ index b1570aa..ec19a6f 100755
v2ray)
local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
- ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+ ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
- shunt_dns_command
+ ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
;;
trojan)
-@@ -538,7 +485,7 @@ start_shunt() {
+@@ -551,7 +498,7 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type trojan) $type --config $shunt_dns_config_file
fi
@@ -581,7 +581,7 @@ index b1570aa..ec19a6f 100755
echolog "shunt:$($(first_type trojan) --version 2>&1 | head -1) Started!"
;;
naiveproxy)
-@@ -550,7 +497,7 @@ start_shunt() {
+@@ -563,7 +510,7 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type naive) naive --config $shunt_dns_config_file
fi
@@ -590,7 +590,7 @@ index b1570aa..ec19a6f 100755
echolog "shunt:$($(first_type "naive") --version 2>&1 | head -1) Started!"
redir_udp=0
;;
-@@ -563,7 +510,7 @@ start_shunt() {
+@@ -576,7 +523,7 @@ start_shunt() {
gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
fi
ln_start_bin $(first_type hysteria) hysteria client --config $shunt_config_file
@@ -599,7 +599,7 @@ index b1570aa..ec19a6f 100755
echolog "shunt:$($(first_type hysteria) version | grep Version | awk '{print "Hysteria2: " $2}') Started!"
;;
tuic)
-@@ -575,7 +522,7 @@ start_shunt() {
+@@ -588,7 +535,7 @@ start_shunt() {
[ -n "$tmp_local_port" ] && tmp_port=$tmp_local_port || tmp_port=$tmp_shunt_local_port
gen_config_file $SHUNT_SERVER $type 3 $tmp_port # make a tuic socks :304
ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_dns_config_file
@@ -608,7 +608,7 @@ index b1570aa..ec19a6f 100755
echolog "Netflix Separated Shunt Server:tuic-client $($(first_type tuic-client) --version) Started!"
# FIXME: ipt2socks cannot handle udp reply from tuic
#redir_udp=0
-@@ -585,7 +532,7 @@ start_shunt() {
+@@ -598,7 +545,7 @@ start_shunt() {
gen_config_file $SHUNT_SERVER $type 3 "10${tmp_shunt_port}" $tmp_port chain/$tmp_shunt_port #make a redir:303 and a socks:304
#echo "debug \$tmp_port=$tmp_port, \$tmp_shunt_port=${tmp_shunt_port}, \$tmp_shunt_local_port=$tmp_shunt_local_port"
ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
@@ -617,7 +617,7 @@ index b1570aa..ec19a6f 100755
local chain_type=$(uci_get_by_name $SHUNT_SERVER chain_type)
case ${chain_type} in
vmess)
-@@ -611,7 +558,7 @@ start_shunt() {
+@@ -624,7 +571,7 @@ start_shunt() {
# local tmp_port=$tmp_shunt_local_port
# ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
# fi
@@ -626,7 +626,7 @@ index b1570aa..ec19a6f 100755
# echolog "shunt:$type REDIRECT/TPROXY Started!"
# ;;
*)
-@@ -623,7 +570,7 @@ start_shunt() {
+@@ -636,7 +583,7 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
fi
@@ -635,7 +635,7 @@ index b1570aa..ec19a6f 100755
echolog "shunt:$type REDIRECT/TPROXY Started!"
;;
esac
-@@ -922,11 +869,6 @@ start_server() {
+@@ -935,11 +882,6 @@ start_server() {
server_service() {
[ "$(uci_get_by_name $1 enable 0)" == "0" ] && return 1
let server_count=server_count+1
@@ -647,7 +647,7 @@ index b1570aa..ec19a6f 100755
local type=$(uci_get_by_name $1 type)
case "$type" in
ss | ssr)
-@@ -940,32 +882,23 @@ start_server() {
+@@ -953,32 +895,23 @@ start_server() {
echolog "Server:Socks5 Server$server_count Started!"
;;
esac
@@ -692,7 +692,7 @@ index b1570aa..ec19a6f 100755
return 0
}
-@@ -1098,12 +1031,6 @@ stop() {
+@@ -1111,12 +1044,6 @@ stop() {
unlock
set_lock
/usr/bin/ssr-rules -f
@@ -705,7 +705,7 @@ index b1570aa..ec19a6f 100755
if [ -z "$switch_server" ]; then
$PS -w | grep -v "grep" | grep ssr-switch | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
rm -f /var/lock/ssr-switch.lock
-@@ -1114,7 +1041,7 @@ stop() {
+@@ -1127,7 +1054,7 @@ stop() {
( \
# Graceful kill first, so programs have the chance to stop its subprocesses
$PS -w | grep -v "grep" | grep "$TMP_PATH" | awk '{print $1}' | xargs kill >/dev/null 2>&1 ; \
@@ -714,8 +714,8 @@ index b1570aa..ec19a6f 100755
# Force kill hanged programs
$PS -w | grep -v "grep" | grep "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 ; \
)
-@@ -1132,6 +1059,9 @@ stop() {
- rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
+@@ -1145,6 +1072,9 @@ stop() {
+ rm -rf $DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
+ uci -q delete firewall.shadowsocksr_server
@@ -724,7 +724,7 @@ index b1570aa..ec19a6f 100755
del_cron
unset_lock
}
-@@ -1158,7 +1088,6 @@ reset() {
+@@ -1171,7 +1101,6 @@ reset() {
set shadowsocksr.@global[0].switch_timeout='5'
set shadowsocksr.@global[0].switch_try_count='3'
# set shadowsocksr.@global[0].default_packet_encoding='xudp'