luci-app-ssr-plus: sync upstream

last commit: 8c362ba2cd
2024-10-30 21:11:53 +08:00 · 2024-10-30 21:11:53 +08:00 · f0fe5f830b
commit f0fe5f830b
parent 570e37cd3c
10 changed files with 572 additions and 198 deletions
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=188
-PKG_RELEASE:=7
+PKG_RELEASE:=9
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@ -70,6 +70,10 @@ o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
 o.description = translate("Customize Netflix IP Url")
 o:depends("netflix_enable", "1")
 o = s:option(Flag, "apple_optimization", translate("Apple domains optimization"), translate("For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"))
 o.rmempty = false
 o.default = "1"
 o = s:option(Flag, "adblock", translate("Enable adblock"))
 o.rmempty = false
@ -103,4 +107,78 @@ o.datatype = "port"
 o.default = 1080
 o.rmempty = false
 -- [[ fragmen Settings ]]--
 if is_finded("xray") then
 s = m:section(TypedSection, "global_xray_fragment", translate("Xray Fragment Settings"))
 s.anonymous = true
 o = s:option(Flag, "fragment", translate("Fragment"), translate("TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."))
 o.default = 0
 o = s:option(ListValue, "fragment_packets", translate("Fragment Packets"), translate("\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."))
 o.default = "tlshello"
 o:value("tlshello", "tlshello")
 o:value("1-2", "1-2")
 o:value("1-3", "1-3")
 o:value("1-5", "1-5")
 o:depends("fragment", true)
 o = s:option(Value, "fragment_length", translate("Fragment Length"), translate("Fragmented packet length (byte)"))
 o.default = "100-200"
 o:depends("fragment", true)
 o = s:option(Value, "fragment_interval", translate("Fragment Interval"), translate("Fragmentation interval (ms)"))
 o.default = "10-20"
 o:depends("fragment", true)
 o = s:option(Flag, "noise", translate("Noise"), translate("UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."))
 o.default = 0
 s = m:section(TypedSection, "xray_noise_packets", translate("Xray Noise Packets"))
 s.description = translate(
    "<font style='color:red'>" .. translate("To send noise packets, select \"Noise\" in Xray Settings.") .. "</font>" ..
    "<br/><font><b>" .. translate("For specific usage, see: ") .. "</b></font>" ..
    "<a href='https://xtls.github.io/config/outbounds/freedom.html' target='_blank'>" ..
    "<font style='color:green'><b>" .. translate("Click to the page") .. "</b></font></a>")
 s.template = "cbi/tblsection"
 s.sortable = true
 s.anonymous = true
 s.addremove = true
 s.remove = function(self, section)
 	for k, v in pairs(self.children) do
 		v.rmempty = true
 		v.validate = nil
 	end
 	TypedSection.remove(self, section)
 end
 o = s:option(Flag, "enabled", translate("Enable"))
 o.default = 1
 o.rmempty = false
 o = s:option(ListValue, "type", translate("Type"))
 o.default = "base64"
 o:value("rand", "rand")
 o:value("str", "str")
 o:value("base64", "base64")
 o = s:option(Value, "domainStrategy", translate("Domain Strategy"))
 o.default = "UseIP"
 o:value("AsIs", "AsIs")
 o:value("UseIP", "UseIP")
 o:value("UseIPv4", "UseIPv4")
 o:value("ForceIP", "ForceIP")
 o:value("ForceIPv4", "ForceIPv4")
 o.rmempty = false
 o = s:option(Value, "packet", translate("Packet"))
 o.datatype = "minlength(1)"
 o.rmempty = false
 o = s:option(Value, "delay", translate("Delay (ms)"))
 o.datatype = "or(uinteger,portrange)"
 o.rmempty = false
 end
 return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@ -927,7 +927,6 @@ if is_finded("xray") then
 		o:value(v, translate(v))
 	end
 	o.rmempty = true
 	o:depends("xtls", true)
 	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", tls = true})
 	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", reality = true})
--- a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
@ -209,7 +209,6 @@ msgstr "QUIC 连接接收窗口"
 msgid "QUIC stream receive window"
 msgstr "QUIC 流接收窗口"
 msgid "Lazy Start"
 msgstr "延迟启动"
@ -459,6 +458,12 @@ msgstr "切换检查超时时间（秒）"
 msgid "Check Try Count"
 msgstr "切换检查重试次数"
 msgid "Apple domains optimization"
 msgstr "Apple 域名解析优化"
 msgid "For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"
 msgstr "配备中国大陆 CDN 的 Apple 域名，始终应答中国大陆 CDN 地址"
 msgid "Enable adblock"
 msgstr "启用广告屏蔽"
@ -816,6 +821,63 @@ msgstr "本机服务端"
 msgid "Global SOCKS5 Proxy Server"
 msgstr "SOCKS5 代理服务端（全局）"
 msgid "Xray Fragment Settings"
 msgstr "Xray 分片设置"
 msgid "Fragment"
 msgstr "分片"
 msgid "TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."
 msgstr "TCP 分片，在某些情况下可以欺骗审查系统，比如绕过 SNI 黑名单。"
 msgid "Fragment Packets"
 msgstr "分片方式"
 msgid "\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."
 msgstr "\"1-3\" 是 TCP 的流切片，应用于客户端第 1 至第 3 次写数据。\"tlshello\" 是 TLS 握手包切片。"
 msgid "Fragment Length"
 msgstr "分片包长"
 msgid "Fragmented packet length (byte)"
 msgstr "分片包长 (byte)"
 msgid "Fragment Interval"
 msgstr "分片间隔"
 msgid "Fragmentation interval (ms)"
 msgstr "分片间隔（ms）"
 msgid "Noise"
 msgstr "噪声"
 msgid "UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."
 msgstr "UDP 噪声，在某些情况下可以绕过一些针对 UDP 协议的限制。"
 msgid "To send noise packets, select \"Noise\" in Xray Settings."
 msgstr "在 Xray 设置中勾选 “噪声” 以发送噪声包。"
 msgid "For specific usage, see: "
 msgstr "具体使用方法参见："
 msgid "Click to the page"
 msgstr "点击前往"
 msgid "Xray Noise Packets"
 msgstr "Xray 噪声数据包"
 msgid "Type"
 msgstr "类型"
 msgid "Domain Strategy"
 msgstr "域名解析策略"
 msgid "Packet"
 msgstr "数据包"
 msgid "Delay (ms)"
 msgstr "延迟（ms）"
 msgid "warning! Please do not reuse the port!"
 msgstr "警告！请不要重复使用端口！"
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -17,7 +17,14 @@ LOCK_FILE=/var/lock/ssrplus.lock
 LOG_FILE=/var/log/ssrplus.log
 TMP_PATH=/var/etc/ssrplus
 TMP_BIN_PATH=$TMP_PATH/bin
-TMP_DNSMASQ_PATH=/tmp/dnsmasq.d/dnsmasq-ssrplus.d
+# Get the default DNSMasq config ID from the UCI configuration
 DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}' | head -1)
 # Locate the dnsmasq.conf file that contains the conf-dir option
 DNSMASQ_CONF_PATH=$(grep -l "^conf-dir=" "/tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID}")
 # Extract the directory path from the conf-dir line
 DNSMASQ_CONF_DIR=$(grep '^conf-dir=' "$DNSMASQ_CONF_PATH" | cut -d'=' -f2 | head -n 1)
 # Check if a conf-dir value was found and set variables accordingly
 TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR%*/}/dnsmasq-ssrplus.d
 chain_config_file=		   #generate shadowtls chain proxy config file
 tcp_config_file=
@ -220,6 +227,12 @@ start_dns() {
 			fi
 		fi
 	fi
 	if [ "$(uci_get_by_type global apple_optimization 1)" == "1" ]; then
 		echolog "Apple 域名中国大陆 CDN 的 优化规则正在加载。"
 		cp -f /etc/ssrplus/applechina.conf $TMP_DNSMASQ_PATH/
 		echolog "Apple 域名中国大陆 CDN 的 优化规则加载完毕。"
 	fi
 }
 gen_service_file() { #1-server.type 2-cfgname 3-file_path
@ -390,7 +403,7 @@ start_udp() {
 		;;
 	v2ray)
 		gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $udp_config_file
+		ln_start_bin $(first_type xray v2ray) v2ray run -c $udp_config_file
 		echolog "UDP TPROXY Relay:$($(first_type "xray" "v2ray") version | head -1) Started!"
 		;;
 	trojan) #client
@ -472,7 +485,7 @@ start_shunt() {
 	v2ray)
 		local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
 		gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+		ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
 		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
 		echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
 		;;
@ -592,7 +605,7 @@ start_local() {
 	v2ray)
 		if [ "$_local" == "2" ]; then
 			gen_config_file $LOCAL_SERVER $type 4 0 $local_port
-			ln_start_bin $(first_type xray v2ray) v2ray run -config $local_config_file
+			ln_start_bin $(first_type xray v2ray) v2ray run -c $local_config_file
 		fi
 		echolog "Global_Socks5:$($(first_type "xray" "v2ray") version | head -1) Started!"
 		;;
@ -687,7 +700,7 @@ Start_Run() {
 		;;
 	v2ray)
 		gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $tcp_config_file
+		ln_start_bin $(first_type xray v2ray) v2ray run -c $tcp_config_file
 		echolog "Main node:$($(first_type xray v2ray) version | head -1) Started!"
 		;;
 	trojan)
@ -989,8 +1002,8 @@ start_rules() {
 start() {
 	set_lock
 	echolog "----------start------------"
-	mkdir -p /var/run /var/lock /var/log /tmp/dnsmasq.d $TMP_BIN_PATH $TMP_DNSMASQ_PATH
+	mkdir -p /var/run /var/lock /var/log $DNSMASQ_CONF_DIR $TMP_BIN_PATH $TMP_DNSMASQ_PATH
-	echo "conf-dir=${TMP_DNSMASQ_PATH}" >"/tmp/dnsmasq.d/dnsmasq-ssrplus.conf"
+	echo "conf-dir=${TMP_DNSMASQ_PATH}" >"$DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf"
 	if load_config; then
 		Start_Run
 		start_rules
@ -1023,7 +1036,7 @@ start() {
 boot() {
 	echolog "boot！"
-	mkdir -p /var/run /var/lock /var/log /tmp/dnsmasq.d $TMP_BIN_PATH $TMP_DNSMASQ_PATH
+	mkdir -p /var/run /var/lock /var/log $DNSMASQ_CONF_DIR $TMP_BIN_PATH $TMP_DNSMASQ_PATH
 	start
 }
@ -1055,8 +1068,8 @@ stop() {
 		uci -q del "dhcp.@dnsmasq[0]._unused_ssrp_changed"
 		uci -q commit "dhcp"
 	fi
-	if [ -f "/tmp/dnsmasq.d/dnsmasq-ssrplus.conf" ]; then
+	if [ -f "$DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf" ]; then
-		rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
+		rm -rf $DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
 		/etc/init.d/dnsmasq restart >/dev/null 2>&1
 	fi
 	uci -q delete firewall.shadowsocksr_server
@ -1114,6 +1127,9 @@ reset() {
 		set shadowsocksr.@socks5_proxy[0].local_port='1080'
 		add shadowsocksr server_global
 		set shadowsocksr.@server_global[0].enable_server='0'
 		add shadowsocksr global_xray_fragment
 		set shadowsocksr.@global_xray_fragment[0].fragment='0'
 		set shadowsocksr.@global_xray_fragment[0].noise='0'
 		commit shadowsocksr
 	EOF
 	unset_lock
--- a/luci-app-ssr-plus/root/etc/ssrplus/applechina.conf
+++ b/luci-app-ssr-plus/root/etc/ssrplus/applechina.conf
@ -0,0 +1,173 @@
 server=/a1.mzstatic.com/114.114.114.114
 server=/a2.mzstatic.com/114.114.114.114
 server=/a3.mzstatic.com/114.114.114.114
 server=/a4.mzstatic.com/114.114.114.114
 server=/a5.mzstatic.com/114.114.114.114
 server=/adcdownload.apple.com.akadns.net/114.114.114.114
 server=/adcdownload.apple.com/114.114.114.114
 server=/amp-api-updates.apps.apple.com/114.114.114.114
 server=/amp-api.media.apple.com/114.114.114.114
 server=/api-p-ap-c.smoot.apple.com/114.114.114.114
 server=/api-p-ap-d.smoot.apple.com/114.114.114.114
 server=/api-p-ap-e.smoot.apple.com/114.114.114.114
 server=/app-site-association.cdn-apple.com/114.114.114.114
 server=/appldnld.apple.com/114.114.114.114
 server=/appldnld.g.aaplimg.com/114.114.114.114
 server=/appleid.cdn-apple.com/114.114.114.114
 server=/apps.apple.com/114.114.114.114
 server=/apps.mzstatic.com/114.114.114.114
 server=/bag-cdn.itunes-apple.com.akadns.net/114.114.114.114
 server=/cdn-cn1.apple-mapkit.com/114.114.114.114
 server=/cdn-cn2.apple-mapkit.com/114.114.114.114
 server=/cdn-cn3.apple-mapkit.com/114.114.114.114
 server=/cdn-cn4.apple-mapkit.com/114.114.114.114
 server=/cdn.apple-mapkit.com/114.114.114.114
 server=/cdn1.apple-mapkit.com/114.114.114.114
 server=/cdn2.apple-mapkit.com/114.114.114.114
 server=/cdn3.apple-mapkit.com/114.114.114.114
 server=/cdn4.apple-mapkit.com/114.114.114.114
 server=/cds-cdn.v.aaplimg.com/114.114.114.114
 server=/cds.apple.com.akadns.net/114.114.114.114
 server=/cds.apple.com/114.114.114.114
 server=/cdsassets.apple.com/114.114.114.114
 server=/cl1-cdn.origin-apple.com.akadns.net/114.114.114.114
 server=/cl1.apple.com/114.114.114.114
 server=/cl2-cn.apple.com/114.114.114.114
 server=/cl2.apple.com/114.114.114.114
 server=/cl3-cdn.origin-apple.com.akadns.net/114.114.114.114
 server=/cl3.apple.com/114.114.114.114
 server=/cl4-cdn.origin-apple.com.akadns.net/114.114.114.114
 server=/cl4-cn.apple.com/114.114.114.114
 server=/cl4.apple.com/114.114.114.114
 server=/cl5-cdn.origin-apple.com.akadns.net/114.114.114.114
 server=/cl5.apple.com/114.114.114.114
 server=/clientflow.apple.com.akadns.net/114.114.114.114
 server=/clientflow.apple.com/114.114.114.114
 server=/cn-smp-paymentservices.apple.com/114.114.114.114
 server=/configuration.apple.com.akadns.net/114.114.114.114
 server=/configuration.apple.com/114.114.114.114
 server=/crl.apple.com/114.114.114.114
 server=/cstat.apple.com/114.114.114.114
 server=/cstat.cdn-apple.com/114.114.114.114
 server=/dd-cdn.origin-apple.com.akadns.net/114.114.114.114
 server=/dejavu.apple.com/114.114.114.114
 server=/devstreaming-cdn.apple.com/114.114.114.114
 server=/download.developer.apple.com/114.114.114.114
 server=/experiments.apple.com/114.114.114.114
 server=/gs-loc-cn.apple.com/114.114.114.114
 server=/gs-loc.apple.com/114.114.114.114
 server=/gsp10-ssl-cn.ls.apple.com/114.114.114.114
 server=/gsp12-cn.ls.apple.com/114.114.114.114
 server=/gsp13-cn.ls.apple.com/114.114.114.114
 server=/gsp4-cn.ls.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
 server=/gsp4-cn.ls.apple.com.edgekey.net/114.114.114.114
 server=/gsp4-cn.ls.apple.com/114.114.114.114
 server=/gsp5-cn.ls.apple.com/114.114.114.114
 server=/gsp85-cn-ssl.ls.apple.com/114.114.114.114
 server=/gspe19-2-cn-ssl.ls-apple.com.akadns.net/114.114.114.114
 server=/gspe19-2-cn-ssl.ls.apple.com/114.114.114.114
 server=/gspe19-cn-ssl.ls.apple.com/114.114.114.114
 server=/gspe19-cn.ls-apple.com.akadns.net/114.114.114.114
 server=/gspe19-cn.ls.apple.com/114.114.114.114
 server=/gspe21-ssl.ls.apple.com/114.114.114.114
 server=/gspe21.ls.apple.com/114.114.114.114
 server=/gspe35-ssl.ls.apple.com/114.114.114.114
 server=/gspe79-cn-ssl.ls.apple.com/114.114.114.114
 server=/guzzoni-apple-com.v.aaplimg.com/114.114.114.114
 server=/guzzoni.apple.com/114.114.114.114
 server=/guzzoni.smoot.apple.com/114.114.114.114
 server=/iadsdk.apple.com/114.114.114.114
 server=/icloud-cdn.icloud.com.akadns.net/114.114.114.114
 server=/icloud.cdn-apple.com/114.114.114.114
 server=/images.apple.com.akadns.net/114.114.114.114
 server=/images.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
 server=/images.apple.com/114.114.114.114
 server=/init-kt.apple.com/114.114.114.114
 server=/init-p01md-lb.push-apple.com.akadns.net/114.114.114.114
 server=/init-p01md.apple.com/114.114.114.114
 server=/init-p01st-lb.push-apple.com.akadns.net/114.114.114.114
 server=/init-p01st.push.apple.com/114.114.114.114
 server=/init-s01st-lb.push-apple.com.akadns.net/114.114.114.114
 server=/init-s01st.push.apple.com/114.114.114.114
 server=/init.ess.apple.com/114.114.114.114
 server=/iosapps.itunes.g.aaplimg.com/114.114.114.114
 server=/ipcdn.apple.com/114.114.114.114
 server=/iphone-ld.apple.com/114.114.114.114
 server=/iphone-ld.origin-apple.com.akadns.net/114.114.114.114
 server=/is-ssl.mzstatic.com-cn-lb.itunes-apple.com.akadns.net/114.114.114.114
 server=/is1-ssl.mzstatic.com/114.114.114.114
 server=/is1.mzstatic.com/114.114.114.114
 server=/is2-ssl.mzstatic.com/114.114.114.114
 server=/is2.mzstatic.com/114.114.114.114
 server=/is3-ssl.mzstatic.com/114.114.114.114
 server=/is3.mzstatic.com/114.114.114.114
 server=/is4-ssl.mzstatic.com/114.114.114.114
 server=/is4.mzstatic.com/114.114.114.114
 server=/is5-ssl.mzstatic.com/114.114.114.114
 server=/is5.mzstatic.com/114.114.114.114
 server=/itunes-apple.com.akadns.net/114.114.114.114
 server=/itunes.apple.com/114.114.114.114
 server=/itunesconnect.apple.com/114.114.114.114
 server=/mesu-cdn.apple.com.akadns.net/114.114.114.114
 server=/mesu-china.apple.com.akadns.net/114.114.114.114
 server=/mesu.apple.com/114.114.114.114
 server=/ml.cdn-apple.com/114.114.114.114
 server=/music.apple.com/114.114.114.114
 server=/ocsp-lb.apple.com.akadns.net/114.114.114.114
 server=/ocsp.apple.com/114.114.114.114
 server=/ocsp2-lb.apple.com.akadns.net/114.114.114.114
 server=/ocsp2.apple.com/114.114.114.114
 server=/oscdn.apple.com/114.114.114.114
 server=/oscdn.origin-apple.com.akadns.net/114.114.114.114
 server=/osxapps.itunes.g.aaplimg.com/114.114.114.114
 server=/pancake.apple.com/114.114.114.114
 server=/pancake.cdn-apple.com.akadns.net/114.114.114.114
 server=/pba0.apple.com/114.114.114.114
 server=/probe.siri.apple.com/114.114.114.114
 server=/prod-support.apple-support.akadns.net/114.114.114.114
 server=/publicassets.cdn-apple.com/114.114.114.114
 server=/reserve-prime.apple.com/114.114.114.114
 server=/s.mzstatic.com/114.114.114.114
 server=/seed-sequoia.siri.apple.com/114.114.114.114
 server=/seed-swallow.siri.apple.com/114.114.114.114
 server=/seed.siri.apple.com/114.114.114.114
 server=/sequoia.apple.com/114.114.114.114
 server=/sh-pod2-smp-device.apple.com/114.114.114.114
 server=/shazam-insights.cdn-apple.com/114.114.114.114
 server=/smp-device-content.apple.com/114.114.114.114
 server=/static.gc.apple.com/114.114.114.114
 server=/stocks-sparkline-lb.apple.com.akadns.net/114.114.114.114
 server=/stocks-sparkline.apple.com/114.114.114.114
 server=/store.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
 server=/store.apple.com.edgekey.net/114.114.114.114
 server=/store.apple.com/114.114.114.114
 server=/store.storeimages.apple.com.akadns.net/114.114.114.114
 server=/store.storeimages.cdn-apple.com/114.114.114.114
 server=/support-china.apple-support.akadns.net/114.114.114.114
 server=/support.apple.com/114.114.114.114
 server=/swallow-apple-com.v.aaplimg.com/114.114.114.114
 server=/swallow.apple.com/114.114.114.114
 server=/swcatalog-cdn.apple.com.akadns.net/114.114.114.114
 server=/swcatalog.apple.com/114.114.114.114
 server=/swcdn.apple.com/114.114.114.114
 server=/swcdn.g.aaplimg.com/114.114.114.114
 server=/swdist.apple.com.akadns.net/114.114.114.114
 server=/swdist.apple.com/114.114.114.114
 server=/swscan-cdn.apple.com.akadns.net/114.114.114.114
 server=/swscan.apple.com/114.114.114.114
 server=/sylvan.apple.com/114.114.114.114
 server=/tj-pod1-smp-device.apple.com/114.114.114.114
 server=/updates-http.cdn-apple.com.akadns.net/114.114.114.114
 server=/updates-http.cdn-apple.com/114.114.114.114
 server=/updates.cdn-apple.com/114.114.114.114
 server=/valid.apple.com/114.114.114.114
 server=/valid.origin-apple.com.akadns.net/114.114.114.114
 server=/weather-data.apple.com.akadns.net/114.114.114.114
 server=/weather-data.apple.com/114.114.114.114
 server=/weather-map.apple.com/114.114.114.114
 server=/weather-map2.apple.com/114.114.114.114
 server=/weatherkit.apple.com/114.114.114.114
 server=/www.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
 server=/www.apple.com.edgekey.net/114.114.114.114
 server=/www.apple.com/114.114.114.114
 server=/xp.apple.com/114.114.114.114
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@ -12,6 +12,8 @@ local chain = arg[5] or "0"
 local chain_local_port = string.split(chain, "/")[2] or "0"
 local server = ucursor:get_all("shadowsocksr", server_section)
 local xray_fragment = ucursor:get_all("shadowsocksr", "@global_xray_fragment[0]") or {}
 local xray_noise = ucursor:get_all("shadowsocksr", "@xray_noise_packets[0]") or {}
 local outbound_settings = nil
 function vmess_vless()
@ -77,7 +79,7 @@ function wireguard()
 				allowedIPs = (server.allowedips) or nil,
 			}
 		},
-		kernelMode = (server.kernelmode == "1") and true or false,
+		noKernelTun = (server.kernelmode == "1") and true or false,
 		reserved = {server.reserved} or nil,
 		mtu = tonumber(server.mtu)
 	}
@ -124,8 +126,17 @@ local Xray = {
 		-- error = "/var/ssrplus.log",
 		loglevel = "warning"
 	},
 	-- 初始化 inbounds 表
 	inbounds = {},
 	-- 初始化 outbounds 表
 	outbounds = {},
 }
 	-- 传入连接
-	inbound = (local_port ~= "0") and {
+	-- 添加 dokodemo-door 配置，如果 local_port 不为 0
 if local_port ~= "0" then
    table.insert(Xray.inbounds, {
 			-- listening
 			port = tonumber(local_port),
 			protocol = "dokodemo-door",
@ -133,6 +144,7 @@ local Xray = {
 			sniffing = {
 				enabled = true,
 				destOverride = {"http", "tls", "quic"},
 				metadataOnly = false,
 				domainsExcluded = {
 					"courier.push.apple.com",
 					"rbsxbxp-mim.vivox.com",
@ -161,25 +173,30 @@ local Xray = {
 					"dlg.io.mi.com"
 				}
 			}
-	} or nil,
+    })
 end
 	-- 开启 socks 代理
-	inboundDetour = (proto:find("tcp") and socks_port ~= "0") and {
+	-- 检查是否启用 socks 代理
-		{
+if proto:find("tcp") and socks_port ~= "0" then
    table.insert(Xray.inbounds, {
 	-- socks
        protocol = "socks",
        port = tonumber(socks_port),
        settings = {auth = "noauth", udp = true}
-		}
+    })
-	} or nil,
+end
 	-- 传出连接
-	outbound = {
+	Xray.outbounds = {
 		{
 			protocol = server.v2ray_protocol,
 			settings = outbound_settings,
 			-- 底层传输配置
 			streamSettings = (server.v2ray_protocol ~= "wireguard") and {
 				network = server.transport or "tcp",
 				security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
-			tlsSettings = (server.tls == '1') and (server.tls_host or server.fingerprint) and {
+				tlsSettings = (server.tls == '1') and {
 					-- tls
 					alpn = server.tls_alpn,
 					fingerprint = server.fingerprint,
@ -244,7 +261,7 @@ local Xray = {
 				splithttpSettings = (server.transport == "splithttp") and {
 					-- splithttp
 					host = (server.splithttp_host or server.tls_host) or nil,
-                                path = server.splithttp_path or ""
+					path = server.splithttp_path or "/"
 				} or nil,
 				httpSettings = (server.transport == "h2") and {
 					-- h2
@ -271,7 +288,8 @@ local Xray = {
 				sockopt = {
 					tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
 					tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
-				tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
+					tcpcongestion = server.custom_tcpcongestion, -- 连接服务器节点的 TCP 拥塞控制算法
 					dialerProxy = (xray_fragment.fragment == "1" or xray_fragment.noise == "1") and "dialerproxy" or nil
 				}
 			} or nil,
 			mux = (server.v2ray_protocol ~= "wireguard") and {
@ -283,6 +301,35 @@ local Xray = {
 			} or nil
 		}
 	}
 -- 添加带有 fragment 设置的 dialerproxy 配置
 if xray_fragment.fragment ~= "0" or (xray_fragment.noise ~= "0" and xray_noise.enabled ~= "0") then
 	table.insert(Xray.outbounds, {
 		protocol = "freedom",
 		tag = "dialerproxy",
 		settings = {
 			domainStrategy = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and xray_noise.domainStrategy,
 			fragment = (xray_fragment.fragment == "1") and {
 				packets = (xray_fragment.fragment_packets ~= "") and xray_fragment.fragment_packets or nil,
 				length = (xray_fragment.fragment_length ~= "") and xray_fragment.fragment_length or nil,
 				interval = (xray_fragment.fragment_interval ~= "") and xray_fragment.fragment_interval or nil
 			} or nil,
 			noises = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and {
 				{
 					type = xray_noise.type,
 					packet = xray_noise.packet,
 					delay = xray_noise.delay:find("-") and xray_noise.delay or tonumber(xray_noise.delay)
 				}
 			} or nil
 		},
 		streamSettings = {
 			sockopt = {
 			tcpNoDelay = true
 			}
 		}
 	})
 end
 local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
 local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
 local trojan = {
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
@ -362,10 +362,9 @@ local function processData(szType, content)
 		result.vmess_id = url.user
 		result.vless_encryption = params.encryption or "none"
 		result.transport = params.type or "tcp"
-		result.tls = (params.security == "tls") and "1" or "0"
+		result.tls = (params.security == "tls" or params.security == "xtls") and "1" or "0"
 		result.tls_host = params.sni
-		result.xtls = (params.security == "xtls") and "1" or nil
+		result.tls_flow = (params.security == "tls" or params.security == "reality") and params.flow or nil
 		result.tls_flow = (result.tls == "1" or result.xtls == "1" or result.reality == "1") and params.flow or nil
 		result.fingerprint = params.fp
 		result.reality = (params.security == "reality") and "1" or "0"
 		result.reality_publickey = params.pbk and UrlDecode(params.pbk) or nil
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
@ -9,7 +9,7 @@ require "luci.model.uci"
 local icount = 0
 local args = arg[1]
 local uci = luci.model.uci.cursor()
-local TMP_DNSMASQ_PATH = "/tmp/dnsmasq.d/dnsmasq-ssrplus.d"
+local TMP_DNSMASQ_PATH = "${DNSMASQ_CONF_DIR%*/}/dnsmasq-ssrplus.d"
 local TMP_PATH = "/var/etc/ssrplus"
 -- match comments/title/whitelist/ip address/excluded_domain
 local comment_pattern = "^[!\\[@]+"
--- a/patch-luci-app-ssr-plus.patch
+++ b/patch-luci-app-ssr-plus.patch
@ -1,5 +1,5 @@
 diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile
-index d07f167..b2af119 100644
+index 644ac0a..9d8a0b3 100644
 --- a/luci-app-ssr-plus/Makefile
 +++ b/luci-app-ssr-plus/Makefile
@@ -9,10 +9,9 @@ PKG_CONFIG_DEPENDS:= \
@ -134,7 +134,7 @@ index 8ceaba7..f381a54 100644
 	page.acl_depends = { "luci-app-ssr-plus" }
 	entry({"admin", "services", "shadowsocksr", "client"}, cbi("shadowsocksr/client"), _("SSR Client"), 10).leaf = true
 diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
-index 0f8cd03..00ef47d 100644
+index 2f56e90..9157953 100644
 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
 +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@@ -70,45 +70,6 @@ o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
@ -180,11 +180,11 @@ index 0f8cd03..00ef47d 100644
 -o.rmempty = false
 -o.default = "0"
 -
- o = s:option(Flag, "adblock", translate("Enable adblock"))
+ o = s:option(Flag, "apple_optimization", translate("Apple domains optimization"), translate("For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"))
 o.rmempty = false
- 
+ o.default = "1"
 diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
-index 3b91739..b24183e 100644
+index 26de9ba..b24183e 100644
 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
 +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
@@ -10,7 +10,7 @@ local function is_finded(e)
@ -232,7 +232,7 @@ index 3b91739..b24183e 100644
 -o = s:option(Flag, "mosdns_ipv6", translate("Disable IPv6 in MOSDNS query mode"))
 -o:depends("pdnsd_enable", "3")
 -o.rmempty = false
-o.default = "0"
+-o.default = "1"
 -
 if is_finded("chinadns-ng") then
 	o = s:option(Value, "chinadns_forward", translate("Domestic DNS Server"))
@ -430,10 +430,10 @@ index 7603d8c..7f841fa 100644
 		}
 	}
 diff --git a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
-index 8184bee..60ac526 100644
+index da30ffc..f97309b 100644
 --- a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
 +++ b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
-@@ -552,27 +552,6 @@ msgstr "使用 DNS2TCP 查询"
+@@ -557,27 +557,6 @@ msgstr "使用 DNS2TCP 查询"
 msgid "Use DNS2SOCKS query and cache"
 msgstr "使用 DNS2SOCKS 查询并缓存"
@ -462,10 +462,10 @@ index 8184bee..60ac526 100644
 msgstr "DNS 服务器 IP:Port"
 diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
-index b1570aa..ec19a6f 100755
+index 00e0448..9af87f1 100755
 --- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
 +++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
-@@ -178,23 +178,17 @@ ln_start_bin() {
+@@ -185,23 +185,17 @@ ln_start_bin() {
 	${file_func:-echolog "  - ${ln_name}"} "$@" >/dev/null 2>&1 &
 }
@ -494,7 +494,7 @@ index b1570aa..ec19a6f 100755
 		case "$ssrplus_dns" in
 		1)
 			ln_start_bin $(first_type dns2tcp) dns2tcp -L 127.0.0.1#$dns_port -R ${dnsserver/:/#}
-@@ -205,26 +199,6 @@ start_dns() {
+@@ -212,26 +206,6 @@ start_dns() {
 			ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_dns_port $dnsserver 127.0.0.1:$dns_port -q
 			pdnsd_enable_flag=2
 			;;
@ -521,7 +521,7 @@ index b1570aa..ec19a6f 100755
 		esac
 		if [ "$run_mode" = "router" ]; then
-@@ -479,33 +453,6 @@ start_udp() {
+@@ -492,33 +466,6 @@ start_udp() {
 	esac
 }
@ -555,7 +555,7 @@ index b1570aa..ec19a6f 100755
 start_shunt() {
 	local type=$(uci_get_by_name $SHUNT_SERVER type)
 	case "$type" in
-@@ -519,14 +466,14 @@ start_shunt() {
+@@ -532,14 +479,14 @@ start_shunt() {
 			local tmp_port=$tmp_shunt_local_port
 			ln_start_bin $(first_type ${type}local ${type}-local) ${type}-local -c $shunt_dns_config_file
 		fi
@ -566,13 +566,13 @@ index b1570aa..ec19a6f 100755
 	v2ray)
 		local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
 		gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
- 		ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+ 		ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
 -		shunt_dns_command
 +		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
 		echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
 		;;
 	trojan)
-@@ -538,7 +485,7 @@ start_shunt() {
+@@ -551,7 +498,7 @@ start_shunt() {
 			local tmp_port=$tmp_shunt_local_port
 			ln_start_bin $(first_type trojan) $type --config $shunt_dns_config_file
 		fi
@ -581,7 +581,7 @@ index b1570aa..ec19a6f 100755
 		echolog "shunt:$($(first_type trojan) --version 2>&1 | head -1) Started!"
 		;;
 	naiveproxy)
-@@ -550,7 +497,7 @@ start_shunt() {
+@@ -563,7 +510,7 @@ start_shunt() {
 			local tmp_port=$tmp_shunt_local_port
 			ln_start_bin $(first_type naive) naive --config $shunt_dns_config_file
 		fi
@ -590,7 +590,7 @@ index b1570aa..ec19a6f 100755
 		echolog "shunt:$($(first_type "naive") --version 2>&1 | head -1) Started!"
 		redir_udp=0
 		;;
-@@ -563,7 +510,7 @@ start_shunt() {
+@@ -576,7 +523,7 @@ start_shunt() {
 			gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
 		fi
 		ln_start_bin $(first_type hysteria) hysteria client --config $shunt_config_file
@ -599,7 +599,7 @@ index b1570aa..ec19a6f 100755
 		echolog "shunt:$($(first_type hysteria) version | grep Version | awk '{print "Hysteria2: " $2}') Started!"
 		;;
 	tuic)
-@@ -575,7 +522,7 @@ start_shunt() {
+@@ -588,7 +535,7 @@ start_shunt() {
 		[ -n "$tmp_local_port" ] && tmp_port=$tmp_local_port || tmp_port=$tmp_shunt_local_port
 		gen_config_file $SHUNT_SERVER $type 3 $tmp_port		# make a tuic socks :304
 		ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_dns_config_file
@ -608,7 +608,7 @@ index b1570aa..ec19a6f 100755
 		echolog "Netflix Separated Shunt Server:tuic-client $($(first_type tuic-client) --version) Started!"
 		# FIXME: ipt2socks cannot handle udp reply from tuic
 		#redir_udp=0
-@@ -585,7 +532,7 @@ start_shunt() {
+@@ -598,7 +545,7 @@ start_shunt() {
 		gen_config_file $SHUNT_SERVER $type 3 "10${tmp_shunt_port}" $tmp_port chain/$tmp_shunt_port #make a redir:303 and a socks:304
 		#echo "debug \$tmp_port=$tmp_port, \$tmp_shunt_port=${tmp_shunt_port},  \$tmp_shunt_local_port=$tmp_shunt_local_port"
 		ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
@ -617,7 +617,7 @@ index b1570aa..ec19a6f 100755
 		local chain_type=$(uci_get_by_name $SHUNT_SERVER chain_type)
 		case ${chain_type} in
 		vmess)
-@@ -611,7 +558,7 @@ start_shunt() {
+@@ -624,7 +571,7 @@ start_shunt() {
 	# 		local tmp_port=$tmp_shunt_local_port
 	# 		ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
 	# 	fi
@ -626,7 +626,7 @@ index b1570aa..ec19a6f 100755
 	# 	echolog "shunt:$type REDIRECT/TPROXY Started!"
 	# 	;;
 	*)
-@@ -623,7 +570,7 @@ start_shunt() {
+@@ -636,7 +583,7 @@ start_shunt() {
 			local tmp_port=$tmp_shunt_local_port
 			ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
 		fi
@ -635,7 +635,7 @@ index b1570aa..ec19a6f 100755
 		echolog "shunt:$type REDIRECT/TPROXY Started!"
 		;;
 	esac
-@@ -922,11 +869,6 @@ start_server() {
+@@ -935,11 +882,6 @@ start_server() {
 	server_service() {
 		[ "$(uci_get_by_name $1 enable 0)" == "0" ] && return 1
 		let server_count=server_count+1
@ -647,7 +647,7 @@ index b1570aa..ec19a6f 100755
 		local type=$(uci_get_by_name $1 type)
 		case "$type" in
 		ss | ssr)
-@@ -940,32 +882,23 @@ start_server() {
+@@ -953,32 +895,23 @@ start_server() {
 			echolog "Server:Socks5 Server$server_count Started!"
 			;;
 		esac
@ -692,7 +692,7 @@ index b1570aa..ec19a6f 100755
 	return 0
 }
-@@ -1098,12 +1031,6 @@ stop() {
+@@ -1111,12 +1044,6 @@ stop() {
 	unlock
 	set_lock
 	/usr/bin/ssr-rules -f
@ -705,7 +705,7 @@ index b1570aa..ec19a6f 100755
 	if [ -z "$switch_server" ]; then
 		$PS -w | grep -v "grep" | grep ssr-switch | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 		rm -f /var/lock/ssr-switch.lock
-@@ -1114,7 +1041,7 @@ stop() {
+@@ -1127,7 +1054,7 @@ stop() {
 	( \
 		# Graceful kill first, so programs have the chance to stop its subprocesses
 		$PS -w | grep -v "grep" | grep "$TMP_PATH" | awk '{print $1}' | xargs kill >/dev/null 2>&1 ; \
@ -714,8 +714,8 @@ index b1570aa..ec19a6f 100755
 		# Force kill hanged programs
 		$PS -w | grep -v "grep" | grep "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 ; \
 	)
-@@ -1132,6 +1059,9 @@ stop() {
+@@ -1145,6 +1072,9 @@ stop() {
- 		rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
+ 		rm -rf $DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
 		/etc/init.d/dnsmasq restart >/dev/null 2>&1
 	fi
 +	uci -q delete firewall.shadowsocksr_server
@ -724,7 +724,7 @@ index b1570aa..ec19a6f 100755
 	del_cron
 	unset_lock
 }
-@@ -1158,7 +1088,6 @@ reset() {
+@@ -1171,7 +1101,6 @@ reset() {
 		set shadowsocksr.@global[0].switch_timeout='5'
 		set shadowsocksr.@global[0].switch_try_count='3'
 #		set shadowsocksr.@global[0].default_packet_encoding='xudp'