luci-app-ssr-plus: sync upstream

last commit: 8c362ba2cd

luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=188
-PKG_RELEASE:=7
+PKG_RELEASE:=9
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua

@@ -70,6 +70,10 @@ o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
 o.description = translate("Customize Netflix IP Url")
 o:depends("netflix_enable", "1")
 
+o = s:option(Flag, "apple_optimization", translate("Apple domains optimization"), translate("For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"))
+o.rmempty = false
+o.default = "1"
+
 o = s:option(Flag, "adblock", translate("Enable adblock"))
 o.rmempty = false
 
@@ -103,4 +107,78 @@ o.datatype = "port"
 o.default = 1080
 o.rmempty = false
 
+-- [[ fragmen Settings ]]--
+if is_finded("xray") then
+s = m:section(TypedSection, "global_xray_fragment", translate("Xray Fragment Settings"))
+s.anonymous = true
+
+o = s:option(Flag, "fragment", translate("Fragment"), translate("TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."))
+o.default = 0
+
+o = s:option(ListValue, "fragment_packets", translate("Fragment Packets"), translate("\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."))
+o.default = "tlshello"
+o:value("tlshello", "tlshello")
+o:value("1-2", "1-2")
+o:value("1-3", "1-3")
+o:value("1-5", "1-5")
+o:depends("fragment", true)
+
+o = s:option(Value, "fragment_length", translate("Fragment Length"), translate("Fragmented packet length (byte)"))
+o.default = "100-200"
+o:depends("fragment", true)
+
+o = s:option(Value, "fragment_interval", translate("Fragment Interval"), translate("Fragmentation interval (ms)"))
+o.default = "10-20"
+o:depends("fragment", true)
+
+o = s:option(Flag, "noise", translate("Noise"), translate("UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."))
+o.default = 0
+
+s = m:section(TypedSection, "xray_noise_packets", translate("Xray Noise Packets"))
+s.description = translate(
+    "<font style='color:red'>" .. translate("To send noise packets, select \"Noise\" in Xray Settings.") .. "</font>" ..
+    "<br/><font><b>" .. translate("For specific usage, see: ") .. "</b></font>" ..
+    "<a href='https://xtls.github.io/config/outbounds/freedom.html' target='_blank'>" ..
+    "<font style='color:green'><b>" .. translate("Click to the page") .. "</b></font></a>")
+s.template = "cbi/tblsection"
+s.sortable = true
+s.anonymous = true
+s.addremove = true
+
+s.remove = function(self, section)
+	for k, v in pairs(self.children) do
+		v.rmempty = true
+		v.validate = nil
+	end
+	TypedSection.remove(self, section)
+end
+
+o = s:option(Flag, "enabled", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(ListValue, "type", translate("Type"))
+o.default = "base64"
+o:value("rand", "rand")
+o:value("str", "str")
+o:value("base64", "base64")
+
+o = s:option(Value, "domainStrategy", translate("Domain Strategy"))
+o.default = "UseIP"
+o:value("AsIs", "AsIs")
+o:value("UseIP", "UseIP")
+o:value("UseIPv4", "UseIPv4")
+o:value("ForceIP", "ForceIP")
+o:value("ForceIPv4", "ForceIPv4")
+o.rmempty = false
+
+o = s:option(Value, "packet", translate("Packet"))
+o.datatype = "minlength(1)"
+o.rmempty = false
+
+o = s:option(Value, "delay", translate("Delay (ms)"))
+o.datatype = "or(uinteger,portrange)"
+o.rmempty = false
+end
+
 return m

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua

@@ -927,7 +927,6 @@ if is_finded("xray") then
 		o:value(v, translate(v))
 	end
 	o.rmempty = true
-	o:depends("xtls", true)
 	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", tls = true})
 	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", reality = true})
 

luci-app-ssr-plus/po/zh_Hans/ssr-plus.po

@@ -209,7 +209,6 @@ msgstr "QUIC 连接接收窗口"
 msgid "QUIC stream receive window"
 msgstr "QUIC 流接收窗口"
 
-
 msgid "Lazy Start"
 msgstr "延迟启动"
 
@@ -459,6 +458,12 @@ msgstr "切换检查超时时间（秒）"
 msgid "Check Try Count"
 msgstr "切换检查重试次数"
 
+msgid "Apple domains optimization"
+msgstr "Apple 域名解析优化"
+
+msgid "For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"
+msgstr "配备中国大陆 CDN 的 Apple 域名，始终应答中国大陆 CDN 地址"
+
 msgid "Enable adblock"
 msgstr "启用广告屏蔽"
 
@@ -816,6 +821,63 @@ msgstr "本机服务端"
 msgid "Global SOCKS5 Proxy Server"
 msgstr "SOCKS5 代理服务端（全局）"
 
+msgid "Xray Fragment Settings"
+msgstr "Xray 分片设置"
+
+msgid "Fragment"
+msgstr "分片"
+
+msgid "TCP fragments, which can deceive the censorship system in some cases, such as bypassing SNI blacklists."
+msgstr "TCP 分片，在某些情况下可以欺骗审查系统，比如绕过 SNI 黑名单。"
+
+msgid "Fragment Packets"
+msgstr "分片方式"
+
+msgid "\"1-3\" is for segmentation at TCP layer, applying to the beginning 1 to 3 data writes by the client. \"tlshello\" is for TLS client hello packet fragmentation."
+msgstr "\"1-3\" 是 TCP 的流切片，应用于客户端第 1 至第 3 次写数据。\"tlshello\" 是 TLS 握手包切片。"
+
+msgid "Fragment Length"
+msgstr "分片包长"
+
+msgid "Fragmented packet length (byte)"
+msgstr "分片包长 (byte)"
+
+msgid "Fragment Interval"
+msgstr "分片间隔"
+
+msgid "Fragmentation interval (ms)"
+msgstr "分片间隔（ms）"
+
+msgid "Noise"
+msgstr "噪声"
+
+msgid "UDP noise, Under some circumstances it can bypass some UDP based protocol restrictions."
+msgstr "UDP 噪声，在某些情况下可以绕过一些针对 UDP 协议的限制。"
+
+msgid "To send noise packets, select \"Noise\" in Xray Settings."
+msgstr "在 Xray 设置中勾选 “噪声” 以发送噪声包。"
+
+msgid "For specific usage, see: "
+msgstr "具体使用方法参见："
+
+msgid "Click to the page"
+msgstr "点击前往"
+
+msgid "Xray Noise Packets"
+msgstr "Xray 噪声数据包"
+
+msgid "Type"
+msgstr "类型"
+
+msgid "Domain Strategy"
+msgstr "域名解析策略"
+
+msgid "Packet"
+msgstr "数据包"
+
+msgid "Delay (ms)"
+msgstr "延迟（ms）"
+
 msgid "warning! Please do not reuse the port!"
 msgstr "警告！请不要重复使用端口！"
 

luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -17,7 +17,14 @@ LOCK_FILE=/var/lock/ssrplus.lock
 LOG_FILE=/var/log/ssrplus.log
 TMP_PATH=/var/etc/ssrplus
 TMP_BIN_PATH=$TMP_PATH/bin
-TMP_DNSMASQ_PATH=/tmp/dnsmasq.d/dnsmasq-ssrplus.d
+# Get the default DNSMasq config ID from the UCI configuration
+DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}' | head -1)
+# Locate the dnsmasq.conf file that contains the conf-dir option
+DNSMASQ_CONF_PATH=$(grep -l "^conf-dir=" "/tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID}")
+# Extract the directory path from the conf-dir line
+DNSMASQ_CONF_DIR=$(grep '^conf-dir=' "$DNSMASQ_CONF_PATH" | cut -d'=' -f2 | head -n 1)
+# Check if a conf-dir value was found and set variables accordingly
+TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR%*/}/dnsmasq-ssrplus.d
 
 chain_config_file=		   #generate shadowtls chain proxy config file
 tcp_config_file=
@@ -220,6 +227,12 @@ start_dns() {
 			fi
 		fi
 	fi
+	
+	if [ "$(uci_get_by_type global apple_optimization 1)" == "1" ]; then
+		echolog "Apple 域名中国大陆 CDN 的 优化规则正在加载。"
+		cp -f /etc/ssrplus/applechina.conf $TMP_DNSMASQ_PATH/
+		echolog "Apple 域名中国大陆 CDN 的 优化规则加载完毕。"
+	fi
 }
 
 gen_service_file() { #1-server.type 2-cfgname 3-file_path
@@ -390,7 +403,7 @@ start_udp() {
 		;;
 	v2ray)
 		gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $udp_config_file
+		ln_start_bin $(first_type xray v2ray) v2ray run -c $udp_config_file
 		echolog "UDP TPROXY Relay:$($(first_type "xray" "v2ray") version | head -1) Started!"
 		;;
 	trojan) #client
@@ -472,7 +485,7 @@ start_shunt() {
 	v2ray)
 		local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
 		gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+		ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
 		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
 		echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
 		;;
@@ -592,7 +605,7 @@ start_local() {
 	v2ray)
 		if [ "$_local" == "2" ]; then
 			gen_config_file $LOCAL_SERVER $type 4 0 $local_port
-			ln_start_bin $(first_type xray v2ray) v2ray run -config $local_config_file
+			ln_start_bin $(first_type xray v2ray) v2ray run -c $local_config_file
 		fi
 		echolog "Global_Socks5:$($(first_type "xray" "v2ray") version | head -1) Started!"
 		;;
@@ -687,7 +700,7 @@ Start_Run() {
 		;;
 	v2ray)
 		gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $tcp_config_file
+		ln_start_bin $(first_type xray v2ray) v2ray run -c $tcp_config_file
 		echolog "Main node:$($(first_type xray v2ray) version | head -1) Started!"
 		;;
 	trojan)
@@ -989,8 +1002,8 @@ start_rules() {
 start() {
 	set_lock
 	echolog "----------start------------"
-	mkdir -p /var/run /var/lock /var/log /tmp/dnsmasq.d $TMP_BIN_PATH $TMP_DNSMASQ_PATH
-	echo "conf-dir=${TMP_DNSMASQ_PATH}" >"/tmp/dnsmasq.d/dnsmasq-ssrplus.conf"
+	mkdir -p /var/run /var/lock /var/log $DNSMASQ_CONF_DIR $TMP_BIN_PATH $TMP_DNSMASQ_PATH
+	echo "conf-dir=${TMP_DNSMASQ_PATH}" >"$DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf"
 	if load_config; then
 		Start_Run
 		start_rules
@@ -1023,7 +1036,7 @@ start() {
 
 boot() {
 	echolog "boot！"
-	mkdir -p /var/run /var/lock /var/log /tmp/dnsmasq.d $TMP_BIN_PATH $TMP_DNSMASQ_PATH
+	mkdir -p /var/run /var/lock /var/log $DNSMASQ_CONF_DIR $TMP_BIN_PATH $TMP_DNSMASQ_PATH
 	start
 }
 
@@ -1055,8 +1068,8 @@ stop() {
 		uci -q del "dhcp.@dnsmasq[0]._unused_ssrp_changed"
 		uci -q commit "dhcp"
 	fi
-	if [ -f "/tmp/dnsmasq.d/dnsmasq-ssrplus.conf" ]; then
-		rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
+	if [ -f "$DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf" ]; then
+		rm -rf $DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
 		/etc/init.d/dnsmasq restart >/dev/null 2>&1
 	fi
 	uci -q delete firewall.shadowsocksr_server
@@ -1114,6 +1127,9 @@ reset() {
 		set shadowsocksr.@socks5_proxy[0].local_port='1080'
 		add shadowsocksr server_global
 		set shadowsocksr.@server_global[0].enable_server='0'
+		add shadowsocksr global_xray_fragment
+		set shadowsocksr.@global_xray_fragment[0].fragment='0'
+		set shadowsocksr.@global_xray_fragment[0].noise='0'
 		commit shadowsocksr
 	EOF
 	unset_lock

luci-app-ssr-plus/root/etc/ssrplus/applechina.conf

@@ -0,0 +1,173 @@
+server=/a1.mzstatic.com/114.114.114.114
+server=/a2.mzstatic.com/114.114.114.114
+server=/a3.mzstatic.com/114.114.114.114
+server=/a4.mzstatic.com/114.114.114.114
+server=/a5.mzstatic.com/114.114.114.114
+server=/adcdownload.apple.com.akadns.net/114.114.114.114
+server=/adcdownload.apple.com/114.114.114.114
+server=/amp-api-updates.apps.apple.com/114.114.114.114
+server=/amp-api.media.apple.com/114.114.114.114
+server=/api-p-ap-c.smoot.apple.com/114.114.114.114
+server=/api-p-ap-d.smoot.apple.com/114.114.114.114
+server=/api-p-ap-e.smoot.apple.com/114.114.114.114
+server=/app-site-association.cdn-apple.com/114.114.114.114
+server=/appldnld.apple.com/114.114.114.114
+server=/appldnld.g.aaplimg.com/114.114.114.114
+server=/appleid.cdn-apple.com/114.114.114.114
+server=/apps.apple.com/114.114.114.114
+server=/apps.mzstatic.com/114.114.114.114
+server=/bag-cdn.itunes-apple.com.akadns.net/114.114.114.114
+server=/cdn-cn1.apple-mapkit.com/114.114.114.114
+server=/cdn-cn2.apple-mapkit.com/114.114.114.114
+server=/cdn-cn3.apple-mapkit.com/114.114.114.114
+server=/cdn-cn4.apple-mapkit.com/114.114.114.114
+server=/cdn.apple-mapkit.com/114.114.114.114
+server=/cdn1.apple-mapkit.com/114.114.114.114
+server=/cdn2.apple-mapkit.com/114.114.114.114
+server=/cdn3.apple-mapkit.com/114.114.114.114
+server=/cdn4.apple-mapkit.com/114.114.114.114
+server=/cds-cdn.v.aaplimg.com/114.114.114.114
+server=/cds.apple.com.akadns.net/114.114.114.114
+server=/cds.apple.com/114.114.114.114
+server=/cdsassets.apple.com/114.114.114.114
+server=/cl1-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl1.apple.com/114.114.114.114
+server=/cl2-cn.apple.com/114.114.114.114
+server=/cl2.apple.com/114.114.114.114
+server=/cl3-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl3.apple.com/114.114.114.114
+server=/cl4-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl4-cn.apple.com/114.114.114.114
+server=/cl4.apple.com/114.114.114.114
+server=/cl5-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/cl5.apple.com/114.114.114.114
+server=/clientflow.apple.com.akadns.net/114.114.114.114
+server=/clientflow.apple.com/114.114.114.114
+server=/cn-smp-paymentservices.apple.com/114.114.114.114
+server=/configuration.apple.com.akadns.net/114.114.114.114
+server=/configuration.apple.com/114.114.114.114
+server=/crl.apple.com/114.114.114.114
+server=/cstat.apple.com/114.114.114.114
+server=/cstat.cdn-apple.com/114.114.114.114
+server=/dd-cdn.origin-apple.com.akadns.net/114.114.114.114
+server=/dejavu.apple.com/114.114.114.114
+server=/devstreaming-cdn.apple.com/114.114.114.114
+server=/download.developer.apple.com/114.114.114.114
+server=/experiments.apple.com/114.114.114.114
+server=/gs-loc-cn.apple.com/114.114.114.114
+server=/gs-loc.apple.com/114.114.114.114
+server=/gsp10-ssl-cn.ls.apple.com/114.114.114.114
+server=/gsp12-cn.ls.apple.com/114.114.114.114
+server=/gsp13-cn.ls.apple.com/114.114.114.114
+server=/gsp4-cn.ls.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/gsp4-cn.ls.apple.com.edgekey.net/114.114.114.114
+server=/gsp4-cn.ls.apple.com/114.114.114.114
+server=/gsp5-cn.ls.apple.com/114.114.114.114
+server=/gsp85-cn-ssl.ls.apple.com/114.114.114.114
+server=/gspe19-2-cn-ssl.ls-apple.com.akadns.net/114.114.114.114
+server=/gspe19-2-cn-ssl.ls.apple.com/114.114.114.114
+server=/gspe19-cn-ssl.ls.apple.com/114.114.114.114
+server=/gspe19-cn.ls-apple.com.akadns.net/114.114.114.114
+server=/gspe19-cn.ls.apple.com/114.114.114.114
+server=/gspe21-ssl.ls.apple.com/114.114.114.114
+server=/gspe21.ls.apple.com/114.114.114.114
+server=/gspe35-ssl.ls.apple.com/114.114.114.114
+server=/gspe79-cn-ssl.ls.apple.com/114.114.114.114
+server=/guzzoni-apple-com.v.aaplimg.com/114.114.114.114
+server=/guzzoni.apple.com/114.114.114.114
+server=/guzzoni.smoot.apple.com/114.114.114.114
+server=/iadsdk.apple.com/114.114.114.114
+server=/icloud-cdn.icloud.com.akadns.net/114.114.114.114
+server=/icloud.cdn-apple.com/114.114.114.114
+server=/images.apple.com.akadns.net/114.114.114.114
+server=/images.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/images.apple.com/114.114.114.114
+server=/init-kt.apple.com/114.114.114.114
+server=/init-p01md-lb.push-apple.com.akadns.net/114.114.114.114
+server=/init-p01md.apple.com/114.114.114.114
+server=/init-p01st-lb.push-apple.com.akadns.net/114.114.114.114
+server=/init-p01st.push.apple.com/114.114.114.114
+server=/init-s01st-lb.push-apple.com.akadns.net/114.114.114.114
+server=/init-s01st.push.apple.com/114.114.114.114
+server=/init.ess.apple.com/114.114.114.114
+server=/iosapps.itunes.g.aaplimg.com/114.114.114.114
+server=/ipcdn.apple.com/114.114.114.114
+server=/iphone-ld.apple.com/114.114.114.114
+server=/iphone-ld.origin-apple.com.akadns.net/114.114.114.114
+server=/is-ssl.mzstatic.com-cn-lb.itunes-apple.com.akadns.net/114.114.114.114
+server=/is1-ssl.mzstatic.com/114.114.114.114
+server=/is1.mzstatic.com/114.114.114.114
+server=/is2-ssl.mzstatic.com/114.114.114.114
+server=/is2.mzstatic.com/114.114.114.114
+server=/is3-ssl.mzstatic.com/114.114.114.114
+server=/is3.mzstatic.com/114.114.114.114
+server=/is4-ssl.mzstatic.com/114.114.114.114
+server=/is4.mzstatic.com/114.114.114.114
+server=/is5-ssl.mzstatic.com/114.114.114.114
+server=/is5.mzstatic.com/114.114.114.114
+server=/itunes-apple.com.akadns.net/114.114.114.114
+server=/itunes.apple.com/114.114.114.114
+server=/itunesconnect.apple.com/114.114.114.114
+server=/mesu-cdn.apple.com.akadns.net/114.114.114.114
+server=/mesu-china.apple.com.akadns.net/114.114.114.114
+server=/mesu.apple.com/114.114.114.114
+server=/ml.cdn-apple.com/114.114.114.114
+server=/music.apple.com/114.114.114.114
+server=/ocsp-lb.apple.com.akadns.net/114.114.114.114
+server=/ocsp.apple.com/114.114.114.114
+server=/ocsp2-lb.apple.com.akadns.net/114.114.114.114
+server=/ocsp2.apple.com/114.114.114.114
+server=/oscdn.apple.com/114.114.114.114
+server=/oscdn.origin-apple.com.akadns.net/114.114.114.114
+server=/osxapps.itunes.g.aaplimg.com/114.114.114.114
+server=/pancake.apple.com/114.114.114.114
+server=/pancake.cdn-apple.com.akadns.net/114.114.114.114
+server=/pba0.apple.com/114.114.114.114
+server=/probe.siri.apple.com/114.114.114.114
+server=/prod-support.apple-support.akadns.net/114.114.114.114
+server=/publicassets.cdn-apple.com/114.114.114.114
+server=/reserve-prime.apple.com/114.114.114.114
+server=/s.mzstatic.com/114.114.114.114
+server=/seed-sequoia.siri.apple.com/114.114.114.114
+server=/seed-swallow.siri.apple.com/114.114.114.114
+server=/seed.siri.apple.com/114.114.114.114
+server=/sequoia.apple.com/114.114.114.114
+server=/sh-pod2-smp-device.apple.com/114.114.114.114
+server=/shazam-insights.cdn-apple.com/114.114.114.114
+server=/smp-device-content.apple.com/114.114.114.114
+server=/static.gc.apple.com/114.114.114.114
+server=/stocks-sparkline-lb.apple.com.akadns.net/114.114.114.114
+server=/stocks-sparkline.apple.com/114.114.114.114
+server=/store.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/store.apple.com.edgekey.net/114.114.114.114
+server=/store.apple.com/114.114.114.114
+server=/store.storeimages.apple.com.akadns.net/114.114.114.114
+server=/store.storeimages.cdn-apple.com/114.114.114.114
+server=/support-china.apple-support.akadns.net/114.114.114.114
+server=/support.apple.com/114.114.114.114
+server=/swallow-apple-com.v.aaplimg.com/114.114.114.114
+server=/swallow.apple.com/114.114.114.114
+server=/swcatalog-cdn.apple.com.akadns.net/114.114.114.114
+server=/swcatalog.apple.com/114.114.114.114
+server=/swcdn.apple.com/114.114.114.114
+server=/swcdn.g.aaplimg.com/114.114.114.114
+server=/swdist.apple.com.akadns.net/114.114.114.114
+server=/swdist.apple.com/114.114.114.114
+server=/swscan-cdn.apple.com.akadns.net/114.114.114.114
+server=/swscan.apple.com/114.114.114.114
+server=/sylvan.apple.com/114.114.114.114
+server=/tj-pod1-smp-device.apple.com/114.114.114.114
+server=/updates-http.cdn-apple.com.akadns.net/114.114.114.114
+server=/updates-http.cdn-apple.com/114.114.114.114
+server=/updates.cdn-apple.com/114.114.114.114
+server=/valid.apple.com/114.114.114.114
+server=/valid.origin-apple.com.akadns.net/114.114.114.114
+server=/weather-data.apple.com.akadns.net/114.114.114.114
+server=/weather-data.apple.com/114.114.114.114
+server=/weather-map.apple.com/114.114.114.114
+server=/weather-map2.apple.com/114.114.114.114
+server=/weatherkit.apple.com/114.114.114.114
+server=/www.apple.com.edgekey.net.globalredir.akadns.net/114.114.114.114
+server=/www.apple.com.edgekey.net/114.114.114.114
+server=/www.apple.com/114.114.114.114
+server=/xp.apple.com/114.114.114.114

luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua

@@ -12,6 +12,8 @@ local chain = arg[5] or "0"
 local chain_local_port = string.split(chain, "/")[2] or "0"
 
 local server = ucursor:get_all("shadowsocksr", server_section)
+local xray_fragment = ucursor:get_all("shadowsocksr", "@global_xray_fragment[0]") or {}
+local xray_noise = ucursor:get_all("shadowsocksr", "@xray_noise_packets[0]") or {}
 local outbound_settings = nil
 
 function vmess_vless()
@@ -77,7 +79,7 @@ function wireguard()
 				allowedIPs = (server.allowedips) or nil,
 			}
 		},
-		kernelMode = (server.kernelmode == "1") and true or false,
+		noKernelTun = (server.kernelmode == "1") and true or false,
 		reserved = {server.reserved} or nil,
 		mtu = tonumber(server.mtu)
 	}
@@ -124,8 +126,17 @@ local Xray = {
 		-- error = "/var/ssrplus.log",
 		loglevel = "warning"
 	},
+
+	-- 初始化 inbounds 表
+	inbounds = {},
+
+	-- 初始化 outbounds 表
+	outbounds = {},
+}
 	-- 传入连接
-	inbound = (local_port ~= "0") and {
+	-- 添加 dokodemo-door 配置，如果 local_port 不为 0
+if local_port ~= "0" then
+    table.insert(Xray.inbounds, {
 			-- listening
 			port = tonumber(local_port),
 			protocol = "dokodemo-door",
@@ -133,6 +144,7 @@ local Xray = {
 			sniffing = {
 				enabled = true,
 				destOverride = {"http", "tls", "quic"},
+				metadataOnly = false,
 				domainsExcluded = {
 					"courier.push.apple.com",
 					"rbsxbxp-mim.vivox.com",
@@ -161,25 +173,30 @@ local Xray = {
 					"dlg.io.mi.com"
 				}
 			}
-	} or nil,
+    })
+end
+
 	-- 开启 socks 代理
-	inboundDetour = (proto:find("tcp") and socks_port ~= "0") and {
-		{
+	-- 检查是否启用 socks 代理
+if proto:find("tcp") and socks_port ~= "0" then
+    table.insert(Xray.inbounds, {
 	-- socks
         protocol = "socks",
         port = tonumber(socks_port),
         settings = {auth = "noauth", udp = true}
-		}
-	} or nil,
+    })
+end
+
 	-- 传出连接
-	outbound = {
+	Xray.outbounds = {
+		{
 			protocol = server.v2ray_protocol,
 			settings = outbound_settings,
 			-- 底层传输配置
 			streamSettings = (server.v2ray_protocol ~= "wireguard") and {
 				network = server.transport or "tcp",
 				security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
-			tlsSettings = (server.tls == '1') and (server.tls_host or server.fingerprint) and {
+				tlsSettings = (server.tls == '1') and {
 					-- tls
 					alpn = server.tls_alpn,
 					fingerprint = server.fingerprint,
@@ -244,7 +261,7 @@ local Xray = {
 				splithttpSettings = (server.transport == "splithttp") and {
 					-- splithttp
 					host = (server.splithttp_host or server.tls_host) or nil,
-                                path = server.splithttp_path or ""
+					path = server.splithttp_path or "/"
 				} or nil,
 				httpSettings = (server.transport == "h2") and {
 					-- h2
@@ -271,7 +288,8 @@ local Xray = {
 				sockopt = {
 					tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
 					tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
-				tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
+					tcpcongestion = server.custom_tcpcongestion, -- 连接服务器节点的 TCP 拥塞控制算法
+					dialerProxy = (xray_fragment.fragment == "1" or xray_fragment.noise == "1") and "dialerproxy" or nil
 				}
 			} or nil,
 			mux = (server.v2ray_protocol ~= "wireguard") and {
@@ -283,6 +301,35 @@ local Xray = {
 			} or nil
 		}
 	}
+
+-- 添加带有 fragment 设置的 dialerproxy 配置
+if xray_fragment.fragment ~= "0" or (xray_fragment.noise ~= "0" and xray_noise.enabled ~= "0") then
+	table.insert(Xray.outbounds, {
+		protocol = "freedom",
+		tag = "dialerproxy",
+		settings = {
+			domainStrategy = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and xray_noise.domainStrategy,
+			fragment = (xray_fragment.fragment == "1") and {
+				packets = (xray_fragment.fragment_packets ~= "") and xray_fragment.fragment_packets or nil,
+				length = (xray_fragment.fragment_length ~= "") and xray_fragment.fragment_length or nil,
+				interval = (xray_fragment.fragment_interval ~= "") and xray_fragment.fragment_interval or nil
+			} or nil,
+			noises = (xray_fragment.noise == "1" and xray_noise.enabled == "1") and {
+				{
+					type = xray_noise.type,
+					packet = xray_noise.packet,
+					delay = xray_noise.delay:find("-") and xray_noise.delay or tonumber(xray_noise.delay)
+				}
+			} or nil
+		},
+		streamSettings = {
+			sockopt = {
+			tcpNoDelay = true
+			}
+		}
+	})
+end
+
 local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
 local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
 local trojan = {

luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua

@@ -362,10 +362,9 @@ local function processData(szType, content)
 		result.vmess_id = url.user
 		result.vless_encryption = params.encryption or "none"
 		result.transport = params.type or "tcp"
-		result.tls = (params.security == "tls") and "1" or "0"
+		result.tls = (params.security == "tls" or params.security == "xtls") and "1" or "0"
 		result.tls_host = params.sni
-		result.xtls = (params.security == "xtls") and "1" or nil
-		result.tls_flow = (result.tls == "1" or result.xtls == "1" or result.reality == "1") and params.flow or nil
+		result.tls_flow = (params.security == "tls" or params.security == "reality") and params.flow or nil
 		result.fingerprint = params.fp
 		result.reality = (params.security == "reality") and "1" or "0"
 		result.reality_publickey = params.pbk and UrlDecode(params.pbk) or nil

luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua

@@ -9,7 +9,7 @@ require "luci.model.uci"
 local icount = 0
 local args = arg[1]
 local uci = luci.model.uci.cursor()
-local TMP_DNSMASQ_PATH = "/tmp/dnsmasq.d/dnsmasq-ssrplus.d"
+local TMP_DNSMASQ_PATH = "${DNSMASQ_CONF_DIR%*/}/dnsmasq-ssrplus.d"
 local TMP_PATH = "/var/etc/ssrplus"
 -- match comments/title/whitelist/ip address/excluded_domain
 local comment_pattern = "^[!\\[@]+"

patch-luci-app-ssr-plus.patch

@@ -1,5 +1,5 @@
 diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile
-index d07f167..b2af119 100644
+index 644ac0a..9d8a0b3 100644
 --- a/luci-app-ssr-plus/Makefile
 +++ b/luci-app-ssr-plus/Makefile
 @@ -9,10 +9,9 @@ PKG_CONFIG_DEPENDS:= \
@@ -134,7 +134,7 @@ index 8ceaba7..f381a54 100644
  	page.acl_depends = { "luci-app-ssr-plus" }
  	entry({"admin", "services", "shadowsocksr", "client"}, cbi("shadowsocksr/client"), _("SSR Client"), 10).leaf = true
 diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
-index 0f8cd03..00ef47d 100644
+index 2f56e90..9157953 100644
 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
 +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
 @@ -70,45 +70,6 @@ o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
@@ -180,11 +180,11 @@ index 0f8cd03..00ef47d 100644
 -o.rmempty = false
 -o.default = "0"
 -
- o = s:option(Flag, "adblock", translate("Enable adblock"))
+ o = s:option(Flag, "apple_optimization", translate("Apple domains optimization"), translate("For Apple domains equipped with Chinese mainland CDN, always responsive to Chinese CDN IP addresses"))
  o.rmempty = false
- 
+ o.default = "1"
 diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
-index 3b91739..b24183e 100644
+index 26de9ba..b24183e 100644
 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
 +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
 @@ -10,7 +10,7 @@ local function is_finded(e)
@@ -232,7 +232,7 @@ index 3b91739..b24183e 100644
 -o = s:option(Flag, "mosdns_ipv6", translate("Disable IPv6 in MOSDNS query mode"))
 -o:depends("pdnsd_enable", "3")
 -o.rmempty = false
--o.default = "0"
+-o.default = "1"
 -
  if is_finded("chinadns-ng") then
  	o = s:option(Value, "chinadns_forward", translate("Domestic DNS Server"))
@@ -430,10 +430,10 @@ index 7603d8c..7f841fa 100644
  		}
  	}
 diff --git a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
-index 8184bee..60ac526 100644
+index da30ffc..f97309b 100644
 --- a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
 +++ b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
-@@ -552,27 +552,6 @@ msgstr "使用 DNS2TCP 查询"
+@@ -557,27 +557,6 @@ msgstr "使用 DNS2TCP 查询"
  msgid "Use DNS2SOCKS query and cache"
  msgstr "使用 DNS2SOCKS 查询并缓存"
  
@@ -462,10 +462,10 @@ index 8184bee..60ac526 100644
  msgstr "DNS 服务器 IP:Port"
  
 diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
-index b1570aa..ec19a6f 100755
+index 00e0448..9af87f1 100755
 --- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
 +++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
-@@ -178,23 +178,17 @@ ln_start_bin() {
+@@ -185,23 +185,17 @@ ln_start_bin() {
  	${file_func:-echolog "  - ${ln_name}"} "$@" >/dev/null 2>&1 &
  }
  
@@ -494,7 +494,7 @@ index b1570aa..ec19a6f 100755
  		case "$ssrplus_dns" in
  		1)
  			ln_start_bin $(first_type dns2tcp) dns2tcp -L 127.0.0.1#$dns_port -R ${dnsserver/:/#}
-@@ -205,26 +199,6 @@ start_dns() {
+@@ -212,26 +206,6 @@ start_dns() {
  			ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_dns_port $dnsserver 127.0.0.1:$dns_port -q
  			pdnsd_enable_flag=2
  			;;
@@ -521,7 +521,7 @@ index b1570aa..ec19a6f 100755
  		esac
  
  		if [ "$run_mode" = "router" ]; then
-@@ -479,33 +453,6 @@ start_udp() {
+@@ -492,33 +466,6 @@ start_udp() {
  	esac
  }
  
@@ -555,7 +555,7 @@ index b1570aa..ec19a6f 100755
  start_shunt() {
  	local type=$(uci_get_by_name $SHUNT_SERVER type)
  	case "$type" in
-@@ -519,14 +466,14 @@ start_shunt() {
+@@ -532,14 +479,14 @@ start_shunt() {
  			local tmp_port=$tmp_shunt_local_port
  			ln_start_bin $(first_type ${type}local ${type}-local) ${type}-local -c $shunt_dns_config_file
  		fi
@@ -566,13 +566,13 @@ index b1570aa..ec19a6f 100755
  	v2ray)
  		local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
  		gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
- 		ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+ 		ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
 -		shunt_dns_command
 +		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
  		echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
  		;;
  	trojan)
-@@ -538,7 +485,7 @@ start_shunt() {
+@@ -551,7 +498,7 @@ start_shunt() {
  			local tmp_port=$tmp_shunt_local_port
  			ln_start_bin $(first_type trojan) $type --config $shunt_dns_config_file
  		fi
@@ -581,7 +581,7 @@ index b1570aa..ec19a6f 100755
  		echolog "shunt:$($(first_type trojan) --version 2>&1 | head -1) Started!"
  		;;
  	naiveproxy)
-@@ -550,7 +497,7 @@ start_shunt() {
+@@ -563,7 +510,7 @@ start_shunt() {
  			local tmp_port=$tmp_shunt_local_port
  			ln_start_bin $(first_type naive) naive --config $shunt_dns_config_file
  		fi
@@ -590,7 +590,7 @@ index b1570aa..ec19a6f 100755
  		echolog "shunt:$($(first_type "naive") --version 2>&1 | head -1) Started!"
  		redir_udp=0
  		;;
-@@ -563,7 +510,7 @@ start_shunt() {
+@@ -576,7 +523,7 @@ start_shunt() {
  			gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
  		fi
  		ln_start_bin $(first_type hysteria) hysteria client --config $shunt_config_file
@@ -599,7 +599,7 @@ index b1570aa..ec19a6f 100755
  		echolog "shunt:$($(first_type hysteria) version | grep Version | awk '{print "Hysteria2: " $2}') Started!"
  		;;
  	tuic)
-@@ -575,7 +522,7 @@ start_shunt() {
+@@ -588,7 +535,7 @@ start_shunt() {
  		[ -n "$tmp_local_port" ] && tmp_port=$tmp_local_port || tmp_port=$tmp_shunt_local_port
  		gen_config_file $SHUNT_SERVER $type 3 $tmp_port		# make a tuic socks :304
  		ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_dns_config_file
@@ -608,7 +608,7 @@ index b1570aa..ec19a6f 100755
  		echolog "Netflix Separated Shunt Server:tuic-client $($(first_type tuic-client) --version) Started!"
  		# FIXME: ipt2socks cannot handle udp reply from tuic
  		#redir_udp=0
-@@ -585,7 +532,7 @@ start_shunt() {
+@@ -598,7 +545,7 @@ start_shunt() {
  		gen_config_file $SHUNT_SERVER $type 3 "10${tmp_shunt_port}" $tmp_port chain/$tmp_shunt_port #make a redir:303 and a socks:304
  		#echo "debug \$tmp_port=$tmp_port, \$tmp_shunt_port=${tmp_shunt_port},  \$tmp_shunt_local_port=$tmp_shunt_local_port"
  		ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
@@ -617,7 +617,7 @@ index b1570aa..ec19a6f 100755
  		local chain_type=$(uci_get_by_name $SHUNT_SERVER chain_type)
  		case ${chain_type} in
  		vmess)
-@@ -611,7 +558,7 @@ start_shunt() {
+@@ -624,7 +571,7 @@ start_shunt() {
  	# 		local tmp_port=$tmp_shunt_local_port
  	# 		ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
  	# 	fi
@@ -626,7 +626,7 @@ index b1570aa..ec19a6f 100755
  	# 	echolog "shunt:$type REDIRECT/TPROXY Started!"
  	# 	;;
  	*)
-@@ -623,7 +570,7 @@ start_shunt() {
+@@ -636,7 +583,7 @@ start_shunt() {
  			local tmp_port=$tmp_shunt_local_port
  			ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
  		fi
@@ -635,7 +635,7 @@ index b1570aa..ec19a6f 100755
  		echolog "shunt:$type REDIRECT/TPROXY Started!"
  		;;
  	esac
-@@ -922,11 +869,6 @@ start_server() {
+@@ -935,11 +882,6 @@ start_server() {
  	server_service() {
  		[ "$(uci_get_by_name $1 enable 0)" == "0" ] && return 1
  		let server_count=server_count+1
@@ -647,7 +647,7 @@ index b1570aa..ec19a6f 100755
  		local type=$(uci_get_by_name $1 type)
  		case "$type" in
  		ss | ssr)
-@@ -940,32 +882,23 @@ start_server() {
+@@ -953,32 +895,23 @@ start_server() {
  			echolog "Server:Socks5 Server$server_count Started!"
  			;;
  		esac
@@ -692,7 +692,7 @@ index b1570aa..ec19a6f 100755
  	return 0
  }
  
-@@ -1098,12 +1031,6 @@ stop() {
+@@ -1111,12 +1044,6 @@ stop() {
  	unlock
  	set_lock
  	/usr/bin/ssr-rules -f
@@ -705,7 +705,7 @@ index b1570aa..ec19a6f 100755
  	if [ -z "$switch_server" ]; then
  		$PS -w | grep -v "grep" | grep ssr-switch | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
  		rm -f /var/lock/ssr-switch.lock
-@@ -1114,7 +1041,7 @@ stop() {
+@@ -1127,7 +1054,7 @@ stop() {
  	( \
  		# Graceful kill first, so programs have the chance to stop its subprocesses
  		$PS -w | grep -v "grep" | grep "$TMP_PATH" | awk '{print $1}' | xargs kill >/dev/null 2>&1 ; \
@@ -714,8 +714,8 @@ index b1570aa..ec19a6f 100755
  		# Force kill hanged programs
  		$PS -w | grep -v "grep" | grep "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 ; \
  	)
-@@ -1132,6 +1059,9 @@ stop() {
- 		rm -rf /tmp/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
+@@ -1145,6 +1072,9 @@ stop() {
+ 		rm -rf $DNSMASQ_CONF_DIR/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
  		/etc/init.d/dnsmasq restart >/dev/null 2>&1
  	fi
 +	uci -q delete firewall.shadowsocksr_server
@@ -724,7 +724,7 @@ index b1570aa..ec19a6f 100755
  	del_cron
  	unset_lock
  }
-@@ -1158,7 +1088,6 @@ reset() {
+@@ -1171,7 +1101,6 @@ reset() {
  		set shadowsocksr.@global[0].switch_timeout='5'
  		set shadowsocksr.@global[0].switch_try_count='3'
  #		set shadowsocksr.@global[0].default_packet_encoding='xudp'