update 2023-11-09 22:31:06

2023-11-09 22:31:06 +08:00 · 2023-11-09 22:31:06 +08:00 · 129855888d
parent f7fc3023dd
commit 129855888d
55 changed files with 136946 additions and 5 deletions
--- a/luci-app-smartdns/luasrc/model/cbi/smartdns/smartdns.lua
+++ b/luci-app-smartdns/luasrc/model/cbi/smartdns/smartdns.lua
@ -671,12 +671,23 @@ s = m:section(TypedSection, "smartdns", translate("Download Files Setting"), tra
 s.anonymous = true

 ---- download Files Settings
-o = s:option(Flag, "enable_auto_update", translate("Enable Auto Update"), translate("Enable daily auto update."))
+o = s:option(Flag, "enable_auto_update", translate("Enable Auto Update"), translate("Enable daily(week) auto update."))
 o.rmempty = true
 o.default = o.disabled
 o.rempty = true

-o = s:option(ListValue, "auto_update_day_time", translate("Update time (every day)"))
+o = s:option(ListValue, "auto_update_week_time", translate("Update Time (Every Week)"))
+o:value("*", translate("Every Day"))
+o:value("1", translate("Every Monday"))
+o:value("2", translate("Every Tuesday"))
+o:value("3", translate("Every Wednesday"))
+o:value("4", translate("Every Thursday"))
+o:value("5", translate("Every Friday"))
+o:value("6", translate("Every Saturday"))
+o:value("0", translate("Every Sunday"))
+o.default = "*"
+
+o = s:option(ListValue, "auto_update_day_time", translate("Update Time (Every Day)"))
 for i = 0, 23 do o:value(i, i .. ":00") end
 o.default = 5

--- a/luci-app-smartdns/po/zh-cn/smartdns.po
+++ b/luci-app-smartdns/po/zh-cn/smartdns.po
@ -184,10 +184,37 @@ msgstr "启用IPV6服务器。"
 msgid "Enable TCP DNS Server"
 msgstr "启用TCP服务器。"

-msgid "Enable daily auto update."
-msgstr "启用每日自动更新"
+msgid "Enable daily(week) auto update."
+msgstr "启用每天（每周）自动更新"

-msgid "Update time (every day)"
+msgid "Update Time (Every Week)"
+msgstr "更新时间(每周)"
+
+msgid "Every Day"
+msgstr "每天"
+
+msgid "Every Monday"
+msgstr "每周一"
+
+msgid "Every Tuesday"
+msgstr "每周二"
+
+msgid "Every Wednesday"
+msgstr "每周三"
+
+msgid "Every Thursday"
+msgstr "每周四"
+
+msgid "Every Friday"
+msgstr "每周五"
+
+msgid "Every Saturday"
+msgstr "每周六"
+
+msgid "Every Sunday"
+msgstr "每周日"
+
+msgid "Update Time (Every Day)"
 msgstr "更新时间(每天)"

 msgid "Enable domain prefetch, accelerate domain response speed."
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@ -0,0 +1,195 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-ssr-plus
+PKG_VERSION:=190
+PKG_RELEASE:=1
+
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Tuic_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadow_TLS \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2 \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Simple_Obfs \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_V2ray_Plugin \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan
+
+LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/Tuic/ShadowTLS/Hysteria/Socks5/Tun LuCI interface
+LUCI_PKGARCH:=all
+LUCI_DEPENDS:= \
+	@(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) \
+	+coreutils +coreutils-base64 +dns2socks +dns2tcp +dnsmasq-full +@PACKAGE_dnsmasq_full_ipset +ipset +kmod-ipt-nat \
+	+ip-full +iptables +iptables-mod-tproxy +lua +lua-neturl +libuci-lua +microsocks \
+	+tcping +resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:curl \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray-core \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:curl \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG:chinadns-ng \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:mosdns \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:yq \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:v2dat \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:diffutils \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria:hysteria \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Tuic_Client:tuic-client \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadow_TLS:shadow-tls \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks:ipt2socks \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2:redsocks2 \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-local \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-redir \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server:shadowsocks-libev-ss-server \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client:shadowsocks-rust-sslocal \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server:shadowsocks-rust-ssserver \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Simple_Obfs:simple-obfs \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_V2ray_Plugin:v2ray-plugin \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client:shadowsocksr-libev-ssr-local \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client:shadowsocksr-libev-ssr-redir \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server:shadowsocksr-libev-ssr-server \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Trojan:trojan
+
+define Package/$(PKG_NAME)/config
+select PACKAGE_luci-lib-ipkg if PACKAGE_$(PKG_NAME)
+
+choice
+	prompt "Shadowsocks Client Selection"
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client if aarch64 || x86_64
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Client
+	bool "None"
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client
+	bool "Shadowsocks-libev"
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client
+	bool "Shadowsocks-rust"
+	depends on aarch64||arm||i386||mips||mipsel||x86_64
+	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
+endchoice
+
+choice
+	prompt "Shadowsocks Server Selection"
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server if aarch64
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server if i386||x86_64||arm
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Server
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Server
+	bool "None"
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server
+	bool "Shadowsocks-libev"
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server
+	bool "Shadowsocks-rust"
+	depends on aarch64||arm||i386||mips||mipsel||x86_64
+	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
+endchoice
+
+choice
+	prompt "V2ray-core Selection"
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Xray if aarch64||arm||i386||x86_64
+	default PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY
+	bool "None"
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray
+	bool "V2ray-core"
+
+	config PACKAGE_$(PKG_NAME)_INCLUDE_Xray
+	bool "Xray-core"
+endchoice
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
+	bool "Include ChinaDNS-NG"
+	default y
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS
+	bool "Include MosDNS"
+	default y if aarch64||arm||i386||x86_64
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria
+	bool "Include Hysteria"
+	select PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Tuic_Client
+	bool "Include Tuic-Client"
+	select PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
+	select PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks
+	depends on aarch64||arm||i386||x86_64
+	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadow_TLS
+	bool "Include Shadow-TLS"
+	select PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
+	select PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client
+	depends on aarch64||arm||x86_64
+	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks
+	bool "Include IPT2Socks"
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun
+	bool "Include Kcptun"
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy
+	bool "Include NaiveProxy"
+	depends on !(arc||armeb||mips||mips64||powerpc||TARGET_gemini)
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2
+	bool "Include Redsocks2"
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Simple_Obfs
+	bool "Include Shadowsocks Simple Obfs Plugin"
+	default y
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_V2ray_Plugin
+	bool "Include Shadowsocks V2ray Plugin"
+	default n
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client
+	bool "Include ShadowsocksR Libev Client"
+	default y
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server
+	bool "Include ShadowsocksR Libev Server"
+	default y if i386||x86_64||arm
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan
+	bool "Include Trojan"
+	select PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks
+	default n
+endef
+
+define Package/$(PKG_NAME)/conffiles
+/etc/config/shadowsocksr
+/etc/ssrplus/
+endef
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
--- a/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua
+++ b/luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua
@ -0,0 +1,135 @@
+-- Copyright (C) 2017 yushi studio <ywb94@qq.com>
+-- Licensed to the public under the GNU General Public License v3.
+module("luci.controller.shadowsocksr", package.seeall)
+
+function index()
+	if not nixio.fs.access("/etc/config/shadowsocksr") then
+		call("act_reset")
+	end
+	local page
+	page = entry({"admin", "services", "shadowsocksr"}, alias("admin", "services", "shadowsocksr", "client"), _("ShadowSocksR Plus+"), 10)
+	page.dependent = true
+	page.acl_depends = { "luci-app-ssr-plus" }
+	entry({"admin", "services", "shadowsocksr", "client"}, cbi("shadowsocksr/client"), _("SSR Client"), 10).leaf = true
+	entry({"admin", "services", "shadowsocksr", "servers"}, arcombine(cbi("shadowsocksr/servers", {autoapply = true}), cbi("shadowsocksr/client-config")), _("Servers Nodes"), 20).leaf = true
+	entry({"admin", "services", "shadowsocksr", "control"}, cbi("shadowsocksr/control"), _("Access Control"), 30).leaf = true
+	entry({"admin", "services", "shadowsocksr", "advanced"}, cbi("shadowsocksr/advanced"), _("Advanced Settings"), 50).leaf = true
+	entry({"admin", "services", "shadowsocksr", "server"}, arcombine(cbi("shadowsocksr/server"), cbi("shadowsocksr/server-config")), _("SSR Server"), 60).leaf = true
+	entry({"admin", "services", "shadowsocksr", "status"}, form("shadowsocksr/status"), _("Status"), 70).leaf = true
+	entry({"admin", "services", "shadowsocksr", "check"}, call("check_status"))
+	entry({"admin", "services", "shadowsocksr", "refresh"}, call("refresh_data"))
+	entry({"admin", "services", "shadowsocksr", "subscribe"}, call("subscribe"))
+	entry({"admin", "services", "shadowsocksr", "checkport"}, call("check_port"))
+	entry({"admin", "services", "shadowsocksr", "log"}, form("shadowsocksr/log"), _("Log"), 80).leaf = true
+	entry({"admin", "services", "shadowsocksr", "run"}, call("act_status"))
+	entry({"admin", "services", "shadowsocksr", "ping"}, call("act_ping"))
+	entry({"admin", "services", "shadowsocksr", "reset"}, call("act_reset"))
+	entry({"admin", "services", "shadowsocksr", "restart"}, call("act_restart"))
+	entry({"admin", "services", "shadowsocksr", "delete"}, call("act_delete"))
+end
+
+function subscribe()
+	luci.sys.call("/usr/bin/lua /usr/share/shadowsocksr/subscribe.lua >>/var/log/ssrplus.log")
+	luci.http.prepare_content("application/json")
+	luci.http.write_json({ret = 1})
+end
+
+function act_status()
+	local e = {}
+	e.running = luci.sys.call("busybox ps -w | grep ssr-retcp | grep -v grep >/dev/null") == 0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function act_ping()
+	local e = {}
+	local domain = luci.http.formvalue("domain")
+	local port = luci.http.formvalue("port")
+	local transport = luci.http.formvalue("transport")
+	local wsPath = luci.http.formvalue("wsPath")
+	local tls = luci.http.formvalue("tls")
+	e.index = luci.http.formvalue("index")
+	local iret = luci.sys.call("ipset add ss_spec_wan_ac " .. domain .. " 2>/dev/null")
+	if transport == "ws" then
+		local prefix = tls=='1' and "https://" or "http://"
+		local address = prefix..domain..':'..port..wsPath
+		local result = luci.sys.exec("curl --http1.1 -m 2 -ksN -o /dev/null -w 'time_connect=%{time_connect}\nhttp_code=%{http_code}' -H 'Connection: Upgrade' -H 'Upgrade: websocket' -H 'Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==' -H 'Sec-WebSocket-Version: 13' "..address)
+		e.socket = string.match(result,"http_code=(%d+)")=="101"
+		e.ping = tonumber(string.match(result, "time_connect=(%d+.%d%d%d)"))*1000
+	else
+		local socket = nixio.socket("inet", "stream")
+		socket:setopt("socket", "rcvtimeo", 3)
+		socket:setopt("socket", "sndtimeo", 3)
+		e.socket = socket:connect(domain, port)
+		socket:close()
+		-- 	e.ping = luci.sys.exec("ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*.[0-9]' | awk -F '=' '{print$2}'" % domain)
+		-- 	if (e.ping == "") then
+		e.ping = luci.sys.exec(string.format("echo -n $(tcping -q -c 1 -i 1 -t 2 -p %s %s 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print $2}') 2>/dev/null", port, domain))
+		-- 	end
+	end
+	if (iret == 0) then
+		luci.sys.call(" ipset del ss_spec_wan_ac " .. domain)
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function check_status()
+	local e = {}
+	e.ret = luci.sys.call("/usr/bin/ssr-check www." .. luci.http.formvalue("set") .. ".com 80 3 1")
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function refresh_data()
+	local set = luci.http.formvalue("set")
+	local retstring = loadstring("return " .. luci.sys.exec("/usr/bin/lua /usr/share/shadowsocksr/update.lua " .. set))()
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(retstring)
+end
+
+function check_port()
+	local retstring = "<br /><br />"
+	local s
+	local server_name = ""
+	local uci = luci.model.uci.cursor()
+	local iret = 1
+	uci:foreach("shadowsocksr", "servers", function(s)
+		if s.alias then
+			server_name = s.alias
+		elseif s.server and s.server_port then
+			server_name = "%s:%s" % {s.server, s.server_port}
+		end
+		iret = luci.sys.call("ipset add ss_spec_wan_ac " .. s.server .. " 2>/dev/null")
+		socket = nixio.socket("inet", "stream")
+		socket:setopt("socket", "rcvtimeo", 3)
+		socket:setopt("socket", "sndtimeo", 3)
+		ret = socket:connect(s.server, s.server_port)
+		if tostring(ret) == "true" then
+			socket:close()
+			retstring = retstring .. "<font color = 'green'>[" .. server_name .. "] OK.</font><br />"
+		else
+			retstring = retstring .. "<font color = 'red'>[" .. server_name .. "] Error.</font><br />"
+		end
+		if iret == 0 then
+			luci.sys.call("ipset del ss_spec_wan_ac " .. s.server)
+		end
+	end)
+	luci.http.prepare_content("application/json")
+	luci.http.write_json({ret = retstring})
+end
+
+function act_reset()
+	luci.sys.call("/etc/init.d/shadowsocksr reset &")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr"))
+end
+
+function act_restart()
+	luci.sys.call("/etc/init.d/shadowsocksr restart &")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr"))
+end
+
+function act_delete()
+	luci.sys.call("/etc/init.d/shadowsocksr restart &")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers"))
+end
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@ -0,0 +1,140 @@
+local uci = luci.model.uci.cursor()
+local server_table = {}
+
+uci:foreach("shadowsocksr", "servers", function(s)
+	if s.alias then
+		server_table[s[".name"]] = "[%s]:%s" % {string.upper(s.v2ray_protocol or s.type), s.alias}
+	elseif s.server and s.server_port then
+		server_table[s[".name"]] = "[%s]:%s:%s" % {string.upper(s.v2ray_protocol or s.type), s.server, s.server_port}
+	end
+end)
+
+local key_table = {}
+for key, _ in pairs(server_table) do
+	table.insert(key_table, key)
+end
+
+table.sort(key_table)
+
+m = Map("shadowsocksr")
+-- [[ global ]]--
+s = m:section(TypedSection, "global", translate("Server failsafe auto swith and custom update settings"))
+s.anonymous = true
+
+-- o = s:option(Flag, "monitor_enable", translate("Enable Process Deamon"))
+-- o.rmempty = false
+-- o.default = "1"
+
+o = s:option(Flag, "enable_switch", translate("Enable Auto Switch"))
+o.rmempty = false
+o.default = "1"
+
+o = s:option(Value, "switch_time", translate("Switch check cycly(second)"))
+o.datatype = "uinteger"
+o:depends("enable_switch", "1")
+o.default = 667
+
+o = s:option(Value, "switch_timeout", translate("Check timout(second)"))
+o.datatype = "uinteger"
+o:depends("enable_switch", "1")
+o.default = 5
+
+o = s:option(Value, "switch_try_count", translate("Check Try Count"))
+o.datatype = "uinteger"
+o:depends("enable_switch", "1")
+o.default = 3
+
+o = s:option(Value, "gfwlist_url", translate("gfwlist Update url"))
+o:value("https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt", translate("v2fly/domain-list-community"))
+o:value("https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt", translate("Loyalsoldier/v2ray-rules-dat"))
+o:value("https://fastly.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt", translate("Loukky/gfwlist-by-loukky"))
+o:value("https://fastly.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt", translate("gfwlist/gfwlist"))
+o.default = "https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt"
+
+o = s:option(Value, "chnroute_url", translate("Chnroute Update url"))
+o:value("https://ispip.clang.cn/all_cn.txt", translate("Clang.CN"))
+o:value("https://ispip.clang.cn/all_cn_cidr.txt", translate("Clang.CN.CIDR"))
+o:value("https://fastly.jsdelivr.net/gh/gaoyifan/china-operator-ip@ip-lists/china.txt", translate("china-operator-ip"))
+o.default = "https://ispip.clang.cn/all_cn.txt"
+
+o = s:option(Flag, "netflix_enable", translate("Enable Netflix Mode"))
+o.rmempty = false
+
+o = s:option(Value, "nfip_url", translate("nfip_url"))
+o:value("https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt", translate("Netflix IP Only"))
+o:value("https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/getflix.txt", translate("Netflix and AWS"))
+o.default = "https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt"
+o.description = translate("Customize Netflix IP Url")
+o:depends("netflix_enable", "1")
+
+o = s:option(ListValue, "shunt_dns_mode", translate("DNS Query Mode For Shunt Mode"))
+o:value("1", translate("Use DNS2SOCKS query and cache"))
+o:value("2", translate("Use MosDNS query"))
+o:depends("netflix_enable", "1")
+o.default = 1
+
+o = s:option(Value, "shunt_dnsserver", translate("Anti-pollution DNS Server For Shunt Mode"))
+o:value("8.8.4.4:53", translate("Google Public DNS (8.8.4.4)"))
+o:value("8.8.8.8:53", translate("Google Public DNS (8.8.8.8)"))
+o:value("208.67.222.222:53", translate("OpenDNS (208.67.222.222)"))
+o:value("208.67.220.220:53", translate("OpenDNS (208.67.220.220)"))
+o:value("209.244.0.3:53", translate("Level 3 Public DNS (209.244.0.3)"))
+o:value("209.244.0.4:53", translate("Level 3 Public DNS (209.244.0.4)"))
+o:value("4.2.2.1:53", translate("Level 3 Public DNS (4.2.2.1)"))
+o:value("4.2.2.2:53", translate("Level 3 Public DNS (4.2.2.2)"))
+o:value("4.2.2.3:53", translate("Level 3 Public DNS (4.2.2.3)"))
+o:value("4.2.2.4:53", translate("Level 3 Public DNS (4.2.2.4)"))
+o:value("1.1.1.1:53", translate("Cloudflare DNS (1.1.1.1)"))
+o:depends("shunt_dns_mode", "1")
+o.description = translate("Custom DNS Server format as IP:PORT (default: 8.8.4.4:53)")
+o.datatype = "ip4addrport"
+
+o = s:option(ListValue, "shunt_mosdns_dnsserver", translate("Anti-pollution DNS Server"))
+o:value("tcp://8.8.4.4:53,tcp://8.8.8.8:53", translate("Google Public DNS"))
+o:value("tcp://208.67.222.222:53,tcp://208.67.220.220:53", translate("OpenDNS"))
+o:value("tcp://209.244.0.3:53,tcp://209.244.0.4:53", translate("Level 3 Public DNS-1 (209.244.0.3-4)"))
+o:value("tcp://4.2.2.1:53,tcp://4.2.2.2:53", translate("Level 3 Public DNS-2 (4.2.2.1-2)"))
+o:value("tcp://4.2.2.3:53,tcp://4.2.2.4:53", translate("Level 3 Public DNS-3 (4.2.2.3-4)"))
+o:value("tcp://1.1.1.1:53,tcp://1.0.0.1:53", translate("Cloudflare DNS"))
+o:depends("shunt_dns_mode", "2")
+o.description = translate("Custom DNS Server for MosDNS")
+
+o = s:option(Flag, "shunt_mosdns_ipv6", translate("Disable IPv6 In MosDNS Query Mode (Shunt Mode)"))
+o:depends("shunt_dns_mode", "2")
+o.rmempty = false
+o.default = "0"
+
+o = s:option(Flag, "adblock", translate("Enable adblock"))
+o.rmempty = false
+
+o = s:option(Value, "adblock_url", translate("adblock_url"))
+o:value("https://raw.githubusercontent.com/neodevpro/neodevhost/master/lite_dnsmasq.conf", translate("NEO DEV HOST Lite"))
+o:value("https://raw.githubusercontent.com/neodevpro/neodevhost/master/dnsmasq.conf", translate("NEO DEV HOST Full"))
+o:value("https://anti-ad.net/anti-ad-for-dnsmasq.conf", translate("anti-AD"))
+o.default = "https://raw.githubusercontent.com/neodevpro/neodevhost/master/lite_dnsmasq.conf"
+o:depends("adblock", "1")
+o.description = translate("Support AdGuardHome and DNSMASQ format list")
+
+o = s:option(Button, "reset", translate("Reset to defaults"))
+o.rawhtml = true
+o.template = "shadowsocksr/reset"
+
+-- [[ SOCKS5 Proxy ]]--
+s = m:section(TypedSection, "socks5_proxy", translate("Global SOCKS5 Proxy Server"))
+s.anonymous = true
+
+o = s:option(ListValue, "server", translate("Server"))
+o:value("nil", translate("Disable"))
+o:value("same", translate("Same as Global Server"))
+for _, key in pairs(key_table) do
+	o:value(key, server_table[key])
+end
+o.default = "nil"
+o.rmempty = false
+
+o = s:option(Value, "local_port", translate("Local Port"))
+o.datatype = "port"
+o.default = 1080
+o.rmempty = false
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
@ -0,0 +1,187 @@
+-- Copyright (C) 2017 yushi studio <ywb94@qq.com> github.com/ywb94
+-- Copyright (C) 2018 lean <coolsnowwolf@gmail.com> github.com/coolsnowwolf
+-- Licensed to the public under the GNU General Public License v3.
+
+local m, s, sec, o
+local uci = luci.model.uci.cursor()
+
+local validation = require "luci.cbi.datatypes"
+local function is_finded(e)
+	return luci.sys.exec('type -t -p "%s"' % e) ~= "" and true or false
+end
+
+m = Map("shadowsocksr", translate("ShadowSocksR Plus+ Settings"), translate("<h3>Support SS/SSR/V2RAY/XRAY/TROJAN/NAIVEPROXY/SOCKS5/TUN etc.</h3>"))
+m:section(SimpleSection).template = "shadowsocksr/status"
+
+local server_table = {}
+uci:foreach("shadowsocksr", "servers", function(s)
+	if s.alias then
+		server_table[s[".name"]] = "[%s]:%s" % {string.upper(s.v2ray_protocol or s.type), s.alias}
+	elseif s.server and s.server_port then
+		server_table[s[".name"]] = "[%s]:%s:%s" % {string.upper(s.v2ray_protocol or s.type), s.server, s.server_port}
+	end
+end)
+
+local key_table = {}
+for key, _ in pairs(server_table) do
+	table.insert(key_table, key)
+end
+
+table.sort(key_table)
+
+-- [[ Global Setting ]]--
+s = m:section(TypedSection, "global")
+s.anonymous = true
+
+o = s:option(ListValue, "global_server", translate("Main Server"))
+o:value("nil", translate("Disable"))
+for _, key in pairs(key_table) do
+	o:value(key, server_table[key])
+end
+o.default = "nil"
+o.rmempty = false
+
+o = s:option(ListValue, "udp_relay_server", translate("Game Mode UDP Server"))
+o:value("", translate("Disable"))
+o:value("same", translate("Same as Global Server"))
+for _, key in pairs(key_table) do
+	o:value(key, server_table[key])
+end
+
+if uci:get_first("shadowsocksr", 'global', 'netflix_enable', '0') == '1' then
+o = s:option(ListValue, "netflix_server", translate("Netflix Node"))
+o:value("nil", translate("Disable"))
+o:value("same", translate("Same as Global Server"))
+for _, key in pairs(key_table) do
+	o:value(key, server_table[key])
+end
+o.default = "nil"
+o.rmempty = false
+
+o = s:option(Flag, "netflix_proxy", translate("External Proxy Mode"))
+o.rmempty = false
+o.description = translate("Forward Netflix Proxy through Main Proxy")
+o.default = "0"
+end
+
+o = s:option(ListValue, "threads", translate("Multi Threads Option"))
+o:value("0", translate("Auto Threads"))
+o:value("1", translate("1 Thread"))
+o:value("2", translate("2 Threads"))
+o:value("4", translate("4 Threads"))
+o:value("8", translate("8 Threads"))
+o:value("16", translate("16 Threads"))
+o:value("32", translate("32 Threads"))
+o:value("64", translate("64 Threads"))
+o:value("128", translate("128 Threads"))
+o.default = "0"
+o.rmempty = false
+
+o = s:option(ListValue, "run_mode", translate("Running Mode"))
+o:value("gfw", translate("GFW List Mode"))
+o:value("router", translate("IP Route Mode"))
+o:value("all", translate("Global Mode"))
+o:value("oversea", translate("Oversea Mode"))
+o.default = gfw
+
+o = s:option(ListValue, "dports", translate("Proxy Ports"))
+o:value("1", translate("All Ports"))
+o:value("2", translate("Only Common Ports"))
+o.default = 1
+
+o = s:option(ListValue, "pdnsd_enable", translate("Resolve Dns Mode"))
+o:value("1", translate("Use DNS2TCP query"))
+o:value("2", translate("Use DNS2SOCKS query and cache"))
+if is_finded("mosdns") then
+o:value("3", translate("Use MosDNS query (Not Support Oversea Mode)"))
+end
+o:value("0", translate("Use Local DNS Service listen port 5335"))
+o.default = 1
+
+o = s:option(Value, "tunnel_forward", translate("Anti-pollution DNS Server"))
+o:value("8.8.4.4:53", translate("Google Public DNS (8.8.4.4)"))
+o:value("8.8.8.8:53", translate("Google Public DNS (8.8.8.8)"))
+o:value("208.67.222.222:53", translate("OpenDNS (208.67.222.222)"))
+o:value("208.67.220.220:53", translate("OpenDNS (208.67.220.220)"))
+o:value("209.244.0.3:53", translate("Level 3 Public DNS (209.244.0.3)"))
+o:value("209.244.0.4:53", translate("Level 3 Public DNS (209.244.0.4)"))
+o:value("4.2.2.1:53", translate("Level 3 Public DNS (4.2.2.1)"))
+o:value("4.2.2.2:53", translate("Level 3 Public DNS (4.2.2.2)"))
+o:value("4.2.2.3:53", translate("Level 3 Public DNS (4.2.2.3)"))
+o:value("4.2.2.4:53", translate("Level 3 Public DNS (4.2.2.4)"))
+o:value("1.1.1.1:53", translate("Cloudflare DNS (1.1.1.1)"))
+o:value("114.114.114.114:53", translate("Oversea Mode DNS-1 (114.114.114.114)"))
+o:value("114.114.115.115:53", translate("Oversea Mode DNS-2 (114.114.115.115)"))
+o:depends("pdnsd_enable", "1")
+o:depends("pdnsd_enable", "2")
+o.description = translate("Custom DNS Server format as IP:PORT (default: 8.8.4.4:53)")
+o.datatype = "ip4addrport"
+
+o = s:option(ListValue, "tunnel_forward_mosdns", translate("Anti-pollution DNS Server"))
+o:value("tcp://8.8.4.4:53,tcp://8.8.8.8:53", translate("Google Public DNS"))
+o:value("tcp://208.67.222.222:53,tcp://208.67.220.220:53", translate("OpenDNS"))
+o:value("tcp://209.244.0.3:53,tcp://209.244.0.4:53", translate("Level 3 Public DNS-1 (209.244.0.3-4)"))
+o:value("tcp://4.2.2.1:53,tcp://4.2.2.2:53", translate("Level 3 Public DNS-2 (4.2.2.1-2)"))
+o:value("tcp://4.2.2.3:53,tcp://4.2.2.4:53", translate("Level 3 Public DNS-3 (4.2.2.3-4)"))
+o:value("tcp://1.1.1.1:53,tcp://1.0.0.1:53", translate("Cloudflare DNS"))
+o:depends("pdnsd_enable", "3")
+o.description = translate("Custom DNS Server for MosDNS")
+
+o = s:option(Flag, "mosdns_disable_ipv6", translate("Disable IPv6 in MosDNS query mode (only for Non-CN domain)"))
+o:depends("pdnsd_enable", "3")
+o.rmempty = false
+o.default = "0"
+
+if is_finded("chinadns-ng") then
+	o = s:option(Value, "chinadns_forward", translate("Domestic DNS Server"))
+	o:value("", translate("Disable ChinaDNS-NG"))
+	o:value("wan", translate("Use DNS from WAN"))
+	o:value("wan_114", translate("Use DNS from WAN and 114DNS"))
+	o:value("114.114.114.114:53", translate("Nanjing Xinfeng 114DNS (114.114.114.114)"))
+	o:value("119.29.29.29:53", translate("DNSPod Public DNS (119.29.29.29)"))
+	o:value("223.5.5.5:53", translate("AliYun Public DNS (223.5.5.5)"))
+	o:value("180.76.76.76:53", translate("Baidu Public DNS (180.76.76.76)"))
+	o:value("101.226.4.6:53", translate("DNS Pai (CT/CMCC/CU) (101.226.4.6)"))
+	o:value("123.125.81.6:53", translate("DNS Pai (CU) (123.125.81.6)"))
+	o:value("1.2.4.8:53", translate("CNNIC SDNS (1.2.4.8)"))
+	o:depends({pdnsd_enable = "1", run_mode = "router"})
+	o:depends({pdnsd_enable = "2", run_mode = "router"})
+	o.description = translate("Custom DNS Server format as IP:PORT (default: disabled)")
+	o.validate = function(self, value, section)
+		if (section and value) then
+			if value == "wan" or value == "wan_114" then
+				return value
+			end
+
+			if validation.ip4addrport(value) then
+				return value
+			end
+
+			return nil, translate("Expecting: %s"):format(translate("valid address:port"))
+		end
+
+		return value
+	end
+end
+
+if is_finded("mosdns") then
+	o = s:option(Value, "chinadns_forward_mosdns", translate("Domestic DNS Server (ChinaDNS Mode With MosDNS)"))
+	o:value("", translate("Disable ChinaDNS in MosDNS"))
+	o:value("wan", translate("Use DNS from WAN"))
+	o:value("udp://114.114.114.114:53,udp://114.114.115.115:53", translate("Nanjing Xinfeng 114DNS"))
+	o:value("udp://119.29.29.29:53,udp://119.29.29.29:53", translate("DNSPod Public DNS"))
+	o:value("udp://223.5.5.5:53,udp://223.6.6.6:53", translate("AliYun Public DNS"))
+	o:value("udp://180.76.76.76:53,udp://180.76.76.76:53", translate("Baidu Public DNS"))
+	o:value("udp://101.226.4.6:53,udp://218.30.118.6:53", translate("DNS Pai (CT/CMCC/CU)"))
+	o:value("udp://123.125.81.6:53,udp://140.207.198.6:53", translate("DNS Pai (CU)"))
+	o:value("udp://1.2.4.8:53,udp://210.2.4.8:53", translate("CNNIC SDNS"))
+	o:depends({pdnsd_enable = "3", run_mode = "router"})
+	o.description = translate("Custom DNS Server format as IP:PORT (default: disabled)")
+end
+
+o = s:option(Flag, "mosdns_dnsleak", translate("Prevent DNS leak (Only Work With ChinaDNS Mode)"))
+o:depends({pdnsd_enable = "3", run_mode = "router"})
+o.rmempty = false
+o.default = "0"
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
@ -0,0 +1,143 @@
+require "luci.ip"
+require "nixio.fs"
+local m, s, o
+
+m = Map("shadowsocksr")
+
+s = m:section(TypedSection, "access_control")
+s.anonymous = true
+
+-- Interface control
+s:tab("Interface", translate("Interface control"))
+o = s:taboption("Interface", DynamicList, "Interface", translate("Interface"))
+o.template = "cbi/network_netlist"
+o.widget = "checkbox"
+o.nocreate = true
+o.unspecified = true
+o.description = translate("Listen only on the given interface or, if unspecified, on all")
+
+-- Part of WAN
+s:tab("wan_ac", translate("WAN IP AC"))
+
+o = s:taboption("wan_ac", DynamicList, "wan_bp_ips", translate("WAN White List IP"))
+o.datatype = "ip4addr"
+
+o = s:taboption("wan_ac", DynamicList, "wan_fw_ips", translate("WAN Force Proxy IP"))
+o.datatype = "ip4addr"
+
+-- Part of LAN
+s:tab("lan_ac", translate("LAN IP AC"))
+
+o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control"))
+o:value("0", translate("Disable"))
+o:value("w", translate("Allow listed only"))
+o:value("b", translate("Allow all except listed"))
+o.rmempty = false
+
+o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({family = 4}, function(entry)
+	if entry.reachable then
+		o:value(entry.dest:string())
+	end
+end)
+o:depends("lan_ac_mode", "w")
+o:depends("lan_ac_mode", "b")
+
+o = s:taboption("lan_ac", DynamicList, "lan_bp_ips", translate("LAN Bypassed Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({family = 4}, function(entry)
+	if entry.reachable then
+		o:value(entry.dest:string())
+	end
+end)
+
+o = s:taboption("lan_ac", DynamicList, "lan_fp_ips", translate("LAN Force Proxy Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({family = 4}, function(entry)
+	if entry.reachable then
+		o:value(entry.dest:string())
+	end
+end)
+
+o = s:taboption("lan_ac", DynamicList, "lan_gm_ips", translate("Game Mode Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({family = 4}, function(entry)
+	if entry.reachable then
+		o:value(entry.dest:string())
+	end
+end)
+
+-- Part of Self
+-- s:tab("self_ac", translate("Router Self AC"))
+-- o = s:taboption("self_ac",ListValue, "router_proxy", translate("Router Self Proxy"))
+-- o:value("1", translatef("Normal Proxy"))
+-- o:value("0", translatef("Bypassed Proxy"))
+-- o:value("2", translatef("Forwarded Proxy"))
+-- o.rmempty = false
+
+s:tab("esc", translate("Bypass Domain List"))
+local escconf = "/etc/ssrplus/white.list"
+o = s:taboption("esc", TextValue, "escconf")
+o.rows = 13
+o.wrap = "off"
+o.rmempty = true
+o.cfgvalue = function(self, section)
+	return nixio.fs.readfile(escconf) or ""
+end
+o.write = function(self, section, value)
+	nixio.fs.writefile(escconf, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+	nixio.fs.writefile(escconf, "")
+end
+
+s:tab("block", translate("Black Domain List"))
+local blockconf = "/etc/ssrplus/black.list"
+o = s:taboption("block", TextValue, "blockconf")
+o.rows = 13
+o.wrap = "off"
+o.rmempty = true
+o.cfgvalue = function(self, section)
+	return nixio.fs.readfile(blockconf) or " "
+end
+o.write = function(self, section, value)
+	nixio.fs.writefile(blockconf, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+	nixio.fs.writefile(blockconf, "")
+end
+
+s:tab("denydomain", translate("Deny Domain List"))
+local denydomainconf = "/etc/ssrplus/deny.list"
+o = s:taboption("denydomain", TextValue, "denydomainconf")
+o.rows = 13
+o.wrap = "off"
+o.rmempty = true
+o.cfgvalue = function(self, section)
+	return nixio.fs.readfile(denydomainconf) or " "
+end
+o.write = function(self, section, value)
+	nixio.fs.writefile(denydomainconf, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+	nixio.fs.writefile(denydomainconf, "")
+end
+
+s:tab("netflix", translate("Netflix Domain List"))
+local netflixconf = "/etc/ssrplus/netflix.list"
+o = s:taboption("netflix", TextValue, "netflixconf")
+o.rows = 13
+o.wrap = "off"
+o.rmempty = true
+o.cfgvalue = function(self, section)
+	return nixio.fs.readfile(netflixconf) or " "
+end
+o.write = function(self, section, value)
+	nixio.fs.writefile(netflixconf, value:gsub("\r\n", "\n"))
+end
+o.remove = function(self, section, value)
+	nixio.fs.writefile(netflixconf, "")
+end
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua
@ -0,0 +1,20 @@
+require "luci.util"
+require "nixio.fs"
+f = SimpleForm("logview")
+f.reset = false
+f.submit = false
+t = f:field(TextValue, "conf")
+t.rmempty = true
+t.rows = 20
+function t.cfgvalue()
+	if nixio.fs.access("/var/log/ssrplus.log") then
+		local logs = luci.util.execi("cat /var/log/ssrplus.log")
+		local s = ""
+		for line in logs do
+			s = line .. "\n" .. s
+		end
+		return s
+	end
+end
+t.readonly = "readonly"
+return f
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
@ -0,0 +1,154 @@
+-- Copyright (C) 2017 yushi studio <ywb94@qq.com>
+-- Licensed to the public under the GNU General Public License v3.
+require "luci.http"
+require "luci.dispatcher"
+require "nixio.fs"
+
+local m, s, o
+local sid = arg[1]
+
+local encrypt_methods = {
+	"rc4-md5",
+	"rc4-md5-6",
+	"rc4",
+	"table",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"cast5-cfb",
+	"des-cfb",
+	"idea-cfb",
+	"rc2-cfb",
+	"seed-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf"
+}
+
+local encrypt_methods_ss = {
+	-- aead
+	"aes-128-gcm",
+	"aes-192-gcm",
+	"aes-256-gcm",
+	"chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
+	--[[ stream
+	"table",
+	"rc4",
+	"rc4-md5",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf" ]]
+}
+
+local protocol = {"origin"}
+
+obfs = {"plain", "http_simple", "http_post"}
+
+m = Map("shadowsocksr", translate("Edit ShadowSocksR Server"))
+
+m.redirect = luci.dispatcher.build_url("admin/services/shadowsocksr/server")
+if m.uci:get("shadowsocksr", sid) ~= "server_config" then
+	luci.http.redirect(m.redirect)
+	return
+end
+
+-- [[ Server Setting ]]--
+s = m:section(NamedSection, sid, "server_config")
+s.anonymous = true
+s.addremove = false
+
+o = s:option(Flag, "enable", translate("Enable"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(ListValue, "type", translate("Server Type"))
+o:value("socks5", translate("Socks5"))
+if nixio.fs.access("/usr/bin/ssserver") or nixio.fs.access("/usr/bin/ss-server") then
+	o:value("ss", translate("Shadowsocks"))
+end
+if nixio.fs.access("/usr/bin/ssr-server") then
+	o:value("ssr", translate("ShadowsocksR"))
+end
+o.default = "socks5"
+
+o = s:option(Value, "server_port", translate("Server Port"))
+o.datatype = "port"
+math.randomseed(tostring(os.time()):reverse():sub(1, 7))
+o.default = math.random(10240, 20480)
+o.rmempty = false
+o.description = translate("warning! Please do not reuse the port!")
+
+o = s:option(Value, "timeout", translate("Connection Timeout"))
+o.datatype = "uinteger"
+o.default = 60
+o.rmempty = false
+o:depends("type", "ss")
+o:depends("type", "ssr")
+
+o = s:option(Value, "username", translate("Username"))
+o.rmempty = false
+o:depends("type", "socks5")
+
+o = s:option(Value, "password", translate("Password"))
+o.password = true
+o.rmempty = false
+
+o = s:option(ListValue, "encrypt_method", translate("Encrypt Method"))
+for _, v in ipairs(encrypt_methods) do
+	o:value(v)
+end
+o.rmempty = false
+o:depends("type", "ssr")
+
+o = s:option(ListValue, "encrypt_method_ss", translate("Encrypt Method"))
+for _, v in ipairs(encrypt_methods_ss) do
+	o:value(v)
+end
+o.rmempty = false
+o:depends("type", "ss")
+
+o = s:option(ListValue, "protocol", translate("Protocol"))
+for _, v in ipairs(protocol) do
+	o:value(v)
+end
+o.rmempty = false
+o:depends("type", "ssr")
+
+o = s:option(ListValue, "obfs", translate("Obfs"))
+for _, v in ipairs(obfs) do
+	o:value(v)
+end
+o.rmempty = false
+o:depends("type", "ssr")
+
+o = s:option(Value, "obfs_param", translate("Obfs param(optional)"))
+o:depends("type", "ssr")
+
+o = s:option(Flag, "fast_open", translate("TCP Fast Open"))
+o.rmempty = false
+o:depends("type", "ss")
+o:depends("type", "ssr")
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
@ -0,0 +1,144 @@
+-- Copyright (C) 2017 yushi studio <ywb94@qq.com>
+-- Licensed to the public under the GNU General Public License v3.
+require "luci.http"
+require "luci.dispatcher"
+local m, sec, o
+local encrypt_methods = {
+	"table",
+	"rc4",
+	"rc4-md5",
+	"rc4-md5-6",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"cast5-cfb",
+	"des-cfb",
+	"idea-cfb",
+	"rc2-cfb",
+	"seed-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf"
+}
+
+local encrypt_methods_ss = {
+	-- aead
+	"aes-128-gcm",
+	"aes-192-gcm",
+	"aes-256-gcm",
+	"chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
+	--[[ stream
+	"table",
+	"rc4",
+	"rc4-md5",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf" ]]
+}
+
+local protocol = {
+	"origin",
+	"verify_deflate",
+	"auth_sha1_v4",
+	"auth_aes128_sha1",
+	"auth_aes128_md5",
+	"auth_chain_a"
+}
+
+obfs = {
+	"plain",
+	"http_simple",
+	"http_post",
+	"random_head",
+	"tls1.2_ticket_auth",
+	"tls1.2_ticket_fastauth"
+}
+
+m = Map("shadowsocksr")
+-- [[ Global Setting ]]--
+sec = m:section(TypedSection, "server_global", translate("Global Setting"))
+sec.anonymous = true
+
+o = sec:option(Flag, "enable_server", translate("Enable Server"))
+o.rmempty = false
+
+-- [[ Server Setting ]]--
+sec = m:section(TypedSection, "server_config", translate("Server Setting"))
+sec.anonymous = true
+sec.addremove = true
+sec.template = "cbi/tblsection"
+sec.extedit = luci.dispatcher.build_url("admin/services/shadowsocksr/server/%s")
+function sec.create(...)
+	local sid = TypedSection.create(...)
+	if sid then
+		luci.http.redirect(sec.extedit % sid)
+		return
+	end
+end
+
+o = sec:option(Flag, "enable", translate("Enable"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or translate("0")
+end
+o.rmempty = false
+
+o = sec:option(DummyValue, "type", translate("Server Type"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or "ss"
+end
+
+o = sec:option(DummyValue, "server_port", translate("Server Port"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or "-"
+end
+
+o = sec:option(DummyValue, "username", translate("Username"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or "-"
+end
+
+o = sec:option(DummyValue, "encrypt_method", translate("Encrypt Method"))
+function o.cfgvalue(...)
+	local v = Value.cfgvalue(...)
+	return v and v:upper() or "-"
+end
+
+o = sec:option(DummyValue, "encrypt_method_ss", translate("Encrypt Method"))
+function o.cfgvalue(...)
+	local v = Value.cfgvalue(...)
+	return v and v:upper() or "-"
+end
+
+o = sec:option(DummyValue, "protocol", translate("Protocol"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or "-"
+end
+
+o = sec:option(DummyValue, "obfs", translate("Obfs"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or "-"
+end
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
@ -0,0 +1,151 @@
+-- Licensed to the public under the GNU General Public License v3.
+require "luci.http"
+require "luci.dispatcher"
+require "luci.model.uci"
+local m, s, o
+local uci = luci.model.uci.cursor()
+local server_count = 0
+uci:foreach("shadowsocksr", "servers", function(s)
+	server_count = server_count + 1
+end)
+
+m = Map("shadowsocksr", translate("Servers subscription and manage"))
+
+-- Server Subscribe
+s = m:section(TypedSection, "server_subscribe")
+s.anonymous = true
+
+o = s:option(Flag, "auto_update", translate("Auto Update"))
+o.rmempty = false
+o.description = translate("Auto Update Server subscription, GFW list and CHN route")
+
+o = s:option(ListValue, "auto_update_time", translate("Update time (every day)"))
+for t = 0, 23 do
+	o:value(t, t .. ":00")
+end
+o.default = 2
+o.rmempty = false
+
+o = s:option(DynamicList, "subscribe_url", translate("Subscribe URL"))
+o.rmempty = true
+
+o = s:option(Value, "filter_words", translate("Subscribe Filter Words"))
+o.rmempty = true
+o.description = translate("Filter Words splited by /")
+
+o = s:option(Value, "save_words", translate("Subscribe Save Words"))
+o.rmempty = true
+o.description = translate("Save Words splited by /")
+
+o = s:option(Button, "update_Sub", translate("Update Subscribe List"))
+o.inputstyle = "reload"
+o.description = translate("Update subscribe url list first")
+o.write = function()
+	uci:commit("shadowsocksr")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers"))
+end
+
+o = s:option(Flag, "switch", translate("Subscribe Default Auto-Switch"))
+o.rmempty = false
+o.description = translate("Subscribe new add server default Auto-Switch on")
+o.default = "1"
+
+o = s:option(Flag, "proxy", translate("Through proxy update"))
+o.rmempty = false
+o.description = translate("Through proxy update list, Not Recommended ")
+
+o = s:option(Button, "subscribe", translate("Update All Subscribe Servers"))
+o.rawhtml = true
+o.template = "shadowsocksr/subscribe"
+
+o = s:option(Button, "delete", translate("Delete All Subscribe Servers"))
+o.inputstyle = "reset"
+o.description = string.format(translate("Server Count") .. ": %d", server_count)
+o.write = function()
+	uci:delete_all("shadowsocksr", "servers", function(s)
+		if s.hashkey or s.isSubscribe then
+			return true
+		else
+			return false
+		end
+	end)
+	uci:save("shadowsocksr")
+	uci:commit("shadowsocksr")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "delete"))
+	return
+end
+
+-- [[ Servers Manage ]]--
+s = m:section(TypedSection, "servers")
+s.anonymous = true
+s.addremove = true
+s.template = "cbi/tblsection"
+s.sortable = true
+s.extedit = luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers", "%s")
+function s.create(...)
+	local sid = TypedSection.create(...)
+	if sid then
+		luci.http.redirect(s.extedit % sid)
+		return
+	end
+end
+
+o = s:option(DummyValue, "type", translate("Type"))
+function o.cfgvalue(self, section)
+	return m:get(section, "v2ray_protocol") or Value.cfgvalue(self, section) or translate("None")
+end
+
+o = s:option(DummyValue, "alias", translate("Alias"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or translate("None")
+end
+
+o = s:option(DummyValue, "server_port", translate("Server Port"))
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or "N/A"
+end
+
+o = s:option(DummyValue, "server_port", translate("Socket Connected"))
+o.template = "shadowsocksr/socket"
+o.width = "10%"
+o.render = function(self, section, scope)
+	self.transport = s:cfgvalue(section).transport
+	if self.transport == 'ws' then
+		self.ws_path = s:cfgvalue(section).ws_path
+		self.tls = s:cfgvalue(section).tls
+	end
+	DummyValue.render(self, section, scope)
+end
+
+o = s:option(DummyValue, "server", translate("Ping Latency"))
+o.template = "shadowsocksr/ping"
+o.width = "10%"
+
+local global_server = uci:get_first('shadowsocksr', 'global', 'global_server') 
+
+node = s:option(Button, "apply_node", translate("Apply"))
+node.inputstyle = "apply"
+node.render = function(self, section, scope)
+	if section == global_server then
+		self.title = translate("Reapply")
+	else
+		self.title = translate("Apply")
+	end
+	Button.render(self, section, scope)
+end
+node.write = function(self, section)
+	uci:set("shadowsocksr", '@global[0]', 'global_server', section)
+	uci:save("shadowsocksr")
+	uci:commit("shadowsocksr")
+	luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "restart"))
+end
+
+o = s:option(Flag, "switch_enable", translate("Auto Switch"))
+o.rmempty = false
+function o.cfgvalue(...)
+	return Value.cfgvalue(...) or 1
+end
+
+m:append(Template("shadowsocksr/server_list"))
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua
@ -0,0 +1,214 @@
+-- Copyright (C) 2017 yushi studio <ywb94@qq.com>
+-- Licensed to the public under the GNU General Public License v3.
+require "nixio.fs"
+require "luci.sys"
+require "luci.model.uci"
+local m, s, o
+local redir_run = 0
+local reudp_run = 0
+local sock5_run = 0
+local server_run = 0
+local kcptun_run = 0
+local tunnel_run = 0
+local gfw_count = 0
+local ad_count = 0
+local ip_count = 0
+local nfip_count = 0
+local mainland_domain_count = 0
+local non_mainland_domain_count = 0
+local Process_list = luci.sys.exec("busybox ps -w")
+local uci = luci.model.uci.cursor()
+-- html constants
+font_blue = [[<b style=color:green>]]
+style_blue = [[<b style=color:red>]]
+font_off = [[</b>]]
+bold_on = [[<strong>]]
+bold_off = [[</strong>]]
+local kcptun_version = translate("Unknown")
+local kcp_file = "/usr/bin/kcptun-client"
+if not nixio.fs.access(kcp_file) then
+	kcptun_version = translate("Not exist")
+else
+	if not nixio.fs.access(kcp_file, "rwx", "rx", "rx") then
+		nixio.fs.chmod(kcp_file, 755)
+	end
+	kcptun_version = "<b>" ..luci.sys.exec(kcp_file .. " -v | awk '{printf $3}'") .. "</b>"
+	if not kcptun_version or kcptun_version == "" then
+		kcptun_version = translate("Unknown")
+	end
+end
+
+if nixio.fs.access("/etc/ssrplus/gfw_list.conf") then
+	gfw_count = tonumber(luci.sys.exec("cat /etc/ssrplus/gfw_list.conf | wc -l")) / 2
+end
+
+if nixio.fs.access("/etc/ssrplus/ad.conf") then
+	ad_count = tonumber(luci.sys.exec("cat /etc/ssrplus/ad.conf | wc -l"))
+end
+
+if nixio.fs.access("/etc/ssrplus/china_ssr.txt") then
+	ip_count = tonumber(luci.sys.exec("cat /etc/ssrplus/china_ssr.txt | wc -l"))
+end
+
+if nixio.fs.access("/etc/ssrplus/netflixip.list") then
+	nfip_count = tonumber(luci.sys.exec("cat /etc/ssrplus/netflixip.list | wc -l"))
+end
+
+if nixio.fs.access("/etc/ssrplus/mosdns-chinadns/geosite_cn.txt") then
+	mainland_domain_count = tonumber(luci.sys.exec("cat /etc/ssrplus/mosdns-chinadns/geosite_cn.txt | wc -l"))
+end
+
+if nixio.fs.access("/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt") then
+	non_mainland_domain_count = tonumber(luci.sys.exec("cat /etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt | wc -l"))
+end
+
+if Process_list:find("udp.only.ssr.reudp") then
+	reudp_run = 1
+end
+
+if Process_list:find("tcp.only.ssr.retcp") then
+	redir_run = 1
+end
+
+if Process_list:find("tcp.udp.ssr.local") then
+	sock5_run = 1
+end
+
+if Process_list:find("tcp.udp.ssr.retcp") then
+	redir_run = 1
+	reudp_run = 1
+end
+
+if Process_list:find("local.ssr.retcp") then
+	redir_run = 1
+	sock5_run = 1
+end
+
+if Process_list:find("local.udp.ssr.retcp") then
+	reudp_run = 1
+	redir_run = 1
+	sock5_run = 1
+end
+
+if Process_list:find("kcptun.client") then
+	kcptun_run = 1
+end
+
+if Process_list:find("ssr.server") then
+	server_run = 1
+end
+
+if Process_list:find("ssrplus/bin/dns2tcp") or Process_list:find("ssrplus/bin/mosdns") or (Process_list:find("ssrplus.dns") and Process_list:find("dns2socks.127.0.0.1.*127.0.0.1.5335")) then
+	pdnsd_run = 1
+end
+
+m = SimpleForm("Version")
+m.reset = false
+m.submit = false
+
+s = m:field(DummyValue, "redir_run", translate("Global Client"))
+s.rawhtml = true
+if redir_run == 1 then
+	s.value = font_blue .. bold_on .. translate("Running") .. bold_off .. font_off
+else
+	s.value = style_blue .. bold_on .. translate("Not Running") .. bold_off .. font_off
+end
+
+s = m:field(DummyValue, "reudp_run", translate("Game Mode UDP Relay"))
+s.rawhtml = true
+if reudp_run == 1 then
+	s.value = font_blue .. bold_on .. translate("Running") .. bold_off .. font_off
+else
+	s.value = style_blue .. bold_on .. translate("Not Running") .. bold_off .. font_off
+end
+
+if uci:get_first("shadowsocksr", 'global', 'pdnsd_enable', '0') ~= '0' then
+	s = m:field(DummyValue, "pdnsd_run", translate("DNS Anti-pollution"))
+	s.rawhtml = true
+	if pdnsd_run == 1 then
+		s.value = font_blue .. bold_on .. translate("Running") .. bold_off .. font_off
+	else
+		s.value = style_blue .. bold_on .. translate("Not Running") .. bold_off .. font_off
+	end
+end
+
+s = m:field(DummyValue, "sock5_run", translate("Global SOCKS5 Proxy Server"))
+s.rawhtml = true
+if sock5_run == 1 then
+	s.value = font_blue .. bold_on .. translate("Running") .. bold_off .. font_off
+else
+	s.value = style_blue .. bold_on .. translate("Not Running") .. bold_off .. font_off
+end
+
+s = m:field(DummyValue, "server_run", translate("Local Servers"))
+s.rawhtml = true
+if server_run == 1 then
+	s.value = font_blue .. bold_on .. translate("Running") .. bold_off .. font_off
+else
+	s.value = style_blue .. bold_on .. translate("Not Running") .. bold_off .. font_off
+end
+
+if nixio.fs.access("/usr/bin/kcptun-client") then
+	s = m:field(DummyValue, "kcp_version", translate("KcpTun Version"))
+	s.rawhtml = true
+	s.value = kcptun_version
+	s = m:field(DummyValue, "kcptun_run", translate("KcpTun"))
+	s.rawhtml = true
+	if kcptun_run == 1 then
+		s.value = font_blue .. bold_on .. translate("Running") .. bold_off .. font_off
+	else
+		s.value = style_blue .. bold_on .. translate("Not Running") .. bold_off .. font_off
+	end
+end
+
+s = m:field(DummyValue, "google", translate("Google Connectivity"))
+s.value = translate("No Check")
+s.template = "shadowsocksr/check"
+
+s = m:field(DummyValue, "baidu", translate("Baidu Connectivity"))
+s.value = translate("No Check")
+s.template = "shadowsocksr/check"
+
+s = m:field(DummyValue, "gfw_data", translate("GFW List Data"))
+s.rawhtml = true
+s.template = "shadowsocksr/refresh"
+s.value = gfw_count .. " " .. translate("Records")
+
+s = m:field(DummyValue, "ip_data", translate("China IP Data"))
+s.rawhtml = true
+s.template = "shadowsocksr/refresh"
+s.value = ip_count .. " " .. translate("Records")
+
+if uci:get_first("shadowsocksr", 'global', 'netflix_enable', '0') ~= '0' then
+	s = m:field(DummyValue, "nfip_data", translate("Netflix IP Data"))
+	s.rawhtml = true
+	s.template = "shadowsocksr/refresh"
+	s.value = nfip_count .. " " .. translate("Records")
+end
+
+if uci:get_first("shadowsocksr", 'global', 'pdnsd_enable', '0') == '3' then
+	s = m:field(DummyValue, "geo_data", translate("Loyalsoldier's GeoData"))
+	s.rawhtml = true
+	s.template = "shadowsocksr/refresh"
+
+	s = m:field(DummyValue, "mainland_domain_count", translate("Loyalsoldier's GeoData: Mainland Domain Data"))
+	s.rawhtml = true
+	s.value = mainland_domain_count .. " " .. translate("Records")
+
+	s = m:field(DummyValue, "non_mainland_domain_count", translate("Loyalsoldier's GeoData: Non-Mainland Domain Data"))
+	s.rawhtml = true
+	s.value = non_mainland_domain_count .. " " .. translate("Records")
+end
+
+if uci:get_first("shadowsocksr", 'global', 'adblock', '0') == '1' then
+	s = m:field(DummyValue, "ad_data", translate("Advertising Data"))
+	s.rawhtml = true
+	s.template = "shadowsocksr/refresh"
+	s.value = ad_count .. " " .. translate("Records")
+end
+
+s = m:field(DummyValue, "check_port", translate("Check Server Port"))
+s.template = "shadowsocksr/checkport"
+s.value = translate("No Check")
+
+return m
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm
@ -0,0 +1,4 @@
+<%+cbi/valueheader%>
+	<input class="cbi-input-file" style="width: 400px" type="file" id="ulfile" name="ulfile" />
+	<input type="submit" class="cbi-button cbi-input-apply" name="upload" value="<%:Upload%>" />
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/check.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/check.htm
@ -0,0 +1,29 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">//<![CDATA[
+	function check_connect(btn,urlname)
+	{
+		btn.disabled = true;
+		btn.value    = '<%:Check...%>';
+		murl=urlname;
+		XHR.get('<%=luci.dispatcher.build_url("admin", "services", "shadowsocksr","check")%>',
+			{ set:murl },
+			function(x,rv)
+			{
+			var s = document.getElementById(urlname+'-status');
+			if (s)
+			{
+				if (rv.ret=="0")
+				s.innerHTML ="<font color='green'>"+"<%:Connect OK%>"+"</font>";
+				else
+				s.innerHTML ="<font color='red'>"+"<%:Connect Error%>"+"</font>";
+			}
+				btn.disabled = false;
+				btn.value    = '<%:Check Connect%>';
+			}
+		);
+		return false;
+	}
+//]]></script>
+<input type="button" class="btn cbi-button cbi-button-apply" value="<%:Check Connect%>" onclick="return check_connect(this,'<%=self.option%>')" />
+<span id="<%=self.option%>-status"><em><%=self.value%></em></span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm
@ -0,0 +1,25 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">//<![CDATA[
+	function check_port(btn)
+	{
+		btn.disabled = true;
+		btn.value    = '<%:Check...%>';
+		XHR.get('<%=luci.dispatcher.build_url("admin", "services", "shadowsocksr","checkport")%>',
+			null,
+			function(x,rv)
+			{
+			var s = document.getElementById('<%=self.option%>-status');
+			if (s)
+			{
+				s.innerHTML =rv.ret;
+			}
+				btn.disabled = false;
+				btn.value    = '<%:Check Server%>';
+			}
+		);
+		return false;
+	}
+//]]></script>
+<input type="button" class="btn cbi-button cbi-button-apply" value="<%:Check Server%>" onclick="return check_port(this)" />
+<span id="<%=self.option%>-status"><em><%=self.value%></em></span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/ping.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/ping.htm
@ -0,0 +1,3 @@
+<%+cbi/valueheader%>
+<span class="pingtime" hint="<%=self:cfgvalue(section)%>">-- ms</span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/refresh.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/refresh.htm
@ -0,0 +1,37 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">//<![CDATA[
+	function refresh_data(btn,dataname)
+	{
+		btn.disabled = true;
+		btn.value = '<%:Refresh...%> ';
+		murl=dataname;
+		XHR.get('<%=luci.dispatcher.build_url("admin", "services", "shadowsocksr","refresh")%>',
+			{ set:murl },
+			function(x,rv)
+			{
+			var s = document.getElementById(dataname+'-status');
+			if (s)
+			{
+				switch (rv.ret)
+				{
+					case 0:
+						s.innerHTML ="<font color='green'>"+"<%:Refresh OK!%> "+"<%:Total Records:%>"+rv.retcount+"</font>";
+						break;
+					case 1:
+						s.innerHTML ="<font color='green'>"+"<%:No new data!%> "+"</font>";
+						break;
+					default:
+						s.innerHTML ="<font color='red'>"+"<%:Refresh Error!%> "+"</font>";
+						break;
+				}
+			}
+				btn.disabled = false;
+				btn.value    = '<%:Refresh Data %>';
+			}
+		);
+		return false;
+	}
+//]]></script>
+<input type="button" class="btn cbi-button cbi-button-reload" value="<%:Refresh Data%> " onclick="return refresh_data(this,'<%=self.option%>')" />
+<span id="<%=self.option%>-status"><em><%=self.value%></em></span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/reset.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/reset.htm
@ -0,0 +1,25 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">//<![CDATA[
+	function reset(btn,dataname) {
+		var s = document.getElementById(dataname + '-status');
+		var reset = prompt('<%:Really reset all changes?%><%:Please fill in reset%>',"")
+		if (reset == null || reset == "") {
+			return false;
+		}
+		if (reset != "reset") {
+			s.innerHTML = "<font color='red'><%:The content entered is incorrect!%></font>";
+			return false;
+		}
+		btn.disabled = true;
+		btn.value    = '<%:Perform reset%>';
+		murl=dataname;
+		XHR.get('<%=luci.dispatcher.build_url("admin", "services", "shadowsocksr","reset")%>', { set:murl }, function(x,rv) {
+			btn.value    = '<%:Reset complete%>';
+			s.innerHTML = "<font color='green'><%:Reset complete%></font>";
+		});
+		return false;
+	}
+//]]></script>
+<input type="button" class="btn cbi-button cbi-button-reset" value="<%:Perform reset%> " onclick="return reset(this,'<%=self.option%>')" />
+<span id="<%=self.option%>-status"></span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm
@ -0,0 +1,145 @@
+<%#
+ Copyright 2018-2019 Lienol <lawlienol@gmail.com>
+ Licensed to the public under the Apache License 2.0.
+-%>
+<script type="text/javascript">
+	//<![CDATA[
+	window.addEventListener('load',function(){
+		const doms = document.getElementsByClassName('pingtime');
+		const ports = document.getElementsByClassName("socket-connected");
+		const transports = document.getElementsByClassName("transport");
+		const wsPaths = document.getElementsByClassName("wsPath");
+		const tlss = document.getElementsByClassName("tls");
+		const xhr = (index) => {
+			return new Promise((res) => {
+				const dom = doms[index];
+				const port = ports[index];
+				const transport = transports[index];
+				const wsPath = wsPaths[index];
+				const tls = tlss[index];
+				if (!dom) res()
+				port.innerHTML = '<font color="#0072c3">connect</font>';
+				XHR.get('<%=luci.dispatcher.build_url("admin/services/shadowsocksr/ping")%>', {
+					index,
+					domain: dom.getAttribute("hint"),
+					port: port.getAttribute("hint"),
+					transport: transport.getAttribute("hint"),
+					wsPath: wsPath.getAttribute("hint"),
+					tls: tls.getAttribute("hint")
+				},
+				(x, result) => {
+					let col = '#ff0000';
+					if (result.ping) {
+						if (result.ping < 300) col = '#ff3300';
+						if (result.ping < 200) col = '#ff7700';
+						if (result.ping < 100) col = '#249400';
+					}
+					dom.innerHTML = `<font color="${col}">${(result.ping ? result.ping : "--") + " ms"}</font>`
+					if (result.socket) {
+						port.innerHTML = '<font color="#249400">ok</font>';
+					} else {
+						port.innerHTML = '<font color="#ff0000">fail</font>';
+					}
+					res();
+				});
+			})
+		}
+		let task = -1;
+		const thread = () => {
+			task = task + 1
+			if (doms[task]) {
+				xhr(task).then(thread);
+			}
+		}
+		for (let i = 0; i < 20; i++) {
+			thread()
+		}
+	})
+
+	function cbi_row_drop(fromId, toId, store, isToBottom) {
+		var fromNode = document.getElementById(fromId);
+		var toNode = document.getElementById(toId);
+		if (!fromNode || !toNode) return false;
+
+		var table = fromNode.parentNode;
+		while (table && table.nodeName.toLowerCase() != "table")
+			table = table.parentNode;
+		if (!table) return false;
+
+		var ids = [];
+		if (isToBottom) {
+			toNode.parentNode.appendChild(fromNode);
+		} else {
+			fromNode.parentNode.insertBefore(fromNode, toNode);
+		}
+		for (var idx = 2; idx < table.rows.length; idx++) {
+			table.rows[idx].className = table.rows[idx].className.replace(
+				/cbi-rowstyle-[12]/,
+				"cbi-rowstyle-" + (1 + (idx % 2))
+			);
+
+			if (table.rows[idx].id && table.rows[idx].id.match(/-([^\-]+)$/))
+				ids.push(RegExp.$1);
+		}
+		var input = document.getElementById(store);
+		if (input) input.value = ids.join(" ");
+		return false;
+	}
+	// set tr draggable
+	function enableDragForTable(table_selecter, store) {
+		var trs = document.querySelectorAll(table_selecter + " tr");
+		if (!trs || trs.length.length < 3) {
+			return;
+		}
+		function ondragstart(ev) {
+			ev.dataTransfer.setData("Text", ev.target.id);
+		}
+		function ondrop(ev) {
+			var from = ev.dataTransfer.getData("Text");
+			cbi_row_drop(from, this.id, store);
+		}
+		function ondragover(ev) {
+			ev.preventDefault();
+			ev.dataTransfer.dropEffect = "move";
+		}
+		function moveToTop(id) {
+			var top = document.querySelectorAll(table_selecter + " tr")[2];
+			cbi_row_drop(id, top.id, store);
+		}
+		function moveToBottom(id) {
+			console.log('moveToBottom:', id);
+			var trList = document.querySelectorAll(table_selecter + " tr");
+			var bottom = trList[trList.length - 1];
+			cbi_row_drop(id, bottom.id, store, true);
+		}
+		for (let index = 2; index < trs.length; index++) {
+			const el = trs[index];
+			el.setAttribute("draggable", true);
+			el.ondragstart = ondragstart;
+			el.ondrop = ondrop;
+			el.ondragover = ondragover;
+			// reset the behaviors of the btns
+			var upBtns = el.querySelectorAll(".cbi-button.cbi-button-up");
+			if (upBtns && upBtns.length > 0) {
+				upBtns.forEach(function (_el) {
+					_el.onclick = function () {
+						moveToTop(el.id);
+					};
+				});
+			}
+			var downBtns = el.querySelectorAll(".cbi-button.cbi-button-down");
+			if (downBtns && downBtns.length > 0) {
+				downBtns.forEach(function (_el) {
+					_el.onclick = function () {
+						moveToBottom(el.id);
+					};
+				});
+			}
+		}
+	}
+	// enable
+	enableDragForTable(
+		"#cbi-shadowsocksr-servers table",
+		"cbi.sts.shadowsocksr.servers"
+	);
+</script>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/socket.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/socket.htm
@ -0,0 +1,6 @@
+<%+cbi/valueheader%>
+<span class="socket-connected" hint="<%=self:cfgvalue(section)%>">wait</span>
+<span class="transport" hint="<%=self.transport%>"></span>
+<span class="wsPath" hint="<%=self.ws_path%>"></span>
+<span class="tls" hint="<%=self.tls%>"></span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
@ -0,0 +1,370 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">
+//<![CDATA[
+function padright(str, cnt, pad) {
+	return str + Array(cnt + 1).join(pad);
+}
+
+function b64EncodeUnicode(str) {
+	return btoa(encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, function (match, p1) {
+		return String.fromCharCode('0x' + p1);
+	}));
+}
+
+function b64encutf8safe(str) {
+	return b64EncodeUnicode(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, '');
+}
+
+function b64DecodeUnicode(str) {
+	return decodeURIComponent(Array.prototype.map.call(atob(str), function (c) {
+		return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
+	}).join(''));
+}
+
+function b64decutf8safe(str) {
+	var l;
+	str = str.replace(/-/g, "+").replace(/_/g, "/");
+	l = str.length;
+	l = (4 - l % 4) % 4;
+	if (l) str = padright(str, l, "=");
+	return b64DecodeUnicode(str);
+}
+
+function b64encsafe(str) {
+	return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, '')
+}
+
+function b64decsafe(str) {
+	var l;
+	str = str.replace(/-/g, "+").replace(/_/g, "/");
+	l = str.length;
+	l = (4 - l % 4) % 4;
+	if (l) str = padright(str, l, "=");
+	return atob(str);
+}
+
+function dictvalue(d, key) {
+	var v = d[key];
+	if (typeof (v) == 'undefined' || v == '') return '';
+	return b64decsafe(v);
+}
+
+function export_ssr_url(btn, urlname, sid) {
+	var s = document.getElementById(urlname + '-status');
+	if (!s) return false;
+	var v_server = document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0];
+	var v_port = document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0];
+	var v_protocol = document.getElementsByName('cbid.shadowsocksr.' + sid + '.protocol')[0];
+	var v_method = document.getElementsByName('cbid.shadowsocksr.' + sid + '.encrypt_method')[0];
+	var v_obfs = document.getElementsByName('cbid.shadowsocksr.' + sid + '.obfs')[0];
+	var v_password = document.getElementsByName('cbid.shadowsocksr.' + sid + '.password')[0];
+	var v_obfs_param = document.getElementsByName('cbid.shadowsocksr.' + sid + '.obfs_param')[0];
+	var v_protocol_param = document.getElementsByName('cbid.shadowsocksr.' + sid + '.protocol_param')[0];
+	var v_alias = document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0];
+	var ssr_str = v_server.value + ":" + v_port.value + ":" + v_protocol.value + ":" + v_method.value + ":" + v_obfs.value + ":" + b64encsafe(v_password.value) + "/?obfsparam=" + b64encsafe(v_obfs_param.value) + "&protoparam=" + b64encsafe(v_protocol_param.value) + "&remarks=" + b64encutf8safe(v_alias.value);
+	var textarea = document.createElement("textarea");
+	textarea.textContent = "ssr://" + b64encsafe(ssr_str);
+	textarea.style.position = "fixed";
+	document.body.appendChild(textarea);
+	textarea.select();
+	try {
+		document.execCommand("copy"); // Security exception may be thrown by some browsers.
+		s.innerHTML = "<font color='green'><%:Copy SSR to clipboard successfully.%></font>";
+	} catch (ex) {
+		s.innerHTML = "<font color='red'><%:Unable to copy SSR to clipboard.%></font>";
+	} finally {
+		document.body.removeChild(textarea);
+	}
+	return false;
+}
+
+function import_ssr_url(btn, urlname, sid) {
+		var s = document.getElementById(urlname + '-status');
+		if (!s) return false;
+		var ssrurl = prompt("<%:Paste sharing link here%>", "");
+		if (ssrurl == null || ssrurl == "") {
+			s.innerHTML = "<font color='red'><%:User cancelled.%></font>";
+			return false;
+		}
+		s.innerHTML = "";
+		//var ssu = ssrurl.match(/ssr:\/\/([A-Za-z0-9_-]+)/i);
+		var ssu = ssrurl.split('://');
+		//console.log(ssu.length);
+		var event = document.createEvent("HTMLEvents");
+		event.initEvent("change", true, true);
+		switch (ssu[0]) {
+		case "hysteria":
+			try {
+				var url = new URL("http://" + ssu[1]);
+				var params = url.searchParams;
+			} catch(e) {
+				alert(e);
+				return false;
+			}
+
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = ssu[0];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = url.hostname;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = url.port || "80";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.hysteria_protocol')[0].value = params.get("protocol") || "udp";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.auth_type')[0].value = params.get("auth") ? "2" : "0";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.auth_type')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.auth_payload')[0].value = params.get("auth") || "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.uplink_capacity')[0].value = params.get("upmbps") || "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.downlink_capacity')[0].value = params.get("downmbps") || "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.seed')[0].value = params.get("obfsParam") || "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_host')[0].value = params.get("peer") || "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_tls_alpn')[0].value = params.get("alpn") || "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.insecure')[0].checked = params.get("insecure") ? true : false;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = url.hash ? decodeURIComponent(url.hash.slice(1)) : "";
+
+			s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			return false;
+		case "ss":
+			var url0, param = "";
+			var sipIndex = ssu[1].indexOf("@");
+			var ploc = ssu[1].indexOf("#");
+			if (ploc > 0) {
+				url0 = ssu[1].substr(0, ploc);
+				param = ssu[1].substr(ploc + 1);
+			} else {
+				url0 = ssu[1];
+			}
+			if (sipIndex != -1) {
+				// SIP002
+				var userInfo = b64decsafe(url0.substr(0, sipIndex));
+				var temp = url0.substr(sipIndex + 1).split("/?");
+				var serverInfo = temp[0].split(":");
+				var server = serverInfo[0];
+				var port = serverInfo[1].replace("/","");
+				var method, password, plugin, pluginOpts;
+				if (temp[1]) {
+					var pluginInfo = decodeURIComponent(temp[1]);
+					var pluginIndex = pluginInfo.indexOf(";");
+					var pluginNameInfo = pluginInfo.substr(0, pluginIndex);
+					plugin = pluginNameInfo.substr(pluginNameInfo.indexOf("=") + 1);
+					pluginOpts = pluginInfo.substr(pluginIndex + 1);
+				}
+				var userInfoSplitIndex = userInfo.indexOf(":");
+				if (userInfoSplitIndex != -1) {
+					method = userInfo.substr(0, userInfoSplitIndex);
+					password = userInfo.substr(userInfoSplitIndex + 1);
+				}
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = ssu[0];
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = server;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = port;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.password')[0].value = password || "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.encrypt_method_ss')[0].value = method || "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.plugin')[0].value = plugin || "none";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.plugin')[0].dispatchEvent(event);
+				if (plugin != undefined) {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.plugin_opts')[0].value = pluginOpts || "";
+				}
+				if (param != undefined) {
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = decodeURI(param);
+				}
+				s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			} else {
+				var sstr = b64decsafe(url0);
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = ssu[0];
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+				var team = sstr.split('@');
+				var part1 = team[0].split(':');
+				var part2 = team[1].split(':');
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = part2[0];
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = part2[1];
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.password')[0].value = part1[1];
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.encrypt_method_ss')[0].value = part1[0];
+				if (param != undefined) {
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = decodeURI(param);
+				}
+				s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			}
+			return false;
+		case "ssr":
+			var sstr = b64decsafe(ssu[1]);
+			var ploc = sstr.indexOf("/?");
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = ssu[0];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+			var url0, param = "";
+			if (ploc > 0) {
+				url0 = sstr.substr(0, ploc);
+				param = sstr.substr(ploc + 2);
+			}
+			var ssm = url0.match(/^(.+):([^:]+):([^:]*):([^:]+):([^:]*):([^:]+)/);
+			if (!ssm || ssm.length < 7) return false;
+			var pdict = {};
+			if (param.length > 2) {
+				var a = param.split('&');
+				for (var i = 0; i < a.length; i++) {
+					var b = a[i].split('=');
+					pdict[decodeURIComponent(b[0])] = decodeURIComponent(b[1] || '');
+				}
+			}
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = ssm[1];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = ssm[2];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.protocol')[0].value = ssm[3];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.encrypt_method')[0].value = ssm[4];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.obfs')[0].value = ssm[5];
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.password')[0].value = b64decsafe(ssm[6]);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.obfs_param')[0].value = dictvalue(pdict, 'obfsparam');
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.protocol_param')[0].value = dictvalue(pdict, 'protoparam');
+			var rem = pdict['remarks'];
+			if (typeof (rem) != 'undefined' && rem != '' && rem.length > 0) document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = b64decutf8safe(rem);
+			s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			return false;
+		case "trojan":
+			try {
+				var url = new URL("http://" + ssu[1]);
+			} catch(e) {
+				alert(e)
+				return false;
+			}
+
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = url.hash ? decodeURIComponent(url.hash.slice(1)) : "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = "v2ray";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.v2ray_protocol')[0].value = "trojan";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.v2ray_protocol')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = url.hostname;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = url.port || "80";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.password')[0].value = decodeURIComponent(url.username);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].checked = true;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_host')[0].value = url.searchParams.get("sni");
+
+			s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			return false;
+		case "vmess":
+			var sstr = b64DecodeUnicode(ssu[1]);
+			var ploc = sstr.indexOf("/?");
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = "v2ray";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.v2ray_protocol')[0].value = "vmess";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.v2ray_protocol')[0].dispatchEvent(event);
+			var url0, param = "";
+			if (ploc > 0) {
+				url0 = sstr.substr(0, ploc);
+				param = sstr.substr(ploc + 2);
+			}
+			var ssm = JSON.parse(sstr);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = ssm.ps;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = ssm.add;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = ssm.port;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.vmess_id')[0].value = ssm.id;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.transport')[0].value = ssm.net;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.transport')[0].dispatchEvent(event);
+			if (ssm.net == "tcp") {
+				if (ssm.type && ssm.type != "http") {
+					ssm.type = "none"
+				}
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tcp_guise')[0].value = ssm.type;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tcp_guise')[0].dispatchEvent(event);
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.http_host')[0].value = ssm.host;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.http_path')[0].value = ssm.path;
+			}
+			if (ssm.net == "ws") {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.ws_host')[0].value = ssm.host;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.ws_path')[0].value = ssm.path;
+			}
+			if (ssm.net == "h2") {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.h2_host')[0].value = ssm.host;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.h2_path')[0].value = ssm.path;
+			}
+			if (ssm.net == "quic") {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_security')[0].value = ssm.securty;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_key')[0].value = ssm.key;
+			}
+			if (ssm.net == "kcp") {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.kcp_guise')[0].value = ssm.type;
+			}
+			if (ssm.tls == "tls") {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].checked = true;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].dispatchEvent(event);
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_host')[0].value = ssm.sni || ssm.host;
+			}
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.mux')[0].checked = true;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.mux')[0].dispatchEvent(event);
+			s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			return false;
+		case "vless":
+			try {
+				var url = new URL("http://" + ssu[1]);
+				var params = url.searchParams;
+			} catch(e) {
+				alert(e)
+				return false;
+			}
+
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.alias')[0].value = url.hash ? decodeURIComponent(url.hash.slice(1)) : "";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].value = "v2ray";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.type')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.v2ray_protocol')[0].value = "vless";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.v2ray_protocol')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server')[0].value = url.hostname;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.server_port')[0].value = url.port || "80";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.vmess_id')[0].value = url.username;
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.transport')[0].value = params.get("type") == "http" ? "h2" : params.get("type") || "tcp";
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.transport')[0].dispatchEvent(event);
+			document.getElementsByName('cbid.shadowsocksr.' + sid + '.vless_encryption')[0].value = params.get("encryption") || "none";
+			if ([ "tls", "reality" ].includes(params.get("security"))) {
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.' + params.get("security"))[0].checked = true;
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.' + params.get("security"))[0].dispatchEvent(event);
+
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.fingerprint')[0].value = params.get("fp") || "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_flow')[0].value = params.get("flow") || "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_host')[0].value = params.get("sni") || "";
+
+				if (params.get("security") === "reality") {
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.reality_publickey')[0].value = params.get("pbk") ? decodeURIComponent(params.get("pbk")) : "";
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.reality_shortid')[0].value = params.get("sid") || "";
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.reality_spiderx')[0].value = params.get("spx") ? decodeURIComponent(params.get("spx")) : "";
+				}
+			}
+			switch (params.get("type")) {
+			case "ws":
+				if (params.get("security") !== "tls")
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.ws_host')[0].value = params.get("host") ? decodeURIComponent(params.get("host")) : "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.ws_path')[0].value = params.get("path") ? decodeURIComponent(params.get("path")) : "/";
+				break;
+			case "kcp":
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.kcp_guise')[0].value = params.get("headerType") || "none";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.seed')[0].value = params.get("seed") || "";
+				break;
+			case "http":
+			/* this is non-standard, bullshit */
+			case "h2":
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.h2_host')[0].value = params.get("host") ? decodeURIComponent(params.get("host")) : "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.h2_path')[0].value = params.get("path") ? decodeURIComponent(params.get("path")) : "";
+				break;
+			case "quic":
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_guise')[0].value = params.get("headerType") || "none";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_security')[0].value = params.get("quicSecurity") || "none";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.quic_key')[0].value = params.get("key") || "";
+				break;
+			case "grpc":
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.serviceName')[0].value = params.get("serviceName") || "";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.grpc_mode')[0].value = params.get("mode") || "gun";
+				break;
+			case "tcp":
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tcp_guise')[0].value = params.get("headerType") || "none";
+				document.getElementsByName('cbid.shadowsocksr.' + sid + '.tcp_guise')[0].dispatchEvent(event);
+				if (params.get("headerType") === "http") {
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.http_host')[0].value = params.get("host") ? decodeURIComponent(params.get("host")) : "";
+					document.getElementsByName('cbid.shadowsocksr.' + sid + '.http_path')[0].value = params.get("path") ? decodeURIComponent(params.get("path")) : "";
+				}
+				break;
+			}
+			s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
+			return false;
+		default:
+			s.innerHTML = "<font color='red'><%:Invalid format.%></font>";
+			return false;
+		}
+	}
+	//]]>
+</script>
+<input type="button" class="btn cbi-button cbi-button-apply" value="<%:Import%>" onclick="return import_ssr_url(this, '<%=self.option%>', '<%=self.value%>')" />
+<span id="<%=self.option%>-status"></span>
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/status.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/status.htm
@ -0,0 +1,22 @@
+<script type="text/javascript">//<![CDATA[
+XHR.poll(3, '<%=url([[admin]], [[services]], [[shadowsocksr]], [[run]])%>', null,
+	function(x, data) {
+		var tb = document.getElementById('shadowsocksr_status');
+		if (data && tb) {
+			if (data.running) {
+				var links = '<em><b style=color:green>ShadowsocksR Plus+ <%:RUNNING%></b></em>';
+				tb.innerHTML = links;
+			} else {
+				tb.innerHTML = '<em><b style=color:red>ShadowsocksR Plus+ <%:NOT RUNNING%></b></em>';
+			}
+		}
+	}
+);
+//]]>
+</script>
+<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
+<fieldset class="cbi-section">
+	<p id="shadowsocksr_status">
+		<em><%:Collecting data...%></em>
+	</p>
+</fieldset>
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/subscribe.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/subscribe.htm
@ -0,0 +1,18 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">//<![CDATA[
+	function subscribe(btn,dataname) {
+		btn.disabled = true;
+		btn.value    = '<%:Refresh...%> ';
+		murl=dataname;
+		XHR.get('<%=luci.dispatcher.build_url("admin", "services", "shadowsocksr","subscribe")%>', { set:murl }, function(x,rv) {
+			// 先简单刷新，后期如果重构会考虑下如何组织lua shell JavaScript之间的代码逻辑和各自的调用逻辑
+			window.location.reload()
+			// btn.disabled = false;
+			// btn.value    = '<%:Refresh Data %>';
+		});
+		return false;
+	}
+//]]></script>
+<input type="button" class="btn cbi-button cbi-button-apply" value="<%:Update All Subscribe Servers%> " onclick="return subscribe(this,'<%=self.option%>')" />
+<!-- <span id="<%=self.option%>-status"><em><%=self.value%></em></span> -->
+<%+cbi/valuefooter%>
--- a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
--- a/luci-app-ssr-plus/po/zh_Hans
+++ b/luci-app-ssr-plus/po/zh_Hans
@ -0,0 +1 @@
+zh-cn
--- a/luci-app-ssr-plus/root/etc/config/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/config/shadowsocksr
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
--- a/luci-app-ssr-plus/root/etc/ssrplus/ad.conf
+++ b/luci-app-ssr-plus/root/etc/ssrplus/ad.conf
--- a/luci-app-ssr-plus/root/etc/ssrplus/black.list
+++ b/luci-app-ssr-plus/root/etc/ssrplus/black.list
--- a/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt
+++ b/luci-app-ssr-plus/root/etc/ssrplus/china_ssr.txt
--- a/luci-app-ssr-plus/root/etc/ssrplus/deny.list
+++ b/luci-app-ssr-plus/root/etc/ssrplus/deny.list
@ -0,0 +1,14 @@
+gvod.aiseejapp.atianqi.com
+stat.pandora.xiaomi.com
+upgrade.mishop.pandora.xiaomi.com
+logonext.tv.kuyun.com
+config.kuyun.com
+mishop.pandora.xiaomi.com
+dvb.pandora.xiaomi.com
+api.ad.xiaomi.com
+de.pandora.xiaomi.com
+data.mistat.xiaomi.com
+jellyfish.pandora.xiaomi.com
+gallery.pandora.xiaomi.com
+o2o.api.xiaomi.com
+bss.pandora.xiaomi.com
--- a/luci-app-ssr-plus/root/etc/ssrplus/gfw_base.conf
+++ b/luci-app-ssr-plus/root/etc/ssrplus/gfw_base.conf
@ -0,0 +1,108 @@
+ipset=/91smartyun.pt/gfwlist
+ipset=/adobe.com/gfwlist
+ipset=/amazonaws.com/gfwlist
+ipset=/ampproject.org/gfwlist
+ipset=/apple.news/gfwlist
+ipset=/aws.amazon.com/gfwlist
+ipset=/azureedge.net/gfwlist
+ipset=/backpackers.com.tw/gfwlist
+ipset=/bitfinex.com/gfwlist
+ipset=/buzzfeed.com/gfwlist
+ipset=/clockwise.ee/gfwlist
+ipset=/cloudfront.net/gfwlist
+ipset=/coindesk.com/gfwlist
+ipset=/coinsquare.io/gfwlist
+ipset=/cryptocompare.com/gfwlist
+ipset=/dropboxstatic.com/gfwlist
+ipset=/eurecom.fr/gfwlist
+ipset=/gdax.com/gfwlist
+ipset=/github.com/gfwlist
+ipset=/kknews.cc/gfwlist
+ipset=/nutaq.com/gfwlist
+ipset=/openairinterface.org/gfwlist
+ipset=/skype.com/gfwlist
+ipset=/sublimetext.com/gfwlist
+ipset=/textnow.com/gfwlist
+ipset=/textnow.me/gfwlist
+ipset=/trouter.io/gfwlist
+ipset=/t66y.com/gfwlist
+ipset=/uploaded.net/gfwlist
+ipset=/whatsapp.com/gfwlist
+ipset=/whatsapp.net/gfwlist
+ipset=/wsj.net/gfwlist
+ipset=/google.com/gfwlist
+ipset=/google.com.hk/gfwlist
+ipset=/gstatic.com/gfwlist
+ipset=/googleusercontent.com/gfwlist
+ipset=/googlepages.com/gfwlist
+ipset=/googlevideo.com/gfwlist
+ipset=/googlecode.com/gfwlist
+ipset=/googleapis.com/gfwlist
+ipset=/googlesource.com/gfwlist
+ipset=/googledrive.com/gfwlist
+ipset=/ggpht.com/gfwlist
+ipset=/youtube.com/gfwlist
+ipset=/youtu.be/gfwlist
+ipset=/ytimg.com/gfwlist
+ipset=/twitter.com/gfwlist
+ipset=/facebook.com/gfwlist
+ipset=/fastly.net/gfwlist
+ipset=/akamai.net/gfwlist
+ipset=/akamaiedge.net/gfwlist
+ipset=/akamaihd.net/gfwlist
+ipset=/edgesuite.net/gfwlist
+ipset=/edgekey.net/gfwlist
+server=/91smartyun.pt/127.0.0.1#5335
+server=/adobe.com/127.0.0.1#5335
+server=/amazonaws.com/127.0.0.1#5335
+server=/ampproject.org/127.0.0.1#5335
+server=/apple.news/127.0.0.1#5335
+server=/aws.amazon.com/127.0.0.1#5335
+server=/azureedge.net/127.0.0.1#5335
+server=/backpackers.com.tw/127.0.0.1#5335
+server=/bitfinex.com/127.0.0.1#5335
+server=/buzzfeed.com/127.0.0.1#5335
+server=/clockwise.ee/127.0.0.1#5335
+server=/cloudfront.net/127.0.0.1#5335
+server=/coindesk.com/127.0.0.1#5335
+server=/coinsquare.io/127.0.0.1#5335
+server=/cryptocompare.com/127.0.0.1#5335
+server=/dropboxstatic.com/127.0.0.1#5335
+server=/eurecom.fr/127.0.0.1#5335
+server=/gdax.com/127.0.0.1#5335
+server=/github.com/127.0.0.1#5335
+server=/kknews.cc/127.0.0.1#5335
+server=/nutaq.com/127.0.0.1#5335
+server=/openairinterface.org/127.0.0.1#5335
+server=/skype.com/127.0.0.1#5335
+server=/sublimetext.com/127.0.0.1#5335
+server=/textnow.com/127.0.0.1#5335
+server=/textnow.me/127.0.0.1#5335
+server=/trouter.io/127.0.0.1#5335
+server=/t66y.com/127.0.0.1#5335
+server=/uploaded.net/127.0.0.1#5335
+server=/whatsapp.com/127.0.0.1#5335
+server=/whatsapp.net/127.0.0.1#5335
+server=/wsj.net/127.0.0.1#5335
+server=/google.com/127.0.0.1#5335
+server=/google.com.hk/127.0.0.1#5335
+server=/gstatic.com/127.0.0.1#5335
+server=/googleusercontent.com/127.0.0.1#5335
+server=/googlepages.com/127.0.0.1#5335
+server=/googlevideo.com/127.0.0.1#5335
+server=/googlecode.com/127.0.0.1#5335
+server=/googleapis.com/127.0.0.1#5335
+server=/googlesource.com/127.0.0.1#5335
+server=/googledrive.com/127.0.0.1#5335
+server=/ggpht.com/127.0.0.1#5335
+server=/youtube.com/127.0.0.1#5335
+server=/youtu.be/127.0.0.1#5335
+server=/ytimg.com/127.0.0.1#5335
+server=/twitter.com/127.0.0.1#5335
+server=/facebook.com/127.0.0.1#5335
+server=/fastly.net/127.0.0.1#5335
+server=/akamai.net/127.0.0.1#5335
+server=/akamaiedge.net/127.0.0.1#5335
+server=/akamaihd.net/127.0.0.1#5335
+server=/edgesuite.net/127.0.0.1#5335
+server=/edgekey.net/127.0.0.1#5335
--- a/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf
+++ b/luci-app-ssr-plus/root/etc/ssrplus/gfw_list.conf
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_cn.txt
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_cn.txt
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config-chinadns.yaml
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config-chinadns.yaml
@ -0,0 +1,154 @@
+# Author: sbwml
+# Origin from repository: https://github.com/sbwml/luci-app-mosdns
+# Reference: https://github.com/sbwml/luci-app-mosdns/blob/v5/luci-app-mosdns/root/usr/share/mosdns/default.yaml
+# Modify by: XiaoliChan
+log:
+    level: info
+plugins:
+    # Num0: Cache
+    - tag: lazy_cache
+      type: cache
+      args:
+        size: 20000
+        lazy_cache_ttl: 86400
+
+    # Num1: CN domain
+    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/direct-list.txt
+    # cat direct-list.txt | grep -v "regexp:\|full:" | sort -u | uniq -u > china-domain-2.lst
+    - tag: geosite_cn
+      type: domain_set
+      args:
+        files:
+          - "/etc/ssrplus/mosdns-chinadns/geosite_cn.txt"
+          - "/etc/ssrplus/white.list"
+
+    # Num2: CN IP
+    # https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
+    - tag: geoip_cn
+      type: ip_set
+      args:
+        files:
+          - "/etc/ssrplus/china_ssr.txt"
+
+    # Num3: Domain need proxy (gfwlist)
+    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/proxy-list.txt
+    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/gfw.txt
+    - tag: geosite_not_cn
+      type: domain_set
+      args:
+        files:
+          - "/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt"
+          - "/etc/ssrplus/black.list"
+
+    # Num4: Forward to google
+    - tag: forward_remote
+      type: forward
+      args:
+        concurrent: 2
+        upstreams:
+
+    # Num5: Forward to local
+    # ifstatus wan | jsonfilter -e '@["dns-server"]'
+    - tag: forward_local
+      type: forward
+      args:
+        concurrent: 2
+        upstreams:
+
+    # Num6
+    - tag: local_sequence
+      type: sequence
+      args:
+        - exec: $forward_local
+
+    # Num7
+    - tag: remote_sequence_with_IPv6
+      type: sequence
+      args:
+        - exec: prefer_ipv4
+        - exec: $forward_remote
+
+    # Num8
+    - tag: remote_sequence_disable_IPv6
+      type: sequence
+      args:
+        - exec: prefer_ipv4
+        - exec: $forward_remote
+        - matches: 
+          - qtype 28 65
+          exec: reject 0
+
+    # Num9
+    - tag: query_is_local_domain
+      type: sequence
+      args:
+        - matches: qname $geosite_cn
+          exec: $local_sequence
+    
+    # Num10
+    - tag: query_is_proxy_domain
+      type: sequence
+      args:
+        - matches: qname $geosite_not_cn
+        - exec: ipset blacklist,inet,24
+
+    # fallback 用本地服务器 sequence
+    # 返回非国内 ip 则 drop_resp
+    # Num11
+    - tag: query_is_local_ip
+      type: sequence
+      args:
+        - exec: $local_sequence
+        - matches: "!resp_ip $geoip_cn"
+          exec: drop_resp
+
+    # Num12
+    # fallback 用远程服务器 sequence
+    - tag: query_is_remote_ip
+      type: sequence
+      args:
+        - exec: $remote_sequence_disable_IPv6
+        - exec: ipset blacklist,inet,24
+
+    # fallback 用远程服务器 sequence
+    # query_is_local_ip to query_is_remote_ip
+    # Num13
+    - tag: fallback
+      type: fallback
+      args:
+        # DNS Leak solution
+        primary: query_is_local_ip
+        secondary: query_is_remote_ip
+        threshold: 600
+        always_standby: true
+
+    # 有响应终止返回
+    # Num14
+    - tag: has_resp_sequence
+      type: sequence
+      args:
+        - matches: has_resp
+          exec: accept
+
+    # Num15
+    - tag: main_sequence
+      type: sequence
+      args:
+        - exec: $lazy_cache
+        - exec: $query_is_local_domain
+        - exec: jump has_resp_sequence
+        - exec: $query_is_proxy_domain
+        - exec: jump has_resp_sequence
+        - exec: $fallback
+
+    # Num16
+    - tag: udp_server
+      type: udp_server
+      args:
+        entry: main_sequence
+
+    # Num17
+    - tag: tcp_server
+      type: tcp_server
+      args:
+        entry: main_sequence
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config.yaml
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config.yaml
@ -0,0 +1,41 @@
+log:
+    level: info
+plugins:
+    - tag: lazy_cache
+      type: cache
+      args:
+        size: 8000
+        lazy_cache_ttl: 86400
+
+    - tag: forward_google
+      type: forward
+      args:
+        concurrent: 2
+        upstreams:
+
+    - tag: main_sequence_disable_IPv6
+      type: sequence
+      args:
+        - exec: $lazy_cache
+        - exec: prefer_ipv4
+        - exec: $forward_google
+        - matches: 
+          - qtype 28 65
+          exec: reject 0
+
+    - tag: main_sequence_with_IPv6
+      type: sequence
+      args:
+        - exec: $lazy_cache
+        - exec: $forward_google
+
+    - tag: udp_server
+      type: udp_server
+      args:
+        entry: DNS_MODE
+      
+    - tag: tcp_server
+      type: tcp_server
+      args:
+        entry: DNS_MODE
+
--- a/luci-app-ssr-plus/root/etc/ssrplus/netflix.list
+++ b/luci-app-ssr-plus/root/etc/ssrplus/netflix.list
@ -0,0 +1,25 @@
+amazonaws.com
+aws.amazon.com
+awsstatic.com
+fast.com
+netflix.com
+netflix.net
+nflxext.com
+nflximg.net
+nflxso.net
+nflxvideo.net
+netflixdnstest0.com
+netflixdnstest1.com
+netflixdnstest2.com
+netflixdnstest3.com
+netflixdnstest4.com
+netflixdnstest5.com
+netflixdnstest6.com
+netflixdnstest7.com
+netflixdnstest8.com
+netflixdnstest9.com
+hulu.com
+huluim.com
+hbonow.com
+hbogo.com
+hbo.com
--- a/luci-app-ssr-plus/root/etc/ssrplus/netflixip.list
+++ b/luci-app-ssr-plus/root/etc/ssrplus/netflixip.list
@ -0,0 +1,30 @@
+8.41.4.0/24
+23.23.189.144/28
+23.246.0.0/18
+34.195.253.0/25
+34.210.42.111/32
+37.77.184.0/21
+38.72.126.0/24
+45.57.0.0/17
+52.24.178.0/24
+52.35.140.0/24
+52.89.124.203/32
+54.148.37.5/32
+54.204.25.0/28
+54.213.167.0/24
+64.120.128.0/17
+66.197.128.0/17
+69.53.224.0/19
+103.87.204.0/22
+108.175.32.0/20
+185.2.220.0/22
+185.9.188.0/22
+192.173.64.0/18
+198.38.96.0/19
+198.45.48.0/20
+203.75.84.0/24
+203.198.13.0/24
+203.198.80.0/24
+207.45.72.0/22
+208.75.76.0/22
+210.0.153.0/24
--- a/luci-app-ssr-plus/root/etc/ssrplus/oversea_list.conf
+++ b/luci-app-ssr-plus/root/etc/ssrplus/oversea_list.conf
@ -0,0 +1,192 @@
+server=/v.youku.com/127.0.0.1#5335
+server=/api.youku.com/127.0.0.1#5335
+server=/v2.tudou.com/127.0.0.1#5335
+server=/www.tudou.com/127.0.0.1#5335
+server=/s.plcloud.music.qq.com/127.0.0.1#5335
+server=/i.y.qq.com/127.0.0.1#5335
+server=/hot.vrs.sohu.com/127.0.0.1#5335
+server=/live.tv.sohu.com/127.0.0.1#5335
+server=/pad.tv.sohu.com/127.0.0.1#5335
+server=/my.tv.sohu.com/127.0.0.1#5335
+server=/hot.vrs.letv.com/127.0.0.1#5335
+server=/data.video.qiyi.com/127.0.0.1#5335
+server=/cache.video.qiyi.com/127.0.0.1#5335
+server=/cache.vip.qiyi.com/127.0.0.1#5335
+server=/vv.video.qq.com/127.0.0.1#5335
+server=/tt.video.qq.com/127.0.0.1#5335
+server=/ice.video.qq.com/127.0.0.1#5335
+server=/tjsa.video.qq.com/127.0.0.1#5335
+server=/a10.video.qq.com/127.0.0.1#5335
+server=/xyy.video.qq.com/127.0.0.1#5335
+server=/vcq.video.qq.com/127.0.0.1#5335
+server=/vsh.video.qq.com/127.0.0.1#5335
+server=/vbj.video.qq.com/127.0.0.1#5335
+server=/bobo.video.qq.com/127.0.0.1#5335
+server=/flvs.video.qq.com/127.0.0.1#5335
+server=/bkvv.video.qq.com/127.0.0.1#5335
+server=/info.zb.qq.com/127.0.0.1#5335
+server=/geo.js.kankan.xunlei.com/127.0.0.1#5335
+server=/web-play.pptv.com/127.0.0.1#5335
+server=/web-play.pplive.cn/127.0.0.1#5335
+server=/dyn.ugc.pps.tv/127.0.0.1#5335
+server=/v.pps.tv/127.0.0.1#5335
+server=/inner.kandian.com/127.0.0.1#5335
+server=/ipservice.163.com/127.0.0.1#5335
+server=/so.open.163.com/127.0.0.1#5335
+server=/zb.s.qq.com/127.0.0.1#5335
+server=/ip.kankan.xunlei.com/127.0.0.1#5335
+server=/vxml.56.com/127.0.0.1#5335
+server=/music.sina.com.cn/127.0.0.1#5335
+server=/play.baidu.com/127.0.0.1#5335
+server=/v.iask.com/127.0.0.1#5335
+server=/tv.weibo.com/127.0.0.1#5335
+server=/wtv.v.iask.com/127.0.0.1#5335
+server=/video.sina.com.cn/127.0.0.1#5335
+server=/www.yinyuetai.com/127.0.0.1#5335
+server=/api.letv.com/127.0.0.1#5335
+server=/live.gslb.letv.com/127.0.0.1#5335
+server=/static.itv.letv.com/127.0.0.1#5335
+server=/ip.apps.cntv.cn/127.0.0.1#5335
+server=/vdn.apps.cntv.cn/127.0.0.1#5335
+server=/vdn.live.cntv.cn/127.0.0.1#5335
+server=/vip.sports.cntv.cn/127.0.0.1#5335
+server=/a.play.api.3g.youku.com/127.0.0.1#5335
+server=/i.play.api.3g.youku.com/127.0.0.1#5335
+server=/api.3g.youku.com/127.0.0.1#5335
+server=/tv.api.3g.youku.com/127.0.0.1#5335
+server=/play.api.3g.youku.com/127.0.0.1#5335
+server=/play.api.3g.tudou.com/127.0.0.1#5335
+server=/tv.api.3g.tudou.com/127.0.0.1#5335
+server=/api.3g.tudou.com/127.0.0.1#5335
+server=/api.tv.sohu.com/127.0.0.1#5335
+server=/access.tv.sohu.com/127.0.0.1#5335
+server=/iface.iqiyi.com/127.0.0.1#5335
+server=/iface2.iqiyi.com/127.0.0.1#5335
+server=/cache.m.iqiyi.com/127.0.0.1#5335
+server=/dynamic.app.m.letv.com/127.0.0.1#5335
+server=/dynamic.meizi.app.m.letv.com/127.0.0.1#5335
+server=/dynamic.search.app.m.letv.com/127.0.0.1#5335
+server=/dynamic.live.app.m.letv.com/127.0.0.1#5335
+server=/listso.m.areainfo.ppstream.com/127.0.0.1#5335
+server=/epg.api.pptv.com/127.0.0.1#5335
+server=/play.api.pptv.com/127.0.0.1#5335
+server=/m.letv.com/127.0.0.1#5335
+server=/interface.bilibili.com/127.0.0.1#5335
+server=/3g.music.qq.com/127.0.0.1#5335
+server=/mqqplayer.3g.qq.com/127.0.0.1#5335
+server=/proxy.music.qq.com/127.0.0.1#5335
+server=/proxymc.qq.com/127.0.0.1#5335
+server=/ip2.kugou.com/127.0.0.1#5335
+server=/ip.kugou.com/127.0.0.1#5335
+server=/client.api.ttpod.com/127.0.0.1#5335
+server=/mobi.kuwo.cn/127.0.0.1#5335
+server=/mobilefeedback.kugou.com/127.0.0.1#5335
+server=/tingapi.ting.baidu.com/127.0.0.1#5335
+server=/music.baidu.com/127.0.0.1#5335
+server=/serviceinfo.sdk.duomi.com/127.0.0.1#5335
+server=/music.163.com/127.0.0.1#5335
+server=/www.xiami.com/127.0.0.1#5335
+server=/spark.api.xiami.com/127.0.0.1#5335
+server=/iplocation.geo.qiyi.com/127.0.0.1#5335
+server=/sns.video.qq.com/127.0.0.1#5335
+server=/v5.pc.duomi.com/127.0.0.1#5335
+server=/tms.is.ysten.com/127.0.0.1#5335
+server=/internal.check.duokanbox.com/127.0.0.1#5335
+server=/openapi.youku.com/127.0.0.1#5335
+server=/y.qq.com/127.0.0.1#5335
+ipset=/v.youku.com/oversea
+ipset=/api.youku.com/oversea
+ipset=/v2.tudou.com/oversea
+ipset=/www.tudou.com/oversea
+ipset=/s.plcloud.music.qq.com/oversea
+ipset=/i.y.qq.com/oversea
+ipset=/hot.vrs.sohu.com/oversea
+ipset=/live.tv.sohu.com/oversea
+ipset=/pad.tv.sohu.com/oversea
+ipset=/my.tv.sohu.com/oversea
+ipset=/hot.vrs.letv.com/oversea
+ipset=/data.video.qiyi.com/oversea
+ipset=/cache.video.qiyi.com/oversea
+ipset=/cache.vip.qiyi.com/oversea
+ipset=/vv.video.qq.com/oversea
+ipset=/tt.video.qq.com/oversea
+ipset=/ice.video.qq.com/oversea
+ipset=/tjsa.video.qq.com/oversea
+ipset=/a10.video.qq.com/oversea
+ipset=/xyy.video.qq.com/oversea
+ipset=/vcq.video.qq.com/oversea
+ipset=/vsh.video.qq.com/oversea
+ipset=/vbj.video.qq.com/oversea
+ipset=/bobo.video.qq.com/oversea
+ipset=/flvs.video.qq.com/oversea
+ipset=/bkvv.video.qq.com/oversea
+ipset=/info.zb.qq.com/oversea
+ipset=/geo.js.kankan.xunlei.com/oversea
+ipset=/web-play.pptv.com/oversea
+ipset=/web-play.pplive.cn/oversea
+ipset=/dyn.ugc.pps.tv/oversea
+ipset=/v.pps.tv/oversea
+ipset=/inner.kandian.com/oversea
+ipset=/ipservice.163.com/oversea
+ipset=/so.open.163.com/oversea
+ipset=/zb.s.qq.com/oversea
+ipset=/ip.kankan.xunlei.com/oversea
+ipset=/vxml.56.com/oversea
+ipset=/music.sina.com.cn/oversea
+ipset=/play.baidu.com/oversea
+ipset=/v.iask.com/oversea
+ipset=/tv.weibo.com/oversea
+ipset=/wtv.v.iask.com/oversea
+ipset=/video.sina.com.cn/oversea
+ipset=/www.yinyuetai.com/oversea
+ipset=/api.letv.com/oversea
+ipset=/live.gslb.letv.com/oversea
+ipset=/static.itv.letv.com/oversea
+ipset=/ip.apps.cntv.cn/oversea
+ipset=/vdn.apps.cntv.cn/oversea
+ipset=/vdn.live.cntv.cn/oversea
+ipset=/vip.sports.cntv.cn/oversea
+ipset=/a.play.api.3g.youku.com/oversea
+ipset=/i.play.api.3g.youku.com/oversea
+ipset=/api.3g.youku.com/oversea
+ipset=/tv.api.3g.youku.com/oversea
+ipset=/play.api.3g.youku.com/oversea
+ipset=/play.api.3g.tudou.com/oversea
+ipset=/tv.api.3g.tudou.com/oversea
+ipset=/api.3g.tudou.com/oversea
+ipset=/api.tv.sohu.com/oversea
+ipset=/access.tv.sohu.com/oversea
+ipset=/iface.iqiyi.com/oversea
+ipset=/iface2.iqiyi.com/oversea
+ipset=/cache.m.iqiyi.com/oversea
+ipset=/dynamic.app.m.letv.com/oversea
+ipset=/dynamic.meizi.app.m.letv.com/oversea
+ipset=/dynamic.search.app.m.letv.com/oversea
+ipset=/dynamic.live.app.m.letv.com/oversea
+ipset=/listso.m.areainfo.ppstream.com/oversea
+ipset=/epg.api.pptv.com/oversea
+ipset=/play.api.pptv.com/oversea
+ipset=/m.letv.com/oversea
+ipset=/interface.bilibili.com/oversea
+ipset=/3g.music.qq.com/oversea
+ipset=/mqqplayer.3g.qq.com/oversea
+ipset=/proxy.music.qq.com/oversea
+ipset=/proxymc.qq.com/oversea
+ipset=/ip2.kugou.com/oversea
+ipset=/ip.kugou.com/oversea
+ipset=/client.api.ttpod.com/oversea
+ipset=/mobi.kuwo.cn/oversea
+ipset=/mobilefeedback.kugou.com/oversea
+ipset=/tingapi.ting.baidu.com/oversea
+ipset=/music.baidu.com/oversea
+ipset=/serviceinfo.sdk.duomi.com/oversea
+ipset=/music.163.com/oversea
+ipset=/www.xiami.com/oversea
+ipset=/spark.api.xiami.com/oversea
+ipset=/iplocation.geo.qiyi.com/oversea
+ipset=/sns.video.qq.com/oversea
+ipset=/v5.pc.duomi.com/oversea
+ipset=/tms.is.ysten.com/oversea
+ipset=/internal.check.duokanbox.com/oversea
+ipset=/openapi.youku.com/oversea
+ipset=/y.qq.com/oversea
--- a/luci-app-ssr-plus/root/etc/ssrplus/white.list
+++ b/luci-app-ssr-plus/root/etc/ssrplus/white.list
@ -0,0 +1,7 @@
+bilibili.com
+bilibili.cn
+bilivideo.com
+bilivideo.cn
+biliapi.com
+biliapi.net
+apple.com
--- a/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
+++ b/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
@ -0,0 +1,45 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@shadowsocksr[-1]
+	add ucitrack shadowsocksr
+	set ucitrack.@shadowsocksr[-1].init=shadowsocksr
+	commit ucitrack
+
+	delete firewall.shadowsocksr
+	set firewall.shadowsocksr=include
+	set firewall.shadowsocksr.type=script
+	set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include
+	set firewall.shadowsocksr.reload=1
+	commit firewall
+EOF
+
+rm -rf /etc/config/shadowsocksr-opkg /etc/ssrplus/*opkg
+touch /etc/ssrplus/china_ssr.txt
+touch /etc/ssrplus/deny.list
+touch /etc/ssrplus/white.list
+touch /etc/ssrplus/black.list
+touch /etc/ssrplus/netflix.list
+touch /etc/ssrplus/netflixip.list
+touch /etc/ssrplus/gfw_base.conf
+touch /etc/ssrplus/gfw_list.conf
+touch /etc/ssrplus/oversea_list.conf
+touch /etc/ssrplus/ad.conf
+touch /etc/config/shadowsocksr
+[ -s "/etc/config/shadowsocksr" ] || /etc/init.d/shadowsocksr reset
+
+sed -i "s/option type 'vmess'/option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr
+sed -i "s/option type 'vless'/option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr
+sed -i "s/option encrypt_method_v2ray_ss/option encrypt_method_ss/g" /etc/config/shadowsocksr
+sed -i "s/option xtls/option tls/g" /etc/config/shadowsocksr
+sed -i "/option vless_flow/d" /etc/config/shadowsocksr
+sed -i "/option fingerprint 'disable'/d" /etc/config/shadowsocksr
+
+if [ -s "/etc/uwsgi/vassals/luci-webui.ini" ];then
+	limit=$(cat /etc/uwsgi/vassals/luci-webui.ini  | grep -Eo "limit-as.*"|grep -Eo "[0-9]+")
+	[ $limit -lt 5000 ] && sed -i '/limit-as/c\limit-as = 5000' /etc/uwsgi/vassals/luci-webui.ini && \
+	/etc/init.d/uwsgi restart
+fi
+
+rm -rf /tmp/luci-modulecache /tmp/luci-indexcache
+exit 0
--- a/luci-app-ssr-plus/root/usr/bin/ssr-monitor
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-monitor
@ -0,0 +1,134 @@
+#!/bin/sh
+#
+# Copyright (C) 2017 openwrt-ssr
+# Copyright (C) 2017 yushi studio <ywb94@qq.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+. $IPKG_INSTROOT/etc/init.d/shadowsocksr
+LOCK_FILE="/var/lock/ssr-monitor.lock"
+[ -f "$LOCK_FILE" ] && exit 2
+touch "$LOCK_FILE"
+server_process_count=$1
+redir_tcp_process=$2
+redir_udp_process=$3
+kcp_process=$4
+local_process=$5
+pdnsd_process=$6
+if [ -z "$pdnsd_process" ]; then
+	pdnsd_process=0
+fi
+i=0
+GLOBAL_SERVER=$(uci_get_by_type global global_server)
+server=$(uci_get_by_name $GLOBAL_SERVER server)
+kcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port)
+server_port=$(uci_get_by_name $GLOBAL_SERVER server_port)
+password=$(uci_get_by_name $GLOBAL_SERVER kcp_password)
+kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param)
+[ "$password" != "" ] && password="--key "${password}
+
+while [ "1" == "1" ]; do #死循环
+	sleep 000030s
+	#redir tcp
+	if [ "$redir_tcp_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-retcp | grep -v grep | wc -l)
+		if [ "$icount" == 0 ]; then
+			logger -t "$NAME" "ssrplus redir tcp error.restart!"
+			echolog "ssrplus redir tcp error.restart!"
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#redir udp
+	if [ "$redir_udp_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-reudp | grep -v grep | wc -l)
+		if [ "$icount" == 0 ]; then
+			logger -t "$NAME" "ssrplus redir udp error.restart!"
+			echolog "ssrplus redir udp error.restart!"
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#server
+	if [ "$server_process_count" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-server | grep -v grep | wc -l)
+		if [ "$icount" -lt "$server_process_count" ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "ssrplus server error.restart!"
+			echolog "ssrplus server error.restart!"
+			kill -9 $(busybox ps -w | grep ssr-server | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#kcptun
+	if [ "$kcp_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep kcptun-client | grep -v grep | wc -l)
+		if [ "$icount" -lt "$kcp_process" ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "ssrplus kcptun error.restart!"
+			echolog "ssrplus kcptun error.restart!"
+			killall -q -9 kcptun-client
+			(/usr/bin/kcptun-client -r $server:$kcp_port -l :$server_port $password $kcp_param &)
+		fi
+	fi
+	#localsocks
+	if [ "$local_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-local | grep -v grep | wc -l)
+		if [ "$icount" -lt "$local_process" ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "global socks server error.restart!"
+			echolog "global socks server error.restart!"
+			kill -9 $(busybox ps -w | grep ssr-local | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#dns2tcp
+	if [ "$pdnsd_process" -eq 1 ]; then
+		icount=$(busybox ps -w | grep $TMP_BIN_PATH/dns2tcp | grep -v grep | wc -l)
+		if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "dns2tcp tunnel error.restart!"
+			echolog "dns2tcp tunnel error.restart!"
+			dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53)
+			kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/dns2tcp | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type dns2tcp) dns2tcp -L "127.0.0.1#$dns_port" -R "${dnsserver/:/#}"
+		fi
+	#dns2socks
+	elif [ "$pdnsd_process" -eq 2 ]; then
+		icount=$(busybox ps -w | grep -e ssrplus-dns -e "dns2socks 127.0.0.1 $tmp_dns_port" | grep -v grep | wc -l)
+		if [ "$icount" -lt 2 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "dns2socks $dnsserver tunnel error.restart!"
+			echolog "dns2socks $dnsserver tunnel error.restart!"
+			dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53)
+			kill -9 $(busybox ps -w | grep ssrplus-dns | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			kill -9 $(busybox ps -w | grep "dns2socks 127.0.0.1 $tmp_dns_port" | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_dns_port ssrplus-dns
+			ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_dns_port $dnsserver 127.0.0.1:$dns_port -q
+		fi
+	#mosdns
+	elif [ "$pdnsd_process" -eq 3 ]; then
+		icount=$(busybox ps -w | grep $TMP_BIN_PATH/mosdns | grep -v grep | wc -l)
+		if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "mosdns tunnel error.restart!"
+			echolog "mosdns tunnel error.restart!"
+			dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53)
+			kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/mosdns | grep -v grep | grep $mosdns_config_file | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type mosdns) mosdns start -c $mosdns_config_file
+		fi
+	fi
+	#chinadns-ng
+	if [ "$(uci -q get "dhcp.@dnsmasq[0]._unused_ssrp_changed")" = "1" ]; then
+		icount=$(busybox ps -w | grep $TMP_BIN_PATH/chinadns-ng | grep -v grep | wc -l)
+		if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "chinadns-ng tunnel error.restart!"
+			echolog "chinadns-ng tunnel error.restart!"
+			chinadns=$(uci_get_by_type global chinadns_forward)
+			wandns="$(ifstatus wan | jsonfilter -e '@["dns-server"][0]' || echo "119.29.29.29")"
+			case "$chinadns" in
+			"wan") chinadns="$wandns" ;;
+			""|"wan_114") chinadns="$wandns,114.114.114.114" ;;
+			esac
+			kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/chinadns-ng | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type chinadns-ng) chinadns-ng -l $china_dns_port -4 china -p 3 -c ${chinadns/:/#} -t 127.0.0.1#$dns_port -N -f -r
+		fi
+	fi
+done
--- a/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-rules
@ -0,0 +1,424 @@
+#!/bin/sh
+#
+# Copyright (C) 2017 openwrt-ssr
+# Copyright (C) 2017 yushi studio <ywb94@qq.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+TAG="_SS_SPEC_RULE_"                                  # comment tag
+IPT="iptables -t nat"                                 # alias of iptables
+FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null) # firewall include file
+usage() {
+	cat <<-EOF
+		Usage: ssr-rules [options]
+
+		Valid options are:
+
+		    -s <server_ip>          ip address of shadowsocksr remote server
+		    -l <local_port>         port number of shadowsocksr local server
+		    -S <server_ip>          ip address of shadowsocksr remote UDP server
+		    -L <local_port>         port number of shadowsocksr local UDP server
+		    -i <ip_list_file>       a file content is bypassed ip list
+		    -a <lan_ips>            lan ip of access control, need a prefix to
+		                            define access control mode
+		    -b <wan_ips>            wan ip of will be bypassed
+		    -w <wan_ips>            wan ip of will be forwarded
+		    -B <bp_lan_ips>         lan ip of will be bypassed proxy
+		    -p <fp_lan_ips>         lan ip of will be global proxy
+		    -G <gm_lan_ips>         lan ip of will be game mode proxy
+		    -D <proxy_ports>        proxy ports
+		    -F                      shunt mode
+		    -N                      shunt server IP
+		    -M                      shunt proxy mode
+		    -m <Interface>          Interface name
+		    -I <ip_list_file>       a file content is bypassed shunt ip list
+		    -e <extra_options>      extra options for iptables
+		    -o                      apply the rules to the OUTPUT chain
+		    -O                      apply the global rules to the OUTPUT chain
+		    -u                      enable udprelay mode, TPROXY is required
+		    -U                      enable udprelay mode, using different IP
+		                            and ports for TCP and UDP
+		    -f                      flush the rules
+		    -g                      gfwlist mode
+		    -r                      router mode
+		    -c                      oversea mode
+		    -z                      all mode
+		    -h                      show this help message and exit
+	EOF
+	exit $1
+}
+
+loger() {
+	# 1.alert 2.crit 3.err 4.warn 5.notice 6.info 7.debug
+	logger -st ssr-rules[$$] -p$1 $2
+}
+
+flush_r() {
+	flush_iptables() {
+		local ipt="iptables -t $1"
+		local DAT=$(iptables-save -t $1)
+		eval $(echo "$DAT" | grep "$TAG" | sed -e 's/^-A/$ipt -D/' -e 's/$/;/')
+		for chain in $(echo "$DAT" | awk '/^:SS_SPEC/{print $1}'); do
+			$ipt -F ${chain:1} 2>/dev/null && $ipt -X ${chain:1}
+		done
+	}
+	flush_iptables nat
+	flush_iptables mangle
+	ip rule del fwmark 0x01/0x01 table 100 2>/dev/null
+	ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
+	ipset -X ss_spec_lan_ac 2>/dev/null
+	ipset -X ss_spec_wan_ac 2>/dev/null
+	ipset -X ssr_gen_router 2>/dev/null
+	ipset -X fplan 2>/dev/null
+	ipset -X bplan 2>/dev/null
+	ipset -X gmlan 2>/dev/null
+	ipset -X oversea 2>/dev/null
+	ipset -X whitelist 2>/dev/null
+	ipset -X blacklist 2>/dev/null
+	ipset -X netflix 2>/dev/null
+	[ -n "$FWI" ] && echo '#!/bin/sh' >$FWI
+	return 0
+}
+
+ipset_r() {
+	[ -f "$IGNORE_LIST" ] && /usr/share/shadowsocksr/chinaipset.sh $IGNORE_LIST
+	$IPT -N SS_SPEC_WAN_AC
+	$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
+	ipset -N gmlan hash:net 2>/dev/null
+	for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done
+	case "$RUNMODE" in
+	router)
+		ipset -! -R <<-EOF || return 1
+			create ss_spec_wan_ac hash:net
+			$(gen_spec_iplist | sed -e "s/^/add ss_spec_wan_ac /")
+		EOF
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
+		;;
+	gfw)
+		ipset -N gfwlist hash:net 2>/dev/null
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+		;;
+	oversea)
+		ipset -N oversea hash:net 2>/dev/null
+		$IPT -I SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW
+		;;
+	all)
+		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
+		;;
+	esac
+	ipset -N fplan hash:net 2>/dev/null
+	for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
+	ipset -N bplan hash:net 2>/dev/null
+	for ip in $LAN_BP_IP; do ipset -! add bplan $ip; done
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set bplan src -j RETURN
+	ipset -N whitelist hash:net 2>/dev/null
+	ipset -N blacklist hash:net 2>/dev/null
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set whitelist dst -j RETURN
+	if [ $(ipset list music -name -quiet | grep music) ]; then
+		$IPT -I SS_SPEC_WAN_AC -m set --match-set music dst -j RETURN 2>/dev/null
+	fi
+	for ip in $WAN_BP_IP; do ipset -! add whitelist $ip; done
+	for ip in $WAN_FW_IP; do ipset -! add blacklist $ip; done
+	if [ "$SHUNT_PORT" != "0" ]; then
+		ipset -N netflix hash:net 2>/dev/null
+		for ip in $(cat ${SHUNT_LIST:=/dev/null} 2>/dev/null); do ipset -! add netflix $ip; done
+		case "$SHUNT_PORT" in
+		0) ;;
+		1)
+			$IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $local_port
+			;;
+		*)
+			$IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $SHUNT_PORT
+			if [ "$SHUNT_PROXY" == "1" ]; then
+				$IPT -I SS_SPEC_WAN_AC -p tcp -d $SHUNT_IP -j REDIRECT --to-ports $local_port
+			else
+				ipset -! add whitelist $SHUNT_IP
+			fi
+			;;
+		esac
+	fi
+	return $?
+}
+
+fw_rule() {
+	$IPT -N SS_SPEC_WAN_FW
+	$IPT -A SS_SPEC_WAN_FW -d 0.0.0.0/8 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 169.254.0.0/16 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -p tcp $PROXY_PORTS -j REDIRECT --to-ports $local_port 2>/dev/null || {
+		loger 3 "Can't redirect, please check the iptables."
+		exit 1
+	}
+	return $?
+}
+
+ac_rule() {
+	if [ -n "$LAN_AC_IP" ]; then
+		case "${LAN_AC_IP:0:1}" in
+		w | W)
+			MATCH_SET="-m set --match-set ss_spec_lan_ac src"
+			;;
+		b | B)
+			MATCH_SET="-m set ! --match-set ss_spec_lan_ac src"
+			;;
+		*)
+			loger 3 "Bad argument \`-a $LAN_AC_IP\`."
+			return 2
+			;;
+		esac
+	fi
+	ipset -! -R <<-EOF || return 1
+		create ss_spec_lan_ac hash:net
+		$(for ip in ${LAN_AC_IP:1}; do echo "add ss_spec_lan_ac $ip"; done)
+	EOF
+	if [ -z "$Interface" ]; then
+		$IPT -I PREROUTING 1 -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+	else
+		for name in $Interface; do
+			local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+			[ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null)
+			[ -n "$IFNAME" ] && $IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+		done
+	fi
+
+	case "$OUTPUT" in
+	1)
+		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+		;;
+	2)
+		ipset -! -R <<-EOF || return 1
+			create ssr_gen_router hash:net
+			$(gen_spec_iplist | sed -e "s/^/add ssr_gen_router /")
+		EOF
+		$IPT -N SS_SPEC_ROUTER && \
+		$IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN && \
+		$IPT -A SS_SPEC_ROUTER -j SS_SPEC_WAN_FW
+		$IPT -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_ROUTER
+		;;
+	esac
+	return $?
+}
+
+tp_rule() {
+	[ -n "$TPROXY" ] || return 0
+	ip rule add fwmark 0x01/0x01 table 100
+	ip route add local 0.0.0.0/0 dev lo table 100
+	local ipt="iptables -t mangle"
+	$ipt -N SS_SPEC_TPROXY
+	$ipt -A SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 0.0.0.0/8 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 10.0.0.0/8 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 127.0.0.0/8 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 169.254.0.0/16 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 172.16.0.0/12 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 192.168.0.0/16 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp ! --dport 53 -d $SERVER -j RETURN
+	[ "$server" != "$SERVER" ] && ipset -! add whitelist $SERVER
+	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+	case "$RUNMODE" in
+	router)
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set ss_spec_wan_ac dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	gfw)
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set gfwlist dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	oversea)
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set oversea src -m dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	all)
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	esac
+	if [ -z "$Interface" ]; then
+		$ipt -I PREROUTING 1 -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
+	else
+		for name in $Interface; do
+			local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+			[ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null)
+			[ -n "$IFNAME" ] && $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
+		done
+	fi
+	return $?
+}
+
+get_wan_ip() {
+	cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}"
+		$server
+		$SERVER
+		$WAN_BP_IP
+	EOF
+}
+
+gen_spec_iplist() {
+	cat <<-EOF
+		0.0.0.0/8
+		10.0.0.0/8
+		100.64.0.0/10
+		127.0.0.0/8
+		169.254.0.0/16
+		172.16.0.0/12
+		192.0.0.0/24
+		192.0.2.0/24
+		192.88.99.0/24
+		192.168.0.0/16
+		198.18.0.0/15
+		198.51.100.0/24
+		203.0.113.0/24
+		224.0.0.0/4
+		240.0.0.0/4
+		255.255.255.255
+		$(get_wan_ip)
+	EOF
+}
+
+gen_include() {
+	[ -n "$FWI" ] || return 0
+	extract_rules() {
+		echo "*$1"
+		iptables-save -t $1 | grep SS_SPEC_ | sed -e "s/^-A \(OUTPUT\|PREROUTING\)/-I \1 1/"
+		echo 'COMMIT'
+	}
+	cat <<-EOF >>$FWI
+		iptables-save -c | grep -v "SS_SPEC" | iptables-restore -c
+		iptables-restore -n <<-EOT
+		$(extract_rules nat)
+		$(extract_rules mangle)
+		EOT
+	EOF
+	return 0
+}
+
+while getopts ":m:s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:I:oOuUfgrczh" arg; do
+	case "$arg" in
+	m)
+		Interface=$OPTARG
+		;;
+	s)
+		server=$OPTARG
+		;;
+	l)
+		local_port=$OPTARG
+		;;
+	S)
+		SERVER=$OPTARG
+		;;
+	L)
+		LOCAL_PORT=$OPTARG
+		;;
+	i)
+		IGNORE_LIST=$OPTARG
+		;;
+	e)
+		EXT_ARGS=$OPTARG
+		;;
+	a)
+		LAN_AC_IP=$OPTARG
+		;;
+	B)
+		LAN_BP_IP=$OPTARG
+		;;
+	b)
+		WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done)
+		;;
+	w)
+		WAN_FW_IP=$OPTARG
+		;;
+	p)
+		LAN_FP_IP=$OPTARG
+		;;
+	G)
+		LAN_GM_IP=$OPTARG
+		;;
+	D)
+		PROXY_PORTS=$OPTARG
+		;;
+	F)
+		SHUNT_PORT=$OPTARG
+		;;
+	N)
+		SHUNT_IP=$OPTARG
+		;;
+	M)
+		SHUNT_PROXY=$OPTARG
+		;;
+	I)
+		SHUNT_LIST=$OPTARG
+		;;
+	o)
+		OUTPUT=1
+		;;
+	O)
+		OUTPUT=2
+		;;
+	u)
+		TPROXY=1
+		;;
+	U)
+		TPROXY=2
+		;;
+	g)
+		RUNMODE=gfw
+		;;
+	r)
+		RUNMODE=router
+		;;
+	c)
+		RUNMODE=oversea
+		;;
+	z)
+		RUNMODE=all
+		;;
+	f)
+		flush_r
+		exit 0
+		;;
+	h) usage 0 ;;
+	esac
+done
+
+if [ -z "$server" -o -z "$local_port" ]; then
+	usage 2
+fi
+
+case "$TPROXY" in
+1)
+	SERVER=$server
+	LOCAL_PORT=$local_port
+	;;
+2)
+	: ${SERVER:?"You must assign an ip for the udp relay server."}
+	: ${LOCAL_PORT:?"You must assign a port for the udp relay server."}
+	;;
+esac
+
+flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include
+RET=$?
+[ "$RET" = 0 ] || loger 3 "Start failed!"
+exit $RET
--- a/luci-app-ssr-plus/root/usr/bin/ssr-switch
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-switch
@ -0,0 +1,155 @@
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2017 openwrt-ssr
+# Copyright (C) 2017 yushi studio <ywb94@qq.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+. $IPKG_INSTROOT/etc/init.d/shadowsocksr
+LOCK_FILE="/var/lock/ssr-switch.lock"
+[ -f "$LOCK_FILE" ] && exit 2
+touch "$LOCK_FILE"
+LOG_FILE=/var/log/ssrplus.log
+
+cycle_time=60
+switch_time=3
+normal_flag=0
+server_locate=0
+server_count=0
+ENABLE_SERVER=nil
+[ -n "$1" ] && cycle_time=$1
+[ -n "$2" ] && switch_time=$2
+DEFAULT_SERVER=$(uci_get_by_type global global_server)
+CURRENT_SERVER=$DEFAULT_SERVER
+
+#判断代理是否正常
+check_proxy() {
+	local result=0
+	local try_count=$(uci_get_by_type global switch_try_count 3)
+	for i in $(seq 1 $try_count); do
+		/usr/bin/ssr-check www.google.com 80 $switch_time 1
+		if [ "$?" == "0" ]; then
+			# echolog "Check Google Proxy Success, count=$i"
+			result=0
+			break
+		else
+			# echolog "Check Google Proxy Fail, count=$i"
+			/usr/bin/ssr-check www.baidu.com 80 $switch_time 1
+			if [ "$?" == "0" ]; then
+				result=1
+			else
+				result=2
+			fi
+		fi
+		sleep 1
+	done
+	return $result
+}
+
+test_proxy() {
+	local servername=$(uci_get_by_name $1 server)
+	local serverport=$(uci_get_by_name $1 server_port)
+	ipset add whitelist $servername 2>/dev/null
+	tcping -q -c 3 -i 1 -t 2 -p $serverport $servername
+	if [ "$?" -gt "0" ]; then
+		ipset del whitelist $servername 2>/dev/null
+		return 1
+	fi
+	/usr/bin/ssr-check $servername $serverport $switch_time
+	local ret=$?
+	ipset del whitelist $servername 2>/dev/null
+	if [ "$ret" == "0" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+search_proxy() {
+	let server_count=server_count+1
+	[ "$normal_flag" == "1" -a "$server_count" -le "$server_locate" ] && return 0
+	[ "$(uci_get_by_name $1 switch_enable 0)" != "1" ] && return 1
+	[ $ENABLE_SERVER != nil ] && return 0
+	[ "$1" == "$CURRENT_SERVER" ] && return 0
+	local servername=$(uci_get_by_name $1 server)
+	local serverport=$(uci_get_by_name $1 server_port)
+	ipset add whitelist $servername 2>/dev/null
+	/usr/bin/ssr-check $servername $serverport $switch_time
+	local ret=$?
+	ipset del whitelist $servername 2>/dev/null
+	if [ "$ret" == "0" ]; then
+		server_locate=$server_count
+		ENABLE_SERVER=$1
+		return 0
+	else
+		return 1
+	fi
+}
+
+#选择可用的代理
+select_proxy() {
+	config_load $NAME
+	ENABLE_SERVER=nil
+	mkdir -p /var/run /var/etc
+	server_count=0
+	config_foreach search_proxy servers
+}
+
+#切换代理
+switch_proxy() {
+	/etc/init.d/shadowsocksr restart $1
+	return 0
+}
+
+start() {
+	#不支持kcptun启用时的切换
+	[ $(uci_get_by_name $DEFAULT_SERVER kcp_enable) = "1" ] && return 1
+	while [ "1" == "1" ]; do #死循环
+		sleep 0000$cycle_time
+		LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
+		#判断当前代理是否为缺省服务器
+		if [ "$CURRENT_SERVER" != "$DEFAULT_SERVER" ]; then
+			#echo "not default proxy"
+			echolog "Current server is not default Main server, try to switch back."
+			#检查缺省服务器是否正常
+			if test_proxy $DEFAULT_SERVER; then
+				#echo "switch to default proxy"
+				echolog "Main server is avilable."
+				#缺省服务器正常，切换回来
+				CURRENT_SERVER=$DEFAULT_SERVER
+				switch_proxy $CURRENT_SERVER
+				echolog "switch to default "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!"
+			else
+				echolog "Main server is NOT avilable.Continue using current server."
+			fi
+		fi
+		#判断当前代理是否正常
+		#echolog "Start checking if the current server is available."
+		check_proxy
+		current_ret=$?
+		if [ "$current_ret" == "1" ]; then
+			#当前代理错误，判断有无可用的服务器
+			#echo "current error"
+			echolog "Current server error, try to switch another server."
+			select_proxy
+			if [ "$ENABLE_SERVER" != nil ]; then
+				#有其他服务器可用，进行切换
+				#echo $(uci_get_by_name $new_proxy server)
+				echolog "Another server is avilable, now switching server."
+				CURRENT_SERVER=$ENABLE_SERVER
+				switch_proxy $CURRENT_SERVER
+				normal_flag=1
+				echolog "Switch to "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!"
+			else
+				switch_proxy $CURRENT_SERVER
+				normal_flag=1
+				echolog "Try restart current server."
+			fi
+		else
+			normal_flag=0
+			# echolog "ShadowsocksR No Problem."
+		fi
+	done
+}
--- a/luci-app-ssr-plus/root/usr/share/rpcd/acl.d/luci-app-ssr-plus.json
+++ b/luci-app-ssr-plus/root/usr/share/rpcd/acl.d/luci-app-ssr-plus.json
@ -0,0 +1,11 @@
+{
+	"luci-app-ssr-plus": {
+		"description": "Grant UCI access for luci-app-ssr-plus",
+		"read": {
+			"uci": ["shadowsocksr"]
+		},
+		"write": {
+			"uci": ["shadowsocksr"]
+		}
+	}
+}
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh
@ -0,0 +1,7 @@
+#!/bin/sh
+[ -f "$1" ] && china_ip=$1
+ipset -! flush china 2>/dev/null
+ipset -! -R <<-EOF || exit 1
+	create china hash:net
+	$(cat ${china_ip:=/etc/ssrplus/china_ssr.txt} | sed -e "s/^/add china /")
+EOF
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@ -0,0 +1,504 @@
+#!/usr/bin/lua
+
+local ucursor = require "luci.model.uci".cursor()
+local json = require "luci.jsonc"
+
+local server_section = arg[1]
+local proto = arg[2]
+local local_port = arg[3] or "0"
+local socks_port = arg[4] or "0"
+
+local chain = arg[5] or "0"
+local chain_local_port = string.split(chain, "/")[2] or "0"
+
+local server = ucursor:get_all("shadowsocksr", server_section)
+local outbound_settings = nil
+
+function vmess_vless()
+	outbound_settings = {
+		vnext = {
+			{
+				address = server.server,
+				port = tonumber(server.server_port),
+				users = {
+					{
+						id = server.vmess_id,
+						security = (server.v2ray_protocol == "vmess" or not server.v2ray_protocol) and server.security or nil,
+						encryption = (server.v2ray_protocol == "vless") and server.vless_encryption or nil,
+						flow = ((server.tls == '1') or (server.reality == '1')) and server.tls_flow or nil
+					}
+				}
+			}
+		}
+	}
+end
+function trojan_shadowsocks()
+	outbound_settings = {
+		servers = {
+			{
+				address = server.server,
+				port = tonumber(server.server_port),
+				password = server.password,
+				method = ((server.v2ray_protocol == "shadowsocks") and server.encrypt_method_ss) or nil,
+				uot = (server.v2ray_protocol == "shadowsocks") and (server.uot == '1') or nil,
+				ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil,
+			}
+		}
+	}
+end
+function socks_http()
+	outbound_settings = {
+		version = server.socks_ver or nil,
+		servers = {
+			{
+				address = server.server,
+				port = tonumber(server.server_port),
+				users = (server.auth_enable == "1") and {
+					{
+						user = server.username,
+						pass = server.password
+					}
+				} or nil
+			}
+		}
+	}
+end
+function wireguard()
+	outbound_settings = {
+		secretKey = server.private_key,
+		address = server.local_addresses,
+		peers = {
+			{
+				publicKey = server.peer_pubkey,
+				preSharedKey = server.preshared_key,
+				endpoint = server.server .. ":" .. server.server_port
+			}
+		},
+		mtu = tonumber(server.mtu)
+	}
+end
+local outbound = {}
+function outbound:new(o)
+	o = o or {}
+	setmetatable(o, self)
+	self.__index = self
+	return o
+end
+function outbound:handleIndex(index)
+	local switch = {
+		vmess = function()
+			vmess_vless()
+		end,
+		vless = function()
+			vmess_vless()
+		end,
+		trojan = function()
+			trojan_shadowsocks()
+		end,
+		shadowsocks = function()
+			trojan_shadowsocks()
+		end,
+		socks = function()
+			socks_http()
+		end,
+		http = function()
+			socks_http()
+		end,
+		wireguard = function()
+			wireguard()
+		end
+	}
+	if switch[index] then
+		switch[index]()
+	end
+end
+local settings = outbound:new()
+settings:handleIndex(server.v2ray_protocol)
+local Xray = {
+	log = {
+		-- error = "/var/ssrplus.log",
+		loglevel = "warning"
+	},
+	-- 传入连接
+	inbound = (local_port ~= "0") and {
+		-- listening
+		port = tonumber(local_port),
+		protocol = "dokodemo-door",
+		settings = {network = proto, followRedirect = true},
+		sniffing = {enabled = true, destOverride = {"http", "tls"}}
+	} or nil,
+	-- 开启 socks 代理
+	inboundDetour = (proto:find("tcp") and socks_port ~= "0") and {
+		{
+			-- socks
+			protocol = "socks",
+			port = tonumber(socks_port),
+			settings = {auth = "noauth", udp = true}
+		}
+	} or nil,
+	-- 传出连接
+	outbound = {
+		protocol = server.v2ray_protocol,
+		settings = outbound_settings,
+		-- 底层传输配置
+		streamSettings = {
+			network = server.transport or "tcp",
+			security = (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
+			tlsSettings = (server.tls == '1') and {
+				-- tls
+				alpn = server.tls_alpn,
+				fingerprint = server.fingerprint,
+				allowInsecure = (server.insecure == "1"),
+				serverName = server.tls_host,
+				certificates = server.certificate and {
+					usage = "verify",
+					certificateFile = server.certpath
+				} or nil
+			} or nil,
+			realitySettings = (server.reality == '1') and {
+				show = false,
+				publicKey = server.reality_publickey,
+				shortId = server.reality_shortid,
+				spiderX = server.reality_spiderx,
+				fingerprint = server.fingerprint,
+				serverName = server.tls_host
+			} or nil,
+			tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
+				-- tcp
+				header = {
+					type = server.tcp_guise,
+					request = {
+						-- request
+						path = {server.http_path} or {"/"},
+						headers = {Host = {server.http_host} or {}}
+					}
+				}
+			} or nil,
+			kcpSettings = (server.transport == "kcp") and {
+				mtu = tonumber(server.mtu),
+				tti = tonumber(server.tti),
+				uplinkCapacity = tonumber(server.uplink_capacity),
+				downlinkCapacity = tonumber(server.downlink_capacity),
+				congestion = (server.congestion == "1") and true or false,
+				readBufferSize = tonumber(server.read_buffer_size),
+				writeBufferSize = tonumber(server.write_buffer_size),
+				header = {type = server.kcp_guise},
+				seed = server.seed or nil
+			} or nil,
+			wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and {
+				-- ws
+				headers = (server.ws_host or server.tls_host) and {
+					-- headers
+					Host = server.ws_host or server.tls_host
+				} or nil,
+				path = server.ws_path,
+				maxEarlyData = tonumber(server.ws_ed) or nil,
+				earlyDataHeaderName = server.ws_ed_header or nil
+			} or nil,
+			httpSettings = (server.transport == "h2") and {
+				-- h2
+				path = server.h2_path or "",
+				host = {server.h2_host} or nil,
+				read_idle_timeout = tonumber(server.read_idle_timeout) or nil,
+				health_check_timeout = tonumber(server.health_check_timeout) or nil
+			} or nil,
+			quicSettings = (server.transport == "quic") and {
+				-- quic
+				security = server.quic_security,
+				key = server.quic_key,
+				header = {type = server.quic_guise}
+			} or nil,
+			grpcSettings = (server.transport == "grpc") and {
+				-- grpc
+				serviceName = server.serviceName or "",
+				multiMode = (server.grpc_mode == "multi") and true or false,
+				idle_timeout = tonumber(server.idle_timeout) or nil,
+				health_check_timeout = tonumber(server.health_check_timeout) or nil,
+				permit_without_stream = (server.permit_without_stream == "1") and true or nil,
+				initial_windows_size = tonumber(server.initial_windows_size) or nil
+			} or nil
+		},
+		mux = (server.mux == "1" and server.transport ~= "grpc") and {
+			-- mux
+			enabled = true,
+			concurrency = tonumber(server.concurrency)
+		} or nil
+	} or nil
+}
+local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
+local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
+local trojan = {
+	log_level = 3,
+	run_type = (proto == "nat" or proto == "tcp") and "nat" or "client",
+	local_addr = "0.0.0.0",
+	local_port = tonumber(local_port),
+	remote_addr = server.server,
+	remote_port = tonumber(server.server_port),
+	udp_timeout = 60,
+	-- 传入连接
+	password = {server.password},
+	-- 传出连接
+	ssl = {
+		verify = (server.insecure == "0") and true or false,
+		verify_hostname = (server.tls == "1") and true or false,
+		cert = (server.certificate) and server.certpath or nil,
+		cipher = cipher,
+		cipher_tls13 = cipher13,
+		sni = server.tls_host,
+		alpn = server.tls_alpn or {"h2", "http/1.1"},
+		curve = "",
+		reuse_session = true,
+		session_ticket = (server.tls_sessionTicket == "1") and true or false
+	},
+	udp_timeout = 60,
+	tcp = {
+		-- tcp
+		no_delay = true,
+		keep_alive = true,
+		reuse_port = true,
+		fast_open = (server.fast_open == "1") and true or false,
+		fast_open_qlen = 20
+	}
+}
+local naiveproxy = {
+	proxy = (server.username and server.password and server.server and server.server_port) and "https://" .. server.username .. ":" .. server.password .. "@" .. server.server .. ":" .. server.server_port,
+	listen = (proto == "redir") and "redir" .. "://0.0.0.0:" .. tonumber(local_port) or "socks" .. "://0.0.0.0:" .. tonumber(local_port),
+	["insecure-concurrency"] = tonumber(server.concurrency) or 1
+}
+local ss = {
+	server = (server.kcp_enable == "1") and "127.0.0.1" or server.server,
+	server_port = tonumber(server.server_port),
+	local_address = "0.0.0.0",
+	local_port = tonumber(local_port),
+	mode = (proto == "tcp,udp") and "tcp_and_udp" or proto .. "_only",
+	password = server.password,
+	method = server.encrypt_method_ss,
+	timeout = tonumber(server.timeout),
+	fast_open = (server.fast_open == "1") and true or false,
+	reuse_port = true
+}
+local hysteria = {
+	server = server.server_port and (server.server .. ":" .. server.server_port) or (server.server .. ":" .. server.port_range),
+	bandwidth = {
+	up = tonumber(server.uplink_capacity) and tonumber(server.uplink_capacity) .. " mbps" or nil,
+	down = tonumber(server.downlink_capacity) and tonumber(server.downlink_capacity) .. " mbps" or nil 
+	},
+	socks5 = (proto:find("tcp") and tonumber(socks_port) and tonumber(socks_port) ~= 0) and {
+		listen = "0.0.0.0:" .. tonumber(socks_port),
+		disable_udp = false
+	} or nil,
+	transport = {
+		type = server.transport_protocol,
+		udp = { 
+			hopInterval = tonumber(server.hopinterval) and tonumber(server.hopinterval) .. "s" or nil
+		}
+	},
+--[[			
+	tcpTProxy = (proto:find("tcp") and local_port ~= "0") and {
+	listen = "0.0.0.0:" .. tonumber(local_port)
+} or nil,
+]]
+	tcpRedirect = (proto:find("tcp") and local_port ~= "0") and {
+					listen = "0.0.0.0:" .. tonumber(local_port)
+	} or nil,
+	udpTProxy = (proto:find("udp") and local_port ~= "0") and {
+					listen = "0.0.0.0:" .. tonumber(local_port)
+	} or nil,
+	obfs = (server.flag_obfs == "1") and {
+				type = server.obfs_type,
+				salamander = { password = server.salamander }
+	} or nil,
+	quic = (server.flag_quicparam == "1" ) and {
+		initStreamReceiveWindow = (server.initstreamreceivewindow and server.initstreamreceivewindow or nil),
+		maxStreamReceiveWindow = (server.maxstreamseceivewindow and server.maxstreamseceivewindow or nil),
+		initConnReceiveWindow = (server.initconnreceivewindow and server.initconnreceivewindow or nil),
+		maxConnReceiveWindow = (server.maxconnreceivewindow and server.maxconnreceivewindow or nil),
+		maxIdleTimeout = (tonumber(server.maxidletimeout) and tonumber(server.maxidletimeout) .. "s" or nil),
+		keepAlivePeriod = (tonumber(server.keepaliveperiod) and tonumber(server.keepaliveperiod) .. "s" or nil),
+		disable_mtu_discovery = (server.disablepathmtudiscovery == "1") and true or false
+	} or nil,
+	auth = server.hy2_auth,
+	tls = (server.tls_host) and {
+		sni = server.tls_host,
+		insecure = (server.insecure == "1") and true or false,
+		pinSHA256 = (server.insecure == "1") and server.pinsha256 or nil
+	} or {
+		sni = server.server,
+		insecure = (server.insecure == "1") and true or false
+	},
+	fast_open = (server.fast_open == "1") and true or false,
+	lazy = (server.lazy_mode == "1") and true or false
+}
+local shadowtls = {
+	client = {
+		server_addr = server.server_port and server.server .. ":" .. server.server_port or nil,
+		listen = "127.0.0.1:" .. tonumber(local_port),
+		tls_names = server.shadowtls_sni,
+		password = server.password 
+	},
+	v3 = (server.shadowtls_protocol == "v3") and true or false,
+	disable_nodelay = (server.disable_nodelay == "1") and true or false,
+	fastopen = (server.fastopen == "1") and true or false,
+	strict = (server.strict == "1") and true or false
+}
+local chain_sslocal = {
+		locals = local_port ~= "0" and {
+		{
+			local_address = "0.0.0.0",
+			local_port = (chain_local_port == "0" and tonumber(server.local_port) or tonumber(chain_local_port)),
+			mode = (proto:find("tcp,udp") and "tcp_and_udp") or proto .. "_only",
+			protocol = "redir",
+			tcp_redir = "redirect",
+		--tcp_redir = "tproxy",
+			udp_redir = "tproxy"
+		},
+		socks_port ~= "0" and {
+			protocol = "socks",
+			local_address = "0.0.0.0",
+			local_port = tonumber(socks_port)
+		} or nil
+	} or {{ 
+			protocol = "socks",
+			local_address = "0.0.0.0",
+			ocal_port = tonumber(socks_port)
+			}},
+		servers = {
+			{
+				server = "127.0.0.1",
+				server_port = (tonumber(local_port) == 0 and tonumber(chain_local_port) or tonumber(local_port)),
+				method = server.sslocal_method,
+				password = server.sslocal_password
+			}
+		}
+}
+local chain_vmess = {
+	inbounds = (local_port ~= "0") and {
+	{
+		port =  (chain_local_port == "0" and tonumber(server.local_port) or tonumber(chain_local_port)),
+		protocol = "dokodemo-door",
+			settings = {
+			network = proto, 
+			followRedirect = true
+		},
+		streamSettings = {
+			sockopt = {tproxy = "redirect"}
+		},
+		sniffing = {
+			enable = true,
+			destOverride = {"http","tls"}
+		}
+	},
+		(proto:find("tcp") and socks_port ~= "0") and {
+		protocol = "socks",
+		port = tonumber(socks_port)
+		} or nil
+	} or { protocol = "socks",port = tonumber(socks_port) },
+	outbound = {
+		protocol = "vmess",
+		settings = {
+			vnext = {{
+				address = "127.0.0.1",
+				port =  (tonumber(local_port) == 0 and tonumber(chain_local_port) or tonumber(local_port)),
+				users = {{
+				id = (server.vmess_uuid),
+				security = server.vmess_method,
+				level = 0
+				}}
+			}}
+		}
+	}
+}
+local tuic = {
+		relay = {
+			server = server.server_port and server.server .. ":" .. server.server_port,
+			ip = server.tuic_ip,
+			uuid = server.tuic_uuid,
+			password = server.tuic_passwd,
+			certificates = server.certificate and { server.certpath } or nil,
+			udp_relay_mode = server.udp_relay_mode,
+			congestion_control = server.congestion_control,
+			heartbeat = server.heartbeat and server.heartbeat .. "s" or nil,
+			timeout = server.timeout and server.timeout .. "s" or nil,
+			gc_interval = server.gc_interval and server.gc_interval .. "s" or nil,
+			gc_lifetime = server.gc_lifetime and server.gc_lifetime .. "s" or nil,
+			alpn = server.tls_alpn,
+			disable_sni = (server.disable_sni == "1") and true or false,
+			zero_rtt_handshake = (server.zero_rtt_handshake == "1") and true or false,
+			send_window = tonumber(server.send_window),
+			receive_window = tonumber(server.receive_window)
+		},
+		["local"] = {
+			server = tonumber(socks_port) and (server.tuic_dual_stack == "1" and "[::1]:" or "127.0.0.1:")  .. (socks_port == "0" and local_port or tonumber(socks_port)),
+			dual_stack = (server.tuic_dual_stack == "1") and true or false,
+			max_packet_size = tonumber(server.tuic_max_package_size)
+		}
+}
+local config = {}
+function config:new(o)
+	o = o or {}
+	setmetatable(o, self)
+	self.__index = self
+	return o
+end
+function config:handleIndex(index)
+	local switch = {
+		ss = function()
+			ss.protocol = socks_port
+			if server.plugin and server.plugin ~= "none" then
+				ss.plugin = server.plugin
+				ss.plugin_opts = server.plugin_opts or nil
+			end
+			print(json.stringify(ss, 1))
+		end,
+		ssr = function()
+			ss.protocol = server.protocol
+			ss.protocol_param = server.protocol_param
+			ss.method = server.encrypt_method
+			ss.obfs = server.obfs
+			ss.obfs_param = server.obfs_param
+			print(json.stringify(ss, 1))
+		end,
+		v2ray = function()
+			print(json.stringify(Xray, 1))
+		end,
+		trojan = function()
+			print(json.stringify(trojan, 1))
+		end,
+		naiveproxy = function()
+			print(json.stringify(naiveproxy, 1))
+		end,
+		hysteria = function()
+			print(json.stringify(hysteria, 1))
+		end,
+		shadowtls = function()
+			local chain_switch = {
+				sslocal = function()
+					if (chain:find("chain")) then
+						print(json.stringify(chain_sslocal, 1))
+					else
+						print(json.stringify(shadowtls, 1))
+					end
+				end,
+				vmess = function()
+					if (chain:find("chain")) then
+						print(json.stringify(chain_vmess, 1))
+					else
+						print(json.stringify(shadowtls, 1))
+					end
+				end
+			}
+			local ChainType = server.chain_type
+				if chain_switch[ChainType] then
+					chain_switch[ChainType]()
+				end
+			end,
+		tuic = function()
+			print(json.stringify(tuic, 1))
+		end
+	}
+	if switch[index] then
+		switch[index]()
+	end
+end
+local f = config:new()
+f:handleIndex(server.type)
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh
@ -0,0 +1,95 @@
+#!/bin/sh
+argv1=$1
+argv2=$2
+argv3=$3
+argv4=$4
+argv5=$5
+argv6=$6
+argv7=$7
+argv8=$8
+argv9=$9
+cat <<-EOF >$argv1
+	base {
+	log_debug = off;
+	log_info = off;
+	log = stderr;
+	daemon = on;
+	redirector = iptables;
+	reuseport = on;
+	}
+EOF
+tcp() {
+	if [ "$argv7" == "0" ]; then
+		cat <<-EOF >>$argv1
+			redsocks {
+			bind = "0.0.0.0:$argv4";
+			relay = "$argv5:$argv6";
+			type = socks5;
+			autoproxy = 0;
+			timeout = 10;
+			}
+		EOF
+	else
+		cat <<-EOF >>$argv1
+			redsocks {
+			bind = "0.0.0.0:$argv4";
+			relay = "$argv5:$argv6";
+			type = socks5;
+			autoproxy = 0;
+			timeout = 10;
+			login = "$argv8";
+			password = "$argv9";
+			}
+		EOF
+	fi
+}
+udp() {
+	if [ "$argv7" == "0" ]; then
+		cat <<-EOF >>$argv1
+			redudp {
+			bind = "0.0.0.0:$argv4";
+			relay = "$argv5:$argv6";
+			type = socks5;
+			udp_timeout = 10;
+			}
+		EOF
+	else
+		cat <<-EOF >>$argv1
+			redudp {
+			bind = "0.0.0.0:$argv4";
+			relay = "$argv5:$argv6";
+			type = socks5;
+			udp_timeout = 10;
+			login = "$argv8";
+			password = "$argv9";
+			}
+		EOF
+	fi
+}
+case "$argv2" in
+socks5)
+	case "$argv3" in
+	tcp)
+		tcp
+		;;
+	udp)
+		udp
+		;;
+	*)
+		tcp
+		udp
+		;;
+	esac
+	;;
+*)
+	cat <<-EOF >>$argv1
+		redsocks {
+		bind = "0.0.0.0:$argv4";
+		type = direct;
+		interface = $argv3;
+		autoproxy = 0;
+		timeout = 10;
+		}
+	EOF
+	;;
+esac
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/geodata_update.sh
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/geodata_update.sh
@ -0,0 +1,44 @@
+#!/bin/sh
+
+rm -rf /tmp/geo*
+
+#wget --no-check-certificate -q -O /tmp/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
+wget --no-check-certificate -q -O /tmp/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
+
+remove_full_string() {
+    temp_file="$(echo "$1" | awk -F '.' '{print $1"-temp."$2}')"
+    temp_file2="$(echo "$1" | awk -F '.' '{print $1"-temp2."$2}')"
+    cat $1 | grep 'full:' | awk -F 'full:' '{print $2}' > $temp_file
+    cat $1 | grep -v 'full:' > $temp_file2
+    cat $temp_file $temp_file2 | sort -u | uniq -u > $1
+    rm -rf $temp_file $temp_file2
+}
+
+clean_up() {
+    temp_file="$(echo "$1" | awk -F '.' '{print $1"-temp."$2}')"
+    diff $1 $2 | grep '< ' | awk -F '< ' '{print $2}' > $temp_file
+    mv $temp_file $1
+}
+
+merge_file() {
+    temp_file="/tmp/merged"
+    cat $1 $2 | sort -u | uniq -u > $temp_file
+    mv $temp_file $2
+}
+
+if [ -f "/tmp/geosite.dat" ]; then
+    #v2dat unpack geosite -o /tmp/ -f cn -f apple-cn -f google-cn -f geolocation-!cn /tmp/geosite.dat
+    v2dat unpack geosite -o /tmp/ -f cn -f google-cn -f geolocation-!cn /tmp/geosite.dat
+    remove_full_string /tmp/geosite_cn.txt
+    #remove_full_string /tmp/geosite_apple-cn.txt
+    remove_full_string /tmp/geosite_google-cn.txt
+    remove_full_string /tmp/geosite_geolocation-!cn.txt
+    clean_up /tmp/geosite_cn.txt /tmp/geosite_google-cn.txt
+    merge_file /tmp/geosite_google-cn.txt /tmp/geosite_geolocation-!cn.txt
+    mv /tmp/geosite_cn.txt /etc/ssrplus/mosdns-chinadns/geosite_cn.txt
+    mv /tmp/geosite_geolocation-!cn.txt /etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt
+    rm -rf /tmp/geosite*
+    echo 111
+else
+    echo 000
+fi
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh
@ -0,0 +1,47 @@
+#!/bin/sh
+. $IPKG_INSTROOT/etc/init.d/shadowsocksr
+netflix() {
+	if [ -f "$TMP_DNSMASQ_PATH/gfw_list.conf" ]; then
+		for line in $(cat /etc/ssrplus/netflix.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done
+		for line in $(cat /etc/ssrplus/netflix.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done
+	fi
+	cat /etc/ssrplus/netflix.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/server=\/&\/127.0.0.1#$1\nipset=\/&\/netflix/" >$TMP_DNSMASQ_PATH/netflix_forward.conf
+}
+mkdir -p $TMP_DNSMASQ_PATH
+if [ "$(uci_get_by_type global run_mode router)" == "oversea" ]; then
+	cp -rf /etc/ssrplus/oversea_list.conf $TMP_DNSMASQ_PATH/
+else
+	cp -rf /etc/ssrplus/gfw_list.conf $TMP_DNSMASQ_PATH/
+	cp -rf /etc/ssrplus/gfw_base.conf $TMP_DNSMASQ_PATH/
+fi
+case "$(uci_get_by_type global netflix_server nil)" in
+nil)
+	rm -f $TMP_DNSMASQ_PATH/netflix_forward.conf
+	;;
+$(uci_get_by_type global global_server nil) | $switch_server | same)
+	netflix $dns_port
+	;;
+*)
+	netflix $tmp_shunt_dns_port
+	;;
+esac
+for line in $(cat /etc/ssrplus/black.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done
+for line in $(cat /etc/ssrplus/black.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done
+for line in $(cat /etc/ssrplus/white.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done
+for line in $(cat /etc/ssrplus/white.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done
+for line in $(cat /etc/ssrplus/deny.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done
+for line in $(cat /etc/ssrplus/deny.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done
+cat /etc/ssrplus/black.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/server=\/&\/127.0.0.1#$dns_port\nipset=\/&\/blacklist/" >$TMP_DNSMASQ_PATH/blacklist_forward.conf
+cat /etc/ssrplus/white.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/server=\/&\/127.0.0.1\nipset=\/&\/whitelist/" >$TMP_DNSMASQ_PATH/whitelist_forward.conf
+cat /etc/ssrplus/deny.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/address=\/&\//" >$TMP_DNSMASQ_PATH/denylist.conf
+if [ "$(uci_get_by_type global adblock 0)" == "1" ]; then
+	cp -f /etc/ssrplus/ad.conf $TMP_DNSMASQ_PATH/
+	if [ -f "$TMP_DNSMASQ_PATH/ad.conf" ]; then
+		for line in $(cat /etc/ssrplus/black.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done
+		for line in $(cat /etc/ssrplus/white.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done
+		for line in $(cat /etc/ssrplus/deny.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done
+		for line in $(cat /etc/ssrplus/netflix.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done
+	fi
+else
+	rm -f $TMP_DNSMASQ_PATH/ad.conf
+fi
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh
@ -0,0 +1,6 @@
+#!/bin/sh
+/usr/bin/lua /usr/share/shadowsocksr/update.lua
+sleep 2s
+/usr/share/shadowsocksr/chinaipset.sh /var/etc/ssrplus/china_ssr.txt
+sleep 2s
+/usr/bin/lua /usr/share/shadowsocksr/subscribe.lua
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
@ -0,0 +1,631 @@
+#!/usr/bin/lua
+
+------------------------------------------------
+-- This file is part of the luci-app-ssr-plus subscribe.lua
+-- @author William Chan <root@williamchan.me>
+------------------------------------------------
+require "luci.model.uci"
+require "nixio"
+require "luci.util"
+require "luci.sys"
+require "luci.jsonc"
+require "luci.model.ipkg"
+-- these global functions are accessed all the time by the event handler
+-- so caching them is worth the effort
+local tinsert = table.insert
+local ssub, slen, schar, sbyte, sformat, sgsub = string.sub, string.len, string.char, string.byte, string.format, string.gsub
+local jsonParse, jsonStringify = luci.jsonc.parse, luci.jsonc.stringify
+local b64decode = nixio.bin.b64decode
+local URL = require "url"
+local cache = {}
+local nodeResult = setmetatable({}, {__index = cache}) -- update result
+local name = 'shadowsocksr'
+local uciType = 'servers'
+local ucic = luci.model.uci.cursor()
+local proxy = ucic:get_first(name, 'server_subscribe', 'proxy', '0')
+local switch = ucic:get_first(name, 'server_subscribe', 'switch', '1')
+local subscribe_url = ucic:get_first(name, 'server_subscribe', 'subscribe_url', {})
+local filter_words = ucic:get_first(name, 'server_subscribe', 'filter_words', '过期时间/剩余流量')
+local save_words = ucic:get_first(name, 'server_subscribe', 'save_words', '')
+local v2_ss = luci.sys.exec('type -t -p ss-redir sslocal') ~= "" and "ss" or "v2ray"
+local v2_tj = luci.sys.exec('type -t -p trojan') ~= "" and "trojan" or "v2ray"
+local log = function(...)
+	print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " "))
+end
+local encrypt_methods_ss = {
+	-- plain
+	"none",
+	"plain",
+	-- aead
+	"aes-128-gcm",
+	"aes-192-gcm",
+	"aes-256-gcm",
+	"chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
+	--[[ stream
+	"table",
+	"rc4",
+	"rc4-md5",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf" ]]
+}
+-- 分割字符串
+local function split(full, sep)
+	full = full:gsub("%z", "") -- 这里不是很清楚 有时候结尾带个\0
+	local off, result = 1, {}
+	while true do
+		local nStart, nEnd = full:find(sep, off)
+		if not nEnd then
+			local res = ssub(full, off, slen(full))
+			if #res > 0 then -- 过滤掉 \0
+				tinsert(result, res)
+			end
+			break
+		else
+			tinsert(result, ssub(full, off, nStart - 1))
+			off = nEnd + 1
+		end
+	end
+	return result
+end
+-- urlencode
+local function get_urlencode(c)
+	return sformat("%%%02X", sbyte(c))
+end
+
+local function urlEncode(szText)
+	local str = szText:gsub("([^0-9a-zA-Z ])", get_urlencode)
+	str = str:gsub(" ", "+")
+	return str
+end
+
+local function get_urldecode(h)
+	return schar(tonumber(h, 16))
+end
+local function UrlDecode(szText)
+	return szText:gsub("+", " "):gsub("%%(%x%x)", get_urldecode)
+end
+
+-- trim
+local function trim(text)
+	if not text or text == "" then
+		return ""
+	end
+	return (sgsub(text, "^%s*(.-)%s*$", "%1"))
+end
+-- md5
+local function md5(content)
+	local stdout = luci.sys.exec('echo \"' .. urlEncode(content) .. '\" | md5sum | cut -d \" \" -f1')
+	-- assert(nixio.errno() == 0)
+	return trim(stdout)
+end
+-- base64
+local function base64Decode(text)
+	local raw = text
+	if not text then
+		return ''
+	end
+	text = text:gsub("%z", "")
+	text = text:gsub("_", "/")
+	text = text:gsub("-", "+")
+	local mod4 = #text % 4
+	text = text .. string.sub('====', mod4 + 1)
+	local result = b64decode(text)
+	if result then
+		return result:gsub("%z", "")
+	else
+		return raw
+	end
+end
+-- 检查数组(table)中是否存在某个字符值
+-- https://www.04007.cn/article/135.html
+local function checkTabValue(tab)
+	local revtab = {}
+	for k,v in pairs(tab) do
+		revtab[v] = true
+	end
+	return revtab
+end
+-- 处理数据
+local function processData(szType, content)
+	local result = {type = szType, local_port = 1234, kcp_param = '--nocomp'}
+	if szType == 'ssr' then
+		local dat = split(content, "/%?")
+		local hostInfo = split(dat[1], ':')
+		result.type = 'ssr'
+		result.server = hostInfo[1]
+		result.server_port = hostInfo[2]
+		result.protocol = hostInfo[3]
+		result.encrypt_method = hostInfo[4]
+		result.obfs = hostInfo[5]
+		result.password = base64Decode(hostInfo[6])
+		local params = {}
+		for _, v in pairs(split(dat[2], '&')) do
+			local t = split(v, '=')
+			params[t[1]] = t[2]
+		end
+		result.obfs_param = base64Decode(params.obfsparam)
+		result.protocol_param = base64Decode(params.protoparam)
+		local group = base64Decode(params.group)
+		if group then
+			result.alias = "[" .. group .. "] "
+		end
+		result.alias = result.alias .. base64Decode(params.remarks)
+	elseif szType == 'vmess' then
+		local info = jsonParse(content)
+		result.type = 'v2ray'
+		result.v2ray_protocol = 'vmess'
+		result.server = info.add
+		result.server_port = info.port
+		result.transport = info.net
+		result.vmess_id = info.id
+		result.alias = info.ps
+		-- result.mux = 1
+		-- result.concurrency = 8
+		if info.net == 'ws' then
+			result.ws_host = info.host
+			result.ws_path = info.path
+		end
+		if info.net == 'h2' then
+			result.h2_host = info.host
+			result.h2_path = info.path
+		end
+		if info.net == 'tcp' then
+			if info.type and info.type ~= "http" then
+				info.type = "none"
+			end
+			result.tcp_guise = info.type
+			result.http_host = info.host
+			result.http_path = info.path
+		end
+		if info.net == 'kcp' then
+			result.kcp_guise = info.type
+			result.mtu = 1350
+			result.tti = 50
+			result.uplink_capacity = 5
+			result.downlink_capacity = 20
+			result.read_buffer_size = 2
+			result.write_buffer_size = 2
+		end
+		if info.net == 'grpc' then
+			if info.path then
+				result.serviceName = info.path
+			elseif info.serviceName then
+				result.serviceName = info.serviceName
+			end
+		end
+		if info.net == 'quic' then
+			result.quic_guise = info.type
+			result.quic_key = info.key
+			result.quic_security = info.securty
+		end
+		if info.security then
+			result.security = info.security
+		end
+		if info.tls == "tls" or info.tls == "1" then
+			result.tls = "1"
+			if info.sni and info.sni ~= "" then
+				result.tls_host = info.sni
+			elseif info.host then
+				result.tls_host = info.host
+			end
+			result.insecure = 1
+		else
+			result.tls = "0"
+		end
+		-- https://www.v2fly.org/config/protocols/vmess.html#vmess-md5-认证信息-淘汰机制
+		if info.aid and (tonumber(info.aid) > 0) then
+			result.server = nil
+		end
+	elseif szType == "ss" then
+		local idx_sp = 0
+		local alias = ""
+		if content:find("#") then
+			idx_sp = content:find("#")
+			alias = content:sub(idx_sp + 1, -1)
+		end
+		local info = content:sub(1, idx_sp - 1)
+		local hostInfo = split(base64Decode(info), "@")
+		local host = split(hostInfo[2], ":")
+		local userinfo = base64Decode(hostInfo[1])
+		local method = userinfo:sub(1, userinfo:find(":") - 1)
+		local password = userinfo:sub(userinfo:find(":") + 1, #userinfo)
+		result.alias = UrlDecode(alias)
+		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
+		result.encrypt_method_ss = method
+		result.password = password
+		result.server = host[1]
+		if host[2]:find("/%?") then
+			local query = split(host[2], "/%?")
+			result.server_port = query[1]
+			local params = {}
+			for _, v in pairs(split(query[2], '&')) do
+				local t = split(v, '=')
+				params[t[1]] = t[2]
+			end
+			if params.plugin then
+				local plugin_info = UrlDecode(params.plugin)
+				local idx_pn = plugin_info:find(";")
+				if idx_pn then
+					result.plugin = plugin_info:sub(1, idx_pn - 1)
+					result.plugin_opts = plugin_info:sub(idx_pn + 1, #plugin_info)
+				else
+					result.plugin = plugin_info
+				end
+				-- 部分机场下发的插件名为 simple-obfs，这里应该改为 obfs-local
+				if result.plugin == "simple-obfs" then
+					result.plugin = "obfs-local"
+				end
+			end
+		else
+			result.server_port = host[2]:gsub("/","")
+		end
+		if not checkTabValue(encrypt_methods_ss)[method] then
+			-- 1202 年了还不支持 SS AEAD 的屑机场
+			result.server = nil
+		end
+	elseif szType == "sip008" then
+		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
+		result.server = content.server
+		result.server_port = content.server_port
+		result.password = content.password
+		result.encrypt_method_ss = content.method
+		result.plugin = content.plugin
+		result.plugin_opts = content.plugin_opts
+		result.alias = content.remarks
+		if not checkTabValue(encrypt_methods_ss)[content.method] then
+			result.server = nil
+		end
+	elseif szType == "ssd" then
+		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
+		result.server = content.server
+		result.server_port = content.port
+		result.password = content.password
+		result.encrypt_method_ss = content.method
+		result.plugin_opts = content.plugin_options
+		result.alias = "[" .. content.airport .. "] " .. content.remarks
+		if content.plugin == "simple-obfs" then
+			result.plugin = "obfs-local"
+		else
+			result.plugin = content.plugin
+		end
+		if not checkTabValue(encrypt_methods_ss)[content.encryption] then
+			result.server = nil
+		end
+	elseif szType == "trojan" then
+		local idx_sp = 0
+		local alias = ""
+		if content:find("#") then
+			idx_sp = content:find("#")
+			alias = content:sub(idx_sp + 1, -1)
+		end
+		local info = content:sub(1, idx_sp - 1)
+		local hostInfo = split(info, "@")
+		local host = split(hostInfo[2], ":")
+		local userinfo = hostInfo[1]
+		local password = userinfo
+		result.alias = UrlDecode(alias)
+		result.type = v2_tj
+		result.v2ray_protocol = "trojan"
+		result.server = host[1]
+		-- 按照官方的建议 默认验证ssl证书
+		result.insecure = "0"
+		result.tls = "1"
+		if host[2]:find("?") then
+			local query = split(host[2], "?")
+			result.server_port = query[1]
+			local params = {}
+			for _, v in pairs(split(query[2], '&')) do
+				local t = split(v, '=')
+				params[t[1]] = t[2]
+			end
+			if params.sni then
+				-- 未指定peer（sni）默认使用remote addr
+				result.tls_host = params.sni
+			end
+		else
+			result.server_port = host[2]
+		end
+		result.password = password
+	elseif szType == "vless" then
+		local url = URL.parse("http://" .. content)
+		local params = url.query
+
+		result.alias = url.fragment and UrlDecode(url.fragment) or nil
+		result.type = "v2ray"
+		result.v2ray_protocol = "vless"
+		result.server = url.host
+		result.server_port = url.port
+		result.vmess_id = url.user
+		result.vless_encryption = params.encryption or "none"
+		result.transport = params.type or "tcp"
+		result.tls = (params.security == "tls" or params.security == "xtls") and "1" or "0"
+		result.tls_host = params.sni
+		result.tls_flow = (params.security == "tls" or params.security == "reality") and params.flow or nil
+		result.fingerprint = params.fp
+		result.reality = (params.security == "reality") and "1" or "0"
+		result.reality_publickey = params.pbk and UrlDecode(params.pbk) or nil
+		result.reality_shortid = params.sid
+		result.reality_spiderx = params.spx and UrlDecode(params.spx) or nil
+		if result.transport == "ws" then
+			result.ws_host = (result.tls ~= "1") and (params.host and UrlDecode(params.host)) or nil
+			result.ws_path = params.path and UrlDecode(params.path) or "/"
+		-- make it compatible with bullshit, "h2" transport is non-existent at all
+		elseif result.transport == "http" or result.transport == "h2" then
+			result.transport = "h2"
+			result.h2_host = params.host and UrlDecode(params.host) or nil
+			result.h2_path = params.path and UrlDecode(params.path) or nil
+		elseif result.transport == "kcp" then
+			result.kcp_guise = params.headerType or "none"
+			result.seed = params.seed
+			result.mtu = 1350
+			result.tti = 50
+			result.uplink_capacity = 5
+			result.downlink_capacity = 20
+			result.read_buffer_size = 2
+			result.write_buffer_size = 2
+		elseif result.transport == "quic" then
+			result.quic_guise = params.headerType or "none"
+			result.quic_security = params.quicSecurity or "none"
+			result.quic_key = params.key
+		elseif result.transport == "grpc" then
+			result.serviceName = params.serviceName
+			result.grpc_mode = params.mode or "gun"
+		elseif result.transport == "tcp" then
+			result.tcp_guise = params.headerType or "none"
+			if result.tcp_guise == "http" then
+				result.tcp_host = params.host and UrlDecode(params.host) or nil
+				result.tcp_path = params.path and UrlDecode(params.path) or nil
+			end
+		end
+	end
+	if not result.alias then
+		if result.server and result.server_port then
+			result.alias = result.server .. ':' .. result.server_port
+		else
+			result.alias = "NULL"
+		end
+	end
+	-- alias 不参与 hashkey 计算
+	local alias = result.alias
+	result.alias = nil
+	local switch_enable = result.switch_enable
+	result.switch_enable = nil
+	result.hashkey = md5(jsonStringify(result))
+	result.alias = alias
+	result.switch_enable = switch_enable
+	return result
+end
+-- wget
+local function wget(url)
+	local stdout = luci.sys.exec('wget -q --user-agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36" --no-check-certificate -O- "' .. url .. '"')
+	return trim(stdout)
+end
+
+local function check_filer(result)
+	do
+		-- 过滤的关键词列表
+		local filter_word = split(filter_words, "/")
+		-- 保留的关键词列表
+		local check_save = false
+		if save_words ~= nil and save_words ~= "" and save_words ~= "NULL" then
+			check_save = true
+		end
+		local save_word = split(save_words, "/")
+
+		-- 检查结果
+		local filter_result = false
+		local save_result = true
+
+		-- 检查是否存在过滤关键词
+		for i, v in pairs(filter_word) do
+			if tostring(result.alias):find(v, nil, true) then
+				filter_result = true
+			end
+		end
+
+		-- 检查是否打开了保留关键词检查，并且进行过滤
+		if check_save == true then
+			for i, v in pairs(save_word) do
+				if tostring(result.alias):find(v, nil, true) then
+					save_result = false
+				end
+			end
+		else
+			save_result = false
+		end
+
+		-- 不等时返回
+		if filter_result == true or save_result == true then
+			return true
+		else
+			return false
+		end
+	end
+end
+
+local execute = function()
+	-- exec
+	do
+		if proxy == '0' then -- 不使用代理更新的话先暂停
+			log('服务正在暂停')
+			luci.sys.init.stop(name)
+		end
+		for k, url in ipairs(subscribe_url) do
+			local raw = wget(url)
+			if #raw > 0 then
+				local nodes, szType
+				local groupHash = md5(url)
+				cache[groupHash] = {}
+				tinsert(nodeResult, {})
+				local index = #nodeResult
+				-- SSD 似乎是这种格式 ssd:// 开头的
+				if raw:find('ssd://') then
+					szType = 'ssd'
+					local nEnd = select(2, raw:find('ssd://'))
+					nodes = base64Decode(raw:sub(nEnd + 1, #raw))
+					nodes = jsonParse(nodes)
+					local extra = {airport = nodes.airport, port = nodes.port, encryption = nodes.encryption, password = nodes.password}
+					local servers = {}
+					-- SS里面包着 干脆直接这样
+					for _, server in ipairs(nodes.servers) do
+						tinsert(servers, setmetatable(server, {__index = extra}))
+					end
+					nodes = servers
+				-- SS SIP008 直接使用 Json 格式
+				elseif jsonParse(raw) then
+					nodes = jsonParse(raw).servers or jsonParse(raw)
+					if nodes[1].server and nodes[1].method then
+						szType = 'sip008'
+					end
+				else
+					-- ssd 外的格式
+					nodes = split(base64Decode(raw):gsub(" ", "_"), "\n")
+				end
+				for _, v in ipairs(nodes) do
+					if v then
+						local result
+						if szType then
+							result = processData(szType, v)
+						elseif not szType then
+							local node = trim(v)
+							local dat = split(node, "://")
+							if dat and dat[1] and dat[2] then
+								local dat3 = ""
+								if dat[3] then
+									dat3 = "://" .. dat[3]
+								end
+								if dat[1] == 'ss' or dat[1] == 'trojan' then
+									result = processData(dat[1], dat[2] .. dat3)
+								else
+									result = processData(dat[1], base64Decode(dat[2]))
+								end
+							end
+						else
+							log('跳过未知类型: ' .. szType)
+						end
+						-- log(result)
+						if result then
+							-- 中文做地址的 也没有人拿中文域名搞，就算中文域也有Puny Code SB 机场
+							if not result.server or not result.server_port or result.alias == "NULL" or check_filer(result) or result.server:match("[^0-9a-zA-Z%-_%.%s]") or cache[groupHash][result.hashkey] then
+								log('丢弃无效节点: ' .. result.type .. ' 节点, ' .. result.alias)
+							else
+								-- log('成功解析: ' .. result.type ..' 节点, ' .. result.alias)
+								result.grouphashkey = groupHash
+								tinsert(nodeResult[index], result)
+								cache[groupHash][result.hashkey] = nodeResult[index][#nodeResult[index]]
+							end
+						end
+					end
+				end
+				log('成功解析节点数量: ' .. #nodes)
+			else
+				log(url .. ': 获取内容为空')
+			end
+		end
+	end
+	-- diff
+	do
+		if next(nodeResult) == nil then
+			log("更新失败，没有可用的节点信息")
+			if proxy == '0' then
+				luci.sys.init.start(name)
+				log('订阅失败, 恢复服务')
+			end
+			return
+		end
+		local add, del = 0, 0
+		ucic:foreach(name, uciType, function(old)
+			if old.grouphashkey or old.hashkey then -- 没有 hash 的不参与删除
+				if not nodeResult[old.grouphashkey] or not nodeResult[old.grouphashkey][old.hashkey] then
+					ucic:delete(name, old['.name'])
+					del = del + 1
+				else
+					local dat = nodeResult[old.grouphashkey][old.hashkey]
+					ucic:tset(name, old['.name'], dat)
+					-- 标记一下
+					setmetatable(nodeResult[old.grouphashkey][old.hashkey], {__index = {_ignore = true}})
+				end
+			else
+				if not old.alias then
+					if old.server or old.server_port then
+						old.alias = old.server .. ':' .. old.server_port
+						log('忽略手动添加的节点: ' .. old.alias)
+					else
+						ucic:delete(name, old['.name'])
+					end
+				else
+					log('忽略手动添加的节点: ' .. old.alias)
+				end
+			end
+		end)
+		for k, v in ipairs(nodeResult) do
+			for kk, vv in ipairs(v) do
+				if not vv._ignore then
+					local section = ucic:add(name, uciType)
+					ucic:tset(name, section, vv)
+					ucic:set(name, section, "switch_enable", switch)
+					add = add + 1
+				end
+			end
+		end
+		ucic:commit(name)
+		-- 如果原有服务器节点已经不见了就尝试换为第一个节点
+		local globalServer = ucic:get_first(name, 'global', 'global_server', '')
+		if globalServer ~= "nil" then
+			local firstServer = ucic:get_first(name, uciType)
+			if firstServer then
+				if not ucic:get(name, globalServer) then
+					luci.sys.call("/etc/init.d/" .. name .. " stop > /dev/null 2>&1 &")
+					ucic:commit(name)
+					ucic:set(name, ucic:get_first(name, 'global'), 'global_server', ucic:get_first(name, uciType))
+					ucic:commit(name)
+					log('当前主服务器节点已被删除，正在自动更换为第一个节点。')
+					luci.sys.call("/etc/init.d/" .. name .. " start > /dev/null 2>&1 &")
+				else
+					log('维持当前主服务器节点。')
+					luci.sys.call("/etc/init.d/" .. name .. " restart > /dev/null 2>&1 &")
+				end
+			else
+				log('没有服务器节点了，停止服务')
+				luci.sys.call("/etc/init.d/" .. name .. " stop > /dev/null 2>&1 &")
+			end
+		end
+		log('新增节点数量: ' .. add, '删除节点数量: ' .. del)
+		log('订阅更新成功')
+	end
+end
+
+if subscribe_url and #subscribe_url > 0 then
+	xpcall(execute, function(e)
+		log(e)
+		log(debug.traceback())
+		log('发生错误, 正在恢复服务')
+		local firstServer = ucic:get_first(name, uciType)
+		if firstServer then
+			luci.sys.call("/etc/init.d/" .. name .. " restart > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早
+			log('重启服务成功')
+		else
+			luci.sys.call("/etc/init.d/" .. name .. " stop > /dev/null 2>&1 &") -- 不加&的话日志会出现的更早
+			log('停止服务成功')
+		end
+	end)
+end
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
@ -0,0 +1,208 @@
+#!/usr/bin/lua
+
+------------------------------------------------
+-- This file is part of the luci-app-ssr-plus update.lua
+-- By Mattraks
+------------------------------------------------
+require "luci.sys"
+require "luci.model.uci"
+local icount = 0
+local args = arg[1]
+local uci = luci.model.uci.cursor()
+local TMP_DNSMASQ_PATH = "/tmp/dnsmasq.d/dnsmasq-ssrplus.d"
+local TMP_PATH = "/var/etc/ssrplus"
+-- match comments/title/whitelist/ip address/excluded_domain
+local comment_pattern = "^[!\\[@]+"
+local ip_pattern = "^%d+%.%d+%.%d+%.%d+"
+local domain_pattern = "([%w%-%_]+%.[%w%.%-%_]+)[%/%*]*"
+local excluded_domain = {"apple.com", "sina.cn", "sina.com.cn", "baidu.com", "byr.cn", "jlike.com", "weibo.com", "zhongsou.com", "youdao.com", "sogou.com", "so.com", "soso.com", "aliyun.com", "taobao.com", "jd.com", "qq.com"}
+-- gfwlist parameter
+local mydnsip = '127.0.0.1'
+local mydnsport = '5335'
+local ipsetname = 'gfwlist'
+local bc = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
+-- base64decoding
+local function base64_dec(data)
+	data = string.gsub(data, '[^' .. bc .. '=]', '')
+	return (data:gsub('.', function(x)
+		if (x == '=') then
+			return ''
+		end
+		local r, f = '', (bc:find(x) - 1)
+		for i = 6, 1, -1 do
+			r = r .. (f % 2 ^ i - f % 2 ^ (i - 1) > 0 and '1' or '0')
+		end
+		return r;
+	end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x)
+		if (#x ~= 8) then
+			return ''
+		end
+		local c = 0
+		for i = 1, 8 do
+			c = c + (x:sub(i, i) == '1' and 2 ^ (8 - i) or 0)
+		end
+		return string.char(c)
+	end))
+end
+-- check excluded domain
+local function check_excluded_domain(value)
+	for k, v in ipairs(excluded_domain) do
+		if value:find(v) then
+			return true
+		end
+	end
+end
+-- gfwlist转码至dnsmasq格式
+local function generate_gfwlist(type)
+	local domains = {}
+	local out = io.open("/tmp/ssr-update." .. type, "w")
+	for line in io.lines("/tmp/ssr-update.tmp") do
+		if not (string.find(line, comment_pattern) or string.find(line, ip_pattern) or check_excluded_domain(line)) then
+			local start, finish, match = string.find(line, domain_pattern)
+			if (start) then
+				domains[match] = true
+			end
+		end
+	end
+	for k, v in pairs(domains) do
+		out:write(string.format("server=/%s/%s#%s\n", k, mydnsip, mydnsport))
+		out:write(string.format("ipset=/%s/%s\n", k, ipsetname))
+	end
+	out:close()
+	os.remove("/tmp/ssr-update.tmp")
+end
+
+-- adblock转码至dnsmasq格式
+local function generate_adblock(type)
+	local domains = {}
+	local out = io.open("/tmp/ssr-update." .. type, "w")
+	for line in io.lines("/tmp/ssr-update.tmp") do
+		if not (string.find(line, comment_pattern)) then
+			local start, finish, match = string.find(line, domain_pattern)
+			if (start) then
+				domains[match] = true
+			end
+		end
+	end
+	for k, v in pairs(domains) do
+		out:write(string.format("address=/%s/\n", k))
+	end
+	out:close()
+	os.remove("/tmp/ssr-update.tmp")
+end
+
+local log = function(...)
+	if args then
+		print("{ret=" .. table.concat({...}, ",retcount=") .. "}")
+	else
+		print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " "))
+	end
+end
+
+local function update(url, file, type, file2)
+	local Num = 1
+	local refresh_cmd = "wget --no-check-certificate -q -O /tmp/ssr-update." .. type .. " " .. url
+	local sret = luci.sys.call(refresh_cmd)
+	if sret == 0 then
+		if type == "gfw_data" then
+			local gfwlist = io.open("/tmp/ssr-update." .. type, "r")
+			local decode = gfwlist:read("*a")
+			if not decode:find("google") then
+				decode = base64_dec(decode)
+			end
+			gfwlist:close()
+			-- 写回gfwlist
+			gfwlist = io.open("/tmp/ssr-update.tmp", "w")
+			gfwlist:write(decode)
+			gfwlist:close()
+			generate_gfwlist(type)
+			Num = 2
+		end
+		if type == "ad_data" then
+			local adblock = io.open("/tmp/ssr-update." .. type, "r")
+			local decode = adblock:read("*a")
+			if decode:find("address=") then
+				adblock:close()
+			else
+				adblock:close()
+				-- 写回adblock
+				adblock = io.open("/tmp/ssr-update.tmp", "w")
+				adblock:write(decode)
+				adblock:close()
+				generate_adblock(type)
+			end
+		end
+		local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/ssr-update." .. type .. "' ] && md5sum /tmp/ssr-update." .. type .. " | awk '{print $1}')")
+		local old_md5 = luci.sys.exec("echo -n $([ -f '" .. file .. "' ] && md5sum " .. file .. " | awk '{print $1}')")
+		if new_md5 == old_md5 then
+			if args then
+				log(1)
+			else
+				log("你已经是最新数据，无需更新！")
+			end
+		else
+			icount = luci.sys.exec("cat /tmp/ssr-update." .. type .. " | wc -l")
+			luci.sys.exec("cp -f /tmp/ssr-update." .. type .. " " .. file)
+			if file2 then
+				luci.sys.exec("cp -f /tmp/ssr-update." .. type .. " " .. file2)
+			end
+			if type == "gfw_data" or type == "ad_data" then
+				luci.sys.call("/usr/share/shadowsocksr/gfw2ipset.sh")
+			else
+				luci.sys.call("/usr/share/shadowsocksr/chinaipset.sh " .. TMP_PATH .. "/china_ssr.txt")
+			end
+			if args then
+				log(0, tonumber(icount) / Num)
+			else
+				log("更新成功！ 新的总纪录数：" .. tostring(tonumber(icount) / Num))
+			end
+		end
+	else
+		if args then
+			log(-1)
+		else
+			log("更新失败！")
+		end
+	end
+	os.remove("/tmp/ssr-update." .. type)
+end
+
+if args then
+	if args == "gfw_data" then
+		update(uci:get_first("shadowsocksr", "global", "gfwlist_url"), "/etc/ssrplus/gfw_list.conf", args, TMP_DNSMASQ_PATH .. "/gfw_list.conf")
+		os.exit(0)
+	end
+	if args == "ip_data" then
+		update(uci:get_first("shadowsocksr", "global", "chnroute_url"), "/etc/ssrplus/china_ssr.txt", args, TMP_PATH .. "/china_ssr.txt")
+		os.exit(0)
+	end
+	if args == "ad_data" then
+		update(uci:get_first("shadowsocksr", "global", "adblock_url"), "/etc/ssrplus/ad.conf", args, TMP_DNSMASQ_PATH .. "/ad.conf")
+		os.exit(0)
+	end
+	if args == "nfip_data" then
+		update(uci:get_first("shadowsocksr", "global", "nfip_url"), "/etc/ssrplus/netflixip.list", args)
+		os.exit(0)
+	end
+	if args == "geo_data" then
+		string = luci.sys.exec("/usr/share/shadowsocksr/geodata_update.sh")
+		if string.find(string, "111") then
+			icount = luci.sys.exec("cat /etc/ssrplus/mosdns-chinadns/geosite* | wc -l")
+			log(0, tonumber(icount))
+		else
+			log(-1)
+		end
+		os.exit(0)
+	end
+else
+	log("正在更新【GFW列表】数据库")
+	update(uci:get_first("shadowsocksr", "global", "gfwlist_url"), "/etc/ssrplus/gfw_list.conf", "gfw_data", TMP_DNSMASQ_PATH .. "/gfw_list.conf")
+	log("正在更新【国内IP段】数据库")
+	update(uci:get_first("shadowsocksr", "global", "chnroute_url"), "/etc/ssrplus/china_ssr.txt", "ip_data", TMP_PATH .. "/china_ssr.txt")
+	if uci:get_first("shadowsocksr", "global", "adblock", "0") == "1" then
+		log("正在更新【广告屏蔽】数据库")
+		update(uci:get_first("shadowsocksr", "global", "adblock_url"), "/etc/ssrplus/ad.conf", "ad_data", TMP_DNSMASQ_PATH .. "/ad.conf")
+	end
+	-- log("正在更新【Netflix IP段】数据库")
+	-- update(uci:get_first("shadowsocksr", "global", "nfip_url"), "/etc/ssrplus/netflixip.list", "nfip_data")
+end