diff --git a/adguardhome/Makefile b/adguardhome/Makefile index eec9b4868..6cd89d6ca 100644 --- a/adguardhome/Makefile +++ b/adguardhome/Makefile @@ -6,11 +6,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adguardhome -PKG_VERSION:=0.107.6 -PKG_RELEASE:=48 +PKG_VERSION:=0.107.7 +PKG_RELEASE:=49 PKG_SOURCE_PROTO:=git -PKG_SOURCE_VERSION:=368a98fb296da349ed7fb99b03c4ed6b7d0dda3a +PKG_SOURCE_VERSION:=b01efd8c984f3c442cce19faa76de4681d507191 PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome PKG_MIRROR_HASH:=skip diff --git a/dnsproxy/Makefile b/dnsproxy/Makefile index d2e144d1d..8cfc27b09 100644 --- a/dnsproxy/Makefile +++ b/dnsproxy/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy -PKG_VERSION:=0.43.0 +PKG_VERSION:=0.43.1 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=b20a544b9085beda02e50e84819b42526ce90b8745a3dbbec9fe3adfe76e44d4 +PKG_HASH:=2e69c1bd610727acdf24a37010fac3d1dfd6bf66527552b3221d22cc11d51296 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 diff --git a/luci-app-mosdns/root/etc/mosdns/serverlist.txt b/luci-app-mosdns/root/etc/mosdns/serverlist.txt index 2b7e80f70..da379269d 100644 --- a/luci-app-mosdns/root/etc/mosdns/serverlist.txt +++ b/luci-app-mosdns/root/etc/mosdns/serverlist.txt @@ -17709,6 +17709,7 @@ becomingcrackingragged.com becominggland.com becoquin.com becorsolaom.com +becrustleom.com becuboneor.com bedbwgjjpxiuox.com beddingcadetexploded.com @@ -40833,6 +40834,7 @@ geotargetly-1a441.appspot.com geotargetly.co geotmt.com geotrust.com +geouragedproverly.com geovideo.name geovisite.com geovisite.ovh @@ -42061,6 +42063,7 @@ gooddaywith-captcha.top gooderamour.com goodfellas.me goodfriendsdriving.com +goodfungame.com goodgamesmanship.com goodgoodluck.cn goodgz.cn @@ -49788,6 +49791,7 @@ jebure.com jeccmq.wehkamp.nl jechesmacaltont.info jeclittrecheckrep.info +jecoglegru.com jecqhvrclrxe.com jectsinteredse.info jecumapu.com @@ -51638,6 +51642,7 @@ kazandirtyscoot.com kazigua.top kazoowaughy.com kazucivi.com +kb-cz.com kb-render.alicdn.com kb.rubiconproject.com kbahdkwof.com @@ -53198,6 +53203,7 @@ lathechevo.com latheendsmoo.com latherfadbasis.com latinovoicesmn.org +lativahgreene.com latoniankeen.pro latrinehelves.com latterinconvenient.com @@ -59969,6 +59975,7 @@ metro114.com metroaverage.com metrocorpmedia-com.videoplayerhub.com metrodreamslifestyle.com +metrofordec.com metropcs.mobileposse.com metsaubs.net mettelindberg.dk @@ -63169,6 +63176,7 @@ net-filter.com net-protector.com net-radar.com net.adpush.cn +net.bigbooterhax.xyz net.cleverjp.com net.daraz.com net.daraz.com.bd @@ -72168,6 +72176,7 @@ player.sendtonews.com player.staging2.crazyegg.com player.stats.live-video.net player.tabooporns.com +player.zype.com playercdn.net playerseo.club playertraffic.com @@ -95842,6 +95851,7 @@ tz.70e.me tz.zjhoudao.com tz284.com tzbtw.com +tzegilo.com tzfafzmooqum.com tzh019.cn tzhqg.cn @@ -100895,6 +100905,7 @@ whitepush.biz whitesaas.com whitts.xyz whixochyxy.pro +whizduly.com whizstats.com whizzco.com whkesznbi.com @@ -103625,6 +103636,7 @@ www.eskimi.com www.espncdn.shop www.esptj.com www.establishmentinfluence.com +www.etisalatt.com www.euros4click.de www.eva.hi-ho.ne.jp www.evcknbym.com diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile index e96872459..a43756771 100644 --- a/luci-app-ssr-plus/Makefile +++ b/luci-app-ssr-plus/Makefile @@ -1,8 +1,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ssr-plus -PKG_VERSION:=185 -PKG_RELEASE:=5 +PKG_VERSION:=186 +PKG_RELEASE:=1 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \ @@ -10,6 +10,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_PDNSD \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2 \ + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client \ @@ -18,21 +19,22 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin \ - CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/Socks5/Tun LuCI interface LUCI_PKGARCH:=all LUCI_DEPENDS:= \ @(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) \ +coreutils +coreutils-base64 +dns2socks +dns2tcp +dnsmasq-full +ipset +kmod-ipt-nat \ - +ip-full +iptables +iptables-mod-tproxy +lua +libuci-lua +microsocks +tcping \ - +resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \ + +ip-full +iptables +iptables-mod-tproxy +lua +libuci-lua +luci-lib-ipkg +microsocks \ + +tcping +resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \ +PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \ +PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks:ipt2socks \ +PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \ +PACKAGE_$(PKG_NAME)_INCLUDE_PDNSD:pdnsd-alt \ +PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2:redsocks2 \ + +PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core:curl \ + +PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core:sagernet-core \ +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-local \ +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-redir \ +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server:shadowsocks-libev-ss-server \ @@ -43,9 +45,7 @@ LUCI_DEPENDS:= \ +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server:shadowsocksr-libev-ssr-server \ +PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs:simple-obfs \ +PACKAGE_$(PKG_NAME)_INCLUDE_Trojan:trojan \ - +PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin \ - +PACKAGE_$(PKG_NAME)_INCLUDE_Xray:curl \ - +PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core + +PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin define Package/$(PKG_NAME)/config config PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun @@ -69,9 +69,13 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2 bool "Include Redsocks2" default n +config PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core + bool "Include sagernet-core (An enhanced edition of v2ray-core)" + default y if aarch64||arm||i386||x86_64 + config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client bool "Include Shadowsocks Libev Client" - default y if i386||x86_64||arm + default y if arm config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server bool "Include Shadowsocks Libev Server" @@ -109,10 +113,6 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin bool "Include Shadowsocks V2ray Plugin" default n - -config PACKAGE_$(PKG_NAME)_INCLUDE_Xray - bool "Include Xray" - default y if aarch64||arm||i386||x86_64 endef define Package/$(PKG_NAME)/conffiles diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua index 26e1db6e2..6de68df80 100644 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua @@ -56,6 +56,12 @@ o:value("https://ispip.clang.cn/all_cn.txt", translate("Clang.CN")) o:value("https://ispip.clang.cn/all_cn_cidr.txt", translate("Clang.CN.CIDR")) o.default = "https://ispip.clang.cn/all_cn.txt" +o = s:option(ListValue, "default_packet_encoding", translate("Default Packet Encoding")) +o:value("none", translate("none")) +o:value("packet", translate("packet (v2ray-core v5+)")) +o:value("xudp", translate("xudp (Xray-core)")) +o.default = "xudp" + o = s:option(Flag, "netflix_enable", translate("Enable Netflix Mode")) o.rmempty = false diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua index 4d4455837..8ceb48ceb 100644 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua @@ -1,16 +1,23 @@ -- Copyright (C) 2017 yushi studio github.com/ywb94 -- Licensed to the public under the GNU General Public License v3. + require "nixio.fs" require "luci.sys" require "luci.http" -local m, s, o, kcp_enable +require "luci.model.ipkg" + +local m, s, o local sid = arg[1] local uuid = luci.sys.exec("cat /proc/sys/kernel/random/uuid") -function is_finded(e) +local function is_finded(e) return luci.sys.exec('type -t -p "%s"' % e) ~= "" and true or false end +local function is_installed(e) + return luci.model.ipkg.installed(e) +end + local server_table = {} local encrypt_methods = { -- ssr @@ -40,12 +47,19 @@ local encrypt_methods = { } local encrypt_methods_ss = { + -- plain + "none", + "plain", -- aead "aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305" + "xchacha20-ietf-poly1305", + -- aead 2022 + "2022-blake3-aes-128-gcm", + "2022-blake3-aes-256-gcm", + "2022-blake3-chacha20-poly1305" --[[ stream "none", "plain", @@ -67,22 +81,6 @@ local encrypt_methods_ss = { "chacha20-ietf" ]] } -local encrypt_methods_v2ray_ss = { - -- xray_ss - "none", - "plain", - -- aead - "aes-128-gcm", - "aes-256-gcm", - "chacha20-poly1305", - "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305", - "aead_aes_128_gcm", - "aead_aes_256_gcm", - "aead_chacha20_poly1305", - "aead_xchacha20_poly1305" -} - local protocol = { -- ssr "origin", @@ -98,7 +96,7 @@ local protocol = { "auth_chain_f" } -obfs = { +local obfs = { -- ssr "plain", "http_simple", @@ -117,7 +115,7 @@ local securitys = { } local flows = { - -- xlts + -- xtls "xtls-rprx-origin", "xtls-rprx-origin-udp443", "xtls-rprx-direct", @@ -184,6 +182,9 @@ o:value("vless", translate("VLESS")) o:value("vmess", translate("VMess")) o:value("trojan", translate("Trojan")) o:value("shadowsocks", translate("Shadowsocks")) +if is_installed("sagernet-core") then + o:value("wireguard", translate("WireGuard")) +end o:value("socks", translate("Socks")) o:value("http", translate("HTTP")) o:depends("type", "v2ray") @@ -248,13 +249,13 @@ for _, v in ipairs(encrypt_methods_ss) do end o.rmempty = true o:depends("type", "ss") +o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"}) -o = s:option(ListValue, "encrypt_method_v2ray_ss", translate("Encrypt Method")) -for _, v in ipairs(encrypt_methods_v2ray_ss) do - o:value(v) -end +o = s:option(Flag, "uot", translate("UDP over TCP")) +o.description = translate("Enable the SUoT protocol, requires server support.") o.rmempty = true o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"}) +o.default = "0" o = s:option(Flag, "ivCheck", translate("Bloom Filter")) o.rmempty = true @@ -267,7 +268,7 @@ o:value("none", translate("None")) if is_finded("obfs-local") then o:value("obfs-local", translate("obfs-local")) end -if is_finded("v2ray-plugin") then +if is_finded("v2ray-plugin") or is_installed("sagernet-core") then o:value("v2ray-plugin", translate("v2ray-plugin")) end if is_finded("xray-plugin") then @@ -275,12 +276,12 @@ if is_finded("xray-plugin") then end o.rmempty = true o:depends("type", "ss") +o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"}) o = s:option(Value, "plugin_opts", translate("Plugin Opts")) o.rmempty = true -o:depends({type = "ss", plugin = "obfs-local"}) -o:depends({type = "ss", plugin = "v2ray-plugin"}) -o:depends({type = "ss", plugin = "xray-plugin"}) +o:depends("type", "ss") +o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"}) o = s:option(ListValue, "protocol", translate("Protocol")) for _, v in ipairs(protocol) do @@ -332,7 +333,12 @@ o:value("h2", "HTTP/2") o:value("quic", "QUIC") o:value("grpc", "gRPC") o.rmempty = true -o:depends("type", "v2ray") +o:depends({type = "v2ray", v2ray_protocol = "vless"}) +o:depends({type = "v2ray", v2ray_protocol = "vmess"}) +o:depends({type = "v2ray", v2ray_protocol = "trojan"}) +o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"}) +o:depends({type = "v2ray", v2ray_protocol = "socks"}) +o:depends({type = "v2ray", v2ray_protocol = "http"}) -- [[ TCP部分 ]]-- -- TCP伪装 @@ -452,7 +458,8 @@ o.rmempty = true o = s:option(Value, "mtu", translate("MTU")) o.datatype = "uinteger" o:depends("transport", "kcp") -o.default = 1350 +o:depends({type = "v2ray", v2ray_protocol = "wireguard"}) +-- o.default = 1350 o.rmempty = true o = s:option(Value, "tti", translate("TTI")) @@ -493,12 +500,35 @@ o = s:option(Flag, "congestion", translate("Congestion")) o:depends("transport", "kcp") o.rmempty = true +-- [[ WireGuard 部分 ]]-- +o = s:option(DynamicList, "local_addresses", translate("Local addresses")) +o:depends({type = "v2ray", v2ray_protocol = "wireguard"}) +o.rmempty = true + +o = s:option(Value, "private_key", translate("Private key")) +o:depends({type = "v2ray", v2ray_protocol = "wireguard"}) +o.password = true +o.rmempty = true + +o = s:option(Value, "peer_pubkey", translate("Peer public key")) +o:depends({type = "v2ray", v2ray_protocol = "wireguard"}) +o.rmempty = true + +o = s:option(Value, "preshared_key", translate("Pre-shared key")) +o:depends({type = "v2ray", v2ray_protocol = "wireguard"}) +o.password = true +o.rmempty = true + -- [[ TLS ]]-- o = s:option(Flag, "tls", translate("TLS")) o.rmempty = true o.default = "0" -o:depends({type = "v2ray", xtls = false}) --- o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "trojan", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "socks", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "http", xtls = false}) o:depends("type", "trojan") -- XTLS @@ -552,7 +582,12 @@ o.description = translate("If true, allowss insecure connection at TLS client, e -- [[ Mux ]]-- o = s:option(Flag, "mux", translate("Mux")) o.rmempty = false -o:depends({type = "v2ray", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "trojan", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "socks", xtls = false}) +o:depends({type = "v2ray", v2ray_protocol = "http", xtls = false}) o = s:option(Value, "concurrency", translate("Concurrency")) o.datatype = "uinteger" @@ -619,6 +654,17 @@ o:depends("type", "ssr") o:depends("type", "ss") o:depends("type", "trojan") +if is_installed("sagernet-core") then + o = s:option(ListValue, "packet_encoding", translate("Packet Encoding")) + o:value("none", translate("none")) + o:value("packet", translate("packet (v2ray-core v5+)")) + o:value("xudp", translate("xudp (Xray-core)")) + o.default = "xudp" + o.rmempty = true + o:depends({type = "v2ray", v2ray_protocol = "vless"}) + o:depends({type = "v2ray", v2ray_protocol = "vmess"}) +end + o = s:option(Flag, "switch_enable", translate("Enable Auto Switch")) o.rmempty = false o.default = "1" @@ -629,11 +675,11 @@ o.default = 1234 o.rmempty = false if is_finded("kcptun-client") then - kcp_enable = s:option(Flag, "kcp_enable", translate("KcpTun Enable")) - kcp_enable.rmempty = true - kcp_enable.default = "0" - kcp_enable:depends("type", "ssr") - kcp_enable:depends("type", "ss") + o = s:option(Flag, "kcp_enable", translate("KcpTun Enable")) + o.rmempty = true + o.default = "0" + o:depends("type", "ssr") + o:depends("type", "ss") o = s:option(Value, "kcp_port", translate("KcpTun Port")) o.datatype = "port" diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua index fe3fc4b22..f9ac268ea 100644 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua @@ -38,7 +38,11 @@ local encrypt_methods_ss = { "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305" + "xchacha20-ietf-poly1305", + -- aead 2022 + "2022-blake3-aes-128-gcm", + "2022-blake3-aes-256-gcm", + "2022-blake3-chacha20-poly1305" --[[ stream "table", "rc4", diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua index 9af220c5e..6ef44c080 100644 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua @@ -34,7 +34,11 @@ local encrypt_methods_ss = { "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305" + "xchacha20-ietf-poly1305", + -- aead 2022 + "2022-blake3-aes-128-gcm", + "2022-blake3-aes-256-gcm", + "2022-blake3-chacha20-poly1305" --[[ stream "table", "rc4", diff --git a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po index e1ee40dd5..a6e3a5f2e 100644 --- a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po +++ b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po @@ -61,6 +61,12 @@ msgstr "密码" msgid "Encrypt Method" msgstr "加密方式" +msgid "Enable the SUoT protocol, requires server support." +msgstr "启用 SUoT 协议,需要服务端支持。" + +msgid "Bloom Filter" +msgstr "布隆过滤器" + msgid "VLESS Encryption" msgstr "VLESS 加密" @@ -706,9 +712,6 @@ msgstr "微信视频通话" msgid "DTLS 1.2" msgstr "DTLS 1.2 数据包" -msgid "WireGuard" -msgstr "WireGuard 数据包" - msgid "MTU" msgstr "最大传输单元" @@ -730,6 +733,21 @@ msgstr "写入缓冲区大小" msgid "Congestion" msgstr "拥塞控制" +msgid "Local addresses" +msgstr "本地地址" + +msgid "Private key" +msgstr "私钥" + +msgid "Peer public key" +msgstr "节点公钥" + +msgid "Pre-shared key" +msgstr "预共享密钥" + +msgid "Packet Encoding" +msgstr "数据包编码" + msgid "Network interface to use" msgstr "使用的网络接口" @@ -757,5 +775,8 @@ msgstr "重新应用" msgid "Apply" msgstr "应用" +msgid "Default Packet Encoding" +msgstr "默认数据包编码" + msgid "Enable Netflix Mode" msgstr "启用 Netflix 分流模式" diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index ee78c406b..a14160e06 100755 --- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -365,8 +365,8 @@ start_udp() { ;; v2ray) gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $udp_config_file - echolog "UDP TPROXY Relay:$($(first_type "xray" "v2ray") version | head -1) Started!" + ln_start_bin $(first_type v2ray xray) v2ray run -config $udp_config_file + echolog "UDP TPROXY Relay:$($(first_type "v2ray" "xray") version | head -1) Started!" ;; trojan) #client gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_local_port @@ -415,9 +415,9 @@ start_shunt() { v2ray) local tmp_port=${tmp_local_port:-$tmp_shunt_local_port} gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file + ln_start_bin $(first_type v2ray xray) v2ray run -config $shunt_config_file ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q - echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!" + echolog "shunt:$($(first_type v2ray xray) version | head -1) Started!" ;; trojan) gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port @@ -491,9 +491,9 @@ start_local() { v2ray) if [ "$_local" == "2" ]; then gen_config_file $LOCAL_SERVER $type 4 0 $local_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $local_config_file + ln_start_bin $(first_type v2ray xray) v2ray run -config $local_config_file fi - echolog "Global_Socks5:$($(first_type "xray" "v2ray") version | head -1) Started!" + echolog "Global_Socks5:$($(first_type "v2ray" "xray") version | head -1) Started!" ;; trojan) #client gen_config_file $LOCAL_SERVER $type 4 $local_port @@ -553,8 +553,8 @@ Start_Run() { ;; v2ray) gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $tcp_config_file - echolog "Main node:$($(first_type xray v2ray) version | head -1) Started!" + ln_start_bin $(first_type v2ray xray) v2ray run -config $tcp_config_file + echolog "Main node:$($(first_type v2ray xray) version | head -1) Started!" ;; trojan) gen_config_file $GLOBAL_SERVER $type 1 $tcp_port @@ -908,6 +908,7 @@ reset() { set shadowsocksr.@global[0].switch_time='667' set shadowsocksr.@global[0].switch_timeout='5' set shadowsocksr.@global[0].switch_try_count='3' + set shadowsocksr.@global[0].default_packet_encoding='xudp' set shadowsocksr.@global[0].gfwlist_url='https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt' set shadowsocksr.@global[0].chnroute_url='https://ispip.clang.cn/all_cn.txt' set shadowsocksr.@global[0].nfip_url='https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt' diff --git a/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus b/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus index 3ff99ae46..736c05bd4 100755 --- a/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus +++ b/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus @@ -1,16 +1,19 @@ #!/bin/sh + uci -q batch <<-EOF >/dev/null -delete ucitrack.@shadowsocksr[-1] -add ucitrack shadowsocksr -set ucitrack.@shadowsocksr[-1].init=shadowsocksr -commit ucitrack -delete firewall.shadowsocksr -set firewall.shadowsocksr=include -set firewall.shadowsocksr.type=script -set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include -set firewall.shadowsocksr.reload=1 -commit firewall + delete ucitrack.@shadowsocksr[-1] + add ucitrack shadowsocksr + set ucitrack.@shadowsocksr[-1].init=shadowsocksr + commit ucitrack + + delete firewall.shadowsocksr + set firewall.shadowsocksr=include + set firewall.shadowsocksr.type=script + set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include + set firewall.shadowsocksr.reload=1 + commit firewall EOF + rm -rf /etc/config/shadowsocksr-opkg /etc/ssrplus/*opkg touch /etc/ssrplus/china_ssr.txt touch /etc/ssrplus/deny.list @@ -23,15 +26,17 @@ touch /etc/ssrplus/gfw_list.conf touch /etc/ssrplus/oversea_list.conf touch /etc/ssrplus/ad.conf touch /etc/config/shadowsocksr -if [ ! -s "/etc/config/shadowsocksr" ]; then -/etc/init.d/shadowsocksr reset -fi -sed -i "s/option type 'vmess'"/"option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr -sed -i "s/option type 'vless'"/"option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr +[ -s "/etc/config/shadowsocksr" ] || /etc/init.d/shadowsocksr reset + +sed -i "s/option type 'vmess'/option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr +sed -i "s/option type 'vless'/option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr +sed -i "s/option encrypt_method_v2ray_ss/option encrypt_method_ss/g" /etc/config/shadowsocksr + if [ -s "/etc/uwsgi/vassals/luci-webui.ini" ];then limit=$(cat /etc/uwsgi/vassals/luci-webui.ini | grep -Eo "limit-as.*"|grep -Eo "[0-9]+") [ $limit -lt 5000 ] && sed -i '/limit-as/c\limit-as = 5000' /etc/uwsgi/vassals/luci-webui.ini && \ /etc/init.d/uwsgi restart fi + rm -rf /tmp/luci-modulecache /tmp/luci-indexcache exit 0 diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua index e7f1a0cdd..131187b53 100755 --- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua +++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua @@ -1,11 +1,16 @@ -local ucursor = require"luci.model.uci".cursor() +#!/usr/bin/lua + +local ucursor = require "luci.model.uci".cursor() local json = require "luci.jsonc" + local server_section = arg[1] local proto = arg[2] local local_port = arg[3] or "0" local socks_port = arg[4] or "0" + local server = ucursor:get_all("shadowsocksr", server_section) local outbound_settings = nil + function vmess_vless() outbound_settings = { vnext = { @@ -21,19 +26,23 @@ function vmess_vless() } } } - } + }, + packetEncoding = server.packet_encoding or nil } end function trojan_shadowsocks() outbound_settings = { + plugin = (server.v2ray_protocol == "shadowsocks") and server.plugin ~= "none" and server.plugin or nil, + pluginOpts = (server.v2ray_protocol == "shadowsocks") and server.plugin_opts or nil, servers = { { address = server.server, port = tonumber(server.server_port), password = server.password, - method = (server.v2ray_protocol == "shadowsocks") and server.encrypt_method_v2ray_ss or nil, - flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil, - ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil + method = (server.v2ray_protocol == "shadowsocks") and server.encrypt_method_ss or nil, + uot = (server.v2ray_protocol == "shadowsocks") and (server.uot == '1') or nil, + ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil, + flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil } } } @@ -54,6 +63,17 @@ function socks_http() } } end +function wireguard() + outbound_settings = { + address = server.server, + port = tonumber(server.server_port), + localAddresses = server.local_addresses, + privateKey = server.private_key, + peerPublicKey = server.peer_pubkey, + preSharedKey = server.preshared_key or nil, + mtu = tonumber(server.mtu) or 1500 + } +end local outbound = {} function outbound:new(o) o = o or {} @@ -80,6 +100,9 @@ function outbound:handleIndex(index) end, http = function() socks_http() + end, + wireguard = function() + wireguard() end } if switch[index] then @@ -185,7 +208,8 @@ local Xray = { mux = (server.mux == "1" and server.xtls ~= "1" and server.transport ~= "grpc") and { -- mux enabled = true, - concurrency = tonumber(server.concurrency) + concurrency = tonumber(server.concurrency), + packetEncoding = (server.v2ray_protocol == "vmess" or server.v2ray_protocol == "vless") and server.packet_encoding or nil } or nil } or nil } diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua index e1a9e1fa9..b3d6d8507 100755 --- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua +++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua @@ -9,6 +9,7 @@ require "nixio" require "luci.util" require "luci.sys" require "luci.jsonc" +require "luci.model.ipkg" -- these global functions are accessed all the time by the event handler -- so caching them is worth the effort local tinsert = table.insert @@ -25,18 +26,26 @@ local switch = ucic:get_first(name, 'server_subscribe', 'switch', '1') local subscribe_url = ucic:get_first(name, 'server_subscribe', 'subscribe_url', {}) local filter_words = ucic:get_first(name, 'server_subscribe', 'filter_words', '过期时间/剩余流量') local save_words = ucic:get_first(name, 'server_subscribe', 'save_words', '') +local packet_encoding = luci.model.ipkg.installed("sagernet-core") and ucic:get_first(name, 'global', 'default_packet_encoding', 'xudp') or nil local v2_ss = luci.sys.exec('type -t -p ss-redir sslocal') ~= "" and "ss" or "v2ray" local v2_tj = luci.sys.exec('type -t -p trojan') ~= "" and "trojan" or "v2ray" local log = function(...) print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " ")) end local encrypt_methods_ss = { + -- plain + "none", + "plain", -- aead "aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", - "xchacha20-ietf-poly1305" + "xchacha20-ietf-poly1305", + -- aead 2022 + "2022-blake3-aes-128-gcm", + "2022-blake3-aes-256-gcm", + "2022-blake3-chacha20-poly1305" --[[ stream "table", "rc4", @@ -165,6 +174,7 @@ local function processData(szType, content) result.transport = info.net result.vmess_id = info.id result.alias = info.ps + result.packet_encoding = packet_encoding -- result.mux = 1 -- result.concurrency = 8 if info.net == 'ws' then @@ -237,6 +247,8 @@ local function processData(szType, content) local password = userinfo:sub(userinfo:find(":") + 1, #userinfo) result.alias = UrlDecode(alias) result.type = v2_ss + result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil + result.encrypt_method_ss = method result.password = password result.server = host[1] if host[2]:find("/%?") then @@ -267,33 +279,27 @@ local function processData(szType, content) if not checkTabValue(encrypt_methods_ss)[method] then -- 1202 年了还不支持 SS AEAD 的屑机场 result.server = nil - elseif v2_ss == "v2ray" then - result.v2ray_protocol = "shadowsocks" - result.encrypt_method_v2ray_ss = method - else - result.encrypt_method_ss = method end elseif szType == "sip008" then result.type = v2_ss + result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil result.server = content.server result.server_port = content.server_port result.password = content.password + result.encrypt_method_ss = content.method result.plugin = content.plugin result.plugin_opts = content.plugin_opts result.alias = content.remarks if not checkTabValue(encrypt_methods_ss)[content.method] then result.server = nil - elseif v2_ss == "v2ray" then - result.v2ray_protocol = "shadowsocks" - result.encrypt_method_v2ray_ss = content.method - else - result.encrypt_method_ss = content.method end elseif szType == "ssd" then result.type = v2_ss + result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil result.server = content.server result.server_port = content.port result.password = content.password + result.encrypt_method_ss = content.method result.plugin_opts = content.plugin_options result.alias = "[" .. content.airport .. "] " .. content.remarks if content.plugin == "simple-obfs" then @@ -303,11 +309,6 @@ local function processData(szType, content) end if not checkTabValue(encrypt_methods_ss)[content.encryption] then result.server = nil - elseif v2_ss == "v2ray" then - result.v2ray_protocol = "shadowsocks" - result.encrypt_method_v2ray_ss = content.method - else - result.encrypt_method_ss = content.method end elseif szType == "trojan" then local idx_sp = 0 @@ -370,6 +371,7 @@ local function processData(szType, content) result.vmess_id = uuid result.vless_encryption = params.encryption or "none" result.transport = params.type and (params.type == 'http' and 'h2' or params.type) or "tcp" + result.packet_encoding = packet_encoding if not params.type or params.type == "tcp" then if params.security == "xtls" then result.xtls = "1" diff --git a/my-default-settings/files/etc/uci-defaults/99-default-settings b/my-default-settings/files/etc/uci-defaults/99-default-settings index 057ff6e87..9bc3ed09f 100644 --- a/my-default-settings/files/etc/uci-defaults/99-default-settings +++ b/my-default-settings/files/etc/uci-defaults/99-default-settings @@ -201,23 +201,23 @@ test $version -lt 1 && { uci -q set system.@system[0].zram_comp_algo='zstd' uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)" uci commit system + + # sysctl overwrite + SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf + mkdir -p /etc/sysctl.d + echo -n >$SYSCTL_LOCAL + echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL + echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL + echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL + echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL + echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL + echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL + echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL + echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL + echo vm.swappiness=0 >>$SYSCTL_LOCAL version=1 } -# sysctl overwrite -SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf -mkdir -p /etc/sysctl.d -echo -n >$SYSCTL_LOCAL -echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL -echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL -echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL -echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL -echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL -echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL -echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL -echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL -echo vm.swappiness=0 >>$SYSCTL_LOCAL - cp -pR /www/cgi-bin/* /www/ rm -rf /tmp/luci-* diff --git a/shadowsocksr-libev/patches/999-tcp-tproxy.patch b/shadowsocksr-libev/patches/103-Add-TPROXY-support-for-TCP-ssr-redir.patch similarity index 81% rename from shadowsocksr-libev/patches/999-tcp-tproxy.patch rename to shadowsocksr-libev/patches/103-Add-TPROXY-support-for-TCP-ssr-redir.patch index 42bdc707f..317d819db 100644 --- a/shadowsocksr-libev/patches/999-tcp-tproxy.patch +++ b/shadowsocksr-libev/patches/103-Add-TPROXY-support-for-TCP-ssr-redir.patch @@ -1,6 +1,6 @@ --- a/completions/bash/ss-redir +++ b/completions/bash/ss-redir -@@ -2,7 +2,7 @@ +@@ -2,7 +2,7 @@ _ss_redir() { local cur prev opts ciphers ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' @@ -11,7 +11,7 @@ case "$prev" in --- a/src/jconf.c +++ b/src/jconf.c -@@ -338,7 +338,11 @@ +@@ -338,7 +338,11 @@ read_jconf(const char *file) check_json_value_type(value, json_boolean, "invalid config file: option 'ipv6_first' must be a boolean"); conf.ipv6_first = value->u.boolean; @@ -19,18 +19,18 @@ + } else if (strcmp(name, "tcp_tproxy") == 0) { + check_json_value_type(value, json_boolean, + "invalid config file: option 'tcp_tproxy' must be a boolean"); -+ conf.tcp_tproxy = value->u.boolean; -+ } ++ conf.tcp_tproxy = value->u.boolean; ++ } } } } else { --- a/src/jconf.h +++ b/src/jconf.h -@@ -105,6 +105,7 @@ +@@ -105,6 +105,7 @@ typedef struct { int mtu; int mptcp; int ipv6_first; -+ int tcp_tproxy; ++ int tcp_tproxy; } jconf_t; jconf_t *read_jconf(const char *file); @@ -51,7 +51,7 @@ #include "includeobfs.h" // I don't want to modify makefile #include "jconf.h" -@@ -101,18 +109,28 @@ +@@ -101,18 +109,28 @@ static struct cork_dllist inactive_profi static listen_ctx_t *current_profile; static struct cork_dllist all_connections; @@ -86,31 +86,31 @@ } return 0; } -@@ -164,6 +182,23 @@ +@@ -164,6 +182,23 @@ create_and_bind(const char *addr, const if (err == 0) { LOGI("tcp port reuse enabled"); } + -+ if (tcp_tproxy) { ++ if (tcp_tproxy) { + int level = 0, optname = 0; + if (rp->ai_family == AF_INET) { + level = IPPROTO_IP; + optname = IP_TRANSPARENT; -+ } else { -+ level = IPPROTO_IPV6; -+ optname = IPV6_TRANSPARENT; -+ } ++ } else { ++ level = IPPROTO_IPV6; ++ optname = IPV6_TRANSPARENT; ++ } + -+ if (setsockopt(listen_sock, level, optname, &opt, sizeof(opt)) != 0) { -+ ERROR("setsockopt IP_TRANSPARENT"); -+ exit(EXIT_FAILURE); ++ if (setsockopt(listen_sock, level, optname, &opt, sizeof(opt)) != 0) { ++ ERROR("setsockopt IP_TRANSPARENT"); ++ exit(EXIT_FAILURE); ++ } ++ LOGI("tcp tproxy mode enabled"); + } -+ LOGI("tcp tproxy mode enabled"); -+ } s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); if (s == 0) { -@@ -1094,7 +1129,7 @@ +@@ -1094,7 +1129,7 @@ main(int argc, char **argv) USE_TTY(); @@ -119,21 +119,21 @@ "O:o:G:g:", long_options, &option_index)) != -1) { switch (c) { -@@ -1169,6 +1204,9 @@ +@@ -1169,6 +1204,9 @@ main(int argc, char **argv) case 'U': mode = UDP_ONLY; break; -+ case 'T': ++ case 'T': + tcp_tproxy = 1; + break; case 'v': verbose = 1; break; -@@ -1255,6 +1293,9 @@ +@@ -1255,6 +1293,9 @@ main(int argc, char **argv) if (mode == TCP_ONLY) { mode = conf->mode; } -+ if (tcp_tproxy == 0) { ++ if (tcp_tproxy == 0) { + tcp_tproxy = conf->tcp_tproxy; + } if (mtu == 0) { @@ -141,7 +141,7 @@ } --- a/src/utils.c +++ b/src/utils.c -@@ -342,6 +342,10 @@ +@@ -342,6 +342,10 @@ usage() #endif printf( " [-U] Enable UDP relay and disable TCP relay.\n"); diff --git a/shadowsocksr-libev/src/server/http_simple.c b/shadowsocksr-libev/src/server/http_simple.c index c1e34eee4..cee15c52e 100644 --- a/shadowsocksr-libev/src/server/http_simple.c +++ b/shadowsocksr-libev/src/server/http_simple.c @@ -107,6 +107,7 @@ int get_data_from_http_header(char *data, char **outdata) { //p_line = strtok(p_line, delim); } + *outdata = buf; return outlength; }