update 2023-11-04 15:00:50

2023-11-04 15:00:50 +08:00 · 2023-11-04 15:00:50 +08:00 · 71a9df41a7
parent 5263d5c2cc
commit 71a9df41a7
12 changed files with 84715 additions and 48 deletions
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ssr-plus
-PKG_VERSION:=188
-PKG_RELEASE:=3
+PKG_VERSION:=190
+PKG_RELEASE:=1

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \
@ -42,6 +42,9 @@ LUCI_DEPENDS:= \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG:chinadns-ng \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:mosdns \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:yq \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:v2dat \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_MosDNS:diffutils \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria:hysteria \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Tuic_Client:tuic-client \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadow_TLS:shadow-tls \
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@ -97,9 +97,9 @@ o:value("tcp://4.2.2.1:53,tcp://4.2.2.2:53", translate("Level 3 Public DNS-2 (4.
 o:value("tcp://4.2.2.3:53,tcp://4.2.2.4:53", translate("Level 3 Public DNS-3 (4.2.2.3-4)"))
 o:value("tcp://1.1.1.1:53,tcp://1.0.0.1:53", translate("Cloudflare DNS"))
 o:depends("shunt_dns_mode", "2")
-o.description = translate("Custom DNS Server for mosdns")
+o.description = translate("Custom DNS Server for MosDNS")

-o = s:option(Flag, "shunt_mosdns_ipv6", translate("Disable IPv6 In MOSDNS Query Mode (Shunt Mode)"))
+o = s:option(Flag, "shunt_mosdns_ipv6", translate("Disable IPv6 In MosDNS Query Mode (Shunt Mode)"))
 o:depends("shunt_dns_mode", "2")
 o.rmempty = false
 o.default = "0"
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client.lua
@ -125,9 +125,9 @@ o:value("tcp://4.2.2.1:53,tcp://4.2.2.2:53", translate("Level 3 Public DNS-2 (4.
 o:value("tcp://4.2.2.3:53,tcp://4.2.2.4:53", translate("Level 3 Public DNS-3 (4.2.2.3-4)"))
 o:value("tcp://1.1.1.1:53,tcp://1.0.0.1:53", translate("Cloudflare DNS"))
 o:depends("pdnsd_enable", "3")
-o.description = translate("Custom DNS Server for mosdns")
+o.description = translate("Custom DNS Server for MosDNS")

-o = s:option(Flag, "mosdns_ipv6", translate("Disable IPv6 in MOSDNS query mode"))
+o = s:option(Flag, "mosdns_disable_ipv6", translate("Disable IPv6 in MosDNS query mode (only for Non-CN domain)"))
 o:depends("pdnsd_enable", "3")
 o.rmempty = false
 o.default = "0"
@ -141,8 +141,8 @@ if is_finded("chinadns-ng") then
 	o:value("119.29.29.29:53", translate("DNSPod Public DNS (119.29.29.29)"))
 	o:value("223.5.5.5:53", translate("AliYun Public DNS (223.5.5.5)"))
 	o:value("180.76.76.76:53", translate("Baidu Public DNS (180.76.76.76)"))
-	o:value("101.226.4.6:53", translate("360 Security DNS (China Telecom) (101.226.4.6)"))
-	o:value("123.125.81.6:53", translate("360 Security DNS (China Unicom) (123.125.81.6)"))
+	o:value("101.226.4.6:53", translate("DNS Pai (CT/CMCC/CU) (101.226.4.6)"))
+	o:value("123.125.81.6:53", translate("DNS Pai (CU) (123.125.81.6)"))
 	o:value("1.2.4.8:53", translate("CNNIC SDNS (1.2.4.8)"))
 	o:depends({pdnsd_enable = "1", run_mode = "router"})
 	o:depends({pdnsd_enable = "2", run_mode = "router"})
@ -164,5 +164,24 @@ if is_finded("chinadns-ng") then
 	end
 end

-return m
+if is_finded("mosdns") then
+	o = s:option(Value, "chinadns_forward_mosdns", translate("Domestic DNS Server (ChinaDNS Mode With MosDNS)"))
+	o:value("", translate("Disable ChinaDNS in MosDNS"))
+	o:value("wan", translate("Use DNS from WAN"))
+	o:value("udp://114.114.114.114:53,udp://114.114.115.115:53", translate("Nanjing Xinfeng 114DNS"))
+	o:value("udp://119.29.29.29:53,udp://119.29.29.29:53", translate("DNSPod Public DNS"))
+	o:value("udp://223.5.5.5:53,udp://223.6.6.6:53", translate("AliYun Public DNS"))
+	o:value("udp://180.76.76.76:53,udp://180.76.76.76:53", translate("Baidu Public DNS"))
+	o:value("udp://101.226.4.6:53,udp://218.30.118.6:53", translate("DNS Pai (CT/CMCC/CU)"))
+	o:value("udp://123.125.81.6:53,udp://140.207.198.6:53", translate("DNS Pai (CU)"))
+	o:value("udp://1.2.4.8:53,udp://210.2.4.8:53", translate("CNNIC SDNS"))
+	o:depends({pdnsd_enable = "3", run_mode = "router"})
+	o.description = translate("Custom DNS Server format as IP:PORT (default: disabled)")
+end

+o = s:option(Flag, "mosdns_dnsleak", translate("Prevent DNS leak (Only Work With ChinaDNS Mode)"))
+o:depends({pdnsd_enable = "3", run_mode = "router"})
+o.rmempty = false
+o.default = "0"
+
+return m
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua
@ -14,6 +14,8 @@ local gfw_count = 0
 local ad_count = 0
 local ip_count = 0
 local nfip_count = 0
+local mainland_domain_count = 0
+local non_mainland_domain_count = 0
 local Process_list = luci.sys.exec("busybox ps -w")
 local uci = luci.model.uci.cursor()
 -- html constants
@ -52,6 +54,14 @@ if nixio.fs.access("/etc/ssrplus/netflixip.list") then
 	nfip_count = tonumber(luci.sys.exec("cat /etc/ssrplus/netflixip.list | wc -l"))
 end

+if nixio.fs.access("/etc/ssrplus/mosdns-chinadns/geosite_cn.txt") then
+	mainland_domain_count = tonumber(luci.sys.exec("cat /etc/ssrplus/mosdns-chinadns/geosite_cn.txt | wc -l"))
+end
+
+if nixio.fs.access("/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt") then
+	non_mainland_domain_count = tonumber(luci.sys.exec("cat /etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt | wc -l"))
+end
+
 if Process_list:find("udp.only.ssr.reudp") then
 	reudp_run = 1
 end
@ -170,10 +180,24 @@ s.template = "shadowsocksr/refresh"
 s.value = ip_count .. " " .. translate("Records")

 if uci:get_first("shadowsocksr", 'global', 'netflix_enable', '0') ~= '0' then
-s = m:field(DummyValue, "nfip_data", translate("Netflix IP Data"))
-s.rawhtml = true
-s.template = "shadowsocksr/refresh"
-s.value = nfip_count .. " " .. translate("Records")
+	s = m:field(DummyValue, "nfip_data", translate("Netflix IP Data"))
+	s.rawhtml = true
+	s.template = "shadowsocksr/refresh"
+	s.value = nfip_count .. " " .. translate("Records")
+end
+
+if uci:get_first("shadowsocksr", 'global', 'pdnsd_enable', '0') == '3' then
+	s = m:field(DummyValue, "geo_data", translate("Loyalsoldier's GeoData"))
+	s.rawhtml = true
+	s.template = "shadowsocksr/refresh"
+
+	s = m:field(DummyValue, "mainland_domain_count", translate("Loyalsoldier's GeoData: Mainland Domain Data"))
+	s.rawhtml = true
+	s.value = mainland_domain_count .. " " .. translate("Records")
+
+	s = m:field(DummyValue, "non_mainland_domain_count", translate("Loyalsoldier's GeoData: Non-Mainland Domain Data"))
+	s.rawhtml = true
+	s.value = non_mainland_domain_count .. " " .. translate("Records")
 end

 if uci:get_first("shadowsocksr", 'global', 'adblock', '0') == '1' then
--- a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@ -390,6 +390,15 @@ msgstr "【中国大陆 IP 段】数据库"
 msgid "Netflix IP Data"
 msgstr "【Netflix IP 段】数据库"

+msgid "Loyalsoldier's GeoData"
+msgstr "【GeoData】数据库 (Loyalsoldier)"
+
+msgid "Loyalsoldier's GeoData: Mainland Domain Data"
+msgstr "【GeoData 中的大陆域名】数据库 (Loyalsoldier)"
+
+msgid "Loyalsoldier's GeoData: Non-Mainland Domain Data"
+msgstr "【GeoData 中的非大陆域名】数据库 (Loyalsoldier)"
+
 msgid "Advertising Data"
 msgstr "【广告屏蔽】数据库"

@ -531,11 +540,11 @@ msgstr "使用 DNS2TCP 查询"
 msgid "Use DNS2SOCKS query and cache"
 msgstr "使用 DNS2SOCKS 查询并缓存"

-msgid "Use MOSDNS query (Not Support Oversea Mode)"
-msgstr "使用 MOSDNS 查询 (不支持海外用户回国模式)"
+msgid "Use MosDNS query (Not Support Oversea Mode)"
+msgstr "使用 MosDNS 查询 (不支持海外用户回国模式)"

-msgid "Disable IPv6 in MOSDNS query mode"
-msgstr "禁止 MOSDNS 返回 IPv6 记录"
+msgid "Disable IPv6 in MosDNS query mode (only for Non-CN domain)"
+msgstr "禁止 MosDNS 返回 IPv6 记录 (仅限非大陆域名)"

 msgid "DNS Query Mode For Shunt Mode"
 msgstr "分流模式下的 DNS 查询模式"
@ -543,14 +552,17 @@ msgstr "分流模式下的 DNS 查询模式"
 msgid "Anti-pollution DNS Server For Shunt Mode"
 msgstr "分流模式下的访问国外域名 DNS 服务器"

-msgid "Use MOSDNS query"
-msgstr "使用 MOSDNS 查询"
+msgid "Use MosDNS query"
+msgstr "使用 MosDNS 查询"

-msgid "Custom DNS Server for mosdns"
-msgstr "MOSDNS 自定义 DNS 服务器"
+msgid "Custom DNS Server for MosDNS"
+msgstr "MosDNS 自定义 DNS 服务器"

-msgid "Disable IPv6 In MOSDNS Query Mode (Shunt Mode)"
-msgstr "禁止 MOSDNS 返回 IPv6 记录 (分流模式)"
+msgid "Disable IPv6 In MosDNS Query Mode (Shunt Mode)"
+msgstr "禁止 MosDNS 返回 IPv6 记录 (分流模式)"
+
+msgid "Prevent DNS leak (Only Work With ChinaDNS Mode)"
+msgstr "防止DNS泄漏 (仅适用于ChinaDNS模式)"

 msgid "DNS Server IP:Port"
 msgstr "DNS 服务器 IP:Port"
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -98,6 +98,12 @@ get_host_ip() {
 	echo $ip
 }

+yq_ssr() {
+    temp_file="$(echo "$2" | awk -F '.' '{print $1"-temp."$2}')"
+    cat $2 | yq e "$1" -M > "$temp_file"
+    mv "$temp_file" "$2"
+}
+
 clean_log() {
 	local logsnum=$(cat $LOG_FILE 2>/dev/null | wc -l)
 	[ "$logsnum" -gt 1000 ] && {
@ -206,24 +212,77 @@ start_dns() {
 			pdnsd_enable_flag=2
 			;;
 		3)
-			local mosdns_ipv6="$(uci_get_by_type global mosdns_ipv6)"
+			local mosdns_disable_ipv6="$(uci_get_by_type global mosdns_disable_ipv6)"
 			local mosdns_dnsserver="$(uci_get_by_type global tunnel_forward_mosdns)"
-			output=$(for i in $(echo $mosdns_dnsserver | sed "s/,/ /g"); do
-				dnsserver=${i%:*}
-				dnsserver=${i##*/}
-				add_dns_into_ipset $run_mode $dnsserver
-				echo "            - addr: $i"
-				echo "              enable_pipeline: true"
-			done)
+			local chinadns_mosdns="$(uci_get_by_type global chinadns_forward_mosdns)"
+			local mosdns_dnsleak="$(uci_get_by_type global mosdns_dnsleak)"
+			local netflix_enable="$(uci_get_by_type global netflix_enable)"
+			if [ "$run_mode" = "router" ] && [ -n "$chinadns_mosdns" ]; then
+				cp /etc/ssrplus/mosdns-config-chinadns.yaml $TMP_PATH/mosdns-config-chinadns.yaml
+				tmp=$(for i in $(echo $mosdns_dnsserver | sed "s/,/ /g"); do
+					dnsserver=${i%:*}
+					dnsserver=${i##*/}
+					add_dns_into_ipset $run_mode $dnsserver
+					yq_ssr '.plugins[4].args.upstreams += [{"addr":"'"${i}"'","enable_pipeline":"true"}]' $TMP_PATH/mosdns-config-chinadns.yaml
+				done)

-			awk -v line=14 -v text="$output" 'NR == line+1 {print text} 1' /etc/ssrplus/mosdns-config.yaml | sed "s/DNS_PORT/$dns_port/g" > $TMP_PATH/mosdns-config.yaml
-			if [ "$mosdns_ipv6" == "0" ]; then
-				sed -i "s/DNS_MODE/main_sequence_with_IPv6/g" $TMP_PATH/mosdns-config.yaml
+				if [ "$chinadns_mosdns" = "wan" ]; then
+					wandns=$(ifstatus wan | jsonfilter -e '@["dns-server"]' | sed 's/\[//g; s/\]//g' | sed 's/"//g' | sed 's/ //g' | sed 's/,/ /g')
+					tmp=$(for i in $(echo $wandns); do
+						i="udp://$i:53"
+						yq_ssr '.plugins[5].args.upstreams += [{"addr":"'"${i}"'"}]' $TMP_PATH/mosdns-config-chinadns.yaml
+					done)
+				else
+					tmp=$(for i in $(echo $chinadns_mosdns | sed "s/,/ /g"); do
+						yq_ssr '.plugins[5].args.upstreams += [{"addr":"'"${i}"'"}]' $TMP_PATH/mosdns-config-chinadns.yaml
+					done)
+				fi
+
+				if [ "$mosdns_disable_ipv6" == "0" ]; then
+					yq_ssr '.plugins[10].args[0].exec="$remote_sequence_with_IPv6" | .plugins[12].args[0].exec="$remote_sequence_with_IPv6"' $TMP_PATH/mosdns-config-chinadns.yaml
+				else
+					yq_ssr '.plugins[10].args[0].exec="$remote_sequence_disable_IPv6" | .plugins[12].args[0].exec="$remote_sequence_disable_IPv6"' $TMP_PATH/mosdns-config-chinadns.yaml
+				fi
+
+				if [ "$mosdns_dnsleak" != "0" ]; then
+					yq_ssr '.plugins[13].args.primary="query_is_remote_ip"' $TMP_PATH/mosdns-config-chinadns.yaml
+				fi
+
+				yq_ssr '.plugins[16].args.listen="0.0.0.0:'${dns_port}'" | .plugins[17].args.listen="0.0.0.0:'${dns_port}'"' $TMP_PATH/mosdns-config-chinadns.yaml
+				
+				if [ "$netflix_enable" == 1 ]; then
+					yq_ssr '.plugins |= (.[:4] + [{"tag": "netflix_domain", "type": "domain_set", "args": {"files": ["/etc/ssrplus/netflix.list"]}}] + .[4:])' $TMP_PATH/mosdns-config-chinadns.yaml
+					yq_ssr '.plugins |= (.[:7] + [{"tag": "forward_netflix", "type": "forward", "args": {"upstreams": [{"addr":"udp://127.0.0.1:'"${tmp_shunt_dns_port}"'"}]}}] + .[7:])' $TMP_PATH/mosdns-config-chinadns.yaml
+					yq_ssr '.plugins |= (.[:11] + [{"tag": "netflix_sequence", "type": "sequence", "args": [{"exec": "$forward_netflix"}]}] + .[11:])' $TMP_PATH/mosdns-config-chinadns.yaml
+					yq_ssr '.plugins |= (.[:14] + [{"tag": "query_is_netflix_domain", "type": "sequence", "args": [{"matches": "qname $netflix_domain", "exec": "$netflix_sequence"}, {"exec": "ipset netflix,inet,24"}]}] + .[14:])' $TMP_PATH/mosdns-config-chinadns.yaml
+					yq_ssr '.plugins[19].args |= (.[:3] + [{"exec": "$query_is_netflix_domain"}, {"exec": "jump has_resp_sequence"}] + .[3:])' $TMP_PATH/mosdns-config-chinadns.yaml
+				fi
+
+				pdnsd_enable_flag=3
+				ln_start_bin $(first_type mosdns) mosdns start -c $TMP_PATH/mosdns-config-chinadns.yaml
+				cat <<-EOF >> "$TMP_DNSMASQ_PATH/chinadns_fixed_server.conf"
+					no-poll
+					no-resolv
+					server=127.0.0.1#$dns_port
+				EOF
 			else
-				sed -i "s/DNS_MODE/main_sequence_disable_IPv6/g" $TMP_PATH/mosdns-config.yaml
+				cp /etc/ssrplus/mosdns-config.yaml $TMP_PATH/mosdns-config.yaml
+				tmp=$(for i in $(echo $mosdns_dnsserver | sed "s/,/ /g"); do
+					dnsserver=${i%:*}
+					dnsserver=${i##*/}
+					add_dns_into_ipset $run_mode $dnsserver
+					yq_ssr '.plugins[1].args.upstreams += [{"addr":"'"${i}"'","enable_pipeline":"true"}]' $TMP_PATH/mosdns-config.yaml
+				done)
+
+				if [ "$mosdns_disable_ipv6" == "0" ]; then
+					yq_ssr '.plugins[4].args.entry="main_sequence_with_IPv6" | .plugins[5].args.entry="main_sequence_with_IPv6"' $TMP_PATH/mosdns-config.yaml
+				else
+					yq_ssr '.plugins[4].args.entry="main_sequence_disable_IPv6" | .plugins[5].args.entry="main_sequence_disable_IPv6"' $TMP_PATH/mosdns-config.yaml
+				fi
+				yq_ssr '.plugins[4].args.listen="0.0.0.0:'${dns_port}'" | .plugins[5].args.listen="0.0.0.0:'${dns_port}'"' $TMP_PATH/mosdns-config.yaml
+				pdnsd_enable_flag=3
+				ln_start_bin $(first_type mosdns) mosdns start -c $TMP_PATH/mosdns-config.yaml
 			fi
-			ln_start_bin $(first_type mosdns) mosdns start -c $TMP_PATH/mosdns-config.yaml
-			pdnsd_enable_flag=3
 			;;
 		esac

@ -487,20 +546,19 @@ shunt_dns_command() {
 		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port $shunt_dnsserver 127.0.0.1:$tmp_shunt_dns_port -q
 		;;
 	2)
-		local shunt_mosdns_ipv6="$(uci_get_by_type global shunt_mosdns_ipv6)"
+		local shunt_mosdns_disable_ipv6="$(uci_get_by_type global shunt_mosdns_disable_ipv6)"
 		local shunt_mosdns_dnsserver="$(uci_get_by_type global shunt_mosdns_dnsserver)"
-		output=$(for i in $(echo $shunt_mosdns_dnsserver | sed "s/,/ /g"); do
-			echo "            - addr: $i"
-			echo "              socks5: \"127.0.0.1:$tmp_port\""
-			echo "              enable_pipeline: true"
+		cp /etc/ssrplus/mosdns-config.yaml $TMP_PATH/mosdns-config-shunt.yaml
+		tmp=$(for i in $(echo $shunt_mosdns_dnsserver | sed "s/,/ /g"); do
+			yq_ssr '.plugins[1].args.upstreams += [{"addr":"'"${i}"'","socks5":"127.0.0.1:'"${tmp_port}"'","enable_pipeline":"true"}]' $TMP_PATH/mosdns-config-shunt.yaml
 		done)
-		awk -v line=14 -v text="$output" 'NR == line+1 {print text} 1' /etc/ssrplus/mosdns-config.yaml | sed "s/DNS_PORT/$tmp_shunt_dns_port/g" > $TMP_PATH/mosdns-config-shunt.yaml

-		if [ "$shunt_mosdns_ipv6" == "0" ]; then
-			sed -i "s/DNS_MODE/main_sequence_with_IPv6/g" $TMP_PATH/mosdns-config-shunt.yaml
+		if [ "$shunt_mosdns_disable_ipv6" == "0" ]; then
+			yq_ssr '.plugins[4].args.entry="main_sequence_with_IPv6" | .plugins[5].args.entry="main_sequence_with_IPv6"' $TMP_PATH/mosdns-config-shunt.yaml
 		else
-			sed -i "s/DNS_MODE/main_sequence_disable_IPv6/g" $TMP_PATH/mosdns-config-shunt.yaml
+			yq_ssr '.plugins[4].args.entry="main_sequence_disable_IPv6" | .plugins[5].args.entry="main_sequence_disable_IPv6"' $TMP_PATH/mosdns-config-shunt.yaml
 		fi
+		yq_ssr '.plugins[4].args.listen="0.0.0.0:'${tmp_shunt_dns_port}'" | .plugins[5].args.listen="0.0.0.0:'${tmp_shunt_dns_port}'"' $TMP_PATH/mosdns-config-shunt.yaml
 		ln_start_bin $(first_type mosdns) mosdns start -c $TMP_PATH/mosdns-config-shunt.yaml
 		;;
 	esac
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_cn.txt
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_cn.txt
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config-chinadns.yaml
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config-chinadns.yaml
@ -0,0 +1,150 @@
+log:
+    level: info
+plugins:
+    # Num0: Cache
+    - tag: lazy_cache
+      type: cache
+      args:
+        size: 20000
+        lazy_cache_ttl: 86400
+
+    # Num1: CN domain
+    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/direct-list.txt
+    # cat direct-list.txt | grep -v "regexp:\|full:" | sort -u | uniq -u > china-domain-2.lst
+    - tag: geosite_cn
+      type: domain_set
+      args:
+        files:
+          - "/etc/ssrplus/mosdns-chinadns/geosite_cn.txt"
+          - "/etc/ssrplus/white.list"
+
+    # Num2: CN IP
+    # https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
+    - tag: geoip_cn
+      type: ip_set
+      args:
+        files:
+          - "/etc/ssrplus/china_ssr.txt"
+
+    # Num3: Domain need proxy (gfwlist)
+    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/proxy-list.txt
+    # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/gfw.txt
+    - tag: geosite_not_cn
+      type: domain_set
+      args:
+        files:
+          - "/etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt"
+          - "/etc/ssrplus/black.list"
+
+    # Num4: Forward to google
+    - tag: forward_remote
+      type: forward
+      args:
+        concurrent: 2
+        upstreams:
+
+    # Num5: Forward to local
+    # ifstatus wan | jsonfilter -e '@["dns-server"]'
+    - tag: forward_local
+      type: forward
+      args:
+        concurrent: 2
+        upstreams:
+
+    # Num6
+    - tag: local_sequence
+      type: sequence
+      args:
+        - exec: $forward_local
+
+    # Num7
+    - tag: remote_sequence_with_IPv6
+      type: sequence
+      args:
+        - exec: prefer_ipv4
+        - exec: $forward_remote
+
+    # Num8
+    - tag: remote_sequence_disable_IPv6
+      type: sequence
+      args:
+        - exec: prefer_ipv4
+        - exec: $forward_remote
+        - matches: 
+          - qtype 28 65
+          exec: reject 0
+
+    # Num9
+    - tag: query_is_local_domain
+      type: sequence
+      args:
+        - matches: qname $geosite_cn
+          exec: $local_sequence
+    
+    # Num10
+    - tag: query_is_proxy_domain
+      type: sequence
+      args:
+        - matches: qname $geosite_not_cn
+        - exec: ipset blacklist,inet,24
+
+    # fallback 用本地服务器 sequence
+    # 返回非国内 ip 则 drop_resp
+    # Num11
+    - tag: query_is_local_ip
+      type: sequence
+      args:
+        - exec: $local_sequence
+        - matches: "!resp_ip $geoip_cn"
+          exec: drop_resp
+
+    # Num12
+    # fallback 用远程服务器 sequence
+    - tag: query_is_remote_ip
+      type: sequence
+      args:
+        - exec: $remote_sequence_disable_IPv6
+        - exec: ipset blacklist,inet,24
+
+    # fallback 用远程服务器 sequence
+    # query_is_local_ip to query_is_remote_ip
+    # Num13
+    - tag: fallback
+      type: fallback
+      args:
+        # DNS Leak solution
+        primary: query_is_local_ip
+        secondary: query_is_remote_ip
+        threshold: 600
+        always_standby: true
+
+    # 有响应终止返回
+    # Num14
+    - tag: has_resp_sequence
+      type: sequence
+      args:
+        - matches: has_resp
+          exec: accept
+
+    # Num15
+    - tag: main_sequence
+      type: sequence
+      args:
+        - exec: $lazy_cache
+        - exec: $query_is_local_domain
+        - exec: jump has_resp_sequence
+        - exec: $query_is_proxy_domain
+        - exec: jump has_resp_sequence
+        - exec: $fallback
+
+    # Num16
+    - tag: udp_server
+      type: udp_server
+      args:
+        entry: main_sequence
+
+    # Num17
+    - tag: tcp_server
+      type: tcp_server
+      args:
+        entry: main_sequence
--- a/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config.yaml
+++ b/luci-app-ssr-plus/root/etc/ssrplus/mosdns-config.yaml
@ -33,11 +33,9 @@ plugins:
      type: udp_server
      args:
        entry: DNS_MODE
-        listen: 0.0.0.0:DNS_PORT
      
    - tag: tcp_server
      type: tcp_server
      args:
        entry: DNS_MODE
-        listen: 0.0.0.0:DNS_PORT

--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/geodata_update.sh
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/geodata_update.sh
@ -0,0 +1,44 @@
+#!/bin/sh
+
+rm -rf /tmp/geo*
+
+#wget --no-check-certificate -q -O /tmp/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
+wget --no-check-certificate -q -O /tmp/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
+
+remove_full_string() {
+    temp_file="$(echo "$1" | awk -F '.' '{print $1"-temp."$2}')"
+    temp_file2="$(echo "$1" | awk -F '.' '{print $1"-temp2."$2}')"
+    cat $1 | grep 'full:' | awk -F 'full:' '{print $2}' > $temp_file
+    cat $1 | grep -v 'full:' > $temp_file2
+    cat $temp_file $temp_file2 | sort -u | uniq -u > $1
+    rm -rf $temp_file $temp_file2
+}
+
+clean_up() {
+    temp_file="$(echo "$1" | awk -F '.' '{print $1"-temp."$2}')"
+    diff $1 $2 | grep '< ' | awk -F '< ' '{print $2}' > $temp_file
+    mv $temp_file $1
+}
+
+merge_file() {
+    temp_file="/tmp/merged"
+    cat $1 $2 | sort -u | uniq -u > $temp_file
+    mv $temp_file $2
+}
+
+if [ -f "/tmp/geosite.dat" ]; then
+    #v2dat unpack geosite -o /tmp/ -f cn -f apple-cn -f google-cn -f geolocation-!cn /tmp/geosite.dat
+    v2dat unpack geosite -o /tmp/ -f cn -f google-cn -f geolocation-!cn /tmp/geosite.dat
+    remove_full_string /tmp/geosite_cn.txt
+    #remove_full_string /tmp/geosite_apple-cn.txt
+    remove_full_string /tmp/geosite_google-cn.txt
+    remove_full_string /tmp/geosite_geolocation-!cn.txt
+    clean_up /tmp/geosite_cn.txt /tmp/geosite_google-cn.txt
+    merge_file /tmp/geosite_google-cn.txt /tmp/geosite_geolocation-!cn.txt
+    mv /tmp/geosite_cn.txt /etc/ssrplus/mosdns-chinadns/geosite_cn.txt
+    mv /tmp/geosite_geolocation-!cn.txt /etc/ssrplus/mosdns-chinadns/geosite_geolocation_not_cn.txt
+    rm -rf /tmp/geosite*
+    echo 111
+else
+    echo 000
+fi
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
@ -184,6 +184,15 @@ if args then
 		update(uci:get_first("shadowsocksr", "global", "nfip_url"), "/etc/ssrplus/netflixip.list", args)
 		os.exit(0)
 	end
+	if args == "geo_data" then
+		string = luci.sys.exec("/usr/share/shadowsocksr/geodata_update.sh")
+		if string.find(string, "111") then
+			log(0)
+		else
+			log(-1)
+		end
+		os.exit(0)
+	end
 else
 	log("正在更新【GFW列表】数据库")
 	update(uci:get_first("shadowsocksr", "global", "gfwlist_url"), "/etc/ssrplus/gfw_list.conf", "gfw_data", TMP_DNSMASQ_PATH .. "/gfw_list.conf")