update 2023-05-31 09:45:52

luci-app-bypass/luasrc/model/cbi/bypass/client-config.lua

@@ -114,16 +114,6 @@ local securitys = {
 	"chacha20-poly1305"
 }
 
-local flows = {
-	-- xtls
-	"xtls-rprx-origin",
-	"xtls-rprx-origin-udp443",
-	"xtls-rprx-direct",
-	"xtls-rprx-direct-udp443",
-	"xtls-rprx-splice",
-	"xtls-rprx-splice-udp443"
-}
-
 local tls_flows = {
 	-- tls
 	"xtls-rprx-vision",
@@ -166,6 +156,9 @@ end
 if is_finded("hysteria") then
 	o:value("hysteria", translate("Hysteria"))
 end
+if is_finded("tuic-client") then
+	o:value("tuic", translate("TUIC"))
+end
 if is_finded("ipt2socks") then
 	o:value("socks5", translate("Socks5"))
 end
@@ -191,8 +184,7 @@ o:value("vless", translate("VLESS"))
 o:value("vmess", translate("VMess"))
 o:value("trojan", translate("Trojan"))
 o:value("shadowsocks", translate("Shadowsocks"))
-if is_installed("sagernet-core") then
+if is_finded("xray") then
-	o:value("shadowsocksr", translate("ShadowsocksR"))
 	o:value("wireguard", translate("WireGuard"))
 end
 o:value("socks", translate("Socks"))
@@ -208,6 +200,7 @@ o:depends("type", "v2ray")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
 o:depends("type", "hysteria")
+o:depends("type", "tuic")
 o:depends("type", "socks5")
 
 o = s:option(Value, "server_port", translate("Server Port"))
@@ -219,6 +212,7 @@ o:depends("type", "v2ray")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
 o:depends("type", "hysteria")
+o:depends("type", "tuic")
 o:depends("type", "socks5")
 
 o = s:option(Flag, "auth_enable", translate("Enable Authentication"))
@@ -242,11 +236,11 @@ o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
+o:depends("type", "tuic")
 o:depends({type = "socks5", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "http", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocksr"})
 o:depends({type = "v2ray", v2ray_protocol = "trojan"})
 
 o = s:option(ListValue, "encrypt_method", translate("Encrypt Method"))
@@ -255,7 +249,6 @@ for _, v in ipairs(encrypt_methods) do
 end
 o.rmempty = true
 o:depends("type", "ssr")
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocksr"})
 
 o = s:option(ListValue, "encrypt_method_ss", translate("Encrypt Method"))
 for _, v in ipairs(encrypt_methods_ss) do
@@ -279,10 +272,10 @@ o.default = "1"
 -- Shadowsocks Plugin
 o = s:option(Value, "plugin", translate("Obfs"))
 o:value("none", translate("None"))
-if is_finded("obfs-local") or is_installed("sagernet-core") then
+if is_finded("obfs-local") then
 	o:value("obfs-local", translate("obfs-local"))
 end
-if is_finded("v2ray-plugin") or is_installed("sagernet-core") then
+if is_finded("v2ray-plugin") then
 	o:value("v2ray-plugin", translate("v2ray-plugin"))
 end
 if is_finded("xray-plugin") then
@@ -290,16 +283,10 @@ if is_finded("xray-plugin") then
 end
 o.rmempty = true
 o:depends("type", "ss")
-if is_installed("sagernet-core") then
-	o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
-end
 
 o = s:option(Value, "plugin_opts", translate("Plugin Opts"))
 o.rmempty = true
 o:depends("type", "ss")
-if is_installed("sagernet-core") then
-	o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
-end
 
 o = s:option(ListValue, "protocol", translate("Protocol"))
 for _, v in ipairs(protocol) do
@@ -307,11 +294,9 @@ for _, v in ipairs(protocol) do
 end
 o.rmempty = true
 o:depends("type", "ssr")
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocksr"})
 
 o = s:option(Value, "protocol_param", translate("Protocol param (optional)"))
 o:depends("type", "ssr")
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocksr"})
 
 o = s:option(ListValue, "obfs", translate("Obfs"))
 for _, v in ipairs(obfs) do
@@ -319,11 +304,9 @@ for _, v in ipairs(obfs) do
 end
 o.rmempty = true
 o:depends("type", "ssr")
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocksr"})
 
 o = s:option(Value, "obfs_param", translate("Obfs param (optional)"))
 o:depends("type", "ssr")
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocksr"})
 
 -- [[ Hysteria ]]--
 o = s:option(ListValue, "hysteria_protocol", translate("Protocol"))
@@ -360,6 +343,49 @@ o = s:option(Flag, "disable_mtu_discovery", translate("Disable Path MTU discover
 o:depends("type", "hysteria")
 o.rmempty = true
 
+o = s:option(Flag, "lazy_start", translate("Lazy Start"))
+o:depends("type", "hysteria")
+o.rmempty = true
+o.default = "0"
+
+-- [[ TUIC ]]
+o = s:option(ListValue, "udp_relay_mode", translate("UDP relay mode"))
+o:depends("type", "tuic")
+o:value("native", translate("native"))
+o:value("quic", translate("QUIC"))
+o.default = "native"
+o.rmempty = true
+
+o = s:option(ListValue, "congestion_controller", translate("Congestion control algorithm"))
+o:depends("type", "tuic")
+o:value("bbr", translate("BBR"))
+o:value("cubic", translate("CUBIC"))
+o:value("new_reno", translate("New Reno"))
+o.default = "cubic"
+o.rmempty = true
+
+o = s:option(Value, "heartbeat_interval", translate("Heartbeat interval"))
+o:depends("type", "tuic")
+o.datatype = "uinteger"
+o.default = "10000"
+o.rmempty = true
+
+o = s:option(Flag, "disable_sni", translate("Disable SNI"))
+o:depends("type", "tuic")
+o.default = 0
+o.rmempty = true
+
+o = s:option(Flag, "reduce_rtt", translate("Enable 0-RTT QUIC handshake"))
+o:depends("type", "tuic")
+o.default = 0
+o.rmempty = true
+
+o = s:option(Value, "max_udp_relay_packet_size", translate("Max UDP relay packet size"))
+o:depends("type", "tuic")
+o.datatype = "uinteger"
+o.default = "1500"
+o.rmempty = true
+
 -- VmessId
 o = s:option(Value, "vmess_id", translate("Vmess/VLESS ID (UUID)"))
 o.rmempty = true
@@ -437,21 +463,17 @@ o:depends("transport", "ws")
 o.rmempty = true
 
 if is_finded("v2ray") then
-	-- 启用WS前置数据
-	o = s:option(Flag, "ws_ed_enable", translate("Enable early data"))
-	o:depends("transport", "ws")
-
 	-- WS前置数据
 	o = s:option(Value, "ws_ed", translate("Max Early Data"))
 	o:depends("ws_ed_enable", true)
 	o.datatype = "uinteger"
-	o.default = 2048
+	o:value("2048")
 	o.rmempty = true
 
 	-- WS前置数据标头
 	o = s:option(Value, "ws_ed_header", translate("Early Data Header Name"))
 	o:depends("ws_ed_enable", true)
-	o.default = "Sec-WebSocket-Protocol"
+	o:value("Sec-WebSocket-Protocol")
 	o.rmempty = true
 end
 
@@ -472,19 +494,16 @@ o = s:option(Value, "serviceName", translate("gRPC Service Name"))
 o:depends("transport", "grpc")
 o.rmempty = true
 
-if is_finded("xray") or is_installed("sagernet-core") then
+if is_finded("xray") then
 	-- gPRC模式
 	o = s:option(ListValue, "grpc_mode", translate("gRPC Mode"))
 	o:depends("transport", "grpc")
 	o:value("gun", translate("Gun"))
 	o:value("multi", translate("Multi"))
-	if is_installed("sagernet-core") then
-		o:value("raw", translate("Raw"))
-	end
 	o.rmempty = true
 end
 
-if is_finded("xray") or is_installed("sagernet-core") then
+if is_finded("xray") then
 	-- gRPC初始窗口
 	o = s:option(Value, "initial_windows_size", translate("Initial Windows Size"))
 	o.datatype = "uinteger"
@@ -604,6 +623,7 @@ o.rmempty = true
 
 -- [[ WireGuard 部分 ]]--
 o = s:option(DynamicList, "local_addresses", translate("Local addresses"))
+o.datatype = "cidr"
 o:depends({type = "v2ray", v2ray_protocol = "wireguard"})
 o.rmempty = true
 
@@ -625,66 +645,76 @@ o.rmempty = true
 o = s:option(Flag, "tls", translate("TLS"))
 o.rmempty = true
 o.default = "0"
-o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vless", reality = false})
-o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vmess", reality = false})
-o:depends({type = "v2ray", v2ray_protocol = "trojan", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "trojan", reality = false})
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", reality = false})
-o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", reality = false})
-o:depends({type = "v2ray", v2ray_protocol = "http", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "http", reality = false})
 o:depends("type", "trojan")
 
--- XTLS
-if is_finded("xray") then
-	o = s:option(Flag, "xtls", translate("XTLS"))
-	o.rmempty = true
-	o.default = "0"
-	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", tls = false})
-	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "kcp", tls = false})
-	o:depends({type = "v2ray", v2ray_protocol = "trojan", transport = "tcp", tls = false})
-	o:depends({type = "v2ray", v2ray_protocol = "trojan", transport = "kcp", tls = false})
-
-	-- Flow
-	o = s:option(Value, "vless_flow", translate("Flow"))
-	for _, v in ipairs(flows) do
-		o:value(v, translate(v))
-	end
-	o.rmempty = true
-	o.default = "xtls-rprx-splice"
-	o:depends("xtls", true)
-
-	o = s:option(Value, "tls_flow", translate("Flow"))
-	for _, v in ipairs(tls_flows) do
-		o:value(v, translate(v))
-	end
-	o.rmempty = true
-	o:depends({type = "v2ray", v2ray_protocol = "vless", tls = true})
-end
-
 -- [[ TLS部分 ]] --
 o = s:option(Flag, "tls_sessionTicket", translate("Session Ticket"))
 o:depends({type = "trojan", tls = true})
 o.default = "0"
 
 if is_finded("xray") then
+	-- [[ REALITY ]]
+	o = s:option(Flag, "reality", translate("REALITY"))
+	o.rmempty = true
+	o.default = "0"
+	o:depends({type = "v2ray", v2ray_protocol = "vless", tls = false})
+
+	o = s:option(Value, "reality_publickey", translate("Public key"))
+	o.rmempty = true
+	o:depends({type = "v2ray", v2ray_protocol = "vless", reality = true})
+
+	o = s:option(Value, "reality_shortid", translate("Short ID"))
+	o.rmempty = true
+	o:depends({type = "v2ray", v2ray_protocol = "vless", reality = true})
+
+	o = s:option(Value, "reality_spiderx", translate("spiderX"))
+	o.rmempty = true
+	o:depends({type = "v2ray", v2ray_protocol = "vless", reality = true})
+
+	-- [[ XTLS ]]--
+	o = s:option(Value, "tls_flow", translate("Flow"))
+	for _, v in ipairs(tls_flows) do
+		o:value(v, translate(v))
+	end
+	o.rmempty = true
+	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", tls = true})
+	o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "tcp", reality = true})
+
 	-- [[ uTLS ]]--
-	o = s:option(ListValue, "fingerprint", translate("Finger Print"))
+	o = s:option(Value, "fingerprint", translate("Finger Print"))
-	o:value("disable", translate("disable"))
+	o:value("", translate("disable"))
-	o:value("firefox", translate("firefox"))
 	o:value("chrome", translate("chrome"))
+	o:value("firefox", translate("firefox"))
 	o:value("safari", translate("safari"))
+	o:value("ios", translate("ios"))
+	o:value("android", translate("android"))
+	o:value("edge", translate("edge"))
+	o:value("360", translate("360"))
+	o:value("qq", translate("qq"))
+	o:value("random", translate("random"))
 	o:value("randomized", translate("randomized"))
 	o:depends({type = "v2ray", tls = true})
-	o:depends({type = "v2ray", xtls = true})
+	o:depends({type = "v2ray", reality = true})
-	o.default = "disable"
 end
 
 o = s:option(Value, "tls_host", translate("TLS Host"))
 o.datatype = "hostname"
 o:depends("tls", true)
-o:depends("xtls", true)
+o:depends("reality", true)
 o:depends("type", "hysteria")
 o.rmempty = true
 
+o = s:option(DynamicList, "tls_alpn", translate("TLS ALPN"))
+o:depends("tls", true)
+o:depends("type", "tuic")
+o.rmempty = true
+
 o = s:option(Value, "quic_tls_alpn", translate("QUIC TLS ALPN"))
 o:depends("type", "hysteria")
 o.rmempty = true
@@ -693,19 +723,18 @@ o.rmempty = true
 o = s:option(Flag, "insecure", translate("allowInsecure"))
 o.rmempty = false
 o:depends("tls", true)
-o:depends("xtls", true)
 o:depends("type", "hysteria")
 o.description = translate("If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates.")
 
 -- [[ Mux ]]--
 o = s:option(Flag, "mux", translate("Mux"))
 o.rmempty = false
-o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vless"})
-o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vmess"})
-o:depends({type = "v2ray", v2ray_protocol = "trojan", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "trojan"})
-o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
-o:depends({type = "v2ray", v2ray_protocol = "socks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "socks"})
-o:depends({type = "v2ray", v2ray_protocol = "http", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "http"})
 
 o = s:option(Value, "concurrency", translate("Concurrency"))
 o.datatype = "uinteger"
@@ -718,12 +747,11 @@ o:depends("type", "naiveproxy")
 o = s:option(Flag, "certificate", translate("Self-signed Certificate"))
 o.rmempty = true
 o.default = "0"
+o:depends("type", "tuic")
 o:depends({type = "hysteria", insecure = false})
 o:depends({type = "trojan", tls = true, insecure = false})
 o:depends({type = "v2ray", v2ray_protocol = "vmess", tls = true, insecure = false})
 o:depends({type = "v2ray", v2ray_protocol = "vless", tls = true, insecure = false})
-o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = true, insecure = false})
-o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = true, insecure = false})
 o.description = translate("If you have a self-signed certificate,please check the box")
 
 o = s:option(DummyValue, "upload", translate("Upload"))
@@ -772,17 +800,7 @@ o.default = "0"
 o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "trojan")
-
+o:depends("type", "hysteria")
-if is_installed("sagernet-core") then
-	o = s:option(ListValue, "packet_encoding", translate("Packet Encoding"))
-	o:value("none", translate("none"))
-	o:value("packet", translate("packet (v2ray-core v5+)"))
-	o:value("xudp", translate("xudp (Xray-core)"))
-	o.default = "xudp"
-	o.rmempty = true
-	o:depends({type = "v2ray", v2ray_protocol = "vless"})
-	o:depends({type = "v2ray", v2ray_protocol = "vmess"})
-end
 
 o = s:option(Flag, "switch_enable", translate("Enable Auto Switch"))
 o.rmempty = false

luci-app-bypass/luasrc/view/bypass/ssrurl.htm

@@ -107,7 +107,7 @@ function import_ssr_url(btn, urlname, sid) {
 			document.getElementsByName('cbid.bypass.' + sid + '.server')[0].value = url.hostname;
 			document.getElementsByName('cbid.bypass.' + sid + '.server_port')[0].value = url.port || "80";
 			document.getElementsByName('cbid.bypass.' + sid + '.hysteria_protocol')[0].value = params.get("protocol") || "udp";
-			document.getElementsByName('cbid.bypass.' + sid + '.auth_type')[0].value = params.get("auth") ? "1" : "0";
+			document.getElementsByName('cbid.bypass.' + sid + '.auth_type')[0].value = params.get("auth") ? "2" : "0";
 			document.getElementsByName('cbid.bypass.' + sid + '.auth_type')[0].dispatchEvent(event);
 			document.getElementsByName('cbid.bypass.' + sid + '.auth_payload')[0].value = params.get("auth") || "";
 			document.getElementsByName('cbid.bypass.' + sid + '.uplink_capacity')[0].value = params.get("upmbps") || "";
@@ -115,7 +115,7 @@ function import_ssr_url(btn, urlname, sid) {
 			document.getElementsByName('cbid.bypass.' + sid + '.seed')[0].value = params.get("obfsParam") || "";
 			document.getElementsByName('cbid.bypass.' + sid + '.tls_host')[0].value = params.get("peer") || "";
 			document.getElementsByName('cbid.bypass.' + sid + '.quic_tls_alpn')[0].value = params.get("alpn") || "";
-			document.getElementsByName('cbid.bypass.' + sid + '.insecure')[0].checked = (params.get("insecure") === "1");
+			document.getElementsByName('cbid.bypass.' + sid + '.insecure')[0].checked = params.get("insecure") ? true : false;
 			document.getElementsByName('cbid.bypass.' + sid + '.alias')[0].value = url.hash ? decodeURIComponent(url.hash.slice(1)) : "";
 
 			s.innerHTML = "<font color='green'><%:Import configuration information successfully.%></font>";
@@ -282,7 +282,7 @@ function import_ssr_url(btn, urlname, sid) {
 			if (ssm.tls == "tls") {
 				document.getElementsByName('cbid.bypass.' + sid + '.tls')[0].checked = true;
 				document.getElementsByName('cbid.bypass.' + sid + '.tls')[0].dispatchEvent(event);
-				document.getElementsByName('cbid.bypass.' + sid + '.tls_host')[0].value = ssm.host;
+				document.getElementsByName('cbid.bypass.' + sid + '.tls_host')[0].value = ssm.sni || ssm.host;
 			}
 			document.getElementsByName('cbid.bypass.' + sid + '.mux')[0].checked = true;
 			document.getElementsByName('cbid.bypass.' + sid + '.mux')[0].dispatchEvent(event);
@@ -308,14 +308,19 @@ function import_ssr_url(btn, urlname, sid) {
 			document.getElementsByName('cbid.bypass.' + sid + '.transport')[0].value = params.get("type") == "http" ? "h2" : params.get("type") || "tcp";
 			document.getElementsByName('cbid.bypass.' + sid + '.transport')[0].dispatchEvent(event);
 			document.getElementsByName('cbid.bypass.' + sid + '.vless_encryption')[0].value = params.get("encryption") || "none";
-			if ([ "tls", "xtls" ].includes(params.get("security"))) {
+			if ([ "tls", "reality" ].includes(params.get("security"))) {
 				document.getElementsByName('cbid.bypass.' + sid + '.' + params.get("security"))[0].checked = true;
 				document.getElementsByName('cbid.bypass.' + sid + '.' + params.get("security"))[0].dispatchEvent(event);
-				if (params.get("security") === "xtls") {
+
-					document.getElementsByName('cbid.bypass.' + sid + '.vless_flow')[0].value = params.get("flow") || "xtls-rprx-splice";
+				document.getElementsByName('cbid.bypass.' + sid + '.fingerprint')[0].value = params.get("fp") || "";
-					document.getElementsByName('cbid.bypass.' + sid + '.vless_flow')[0].dispatchEvent(event);
+				document.getElementsByName('cbid.bypass.' + sid + '.tls_flow')[0].value = params.get("flow") || "";
-				}
 				document.getElementsByName('cbid.bypass.' + sid + '.tls_host')[0].value = params.get("sni") || "";
+
+				if (params.get("security") === "reality") {
+					document.getElementsByName('cbid.bypass.' + sid + '.reality_publickey')[0].value = params.get("pbk") ? decodeURIComponent(params.get("pbk")) : "";
+					document.getElementsByName('cbid.bypass.' + sid + '.reality_shortid')[0].value = params.get("sid") || "";
+					document.getElementsByName('cbid.bypass.' + sid + '.reality_spiderx')[0].value = params.get("spx") ? decodeURIComponent(params.get("spx")) : "";
+				}
 			}
 			switch (params.get("type")) {
 			case "ws":
@@ -328,8 +333,10 @@ function import_ssr_url(btn, urlname, sid) {
 				document.getElementsByName('cbid.bypass.' + sid + '.seed')[0].value = params.get("seed") || "";
 				break;
 			case "http":
-				document.getElementsByName('cbid.bypass.' + sid + '.h2_host')[0].value = queryParam.host || serverPart[0];
+			/* this is non-standard, bullshit */
-				document.getElementsByName('cbid.bypass.' + sid + '.h2_path')[0].value = queryParam.path || "/";
+			case "h2":
+				document.getElementsByName('cbid.bypass.' + sid + '.h2_host')[0].value = params.get("host") ? decodeURIComponent(params.get("host")) : "";
+				document.getElementsByName('cbid.bypass.' + sid + '.h2_path')[0].value = params.get("path") ? decodeURIComponent(params.get("path")) : "";
 				break;
 			case "quic":
 				document.getElementsByName('cbid.bypass.' + sid + '.quic_guise')[0].value = params.get("headerType") || "none";

luci-app-bypass/root/usr/share/bypass/gen_config

@@ -12,8 +12,7 @@ local ip_addr = arg[5]
 local server = ucursor:get_all("bypass", server_section)
 local outbound_settings = nil
 
-local tls_host = (server.tls_host) and server.tls_host or server.server
+local tls_host = (tls_host) and tls_host or server.server																	   
-
 function vmess_vless()
 	outbound_settings = {
 		vnext = {
@@ -25,49 +24,26 @@ function vmess_vless()
 						id = server.vmess_id,
 						security = (server.v2ray_protocol == "vmess" or not server.v2ray_protocol) and server.security or nil,
 						encryption = (server.v2ray_protocol == "vless") and server.vless_encryption or nil,
-						flow = (server.xtls == '1') and (server.vless_flow or "xtls-rprx-splice") or (server.tls == '1') and server.tls_flow or nil
+						flow = ((server.tls == '1') or (server.reality == '1')) and server.tls_flow or nil
 					}
 				}
 			}
-		},
+		}
-		packetEncoding = server.packet_encoding or nil
 	}
 end
 function trojan_shadowsocks()
 	outbound_settings = {
-		plugin = ((server.v2ray_protocol == "shadowsocks") and server.plugin ~= "none" and server.plugin) or (server.v2ray_protocol == "shadowsocksr" and "shadowsocksr") or nil,
-		pluginOpts = (server.v2ray_protocol == "shadowsocks") and server.plugin_opts or nil,
-		pluginArgs = (server.v2ray_protocol == "shadowsocksr") and {
-			"--protocol=" .. server.protocol,
-			"--protocol-param=" .. (server.protocol_param or ""),
-			"--obfs=" .. server.obfs,
-			"--obfs-param=" .. (server.obfs_param or "")
-		} or nil,
 		servers = {
 			{
 				address = ip_addr,
 				port = tonumber(server.server_port),
 				password = server.password,
-				method = ((server.v2ray_protocol == "shadowsocks") and server.encrypt_method_ss) or ((server.v2ray_protocol == "shadowsocksr") and server.encrypt_method) or nil,
+				method = ((server.v2ray_protocol == "shadowsocks") and server.encrypt_method_ss) or nil,
 				uot = (server.v2ray_protocol == "shadowsocks") and (server.uot == '1') or nil,
 				ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil,
-				flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow or "xtls-rprx-splice") or nil
 			}
 		}
 	}
-
-	if server.v2ray_protocol == "shadowsocksr" then
-		server.v2ray_protocol = "shadowsocks"
-	--[[ elseif (server.v2ray_protocol == "shadowsocks") and (server.mux ~= "1") and (not (outbound_settings.plugin or server.transport ~= "tcp" or server.tls or server.xtls)) then
-		server.v2ray_protocol = "shadowsocks_sing"
-		outbound_settings = outbound_settings.servers[1]
-	elseif (server.v2ray_protocol == "trojan") and (server.tls and server.mux ~= "1") and (not (server.transport ~= "tcp" or server.xtls)) then
-		server.v2ray_protocol = "trojan_sing"
-		outbound_settings = outbound_settings.servers[1]
-		outbound_settings.serverName = tls_host
-		outbound_settings.insecure = (server.insecure == "1") and true or false
-		]]
-	end
 end
 function socks_http()
 	outbound_settings = {
@@ -88,13 +64,16 @@ function socks_http()
 end
 function wireguard()
 	outbound_settings = {
+		secretKey = server.private_key,
 		address = ip_addr,
-		port = tonumber(server.server_port),
+		peers = {
-		localAddresses = server.local_addresses,
+			{
-		privateKey = server.private_key,
+				publicKey = server.peer_pubkey,
-		peerPublicKey = server.peer_pubkey,
+				preSharedKey = server.preshared_key,
-		preSharedKey = server.preshared_key or nil,
+				endpoint = server.server .. ":" .. server.server_port
-		mtu = tonumber(server.mtu) or 1500
+			}
+		},
+		mtu = tonumber(server.mtu)
 	}
 end
 local outbound = {}
@@ -118,9 +97,6 @@ function outbound:handleIndex(index)
 		shadowsocks = function()
 			trojan_shadowsocks()
 		end,
-		shadowsocksr = function()
-			trojan_shadowsocks()
-		end,
 		socks = function()
 			socks_http()
 		end,
@@ -164,21 +140,27 @@ local Xray = {
 		protocol = server.v2ray_protocol,
 		settings = outbound_settings,
 		-- 底层传输配置
-		streamSettings = (server.v2ray_protocol and server.v2ray_protocol:sub(-#"_sing") ~= "_sing") and {
+		streamSettings = {
 			network = server.transport or "tcp",
-			security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or nil,
+			security = (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
-			tlsSettings = (server.tls == '1' and (server.insecure == "1" or tls_host or server.fingerprint)) and {
+			tlsSettings = (server.tls == '1') and {
 				-- tls
+				alpn = server.tls_alpn,
 				fingerprint = server.fingerprint,
-				allowInsecure = (server.insecure == "1") and true or nil,
+				allowInsecure = (server.insecure == "1"),
-				serverName = tls_host
-			} or nil,
-			xtlsSettings = (server.xtls == '1' and (server.insecure == "1" or tls_host or server.fingerprint)) and {
-				-- xtls
-				fingerprint = server.fingerprint,
-				allowInsecure = (server.insecure == "1") and true or nil,
 				serverName = tls_host,
-				minVersion = "1.3"
+				certificates = server.certificate and {
+					usage = "verify",
+					certificateFile = server.certpath
+				} or nil
+			} or nil,
+			realitySettings = (server.reality == '1') and {
+				show = false,
+				publicKey = server.reality_publickey,
+				shortId = server.reality_shortid,
+				spiderX = server.reality_spiderx,
+				fingerprint = server.fingerprint,
+				serverName = tls_host
 			} or nil,
 			tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
 				-- tcp
@@ -228,19 +210,17 @@ local Xray = {
 			grpcSettings = (server.transport == "grpc") and {
 				-- grpc
 				serviceName = server.serviceName or "",
-				mode = (server.grpc_mode ~= "gun") and server.grpc_mode or nil,
 				multiMode = (server.grpc_mode == "multi") and true or false,
 				idle_timeout = tonumber(server.idle_timeout) or nil,
 				health_check_timeout = tonumber(server.health_check_timeout) or nil,
 				permit_without_stream = (server.permit_without_stream == "1") and true or nil,
 				initial_windows_size = tonumber(server.initial_windows_size) or nil
 			} or nil
-		} or nil,
+		},
-		mux = (server.mux == "1" and server.xtls ~= "1" and server.transport ~= "grpc") and {
+		mux = (server.mux == "1" and server.transport ~= "grpc") and {
 			-- mux
 			enabled = true,
-			concurrency = tonumber(server.concurrency),
+			concurrency = tonumber(server.concurrency)
-			packetEncoding = (server.v2ray_protocol == "vmess" or server.v2ray_protocol == "vless") and server.packet_encoding or nil
 		} or nil
 	} or nil
 }
@@ -264,7 +244,7 @@ local trojan = {
 		cipher = cipher,
 		cipher_tls13 = cipher13,
 		sni = tls_host,
-		alpn = {"h2", "http/1.1"},
+		alpn = server.tls_alpn or {"h2", "http/1.1"},
 		curve = "",
 		reuse_session = true,
 		session_ticket = (server.tls_sessionTicket == "1") and true or false
@@ -323,7 +303,29 @@ local hysteria = {
 	ca = (server.certificate) and server.certpath or nil,
 	recv_window_conn = tonumber(server.recv_window_conn),
 	recv_window = tonumber(server.recv_window),
-	disable_mtu_discovery = (server.disable_mtu_discovery == "1") and true or false
+	disable_mtu_discovery = (server.disable_mtu_discovery == "1") and true or false,
+	fast_open = (server.fast_open == "1") and true or false,
+	lazy_start = (server.lazy_start == "1") and true or false
+}
+local tuic = {
+	relay = {
+		server = server.server,
+		port = tonumber(server.server_port),
+		token = server.password,
+
+		certificates = server.certificate and { server.certpath } or nil,
+		udp_relay_mode = server.udp_relay_mode,
+		congestion_controller = server.congestion_controller,
+		heartbeat_interval = tonumber(server.heartbeat_interval),
+		alpn = server.tls_alpn,
+		disable_sni = (server.disable_sni == "1"),
+		reduce_rtt = (server.reduce_rtt == "1"),
+		max_udp_relay_packet_size = tonumber(server.max_udp_relay_packet_size)
+	},
+	["local"] = {
+		port = tonumber(local_port),
+		ip = "0.0.0.0"
+	}
 }
 local config = {}
 function config:new(o)
@@ -361,6 +363,9 @@ function config:handleIndex(index)
 		end,
 		hysteria = function()
 			print(json.stringify(hysteria, 1))
+		end,
+		tuic = function()
+			print(json.stringify(tuic, 1))
 		end
 	}
 	if switch[index] then

luci-app-bypass/root/usr/share/bypass/subscribe

@@ -27,9 +27,7 @@ local switch = ucic:get_first(name, 'server_subscribe', 'switch', '1')
 local subscribe_url = ucic:get_first(name, 'server_subscribe', 'subscribe_url', {})
 local filter_words = ucic:get_first(name, 'server_subscribe', 'filter_words', '过期时间/剩余流量')
 local save_words = ucic:get_first(name, 'server_subscribe', 'save_words', '')
-local packet_encoding = luci.model.ipkg.installed("sagernet-core") and ucic:get_first(name, 'global', 'default_packet_encoding', 'xudp') or nil
 local v2_ss = luci.sys.exec('type -t -p ss-redir sslocal') ~= "" and "ss" or "v2ray"
-local v2_ssr = luci.sys.exec('type -t -p ssr-redir') ~= "" and "ssr" or "v2ray"
 local v2_tj = luci.sys.exec('type -t -p trojan') ~= "" and "trojan" or "v2ray"
 local log = function(...)
 	print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " "))
@@ -149,8 +147,7 @@ local function processData(szType, content)
 	if szType == 'ssr' then
 		local dat = split(content, "/%?")
 		local hostInfo = split(dat[1], ':')
-		result.type = v2_ssr
+		result.type = 'ssr'
-		result.v2ray_protocol = (v2_ssr == "v2ray") and "shadowsocksr" or nil
 		result.server = hostInfo[1]
 		result.server_port = hostInfo[2]
 		result.protocol = hostInfo[3]
@@ -178,7 +175,6 @@ local function processData(szType, content)
 		result.transport = info.net
 		result.vmess_id = info.id
 		result.alias = info.ps
-		result.packet_encoding = packet_encoding
 		-- result.mux = 1
 		-- result.concurrency = 8
 		if info.net == 'ws' then
@@ -223,10 +219,10 @@ local function processData(szType, content)
 		end
 		if info.tls == "tls" or info.tls == "1" then
 			result.tls = "1"
-			if info.host then
+			if info.sni and info.sni ~= "" then
-				result.tls_host = info.host
-			elseif info.sni then
 				result.tls_host = info.sni
+			elseif info.host then
+				result.tls_host = info.host
 			end
 			result.insecure = 1
 		else
@@ -361,15 +357,19 @@ local function processData(szType, content)
 		result.vmess_id = url.user
 		result.vless_encryption = params.encryption or "none"
 		result.transport = params.type or "tcp"
-		result.packet_encoding = packet_encoding
+		result.tls = (params.security == "tls" or params.security == "xtls") and "1" or "0"
-		result.tls = (params.security == "tls") and "1" or "0"
 		result.tls_host = params.sni
-		result.xtls = params.security == "xtls" and "1" or nil
+		result.tls_flow = (params.security == "tls" or params.security == "reality") and params.flow or nil
-		result.vless_flow = params.flow
+		result.fingerprint = params.fp
+		result.reality = (params.security == "reality") and "1" or "0"
+		result.reality_publickey = params.pbk and UrlDecode(params.pbk) or nil
+		result.reality_shortid = params.sid
+		result.reality_spiderx = params.spx and UrlDecode(params.spx) or nil
 		if result.transport == "ws" then
 			result.ws_host = (result.tls ~= "1") and (params.host and UrlDecode(params.host)) or nil
 			result.ws_path = params.path and UrlDecode(params.path) or "/"
-		elseif result.transport == "http" then
+		-- make it compatible with bullshit, "h2" transport is non-existent at all
+		elseif result.transport == "http" or result.transport == "h2" then
 			result.transport = "h2"
 			result.h2_host = params.host and UrlDecode(params.host) or nil
 			result.h2_path = params.path and UrlDecode(params.path) or nil
@@ -525,7 +525,7 @@ local execute = function()
 						-- log(result)
 						if result then
 							-- 中文做地址的 也没有人拿中文域名搞，就算中文域也有Puny Code SB 机场
-							if not result.server or not result.server_port or result.alias == "NULL" or check_filer(result) or result.server:match("[^0-9a-zA-Z%-%.%s]") or cache[groupHash][result.hashkey] then
+							if not result.server or not result.server_port or result.alias == "NULL" or check_filer(result) or result.server:match("[^0-9a-zA-Z%-_%.%s]") or cache[groupHash][result.hashkey] then
 								log('丢弃无效节点: ' .. result.type .. ' 节点, ' .. result.alias)
 							else
 								-- log('成功解析: ' .. result.type ..' 节点, ' .. result.alias)