diff --git a/trunk/user/chnroute/scripts/update_chnroute.sh b/trunk/user/chnroute/scripts/update_chnroute.sh index 3e927cfe3e..d340ea0d86 100755 --- a/trunk/user/chnroute/scripts/update_chnroute.sh +++ b/trunk/user/chnroute/scripts/update_chnroute.sh @@ -2,24 +2,29 @@ set -e -o pipefail -[ "$1" != "force" ] && [ "$(nvram get ss_update_chnroute)" != "1" ] && exit 0 +NAME=chnroute CHNROUTE_URL="$(nvram get ss_chnroute_url)" -logger -st "chnroute" "Starting update..." +log() { + logger -t "$NAME" "$@" + echo "$(date "+%Y-%m-%d %H:%M:%S") $@" >> "/tmp/ssrplus.log" +} + +[ "$1" != "force" ] && [ "$(nvram get ss_update_chnroute)" != "1" ] && exit 0 + +log "CHNRoute 开始更新..." +[ ! -d /etc/storage/chinadns/ ] && mkdir /etc/storage/chinadns/ rm -f /tmp/chinadns_chnroute.txt if [ -z "$CHNROUTE_URL" ]; then - curl -k -s --connect-timeout 20 --retry 3 http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest | \ - awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chinadns_chnroute.txt + curl -s -o /tmp/chinadns_chnroute.txt --connect-timeout 10 --retry 3 "$CHNROUTE_URL" else - curl -k -s --connect-timeout 20 --retry 3 -o /tmp/chinadns_chnroute.txt "$CHNROUTE_URL" + curl -s --connect-timeout 10 --retry 3 http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest | \ + awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chinadns_chnroute.txt fi -[ ! -d /etc/storage/chinadns/ ] && mkdir /etc/storage/chinadns/ mv -f /tmp/chinadns_chnroute.txt /etc/storage/chinadns/chnroute.txt - mtd_storage.sh save >/dev/null 2>&1 - -[ -f /usr/bin/shadowsocks.sh ] && [ "$(nvram get ss_enable)" = "1" ] && [ "$(nvram get ss_run_mode)" = "router" ] && /usr/bin/shadowsocks.sh restart >/dev/null 2>&1 - -logger -st "chnroute" "Update done" +log "CHNRoute 更新完成!" +echo 3 > /proc/sys/vm/drop_caches +[ -f /usr/bin/shadowsocks.sh ] && [ "$(nvram get ss_enable)" = "1" ] && [ "$(nvram get ss_run_mode)" = "router" ] && /usr/bin/shadowsocks.sh restart >/dev/null 2>&1 \ No newline at end of file diff --git a/trunk/user/httpd/variables.c b/trunk/user/httpd/variables.c index 9a856af500..981aa4fece 100644 --- a/trunk/user/httpd/variables.c +++ b/trunk/user/httpd/variables.c @@ -1025,12 +1025,6 @@ #if defined(APP_SHADOWSOCKS) struct variable variables_ShadowsocksConf[] = { {"ss_enable","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"trojan_local_enable","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"trojan_local","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"trojan_link","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"v2_local_enable","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"v2_local","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"v2_link","",NULL, EVM_RESTART_SHADOWSOCKS}, {"global_server","",NULL, EVM_RESTART_SHADOWSOCKS}, {"backup_server","",NULL, EVM_RESTART_SHADOWSOCKS}, {"udp_relay_server","",NULL, EVM_RESTART_SHADOWSOCKS}, @@ -1093,12 +1087,13 @@ {"socks5_aenable","",NULL, EVM_RESTART_SHADOWSOCKS}, {"socks5_s_username","",NULL, EVM_RESTART_SHADOWSOCKS}, {"socks5_s_password","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"ss_turn","",NULL, EVM_RESTART_SHADOWSOCKS}, {"lan_con","",NULL, EVM_RESTART_SHADOWSOCKS}, {"ss_chnroute_url","",NULL, FALSE}, - {"ss_watchcat", "",NULL, FALSE}, - {"ss_turn_s","",NULL, EVM_RESTART_SHADOWSOCKS}, - {"ss_turn_ss","",NULL, EVM_RESTART_SHADOWSOCKS}, + {"ss_gfwlist_url","",NULL, FALSE}, + {"ss_cgroups", "",NULL, EVM_RESTART_SHADOWSOCKS}, + {"ss_cgoups_cpu_s", "",NULL, EVM_RESTART_SHADOWSOCKS}, + {"ss_cgoups_mem_s", "",NULL, EVM_RESTART_SHADOWSOCKS}, + {"ss_watchcat", "",NULL, FALSE}, {"ss_keyword","",NULL, FALSE}, {"ss_update_chnroute","",NULL, EVM_RESTART_SHADOWSOCKS}, {"ss_update_gfwlist","",NULL, EVM_RESTART_SHADOWSOCKS}, diff --git a/trunk/user/shadowsocks/scripts/shadowsocks.sh b/trunk/user/shadowsocks/scripts/shadowsocks.sh index 61cc558b14..c4c22437ad 100644 --- a/trunk/user/shadowsocks/scripts/shadowsocks.sh +++ b/trunk/user/shadowsocks/scripts/shadowsocks.sh @@ -4,17 +4,19 @@ # Copyright (C) 2017 yushi studio # Copyright (C) 2018 lean # Copyright (C) 2019 chongshengB +# Copyright (C) 2022 TurBoTse <860018505@qq.com> +# Copyright (C) 2023 simonchen # # This is free software, licensed under the GNU General Public License v3. # See /LICENSE for more information. # -pppoemwan=`nvram get pppoemwan_enable` + NAME=shadowsocksr +pppoemwan=`nvram get pppoemwan_enable` http_username=`nvram get http_username` CONFIG_FILE=/tmp/${NAME}.json CONFIG_UDP_FILE=/tmp/${NAME}_u.json CONFIG_SOCK5_FILE=/tmp/${NAME}_s.json -CONFIG_KUMASOCKS_FILE=/tmp/kumasocks.toml v2_json_file="/tmp/v2-redir.json" trojan_json_file="/tmp/tj-redir.json" server_count=0 @@ -30,10 +32,16 @@ wan_fw_ips="/tmp/blackip.txt" lan_fp_ips="/tmp/lan_ip.txt" lan_gm_ips="/tmp/lan_gmip.txt" run_mode=`nvram get ss_run_mode` -ss_turn=`nvram get ss_turn` lan_con=`nvram get lan_con` GLOBAL_SERVER=`nvram get global_server` socks="" +SS_RULES=/usr/bin/ss-rules +[ -x /etc/storage/ss-rules ] && SS_RULES=/etc/storage/ss-rules + +log() { + logger -t "$NAME" "$@" + echo "$(date "+%Y-%m-%d %H:%M:%S") $@" >> "/tmp/ssrplus.log" +} find_bin() { case "$1" in @@ -42,18 +50,12 @@ find_bin() { ssr) ret="/usr/bin/ssr-redir" ;; ssr-local) ret="/usr/bin/ssr-local" ;; ssr-server) ret="/usr/bin/ssr-server" ;; - v2ray) - if [ -f "/usr/bin/v2ray" ]; then - ret="/usr/bin/v2ray" - else - ret="/usr/bin/xray" - fi - ;; - xray) - if [ -f "/usr/bin/xray" ]; then - ret="/usr/bin/xray" + v2ray|xray) + if [ -f "/usr/bin/$1" ]; then + ret="/usr/bin/$1" else - ret="/usr/bin/v2ray" + bin=$(echo -e "v2ray\nxray" | grep -v $1) + ret="/usr/bin/$bin" fi ;; trojan) ret="/usr/bin/trojan" ;; @@ -63,8 +65,7 @@ find_bin() { } gen_config_file() { - - fastopen="false" + #fastopen="false" case "$2" in 0) config_file=$CONFIG_FILE && local stype=$(nvram get d_type) ;; 1) config_file=$CONFIG_UDP_FILE && local stype=$(nvram get ud_type) ;; @@ -81,7 +82,7 @@ local type=$stype sed -i 's/\\//g' $config_file ;; trojan) - tj_bin="/usr/bin/trojan" + v2ray_enable=1 if [ "$2" = "0" ]; then lua /etc_ro/ss/gentrojanconfig.lua $1 nat 1080 >$trojan_json_file sed -i 's/\\//g' $trojan_json_file @@ -91,7 +92,6 @@ local type=$stype fi ;; v2ray) - v2_bin="/usr/bin/v2ray" v2ray_enable=1 if [ "$2" = "1" ]; then lua /etc_ro/ss/genv2config.lua $1 udp 1080 >/tmp/v2-ssr-reudp.json @@ -102,7 +102,6 @@ local type=$stype fi ;; xray) - v2_bin="/usr/bin/v2ray" v2ray_enable=1 if [ "$2" = "1" ]; then lua /etc_ro/ss/genxrayconfig.lua $1 udp 1080 >/tmp/v2-ssr-reudp.json @@ -124,9 +123,10 @@ get_arg_out() { } start_rules() { - logger -t "SS" "正在添加防火墙规则..." + log "正在添加防火墙规则..." lua /etc_ro/ss/getconfig.lua $GLOBAL_SERVER > /tmp/server.txt server=`cat /tmp/server.txt` + rm -f /tmp/server.txt cat /etc/storage/ss_ip.sh | grep -v '^!' | grep -v "^$" >$wan_fw_ips cat /etc/storage/ss_wan_ip.sh | grep -v '^!' | grep -v "^$" >$wan_bp_ips #resolve name @@ -151,6 +151,7 @@ start_rules() { ARG_UDP="-U" lua /etc_ro/ss/getconfig.lua $UDP_RELAY_SERVER > /tmp/userver.txt udp_server=`cat /tmp/userver.txt` + rm -f /tmp/userver.txt udp_local_port="1080" fi if [ -n "$lan_ac_ips" ]; then @@ -172,23 +173,23 @@ start_rules() { if [ "$lan_con" = "0" ]; then rm -f $lan_fp_ips lancon="all" - lancons="全部IP走代理" + lancons="全部IP走代理..." cat /etc/storage/ss_lan_ip.sh | grep -v '^!' | grep -v "^$" >$lan_fp_ips elif [ "$lan_con" = "1" ]; then rm -f $lan_fp_ips lancon="bip" - lancons="指定IP走代理,请到规则管理页面添加需要走代理的IP。" + lancons="指定 IP 走代理: 请到规则管理页面添加需要走代理的 IP..." cat /etc/storage/ss_lan_bip.sh | grep -v '^!' | grep -v "^$" >$lan_fp_ips fi rm -f $lan_gm_ips cat /etc/storage/ss_lan_gmip.sh | grep -v '^!' | grep -v "^$" >$lan_gm_ips dports=$(nvram get s_dports) if [ $dports = "0" ]; then - proxyport=" " + proxyport="--syn" else - proxyport="-m multiport --dports 22,53,587,465,995,993,143,80,443" + proxyport="-m multiport --dports 22,53,587,465,995,993,143,80,443,3389 --syn" fi - /usr/bin/ss-rules \ + $SS_RULES \ -s "$server" \ -l "$local_port" \ -S "$udp_server" \ @@ -210,42 +211,42 @@ start_redir_tcp() { gen_config_file $GLOBAL_SERVER 0 1080 stype=$(nvram get d_type) local bin=$(find_bin $stype) - [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Main node:Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + [ ! -f "$bin" ] && log "Main node:Can't find $bin program, can't start!" && return 1 if [ "$(nvram get ss_threads)" = "0" ]; then threads=$(cat /proc/cpuinfo | grep 'processor' | wc -l) else threads=$(nvram get ss_threads) fi - logger -t "SS" "启动$stype主服务器..." + log "正在启动 $stype 服务器..." case "$stype" in ss | ssr) last_config_file=$CONFIG_FILE pid_file="/tmp/ssr-retcp.pid" for i in $(seq 1 $threads); do - $bin -c $CONFIG_FILE $ARG_OTA -f /tmp/ssr-retcp_$i.pid >/dev/null 2>&1 + run_bin $bin -c $CONFIG_FILE $ARG_OTA -f /tmp/ssr-retcp_$i.pid usleep 500000 done redir_tcp=1 - echo "$(date "+%Y-%m-%d %H:%M:%S") Shadowsocks/ShadowsocksR $threads 线程启动成功!" >>/tmp/ssrplus.log + log "Shadowsocks/ShadowsocksR $threads 线程启动成功..." ;; trojan) for i in $(seq 1 $threads); do - $bin --config $trojan_json_file >>/tmp/ssrplus.log 2>&1 & + run_bin $bin --config $trojan_json_file usleep 500000 done - echo "$(date "+%Y-%m-%d %H:%M:%S") $($bin --version 2>&1 | head -1) Started!" >>/tmp/ssrplus.log + log "已运行 $($bin --version 2>&1 | head -1)" ;; v2ray) - $bin -config $v2_json_file >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") $($bin -version | head -1) 启动成功!" >>/tmp/ssrplus.log + run_bin $bin -config $v2_json_file + log "已运行 $($bin -version | head -1)" ;; xray) - $bin -config $v2_json_file >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") $($bin -version | head -1) 启动成功!" >>/tmp/ssrplus.log + run_bin $bin -config $v2_json_file + log "已运行 $($bin -version | head -1)" ;; socks5) for i in $(seq 1 $threads); do - lua /etc_ro/ss/gensocks.lua $GLOBAL_SERVER 1080 >/dev/null 2>&1 & + run_bin lua /etc_ro/ss/gensocks.lua $GLOBAL_SERVER 1080 usleep 500000 done ;; @@ -256,30 +257,30 @@ start_redir_tcp() { start_redir_udp() { if [ "$UDP_RELAY_SERVER" != "nil" ]; then redir_udp=1 - logger -t "SS" "启动$utype游戏UDP中继服务器" utype=$(nvram get ud_type) + log "正在启动 $utype 游戏 UDP 中继服务器..." local bin=$(find_bin $utype) - [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") UDP TPROXY Relay:Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + [ ! -f "$bin" ] && log "UDP TPROXY Relay:Can't find $bin program, can't start!" && return 1 case "$utype" in ss | ssr) ARG_OTA="" gen_config_file $UDP_RELAY_SERVER 1 1080 last_config_file=$CONFIG_UDP_FILE pid_file="/var/run/ssr-reudp.pid" - $bin -c $last_config_file $ARG_OTA -U -f /var/run/ssr-reudp.pid >/dev/null 2>&1 + run_bin $bin -c $last_config_file $ARG_OTA -U -f /var/run/ssr-reudp.pid ;; v2ray) gen_config_file $UDP_RELAY_SERVER 1 - $bin -config /tmp/v2-ssr-reudp.json >/dev/null 2>&1 & + run_bin $bin -config /tmp/v2-ssr-reudp.json ;; xray) gen_config_file $UDP_RELAY_SERVER 1 - $bin -config /tmp/v2-ssr-reudp.json >/dev/null 2>&1 & + run_bin $bin -config /tmp/v2-ssr-reudp.json ;; trojan) gen_config_file $UDP_RELAY_SERVER 1 $bin --config /tmp/trojan-ssr-reudp.json >/dev/null 2>&1 & - ipt2socks -U -b 0.0.0.0 -4 -s 127.0.0.1 -p 10801 -l 1080 >/dev/null 2>&1 & + run_bin ipt2socks -U -b 0.0.0.0 -4 -s 127.0.0.1 -p 10801 -l 1080 ;; socks5) echo "1" @@ -288,16 +289,6 @@ start_redir_udp() { fi return 0 } - ss_switch=$(nvram get backup_server) - if [ $ss_switch != "nil" ]; then - switch_time=$(nvram get ss_turn_s) - switch_timeout=$(nvram get ss_turn_ss) - #/usr/bin/ssr-switch start $switch_time $switch_timeout & - socks="-o" - fi - #return $? - - start_dns() { echo "create china hash:net family inet hashsize 1024 maxelem 65536" >/tmp/china.ipset @@ -305,25 +296,57 @@ start_dns() { ipset -! flush china ipset -! restore /dev/null rm -f /tmp/china.ipset + start_chinadns() { + ss_chdns=$(nvram get ss_chdns) + if [ $ss_chdns = 1 ]; then + chinadnsng_enable_flag=1 + local_chnlist_file='/etc/storage/chinadns/chnlist_mini.txt' + if [ -f "$local_chnlist_file" ]; then + log "启动chinadns-ng分流,仅国外域名走DNS代理..." + chinadns-ng -b 0.0.0.0 -l 65353 -c $(nvram get china_dns) -t 127.0.0.1#5353 -4 china -M -m $local_chnlist_file >/dev/null 2>&1 & + else + log "启动chinadns-ng分流,全部域名走DNS代理...本次不使用本地cdn域名文件$local_chnlist_file, 下次你自已可以创建它,文件中每行表示一个域名(不用要子域名)" + chinadns-ng -b 0.0.0.0 -l 65353 -c $(nvram get china_dns) -t 127.0.0.1#5353 -4 china >/dev/null 2>&1 & + fi + # adding upstream chinadns-ng + sed -i '/no-resolv/d' /etc/storage/dnsmasq/dnsmasq.conf + sed -i '/server=127.0.0.1/d' /etc/storage/dnsmasq/dnsmasq.conf + cat >> /etc/storage/dnsmasq/dnsmasq.conf << EOF +no-resolv +server=127.0.0.1#65353 +EOF + fi + # restart dnsmasq + killall dnsmasq + /user/sbin/dnsmasq >/dev/null 2>&1 & + } case "$run_mode" in router) dnsstr="$(nvram get tunnel_forward)" dnsserver=$(echo "$dnsstr" | awk -F '#' '{print $1}') #dnsport=$(echo "$dnsstr" | awk -F '#' '{print $2}') - logger -st "SS" "启动dns2tcp:5353端口..." + # 将dnsserver (上游国外DNS: 比如 8.8.8.8) 放入ipset:gfwlist,强制走SS_SPEC_WAN_FW代理 + ipset add gfwlist $dnsserver 2>/dev/null + kill -9 dns2tcp + log "启动 dns2tcp:5353 端口..." + # 将dnsserver (上游国外DNS: 比如 8.8.8.8) 放入ipset:gfwlist,强制走SS_SPEC_WAN_FW代理 + ipset add gfwlist $dnsserver 2>/dev/null dns2tcp -L"127.0.0.1#5353" -R"$dnsstr" >/dev/null 2>&1 & - pdnsd_enable_flag=0 - logger -st "SS" "开始处理gfwlist..." + start_chinadns + pdnsd_enable_flag=1 + log "开始处理 gfwlist..." ;; gfw) dnsstr="$(nvram get tunnel_forward)" dnsserver=$(echo "$dnsstr" | awk -F '#' '{print $1}') #dnsport=$(echo "$dnsstr" | awk -F '#' '{print $2}') + # 将dnsserver (上游国外DNS: 比如 8.8.8.8) 放入ipset:gfwlist,强制走SS_SPEC_WAN_FW代理 ipset add gfwlist $dnsserver 2>/dev/null - logger -st "SS" "启动dns2tcp:5353端口..." + kill -9 dns2tcp + log "启动 dns2tcp:5353 端口..." dns2tcp -L"127.0.0.1#5353" -R"$dnsstr" >/dev/null 2>&1 & - pdnsd_enable_flag=0 - logger -st "SS" "开始处理gfwlist..." + pdnsd_enable_flag=1 + log "开始处理 gfwlist..." ;; oversea) ipset add gfwlist $dnsserver 2>/dev/null @@ -344,25 +367,24 @@ EOF start_AD() { mkdir -p /tmp/dnsmasq.dom - curl -k -s -o /tmp/adnew.conf --connect-timeout 10 --retry 3 $(nvram get ss_adblock_url) + curl -s -o /tmp/adnew.conf --connect-timeout 10 --retry 3 $(nvram get ss_adblock_url) if [ ! -f "/tmp/adnew.conf" ]; then - logger -t "SS" "AD文件下载失败,可能是地址失效或者网络异常!" + log "广告过滤功能未开启或者过滤地址失效,网络异常等 !!!" else - logger -t "SS" "AD文件下载成功" + log "去广告文件下载成功广告过滤功能已启用..." if [ -f "/tmp/adnew.conf" ]; then check = `grep -wq "address=" /tmp/adnew.conf` if [ ! -n "$check" ] ; then - cp /tmp/adnew.conf /tmp/dnsmasq.dom/ad.conf + cp /tmp/adnew.conf /tmp/dnsmasq.dom/anti-ad-for-dnsmasq.conf else - cat /tmp/adnew.conf | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.dom/ad.conf + cat /tmp/adnew.conf | grep ^\|\|[^\*]*\^$ | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.dom/anti-ad-for-dnsmasq.conf fi fi fi rm -f /tmp/adnew.conf } - -# ================================= 启动 Socks5代理 =============================== +# ========== 启动 Socks5 代理 ========== start_local() { local s5_port=$(nvram get socks5_port) local local_server=$(nvram get socks5_enable) @@ -370,39 +392,39 @@ start_local() { [ "$local_server" == "same" ] && local_server=$GLOBAL_SERVER local type=$(nvram get s5_type) local bin=$(find_bin $type) - [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + [ ! -f "$bin" ] && log "Global_Socks5:Can't find $bin program, can't start!" && return 1 case "$type" in ss | ssr) local name="Shadowsocks" local bin=$(find_bin ss-local) - [ ! -f "$bin" ] && echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:Can't find $bin program, can't start!" >>/tmp/ssrplus.log && return 1 + [ ! -f "$bin" ] && log "Global_Socks5:Can't find $bin program, can't start!" && return 1 [ "$type" == "ssr" ] && name="ShadowsocksR" gen_config_file $local_server 3 $s5_port - $bin -c $CONFIG_SOCK5_FILE -u -f /var/run/ssr-local.pid >/dev/null 2>&1 - echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$name Started!" >>/tmp/ssrplus.log + run_bin $bin -c $CONFIG_SOCK5_FILE -u -f /var/run/ssr-local.pid + log "Global_Socks5:$name Started!" ;; v2ray) lua /etc_ro/ss/genv2config.lua $local_server tcp 0 $s5_port >/tmp/v2-ssr-local.json sed -i 's/\\//g' /tmp/v2-ssr-local.json - $bin -config /tmp/v2-ssr-local.json >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log + run_bin $bin -config /tmp/v2-ssr-local.json + log "Global_Socks5:$($bin -version | head -1) Started!" ;; xray) lua /etc_ro/ss/genxrayconfig.lua $local_server tcp 0 $s5_port >/tmp/v2-ssr-local.json sed -i 's/\\//g' /tmp/v2-ssr-local.json - $bin -config /tmp/v2-ssr-local.json >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log + run_bin $bin -config /tmp/v2-ssr-local.json + log "Global_Socks5:$($bin -version | head -1) Started!" ;; trojan) lua /etc_ro/ss/gentrojanconfig.lua $local_server client $s5_port >/tmp/trojan-ssr-local.json sed -i 's/\\//g' /tmp/trojan-ssr-local.json - $bin --config /tmp/trojan-ssr-local.json >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$($bin --version 2>&1 | head -1) Started!" >>/tmp/ssrplus.log + run_bin $bin --config /tmp/trojan-ssr-local.json + log "Global_Socks5:$($bin --version 2>&1 | head -1) Started!" ;; *) [ -e /proc/sys/net/ipv6 ] && local listenip='-i ::' - microsocks $listenip -p $s5_port ssr-local >/dev/null 2>&1 & - echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$type Started!" >>/tmp/ssrplus.log + run_bin microsocks $listenip -p $s5_port ssr-local + log "Global_Socks5:$type Started!" ;; esac local_enable=1 @@ -427,7 +449,7 @@ start_watchcat() { let total_count=server_count+redir_tcp+redir_udp+tunnel_enable+v2ray_enable+local_enable+pdnsd_enable_flag+chinadnsng_enable_flag if [ $total_count -gt 0 ]; then #param:server(count) redir_tcp(0:no,1:yes) redir_udp tunnel kcp local gfw - /usr/bin/ssr-monitor $server_count $redir_tcp $redir_udp $tunnel_enable $v2ray_enable $local_enable $pdnsd_enable_flag $chinadnsng_enable_flag >/dev/null 2>&1 & + /usr/bin/ss-monitor $server_count $redir_tcp $redir_udp $tunnel_enable $v2ray_enable $local_enable $pdnsd_enable_flag $chinadnsng_enable_flag >/dev/null 2>&1 & fi fi } @@ -448,13 +470,12 @@ EOF fi } -# ================================= 启动 SS =============================== +# ========== 启动 SS ========== ssp_start() { ss_enable=`nvram get ss_enable` if rules; then if start_redir_tcp; then start_redir_udp - #start_rules #start_AD start_dns fi @@ -463,23 +484,20 @@ if rules; then start_watchcat auto_update ENABLE_SERVER=$(nvram get global_server) - [ "$ENABLE_SERVER" = "-1" ] && return 1 - - logger -t "SS" "启动成功。" - logger -t "SS" "内网IP控制为:$lancons" + [ "$ENABLE_SERVER" = "nil" ] && return 1 + log "已启动科学上网..." + log "内网IP控制为: $lancons" nvram set check_mode=0 - if [ "$pppoemwan" -ne 0 ]; then + if [ "$pppoemwan" = 0 ]; then /usr/bin/detect.sh fi } -# ================================= 关闭SS =============================== - +# ========== 关闭 SS ========== ssp_close() { rm -rf /tmp/cdn - /usr/bin/ss-rules -f - kill -9 $(ps | grep ssr-switch | grep -v grep | awk '{print $1}') >/dev/null 2>&1 - kill -9 $(ps | grep ssr-monitor | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + $SS_RULES -f + kill -9 $(ps | grep ss-monitor | grep -v grep | awk '{print $1}') >/dev/null 2>&1 kill_process sed -i '/no-resolv/d' /etc/storage/dnsmasq/dnsmasq.conf sed -i '/server=127.0.0.1/d' /etc/storage/dnsmasq/dnsmasq.conf @@ -491,109 +509,100 @@ ssp_close() { fi clear_iptable /sbin/restart_dhcpd - if [ "$pppoemwan" -ne 0 ]; then + if [ "$pppoemwan" = 0 ]; then /usr/bin/detect.sh fi } -clear_iptable() -{ +clear_iptable() { s5_port=$(nvram get socks5_port) - iptables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT - iptables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT - ip6tables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT - ip6tables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT - + iptables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT 2>/dev/null + iptables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT 2>/dev/null + ip6tables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT 2>/dev/null + ip6tables -t filter -D INPUT -p tcp --dport $s5_port -j ACCEPT 2>/dev/null } kill_process() { - v2ray_process=$(pidof v2ray) + v2ray_process=$(pidof v2ray || pidof xray) if [ -n "$v2ray_process" ]; then - logger -t "SS" "关闭V2Ray进程..." - killall v2ray >/dev/null 2>&1 + log "关闭 V2Ray 进程..." + killall v2ray xray >/dev/null 2>&1 kill -9 "$v2ray_process" >/dev/null 2>&1 fi + ssredir=$(pidof ss-redir) if [ -n "$ssredir" ]; then - logger -t "SS" "关闭ss-redir进程..." + log "关闭 ss-redir 进程..." killall ss-redir >/dev/null 2>&1 kill -9 "$ssredir" >/dev/null 2>&1 fi rssredir=$(pidof ssr-redir) if [ -n "$rssredir" ]; then - logger -t "SS" "关闭ssr-redir进程..." + log "关闭 ssr-redir 进程..." killall ssr-redir >/dev/null 2>&1 kill -9 "$rssredir" >/dev/null 2>&1 fi sslocal_process=$(pidof ss-local) if [ -n "$sslocal_process" ]; then - logger -t "SS" "关闭ss-local进程..." + log "关闭 ss-local 进程..." killall ss-local >/dev/null 2>&1 kill -9 "$sslocal_process" >/dev/null 2>&1 fi trojandir=$(pidof trojan) if [ -n "$trojandir" ]; then - logger -t "SS" "关闭trojan进程..." + log "关闭 trojan 进程..." killall trojan >/dev/null 2>&1 kill -9 "$trojandir" >/dev/null 2>&1 fi - - kumasocks_process=$(pidof kumasocks) - if [ -n "$kumasocks_process" ]; then - logger -t "SS" "关闭kumasocks进程..." - killall kumasocks >/dev/null 2>&1 - kill -9 "$kumasocks_process" >/dev/null 2>&1 - fi ipt2socks_process=$(pidof ipt2socks) if [ -n "$ipt2socks_process" ]; then - logger -t "SS" "关闭ipt2socks进程..." + log "关闭 ipt2socks 进程..." killall ipt2socks >/dev/null 2>&1 kill -9 "$ipt2socks_process" >/dev/null 2>&1 fi socks5_process=$(pidof srelay) if [ -n "$socks5_process" ]; then - logger -t "SS" "关闭socks5进程..." + log "关闭 socks5 进程..." killall srelay >/dev/null 2>&1 kill -9 "$socks5_process" >/dev/null 2>&1 fi ssrs_process=$(pidof ssr-server) if [ -n "$ssrs_process" ]; then - logger -t "SS" "关闭ssr-server进程..." + log "关闭 ssr-server 进程..." killall ssr-server >/dev/null 2>&1 kill -9 "$ssrs_process" >/dev/null 2>&1 fi cnd_process=$(pidof chinadns-ng) if [ -n "$cnd_process" ]; then - logger -t "SS" "关闭chinadns-ng进程..." + log "关闭 chinadns-ng 进程..." killall chinadns-ng >/dev/null 2>&1 kill -9 "$cnd_process" >/dev/null 2>&1 fi dns2tcp_process=$(pidof dns2tcp) if [ -n "$dns2tcp_process" ]; then - logger -t "SS" "关闭dns2tcp进程..." + log "关闭 dns2tcp 进程..." killall dns2tcp >/dev/null 2>&1 kill -9 "$dns2tcp_process" >/dev/null 2>&1 fi microsocks_process=$(pidof microsocks) if [ -n "$microsocks_process" ]; then - logger -t "SS" "关闭socks5服务端进程..." + log "关闭 socks5 服务端进程..." killall microsocks >/dev/null 2>&1 kill -9 "$microsocks_process" >/dev/null 2>&1 fi } - -# ================================= 重启 SS =============================== +# ========== 启用备用服务器 ========== ressp() { BACKUP_SERVER=$(nvram get backup_server) start_redir $BACKUP_SERVER @@ -603,25 +612,29 @@ ressp() { start_watchcat auto_update ENABLE_SERVER=$(nvram get global_server) - logger -t "SS" "备用服务器启动成功" - logger -t "SS" "内网IP控制为:$lancons" + log "备用服务器启动成功!" + log "内网IP控制为: $lancons" } case $1 in start) + ssp_start + echo 3 > /proc/sys/vm/drop_caches ;; stop) - killall -q -9 ssr-switch ssp_close + echo 3 > /proc/sys/vm/drop_caches ;; restart) ssp_close ssp_start + echo 3 > /proc/sys/vm/drop_caches ;; reserver) ssp_close ressp + echo 3 > /proc/sys/vm/drop_caches ;; *) echo "check" diff --git a/trunk/user/shadowsocks/scripts/ssr-monitor b/trunk/user/shadowsocks/scripts/ss-monitor similarity index 50% rename from trunk/user/shadowsocks/scripts/ssr-monitor rename to trunk/user/shadowsocks/scripts/ss-monitor index d3f9e03040..cee248a32d 100644 --- a/trunk/user/shadowsocks/scripts/ssr-monitor +++ b/trunk/user/shadowsocks/scripts/ss-monitor @@ -24,93 +24,90 @@ else fi while [ "1" = "1" ] #死循环 do - sleep 30 + sleep 10 #redir tcp if [ $redir_tcp_process -gt 0 ] ;then - icount=`ps -w | grep ssr-retcp |grep -v grep| wc -l` + icount=`ps -w | grep ssr-retcp | grep -v grep | wc -l` if [ $icount = 0 ] ;then - logger -t "$NAME" "检测到SS进程挂掉,重新启动!" + log "检测到 SS 进程挂掉,正在重启..." /usr/bin/shadowsocks.sh restart exit 0 fi fi #redir udp if [ $redir_udp_process -gt 0 ] ;then - icount=`ps -w | grep ssr-reudp|grep -v grep| wc -l` + icount=`ps -w | grep ssr-reudp | grep -v grep | wc -l` if [ $icount = 0 ] ;then - logger -t "$NAME" "检测到SS进程挂掉,重新启动!" + log "检测到 SS 进程挂掉,正在重启..." /usr/bin/shadowsocks.sh restart exit 0 fi fi #server if [ $server_process_count -gt 0 ] ;then - icount=`ps -w | grep ssr-server |grep -v grep| wc -l` + icount=`ps -w | grep ssr-server | grep -v grep | wc -l` if [ $icount -lt $server_process_count ] #如果进程挂掉就重启它 then - logger -t "$NAME" "ssr server error.restart!" + log "ssr server error.restart!" killall -q -9 ssr-server for i in `seq $server_process_count` do - /usr/bin/ssr-server -c /tmp/shadowsocksr_$i.json -u -f /tmp/ssr-server$i.pid - done - fi + run_bin /usr/bin/ssr-server -c /tmp/shadowsocksr_$i.json -u -f /tmp/ssr-server$i.pid + done + fi fi - #V2RAY + #V2RAY/XRAY/TROJAN if [ $v2ray_process -gt 0 ] ;then - icount=`ps -w | grep v2ray |grep -v grep| wc -l` + bin="$(nvram get d_type)" + conf="/tmp/v2-redir.json" + [ ! -f "/usr/bin/$bin" ] && bin=$(echo -e "v2ray\nxray" | grep -v $bin) + [ $bin = "trojan" ] && conf="/tmp/tj-redir.json" + icount=`ps -w | grep $bin | grep -v grep| wc -l` if [ $icount -lt $v2ray_process ] #如果进程挂掉就重启它 then - logger -t "$NAME" "检测到V2ray进程挂掉,重新启动!" - killall -q -9 v2ray - /tmp/v2ray -config /tmp/v2-redir.json >/dev/null 2>&1 & + log "检测到 $bin 进程挂掉,正在重启..." + killall -q -9 $bin + run_bin /usr/bin/$bin --config $conf fi fi #local if [ $local_process -gt 0 ] ;then - icount=`ps -w | grep ssr-local |grep -v grep| wc -l` + icount=`ps -w | grep ssr-local | grep -v grep | wc -l` if [ $icount -lt $local_process ] #如果进程挂掉就重启它 then - logger -t "$NAME" "ssr local error.restart!" - killall -q -9 ssr-local - ( /usr/bin/ssr-local -c /tmp/shadowsocksr_s.json -u -l $sock5_port -f /tmp/ssr-local.pid &) + log "ssr local error.restart!" + /usr/bin/shadowsocks.sh restart + exit 0 fi fi - #pdnsd + #dns2tcp if [ $pdnsd_process -gt 0 ] ;then - icount=`ps -w | grep pdnsd |grep -v grep| wc -l` + icount=`ps -w | grep dns2tcp | grep -v grep | wc -l` if [ $icount -lt $pdnsd_process ] #如果进程挂掉就重启它 then - logger -t "$NAME" "pdnsd tunnel error.restart!" - kill -9 pdnsd - /usr/sbin/pdnsd -c /tmp/pdnsd.conf -d & + log "dns2tcp tunnel error.restarted!" + kill -9 dns2tcp + log "启动 dns2tcp:5353 端口..." + dns2tcp -L"127.0.0.1#5353" -R"$(nvram get tunnel_forward)" >/dev/null 2>&1 & fi fi #chinadns-ng if [ $chinadnsng_process -gt 0 ] ;then - icount=`ps -w | grep chinadns-ng |grep -v grep| wc -l` - if [ $icount -lt $chinadnsng_process ] #如果进程挂掉就重启它 - then - logger -t "$NAME" "chinadns-ng tunnel error.restart!" - kill -9 chinadns-ng - kill -9 dns2tcp - dns2tcp -L"127.0.0.1#5353" -R"$(nvram get tunnel_forward)" >/dev/null 2>&1 & - chinadns-ng -b 0.0.0.0 -l 65353 -c $(nvram get china_dns) -t 127.0.0.1#5353 -4 china -M -m /tmp/cdn.txt >/dev/null 2>&1 & - sed -i '/no-resolv/d' /etc/storage/dnsmasq/dnsmasq.conf - sed -i '/server=127.0.0.1/d' /etc/storage/dnsmasq/dnsmasq.conf - cat >> /etc/storage/dnsmasq/dnsmasq.conf << EOF -no-resolv -server=127.0.0.1#65353 -EOF - fi - icount=`ps -w | grep dns2tcp |grep -v grep| wc -l` + icount=`ps -w | grep chinadns-ng | grep -v grep | wc -l` if [ $icount -lt $chinadnsng_process ] #如果进程挂掉就重启它 then - logger -t "$NAME" "chinadns-ng tunnel error.restart!" + log "chinadns-ng tunnel error.restart!" kill -9 chinadns-ng kill -9 dns2tcp dns2tcp -L"127.0.0.1#5353" -R"$(nvram get tunnel_forward)" >/dev/null 2>&1 & - chinadns-ng -b 0.0.0.0 -l 65353 -c $(nvram get china_dns) -t 127.0.0.1#5353 -4 china -M -m /tmp/cdn.txt >/dev/null 2>&1 & + local_chnlist_file='/etc/storage/chinadns/chnlist_mini.txt' + if [ -f "$local_chnlist_file" ]; then + log "启动chinadns-ng分流,仅国外域名走DNS代理..." + chinadns-ng -b 0.0.0.0 -l 65353 -c $(nvram get china_dns) -t 127.0.0.1#5353 -4 china -M -m $local_chnlist_file >/dev/null 2>&1 & + else + log "启动chinadns-ng分流,全部域名走DNS代理...本次不使用本地cdn域名文件$local_chnlist_file, 下次你自已可以创建它,文件中每行表示一个域名(不用要子域名)" + chinadns-ng -b 0.0.0.0 -l 65353 -c $(nvram get china_dns) -t 127.0.0.1#5353 -4 china >/dev/null 2>&1 & + fi sed -i '/no-resolv/d' /etc/storage/dnsmasq/dnsmasq.conf sed -i '/server=127.0.0.1/d' /etc/storage/dnsmasq/dnsmasq.conf cat >> /etc/storage/dnsmasq/dnsmasq.conf << EOF diff --git a/trunk/user/shadowsocks/scripts/ss-rules b/trunk/user/shadowsocks/scripts/ss-rules index 280a799d8a..1c0e9b1eb8 100644 --- a/trunk/user/shadowsocks/scripts/ss-rules +++ b/trunk/user/shadowsocks/scripts/ss-rules @@ -9,7 +9,7 @@ # modprobe xt_TPROXY modprobe xt_set -TAG="_SS_SPEC_" # comment tag +TAG="SS_SPEC_" # comment tag ipt_n="iptables -t nat" # alias of iptables ipt_m="iptables -t mangle" # alias of iptables FWI=/tmp/shadowsocks_iptables.save # firewall include file @@ -74,6 +74,7 @@ flush_r() { ipset -X china 2>/dev/null ipset -X fplan 2>/dev/null ipset -X gmlan 2>/dev/null + ipset -X gfwlist 2>/dev/null ipset -X oversea 2>/dev/null ipset -X blacklist 2>/dev/null ipset -X whitelist 2>/dev/null @@ -85,6 +86,7 @@ ipset_r() { mkdir -p /tmp/dnsmasq.dom ipset -N china hash:net 2>/dev/null ipset -N gmlan hash:net 2>/dev/null + ipset -N gfwlist hash:net 2>/dev/null for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done $ipt_n -N SS_SPEC_WAN_AC $ipt_n -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN @@ -94,11 +96,15 @@ ipset_r() { $(gen_iplist | sed -e "s/^/add ss_spec_wan_ac /") EOF ipset -N china hash:net 2>/dev/null + # [2023-2-17] by simonchen + # 运行在router模式下也创建ipset:gfwlist + # 目的是将dnsmasq.dom/gfwlist_list.conf中查询出的ip加入,应用到iptables规则中 + ipset -N gfwlist hash:net 2>/dev/null $ipt_n -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN $ipt_n -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN + $ipt_n -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW # [2023-2-17] by simonchen (see below) $ipt_n -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW $ipt_n -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW - $ipt_n -I PREROUTING $SSNU -j SS_SPEC_WAN_AC if [ ! -f "/etc/storage/gfwlist/gfwlist_list.conf" ] ; then mkdir -p /etc/storage/gfwlist cp -rf /etc_ro/gfwlist_list.conf /etc/storage/gfwlist/gfwlist_list.conf @@ -111,7 +117,7 @@ EOF $ipt_n -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN $ipt_n -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW $ipt_n -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW - $ipt_n -I PREROUTING $SSNU -j SS_SPEC_WAN_AC + $ipt_n -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW # gfwlist ipset几乎没有,必须加![simonchen] if [ ! -f "/etc/storage/gfwlist/gfwlist_list.conf" ] ; then mkdir -p /etc/storage/gfwlist cp -rf /etc_ro/gfwlist_list.conf /etc/storage/gfwlist/gfwlist_list.conf @@ -124,21 +130,16 @@ EOF $ipt_n -A SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW $ipt_n -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW $ipt_n -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW - $ipt_n -I PREROUTING $SSNU -j SS_SPEC_WAN_AC - elif [ "$RUNMODE" = "all" ] ;then $ipt_n -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW - $ipt_n -I PREROUTING $SSNU -j SS_SPEC_WAN_AC - fi + # commented by simonchen + # 下面是自定义ip规则白名单和黑名单 + $ipt_n -I PREROUTING $SSNU -m comment --comment "$TAG" -j SS_SPEC_WAN_AC ipset -N whitelist hash:net 2>/dev/null ipset -N blacklist hash:net 2>/dev/null - cat /etc/storage/ss_dom.sh | grep -v '^!' | grep -v "^$" > /tmp/ss_dom.txt - awk '{printf("ipset=/%s/blacklist\n", $1, $1 )}' /tmp/ss_dom.txt > /tmp/dnsmasq.dom/ss_dom.conf - cat /etc/storage/uss_dom.sh | grep -v '^!' | grep -v "^$" > /tmp/uss_dom.txt - awk '{printf("ipset=/%s/whitelist\n", $1, $1 )}' /tmp/uss_dom.txt > /tmp/dnsmasq.dom/uss_dom.conf - rm -f /tmp/ss_dom.txt - rm -f /tmp/uss_dom.txt + cat /etc/storage/ss_dom.sh | grep -v '^!' | grep -v "^$" | awk '{printf("server=/%s/127.0.0.1#5353\nipset=/%s/blacklist\n", $1, $1 )}' > /tmp/dnsmasq.dom/ss_dom.conf + cat /etc/storage/uss_dom.sh | grep -v '^!' | grep -v "^$" | awk '{printf("ipset=/%s/whitelist\n", $1 )}' > /tmp/dnsmasq.dom/uss_dom.conf $ipt_n -I SS_SPEC_WAN_AC 2 -m set --match-set blacklist dst -j SS_SPEC_WAN_FW $ipt_n -I SS_SPEC_WAN_AC 2 -m set --match-set whitelist dst -j RETURN @@ -185,10 +186,9 @@ fw_rule() { ac_rule() { if [ -n "$OUTPUT" ]; then $ipt_n -N SS_SPEC_WAN_DG - $ipt_n -A SS_SPEC_WAN_DG -m set --match-set ss_spec_dst_sp dst -j RETURN $ipt_n -A SS_SPEC_WAN_DG -p tcp -j $OUTPUT - $ipt_n -I OUTPUT 1 -p tcp -j SS_SPEC_WAN_DG - $ipt_n -I PREROUTING $(($SSNU+1)) -j SS_SPEC_WAN_DG + $ipt_n -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_WAN_DG + $ipt_n -I PREROUTING $(($SSNU+1)) -m comment --comment "$TAG" -j SS_SPEC_WAN_DG fi return $? } @@ -231,7 +231,6 @@ tp_rule() { $ipt_m -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY \ --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt_m -I SS_SPEC_TPROXY -p udp --dport 5353 -j RETURN - $ipt_m -A PREROUTING -p udp -j SS_SPEC_TPROXY elif [ "$RUNMODE" = "gfw" ] ;then $ipt_m -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN @@ -240,7 +239,6 @@ tp_rule() { $ipt_m -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY \ --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt_m -I SS_SPEC_TPROXY -p udp --dport 5353 -j RETURN - $ipt_m -A PREROUTING -p udp -j SS_SPEC_TPROXY elif [ "$RUNMODE" = "oversea" ] ;then $ipt_m -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set oversea dst \ @@ -249,12 +247,11 @@ tp_rule() { -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt_m -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - $ipt_m -A PREROUTING -p udp -j SS_SPEC_TPROXY elif [ "$RUNMODE" = "all" ] ;then $ipt_m -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 - $ipt_m -A PREROUTING -p udp -j SS_SPEC_TPROXY fi + $ipt_m -A PREROUTING -p udp -m comment --comment "$TAG" -j SS_SPEC_TPROXY $ipt_m -I SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set blacklist dst \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt_m -I SS_SPEC_TPROXY -p udp -m set --match-set whitelist dst -j RETURN diff --git a/trunk/user/shadowsocks/scripts/update_gfwlist.sh b/trunk/user/shadowsocks/scripts/update_gfwlist.sh index 702655b719..b5143c377d 100644 --- a/trunk/user/shadowsocks/scripts/update_gfwlist.sh +++ b/trunk/user/shadowsocks/scripts/update_gfwlist.sh @@ -1,27 +1,36 @@ #!/bin/sh set -e -o pipefail + +NAME=shadowsocksr +GFWLIST_URL="$(nvram get ss_gfwlist_url)" + +log() { + logger -t "$NAME" "$@" + echo "$(date "+%Y-%m-%d %H:%M:%S") $@" >> "/tmp/ssrplus.log" +} + [ "$1" != "force" ] && [ "$(nvram get ss_update_gfwlist)" != "1" ] && exit 0 -#GFWLIST_URL="$(nvram get gfwlist_url)" -logger -st "gfwlist" "Starting update..." -curl -k -s -o /tmp/gfwlist_list_origin.conf --connect-timeout 15 --retry 5 https://cdn.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt + +log "GFWList 开始更新..." +[ ! -d /etc/storage/gfwlist/ ] && mkdir -p /etc/storage/gfwlist/ +curl -s -o /tmp/gfwlist_list_origin.conf --connect-timeout 10 --retry 3 $GFWLIST_URL lua /etc_ro/ss/gfwupdate.lua count=`awk '{print NR}' /tmp/gfwlist_list.conf|tail -n1` if [ $count -gt 1000 ]; then -rm -f /etc/storage/gfwlist/gfwlist_list.conf -cp -r /tmp/gfwlist_list.conf /etc/storage/gfwlist/gfwlist_list.conf -mtd_storage.sh save >/dev/null 2>&1 -mkdir -p /etc/storage/gfwlist/ -logger -st "gfwlist" "Update done" -if [ $(nvram get ss_enable) = 1 ]; then -lua /etc_ro/ss/gfwcreate.lua -logger -st "SS" "重启ShadowSocksR Plus+..." -/usr/bin/shadowsocks.sh stop -/usr/bin/shadowsocks.sh start -fi + rm -f /etc/storage/gfwlist/gfwlist_list.conf + mv -f /tmp/gfwlist_list.conf /etc/storage/gfwlist/gfwlist_list.conf + mtd_storage.sh save >/dev/null 2>&1 + log "GFWList 更新完成!" + echo 3 > /proc/sys/vm/drop_caches + if [ $(nvram get ss_enable) = 1 ]; then + lua /etc_ro/ss/gfwcreate.lua + log "正在重启 ShadowSocksR Plus..." + /usr/bin/shadowsocks.sh stop + /usr/bin/shadowsocks.sh start + fi else -logger -st "gfwlist" "列表下载失败,请重试!" + log "GFWList 下载失败,请重试!" fi rm -f /tmp/gfwlist_list_origin.conf -rm -f /tmp/gfwlist_list.conf - +rm -f /tmp/gfwlist_list.conf \ No newline at end of file diff --git a/trunk/user/shadowsocks/ss/genxrayconfig.lua b/trunk/user/shadowsocks/ss/genxrayconfig.lua index ff9460902e..5dfb2c07c4 100644 --- a/trunk/user/shadowsocks/ss/genxrayconfig.lua +++ b/trunk/user/shadowsocks/ss/genxrayconfig.lua @@ -6,7 +6,7 @@ local socks_port = arg[4] or "0" local ssrindext = io.popen("dbus get ssconf_basic_json_" .. server_section) local servertmp = ssrindext:read("*all") local server = cjson.decode(servertmp) -local v2ray = { +local xray = { log = { -- error = "/var/ssrplus.log", loglevel = "warning" @@ -99,6 +99,9 @@ log = { Host = server.ws_host } or nil, } or nil, + grpcSettings = (server.transport == "grpc") and (server.grpc_path ~= nil) and { + serviceName = server.grpc_path + } or nil, httpSettings = (server.transport == "h2") and { path = server.h2_path, host = server.h2_host, @@ -127,5 +130,5 @@ log = { } } -print(cjson.encode(v2ray)) +print(cjson.encode(xray)) diff --git a/trunk/user/shared/defaults.c b/trunk/user/shared/defaults.c index 6a724b785e..6446c5018f 100644 --- a/trunk/user/shared/defaults.c +++ b/trunk/user/shared/defaults.c @@ -678,23 +678,15 @@ struct nvram_pair router_defaults[] = { { "socks5_aenable", "0" }, { "socks5_s_username", "" }, { "socks5_s_password", "" }, - { "ss_turn", "0" }, - { "ss_watchcat", "0" }, - { "ss_turn_s", "600" }, - { "ss_turn_ss", "5" }, + { "ss_watchcat", "1" }, { "lan_con", "0" }, { "ss_chnroute_url", "https://ispip.clang.cn/all_cn.txt"}, + { "ss_gfwlist_url", "https://cdn.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt"}, { "ss_adblock_url", "https://gitee.com/privacy-protection-tools/anti-ad/raw/master/anti-ad-for-dnsmasq.conf"}, { "ss_schedule_enable", "0" }, { "ss_schedule", "00000000000" }, { "ss_enable", "0" }, - { "trojan_local_enable", "0" }, - { "trojan_local", "/tmp/trojan" }, - { "trojan_link", "https://cdn.jsdelivr.net/gh/Padavan_CI/ssp/trojan" }, - { "v2_local_enable", "0" }, - { "v2_local", "/tmp/v2ray" }, - { "v2_link", "https://cdn.jsdelivr.net/gh/Padavan_CI/ssp/v2ray" }, - { "ss_mode", "2" }, + { "ss_mode", "1" }, { "ss_server", "127.0.0.1" }, { "ss_server_port", "8989" }, { "ss_key", "Secret" }, @@ -710,13 +702,16 @@ struct nvram_pair router_defaults[] = { { "ss_proto_param", ""}, { "ss_obfs", "plain"}, { "ss_obfs_param", ""}, + { "ss-tunnel_enable", "0" }, { "ss-tunnel_local_port", "5353" }, { "ss-tunnel_remote", "8.8.4.4:53" }, { "ss-tunnel_mtu", "1492" }, + { "ss_update_chnroute", "0" }, { "ss_update_gfwlist", "0" }, { "ssp_staticnum_x", "0" }, + { "v2_type_tcp", "none" }, { "v2_type_mkcp", "none" }, { "v2_mkcp_mtu", "1350" }, @@ -758,9 +753,6 @@ struct nvram_pair router_defaults[] = { { "d_keyword_y", "" }, { "d_update_link", "" }, { "ss_keyword", "过期时间/剩余流量" }, - { "ss_watchcat", "1" }, - { "ss_update_chnroute", "0" }, - { "ss_update_gfwlist", "0" }, #endif #if defined(APP_ADGUARDHOME) @@ -1078,19 +1070,10 @@ struct nvram_pair router_defaults[] = { { "ether_flow_lan7", "0" }, #endif #endif - -#if defined(CONFIG_RALINK_MT7621) || (defined(CONFIG_RALINK_MT7620) && !defined(BOARD_N14U)) -#if defined(USE_MT7615_AP) || (USE_MT7915_AP) // hwnat is disabled by default - { "hw_nat_mode", "2" }, -#else - { "hw_nat_mode", "4" }, -#endif -#else - { "hw_nat_mode", "1" }, -#endif + { "hw_nat_mode", "0" }, { "sw_nat_mode", "0" }, #if defined(USE_SFE) - { "sfe_enable", "0" }, + { "sfe_enable", "2" }, #endif { "fw_syn_cook", "0" }, { "fw_mac_drop", "0" }, diff --git a/trunk/user/www/n56u_ribbon_fixed/Shadowsocks.asp b/trunk/user/www/n56u_ribbon_fixed/Shadowsocks.asp index f909a2a579..d7d27be6a8 100644 --- a/trunk/user/www/n56u_ribbon_fixed/Shadowsocks.asp +++ b/trunk/user/www/n56u_ribbon_fixed/Shadowsocks.asp @@ -41,8 +41,7 @@ init_itoggle('ss_watchcat'); init_itoggle('ss_update_chnroute'); init_itoggle('ss_update_gfwlist'); - init_itoggle('ss_turn'); - init_itoggle('socks5_aenable'); + init_itoggle('socks5_enable'); init_itoggle('ss_schedule_enable', change_on); $j("#tab_ss_cfg, #tab_ss_add, #tab_ss_dlink, #tab_ss_ssl, #tab_ss_cli, #tab_ss_log, #tab_ss_help").click( function () { @@ -216,6 +215,7 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); showhide_div('row_v2_vid', 0); showhide_div('row_v2_webs_host', 0); showhide_div('row_v2_webs_path', 0); + showhide_div('row_v2_grpc_path', 0); showhide_div('row_s5_enable', 0); showhide_div('row_s5_username', 0); showhide_div('row_s5_password', 0); @@ -297,6 +297,8 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); } else if (b == "ws") { showhide_div('row_v2_webs_host', 1); showhide_div('row_v2_webs_path', 1); + } else if (b == "grpc") { + showhide_div('row_v2_grpc_path', 1); } else if (b == "h2") { showhide_div('row_v2_http2_host', 1); showhide_div('row_v2_http2_path', 1); @@ -696,7 +698,7 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); document.getElementById("ssp_insecure").checked = false; document.getElementById("v2_mux").value = 0; document.getElementById("v2_mux").checked = false; - document.getElementById("v2_security").value = 'zero'; + document.getElementById("v2_security").value = 'none'; document.getElementById("v2_vmess_id").value = ''; document.getElementById("v2_alter_id").value = ''; document.getElementById("v2_transport").value = 'tcp'; @@ -718,6 +720,8 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); //v2 ws document.getElementById("v2_ws_host").value = ''; document.getElementById("v2_ws_path").value = ''; + //v2 grpc + document.getElementById("v2_grpc_path").value = ''; //v2 h2 document.getElementById("v2_h2_host").value = ''; document.getElementById("v2_h2_path").value = ''; @@ -779,6 +783,8 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); } else if (transport == "ws") { document.getElementById("v2_ws_host").value = getProperty(ss, 'ws_host', ''); document.getElementById("v2_ws_path").value = getProperty(ss, 'ws_path', ''); + } else if (transport == "grpc") { + document.getElementById("v2_grpc_path").value = getProperty(ss, 'grpc_path', ''); } else if (transport == "h2") { document.getElementById("v2_h2_host").value = getProperty(ss, 'h2_host', ''); document.getElementById("v2_h2_path").value = getProperty(ss, 'h2_path', ''); @@ -956,7 +962,7 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); var s = document.getElementById(urlname + '-status'); if (!s) return false; - var ssrurl = prompt("在这里黏贴配置链接 ssr:// | ss:// | vmess:// | vless:// | trojan://", ""); + var ssrurl = prompt("在这里粘贴配置链接 ssr:// | ss:// | vmess:// | vless:// | trojan://", ""); if (ssrurl == null || ssrurl == "") { s.innerHTML = "用户取消"; return false; @@ -1049,9 +1055,10 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); if (param != undefined) { document.getElementById('ssp_name').value = decodeURI(param); } - s.innerHTML = "导入Shadowsocks配置信息成功"; } + s.innerHTML = "导入Shadowsocks配置信息成功"; + } else { - var sstr = b64decsafe(url0); + var sstr = b64decsafe(url0); document.getElementById('ssp_type').value = "ss"; document.getElementById('ssp_type').dispatchEvent(event); var team = sstr.split('@'); @@ -1132,8 +1139,7 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); if (ssm.path != undefined){ document.getElementById('v2_http_path').value = ssm.path; } - else - { + else { document.getElementById('v2_http_path').value = '/'; } } @@ -1141,7 +1147,10 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); document.getElementById('v2_ws_host').value = ssm.host; document.getElementById('v2_ws_path').value = ssm.path; } - if (ssm.net == "h2") { + if (ssm.net == "grpc") { + document.getElementById('v2_grpc_path').value = ssm.path; + } + if (ssm.net == "h2") { document.getElementById('v2_h2_host').value = ssm.host; document.getElementById('v2_h2_path').value = ssm.path; } @@ -1204,6 +1213,9 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); document.getElementById('v2_ws_host').value = queryParam.host; document.getElementById('v2_ws_path').value = queryParam.path; } + if (queryParam.type == "grpc") { + document.getElementById('v2_grpc_path').value = queryParam.serviceName; + } if (queryParam.type == "h2") { document.getElementById('v2_h2_host').value = queryParam.host; document.getElementById('v2_h2_path').value = queryParam.path; @@ -1363,6 +1375,8 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000); } else if (document.getElementById("v2_transport").value == "ws") { DataObj.ws_host = document.getElementById("v2_ws_host").value; DataObj.ws_path = document.getElementById("v2_ws_path").value; + } else if (document.getElementById("v2_transport").value == "grpc") { + DataObj.grpc_path = document.getElementById("v2_grpc_path").value; } else if (document.getElementById("v2_transport").value == "h2") { DataObj.h2_host = document.getElementById("v2_h2_host").value; DataObj.h2_path = document.getElementById("v2_h2_path").value; @@ -1735,9 +1749,9 @@ setTimeout('document.getElementById("btn_ctime").style.display="none";',1000);