update 2023-10-12 16:05:57

2025-01-08 11:17:34 +08:00 · 2023-10-12 16:05:57 +08:00 · 2023-10-12 16:05:57 +08:00 · 1b4edd37dd
commit 1b4edd37dd
parent 2f114f1bba
14 changed files with 931 additions and 474 deletions
--- a/homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
+++ b/homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
@ -242,7 +242,7 @@ return view.extend({
 		o.value('redirect', _('Redirect TCP'));
 		if (features.hp_has_tproxy)
 			o.value('redirect_tproxy', _('Redirect TCP + TProxy UDP'));
-		if (features.hp_has_tun) {
+		if (features.hp_has_ip_full && features.hp_has_tun) {
 			o.value('redirect_tun', _('Redirect TCP + Tun UDP'));
 			o.value('tun', _('Tun TCP/UDP'));
 		}
--- a/homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js
+++ b/homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js
@ -948,8 +948,8 @@ return view.extend({
 		so.modalonly = true;

 		so = ss.option(form.Value, 'http_method', _('Method'));
-		so.value('get', _('GET'));
-		so.value('put', _('PUT'));
+		so.value('GET', _('GET'));
+		so.value('PUT', _('PUT'));
 		so.depends('transport', 'http');
 		so.modalonly = true;

--- a/homeproxy/htdocs/luci-static/resources/view/homeproxy/server.js
+++ b/homeproxy/htdocs/luci-static/resources/view/homeproxy/server.js
@ -116,7 +116,12 @@ return view.extend({
 		o.value('vmess', _('VMess'));
 		o.rmempty = false;

-		o = s.option(form.Value, 'port', _('Port'),
+		o = s.option(form.Value, 'address', _('Listen address'));
+		o.placeholder = '::';
+		o.datatype = 'ipaddr';
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'port', _('Listen port'),
 			_('The port must be unique.'));
 		o.datatype = 'port';
 		o.validate = L.bind(hp.validateUniqueValue, this, data[0], 'server', 'port');
--- a/homeproxy/po/templates/homeproxy.pot
+++ b/homeproxy/po/templates/homeproxy.pot
--- a/homeproxy/po/zh_Hans/homeproxy.po
+++ b/homeproxy/po/zh_Hans/homeproxy.po
--- a/homeproxy/root/etc/homeproxy/scripts/generate_server.uc
+++ b/homeproxy/root/etc/homeproxy/scripts/generate_server.uc
@ -44,7 +44,7 @@ uci.foreach(uciconfig, uciserver, (cfg) => {
 		type: cfg.type,
 		tag: 'cfg-' + cfg['.name'] + '-in',

-		listen: '::',
+		listen: cfg.address || '::',
 		listen_port: strToInt(cfg.port),
 		tcp_fast_open: strToBool(cfg.tcp_fast_open),
 		tcp_multi_path: strToBool(cfg.tcp_multi_path),
--- a/homeproxy/root/usr/share/rpcd/ucode/luci.homeproxy
+++ b/homeproxy/root/usr/share/rpcd/ucode/luci.homeproxy
@ -172,6 +172,7 @@ const methods = {
 			}

 			features.hp_has_chinadns_ng = access('/usr/bin/chinadns-ng');
+			features.hp_has_ip_full = access('/usr/libexec/ip-full');
 			features.hp_has_tproxy = access('/etc/modules.d/nft-tproxy');
 			features.hp_has_tun = access('/etc/modules.d/30-tun');

--- a/hysteria/Makefile
+++ b/hysteria/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=hysteria
-PKG_VERSION:=2.0.4
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/apernet/hysteria/tar.gz/app/v$(PKG_VERSION)?
-PKG_HASH:=cca4b80fa8bfb509ed6da98638962937c7ce5f56bff0d104e5721da1b6ab058f
+PKG_HASH:=f3163b5918bcc197e32a1448aa6b7f2dcf3c0f67eed8d603f8bd5bedb460f68c
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-app-v$(PKG_VERSION)

 PKG_LICENSE:=MIT
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@ -11,6 +11,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Tuic-Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadow-TLS \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
@ -27,7 +28,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan

-LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/TUIC/Hysteria/Socks5/Tun LuCI interface
+LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/TUIC/ShadowTLS/Hysteria/Socks5/Tun LuCI interface
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:= \
 	@(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) \
@ -41,6 +42,7 @@ LUCI_DEPENDS:= \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG:chinadns-ng \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria:hysteria \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_TUIC-Client:tuic-client \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadow-TLS:shadow-tls \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks:ipt2socks \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \
@ -62,7 +64,7 @@ select PACKAGE_luci-lib-ipkg if PACKAGE_$(PKG_NAME)

 choice
 	prompt "Shadowsocks Client Selection"
-	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client if aarch64
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client if aarch64 || x86_64
 	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client

 	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Client
@ -127,6 +129,14 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_TUIC-Client
 	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
 	default n

+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadow-TLS
+	bool "Include shadow-TLS"
+	select PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
+	select PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client
+	depends on aarch64||arm||x86_64
+	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
+	default n
+
 config PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks
 	bool "Include IPT2Socks"
 	default n
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@ -144,8 +144,11 @@ end
 if is_finded("ssr-redir") then
 	o:value("ssr", translate("ShadowsocksR"))
 end
-if is_finded("sslocal") or is_finded("ss-redir") then
-	o:value("ss", translate("Shadowsocks New Version"))
+if is_finded("ss-local") or is_finded("ss-redir") then
+	o:value("ss", translate("Shadowsocks-libev Version"))
+end
+if is_finded("sslocal") or is_finded("ssmanager") then
+	o:value("ss", translate("Shadowsocks-rust Version"))
 end
 if is_finded("trojan") then
 	o:value("trojan", translate("Trojan"))
@ -159,6 +162,9 @@ end
 if is_finded("tuic-client") then
 	o:value("tuic", translate("TUIC"))
 end
+if is_finded("shadow-tls") and is_finded("sslocal") then
+	o:value("shadowtls", translate("Shadow-TLS"))
+end
 if is_finded("ipt2socks") then
 	o:value("socks5", translate("Socks5"))
 end
@ -201,18 +207,20 @@ o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
 o:depends("type", "hysteria")
 o:depends("type", "tuic")
+o:depends("type", "shadowtls")
 o:depends("type", "socks5")

 o = s:option(Value, "server_port", translate("Server Port"))
 o.datatype = "port"
-o.rmempty = ({port_hopping=0 and false or true})
+o.rmempty = true
 o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "v2ray")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
-o:depends({type="hysteria",port_hopping=0})
+o:depends({type = "hysteria",port_hopping = false})
 o:depends("type", "tuic")
+o:depends("type", "shadowtls")
 o:depends("type", "socks5")

 o = s:option(Flag, "auth_enable", translate("Enable Authentication"))
@ -236,6 +244,7 @@ o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
+o:depends("type", "shadowtls")
 o:depends({type = "socks5", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "http", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", auth_enable = true})
@ -307,56 +316,165 @@ o:depends("type", "ssr")
 o = s:option(Value, "obfs_param", translate("Obfs param (optional)"))
 o:depends("type", "ssr")

-- [[ Hysteria ]]--
+
+-- [[ Hysteria2 ]]--
+o = s:option(Value, "hy2_auth", translate("Users Authentication"))
+o:depends("type", "hysteria")
+o.rmempty = false
+
+o = s:option(ListValue, "transport_protocol", translate("Protocol"))
+o:depends("type", "hysteria")
+o:value("udp", translate("udp"))
+o.default = "udp"
+o.rmempty = true
+
 o = s:option(Flag, "port_hopping", translate("Enable Port Hopping"))
 o:depends("type", "hysteria")
 o.rmempty = true
 o.default = "0"

+o = s:option(Value, "hopinterval", translate("Port Hopping Interval(Unit:Second)"))
+o:depends({type = "hysteria", port_hopping = true})
+o.datatype = "uinteger"
+o.rmempty = true
+o.default = "30"
+
 o = s:option(Value, "port_range", translate("Port Range"))
-o:depends({type = "hysteria", port_hopping = "1"})
-o.datatype = "portrange"
-o.rmempty = true
+o:depends({type = "hysteria", port_hopping = true})
+o.rmempty = false

-o = s:option(ListValue, "hysteria_protocol", translate("Protocol"))
-o:depends("type", "hysteria")
-o:value("udp", translate("udp"))
-o:value("wechat-video", translate("wechat-video"))
-o:value("faketcp", translate("faketcp"))
-o.default = "udp"
-o.rmempty = true
-
-o = s:option(ListValue, "auth_type", translate("Authentication type"))
-o:depends("type", "hysteria")
-o:value("0", translate("disabled"))
-o:value("1", translate("base64"))
-o:value("2", translate("string"))
-o.rmempty = true
-
-o = s:option(Value, "auth_payload", translate("Authentication payload"))
-o:depends({type = "hysteria", auth_type = "1"})
-o:depends({type = "hysteria", auth_type = "2"})
-o.rmempty = true
-
-o = s:option(Value, "recv_window", translate("QUIC connection receive window"))
-o.datatype = "uinteger"
-o:depends("type", "hysteria")
-o.rmempty = true
-
-o = s:option(Value, "recv_window_conn", translate("QUIC stream receive window"))
-o.datatype = "uinteger"
-o:depends("type", "hysteria")
-o.rmempty = true
-
-o = s:option(Flag, "disable_mtu_discovery", translate("Disable Path MTU discovery"))
-o:depends("type", "hysteria")
-o.rmempty = true
-
-o = s:option(Flag, "lazy_start", translate("Lazy Start"))
+o = s:option(Flag, "lazy_mode", translate("Enable Lazy Mode"))
 o:depends("type", "hysteria")
 o.rmempty = true
 o.default = "0"

+o = s:option(Flag, "flag_obfs", translate("Enable Obfuscation"))
+o:depends("type", "hysteria")
+o.rmempty = true
+o.default = "0"
+
+o = s:option(Value, "obfs_type", translate("Obfuscation Type"))
+o:depends({type = "hysteria", flag_obfs = "1"})
+o.rmempty = true
+o.default = "salamander"
+
+o = s:option(Value, "salamander", translate("Obfuscation Password"))
+o:depends({type = "hysteria", flag_obfs = "1"})
+o.rmempty = true
+o.default = "cry_me_a_r1ver"
+
+o = s:option(Flag, "flag_quicparam", translate("Hysterir QUIC parameters"))
+o:depends("type", "hysteria")
+o.rmempty = true
+o.default = "0"
+
+--[[Hysteria2 QUIC parameters setting]]
+o = s:option(Value, "initstreamreceivewindow", translate("QUIC initStreamReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.datatype = "uinteger"
+o.rmempty = true
+o.default = "8388608"
+
+o = s:option(Value, "maxstreamseceivewindow", translate("QUIC maxStreamReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.datatype = "uinteger"
+o.rmempty = true
+o.default = "8388608"
+
+o = s:option(Value, "initconnreceivewindow", translate("QUIC initConnReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.datatype = "uinteger"
+o.rmempty = true
+o.default = "20971520"
+
+o = s:option(Value, "maxconnreceivewindow", translate("QUIC maxConnReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.datatype = "uinteger"
+o.rmempty = true
+o.default = "20971520"
+
+o = s:option(Value, "maxidletimeout", translate("QUIC maxIdleTimeout(Unit:second)"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.rmempty = true
+o.datatype = "uinteger"
+o.default = "30"
+
+o = s:option(Value, "keepaliveperiod", translate("The keep-alive period.(Unit:second)"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.rmempty = true
+o.datatype = "uinteger"
+o.default = "10"
+
+o = s:option(Flag, "disablepathmtudiscovery", translate("Disable Path MTU discovery"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.rmempty = true
+o.default = false
+
+
+--[[ Shadow-TLS Options ]]
+o = s:option(ListValue, "shadowtls_protocol", translate("shadowTLS protocol Version"))
+o:depends("type", "shadowtls")
+o:value("v3", translate("Enable V3 protocol."))
+o:value("v2", translate("Enable V2 protocol."))
+o.default = "v3"
+o.rmempty = true
+
+o = s:option(Flag, "strict", translate("TLS 1.3 Strict mode"))
+o:depends("type", "shadowtls")
+o.default = "1"
+o.rmempty = false
+
+o = s:option(Flag, "fastopen", translate("TCP Fast Open"))
+o:depends("type", "shadowtls")
+o.default = "0"
+o.rmempty = false
+
+o = s:option(Flag, "disable_nodelay", translate("Disable TCP No_delay"))
+o:depends("type", "shadowtls")
+o.default = "0"
+o.rmempty = true
+
+o = s:option(Value, "shadowtls_sni", translate("shadow-TLS SNI"))
+o:depends("type", "shadowtls")
+o.datatype = "host"
+o.rmempty = true
+o.default = ""
+
+--[[ add a ListValue for Choose chain type,sslocal or vmess ]]
+o = s:option(ListValue, "chain_type", translate("Shadow-TLS ChainPoxy type"))
+o:depends("type", "shadowtls")
+if is_finded("sslocal") then
+	o:value("sslocal", translate("Shadowsocks-rust Version"))
+end
+if is_finded("xray") or is_finded("v2ray") then
+	o:value("vmess", translate("Vmess Protocol"))
+end
+o.default = "sslocal"
+o.rmempty = false
+
+o = s:option(Value, "sslocal_password",translate("Shadowsocks password"))
+o:depends({type = "shadowtls", chain_type = "sslocal"})
+o.rmempty = true
+
+o = s:option(ListValue, "sslocal_method", translate("Encrypt Method"))
+o:depends({type = "shadowtls", chain_type = "sslocal"})
+for _, v in ipairs(encrypt_methods_ss) do
+	o:value(v)
+end
+
+o = s:option(Value, "vmess_uuid", translate("Vmess UUID"))
+o:depends({type = "shadowtls", chain_type = "vmess"})
+o.rmempty = false
+o.default = uuid
+
+o = s:option(ListValue, "vmess_method", translate("Encrypt Method"))
+o:depends({type = "shadowtls", chain_type = "vmess"})
+for _, v in ipairs(securitys) do
+	o:value(v, v:lower())
+end
+o.rmempty = true
+o.default="auto"
+
 -- [[ TUIC ]]
 -- TuicNameId
 o = s:option(Value, "tuic_uuid", translate("TUIC User UUID"))
@ -420,29 +538,29 @@ o.rmempty = true
 o = s:option(Value, "send_window", translate("TUIC send window"))
 o:depends("type", "tuic")
 o.datatype = "uinteger"
-o.default = 16777216
+o.default = 20971520
 o.rmempty = true

 o = s:option(Value, "receive_window", translate("TUIC receive window"))
 o:depends("type", "tuic")
 o.datatype = "uinteger"
-o.default = 8388608
+o.default = 10485760
 o.rmempty = true

 o = s:option(Flag, "disable_sni", translate("Disable SNI"))
 o:depends("type", "tuic")
-o.default = 0
+o.default = "0"
 o.rmempty = true

 o = s:option(Flag, "zero_rtt_handshake", translate("Enable 0-RTT QUIC handshake"))
 o:depends("type", "tuic")
-o.default = 0
+o.default = "0"
 o.rmempty = true

--Tuic settings for the local inbound socks5 server
-o = s:option(Flag, "tuic_dual_stack", translate("Set if the listening socket should be dual-stack"))
+-- Tuic settings for the local inbound socks5 server
+o = s:option(Flag, "tuic_dual_stack", translate("Dual-stack Listening Socket"))
 o:depends("type", "tuic")
-o.default = 0
+o.default = "0"
 o.rmempty = true

 o = s:option(Value, "tuic_max_package_size", translate("Maximum packet size the socks5 server can receive from external"))
@ -651,14 +769,14 @@ o:depends("transport", "kcp")
 o.default = 50
 o.rmempty = true

-o = s:option(Value, "uplink_capacity", translate("Uplink Capacity"))
+o = s:option(Value, "uplink_capacity", translate("Uplink Capacity(Default:Mbps)"))
 o.datatype = "uinteger"
 o:depends("transport", "kcp")
 o:depends("type", "hysteria")
 o.default = 5
 o.rmempty = true

-o = s:option(Value, "downlink_capacity", translate("Downlink Capacity"))
+o = s:option(Value, "downlink_capacity", translate("Downlink Capacity(Default:Mbps)"))
 o.datatype = "uinteger"
 o:depends("transport", "kcp")
 o:depends("type", "hysteria")
@ -679,7 +797,6 @@ o.rmempty = true

 o = s:option(Value, "seed", translate("Obfuscate password (optional)"))
 o:depends("transport", "kcp")
-o:depends("type", "hysteria")
 o.rmempty = true

 o = s:option(Flag, "congestion", translate("Congestion"))
@ -717,6 +834,7 @@ o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", reality = false})
 o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", reality = false})
 o:depends({type = "v2ray", v2ray_protocol = "http", reality = false})
 o:depends("type", "trojan")
+o:depends("type", "hysteria")

 -- [[ TLS部分 ]] --
 o = s:option(Flag, "tls_sessionTicket", translate("Session Ticket"))
@ -772,15 +890,11 @@ o = s:option(Value, "tls_host", translate("TLS Host"))
 o.datatype = "hostname"
 o:depends("tls", true)
 o:depends("reality", true)
-o:depends("type", "hysteria")
 o.rmempty = true

 o = s:option(DynamicList, "tls_alpn", translate("TLS ALPN"))
 o:depends("tls", true)
 o:depends("type", "tuic")
-o.rmempty = true
-
-o = s:option(Value, "quic_tls_alpn", translate("QUIC TLS ALPN"))
 o:depends("type", "hysteria")
 o.rmempty = true

@ -791,6 +905,11 @@ o:depends("tls", true)
 o:depends("type", "hysteria")
 o.description = translate("If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates.")

+-- [[ Hysteria2 TLS pinSHA256 ]] --
+o = s:option(Value, "pinsha256", translate("Certificate fingerprint"))
+o:depends({type = "hysteria", insecure = true })
+o.rmempty = true
+
 -- [[ Mux ]]--
 o = s:option(Flag, "mux", translate("Mux"))
 o.rmempty = false
--- a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@ -106,14 +106,81 @@ msgstr "混淆参数（可选）"
 msgid "Authentication type"
 msgstr "验证类型"

+msgid "Users Authentication"
+msgstr "用户验证"
+
+msgid "NOTE: If the server uses the userpass authentication, the format must be username:password."
+msgstr "注意： 如果服务器使用 userpass 验证，格式必须是 username:password。"
+
 msgid "Enable Port Hopping"
 msgstr "启用端口跃迁"

 msgid "Port Range"
 msgstr "端口范围值"

-msgid "Authentication payload"
-msgstr "验证载荷"
+msgid "Port Hopping Interval(Unit:Second)"
+msgstr "端口跃迁间隔（单位：秒）"
+
+msgid "Enable Lazy Mode"
+msgstr "启用懒狗模式"
+
+msgid "Enable Obfuscation"
+msgstr "启用混淆功能"
+
+msgid "Obfuscation Type"
+msgstr "混淆类型"
+
+msgid "Obfuscation Password"
+msgstr "混淆密码"
+
+msgid "Hysterir QUIC parameters"
+msgstr "QUIC参数"
+
+msgid "QUIC initStreamReceiveWindow"
+msgstr "QUIC初始流接收窗口大小。"
+
+msgid "QUIC maxStreamReceiveWindow"
+msgstr "QUIC最大的流接收窗口大小"
+
+msgid "QUIC initConnReceiveWindow"
+msgstr "QUIC初始的连接接收窗口大小"
+
+msgid "QUIC maxConnReceiveWindow"
+msgstr "QUIC最大的连接接收窗口大小"
+
+msgid "QUIC maxIdleTimeout(Unit:second)"
+msgstr "QUIC最长空闲超时时间（单位：秒）"
+
+msgid "The keep-alive period.(Unit:second)"
+msgstr "心跳包发送间隔（单位：秒）"
+
+
+msgid "Certificate fingerprint"
+msgstr "证书指纹"
+
+msgid "shadowTLS protocol Version"
+msgstr "ShadowTLS协议版本"
+
+msgid "TLS 1.3 Strict mode"
+msgstr "TLS 1.3 限定模式"
+
+msgid "Disable TCP No_delay"
+msgstr "禁用TCP无延迟"
+
+msgid "shadow-TLS SNI"
+msgstr "服务器名称指示"
+
+msgid "Shadow-TLS ChainPoxy type"
+msgstr "代理链类型"
+
+msgid "Shadowsocks-rust Version"
+msgstr "shadowsocks rust版本"
+
+msgid "Vmess Protocol"
+msgstr "VMESS协议"
+
+msgid "Shadowsocks password"
+msgstr "shadowsocks密码"

 msgid "QUIC connection receive window"
 msgstr "QUIC 连接接收窗口"
@ -121,6 +188,7 @@ msgstr "QUIC 连接接收窗口"
 msgid "QUIC stream receive window"
 msgstr "QUIC 流接收窗口"

+
 msgid "Lazy Start"
 msgstr "延迟启动"

@ -805,11 +873,11 @@ msgstr "最大传输单元"
 msgid "TTI"
 msgstr "传输时间间隔"

-msgid "Uplink Capacity"
-msgstr "上行链路容量"
+msgid "Uplink Capacity(Default:Mbps)"
+msgstr "上行链路容量（默认：Mbps）"

-msgid "Downlink Capacity"
-msgstr "下行链路容量"
+msgid "Downlink Capacity(Default:Mbps)"
+msgstr "下行链路容量（默认：Mbps）"

 msgid "Read Buffer Size"
 msgstr "读取缓冲区大小"
@ -904,8 +972,8 @@ msgstr "发送窗口（无需确认即可发送的最大字节数：默认8Mb*2
 msgid "TUIC receive window"
 msgstr "接收窗口（无需确认即可接收的最大字节数：默认8Mb）"

-msgid "Set if the listening socket should be dual-stack"
-msgstr "设置监听套接字为双栈"
+msgid "Dual-stack Listening Socket"
+msgstr "双栈Socket监听"

 msgid "Maximum packet size the socks5 server can receive from external"
 msgstr "socks5服务器可以从外部接收的最大数据包大小（单位：字节）"
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -18,13 +18,17 @@ LOG_FILE=/var/log/ssrplus.log
 TMP_PATH=/var/etc/ssrplus
 TMP_BIN_PATH=$TMP_PATH/bin
 TMP_DNSMASQ_PATH=/tmp/dnsmasq.d/dnsmasq-ssrplus.d
+
+chain_config_file=		   #generate shadowtls chain proxy config file
 tcp_config_file=
 udp_config_file=
 shunt_config_file=
 local_config_file=
 shunt_dns_config_file=
 tmp_local_port=
+
 ARG_UDP=
+
 dns_port="5335"            #dns port
 china_dns_port="5333"      #china_dns_port
 tmp_dns_port="300"         #dns2socks temporary port
@ -34,6 +38,7 @@ tmp_shunt_port="303"       #shunt temporary port
 tmp_shunt_local_port="304" #shunt socks temporary port
 tmp_shunt_dns_port="305"   #shunt dns2socks temporary port
 tmp_tcp_local_port="306"   #tcp socks temporary port
+
 server_count=0
 redir_tcp=0
 redir_udp=0
@ -217,44 +222,48 @@ start_dns() {
 	fi
 }

-gen_service_file() {
+gen_service_file() { #1-server.type 2-cfgname 3-file_path
+	local fastopen
 	if [ $(uci_get_by_name $2 fast_open) == "1" ]; then
-		local fastopen="true"
+		fastopen="true"
 	else
-		local fastopen="false"
+		fastopen="false"
 	fi
-	if [ $1 == "ssr" ]; then
+	case $1 in
+		ssr)
 		cat <<-EOF >$3
 			{
-			  "server": "0.0.0.0",
-			  "server_ipv6": "::",
-			  "server_port": $(uci_get_by_name $2 server_port),
-			  "mode": "tcp_and_udp",
-			  "password": "$(uci_get_by_name $2 password)",
-			  "timeout": $(uci_get_by_name $2 timeout 60),
-			  "method": "$(uci_get_by_name $2 encrypt_method)",
-			  "protocol": "$(uci_get_by_name $2 protocol)",
-			  "protocol_param": "$(uci_get_by_name $2 protocol_param)",
-			  "obfs": "$(uci_get_by_name $2 obfs)",
-			  "obfs_param": "$(uci_get_by_name $2 obfs_param)",
-			  "fast_open": $fastopen
+				"server": "0.0.0.0",
+				"server_ipv6": "::",
+				"server_port": $(uci_get_by_name $2 server_port),
+				"mode": "tcp_and_udp",
+				"password": "$(uci_get_by_name $2 password)",
+				"timeout": $(uci_get_by_name $2 timeout 60),
+				"method": "$(uci_get_by_name $2 encrypt_method)",
+				"protocol": "$(uci_get_by_name $2 protocol)",
+				"protocol_param": "$(uci_get_by_name $2 protocol_param)",
+				"obfs": "$(uci_get_by_name $2 obfs)",
+				"obfs_param": "$(uci_get_by_name $2 obfs_param)",
+				"fast_open": $fastopen
 			}
-		EOF
-	else
-		cat <<-EOF >$3
-			{
-			  "server": "0.0.0.0",
-			  "server_ipv6": "::",
-			  "server_port": $(uci_get_by_name $2 server_port),
-			  "mode": "tcp_and_udp",
-			  "password": "$(uci_get_by_name $2 password)",
-			  "timeout": $(uci_get_by_name $2 timeout 60),
-			  "method": "$(uci_get_by_name $2 encrypt_method_ss)",
-			  "protocol": "socks",
-			  "fast_open": $fastopen
-			}
-		EOF
-	fi
+			EOF
+		;;
+		ss)
+			cat <<-EOF >$3
+				{
+					"server": "0.0.0.0",
+					"server_ipv6": "::",
+					"server_port": $(uci_get_by_name $2 server_port),
+					"mode": "tcp_and_udp",
+					"password": "$(uci_get_by_name $2 password)",
+					"timeout": $(uci_get_by_name $2 timeout 60),
+					"method": "$(uci_get_by_name $2 encrypt_method_ss)",
+					"protocol": "socks",
+					"fast_open": $fastopen
+				}
+			EOF
+		;;
+	esac
 }

 get_name() {
@ -264,13 +273,15 @@ get_name() {
 	esac
 }

-gen_config_file() { #server1 type2 code3 local_port4 socks_port5 threads5
+gen_config_file() { #server1 type2 code3 local_port4 socks_port5 chain6 threads5
 	case "$3" in
 	1)
 		config_file=$tcp_config_file
+		chain_config_file=$(echo ${config_file}|sed 's/ssrplus\//ssrplus\/chain-/')
 		;;
 	2)
 		config_file=$udp_config_file
+		chain_config_file=$(echo ${config_file}|sed 's/ssrplus\//ssrplus\/chain-/')
 		;;
 	3)
 		if [ -n "$tmp_local_port" ]; then
@ -279,10 +290,12 @@ gen_config_file() { #server1 type2 code3 local_port4 socks_port5 threads5
 			local tmp_port=$tmp_shunt_local_port
 		fi
 		config_file=$shunt_config_file
+		chain_config_file=$(echo ${config_file}|sed 's/ssrplus\//ssrplus\/chain-/')
 		;;
 	4)
 		local ss_protocol="socks"
 		config_file=$local_config_file
+		chain_config_file=$(echo ${config_file}|sed 's/ssrplus\//ssrplus\/chain-/')
 		;;
 	esac
 	case "$2" in
@ -330,7 +343,25 @@ gen_config_file() { #server1 type2 code3 local_port4 socks_port5 threads5
 		lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 $5 >$config_file
 		;;
 	tuic)
-		lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 >$config_file
+		case "$3" in
+		1|2|4)
+			lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 >$config_file
+			;;
+		3)
+			[ -z "$6" ] && lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 >$shunt_dns_config_file || lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 >$config_file
+			;;
+		esac
+		;;
+	shadowtls)
+		case "$3" in
+			1|2|4)
+        [ -z "$6" ] && lua /usr/share/shadowsocksr/gen_config.lua $1 $type $4 >$chain_config_file || lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 $5 $6 >$config_file
+        ;;
+			3)
+				lua /usr/share/shadowsocksr/gen_config.lua $1 $type $4 >$chain_config_file
+				lua /usr/share/shadowsocksr/gen_config.lua $1 $mode $4 $5 $6 >$config_file
+				;;
+		esac
 		;;
 	socks5)
 		/usr/share/shadowsocksr/genred2config.sh $config_file $2 $mode $4 \
@ -344,7 +375,7 @@ gen_config_file() { #server1 type2 code3 local_port4 socks_port5 threads5
 		/usr/share/shadowsocksr/genred2config.sh $config_file $2 $(uci_get_by_name $1 iface "br-lan") $4
 		;;
 	esac
-	sed -i 's/\\//g' $TMP_PATH/*-ssr-*.json
+	sed -i 's/\\//g' $TMP_PATH/*-ssr-*.json #>/dev/null > 2>&1
 }

 start_udp() {
@ -376,17 +407,34 @@ start_udp() {
 	hysteria)
 		gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port
 		ln_start_bin $(first_type hysteria) hysteria client --config $udp_config_file
-		echolog "UDP TPROXY Relay:$($(first_type "hysteria") --version | awk '{print $1,$3}') Started!"
+		echolog "UDP TPROXY Relay:$($(first_type "hysteria") version | awk '{print $1,$3}') Started!"
 		;;
 	tuic)
-		# gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_local_port
-		# ln_start_bin $(first_type tuic-client) tuic-client --config $udp_config_file
-		# ln_start_bin $(first_type ipt2socks) ipt2socks -U -b 0.0.0.0 -4 -s 127.0.0.1 -p $tmp_udp_local_port -l $tmp_udp_port
-		# echolog "UDP TPROXY Relay:tuic-client $($(first_type tuic-client) --version) Started!"
 		# FIXME: ipt2socks cannot handle udp reply from tuic
+		# 20230726 uncomment following 4 lines
+		gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_local_port
+		ln_start_bin $(first_type tuic-client) tuic-client --config $udp_config_file
+		ln_start_bin $(first_type ipt2socks) ipt2socks -U -b 0.0.0.0 -4 -s 127.0.0.1 -p $tmp_udp_local_port -l $tmp_udp_port
+		echolog "UDP TPROXY Relay:tuic-client $($(first_type tuic-client) --version) Started!"
 		echolog "TUIC UDP TPROXY Relay not supported!"
-		redir_udp=0
-		ARG_UDP=""
+		#redir_udp=0
+		#ARG_UDP=""
+		;;
+	shadowtls)
+		gen_config_file $UDP_RELAY_SERVER $type 2 ${tmp_udp_local_port}
+		gen_config_file $UDP_RELAY_SERVER $type 2 ${tmp_udp_local_port} 0 chain
+		ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
+		local chain_type=$(uci_get_by_name $UDP_RELAY_SERVER chain_type)
+		case ${chain_type} in
+			vmess)
+				ln_start_bin $(first_type xray v2ray) v2ray run -c $udp_config_file
+				echolog "UDP TPROXY Relay:shadow-tls chain-to $($(first_type xray) --version) Started!"
+				;;
+			sslocal)
+				ln_start_bin $(first_type sslocal) sslocal -c $udp_config_file
+				echolog "UDP TPROXY Relay:shadow-tls chain-to $($(first_type sslocal) --version) Started!"
+				;;
+		esac
 		;;
 	socks5)
 		# if [ "$(uci_get_by_name $UDP_RELAY_SERVER auth_enable 0)" == "1" ]; then
@ -463,21 +511,39 @@ start_shunt() {
 		fi
 		ln_start_bin $(first_type hysteria) hysteria client --config $shunt_config_file
 		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
-		echolog "shunt:$($(first_type hysteria) --version | awk '{print $1,$3}') Started!"
+		echolog "shunt:$($(first_type hysteria) version | awk '{print $1,$3}') Started!"
 		;;
 	tuic)
-		if [ -n "$tmp_local_port" ]; then
-			local tmp_port=$tmp_local_port
-		else
-			local tmp_port=$tmp_shunt_local_port
-			gen_config_file $SHUNT_SERVER $type 3 $tmp_port
-			ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_config_file
-		fi
-		ln_start_bin $(first_type ipt2socks) ipt2socks -R -b 0.0.0.0 -4 -s 127.0.0.1 -p $tmp_port -l $tmp_shunt_port
+		local chain_shunt_port="30${tmp_shunt_port}"
+		gen_config_file $SHUNT_SERVER $type 3 $chain_shunt_port 0 chain #make a tuic socks:30303, make a ipt2socks redir:303
+		ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_config_file
+		ln_start_bin $(first_type ipt2socks) ipt2socks -R -b 0.0.0.0 -4 -s 127.0.0.1 -p $chain_shunt_port -l $tmp_shunt_port
+
+		[ -n "$tmp_local_port" ] && tmp_port=$tmp_local_port || tmp_port=$tmp_shunt_local_port
+		gen_config_file $SHUNT_SERVER $type 3 $tmp_port		# make a tuic socks :304
+		ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_dns_config_file
 		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
-		echolog "shunt:tuic-client $($(first_type tuic-client) --version) Started!"
+		echolog "Netflix Separated Shunt Server:tuic-client $($(first_type tuic-client) --version) Started!"
 		# FIXME: ipt2socks cannot handle udp reply from tuic
-		redir_udp=0
+		#redir_udp=0
+		;;
+	shadowtls)
+		[ -n "$tmp_local_port" ] && tmp_port=$tmp_local_port || tmp_port=$tmp_shunt_local_port
+		gen_config_file $SHUNT_SERVER $type 3 "10${tmp_shunt_port}" $tmp_port chain/$tmp_shunt_port #make a redir:303 and a socks:304
+		#echo "debug \$tmp_port=$tmp_port, \$tmp_shunt_port=${tmp_shunt_port},  \$tmp_shunt_local_port=$tmp_shunt_local_port"
+		ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
+		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:"${tmp_port}" 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
+		local chain_type=$(uci_get_by_name $SHUNT_SERVER chain_type)
+		case ${chain_type} in
+			vmess)
+				ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
+				echolog "Netflix Separated Shunt Server:shadow-tls chain-to$($(first_type xray) --version) Started!"
+				;;
+			 sslocal)
+				ln_start_bin $(first_type sslocal) sslocal -c $shunt_config_file
+				echolog "Netflix Separated Shunt Server:shadow-tls chain-to$($(first_type sslocal) --version) Started!"
+				;;
+		esac
 		;;
 	# socks5)
 	# 	if [ "$(uci_get_by_name $SHUNT_SERVER auth_enable 0)" == "1" ]; then
@ -538,21 +604,40 @@ start_local() {
 	naiveproxy)
 		gen_config_file $LOCAL_SERVER $type 4 $local_port
 		ln_start_bin $(first_type naive) naive --config $local_config_file
-		echolog "Global_Socks5:$($(first_type $type) --version | head -1) Started!"
+		echolog "Global_Socks5:$($(first_type naive) --version | head -1) Started!"
 		;;
 	hysteria)
 		if [ "$_local" == "2" ]; then
 			gen_config_file $LOCAL_SERVER $type 4 0 $local_port
 			ln_start_bin $(first_type hysteria) hysteria client --config $local_config_file
-			echolog "Global_Socks5:$($(first_type hysteria) --version | awk '{print $1,$3}') Started!"
+			echolog "Global_Socks5:$($(first_type hysteria) version | awk '{print $1,$3}') Started!"
 		fi
 		;;
 	tuic)
 		if [ "$_local" == "2" ]; then
 			gen_config_file $LOCAL_SERVER $type 4 $local_port
 			ln_start_bin $(first_type tuic-client) tuic-client --config $local_config_file
+			echolog "Global Socks5:tuic-client $($(first_type tuic-client) --version) Started!"
+		fi
+		;;
+	shadowtls)
+		#respective config for global socks and main node
+		if [ "$_local" == "2" ]; then
+			gen_config_file $LOCAL_SERVER $type 4 "10${tmp_tcp_local_port}"
+			gen_config_file $LOCAL_SERVER $type 4 0 $local_port chain/"10${tmp_tcp_local_port}"
+			ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_local_config_file
+			local chain_type=$(uci_get_by_name $LOCAL_SERVER chain_type)
+			case ${chain_type} in
+				vmess)
+					ln_start_bin $(first_type xray v2ray) v2ray run -c $local_config_file
+					echolog "Global Socks5 Proxy:shadow-tls chain-to$($(first_type xray) --version) Started!"
+					;;
+				sslocal)
+					ln_start_bin $(first_type sslocal) sslocal -c $local_config_file
+					echolog "Global Socks5 Proxy:shadow-tls chain-to$($(first_type sslocal) --version) Started!"
+					;;
+			esac
 		fi
-		echolog "Global_Socks5:tuic-client $($(first_type tuic-client) --version) Started!"
 		;;
 	*)
 		[ -e /proc/sys/net/ipv6 ] && local listenip='-i ::'
@ -620,14 +705,43 @@ Start_Run() {
 	hysteria)
 		gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port
 		ln_start_bin $(first_type hysteria) hysteria client --config $tcp_config_file
-		echolog "Main node:$($(first_type hysteria) --version | awk '{print $1,$3}') Started!"
+		echolog "Main node:$($(first_type hysteria) version | awk '{print $1,$3}') Started!"
 		;;
 	tuic)
+		local PARAM
+		[ $mode == "tcp" ] && PARAM="-T" || PARAM=""
 		gen_config_file $GLOBAL_SERVER $type 1 $tmp_tcp_local_port
 		ln_start_bin $(first_type tuic-client) tuic-client --config $tcp_config_file
-		ln_start_bin $(first_type ipt2socks) ipt2socks -R -b 0.0.0.0 -4 -s 127.0.0.1 -p $tmp_tcp_local_port -l $tcp_port
+		ln_start_bin $(first_type ipt2socks) ipt2socks "$PARAM" -R -b 0.0.0.0 -4 -s 127.0.0.1 -p $tmp_tcp_local_port -l $tcp_port
+		if [ -n $socks_port ] && [ $GLOBAL_SERVER == $LOCAL_SERVER ]; then #start a new tuic instance
+			gen_config_file $GLOBAL_SERVER $type 4 $socks_port
+			ln_start_bin $(first_type tuic-client) tuic-client --config $local_config_file
+			echolog "Global Socks5:tuic-client $($(first_type tuic-client) --version) Started!"
+		fi
 		echolog "Main node:tuic-client $($(first_type tuic-client) --version) Started!"
 		;;
+	shadowtls)
+		if [ -z "$socks_port" ]; then
+			gen_config_file $GLOBAL_SERVER $type 1 "10${tmp_tcp_local_port}"
+			gen_config_file $GLOBAL_SERVER $type 1 "10${tmp_tcp_local_port}" 0 chain
+		else
+			gen_config_file $GLOBAL_SERVER $type 1 "10${tmp_tcp_local_port}"
+			gen_config_file $GLOBAL_SERVER $type 1 "10${tmp_tcp_local_port}" $socks_port chain
+		fi
+		local chain_type=$(uci_get_by_name $GLOBAL_SERVER chain_type)
+		case ${chain_type} in
+		vmess)
+			ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
+			ln_start_bin $(first_type xray v2ray) v2ray run -c $tcp_config_file
+			echolog "Mian node:shadow-tls chain-to $($(first_type xray) --version) Started!"
+			;;
+		sslocal)
+			ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
+			ln_start_bin $(first_type sslocal) sslocal -c $tcp_config_file
+			echolog "Main node:shadow-tls chain-to $($(first_type sslocal) --version) Started!"
+			;;
+		esac
+		;;
 	socks5)
 		if [ "$(uci_get_by_name $GLOBAL_SERVER auth_enable 0)" == "1" ]; then
 			local auth="-a $(uci_get_by_name $GLOBAL_SERVER username) -k $(uci_get_by_name $GLOBAL_SERVER password)"
@ -981,6 +1095,7 @@ reset() {
 		set shadowsocksr.@global[0].switch_time='667'
 		set shadowsocksr.@global[0].switch_timeout='5'
 		set shadowsocksr.@global[0].switch_try_count='3'
+#		set shadowsocksr.@global[0].default_packet_encoding='xudp'
 		set shadowsocksr.@global[0].gfwlist_url='https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt'
 		set shadowsocksr.@global[0].chnroute_url='https://ispip.clang.cn/all_cn.txt'
 		set shadowsocksr.@global[0].nfip_url='https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt'
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@ -8,6 +8,9 @@ local proto = arg[2]
 local local_port = arg[3] or "0"
 local socks_port = arg[4] or "0"

+local chain = arg[5] or "0"
+local chain_local_port = string.split(chain, "/")[2] or "0"
+
 local server = ucursor:get_all("shadowsocksr", server_section)
 local outbound_settings = nil

@ -275,59 +278,159 @@ local ss = {
 	reuse_port = true
 }
 local hysteria = {
-	server = server.server .. ":" .. server.server_port,
-	protocol = server.hysteria_protocol,
-	up_mbps = tonumber(server.uplink_capacity),
-	down_mbps = tonumber(server.downlink_capacity),
+	server = server.server_port and (server.server .. ":" .. server.server_port) or (server.server .. ":" .. server.port_range),
+	bandwidth = {
+	up = tonumber(server.uplink_capacity) and tonumber(server.uplink_capacity) .. " mbps" or nil,
+	down = tonumber(server.downlink_capacity) and tonumber(server.downlink_capacity) .. " mbps" or nil 
+	},
 	socks5 = (proto:find("tcp") and tonumber(socks_port) and tonumber(socks_port) ~= 0) and {
 		listen = "0.0.0.0:" .. tonumber(socks_port),
-		timeout = 300,
 		disable_udp = false
 	} or nil,
-	redirect_tcp = (proto:find("tcp") and local_port ~= "0") and {
-		listen = "0.0.0.0:" .. tonumber(local_port),
-		timeout = 300
+	transport = {
+		type = server.transport_protocol,
+		udp = { 
+			hopInterval = tonumber(server.hopinterval) and tonumber(server.hopinterval) .. "s" or nil
+		}
+	},
+--[[			
+	tcpTProxy = (proto:find("tcp") and local_port ~= "0") and {
+	listen = "0.0.0.0:" .. tonumber(local_port)
+} or nil,
+]]
+	tcpRedirect = (proto:find("tcp") and local_port ~= "0") and {
+					listen = "0.0.0.0:" .. tonumber(local_port)
 	} or nil,
-	tproxy_udp = (proto:find("udp") and local_port ~= "0") and {
-		listen = "0.0.0.0:" .. tonumber(local_port),
-		timeout = 60
+	udpTProxy = (proto:find("udp") and local_port ~= "0") and {
+					listen = "0.0.0.0:" .. tonumber(local_port)
 	} or nil,
-	obfs = server.seed,
-	auth = (server.auth_type == "1") and server.auth_payload or nil,
-	auth_str = (server.auth_type == "2") and server.auth_payload or nil,
-	alpn = server.quic_tls_alpn,
-	server_name = server.tls_host,
-	insecure = (server.insecure == "1") and true or false,
-	ca = (server.certificate) and server.certpath or nil,
-	recv_window_conn = tonumber(server.recv_window_conn),
-	recv_window = tonumber(server.recv_window),
-	disable_mtu_discovery = (server.disable_mtu_discovery == "1") and true or false,
+	obfs = (server.flag_obfs == "1") and {
+				type = server.obfs_type,
+				salamander = { password = server.salamander }
+	} or nil,
+	quic = (server.flag_quicparam == "1" ) and {
+		initStreamReceiveWindow = (server.initstreamreceivewindow and server.initstreamreceivewindow or nil),
+		maxStreamReceiveWindow = (server.maxstreamseceivewindow and server.maxstreamseceivewindow or nil),
+		initConnReceiveWindow = (server.initconnreceivewindow and server.initconnreceivewindow or nil),
+		maxConnReceiveWindow = (server.maxconnreceivewindow and server.maxconnreceivewindow or nil),
+		maxIdleTimeout = (tonumber(server.maxidletimeout) and tonumber(server.maxidletimeout) .. "s" or nil),
+		keepAlivePeriod = (tonumber(server.keepaliveperiod) and tonumber(server.keepaliveperiod) .. "s" or nil),
+		disable_mtu_discovery = (server.disablepathmtudiscovery == "1") and true or false
+	} or nil,
+	auth = server.hy2_auth,
+	tls = (server.tls_host) and {
+		sni = server.tls_host,
+		insecure = (server.insecure == "1") and true or false,
+		pinSHA256 = (server.insecure == "1") and server.pinsha256 or nil
+	} or {
+		sni = server.server,
+		insecure = (server.insecure == "1") and true or false
+	},
 	fast_open = (server.fast_open == "1") and true or false,
-	lazy_start = (server.lazy_start == "1") and true or false
+	lazy = (server.lazy_mode == "1") and true or false
+}
+local shadowtls = {
+	client = {
+		server_addr = server.server_port and server.server .. ":" .. server.server_port or nil,
+		listen = "127.0.0.1:" .. tonumber(local_port),
+		tls_names = server.shadowtls_sni,
+		password = server.password 
+	},
+	v3 = (server.shadowtls_protocol == "v3") and true or false,
+	disable_nodelay = (server.disable_nodelay == "1") and true or false,
+	fastopen = (server.fastopen == "1") and true or false,
+	strict = (server.strict == "1") and true or false
+}
+local chain_sslocal = {
+		locals = local_port ~= "0" and {
+		{
+			local_address = "0.0.0.0",
+			local_port = (chain_local_port == "0" and tonumber(server.local_port) or tonumber(chain_local_port)),
+			mode = (proto:find("tcp,udp") and "tcp_and_udp") or proto .. "_only",
+			protocol = "redir",
+			tcp_redir = "redirect",
+		--tcp_redir = "tproxy",
+			udp_redir = "tproxy"
+		},
+		socks_port ~= "0" and {
+			protocol = "socks",
+			local_address = "0.0.0.0",
+			local_port = tonumber(socks_port)
+		} or nil
+	} or {{ 
+			protocol = "socks",
+			local_address = "0.0.0.0",
+			ocal_port = tonumber(socks_port)
+			}},
+		servers = {
+			{
+				server = "127.0.0.1",
+				server_port = (tonumber(local_port) == 0 and tonumber(chain_local_port) or tonumber(local_port)),
+				method = server.sslocal_method,
+				password = server.sslocal_password
+			}
+		}
+}
+local chain_vmess = {
+	inbounds = (local_port ~= "0") and {
+	{
+		port =  (chain_local_port == "0" and tonumber(server.local_port) or tonumber(chain_local_port)),
+		protocol = "dokodemo-door",
+			settings = {
+			network = proto, 
+			followRedirect = true
+		},
+		streamSettings = {
+			sockopt = {tproxy = "redirect"}
+		},
+		sniffing = {
+			enable = true,
+			destOverride = {"http","tls"}
+		}
+	},
+		(proto:find("tcp") and socks_port ~= "0") and {
+		protocol = "socks",
+		port = tonumber(socks_port)
+		} or nil
+	} or { protocol = "socks",port = tonumber(socks_port) },
+	outbound = {
+		protocol = "vmess",
+		settings = {
+			vnext = {{
+				address = "127.0.0.1",
+				port =  (tonumber(local_port) == 0 and tonumber(chain_local_port) or tonumber(local_port)),
+				users = {{
+				id = (server.vmess_uuid),
+				security = server.vmess_method,
+				level = 0
+				}}
+			}}
+		}
+	}
 }
 local tuic = {
 		relay = {
-				server = server.server .. ":" .. server.server_port,
-				ip = server.tuic_ip,
-				uuid = server.tuic_uuid,
-				password = server.tuic_passwd,
-				certificates = server.certificate and { server.certpath } or nil,
-				udp_relay_mode = server.udp_relay_mode,
-				congestion_control = server.congestion_control,
-				heartbeat = server.heartbeat and server.heartbeat .. "s" or nil,
-				timeout = server.timeout and server.timeout .. "s" or nil,
-				gc_interval = server.gc_interval and server.gc_interval .. "s" or nil,
-				gc_lifetime = server.gc_lifetime and server.gc_lifetime .. "s" or nil,
-				alpn = server.tls_alpn,
-				disable_sni = (server.disable_sni == "1") and true or false,
-				zero_rtt_handshake = (server.zero_rtt_handshake == "1") and true or false,
-				send_window = tonumber(server.send_window),
-				receive_window = tonumber(server.receive_window)
-        },
+			server = server.server_port and server.server .. ":" .. server.server_port,
+			ip = server.tuic_ip,
+			uuid = server.tuic_uuid,
+			password = server.tuic_passwd,
+			certificates = server.certificate and { server.certpath } or nil,
+			udp_relay_mode = server.udp_relay_mode,
+			congestion_control = server.congestion_control,
+			heartbeat = server.heartbeat and server.heartbeat .. "s" or nil,
+			timeout = server.timeout and server.timeout .. "s" or nil,
+			gc_interval = server.gc_interval and server.gc_interval .. "s" or nil,
+			gc_lifetime = server.gc_lifetime and server.gc_lifetime .. "s" or nil,
+			alpn = server.tls_alpn,
+			disable_sni = (server.disable_sni == "1") and true or false,
+			zero_rtt_handshake = (server.zero_rtt_handshake == "1") and true or false,
+			send_window = tonumber(server.send_window),
+			receive_window = tonumber(server.receive_window)
+		},
 		["local"] = {
-				server = "0.0.0.0:" .. tonumber(local_port),
-				--dual_stack = (server.tuic_dual_stack == "1") and true or false,
-				max_packet_size = tonumber(server.tuic_max_package_size)
+			server = tonumber(socks_port) and (server.tuic_dual_stack == "1" and "[::1]:" or "127.0.0.1:")  .. (socks_port == "0" and local_port or tonumber(socks_port)),
+			dual_stack = (server.tuic_dual_stack == "1") and true or false,
+			max_packet_size = tonumber(server.tuic_max_package_size)
 		}
 }
 local config = {}
@ -367,6 +470,28 @@ function config:handleIndex(index)
 		hysteria = function()
 			print(json.stringify(hysteria, 1))
 		end,
+		shadowtls = function()
+			local chain_switch = {
+				sslocal = function()
+					if (chain:find("chain")) then
+						print(json.stringify(chain_sslocal, 1))
+					else
+						print(json.stringify(shadowtls, 1))
+					end
+				end,
+				vmess = function()
+					if (chain:find("chain")) then
+						print(json.stringify(chain_vmess, 1))
+					else
+						print(json.stringify(shadowtls, 1))
+					end
+				end
+			}
+			local ChainType = server.chain_type
+				if chain_switch[ChainType] then
+					chain_switch[ChainType]()
+				end
+			end,
 		tuic = function()
 			print(json.stringify(tuic, 1))
 		end
--- a/v2ray-geodata/Makefile
+++ b/v2ray-geodata/Makefile
@ -21,13 +21,13 @@ define Download/geoip
  HASH:=25e8fd3517988781e0a901c1d29dd35bed1aabed6343647c76206161e49fa1f4
 endef

-GEOSITE_VER:=20231011025202
+GEOSITE_VER:=20231012035256
 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
 define Download/geosite
  URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
  URL_FILE:=dlc.dat
  FILE:=$(GEOSITE_FILE)
-  HASH:=32868ddecfab6faa2ea6eceb2f466bea144025eab1ae044609b09f47d254cab5
+  HASH:=642dd9dee924d03a1516f6521c908a3ccf9fbc77e2a18551856f7e1ed405ea49
 endef

 GEOSITE_IRAN_VER:=202310090024