update 2022-06-07 08:44:07

2025-01-08 13:27:36 +08:00 · 2022-06-07 08:44:07 +08:00 · 2022-06-07 08:44:07 +08:00 · 5c2a13ef3e
commit 5c2a13ef3e
parent dea7bebedd
16 changed files with 272 additions and 146 deletions
--- a/adguardhome/Makefile
+++ b/adguardhome/Makefile
@ -6,11 +6,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=adguardhome
-PKG_VERSION:=0.107.6
-PKG_RELEASE:=48
+PKG_VERSION:=0.107.7
+PKG_RELEASE:=49

 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=368a98fb296da349ed7fb99b03c4ed6b7d0dda3a
+PKG_SOURCE_VERSION:=b01efd8c984f3c442cce19faa76de4681d507191
 PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
 PKG_MIRROR_HASH:=skip

--- a/dnsproxy/Makefile
+++ b/dnsproxy/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsproxy
-PKG_VERSION:=0.43.0
+PKG_VERSION:=0.43.1
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=b20a544b9085beda02e50e84819b42526ce90b8745a3dbbec9fe3adfe76e44d4
+PKG_HASH:=2e69c1bd610727acdf24a37010fac3d1dfd6bf66527552b3221d22cc11d51296

 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=Apache-2.0
--- a/luci-app-mosdns/root/etc/mosdns/serverlist.txt
+++ b/luci-app-mosdns/root/etc/mosdns/serverlist.txt
@ -17709,6 +17709,7 @@ becomingcrackingragged.com
 becominggland.com
 becoquin.com
 becorsolaom.com
+becrustleom.com
 becuboneor.com
 bedbwgjjpxiuox.com
 beddingcadetexploded.com
@ -40833,6 +40834,7 @@ geotargetly-1a441.appspot.com
 geotargetly.co
 geotmt.com
 geotrust.com
+geouragedproverly.com
 geovideo.name
 geovisite.com
 geovisite.ovh
@ -42061,6 +42063,7 @@ gooddaywith-captcha.top
 gooderamour.com
 goodfellas.me
 goodfriendsdriving.com
+goodfungame.com
 goodgamesmanship.com
 goodgoodluck.cn
 goodgz.cn
@ -49788,6 +49791,7 @@ jebure.com
 jeccmq.wehkamp.nl
 jechesmacaltont.info
 jeclittrecheckrep.info
+jecoglegru.com
 jecqhvrclrxe.com
 jectsinteredse.info
 jecumapu.com
@ -51638,6 +51642,7 @@ kazandirtyscoot.com
 kazigua.top
 kazoowaughy.com
 kazucivi.com
+kb-cz.com
 kb-render.alicdn.com
 kb.rubiconproject.com
 kbahdkwof.com
@ -53198,6 +53203,7 @@ lathechevo.com
 latheendsmoo.com
 latherfadbasis.com
 latinovoicesmn.org
+lativahgreene.com
 latoniankeen.pro
 latrinehelves.com
 latterinconvenient.com
@ -59969,6 +59975,7 @@ metro114.com
 metroaverage.com
 metrocorpmedia-com.videoplayerhub.com
 metrodreamslifestyle.com
+metrofordec.com
 metropcs.mobileposse.com
 metsaubs.net
 mettelindberg.dk
@ -63169,6 +63176,7 @@ net-filter.com
 net-protector.com
 net-radar.com
 net.adpush.cn
+net.bigbooterhax.xyz
 net.cleverjp.com
 net.daraz.com
 net.daraz.com.bd
@ -72168,6 +72176,7 @@ player.sendtonews.com
 player.staging2.crazyegg.com
 player.stats.live-video.net
 player.tabooporns.com
+player.zype.com
 playercdn.net
 playerseo.club
 playertraffic.com
@ -95842,6 +95851,7 @@ tz.70e.me
 tz.zjhoudao.com
 tz284.com
 tzbtw.com
+tzegilo.com
 tzfafzmooqum.com
 tzh019.cn
 tzhqg.cn
@ -100895,6 +100905,7 @@ whitepush.biz
 whitesaas.com
 whitts.xyz
 whixochyxy.pro
+whizduly.com
 whizstats.com
 whizzco.com
 whkesznbi.com
@ -103625,6 +103636,7 @@ www.eskimi.com
 www.espncdn.shop
 www.esptj.com
 www.establishmentinfluence.com
+www.etisalatt.com
 www.euros4click.de
 www.eva.hi-ho.ne.jp
 www.evcknbym.com
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ssr-plus
-PKG_VERSION:=185
-PKG_RELEASE:=5
+PKG_VERSION:=186
+PKG_RELEASE:=1

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \
@ -10,6 +10,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_PDNSD \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2 \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client \
@ -18,21 +19,22 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan \
-	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin \
-	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin

 LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/Socks5/Tun LuCI interface
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:= \
 	@(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) \
 	+coreutils +coreutils-base64 +dns2socks +dns2tcp +dnsmasq-full +ipset +kmod-ipt-nat \
-	+ip-full +iptables +iptables-mod-tproxy +lua +libuci-lua +microsocks +tcping \
-	+resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \
+	+ip-full +iptables +iptables-mod-tproxy +lua +libuci-lua +luci-lib-ipkg +microsocks \
+	+tcping +resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks:ipt2socks \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_PDNSD:pdnsd-alt \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2:redsocks2 \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core:curl \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core:sagernet-core \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-local \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-redir \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server:shadowsocks-libev-ss-server \
@ -43,9 +45,7 @@ LUCI_DEPENDS:= \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server:shadowsocksr-libev-ssr-server \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Simple_Obfs:simple-obfs \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Trojan:trojan \
-	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin \
-	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:curl \
-	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core
+	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin

 define Package/$(PKG_NAME)/config
 config PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun
@ -69,9 +69,13 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2
 	bool "Include Redsocks2"
 	default n

+config PACKAGE_$(PKG_NAME)_INCLUDE_SagerNet_Core
+	bool "Include sagernet-core (An enhanced edition of v2ray-core)"
+	default y if aarch64||arm||i386||x86_64
+
 config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client
 	bool "Include Shadowsocks Libev Client"
-	default y if i386||x86_64||arm
+	default y if arm

 config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server
 	bool "Include Shadowsocks Libev Server"
@ -109,10 +113,6 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan
 config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin
 	bool "Include Shadowsocks V2ray Plugin"
 	default n
-
-config PACKAGE_$(PKG_NAME)_INCLUDE_Xray
-	bool "Include Xray"
-	default y if aarch64||arm||i386||x86_64
 endef

 define Package/$(PKG_NAME)/conffiles
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@ -56,6 +56,12 @@ o:value("https://ispip.clang.cn/all_cn.txt", translate("Clang.CN"))
 o:value("https://ispip.clang.cn/all_cn_cidr.txt", translate("Clang.CN.CIDR"))
 o.default = "https://ispip.clang.cn/all_cn.txt"

+o = s:option(ListValue, "default_packet_encoding", translate("Default Packet Encoding"))
+o:value("none", translate("none"))
+o:value("packet", translate("packet (v2ray-core v5+)"))
+o:value("xudp", translate("xudp (Xray-core)"))
+o.default = "xudp"
+
 o = s:option(Flag, "netflix_enable", translate("Enable Netflix Mode"))
 o.rmempty = false

--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@ -1,16 +1,23 @@
 -- Copyright (C) 2017 yushi studio <ywb94@qq.com> github.com/ywb94
 -- Licensed to the public under the GNU General Public License v3.
+
 require "nixio.fs"
 require "luci.sys"
 require "luci.http"
-local m, s, o, kcp_enable
+require "luci.model.ipkg"
+
+local m, s, o
 local sid = arg[1]
 local uuid = luci.sys.exec("cat /proc/sys/kernel/random/uuid")

-function is_finded(e)
+local function is_finded(e)
 	return luci.sys.exec('type -t -p "%s"' % e) ~= "" and true or false
 end

+local function is_installed(e)
+	return luci.model.ipkg.installed(e)
+end
+
 local server_table = {}
 local encrypt_methods = {
 	-- ssr
@ -40,12 +47,19 @@ local encrypt_methods = {
 }

 local encrypt_methods_ss = {
+	-- plain
+	"none",
+	"plain",
 	-- aead
 	"aes-128-gcm",
 	"aes-192-gcm",
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
-	"xchacha20-ietf-poly1305"
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
 	--[[ stream
 	"none",
 	"plain",
@ -67,22 +81,6 @@ local encrypt_methods_ss = {
 	"chacha20-ietf" ]]
 }

-local encrypt_methods_v2ray_ss = {
-	-- xray_ss
-	"none",
-	"plain",
-	-- aead
-	"aes-128-gcm",
-	"aes-256-gcm",
-	"chacha20-poly1305",
-	"chacha20-ietf-poly1305",
-	"xchacha20-ietf-poly1305",
-	"aead_aes_128_gcm",
-	"aead_aes_256_gcm",
-	"aead_chacha20_poly1305",
-	"aead_xchacha20_poly1305"
-}
-
 local protocol = {
 	-- ssr
 	"origin",
@ -98,7 +96,7 @@ local protocol = {
 	"auth_chain_f"
 }

-obfs = {
+local obfs = {
 	-- ssr
 	"plain",
 	"http_simple",
@ -117,7 +115,7 @@ local securitys = {
 }

 local flows = {
-	-- xlts
+	-- xtls
 	"xtls-rprx-origin",
 	"xtls-rprx-origin-udp443",
 	"xtls-rprx-direct",
@ -184,6 +182,9 @@ o:value("vless", translate("VLESS"))
 o:value("vmess", translate("VMess"))
 o:value("trojan", translate("Trojan"))
 o:value("shadowsocks", translate("Shadowsocks"))
+if is_installed("sagernet-core") then
+	o:value("wireguard", translate("WireGuard"))
+end
 o:value("socks", translate("Socks"))
 o:value("http", translate("HTTP"))
 o:depends("type", "v2ray")
@ -248,13 +249,13 @@ for _, v in ipairs(encrypt_methods_ss) do
 end
 o.rmempty = true
 o:depends("type", "ss")
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})

-o = s:option(ListValue, "encrypt_method_v2ray_ss", translate("Encrypt Method"))
-for _, v in ipairs(encrypt_methods_v2ray_ss) do
-	o:value(v)
-end
+o = s:option(Flag, "uot", translate("UDP over TCP"))
+o.description = translate("Enable the SUoT protocol, requires server support.")
 o.rmempty = true
 o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
+o.default = "0"

 o = s:option(Flag, "ivCheck", translate("Bloom Filter"))
 o.rmempty = true
@ -267,7 +268,7 @@ o:value("none", translate("None"))
 if is_finded("obfs-local") then
 	o:value("obfs-local", translate("obfs-local"))
 end
-if is_finded("v2ray-plugin") then
+if is_finded("v2ray-plugin") or is_installed("sagernet-core") then
 	o:value("v2ray-plugin", translate("v2ray-plugin"))
 end
 if is_finded("xray-plugin") then
@ -275,12 +276,12 @@ if is_finded("xray-plugin") then
 end
 o.rmempty = true
 o:depends("type", "ss")
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})

 o = s:option(Value, "plugin_opts", translate("Plugin Opts"))
 o.rmempty = true
-o:depends({type = "ss", plugin = "obfs-local"})
-o:depends({type = "ss", plugin = "v2ray-plugin"})
-o:depends({type = "ss", plugin = "xray-plugin"})
+o:depends("type", "ss")
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})

 o = s:option(ListValue, "protocol", translate("Protocol"))
 for _, v in ipairs(protocol) do
@ -332,7 +333,12 @@ o:value("h2", "HTTP/2")
 o:value("quic", "QUIC")
 o:value("grpc", "gRPC")
 o.rmempty = true
-o:depends("type", "v2ray")
+o:depends({type = "v2ray", v2ray_protocol = "vless"})
+o:depends({type = "v2ray", v2ray_protocol = "vmess"})
+o:depends({type = "v2ray", v2ray_protocol = "trojan"})
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
+o:depends({type = "v2ray", v2ray_protocol = "socks"})
+o:depends({type = "v2ray", v2ray_protocol = "http"})

 -- [[ TCP部分 ]]--
 -- TCP伪装
@ -452,7 +458,8 @@ o.rmempty = true
 o = s:option(Value, "mtu", translate("MTU"))
 o.datatype = "uinteger"
 o:depends("transport", "kcp")
-o.default = 1350
+o:depends({type = "v2ray", v2ray_protocol = "wireguard"})
+-- o.default = 1350
 o.rmempty = true

 o = s:option(Value, "tti", translate("TTI"))
@ -493,12 +500,35 @@ o = s:option(Flag, "congestion", translate("Congestion"))
 o:depends("transport", "kcp")
 o.rmempty = true

+-- [[ WireGuard 部分 ]]--
+o = s:option(DynamicList, "local_addresses", translate("Local addresses"))
+o:depends({type = "v2ray", v2ray_protocol = "wireguard"})
+o.rmempty = true
+
+o = s:option(Value, "private_key", translate("Private key"))
+o:depends({type = "v2ray", v2ray_protocol = "wireguard"})
+o.password = true
+o.rmempty = true
+
+o = s:option(Value, "peer_pubkey", translate("Peer public key"))
+o:depends({type = "v2ray", v2ray_protocol = "wireguard"})
+o.rmempty = true
+
+o = s:option(Value, "preshared_key", translate("Pre-shared key"))
+o:depends({type = "v2ray", v2ray_protocol = "wireguard"})
+o.password = true
+o.rmempty = true
+
 -- [[ TLS ]]--
 o = s:option(Flag, "tls", translate("TLS"))
 o.rmempty = true
 o.default = "0"
-o:depends({type = "v2ray", xtls = false})
-- o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "trojan", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "socks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "http", xtls = false})
 o:depends("type", "trojan")

 -- XTLS
@ -552,7 +582,12 @@ o.description = translate("If true, allowss insecure connection at TLS client, e
 -- [[ Mux ]]--
 o = s:option(Flag, "mux", translate("Mux"))
 o.rmempty = false
-o:depends({type = "v2ray", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vless", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "vmess", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "trojan", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "socks", xtls = false})
+o:depends({type = "v2ray", v2ray_protocol = "http", xtls = false})

 o = s:option(Value, "concurrency", translate("Concurrency"))
 o.datatype = "uinteger"
@ -619,6 +654,17 @@ o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "trojan")

+if is_installed("sagernet-core") then
+	o = s:option(ListValue, "packet_encoding", translate("Packet Encoding"))
+	o:value("none", translate("none"))
+	o:value("packet", translate("packet (v2ray-core v5+)"))
+	o:value("xudp", translate("xudp (Xray-core)"))
+	o.default = "xudp"
+	o.rmempty = true
+	o:depends({type = "v2ray", v2ray_protocol = "vless"})
+	o:depends({type = "v2ray", v2ray_protocol = "vmess"})
+end
+
 o = s:option(Flag, "switch_enable", translate("Enable Auto Switch"))
 o.rmempty = false
 o.default = "1"
@ -629,11 +675,11 @@ o.default = 1234
 o.rmempty = false

 if is_finded("kcptun-client") then
-	kcp_enable = s:option(Flag, "kcp_enable", translate("KcpTun Enable"))
-	kcp_enable.rmempty = true
-	kcp_enable.default = "0"
-	kcp_enable:depends("type", "ssr")
-	kcp_enable:depends("type", "ss")
+	o = s:option(Flag, "kcp_enable", translate("KcpTun Enable"))
+	o.rmempty = true
+	o.default = "0"
+	o:depends("type", "ssr")
+	o:depends("type", "ss")

 	o = s:option(Value, "kcp_port", translate("KcpTun Port"))
 	o.datatype = "port"
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua
@ -38,7 +38,11 @@ local encrypt_methods_ss = {
 	"aes-192-gcm",
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
-	"xchacha20-ietf-poly1305"
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
 	--[[ stream
 	"table",
 	"rc4",
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua
@ -34,7 +34,11 @@ local encrypt_methods_ss = {
 	"aes-192-gcm",
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
-	"xchacha20-ietf-poly1305"
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
 	--[[ stream
 	"table",
 	"rc4",
--- a/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@ -61,6 +61,12 @@ msgstr "密码"
 msgid "Encrypt Method"
 msgstr "加密方式"

+msgid "Enable the SUoT protocol, requires server support."
+msgstr "启用 SUoT 协议，需要服务端支持。"
+
+msgid "Bloom Filter"
+msgstr "布隆过滤器"
+
 msgid "VLESS Encryption"
 msgstr "VLESS 加密"

@ -706,9 +712,6 @@ msgstr "微信视频通话"
 msgid "DTLS 1.2"
 msgstr "DTLS 1.2 数据包"

-msgid "WireGuard"
-msgstr "WireGuard 数据包"
-
 msgid "MTU"
 msgstr "最大传输单元"

@ -730,6 +733,21 @@ msgstr "写入缓冲区大小"
 msgid "Congestion"
 msgstr "拥塞控制"

+msgid "Local addresses"
+msgstr "本地地址"
+
+msgid "Private key"
+msgstr "私钥"
+
+msgid "Peer public key"
+msgstr "节点公钥"
+
+msgid "Pre-shared key"
+msgstr "预共享密钥"
+
+msgid "Packet Encoding"
+msgstr "数据包编码"
+
 msgid "Network interface to use"
 msgstr "使用的网络接口"

@ -757,5 +775,8 @@ msgstr "重新应用"
 msgid "Apply"
 msgstr "应用"

+msgid "Default Packet Encoding"
+msgstr "默认数据包编码"
+
 msgid "Enable Netflix Mode"
 msgstr "启用 Netflix 分流模式"
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -365,8 +365,8 @@ start_udp() {
 		;;
 	v2ray)
 		gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $udp_config_file
-		echolog "UDP TPROXY Relay:$($(first_type "xray" "v2ray") version | head -1) Started!"
+		ln_start_bin $(first_type v2ray xray) v2ray run -config $udp_config_file
+		echolog "UDP TPROXY Relay:$($(first_type "v2ray" "xray") version | head -1) Started!"
 		;;
 	trojan) #client
 		gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_local_port
@ -415,9 +415,9 @@ start_shunt() {
 	v2ray)
 		local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
 		gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file
+		ln_start_bin $(first_type v2ray xray) v2ray run -config $shunt_config_file
 		ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port 8.8.8.8:53 127.0.0.1:$tmp_shunt_dns_port -q
-		echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
+		echolog "shunt:$($(first_type v2ray xray) version | head -1) Started!"
 		;;
 	trojan)
 		gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port
@ -491,9 +491,9 @@ start_local() {
 	v2ray)
 		if [ "$_local" == "2" ]; then
 			gen_config_file $LOCAL_SERVER $type 4 0 $local_port
-			ln_start_bin $(first_type xray v2ray) v2ray run -config $local_config_file
+			ln_start_bin $(first_type v2ray xray) v2ray run -config $local_config_file
 		fi
-		echolog "Global_Socks5:$($(first_type "xray" "v2ray") version | head -1) Started!"
+		echolog "Global_Socks5:$($(first_type "v2ray" "xray") version | head -1) Started!"
 		;;
 	trojan) #client
 		gen_config_file $LOCAL_SERVER $type 4 $local_port
@ -553,8 +553,8 @@ Start_Run() {
 		;;
 	v2ray)
 		gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port
-		ln_start_bin $(first_type xray v2ray) v2ray run -config $tcp_config_file
-		echolog "Main node:$($(first_type xray v2ray) version | head -1) Started!"
+		ln_start_bin $(first_type v2ray xray) v2ray run -config $tcp_config_file
+		echolog "Main node:$($(first_type v2ray xray) version | head -1) Started!"
 		;;
 	trojan)
 		gen_config_file $GLOBAL_SERVER $type 1 $tcp_port
@ -908,6 +908,7 @@ reset() {
 		set shadowsocksr.@global[0].switch_time='667'
 		set shadowsocksr.@global[0].switch_timeout='5'
 		set shadowsocksr.@global[0].switch_try_count='3'
+		set shadowsocksr.@global[0].default_packet_encoding='xudp'
 		set shadowsocksr.@global[0].gfwlist_url='https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt'
 		set shadowsocksr.@global[0].chnroute_url='https://ispip.clang.cn/all_cn.txt'
 		set shadowsocksr.@global[0].nfip_url='https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt'
--- a/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
+++ b/luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus
@ -1,16 +1,19 @@
 #!/bin/sh
+
 uci -q batch <<-EOF >/dev/null
-delete ucitrack.@shadowsocksr[-1]
-add ucitrack shadowsocksr
-set ucitrack.@shadowsocksr[-1].init=shadowsocksr
-commit ucitrack
-delete firewall.shadowsocksr
-set firewall.shadowsocksr=include
-set firewall.shadowsocksr.type=script
-set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include
-set firewall.shadowsocksr.reload=1
-commit firewall
+	delete ucitrack.@shadowsocksr[-1]
+	add ucitrack shadowsocksr
+	set ucitrack.@shadowsocksr[-1].init=shadowsocksr
+	commit ucitrack
+
+	delete firewall.shadowsocksr
+	set firewall.shadowsocksr=include
+	set firewall.shadowsocksr.type=script
+	set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include
+	set firewall.shadowsocksr.reload=1
+	commit firewall
 EOF
+
 rm -rf /etc/config/shadowsocksr-opkg /etc/ssrplus/*opkg
 touch /etc/ssrplus/china_ssr.txt
 touch /etc/ssrplus/deny.list
@ -23,15 +26,17 @@ touch /etc/ssrplus/gfw_list.conf
 touch /etc/ssrplus/oversea_list.conf
 touch /etc/ssrplus/ad.conf
 touch /etc/config/shadowsocksr
-if [ ! -s "/etc/config/shadowsocksr" ]; then
-/etc/init.d/shadowsocksr reset
-fi
-sed -i "s/option type 'vmess'"/"option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr
-sed -i "s/option type 'vless'"/"option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr
+[ -s "/etc/config/shadowsocksr" ] || /etc/init.d/shadowsocksr reset
+
+sed -i "s/option type 'vmess'/option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr
+sed -i "s/option type 'vless'/option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr
+sed -i "s/option encrypt_method_v2ray_ss/option encrypt_method_ss/g" /etc/config/shadowsocksr
+
 if [ -s "/etc/uwsgi/vassals/luci-webui.ini" ];then
 	limit=$(cat /etc/uwsgi/vassals/luci-webui.ini  | grep -Eo "limit-as.*"|grep -Eo "[0-9]+")
 	[ $limit -lt 5000 ] && sed -i '/limit-as/c\limit-as = 5000' /etc/uwsgi/vassals/luci-webui.ini && \
 	/etc/init.d/uwsgi restart
 fi
+
 rm -rf /tmp/luci-modulecache /tmp/luci-indexcache
 exit 0
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@ -1,11 +1,16 @@
-local ucursor = require"luci.model.uci".cursor()
+#!/usr/bin/lua
+
+local ucursor = require "luci.model.uci".cursor()
 local json = require "luci.jsonc"
+
 local server_section = arg[1]
 local proto = arg[2]
 local local_port = arg[3] or "0"
 local socks_port = arg[4] or "0"
+
 local server = ucursor:get_all("shadowsocksr", server_section)
 local outbound_settings = nil
+
 function vmess_vless()
 	outbound_settings = {
 		vnext = {
@ -21,19 +26,23 @@ function vmess_vless()
 					}
 				}
 			}
-		}
+		},
+		packetEncoding = server.packet_encoding or nil
 	}
 end
 function trojan_shadowsocks()
 	outbound_settings = {
+		plugin = (server.v2ray_protocol == "shadowsocks") and server.plugin ~= "none" and server.plugin or nil,
+		pluginOpts = (server.v2ray_protocol == "shadowsocks") and server.plugin_opts or nil,
 		servers = {
 			{
 				address = server.server,
 				port = tonumber(server.server_port),
 				password = server.password,
-				method = (server.v2ray_protocol == "shadowsocks") and server.encrypt_method_v2ray_ss or nil,
-				flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil,
-				ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil
+				method = (server.v2ray_protocol == "shadowsocks") and server.encrypt_method_ss or nil,
+				uot = (server.v2ray_protocol == "shadowsocks") and (server.uot == '1') or nil,
+				ivCheck = (server.v2ray_protocol == "shadowsocks") and (server.ivCheck == '1') or nil,
+				flow = (server.v2ray_protocol == "trojan") and (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil
 			}
 		}
 	}
@ -54,6 +63,17 @@ function socks_http()
 		}
 	}
 end
+function wireguard()
+	outbound_settings = {
+		address = server.server,
+		port = tonumber(server.server_port),
+		localAddresses = server.local_addresses,
+		privateKey = server.private_key,
+		peerPublicKey = server.peer_pubkey,
+		preSharedKey = server.preshared_key or nil,
+		mtu = tonumber(server.mtu) or 1500
+	}
+end
 local outbound = {}
 function outbound:new(o)
 	o = o or {}
@ -80,6 +100,9 @@ function outbound:handleIndex(index)
 		end,
 		http = function()
 			socks_http()
+		end,
+		wireguard = function()
+			wireguard()
 		end
 	}
 	if switch[index] then
@ -185,7 +208,8 @@ local Xray = {
 		mux = (server.mux == "1" and server.xtls ~= "1" and server.transport ~= "grpc") and {
 			-- mux
 			enabled = true,
-			concurrency = tonumber(server.concurrency)
+			concurrency = tonumber(server.concurrency),
+			packetEncoding = (server.v2ray_protocol == "vmess" or server.v2ray_protocol == "vless") and server.packet_encoding or nil
 		} or nil
 	} or nil
 }
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
@ -9,6 +9,7 @@ require "nixio"
 require "luci.util"
 require "luci.sys"
 require "luci.jsonc"
+require "luci.model.ipkg"
 -- these global functions are accessed all the time by the event handler
 -- so caching them is worth the effort
 local tinsert = table.insert
@ -25,18 +26,26 @@ local switch = ucic:get_first(name, 'server_subscribe', 'switch', '1')
 local subscribe_url = ucic:get_first(name, 'server_subscribe', 'subscribe_url', {})
 local filter_words = ucic:get_first(name, 'server_subscribe', 'filter_words', '过期时间/剩余流量')
 local save_words = ucic:get_first(name, 'server_subscribe', 'save_words', '')
+local packet_encoding = luci.model.ipkg.installed("sagernet-core") and ucic:get_first(name, 'global', 'default_packet_encoding', 'xudp') or nil
 local v2_ss = luci.sys.exec('type -t -p ss-redir sslocal') ~= "" and "ss" or "v2ray"
 local v2_tj = luci.sys.exec('type -t -p trojan') ~= "" and "trojan" or "v2ray"
 local log = function(...)
 	print(os.date("%Y-%m-%d %H:%M:%S ") .. table.concat({...}, " "))
 end
 local encrypt_methods_ss = {
+	-- plain
+	"none",
+	"plain",
 	-- aead
 	"aes-128-gcm",
 	"aes-192-gcm",
 	"aes-256-gcm",
 	"chacha20-ietf-poly1305",
-	"xchacha20-ietf-poly1305"
+	"xchacha20-ietf-poly1305",
+	-- aead 2022
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
 	--[[ stream
 	"table",
 	"rc4",
@ -165,6 +174,7 @@ local function processData(szType, content)
 		result.transport = info.net
 		result.vmess_id = info.id
 		result.alias = info.ps
+		result.packet_encoding = packet_encoding
 		-- result.mux = 1
 		-- result.concurrency = 8
 		if info.net == 'ws' then
@ -237,6 +247,8 @@ local function processData(szType, content)
 		local password = userinfo:sub(userinfo:find(":") + 1, #userinfo)
 		result.alias = UrlDecode(alias)
 		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
+		result.encrypt_method_ss = method
 		result.password = password
 		result.server = host[1]
 		if host[2]:find("/%?") then
@ -267,33 +279,27 @@ local function processData(szType, content)
 		if not checkTabValue(encrypt_methods_ss)[method] then
 			-- 1202 年了还不支持 SS AEAD 的屑机场
 			result.server = nil
-		elseif v2_ss == "v2ray" then
-			result.v2ray_protocol = "shadowsocks"
-			result.encrypt_method_v2ray_ss = method
-		else
-			result.encrypt_method_ss = method
 		end
 	elseif szType == "sip008" then
 		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
 		result.server = content.server
 		result.server_port = content.server_port
 		result.password = content.password
+		result.encrypt_method_ss = content.method
 		result.plugin = content.plugin
 		result.plugin_opts = content.plugin_opts
 		result.alias = content.remarks
 		if not checkTabValue(encrypt_methods_ss)[content.method] then
 			result.server = nil
-		elseif v2_ss == "v2ray" then
-			result.v2ray_protocol = "shadowsocks"
-			result.encrypt_method_v2ray_ss = content.method
-		else
-			result.encrypt_method_ss = content.method
 		end
 	elseif szType == "ssd" then
 		result.type = v2_ss
+		result.v2ray_protocol = (v2_ss == "v2ray") and "shadowsocks" or nil
 		result.server = content.server
 		result.server_port = content.port
 		result.password = content.password
+		result.encrypt_method_ss = content.method
 		result.plugin_opts = content.plugin_options
 		result.alias = "[" .. content.airport .. "] " .. content.remarks
 		if content.plugin == "simple-obfs" then
@ -303,11 +309,6 @@ local function processData(szType, content)
 		end
 		if not checkTabValue(encrypt_methods_ss)[content.encryption] then
 			result.server = nil
-		elseif v2_ss == "v2ray" then
-			result.v2ray_protocol = "shadowsocks"
-			result.encrypt_method_v2ray_ss = content.method
-		else
-			result.encrypt_method_ss = content.method
 		end
 	elseif szType == "trojan" then
 		local idx_sp = 0
@ -370,6 +371,7 @@ local function processData(szType, content)
 			result.vmess_id = uuid
 			result.vless_encryption = params.encryption or "none"
 			result.transport = params.type and (params.type == 'http' and 'h2' or params.type) or "tcp"
+			result.packet_encoding = packet_encoding
 			if not params.type or params.type == "tcp" then
 				if params.security == "xtls" then
 					result.xtls = "1"
--- a/my-default-settings/files/etc/uci-defaults/99-default-settings
+++ b/my-default-settings/files/etc/uci-defaults/99-default-settings
@ -201,23 +201,23 @@ test $version -lt 1 && {
 	uci -q set system.@system[0].zram_comp_algo='zstd'
 	uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)"
 	uci commit system
+	
+	# sysctl overwrite
+	SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
+	mkdir -p /etc/sysctl.d
+	echo -n >$SYSCTL_LOCAL
+	echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL
+	echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL
+	echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL
+	echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL
+	echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL
+	echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL
+	echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL
+	echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL
+	echo vm.swappiness=0 >>$SYSCTL_LOCAL
 	version=1
 }

-# sysctl overwrite
-SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
-mkdir -p /etc/sysctl.d
-echo -n >$SYSCTL_LOCAL
-echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL
-echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL
-echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL
-echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL
-echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL
-echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL
-echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL
-echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL
-echo vm.swappiness=0 >>$SYSCTL_LOCAL
-
 cp -pR /www/cgi-bin/* /www/
 rm -rf /tmp/luci-*

--- a/shadowsocksr-libev/patches/103-Add-TPROXY-support-for-TCP-ssr-redir.patch
+++ b/shadowsocksr-libev/patches/103-Add-TPROXY-support-for-TCP-ssr-redir.patch
@ -1,6 +1,6 @@
 --- a/completions/bash/ss-redir
 +++ b/completions/bash/ss-redir
-@@ -2,7 +2,7 @@
+@@ -2,7 +2,7 @@ _ss_redir()
 {
     local cur prev opts ciphers
     ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf'
@ -11,7 +11,7 @@
     case "$prev" in
 --- a/src/jconf.c
 +++ b/src/jconf.c
-@@ -338,7 +338,11 @@
+@@ -338,7 +338,11 @@ read_jconf(const char *file)
                     check_json_value_type(value, json_boolean,
                                           "invalid config file: option 'ipv6_first' must be a boolean");
                     conf.ipv6_first = value->u.boolean;
@ -19,18 +19,18 @@
 +                } else if (strcmp(name, "tcp_tproxy") == 0) {
 +                    check_json_value_type(value, json_boolean,
 +                                          "invalid config file: option 'tcp_tproxy' must be a boolean");
-+                    conf.tcp_tproxy = value->u.boolean;
-+                }
+					conf.tcp_tproxy = value->u.boolean;
+				}
             }
         }
     } else {
 --- a/src/jconf.h
 +++ b/src/jconf.h
-@@ -105,6 +105,7 @@
+@@ -105,6 +105,7 @@ typedef struct {
     int mtu;
     int mptcp;
     int ipv6_first;
-+    int tcp_tproxy;
+	int tcp_tproxy;
 } jconf_t;
 
 jconf_t *read_jconf(const char *file);
@ -51,7 +51,7 @@
 #include "includeobfs.h" // I don't want to modify makefile
 #include "jconf.h"
 
-@@ -101,18 +109,28 @@
+@@ -101,18 +109,28 @@ static struct cork_dllist inactive_profi
 static listen_ctx_t *current_profile;
 static struct cork_dllist all_connections;
 
@ -86,31 +86,31 @@
     }
     return 0;
 }
-@@ -164,6 +182,23 @@
+@@ -164,6 +182,23 @@ create_and_bind(const char *addr, const
         if (err == 0) {
             LOGI("tcp port reuse enabled");
         }
 +		
-+        if (tcp_tproxy) {
+		if (tcp_tproxy) {
 +            int level = 0, optname = 0;
 +            if (rp->ai_family == AF_INET) {
 +                level = IPPROTO_IP;
 +                optname = IP_TRANSPARENT;
-+        } else {
-+            level = IPPROTO_IPV6;
-+            optname = IPV6_TRANSPARENT;
-+        }
+            } else {
+                level = IPPROTO_IPV6;
+                optname = IPV6_TRANSPARENT;
+            }
 +
-+        if (setsockopt(listen_sock, level, optname, &opt, sizeof(opt)) != 0) {
-+            ERROR("setsockopt IP_TRANSPARENT");
-+            exit(EXIT_FAILURE);
+            if (setsockopt(listen_sock, level, optname, &opt, sizeof(opt)) != 0) {
+                ERROR("setsockopt IP_TRANSPARENT");
+                exit(EXIT_FAILURE);
+            }
+            LOGI("tcp tproxy mode enabled");
 +        }
-+        LOGI("tcp tproxy mode enabled");
-+    }
 
         s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
         if (s == 0) {
-@@ -1094,7 +1129,7 @@
+@@ -1094,7 +1129,7 @@ main(int argc, char **argv)
 
     USE_TTY();
 
@ -119,21 +119,21 @@
                             "O:o:G:g:",
                             long_options, &option_index)) != -1) {
         switch (c) {
-@@ -1169,6 +1204,9 @@
+@@ -1169,6 +1204,9 @@ main(int argc, char **argv)
         case 'U':
             mode = UDP_ONLY;
             break;
-+        case 'T':
+		case 'T':
 +            tcp_tproxy = 1;
 +            break;
         case 'v':
             verbose = 1;
             break;
-@@ -1255,6 +1293,9 @@
+@@ -1255,6 +1293,9 @@ main(int argc, char **argv)
         if (mode == TCP_ONLY) {
             mode = conf->mode;
         }
-+        if (tcp_tproxy == 0) {
+		if (tcp_tproxy == 0) {
 +            tcp_tproxy = conf->tcp_tproxy;
 +        }
         if (mtu == 0) {
@ -141,7 +141,7 @@
         }
 --- a/src/utils.c
 +++ b/src/utils.c
-@@ -342,6 +342,10 @@
+@@ -342,6 +342,10 @@ usage()
 #endif
     printf(
         "       [-U]                       Enable UDP relay and disable TCP relay.\n");
--- a/shadowsocksr-libev/src/server/http_simple.c
+++ b/shadowsocksr-libev/src/server/http_simple.c
@ -107,6 +107,7 @@ int get_data_from_http_header(char *data, char **outdata) {

        //p_line = strtok(p_line, delim);
    }
+    *outdata = buf;
    return outlength;
 }