update 2024-02-15 23:47:09

2025-01-08 11:17:34 +08:00 · 2024-02-15 23:47:09 +08:00 · 2024-02-15 23:47:09 +08:00 · e8d20a75e4
commit e8d20a75e4
parent e8ca76521c
6 changed files with 719 additions and 6 deletions
--- a/luci-app-ssr-plus/root/usr/bin/ssr-monitor
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-monitor
@ -0,0 +1,134 @@
+#!/bin/sh
+#
+# Copyright (C) 2017 openwrt-ssr
+# Copyright (C) 2017 yushi studio <ywb94@qq.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+. $IPKG_INSTROOT/etc/init.d/shadowsocksr
+LOCK_FILE="/var/lock/ssr-monitor.lock"
+[ -f "$LOCK_FILE" ] && exit 2
+touch "$LOCK_FILE"
+server_process_count=$1
+redir_tcp_process=$2
+redir_udp_process=$3
+kcp_process=$4
+local_process=$5
+pdnsd_process=$6
+if [ -z "$pdnsd_process" ]; then
+	pdnsd_process=0
+fi
+i=0
+GLOBAL_SERVER=$(uci_get_by_type global global_server)
+server=$(uci_get_by_name $GLOBAL_SERVER server)
+kcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port)
+server_port=$(uci_get_by_name $GLOBAL_SERVER server_port)
+password=$(uci_get_by_name $GLOBAL_SERVER kcp_password)
+kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param)
+[ "$password" != "" ] && password="--key "${password}
+
+while [ "1" == "1" ]; do #死循环
+	sleep 000030s
+	#redir tcp
+	if [ "$redir_tcp_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-retcp | grep -v grep | wc -l)
+		if [ "$icount" == 0 ]; then
+			logger -t "$NAME" "ssrplus redir tcp error.restart!"
+			echolog "ssrplus redir tcp error.restart!"
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#redir udp
+	if [ "$redir_udp_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-reudp | grep -v grep | wc -l)
+		if [ "$icount" == 0 ]; then
+			logger -t "$NAME" "ssrplus redir udp error.restart!"
+			echolog "ssrplus redir udp error.restart!"
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#server
+	if [ "$server_process_count" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-server | grep -v grep | wc -l)
+		if [ "$icount" -lt "$server_process_count" ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "ssrplus server error.restart!"
+			echolog "ssrplus server error.restart!"
+			kill -9 $(busybox ps -w | grep ssr-server | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#kcptun
+	if [ "$kcp_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep kcptun-client | grep -v grep | wc -l)
+		if [ "$icount" -lt "$kcp_process" ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "ssrplus kcptun error.restart!"
+			echolog "ssrplus kcptun error.restart!"
+			killall -q -9 kcptun-client
+			(/usr/bin/kcptun-client -r $server:$kcp_port -l :$server_port $password $kcp_param &)
+		fi
+	fi
+	#localsocks
+	if [ "$local_process" -gt 0 ]; then
+		icount=$(busybox ps -w | grep ssr-local | grep -v grep | wc -l)
+		if [ "$icount" -lt "$local_process" ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "global socks server error.restart!"
+			echolog "global socks server error.restart!"
+			kill -9 $(busybox ps -w | grep ssr-local | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			/etc/init.d/shadowsocksr restart
+			exit 0
+		fi
+	fi
+	#dns2tcp
+	if [ "$pdnsd_process" -eq 1 ]; then
+		icount=$(busybox ps -w | grep $TMP_BIN_PATH/dns2tcp | grep -v grep | wc -l)
+		if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "dns2tcp tunnel error.restart!"
+			echolog "dns2tcp tunnel error.restart!"
+			dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53)
+			kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/dns2tcp | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type dns2tcp) dns2tcp -L "127.0.0.1#$dns_port" -R "${dnsserver/:/#}"
+		fi
+	#dns2socks
+	elif [ "$pdnsd_process" -eq 2 ]; then
+		icount=$(busybox ps -w | grep -e ssrplus-dns -e "dns2socks 127.0.0.1 $tmp_dns_port" | grep -v grep | wc -l)
+		if [ "$icount" -lt 2 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "dns2socks $dnsserver tunnel error.restart!"
+			echolog "dns2socks $dnsserver tunnel error.restart!"
+			dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53)
+			kill -9 $(busybox ps -w | grep ssrplus-dns | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			kill -9 $(busybox ps -w | grep "dns2socks 127.0.0.1 $tmp_dns_port" | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_dns_port ssrplus-dns
+			ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_dns_port $dnsserver 127.0.0.1:$dns_port -q
+		fi
+	#mosdns
+	elif [ "$pdnsd_process" -eq 3 ]; then
+		icount=$(busybox ps -w | grep $TMP_BIN_PATH/mosdns | grep -v grep | wc -l)
+		if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "mosdns tunnel error.restart!"
+			echolog "mosdns tunnel error.restart!"
+			dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53)
+			kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/mosdns | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type mosdns) mosdns start -c /etc/mosdns/config.yaml
+		fi
+	fi
+	#chinadns-ng
+	if [ "$(uci -q get "dhcp.@dnsmasq[0]._unused_ssrp_changed")" = "1" ]; then
+		icount=$(busybox ps -w | grep $TMP_BIN_PATH/chinadns-ng | grep -v grep | wc -l)
+		if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它
+			logger -t "$NAME" "chinadns-ng tunnel error.restart!"
+			echolog "chinadns-ng tunnel error.restart!"
+			chinadns=$(uci_get_by_type global chinadns_forward)
+			wandns="$(ifstatus wan | jsonfilter -e '@["dns-server"][0]' || echo "119.29.29.29")"
+			case "$chinadns" in
+			"wan") chinadns="$wandns" ;;
+			""|"wan_114") chinadns="$wandns,114.114.114.114" ;;
+			esac
+			kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/chinadns-ng | grep -v grep | awk '{print $1}') >/dev/null 2>&1
+			ln_start_bin $(first_type chinadns-ng) chinadns-ng -l $china_dns_port -4 china -p 3 -c ${chinadns/:/#} -t 127.0.0.1#$dns_port -N -f -r
+		fi
+	fi
+done
--- a/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-rules
@ -0,0 +1,424 @@
+#!/bin/sh
+#
+# Copyright (C) 2017 openwrt-ssr
+# Copyright (C) 2017 yushi studio <ywb94@qq.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+TAG="_SS_SPEC_RULE_"                                  # comment tag
+IPT="iptables -t nat"                                 # alias of iptables
+FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null) # firewall include file
+usage() {
+	cat <<-EOF
+		Usage: ssr-rules [options]
+
+		Valid options are:
+
+		    -s <server_ip>          ip address of shadowsocksr remote server
+		    -l <local_port>         port number of shadowsocksr local server
+		    -S <server_ip>          ip address of shadowsocksr remote UDP server
+		    -L <local_port>         port number of shadowsocksr local UDP server
+		    -i <ip_list_file>       a file content is bypassed ip list
+		    -a <lan_ips>            lan ip of access control, need a prefix to
+		                            define access control mode
+		    -b <wan_ips>            wan ip of will be bypassed
+		    -w <wan_ips>            wan ip of will be forwarded
+		    -B <bp_lan_ips>         lan ip of will be bypassed proxy
+		    -p <fp_lan_ips>         lan ip of will be global proxy
+		    -G <gm_lan_ips>         lan ip of will be game mode proxy
+		    -D <proxy_ports>        proxy ports
+		    -F                      shunt mode
+		    -N                      shunt server IP
+		    -M                      shunt proxy mode
+		    -m <Interface>          Interface name
+		    -I <ip_list_file>       a file content is bypassed shunt ip list
+		    -e <extra_options>      extra options for iptables
+		    -o                      apply the rules to the OUTPUT chain
+		    -O                      apply the global rules to the OUTPUT chain
+		    -u                      enable udprelay mode, TPROXY is required
+		    -U                      enable udprelay mode, using different IP
+		                            and ports for TCP and UDP
+		    -f                      flush the rules
+		    -g                      gfwlist mode
+		    -r                      router mode
+		    -c                      oversea mode
+		    -z                      all mode
+		    -h                      show this help message and exit
+	EOF
+	exit $1
+}
+
+loger() {
+	# 1.alert 2.crit 3.err 4.warn 5.notice 6.info 7.debug
+	logger -st ssr-rules[$$] -p$1 $2
+}
+
+flush_r() {
+	flush_iptables() {
+		local ipt="iptables -t $1"
+		local DAT=$(iptables-save -t $1)
+		eval $(echo "$DAT" | grep "$TAG" | sed -e 's/^-A/$ipt -D/' -e 's/$/;/')
+		for chain in $(echo "$DAT" | awk '/^:SS_SPEC/{print $1}'); do
+			$ipt -F ${chain:1} 2>/dev/null && $ipt -X ${chain:1}
+		done
+	}
+	flush_iptables nat
+	flush_iptables mangle
+	ip rule del fwmark 0x01/0x01 table 100 2>/dev/null
+	ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
+	ipset -X ss_spec_lan_ac 2>/dev/null
+	ipset -X ss_spec_wan_ac 2>/dev/null
+	ipset -X ssr_gen_router 2>/dev/null
+	ipset -X fplan 2>/dev/null
+	ipset -X bplan 2>/dev/null
+	ipset -X gmlan 2>/dev/null
+	ipset -X oversea 2>/dev/null
+	ipset -X whitelist 2>/dev/null
+	ipset -X blacklist 2>/dev/null
+	ipset -X netflix 2>/dev/null
+	[ -n "$FWI" ] && echo '#!/bin/sh' >$FWI
+	return 0
+}
+
+ipset_r() {
+	[ -f "$IGNORE_LIST" ] && /usr/share/shadowsocksr/chinaipset.sh $IGNORE_LIST
+	$IPT -N SS_SPEC_WAN_AC
+	$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
+	ipset -N gmlan hash:net 2>/dev/null
+	for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done
+	case "$RUNMODE" in
+	router)
+		ipset -! -R <<-EOF || return 1
+			create ss_spec_wan_ac hash:net
+			$(gen_spec_iplist | sed -e "s/^/add ss_spec_wan_ac /")
+		EOF
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
+		;;
+	gfw)
+		ipset -N gfwlist hash:net 2>/dev/null
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+		;;
+	oversea)
+		ipset -N oversea hash:net 2>/dev/null
+		$IPT -I SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW
+		;;
+	all)
+		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
+		;;
+	esac
+	ipset -N fplan hash:net 2>/dev/null
+	for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
+	ipset -N bplan hash:net 2>/dev/null
+	for ip in $LAN_BP_IP; do ipset -! add bplan $ip; done
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set bplan src -j RETURN
+	ipset -N whitelist hash:net 2>/dev/null
+	ipset -N blacklist hash:net 2>/dev/null
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set whitelist dst -j RETURN
+	if [ $(ipset list music -name -quiet | grep music) ]; then
+		$IPT -I SS_SPEC_WAN_AC -m set --match-set music dst -j RETURN 2>/dev/null
+	fi
+	for ip in $WAN_BP_IP; do ipset -! add whitelist $ip; done
+	for ip in $WAN_FW_IP; do ipset -! add blacklist $ip; done
+	if [ "$SHUNT_PORT" != "0" ]; then
+		ipset -N netflix hash:net 2>/dev/null
+		for ip in $(cat ${SHUNT_LIST:=/dev/null} 2>/dev/null); do ipset -! add netflix $ip; done
+		case "$SHUNT_PORT" in
+		0) ;;
+		1)
+			$IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $local_port
+			;;
+		*)
+			$IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $SHUNT_PORT
+			if [ "$SHUNT_PROXY" == "1" ]; then
+				$IPT -I SS_SPEC_WAN_AC -p tcp -d $SHUNT_IP -j REDIRECT --to-ports $local_port
+			else
+				ipset -! add whitelist $SHUNT_IP
+			fi
+			;;
+		esac
+	fi
+	return $?
+}
+
+fw_rule() {
+	$IPT -N SS_SPEC_WAN_FW
+	$IPT -A SS_SPEC_WAN_FW -d 0.0.0.0/8 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 169.254.0.0/16 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN
+	$IPT -A SS_SPEC_WAN_FW -p tcp $PROXY_PORTS -j REDIRECT --to-ports $local_port 2>/dev/null || {
+		loger 3 "Can't redirect, please check the iptables."
+		exit 1
+	}
+	return $?
+}
+
+ac_rule() {
+	if [ -n "$LAN_AC_IP" ]; then
+		case "${LAN_AC_IP:0:1}" in
+		w | W)
+			MATCH_SET="-m set --match-set ss_spec_lan_ac src"
+			;;
+		b | B)
+			MATCH_SET="-m set ! --match-set ss_spec_lan_ac src"
+			;;
+		*)
+			loger 3 "Bad argument \`-a $LAN_AC_IP\`."
+			return 2
+			;;
+		esac
+	fi
+	ipset -! -R <<-EOF || return 1
+		create ss_spec_lan_ac hash:net
+		$(for ip in ${LAN_AC_IP:1}; do echo "add ss_spec_lan_ac $ip"; done)
+	EOF
+	if [ -z "$Interface" ]; then
+		$IPT -I PREROUTING 1 -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+	else
+		for name in $Interface; do
+			local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+			[ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null)
+			[ -n "$IFNAME" ] && $IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+		done
+	fi
+
+	case "$OUTPUT" in
+	1)
+		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+		;;
+	2)
+		ipset -! -R <<-EOF || return 1
+			create ssr_gen_router hash:net
+			$(gen_spec_iplist | sed -e "s/^/add ssr_gen_router /")
+		EOF
+		$IPT -N SS_SPEC_ROUTER && \
+		$IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN && \
+		$IPT -A SS_SPEC_ROUTER -j SS_SPEC_WAN_FW
+		$IPT -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_ROUTER
+		;;
+	esac
+	return $?
+}
+
+tp_rule() {
+	[ -n "$TPROXY" ] || return 0
+	ip rule add fwmark 0x01/0x01 table 100
+	ip route add local 0.0.0.0/0 dev lo table 100
+	local ipt="iptables -t mangle"
+	$ipt -N SS_SPEC_TPROXY
+	$ipt -A SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 0.0.0.0/8 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 10.0.0.0/8 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 127.0.0.0/8 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 169.254.0.0/16 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 172.16.0.0/12 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 192.168.0.0/16 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp ! --dport 53 -d $SERVER -j RETURN
+	[ "$server" != "$SERVER" ] && ipset -! add whitelist $SERVER
+	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+	case "$RUNMODE" in
+	router)
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set ss_spec_wan_ac dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	gfw)
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set gfwlist dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	oversea)
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set oversea src -m dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	all)
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		;;
+	esac
+	if [ -z "$Interface" ]; then
+		$ipt -I PREROUTING 1 -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
+	else
+		for name in $Interface; do
+			local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+			[ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null)
+			[ -n "$IFNAME" ] && $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
+		done
+	fi
+	return $?
+}
+
+get_wan_ip() {
+	cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}"
+		$server
+		$SERVER
+		$WAN_BP_IP
+	EOF
+}
+
+gen_spec_iplist() {
+	cat <<-EOF
+		0.0.0.0/8
+		10.0.0.0/8
+		100.64.0.0/10
+		127.0.0.0/8
+		169.254.0.0/16
+		172.16.0.0/12
+		192.0.0.0/24
+		192.0.2.0/24
+		192.88.99.0/24
+		192.168.0.0/16
+		198.18.0.0/15
+		198.51.100.0/24
+		203.0.113.0/24
+		224.0.0.0/4
+		240.0.0.0/4
+		255.255.255.255
+		$(get_wan_ip)
+	EOF
+}
+
+gen_include() {
+	[ -n "$FWI" ] || return 0
+	extract_rules() {
+		echo "*$1"
+		iptables-save -t $1 | grep SS_SPEC_ | sed -e "s/^-A \(OUTPUT\|PREROUTING\)/-I \1 1/"
+		echo 'COMMIT'
+	}
+	cat <<-EOF >>$FWI
+		iptables-save -c | grep -v "SS_SPEC" | iptables-restore -c
+		iptables-restore -n <<-EOT
+		$(extract_rules nat)
+		$(extract_rules mangle)
+		EOT
+	EOF
+	return 0
+}
+
+while getopts ":m:s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:I:oOuUfgrczh" arg; do
+	case "$arg" in
+	m)
+		Interface=$OPTARG
+		;;
+	s)
+		server=$OPTARG
+		;;
+	l)
+		local_port=$OPTARG
+		;;
+	S)
+		SERVER=$OPTARG
+		;;
+	L)
+		LOCAL_PORT=$OPTARG
+		;;
+	i)
+		IGNORE_LIST=$OPTARG
+		;;
+	e)
+		EXT_ARGS=$OPTARG
+		;;
+	a)
+		LAN_AC_IP=$OPTARG
+		;;
+	B)
+		LAN_BP_IP=$OPTARG
+		;;
+	b)
+		WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done)
+		;;
+	w)
+		WAN_FW_IP=$OPTARG
+		;;
+	p)
+		LAN_FP_IP=$OPTARG
+		;;
+	G)
+		LAN_GM_IP=$OPTARG
+		;;
+	D)
+		PROXY_PORTS=$OPTARG
+		;;
+	F)
+		SHUNT_PORT=$OPTARG
+		;;
+	N)
+		SHUNT_IP=$OPTARG
+		;;
+	M)
+		SHUNT_PROXY=$OPTARG
+		;;
+	I)
+		SHUNT_LIST=$OPTARG
+		;;
+	o)
+		OUTPUT=1
+		;;
+	O)
+		OUTPUT=2
+		;;
+	u)
+		TPROXY=1
+		;;
+	U)
+		TPROXY=2
+		;;
+	g)
+		RUNMODE=gfw
+		;;
+	r)
+		RUNMODE=router
+		;;
+	c)
+		RUNMODE=oversea
+		;;
+	z)
+		RUNMODE=all
+		;;
+	f)
+		flush_r
+		exit 0
+		;;
+	h) usage 0 ;;
+	esac
+done
+
+if [ -z "$server" -o -z "$local_port" ]; then
+	usage 2
+fi
+
+case "$TPROXY" in
+1)
+	SERVER=$server
+	LOCAL_PORT=$local_port
+	;;
+2)
+	: ${SERVER:?"You must assign an ip for the udp relay server."}
+	: ${LOCAL_PORT:?"You must assign a port for the udp relay server."}
+	;;
+esac
+
+flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include
+RET=$?
+[ "$RET" = 0 ] || loger 3 "Start failed!"
+exit $RET
--- a/luci-app-ssr-plus/root/usr/bin/ssr-switch
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-switch
@ -0,0 +1,155 @@
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2017 openwrt-ssr
+# Copyright (C) 2017 yushi studio <ywb94@qq.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+. $IPKG_INSTROOT/etc/init.d/shadowsocksr
+LOCK_FILE="/var/lock/ssr-switch.lock"
+[ -f "$LOCK_FILE" ] && exit 2
+touch "$LOCK_FILE"
+LOG_FILE=/var/log/ssrplus.log
+
+cycle_time=60
+switch_time=3
+normal_flag=0
+server_locate=0
+server_count=0
+ENABLE_SERVER=nil
+[ -n "$1" ] && cycle_time=$1
+[ -n "$2" ] && switch_time=$2
+DEFAULT_SERVER=$(uci_get_by_type global global_server)
+CURRENT_SERVER=$DEFAULT_SERVER
+
+#判断代理是否正常
+check_proxy() {
+	local result=0
+	local try_count=$(uci_get_by_type global switch_try_count 3)
+	for i in $(seq 1 $try_count); do
+		/usr/bin/ssr-check www.google.com 80 $switch_time 1
+		if [ "$?" == "0" ]; then
+			# echolog "Check Google Proxy Success, count=$i"
+			result=0
+			break
+		else
+			# echolog "Check Google Proxy Fail, count=$i"
+			/usr/bin/ssr-check www.baidu.com 80 $switch_time 1
+			if [ "$?" == "0" ]; then
+				result=1
+			else
+				result=2
+			fi
+		fi
+		sleep 1
+	done
+	return $result
+}
+
+test_proxy() {
+	local servername=$(uci_get_by_name $1 server)
+	local serverport=$(uci_get_by_name $1 server_port)
+	ipset add whitelist $servername 2>/dev/null
+	tcping -q -c 3 -i 1 -t 2 -p $serverport $servername
+	if [ "$?" -gt "0" ]; then
+		ipset del whitelist $servername 2>/dev/null
+		return 1
+	fi
+	/usr/bin/ssr-check $servername $serverport $switch_time
+	local ret=$?
+	ipset del whitelist $servername 2>/dev/null
+	if [ "$ret" == "0" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+search_proxy() {
+	let server_count=server_count+1
+	[ "$normal_flag" == "1" -a "$server_count" -le "$server_locate" ] && return 0
+	[ "$(uci_get_by_name $1 switch_enable 0)" != "1" ] && return 1
+	[ $ENABLE_SERVER != nil ] && return 0
+	[ "$1" == "$CURRENT_SERVER" ] && return 0
+	local servername=$(uci_get_by_name $1 server)
+	local serverport=$(uci_get_by_name $1 server_port)
+	ipset add whitelist $servername 2>/dev/null
+	/usr/bin/ssr-check $servername $serverport $switch_time
+	local ret=$?
+	ipset del whitelist $servername 2>/dev/null
+	if [ "$ret" == "0" ]; then
+		server_locate=$server_count
+		ENABLE_SERVER=$1
+		return 0
+	else
+		return 1
+	fi
+}
+
+#选择可用的代理
+select_proxy() {
+	config_load $NAME
+	ENABLE_SERVER=nil
+	mkdir -p /var/run /var/etc
+	server_count=0
+	config_foreach search_proxy servers
+}
+
+#切换代理
+switch_proxy() {
+	/etc/init.d/shadowsocksr restart $1
+	return 0
+}
+
+start() {
+	#不支持kcptun启用时的切换
+	[ $(uci_get_by_name $DEFAULT_SERVER kcp_enable) = "1" ] && return 1
+	while [ "1" == "1" ]; do #死循环
+		sleep 0000$cycle_time
+		LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
+		#判断当前代理是否为缺省服务器
+		if [ "$CURRENT_SERVER" != "$DEFAULT_SERVER" ]; then
+			#echo "not default proxy"
+			echolog "Current server is not default Main server, try to switch back."
+			#检查缺省服务器是否正常
+			if test_proxy $DEFAULT_SERVER; then
+				#echo "switch to default proxy"
+				echolog "Main server is avilable."
+				#缺省服务器正常，切换回来
+				CURRENT_SERVER=$DEFAULT_SERVER
+				switch_proxy $CURRENT_SERVER
+				echolog "switch to default "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!"
+			else
+				echolog "Main server is NOT avilable.Continue using current server."
+			fi
+		fi
+		#判断当前代理是否正常
+		#echolog "Start checking if the current server is available."
+		check_proxy
+		current_ret=$?
+		if [ "$current_ret" == "1" ]; then
+			#当前代理错误，判断有无可用的服务器
+			#echo "current error"
+			echolog "Current server error, try to switch another server."
+			select_proxy
+			if [ "$ENABLE_SERVER" != nil ]; then
+				#有其他服务器可用，进行切换
+				#echo $(uci_get_by_name $new_proxy server)
+				echolog "Another server is avilable, now switching server."
+				CURRENT_SERVER=$ENABLE_SERVER
+				switch_proxy $CURRENT_SERVER
+				normal_flag=1
+				echolog "Switch to "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!"
+			else
+				switch_proxy $CURRENT_SERVER
+				normal_flag=1
+				echolog "Try restart current server."
+			fi
+		else
+			normal_flag=0
+			# echolog "ShadowsocksR No Problem."
+		fi
+	done
+}
--- a/redsocks2/Makefile
+++ b/redsocks2/Makefile
@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk


 PKG_NAME:=redsocks2
-PKG_VERSION:=0.67
+PKG_VERSION:=release-test4
 PKG_RELEASE:=4

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/semigodking/redsocks.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_VERSION:=d94c245ea47859cda5b4b7373308589206b97bdc
-PKG_MIRROR_HASH:=938f859d1b55a91aa5cbcda3ddff1d04ccab292f784b0434060c73acab12c457
+PKG_HASH:=1afcb2683b35913dd36877f34ab97f803920d82dff482c0ba79f36ae9049e965
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=semigodking <semigodking@gmail.com>
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--- a/v2ray-geodata/Makefile
+++ b/v2ray-geodata/Makefile
@ -21,13 +21,13 @@ define Download/geoip
  HASH:=d29a781c15da854f708b81c1838598f1a340b04ef3546cf128a57f44a27cdd42
 endef

-GEOSITE_VER:=20240208184303
+GEOSITE_VER:=20240215145143
 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
 define Download/geosite
  URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
  URL_FILE:=dlc.dat
  FILE:=$(GEOSITE_FILE)
-  HASH:=869bd4c60029810e8adf0f7e953fb0ee3c5c9fff4342da29415c6193fdf47c06
+  HASH:=4d9673f4b4251e8b20089a563bf7cd35fe4171df872c4d7e7a1264614c9cccdc
 endef

 GEOSITE_IRAN_VER:=202402120025
--- a/v2raya/Makefile
+++ b/v2raya/Makefile
@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=v2rayA
-PKG_VERSION:=2.2.4.6
+PKG_VERSION:=2.2.4.7
 PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@ -60,7 +60,7 @@ define Download/v2raya-web
 	URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/
 	URL_FILE:=web.tar.gz
 	FILE:=$(WEB_FILE)
-	HASH:=09109442abac13801b7b82433fccbb769657b1d292ac4820af179c297e845135
+          HASH:=7bb401e171b5e288a4120140521ed038986482e4852bf3b56368c3f0370a50b6
 endef

 define Build/Prepare