diff --git a/luci-app-ssr-plus/root/usr/bin/ssr-monitor b/luci-app-ssr-plus/root/usr/bin/ssr-monitor new file mode 100755 index 000000000..f637d5090 --- /dev/null +++ b/luci-app-ssr-plus/root/usr/bin/ssr-monitor @@ -0,0 +1,134 @@ +#!/bin/sh +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# +. $IPKG_INSTROOT/etc/init.d/shadowsocksr +LOCK_FILE="/var/lock/ssr-monitor.lock" +[ -f "$LOCK_FILE" ] && exit 2 +touch "$LOCK_FILE" +server_process_count=$1 +redir_tcp_process=$2 +redir_udp_process=$3 +kcp_process=$4 +local_process=$5 +pdnsd_process=$6 +if [ -z "$pdnsd_process" ]; then + pdnsd_process=0 +fi +i=0 +GLOBAL_SERVER=$(uci_get_by_type global global_server) +server=$(uci_get_by_name $GLOBAL_SERVER server) +kcp_port=$(uci_get_by_name $GLOBAL_SERVER kcp_port) +server_port=$(uci_get_by_name $GLOBAL_SERVER server_port) +password=$(uci_get_by_name $GLOBAL_SERVER kcp_password) +kcp_param=$(uci_get_by_name $GLOBAL_SERVER kcp_param) +[ "$password" != "" ] && password="--key "${password} + +while [ "1" == "1" ]; do #死循环 + sleep 000030s + #redir tcp + if [ "$redir_tcp_process" -gt 0 ]; then + icount=$(busybox ps -w | grep ssr-retcp | grep -v grep | wc -l) + if [ "$icount" == 0 ]; then + logger -t "$NAME" "ssrplus redir tcp error.restart!" + echolog "ssrplus redir tcp error.restart!" + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi + #redir udp + if [ "$redir_udp_process" -gt 0 ]; then + icount=$(busybox ps -w | grep ssr-reudp | grep -v grep | wc -l) + if [ "$icount" == 0 ]; then + logger -t "$NAME" "ssrplus redir udp error.restart!" + echolog "ssrplus redir udp error.restart!" + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi + #server + if [ "$server_process_count" -gt 0 ]; then + icount=$(busybox ps -w | grep ssr-server | grep -v grep | wc -l) + if [ "$icount" -lt "$server_process_count" ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "ssrplus server error.restart!" + echolog "ssrplus server error.restart!" + kill -9 $(busybox ps -w | grep ssr-server | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi + #kcptun + if [ "$kcp_process" -gt 0 ]; then + icount=$(busybox ps -w | grep kcptun-client | grep -v grep | wc -l) + if [ "$icount" -lt "$kcp_process" ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "ssrplus kcptun error.restart!" + echolog "ssrplus kcptun error.restart!" + killall -q -9 kcptun-client + (/usr/bin/kcptun-client -r $server:$kcp_port -l :$server_port $password $kcp_param &) + fi + fi + #localsocks + if [ "$local_process" -gt 0 ]; then + icount=$(busybox ps -w | grep ssr-local | grep -v grep | wc -l) + if [ "$icount" -lt "$local_process" ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "global socks server error.restart!" + echolog "global socks server error.restart!" + kill -9 $(busybox ps -w | grep ssr-local | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + /etc/init.d/shadowsocksr restart + exit 0 + fi + fi + #dns2tcp + if [ "$pdnsd_process" -eq 1 ]; then + icount=$(busybox ps -w | grep $TMP_BIN_PATH/dns2tcp | grep -v grep | wc -l) + if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "dns2tcp tunnel error.restart!" + echolog "dns2tcp tunnel error.restart!" + dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53) + kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/dns2tcp | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + ln_start_bin $(first_type dns2tcp) dns2tcp -L "127.0.0.1#$dns_port" -R "${dnsserver/:/#}" + fi + #dns2socks + elif [ "$pdnsd_process" -eq 2 ]; then + icount=$(busybox ps -w | grep -e ssrplus-dns -e "dns2socks 127.0.0.1 $tmp_dns_port" | grep -v grep | wc -l) + if [ "$icount" -lt 2 ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "dns2socks $dnsserver tunnel error.restart!" + echolog "dns2socks $dnsserver tunnel error.restart!" + dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53) + kill -9 $(busybox ps -w | grep ssrplus-dns | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + kill -9 $(busybox ps -w | grep "dns2socks 127.0.0.1 $tmp_dns_port" | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_dns_port ssrplus-dns + ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_dns_port $dnsserver 127.0.0.1:$dns_port -q + fi + #mosdns + elif [ "$pdnsd_process" -eq 3 ]; then + icount=$(busybox ps -w | grep $TMP_BIN_PATH/mosdns | grep -v grep | wc -l) + if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "mosdns tunnel error.restart!" + echolog "mosdns tunnel error.restart!" + dnsserver=$(uci_get_by_type global tunnel_forward 8.8.4.4:53) + kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/mosdns | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + ln_start_bin $(first_type mosdns) mosdns start -c /etc/mosdns/config.yaml + fi + fi + #chinadns-ng + if [ "$(uci -q get "dhcp.@dnsmasq[0]._unused_ssrp_changed")" = "1" ]; then + icount=$(busybox ps -w | grep $TMP_BIN_PATH/chinadns-ng | grep -v grep | wc -l) + if [ "$icount" -lt 1 ]; then #如果进程挂掉就重启它 + logger -t "$NAME" "chinadns-ng tunnel error.restart!" + echolog "chinadns-ng tunnel error.restart!" + chinadns=$(uci_get_by_type global chinadns_forward) + wandns="$(ifstatus wan | jsonfilter -e '@["dns-server"][0]' || echo "119.29.29.29")" + case "$chinadns" in + "wan") chinadns="$wandns" ;; + ""|"wan_114") chinadns="$wandns,114.114.114.114" ;; + esac + kill -9 $(busybox ps -w | grep $TMP_BIN_PATH/chinadns-ng | grep -v grep | awk '{print $1}') >/dev/null 2>&1 + ln_start_bin $(first_type chinadns-ng) chinadns-ng -l $china_dns_port -4 china -p 3 -c ${chinadns/:/#} -t 127.0.0.1#$dns_port -N -f -r + fi + fi +done diff --git a/luci-app-ssr-plus/root/usr/bin/ssr-rules b/luci-app-ssr-plus/root/usr/bin/ssr-rules new file mode 100755 index 000000000..547d910ae --- /dev/null +++ b/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -0,0 +1,424 @@ +#!/bin/sh +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# +TAG="_SS_SPEC_RULE_" # comment tag +IPT="iptables -t nat" # alias of iptables +FWI=$(uci get firewall.shadowsocksr.path 2>/dev/null) # firewall include file +usage() { + cat <<-EOF + Usage: ssr-rules [options] + + Valid options are: + + -s ip address of shadowsocksr remote server + -l port number of shadowsocksr local server + -S ip address of shadowsocksr remote UDP server + -L port number of shadowsocksr local UDP server + -i a file content is bypassed ip list + -a lan ip of access control, need a prefix to + define access control mode + -b wan ip of will be bypassed + -w wan ip of will be forwarded + -B lan ip of will be bypassed proxy + -p lan ip of will be global proxy + -G lan ip of will be game mode proxy + -D proxy ports + -F shunt mode + -N shunt server IP + -M shunt proxy mode + -m Interface name + -I a file content is bypassed shunt ip list + -e extra options for iptables + -o apply the rules to the OUTPUT chain + -O apply the global rules to the OUTPUT chain + -u enable udprelay mode, TPROXY is required + -U enable udprelay mode, using different IP + and ports for TCP and UDP + -f flush the rules + -g gfwlist mode + -r router mode + -c oversea mode + -z all mode + -h show this help message and exit + EOF + exit $1 +} + +loger() { + # 1.alert 2.crit 3.err 4.warn 5.notice 6.info 7.debug + logger -st ssr-rules[$$] -p$1 $2 +} + +flush_r() { + flush_iptables() { + local ipt="iptables -t $1" + local DAT=$(iptables-save -t $1) + eval $(echo "$DAT" | grep "$TAG" | sed -e 's/^-A/$ipt -D/' -e 's/$/;/') + for chain in $(echo "$DAT" | awk '/^:SS_SPEC/{print $1}'); do + $ipt -F ${chain:1} 2>/dev/null && $ipt -X ${chain:1} + done + } + flush_iptables nat + flush_iptables mangle + ip rule del fwmark 0x01/0x01 table 100 2>/dev/null + ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null + ipset -X ss_spec_lan_ac 2>/dev/null + ipset -X ss_spec_wan_ac 2>/dev/null + ipset -X ssr_gen_router 2>/dev/null + ipset -X fplan 2>/dev/null + ipset -X bplan 2>/dev/null + ipset -X gmlan 2>/dev/null + ipset -X oversea 2>/dev/null + ipset -X whitelist 2>/dev/null + ipset -X blacklist 2>/dev/null + ipset -X netflix 2>/dev/null + [ -n "$FWI" ] && echo '#!/bin/sh' >$FWI + return 0 +} + +ipset_r() { + [ -f "$IGNORE_LIST" ] && /usr/share/shadowsocksr/chinaipset.sh $IGNORE_LIST + $IPT -N SS_SPEC_WAN_AC + $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN + ipset -N gmlan hash:net 2>/dev/null + for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done + case "$RUNMODE" in + router) + ipset -! -R <<-EOF || return 1 + create ss_spec_wan_ac hash:net + $(gen_spec_iplist | sed -e "s/^/add ss_spec_wan_ac /") + EOF + $IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN + $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN + $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW + ;; + gfw) + ipset -N gfwlist hash:net 2>/dev/null + $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN + $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW + ;; + oversea) + ipset -N oversea hash:net 2>/dev/null + $IPT -I SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW + ;; + all) + $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW + ;; + esac + ipset -N fplan hash:net 2>/dev/null + for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done + $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW + ipset -N bplan hash:net 2>/dev/null + for ip in $LAN_BP_IP; do ipset -! add bplan $ip; done + $IPT -I SS_SPEC_WAN_AC -m set --match-set bplan src -j RETURN + ipset -N whitelist hash:net 2>/dev/null + ipset -N blacklist hash:net 2>/dev/null + $IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW + $IPT -I SS_SPEC_WAN_AC -m set --match-set whitelist dst -j RETURN + if [ $(ipset list music -name -quiet | grep music) ]; then + $IPT -I SS_SPEC_WAN_AC -m set --match-set music dst -j RETURN 2>/dev/null + fi + for ip in $WAN_BP_IP; do ipset -! add whitelist $ip; done + for ip in $WAN_FW_IP; do ipset -! add blacklist $ip; done + if [ "$SHUNT_PORT" != "0" ]; then + ipset -N netflix hash:net 2>/dev/null + for ip in $(cat ${SHUNT_LIST:=/dev/null} 2>/dev/null); do ipset -! add netflix $ip; done + case "$SHUNT_PORT" in + 0) ;; + 1) + $IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $local_port + ;; + *) + $IPT -I SS_SPEC_WAN_AC -p tcp -m set --match-set netflix dst -j REDIRECT --to-ports $SHUNT_PORT + if [ "$SHUNT_PROXY" == "1" ]; then + $IPT -I SS_SPEC_WAN_AC -p tcp -d $SHUNT_IP -j REDIRECT --to-ports $local_port + else + ipset -! add whitelist $SHUNT_IP + fi + ;; + esac + fi + return $? +} + +fw_rule() { + $IPT -N SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_FW -d 0.0.0.0/8 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 169.254.0.0/16 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN + $IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN + $IPT -A SS_SPEC_WAN_FW -p tcp $PROXY_PORTS -j REDIRECT --to-ports $local_port 2>/dev/null || { + loger 3 "Can't redirect, please check the iptables." + exit 1 + } + return $? +} + +ac_rule() { + if [ -n "$LAN_AC_IP" ]; then + case "${LAN_AC_IP:0:1}" in + w | W) + MATCH_SET="-m set --match-set ss_spec_lan_ac src" + ;; + b | B) + MATCH_SET="-m set ! --match-set ss_spec_lan_ac src" + ;; + *) + loger 3 "Bad argument \`-a $LAN_AC_IP\`." + return 2 + ;; + esac + fi + ipset -! -R <<-EOF || return 1 + create ss_spec_lan_ac hash:net + $(for ip in ${LAN_AC_IP:1}; do echo "add ss_spec_lan_ac $ip"; done) + EOF + if [ -z "$Interface" ]; then + $IPT -I PREROUTING 1 -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC + else + for name in $Interface; do + local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null) + [ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null) + [ -n "$IFNAME" ] && $IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC + done + fi + + case "$OUTPUT" in + 1) + $IPT -I OUTPUT 1 -p tcp $EXT_ARGS -m comment --comment "$TAG" -j SS_SPEC_WAN_AC + ;; + 2) + ipset -! -R <<-EOF || return 1 + create ssr_gen_router hash:net + $(gen_spec_iplist | sed -e "s/^/add ssr_gen_router /") + EOF + $IPT -N SS_SPEC_ROUTER && \ + $IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN && \ + $IPT -A SS_SPEC_ROUTER -j SS_SPEC_WAN_FW + $IPT -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_ROUTER + ;; + esac + return $? +} + +tp_rule() { + [ -n "$TPROXY" ] || return 0 + ip rule add fwmark 0x01/0x01 table 100 + ip route add local 0.0.0.0/0 dev lo table 100 + local ipt="iptables -t mangle" + $ipt -N SS_SPEC_TPROXY + $ipt -A SS_SPEC_TPROXY -p udp --dport 53 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 0.0.0.0/8 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 10.0.0.0/8 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 127.0.0.0/8 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 169.254.0.0/16 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 172.16.0.0/12 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 192.168.0.0/16 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp ! --dport 53 -d $SERVER -j RETURN + [ "$server" != "$SERVER" ] && ipset -! add whitelist $SERVER + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + case "$RUNMODE" in + router) + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set ss_spec_wan_ac dst -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + ;; + gfw) + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set gfwlist dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + ;; + oversea) + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set oversea src -m dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + ;; + all) + $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 + ;; + esac + if [ -z "$Interface" ]; then + $ipt -I PREROUTING 1 -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY + else + for name in $Interface; do + local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null) + [ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null) + [ -n "$IFNAME" ] && $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY + done + fi + return $? +} + +get_wan_ip() { + cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}" + $server + $SERVER + $WAN_BP_IP + EOF +} + +gen_spec_iplist() { + cat <<-EOF + 0.0.0.0/8 + 10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.0/8 + 169.254.0.0/16 + 172.16.0.0/12 + 192.0.0.0/24 + 192.0.2.0/24 + 192.88.99.0/24 + 192.168.0.0/16 + 198.18.0.0/15 + 198.51.100.0/24 + 203.0.113.0/24 + 224.0.0.0/4 + 240.0.0.0/4 + 255.255.255.255 + $(get_wan_ip) + EOF +} + +gen_include() { + [ -n "$FWI" ] || return 0 + extract_rules() { + echo "*$1" + iptables-save -t $1 | grep SS_SPEC_ | sed -e "s/^-A \(OUTPUT\|PREROUTING\)/-I \1 1/" + echo 'COMMIT' + } + cat <<-EOF >>$FWI + iptables-save -c | grep -v "SS_SPEC" | iptables-restore -c + iptables-restore -n <<-EOT + $(extract_rules nat) + $(extract_rules mangle) + EOT + EOF + return 0 +} + +while getopts ":m:s:l:S:L:i:e:a:B:b:w:p:G:D:F:N:M:I:oOuUfgrczh" arg; do + case "$arg" in + m) + Interface=$OPTARG + ;; + s) + server=$OPTARG + ;; + l) + local_port=$OPTARG + ;; + S) + SERVER=$OPTARG + ;; + L) + LOCAL_PORT=$OPTARG + ;; + i) + IGNORE_LIST=$OPTARG + ;; + e) + EXT_ARGS=$OPTARG + ;; + a) + LAN_AC_IP=$OPTARG + ;; + B) + LAN_BP_IP=$OPTARG + ;; + b) + WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done) + ;; + w) + WAN_FW_IP=$OPTARG + ;; + p) + LAN_FP_IP=$OPTARG + ;; + G) + LAN_GM_IP=$OPTARG + ;; + D) + PROXY_PORTS=$OPTARG + ;; + F) + SHUNT_PORT=$OPTARG + ;; + N) + SHUNT_IP=$OPTARG + ;; + M) + SHUNT_PROXY=$OPTARG + ;; + I) + SHUNT_LIST=$OPTARG + ;; + o) + OUTPUT=1 + ;; + O) + OUTPUT=2 + ;; + u) + TPROXY=1 + ;; + U) + TPROXY=2 + ;; + g) + RUNMODE=gfw + ;; + r) + RUNMODE=router + ;; + c) + RUNMODE=oversea + ;; + z) + RUNMODE=all + ;; + f) + flush_r + exit 0 + ;; + h) usage 0 ;; + esac +done + +if [ -z "$server" -o -z "$local_port" ]; then + usage 2 +fi + +case "$TPROXY" in +1) + SERVER=$server + LOCAL_PORT=$local_port + ;; +2) + : ${SERVER:?"You must assign an ip for the udp relay server."} + : ${LOCAL_PORT:?"You must assign a port for the udp relay server."} + ;; +esac + +flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include +RET=$? +[ "$RET" = 0 ] || loger 3 "Start failed!" +exit $RET diff --git a/luci-app-ssr-plus/root/usr/bin/ssr-switch b/luci-app-ssr-plus/root/usr/bin/ssr-switch new file mode 100755 index 000000000..5a2a37090 --- /dev/null +++ b/luci-app-ssr-plus/root/usr/bin/ssr-switch @@ -0,0 +1,155 @@ +#!/bin/sh /etc/rc.common +# +# Copyright (C) 2017 openwrt-ssr +# Copyright (C) 2017 yushi studio +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +. $IPKG_INSTROOT/etc/init.d/shadowsocksr +LOCK_FILE="/var/lock/ssr-switch.lock" +[ -f "$LOCK_FILE" ] && exit 2 +touch "$LOCK_FILE" +LOG_FILE=/var/log/ssrplus.log + +cycle_time=60 +switch_time=3 +normal_flag=0 +server_locate=0 +server_count=0 +ENABLE_SERVER=nil +[ -n "$1" ] && cycle_time=$1 +[ -n "$2" ] && switch_time=$2 +DEFAULT_SERVER=$(uci_get_by_type global global_server) +CURRENT_SERVER=$DEFAULT_SERVER + +#判断代理是否正常 +check_proxy() { + local result=0 + local try_count=$(uci_get_by_type global switch_try_count 3) + for i in $(seq 1 $try_count); do + /usr/bin/ssr-check www.google.com 80 $switch_time 1 + if [ "$?" == "0" ]; then + # echolog "Check Google Proxy Success, count=$i" + result=0 + break + else + # echolog "Check Google Proxy Fail, count=$i" + /usr/bin/ssr-check www.baidu.com 80 $switch_time 1 + if [ "$?" == "0" ]; then + result=1 + else + result=2 + fi + fi + sleep 1 + done + return $result +} + +test_proxy() { + local servername=$(uci_get_by_name $1 server) + local serverport=$(uci_get_by_name $1 server_port) + ipset add whitelist $servername 2>/dev/null + tcping -q -c 3 -i 1 -t 2 -p $serverport $servername + if [ "$?" -gt "0" ]; then + ipset del whitelist $servername 2>/dev/null + return 1 + fi + /usr/bin/ssr-check $servername $serverport $switch_time + local ret=$? + ipset del whitelist $servername 2>/dev/null + if [ "$ret" == "0" ]; then + return 0 + else + return 1 + fi +} + +search_proxy() { + let server_count=server_count+1 + [ "$normal_flag" == "1" -a "$server_count" -le "$server_locate" ] && return 0 + [ "$(uci_get_by_name $1 switch_enable 0)" != "1" ] && return 1 + [ $ENABLE_SERVER != nil ] && return 0 + [ "$1" == "$CURRENT_SERVER" ] && return 0 + local servername=$(uci_get_by_name $1 server) + local serverport=$(uci_get_by_name $1 server_port) + ipset add whitelist $servername 2>/dev/null + /usr/bin/ssr-check $servername $serverport $switch_time + local ret=$? + ipset del whitelist $servername 2>/dev/null + if [ "$ret" == "0" ]; then + server_locate=$server_count + ENABLE_SERVER=$1 + return 0 + else + return 1 + fi +} + +#选择可用的代理 +select_proxy() { + config_load $NAME + ENABLE_SERVER=nil + mkdir -p /var/run /var/etc + server_count=0 + config_foreach search_proxy servers +} + +#切换代理 +switch_proxy() { + /etc/init.d/shadowsocksr restart $1 + return 0 +} + +start() { + #不支持kcptun启用时的切换 + [ $(uci_get_by_name $DEFAULT_SERVER kcp_enable) = "1" ] && return 1 + while [ "1" == "1" ]; do #死循环 + sleep 0000$cycle_time + LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") + #判断当前代理是否为缺省服务器 + if [ "$CURRENT_SERVER" != "$DEFAULT_SERVER" ]; then + #echo "not default proxy" + echolog "Current server is not default Main server, try to switch back." + #检查缺省服务器是否正常 + if test_proxy $DEFAULT_SERVER; then + #echo "switch to default proxy" + echolog "Main server is avilable." + #缺省服务器正常,切换回来 + CURRENT_SERVER=$DEFAULT_SERVER + switch_proxy $CURRENT_SERVER + echolog "switch to default "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!" + else + echolog "Main server is NOT avilable.Continue using current server." + fi + fi + #判断当前代理是否正常 + #echolog "Start checking if the current server is available." + check_proxy + current_ret=$? + if [ "$current_ret" == "1" ]; then + #当前代理错误,判断有无可用的服务器 + #echo "current error" + echolog "Current server error, try to switch another server." + select_proxy + if [ "$ENABLE_SERVER" != nil ]; then + #有其他服务器可用,进行切换 + #echo $(uci_get_by_name $new_proxy server) + echolog "Another server is avilable, now switching server." + CURRENT_SERVER=$ENABLE_SERVER + switch_proxy $CURRENT_SERVER + normal_flag=1 + echolog "Switch to "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!" + else + switch_proxy $CURRENT_SERVER + normal_flag=1 + echolog "Try restart current server." + fi + else + normal_flag=0 + # echolog "ShadowsocksR No Problem." + fi + done +} diff --git a/redsocks2/Makefile b/redsocks2/Makefile index f649b745b..52e000ebc 100644 --- a/redsocks2/Makefile +++ b/redsocks2/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=redsocks2 -PKG_VERSION:=0.67 +PKG_VERSION:=release-test4 PKG_RELEASE:=4 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/semigodking/redsocks.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_VERSION:=d94c245ea47859cda5b4b7373308589206b97bdc -PKG_MIRROR_HASH:=938f859d1b55a91aa5cbcda3ddff1d04ccab292f784b0434060c73acab12c457 +PKG_HASH:=1afcb2683b35913dd36877f34ab97f803920d82dff482c0ba79f36ae9049e965 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_MAINTAINER:=semigodking PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/v2ray-geodata/Makefile b/v2ray-geodata/Makefile index 09f18e1cc..67aab6cd0 100644 --- a/v2ray-geodata/Makefile +++ b/v2ray-geodata/Makefile @@ -21,13 +21,13 @@ define Download/geoip HASH:=d29a781c15da854f708b81c1838598f1a340b04ef3546cf128a57f44a27cdd42 endef -GEOSITE_VER:=20240208184303 +GEOSITE_VER:=20240215145143 GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER) define Download/geosite URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/ URL_FILE:=dlc.dat FILE:=$(GEOSITE_FILE) - HASH:=869bd4c60029810e8adf0f7e953fb0ee3c5c9fff4342da29415c6193fdf47c06 + HASH:=4d9673f4b4251e8b20089a563bf7cd35fe4171df872c4d7e7a1264614c9cccdc endef GEOSITE_IRAN_VER:=202402120025 diff --git a/v2raya/Makefile b/v2raya/Makefile index 2a5410f0c..137bbe82d 100644 --- a/v2raya/Makefile +++ b/v2raya/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA -PKG_VERSION:=2.2.4.6 +PKG_VERSION:=2.2.4.7 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz @@ -60,7 +60,7 @@ define Download/v2raya-web URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/ URL_FILE:=web.tar.gz FILE:=$(WEB_FILE) - HASH:=09109442abac13801b7b82433fccbb769657b1d292ac4820af179c297e845135 + HASH:=7bb401e171b5e288a4120140521ed038986482e4852bf3b56368c3f0370a50b6 endef define Build/Prepare