Merge pull request #265 from Mattraks/udp

Fix udp and TLS Host bug

luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=181
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 include $(INCLUDE_DIR)/package.mk
 

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua

@@ -57,6 +57,7 @@ o.description = translate("Support AdGuardHome and DNSMASQ format list")
 
 o = s:option(Value, "gfwlist_url", translate("gfwlist Update url"))
 o:value("https://cdn.jsdelivr.net/gh/v2fly/domain-list-community@release/gfwlist.txt", translate("v2fly/domain-list-community"))
+o:value("https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt", translate("Loyalsoldier/v2ray-rules-dat"))
 o:value("https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt", translate("Loukky/gfwlist-by-loukky"))
 o:value("https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt", translate("gfwlist/gfwlist"))
 o.default = "https://cdn.jsdelivr.net/gh/v2fly/domain-list-community@release/gfwlist.txt"

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua

@@ -131,7 +131,7 @@ if nixio.fs.access("/usr/bin/ss-redir") then
 o:value("ss", translate("Shadowsocks New Version"))
 end
 if nixio.fs.access("/usr/bin/xray") or nixio.fs.access("/usr/bin/xray/xray") or nixio.fs.access("/usr/bin/v2ray/v2ray") or nixio.fs.access("/usr/bin/v2ray") then
-o:value("v2ray", translate("V2Ray"))
+o:value("vmess", translate("Vmess"))
 o:value("vless", translate("VLESS"))
 end
 if nixio.fs.access("/usr/sbin/trojan") then
@@ -160,7 +160,7 @@ o.datatype = "host"
 o.rmempty = false
 o:depends("type", "ssr")
 o:depends("type", "ss")
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 o:depends("type", "vless")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
@@ -171,7 +171,7 @@ o.datatype = "port"
 o.rmempty = false
 o:depends("type", "ssr")
 o:depends("type", "ss")
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 o:depends("type", "vless")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
@@ -236,13 +236,13 @@ o = s:option(Value, "alter_id", translate("AlterId"))
 o.datatype = "port"
 o.default = 16
 o.rmempty = true
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 
 -- VmessId
 o = s:option(Value, "vmess_id", translate("Vmess/VLESS ID (UUID)"))
 o.rmempty = true
 o.default = uuid
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 o:depends("type", "vless")
 
 -- VLESS Encryption
@@ -255,7 +255,7 @@ o:depends("type", "vless")
 o = s:option(ListValue, "security", translate("Encrypt Method"))
 for _, v in ipairs(securitys) do o:value(v, v:upper()) end
 o.rmempty = true
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 
 -- 传输协议
 o = s:option(ListValue, "transport", translate("Transport"))
@@ -265,7 +265,7 @@ o:value("ws", "WebSocket")
 o:value("h2", "HTTP/2")
 o:value("quic", "QUIC")
 o.rmempty = true
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 o:depends("type", "vless")
 
 -- [[ TCP部分 ]]--
@@ -383,31 +383,23 @@ o.default = 2
 o.rmempty = true
 
 o = s:option(Value, "seed", translate("Obfuscate password (optional)"))
-o:depends({type="vless", transport="kcp"})
+o:depends({type="vless",transport="kcp"})
 o.rmempty = true
 
 o = s:option(Flag, "congestion", translate("Congestion"))
 o:depends("transport", "kcp")
 o.rmempty = true
 
--- [[ allowInsecure ]]--
-o = s:option(Flag, "insecure", translate("allowInsecure"))
-o.rmempty = false
-o:depends("type", "v2ray")
-o:depends("type", "vless")
-o:depends("type", "trojan")
-o.default = "0"
-o.description = translate("If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates.")
 -- [[ TLS ]]--
 o = s:option(Flag, "tls", translate("TLS"))
 o.rmempty = true
 o.default = "0"
-o:depends("type", "v2ray")
-o:depends("type", "vless")
+o:depends("type", "vmess")
+o:depends({type="vless", xtls=false})
 o:depends("type", "trojan")
 
 o = s:option(Value, "tls_host", translate("TLS Host"))
---o:depends("type", "trojan")
+o:depends("type", "trojan")
 o:depends("tls", "1")
 o.rmempty = true
 
@@ -416,21 +408,27 @@ if nixio.fs.access("/usr/bin/xray") or nixio.fs.access("/usr/bin/xray/xray") the
 o = s:option(Flag, "xtls", translate("XTLS"))
 o.rmempty = true
 o.default = "0"
-o:depends({type="vless", tls=true})
+o:depends({type="vless",transport="tcp",tls=false})
 end
 
 -- Flow
 o = s:option(Value, "vless_flow", translate("Flow"))
 for _, v in ipairs(flows) do o:value(v, v) end
 o.rmempty = true
-o.default = "xtls-rprx-origin"
-o:depends("xtls", "1")
+o.default = "xtls-rprx-splice"
+o:depends("xtls", true)
+
+-- [[ allowInsecure ]]--
+o = s:option(Flag, "insecure", translate("allowInsecure"))
+o.rmempty = false
+o:depends("tls", true)
+o:depends("xtls",true)
+o.description = translate("If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates.")
 
 -- [[ Mux ]]--
 o = s:option(Flag, "mux", translate("Mux"))
-o.rmempty = true
-o.default = "0"
-o:depends("type", "v2ray")
+o.rmempty = false
+o:depends("type", "vmess")
 o:depends({type="vless", xtls=false})
 
 o = s:option(Value, "concurrency", translate("Concurrency"))
@@ -444,7 +442,7 @@ o = s:option(Flag, "certificate", translate("Self-signed Certificate"))
 o.rmempty = true
 o.default = "0"
 o:depends("type", "trojan")
-o:depends("type", "v2ray")
+o:depends("type", "vmess")
 o:depends("type", "vless")
 o.description = translate("If you have a self-signed certificate,please check the box")
 

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua

@@ -92,7 +92,7 @@ end
 
 o = s:option(DummyValue, "type", translate("Type"))
 function o.cfgvalue(...)
-	return (Value.cfgvalue(...) == "vless") and "VLESS" or Value.cfgvalue(...)
+	return Value.cfgvalue(...)
 end
 
 o = s:option(DummyValue, "alias", translate("Alias"))

luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -114,7 +114,7 @@ find_bin() {
 	ssr) ret="/usr/bin/ssr-redir" ;;
 	ssr-local) ret="/usr/bin/ssr-local" ;;
 	ssr-server) ret="/usr/bin/ssr-server" ;;
-	v2ray | vless)
+	vmess | vless)
 	ret="/usr/bin/xray"
 	[ ! -f "$ret" ] && ret="/usr/bin/xray/xray"
 	[ ! -f "$ret" ] && ret="/usr/bin/v2ray"
@@ -191,7 +191,7 @@ gen_config_file() {
 			}
 		EOF
 		;;
-	v2ray | vless)
+	vmess | vless)
 		lua /usr/share/shadowsocksr/genv2config.lua $GLOBAL_SERVER tcp $(uci_get_by_name $1 local_port) >/var/etc/v2-ssr-retcp.json
 		sed -i 's/\\//g' /var/etc/v2-ssr-retcp.json
 		;;
@@ -364,7 +364,7 @@ start_redir_tcp() {
 		done
 		echo "$(date "+%Y-%m-%d %H:%M:%S") Main node:$name $threads Threads Started!" >>/tmp/ssrplus.log
 		;;
-	v2ray | vless)
+	vmess | vless)
 		$bin -config /var/etc/v2-ssr-retcp.json >/dev/null 2>&1 &
 		echo "$(date "+%Y-%m-%d %H:%M:%S") Main node:$($bin -version | head -1) Started!" >>/tmp/ssrplus.log
 		;;
@@ -417,7 +417,7 @@ start_redir_udp() {
 			$bin -c $last_config_file $ARG_OTA -U -f /var/run/ssr-reudp.pid >/dev/null 2>&1
 			echo "$(date "+%Y-%m-%d %H:%M:%S") UDP TPROXY Relay:$name Started!" >>/tmp/ssrplus.log
 			;;
-		v2ray | vless)
+		vmess | vless)
 			lua /usr/share/shadowsocksr/genv2config.lua $UDP_RELAY_SERVER udp $(uci_get_by_name $UDP_RELAY_SERVER local_port) >/var/etc/v2-ssr-reudp.json
 			sed -i 's/\\//g' /var/etc/v2-ssr-reudp.json
 			$bin -config /var/etc/v2-ssr-reudp.json >/dev/null 2>&1 &
@@ -468,7 +468,7 @@ start_shunt() {
 			dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 &
 			echo "$(date "+%Y-%m-%d %H:%M:%S") Netflix shunt:$name Started!" >>/tmp/ssrplus.log
 			;;
-		v2ray | vless)
+		vmess | vless)
 			lua /usr/share/shadowsocksr/genv2config.lua $NETFLIX_SERVER tcp 4321 1088 >/var/etc/v2-ssr-netflix.json
 			sed -i 's/\\//g' /var/etc/v2-ssr-netflix.json
 			$bin -config /var/etc/v2-ssr-netflix.json >/dev/null 2>&1 &
@@ -531,7 +531,7 @@ start_local() {
 		$bin -c $CONFIG_SOCK5_FILE -u -f /var/run/ssr-local.pid >/dev/null 2>&1
 		echo "$(date "+%Y-%m-%d %H:%M:%S") Global_Socks5:$name Started!" >>/tmp/ssrplus.log
 		;;
-	v2ray | vless)
+	vmess | vless)
 		lua /usr/share/shadowsocksr/genv2config.lua $local_server tcp 0 $(uci_get_by_type socks5_proxy local_port 1080) >/var/etc/v2-ssr-local.json
 		sed -i 's/\\//g' /var/etc/v2-ssr-local.json
 		$bin -config /var/etc/v2-ssr-local.json >/dev/null 2>&1 &
@@ -762,7 +762,7 @@ start() {
 			/usr/bin/ssr-rules -f
 		fi
 	else
-		awk '!/^$/&&!/^#/{printf("address=/%s/''\n",$0)}' /etc/ssr/deny.list >/tmp/dnsmasq.ssr/denylist.conf
+		sed '/.*/s/.*/address=\/&\//' /etc/ssr/deny.list >/tmp/dnsmasq.ssr/denylist.conf
 		if [ "$(uci_get_by_type global adblock 0)" == "1" ]; then
 			[ "$1" == "" ] && cp -f /etc/ssr/ad.conf /tmp/dnsmasq.ssr/
 			if [ -f "/tmp/dnsmasq.ssr/ad.conf" ]; then

luci-app-ssr-plus/root/etc/ssr/china_ssr.txt

@@ -4104,6 +4104,9 @@
 103.158.224.0/23
 103.159.80.0/23
 103.159.122.0/23
+103.159.124.0/23
+103.159.134.0/23
+103.159.142.0/23
 103.192.0.0/22
 103.192.4.0/22
 103.192.8.0/22
@@ -4335,7 +4338,6 @@
 103.203.24.0/22
 103.203.28.0/22
 103.203.32.0/22
-103.203.52.0/22
 103.203.56.0/22
 103.203.96.0/22
 103.203.100.0/22

luci-app-ssr-plus/root/etc/ssr/gfw_list.conf

@@ -484,6 +484,8 @@ server=/airmax360.com/127.0.0.1#5335
 ipset=/airmax360.com/gfwlist
 server=/airmay.com/127.0.0.1#5335
 ipset=/airmay.com/gfwlist
+server=/airport-gov-cn.com/127.0.0.1#5335
+ipset=/airport-gov-cn.com/gfwlist
 server=/airport.brussels/127.0.0.1#5335
 ipset=/airport.brussels/gfwlist
 server=/airport.com/127.0.0.1#5335
@@ -4696,8 +4698,6 @@ server=/chimeforchange.org/127.0.0.1#5335
 ipset=/chimeforchange.org/gfwlist
 server=/china-facebook.com/127.0.0.1#5335
 ipset=/china-facebook.com/gfwlist
-server=/china-internet-exchange.com/127.0.0.1#5335
-ipset=/china-internet-exchange.com/gfwlist
 server=/chinaclothesstore.com/127.0.0.1#5335
 ipset=/chinaclothesstore.com/gfwlist
 server=/chinadecoding.com/127.0.0.1#5335
@@ -4918,6 +4918,8 @@ server=/cnbcfm.com/127.0.0.1#5335
 ipset=/cnbcfm.com/gfwlist
 server=/cncrivals.com/127.0.0.1#5335
 ipset=/cncrivals.com/gfwlist
+server=/cnix-gov-cn.com/127.0.0.1#5335
+ipset=/cnix-gov-cn.com/gfwlist
 server=/cnn.com/127.0.0.1#5335
 ipset=/cnn.com/gfwlist
 server=/cnn.io/127.0.0.1#5335
@@ -5208,8 +5210,6 @@ server=/cutt.ly/127.0.0.1#5335
 ipset=/cutt.ly/gfwlist
 server=/cvnad.com/127.0.0.1#5335
 ipset=/cvnad.com/gfwlist
-server=/cxkcloud.com/127.0.0.1#5335
-ipset=/cxkcloud.com/gfwlist
 server=/cyber-bay.info/127.0.0.1#5335
 ipset=/cyber-bay.info/gfwlist
 server=/cyber-bay.org/127.0.0.1#5335
@@ -5510,6 +5510,8 @@ server=/digital-rb.com/127.0.0.1#5335
 ipset=/digital-rb.com/gfwlist
 server=/digitalassetlinks.org/127.0.0.1#5335
 ipset=/digitalassetlinks.org/gfwlist
+server=/digitalcertvalidation.com/127.0.0.1#5335
+ipset=/digitalcertvalidation.com/gfwlist
 server=/digitalhub.com/127.0.0.1#5335
 ipset=/digitalhub.com/gfwlist
 server=/digitalid.ch/127.0.0.1#5335
@@ -9212,6 +9214,8 @@ server=/handbagsoutletebay.com/127.0.0.1#5335
 ipset=/handbagsoutletebay.com/gfwlist
 server=/hanime.tv/127.0.0.1#5335
 ipset=/hanime.tv/gfwlist
+server=/hanime1.me/127.0.0.1#5335
+ipset=/hanime1.me/gfwlist
 server=/happymeal.co.nz/127.0.0.1#5335
 ipset=/happymeal.co.nz/gfwlist
 server=/happymeal.com.au/127.0.0.1#5335
@@ -11034,6 +11038,8 @@ server=/jfrog.org/127.0.0.1#5335
 ipset=/jfrog.org/gfwlist
 server=/jgg18.xyz/127.0.0.1#5335
 ipset=/jgg18.xyz/gfwlist
+server=/jiayoulu.com/127.0.0.1#5335
+ipset=/jiayoulu.com/gfwlist
 server=/jibemobile.com/127.0.0.1#5335
 ipset=/jibemobile.com/gfwlist
 server=/jijiji.ca/127.0.0.1#5335
@@ -15212,6 +15218,8 @@ server=/protonmail.com/127.0.0.1#5335
 ipset=/protonmail.com/gfwlist
 server=/protonstatus.com/127.0.0.1#5335
 ipset=/protonstatus.com/gfwlist
+server=/proxyrarbg.org/127.0.0.1#5335
+ipset=/proxyrarbg.org/gfwlist
 server=/pscdn.co/127.0.0.1#5335
 ipset=/pscdn.co/gfwlist
 server=/pscp.tv/127.0.0.1#5335
@@ -16014,6 +16022,8 @@ server=/securepaypal.info/127.0.0.1#5335
 ipset=/securepaypal.info/gfwlist
 server=/sensorynetworks.com/127.0.0.1#5335
 ipset=/sensorynetworks.com/gfwlist
+server=/seqingx.com/127.0.0.1#5335
+ipset=/seqingx.com/gfwlist
 server=/sequence.com/127.0.0.1#5335
 ipset=/sequence.com/gfwlist
 server=/serialssolutions.com/127.0.0.1#5335
@@ -16032,6 +16042,8 @@ server=/servicetalk.io/127.0.0.1#5335
 ipset=/servicetalk.io/gfwlist
 server=/seselah.com/127.0.0.1#5335
 ipset=/seselah.com/gfwlist
+server=/setapp.com/127.0.0.1#5335
+ipset=/setapp.com/gfwlist
 server=/sextop1.net/127.0.0.1#5335
 ipset=/sextop1.net/gfwlist
 server=/sexzy4.com/127.0.0.1#5335
@@ -16608,10 +16620,6 @@ server=/sslpaypal.org/127.0.0.1#5335
 ipset=/sslpaypal.org/gfwlist
 server=/ssplive.pw/127.0.0.1#5335
 ipset=/ssplive.pw/gfwlist
-server=/ssrcloud.com/127.0.0.1#5335
-ipset=/ssrcloud.com/gfwlist
-server=/ssrcloud.org/127.0.0.1#5335
-ipset=/ssrcloud.org/gfwlist
 server=/ssrpass.pw/127.0.0.1#5335
 ipset=/ssrpass.pw/gfwlist
 server=/sstatic.net/127.0.0.1#5335
@@ -19370,6 +19378,8 @@ server=/xn--czrs0t4phtr3a.cn/127.0.0.1#5335
 ipset=/xn--czrs0t4phtr3a.cn/gfwlist
 server=/xn--d1acpjx3f.xn--p1ai/127.0.0.1#5335
 ipset=/xn--d1acpjx3f.xn--p1ai/gfwlist
+server=/xn--d4ty0ojsqzfd.com/127.0.0.1#5335
+ipset=/xn--d4ty0ojsqzfd.com/gfwlist
 server=/xn--fiqs8sxootzz.cn/127.0.0.1#5335
 ipset=/xn--fiqs8sxootzz.cn/gfwlist
 server=/xn--fiqs8sxootzz.xn--hxt814e/127.0.0.1#5335
@@ -19450,6 +19460,8 @@ server=/xposed.info/127.0.0.1#5335
 ipset=/xposed.info/gfwlist
 server=/xscale.com/127.0.0.1#5335
 ipset=/xscale.com/gfwlist
+server=/xtube.com/127.0.0.1#5335
+ipset=/xtube.com/gfwlist
 server=/xvideos-cdn.com/127.0.0.1#5335
 ipset=/xvideos-cdn.com/gfwlist
 server=/xvideos.com/127.0.0.1#5335

luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus

@@ -65,5 +65,6 @@ set shadowsocksr.@server_global[0].enable_server='0'
 commit shadowsocksr
 EOF
 fi
+sed -i "s/type 'v2ray'"/"type 'vmess'/g" /etc/config/shadowsocksr
 rm -rf /tmp/luci-modulecache /tmp/luci-indexcache
 exit 0

luci-app-ssr-plus/root/usr/bin/ssr-gfw

@@ -16,8 +16,13 @@ print cur;
 prev = cur;
 }
 }' | sort -u
+rm -f /tmp/gfwlist.txt
 }
+grep -w 'google' /tmp/ssr-update.$1 >/dev/null 2>&1
+if [ $? ];then
+cp -rf /tmp/ssr-update.$1 /tmp/gfw.txt
+else
 generate_china_banned /tmp/ssr-update.$1 >/tmp/gfw.txt
-rm -f /tmp/gfwlist.txt
+fi
 sed '/.*/s/.*/server=\/&\/127.0.0.1#5335\nipset=\/&\/gfwlist/' /tmp/gfw.txt >/tmp/ssr-update.$1
 rm -f /tmp/gfw.txt

luci-app-ssr-plus/root/usr/bin/ssr-rules

@@ -94,15 +94,15 @@ ipset_r() {
 			$(gen_spec_iplist | sed -e "s/^/add ss_spec_wan_ac /")
 		EOF
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN
-		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
 		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
 		;;
 	gfw)
 		ipset -N gfwlist hash:net 2>/dev/null
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
-		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 		;;
 	oversea)
 		ipset -N oversea hash:net 2>/dev/null
@@ -159,8 +159,7 @@ fw_rule() {
 	$IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
 	$IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
 	$IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -p tcp $PROXY_PORTS \
-	-j REDIRECT --to-ports $local_port 2>/dev/null || {
+	$IPT -A SS_SPEC_WAN_FW -p tcp $PROXY_PORTS -j REDIRECT --to-ports $local_port 2>/dev/null || {
 		loger 3 "Can't redirect, please check the iptables."
 		exit 1
 	}
@@ -197,16 +196,15 @@ ac_rule() {
 
 	case "$OUTPUT" in
 	1)
-		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS \
-		-m comment --comment "$TAG" -j SS_SPEC_WAN_AC
+		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
 		;;
 	2)
 		ipset -! -R <<-EOF || return 1
 			create ssr_gen_router hash:net
 			$(gen_spec_iplist | sed -e "s/^/add ssr_gen_router /")
 		EOF
-		$IPT -N SS_SPEC_ROUTER && \
-		$IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN && \
+		$IPT -N SS_SPEC_ROUTER 
+		$IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN
 		$IPT -A SS_SPEC_ROUTER -j SS_SPEC_WAN_FW
 		$IPT -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_ROUTER
 		;;
@@ -234,25 +232,23 @@ tp_rule() {
 	$ipt -A SS_SPEC_TPROXY -p udp ! --dport 53 -d $SERVER -j RETURN
 	[ "$server" != "$SERVER" ] && ipset -! add whitelist $SERVER
 	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN
-	$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \
-	-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+	$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	case "$RUNMODE" in
 	router)
-		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \
-		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
-		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst \
-		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$IPT -A SS_SPEC_TPROXY -p udp -m set --match-set ss_spec_wan_ac dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 		;;
 	gfw)
 		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
-		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \
-		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
-		$ipt -A SS_SPEC_TPROXY -p udp -m set $PROXY_PORTS --match-set gfwlist dst \
-		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set gfwlist dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 		;;
 	oversea)
-		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst \
-		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set oversea src -m dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
+		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 		;;
 	all)
 		$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01

luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2config.lua

@@ -36,7 +36,7 @@ inboundDetour = (proto == "tcp" and socks_port ~= "0") and {
 } or nil,
 -- 传出连接
 outbound = {
-	protocol = (server.type == "v2ray") and "vmess" or "vless",
+	protocol = server.type,
 	settings = {
 		vnext = {
 			{
@@ -45,10 +45,10 @@ outbound = {
 				users = {
 					{
 						id = server.vmess_id,
-						alterId = (server.type == "v2ray") and tonumber(server.alter_id) or nil,
-						security = (server.type == "v2ray") and server.security or nil,
+						alterId = (server.type == "vmess") and tonumber(server.alter_id) or nil,
+						security = (server.type == "vmess") and server.security or nil,
 						encryption = (server.type == "vless") and server.vless_encryption or nil,
-						flow = (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-origin") or nil,
+						flow = (server.xtls == '1') and (server.vless_flow and server.vless_flow or "xtls-rprx-splice") or nil,
 					}
 				}
 			}
@@ -58,8 +58,14 @@ outbound = {
 	streamSettings = {
 		network = server.transport,
 		security = (server.tls == '1') and ((server.xtls == '1') and "xtls" or "tls") or "none",
-		tlsSettings = (server.tls == '1' and server.xtls ~= '1') and {allowInsecure = (server.insecure ~= "0") and true or nil,serverName=server.tls_host,} or nil,
-		xtlsSettings = (server.xtls == '1') and {allowInsecure = (server.insecure ~= "0") and true or nil,serverName=server.tls_host,} or nil,
+		tlsSettings = (server.tls == '1' and server.xtls ~= '1' and (server.insecure == "1" or server.tls_host)) and {
+			allowInsecure = (server.insecure == "1") and true or nil,
+			serverName=server.tls_host
+		} or nil,
+		xtlsSettings = (server.xtls == '1' and (server.insecure == "1" or server.tls_host)) and {
+			allowInsecure = (server.insecure == "1") and true or nil,
+			serverName=server.tls_host
+		} or nil,
 		tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
 			header = {
 				type = server.tcp_guise,

luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh

@@ -27,8 +27,7 @@ if [ "$NETFLIX_SERVER" != "nil" ]; then
 			for line in $(cat /etc/ssr/netflix.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_list.conf; done
 			for line in $(cat /etc/ssr/netflix.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_base.conf; done
 		fi
-		awk '!/^$/&&!/^#/{printf("ipset=/%s/'"netflix"'\n",$0)}' /etc/ssr/netflix.list >/tmp/dnsmasq.ssr/netflix_forward.conf
-		awk '!/^$/&&!/^#/{printf("server=/%s/'"127.0.0.1#$1"'\n",$0)}' /etc/ssr/netflix.list >>/tmp/dnsmasq.ssr/netflix_forward.conf
+		sed "/.*/s/.*/server=\/&\/127.0.0.1#$1\nipset=\/&\/netflix/" /etc/ssr/netflix.list >/tmp/dnsmasq.ssr/netflix_forward.conf
 	}
 	if [ "$NETFLIX_SERVER" != "$GLOBAL_SERVER" ]; then
 		netflix 5555
@@ -44,10 +43,9 @@ for line in $(cat /etc/ssr/white.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gf
 for line in $(cat /etc/ssr/white.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_base.conf; done
 for line in $(cat /etc/ssr/deny.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_list.conf; done
 for line in $(cat /etc/ssr/deny.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/gfw_base.conf; done
-awk '!/^$/&&!/^#/{printf("ipset=/%s/'"blacklist"'\n",$0)}' /etc/ssr/black.list >/tmp/dnsmasq.ssr/blacklist_forward.conf
-awk '!/^$/&&!/^#/{printf("server=/%s/'"127.0.0.1#5335"'\n",$0)}' /etc/ssr/black.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
-awk '!/^$/&&!/^#/{printf("ipset=/%s/'"whitelist"'\n",$0)}' /etc/ssr/white.list >/tmp/dnsmasq.ssr/whitelist_forward.conf
-awk '!/^$/&&!/^#/{printf("address=/%s/''\n",$0)}' /etc/ssr/deny.list >/tmp/dnsmasq.ssr/denylist.conf
+sed "/.*/s/.*/server=\/&\/127.0.0.1#5335\nipset=\/&\/blacklist/" /etc/ssr/black.list >/tmp/dnsmasq.ssr/blacklist_forward.conf
+sed "/.*/s/.*/server=\/&\/127.0.0.1\nipset=\/&\/whitelist/" /etc/ssr/white.list >/tmp/dnsmasq.ssr/whitelist_forward.conf
+sed "/.*/s/.*/address=\/&\//" /etc/ssr/deny.list >/tmp/dnsmasq.ssr/denylist.conf
 if [ "$(uci_get_by_type global adblock 0)" == "1" ]; then
 	[ -z "$switch_server" ] && cp -f /etc/ssr/ad.conf /tmp/dnsmasq.ssr/
 	if [ -f "/tmp/dnsmasq.ssr/ad.conf" ]; then