luci-app-ssr-plus: add basic ss server support

Signed-off-by: Tianling Shen <[email protected]>
Co-authored-by: Mattraks <[email protected]>

luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=184
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 define Package/$(PKG_NAME)/conffiles
 /etc/config/shadowsocksr
@@ -12,7 +12,7 @@ endef
 define Package/$(PKG_NAME)/config
 config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks
 	bool "Include Shadowsocks"
-	default y if i386||x86_64||arm||aarch64
+	default y if i386||x86_64||arm
 
 config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust
 	bool "Include Shadowsocks Rust (AEAD ciphers only)"
@@ -44,6 +44,14 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun
 	bool "Include Kcptun"
 	default n
 
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server
+	bool "Include Shadowsocks Server"
+	default y if i386||x86_64||arm
+
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server
+	bool "Include Shadowsocks Rust Server"
+	default y if aarch64
+
 config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server
 	bool "Include ShadowsocksR Server"
 	default y if i386||x86_64||arm||aarch64
@@ -65,6 +73,8 @@ LUCI_DEPENDS:=+shadowsocksr-libev-alt +ipset +ip-full +iptables-mod-tproxy +dnsm
 	+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Redsocks2:redsocks2 \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server:shadowsocks-libev-ss-server \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server:shadowsocks-rust-ssserver \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server:shadowsocksr-libev-server
 
 include $(TOPDIR)/feeds/luci/luci.mk

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua

@@ -32,6 +32,32 @@ local encrypt_methods = {
 	"chacha20-ietf"
 }
 
+local encrypt_methods_ss = {
+	-- aead
+	"aes-128-gcm",
+	"aes-192-gcm",
+	"aes-256-gcm",
+	"chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305"
+	--[[ stream
+	"table",
+	"rc4",
+	"rc4-md5",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf" ]]
+}
+
 local protocol = {"origin"}
 
 obfs = {"plain", "http_simple", "http_post"}
@@ -55,6 +81,9 @@ o.rmempty = false
 
 o = s:option(ListValue, "type", translate("Server Type"))
 o:value("socks5", translate("Socks5"))
+if nixio.fs.access("/usr/bin/ssserver") or nixio.fs.access("/usr/bin/ss-server") then
+	o:value("ss", translate("Shadowsocks"))
+end
 if nixio.fs.access("/usr/bin/ssr-server") then
 	o:value("ssr", translate("ShadowsocksR"))
 end
@@ -71,6 +100,7 @@ o = s:option(Value, "timeout", translate("Connection Timeout"))
 o.datatype = "uinteger"
 o.default = 60
 o.rmempty = false
+o:depends("type", "ss")
 o:depends("type", "ssr")
 
 o = s:option(Value, "username", translate("Username"))
@@ -88,6 +118,13 @@ end
 o.rmempty = false
 o:depends("type", "ssr")
 
+o = s:option(ListValue, "encrypt_method_ss", translate("Encrypt Method"))
+for _, v in ipairs(encrypt_methods_ss) do
+	o:value(v)
+end
+o.rmempty = false
+o:depends("type", "ss")
+
 o = s:option(ListValue, "protocol", translate("Protocol"))
 for _, v in ipairs(protocol) do
 	o:value(v)
@@ -107,6 +144,7 @@ o:depends("type", "ssr")
 
 o = s:option(Flag, "fast_open", translate("TCP Fast Open"))
 o.rmempty = false
+o:depends("type", "ss")
 o:depends("type", "ssr")
 
 return m

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua

@@ -28,6 +28,32 @@ local encrypt_methods = {
 	"chacha20-ietf"
 }
 
+local encrypt_methods_ss = {
+	-- aead
+	"aes-128-gcm",
+	"aes-192-gcm",
+	"aes-256-gcm",
+	"chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305"
+	--[[ stream
+	"table",
+	"rc4",
+	"rc4-md5",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf" ]]
+}
+
 local protocol = {
 	"origin",
 	"verify_deflate",
@@ -76,7 +102,7 @@ o.rmempty = false
 
 o = sec:option(DummyValue, "type", translate("Server Type"))
 function o.cfgvalue(...)
-	return Value.cfgvalue(...) or "ssr"
+	return Value.cfgvalue(...) or "ss"
 end
 
 o = sec:option(DummyValue, "server_port", translate("Server Port"))
@@ -95,6 +121,12 @@ function o.cfgvalue(...)
 	return v and v:upper() or "-"
 end
 
+o = sec:option(DummyValue, "encrypt_method_ss", translate("Encrypt Method"))
+function o.cfgvalue(...)
+	local v = Value.cfgvalue(...)
+	return v and v:upper() or "-"
+end
+
 o = sec:option(DummyValue, "protocol", translate("Protocol"))
 function o.cfgvalue(...)
 	return Value.cfgvalue(...) or "-"

luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -22,7 +22,6 @@ tcp_config_file=
 udp_config_file=
 shunt_config_file=
 local_config_file=
-server_config_file=
 shunt_dns_config_file=
 tmp_local_port=
 ARG_UDP=
@@ -228,26 +227,43 @@ start_dns() {
 }
 
 gen_service_file() {
-	if [ $(uci_get_by_name $1 fast_open) == "1" ]; then
-		fastopen="true"
+	if [ $(uci_get_by_name $2 fast_open) == "1" ]; then
+		local fastopen="true"
 	else
-		fastopen="false"
+		local fastopen="false"
+	fi
+	if [ $1 == "ssr" ]; then
+		cat <<-EOF >$3
+			{
+			  "server": "0.0.0.0",
+			  "server_ipv6": "::",
+			  "server_port": $(uci_get_by_name $2 server_port),
+			  "mode": "tcp_and_udp",
+			  "password": "$(uci_get_by_name $2 password)",
+			  "timeout": $(uci_get_by_name $2 timeout 60),
+			  "method": "$(uci_get_by_name $2 encrypt_method)",
+			  "protocol": "$(uci_get_by_name $2 protocol)",
+			  "protocol_param": "$(uci_get_by_name $2 protocol_param)",
+			  "obfs": "$(uci_get_by_name $2 obfs)",
+			  "obfs_param": "$(uci_get_by_name $2 obfs_param)",
+			  "fast_open": $fastopen
+			}
+		EOF
+	else
+		cat <<-EOF >$3
+			{
+			  "server": "0.0.0.0",
+			  "server_ipv6": "::",
+			  "server_port": $(uci_get_by_name $2 server_port),
+			  "mode": "tcp_and_udp",
+			  "password": "$(uci_get_by_name $2 password)",
+			  "timeout": $(uci_get_by_name $2 timeout 60),
+			  "method": "$(uci_get_by_name $2 encrypt_method_ss)",
+			  "protocol": "socks",
+			  "fast_open": $fastopen
+			}
+		EOF
 	fi
-	cat <<-EOF >$2
-		{
-		"server": "0.0.0.0",
-		"server_ipv6": "::",
-		"server_port": $(uci_get_by_name $1 server_port),
-		"password": "$(uci_get_by_name $1 password)",
-		"timeout": $(uci_get_by_name $1 timeout 60),
-		"method": "$(uci_get_by_name $1 encrypt_method)",
-		"protocol": "$(uci_get_by_name $1 protocol)",
-		"protocol_param": "$(uci_get_by_name $1 protocol_param)",
-		"obfs": "$(uci_get_by_name $1 obfs)",
-		"obfs_param": "$(uci_get_by_name $1 obfs_param)",
-		"fast_open": $fastopen
-		}
-	EOF
 }
 
 get_name() {
@@ -674,15 +690,19 @@ start_server() {
 				iptables -N SSR-SERVER-RULE && iptables -t filter -I INPUT -j SSR-SERVER-RULE
 			fi
 		fi
-		if [ "$(uci_get_by_name $1 type ssr)" == "ssr" ]; then
-			gen_service_file $1 $server_config_file/ssr-server$server_count.json
-			ln_start_bin $(first_type ssr-server) ssr-server -c $server_config_file/ssr-server$server_count.json -u
-			echolog "Server:ShadowsocksR Server$server_count Started!"
-		else
+		local type=$(uci_get_by_name $1 type)
+		case "$type" in
+		ss | ssr)
+			gen_service_file ${type} $1 $TMP_PATH/ssr-server$server_count.json
+			ln_start_bin $(first_type ${type}server ${type}-server) ${type}-server -c $TMP_PATH/ssr-server$server_count.json
+			echolog "Server: $(get_name ${type}) Server$server_count Started!"
+			;;
+		socks5)
 			[ -e /proc/sys/net/ipv6 ] && local listenip='-i ::'
 			ln_start_bin $(first_type microsocks) microsocks $listenip -p $(uci_get_by_name $1 server_port) -1 -u $(uci_get_by_name $1 username) -P $(uci_get_by_name $1 password) ssr-server$server_count
 			echolog "Server:Socks5 Server$server_count Started!"
-		fi
+			;;
+		esac
 		iptables -t filter -A SSR-SERVER-RULE -p tcp --dport $(uci_get_by_name $1 server_port) -j ACCEPT
 		iptables -t filter -A SSR-SERVER-RULE -p udp --dport $(uci_get_by_name $1 server_port) -j ACCEPT
 		return 0
@@ -851,7 +871,7 @@ stop() {
 	killall -q -9 v2ray-plugin obfs-local xray-plugin
 	rm -f /var/lock/ssr-monitor.lock
 	if [ -f "/var/dnsmasq.d/dnsmasq-ssrplus.conf" ]; then
-		rm -rf /var/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json
+		rm -rf /var/dnsmasq.d/dnsmasq-ssrplus.conf $TMP_DNSMASQ_PATH $TMP_PATH/*-ssr-*.json $TMP_PATH/ssr-server*.json
 		/etc/init.d/dnsmasq restart >/dev/null 2>&1
 	fi
 	del_cron