luci-app-vssr: bump to 1.20

2025-01-09 02:43:53 +08:00 · 2020-12-13 00:57:45 +08:00 · 2020-12-13 00:57:45 +08:00 · 99b6e832c1
commit 99b6e832c1
parent 3cc83b9b46
25 changed files with 406 additions and 252 deletions
--- a/package/ctcgfw/luci-app-vssr/Makefile
+++ b/package/ctcgfw/luci-app-vssr/Makefile
@ -1,8 +1,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-vssr
-PKG_VERSION:=1.19
-PKG_RELEASE:=20201205
+PKG_VERSION:=1.20
+PKG_RELEASE:=20201209

 include $(INCLUDE_DIR)/package.mk

--- a/package/ctcgfw/luci-app-vssr/luasrc/controller/vssr.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/controller/vssr.lua
@ -13,10 +13,11 @@ function index()
        entry({'admin', 'services', 'vssr', 'servers'}, cbi('vssr/servers'), _('Severs Nodes'), 11).leaf = true -- 服务器节点
        entry({'admin', 'services', 'vssr', 'servers'}, arcombine(cbi('vssr/servers'), cbi('vssr/client-config')), _('Severs Nodes'), 11).leaf = true -- 编辑节点
        entry({'admin', 'services', 'vssr', 'control'}, cbi('vssr/control'), _('Access Control'), 12).leaf = true -- 访问控制
-        if nixio.fs.access('/usr/bin/v2ray/v2ray') then
-            entry({'admin', 'services', 'vssr', 'socks5'}, cbi('vssr/socks5'), _('Socks5'), 13).leaf = true -- Socks5代理
+        entry({'admin', 'services', 'vssr', 'router'}, cbi('vssr/router'), _('Router Config'), 13).leaf = true -- 访问控制
+        if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') or nixio.fs.access('/usr/bin/xray') or nixio.fs.access('/usr/bin/xray/xray') then
+            entry({'admin', 'services', 'vssr', 'socks5'}, cbi('vssr/socks5'), _('Socks5'), 14).leaf = true -- Socks5代理
        end
-        entry({'admin', 'services', 'vssr', 'advanced'}, cbi('vssr/advanced'), _('Advanced Settings'), 14).leaf = true -- 高级设置
+        entry({'admin', 'services', 'vssr', 'advanced'}, cbi('vssr/advanced'), _('Advanced Settings'), 15).leaf = true -- 高级设置
    elseif nixio.fs.access('/usr/bin/ssr-server') then
        entry({'admin', 'services', 'vssr'}, alias('admin', 'services', 'vssr', 'server'), _('vssr'), 10).dependent = true
    else
@ -39,6 +40,7 @@ function index()
    entry({'admin', 'services', 'vssr', 'flag'}, call('get_flag')) -- 获取节点国旗 iso code
    entry({'admin', 'services', 'vssr', 'ip'}, call('check_ip')) -- 获取ip情况
    entry({'admin', 'services', 'vssr', 'switch'}, call('switch')) -- 设置节点为自动切换
+    entry({'admin', 'services', 'vssr', 'delnode'}, call('del_node')) -- 删除某个节点
 end

 -- 执行订阅
@ -86,6 +88,23 @@ function get_servers()
    luci.http.write_json(server_table)
 end

+-- 删除指定节点
+function del_node()
+    local e = {}
+    local uci = luci.model.uci.cursor()
+    local node = luci.http.formvalue('node')
+    e.status = false
+    e.node = node
+    if node ~= '' then
+        uci:delete('vssr', node)
+        uci:save('vssr')
+        uci:commit('vssr')
+        e.status = true
+    end
+    luci.http.prepare_content('application/json')
+    luci.http.write_json(e)
+end
+
 -- 切换节点
 function change_node()
    local sockets = require 'socket'
@ -246,7 +265,7 @@ function refresh_data()
            retstring = '-1'
        end
    elseif set == 'ip_data' then
-        refresh_cmd = "wget -O- 'https://ispip.clang.cn/all_cn.txt' > /tmp/china_ssr.txt"
+        refresh_cmd ="wget -O- 'https://ispip.clang.cn/all_cn.txt' > /tmp/china_ssr.txt 2>/dev/null"
        sret = luci.sys.call(refresh_cmd)
        icount = luci.sys.exec('cat /tmp/china_ssr.txt | wc -l')
        if sret == 0 and tonumber(icount) > 1000 then
--- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client-config.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client-config.lua
@ -129,7 +129,7 @@ o:value('ssr', translate('ShadowsocksR'))
 if nixio.fs.access('/usr/bin/ss-redir') then
    o:value('ss', translate('Shadowsocks New Version'))
 end
-if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') then
+if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') or nixio.fs.access('/usr/bin/xray') or nixio.fs.access('/usr/bin/xray/xray') then
    o:value('v2ray', translate('V2Ray'))
    o:value('vless', translate('VLESS'))
 end
--- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client.lua
@ -6,7 +6,7 @@ local vssr = 'vssr'
 local gfwmode = 0


-if nixio.fs.access('/etc/dnsmasq.ssr/gfw_list.conf') then
+if nixio.fs.access('/etc/vssr/gfw_list.conf') then 
    gfwmode = 1
 end

@ -26,10 +26,13 @@ uci:foreach(
    'vssr',
    'servers',
    function(s)
+        if s.type ~= nil then
            s['name'] = s['.name']
-        s['gname'] = '[%s]:%s' % {string.upper(s.type), s.alias}
+            local alias = (s.alias ~= nil) and s.alias or "未命名节点"
+            s['gname'] = '[%s]:%s' % {string.upper(s.type), alias}
            table.insert(server_table, s)
        end
+    end
 )
 function my_sort(a,b)
    if(a.alias ~= nil and b.alias ~= nil) then
@ -52,7 +55,7 @@ local route_label = {
    'Youtube Proxy',
    'TaiWan Video Proxy',
    'Netflix Proxy',
-    'Diseny+ Proxy',
+    'Disney+ Proxy',
    'Prime Video Proxy',
    'TVB Video Proxy',
    'Custom Proxy'
@ -119,7 +122,6 @@ o:value('router', translate('IP Route Mode'))
 o:value('all', translate('Global Mode'))
 o:value('oversea', translate('Oversea Mode'))
 o.default = 'router'
-
 o = s:option(ListValue, 'dports', translate('Proxy Ports'))
 o:value('1', translate('All Ports'))
 o:value('2', translate('Only Common Ports'))
--- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/control.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/control.lua
@ -18,16 +18,21 @@ o.datatype = 'ip4addr'
 -- Part of LAN
 s:tab('lan_ac', translate('LAN IP AC'))

-o = s:taboption('lan_ac', DynamicList, 'lan_ac_ips', translate('LAN Bypassed Host List'))
-o.datatype = 'ipaddr'
-luci.ip.neighbors(
-    {family = 4},
-    function(entry)
+o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control"))
+o:value("0", translate("Disable"))
+o:value("w", translate("Allow listed only"))
+o:value("b", translate("Allow all except listed"))
+o.rmempty = false
+
+o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({ family = 4 }, function(entry)
 	if entry.reachable then
 		o:value(entry.dest:string())
 	end
-    end
-)
+end)
+o:depends("lan_ac_mode", "w")
+o:depends("lan_ac_mode", "b")

 o = s:taboption('lan_ac', DynamicList, 'lan_fp_ips', translate('LAN Force Proxy Host List'))
 o.datatype = 'ipaddr'
@ -93,9 +98,4 @@ o.remove = function(self, section, value)
    NXFS.writefile(blockconf, '')
 end

-s:tab('proxy', translate('Custom Proxy Domain Name'))
-
-o = s:taboption('proxy', DynamicList, 'proxy_domain_name', translate('Proxy Domain Name'))
-o.datatype = 'hostname'
-
 return m
--- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/router.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/router.lua
@ -0,0 +1,55 @@
+local m, s, o
+local NXFS = require 'nixio.fs'
+local router_table = {
+    yotube = {
+        name = 'youtube',
+        des = 'Youtube Domain'
+    },
+    tw_video = {
+        name = 'tw_video',
+        des = 'Tw Video Domain'
+    },
+    netflix = {
+        name = 'netflix',
+        des = 'Netflix Domain'
+    },
+    disney = {
+        name = 'disney',
+        des = 'Disney+ Domain'
+    },
+    prime = {
+        name = 'prime',
+        des = 'Prime Video Domain'
+    },
+    tvb = {
+        name = 'tvb',
+        des = 'TVB Domain'
+    },
+    custom = {
+        name = 'custom',
+        des = 'Custom Domain'
+    }
+}
+
+m = Map('vssr', translate('Router domain config'))
+s = m:section(TypedSection, 'access_control')
+s.anonymous = true
+for _, v in pairs(router_table) do
+    s:tab(v.name, translate(v.des))
+    local conf = '/etc/vssr/'.. v.name ..'_domain.list'
+    o = s:taboption(v.name, TextValue, v.name ..'conf')
+    o.rows = 13
+    o.wrap = 'off'
+    o.rmempty = true
+    o.cfgvalue = function(self, section)
+        return NXFS.readfile(conf) or ' '
+    end
+    o.write = function(self, section, value)
+        NXFS.writefile(conf, value:gsub('\r\n', '\n'))
+    end
+    o.remove = function(self, section, value)
+        NXFS.writefile(conf, '')
+    end
+end
+
+return m
--- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/servers.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/servers.lua
@ -12,6 +12,9 @@ uci:foreach(
    function(s)
        server_count = server_count + 1
        s['name'] = s['.name']
+        if(s.alias == nil) then
+            s.alias = "未命名节点"
+        end
        table.insert(server_table, s)
    end
 )
--- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/socks5.lua
+++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/socks5.lua
@ -7,7 +7,7 @@ local sys = require 'luci.sys'
 m = Map(vssr)

 -- [[ SOCKS5 Proxy ]]--
-if nixio.fs.access('/usr/bin/v2ray/v2ray') then
+if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') or nixio.fs.access('/usr/bin/xray') or nixio.fs.access('/usr/bin/xray/xray') then
    s = m:section(TypedSection, 'socks5_proxy', translate('V2ray SOCKS5 Proxy'))
    s.anonymous = true

--- a/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/ssrurl.htm
+++ b/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/ssrurl.htm
@ -219,7 +219,7 @@
            }
            el('.server').value = part2[0];
            el('.server_port').value = others[0];
-            el('.password').value = part1[1];
+            el('.password').value = part1[0];
            if (queryParam.peer || queryParam.sni) {
                el('.tls').checked = true;
                el('.peer').value = queryParam.peer || queryParam.sni;
--- a/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/tblsection.htm
+++ b/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/tblsection.htm
@ -1,7 +1,6 @@
 <script type="text/javascript" src="/luci-static/vssr/emoji.js?v=1.16"></script>
 <script type="text/javascript" src="/luci-static/vssr/sweetalert.js?v=1.16"></script>
 <script type="text/javascript" src="/luci-static/vssr/polyfill.js?v=1.16"></script>
-
 <!-- tblsection -->
 <fieldset class="cbi-section" id="cbi-<%=self.config%>-<%=self.sectiontype%>">
    <button class="cbi-button  cbi-button-check "><%:Ping All Servers%></button><span class="panel-title">总计
@ -39,10 +38,9 @@
                           %> onclick="location.href='<%=self:extedit(section.name)%>'" <%- end
                           %> alt="<%:Edit%>" title="<%:Edit%>"><span class="icon-edit"></span> <%:Edit%></a>
                        <%- end; if self.addremove then %>
-                        <button class="cbi-button  ssr-button" type="submit" value=""
-                            onclick="this.form.cbi_state = 'del-section'; return true"
-                            name="cbi.rts.<%=self.config%>.<%=section.name%>" alt="<%:Delete%>" title="<%:Delete%>" /><span
-                            class="icon-delete"></span> <%:Delete%></button>
+                        <a class="cbi-button  ssr-button" type="button" value="" onclick="delete_node('<%=section.name%>')"
+                            alt="<%:Delete%>" title="<%:Delete%>" /><span
+                            class="icon-delete"></span> <%:Delete%></a>
                        <%- end -%>
                    </div>
                    <%- end -%>
@ -93,6 +91,7 @@
    const CONFIG = '<%=self.config%>';
    const CURRENT = '<%=self.current%>';
    const CHANGE_NODE_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","change")%>';
+    const DELETE_NODE_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","delnode")%>';
    const CHECK_PING_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","checkport")%>';
    const SWITCH_NODE_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","switch")%>';

@ -167,6 +166,21 @@
        })
    }
    
+    //删除节点
+    function delete_node(node){
+        XHR.halt();
+        $.each(ajaxArray, function (n, value) { value.abort(); }) //中断所有的ajax请求
+        $.get(DELETE_NODE_URL, { node: node },
+            function (data, status) {
+                if (data.status) {
+                    var id = '#cbi-<%=self.config%>-' + node;
+                    $(id).parent().remove();
+                    XHR.run();
+                    check()
+                }
+            });
+    }
+
    //设定自动切换
    $(".incon").click(function () {
        $.each(ajaxArray, function (n, value) { value.abort(); }) //中断所有的ajax请求
--- a/package/ctcgfw/luci-app-vssr/po/zh_Hans/vssr.po
+++ b/package/ctcgfw/luci-app-vssr/po/zh_Hans/vssr.po
@ -630,8 +630,8 @@ msgstr "台湾视频服务代理"
 msgid "Netflix Proxy"
 msgstr "Netflix 代理"

-msgid "Diseny+ Proxy"
-msgstr "Diseny+ 代理"
+msgid "Disney+ Proxy"
+msgstr "Disney+ 代理"

 msgid "Prime Video Proxy"
 msgstr "Prime Video 代理"
@ -674,3 +674,30 @@ msgstr "VLESS 加密"

 msgid "You can manually add group names in front of the URL, splited by ,"
 msgstr "你可以在URL前面手动添加组名，使用 , 分隔"
+
+msgid "Router Config"
+msgstr "分流设置"
+
+msgid "Router domain config"
+msgstr "分流域名设置"
+
+msgid "Youtube Domain"
+msgstr "YouTube 域名"
+
+msgid "Tw Video Domain"
+msgstr "台湾视频域名"
+
+msgid "Netflix Domain"
+msgstr "Netflix 域名"
+
+msgid "Disney+ Domain"
+msgstr "Disney+ 域名"
+
+msgid "Prime Video Domain"
+msgstr "Prime Video 域名"
+
+msgid "TVB Domain"
+msgstr "TVB 域名"
+
+msgid "Custom Domain"
+msgstr "自定义域名"
--- a/package/ctcgfw/luci-app-vssr/root/etc/config/vssr
+++ b/package/ctcgfw/luci-app-vssr/root/etc/config/vssr
@ -2,7 +2,7 @@
 config global
 	option tunnel_forward '8.8.4.4:53'
 	option tunnel_address '0.0.0.0'
-	option run_mode 'gfw'
+	option run_mode 'router'
 	option pdnsd_enable '1'
 	option monitor_enable '1'
 	option global_server 'nil'
@ -11,7 +11,7 @@ config global
 	option switch_time '667'
 	option switch_try_count '3'
 	option adblock '0'
-	option dports '2'
+	option dports '1'

 config socks5_proxy
 	option enable_server '0'
@ -38,6 +38,7 @@ config server_subscribe
 	option proxy '0'
 	option auto_update_time '2'
 	option auto_update '1'
+	option filter_words '过期时间/剩余流量'



--- a/package/ctcgfw/luci-app-vssr/root/etc/init.d/vssr
+++ b/package/ctcgfw/luci-app-vssr/root/etc/init.d/vssr
@ -1,4 +1,4 @@
-#!/bin/bash /etc/rc.common
+#!/bin/sh /etc/rc.common
 #
 # Copyright (C) 2017 openwrt-ssr
 # Copyright (C) 2017 yushi studio <ywb94@qq.com>
@ -8,7 +8,7 @@
 # See /LICENSE for more information.
 #

-START=90
+START=99
 STOP=15

 extra_command "rules"
@ -35,9 +35,6 @@ switch_server=$1
 MAXFD=32768
 CRON_FILE=/etc/crontabs/root
 threads=1
-shunt_type=("global" "youtube" "tw_video" "netflix" "disney" "prime" "tvb" "custom")
-shunt_port=(2080 2081 2082 2083 2084 2085 2086 2087)
-shunt_array=("youtube" "tw_video" "netflix" "disney" "prime" "tvb" "custom")
 scount=0
 uci_get_by_name() {
    local ret=$(uci get $NAME.$1.$2 2>/dev/null)
@ -63,14 +60,23 @@ del_cron() {
 }
 count_shunt() {
    scount=0
-    for ((i = 0; i < ${#shunt_array[@]}; i++)); do
-        local server_index=$(uci_get_by_type global ${shunt_array[i]}_server)
+    eval shunt_array1="youtube"
+    eval shunt_array2="tw_video"
+    eval shunt_array3="netflix"
+    eval shunt_array4="disney"
+    eval shunt_array5="prime"
+    eval shunt_array6="tvb"
+    eval shunt_array7="custom"
+    for i in 1 2 3 4 5 6 7; do
+        a=$(eval echo "\$shunt_array$i")
+        local server_index=$(uci_get_by_type global ${a}_server)
        local server_type=$(uci_get_by_name $server_index type)
        if [ "$server_type" != "" ]; then
            scount=$(($scount + 1))
        fi
    done
 }
+
 count_shunt
 run_mode=$(uci_get_by_type global run_mode)
 is_xray=$(uci_get_by_type global use_xray)
@ -149,7 +155,7 @@ start_rules() {

    local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port)
    local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips)
-    local lan_ac_mode="b"
+    local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode)
    local router_proxy=$(uci_get_by_type access_control router_proxy)
    if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a $kcp_flag == 0 ]; then
        ARG_UDP="-u"
@ -228,11 +234,11 @@ start_pdnsd() {
        chown -R nobody:nogroup /var/pdnsd
    fi

-    cat >/var/etc/pdnsd.conf <<EOF
+    cat <<-EOF >/var/etc/pdnsd.conf
 			global{
 			perm_cache=1024;
 			cache_dir="/var/pdnsd";
-	pid_file = /var/run/pdnsd.pid;
+			pid_file="/var/run/pdnsd.pid";
 			run_as="nobody";
 			server_ip=127.0.0.1;
 			server_port=5335;
@ -244,6 +250,7 @@ global {
 			neg_domain_pol=on;
 			proc_limit=2;
 			procq_limit=8;
+			par_queries=1;
 			}
 			server{
 			label="ssr-usrdns";
@ -254,17 +261,7 @@ server {
 			interval=10m;
 			purge_cache=off;
 			}
-server {
-	label= "ssr-pdnsd";
-	ip = $tcp_dns_list;
-	port = 5353;
-	timeout=6;
-	uptest=none;
-	interval=10m;
-	purge_cache=off;
-}
 		EOF
-
    /usr/sbin/pdnsd -c /var/etc/pdnsd.conf &
 }

@ -282,23 +279,40 @@ find_bin() {
        fi
        ;;
    trojan) ret="/usr/sbin/trojan" ;;
-    socks5 | tun) ret="/usr/sbin/redsocks2" ;;
    esac
    echo $ret
 }
 #分流节点
 start_shunt() {
-    for ((i = 0; i < ${#shunt_type[@]}; i++)); do
-        local server_index=$(uci_get_by_type global ${shunt_type[i]}_server)
-        local server_port=${shunt_port[i]}
+    eval shunt_type1="global"
+    eval shunt_type2="youtube"
+    eval shunt_type3="tw_video"
+    eval shunt_type4="netflix"
+    eval shunt_type5="disney"
+    eval shunt_type6="prime"
+    eval shunt_type7="tvb"
+    eval shunt_type8="custom"
+    eval shunt_port1=2080
+    eval shunt_port2=2081
+    eval shunt_port3=2082
+    eval shunt_port4=2083
+    eval shunt_port5=2084
+    eval shunt_port6=2085
+    eval shunt_port7=2086
+    eval shunt_port8=2087
+    for i in 1 2 3 4 5 6 7 8; do
+        shunt_type=$(eval echo "\$shunt_type$i")
+        shunt_port=$(eval echo "\$shunt_port$i")
+        local server_index=$(uci_get_by_type global ${shunt_type}_server)
+        local server_port=${shunt_port}
        local server_type=$(uci_get_by_name $server_index type)
        local server_ip=$(uci_get_by_name $server_index server)
-        if ["$server_type" == "vless"]; then
+        if [ "$server_type" = "vless" ]; then
            server_type="v2ray"
        fi
-        [ "$server_type" == "trojan" ] && re_type="client" || re_type="tcp"
+        [ "$server_type" = "trojan" ] && re_type="client" || re_type="tcp"
        if [ "$server_type" != "v2ray" -a "$server_type" != "" ]; then
-            local config_file=/var/etc/${NAME}_${shunt_type[i]}.json
+            local config_file=/var/etc/${NAME}_${shunt_type}.json
            local bin=$(find_bin $server_type)
            lua /usr/share/vssr/genconfig_${server_type}.lua ${server_index} ${re_type} ${server_port} ${server_ip} >${config_file}
            sed -i 's/\\//g' $config_file
@ -306,13 +320,13 @@ start_shunt() {
            ss | ssr)
                bin=$(find_bin "ss-local")
                [ "$server_type" == "ssr" ] && bin=$(find_bin "ssr-local")
-                $bin -c $config_file $ARG_OTA -f /var/run/vssr-${shunt_type[i]}.pid1 >/dev/null 2>&1
+                $bin -c $config_file $ARG_OTA -f /var/run/vssr-${shunt_type}.pid1 >/dev/null 2>&1
                ;;
            trojan)
                $bin --config $config_file >/dev/null 2>&1 &
                ;;
            esac
-            echo "$(date "+%Y-%m-%d %H:%M:%S") ${shunt_type[i]}: $server_type 分流服务已启动!" >>/tmp/vssr.log
+            echo "$(date "+%Y-%m-%d %H:%M:%S") ${shunt_type}: $server_type 分流服务已启动!" >>/tmp/vssr.log
        fi
    done
    return $?
@ -370,7 +384,6 @@ start_redir() {
            ;;
        v2ray | vless)
            $sscmd -config $last_config_file >/dev/null 2>&1 &
-            echo $sscmd
            echo "$(date "+%Y-%m-%d %H:%M:%S") $($sscmd -version | head -1) 已启动!" >>/tmp/vssr.log
            ;;
        trojan)
@ -479,9 +492,11 @@ start_service() {
    [ $(uci_get_by_name $1 enable) = "0" ] && return 1
    let server_count=server_count+1
    if [ $server_count = 1 ]; then
-        iptables -N SSR-SERVER-RULE &&
+        if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then
+            iptables -N SSR-SERVER-RULE && \
            iptables -t filter -I INPUT -j SSR-SERVER-RULE
        fi
+    fi

    gen_service_file $1 /var/etc/${NAME}_${server_count}.json
    /usr/bin/ssr-server -c /var/etc/${NAME}_${server_count}.json -u -f /var/run/ssr-server${server_count}.pid >/dev/null 2>&1
@ -527,8 +542,9 @@ start_local() {

    lua /usr/share/vssr/genconfig_v2ray_s.lua >$CONFIG_SOCK5_FILE
    sed -i 's/\\//g' $config_file
-
-    /usr/bin/v2ray/v2ray -config $CONFIG_SOCK5_FILE >/dev/null 2>&1 &
+    socksbin=$(find_bin "v2ray")
+    echo $socksbin
+    $socksbin -config $CONFIG_SOCK5_FILE >/dev/null 2>&1 &
    local_enable=1
 }

@ -551,34 +567,39 @@ start() {
        GLOBAL_SERVER=$switch_server
        switch_enable=1
    fi
-
    if rules; then
-        start_redir
-
-        mkdir -p /tmp/dnsmasq.d \
-        && cp -a /etc/vssr/gfw_list.conf /tmp/dnsmasq.ssr \
-        && cp -a /etc/vssr/gfw_base.conf /tmp/dnsmasq.ssr \
-        && cp -a /etc/vssr/ad.conf /tmp/dnsmasq.ssr \
-        && cp -a /etc/vssr/oversea_list.conf /tmp/dnsmasq.oversea
-        
+        if start_redir; then
+            if [ -f "/tmp/dnsmasq.ssr" ]; then
+                rm -rf /tmp/dnsmasq.ssr
+            fi
+            if [ -f "/tmp/dnsmasq.oversea" ]; then
+                rm -rf /tmp/dnsmasq.oversea
+            fi
+            mkdir -p /tmp/dnsmasq.d
            if ! [ "$run_mode" = "oversea" ]; then
+                mkdir -p /tmp/dnsmasq.ssr
+                cp -rf /etc/vssr/gfw_list.conf /tmp/dnsmasq.ssr/
+                cp -rf /etc/vssr/gfw_base.conf /tmp/dnsmasq.ssr/
+                cp -rf /etc/vssr/ad.conf /tmp/dnsmasq.ssr/
                cat >/tmp/dnsmasq.d/dnsmasq-ssr.conf <<EOF
 conf-dir=/tmp/dnsmasq.ssr
 EOF
            else
+                mkdir -p /tmp/dnsmasq.oversea
+                cp -rf /etc/vssr/oversea_list.conf /tmp/dnsmasq.oversea/
                cat >/tmp/dnsmasq.d/dnsmasq-ssr.conf <<EOF
 conf-dir=/tmp/dnsmasq.oversea
 EOF
            fi
-
            if [ $(uci_get_by_type global adblock) = 0 ]; then
                rm -f /tmp/dnsmasq.ssr/ad.conf
            fi
-
            /usr/share/vssr/gfw2ipset.sh
-        /etc/init.d/dnsmasq restart >/dev/null 2>&1
-
+        else
+            /usr/bin/ssr-rules -f
        fi
+    fi
+    /etc/init.d/dnsmasq restart >/dev/null 2>&1
    start_server
    start_local
    if [ $scount != "0" ]; then
@ -615,10 +636,10 @@ stop() {
    if [ $(uci_get_by_type global monitor_enable) = 1 ]; then
        kill -9 $(busybox ps -w | grep vssr-monitor | grep -v grep | awk '{print $1}') >/dev/null 2>&1
    fi
-    killall -q -9 ss-redir ss-local obfs-local ssr-redir ssr-local ssr-server v2ray v2ray-plugin trojan microsocks ipt2socks dns2socks redsocks2 pdnsd xray
+    killall -q -9 ss-redir ss-local obfs-local ssr-redir ssr-local ssr-server v2ray v2ray-plugin xray trojan microsocks ipt2socks dns2socks pdnsd

    if [ -f "/tmp/dnsmasq.d/dnsmasq-ssr.conf" ]; then
-        rm -f /tmp/dnsmasq.d/dnsmasq-ssr.conf
+        rm -f /tmp/dnsmasq.d/dnsmasq-ssr.conf /tmp/dnsmasq.ssr /tmp/dnsmasq.oversea
        /etc/init.d/dnsmasq restart >/dev/null 2>&1
    fi
    del_cron
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/black.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/black.list
@ -1,25 +1,4 @@
 api.ipify.org
-fast.com
-netflix.ca
-netflix.com
-netflix.net
-netflixinvestor.com
-netflixtechblog.com
-nflxext.com
-nflximg.com
-nflximg.net
-nflxsearch.net
-nflxso.net
-nflxvideo.net
-amazonprimevideos.com
-amazonvideo.cc
-amazonvideo.com
-prime-video.com
-primevideo.cc
-primevideo.com
-primevideo.info
-primevideo.org
-primevideo.tv
 v2fly.org
 github.com
 raw.githubusercontent.com
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/custom_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/custom_domain.list
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/disney_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/disney_domain.list
@ -0,0 +1,6 @@
+cdn.registerdisney.go.com
+disneyplus.com
+disney-plus.net
+dssott.com
+bamgrid.com
+execute-api.us-east-1.amazonaws.com
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/netflix_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/netflix_domain.list
@ -0,0 +1,22 @@
+fast.com
+netflix.ca
+netflix.com
+netflix.net
+netflixinvestor.com
+netflixtechblog.com
+nflxext.com
+nflximg.com
+nflximg.net
+nflxsearch.net
+nflxso.net
+nflxvideo.net
+netflixdnstest0.com
+netflixdnstest1.com
+netflixdnstest2.com
+netflixdnstest3.com
+netflixdnstest4.com
+netflixdnstest5.com
+netflixdnstest6.com
+netflixdnstest7.com
+netflixdnstest8.com
+netflixdnstest9.com
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/prime_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/prime_domain.list
@ -0,0 +1,12 @@
+aiv-cdn.net
+amazonaws.com
+amazonvideo.com
+llnwd.net
+amazonprimevideos.com
+amazonvideo.cc
+prime-video.com
+primevideo.cc
+primevideo.com
+primevideo.info
+primevideo.org
+primevideo.tv
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/tvb_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/tvb_domain.list
@ -0,0 +1,2 @@
+tvsuper.com
+tvb.com
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/tw_video_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/tw_video_domain.list
@ -0,0 +1,12 @@
+vidol.tv
+hinet.net
+books.com
+litv.tv
+pstatic.net
+app-measurement.com
+kktv.com.tw
+gamer.com.tw
+wetv.vip
+kktv.me
+myvideo.net.tw
+kk.stream
--- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/youtube_domain.list
+++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/youtube_domain.list
@ -0,0 +1,14 @@
+youtube
+ggpht.com
+googlevideo.com
+withyoutube.com
+youtu.be
+youtube-nocookie.com
+youtube.com
+youtubeeducation.com
+youtubegaming.com
+youtubei.googleapis.com
+youtubekids.com
+youtubemobilesupport.com
+yt.be
+ytimg.com
--- a/package/ctcgfw/luci-app-vssr/root/usr/bin/vssr-rules
+++ b/package/ctcgfw/luci-app-vssr/root/usr/bin/vssr-rules
@ -75,6 +75,8 @@ flush_r() {

 ipset_r() {
    ipset -N gmlan hash:net 2>/dev/null
+    $IPT -N SS_SPEC_WAN_AC
+    $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
    for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done
    case "$RUNMODE" in
    router)
@ -83,31 +85,25 @@ ipset_r() {
 			$(gen_iplist | sed -e "s/^/add ss_spec_wan_ac /")
 		EOF
        ipset -N gfwlist hash:net 2>/dev/null
-        $IPT -N SS_SPEC_WAN_AC
-        $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
        $IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
        ;;
    gfw)
        ipset -N gfwlist hash:net 2>/dev/null
-        $IPT -N SS_SPEC_WAN_AC
        $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
        $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
        $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
-        $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
        ;;
    oversea)
        ipset -N oversea hash:net 2>/dev/null
-        $IPT -N SS_SPEC_WAN_AC
-        ipset -N gmlan hash:net 2>/dev/null
-        for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done
+        $IPT -I SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW
+        $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW
        $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW
-        $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
        ;;
    all)
-        $IPT -N SS_SPEC_WAN_AC
        $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
-        $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
        ;;
    esac

--- a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_trojan.lua
+++ b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_trojan.lua
@ -19,7 +19,7 @@ local trojan = {
    -- 传出连接
    ssl = {
        verify = (server.insecure == '0') and true or false,
-        verify_hostname = (server.tls == '1') and false or true,
+        verify_hostname = (server.tls == '1') and true or false,
        cert = '',
        cipher = 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA',
        cipher_tls13 = 'TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384',
--- a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_v2ray.lua
+++ b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_v2ray.lua
@ -7,31 +7,34 @@ local local_port = arg[3]
 local outbounds_table = {}
 local rules_table = {}

+function read_conf(file)
+    local rfile = io.open(file, "r")
+    local ltable = {}
+    for line in rfile:lines() do
+        local re = string.gsub(line, "\r", "")
+        table.insert(ltable,re)
+    end
+    local rtable = next(ltable) ~= nil and ltable or nil
+    return rtable
+end

 local v2ray_flow = ucursor:get_first(name, 'global', 'v2ray_flow', '0')
-local proxy_domain_name = ucursor:get_list(name, '@access_control[0]', 'proxy_domain_name')
+
+local custom_domain = read_conf("/etc/vssr/custom_domain.list")
+local youtube_domain = read_conf("/etc/vssr/youtube_domain.list")
+local tw_video_domain = read_conf("/etc/vssr/tw_video_domain.list")
+local netflix_domain = read_conf("/etc/vssr/netflix_domain.list")
+local disney_domain = read_conf("/etc/vssr/disney_domain.list")
+local prime_domain = read_conf("/etc/vssr/prime_domain.list")
+local tvb_domain = read_conf("/etc/vssr/tvb_domain.list")
+
 local flow_table = {
    yotube = {
        name = 'youtube',
        port = 2081,
        rules = {
            type = 'field',
-            domain = {
-                'youtube',
-                'ggpht.com',
-                'googlevideo.com',
-                'withyoutube.com',
-                'youtu.be',
-                'youtube-nocookie.com',
-                'youtube.com',
-                'youtubeeducation.com',
-                'youtubegaming.com',
-                'youtubei.googleapis.com',
-                'youtubekids.com',
-                'youtubemobilesupport.com',
-                'yt.be',
-                'ytimg.com'
-            },
+            domain = youtube_domain,
            outboundTag = 'youtube'
        }
    },
@ -40,19 +43,7 @@ local flow_table = {
        port = 2082,
        rules = {
            type = 'field',
-            domain = {
-                'vidol.tv',
-                'hinet.net',
-                'books.com',
-                'litv.tv',
-                'pstatic.net',
-                'app-measurement.com',
-                'kktv.com.tw',
-                'gamer.com.tw',
-                'wetv.vip',
-                'kktv.me',
-                'myvideo.net.tw'
-            },
+            domain = tw_video_domain,
            outboundTag = 'tw_video'
        }
    },
@ -61,30 +52,7 @@ local flow_table = {
        port = 2083,
        rules = {
            type = 'field',
-            domain = {
-                'fast.com',
-                'netflix.ca',
-                'netflix.com',
-                'netflix.net',
-                'netflixinvestor.com',
-                'netflixtechblog.com',
-                'nflxext.com',
-                'nflximg.com',
-                'nflximg.net',
-                'nflxsearch.net',
-                'nflxso.net',
-                'nflxvideo.net',
-                'netflixdnstest0.com',
-                'netflixdnstest1.com',
-                'netflixdnstest2.com',
-                'netflixdnstest3.com',
-                'netflixdnstest4.com',
-                'netflixdnstest5.com',
-                'netflixdnstest6.com',
-                'netflixdnstest7.com',
-                'netflixdnstest8.com',
-                'netflixdnstest9.com'
-            },
+            domain = netflix_domain,
            outboundTag = 'netflix'
        }
    },
@ -93,14 +61,7 @@ local flow_table = {
        port = 2084,
        rules = {
            type = 'field',
-            domain = {
-                'cdn.registerdisney.go.com',
-                'disneyplus.com',
-                'disney-plus.net',
-                'dssott.com',
-                'bamgrid.com',
-                'execute-api.us-east-1.amazonaws.com'
-            },
+            domain = disney_domain,
            outboundTag = 'disney'
        }
    },
@ -109,20 +70,7 @@ local flow_table = {
        port = 2085,
        rules = {
            type = 'field',
-            domain = {
-                'aiv-cdn.net',
-                'amazonaws.com',
-                'amazonvideo.com',
-                'llnwd.net',
-                'amazonprimevideos.com',
-                'amazonvideo.cc',
-                'prime-video.com',
-                'primevideo.cc',
-                'primevideo.com',
-                'primevideo.info',
-                'primevideo.org',
-                'primevideo.tv'
-            },
+            domain = prime_domain,
            outboundTag = 'prime'
        }
    },
@ -131,7 +79,7 @@ local flow_table = {
        port = 2086,
        rules = {
            type = 'field',
-            domain = {'tvsuper.com', 'tvb.com'},
+            domain = tvb_domain,
            outboundTag = 'tvb'
        }
    },
@ -140,7 +88,7 @@ local flow_table = {
        port = 2087,
        rules = {
            type = 'field',
-            domain = proxy_domain_name,
+            domain = custom_domain,
            outboundTag = 'custom'
        }
    }
@ -174,14 +122,6 @@ function gen_outbound(server_node, tags, local_ports)
        bound = nil
    else
        local server = ucursor:get_all(name, server_node)
-        local outbound_security = "none"
-        if (server.xtls == '1') then
-            outbound_security = "xtls"
-        elseif (server.tls == '1') then
-            outbound_security = "tls"
-        elseif (server.tls == "0") then
-            outbound_security = "none"
-        end
        local node_type = server.type == "vless" and "vless" or "vmess"

        if server.type ~= 'v2ray' and server.type ~= 'vless' then
@ -218,9 +158,9 @@ function gen_outbound(server_node, tags, local_ports)
                -- 底层传输配置
                streamSettings = {
                    network = server.transport,
-                    security = outbound_security,
-                    tlsSettings = (outbound_security == "tls") and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil,
-                    xtlsSettings = (outbound_security == "xtls") and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil,
+                    security = (server.tls == '1') and ((server.xtls == '1') and "xtls" or "tls") or "none",
+                    tlsSettings = (server.tls == '1' and server.xtls ~= '1') and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil,
+                    xtlsSettings = (server.xtls == '1') and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil,
                    kcpSettings = (server.transport == 'kcp') and
                        {
                            mtu = tonumber(server.mtu),
@ -271,11 +211,13 @@ end

 if v2ray_flow == '1' then
    table.insert(outbounds_table, gen_outbound(server_section, 'global', 2080))
-    for i, v in pairs(flow_table) do
+    for _, v in pairs(flow_table) do
+        if(v.rules.domain ~= nil) then
            local server = ucursor:get_first(name, 'global', v.name .. '_server')
            table.insert(outbounds_table, gen_outbound(server, v.name, v.port))
            table.insert(rules_table, (server ~= nil and server ~= 'nil' ) and v.rules or nil)
        end
+    end
 else
    table.insert(outbounds_table, gen_outbound(server_section, 'main', local_port))
 end
--- a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/gfw2ipset.sh
+++ b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/gfw2ipset.sh
@ -1,6 +1,12 @@
 #!/bin/sh
 . /lib/functions.sh

+uci_get_by_type() {
+    local ret=$(uci get vssr.@$1[0].$2 2>/dev/null)
+    echo ${ret:=$3}
+}
+v2ray_flow=$(uci_get_by_type global v2ray_flow)
+
 mkdir -p /tmp/dnsmasq.ssr

 awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"gfwlist"'\n",$0)}' /etc/vssr/gfw.list >/tmp/dnsmasq.ssr/custom_forward.conf
@ -11,6 +17,27 @@ awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/blac

 awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"whitelist"'\n",$0)}' /etc/vssr/white.list >/tmp/dnsmasq.ssr/whitelist_forward.conf

+if [ "$v2ray_flow" = "1" ]; then
+
+    awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/tw_video_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/tw_video_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    
+    awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/netflix_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/netflix_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    
+    awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/disney_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/disney_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    
+    awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/prime_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/prime_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    
+    awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/tvb_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/tvb_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    
+    awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/custom_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+    awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/custom_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf
+fi
+
 function valid_ip() {
  ip=$1
  read_ip=$(echo $ip | awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')