luci ssr plus: add enhanced Game Mode user IP control list

package/lean/luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=1
-PKG_RELEASE:=52
+PKG_RELEASE:=53
 
 PO2LMO:=$(BUILD_DIR)/luci-base/po2lmo
 

package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua

@@ -194,13 +194,13 @@ o.rmempty = false
 o.default = uuid
 o:depends("type", "v2ray")
 
--- 加密方式
+-- 加密方式
 o = s:option(ListValue, "security", translate("Encrypt Method"))
 for _, v in ipairs(securitys) do o:value(v, v:upper()) end
 o.rmempty = false
 o:depends("type", "v2ray")
 
--- 传输协议
+-- 传输协议
 o = s:option(ListValue, "transport", translate("Transport"))
 o:value("tcp", "TCP")
 o:value("kcp", "mKCP")
@@ -209,50 +209,50 @@ o:value("h2", "HTTP/2")
 o.rmempty = false
 o:depends("type", "v2ray")
 
--- [[ TCP部分 ]]--
+-- [[ TCP部分 ]]--
 
--- TCP伪装
+-- TCP伪装
 o = s:option(ListValue, "tcp_guise", translate("Camouflage Type"))
 o:depends("transport", "tcp")
 o:value("none", translate("None"))
 o:value("http", "HTTP")
 o.rmempty = true
 
--- HTTP域名
+-- HTTP域名
 o = s:option(DynamicList, "http_host", translate("HTTP Host"))
 o:depends("tcp_guise", "http")
 o.rmempty = true
 
--- HTTP路径
+-- HTTP路径
 o = s:option(DynamicList, "http_path", translate("HTTP Path"))
 o:depends("tcp_guise", "http")
 o.rmempty = true
 
--- [[ WS部分 ]]--
+-- [[ WS部分 ]]--
 
--- WS域名
+-- WS域名
 o = s:option(Value, "ws_host", translate("WebSocket Host"))
 o:depends("transport", "ws")
 o.rmempty = true
 
--- WS路径
+-- WS路径
 o = s:option(Value, "ws_path", translate("WebSocket Path"))
 o:depends("transport", "ws")
 o.rmempty = true
 
--- [[ H2部分 ]]--
+-- [[ H2部分 ]]--
 
--- H2域名
+-- H2域名
 o = s:option(DynamicList, "h2_host", translate("HTTP/2 Host"))
 o:depends("transport", "h2")
 o.rmempty = true
 
--- H2路径
+-- H2路径
 o = s:option(Value, "h2_path", translate("HTTP/2 Path"))
 o:depends("transport", "h2")
 o.rmempty = true
 
--- [[ mKCP部分 ]]--
+-- [[ mKCP部分 ]]--
 
 o = s:option(ListValue, "kcp_guise", translate("Camouflage Type"))
 o:depends("transport", "kcp")

package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua

@@ -33,6 +33,14 @@ luci.ip.neighbors({ family = 4 }, function(entry)
        end
 end)
 
+o = s:taboption("lan_ac", DynamicList, "lan_gm_ips", translate("Game Mode Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({ family = 4 }, function(entry)
+       if entry.reachable then
+               o:value(entry.dest:string())
+       end
+end)
+
 -- Part of Self
 -- s:tab("self_ac", translate("Router Self AC"))
 -- o = s:taboption("self_ac",ListValue, "router_proxy", translate("Router Self Proxy"))

package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po

@@ -467,3 +467,6 @@ msgstr "服务器节点类型"
 msgid "Using incorrect encryption mothod may causes service fail to start"
 msgstr "输入不正确的参数组合可能会导致服务无法启动"
 
+msgid "Game Mode Host List"
+msgstr "增强游戏模式客户端 LAN IP"
+

package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -190,6 +190,7 @@ start_rules() {
 		-b "$(uci_get_by_type access_control wan_bp_ips)" \
 		-w "$(uci_get_by_type access_control wan_fw_ips)" \
 		-p "$(uci_get_by_type access_control lan_fp_ips)" \
+		-G "$(uci_get_by_type access_control lan_gm_ips)" \
 		$(get_arg_out) $gfwmode $ARG_UDP
 			
 	return $?

package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules

@@ -27,6 +27,7 @@ usage() {
 		    -b <wan_ips>            wan ip of will be bypassed
 		    -w <wan_ips>            wan ip of will be forwarded
 		    -p <fp_lan_ips>         lan ip of will be global proxy
+		    -G <gm_lan_ips>         lan ip of will be game mode proxy
 		    -e <extra_options>      extra options for iptables
 		    -o                      apply the rules to the OUTPUT chain
 		    -O                      apply the global rules to the OUTPUT chain
@@ -62,6 +63,7 @@ flush_r() {
 	ipset -X ss_spec_wan_ac 2>/dev/null
 	ipset -X ssr_gen_router 2>/dev/null
 	ipset -X fplan 2>/dev/null
+	ipset -X gmlan 2>/dev/null
 	[ -n "$FWI" ] && echo '#!/bin/sh' >$FWI
 	return 0
 }
@@ -84,8 +86,12 @@ EOF
 	$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 	
+	ipset -N gmlan hash:net 2>/dev/null
+	for ip in $LAN_GM_IP; do ipset -! add gmlan $ip ; done
+	$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
+	
 	ipset -N fplan hash:net 2>/dev/null
-	for ip in $LAN_FP_IP; do ipset add fplan $ip ; done
+	for ip in $LAN_FP_IP; do ipset -! add fplan $ip ; done
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
 	
 	$IPT -I SS_SPEC_WAN_AC -d $server -j RETURN
@@ -96,12 +102,14 @@ EOF
 
 fw_rule() {
 	$IPT -N SS_SPEC_WAN_FW
-	$IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 0.0.0.0/8 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 10.0.0.0/8 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 127.0.0.0/8 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 169.254.0.0/16 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 172.16.0.0/12 -j RETURN
-	$IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4	-j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 192.168.0.0/16 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 224.0.0.0/4 -j RETURN
+  $IPT -A SS_SPEC_WAN_FW -d 240.0.0.0/4 -j RETURN
 	$IPT -A SS_SPEC_WAN_FW -p tcp \
 		-j REDIRECT --to-ports $local_port 2>/dev/null || {
 		loger 3 "Can't redirect, please check the iptables."
@@ -154,18 +162,28 @@ tp_rule() {
 	ip route add local 0.0.0.0/0 dev lo table 100
 	local ipt="iptables -t mangle"
 	$ipt -N SS_SPEC_TPROXY
+	$ipt -A SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 0.0.0.0/8 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 10.0.0.0/8 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 127.0.0.0/8 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 169.254.0.0/16 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 172.16.0.0/12 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 192.168.0.0/16 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
+  $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
+  
 	if [ -z "$GFWMODE" ] ;then
 	$ipt -A SS_SPEC_TPROXY -p udp -m set ! --match-set ss_spec_wan_ac dst \
 		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	else
+	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst \
+		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	$ipt -A SS_SPEC_TPROXY -p udp -m set  --match-set gfwlist dst \
 		-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	fi	
 		
-	$ipt -I SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN
-	$ipt -I SS_SPEC_TPROXY -p udp --dport 53 -j RETURN
-	$ipt -I SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
-	
 	$ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET \
 		-m comment --comment "$TAG" -j SS_SPEC_TPROXY
 	return $?
@@ -242,7 +260,7 @@ EOF
 	return 0
 }
 
-while getopts ":s:l:S:L:i:e:a:b:w:p:oOuUfgh" arg; do
+while getopts ":s:l:S:L:i:e:a:b:w:p:G:oOuUfgh" arg; do
 	case "$arg" in
 		s)
 			server=$OPTARG
@@ -274,6 +292,9 @@ while getopts ":s:l:S:L:i:e:a:b:w:p:oOuUfgh" arg; do
 		p)
 			LAN_FP_IP=$OPTARG
 			;;	
+		G)
+			LAN_GM_IP=$OPTARG
+			;;	
 		o)
 			OUTPUT=1
 			;;