diff --git a/.github/workflows/multi-arch-test-build.yml b/.github/workflows/multi-arch-test-build.yml
index 9224a702979..3a87f46d24d 100644
--- a/.github/workflows/multi-arch-test-build.yml
+++ b/.github/workflows/multi-arch-test-build.yml
@@ -126,7 +126,7 @@ jobs:
cat PKG-INFO
- name: Store packages
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v3
with:
name: ${{env.ARCHIVE_NAME}}-packages
path: |
@@ -136,7 +136,7 @@ jobs:
PKG-INFO
- name: Store logs
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@v3
with:
name: ${{env.ARCHIVE_NAME}}-logs
path: |
diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile
index e9c523991d3..49c0983eeca 100644
--- a/luci-app-ssr-plus/Makefile
+++ b/luci-app-ssr-plus/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-ssr-plus
PKG_VERSION:=189
-PKG_RELEASE:=5
+PKG_RELEASE:=3
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NONE_V2RAY \
@@ -32,7 +32,7 @@ PKG_CONFIG_DEPENDS:= \
LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/Tuic/ShadowTLS/Hysteria/Socks5/Tun LuCI interface
LUCI_PKGARCH:=all
LUCI_DEPENDS:= \
- +coreutils +coreutils-base64 +dns2socks +dns2tcp +dnsmasq-full +@PACKAGE_dnsmasq_full_ipset +ipset +kmod-ipt-nat +jq \
+ +coreutils +coreutils-base64 +dns2socks +dns2tcp +dnsmasq-full +@PACKAGE_dnsmasq_full_ipset +ipset +kmod-ipt-nat \
+ip-full +iptables +iptables-mod-tproxy +lua +lua-neturl +libuci-lua +microsocks \
+tcping +resolveip +shadowsocksr-libev-ssr-check +uclient-fetch \
+PACKAGE_$(PKG_NAME)_INCLUDE_libustream-mbedtls:libustream-mbedtls \
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
index cbe33407535..6bd7aaafb33 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua
@@ -169,15 +169,15 @@ o.rmempty = false
o.cfgvalue = function(self, section)
local enabled = m:get(section, "enabled")
if enabled == "0" then
- return m:get(section, "old_server")
+ return m:get(section, "old_server") or "same"
end
- return Value.cfgvalue(self, section) -- Default to `same` when enabled
+ return Value.cfgvalue(self, section) or "same" -- Default to `same` when enabled
end
o.write = function(self, section, value)
local enabled = m:get(section, "enabled")
if enabled == "0" then
- local old_server = Value.cfgvalue(self, section)
+ local old_server = Value.cfgvalue(self, section) or "same"
if old_server ~= "nil" then
m:set(section, "old_server", old_server)
end
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
index f51e11adc3b..5504de197e1 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@@ -434,7 +434,7 @@ o:depends("type", "shadowtls")
o.default = "1"
o.rmempty = false
-o = s:option(Flag, "fastopen", translate("TCP Fast Open"), translate("Enabling TCP Fast Open Requires Server Support."))
+o = s:option(Flag, "fastopen", translate("TCP Fast Open"))
o:depends("type", "shadowtls")
o.default = "0"
o.rmempty = false
@@ -735,8 +735,8 @@ o.rmempty = true
o = s:option(Flag, "enable_xhttp_extra", translate("XHTTP Extra"))
o.description = translate("Enable this option to configure XHTTP Extra (JSON format).")
-o.rmempty = true
o.default = "0"
+o.rmempty = false
o:depends("transport", "xhttp")
o = s:option(TextValue, "xhttp_extra", " ")
@@ -1008,19 +1008,6 @@ if is_finded("xray") then
o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "raw", tls = true})
o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "raw", reality = true})
- o = s:option(ListValue, "xhttp_tls_flow", translate("Flow"))
- for _, v in ipairs(tls_flows) do
- if v == "none" then
- o.default = "none"
- o:value("none", translate("none"))
- else
- o:value("xtls-rprx-vision", translate("xtls-rprx-vision"))
- end
- end
- o.rmempty = true
- o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "xhttp", tls = true})
- o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "xhttp", reality = true})
-
-- [[ uTLS ]]--
o = s:option(ListValue, "fingerprint", translate("Finger Print"))
o.default = ""
@@ -1064,37 +1051,19 @@ o:depends({type = "hysteria", insecure = true })
o.rmempty = true
--- [[ Mux.Cool ]] --
-o = s:option(Flag, "mux", translate("Mux"), translate("Enable Mux.Cool"))
+-- [[ Mux ]]--
+o = s:option(Flag, "mux", translate("Mux"))
o.rmempty = false
o.default = false
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "raw"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "ws"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "kcp"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "httpupgrade"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "splithttp"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "h2"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "quic"})
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "grpc"})
+o:depends({type = "v2ray", v2ray_protocol = "vless"})
o:depends({type = "v2ray", v2ray_protocol = "vmess"})
o:depends({type = "v2ray", v2ray_protocol = "trojan"})
o:depends({type = "v2ray", v2ray_protocol = "shadowsocks"})
o:depends({type = "v2ray", v2ray_protocol = "socks"})
o:depends({type = "v2ray", v2ray_protocol = "http"})
--- [[ XUDP Mux ]] --
-o = s:option(Flag, "xmux", translate("Xudp Mux"), translate("Enable Xudp Mux"))
-o.rmempty = false
-o.default = false
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "xhttp"})
-
-- [[ TCP 最大并发连接数 ]]--
-o = s:option(Value, "concurrency", translate("concurrency"))
-o.description = translate(
- ""
- .. "- " .. translate("Default: disable. When entering a negative number, such as -1, The Mux module will not be used to carry TCP traffic.") .. "
"
- .. "- " .. translate("Min value is 1, Max value is 128. When omitted or set to 0, it equals 8.") .. "
"
- .. "
")
+o = s:option(ListValue, "concurrency", translate("concurrency"))
o.rmempty = true
o.default = "-1"
o:value("-1", translate("disable"))
@@ -1102,27 +1071,15 @@ o:value("8", translate("8"))
o:depends("mux", true)
-- [[ UDP 最大并发连接数 ]]--
-o = s:option(Value, "xudpConcurrency", translate("xudpConcurrency"))
-o.description = translate(
- ""
- .. "- " .. translate("Default:16. When entering a negative number, such as -1, The Mux module will not be used to carry UDP traffic, Use original UDP transmission method of proxy protocol.") .. "
"
- .. "- " .. translate("Min value is 1, Max value is 1024. When omitted or set to 0, Will same path as TCP traffic.") .. "
"
- .. "
")
+o = s:option(ListValue, "xudpConcurrency", translate("xudpConcurrency"))
o.rmempty = true
o.default = "16"
o:value("-1", translate("disable"))
o:value("16", translate("16"))
o:depends("mux", true)
-o:depends("xmux", true)
-- [[ 对被代理的 UDP/443 流量处理方式 ]]--
o = s:option(ListValue, "xudpProxyUDP443", translate("xudpProxyUDP443"))
-o.description = translate(
- ""
- .. "- " .. translate("Default reject rejects traffic.") .. "
"
- .. "- " .. translate("allow: Allows use Mux connection.") .. "
"
- .. "- " .. translate("skip: Not use Mux module to carry UDP 443 traffic, Use original UDP transmission method of proxy protocol.") .. "
"
- .. "
")
o.rmempty = true
o.default = "reject"
o:value("reject", translate("reject"))
@@ -1130,16 +1087,11 @@ o:value("allow", translate("allow"))
o:value("skip", translate("skip"))
o:depends("mux", true)
--- [[ XHTTP TCP Fast Open ]]--
-o = s:option(Flag, "tcpfastopen", translate("TCP Fast Open"), translate("Enabling TCP Fast Open Requires Server Support."))
-o.rmempty = true
-o.default = "0"
-o:depends({type = "v2ray", v2ray_protocol = "vless", transport = "xhttp"})
-- [[ MPTCP ]]--
-o = s:option(Flag, "mptcp", translate("MPTCP"), translate("Enable Multipath TCP, need to be enabled in both server and client configuration."))
-o.rmempty = true
-o.default = "0"
+o = s:option(Flag, "mptcp", translate("MPTCP"), translate("Enabling MPTCP Requires Server Support."))
+o.rmempty = false
+o.default = false
o:depends({type = "v2ray", v2ray_protocol = "vless"})
o:depends({type = "v2ray", v2ray_protocol = "vmess"})
o:depends({type = "v2ray", v2ray_protocol = "trojan"})
@@ -1214,7 +1166,7 @@ o:value("/etc/ssl/private/ca.pem")
o.description = translate("Please confirm the current certificate path")
o.default = "/etc/ssl/private/ca.pem"
-o = s:option(Flag, "fast_open", translate("TCP Fast Open"), translate("Enabling TCP Fast Open Requires Server Support."))
+o = s:option(Flag, "fast_open", translate("TCP Fast Open"))
o.rmempty = true
o.default = "0"
o:depends("type", "ssr")
diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
index 991884858b0..a7166abdbf7 100644
--- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
+++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/servers.lua
@@ -67,11 +67,6 @@ o.write = function()
luci.http.redirect(luci.dispatcher.build_url("admin", "services", "shadowsocksr", "servers"))
end
-o = s:option(Flag, "allow_insecure", translate("Allow subscribe Insecure nodes By default"))
-o.rmempty = false
-o.description = translate("Subscribe nodes allows insecure connection as TLS client (insecure)")
-o.default = "0"
-
o = s:option(Flag, "switch", translate("Subscribe Default Auto-Switch"))
o.rmempty = false
o.description = translate("Subscribe new add server default Auto-Switch on")
diff --git a/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm b/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm
index f9befe53fb4..d0b77f10f8c 100644
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm
@@ -4,7 +4,7 @@
-%>
diff --git a/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm b/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
index 1ae02e4dc83..d8dfbdd7784 100644
--- a/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
+++ b/luci-app-ssr-plus/luasrc/view/shadowsocksr/ssrurl.htm
@@ -374,19 +374,12 @@
if (ssm.tls == "tls") {
document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].checked = true;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls')[0].dispatchEvent(event);
- document.getElementsByName('cbid.shadowsocksr.' + sid + '.fingerprint')[0].value = ssm.fp;
- if (ssm.net == "xhttp") {
- document.getElementsByName('cbid.shadowsocksr.' + sid + '.xhttp_alpn')[0].value = ssm.alpn;
- }
+ document.getElementsByName('cbid.shadowsocksr.' + sid + '.xhttp_alpn')[0].value = ssm.alpn;
document.getElementsByName('cbid.shadowsocksr.' + sid + '.tls_host')[0].value = ssm.sni || ssm.host;
}
if (ssm.mux !== undefined) {
- document.getElementsByName('cbid.shadowsocksr.' + sid + '.mux')[0].checked = true;
- document.getElementsByName('cbid.shadowsocksr.' + sid + '.mux')[0].dispatchEvent(event);
- }
- if (ssm.xmux !== undefined) {
- document.getElementsByName('cbid.shadowsocksr.' + sid + '.xmux')[0].checked = true;
- document.getElementsByName('cbid.shadowsocksr.' + sid + '.xmux')[0].dispatchEvent(event);
+ document.getElementsByName('cbid.shadowsocksr.' + sid + '.mux')[0].checked = true;
+ document.getElementsByName('cbid.shadowsocksr.' + sid + '.mux')[0].dispatchEvent(event);
}
s.innerHTML = "<%:Import configuration information successfully.%>";
return false;
diff --git a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
index a7477863674..bc39d90a48e 100644
--- a/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
+++ b/luci-app-ssr-plus/po/zh_Hans/ssr-plus.po
@@ -91,44 +91,18 @@ msgstr "TLS 主机名"
msgid "allowInsecure"
msgstr "允许不安全连接"
-msgid "Enable Mux.Cool"
-msgstr "启用 Mux.Cool"
-
-msgid "Enable Xudp Mux"
-msgstr "启用 Xudp Mux"
-
-msgid "Enable Multipath TCP, need to be enabled in both server and client configuration."
-msgstr "启用 Multipath TCP,需在服务端和客户端配置中同时启用。"
+msgid "Enabling MPTCP Requires Server Support."
+msgstr "启用 MPTCP 需服务端支持。"
msgid "concurrency"
msgstr "TCP 最大并发连接数"
-msgid "Default: disable. When entering a negative number, such as -1, The Mux module will not be used to carry TCP traffic."
-msgstr "默认:禁用。填负数时,如 -1,不使用 Mux 模块承载 TCP 流量。"
-
-msgid "Min value is 1, Max value is 128. When omitted or set to 0, it equals 8."
-msgstr "最小值 1,最大值 128。省略或者填 0 时都等于 8。"
-
msgid "xudpConcurrency"
msgstr "UDP 最大并发连接数"
-msgid "Default:16. When entering a negative number, such as -1, The Mux module will not be used to carry UDP traffic, Use original UDP transmission method of proxy protocol."
-msgstr "默认值:16。填负数时,如 -1,不使用 Mux 模块承载 UDP 流量。将使用代理协议原本的 UDP 传输方式。"
-
-msgid "Min value is 1, Max value is 1024. When omitted or set to 0, Will same path as TCP traffic."
-msgstr "最小值 1,最大值 1024。 省略或者填 0 时,将与 TCP 流量走同一条路,也就是传统的行为。"
-
msgid "xudpProxyUDP443"
msgstr "对被代理的 UDP/443 流量处理方式"
-msgid "Default reject rejects traffic."
-msgstr "默认 reject 拒绝流量。"
-
-msgid "allow: Allows use Mux connection."
-msgstr "allow:允许走 Mux 连接。"
-
-msgid "skip: Not use Mux module to carry UDP 443 traffic, Use original UDP transmission method of proxy protocol."
-msgstr "skip:不使用 Mux 模块承载 UDP 443 流量,将使用代理协议原本的 UDP 传输方式。"
msgid "custom_tcpcongestion"
msgstr "连接服务器节点的 TCP 拥塞控制算法"
@@ -333,9 +307,6 @@ msgstr "服务器"
msgid "TCP Fast Open"
msgstr "TCP 快速打开"
-msgid "Enabling TCP Fast Open Requires Server Support."
-msgstr "启用 TCP 快速打开需要服务端支持。"
-
msgid "Status"
msgstr "状态"
@@ -1296,12 +1267,6 @@ msgstr "是否要恢复客户端默认配置?"
msgid "Are you sure you want to restore the client to default settings?"
msgstr "是否真的要恢复客户端默认配置?"
-msgid "Allow subscribe Insecure nodes By default"
-msgstr "订阅节点允许不验证TLS证书"
-
-msgid "Subscribe nodes allows insecure connection as TLS client (insecure)"
-msgstr "订阅节点强制开启 不验证TLS客户端证书 (insecure)"
-
msgid "MosDNS GeoIP List Data"
msgstr "【MosDNS GeoIP】数据库"
diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
index 5daf3d254a8..a1303bfcd0a 100755
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@@ -509,7 +509,6 @@ start_udp() {
shunt_dns_command() {
local shunt_dns_mode="$(uci_get_by_type global shunt_dns_mode)"
local shunt_dnsserver="$(uci_get_by_type global shunt_dnsserver)"
- local tmp_port=$1
case "$shunt_dns_mode" in
1)
ln_start_bin $(first_type dns2socks) dns2socks 127.0.0.1:$tmp_port $shunt_dnsserver 127.0.0.1:$tmp_shunt_dns_port -q
@@ -534,37 +533,6 @@ shunt_dns_command() {
esac
}
-shunt_dns_config_file_port() {
- if [ "$LOCAL_SERVER" == "$SHUNT_SERVER" ]; then
- # NetFlix 和 全局socks 节点相同
- if [ "$(uci_get_by_type socks5_proxy socks5_auth nil)" != "noauth" ]; then
- # 全局socks 有密码,NetFlix 不能使用 auth 验证,需更换为新端口并使用无密码的 socks 配置用于分流
- # 新增NetFlix dns 使用端口
- local port=$tmp_shunt_local_port
- jq --arg port "$port" '.inbounds |= .[0:1] + [{"protocol":"socks","port":($port | tonumber),"settings":{"udp":true,"auth":"noauth"}}] + .[1:]' "$shunt_config_file" > "$shunt_config_file.tmp" && mv "$shunt_config_file.tmp" $shunt_config_file
- echo $port # 返回端口号
- return 0 # 成功返回
- else
- sed -i -e '/"mixed"/d' $shunt_config_file
- fi
- else
- # NetFlix 和 全局 socks 节点不相同
- if [ "$(uci_get_by_type socks5_proxy socks5_auth nil)" != "noauth" ]; then
- # 全局socks 有密码,NetFlix不能使用auth验证,需设置为无密码的socks配置用于分流
- # 删除 NetFlix dns 端口密码验证
- sed -i \
- -e '/"mixed"/d' \
- -e 's/"auth"\s*:\s*"password"/\"auth\": \"noauth\"/g' \
- -e '/"accounts": \[/,/\]/d' $shunt_config_file
- else
- sed -i -e '/"mixed"/d' $shunt_config_file
- fi
- fi
- # 使用传入的端口
- echo $1 # 返回传入的端口号
- return 0 # 成功返回
-}
-
start_shunt() {
local type=$(uci_get_by_name $SHUNT_SERVER type)
case "$type" in
@@ -578,16 +546,14 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type ${type}local ${type}-local) ${type}-local -c $shunt_dns_config_file
fi
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "shunt:$(get_name $type) Started!"
;;
v2ray)
local tmp_port=${tmp_local_port:-$tmp_shunt_local_port}
gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
- # 处理配置文件中的 NetFlix 端口
- tmp_port=$(shunt_dns_config_file_port $tmp_port)
ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!"
;;
trojan)
@@ -599,7 +565,7 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type trojan) $type --config $shunt_dns_config_file
fi
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "shunt:$($(first_type trojan) --version 2>&1 | head -1) Started!"
;;
naiveproxy)
@@ -611,7 +577,7 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type naive) naive --config $shunt_dns_config_file
fi
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "shunt:$($(first_type "naive") --version 2>&1 | head -1) Started!"
redir_udp=0
;;
@@ -624,7 +590,7 @@ start_shunt() {
gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port
fi
ln_start_bin $(first_type hysteria) hysteria client --config $shunt_config_file
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "shunt:$($(first_type hysteria) version | grep Version | awk '{print "Hysteria2: " $2}') Started!"
;;
tuic)
@@ -636,7 +602,7 @@ start_shunt() {
[ -n "$tmp_local_port" ] && tmp_port=$tmp_local_port || tmp_port=$tmp_shunt_local_port
gen_config_file $SHUNT_SERVER $type 3 $tmp_port # make a tuic socks :304
ln_start_bin $(first_type tuic-client) tuic-client --config $shunt_dns_config_file
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "Netflix Separated Shunt Server:tuic-client $($(first_type tuic-client) --version) Started!"
# FIXME: ipt2socks cannot handle udp reply from tuic
#redir_udp=0
@@ -646,7 +612,7 @@ start_shunt() {
gen_config_file $SHUNT_SERVER $type 3 "10${tmp_shunt_port}" $tmp_port chain/$tmp_shunt_port #make a redir:303 and a socks:304
#echo "debug \$tmp_port=$tmp_port, \$tmp_shunt_port=${tmp_shunt_port}, \$tmp_shunt_local_port=$tmp_shunt_local_port"
ln_start_bin $(first_type shadow-tls) shadow-tls config --config $chain_config_file
- shunt_dns_command $tmp_port
+ shunt_dns_command
local chain_type=$(uci_get_by_name $SHUNT_SERVER chain_type)
case ${chain_type} in
vmess)
@@ -672,7 +638,7 @@ start_shunt() {
# local tmp_port=$tmp_shunt_local_port
# ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
# fi
- # shunt_dns_command $tmp_port
+ # shunt_dns_command
# echolog "shunt:$type REDIRECT/TPROXY Started!"
# ;;
*)
@@ -684,7 +650,7 @@ start_shunt() {
local tmp_port=$tmp_shunt_local_port
ln_start_bin $(first_type microsocks) microsocks -i 127.0.0.1 -p $tmp_port shunt-dns-ssr-plus
fi
- shunt_dns_command $tmp_port
+ shunt_dns_command
echolog "shunt:$type REDIRECT/TPROXY Started!"
;;
esac
@@ -885,13 +851,7 @@ load_config() {
else
GLOBAL_SERVER=$switch_server
fi
- if [ "$(uci_get_by_type socks5_proxy enabled 0)" == "1" ]; then
- # 只有开启 全局socks 才需要取值
- LOCAL_SERVER=$(uci_get_by_type socks5_proxy server nil)
- else
- # 没有开启 设置为 nil
- LOCAL_SERVER=nil
- fi
+ LOCAL_SERVER=$(uci_get_by_type socks5_proxy server nil)
if [ "$GLOBAL_SERVER" == "nil" ]; then
mode="tcp,udp"
_local="2"
@@ -900,13 +860,7 @@ load_config() {
return 1
fi
UDP_RELAY_SERVER=$(uci_get_by_type global udp_relay_server nil)
- if [ "$(uci_get_by_type global netflix_enable 0)" == "1" ]; then
- # 只有开启 NetFlix分流 才需要取值
- SHUNT_SERVER=$(uci_get_by_type global netflix_server nil)
- else
- # 没有开启 设置为 nil
- SHUNT_SERVER=nil
- fi
+ SHUNT_SERVER=$(uci_get_by_type global netflix_server nil)
tcp_config_file=$TMP_PATH/tcp-only-ssr-retcp.json
case "$UDP_RELAY_SERVER" in
nil)
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
index ccee7f563a3..4071be9f3e2 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua
@@ -29,7 +29,7 @@ function vmess_vless()
alterId = (server.v2ray_protocol == "vmess" or not server.v2ray_protocol) and tonumber(server.alter_id) or nil,
security = (server.v2ray_protocol == "vmess" or not server.v2ray_protocol) and server.security or nil,
encryption = (server.v2ray_protocol == "vless") and server.vless_encryption or nil,
- flow = (((server.xtls == '1') or (server.tls == '1') or (server.reality == '1')) and (((server.tls_flow ~= "none") and server.tls_flow) or ((server.xhttp_tls_flow ~= "none") and server.xhttp_tls_flow))) or nil
+ flow = (((server.xtls == '1') or (server.tls == '1') or (server.reality == '1')) and server.tls_flow ~= "none") and server.tls_flow or nil
}
}
}
@@ -184,11 +184,11 @@ if proto and proto:find("tcp") and socks_port ~= "0" then
-- socks
protocol = "socks",
port = tonumber(socks_port),
- settings = {
- auth = socks_server.socks5_auth or "noauth",
+ settings = (socks_server.server ~= "same") and {
+ auth = socks_server.socks5_auth,
udp = true,
- mixed = ((socks_server.socks5_mixed == '1') and true or false) or (socks_server.server == 'same') and nil,
- accounts = (socks_server.server ~= "same" and (socks_server.socks5_auth and socks_server.socks5_auth ~= "noauth")) and {
+ mixed = (socks_server.socks5_mixed == '1') and true or false,
+ accounts = (socks_server.socks5_auth ~= "noauth") and {
{
user = socks_server.socks5_user,
pass = socks_server.socks5_pass
@@ -310,19 +310,18 @@ end
} or nil,
sockopt = {
mark = 250,
- tcpFastOpen = ((server.transport == "xhttp" and server.tcpfastopen == "1") and true or false) or (server.transport ~= "xhttp") and nil, -- XHTTP Tcp Fast Open
tcpMptcp = (server.mptcp == "1") and true or nil, -- MPTCP
- Penetrate = (server.mptcp == "1") and true or nil, -- Penetrate MPTCP
+ tcpNoDelay = (server.mptcp == "1") and true or nil, -- MPTCP
tcpcongestion = server.custom_tcpcongestion, -- 连接服务器节点的 TCP 拥塞控制算法
dialerProxy = (xray_fragment.fragment == "1" or xray_fragment.noise == "1") and "dialerproxy" or nil
}
} or nil,
mux = (server.v2ray_protocol ~= "wireguard") and {
-- mux
- enabled = (server.mux == "1" or server.xmux == "1") and true or false, -- Mux
- concurrency = (server.mux == "1" and ((server.concurrency ~= "0") and tonumber(server.concurrency) or 8)) or (server.xmux == "1" and -1) or nil, -- TCP 最大并发连接数
- xudpConcurrency = ((server.xudpConcurrency ~= "0") and tonumber(server.xudpConcurrency)) or nil, -- UDP 最大并发连接数
- xudpProxyUDP443 = (server.mux == "1") and server.xudpProxyUDP443 or nil -- 对被代理的 UDP/443 流量处理方式
+ enabled = (server.mux == "1") and true or false, -- Mux
+ concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数
+ xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数
+ xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式
} or nil
}
}
@@ -350,9 +349,8 @@ if xray_fragment.fragment ~= "0" or (xray_fragment.noise ~= "0" and xray_noise.e
streamSettings = {
sockopt = {
mark = 250,
- tcpFastOpen = ((server.transport == "xhttp" and server.tcpfastopen == "1") and true or false) or (server.transport ~= "xhttp") and nil, -- XHTTP Tcp Fast Open
tcpMptcp = (server.mptcp == "1") and true or nil, -- MPTCP
- Penetrate = (server.mptcp == "1") and true or nil, -- Penetrate MPTCP
+ tcpNoDelay = (server.mptcp == "1") and true or nil, -- MPTCP
tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
}
}
diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
index 5a1640c9d88..c4ad4768abf 100755
--- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
+++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/subscribe.lua
@@ -24,7 +24,6 @@ local uciType = 'servers'
local ucic = luci.model.uci.cursor()
local proxy = ucic:get_first(name, 'server_subscribe', 'proxy', '0')
local switch = ucic:get_first(name, 'server_subscribe', 'switch', '1')
-local allow_insecure = ucic:get_first(name, 'server_subscribe', 'allow_insecure', '0')
local subscribe_url = ucic:get_first(name, 'server_subscribe', 'subscribe_url', {})
local filter_words = ucic:get_first(name, 'server_subscribe', 'filter_words', '过期时间/剩余流量')
local save_words = ucic:get_first(name, 'server_subscribe', 'save_words', '')
@@ -258,7 +257,7 @@ local function processData(szType, content)
elseif info.host then
result.tls_host = info.host
end
- result.insecure = allow_insecure
+ result.insecure = 1
else
result.tls = "0"
end
diff --git a/microsocks/Makefile b/microsocks/Makefile
index 5d80729150d..9f3b13a9e30 100644
--- a/microsocks/Makefile
+++ b/microsocks/Makefile
@@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=microsocks
-PKG_VERSION:=1.0.5
+PKG_VERSION:=1.0.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=939d1851a18a4c03f3cc5c92ff7a50eaf045da7814764b4cb9e26921db15abc8
+PKG_HASH:=130127a87f55870f18fbe47a64d9b9533020e2900802d36a0f6fd2b074313deb
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
diff --git a/shadowsocks-libev/Makefile b/shadowsocks-libev/Makefile
index 1fac15aa539..631a9976c05 100644
--- a/shadowsocks-libev/Makefile
+++ b/shadowsocks-libev/Makefile
@@ -14,14 +14,13 @@ include $(TOPDIR)/rules.mk
#
PKG_NAME:=shadowsocks-libev
PKG_VERSION:=3.3.5
-PKG_RELEASE:=13
+PKG_RELEASE:=12
PKG_SOURCE_PROTO:=git
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
-PKG_SOURCE_DATE:=2025-1-20
-PKG_SOURCE_VERSION:=9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6
-PKG_MIRROR_HASH:=575b21803b28db8ab59ecbdb2cf21c4282881507b3a4267cc24f55bad12819cb
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
+PKG_MIRROR_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
PKG_MAINTAINER:=Yousong Zhou
diff --git a/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch b/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch
deleted file mode 100644
index 1c164a95c15..00000000000
--- a/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From 8be7a7cb00b9540e9be05d409191b0bc1ba424f0 Mon Sep 17 00:00:00 2001
-From: notsure2
-Date: Mon, 11 Dec 2023 09:15:47 +0200
-Subject: [PATCH] Fix mishandling of incoming socket buffer. It must be set on
- the listening socket not the accepted socket.
-
----
- src/local.c | 16 ++++++++--------
- src/redir.c | 16 ++++++++--------
- src/server.c | 16 ++++++++--------
- src/tunnel.c | 16 ++++++++--------
- 4 files changed, 32 insertions(+), 32 deletions(-)
-
---- a/src/local.c
-+++ b/src/local.c
-@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const
- }
- }
-
-+ if (tcp_incoming_sndbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-+ }
-+
-+ if (tcp_incoming_rcvbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-+ }
-+
- s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
- if (s == 0) {
- /* We managed to bind successfully! */
-@@ -1406,14 +1414,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
- setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
- #endif
-
-- if (tcp_incoming_sndbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-- }
--
-- if (tcp_incoming_rcvbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-- }
--
- server_t *server = new_server(serverfd);
- server->listener = listener;
-
---- a/src/redir.c
-+++ b/src/redir.c
-@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const
- LOGI("tcp tproxy mode enabled");
- }
-
-+ if (tcp_incoming_sndbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-+ }
-+
-+ if (tcp_incoming_rcvbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-+ }
-+
- s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
- if (s == 0) {
- /* We managed to bind successfully! */
-@@ -759,14 +767,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
- setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
- #endif
-
-- if (tcp_incoming_sndbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-- }
--
-- if (tcp_incoming_rcvbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-- }
--
- int index = rand() % listener->remote_num;
- struct sockaddr *remote_addr = listener->remote_addr[index];
-
---- a/src/server.c
-+++ b/src/server.c
-@@ -620,6 +620,14 @@ create_and_bind(const char *host, const
- }
- }
-
-+ if (tcp_incoming_sndbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-+ }
-+
-+ if (tcp_incoming_rcvbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-+ }
-+
- // Enable out-of-tree mptcp
- if (mptcp == 1) {
- int i = 0;
-@@ -1769,14 +1777,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
- setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
- #endif
-
-- if (tcp_incoming_sndbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-- }
--
-- if (tcp_incoming_rcvbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-- }
--
- setnonblocking(serverfd);
-
- server_t *server = new_server(serverfd, listener);
---- a/src/tunnel.c
-+++ b/src/tunnel.c
-@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const
- }
- }
-
-+ if (tcp_incoming_sndbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-+ }
-+
-+ if (tcp_incoming_rcvbuf > 0) {
-+ setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-+ }
-+
- s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen);
- if (s == 0) {
- /* We managed to bind successfully! */
-@@ -725,14 +733,6 @@ accept_cb(EV_P_ ev_io *w, int revents)
- setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
- #endif
-
-- if (tcp_incoming_sndbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int));
-- }
--
-- if (tcp_incoming_rcvbuf > 0) {
-- setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int));
-- }
--
- int index = rand() % listener->remote_num;
- struct sockaddr *remote_addr = listener->remote_addr[index];
-
diff --git a/shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch b/shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch
new file mode 100644
index 00000000000..4e7f79f7a52
--- /dev/null
+++ b/shadowsocks-libev/patches/101-fix-mbedtls3.6-build.patch
@@ -0,0 +1,198 @@
+From c2bdb9847e374331a4f1c8fcd3d93e0b57d4c6fc Mon Sep 17 00:00:00 2001
+From: Zxl hhyccc
+Date: Sun, 7 Jul 2024 17:08:27 +0800
+Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+*** The added patch is available in 'mbedtls 3.6 version'.
+
+*** fix *clen += tlen; may cause potential bounds error.
+
+Co-authored-by: Lu jicong
+Signed-off-by: Zxl hhyccc
+---
+ m4/mbedtls.m4 | 20 +++++++++++++++++++
+ src/aead.c | 17 ++++++++++++++++
+ src/crypto.c | 2 +-
+ src/stream.c | 17 ++++++++++++++++
+
+ 4 files changed, 55 insertions(+), 1 deletion(-)
+
+--- a/m4/mbedtls.m4
++++ b/m4/mbedtls.m4
+@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS],
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
++#include
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include
++#else
+ #include
++#endif
+ ]],
+ [[
+ #ifndef MBEDTLS_CIPHER_MODE_CFB
+@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS],
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
++#include
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include
++#else
+ #include
++#endif
+ ]],
+ [[
+ #ifndef MBEDTLS_ARC4_C
+@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS],
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
++#include
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include
++#else
+ #include
++#endif
+ ]],
+ [[
+ #ifndef MBEDTLS_BLOWFISH_C
+@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS],
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
++#include
++#if MBEDTLS_VERSION_NUMBER >= 0x03000000
++#include
++#else
+ #include
++#endif
+ ]],
+ [[
+ #ifndef MBEDTLS_CAMELLIA_C
+--- a/src/aead.c
++++ b/src/aead.c
+@@ -178,9 +178,14 @@ aead_cipher_encrypt(cipher_ctx_t *cipher
+ case AES192GCM:
+ case AES128GCM:
+
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+ err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+ m, mlen, c, clen, c + mlen, tlen);
+ *clen += tlen;
++#else
++ err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
++ m, mlen, c, mlen + tlen, clen, tlen);
++#endif
+ break;
+ case CHACHA20POLY1305IETF:
+ err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
+@@ -226,8 +231,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher
+ // Otherwise, just use the mbedTLS one with crappy AES-NI.
+ case AES192GCM:
+ case AES128GCM:
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+ err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
+ m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
++#else
++ err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
++ m, mlen, p, mlen - tlen, plen, tlen);
++#endif
+ break;
+ case CHACHA20POLY1305IETF:
+ err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
+@@ -724,9 +734,26 @@ aead_key_init(int method, const char *pa
+ if (method >= CHACHA20POLY1305IETF) {
+ cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
+ cipher->info = cipher_info;
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+ cipher->info->base = NULL;
+ cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
+ cipher->info->iv_size = supported_aead_ciphers_nonce_size[method];
++#else
++ cipher->info->private_base_idx = 0;
++
++#ifdef MBEDTLS_KEY_BITLEN_SHIFT
++ cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT;
++#else
++ cipher->info->private_key_bitlen = supported_aead_ciphers_key_size[method] * 8;
++#endif
++
++#ifdef MBEDTLS_IV_SIZE_SHIFT
++ cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT;
++#else
++ cipher->info->private_iv_size = supported_aead_ciphers_nonce_size[method];
++#endif
++
++#endif
+ } else {
+ cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
+ }
+--- a/src/crypto.c
++++ b/src/crypto.c
+@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_
+ if (md == NULL) {
+ md = m;
+ }
+-#if MBEDTLS_VERSION_NUMBER >= 0x02070000
++#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
+ if (mbedtls_md5_ret(d, n, md) != 0)
+ FATAL("Failed to calculate MD5");
+ #else
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -174,7 +174,11 @@ cipher_nonce_size(const cipher_t *cipher
+ if (cipher == NULL) {
+ return 0;
+ }
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+ return cipher->info->iv_size;
++#else
++ return (int)mbedtls_cipher_info_get_iv_size(cipher->info);
++#endif
+ }
+
+ int
+@@ -192,7 +196,11 @@ cipher_key_size(const cipher_t *cipher)
+ return 0;
+ }
+ /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+ return cipher->info->key_bitlen / 8;
++#else
++ return (int)mbedtls_cipher_info_get_key_bitlen(cipher->info) / 8;
++#endif
+ }
+
+ const cipher_kt_t *
+@@ -645,9 +653,26 @@ stream_key_init(int method, const char *
+ if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
+ cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
+ cipher->info = cipher_info;
++#if MBEDTLS_VERSION_NUMBER < 0x03000000
+ cipher->info->base = NULL;
+ cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
+ cipher->info->iv_size = supported_stream_ciphers_nonce_size[method];
++#else
++ cipher->info->private_base_idx = 0;
++
++#ifdef MBEDTLS_KEY_BITLEN_SHIFT
++ cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8 >> MBEDTLS_KEY_BITLEN_SHIFT;
++#else
++ cipher->info->private_key_bitlen = supported_stream_ciphers_key_size[method] * 8;
++#endif
++
++#ifdef MBEDTLS_IV_SIZE_SHIFT
++ cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method] >> MBEDTLS_IV_SIZE_SHIFT;
++#else
++ cipher->info->private_iv_size = supported_stream_ciphers_nonce_size[method];
++#endif
++
++#endif
+ } else {
+ cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
+ }
diff --git a/shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch b/shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch
deleted file mode 100644
index b911133d201..00000000000
--- a/shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From f4ee43fa27e00a573d90a8cac68f12655570bbf7 Mon Sep 17 00:00:00 2001
-From: lwb1978 <86697442+lwb1978@users.noreply.github.com>
-Date: Tue, 4 Feb 2025 15:51:17 +0800
-Subject: [PATCH] Deprecate load16_be() function in favor to ntohs() function
-
----
- src/aead.c | 2 +-
- src/local.c | 6 +++---
- src/server.c | 2 +-
- src/udprelay.c | 2 +-
- src/utils.c | 8 --------
- src/utils.h | 1 -
- 6 files changed, 6 insertions(+), 15 deletions(-)
-
---- a/src/aead.c
-+++ b/src/aead.c
-@@ -605,7 +605,7 @@ aead_chunk_decrypt(cipher_ctx_t *ctx, ui
- return CRYPTO_ERROR;
- assert(*plen == CHUNK_SIZE_LEN);
-
-- mlen = load16_be(len_buf);
-+ mlen = ntohs(*(uint16_t*)len_buf);
- mlen = mlen & CHUNK_SIZE_MASK;
-
- if (mlen == 0)
---- a/src/local.c
-+++ b/src/local.c
-@@ -390,7 +390,7 @@ server_handshake(EV_P_ ev_io *w, buffer_
- abuf->len += in_addr_len + 2;
-
- if (acl || verbose) {
-- uint16_t p = load16_be(buf->data + request_len + in_addr_len);
-+ uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in_addr_len));
- if (!inet_ntop(AF_INET, (const void *)(buf->data + request_len),
- ip, INET_ADDRSTRLEN)) {
- LOGI("inet_ntop(AF_INET): %s", strerror(errno));
-@@ -408,7 +408,7 @@ server_handshake(EV_P_ ev_io *w, buffer_
- abuf->len += name_len + 2;
-
- if (acl || verbose) {
-- uint16_t p = load16_be(buf->data + request_len + 1 + name_len);
-+ uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + 1 + name_len));
- memcpy(host, buf->data + request_len + 1, name_len);
- host[name_len] = '\0';
- sprintf(port, "%d", p);
-@@ -422,7 +422,7 @@ server_handshake(EV_P_ ev_io *w, buffer_
- abuf->len += in6_addr_len + 2;
-
- if (acl || verbose) {
-- uint16_t p = load16_be(buf->data + request_len + in6_addr_len);
-+ uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in6_addr_len));
- if (!inet_ntop(AF_INET6, (const void *)(buf->data + request_len),
- ip, INET6_ADDRSTRLEN)) {
- LOGI("inet_ntop(AF_INET6): %s", strerror(errno));
---- a/src/server.c
-+++ b/src/server.c
-@@ -1137,7 +1137,7 @@ server_recv_cb(EV_P_ ev_io *w, int reven
- return;
- }
-
-- port = ntohs(load16_be(server->buf->data + offset));
-+ port = *(uint16_t*)(server->buf->data + offset);
-
- offset += 2;
-
---- a/src/udprelay.c
-+++ b/src/udprelay.c
-@@ -316,7 +316,7 @@ parse_udprelay_header(const char *buf, c
- }
-
- if (port != NULL) {
-- sprintf(port, "%d", load16_be(buf + offset));
-+ sprintf(port, "%d", ntohs(*(uint16_t*)(buf + offset)));
- }
- offset += 2;
-
---- a/src/utils.c
-+++ b/src/utils.c
-@@ -571,14 +571,6 @@ get_default_conf(void)
- #endif
- }
-
--uint16_t
--load16_be(const void *s)
--{
-- const uint8_t *in = (const uint8_t *)s;
-- return ((uint16_t)in[0] << 8)
-- | ((uint16_t)in[1]);
--}
--
- int
- get_mptcp(int enable)
- {
---- a/src/utils.h
-+++ b/src/utils.h
-@@ -249,7 +249,6 @@ void *ss_realloc(void *ptr, size_t new_s
-
- int ss_is_ipv6addr(const char *addr);
- char *get_default_conf(void);
--uint16_t load16_be(const void *s);
- int get_mptcp(int enable);
-
- #endif // _UTILS_H
diff --git a/shadowsocksr-libev/Makefile b/shadowsocksr-libev/Makefile
index fa82de9cf51..bbc9c191ae7 100644
--- a/shadowsocksr-libev/Makefile
+++ b/shadowsocksr-libev/Makefile
@@ -11,11 +11,10 @@ PKG_VERSION:=2.5.6
PKG_RELEASE:=11
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev.git
+PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev
PKG_SOURCE_DATE:=2018-03-07
PKG_SOURCE_VERSION:=d63ff863800a5645aca4309d5dd5962bd1e95543
-PKG_MIRROR_HASH:=34308ed827a5dd4f4e35619914102d55b00604faa44fda051d1d25fb4a319325
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
+PKG_MIRROR_HASH:=6ab6a32880ee913fb3264f0237b1b5a6d9475585209f6df60b062d7c4901362f
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=LICENSE
diff --git a/v2ray-core/Makefile b/v2ray-core/Makefile
index 1b1d7be4b14..b96bbf3608b 100644
--- a/v2ray-core/Makefile
+++ b/v2ray-core/Makefile
@@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=v2ray-core
-PKG_VERSION:=5.25.0
+PKG_VERSION:=5.24.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/v2fly/v2ray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=becbb68bed2e2b9e119301c5f0d19831c0510df810392526d825dba37021571c
+PKG_HASH:=1b434135924f324dc3f6cf415b9109596a7b356ffcb7948b4e206b50a5e41a88
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
diff --git a/v2ray-plugin/Makefile b/v2ray-plugin/Makefile
index 2ef3e0d1f15..702e5a011aa 100644
--- a/v2ray-plugin/Makefile
+++ b/v2ray-plugin/Makefile
@@ -6,12 +6,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=v2ray-plugin
-PKG_VERSION:=5.25.0
+PKG_VERSION:=5.17.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/teddysun/v2ray-plugin/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=64d2cc376c16ade97b8e2cce69e0c98d74f530dcf8a30cf7d22255969ca5c10d
+PKG_HASH:=035823fa70d0c7e6afa6cced6b9d6f8b29c05a5f28852ad5954e957b61337c9e
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
@@ -22,7 +22,7 @@ PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
PKG_BUILD_FLAGS:=no-mips16
-GO_PKG:=github.com/teddysun/v2ray-plugin
+GO_PKG:=github.com/shadowsocks/v2ray-plugin
GO_PKG_LDFLAGS_X:=main.VERSION=v$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk