fw876 · coolsnowwolf · Oct 12, 2023 · Sep 18, 2023 · Sep 18, 2023 · Sep 28, 2023
diff --git a/luci-app-ssr-plus/Makefile b/luci-app-ssr-plus/Makefile
@@ -11,6 +11,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Tuic-Client \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Shadow-TLS \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy \
@@ -27,7 +28,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan
 
-LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/TUIC/Hysteria/Socks5/Tun LuCI interface
+LUCI_TITLE:=SS/SSR/V2Ray/Trojan/NaiveProxy/TUIC/ShadowTLS/Hysteria/Socks5/Tun LuCI interface
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:= \
 	@(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) \
@@ -41,6 +42,7 @@ LUCI_DEPENDS:= \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG:chinadns-ng \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Hysteria:hysteria \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_TUIC-Client:tuic-client \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Shadow-TLS:shadow-tls \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks:ipt2socks \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Kcptun:kcptun-client \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \
@@ -62,7 +64,7 @@ select PACKAGE_luci-lib-ipkg if PACKAGE_$(PKG_NAME)
 
 choice
 	prompt "Shadowsocks Client Selection"
-	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client if aarch64
+	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client if aarch64 || x86_64
 	default PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client
 
 	config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_NONE_Client
@@ -127,6 +129,14 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_TUIC-Client
 	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
 	default n
 
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadow-TLS
+	bool "Include shadow-TLS"
+	select PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS_NG
+	select PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client
+	depends on aarch64||arm||x86_64
+	depends on !(TARGET_x86_geode||TARGET_x86_legacy)
+	default n
+
 config PACKAGE_$(PKG_NAME)_INCLUDE_IPT2Socks
 	bool "Include IPT2Socks"
 	default n

diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua
@@ -144,8 +144,11 @@ end
 if is_finded("ssr-redir") then
 	o:value("ssr", translate("ShadowsocksR"))
 end
-if is_finded("sslocal") or is_finded("ss-redir") then
-	o:value("ss", translate("Shadowsocks New Version"))
+if is_finded("ss-local") or is_finded("ss-redir") then
+	o:value("ss", translate("Shadowsocks-libev Version"))
+end
+if is_finded("sslocal") or is_finded("ssmanager") then
+	o:value("ss", translate("Shadowsocks-rust Version"))
 end
 if is_finded("trojan") then
 	o:value("trojan", translate("Trojan"))
@@ -159,6 +162,9 @@ end
 if is_finded("tuic-client") then
 	o:value("tuic", translate("TUIC"))
 end
+if is_finded("shadow-tls") and is_finded("sslocal") then
+	o:value("shadowtls", translate("Shadow-TLS"))
+end
 if is_finded("ipt2socks") then
 	o:value("socks5", translate("Socks5"))
 end
@@ -201,18 +207,20 @@ o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
 o:depends("type", "hysteria")
 o:depends("type", "tuic")
+o:depends("type", "shadowtls")
 o:depends("type", "socks5")
 
 o = s:option(Value, "server_port", translate("Server Port"))
 o.datatype = "port"
-o.rmempty = ({port_hopping=0 and false or true})
+o.rmempty = true
 o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "v2ray")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
-o:depends({type="hysteria",port_hopping=0})
+o:depends({type = "hysteria",port_hopping = false})
 o:depends("type", "tuic")
+o:depends("type", "shadowtls")
 o:depends("type", "socks5")
 
 o = s:option(Flag, "auth_enable", translate("Enable Authentication"))
@@ -236,6 +244,7 @@ o:depends("type", "ssr")
 o:depends("type", "ss")
 o:depends("type", "trojan")
 o:depends("type", "naiveproxy")
+o:depends("type", "shadowtls")
 o:depends({type = "socks5", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "http", auth_enable = true})
 o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", auth_enable = true})
@@ -307,55 +316,164 @@ o:depends("type", "ssr")
 o = s:option(Value, "obfs_param", translate("Obfs param (optional)"))
 o:depends("type", "ssr")
 
--- [[ Hysteria ]]--
+
+-- [[ Hysteria2 ]]--
+o = s:option(Value, "hy2_auth", translate("Users Authentication"))
+o:depends("type", "hysteria")
+o.rmempty = false
+
+o = s:option(ListValue, "transport_protocol", translate("Protocol"))
+o:depends("type", "hysteria")
+o:value("udp", translate("udp"))
+o.default = "udp"
+o.rmempty = true
+
 o = s:option(Flag, "port_hopping", translate("Enable Port Hopping"))
 o:depends("type", "hysteria")
 o.rmempty = true
 o.default = "0"
 
+o = s:option(Value, "hopinterval", translate("Port Hopping Interval(Unit:Second)"))
+o:depends({type = "hysteria", port_hopping = true})
+o.datatype = "uinteger"
+o.rmempty = true
+o.default = "30"
+
 o = s:option(Value, "port_range", translate("Port Range"))
-o:depends({type = "hysteria", port_hopping = "1"})
-o.datatype = "portrange"
+o:depends({type = "hysteria", port_hopping = true})
+o.rmempty = false
+
+o = s:option(Flag, "lazy_mode", translate("Enable Lazy Mode"))
+o:depends("type", "hysteria")
 o.rmempty = true
+o.default = "0"
 
-o = s:option(ListValue, "hysteria_protocol", translate("Protocol"))
+o = s:option(Flag, "flag_obfs", translate("Enable Obfuscation"))
 o:depends("type", "hysteria")
-o:value("udp", translate("udp"))
-o:value("wechat-video", translate("wechat-video"))
-o:value("faketcp", translate("faketcp"))
-o.default = "udp"
 o.rmempty = true
+o.default = "0"
+
+o = s:option(Value, "obfs_type", translate("Obfuscation Type"))
+o:depends({type = "hysteria", flag_obfs = "1"})
+o.rmempty = true
+o.default = "salamander"
+
+o = s:option(Value, "salamander", translate("Obfuscation Password"))
+o:depends({type = "hysteria", flag_obfs = "1"})
+o.rmempty = true
+o.default = "cry_me_a_r1ver"
 
-o = s:option(ListValue, "auth_type", translate("Authentication type"))
+o = s:option(Flag, "flag_quicparam", translate("Hysterir QUIC parameters"))
 o:depends("type", "hysteria")
-o:value("0", translate("disabled"))
-o:value("1", translate("base64"))
-o:value("2", translate("string"))
 o.rmempty = true
+o.default = "0"
 
-o = s:option(Value, "auth_payload", translate("Authentication payload"))
-o:depends({type = "hysteria", auth_type = "1"})
-o:depends({type = "hysteria", auth_type = "2"})
+--[[Hysteria2 QUIC parameters setting]]
+o = s:option(Value, "initstreamreceivewindow", translate("QUIC initStreamReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.datatype = "uinteger"
 o.rmempty = true
+o.default = "8388608"
 
-o = s:option(Value, "recv_window", translate("QUIC connection receive window"))
+o = s:option(Value, "maxstreamseceivewindow", translate("QUIC maxStreamReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
 o.datatype = "uinteger"
-o:depends("type", "hysteria")
 o.rmempty = true
+o.default = "8388608"
 
-o = s:option(Value, "recv_window_conn", translate("QUIC stream receive window"))
+o = s:option(Value, "initconnreceivewindow", translate("QUIC initConnReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
 o.datatype = "uinteger"
-o:depends("type", "hysteria")
 o.rmempty = true
+o.default = "20971520"
 
-o = s:option(Flag, "disable_mtu_discovery", translate("Disable Path MTU discovery"))
-o:depends("type", "hysteria")
+o = s:option(Value, "maxconnreceivewindow", translate("QUIC maxConnReceiveWindow"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.datatype = "uinteger"
 o.rmempty = true
+o.default = "20971520"
 
-o = s:option(Flag, "lazy_start", translate("Lazy Start"))
-o:depends("type", "hysteria")
+o = s:option(Value, "maxidletimeout", translate("QUIC maxIdleTimeout(Unit:second)"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.rmempty = true
+o.datatype = "uinteger"
+o.default = "30"
+
+o = s:option(Value, "keepaliveperiod", translate("The keep-alive period.(Unit:second)"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.rmempty = true
+o.datatype = "uinteger"
+o.default = "10"
+
+o = s:option(Flag, "disablepathmtudiscovery", translate("Disable Path MTU discovery"))
+o:depends({type = "hysteria", flag_quicparam = "1"})
+o.rmempty = true
+o.default = false
+
+
+--[[ Shadow-TLS Options ]]
+o = s:option(ListValue, "shadowtls_protocol", translate("shadowTLS protocol Version"))
+o:depends("type", "shadowtls")
+o:value("v3", translate("Enable V3 protocol."))
+o:value("v2", translate("Enable V2 protocol."))
+o.default = "v3"
 o.rmempty = true
+
+o = s:option(Flag, "strict", translate("TLS 1.3 Strict mode"))
+o:depends("type", "shadowtls")
+o.default = "1"
+o.rmempty = false
+
+o = s:option(Flag, "fastopen", translate("TCP Fast Open"))
+o:depends("type", "shadowtls")
 o.default = "0"
+o.rmempty = false
+
+o = s:option(Flag, "disable_nodelay", translate("Disable TCP No_delay"))
+o:depends("type", "shadowtls")
+o.default = "0"
+o.rmempty = true
+
+o = s:option(Value, "shadowtls_sni", translate("shadow-TLS SNI"))
+o:depends("type", "shadowtls")
+o.datatype = "host"
+o.rmempty = true
+o.default = ""
+
+--[[ add a ListValue for Choose chain type,sslocal or vmess ]]
+o = s:option(ListValue, "chain_type", translate("Shadow-TLS ChainPoxy type"))
+o:depends("type", "shadowtls")
+if is_finded("sslocal") then
+	o:value("sslocal", translate("Shadowsocks-rust Version"))
+end
+if is_finded("xray") or is_finded("v2ray") then
+	o:value("vmess", translate("Vmess Protocol"))
+end
+o.default = "sslocal"
+o.rmempty = false
+
+o = s:option(Value, "sslocal_password",translate("Shadowsocks password"))
+o:depends({type = "shadowtls", chain_type = "sslocal"})
+o.rmempty = true
+
+o = s:option(ListValue, "sslocal_method", translate("Encrypt Method"))
+o:depends({type = "shadowtls", chain_type = "sslocal"})
+for _, v in ipairs(encrypt_methods_ss) do
+	o:value(v)
+end
+
+o = s:option(Value, "vmess_uuid", translate("Vmess UUID"))
+o:depends({type = "shadowtls", chain_type = "vmess"})
+o.rmempty = false
+o.default = uuid
+
+o = s:option(ListValue, "vmess_method", translate("Encrypt Method"))
+o:depends({type = "shadowtls", chain_type = "vmess"})
+for _, v in ipairs(securitys) do
+	o:value(v, v:lower())
+end
+o.rmempty = true
+o.default="auto"
 
 -- [[ TUIC ]]
 -- TuicNameId
@@ -420,29 +538,29 @@ o.rmempty = true
 o = s:option(Value, "send_window", translate("TUIC send window"))
 o:depends("type", "tuic")
 o.datatype = "uinteger"
-o.default = 16777216
+o.default = 20971520
 o.rmempty = true
 
 o = s:option(Value, "receive_window", translate("TUIC receive window"))
 o:depends("type", "tuic")
 o.datatype = "uinteger"
-o.default = 8388608
+o.default = 10485760
 o.rmempty = true
 
 o = s:option(Flag, "disable_sni", translate("Disable SNI"))
 o:depends("type", "tuic")
-o.default = 0
+o.default = "0"
 o.rmempty = true
 
 o = s:option(Flag, "zero_rtt_handshake", translate("Enable 0-RTT QUIC handshake"))
 o:depends("type", "tuic")
-o.default = 0
+o.default = "0"
 o.rmempty = true
 
---Tuic settings for the local inbound socks5 server
-o = s:option(Flag, "tuic_dual_stack", translate("Set if the listening socket should be dual-stack"))
+-- Tuic settings for the local inbound socks5 server
+o = s:option(Flag, "tuic_dual_stack", translate("Dual-stack Listening Socket"))
 o:depends("type", "tuic")
-o.default = 0
+o.default = "0"
 o.rmempty = true
 
 o = s:option(Value, "tuic_max_package_size", translate("Maximum packet size the socks5 server can receive from external"))
@@ -651,14 +769,14 @@ o:depends("transport", "kcp")
 o.default = 50
 o.rmempty = true
 
-o = s:option(Value, "uplink_capacity", translate("Uplink Capacity"))
+o = s:option(Value, "uplink_capacity", translate("Uplink Capacity(Default:Mbps)"))
 o.datatype = "uinteger"
 o:depends("transport", "kcp")
 o:depends("type", "hysteria")
 o.default = 5
 o.rmempty = true
 
-o = s:option(Value, "downlink_capacity", translate("Downlink Capacity"))
+o = s:option(Value, "downlink_capacity", translate("Downlink Capacity(Default:Mbps)"))
 o.datatype = "uinteger"
 o:depends("transport", "kcp")
 o:depends("type", "hysteria")
@@ -679,7 +797,6 @@ o.rmempty = true
 
 o = s:option(Value, "seed", translate("Obfuscate password (optional)"))
 o:depends("transport", "kcp")
-o:depends("type", "hysteria")
 o.rmempty = true
 
 o = s:option(Flag, "congestion", translate("Congestion"))
@@ -717,6 +834,7 @@ o:depends({type = "v2ray", v2ray_protocol = "shadowsocks", reality = false})
 o:depends({type = "v2ray", v2ray_protocol = "socks", socks_ver = "5", reality = false})
 o:depends({type = "v2ray", v2ray_protocol = "http", reality = false})
 o:depends("type", "trojan")
+o:depends("type", "hysteria")
 
 -- [[ TLS部分 ]] --
 o = s:option(Flag, "tls_sessionTicket", translate("Session Ticket"))
@@ -772,15 +890,11 @@ o = s:option(Value, "tls_host", translate("TLS Host"))
 o.datatype = "hostname"
 o:depends("tls", true)
 o:depends("reality", true)
-o:depends("type", "hysteria")
 o.rmempty = true
 
 o = s:option(DynamicList, "tls_alpn", translate("TLS ALPN"))
 o:depends("tls", true)
 o:depends("type", "tuic")
-o.rmempty = true
-
-o = s:option(Value, "quic_tls_alpn", translate("QUIC TLS ALPN"))
 o:depends("type", "hysteria")
 o.rmempty = true
 
@@ -791,6 +905,11 @@ o:depends("tls", true)
 o:depends("type", "hysteria")
 o.description = translate("If true, allowss insecure connection at TLS client, e.g., TLS server uses unverifiable certificates.")
 
+-- [[ Hysteria2 TLS pinSHA256 ]] --
+o = s:option(Value, "pinsha256", translate("Certificate fingerprint"))
+o:depends({type = "hysteria", insecure = true })
+o.rmempty = true
+
 -- [[ Mux ]]--
 o = s:option(Flag, "mux", translate("Mux"))
 o.rmempty = false