Skip to content

Instantly share code, notes, and snippets.

@lvii
Created June 20, 2019 08:02
Show Gist options
  • Save lvii/42b4295d6f2dc02dd12ac0d44dd97b5c to your computer and use it in GitHub Desktop.
Save lvii/42b4295d6f2dc02dd12ac0d44dd97b5c to your computer and use it in GitHub Desktop.
#!/bin/sh
#依赖 dnsmasq-full iptables-mod-geoip geoip的数据文件 dns-forwarder
COUNTRY=japan #国家名,字符串,用于显示和注释
COUNTRY_CODE=JP #国家代码 geoip 用
DNS=8.8.4.4 #这个国家的域名走的dns,跟普通ss走的的区分开就行
INTERNAL_DNS_PORT=5301 #本功能内部使用的端口,没被占用就可以
INTERNAL_SS_PORT=1235
SS_SERVER=1 #使用luci-app-shadowsocks里面的第几个服务器作为分流,第一个是0
#按域名指定分流 生成 dnsmasq 的conf
echo "#gfwlist $COUNTRY domains and ipset file" > /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
echo "server=/$COUNTRY_CODE/127.0.0.1#$INTERNAL_DNS_PORT" >> /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
echo "ipset=/$COUNTRY_CODE/FW_$COUNTRY_CODE" >> /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
echo "server=/abema.tv/127.0.0.1#$INTERNAL_DNS_PORT" >> /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
echo "ipset=/abema.tv/FW_$COUNTRY_CODE" >> /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
echo "" >> /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
#以下不需要修改
uci_get_cfg_id(){
CFGID=$(uci show shadowsocks.@servers[$1])
CFGID=${CFGID%%'='*}
CFGID=${CFGID#*'.'}
echo $CFGID
SS_SERVER=$CFGID
}
uci_get_cfg_id $SS_SERVER
uci_get_by_name() {
local ret=$(uci get shadowsocks.$1.$2 2>/dev/null)
echo ${ret:=$3}
}
uci_get_by_type() {
local ret=$(uci get shadowsocks.@$1[0].$2 2>/dev/null)
echo ${ret:=$3}
}
uci_bool_by_name() {
case "$(uci_get_by_name $1 $2)" in
1|on|true|yes|enabled) return 0;;
esac
return 1
}
validate_server() {
[ "$(uci get shadowsocks.$1 2>/dev/null)" = "servers" ]
}
has_valid_server() {
for server in $@; do
validate_server $server && return 0
done
return 1
}
get_arg_udp() {
local server=$(uci_get_by_type transparent_proxy udp_relay_server)
[ "$server" = "same" ] || validate_server $server && echo "-u"
}
get_arg_out() {
case "$(uci_get_by_type access_control self_proxy 1)" in
1) echo "-o";;
2) echo "-O";;
esac
}
get_arg_tfo() {
uci_bool_by_name $1 fast_open && echo "--fast-open"
}
get_server_ips() {
echo $(uci_get_by_name $1 server)
}
get_lan_hosts() {
uci_bool_by_name $1 enable && \
echo "$(uci_get_by_name $1 type),$(uci_get_by_name $1 host)"
}
get_plugin_config() {
local plugin=$(uci_get_by_name $1 plugin)
local plugin_opts=$(uci_get_by_name $1 plugin_opts)
if [ -n "$plugin" -a -n "$plugin_opts" ]; then
echo $plugin >>/var/run/ss-plugin
echo "
\"plugin\": \"$plugin\",
\"plugin_opts\": \"$plugin_opts\","
fi
}
get_crypto_config() {
local key=$(uci_get_by_name $1 key)
local password=$(uci_get_by_name $1 password)
if [ -n "$key" ]; then
echo "\"key\": \"$key\","
elif [ -n "$password" ]; then
echo "\"password\": \"$password\","
else
logger -st shadowsocks -p3 "The password or key is not set."
fi
}
gen_config_file() {
local config_file=/var/etc/shadowsocks.$1.json
cat <<-EOF >$config_file
{
"server": "$(uci_get_by_name $1 server)",
"server_port": $(uci_get_by_name $1 server_port),
$(get_crypto_config $1)
"method": "$(uci_get_by_name $1 encrypt_method)",
"local_address": "0.0.0.0",$(get_plugin_config $1)
"timeout": $(uci_get_by_name $1 timeout 60),
"reuse_port": true
}
EOF
echo $config_file
}
gen_config_file $SS_SERVER
/etc/init.d/shadowsocks restart
#reset
iptables-save -c|grep -v "FW_$COUNTRY_CODE"|iptables-restore -c
ipset flush "FW_$COUNTRY_CODE"
#ipset for counrty
ipset create FW_$COUNTRY_CODE hash:net hashsize 64
#table for country
iptables -N FW_$COUNTRY_CODE -t mangle
iptables -N FW_$COUNTRY_CODE -t nat
iptables -I FW_$COUNTRY_CODE -t mangle -p udp -m comment --comment "!ss-helper:final udp rule for $COUNTRY" \
-j TPROXY --on-ip 0.0.0.0 --on-port $INTERNAL_SS_PORT --tproxy-mark 0x1/0x1
iptables -I FW_$COUNTRY_CODE -t nat -p tcp -m comment --comment "!ss-helper:final tcp rule for $COUNTRY" \
-j REDIRECT --to-port $INTERNAL_SS_PORT
##ps |grep ss-redir && ps|grep dns-forwarder
#ipset traffic for country
iptables -I SS_SPEC_WAN_FW -t mangle -p udp -m set --match-set FW_$COUNTRY_CODE dst \
-m comment --comment "!ss-helper:udp traffic from ipset for $COUNTRY" -j FW_$COUNTRY_CODE
iptables -I SS_SPEC_WAN_FW -t nat -p tcp -m set --match-set FW_$COUNTRY_CODE dst \
-m comment --comment "!ss-helper:tcp traffic from ipset for $COUNTRY" -j FW_$COUNTRY_CODE
#geoip traffic for country
iptables -I SS_SPEC_WAN_FW -t mangle -p udp -m geoip --dst-cc $COUNTRY_CODE \
-m comment --comment "!ss-helper:udp traffic from geoip for $COUNTRY" -j FW_$COUNTRY_CODE
iptables -I SS_SPEC_WAN_FW -t nat -p tcp -m geoip --dst-cc $COUNTRY_CODE \
-m comment --comment "!ss-helper:tcp traffic from geoip for $COUNTRY" -j FW_$COUNTRY_CODE
#dns for country
iptables -I SS_SPEC_WAN_FW -t mangle -p udp -d $DNS --dport 53 \
-m comment --comment "!ss-helper:udp dns for $COUNTRY" -j FW_$COUNTRY_CODE
iptables -I SS_SPEC_WAN_FW -t nat -p tcp -d $DNS --dport 53 \
-m comment --comment "!ss-helper:tcp dns for $COUNTRY" -j FW_$COUNTRY_CODE
#ss transparent proxy for country
ss-redir -c /var/etc/shadowsocks.$SS_SERVER.json -u -l $INTERNAL_SS_PORT --mtu 1492 -f /var/run/ss-redir-$SS_SERVER.pid
cat /etc/dnsmasq.d/dnsmasq_$COUNTRY.conf
/etc/init.d/dnsmasq restart
#restart dns-forwarder
kill -9 $(ps|grep $COUNTRY-dns|grep -v grep|awk '{print $1}')
/usr/bin/dns-forwarder -b 0.0.0.0 -p $INTERNAL_DNS_PORT -s $DNS $COUNTRY-dns > /dev/null &
ps |grep ss-redir && ps|grep dns-forwarder
git clone https://github.com/lede-project/source.git lede
git clone https://github.com/shadowsocks/openwrt-feeds.git package/feeds
git clone https://github.com/shadowsocks/openwrt-shadowsocks.git package/shadowsocks-libev
git clone https://github.com/shadowsocks/luci-app-shadowsocks.git package/luci-app-shadowsocks
git clone https://github.com/aa65535/openwrt-dns-forwarder.git package/dns-forwarder
git clone https://github.com/aa65535/openwrt-chinadns.git package/chinadns
git clone https://github.com/aa65535/openwrt-dist-luci.git package/openwrt-dist-luci
cd lede
./scripts/feeds update -a
./scripts/feeds install -a
rm ./package/feeds/luci/luci-app-shadowsocks-libev
rm ./package/feeds/packages/shadowsocks-*
=============================================================================================
https://github.com/cokebar/openwrt-scripts
https://github.com/cokebar/gfwlist2dnsmasq
https://cokebar.info/archives/664
https://cokebar.info/archives/850
uci add_list dhcp.@dnsmasq[0].confdir=/etc/dnsmasq.d
uci commit dhcp
mkdir /etc/dnsmasq.d
opkg install coreutils-base64 ca-certificates ca-bundle curl
curl -L -o generate_dnsmasq_chinalist.sh https://github.com/cokebar/openwrt-scripts/raw/master/generate_dnsmasq_chinalist.sh
chmod +x generate_dnsmasq_chinalist.sh
sh generate_dnsmasq_chinalist.sh -d 114.114.114.114 -p 53 -s ss_spec_dst_bp -o /etc/dnsmasq.d/accelerated-domains.china.conf
curl -L -o gfwlist2dnsmasq.sh https://github.com/cokebar/gfwlist2dnsmasq/raw/master/gfwlist2dnsmasq.sh
chmod +x gfwlist2dnsmasq.sh
sh gfwlist2dnsmasq.sh -d 127.0.0.1 -p 5300 -s ss_spec_dst_fw -o /etc/dnsmasq.d/dnsmasq_gfwlist.conf
*/10 * * * * /root/ss_watchdog.sh >> /var/log/ss_watchdog.log 2>&1
15 4 * * * echo "" > /var/log/ss_watchdog.log
* 4 * * * reboot
30 4 * * * /root/updateChnroute2.sh > /dev/null 2>&1
#!/usr/bin/lua
-- resolve and update shadowsocks server IP
-- while server domain stored in alias
require("uci")
require("socket")
x = uci.cursor()
x:foreach("shadowsocks", "servers", function(s)
local ip, _ = socket.dns.toip(s['alias'])
print(s['alias'],ip)
x:set("shadowsocks",s['.name'],"server",ip)
end)
x:commit("shadowsocks")
#!/bin/sh
# by stigliew
logger 测试ss服务器延迟.
SERVER_COUNT=0
CURR_SERVER_FORLOOP=0
CURR_LAG=999.999
SERVER_WINS=0
SERVER_WINS_NAME="NULL"
while true
do
CURR_SERVER=$CURR_SERVER_FORLOOP
CFGID=$( uci show shadowsocks.@servers[$CURR_SERVER] )
if [ "$CFGID" == "" ]
then
SERVER_COUNT=$(($CURR_SERVER_FORLOOP-1))
break
fi
SERVER=$(uci get shadowsocks.@servers[$CURR_SERVER].server)
if [ "$SERVER" == "" ]
then
SERVER_COUNT=$(($CURR_SERVER_FORLOOP-1))
break
fi
uci set shadowsocks.@servers[$CURR_SERVER].ss_server_check=CHECKING
CURR_SERVER_FORLOOP=$(($CURR_SERVER_FORLOOP+1))
done
echo "Shadowsocks server count:$SERVER_COUNT"
if [ $SERVER_COUNT == 0 ];then
exit 0;
fi
for CURR_SERVER_FORLOOP in `seq 0 $SERVER_COUNT`
do
{
CURR_SERVER=$CURR_SERVER_FORLOOP
CFGID=$( uci show shadowsocks.@servers[$CURR_SERVER] )
CFGID=${CFGID%%'='*}
CFGID=${CFGID#*'.'}
SERVER=$(uci get shadowsocks.@servers[$CURR_SERVER].server)
PORT=$(uci get shadowsocks.@servers[$CURR_SERVER].server_port)
PASSWD=$(uci get shadowsocks.@servers[$CURR_SERVER].password)
METHOD=$(uci get shadowsocks.@servers[$CURR_SERVER].encrypt_method)
ALIAS=$(uci get shadowsocks.@servers[$CURR_SERVER].alias)
echo "[$CURR_SERVER]Testing shadowsocks server: $CFGID:$ALIAS"
echo '888.888'>/tmp/ss-server-check-$CURR_SERVER.result
ss-local -s $SERVER -p $PORT -k $PASSWD -m $METHOD -l 310$CURR_SERVER -b 0.0.0.0 >/tmp/ss-server-check-$CURR_SERVER.log 2>/tmp/ss-server-check-$CURR_SERVER.error.log & echo $! >/tmp/ss-server-check-$CURR_SERVER.pid
#echo "ss-server-check PID's: $(cat /tmp/ss-server-check-$CURR_SERVER.pid)"
sleep 1s
curl --connect-timeout 1 --max-time 2 --retry 2 --socks5-hostname 127.0.0.1:310$CURR_SERVER -o /dev/null -s -w %{time_total} http://www.google.com/generate_204 >/tmp/ss-server-check-$CURR_SERVER.result
EXITSTAT=$?
RESULT_STR=$(cat /tmp/ss-server-check-$CURR_SERVER.result)
echo "[$CURR_SERVER]ss-server-check result: $RESULT_STR , with curl stat:$EXITSTAT"
if [ $EXITSTAT == 0 ]
then
var=$(awk 'BEGIN{ print "'$RESULT_STR'"<"'$CURR_LAG'" }')
if [ "$var" -eq 1 ];then
CURR_LAG=$RESULT_STR
SERVER_WINS=$CFGID
fi
uci set shadowsocks.@servers[$CURR_SERVER].ss_server_check=$RESULT_STR
else
echo "[$CURR_SERVER]Shadowsocks server failed!"
echo "$(cat /tmp/ss-server-check-$CURR_SERVER.error.log)"
uci set shadowsocks.@servers[$CURR_SERVER].ss_server_check=FAILED
fi
}&
done
sleep 3s
for CURR_SERVER_FORLOOP in `seq 0 $SERVER_COUNT`
do
CURR_SERVER=$CURR_SERVER_FORLOOP
kill -9 $(cat /tmp/ss-server-check-$CURR_SERVER.pid)
RESULT_STR=$(uci get shadowsocks.@servers[$CURR_SERVER].ss_server_check)
CFGID=$( uci show shadowsocks.@servers[$CURR_SERVER] )
CFGID=${CFGID%%'='*}
CFGID=${CFGID#*'.'}
var=$(awk 'BEGIN{ print "'$RESULT_STR'"<"'$CURR_LAG'" }')
if [ "$var" -eq 1 ];then
CURR_LAG=$RESULT_STR
SERVER_WINS=$CFGID
SERVER_WINS_NAME=$(uci get shadowsocks.@servers[$CURR_SERVER].alias)
fi
done
logger "选择了Shadowsocks服务器: [$SERVER_WINS_NAME,$SERVER_WINS] ! 延时: $CURR_LAG"
echo "yay! server [$SERVER_WINS_NAME,$SERVER_WINS] wins! @$CURR_LAG"
uci commit shadowsocks
echo "$CURR_LAG">/tmp/ss-lag-avg
LAST_SERVER=$( uci get shadowsocks.@transparent_proxy[0].main_server )
if [ "$LAST_SERVER" != "$SERVER_WINS" ];then
echo "setting shadowsocks server [$SERVER_WINS_NAME]..."
uci set shadowsocks.@transparent_proxy[0].main_server=$SERVER_WINS
uci set shadowsocks.@socks5_proxy[0].server=$SERVER_WINS
uci commit shadowsocks
/etc/init.d/shadowsocks stop
/etc/init.d/chinadns stop
/etc/init.d/dns-forwarder stop
/etc/init.d/dnsmasq stop
/etc/init.d/shadowsocks start
sleep 1s
/etc/init.d/chinadns start
/etc/init.d/dns-forwarder start
/etc/init.d/dnsmasq start
fi
rm -rf /tmp/ss-server-check*
#!/bin/sh
# "server recv: Connection reset by peer"
LED="wrtnode:blue:indicator"
echo "default-on" > /sys/class/leds/$LED/trigger
logread -f | \
while read line ; do
echo "$line" | grep "server recv: Connection reset by peer"
if [ $? = 0 ]
then
echo "shadowsocks server is down."
echo 0 > /sys/class/leds/$LED/brightness #on
sleep 1
echo 1 > /sys/class/leds/$LED/brightness #off
fi
done
#git clone https://github.com/shadowsocks/openwrt-feeds.git package/feeds
#git clone https://github.com/shadowsocks/openwrt-shadowsocks.git package/shadowsocks-libev
#git clone https://github.com/shadowsocks/luci-app-shadowsocks.git package/luci-app-shadowsocks
#git clone https://github.com/aa65535/openwrt-dns-forwarder.git package/dns-forwarder
#git clone https://github.com/aa65535/openwrt-chinadns.git package/chinadns
#git clone https://github.com/aa65535/openwrt-dist-luci.git package/openwrt-dist-luci
#https://github.com/cokebar/lede-dnsmasq-fastlookup
#lede/package/network/services/dnsmasq
pushd package/shadowsocks-libev
git reset --hard
git pull
popd
pushd package/luci-app-shadowsocks
git reset --hard
git pull
popd
pushd package/dns-forwarder
git reset --hard
git pull
popd
pushd package/chinadns
git reset --hard
git pull
popd
pushd package/openwrt-dist-luci
git reset --hard
git pull
popd
#pushd package/luci-app-haproxy-tcp
#git reset --hard
#git pull
#popd
cd lede
git reset --hard
cd feeds/packages
git reset --hard
cd ..
cd ..
git pull
./scripts/feeds update -a
./scripts/feeds install -a
#sed -i 's/=4.4/=4.9/' target/linux/ramips/Makefile
#echo 'CONFIG_TCP_CONG_BBR=y' >> target/linux/ramips/mt7620/config-4.9
#echo 'CONFIG_TCP_CONG_BBR=y' >> target/linux/ramips/mt7628/config-4.9
rm -rf ./package/feeds/luci/luci-app-shadowsocks-libev
rm -rf ./package/feeds/packages/shadowsocks-*
#rm -rf ./package/feeds/packages/libev
#rm -rf ./package/feeds/packages/libsodium
#rm -rf ./package/feeds/packages/pcre
cp -R ../package ./
cp -R ../lede-dnsmasq-fastlookup/* ./package/network/services/dnsmasq
#rm -rf ../package
git clone https://github.com/17mon/china_ip_list.git /tmp/china_ip_list &> /dev/null
EXITSTAT=$?
if [ $EXITSTAT != 0 ]; then
echo "China DNS Error : downloading file."
#exit 0
else
echo -e "\n17.0.0.0/8">>/tmp/china_ip_list/china_ip_list.txt
cat /tmp/china_ip_list/china_ip_list.txt >../chnroute.txt
fi
rm -rf /tmp/china_ip_list
mkdir -p ./build_dir/target-mipsel_24kc_musl/ChinaDNS/ChinaDNS-1.3.2
cp ../chnroute.txt ./build_dir/target-mipsel_24kc_musl/ChinaDNS/ChinaDNS-1.3.2
cp ../8964_st1g_customisations ./package/base-files/files/etc/uci-defaults
cp ../updateChnroute.sh ./package/base-files/files/etc
cp ../serverIP.lua ./package/base-files/files/etc
cp ../switchToChinaDNS.sh ./package/base-files/files/etc
cp ../switchToGfwList.sh ./package/base-files/files/etc
mkdir ./package/base-files/files/etc/dnsmasq.d
cp ../dnsmasq_gfwlist.conf ./package/base-files/files/etc/dnsmasq.d
cp ../banner ./package/base-files/files/etc
make menuconfig
#make silentoldconfig
make V=s -j6
#cd ..
#./update-lede.sh
#!/bin/sh
rm /tmp/delegated-apnic-latest
echo ''> /tmp/delegated-apnic-latest-downloading
curl --ipv4 --socks5-hostname 127.0.0.1:1080 --output '/tmp/delegated-apnic-latest' 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' &> /dev/null
EXITSTAT=$?
if [ $EXITSTAT != 0 ]; then
logger "China DNS Error : downloading file."
else
cat /tmp/delegated-apnic-latest | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /tmp/chinadns_chnroute.txt
echo -e "\n17.0.0.0/8">>/tmp/chinadns_chnroute.txt # add apple IP
cat /tmp/chinadns_chnroute.txt >/etc/chinadns_chnroute.txt
logger "China DNS updated"
/etc/init.d/shadowsocks restart
sleep 1s
/etc/init.d/dns-forwarder restart
/etc/init.d/chinadns restart
/etc/init.d/dnsmasq restart
fi
rm /tmp/delegated-apnic-latest-downloading
rm /tmp/delegated-apnic-latest
rm /tmp/chinadns_chnroute.txt
#!/bin/sh
git config --global http.proxy 'socks5://127.0.0.1:1080'
git config --global https.proxy 'socks5://127.0.0.1:1080'
rm -rf /tmp/china_ip_list
git clone https://github.com/17mon/china_ip_list.git /tmp/china_ip_list &> /dev/null
EXITSTAT=$?
if [ $EXITSTAT != 0 ]; then
logger "China DNS Error : downloading file."
else
echo -e "\n17.0.0.0/8">>/tmp/china_ip_list/china_ip_list.txt # add apple IP
cat /tmp/china_ip_list/china_ip_list.txt >/etc/chinadns_chnroute.txt
logger "China DNS updated"
/etc/init.d/shadowsocks restart
sleep 1s
/etc/init.d/dns-forwarder restart
/etc/init.d/chinadns restart
/etc/init.d/dnsmasq restart
fi
rm -rf /tmp/china_ip_list
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment