root@lmh3-1:~# ss-tproxy restart -x + (( ++i )) + (( i < 2 )) + '[' 1 -eq 0 ']' + '[' /etc/ss-tproxy ']' + '[' ss-tproxy.conf ']' + cd -- /etc/ss-tproxy + load_config + file_required ss-tproxy.conf + file_is_exists ss-tproxy.conf + '[' -f ss-tproxy.conf ']' + source ss-tproxy.conf restart ++ mode=gfwlist ++ ipv4=true ++ ipv6=false ++ tproxy=false ++ tcponly=false ++ selfonly=false ++ proxy_procgroup=proxy ++ proxy_tcpport=188 ++ proxy_udpport=188 ++ proxy_startcmd= ++ proxy_stopcmd= ++ dns_custom=false ++ dns_procgroup=proxy_dns ++ dns_mainport=53 ++ dns_direct=10.8.1.8#53 ++ dns_direct6= ++ dns_direct_white=true ++ dns_direct6_white=false ++ dns_remote=10.8.1.8#53 ++ dns_remote6= ++ dns_remote_black=false ++ dns_remote6_black=false ++ dnsmasq_bind_port=54 ++ dnsmasq_cache_size=4096 ++ dnsmasq_cache_time_min=3600 ++ dnsmasq_query_maxcnt=1024 ++ dnsmasq_log_enable=false ++ dnsmasq_log_file=/var/log/dnsmasq.log ++ dnsmasq_conf_dir=() ++ dnsmasq_conf_file=() ++ dnsmasq_conf_string=() ++ chinadns_for_gfwlist=true ++ chinadns_bind_port=65353 ++ chinadns_chnlist_first=false ++ chinadns_extra_options= ++ chinadns_verbose=false ++ chinadns_logfile=/var/log/chinadns.log ++ dns2tcp_enable=auto ++ dns2tcp_bind_port=65454 ++ dns2tcp_extra_options= ++ dns2tcp_verbose=false ++ dns2tcp_logfile=/var/log/dns2tcp.log ++ ipts_if_lo=lo ++ ipts_rt_tab=233 ++ ipts_rt_mark=0x2333 ++ ipts_set_snat=false ++ ipts_set_snat6=false ++ ipts_reddns_onstop=10.8.1.8#53 ++ ipts_reddns6_onstop= ++ ipts_proxy_dst_port= ++ ipts_drop_quic=tcponly ++ opts_ss_netstat=auto ++ url_gfwlist=https://raw.githubusercontent.com/pexcn/daily/gh-pages/gfwlist/gfwlist.txt ++ url_chnlist=https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf ++ url_chnroute=https://ftp.apnic.net/stats/apnic/delegated-apnic-latest + is_enabled_ipv4 + is_true true + '[' true = true ']' + is_global_mode + '[' gfwlist = global ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + file_required gfwlist.txt + file_is_exists gfwlist.txt + '[' -f gfwlist.txt ']' + file_required gfwlist.ext + file_is_exists gfwlist.ext + '[' -f gfwlist.ext ']' + '[' proxy -a proxy '!=' 0 -a proxy '!=' root ']' + '[' proxy_dns -a proxy_dns '!=' 0 -a proxy_dns '!=' root ']' + '[' proxy '!=' proxy_dns ']' + group_is_exists proxy + is_uint proxy + '[' proxy ']' + '[' -z proxy ']' + grep -q '^proxy:' /etc/group + group_is_exists proxy_dns + is_uint proxy_dns + '[' proxy_dns ']' + '[' -z proxy_dns ']' + grep -q '^proxy_dns:' /etc/group + is_need_iproute + is_tcp_tproxy + is_true false + '[' false = true ']' + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + command_required ip + command_is_exists ip + type -P ip + command_required ipset + command_is_exists ipset + type -P ipset + is_enabled_ipv4 + is_true true + '[' true = true ']' + command_required iptables + command_is_exists iptables + type -P iptables + is_enabled_ipv6 + is_true false + '[' false = true ']' + '[' 54 ']' + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + set_dns_group dnsmasq + set_command_group proxy_dns dnsmasq + command_required dnsmasq + command_is_exists dnsmasq + type -P dnsmasq ++ command_path dnsmasq ++ type -P dnsmasq + local group=proxy_dns path=/usr/sbin/dnsmasq + chgrp proxy_dns /usr/sbin/dnsmasq + chmod g+xs /usr/sbin/dnsmasq + is_enabled_chinadns + is_chnroute_mode + '[' gfwlist = chnroute ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + is_true true + '[' true = true ']' + command_is_exists chinadns-ng + type -P chinadns-ng + set_dns_group chinadns-ng + set_command_group proxy_dns chinadns-ng + command_required chinadns-ng + command_is_exists chinadns-ng + type -P chinadns-ng ++ command_path chinadns-ng ++ type -P chinadns-ng + local group=proxy_dns path=/usr/local/bin/chinadns-ng + chgrp proxy_dns /usr/local/bin/chinadns-ng + chmod g+xs /usr/local/bin/chinadns-ng + is_enabled_dns2tcp + case "$dns2tcp_enable" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + case "$opts_ss_netstat" in + command_is_exists ss + type -P ss + netstat=ss + load_pidfile + ss_tproxy_is_started + iptables -t mangle -S SSTP_OUTPUT + source .ss-tproxy.pid ++ sstp_pid_dnsmasq=2273 ++ sstp_pid_chinadns=2267 ++ sstp_pid_dns2tcp4= ++ sstp_pid_dns2tcp6= + case "${arg_list[0]}" in + stop + call_func pre_stop + is_func pre_stop ++ type -t pre_stop + '[' function = function ']' + pre_stop + return + delete_pidfile + rm -f .ss-tproxy.pid + flush_iptables + _flush_iptables iptables + iptables -t mangle -D PREROUTING -j SSTP_PREROUTING + iptables -t mangle -D OUTPUT -j SSTP_OUTPUT + iptables -t nat -D PREROUTING -j SSTP_PREROUTING + iptables -t nat -D OUTPUT -j SSTP_OUTPUT + iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING + for table in mangle nat ++ grep '^-N SSTP_' ++ awk '{print $2}' ++ iptables -t mangle -S + local 'chain_list=SSTP_OUTPUT SSTP_PREROUTING SSTP_RULE' + for chain in $chain_list + iptables -t mangle -F SSTP_OUTPUT + command iptables -w -t mangle -F SSTP_OUTPUT + for chain in $chain_list + iptables -t mangle -F SSTP_PREROUTING + command iptables -w -t mangle -F SSTP_PREROUTING + for chain in $chain_list + iptables -t mangle -F SSTP_RULE + command iptables -w -t mangle -F SSTP_RULE + for chain in $chain_list + iptables -t mangle -X SSTP_OUTPUT + command iptables -w -t mangle -X SSTP_OUTPUT + for chain in $chain_list + iptables -t mangle -X SSTP_PREROUTING + command iptables -w -t mangle -X SSTP_PREROUTING + for chain in $chain_list + iptables -t mangle -X SSTP_RULE + command iptables -w -t mangle -X SSTP_RULE + for table in mangle nat ++ grep '^-N SSTP_' ++ awk '{print $2}' ++ iptables -t nat -S + local 'chain_list=SSTP_OUTPUT SSTP_POSTROUTING SSTP_PREROUTING SSTP_RULE' + for chain in $chain_list + iptables -t nat -F SSTP_OUTPUT + command iptables -w -t nat -F SSTP_OUTPUT + for chain in $chain_list + iptables -t nat -F SSTP_POSTROUTING + command iptables -w -t nat -F SSTP_POSTROUTING + for chain in $chain_list + iptables -t nat -F SSTP_PREROUTING + command iptables -w -t nat -F SSTP_PREROUTING + for chain in $chain_list + iptables -t nat -F SSTP_RULE + command iptables -w -t nat -F SSTP_RULE + for chain in $chain_list + iptables -t nat -X SSTP_OUTPUT + command iptables -w -t nat -X SSTP_OUTPUT + for chain in $chain_list + iptables -t nat -X SSTP_POSTROUTING + command iptables -w -t nat -X SSTP_POSTROUTING + for chain in $chain_list + iptables -t nat -X SSTP_PREROUTING + command iptables -w -t nat -X SSTP_PREROUTING + for chain in $chain_list + iptables -t nat -X SSTP_RULE + command iptables -w -t nat -X SSTP_RULE + _flush_iptables ip6tables + ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING + ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT + ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING + ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT + ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING + for table in mangle nat ++ grep '^-N SSTP_' ++ ip6tables -t mangle -S ++ awk '{print $2}' + local chain_list= + for table in mangle nat ++ grep '^-N SSTP_' ++ ip6tables -t nat -S ++ awk '{print $2}' + local chain_list= + flush_iproute + _flush_iproute -4 + ip -4 rule del table 233 + true + ip -4 rule del table 233 + ip -4 route flush table 233 + _flush_iproute -6 + ip -6 rule del table 233 + ip -6 route flush table 233 + stop_dnsserver + kill -9 2273 + kill -9 2267 + kill -9 + kill -9 + call_func custom_dns_stop + is_func custom_dns_stop ++ type -t custom_dns_stop + '[' function = function ']' + custom_dns_stop + return + stop_proxyproc + eval '' + flush_ipset ++ ipset -n list ++ grep '^sstp_' + for setname in $(ipset -n list | grep '^sstp_') + ipset destroy sstp_black + for setname in $(ipset -n list | grep '^sstp_') + ipset destroy sstp_black6 + add_stoprule + is_proxy_other + is_false false + is_true false + '[' false = true ']' + is_enabled_ipv4 + is_true true + '[' true = true ']' + _add_stoprule iptables + add_reddns_rule iptables + local direct_dns_ip direct_dns_ipx direct_dns_port + is_ipv4_ipts iptables + '[' iptables = iptables ']' + '[' -z 10.8.1.8#53 ']' ++ get_ip_from_addr 10.8.1.8#53 ++ local addr=10.8.1.8#53 ++ echo 10.8.1.8 + direct_dns_ip=10.8.1.8 + direct_dns_ipx=10.8.1.8 ++ get_port_from_addr 10.8.1.8#53 ++ local addr=10.8.1.8#53 ++ echo 53 + direct_dns_port=53 + iptables -t nat -N SSTP_PREROUTING + iptables -t nat -N SSTP_POSTROUTING + iptables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 10.8.1.8:53 + command iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 10.8.1.8:53 + iptables -t nat -A SSTP_POSTROUTING -d 10.8.1.8 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE + command iptables -w -t nat -A SSTP_POSTROUTING -d 10.8.1.8 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE + add_snat_rule iptables + is_ipv4_ipts iptables + '[' iptables = iptables ']' + is_false false + is_true false + '[' false = true ']' + return + add_sstp_chain iptables nat PREROUTING + local table=nat chain=PREROUTING + chain_is_exists iptables nat SSTP_PREROUTING + local table=nat chain=SSTP_PREROUTING + iptables -t nat -S SSTP_PREROUTING + iptables -t nat -A PREROUTING -j SSTP_PREROUTING + command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING + add_sstp_chain iptables nat POSTROUTING + local table=nat chain=POSTROUTING + chain_is_exists iptables nat SSTP_POSTROUTING + local table=nat chain=SSTP_POSTROUTING + iptables -t nat -S SSTP_POSTROUTING + iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING + command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING + is_enabled_ipv6 + is_true false + '[' false = true ']' + call_func post_stop + is_func post_stop ++ type -t post_stop + '[' function = function ']' + post_stop + return + status ++ font_bold gfwlist ++ printf '\e[1mgfwlist\e[0m' + echo -e 'mode:\t\tgfwlist' mode: gfwlist + _status proxy/tcp tcp_port_is_exists 188 + local name=proxy/tcp func=tcp_port_is_exists + shift 2 + tcp_port_is_exists 188 + grep -q ':188[[:blank:]]' + ss -lnpt ++ color_green '[running]' ++ printf '\e[32m[running]\e[0m' + echo -e 'proxy/tcp:\t[running]' proxy/tcp: [running] + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + _status proxy/udp udp_port_is_exists 188 + local name=proxy/udp func=udp_port_is_exists + shift 2 + udp_port_is_exists 188 + grep -q ':188[[:blank:]]' + ss -anpu ++ color_green '[running]' ++ printf '\e[32m[running]\e[0m' + echo -e 'proxy/udp:\t[running]' proxy/udp: [running] + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + _status dnsmasq process_is_running 2273 + local name=dnsmasq func=process_is_running + shift 2 + process_is_running 2273 + kill -0 2273 ++ color_red '[stopped]' ++ printf '\e[35m[stopped]\e[0m' + echo -e 'dnsmasq:\t[stopped]' dnsmasq: [stopped] + is_enabled_chinadns + is_chnroute_mode + '[' gfwlist = chnroute ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + is_true true + '[' true = true ']' + command_is_exists chinadns-ng + type -P chinadns-ng + _status chinadns process_is_running 2267 + local name=chinadns func=process_is_running + shift 2 + process_is_running 2267 + kill -0 2267 ++ color_red '[stopped]' ++ printf '\e[35m[stopped]\e[0m' + echo -e 'chinadns:\t[stopped]' chinadns: [stopped] + is_enabled_dns2tcp + case "$dns2tcp_enable" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + is_enabled_dns2tcp + case "$dns2tcp_enable" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + call_func extra_status + is_func extra_status ++ type -t extra_status + '[' function = function ']' + extra_status + return + echo + start + ss_tproxy_is_started + iptables -t mangle -S SSTP_OUTPUT + iptables -t nat -S SSTP_OUTPUT + ip6tables -t mangle -S SSTP_OUTPUT + ip6tables -t nat -S SSTP_OUTPUT + grep -q 'lookup 233' + ip -4 rule + grep -q 'lookup 233' + ip -6 rule + grep -q '^' + ip -4 route show table 233 + grep -q '^' + ip -6 route show table 233 + flush_iptables + _flush_iptables iptables + iptables -t mangle -D PREROUTING -j SSTP_PREROUTING + iptables -t mangle -D OUTPUT -j SSTP_OUTPUT + iptables -t nat -D PREROUTING -j SSTP_PREROUTING + iptables -t nat -D OUTPUT -j SSTP_OUTPUT + iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING + for table in mangle nat ++ grep '^-N SSTP_' ++ awk '{print $2}' ++ iptables -t mangle -S + local chain_list= + for table in mangle nat ++ grep '^-N SSTP_' ++ iptables -t nat -S ++ awk '{print $2}' + local 'chain_list=SSTP_POSTROUTING SSTP_PREROUTING' + for chain in $chain_list + iptables -t nat -F SSTP_POSTROUTING + command iptables -w -t nat -F SSTP_POSTROUTING + for chain in $chain_list + iptables -t nat -F SSTP_PREROUTING + command iptables -w -t nat -F SSTP_PREROUTING + for chain in $chain_list + iptables -t nat -X SSTP_POSTROUTING + command iptables -w -t nat -X SSTP_POSTROUTING + for chain in $chain_list + iptables -t nat -X SSTP_PREROUTING + command iptables -w -t nat -X SSTP_PREROUTING + _flush_iptables ip6tables + ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING + ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT + ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING + ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT + ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING + for table in mangle nat ++ grep '^-N SSTP_' ++ awk '{print $2}' ++ ip6tables -t mangle -S + local chain_list= + for table in mangle nat ++ grep '^-N SSTP_' ++ awk '{print $2}' ++ ip6tables -t nat -S + local chain_list= + call_func pre_start + is_func pre_start ++ type -t pre_start + '[' function = function ']' + pre_start + return + set_kernel_param + is_enabled_ipv4 + is_true true + '[' true = true ']' + sysctl -wq net.ipv4.ip_forward=1 + is_enabled_ipv6 + is_true false + '[' false = true ']' + sysctl_all_iface 4 route_localnet=1 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/all/route_localnet=1 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/default/route_localnet=1 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/enp1s0/route_localnet=1 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/lo/route_localnet=1 + sysctl_all_iface 4 send_redirects=0 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/all/send_redirects=0 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/default/send_redirects=0 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/enp1s0/send_redirects=0 + for path in /proc/sys/net/ipv$1/conf/* + sysctl -wq net/ipv4/conf/lo/send_redirects=0 + start_ipset + is_global_mode + '[' gfwlist = global ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + init_ipset sstp_black + list_ext_ipv4 gfwlist.ext + cut -c2- + grep '^-' gfwlist.ext ++ str_find sstp_black 6 ++ [[ sstp_black == *\6* ]] ++ echo inet + ipset create sstp_black hash:net family inet + list_ext_ipv4 - + get_ext_blackip + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + get_ext_ip - false 10.8.1.8#53 + case "$2" in + get_ext_ip '~' false '' + case "$2" in + cut -c2- + grep '^-' - + ipset '-!' restore + sed 's/^/add sstp_black /' + init_ipset sstp_black6 + list_ext_ipv6 gfwlist.ext ++ str_find sstp_black6 6 ++ [[ sstp_black6 == *\6* ]] ++ echo inet6 + ipset create sstp_black6 hash:net family inet6 + grep '^~' gfwlist.ext + cut -c2- + get_ext_blackip + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + get_ext_ip - false 10.8.1.8#53 + case "$2" in + get_ext_ip '~' false '' + case "$2" in + list_ext_ipv6 - + sed 's/^/add sstp_black6 /' + cut -c2- + ipset '-!' restore + grep '^~' - + start_proxyproc + eval '' + start_dnsserver + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + is_enabled_dns2tcp + case "$dns2tcp_enable" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + is_enabled_chinadns + is_chnroute_mode + '[' gfwlist = chnroute ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + is_true true + '[' true = true ']' + command_is_exists chinadns-ng + type -P chinadns-ng + start_chinadns + local 'args= -b 127.0.0.1 -l 65353' + is_enabled_ipv4 + is_true true + '[' true = true ']' + is_enabled_ipv6 + is_true false + '[' false = true ']' + is_enabled_ipv4 + is_true true + '[' true = true ']' + args+=' -c 10.8.1.8#53' + args+=' -t 10.8.1.8#53' + is_true false + '[' false = true ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' ++ trap '' CHLD ++ echo 2530 ++ chinadns-ng -b 127.0.0.1 -l 65353 -c 10.8.1.8#53 -t 10.8.1.8#53 -g gfwlist.txt,/dev/fd/63 -d chn -A sstp_black,sstp_black6 + sstp_pid_chinadns=2530 +++ list_ext_domain gfwlist.ext ++ echo 2536 +++ cut -c2- +++ grep '^@' gfwlist.ext ++ dnsmasq --keep-in-foreground --conf-file=- ++ echo 'port = 54' ++ echo 'group = proxy_dns' ++ is_true false ++ '[' false = true ']' ++ echo 'log-facility = /var/log/dnsmasq.log' ++ echo 'log-async = 20' ++ echo domain-needed ++ echo no-resolv ++ echo no-negcache ++ echo 'cache-size = 4096' ++ (( dnsmasq_cache_time_min )) ++ grep -q min-cache-ttl ++ dnsmasq --help ++ echo 'min-cache-ttl = 3600' ++ echo 'dns-forward-max = 1024' ++ is_global_mode ++ '[' gfwlist = global ']' ++ is_gfwlist_mode ++ '[' gfwlist = gfwlist ']' ++ get_gfwlist_dnsconf ++ is_enabled_chinadns ++ is_chnroute_mode ++ '[' gfwlist = chnroute ']' ++ is_gfwlist_mode ++ '[' gfwlist = gfwlist ']' ++ is_true true ++ '[' true = true ']' ++ command_is_exists chinadns-ng ++ type -P chinadns-ng ++ echo 'server = 127.0.0.1#65353' + sstp_pid_dnsmasq=2536 + start_iproute + is_need_iproute + is_tcp_tproxy + is_true false + '[' false = true ']' + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + is_enabled_ipv4 + is_true true + '[' true = true ']' + _start_iproute -4 + local family=-4 + ip -4 route add local default dev lo table 233 + grep -Fwq protocol + ip rule help + ip -4 rule add fwmark 0x2333 table 233 protocol static + is_enabled_ipv6 + is_true false + '[' false = true ']' + start_iptables + is_enabled_ipv4 + is_true true + '[' true = true ']' + _start_iptables iptables + start_iptables_pre iptables + iptables -t mangle -N SSTP_PREROUTING + command iptables -w -t mangle -N SSTP_PREROUTING + iptables -t mangle -N SSTP_OUTPUT + command iptables -w -t mangle -N SSTP_OUTPUT + iptables -t nat -N SSTP_PREROUTING + command iptables -w -t nat -N SSTP_PREROUTING + iptables -t nat -N SSTP_OUTPUT + command iptables -w -t nat -N SSTP_OUTPUT + iptables -t nat -N SSTP_POSTROUTING + command iptables -w -t nat -N SSTP_POSTROUTING + local loopback_addr loopback_addrx white_setname black_setname + init_iptables_param iptables + is_ipv4_ipts iptables + '[' iptables = iptables ']' + loopback_addr=127.0.0.1 + loopback_addrx=127.0.0.1 + white_setname=sstp_white + black_setname=sstp_black + is_drop_quic + case "$ipts_drop_quic" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + is_tcp_tproxy + is_true false + '[' false = true ']' + start_iptables_redirect iptables + do_proxy_dnat iptables + create_sstp_rule iptables dnat + local table action + '[' dnat = tproxy ']' + table=nat + action='-p tcp -j DNAT --to-destination 127.0.0.1:188' + iptables -t nat -N SSTP_RULE + command iptables -w -t nat -N SSTP_RULE + is_global_mode + '[' gfwlist = global ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + iptables -t nat -A SSTP_RULE -m set --match-set sstp_black dst -p tcp -j DNAT --to-destination 127.0.0.1:188 + command iptables -w -t nat -A SSTP_RULE -m set --match-set sstp_black dst -p tcp -j DNAT --to-destination 127.0.0.1:188 ++ get_dst_port_match ++ '[' '' ']' + iptables -t nat -A SSTP_OUTPUT -p tcp -m tcp --syn -m addrtype '!' --dst-type LOCAL -m owner '!' --gid-owner proxy -j SSTP_RULE + command iptables -w -t nat -A SSTP_OUTPUT -p tcp -m tcp --syn -m addrtype '!' --dst-type LOCAL -m owner '!' --gid-owner proxy -j SSTP_RULE + is_proxy_other + is_false false + is_true false + '[' false = true ']' ++ get_dst_port_match ++ '[' '' ']' + iptables -t nat -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL '!' --dst-type LOCAL -j SSTP_RULE + command iptables -w -t nat -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL '!' --dst-type LOCAL -j SSTP_RULE + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + do_proxy_tproxy iptables ++ is_tcp_tproxy ++ is_true false ++ '[' false = true ']' ++ echo 0 + local tcp=0 ++ is_enabled_udp ++ is_false false ++ is_true false ++ '[' false = true ']' ++ echo 1 + local udp=1 + create_sstp_rule iptables tproxy + local table action + '[' tproxy = tproxy ']' + table=mangle + action='-j CONNMARK --set-mark 0x2333' + iptables -t mangle -N SSTP_RULE + command iptables -w -t mangle -N SSTP_RULE + is_global_mode + '[' gfwlist = global ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + iptables -t mangle -A SSTP_RULE -m set --match-set sstp_black dst -j CONNMARK --set-mark 0x2333 + command iptables -w -t mangle -A SSTP_RULE -m set --match-set sstp_black dst -j CONNMARK --set-mark 0x2333 + iptables -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN + command iptables -w -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN + iptables -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN + command iptables -w -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN + iptables -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN + command iptables -w -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN + (( udp )) + iptables -t mangle -A SSTP_OUTPUT -p udp -m udp --dport 53 -m owner '!' --gid-owner proxy_dns -j RETURN + command iptables -w -t mangle -A SSTP_OUTPUT -p udp -m udp --dport 53 -m owner '!' --gid-owner proxy_dns -j RETURN + (( tcp )) + (( udp )) ++ get_dst_port_match ++ '[' '' ']' + iptables -t mangle -A SSTP_OUTPUT -p udp -m conntrack --ctstate NEW,RELATED -j SSTP_RULE + command iptables -w -t mangle -A SSTP_OUTPUT -p udp -m conntrack --ctstate NEW,RELATED -j SSTP_RULE + iptables -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333 + command iptables -w -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333 + iptables -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN + command iptables -w -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN + iptables -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN + command iptables -w -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN + is_proxy_other + is_false false + is_true false + '[' false = true ']' + (( tcp )) + (( udp )) ++ get_dst_port_match ++ '[' '' ']' + iptables -t mangle -A SSTP_PREROUTING -p udp -m udp '!' --dport 53 -m conntrack --ctstate NEW,RELATED -m addrtype '!' --src-type LOCAL -j SSTP_RULE + command iptables -w -t mangle -A SSTP_PREROUTING -p udp -m udp '!' --dport 53 -m conntrack --ctstate NEW,RELATED -m addrtype '!' --src-type LOCAL -j SSTP_RULE + (( tcp )) + (( udp )) + iptables -t mangle -A SSTP_PREROUTING -p udp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 188 --tproxy-mark 0x2333 + command iptables -w -t mangle -A SSTP_PREROUTING -p udp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 188 --tproxy-mark 0x2333 + redir_dns_request iptables + iptables -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53 + command iptables -w -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53 + iptables -t nat -A SSTP_POSTROUTING -d 127.0.0.1 '!' -s 127.0.0.1 -j SNAT --to-source 127.0.0.1 + command iptables -w -t nat -A SSTP_POSTROUTING -d 127.0.0.1 '!' -s 127.0.0.1 -j SNAT --to-source 127.0.0.1 + is_proxy_other + is_false false + is_true false + '[' false = true ']' + iptables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m addrtype '!' --src-type LOCAL -j REDIRECT --to-ports 53 + command iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m addrtype '!' --src-type LOCAL -j REDIRECT --to-ports 53 + is_proxy_other + is_false false + is_true false + '[' false = true ']' + add_snat_rule iptables + is_ipv4_ipts iptables + '[' iptables = iptables ']' + is_false false + is_true false + '[' false = true ']' + return + start_iptables_post iptables + iptables -t mangle -A PREROUTING -j SSTP_PREROUTING + command iptables -w -t mangle -A PREROUTING -j SSTP_PREROUTING + iptables -t mangle -A OUTPUT -j SSTP_OUTPUT + command iptables -w -t mangle -A OUTPUT -j SSTP_OUTPUT + iptables -t nat -A PREROUTING -j SSTP_PREROUTING + command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING + iptables -t nat -A OUTPUT -j SSTP_OUTPUT + command iptables -w -t nat -A OUTPUT -j SSTP_OUTPUT + iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING + command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING + is_enabled_ipv6 + is_true false + '[' false = true ']' + call_func post_start + is_func post_start ++ type -t post_start + '[' function = function ']' + post_start + return + save_pidfile + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + echo sstp_pid_dnsmasq=2536 + echo sstp_pid_chinadns=2530 + echo sstp_pid_dns2tcp4= + echo sstp_pid_dns2tcp6= + call_func extra_pid + is_func extra_pid ++ type -t extra_pid + '[' function = function ']' + extra_pid + return + delete_unused_chain + is_enabled_ipv4 + is_true true + '[' true = true ']' + _delete_unused_chain iptables + list=('mangle' 'PREROUTING' 'mangle' 'OUTPUT' 'nat' 'PREROUTING' 'nat' 'OUTPUT' 'nat' 'POSTROUTING') + local list + (( i = 0 )) + (( i < 10 )) + local table=mangle chain=PREROUTING + chain_is_empty iptables mangle SSTP_PREROUTING + local table=mangle chain=SSTP_PREROUTING ++ iptables -t mangle -S SSTP_PREROUTING ++ command iptables -w -t mangle -S SSTP_PREROUTING ++ wc -l + '[' 5 -le 1 ']' + (( i += 2 )) + (( i < 10 )) + local table=mangle chain=OUTPUT + chain_is_empty iptables mangle SSTP_OUTPUT + local table=mangle chain=SSTP_OUTPUT ++ wc -l ++ iptables -t mangle -S SSTP_OUTPUT ++ command iptables -w -t mangle -S SSTP_OUTPUT + '[' 7 -le 1 ']' + (( i += 2 )) + (( i < 10 )) + local table=nat chain=PREROUTING + chain_is_empty iptables nat SSTP_PREROUTING + local table=nat chain=SSTP_PREROUTING ++ iptables -t nat -S SSTP_PREROUTING ++ command iptables -w -t nat -S SSTP_PREROUTING ++ wc -l + '[' 3 -le 1 ']' + (( i += 2 )) + (( i < 10 )) + local table=nat chain=OUTPUT + chain_is_empty iptables nat SSTP_OUTPUT + local table=nat chain=SSTP_OUTPUT ++ wc -l ++ iptables -t nat -S SSTP_OUTPUT ++ command iptables -w -t nat -S SSTP_OUTPUT + '[' 3 -le 1 ']' + (( i += 2 )) + (( i < 10 )) + local table=nat chain=POSTROUTING + chain_is_empty iptables nat SSTP_POSTROUTING + local table=nat chain=SSTP_POSTROUTING ++ wc -l ++ iptables -t nat -S SSTP_POSTROUTING ++ command iptables -w -t nat -S SSTP_POSTROUTING + '[' 2 -le 1 ']' + (( i += 2 )) + (( i < 10 )) + is_enabled_ipv6 + is_true false + '[' false = true ']' + status ++ font_bold gfwlist ++ printf '\e[1mgfwlist\e[0m' + echo -e 'mode:\t\tgfwlist' mode: gfwlist + _status proxy/tcp tcp_port_is_exists 188 + local name=proxy/tcp func=tcp_port_is_exists + shift 2 + tcp_port_is_exists 188 + grep -q ':188[[:blank:]]' + ss -lnpt ++ color_green '[running]' ++ printf '\e[32m[running]\e[0m' + echo -e 'proxy/tcp:\t[running]' proxy/tcp: [running] + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + _status proxy/udp udp_port_is_exists 188 + local name=proxy/udp func=udp_port_is_exists + shift 2 + udp_port_is_exists 188 + grep -q ':188[[:blank:]]' + ss -anpu ++ color_green '[running]' ++ printf '\e[32m[running]\e[0m' + echo -e 'proxy/udp:\t[running]' proxy/udp: [running] + is_built_in_dns + is_false false + is_true false + '[' false = true ']' + _status dnsmasq process_is_running 2536 + local name=dnsmasq func=process_is_running + shift 2 + process_is_running 2536 + kill -0 2536 ++ color_green '[running]' ++ printf '\e[32m[running]\e[0m' + echo -e 'dnsmasq:\t[running]' dnsmasq: [running] + is_enabled_chinadns + is_chnroute_mode + '[' gfwlist = chnroute ']' + is_gfwlist_mode + '[' gfwlist = gfwlist ']' + is_true true + '[' true = true ']' + command_is_exists chinadns-ng + type -P chinadns-ng + _status chinadns process_is_running 2530 + local name=chinadns func=process_is_running + shift 2 + process_is_running 2530 + kill -0 2530 ++ color_green '[running]' ++ printf '\e[32m[running]\e[0m' + echo -e 'chinadns:\t[running]' chinadns: [running] + is_enabled_dns2tcp + case "$dns2tcp_enable" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + is_enabled_dns2tcp + case "$dns2tcp_enable" in + is_enabled_udp + is_false false + is_true false + '[' false = true ']' + call_func extra_status + is_func extra_status ++ type -t extra_status + '[' function = function ']' + extra_status + return + return 0 root@lmh3-1:~#