开启ss-tproxy ,ipv6 不通,请作者看看

开启ss-tproxy 就无法连接2001:470:1:18::115 的443 关闭ss-tproxy 就可以连接2001:470:1:18::115 的443

❯ ssh -v -p 443 2001:470:1:18::115
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
debug1: Reading configuration data /home/xtcc/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to 2001:470:1:18::115 [2001:470:1:18::115] port 443.
debug1: Connection established.
debug1: identity file /home/xtcc/.ssh/id_rsa type 0
debug1: identity file /home/xtcc/.ssh/id_rsa-cert type -1
debug1: identity file /home/xtcc/.ssh/id_ecdsa type -1
debug1: identity file /home/xtcc/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/xtcc/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/xtcc/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/xtcc/.ssh/id_ed25519 type -1
debug1: identity file /home/xtcc/.ssh/id_ed25519-cert type -1
debug1: identity file /home/xtcc/.ssh/id_ed25519_sk type -1
debug1: identity file /home/xtcc/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/xtcc/.ssh/id_xmss type -1
debug1: identity file /home/xtcc/.ssh/id_xmss-cert type -1
debug1: identity file /home/xtcc/.ssh/id_dsa type -1
debug1: identity file /home/xtcc/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.4
debug1: kex_exchange_identification: banner line 0: HTTP/1.1 400 Bad Request
debug1: kex_exchange_identification: banner line 1: Server: nginx/1.17.6
debug1: kex_exchange_identification: banner line 2: Date: Wed, 27 Sep 2023 05:06:03 GMT
debug1: kex_exchange_identification: banner line 3: Content-Type: text/html
debug1: kex_exchange_identification: banner line 4: Content-Length: 157
debug1: kex_exchange_identification: banner line 5: Connection: close
debug1: kex_exchange_identification: banner line 6: 
debug1: kex_exchange_identification: banner line 7: <html>
debug1: kex_exchange_identification: banner line 8: <head><title>400 Bad Request</title></head>
debug1: kex_exchange_identification: banner line 9: <body>
debug1: kex_exchange_identification: banner line 10: <center><h1>400 Bad Request</h1></center>
debug1: kex_exchange_identification: banner line 11: <hr><center>nginx/1.17.6</center>
debug1: kex_exchange_identification: banner line 12: </body>
debug1: kex_exchange_identification: banner line 13: </html>
kex_exchange_identification: Connection closed by remote host
Connection closed by 2001:470:1:18::115 port 443
❯ 
❯ 
❯ ssh -v -p 443 2001:470:1:18::115
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
debug1: Reading configuration data /home/xtcc/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to 2001:470:1:18::115 [2001:470:1:18::115] port 443.

这是iptables , 应该是ip6tables 的那里配置不对，但是我不太懂这个，麻烦作者看看吧

└─[0] sudo ss-tproxy  show-iptables
==> iptables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_PREROUTING
-N SSTP_QUIC
-N SSTP_RULE
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -p udp -m udp --dport 443 -m conntrack --ctdir ORIGINAL -m addrtype ! --dst-type LOCAL -m owner ! --gid-owner 968 -j SSTP_QUIC
-A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
-A SSTP_OUTPUT -m owner --gid-owner 968 -j RETURN
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m owner ! --gid-owner 1001 -j RETURN
-A SSTP_OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_OUTPUT -p udp -m conntrack --ctstate NEW,RELATED -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-xmark 0x2333/0xffffffff
-A SSTP_PREROUTING -p udp -m udp --dport 443 -m conntrack --ctdir ORIGINAL -m addrtype ! --dst-type LOCAL -j SSTP_QUIC
-A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
-A SSTP_PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --src-type LOCAL -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_PREROUTING -p udp -m udp ! --dport 53 -m conntrack --ctstate NEW,RELATED -m addrtype ! --src-type LOCAL -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-port 60080 --on-ip 127.0.0.1 --tproxy-mark 0x2333/0xffffffff
-A SSTP_PREROUTING -p udp -m connmark --mark 0x2333 -j TPROXY --on-port 60080 --on-ip 127.0.0.1 --tproxy-mark 0x2333/0xffffffff
-A SSTP_QUIC -m set --match-set sstp_white dst -m set ! --match-set sstp_black dst -j RETURN
-A SSTP_QUIC -j DROP
-A SSTP_RULE -m set --match-set sstp_white dst -m set ! --match-set sstp_black dst -j RETURN
-A SSTP_RULE -j CONNMARK --set-xmark 0x2333/0xffffffff

==> iptables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_POSTROUTING
-N SSTP_PREROUTING
-N ts-postrouting
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A POSTROUTING -j SSTP_POSTROUTING
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner ! --gid-owner 968 -m owner ! --gid-owner 1001 -j REDIRECT --to-ports 60053
-A SSTP_POSTROUTING ! -s 127.0.0.1/32 -d 127.0.0.1/32 -j SNAT --to-source 127.0.0.1
-A SSTP_POSTROUTING -m owner ! --socket-exists -m conntrack --ctstate NEW,RELATED --ctdir ORIGINAL -m conntrack ! --ctstate SNAT,DNAT -j MASQUERADE
-A SSTP_PREROUTING -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m addrtype ! --src-type LOCAL -j REDIRECT --to-ports 60053

==> ip6tables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_PREROUTING
-N SSTP_QUIC
-N SSTP_RULE
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -p udp -m udp --dport 443 -m conntrack --ctdir ORIGINAL -m addrtype ! --dst-type LOCAL -m owner ! --gid-owner 968 -j SSTP_QUIC
-A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
-A SSTP_OUTPUT -m owner --gid-owner 968 -j RETURN
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m owner ! --gid-owner 1001 -j RETURN
-A SSTP_OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_OUTPUT -p udp -m conntrack --ctstate NEW,RELATED -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-xmark 0x2333/0xffffffff
-A SSTP_PREROUTING -p udp -m udp --dport 443 -m conntrack --ctdir ORIGINAL -m addrtype ! --dst-type LOCAL -j SSTP_QUIC
-A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
-A SSTP_PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --src-type LOCAL -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_PREROUTING -p udp -m udp ! --dport 53 -m conntrack --ctstate NEW,RELATED -m addrtype ! --src-type LOCAL -m multiport --dports 80,443,5201 -j SSTP_RULE
-A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-port 60080 --on-ip ::1 --tproxy-mark 0x2333/0xffffffff
-A SSTP_PREROUTING -p udp -m connmark --mark 0x2333 -j TPROXY --on-port 60080 --on-ip ::1 --tproxy-mark 0x2333/0xffffffff
-A SSTP_QUIC -m set --match-set sstp_white6 dst -m set ! --match-set sstp_black6 dst -j RETURN
-A SSTP_QUIC -j DROP
-A SSTP_RULE -m set --match-set sstp_white6 dst -m set ! --match-set sstp_black6 dst -j RETURN
-A SSTP_RULE -j CONNMARK --set-xmark 0x2333/0xffffffff

==> ip6tables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_POSTROUTING
-N SSTP_PREROUTING
-N ts-postrouting
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A POSTROUTING -j SSTP_POSTROUTING
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner ! --gid-owner 968 -m owner ! --gid-owner 1001 -j REDIRECT --to-ports 60053
-A SSTP_POSTROUTING ! -s ::1/128 -d ::1/128 -j SNAT --to-source ::1
-A SSTP_POSTROUTING -m owner ! --socket-exists -m conntrack --ctstate NEW,RELATED --ctdir ORIGINAL -m conntrack ! --ctstate SNAT,DNAT -j MASQUERADE
-A SSTP_PREROUTING -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m addrtype ! --src-type LOCAL -j REDIRECT --to-ports 60053

ss-tproxy stop的iptables 也发一下

==> iptables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT

==> iptables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_POSTROUTING
-N ts-postrouting
-A POSTROUTING -j SSTP_POSTROUTING
-A SSTP_POSTROUTING -m owner ! --socket-exists -m conntrack --ctstate NEW,RELATED --ctdir ORIGINAL -m conntrack ! --ctstate SNAT,DNAT -j MASQUERADE

==> ip6tables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT

==> ip6tables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_POSTROUTING
-N ts-postrouting
-A POSTROUTING -j SSTP_POSTROUTING
-A SSTP_POSTROUTING -m owner ! --socket-exists -m conntrack --ctstate NEW,RELATED --ctdir ORIGINAL -m conntrack ! --ctstate SNAT,DNAT -j MASQUERADE

配置文件，应该配置的没啥问题

mode='chnroute' # 大陆白名单：{gfwlist}走代理，{ignlist,chnlist,chnroute}走直连，其他走代理
ipv4='true'     # 是否对ipv4启用'透明代理': true启用 false不启用ipv6='true'    # 是否对ipv6启用'透明代理': true启用 false不启用
tproxy='true'  # true: TPROXY(tcp) + TPROXY(udp) ##纯tproxy模式##
                # false: REDIRECT(tcp) + TPROXY(udp) ##redirect模式##
                #
                # 具体取决于'本机代理进程'的透明代理传入'协议'
                #
                # ss/ssr/v2ray 通常为 redirect 模式                # v2ray 两者都支持，具体取决于 v2ray 配置                # ipt2socks 默认为纯 tproxy 模式，也可切换为 redirect 模式                # ss-libev 3.3.5+ 支持纯 tproxy 模式，参数为"-T"、"tcp_tproxy": true
                # trojan-go 只使用纯 tproxy 模式；原版 trojan 只支持 tcp，不支持 udp
                #
                # 其他代理软件请自行甄别测试，配置错误将无法正常透明代理
tcponly='false' # true:仅代理TCP流量; false:代理TCP和UDP流量                # 取决与'代理套件'，有些代理/机场不支持UDP协议
selfonly='false' # true: 只代理ss-tproxy主机(本机)传出的流量                 # false: 代理本机、内网机传出的流量(网关和dns指向ss-tproxy主机)
                 # 由于dns_remote必须走代理，且dns逻辑在本机进行，因此本机必须走代理                 # 虽然可以只处理dns流量，其他流量不走代理，但感觉意义不大，还是简单点好

proxy_procgroup='proxy'  # 本机代理进程的group(fsgid)，所有代理进程都需要以此身份运行，用于流量放行                         # 不允许填root或0，脚本会自动帮你创建group(如果填的是name)，建议使用name
                         #
proxy_tcpport='60080'    # ss/ssr/v2ray/ipt2socks 等本机进程的 TCP 监听端口，该端口支持"透明代理"
proxy_udpport='60080'    # ss/ssr/v2ray/ipt2socks 等本机进程的 UDP 监听端口，该端口支持"透明代理"
                         # 代理进程只需监听"127.0.0.1"(v4环境)+"::1"(v6环境)，不需要监听"全0地址"
                         #

                         # 如果想自己接管"本机代理进程"的启动/停止，可以在startcmd/stopcmd上留空                         #
                         # 如果命令行比较长，建议封装为函数，然后在startcmd/stopcmd中调用这些函数                         # shell函数可以定义在ss-tproxy.conf的任何位置，比如ss-tproxy.conf的末尾                         #
                         # 可以调用 set_proxy_group 给可执行文件设置所属 group、setgid 权限位                         # 比如："set_proxy_group ss-redir"，执行 ss-redir 时会自动切换 group

proxy_startcmd='start_hy'
proxy_stopcmd='stop_hy' 

start_hy() {
    # 设置 setgid 权限位 (只需执行一次)
    set_proxy_group hysteria
    export HYSTERIA_LOG_LEVEL=info
    #export HYSTERIA_LOG_LEVEL=trace
    #(hysteria -c /etc/hysteria.json </dev/null &>/var/log/hysteria.log &)
    systemctl start hy
}

stop_hy() {
    systemctl stop hy
}

start_hy2() {
    # 设置 setgid 权限位 (只需执行一次)
    set_proxy_group hy2
    #set_proxy_group ipt2socks
    #export QUIC_GO_DISABLE_GSO=1
    (hy2 -c /etc/hy2.yaml </dev/null &>/var/log/hy2 &)
    echo "started hy2"    
}

stop_hy2() {

    kill -9 $(pidof hy2)  &>/dev/null
    echo "stoped hy2"    
}

dns_custom='true'                    # true:使用自定义dns方案(高级用户,见下面的说明) | false:使用内置dns方案                                      # 使用自定义dns方案时，所有dns相关的配置被忽略，内置的域名分流规则也会失效                                      # 需要自己实现域名解析/分流；udp代理未启用时，如果想走代理，请记得走tcp协议                                      #
dns_procgroup='proxy_dns'             # dns进程的group(fsgid)，不能与proxy_procgroup相同，所有dns进程都需要以此身份运行                                      # 不允许填root或0，脚本会自动帮你创建group(如果填的是name)，建议使用name而不是gid
                                      #
dns_mainport='60053'                     # dns请求的逻辑入口(udp监听端口)，脚本内部会将"所有"dns请求重定向至此udp端口                                      # 监听地址必须能覆盖到"127.0.0.1"(v4环境)+"::1"(v6环境)，用于接收本机dns请求                                      # 如果要代理内网，则监听地址还需覆盖到相关网卡，为了简单，建议监听通配地址(全0)
                                     #
dns_direct='127.0.0.1#65355'             # 直连DNS(v4环境使用)，必须指定端口，可使用本地/内网服务器dns_direct6='::1#65355'           # 直连DNS(v6环境使用)，必须指定端口，可使用本地/内网服务器dns_direct_white='true'               # 将dns_direct的ip加入白名单(global/chnroute)，使其走直连dns_direct6_white='true'              # 将dns_direct6的ip加入白名单(global/chnroute)，使其走直连                                      # 请注意，dns_direct*的相关配置，只在使用"内置dns方案"时有效                                      #
dns_remote='127.0.0.1#65354'               # 远程DNS(v4环境使用)，必须指定端口，可使用本地/内网服务器dns_remote6='::1#65354' # 远程DNS(v6环境使用)，必须指定端口，可使用本地/内网服务器dns_remote_black='false'               # 将dns_remote的ip加入黑名单(gfwlist/chnroute)，使其走代理dns_remote6_black='false'              # 将dns_remote6的ip加入黑名单(gfwlist/chnroute)，使其走代理                                      # 请注意，dns_remote*的相关配置，只在使用"内置dns方案"时有效
dnsmasq_bind_port='60054'                    # dnsmasq监听端口，留空表示端口同dns_mainport 
dnsmasq_cache_size='4096'               # 最多缓存多少条，0表示禁用缓存，太大会影响性能dnsmasq_cache_time_min='3600'           # 最短缓存多少秒，上限值为3600，0表示禁用此功能dnsmasq_query_maxcnt='1024'             # dns查询最大并发数(dns-forward-max)，默认150
dnsmasq_log_enable='false'              # 记录详细日志，除非进行调试，否则不建议启用dnsmasq_log_file='/var/log/dnsmasq.log' # 日志文件，如果不想保存日志可以改为 /dev/null
dnsmasq_conf_dir=()                     # `--conf-dir` 选项的参数，可以填多个，空格隔开dnsmasq_conf_file=()                    # `--conf-file` 选项的参数，可以填多个，空格隔开dnsmasq_conf_string=()                  # 自定义配置，一个数组元素就是一行配置，空格隔开
chinadns_for_gfwlist='true'              # 用于mode=gfwlist，提升域名匹配性能chinadns_bind_port='65353'               # 监听端口，若 65353 被占用，请注意更改chinadns_chnlist_first='true'           # 优先加载 chnlist 域名 (默认优先 gfwlist)
chinadns_extra_options=''                # 其他附加的命令行选项(已有的选项就别再填了)
chinadns_verbose='false'                 # 记录详细日志，除非进行调试，否则不建议启用chinadns_logfile='/var/log/chinadns.log' # 日志文件，如果不想保存日志可以改为 /dev/null

dns2tcp_enable='false'                   # auto:tcponly时启用 | true:总是启用 | false:禁用dns2tcp_bind_port='65454'               # 监听端口，若 65454 被占用，请注意更改dns2tcp_extra_options=''                # 其他附加的命令行选项(已有的选项就别再填了)
dns2tcp_verbose='false'                 # 记录详细日志，除非进行调试，否则不建议启用dns2tcp_logfile='/var/log/dns2tcp.log'  # 日志文件，如果不想保存日志可以改为 /dev/null

ipts_if_lo='lo'                     # 环回接口的名称，在标准发行版中，通常为 lo，如果不是请修改ipts_rt_tab='233'                   # iproute2 路由表名或表 ID，除非产生冲突，否则不建议改动该选项ipts_rt_mark='0x2333'               # iproute2 策略路由的防火墙标记，除非产生冲突，否则不建议改动该选项ipts_set_snat='true'               # 设置 ipv4 MASQUERADE(SNAT) 规则，selfonly=false 时有效，详见 README
ipts_set_snat6='true'              # 设置 ipv6 MASQUERADE(SNAT) 规则，selfonly=false 时有效，详见 README
ipts_reddns_onstop=''   # stop后重定向内网主机发来的dns至指定dns，selfonly=false 时有效，详见 README
ipts_reddns6_onstop='' # stop后重定向内网主机发来的dns至指定dns，selfonly=false 时有效，详见 README
ipts_proxy_dst_port='80,443,5201'              # 要代理哪些端口，留空表示全部，多个逗号隔开，冒号表示范围(含边界)，详见 README
ipts_drop_quic="always"

opts_ss_netstat='auto'      # auto/ss/netstat，用哪个端口检测工具: auto(自动选择,优先考虑ss) | ss | netstat

url_gfwlist='https://raw.githubusercontent.com/pexcn/daily/gh-pages/gfwlist/gfwlist.txt'
url_chnlist='https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf'
url_chnroute='https://ftp.apnic.net/stats/apnic/delegated-apnic-latest'

pre_start() {
    # do something
    ## 启动AdGuardHome
    ## AdGuard listen 53
    ## dnsmasq listen 54
    ## Adguard 转发dns to 54
    #set_dns_group /opt/AdGuardHome/AdGuardHome
    #systemctl start AdGuardHome
    set_dns_group /usr/bin/go_udp_forward
    systemctl start go_udp_forward.service
    # coredns 后置doh 监听65354 65355
    # 国内65355
    # 国外65354
    set_dns_group /usr/bin/coredns
    systemctl start coredns     

    set_dns_group /usr/bin/dnsproxy
    systemctl start  dnsproxy

    return
}

post_start() {
    # do something
    local n=0 max=10 #最大等待 5s
    while ! tcp_port_is_exists $proxy_tcpport && ((++n <= max)); do
        echo "wait hy start ..."
        sleep 0.5s
    done
    return
}

pre_stop() {
    # do something
    #systemctl stop AdGuardHome
    systemctl stop coredns
    systemctl stop  dnsproxy
    systemctl stop go_udp_forward.service
    return
}

post_stop() {
    # do something
    return
}

extra_status() {
    # do something
    return
}

custom_dns_init() {
    # do something
    set_dns_group chinadns-ng
    return
}

custom_dns_whiteip() {
    # 格式同 ignlist.ext，一行一个    # echo -223.5.5.5
    # echo ~240C::6666
    return
}

custom_dns_blackip() {
    # 格式同 gfwlist.ext，一行一个    # echo -8.8.8.8
    # echo ~2001:4860:4860::8888
    return
}

custom_dns_start() {
    # 国内dns 65355
    # 国外dns 65354
    local chinadns_arg="-c 127.0.0.1#65355 -t 127.0.0.1#65354 -l $dnsmasq_bind_port"
    if is_global_mode; then # 白名单 (ignlist)
        pid_chinadns=$(
            trap "" CHLD # 避免僵尸进程            sed -i "s/$dnsmasq_bind_port/65354/" /usr/lib/systemd/system/go_udp_forward.service
            systemctl daemon-reload
            systemctl restart go_udp_forward.service
            systemctl status go_udp_forward |grep -i pid |awk '{print $3}'
        )
    elif is_gfwlist_mode; then # 黑名单 (gfwlist)
        pid_chinadns=$(
            trap "" CHLD # 避免僵尸进程            chinadns-ng $chinadns_arg \
            -g gfwlist.txt,<(list_ext_domain gfwlist.ext) \
            -d chn \
            -A sstp_black,sstp_black6 \
            </dev/null &>/var/log/chinadns.log &
            echo $!
        )
    elif is_chnroute_mode; then # 白名单 (ignlist,chnlist,chnroute) + 黑名单 (gfwlist)
            sed -i "s/65354/$dnsmasq_bind_port/" /usr/lib/systemd/system/go_udp_forward.service
            systemctl daemon-reload
            systemctl restart go_udp_forward.service
        pid_chinadns=$(
            trap "" CHLD # 避免僵尸进程            chinadns-ng $chinadns_arg \
            -m chnlist.txt,<(list_ext_domain ignlist.ext) \
            -g gfwlist.txt,<(list_ext_domain gfwlist.ext) \
            -a sstp_white,sstp_white6 \
            -A sstp_black,sstp_black6 \
            -4 sstp_white -6 sstp_white6 \
            </dev/null &>/var/log/chinadns.log &
            echo $!         
        )
    fi

    return
}

custom_dns_pid() {
    # 格式同 shell 变量赋值，一行一个    # echo "pid_foo=$pid_foo"
    # echo "pid_bar=$pid_bar"
    echo "pid_chinadns=$pid_chinadns"    
    return
}

custom_dns_stop() {
    kill -9 $pid_chinadns &>/dev/null
    # do something
    return
}

custom_dns_status() {
    # do something
    _status "chinadns" process_is_running $pid_chinadns        
    return
}

custom_dns_flush() {
    # do something
    return
}

zfl9 / ss-tproxy

开启ss-tproxy ,ipv6 不通,请作者看看 #247