2024-03-08 21:35:53 +08:00
#!/bin/sh
2020-08-22 20:08:23 +08:00
# Copyright (C) Juewuy
2023-06-04 12:29:31 +08:00
#初始化目录
2024-04-13 20:36:48 +08:00
CRASHDIR = $( cd $( dirname $0 ) ; pwd )
2024-01-10 22:02:15 +08:00
#加载执行目录,失败则初始化
2024-04-13 14:01:58 +08:00
. " $CRASHDIR " /configs/command.env >/dev/null 2>& 1
[ -z " $BINDIR " -o -z " $TMPDIR " -o -z " $COMMAND " ] && . " $CRASHDIR " /init.sh >/dev/null 2>& 1
[ ! -f " $TMPDIR " ] && mkdir -p " $TMPDIR "
2024-01-10 22:02:15 +08:00
2020-10-30 16:21:09 +08:00
#脚本内部工具
2024-04-13 14:01:58 +08:00
getconfig( ) { #读取配置及全局变量
2020-10-23 19:08:35 +08:00
#加载配置文件
2024-04-13 14:01:58 +08:00
. " $CRASHDIR " /configs/ShellCrash.cfg >/dev/null
2024-06-06 14:40:22 +08:00
#缺省值
2020-10-27 09:40:58 +08:00
[ -z " $redir_mod " ] && [ " $USER " = "root" -o " $USER " = "admin" ] && redir_mod = Redir模式
2022-02-06 19:14:05 +08:00
[ -z " $redir_mod " ] && redir_mod = 纯净模式
2020-10-23 19:08:35 +08:00
[ -z " $skip_cert " ] && skip_cert = 已开启
2024-03-07 17:38:38 +08:00
[ -z " $dns_mod " ] && dns_mod = fake-ip
2022-12-04 20:54:09 +08:00
[ -z " $ipv6_redir " ] && ipv6_redir = 未开启
2022-11-25 21:47:03 +08:00
[ -z " $ipv6_dns " ] && ipv6_dns = 已开启
2022-12-21 11:23:23 +08:00
[ -z " $cn_ipv6_route " ] && cn_ipv6_route = 未开启
2024-06-06 14:40:22 +08:00
[ -z " $macfilter_type " ] && macfilter_type = 黑名单
2020-10-23 19:08:35 +08:00
[ -z " $mix_port " ] && mix_port = 7890
[ -z " $redir_port " ] && redir_port = 7892
2022-11-12 22:54:46 +08:00
[ -z " $tproxy_port " ] && tproxy_port = 7893
2020-10-23 19:08:35 +08:00
[ -z " $db_port " ] && db_port = 9999
[ -z " $dns_port " ] && dns_port = 1053
2023-04-26 21:24:26 +08:00
[ -z " $fwmark " ] && fwmark = $redir_port
2024-03-07 17:38:38 +08:00
routing_mark = $(( fwmark + 2 ))
2022-11-20 20:12:37 +08:00
[ -z " $sniffer " ] && sniffer = 已开启
2020-10-23 19:08:35 +08:00
#是否代理常用端口
2022-05-12 23:23:18 +08:00
[ -z " $common_ports " ] && common_ports = 已开启
2023-01-08 22:03:36 +08:00
[ -z " $multiport " ] && multiport = '22,53,80,123,143,194,443,465,587,853,993,995,5222,8080,8443'
2020-12-08 20:37:49 +08:00
[ " $common_ports " = "已开启" ] && ports = " -m multiport --dports $multiport "
2024-01-06 22:35:41 +08:00
#内核配置文件
2024-04-13 14:01:58 +08:00
if [ " $crashcore " = singbox -o " $crashcore " = singboxp ] ; then
2024-01-20 16:35:52 +08:00
target = singbox
format = json
2024-04-13 14:01:58 +08:00
core_config = " $CRASHDIR " /jsons/config.json
2024-01-06 22:35:41 +08:00
else
2024-01-20 16:35:52 +08:00
target = clash
format = yaml
2024-04-13 14:01:58 +08:00
core_config = " $CRASHDIR " /yamls/config.yaml
2024-01-06 22:35:41 +08:00
fi
2022-05-12 23:23:18 +08:00
}
2024-04-13 14:01:58 +08:00
setconfig( ) { #脚本配置工具
2020-10-30 16:21:09 +08:00
#参数1代表变量名, 参数2代表变量值,参数3即文件路径
2024-04-13 14:01:58 +08:00
[ -z " $3 " ] && configpath = " $CRASHDIR " /configs/ShellCrash.cfg || configpath = " ${ 3 } "
2024-04-21 14:04:59 +08:00
grep -q " ${ 1 } = " " $configpath " && sed -i " s# ${ 1 } =.*# ${ 1 } = ${ 2 } #g " " $configpath " || sed -i " \$a\\ ${ 1 } = ${ 2 } " $configpath
2020-10-30 16:21:09 +08:00
}
2024-04-13 14:01:58 +08:00
ckcmd( ) { #检查命令是否存在
command -v sh >/dev/null 2>& 1 && command -v " $1 " >/dev/null 2>& 1 || type " $1 " >/dev/null 2>& 1
2023-01-15 20:58:15 +08:00
}
2024-04-13 14:01:58 +08:00
ckgeo( ) { #查找及下载Geo数据文件
find --help 2>& 1 | grep -q size && find_para = ' -size +20' #find命令兼容
[ -z " $( find " $BINDIR " /" $1 " " $find_para " 2>/dev/null) " ] && {
if [ -n " $( find " $CRASHDIR " /" $1 " " $find_para " 2>/dev/null) " ] ; then
mv " $CRASHDIR " /" $1 " " $BINDIR " /" $1 " #小闪存模式移动文件
2024-02-03 18:55:45 +08:00
else
logger " 未找到 ${ 1 } 文件,正在下载! " 33
2024-04-13 14:01:58 +08:00
get_bin " $BINDIR " /" $1 " bin/geodata/" $2 "
[ " $? " = "1" ] && rm -rf " ${ BINDIR : ? } " /" ${ 1 } " && logger " ${ 1 } 文件下载失败,已退出!请前往更新界面尝试手动下载! " 31 && exit 1
geo_v = " $( echo " $2 " | awk -F "." '{print $1}' ) _v "
setconfig " $geo_v " " $( date +"%Y%m%d" ) "
2024-02-03 18:55:45 +08:00
fi
}
2024-02-02 17:54:20 +08:00
}
2024-04-13 14:01:58 +08:00
compare( ) { #对比文件
if [ ! -f " $1 " ] || [ ! -f " $2 " ] ; then
2020-12-13 16:40:19 +08:00
return 1
2024-04-13 14:01:58 +08:00
elif ckcmd cmp; then
cmp -s " $1 " " $2 "
2020-11-07 12:08:31 +08:00
else
2024-04-13 14:01:58 +08:00
[ " $( cat " $1 " ) " = " $( cat " $2 " ) " ] && return 0 || return 1
2020-11-07 12:08:31 +08:00
fi
}
2024-04-13 14:01:58 +08:00
logger( ) { #日志工具
2023-04-12 21:03:18 +08:00
#$1日志内容$2显示颜色$3是否推送
2024-01-02 17:09:11 +08:00
[ -n " $2 " -a " $2 " != 0 ] && echo -e " \033[ $2 m $1 \033[0m "
2022-12-04 20:54:09 +08:00
log_text = " $( date "+%G-%m-%d_%H:%M:%S" ) ~ $1 "
2024-04-13 14:01:58 +08:00
echo " $log_text " >>" $TMPDIR " /ShellCrash.log
[ " $( wc -l " $TMPDIR " /ShellCrash.log | awk '{print $1}' ) " -gt 99 ] && sed -i '1,50d' " $TMPDIR " /ShellCrash.log
2024-04-04 20:29:46 +08:00
#推送工具
2024-04-13 14:01:58 +08:00
webpush( ) {
2024-01-06 22:35:41 +08:00
[ -n " $( pidof CrashCore) " ] && {
2024-04-13 14:01:58 +08:00
[ -n " $authentication " ] && auth = " $authentication @ "
2022-12-08 20:36:56 +08:00
export https_proxy = " http:// ${ auth } 127.0.0.1: $mix_port "
}
2024-04-13 14:01:58 +08:00
if curl --version >/dev/null 2>& 1; then
curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json; charset=utf-8" " $1 " -d " $2 " >/dev/null 2>& 1
elif wget --version >/dev/null 2>& 1; then
2024-04-13 11:19:01 +08:00
wget -Y on -q --timeout= 3 --method= POST --header= "Content-Type: application/json; charset=utf-8" --body-data= " $2 " " $1 "
2024-04-04 20:29:46 +08:00
else
echo "找不到有效的curl或wget应用, 请先安装! "
fi
}
[ -z " $3 " ] && {
[ -n " $device_name " ] && log_text = " $log_text ( $device_name ) "
2022-12-08 20:36:56 +08:00
[ -n " $push_TG " ] && {
2024-03-17 15:13:54 +08:00
url = " https://api.telegram.org/bot ${ push_TG } /sendMessage "
2024-04-04 20:29:46 +08:00
content = " {\"chat_id\":\" ${ chat_ID } \",\"text\":\" $log_text \"} "
webpush " $url " " $content " &
2022-12-08 20:36:56 +08:00
}
[ -n " $push_bark " ] && {
2024-04-04 20:29:46 +08:00
url = " ${ push_bark } "
content = " {\"body\":\" ${ log_text } \",\"title\":\"ShellCrash日志推送\",\"level\":\"passive\",\"badge\":\"1\"} "
webpush " $url " " $content " &
2022-12-08 20:36:56 +08:00
}
2022-12-09 22:40:11 +08:00
[ -n " $push_Deer " ] && {
2024-04-04 20:29:46 +08:00
url = "https://api2.pushdeer.com/message/push"
content = " {\"pushkey\":\" ${ push_Deer } \",\"text\":\" $log_text \"} "
webpush " $url " " $content " &
2022-12-09 22:40:11 +08:00
}
2022-12-08 20:36:56 +08:00
[ -n " $push_Po " ] && {
2024-03-17 15:13:54 +08:00
url = "https://api.pushover.net/1/messages.json"
content = " {\"token\":\" ${ push_Po } \",\"user\":\" ${ push_Po_key } \",\"title\":\"ShellCrash日志推送\",\"message\":\" $log_text \"} "
2024-04-04 20:29:46 +08:00
webpush " $url " " $content " &
2024-03-17 15:13:54 +08:00
}
[ -n " $push_PP " ] && {
url = "http://www.pushplus.plus/send"
content = " {\"token\":\" ${ push_PP } \",\"title\":\"ShellCrash日志推送\",\"content\":\" $log_text \"} "
2024-04-04 20:29:46 +08:00
webpush " $url " " $content " &
2024-04-13 14:01:58 +08:00
}
2022-12-08 20:36:56 +08:00
} &
2020-10-24 09:54:14 +08:00
}
2024-04-13 14:01:58 +08:00
croncmd( ) { #定时任务工具
if [ -n " $( crontab -h 2>& 1 | grep '\-l' ) " ] ; then
crontab " $1 "
2021-06-25 00:23:32 +08:00
else
crondir = " $( crond -h 2>& 1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}' ) "
[ ! -w " $crondir " ] && crondir = "/etc/storage/cron/crontabs"
[ ! -w " $crondir " ] && crondir = "/var/spool/cron/crontabs"
[ ! -w " $crondir " ] && crondir = "/var/spool/cron"
2024-04-13 14:01:58 +08:00
if [ -w " $crondir " ] ; then
[ " $1 " = "-l" ] && cat " $crondir " /" $USER " 2>/dev/null
[ -f " $1 " ] && cat " $1 " >" $crondir " /" $USER "
2024-01-30 11:40:55 +08:00
else
echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
fi
2021-06-25 00:23:32 +08:00
fi
}
2024-04-13 14:01:58 +08:00
cronset( ) { #定时任务设置
2020-10-27 09:40:58 +08:00
# 参数1代表要移除的关键字,参数2代表要添加的任务语句
2024-04-13 14:01:58 +08:00
tmpcron = " $TMPDIR " /cron_$USER
croncmd -l >" $tmpcron " 2>/dev/null
sed -i " / $1 /d " " $tmpcron "
sed -i '/^$/d' " $tmpcron "
echo " $2 " >>" $tmpcron "
croncmd " $tmpcron "
rm -f " $tmpcron "
2020-10-27 09:40:58 +08:00
}
2024-04-13 14:01:58 +08:00
get_save( ) { #获取面板信息
if curl --version >/dev/null 2>& 1; then
2023-05-13 20:43:15 +08:00
curl -s -H " Authorization: Bearer ${ secret } " -H "Content-Type:application/json" " $1 "
2024-04-13 14:01:58 +08:00
elif [ -n " $( wget --help 2>& 1 | grep '\-\-method' ) " ] ; then
2023-05-13 20:43:15 +08:00
wget -q --header= " Authorization: Bearer ${ secret } " --header= "Content-Type:application/json" -O - " $1 "
fi
}
2024-04-13 14:01:58 +08:00
put_save( ) { #推送面板选择
2024-01-22 21:06:05 +08:00
[ -z " $3 " ] && request_type = PUT || request_type = $3
2024-04-13 14:01:58 +08:00
if curl --version >/dev/null 2>& 1; then
curl -sS -X " $request_type " -H " Authorization: Bearer $secret " -H "Content-Type:application/json" " $1 " -d " $2 " >/dev/null
elif wget --version >/dev/null 2>& 1; then
wget -q --method= " $request_type " --header= " Authorization: Bearer $secret " --header= "Content-Type:application/json" --body-data= " $2 " " $1 " >/dev/null
2022-06-06 13:03:42 +08:00
fi
}
2024-04-13 14:01:58 +08:00
get_bin( ) { #专用于项目内部文件的下载
. " $CRASHDIR " /configs/ShellCrash.cfg >/dev/null
2024-01-12 21:36:31 +08:00
[ -z " $update_url " ] && update_url = https://fastly.jsdelivr.net/gh/juewuy/ShellCrash@master
2024-04-13 14:01:58 +08:00
if [ -n " $url_id " ] ; then
2024-01-20 16:35:52 +08:00
[ -z " $release_type " ] && release_type = master
2024-04-13 14:01:58 +08:00
if [ " $url_id " = 101 -o " $url_id " = 104 ] ; then
url = " $( grep " $url_id " " $CRASHDIR " /configs/servers.list | awk '{print $3}' ) @ $release_type / $2 " #jsdelivr特殊处理
2024-01-12 21:36:31 +08:00
else
2024-04-13 14:01:58 +08:00
url = " $( grep " $url_id " " $CRASHDIR " /configs/servers.list | awk '{print $3}' ) / $release_type / $2 "
2024-01-12 21:36:31 +08:00
fi
else
url = " $update_url / $2 "
fi
$0 webget " $1 " " $url " " $3 " " $4 " " $5 " " $6 "
}
2024-04-13 14:01:58 +08:00
mark_time( ) { #时间戳
date +%s >" $TMPDIR " /crash_start_time
2022-03-16 15:00:11 +08:00
}
2024-04-13 14:01:58 +08:00
getlanip( ) { #获取局域网host地址
2023-05-13 20:43:15 +08:00
i = 1
2024-04-13 14:01:58 +08:00
while [ " $i " -le "20" ] ; do
2024-08-25 20:48:41 +08:00
host_ipv4 = $( ip a 2>& 1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' ) #ipv4局域网网段
2024-06-13 11:53:10 +08:00
[ " $ipv6_redir " = "已开启" ] && host_ipv6 = $( ip a 2>& 1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g' ) #ipv6公网地址段
2024-04-13 14:01:58 +08:00
[ -f " $TMPDIR " /ShellCrash.log ] && break
2024-01-24 17:46:38 +08:00
[ -n " $host_ipv4 " -a " $ipv6_redir " != "已开启" ] && break
2023-08-07 22:09:41 +08:00
[ -n " $host_ipv4 " -a -n " $host_ipv6 " ] && break
2024-04-13 14:01:58 +08:00
sleep 1 && i = $(( i + 1 ))
2023-05-13 20:43:15 +08:00
done
2023-04-16 21:27:25 +08:00
#添加自定义ipv4局域网网段
2024-07-05 15:45:41 +08:00
if [ " $replace_default_host_ipv4 " = = "未禁用" ] ; then
host_ipv4 = " $cust_host_ipv4 "
else
host_ipv4 = " $host_ipv4 $cust_host_ipv4 "
fi
2023-04-02 19:46:08 +08:00
#缺省配置
[ -z " $host_ipv4 " ] && host_ipv4 = '192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
2024-06-13 11:53:10 +08:00
host_ipv6 = " fe80::/10 fd00::/8 $host_ipv6 "
2023-04-03 21:46:24 +08:00
#获取本机出口IP地址
2024-06-30 15:49:10 +08:00
local_ipv4 = $( ip route 2>& 1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
2024-04-13 14:01:58 +08:00
[ -z " $local_ipv4 " ] && local_ipv4 = $( ip route 2>& 1 | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
2023-04-02 19:46:08 +08:00
#保留地址
reserve_ipv4 = "0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
reserve_ipv6 = "::/128 ::1/128 ::ffff:0:0/96 64:ff9b::/96 100::/64 2001::/32 2001:20::/28 2001:db8::/32 2002::/16 fc00::/7 fe80::/10 ff00::/8"
2022-04-28 22:03:31 +08:00
}
2020-10-28 11:09:26 +08:00
#配置文件相关
2024-04-13 14:01:58 +08:00
check_clash_config( ) { #检查clash配置文件
2024-01-06 22:35:41 +08:00
#检测节点或providers
2024-04-13 14:01:58 +08:00
if [ -z " $( cat $core_config_new | grep -E 'server|proxy-providers' | grep -v 'nameserver' | head -n 1) " ] ; then
2024-01-06 22:35:41 +08:00
echo -----------------------------------------------
logger "获取到了配置文件,但似乎并不包含正确的节点信息!" 31
echo -----------------------------------------------
sed -n '1,30p' $core_config_new
echo -----------------------------------------------
echo -e "\033[33m请检查如上配置文件信息:\033[0m"
echo -----------------------------------------------
exit 1
fi
#检测旧格式
2024-04-13 14:01:58 +08:00
if cat $core_config_new | grep 'Proxy Group:' >/dev/null; then
2024-01-06 22:35:41 +08:00
echo -----------------------------------------------
logger "已经停止对旧格式配置文件的支持!!!" 31
echo -e "请使用新格式或者使用【在线生成配置文件】功能!"
echo -----------------------------------------------
exit 1
fi
#检测不支持的加密协议
2024-04-13 14:01:58 +08:00
if cat $core_config_new | grep 'cipher: chacha20,' >/dev/null; then
2024-01-06 22:35:41 +08:00
echo -----------------------------------------------
logger "已停止支持chacha20加密, 请更换更安全的节点加密协议! " 31
echo -----------------------------------------------
exit 1
fi
2024-01-27 22:54:24 +08:00
#检测并去除无效策略组
2024-01-06 22:35:41 +08:00
[ -n " $url_type " ] && ckcmd xargs && {
2024-04-13 14:01:58 +08:00
cat $core_config_new | sed '/^rules:/,$d' | grep -A 15 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/- //g' | grep -E '#DIRECT $|#DIRECT$' | awk -F '#' '{print $1}' >" $TMPDIR " /clash_proxies_$USER
while read line; do
2024-01-06 22:35:41 +08:00
sed -i " /- $line /d " $core_config_new
sed -i " /- name: $line /,/- DIRECT/d " $core_config_new
2024-04-13 14:01:58 +08:00
done <" $TMPDIR " /clash_proxies_$USER
rm -rf " $TMPDIR " /clash_proxies_$USER
2024-01-06 22:35:41 +08:00
}
}
2024-04-13 14:01:58 +08:00
check_singbox_config( ) { #检查singbox配置文件
2024-01-27 22:54:24 +08:00
#检测节点或providers
2024-04-13 14:01:58 +08:00
if [ -z " $( cat $core_config_new | grep -Eo 'server|outbound_providers' ) " ] ; then
2024-01-27 22:54:24 +08:00
echo -----------------------------------------------
logger " 获取到了配置文件【 $core_config_new 】,但似乎并不包含正确的节点信息! " 31
exit 1
fi
#检测并去除无效策略组
[ -n " $url_type " ] && {
#获得无效策略组名称
2024-04-13 14:01:58 +08:00
grep -oE '\{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\]' $core_config_new | sed -n 's/.*"tag":"\([^"]*\)".*/\1/p' >" $TMPDIR " /singbox_tags
2024-01-27 22:54:24 +08:00
#删除策略组
sed -i 's/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\]}//g; s/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\],"url":"[^"]*","interval":"[^"]*","tolerance":[^}]*}//g' $core_config_new
#删除全部包含策略组名称的规则
2024-04-13 14:01:58 +08:00
while read line; do
2024-01-27 22:54:24 +08:00
sed -i " s/\" $line \"//g " $core_config_new
2024-04-13 14:01:58 +08:00
done <" $TMPDIR " /singbox_tags
rm -rf " $TMPDIR " /singbox_tags
2024-01-27 22:54:24 +08:00
#删除多余逗号
sed -i 's/,\+/,/g; s/\[,/\[/g; s/,]/]/g' $core_config_new
2024-04-13 14:01:58 +08:00
}
2024-01-06 22:35:41 +08:00
}
2024-04-13 14:01:58 +08:00
get_core_config( ) { #下载内核配置文件
2020-10-27 09:40:58 +08:00
[ -z " $rule_link " ] && rule_link = 1
2024-04-13 14:01:58 +08:00
[ -z " $server_link " ] || [ $server_link -gt $( grep -aE '^4' " $CRASHDIR " /configs/servers.list | wc -l) ] && server_link = 1
Server = $( grep -aE '^3|^4' " $CRASHDIR " /configs/servers.list | sed -n "" $server_link "p" | awk '{print $3}' )
[ -n " $( echo $Url | grep -oE 'vless:|hysteria:' ) " ] && Server = $( grep -aE '^4' " $CRASHDIR " /configs/servers.list | sed -n "" $server_link "p" | awk '{print $3}' )
[ " $retry " = 3 ] && Server = $( grep -aE '^497' " $CRASHDIR " /configs/servers.list | awk '{print $3}' )
Config = $( grep -aE '^5' " $CRASHDIR " /configs/servers.list | sed -n "" $rule_link "p" | awk '{print $3}' )
2020-10-23 19:08:35 +08:00
#如果传来的是Url链接则合成Https链接, 否则直接使用Https链接
2024-04-13 14:01:58 +08:00
if [ -z " $Https " ] ; then
2024-01-10 22:02:15 +08:00
#Urlencord转码处理保留字符
2024-01-24 16:09:10 +08:00
Url = $( echo $Url | sed 's/;/\%3B/g; s|/|\%2F|g; s/?/\%3F/g; s/:/\%3A/g; s/@/\%40/g; s/=/\%3D/g; s/&/\%26/g' )
2024-01-10 22:02:15 +08:00
Https = " ${ Server } /sub?target= ${ target } &insert=true&new_name=true&scv=true&udp=true&exclude= ${ exclude } &include= ${ include } &url= ${ Url } &config= ${ Config } "
2022-04-10 21:36:58 +08:00
url_type = true
2020-10-23 19:08:35 +08:00
fi
2020-10-24 09:54:14 +08:00
#输出
2020-10-27 16:36:01 +08:00
echo -----------------------------------------------
2024-01-10 22:02:15 +08:00
logger 正在连接服务器获取【${ target } 】配置文件…………
2022-12-04 20:54:09 +08:00
echo -e " 链接地址为:\033[4;32m $Https \033[0m "
2020-10-23 19:08:35 +08:00
echo 可以手动复制该链接到浏览器打开并查看数据是否正常!
2024-01-06 22:35:41 +08:00
#获取在线config文件
2024-04-13 14:01:58 +08:00
core_config_new = " $TMPDIR " /${ target } _config.${ format }
2024-01-10 22:02:15 +08:00
rm -rf ${ core_config_new }
$0 webget " $core_config_new " " $Https "
2024-04-13 14:01:58 +08:00
if [ " $? " = "1" ] ; then
if [ -z " $url_type " ] ; then
2020-10-24 09:54:14 +08:00
echo -----------------------------------------------
2020-10-30 16:21:09 +08:00
logger "配置文件获取失败!" 31
2021-05-31 16:03:30 +08:00
echo -e "\033[31m请尝试使用【在线生成配置文件】功能! \033[0m"
2020-10-24 09:54:14 +08:00
echo -----------------------------------------------
2020-10-10 17:02:53 +08:00
exit 1
else
2024-04-13 14:01:58 +08:00
if [ " $retry " = 3 ] ; then
2020-10-30 16:21:09 +08:00
logger "无法获取配置文件,请检查链接格式以及网络连接状态!" 31
2024-01-22 21:06:05 +08:00
echo -e "\033[32m也可用浏览器下载以上链接后, 使用WinSCP手动上传到/tmp目录后执行crash命令本地导入! \033[0m"
2020-10-23 19:08:35 +08:00
exit 1
2024-04-13 14:01:58 +08:00
elif [ " $retry " = 2 ] ; then
2022-12-04 20:54:09 +08:00
retry = 4
2023-03-17 23:32:30 +08:00
logger "配置文件获取失败! 将尝试使用http协议备用服务器获取! " 31
2023-07-30 09:49:41 +08:00
echo -e "\033[32m如担心数据安全, 请在3s内使用【Ctrl+c】退出! \033[0m"
sleep 3
2022-11-25 21:47:03 +08:00
Https = ""
2024-01-06 22:35:41 +08:00
get_core_config
2020-10-23 19:08:35 +08:00
else
2024-04-13 14:01:58 +08:00
retry = $(( retry + 1 ))
2020-10-30 16:21:09 +08:00
logger "配置文件获取失败!" 31
2020-10-23 19:08:35 +08:00
echo -e "\033[32m尝试使用其他服务器获取配置! \033[0m"
2024-03-19 13:58:02 +08:00
logger " 正在重试第 $retry次 /共3次! " 33
if [ " $server_link " -ge 4 ] ; then
2020-10-23 19:08:35 +08:00
server_link = 0
fi
2024-04-13 14:01:58 +08:00
server_link = $(( server_link + 1 ))
2023-01-13 20:36:52 +08:00
setconfig server_link $server_link
2020-10-23 19:08:35 +08:00
Https = ""
2024-01-06 22:35:41 +08:00
get_core_config
2020-09-18 21:09:06 +08:00
fi
fi
2020-10-23 19:08:35 +08:00
else
Https = ""
2024-04-13 14:01:58 +08:00
if [ " $crashcore " = singbox -o " $crashcore " = singboxp ] ; then
2024-03-08 10:16:56 +08:00
check_singbox_config
else
check_clash_config
fi
2020-10-27 16:36:01 +08:00
#如果不同则备份并替换文件
2024-04-13 14:01:58 +08:00
if [ -s $core_config ] ; then
2024-01-06 22:35:41 +08:00
compare $core_config_new $core_config
[ " $? " = 0 ] || mv -f $core_config $core_config .bak && mv -f $core_config_new $core_config
2020-10-27 16:36:01 +08:00
else
2024-01-06 22:35:41 +08:00
mv -f $core_config_new $core_config
2020-10-27 16:36:01 +08:00
fi
2020-12-11 22:17:29 +08:00
echo -e "\033[32m已成功获取配置文件! \033[0m"
2020-09-18 21:09:06 +08:00
fi
2024-02-04 16:55:06 +08:00
return 0
2020-09-18 21:09:06 +08:00
}
2024-04-13 14:01:58 +08:00
modify_yaml( ) { #修饰clash配置文件
##########需要变更的配置###########
2022-05-12 23:23:18 +08:00
[ -z " $dns_nameserver " ] && dns_nameserver = '114.114.114.114, 223.5.5.5'
[ -z " $dns_fallback " ] && dns_fallback = '1.0.0.1, 8.8.4.4'
[ -z " $skip_cert " ] && skip_cert = 已开启
2023-07-30 09:49:41 +08:00
[ " $ipv6_dns " = "已开启" ] && dns_v6 = 'true' || dns_v6 = 'false'
2020-10-23 19:08:35 +08:00
external = " external-controller: 0.0.0.0: $db_port "
2024-04-13 14:01:58 +08:00
if [ " $redir_mod " = "混合模式" -o " $redir_mod " = "Tun模式" ] ; then
2024-06-30 15:49:10 +08:00
[ " $crashcore " = 'meta' ] && tun_meta = ', device: utun, auto-route: false, auto-detect-interface: false'
2022-05-04 22:28:09 +08:00
tun = " tun: {enable: true, stack: system $tun_meta } "
2022-01-08 17:21:06 +08:00
else
tun = 'tun: {enable: false}'
fi
2020-10-23 19:08:35 +08:00
exper = 'experimental: {ignore-resolve-fail: true, interface-name: en0}'
2023-02-28 19:45:06 +08:00
#Meta内核专属配置
2024-01-06 22:35:41 +08:00
[ " $crashcore " = 'meta' ] && {
2023-08-05 17:36:20 +08:00
[ " $redir_mod " != "纯净模式" ] && find_process = 'find-process-mode: "off"'
2023-02-28 19:45:06 +08:00
}
2020-10-23 19:08:35 +08:00
#dns配置
2024-04-13 14:01:58 +08:00
[ -z " $( cat " $CRASHDIR " /yamls/user.yaml 2>/dev/null | grep '^dns:' ) " ] && {
cat >" $TMPDIR " /dns.yaml <<EOF
2023-07-30 09:49:41 +08:00
dns:
enable: true
2024-02-26 10:36:45 +08:00
listen: :$dns_port
2023-07-30 09:49:41 +08:00
use-hosts: true
ipv6: $dns_v6
default-nameserver:
- 114.114.114.114
- 223.5.5.5
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
EOF
2024-04-13 14:01:58 +08:00
if [ " $dns_mod " = "fake-ip" ] ; then
cat " $CRASHDIR " /configs/fake_ip_filter " $CRASHDIR " /configs/fake_ip_filter.list 2>/dev/null | grep '\.' | sed "s/^/ - '/" | sed " s/ $/'/ " >>" $TMPDIR " /dns.yaml
2022-11-20 20:12:37 +08:00
else
2024-04-13 14:01:58 +08:00
echo " - '+.*'" >>" $TMPDIR " /dns.yaml #使用fake-ip模拟redir_host
2022-11-20 20:12:37 +08:00
fi
2024-04-13 14:01:58 +08:00
cat >>" $TMPDIR " /dns.yaml <<EOF
2023-07-30 09:49:41 +08:00
nameserver: [ $dns_nameserver ]
fallback: [ $dns_fallback ]
fallback-filter:
geoip: true
EOF
2024-04-13 14:01:58 +08:00
[ -s " $CRASHDIR " /configs/fallback_filter.list ] && {
echo " domain:" >>" $TMPDIR " /dns.yaml
cat " $CRASHDIR " /configs/fallback_filter.list | grep '\.' | sed "s/^/ - '/" | sed " s/ $/'/ " >>" $TMPDIR " /dns.yaml
}
}
2023-01-01 20:25:30 +08:00
#域名嗅探配置
2024-08-25 21:25:20 +08:00
[ " $sniffer " = "已启用" ] && [ " $crashcore " = "meta" ] && sniffer_set = "sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {tls: {ports: [443, 8443]}, http: {ports: [80, 8080-8880]}, quic: {ports: [443, 8443]}}}"
2024-03-05 21:21:40 +08:00
[ " $crashcore " = "clashpre" ] && [ " $dns_mod " = "redir_host" -o " $sniffer " = "已启用" ] && exper = "experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
2023-07-30 09:49:41 +08:00
#生成set.yaml
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /set.yaml <<EOF
2023-07-30 09:49:41 +08:00
mixed-port: $mix_port
redir-port: $redir_port
tproxy-port: $tproxy_port
authentication: [ " $authentication " ]
allow-lan: true
mode: Rule
log-level: info
2024-03-09 16:48:29 +08:00
ipv6: true
2023-07-30 09:49:41 +08:00
external-controller: :$db_port
external-ui: ui
secret: $secret
$tun
$exper
$sniffer_set
$find_process
2024-03-07 17:38:38 +08:00
routing-mark: $routing_mark
2023-07-30 09:49:41 +08:00
EOF
#读取本机hosts并生成配置文件
2024-04-13 14:01:58 +08:00
if [ " $hosts_opt " != "未启用" ] && [ -z " $( grep -aE '^hosts:' " $CRASHDIR " /yamls/user.yaml 2>/dev/null) " ] ; then
2023-07-30 09:49:41 +08:00
#NTP劫持
2024-04-13 14:01:58 +08:00
cat >>" $TMPDIR " /hosts.yaml <<EOF
2023-07-30 09:49:41 +08:00
hosts:
'time.android.com' : 203.107.6.88
'time.facebook.com' : 203.107.6.88
EOF
#加载本机hosts
sys_hosts = /etc/hosts
[ -f /data/etc/custom_hosts ] && sys_hosts = /data/etc/custom_hosts
2024-04-13 14:01:58 +08:00
while read line; do
[ -n " $( echo " $line " | grep -oE "([0-9]{1,3}[\.]){3}" ) " ] &&
[ -z " $( echo " $line " | grep -oE '^#' ) " ] &&
hosts_ip = $( echo $line | awk '{print $1}' ) &&
hosts_domain = $( echo $line | awk '{print $2}' ) &&
[ -z " $( cat " $TMPDIR " /hosts.yaml | grep -oE " $hosts_domain " ) " ] &&
echo " ' $hosts_domain ': $hosts_ip " >>" $TMPDIR " /hosts.yaml
done <$sys_hosts
fi
2022-12-15 20:49:57 +08:00
#分割配置文件
2023-06-03 22:31:33 +08:00
yaml_char = 'proxies proxy-groups proxy-providers rules rule-providers'
2024-04-13 14:01:58 +08:00
for char in $yaml_char ; do
sed -n " /^ $char :/,/^[a-z]/ { /^[a-z]/d; p; } " $core_config >" $TMPDIR " /${ char } .yaml
2023-06-03 22:31:33 +08:00
done
2020-08-22 20:08:23 +08:00
#跳过本地tls证书验证
2024-04-13 14:01:58 +08:00
[ " $skip_cert " = "已开启" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' " $TMPDIR " /proxies.yaml ||
sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' " $TMPDIR " /proxies.yaml
2023-06-03 22:31:33 +08:00
#插入自定义策略组
2024-04-13 14:01:58 +08:00
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" " $TMPDIR " /proxy-groups.yaml
sed -i "/#自定义策略组/d" " $TMPDIR " /proxy-groups.yaml
[ -n " $( grep -Ev '^#' " $CRASHDIR " /yamls/proxy-groups.yaml 2>/dev/null) " ] && {
2023-06-03 22:31:33 +08:00
#获取空格数
2024-04-13 14:01:58 +08:00
space_name = $( grep -aE '^ *- name: ' " $TMPDIR " /proxy-groups.yaml | head -n 1 | grep -oE '^ *' )
space_proxy = $( grep -A 1 'proxies:$' " $TMPDIR " /proxy-groups.yaml | grep -aE '^ *- ' | head -n 1 | grep -oE '^ *' )
2023-06-03 22:31:33 +08:00
#合并自定义策略组到proxy-groups.yaml
2024-04-13 14:01:58 +08:00
cat " $CRASHDIR " /yamls/proxy-groups.yaml | sed "/^#/d" | sed "s/#.*//g" | sed '1i\ #自定义策略组开始' | sed '$a\ #自定义策略组结束' | sed " s/^ */ ${ space_name } /g " | sed " s/^ *- / ${ space_proxy } - /g " | sed " s/^ *- name: / ${ space_name } - name: /g " >" $TMPDIR " /proxy-groups_add.yaml
cat " $TMPDIR " /proxy-groups.yaml >>" $TMPDIR " /proxy-groups_add.yaml
mv -f " $TMPDIR " /proxy-groups_add.yaml " $TMPDIR " /proxy-groups.yaml
2023-06-03 22:31:33 +08:00
oldIFS = " $IFS "
2024-04-13 14:01:58 +08:00
grep "\- name: " " $CRASHDIR " /yamls/proxy-groups.yaml | sed "/^#/d" | while read line; do #将自定义策略组插入现有的proxy-group
new_group = $( echo $line | grep -Eo '^ *- name:.*#' | cut -d'#' -f1 | sed 's/.*name: //g' )
proxy_groups = $( echo $line | grep -Eo '#.*' | sed "s/#//" )
IFS = "#"
for name in $proxy_groups ; do
line_a = $( grep -n " \- name: $name " " $TMPDIR " /proxy-groups.yaml | awk -F: '{print $1}' ) #获取group行号
[ -n " $line_a " ] && {
line_b = $( grep -A 8 " \- name: $name " " $TMPDIR " /proxy-groups.yaml | grep -n " proxies: $" | awk -F: '{print $1}' ) #获取proxies行号
line_c = $(( line_a + line_b - 1 )) #计算需要插入的行号
space = $( sed -n " $(( line_c + 1 )) p " " $TMPDIR " /proxy-groups.yaml | grep -oE '^ *' ) #获取空格数
[ " $line_c " -gt 2 ] && sed -i " ${ line_c } a\\ ${ space } - ${ new_group } #自定义策略组 " " $TMPDIR " /proxy-groups.yaml
}
done
IFS = " $oldIFS "
2023-06-04 12:29:31 +08:00
done
2024-04-13 14:01:58 +08:00
}
2023-06-03 22:31:33 +08:00
#插入自定义代理
2024-04-13 14:01:58 +08:00
sed -i "/#自定义代理/d" " $TMPDIR " /proxies.yaml
sed -i "/#自定义代理/d" " $TMPDIR " /proxy-groups.yaml
[ -n " $( grep -Ev '^#' " $CRASHDIR " /yamls/proxies.yaml 2>/dev/null) " ] && {
space_proxy = $( cat " $TMPDIR " /proxies.yaml | grep -aE '^ *- ' | head -n 1 | grep -oE '^ *' ) #获取空格数
cat " $CRASHDIR " /yamls/proxies.yaml | sed " s/^ *- / ${ space_proxy } - /g " | sed "/^#/d" | sed " /^ * $/d " | sed 's/#.*/ #自定义代理/g' >>" $TMPDIR " /proxies.yaml #插入节点
2023-06-03 22:31:33 +08:00
oldIFS = " $IFS "
2024-04-13 14:01:58 +08:00
cat " $CRASHDIR " /yamls/proxies.yaml | sed "/^#/d" | while read line; do #将节点插入proxy-group
proxy_name = $( echo $line | grep -Eo 'name: .+, ' | cut -d',' -f1 | sed 's/name: //g' )
proxy_groups = $( echo $line | grep -Eo '#.*' | sed "s/#//" )
IFS = "#"
for name in $proxy_groups ; do
line_a = $( grep -n " \- name: $name " " $TMPDIR " /proxy-groups.yaml | awk -F: '{print $1}' ) #获取group行号
[ -n " $line_a " ] && {
line_b = $( grep -A 8 " \- name: $name " " $TMPDIR " /proxy-groups.yaml | grep -n " proxies: $" | head -n 1 | awk -F: '{print $1}' ) #获取proxies行号
line_c = $(( line_a + line_b - 1 )) #计算需要插入的行号
space = $( sed -n " $(( line_c + 1 )) p " " $TMPDIR " /proxy-groups.yaml | grep -oE '^ *' ) #获取空格数
[ " $line_c " -gt 2 ] && sed -i " ${ line_c } a\\ ${ space } - ${ proxy_name } #自定义代理 " " $TMPDIR " /proxy-groups.yaml
}
done
IFS = " $oldIFS "
2023-06-04 12:29:31 +08:00
done
2023-06-03 22:31:33 +08:00
}
2022-12-15 20:49:57 +08:00
#节点绕过功能支持
2024-04-13 14:01:58 +08:00
sed -i "/#节点绕过/d" " $TMPDIR " /rules.yaml
2022-12-15 20:49:57 +08:00
[ " $proxies_bypass " = "已启用" ] && {
2024-04-13 14:01:58 +08:00
cat " $TMPDIR " /proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>" $TMPDIR " /proxies_bypass
cat " $TMPDIR " /proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>" $TMPDIR " /proxies_bypass
cat " $TMPDIR " /rules.yaml >>" $TMPDIR " /proxies_bypass
mv -f " $TMPDIR " /proxies_bypass " $TMPDIR " /rules.yaml
2022-12-15 20:49:57 +08:00
}
#插入自定义规则
2024-04-13 14:01:58 +08:00
sed -i "/#自定义规则/d" " $TMPDIR " /rules.yaml
[ -s " $CRASHDIR " /yamls/rules.yaml ] && {
cat " $CRASHDIR " /yamls/rules.yaml | sed "/^#/d" | sed '$a\' | sed 's/$/ #自定义规则/g' >" $TMPDIR " /rules.add
cat " $TMPDIR " /rules.yaml >>" $TMPDIR " /rules.add
mv -f " $TMPDIR " /rules.add " $TMPDIR " /rules.yaml
2022-12-15 20:49:57 +08:00
}
2023-06-11 20:52:17 +08:00
#对齐rules中的空格
2024-04-13 14:01:58 +08:00
sed -i 's/^ *-/ -/g' " $TMPDIR " /rules.yaml
2020-11-05 14:54:52 +08:00
#合并文件
2024-04-13 14:01:58 +08:00
[ -s " $CRASHDIR " /yamls/user.yaml ] && {
yaml_user = " $CRASHDIR " /yamls/user.yaml
2023-07-30 09:49:41 +08:00
#set和user去重,且优先使用user.yaml
2024-04-13 14:01:58 +08:00
cp -f " $TMPDIR " /set.yaml " $TMPDIR " /set_bak.yaml
for char in mode allow-lan log-level tun experimental interface-name dns store-selected; do
[ -n " $( grep -E " ^ $char " $yaml_user ) " ] && sed -i " /^ $char /d " " $TMPDIR " /set.yaml
2023-07-30 09:49:41 +08:00
done
}
2024-04-13 14:01:58 +08:00
[ -s " $TMPDIR " /dns.yaml ] && yaml_dns = " $TMPDIR " /dns.yaml
[ -s " $TMPDIR " /hosts.yaml ] && yaml_hosts = " $TMPDIR " /hosts.yaml
[ -s " $CRASHDIR " /yamls/others.yaml ] && yaml_others = " $CRASHDIR " /yamls/others.yaml
2023-07-21 20:39:10 +08:00
yaml_add =
2024-04-13 14:01:58 +08:00
for char in $yaml_char ; do #将额外配置文件合并
[ -s " $TMPDIR " /${ char } .yaml ] && {
sed -i " 1i\\ ${ char } : " " $TMPDIR " /${ char } .yaml
yaml_add = " $yaml_add " $TMPDIR " / ${ char } .yaml "
2023-06-03 22:31:33 +08:00
}
2024-04-13 14:01:58 +08:00
done
2023-07-30 09:49:41 +08:00
#合并完整配置文件
2024-04-13 14:01:58 +08:00
cut -c 1- " $TMPDIR " /set.yaml $yaml_dns $yaml_hosts $yaml_user $yaml_others $yaml_add >" $TMPDIR " /config.yaml
2023-04-12 21:03:18 +08:00
#测试自定义配置文件
2024-04-13 14:01:58 +08:00
" $TMPDIR " /CrashCore -t -d " $BINDIR " -f " $TMPDIR " /config.yaml >/dev/null
if [ " $? " != 0 ] ; then
logger " $( " $TMPDIR " /CrashCore -t -d " $BINDIR " -f " $TMPDIR " /config.yaml | grep -Eo 'error.*=.*' ) " 31
2023-04-12 21:03:18 +08:00
logger "自定义配置文件校验失败!将使用基础配置文件启动!" 33
2024-04-13 14:01:58 +08:00
logger "错误详情请参考 " $TMPDIR "/error.yaml 文件!" 33
mv -f " $TMPDIR " /config.yaml " $TMPDIR " /error.yaml >/dev/null 2>& 1
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" " $TMPDIR " /proxy-groups.yaml
mv -f " $TMPDIR " /set_bak.yaml " $TMPDIR " /set.yaml >/dev/null 2>& 1
2023-07-30 09:49:41 +08:00
#合并基础配置文件
2024-04-13 14:01:58 +08:00
cut -c 1- " $TMPDIR " /set.yaml $yaml_dns $yaml_add >" $TMPDIR " /config.yaml
sed -i "/#自定义/d" " $TMPDIR " /config.yaml
2022-09-16 12:03:43 +08:00
fi
2023-07-31 21:25:11 +08:00
#建立软连接
2024-04-13 14:01:58 +08:00
[ "" $TMPDIR "" = "" $BINDIR "" ] || ln -sf " $TMPDIR " /config.yaml " $BINDIR " /config.yaml
2023-06-03 22:31:33 +08:00
#清理缓存
2024-04-13 14:01:58 +08:00
for char in $yaml_char set set_bak dns hosts; do
rm -f " $TMPDIR " /${ char } .yaml
2023-06-03 22:31:33 +08:00
done
2020-08-22 20:08:23 +08:00
}
2024-04-13 14:01:58 +08:00
modify_json( ) { #修饰singbox配置文件
2024-01-06 22:35:41 +08:00
#生成log.json
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /jsons/log.json <<EOF
2024-01-26 22:15:31 +08:00
{ "log" : { "level" : "info" , "timestamp" : true } }
2024-01-06 22:35:41 +08:00
EOF
2024-01-30 23:12:52 +08:00
#生成add_hosts.json
2024-04-13 14:01:58 +08:00
if [ " $hosts_opt " != "未启用" ] ; then #本机hosts
2024-01-06 22:35:41 +08:00
sys_hosts = /etc/hosts
[ -s /data/etc/custom_hosts ] && sys_hosts = /data/etc/custom_hosts
#NTP劫持
[ -s $sys_hosts ] && {
2024-04-13 14:01:58 +08:00
sed -i '/203.107.6.88/d' $sys_hosts
cat >>$sys_hosts <<EOF
2024-01-06 22:35:41 +08:00
203.107.6.88 time.android.com
203.107.6.88 time.facebook.com
2024-01-30 23:12:52 +08:00
EOF
2024-04-13 14:01:58 +08:00
hosts_domain = $( cat $sys_hosts | grep -E "^([0-9]{1,3}[\.]){3}" | awk '{printf "\"%s\", ", $2}' | sed 's/, $//' )
cat >" $TMPDIR " /jsons/add_hosts.json <<EOF
2024-01-30 23:12:52 +08:00
{
"dns" : {
2024-02-03 22:19:04 +08:00
"servers" : [
2024-02-04 09:03:39 +08:00
{ "tag" : "hosts_local" , "address" : "local" , "detour" : "DIRECT" }
2024-02-03 22:19:04 +08:00
] ,
"rules" : [
{
"domain" : [ $hosts_domain ] ,
"server" : "hosts_local"
}
]
2024-01-30 23:12:52 +08:00
}
}
2024-01-06 22:35:41 +08:00
EOF
2024-04-13 14:01:58 +08:00
}
2024-01-06 22:35:41 +08:00
fi
2024-01-30 23:12:52 +08:00
#生成dns.json
2024-02-03 22:19:04 +08:00
dns_direct = $( echo $dns_nameserver | awk -F ',' '{print $1}' )
dns_proxy = $( echo $dns_fallback | awk -F ',' '{print $1}' )
2024-02-02 17:54:20 +08:00
[ -z " $dns_direct " ] && dns_direct = '223.5.5.5'
[ -z " $dns_proxy " ] && dns_proxy = '1.0.0.1'
2024-01-30 11:40:55 +08:00
[ " $ipv6_dns " = "已开启" ] && strategy = 'prefer_ipv4' || strategy = 'ipv4_only'
2024-02-26 10:36:45 +08:00
[ " $dns_mod " = "redir_host" ] && {
global_dns = dns_proxy
direct_dns = "{ \"query_type\": [ \"A\", \"AAAA\" ], \"server\": \"dns_direct\" },"
}
2024-02-05 12:19:26 +08:00
[ " $dns_mod " = "fake-ip" ] && {
2024-02-26 10:36:45 +08:00
global_dns = dns_fakeip
2024-06-06 21:02:04 +08:00
fake_ip_filter_domain = $( cat ${ CRASHDIR } /configs/fake_ip_filter ${ CRASHDIR } /configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//' )
fake_ip_filter_suffix = $( cat ${ CRASHDIR } /configs/fake_ip_filter ${ CRASHDIR } /configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//' )
2024-08-17 19:08:41 +08:00
fake_ip_filter_regex = $( cat ${ CRASHDIR } /configs/fake_ip_filter ${ CRASHDIR } /configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/\./\\\\./g' | sed 's/\*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//' )
2024-04-13 21:30:28 +08:00
[ -n " $fake_ip_filter_domain " ] && fake_ip_filter_domain = " { \"domain\": [ $fake_ip_filter_domain ], \"server\": \"dns_direct\" }, "
[ -n " $fake_ip_filter_suffix " ] && fake_ip_filter_suffix = " { \"domain_suffix\": [ $fake_ip_filter_suffix ], \"server\": \"dns_direct\" }, "
2024-08-17 19:08:41 +08:00
[ -n " $fake_ip_filter_regex " ] && fake_ip_filter_regex = " { \"domain_regex\": [ $fake_ip_filter_regex ], \"server\": \"dns_direct\" }, "
2024-02-05 12:19:26 +08:00
}
2024-01-30 23:12:52 +08:00
[ " $dns_mod " = "mix" ] && {
2024-02-26 10:36:45 +08:00
global_dns = dns_fakeip
2024-06-06 21:02:04 +08:00
fake_ip_filter_domain = $( cat ${ CRASHDIR } /configs/fake_ip_filter ${ CRASHDIR } /configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//' )
fake_ip_filter_suffix = $( cat ${ CRASHDIR } /configs/fake_ip_filter ${ CRASHDIR } /configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//' )
2024-04-13 21:56:45 +08:00
fake_ip_filter_regex = $( cat ${ CRASHDIR } /configs/fake_ip_filter ${ CRASHDIR } /configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/^*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//' )
2024-04-13 21:30:28 +08:00
[ -n " $fake_ip_filter_domain " ] && fake_ip_filter_domain = " { \"domain\": [ $fake_ip_filter_domain ], \"server\": \"dns_direct\" }, "
[ -n " $fake_ip_filter_suffix " ] && fake_ip_filter_suffix = " { \"domain_suffix\": [ $fake_ip_filter_suffix ], \"server\": \"dns_direct\" }, "
2024-04-13 21:56:45 +08:00
[ -n " $fake_ip_filter_regex " ] && fake_ip_filter_regex = " { \"domain_regex\": [ $fake_ip_filter_regex ], \"server\": \"dns_direct\" }, "
2024-04-13 14:01:58 +08:00
if [ -z " $( echo " $core_v " | grep -E '^1\.7.*' ) " ] ; then
2024-02-26 10:36:45 +08:00
direct_dns = "{ \"rule_set\": [\"geosite-cn\"], \"server\": \"dns_direct\" },"
2024-02-03 22:19:04 +08:00
#生成add_rule_set.json
2024-04-13 14:01:58 +08:00
[ -z " $( cat " $CRASHDIR " /jsons/*.json | grep -Ei '\"tag\" *: *\"geosite-cn\"' ) " ] && cat >" $TMPDIR " /jsons/add_rule_set.json <<EOF
2024-02-01 23:14:28 +08:00
{
"route" : {
"rule_set" : [
{
"tag" : "geosite-cn" ,
"type" : "local" ,
"format" : "binary" ,
2024-02-02 17:54:20 +08:00
"path" : "geosite-cn.srs"
2024-02-01 23:14:28 +08:00
}
]
}
}
EOF
2024-02-03 22:19:04 +08:00
else
2024-02-26 10:36:45 +08:00
direct_dns = "{ \"geosite\": \"geolocation-cn\", \"server\": \"dns_direct\" },"
2024-02-03 22:19:04 +08:00
fi
2024-01-30 23:12:52 +08:00
}
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /jsons/dns.json <<EOF
2024-01-26 22:15:31 +08:00
{
2024-01-10 22:02:15 +08:00
"dns" : {
2024-01-30 23:12:52 +08:00
"servers" : [
{
"tag" : "dns_proxy" ,
2024-02-03 22:19:04 +08:00
"address" : " $dns_proxy " ,
2024-01-30 23:12:52 +08:00
"strategy" : " $strategy " ,
2024-02-26 18:18:09 +08:00
"address_resolver" : "dns_resolver"
2024-01-30 23:12:52 +08:00
} , {
"tag" : "dns_direct" ,
2024-02-03 22:19:04 +08:00
"address" : " $dns_direct " ,
2024-01-30 23:12:52 +08:00
"strategy" : " $strategy " ,
2024-02-26 18:18:09 +08:00
"address_resolver" : "dns_resolver" ,
2024-02-04 09:03:39 +08:00
"detour" : "DIRECT"
2024-02-03 22:19:04 +08:00
} ,
{ "tag" : "dns_fakeip" , "address" : "fakeip" } ,
2024-02-26 18:18:09 +08:00
{ "tag" : "dns_resolver" , "address" : "223.5.5.5" , "detour" : "DIRECT" } ,
{ "tag" : "block" , "address" : "rcode://success" } ,
{ "tag" : "local" , "address" : "local" , "detour" : "DIRECT" }
2024-01-30 23:12:52 +08:00
] ,
"rules" : [
2024-02-26 10:36:45 +08:00
{ "outbound" : [ "any" ] , "server" : "dns_direct" } ,
2024-02-20 18:44:27 +08:00
{ "clash_mode" : "Global" , "server" : " $global_dns " , "rewrite_ttl" : 1 } ,
2024-01-30 23:12:52 +08:00
{ "clash_mode" : "Direct" , "server" : "dns_direct" } ,
2024-04-13 21:30:28 +08:00
$fake_ip_filter_domain
2024-04-13 21:56:45 +08:00
$fake_ip_filter_suffix
2024-04-13 21:30:28 +08:00
$fake_ip_filter_regex
2024-02-26 10:36:45 +08:00
$direct_dns
{ "query_type" : [ "A" , "AAAA" ] , "server" : "dns_fakeip" , "rewrite_ttl" : 1 }
2024-01-30 23:12:52 +08:00
] ,
2024-01-13 14:23:34 +08:00
"final" : "dns_direct" ,
2024-05-18 17:22:01 +08:00
"independent_cache" : true,
"reverse_mapping" : true,
2024-01-26 22:15:31 +08:00
"fakeip" : { "enabled" : true, "inet4_range" : "198.18.0.0/16" , "inet6_range" : "fc00::/16" }
}
}
2024-01-30 23:12:52 +08:00
EOF
#生成add_route.json
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /jsons/add_route.json <<EOF
2024-01-30 23:12:52 +08:00
{
"route" : {
"rules" : [
{ "inbound" : "dns-in" , "outbound" : "dns-out" }
2024-03-07 17:38:38 +08:00
] ,
"default_mark" : $routing_mark
2024-01-30 23:12:52 +08:00
}
}
2024-01-06 22:35:41 +08:00
EOF
#生成ntp.json
2024-04-13 14:01:58 +08:00
# cat > "$TMPDIR"/jsons/ntp.json <<EOF
# {
# "ntp": {
# "enabled": true,
# "server": "203.107.6.88",
# "server_port": 123,
# "interval": "30m0s",
2024-03-19 13:58:02 +08:00
# "detour": "DIRECT"
2024-04-13 14:01:58 +08:00
# }
# }
# EOF
2024-01-06 22:35:41 +08:00
#生成inbounds.json
2024-01-10 22:02:15 +08:00
[ -n " $authentication " ] && {
username = $( echo $authentication | awk -F ':' '{print $1}' ) #混合端口账号密码
password = $( echo $authentication | awk -F ':' '{print $2}' )
2024-02-07 13:08:57 +08:00
userpass = '"users": [{ "username": "' $username '", "password": "' $password '" }], '
2024-01-10 22:02:15 +08:00
}
[ " $sniffer " = "已启用" ] && sniffer = true || sniffer = false #域名嗅探配置
2024-06-13 11:53:10 +08:00
#[ "$crashcore" = singboxp ] && always_resolve_udp='"always_resolve_udp": true,'
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /jsons/inbounds.json <<EOF
2024-01-26 22:15:31 +08:00
{
2024-01-10 22:02:15 +08:00
"inbounds" : [
{
"type" : "mixed" ,
"tag" : "mixed-in" ,
2024-02-26 10:36:45 +08:00
"listen" : "::" ,
2024-01-10 22:02:15 +08:00
"listen_port" : $mix_port ,
2024-02-07 13:08:57 +08:00
$userpass
"sniff" : false
2024-01-10 22:02:15 +08:00
} , {
"type" : "direct" ,
"tag" : "dns-in" ,
"listen" : "::" ,
2024-01-26 22:15:31 +08:00
"listen_port" : $dns_port
2024-01-10 22:02:15 +08:00
} , {
"type" : "redirect" ,
"tag" : "redirect-in" ,
"listen" : "::" ,
"listen_port" : $redir_port ,
2024-01-24 16:09:10 +08:00
"sniff" : true,
2024-01-10 22:02:15 +08:00
"sniff_override_destination" : $sniffer
} , {
"type" : "tproxy" ,
"tag" : "tproxy-in" ,
"listen" : "::" ,
"listen_port" : $tproxy_port ,
2024-01-24 16:09:10 +08:00
"sniff" : true,
2024-01-10 22:02:15 +08:00
"sniff_override_destination" : $sniffer
2024-01-26 22:15:31 +08:00
}
]
}
2024-01-10 22:02:15 +08:00
EOF
2024-04-13 14:01:58 +08:00
if [ " $redir_mod " = "混合模式" -o " $redir_mod " = "Tun模式" ] ; then
cat >>" $TMPDIR " /jsons/tun.json <<EOF
2024-01-26 22:15:31 +08:00
{
"inbounds" : [
{
2024-01-10 22:02:15 +08:00
"type" : "tun" ,
"tag" : "tun-in" ,
"interface_name" : "utun" ,
2024-04-04 20:29:46 +08:00
"inet4_address" : "172.19.0.1/30" ,
2024-01-10 22:02:15 +08:00
"auto_route" : false,
"stack" : "system" ,
2024-01-24 16:09:10 +08:00
"sniff" : true,
2024-04-04 20:29:46 +08:00
"sniff_override_destination" : $sniffer
2024-01-10 22:02:15 +08:00
}
2024-01-26 22:15:31 +08:00
]
}
2024-01-06 22:35:41 +08:00
EOF
2024-01-10 22:02:15 +08:00
fi
2024-02-04 09:03:39 +08:00
#生成add_outbounds.json
2024-05-18 17:22:01 +08:00
[ -z " $( cat " $CRASHDIR " /jsons/*.json | grep -oE '"tag" *: *"DIRECT"' ) " ] && add_direct = '{ "tag": "DIRECT", "type": "direct" }'
[ -z " $( cat " $CRASHDIR " /jsons/*.json | grep -oE '"tag" *: *"REJECT"' ) " ] && add_reject = '{ "tag": "REJECT", "type": "block" }'
[ -z " $( cat " $CRASHDIR " /jsons/*.json | grep -oE '"tag" *: *"dns-out"' ) " ] && add_dnsout = '{ "tag": "dns-out", "type": "dns" }'
2024-02-13 21:43:44 +08:00
[ -n " $add_direct " -a -n " $add_reject " ] && add_direct = " ${ add_direct } , "
2024-05-18 17:22:01 +08:00
[ -n " $add_reject " -a -n " $add_dnsout " ] && add_reject = " ${ add_reject } , "
[ -n " $add_direct " -o -n " $add_reject " -o -n " $add_dnsout " ] && cat >" $TMPDIR " /jsons/add_outbounds.json <<EOF
2024-02-04 09:03:39 +08:00
{
"outbounds" : [
2024-02-13 21:43:44 +08:00
$add_direct
$add_reject
2024-05-18 17:22:01 +08:00
$add_dnsout
2024-02-04 09:03:39 +08:00
]
}
EOF
2024-01-06 22:35:41 +08:00
#生成experimental.json
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /jsons/experimental.json <<EOF
2024-01-26 22:15:31 +08:00
{
2024-01-10 22:02:15 +08:00
"experimental" : {
"clash_api" : {
"external_controller" : " 0.0.0.0: $db_port " ,
"external_ui" : "ui" ,
"secret" : " $secret " ,
"default_mode" : "Rule"
}
}
2024-01-06 22:35:41 +08:00
}
2024-01-26 22:15:31 +08:00
EOF
#生成自定义规则文件
2024-04-13 14:01:58 +08:00
[ -n " $( grep -Ev ^# " $CRASHDIR " /yamls/rules.yaml 2>/dev/null) " ] && {
cat " $CRASHDIR " /yamls/rules.yaml |
sed '/#.*/d' |
grep -oE '\-.*,.*,.*' |
sed 's/- DOMAIN-SUFFIX,/{ "domain_suffix": [ "/g' |
sed 's/- DOMAIN-KEYWORD,/{ "domain_keyword": [ "/g' |
sed 's/- IP-CIDR,/{ "ip_cidr": [ "/g' |
sed 's/- SRC-IP-CIDR,/{ "._ip_cidr": [ "/g' |
sed 's/- DST-PORT,/{ "port": [ "/g' |
sed 's/- SRC-PORT,/{ "._port": [ "/g' |
sed 's/- GEOIP,/{ "geoip": [ "/g' |
sed 's/- GEOSITE,/{ "geosite": [ "/g' |
sed 's/- IP-CIDR6,/{ "ip_cidr": [ "/g' |
sed 's/- DOMAIN,/{ "domain": [ "/g' |
sed 's/,/" ], "outbound": "/g' |
sed 's/$/" },/g' |
sed '1i\{ "route": { "rules": [ ' |
sed '$s/,$/ ] } }/' >" $TMPDIR " /jsons/cust_add_rules.json
[ ! -s " $TMPDIR " /jsons/cust_add_rules.json ] && rm -rf " $TMPDIR " /jsons/cust_add_rules.json
2024-01-13 14:23:34 +08:00
}
2024-01-30 23:12:52 +08:00
#提取配置文件以获得outbounds.json,outbound_providers.json及route.json
2024-04-13 14:01:58 +08:00
" $TMPDIR " /CrashCore format -c $core_config >" $TMPDIR " /format.json
echo '{' >" $TMPDIR " /jsons/outbounds.json
echo '{' >" $TMPDIR " /jsons/route.json
cat " $TMPDIR " /format.json | sed -n '/"outbounds":/,/^ "[a-z]/p' | sed '$d' >>" $TMPDIR " /jsons/outbounds.json
2024-02-02 17:54:20 +08:00
[ " $crashcore " = "singboxp" ] && {
2024-04-13 14:01:58 +08:00
echo '{' >" $TMPDIR " /jsons/outbound_providers.json
cat " $TMPDIR " /format.json | sed -n '/"outbound_providers":/,/^ "[a-z]/p' | sed '$d' >>" $TMPDIR " /jsons/outbound_providers.json
2024-02-02 17:54:20 +08:00
}
2024-04-13 14:01:58 +08:00
cat " $TMPDIR " /format.json | sed -n '/"route":/,/^\( "[a-z]\|}\)/p' | sed '$d' >>" $TMPDIR " /jsons/route.json
2024-01-11 18:21:50 +08:00
#清理route.json中的process_name规则以及"auto_detect_interface"
2024-04-13 14:01:58 +08:00
sed -i '/"process_name": \[/,/],$/d' " $TMPDIR " /jsons/route.json
sed -i '/"process_name": "[^"]*",/d' " $TMPDIR " /jsons/route.json
sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' " $TMPDIR " /jsons/route.json
2024-01-06 22:35:41 +08:00
#跳过本地tls证书验证
2024-04-13 14:01:58 +08:00
if [ -z " $skip_cert " -o " $skip_cert " = "已开启" ] ; then
sed -i 's/"insecure": false/"insecure": true/' " $TMPDIR " /jsons/outbounds.json
2024-01-06 22:35:41 +08:00
else
2024-04-13 14:01:58 +08:00
sed -i 's/"insecure": true/"insecure": false/' " $TMPDIR " /jsons/outbounds.json
2024-01-06 22:35:41 +08:00
fi
2024-02-02 17:54:20 +08:00
#判断可用并修饰outbounds&outbound_providers&route.json结尾
2024-04-13 14:01:58 +08:00
for file in outbounds outbound_providers route; do
if [ -n " $( grep ${ file } " $TMPDIR " /jsons/${ file } .json 2>/dev/null) " ] ; then
sed -i 's/^ },$/ }/; s/^ ],$/ ]/' " $TMPDIR " /jsons/${ file } .json
echo '}' >>" $TMPDIR " /jsons/${ file } .json
2024-02-02 17:54:20 +08:00
else
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /jsons/${ file } .json
2024-02-02 17:54:20 +08:00
fi
done
2024-01-26 22:15:31 +08:00
#加载自定义配置文件
2024-04-13 14:01:58 +08:00
mkdir -p " $TMPDIR " /jsons_base
for char in log dns ntp experimental; do
[ -s " $CRASHDIR " /jsons/${ char } .json ] && {
ln -sf " $CRASHDIR " /jsons/${ char } .json " $TMPDIR " /jsons/cust_${ char } .json
mv -f " $TMPDIR " /jsons/${ char } .json " $TMPDIR " /jsons_base #如果重复则临时备份
2024-01-26 22:15:31 +08:00
}
2024-01-06 22:35:41 +08:00
done
2024-04-13 14:01:58 +08:00
for char in others inbounds outbounds outbound_providers route rule-set; do
[ -s " $CRASHDIR " /jsons/${ char } .json ] && {
ln -sf " $CRASHDIR " /jsons/${ char } .json " $TMPDIR " /jsons/cust_${ char } .json
2024-01-27 22:54:24 +08:00
}
done
2024-01-06 22:35:41 +08:00
#测试自定义配置文件
2024-04-13 14:01:58 +08:00
error = $( " $TMPDIR " /CrashCore check -D " $BINDIR " -C " $TMPDIR " /jsons 2>& 1)
if [ -n " $error " ] ; then
2024-01-30 11:40:55 +08:00
echo $error
2024-04-13 14:01:58 +08:00
error_file = $( echo $error | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
[ " $error_file " = 'add_rules.json' ] && error_file = " $CRASHDIR " /yamls/rules.yaml自定义规则 || error_file = " $CRASHDIR " /jsons/$error_file
2024-01-30 11:40:55 +08:00
logger " 自定义配置文件校验失败,请检查【 ${ error_file } 】文件! " 31
2024-01-26 22:15:31 +08:00
logger "尝试使用基础配置文件启动~" 33
#清理自定义配置文件并还原基础配置
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /jsons/cust_*
mv -f " $TMPDIR " /jsons_base/* " $TMPDIR " /jsons 2>/dev/null
2024-01-06 22:35:41 +08:00
fi
#清理缓存
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /*.json
rm -rf " $TMPDIR " /jsons_base
2024-01-30 23:12:52 +08:00
return 0
2024-01-06 22:35:41 +08:00
}
2020-10-28 11:09:26 +08:00
#设置路由规则
2024-04-13 14:01:58 +08:00
cn_ip_route( ) { #CN-IP绕过
2024-02-03 18:55:45 +08:00
ckgeo cn_ip.txt china_ip_list.txt
2024-04-13 14:01:58 +08:00
[ -f " $BINDIR " /cn_ip.txt ] && [ " $firewall_mod " = iptables ] && {
# see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
2024-06-08 09:46:40 +08:00
echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" > " $TMPDIR " /cn_ip.ipset
awk '!/^$/&&!/^#/{printf("add cn_ip %s' " " '\n",$0)}' " $BINDIR " /cn_ip.txt >> " $TMPDIR " /cn_ip.ipset
2024-04-13 14:01:58 +08:00
ipset destroy cn_ip >/dev/null 2>& 1
2024-06-08 09:46:40 +08:00
ipset -! restore < " $TMPDIR " /cn_ip.ipset
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /cn_ip.ipset
2022-11-16 19:49:02 +08:00
}
2021-06-13 19:12:57 +08:00
}
2024-04-13 14:01:58 +08:00
cn_ipv6_route( ) { #CN-IPV6绕过
2024-02-03 18:55:45 +08:00
ckgeo cn_ipv6.txt china_ipv6_list.txt
2024-04-13 14:01:58 +08:00
[ -f " $BINDIR " /cn_ipv6.txt ] && [ " $firewall_mod " = iptables ] && {
#ipv6
#see https://ispip.clang.cn/all_cn_ipv6.txt
2024-06-08 09:46:40 +08:00
echo "create cn_ip6 hash:net family inet6 hashsize 5120 maxelem 5120" > " $TMPDIR " /cn_ipv6.ipset
awk '!/^$/&&!/^#/{printf("add cn_ip6 %s' " " '\n",$0)}' " $BINDIR " /cn_ipv6.txt >> " $TMPDIR " /cn_ipv6.ipset
2024-04-13 14:01:58 +08:00
ipset destroy cn_ip6 >/dev/null 2>& 1
2024-06-08 09:46:40 +08:00
ipset -! restore < " $TMPDIR " /cn_ipv6.ipset
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /cn_ipv6.ipset
2022-12-21 11:23:23 +08:00
}
}
2024-04-13 14:01:58 +08:00
start_ipt_route( ) { #iptables-route通用工具
2024-03-05 21:21:40 +08:00
#$1:iptables/ip6tables $2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING) $4:新创建的shellcrash链表 $5:tcp/udp/all
#区分ipv4/ipv6
[ " $1 " = 'iptables' ] && {
RESERVED_IP = $reserve_ipv4
HOST_IP = $host_ipv4
2024-03-08 21:35:53 +08:00
[ " $3 " = 'OUTPUT' ] && HOST_IP = " 127.0.0.0/8 $local_ipv4 "
2024-08-25 20:48:41 +08:00
[ " $4 " = 'shellcrash_vm' ] && HOST_IP = " $vm_ipv4 "
2024-03-05 21:21:40 +08:00
}
[ " $1 " = 'ip6tables' ] && {
RESERVED_IP = $reserve_ipv6
HOST_IP = $host_ipv6
2024-06-23 18:58:03 +08:00
[ " $3 " = 'OUTPUT' ] && HOST_IP = " ::1 $host_ipv6 "
2024-03-05 21:21:40 +08:00
}
#创建新的shellcrash链表
$1 -t $2 -N $4
2024-08-17 19:08:41 +08:00
#过滤dns
$1 -t $2 -A $4 -p tcp --dport 53 -j RETURN
$1 -t $2 -A $4 -p udp --dport 53 -j RETURN
2024-03-07 17:38:38 +08:00
#防回环
$1 -t $2 -A $4 -m mark --mark $routing_mark -j RETURN
2024-04-13 14:01:58 +08:00
[ " $3 " = 'OUTPUT' ] && for gid in 453 7890; do
2024-03-05 21:21:40 +08:00
$1 -t $2 -A $4 -m owner --gid-owner $gid -j RETURN
done
2024-03-07 17:38:38 +08:00
[ " $firewall_area " = 5 ] && $1 -t $2 -A $4 -s $bypass_host -j RETURN
2024-03-05 21:21:40 +08:00
#跳过目标保留地址及目标本机网段
2024-04-13 14:01:58 +08:00
for ip in $HOST_IP $RESERVED_IP ; do
2024-03-05 21:21:40 +08:00
$1 -t $2 -A $4 -d $ip -j RETURN
2023-04-02 19:46:08 +08:00
done
2022-11-03 16:12:43 +08:00
#绕过CN_IP
2024-04-13 14:01:58 +08:00
[ " $1 " = iptables ] && [ " $dns_mod " != "fake-ip" ] && [ " $cn_ip_route " = "已开启" ] && [ -f " $BINDIR " /cn_ip.txt ] && $1 -t $2 -A $4 -m set --match-set cn_ip dst -j RETURN 2>/dev/null
[ " $1 " = ip6tables ] && [ " $dns_mod " != "fake-ip" ] && [ " $cn_ipv6_route " = "已开启" ] && [ -f " $BINDIR " /cn_ipv6.txt ] && $1 -t $2 -A $4 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
2024-03-05 21:21:40 +08:00
#局域网mac地址黑名单过滤
2024-06-13 11:53:10 +08:00
[ " $3 " = 'PREROUTING' ] && [ -s " $CRASHDIR " /configs/mac ] && [ " $macfilter_type " != "白名单" ] && {
2024-04-13 14:01:58 +08:00
for mac in $( cat " $CRASHDIR " /configs/mac) ; do
2024-04-13 21:32:04 +08:00
$1 -t $2 -A $4 -m mac --mac-source $mac -j RETURN
2024-03-08 21:35:53 +08:00
done
}
2024-03-05 21:21:40 +08:00
#tcp&udp分别进代理链
2024-04-13 14:01:58 +08:00
proxy_set( ) {
2024-08-25 20:48:41 +08:00
if [ " $3 " = 'PREROUTING' ] && [ " $4 " != 'shellcrash_vm' ] && [ " $macfilter_type " = "白名单" ] && [ -s " $CRASHDIR " /configs/mac ] ; then
2024-06-13 11:53:10 +08:00
for mac in $( cat " $CRASHDIR " /configs/mac) ; do
2024-04-13 21:32:04 +08:00
$1 -t $2 -A $4 -p $5 -m mac --mac-source $mac -j $JUMP
2020-11-03 23:10:57 +08:00
done
else
2024-04-13 14:01:58 +08:00
for ip in $HOST_IP ; do #仅限指定网段流量
2024-03-05 21:21:40 +08:00
$1 -t $2 -A $4 -p $5 -s $ip -j $JUMP
2022-12-11 22:01:30 +08:00
done
2020-11-03 23:10:57 +08:00
fi
2024-03-05 21:21:40 +08:00
#将所在链指定流量指向shellcrash表
$1 -t $2 -I $3 -p $5 $ports -j $4
[ " $dns_mod " != "redir_host" ] && [ " $common_ports " = "已开启" ] && [ " $1 " = iptables ] && $1 -t $2 -I $3 -p $5 -d 198.18.0.0/16 -j $4
2022-12-07 22:07:37 +08:00
}
2024-03-05 21:21:40 +08:00
[ " $5 " = "tcp" -o " $5 " = "all" ] && proxy_set $1 $2 $3 $4 tcp
[ " $5 " = "udp" -o " $5 " = "all" ] && proxy_set $1 $2 $3 $4 udp
2020-10-28 11:09:26 +08:00
}
2024-04-13 14:01:58 +08:00
start_ipt_dns( ) { #iptables-dns通用工具
#$1:iptables/ip6tables $2:所在的表(OUTPUT/PREROUTING) $3:新创建的shellcrash表
2024-04-04 14:45:35 +08:00
#区分ipv4/ipv6
[ " $1 " = 'iptables' ] && {
2024-08-25 20:48:41 +08:00
HOST_IP = " $host_ipv4 "
2024-04-04 14:45:35 +08:00
[ " $2 " = 'OUTPUT' ] && HOST_IP = " 127.0.0.0/8 $local_ipv4 "
2024-08-25 20:48:41 +08:00
[ " $3 " = 'shellcrash_vm_dns' ] && HOST_IP = " $vm_ipv4 "
2024-04-04 14:45:35 +08:00
}
[ " $1 " = 'ip6tables' ] && HOST_IP = $host_ipv6
2024-03-05 21:21:40 +08:00
$1 -t nat -N $3
2024-03-07 17:38:38 +08:00
#防回环
$1 -t nat -A $3 -m mark --mark $routing_mark -j RETURN
2024-04-13 14:01:58 +08:00
[ " $2 " = 'OUTPUT' ] && for gid in 453 7890; do
2024-03-05 21:21:40 +08:00
$1 -t nat -A $3 -m owner --gid-owner $gid -j RETURN
2023-04-11 14:25:09 +08:00
done
2024-03-07 17:38:38 +08:00
[ " $firewall_area " = 5 ] && {
$1 -t nat -A $3 -p tcp -s $bypass_host -j RETURN
$1 -t nat -A $3 -p udp -s $bypass_host -j RETURN
}
2024-03-08 21:35:53 +08:00
#局域网mac地址黑名单过滤
2024-04-13 14:01:58 +08:00
[ " $2 " = 'PREROUTING' ] && [ -s " $CRASHDIR " /configs/mac ] && [ " $macfilter_type " != "白名单" ] && {
for mac in $( cat " $CRASHDIR " /configs/mac) ; do
2024-04-13 21:32:04 +08:00
$1 -t nat -A $3 -m mac --mac-source $mac -j RETURN
2024-03-08 21:35:53 +08:00
done
2024-04-13 14:01:58 +08:00
}
2024-08-25 20:48:41 +08:00
if [ " $2 " = 'PREROUTING' ] && [ " $3 " != 'shellcrash_vm_dns' ] && [ -s " $CRASHDIR " /configs/mac ] && [ " $macfilter_type " = "白名单" ] ; then
2024-04-13 14:01:58 +08:00
for mac in $( cat " $CRASHDIR " /configs/mac) ; do
2024-04-13 21:32:04 +08:00
$1 -t nat -A $3 -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
$1 -t nat -A $3 -p udp -m mac --mac-source $mac -j REDIRECT --to-ports $dns_port
2023-04-02 19:46:08 +08:00
done
2024-04-13 14:01:58 +08:00
else
for ip in $HOST_IP ; do #仅限指定网段流量
2024-04-04 14:45:35 +08:00
$1 -t nat -A $3 -p tcp -s $ip -j REDIRECT --to-ports $dns_port
$1 -t nat -A $3 -p udp -s $ip -j REDIRECT --to-ports $dns_port
done
2024-02-16 15:19:39 +08:00
fi
2024-04-21 14:04:59 +08:00
[ " $1 " = 'ip6tables' ] && {
2024-04-28 21:33:57 +08:00
$1 -t nat -A $3 -p tcp -j RETURN
$1 -t nat -A $3 -p udp -j RETURN
2024-04-21 14:04:59 +08:00
}
2024-03-05 21:21:40 +08:00
$1 -t nat -I $2 -p tcp --dport 53 -j $3
$1 -t nat -I $2 -p udp --dport 53 -j $3
2022-05-03 22:56:16 +08:00
}
2024-04-13 14:01:58 +08:00
start_ipt_wan( ) { #iptables公网防火墙
2024-03-04 12:57:47 +08:00
#获取局域网host地址
getlanip
2024-04-13 14:01:58 +08:00
if [ " $public_support " = "已开启" ] ; then
2024-03-04 12:57:47 +08:00
iptables -I INPUT -p tcp --dport $db_port -j ACCEPT
2024-04-13 14:01:58 +08:00
ckcmd ip6tables && ip6tables -I INPUT -p tcp --dport $db_port -j ACCEPT
2024-03-04 12:57:47 +08:00
else
#仅允许非公网设备访问面板
2024-04-13 14:01:58 +08:00
for ip in $reserve_ipv4 ; do
2024-03-04 12:57:47 +08:00
iptables -A INPUT -p tcp -s $ip --dport $db_port -j ACCEPT
done
iptables -A INPUT -p tcp --dport $db_port -j REJECT
ckcmd ip6tables && ip6tables -A INPUT -p tcp --dport $db_port -j REJECT
fi
2024-04-13 14:01:58 +08:00
if [ " $public_mixport " = "已开启" ] ; then
2024-03-04 12:57:47 +08:00
iptables -I INPUT -p tcp --dport $mix_port -j ACCEPT
2024-04-13 14:01:58 +08:00
ckcmd ip6tables && ip6tables -I INPUT -p tcp --dport $mix_port -j ACCEPT
2024-03-04 12:57:47 +08:00
else
#仅允许局域网设备访问混合端口
2024-04-13 14:01:58 +08:00
for ip in $reserve_ipv4 ; do
2024-03-04 12:57:47 +08:00
iptables -A INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT
done
iptables -A INPUT -p tcp --dport $mix_port -j REJECT
2024-04-13 14:01:58 +08:00
ckcmd ip6tables && ip6tables -A INPUT -p tcp --dport $mix_port -j REJECT
2024-03-04 12:57:47 +08:00
fi
iptables -I INPUT -p tcp -d 127.0.0.1 -j ACCEPT #本机请求全放行
}
2024-04-13 14:01:58 +08:00
start_iptables( ) { #iptables配置总入口
2024-03-05 21:21:40 +08:00
#启动公网访问防火墙
start_ipt_wan
#分模式设置流量劫持
[ " $redir_mod " = "Redir模式" -o " $redir_mod " = "混合模式" ] && {
JUMP = " REDIRECT --to-ports $redir_port " #跳转劫持的具体命令
[ " $lan_proxy " = true ] && {
start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
[ " $ipv6_redir " = "已开启" ] && {
2024-04-13 14:01:58 +08:00
if ip6tables -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports' ; then
2024-03-05 21:21:40 +08:00
start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
else
2024-03-11 15:53:03 +08:00
logger "当前设备内核缺少ip6tables_REDIRECT模块支持, 已放弃启动相关规则! " 31
2024-03-05 21:21:40 +08:00
fi
}
}
2024-06-23 18:58:03 +08:00
[ " $local_proxy " = true ] && {
2024-06-24 00:37:47 +08:00
start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发
[ " $ipv6_redir " = "已开启" ] && {
2024-06-23 18:58:03 +08:00
if ip6tables -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports' ; then
start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发
else
logger "当前设备内核缺少ip6tables_REDIRECT模块支持, 已放弃启动相关规则! " 31
fi
}
2024-06-24 00:37:47 +08:00
}
2024-03-05 21:21:40 +08:00
}
[ " $redir_mod " = "Tproxy模式" ] && {
JUMP = " TPROXY --on-port $tproxy_port --tproxy-mark $fwmark " #跳转劫持的具体命令
2024-04-13 14:01:58 +08:00
if iptables -j TPROXY -h 2>/dev/null | grep -q '\--on-port' ; then
2024-03-05 21:21:40 +08:00
[ " $lan_proxy " = true ] && start_ipt_route iptables mangle PREROUTING shellcrash_mark all
2024-03-07 17:38:38 +08:00
[ " $local_proxy " = true ] && {
2024-04-13 14:01:58 +08:00
if [ -n " $( grep -E '^MARK$' /proc/net/ip_tables_targets) " ] ; then
2024-03-07 17:38:38 +08:00
JUMP = " MARK --set-mark $fwmark " #跳转劫持的具体命令
start_ipt_route iptables mangle OUTPUT shellcrash_mark_out all
iptables -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port
iptables -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port
else
logger "当前设备内核可能缺少xt_mark模块支持, 已放弃启动本机代理相关规则! " 31
2024-04-13 14:01:58 +08:00
fi
2024-03-07 17:38:38 +08:00
}
2022-12-01 23:10:49 +08:00
else
2024-03-07 17:38:38 +08:00
logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持, 已放弃启动相关规则! " 31
2022-12-01 23:10:49 +08:00
fi
2024-06-23 18:58:03 +08:00
[ " $ipv6_redir " = "已开启" ] && {
2024-04-13 14:01:58 +08:00
if ip6tables -j TPROXY -h 2>/dev/null | grep -q '\--on-port' ; then
2024-03-07 17:38:38 +08:00
JUMP = " TPROXY --on-port $tproxy_port --tproxy-mark $fwmark " #跳转劫持的具体命令
2024-06-23 18:58:03 +08:00
[ " $lan_proxy " = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
2024-06-24 00:31:39 +08:00
[ " $local_proxy " = true ] && {
2024-06-23 18:58:03 +08:00
if [ -n " $( grep -E '^MARK$' /proc/net/ip6_tables_targets) " ] ; then
JUMP = " MARK --set-mark $fwmark " #跳转劫持的具体命令
start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out all
ip6tables -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port
ip6tables -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port
else
logger "当前设备内核可能缺少xt_mark模块支持, 已放弃启动本机代理相关规则! " 31
fi
}
2024-03-05 21:21:40 +08:00
else
2024-03-07 17:38:38 +08:00
logger "当前设备内核可能缺少kmod_ipt_tproxy或者xt_mark模块支持, 已放弃启动相关规则! " 31
2024-03-05 21:21:40 +08:00
fi
2024-04-13 14:01:58 +08:00
}
2022-11-03 16:12:43 +08:00
}
2024-03-05 21:21:40 +08:00
[ " $redir_mod " = "Tun模式" -o " $redir_mod " = "混合模式" -o " $redir_mod " = "T&U旁路转发" -o " $redir_mod " = "TCP旁路转发" ] && {
JUMP = " MARK --set-mark $fwmark " #跳转劫持的具体命令
[ " $redir_mod " = "Tun模式" -o " $redir_mod " = "T&U旁路转发" ] && protocol = all
[ " $redir_mod " = "混合模式" ] && protocol = udp
[ " $redir_mod " = "TCP旁路转发" ] && protocol = tcp
2024-04-13 14:01:58 +08:00
if iptables -j MARK -h 2>/dev/null | grep -q '\--set-mark' ; then
2024-03-07 17:38:38 +08:00
[ " $lan_proxy " = true ] && {
2024-03-19 13:58:02 +08:00
[ " $redir_mod " = "Tun模式" -o " $redir_mod " = "混合模式" ] && iptables -I FORWARD -o utun -j ACCEPT
2024-03-07 17:38:38 +08:00
start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol
}
2024-03-05 21:21:40 +08:00
[ " $local_proxy " = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol
else
2024-03-07 17:38:38 +08:00
logger "当前设备内核可能缺少x_mark模块支持, 已放弃启动相关规则! " 31
2024-04-13 14:01:58 +08:00
fi
2024-06-23 18:58:03 +08:00
[ " $ipv6_redir " = "已开启" ] && [ " $crashcore " != clashpre ] && {
2024-04-13 14:01:58 +08:00
if ip6tables -j MARK -h 2>/dev/null | grep -q '\--set-mark' ; then
2024-06-24 00:31:39 +08:00
[ " $lan_proxy " = true ] && {
2024-06-23 18:58:03 +08:00
[ " $redir_mod " = "Tun模式" -o " $redir_mod " = "混合模式" ] && ip6tables -I FORWARD -o utun -j ACCEPT
start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark $protocol
2024-06-24 00:31:39 +08:00
}
2024-06-23 18:58:03 +08:00
[ " $local_proxy " = true ] && start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out $protocol
2024-03-05 21:21:40 +08:00
else
2024-03-07 17:38:38 +08:00
logger "当前设备内核可能缺少xt_mark模块支持, 已放弃启动相关规则! " 31
2024-03-05 21:21:40 +08:00
fi
}
}
2024-08-25 20:48:41 +08:00
[ " $vm_redir " = "已开启" ] && {
JUMP = " REDIRECT --to-ports $redir_port " #跳转劫持的具体命令
start_ipt_dns iptables PREROUTING shellcrash_vm_dns #ipv4-局域网dns转发
start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
}
2024-04-28 20:54:18 +08:00
#启动DNS劫持
[ " $dns_no " != "已禁用" -a " $dns_redir " != "已开启" -a " $firewall_area " -le 3 ] && {
[ " $lan_proxy " = true ] && {
start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
if ip6tables -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports' ; then
start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
else
2024-06-06 14:40:22 +08:00
ip6tables -I INPUT -p udp --dport 53 -j REJECT
2024-04-28 20:54:18 +08:00
fi
}
[ " $local_proxy " = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
}
2024-03-05 21:21:40 +08:00
#屏蔽QUIC
[ " $quic_rj " = '已启用' -a " $lan_proxy " = true -a " $redir_mod " != "Redir模式" ] && {
[ " $dns_mod " != "fake-ip" -a " $cn_ip_route " = "已开启" ] && {
set_cn_ip = '-m set ! --match-set cn_ip dst'
set_cn_ip6 = '-m set ! --match-set cn_ip6 dst'
}
2024-07-06 15:41:53 +08:00
iptables -I INPUT -p udp --dport 443 $set_cn_ip -j REJECT >/dev/null 2>& 1
ip6tables -I INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT >/dev/null 2>& 1
2022-11-13 18:11:22 +08:00
}
2024-03-05 21:21:40 +08:00
}
2024-04-13 14:01:58 +08:00
start_nft_route( ) { #nftables-route通用工具
2024-03-05 21:21:40 +08:00
#$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150)
[ " $common_ports " = "已开启" ] && PORTS = $( echo $multiport | sed 's/,/, /g' )
RESERVED_IP = $( echo $reserve_ipv4 | sed 's/ /, /g' )
HOST_IP = $( echo $host_ipv4 | sed 's/ /, /g' )
[ " $1 " = 'output' ] && HOST_IP = " 127.0.0.0/8, $( echo $local_ipv4 | sed 's/ /, /g' ) "
2024-08-25 20:48:41 +08:00
[ " $1 " = 'prerouting_vm' ] && HOST_IP = " $( echo $vm_ipv4 | sed 's/ /, /g' ) "
2024-03-05 21:21:40 +08:00
#添加新链
nft add chain inet shellcrash $1 { type $3 hook $2 priority $4 \; }
2024-08-17 19:08:41 +08:00
#过滤dns
nft add rule inet shellcrash $1 tcp dport 53 return
nft add rule inet shellcrash $1 udp dport 53 return
2024-03-05 21:21:40 +08:00
#防回环
2024-04-13 14:01:58 +08:00
nft add rule inet shellcrash $1 meta mark $routing_mark return
nft add rule inet shellcrash $1 meta skgid 7890 return
2024-04-28 20:54:18 +08:00
#nft add rule inet shellcrash $1 ip saddr 198.18.0.0/16 return
2024-03-07 17:38:38 +08:00
[ " $firewall_area " = 5 ] && nft add rule inet shellcrash $1 ip saddr $bypass_host return
2024-03-03 19:12:31 +08:00
#过滤局域网设备
2024-08-25 20:48:41 +08:00
[ " $1 " = 'prerouting' ] && [ -s " $CRASHDIR " /configs/mac ] && {
2024-04-13 14:01:58 +08:00
MAC = $( awk '{printf "%s, ",$1}' " $CRASHDIR " /configs/mac)
if [ " $macfilter_type " = "黑名单" ] ; then
2024-03-05 21:21:40 +08:00
nft add rule inet shellcrash $1 ether saddr { $MAC } return
else
nft add rule inet shellcrash $1 ether saddr != { $MAC } return
fi
2024-03-03 19:12:31 +08:00
}
2024-03-05 21:21:40 +08:00
nft add rule inet shellcrash $1 ip daddr { $RESERVED_IP } return #过滤保留地址
2024-04-13 14:01:58 +08:00
nft add rule inet shellcrash $1 ip saddr != { $HOST_IP } return #仅代理本机局域网网段流量
2024-03-03 19:12:31 +08:00
#绕过CN-IP
2024-04-13 14:01:58 +08:00
[ " $dns_mod " != "fake-ip" -a " $cn_ip_route " = "已开启" -a -f " $BINDIR " /cn_ip.txt ] && {
CN_IP = $( awk '{printf "%s, ",$1}' " $BINDIR " /cn_ip.txt)
2024-03-05 21:21:40 +08:00
[ -n " $CN_IP " ] && nft add rule inet shellcrash $1 ip daddr { $CN_IP } return
2024-03-03 19:12:31 +08:00
}
2024-03-05 21:21:40 +08:00
[ -n " $PORTS " ] && nft add rule inet shellcrash $1 tcp dport != { $PORTS } ip daddr != { 198.18.0.0/16} return #过滤常用端口
2024-03-03 19:12:31 +08:00
#局域网ipv6支持
2024-04-13 14:01:58 +08:00
if [ " $ipv6_redir " = "已开启" -a " $1 " = 'prerouting' -a " $firewall_area " != 5 ] ; then
2024-03-03 19:12:31 +08:00
RESERVED_IP6 = " $( echo " $reserve_ipv6 $host_ipv6 " | sed 's/ /, /g' ) "
HOST_IP6 = " $( echo $host_ipv6 | sed 's/ /, /g' ) "
#过滤保留地址及本机地址
2024-03-05 21:21:40 +08:00
nft add rule inet shellcrash $1 ip6 daddr { $RESERVED_IP6 } return
2024-03-03 19:12:31 +08:00
#仅代理本机局域网网段流量
2024-03-05 21:21:40 +08:00
nft add rule inet shellcrash $1 ip6 saddr != { $HOST_IP6 } return
2024-03-03 19:12:31 +08:00
#绕过CN_IPV6
2024-04-13 14:01:58 +08:00
[ " $dns_mod " != "fake-ip" -a " $cn_ipv6_route " = "已开启" -a -f " $BINDIR " /cn_ipv6.txt ] && {
CN_IP6 = $( awk '{printf "%s, ",$1}' " $BINDIR " /cn_ipv6.txt)
2024-03-05 21:21:40 +08:00
[ -n " $CN_IP6 " ] && nft add rule inet shellcrash $1 ip6 daddr { $CN_IP6 } return
2022-11-13 18:11:22 +08:00
}
2024-06-24 00:31:39 +08:00
elif [ " $ipv6_redir " = "已开启" -a " $1 " = 'output' -a \( " $firewall_area " = 2 -o " $firewall_area " = 3 \) ] ; then
2024-06-23 18:58:03 +08:00
RESERVED_IP6 = " $( echo " $reserve_ipv6 $host_ipv6 " | sed 's/ /, /g' ) "
2024-06-24 00:49:03 +08:00
HOST_IP6 = " ::1, $( echo $host_ipv6 | sed 's/ /, /g' ) "
2024-06-23 18:58:03 +08:00
#过滤保留地址及本机地址
nft add rule inet shellcrash $1 ip6 daddr { $RESERVED_IP6 } return
#仅代理本机局域网网段流量
nft add rule inet shellcrash $1 ip6 saddr != { $HOST_IP6 } return
#绕过CN_IPV6
[ " $dns_mod " != "fake-ip" -a " $cn_ipv6_route " = "已开启" -a -f " $BINDIR " /cn_ipv6.txt ] && {
CN_IP6 = $( awk '{printf "%s, ",$1}' " $BINDIR " /cn_ipv6.txt)
[ -n " $CN_IP6 " ] && nft add rule inet shellcrash $1 ip6 daddr { $CN_IP6 } return
}
2024-03-03 19:12:31 +08:00
else
2024-03-05 21:21:40 +08:00
nft add rule inet shellcrash $1 meta nfproto ipv6 return
2024-03-03 19:12:31 +08:00
fi
2024-03-05 21:21:40 +08:00
#添加通用路由
2024-03-07 17:38:38 +08:00
nft add rule inet shellcrash " $1 " " $JUMP "
2024-03-05 21:21:40 +08:00
#处理特殊路由
[ " $redir_mod " = "混合模式" ] && {
nft add rule inet shellcrash $1 meta l4proto tcp mark set $(( fwmark + 1 ))
2024-04-13 14:01:58 +08:00
nft add chain inet shellcrash " $1 " _mixtcp { type nat hook $2 priority -100 \; }
nft add rule inet shellcrash " $1 " _mixtcp mark $(( fwmark + 1 )) meta l4proto tcp redirect to $redir_port
2024-03-05 21:21:40 +08:00
}
#nft add rule inet shellcrash local_tproxy log prefix \"pre\" level debug
2022-11-03 16:12:43 +08:00
}
2024-04-13 14:01:58 +08:00
start_nft_dns( ) { #nftables-dns
2024-04-04 14:45:35 +08:00
HOST_IP = $( echo $host_ipv4 | sed 's/ /, /g' )
2024-06-13 11:53:10 +08:00
HOST_IP6 = $( echo $host_ipv6 | sed 's/ /, /g' )
2024-04-04 14:45:35 +08:00
[ " $1 " = 'output' ] && HOST_IP = " 127.0.0.0/8, $( echo $local_ipv4 | sed 's/ /, /g' ) "
2024-08-25 20:48:41 +08:00
[ " $1 " = 'prerouting_vm' ] && HOST_IP = " $( echo $vm_ipv4 | sed 's/ /, /g' ) "
nft add chain inet shellcrash " $1 " _dns { type nat hook $2 priority -100 \; }
2024-03-07 17:38:38 +08:00
#防回环
2024-04-13 14:01:58 +08:00
nft add rule inet shellcrash " $1 " _dns meta mark $routing_mark return
nft add rule inet shellcrash " $1 " _dns meta skgid { 453, 7890 } return
[ " $firewall_area " = 5 ] && nft add rule inet shellcrash " $1 " _dns ip saddr $bypass_host return
nft add rule inet shellcrash " $1 " _dns ip saddr != { $HOST_IP } return #屏蔽外部请求
2024-06-13 11:53:10 +08:00
[ " $1 " = 'prerouting' ] && nft add rule inet shellcrash " $1 " _dns ip6 saddr != { $HOST_IP6 } return #屏蔽外部请求
2022-12-01 23:10:49 +08:00
#过滤局域网设备
2024-08-25 20:48:41 +08:00
[ " $1 " = 'prerouting' ] && [ -s " $CRASHDIR " /configs/mac ] && {
2024-04-13 14:01:58 +08:00
MAC = $( awk '{printf "%s, ",$1}' " $CRASHDIR " /configs/mac)
if [ " $macfilter_type " = "黑名单" ] ; then
nft add rule inet shellcrash " $1 " _dns ether saddr { $MAC } return
2024-03-05 21:21:40 +08:00
else
2024-04-13 14:01:58 +08:00
nft add rule inet shellcrash " $1 " _dns ether saddr != { $MAC } return
2024-03-05 21:21:40 +08:00
fi
2022-12-01 23:10:49 +08:00
}
2024-04-13 14:01:58 +08:00
nft add rule inet shellcrash " $1 " _dns udp dport 53 redirect to ${ dns_port }
nft add rule inet shellcrash " $1 " _dns tcp dport 53 redirect to ${ dns_port }
2022-12-01 23:10:49 +08:00
}
2024-04-13 14:01:58 +08:00
start_nft_wan( ) { #nftables公网防火墙
2023-04-02 19:46:08 +08:00
#获取局域网host地址
getlanip
2024-03-04 12:57:47 +08:00
HOST_IP = $( echo $host_ipv4 | sed 's/ /, /g' )
nft add chain inet shellcrash input { type filter hook input priority -100 \; }
nft add rule inet shellcrash input ip daddr 127.0.0.1 accept
2024-04-13 14:01:58 +08:00
if [ " $public_support " = "已开启" ] ; then
2024-03-04 12:57:47 +08:00
nft add rule inet shellcrash input tcp dport $db_port accept
2023-04-02 19:46:08 +08:00
else
2023-04-16 21:27:25 +08:00
#仅允许非公网设备访问面板
2024-03-04 12:57:47 +08:00
nft add rule inet shellcrash input tcp dport $db_port ip saddr { $HOST_IP } accept
nft add rule inet shellcrash input tcp dport $db_port reject
2022-05-16 00:57:52 +08:00
fi
2024-04-13 14:01:58 +08:00
if [ " $public_mixport " = "已开启" ] ; then
2024-03-04 12:57:47 +08:00
nft add rule inet shellcrash input tcp dport $mix_port accept
2023-04-16 21:27:25 +08:00
else
#仅允许局域网设备访问混合端口
2024-03-04 12:57:47 +08:00
nft add rule inet shellcrash input tcp dport $mix_port ip saddr { $HOST_IP } accept
nft add rule inet shellcrash input tcp dport $mix_port reject
2023-04-16 21:27:25 +08:00
fi
2024-04-13 14:01:58 +08:00
}
start_nftables( ) { #nftables配置总入口
2024-03-05 21:21:40 +08:00
#初始化nftables
2024-04-13 14:01:58 +08:00
nft add table inet shellcrash
2024-03-05 21:21:40 +08:00
nft flush table inet shellcrash
#公网访问防火墙
start_nft_wan
#启动DNS劫持
[ " $dns_no " != "已禁用" -a " $dns_redir " != "已开启" -a " $firewall_area " -le 3 ] && {
2024-08-25 20:48:41 +08:00
[ " $lan_proxy " = true ] && start_nft_dns prerouting prerouting #局域网dns转发
[ " $local_proxy " = true ] && start_nft_dns output output #本机dns转发
2024-03-05 21:21:40 +08:00
}
#分模式设置流量劫持
[ " $redir_mod " = "Redir模式" ] && {
JUMP = " meta l4proto tcp redirect to $redir_port " #跳转劫持的具体命令
[ " $lan_proxy " = true ] && start_nft_route prerouting prerouting nat -100
[ " $local_proxy " = true ] && start_nft_route output output nat -100
}
2024-08-25 21:25:20 +08:00
[ " $redir_mod " = "Tproxy模式" ] && modprobe nft_tproxy >/dev/null 2>& 1 || lsmod 2>/dev/null | grep -q nft_tproxy && {
2024-03-15 16:15:19 +08:00
JUMP = " meta l4proto {tcp, udp} mark set $fwmark tproxy to : $tproxy_port " #跳转劫持的具体命令
2024-04-28 20:54:18 +08:00
[ " $lan_proxy " = true ] && start_nft_route prerouting prerouting filter -150
2024-03-15 16:15:19 +08:00
[ " $local_proxy " = true ] && {
JUMP = " meta l4proto {tcp, udp} mark set $fwmark " #跳转劫持的具体命令
start_nft_route output output route -150
nft add chain inet shellcrash mark_out { type filter hook prerouting priority -100 \; }
nft add rule inet shellcrash mark_out meta mark $fwmark meta l4proto { tcp, udp} tproxy to :$tproxy_port
}
2024-03-05 21:21:40 +08:00
}
2024-03-07 17:38:38 +08:00
[ " $tun_statu " = true ] && {
[ " $redir_mod " = "Tun模式" ] && JUMP = " meta l4proto {tcp, udp} mark set $fwmark " #跳转劫持的具体命令
2024-04-13 14:01:58 +08:00
[ " $redir_mod " = "混合模式" ] && JUMP = " meta l4proto udp mark set $fwmark " #跳转劫持的具体命令
2024-03-07 17:38:38 +08:00
[ " $lan_proxy " = true ] && {
2024-04-28 20:54:18 +08:00
start_nft_route prerouting prerouting filter -150
2024-03-07 17:38:38 +08:00
#放行流量
2024-05-18 17:22:01 +08:00
nft list table inet fw4 >/dev/null 2>& 1 || nft add table inet fw4
nft list chain inet fw4 forward >/dev/null 2>& 1 || nft add chain inet fw4 forward { type filter hook forward priority filter \; } 2>/dev/null
nft list chain inet fw4 input >/dev/null 2>& 1 || nft add chain inet fw4 input { type filter hook input priority filter \; } 2>/dev/null
nft list chain inet fw4 forward | grep -q 'oifname "utun" accept' || nft insert rule inet fw4 forward oifname "utun" accept
2024-08-25 10:01:40 +08:00
nft list chain inet fw4 input | grep -q 'iifname "utun" accept' || nft insert rule inet fw4 input iifname "utun" accept
2024-03-07 17:38:38 +08:00
}
2024-03-05 21:21:40 +08:00
[ " $local_proxy " = true ] && start_nft_route output output route -150
}
[ " $firewall_area " = 5 ] && {
[ " $redir_mod " = "T&U旁路转发" ] && JUMP = " meta l4proto {tcp, udp} mark set $fwmark " #跳转劫持的具体命令
2024-04-13 14:01:58 +08:00
[ " $redir_mod " = "TCP旁路转发" ] && JUMP = " meta l4proto tcp mark set $fwmark " #跳转劫持的具体命令
2024-04-28 20:54:18 +08:00
[ " $lan_proxy " = true ] && start_nft_route prerouting prerouting filter -150
2024-04-13 14:01:58 +08:00
[ " $local_proxy " = true ] && start_nft_route output output route -150
}
2024-08-25 20:48:41 +08:00
[ " $vm_redir " = "已开启" ] && {
start_nft_dns prerouting_vm prerouting
JUMP = " meta l4proto tcp redirect to $redir_port " #跳转劫持的具体命令
start_nft_route prerouting_vm prerouting nat -100
}
2024-03-05 21:21:40 +08:00
#屏蔽QUIC
[ " $quic_rj " = '已启用' -a " $lan_proxy " = true -a " $redir_mod " != "Redir模式" ] && {
nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; }
[ -n " $CN_IP " ] && nft add rule inet shellcrash quic_rj ip daddr { $CN_IP } return
[ -n " $CN_IP6 " ] && nft add rule inet shellcrash quic_rj ip6 daddr { $CN_IP6 } return
nft add rule inet shellcrash quic_rj udp dport { 443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
}
}
2024-04-13 14:01:58 +08:00
start_firewall( ) { #路由规则总入口
getlanip #获取局域网host地址
2024-03-05 21:21:40 +08:00
#设置策略路由
[ " $firewall_area " != 4 ] && {
2024-04-13 14:01:58 +08:00
local table = 100
2024-06-08 09:46:40 +08:00
[ " $redir_mod " = "Tproxy模式" ] && ip route add local default dev lo table $table 2>/dev/null
2024-03-05 21:21:40 +08:00
[ " $redir_mod " = "Tun模式" -o " $redir_mod " = "混合模式" ] && {
i = 1
2024-04-13 14:01:58 +08:00
while [ -z " $( ip route list | grep utun) " -a " $i " -le 29 ] ; do
2024-03-05 21:21:40 +08:00
sleep 1
2024-04-13 14:01:58 +08:00
i = $(( i + 1 ))
2024-03-05 21:21:40 +08:00
done
2024-04-13 14:01:58 +08:00
if [ -z " $( ip route list | grep utun) " ] ; then
2024-03-05 21:21:40 +08:00
logger "找不到tun模块, 放弃启动tun相关防火墙规则! " 31
else
2024-03-07 17:38:38 +08:00
ip route add default dev utun table $table && tun_statu = true
2024-03-05 21:21:40 +08:00
fi
}
2024-06-08 09:46:40 +08:00
[ " $firewall_area " = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null
[ " $redir_mod " != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
2024-03-05 21:21:40 +08:00
}
#添加ipv6路由
[ " $ipv6_redir " = "已开启" -a " $firewall_area " -le 3 ] && {
2024-06-08 09:46:40 +08:00
[ " $redir_mod " = "Tproxy模式" ] && ip -6 route add local default dev lo table $(( table + 1 )) 2>/dev/null
[ -n " $( ip route list | grep utun) " ] && ip -6 route add default dev utun table $(( table + 1 )) 2>/dev/null
[ " $redir_mod " != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $(( table + 1 )) 2>/dev/null
2024-03-05 21:21:40 +08:00
}
#判断代理用途
[ " $firewall_area " = 2 -o " $firewall_area " = 3 ] && [ -n " $( grep '0:7890' /etc/passwd) " ] && local_proxy = true
[ " $firewall_area " = 1 -o " $firewall_area " = 3 -o " $firewall_area " = 5 ] && lan_proxy = true
#防火墙配置
[ " $firewall_mod " = 'iptables' ] && start_iptables
[ " $firewall_mod " = 'nftables' ] && start_nftables
#修复部分虚拟机dns查询失败的问题
[ " $firewall_area " = 2 -o " $firewall_area " = 3 ] && [ -z " $( grep 'nameserver 127.0.0.1' /etc/resolv.conf 2>/dev/null) " ] && {
line = $( grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}' )
2024-04-13 14:01:58 +08:00
sed -i " $line i\nameserver 127.0.0.1 #shellcrash-dns-repair " /etc/resolv.conf
2024-03-05 21:21:40 +08:00
}
#openwrt使用dnsmasq转发DNS
2024-04-13 14:01:58 +08:00
if [ " $dns_redir " = "已开启" -a " $firewall_area " -le 3 -a " $dns_no " != "已禁用" ] ; then
2024-03-05 21:21:40 +08:00
uci del dhcp.@dnsmasq[ -1] .server >/dev/null 2>& 1
uci delete dhcp.@dnsmasq[ 0] .resolvfile 2>/dev/null
2024-04-13 14:01:58 +08:00
uci add_list dhcp.@dnsmasq[ 0] .server= 127.0.0.1#$dns_port >/dev/null 2>& 1
2024-03-05 21:21:40 +08:00
uci set dhcp.@dnsmasq[ 0] .noresolv= 1 2>/dev/null
uci commit dhcp >/dev/null 2>& 1
/etc/init.d/dnsmasq restart >/dev/null 2>& 1
2024-04-13 14:01:58 +08:00
elif [ " $( uci get dhcp.@dnsmasq[ 0] .dns_redirect 2>/dev/null) " = 1 ] ; then
2024-03-05 21:21:40 +08:00
uci del dhcp.@dnsmasq[ 0] .dns_redirect
uci commit dhcp.@dnsmasq[ 0]
fi
2022-05-16 00:57:52 +08:00
}
2024-04-13 14:01:58 +08:00
stop_firewall( ) { #还原防火墙配置
2023-04-02 19:46:08 +08:00
#获取局域网host地址
getlanip
2024-04-13 14:01:58 +08:00
#重置iptables相关规则
2024-08-25 21:12:03 +08:00
ckcmd iptables -w && {
2024-03-05 21:21:40 +08:00
#清理shellcrash自建表
2024-08-25 20:48:41 +08:00
for table in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
2024-08-25 21:12:03 +08:00
iptables -w -t nat -F $table 2>/dev/null
iptables -w -t nat -X $table 2>/dev/null
2024-03-05 21:21:40 +08:00
done
2024-04-13 14:01:58 +08:00
for table in shellcrash_mark shellcrash_mark_out; do
2024-08-25 21:12:03 +08:00
iptables -w -t mangle -F $table 2>/dev/null
iptables -w -t mangle -X $table 2>/dev/null
2024-03-05 21:21:40 +08:00
done
2022-11-12 22:54:46 +08:00
#dns
2024-08-25 21:12:03 +08:00
iptables -w -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
iptables -w -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
iptables -w -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
iptables -w -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
2024-03-05 21:21:40 +08:00
#redir
2024-08-25 21:12:03 +08:00
iptables -w -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
iptables -w -t nat -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash 2>/dev/null
iptables -w -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
iptables -w -t nat -D OUTPUT -p tcp -d 198.18.0.0/16 -j shellcrash_out 2>/dev/null
2024-08-25 20:48:41 +08:00
#vm_dns
2024-08-25 21:12:03 +08:00
iptables -w -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
iptables -w -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
2024-08-25 20:48:41 +08:00
#vm_redir
2024-08-25 21:12:03 +08:00
iptables -w -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
iptables -w -t nat -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash_vm 2>/dev/null
2024-03-05 21:21:40 +08:00
#TPROXY&tun
2024-08-25 21:12:03 +08:00
iptables -w -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D PREROUTING -p udp -d 198.18.0.0/16 -j shellcrash_mark 2>/dev/null
iptables -w -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D OUTPUT -p tcp -d 198.18.0.0/16 -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D OUTPUT -p udp -d 198.18.0.0/16 -j shellcrash_mark_out 2>/dev/null
iptables -w -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
iptables -w -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
2022-11-12 22:54:46 +08:00
#tun
2024-08-25 21:12:03 +08:00
iptables -w -D FORWARD -o utun -j ACCEPT 2>/dev/null
2022-11-12 22:54:46 +08:00
#屏蔽QUIC
2024-01-27 22:54:24 +08:00
[ " $dns_mod " != "fake-ip" -a " $cn_ip_route " = "已开启" ] && set_cn_ip = '-m set ! --match-set cn_ip dst'
2024-08-25 21:12:03 +08:00
iptables -w -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
2022-11-12 22:54:46 +08:00
#公网访问
2024-04-13 14:01:58 +08:00
for ip in $host_ipv4 $local_ipv4 $reserve_ipv4 ; do
2024-08-25 21:12:03 +08:00
iptables -w -D INPUT -p tcp -s $ip --dport $mix_port -j ACCEPT 2>/dev/null
iptables -w -D INPUT -p tcp -s $ip --dport $db_port -j ACCEPT 2>/dev/null
2023-04-02 19:46:08 +08:00
done
2024-08-25 21:12:03 +08:00
iptables -w -D INPUT -p tcp -d 127.0.0.1 -j ACCEPT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $db_port -j REJECT 2>/dev/null
iptables -w -D INPUT -p tcp --dport $db_port -j ACCEPT 2>/dev/null
2022-11-12 22:54:46 +08:00
}
2020-08-22 20:08:23 +08:00
#重置ipv6规则
2024-08-25 21:12:03 +08:00
ckcmd ip6tables -w && {
2024-03-05 21:21:40 +08:00
#清理shellcrash自建表
2024-06-23 18:58:03 +08:00
for table in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
2024-08-25 21:12:03 +08:00
ip6tables -w -t nat -F $table 2>/dev/null
ip6tables -w -t nat -X $table 2>/dev/null
2024-03-05 21:21:40 +08:00
done
2024-06-24 00:31:39 +08:00
for table in shellcrashv6_mark shellcrashv6_mark_out; do
2024-08-25 21:12:03 +08:00
ip6tables -w -t mangle -F $table 2>/dev/null
ip6tables -w -t mangle -X $table 2>/dev/null
2024-06-23 18:58:03 +08:00
done
2024-08-25 21:12:03 +08:00
ip6tables -w -t mangle -F shellcrashv6_mark 2>/dev/null
ip6tables -w -t mangle -X shellcrashv6_mark 2>/dev/null
2022-11-12 22:54:46 +08:00
#dns
2024-08-25 21:12:03 +08:00
ip6tables -w -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
ip6tables -w -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
2024-03-05 21:21:40 +08:00
#redir
2024-08-25 21:12:03 +08:00
ip6tables -w -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
ip6tables -w -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
ip6tables -w -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
2024-03-05 21:21:40 +08:00
#mark
2024-08-25 21:12:03 +08:00
ip6tables -w -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
ip6tables -w -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
ip6tables -w -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
ip6tables -w -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
ip6tables -w -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
2022-11-12 22:54:46 +08:00
#tun
2024-08-25 21:12:03 +08:00
ip6tables -w -D FORWARD -o utun -j ACCEPT 2>/dev/null
ip6tables -w -D FORWARD -p udp --dport 443 -o utun -j REJECT >/dev/null 2>& 1
2022-12-21 11:23:23 +08:00
#屏蔽QUIC
2024-01-27 22:54:24 +08:00
[ " $dns_mod " != "fake-ip" -a " $cn_ipv6_route " = "已开启" ] && set_cn_ip6 = '-m set ! --match-set cn_ip6 dst'
2024-08-25 21:12:03 +08:00
ip6tables -w -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
2022-11-12 22:54:46 +08:00
#公网访问
2024-08-25 21:12:03 +08:00
ip6tables -w -D INPUT -p tcp --dport $mix_port -j REJECT 2>/dev/null
ip6tables -w -D INPUT -p tcp --dport $mix_port -j ACCEPT 2>/dev/null
ip6tables -w -D INPUT -p tcp --dport $db_port -j REJECT 2>/dev/null
ip6tables -w -D INPUT -p tcp --dport $db_port -j ACCEPT 2>/dev/null
2022-11-12 22:54:46 +08:00
}
2021-06-13 19:12:57 +08:00
#清理ipset规则
ipset destroy cn_ip >/dev/null 2>& 1
2022-12-21 11:24:06 +08:00
ipset destroy cn_ip6 >/dev/null 2>& 1
2021-12-18 20:14:03 +08:00
#移除dnsmasq转发规则
2022-05-03 23:15:13 +08:00
[ " $dns_redir " = "已开启" ] && {
uci del dhcp.@dnsmasq[ -1] .server >/dev/null 2>& 1
2022-09-17 19:07:14 +08:00
uci set dhcp.@dnsmasq[ 0] .noresolv= 0 2>/dev/null
2022-09-17 18:22:17 +08:00
uci commit dhcp >/dev/null 2>& 1
2022-05-03 23:15:13 +08:00
/etc/init.d/dnsmasq restart >/dev/null 2>& 1
}
2022-11-12 22:54:46 +08:00
#清理路由规则
2024-04-13 14:01:58 +08:00
ip rule del fwmark $fwmark table 100 2>/dev/null
2024-03-05 21:21:40 +08:00
ip route flush table 100 2>/dev/null
ip -6 rule del fwmark $fwmark table 101 2>/dev/null
ip -6 route flush table 101 2>/dev/null
2022-11-08 22:06:42 +08:00
#重置nftables相关规则
2023-01-15 20:58:15 +08:00
ckcmd nft && {
2024-01-06 22:35:41 +08:00
nft flush table inet shellcrash >/dev/null 2>& 1
nft delete table inet shellcrash >/dev/null 2>& 1
2022-11-12 22:54:46 +08:00
}
2024-01-02 17:09:11 +08:00
#还原防火墙文件
[ -s /etc/init.d/firewall.bak ] && mv -f /etc/init.d/firewall.bak /etc/init.d/firewall
2024-03-03 19:12:31 +08:00
#others
sed -i '/shellcrash-dns-repair/d' /etc/resolv.conf
2020-08-22 20:08:23 +08:00
}
2024-01-10 22:02:15 +08:00
#启动相关
2024-04-13 14:01:58 +08:00
web_save( ) { #最小化保存面板节点选择
2020-10-24 20:09:49 +08:00
#使用get_save获取面板节点设置
2024-04-13 14:01:58 +08:00
get_save http://127.0.0.1:${ db_port } /proxies | sed 's/:{/!/g' | awk -F '!' '{for(i=1;i<=NF;i++) print $i}' | grep -aE '"Selector"' | grep -aoE '"name":.*"now":".*",' >" $TMPDIR " /web_proxies
2024-04-13 21:02:33 +08:00
[ -s " $TMPDIR " /web_proxies ] && while read line; do
2024-04-13 14:01:58 +08:00
def = $( echo $line | grep -oE '"all".*",' | awk -F "[:\"]" '{print $5}' )
now = $( echo $line | grep -oE '"now".*",' | awk -F "[:\"]" '{print $5}' )
2024-01-13 19:39:15 +08:00
[ " $def " != " $now " ] && {
2024-04-13 14:01:58 +08:00
name = $( echo $line | grep -oE '"name".*",' | awk -F "[:\"]" '{print $5}' )
echo " ${ name } , ${ now } " >>" $TMPDIR " /web_save
2024-01-13 19:39:15 +08:00
}
2024-04-13 14:01:58 +08:00
done <" $TMPDIR " /web_proxies
rm -rf " $TMPDIR " /web_proxies
2024-01-21 19:26:13 +08:00
#获取面板设置
2024-04-13 14:01:58 +08:00
#[ "$crashcore" != singbox ] && get_save http://127.0.0.1:${db_port}/configs > "$TMPDIR"/web_configs
2020-11-07 12:08:31 +08:00
#对比文件,如果有变动且不为空则写入磁盘,否则清除缓存
2024-04-13 14:01:58 +08:00
for file in web_save web_configs; do
if [ -s " $TMPDIR " /${ file } ] ; then
compare " $TMPDIR " /${ file } " $CRASHDIR " /configs/${ file }
[ " $? " = 0 ] && rm -rf " $TMPDIR " /${ file } || mv -f " $TMPDIR " /${ file } " $CRASHDIR " /configs/${ file }
2024-01-21 19:26:13 +08:00
fi
done
2020-10-10 17:02:53 +08:00
}
2024-04-13 14:01:58 +08:00
web_restore( ) { #还原面板选择
2024-02-01 23:14:28 +08:00
#设置循环检测面板端口以判定服务启动是否成功
2024-03-01 23:58:41 +08:00
test = ""
2024-04-13 14:01:58 +08:00
i = 1
while [ -z " $test " -a " $i " -lt 20 ] ; do
2024-01-20 16:35:52 +08:00
sleep 2
2024-02-13 21:43:44 +08:00
test = $( get_save http://127.0.0.1:${ db_port } /configs | grep -o port)
2024-04-13 14:01:58 +08:00
i = $(( i + 1 ))
2020-10-10 17:02:53 +08:00
done
2024-04-13 14:01:58 +08:00
sleep 1
2024-02-01 23:14:28 +08:00
[ -n " $test " ] && {
#发送节点选择数据
2024-04-13 14:01:58 +08:00
[ -s " $CRASHDIR " /configs/web_save ] && {
num = $( cat " $CRASHDIR " /configs/web_save | wc -l)
2024-02-01 23:14:28 +08:00
i = 1
2024-04-13 14:01:58 +08:00
while [ " $i " -le " $num " ] ; do
group_name = $( awk -F ',' 'NR=="' ${ i } '" {print $1}' " $CRASHDIR " /configs/web_save | sed 's/ /%20/g' )
now_name = $( awk -F ',' 'NR=="' ${ i } '" {print $2}' " $CRASHDIR " /configs/web_save)
2024-02-01 23:14:28 +08:00
put_save http://127.0.0.1:${ db_port } /proxies/${ group_name } " {\"name\":\" ${ now_name } \"} "
2024-04-13 14:01:58 +08:00
i = $(( i + 1 ))
2024-02-01 23:14:28 +08:00
done
}
#还原面板设置
2024-04-13 14:01:58 +08:00
#[ "$crashcore" != singbox ] && [ -s "$CRASHDIR"/configs/web_configs ] && {
#sleep 5
#put_save http://127.0.0.1:${db_port}/configs "$(cat "$CRASHDIR"/configs/web_configs)" PATCH
2024-02-26 10:36:45 +08:00
#}
2024-01-26 14:11:04 +08:00
}
2020-10-10 17:02:53 +08:00
}
2024-04-13 14:01:58 +08:00
makehtml( ) { #生成面板跳转文件
cat >" $BINDIR " /ui/index.html <<EOF
2024-01-04 12:36:54 +08:00
<!DOCTYPE html>
<html lang = "en" >
2024-03-06 15:58:59 +08:00
<meta http-equiv= "Cache-Control" content = "no-cache, no-store, must-revalidate" >
<meta http-equiv= "Pragma" content = "no-cache" >
<meta http-equiv= "Expires" content = "0" >
2024-01-04 12:36:54 +08:00
<head>
<meta charset = "UTF-8" >
<meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
<title>ShellCrash面板提示</title>
</head>
<body>
<div style = "text-align: center; margin-top: 50px;" >
<h1>您还未安装本地面板</h1>
<h3>请在脚本更新功能中( 9-4) 安装<br>或者使用在线面板:</h3>
2024-02-13 21:43:44 +08:00
<h4>请复制当前地址/ui( 不包括) 前面的内容, 填入url位置即可连接</h3>
2024-01-04 12:36:54 +08:00
<a href = "https://metacubexd.pages.dev" style = "font-size: 24px;" >Meta XD面板( 推荐) <br></a>
<a href = "https://yacd.metacubex.one" style = "font-size: 24px;" >Meta YACD面板( 推荐) <br></a>
<a href = "https://yacd.haishan.me" style = "font-size: 24px;" >Clash YACD面板<br></a>
2024-03-06 15:58:59 +08:00
<a style = "font-size: 21px;" ><br>如已安装,请刷新此页面!<br></a>
2024-01-04 12:36:54 +08:00
</div>
</body>
</html
EOF
}
2024-04-13 14:01:58 +08:00
catpac( ) { #生成pac文件
2022-05-12 23:23:18 +08:00
#获取本机host地址
2022-05-14 22:30:37 +08:00
[ -n " $host " ] && host_pac = $host
2024-04-13 14:01:58 +08:00
[ -z " $host_pac " ] && host_pac = $( ubus call network.interface.lan status 2>& 1 | grep \" address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' )
2022-11-16 19:49:02 +08:00
[ -z " $host_pac " ] && host_pac = $( ip a 2>& 1 | grep -w 'inet' | grep 'global' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
2024-04-13 14:01:58 +08:00
cat >" $TMPDIR " /shellcrash_pac <<EOF
2020-10-30 16:21:09 +08:00
function FindProxyForURL( url, host) {
if (
isInNet( host, "0.0.0.0" , "255.0.0.0" ) ||
isInNet( host, "10.0.0.0" , "255.0.0.0" ) ||
isInNet( host, "127.0.0.0" , "255.0.0.0" ) ||
isInNet( host, "224.0.0.0" , "224.0.0.0" ) ||
isInNet( host, "240.0.0.0" , "240.0.0.0" ) ||
isInNet( host, "172.16.0.0" , "255.240.0.0" ) ||
isInNet( host, "192.168.0.0" , "255.255.0.0" ) ||
isInNet( host, "169.254.0.0" , "255.255.0.0" )
)
return "DIRECT" ;
else
2022-05-14 13:07:48 +08:00
return " PROXY $host_pac : $mix_port ; DIRECT; SOCKS5 $host_pac : $mix_port "
2020-10-30 16:21:09 +08:00
}
EOF
2024-04-13 14:01:58 +08:00
compare " $TMPDIR " /shellcrash_pac " $BINDIR " /ui/pac
[ " $? " = 0 ] && rm -rf " $TMPDIR " /shellcrash_pac || mv -f " $TMPDIR " /shellcrash_pac " $BINDIR " /ui/pac
2024-01-10 22:02:15 +08:00
}
2024-04-13 14:01:58 +08:00
core_check( ) { #检查及下载内核文件
[ -n " $( tar --help 2>& 1 | grep -o 'no-same-owner' ) " ] && tar_para = '--no-same-owner' #tar命令兼容
[ -n " $( find --help 2>& 1 | grep -o size) " ] && find_para = ' -size +2000' #find命令兼容
tar_core( ) {
mkdir -p " $TMPDIR " /core_tmp
tar -zxf " $1 " ${ tar_para } -C " $TMPDIR " /core_tmp/
for file in $( find " $TMPDIR " /core_tmp $find_para 2>/dev/null) ; do
[ -f $file ] && [ -n " $( echo $file | sed 's#.*/##' | grep -iE '(CrashCore|sing|meta|mihomo|clash|pre)' ) " ] && mv -f $file " $TMPDIR " /" $2 "
2024-02-04 09:03:39 +08:00
done
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /core_tmp
2024-02-04 09:03:39 +08:00
}
2024-04-13 14:01:58 +08:00
[ -z " $( find " $TMPDIR " /CrashCore $find_para 2>/dev/null) " ] && [ -n " $( find " $BINDIR " /CrashCore $find_para 2>/dev/null) " ] && mv " $BINDIR " /CrashCore " $TMPDIR " /CrashCore
[ -z " $( find " $TMPDIR " /CrashCore $find_para 2>/dev/null) " ] && [ -n " $( find " $BINDIR " /CrashCore.tar.gz $find_para 2>/dev/null) " ] &&
tar_core " $BINDIR " /CrashCore.tar.gz CrashCore
[ -z " $( find " $TMPDIR " /CrashCore $find_para 2>/dev/null) " ] && {
logger " 未找到【 $crashcore 】核心,正在下载! " 33
[ -z " $cpucore " ] && . " $CRASHDIR " /update.sh && getcpucore
[ -z " $cpucore " ] && logger 找不到设备的CPU信息, 请手动指定处理器架构类型! 31 && exit 1
get_bin " $TMPDIR " /CrashCore.tar.gz " bin/ $crashcore / ${ target } -linux- ${ cpucore } .tar.gz "
#校验内核
tar_core " $TMPDIR " /CrashCore.tar.gz core_new
chmod +x " $TMPDIR " /core_new
if [ " $crashcore " = singbox -o " $crashcore " = singboxp ] ; then
core_v = $( " $TMPDIR " /core_new version 2>/dev/null | grep version | awk '{print $3}' )
COMMAND = '"$TMPDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons"'
else
core_v = $( " $TMPDIR " /core_new -v 2>/dev/null | head -n 1 | sed 's/ linux.*//;s/.* //' )
COMMAND = '"$TMPDIR/CrashCore -d $BINDIR -f $TMPDIR/config.yaml"'
fi
if [ -z " $core_v " ] ; then
rm -rf " $TMPDIR " /CrashCore
logger "核心下载失败,请重新运行或更换安装源!" 31
exit 1
else
mv -f " $TMPDIR " /core_new " $TMPDIR " /CrashCore
mv -f " $TMPDIR " /CrashCore.tar.gz " $BINDIR " /CrashCore.tar.gz
setconfig COMMAND " $COMMAND " " $CRASHDIR " /configs/command.env && . " $CRASHDIR " /configs/command.env
setconfig crashcore $crashcore
setconfig core_v $core_v
fi
2024-02-03 22:19:04 +08:00
}
2024-04-13 14:01:58 +08:00
[ ! -x " $TMPDIR " /CrashCore ] && chmod +x " $TMPDIR " /CrashCore 2>/dev/null #自动授权
2024-02-04 18:30:58 +08:00
[ " $start_old " != "已开启" -a " $( cat /proc/1/comm) " = "systemd" ] && restorecon -RF $CRASHDIR 2>/dev/null #修复SELinux权限问题
2024-01-30 23:12:52 +08:00
return 0
2020-10-30 16:21:09 +08:00
}
2024-04-13 14:01:58 +08:00
core_exchange( ) { #升级为高级内核
2024-03-06 15:58:59 +08:00
#$1: 目标内核 $2: 提示语句
2024-04-13 20:36:48 +08:00
logger " 检测到 ${ 2 } !将改为使用 ${ 1 } 核心启动! " 33
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /CrashCore
rm -rf " $BINDIR " /CrashCore
rm -rf " $BINDIR " /CrashCore.tar.gz
crashcore = " $1 "
setconfig crashcore " $1 "
2024-03-06 15:58:59 +08:00
echo -----------------------------------------------
}
2024-04-13 14:01:58 +08:00
clash_check( ) { #clash启动前检查
2022-12-01 23:10:49 +08:00
#检测vless/hysteria协议
2024-03-06 15:58:59 +08:00
[ " $crashcore " != "meta" ] && [ -n " $( cat $core_config | grep -oE 'type: vless|type: hysteria' ) " ] && core_exchange meta 'vless/hy协议'
2024-01-06 22:35:41 +08:00
#检测是否存在高级版规则或者tun模式
2024-04-13 14:01:58 +08:00
if [ " $crashcore " = "clash" ] ; then
[ -n " $( cat $core_config | grep -aiE '^script:|proxy-providers|rule-providers|rule-set' ) " ] ||
[ " $redir_mod " = "混合模式" ] ||
[ " $redir_mod " = "Tun模式" ] && core_exchange meta '当前内核不支持的配置'
2020-10-30 16:21:09 +08:00
fi
2024-01-10 22:02:15 +08:00
core_check
2024-01-06 22:35:41 +08:00
#预下载GeoIP数据库
2024-04-13 14:01:58 +08:00
[ -n " $( cat " $CRASHDIR " /yamls/*.yaml | grep -oEi 'geoip' ) " ] && ckgeo Country.mmdb cn_mini.mmdb
2024-01-06 22:35:41 +08:00
#预下载GeoSite数据库
2024-04-13 14:01:58 +08:00
[ -n " $( cat " $CRASHDIR " /yamls/*.yaml | grep -oEi 'geosite' ) " ] && ckgeo GeoSite.dat geosite.dat
2024-01-30 11:40:55 +08:00
return 0
2024-01-06 22:35:41 +08:00
}
2024-04-13 14:01:58 +08:00
singbox_check( ) { #singbox启动前检查
2024-01-30 23:12:52 +08:00
#检测PuerNya专属功能
2024-04-13 14:01:58 +08:00
[ " $crashcore " != "singboxp" ] && [ -n " $( cat " $CRASHDIR " /jsons/*.json | grep -oE 'shadowsocksr|providers' ) " ] && core_exchange singboxp 'PuerNya内核专属功能'
2024-01-10 22:02:15 +08:00
core_check
2024-02-01 23:14:28 +08:00
#预下载geoip-cn.srs数据库
2024-04-13 14:01:58 +08:00
[ -n " $( cat " $CRASHDIR " /jsons/*.json | grep -oEi '"rule_set" *: *"geoip-cn"' ) " ] && ckgeo geoip-cn.srs srs_geoip_cn.srs
2024-02-01 23:14:28 +08:00
#预下载geosite-cn.srs数据库
2024-04-13 14:01:58 +08:00
[ -n " $( cat " $CRASHDIR " /jsons/*.json | grep -oEi '"rule_set" *: *"geosite-cn"' ) " -o " $dns_mod " = "mix" ] && ckgeo geosite-cn.srs srs_geosite_cn.srs
2024-01-06 22:35:41 +08:00
#预下载GeoIP数据库
2024-04-13 14:01:58 +08:00
[ -n " $( cat " $CRASHDIR " /jsons/*.json | grep -oEi '"geoip":' ) " ] && ckgeo geoip.db geoip_cn.db
2024-01-06 22:35:41 +08:00
#预下载GeoSite数据库
2024-04-13 14:01:58 +08:00
[ -n " $( cat " $CRASHDIR " /jsons/*.json | grep -oEi '"geosite":' ) " ] && ckgeo geosite.db geosite_cn.db
2024-01-30 11:40:55 +08:00
return 0
2024-01-06 22:35:41 +08:00
}
2024-04-13 14:01:58 +08:00
network_check( ) { #检查是否联网
for host in 223.5.5.5 114.114.114.114 1.2.4.8 dns.alidns.com doh.pub doh.360.cn; do
2024-04-14 09:25:44 +08:00
ping -c 3 $host >/dev/null 2>& 1 && return 0
2024-04-13 11:19:01 +08:00
sleep 2
done
2024-08-25 20:48:41 +08:00
logger "当前设备无法连接网络,已停止启动!" 33
2024-04-13 11:19:01 +08:00
exit 1
}
2024-04-13 14:01:58 +08:00
bfstart( ) { #启动前
2024-03-07 17:38:38 +08:00
routing_mark = $(( fwmark + 2 ))
2024-08-25 20:48:41 +08:00
#检测网络连接
[ ! -f " $TMPDIR " /crash_start_time ] && ckcmd ping && network_check
2024-04-13 14:01:58 +08:00
[ ! -d " $BINDIR " /ui ] && mkdir -p " $BINDIR " /ui
2024-01-06 22:35:41 +08:00
[ -z " $crashcore " ] && crashcore = clash
2024-01-26 15:30:07 +08:00
#执行条件任务
2024-04-13 14:01:58 +08:00
[ -s " $CRASHDIR " /task/bfstart ] && . " $CRASHDIR " /task/bfstart
2024-01-06 22:35:41 +08:00
#检查内核配置文件
2024-04-13 14:01:58 +08:00
if [ ! -f $core_config ] ; then
if [ -n " $Url " -o -n " $Https " ] ; then
2024-01-06 22:35:41 +08:00
logger "未找到配置文件,正在下载!" 33
get_core_config
else
logger "未找到配置文件链接,请先导入配置文件!" 31
exit 1
fi
fi
2020-10-30 16:21:09 +08:00
#检查dashboard文件
2024-04-13 14:01:58 +08:00
if [ -f " $CRASHDIR " /ui/CNAME -a ! -f " $BINDIR " /ui/CNAME ] ; then
cp -rf " $CRASHDIR " /ui " $BINDIR "
2020-10-30 16:21:09 +08:00
fi
2024-04-13 14:01:58 +08:00
[ ! -s " $BINDIR " /ui/index.html ] && makehtml #如没有面板则创建跳转界面
catpac #生成pac文件
2024-01-06 22:35:41 +08:00
#内核及内核配置文件检查
2024-04-13 14:01:58 +08:00
if [ " $crashcore " = singbox -o " $crashcore " = singboxp ] ; then
singbox_check
[ -d " $TMPDIR " /jsons ] && rm -rf " $TMPDIR " /jsons/* || mkdir -p " $TMPDIR " /jsons #准备目录
[ " $disoverride " != "1" ] && modify_json || ln -sf $core_config " $TMPDIR " /jsons/config.json
2024-01-06 22:35:41 +08:00
else
clash_check
2024-04-13 14:01:58 +08:00
[ " $disoverride " != "1" ] && modify_yaml || ln -sf $core_config " $TMPDIR " /config.yaml
2024-01-06 22:35:41 +08:00
fi
2024-02-13 21:43:44 +08:00
#检查下载cnip绕过相关文件
2024-03-19 13:58:02 +08:00
[ " $firewall_mod " = nftables ] || ckcmd ipset && [ " $dns_mod " != "fake-ip" ] && {
[ " $cn_ip_route " = "已开启" ] && cn_ip_route
[ " $ipv6_redir " = "已开启" ] && [ " $cn_ipv6_route " = "已开启" ] && cn_ipv6_route
}
2024-01-28 12:15:40 +08:00
#添加shellcrash用户
2024-04-13 14:01:58 +08:00
[ " $firewall_area " = 2 ] || [ " $firewall_area " = 3 ] || [ " $( cat /proc/1/comm) " = "systemd" ] &&
[ -z " $( id shellcrash 2>/dev/null | grep 'root' ) " ] && {
2024-02-09 10:40:16 +08:00
ckcmd userdel && userdel shellcrash 2>/dev/null
2024-01-28 12:15:40 +08:00
sed -i '/0:7890/d' /etc/passwd
2024-01-30 11:40:55 +08:00
sed -i '/x:7890/d' /etc/group
if ckcmd useradd; then
useradd shellcrash -u 7890
sed -Ei s/7890:7890/0:7890/g /etc/passwd
else
2024-04-13 14:01:58 +08:00
echo "shellcrash:x:0:7890:::" >>/etc/passwd
2024-01-30 11:40:55 +08:00
fi
2024-01-28 12:15:40 +08:00
}
2024-01-14 12:53:23 +08:00
#清理debug日志
2024-04-13 14:01:58 +08:00
rm -rf " $TMPDIR " /debug.log
rm -rf " $CRASHDIR " /debug.log
2024-01-10 22:02:15 +08:00
return 0
2020-10-30 16:21:09 +08:00
}
2024-04-13 14:01:58 +08:00
afstart( ) { #启动后
2024-03-03 19:12:31 +08:00
[ -z " $firewall_area " ] && firewall_area = 1
2024-08-17 19:08:41 +08:00
#延迟启动
[ -n " $start_delay " ] && [ " $start_delay " -gt 0 ] && {
logger " ShellCrash将延迟 $start_delay秒启动 " 31 pushoff
sleep $start_delay
}
2024-02-01 23:14:28 +08:00
#设置循环检测面板端口以判定服务启动是否成功
i = 1
2024-04-13 14:01:58 +08:00
while [ -z " $test " -a " $i " -lt 10 ] ; do
2024-02-01 23:14:28 +08:00
sleep 1
2024-04-13 14:01:58 +08:00
if curl --version >/dev/null 2>& 1; then
2024-02-01 23:14:28 +08:00
test = $( curl -s http://127.0.0.1:${ db_port } /configs | grep -o port)
else
test = $( wget -q -O - http://127.0.0.1:${ db_port } /configs | grep -o port)
2024-01-06 22:35:41 +08:00
fi
2024-04-13 14:01:58 +08:00
i = $(( i + 1 ))
2024-02-01 23:14:28 +08:00
done
2024-04-13 14:01:58 +08:00
if [ -n " $test " -o -n " $( pidof CrashCore) " ] ; then
rm -rf " $TMPDIR " /CrashCore #删除缓存目录内核文件
start_firewall #配置防火墙流量劫持
mark_time #标记启动时间
[ -s " $CRASHDIR " /configs/web_save ] && web_restore >/dev/null 2>& 1 & #后台还原面板配置
{
sleep 5
logger ShellCrash服务已启动!
} & #推送日志
2024-02-04 16:55:06 +08:00
ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>& 1 & #Padavan保存/etc/storage
2024-02-01 23:14:28 +08:00
#加载定时任务
2024-04-13 14:01:58 +08:00
[ -s " $CRASHDIR " /task/cron ] && croncmd " $CRASHDIR " /task/cron
[ -s " $CRASHDIR " /task/running ] && {
2024-02-01 23:14:28 +08:00
cronset '运行时每'
2024-04-13 14:01:58 +08:00
while read line; do
2024-02-01 23:14:28 +08:00
cronset '2fjdi124dd12s' " $line "
2024-04-13 14:01:58 +08:00
done <" $CRASHDIR " /task/running
2024-02-01 23:14:28 +08:00
}
2024-04-13 14:01:58 +08:00
[ " $start_old " = "已开启" ] && cronset '保守模式守护进程' "* * * * * test -z \"\$(pidof CrashCore)\" && " $CRASHDIR "/start.sh daemon #ShellCrash保守模式守护进程"
2024-02-01 23:14:28 +08:00
#加载条件任务
2024-04-13 14:01:58 +08:00
[ -s " $CRASHDIR " /task/afstart ] && { . " $CRASHDIR " /task/afstart; } &
[ -s " $CRASHDIR " /task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
2024-02-01 23:14:28 +08:00
#注入防火墙
line = $( grep -En "fw3 restart" /etc/init.d/firewall | cut -d ":" -f 1)
2024-04-13 14:01:58 +08:00
sed -i.bak " ${ line } a\\. " $CRASHDIR "/task/affirewall" /etc/init.d/firewall
2024-02-01 23:14:28 +08:00
line = $( grep -En "fw3 .* start" /etc/init.d/firewall | cut -d ":" -f 1)
2024-04-13 14:01:58 +08:00
sed -i " ${ line } a\\. " $CRASHDIR "/task/affirewall" /etc/init.d/firewall
2024-02-01 23:14:28 +08:00
} &
else
$0 stop
2024-02-02 17:54:20 +08:00
start_error
2024-02-01 23:14:28 +08:00
fi
2020-08-22 20:08:23 +08:00
}
2024-04-13 14:01:58 +08:00
start_error( ) { #启动报错
if [ " $start_old " != "已开启" ] && ckcmd journalctl; then
journalctl -u shellcrash >$TMPDIR /core_test.log
2024-02-01 23:14:28 +08:00
else
2024-04-13 14:01:58 +08:00
${ COMMAND } >" $TMPDIR " /core_test.log 2>& 1 &
sleep 2
kill $! >/dev/null 2>& 1
2024-02-01 23:14:28 +08:00
fi
2024-02-26 10:36:45 +08:00
error = $( cat $TMPDIR /core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*' )
2024-01-10 22:02:15 +08:00
logger " 服务启动失败!请查看报错信息!详细信息请查看 $TMPDIR /core_test.log " 33
logger " $error " 31
exit 1
}
2024-04-13 14:01:58 +08:00
start_old( ) { #保守模式
2020-10-30 16:21:09 +08:00
#使用传统后台执行二进制文件的方式执行
2024-04-13 14:01:58 +08:00
if ckcmd su && [ -n " $( grep 'shellcrash:x:0:7890' /etc/passwd) " ] ; then
2024-03-07 17:38:38 +08:00
su shellcrash -c " $COMMAND >/dev/null 2>&1 " &
2021-06-16 18:55:14 +08:00
else
2024-03-07 17:38:38 +08:00
ckcmd nohup && local nohup = nohup
2024-01-30 11:40:55 +08:00
$nohup $COMMAND >/dev/null 2>& 1 &
2021-06-16 18:55:14 +08:00
fi
2024-02-01 23:14:28 +08:00
afstart &
2024-01-10 22:02:15 +08:00
}
#杂项
2024-04-13 14:01:58 +08:00
update_config( ) { #更新订阅并重启
get_core_config &&
2024-01-10 22:02:15 +08:00
$0 restart
}
2024-04-13 14:01:58 +08:00
hotupdate( ) { #热更新订阅
get_core_config
core_check
modify_$format &&
put_save http://127.0.0.1:${ db_port } /configs "{\"path\":\"" $CRASHDIR " /config. $format \"} "
rm -rf " $TMPDIR " /CrashCore
2024-01-10 22:02:15 +08:00
}
2024-04-13 14:01:58 +08:00
set_proxy( ) { #设置环境变量
if [ " $local_type " = "环境变量" ] ; then
2024-01-10 22:02:15 +08:00
[ -w ~/.bashrc ] && profile = ~/.bashrc
[ -w /etc/profile ] && profile = /etc/profile
2024-04-13 14:01:58 +08:00
echo 'export all_proxy=http://127.0.0.1:' " $mix_port " >>$profile
echo 'export ALL_PROXY=$all_proxy' >>$profile
2024-01-10 22:02:15 +08:00
fi
}
2024-04-13 14:01:58 +08:00
unset_proxy( ) { #卸载环境变量
2024-01-10 22:02:15 +08:00
[ -w ~/.bashrc ] && profile = ~/.bashrc
[ -w /etc/profile ] && profile = /etc/profile
2024-04-13 14:01:58 +08:00
sed -i '/all_proxy/' d $profile
sed -i '/ALL_PROXY/' d $profile
2020-10-27 09:40:58 +08:00
}
2020-09-18 21:09:06 +08:00
2024-03-07 17:38:38 +08:00
getconfig #读取配置及全局变量
2020-09-18 21:09:06 +08:00
case " $1 " in
2024-04-13 14:01:58 +08:00
start)
[ -n " $( pidof CrashCore) " ] && $0 stop #禁止多实例
stop_firewall #清理路由策略
#使用不同方式启动服务
if [ " $firewall_area " = "5" ] ; then #主旁转发
start_firewall
elif [ " $start_old " = "已开启" ] ; then
bfstart && start_old
elif [ -f /etc/rc.common -a " $( cat /proc/1/comm) " = "procd" ] ; then
/etc/init.d/shellcrash start
elif [ " $USER " = "root" -a " $( cat /proc/1/comm) " = "systemd" ] ; then
bfstart && {
FragmentPath = $( systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//' )
[ -f $FragmentPath ] && setconfig ExecStart " $COMMAND >/dev/null " " $FragmentPath "
systemctl daemon-reload
systemctl start shellcrash.service || start_error
}
else
bfstart && start_old
fi
2024-07-14 20:15:02 +08:00
if [ " $2 " = "infinity" ] ; then #增加容器自启方式, 请将CMD设置为"$CRASHDIR"/start.sh start infinity
sleep infinity
fi
2020-09-18 21:09:06 +08:00
; ;
2024-04-13 14:01:58 +08:00
stop)
logger ShellCrash服务即将关闭……
[ -n " $( pidof CrashCore) " ] && web_save #保存面板配置
#删除守护进程&面板配置自动保存
cronset '保守模式守护进程'
cronset '运行时每'
cronset '流媒体预解析'
#多种方式结束进程
2024-01-10 22:02:15 +08:00
2024-04-13 14:01:58 +08:00
if [ " $start_old " != "已开启" -a " $USER " = "root" -a " $( cat /proc/1/comm) " = "systemd" ] ; then
systemctl stop shellcrash.service >/dev/null 2>& 1
elif [ -f /etc/rc.common -a " $( cat /proc/1/comm) " = "procd" ] ; then
/etc/init.d/shellcrash stop >/dev/null 2>& 1
else
stop_firewall #清理路由策略
unset_proxy #禁用本机代理
fi
PID = $( pidof CrashCore) && [ -n " $PID " ] && kill -9 $PID >/dev/null 2>& 1
; ;
2020-09-18 21:09:06 +08:00
restart)
2024-04-13 14:01:58 +08:00
$0 stop
$0 start
; ;
2024-01-26 15:30:07 +08:00
daemon)
2024-04-13 14:01:58 +08:00
[ ! -f $TMPDIR /crash_start_time ] && sleep 20
$0 start
; ;
debug)
[ -n " $( pidof CrashCore) " ] && $0 stop >/dev/null #禁止多实例
stop_firewall >/dev/null #清理路由策略
bfstart
if [ -n " $2 " ] ; then
if [ " $crashcore " = singbox -o " $crashcore " = singboxp ] ; then
sed -i " s/\"level\": \"info\"/\"level\": \" $2 \"/ " " $TMPDIR " /jsons/log.json 2>/dev/null
2024-02-03 22:19:04 +08:00
else
2024-04-13 14:01:58 +08:00
sed -i " s/log-level: info/log-level: $2 / " " $TMPDIR " /config.yaml
2024-02-03 22:19:04 +08:00
fi
2024-04-13 14:01:58 +08:00
[ " $3 " = flash ] && dir = $CRASHDIR || dir = $TMPDIR
$COMMAND >${ dir } /debug.log 2>& 1 &
sleep 2
logger "已运行debug模式!如需停止,请使用重启/停止服务功能!" 33
else
$COMMAND >/dev/null 2>& 1 &
fi
afstart
2024-01-14 12:53:23 +08:00
; ;
2021-06-05 12:53:20 +08:00
init)
2024-04-13 14:01:58 +08:00
if [ -d "/etc/storage/clash" -o -d "/etc/storage/ShellCrash" ] ; then
i = 1
while [ ! -w /etc/profile -a " $i " -lt 10 ] ; do
sleep 3 && i = $(( i + 1 ))
done
[ -w /etc/profile ] && profile = /etc/profile || profile = /etc_ro/profile
mount -t tmpfs -o remount,rw,size= 45M tmpfs /tmp #增加/tmp空间以适配新的内核压缩方式
sed -i '' $profile #将软链接转化为一般文件
elif [ -d "/jffs" ] ; then
sleep 60
if [ -w /etc/profile ] ; then
profile = /etc/profile
else
profile = $( cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}' )
2021-07-26 16:50:00 +08:00
fi
2024-04-13 14:01:58 +08:00
fi
sed -i "/alias crash/d" $profile
sed -i "/alias clash/d" $profile
sed -i "/export CRASHDIR/d" $profile
echo " alias crash=\" $CRASHDIR /menu.sh\" " >>$profile
echo " alias clash=\" $CRASHDIR /menu.sh\" " >>$profile
echo " export CRASHDIR=\" $CRASHDIR \" " >>$profile
[ -f " $CRASHDIR " /.dis_startup ] && cronset "保守模式守护进程" || $0 start
; ;
2020-10-30 16:21:09 +08:00
webget)
2024-04-13 14:01:58 +08:00
#设置临时代理
if [ -n " $( pidof CrashCore) " ] ; then
[ -n " $authentication " ] && auth = " $authentication @ "
export all_proxy = " http:// ${ auth } 127.0.0.1: $mix_port "
url = $( echo $3 | sed 's#https://.*jsdelivr.net/gh/juewuy/ShellCrash[@|/]#https://raw.githubusercontent.com/juewuy/ShellCrash/#' | sed 's#https://gh.jwsc.eu.org/#https://raw.githubusercontent.com/juewuy/ShellCrash/#' )
else
url = $( echo $3 | sed 's#https://raw.githubusercontent.com/juewuy/ShellCrash/#https://fastly.jsdelivr.net/gh/juewuy/ShellCrash@#' )
fi
#参数【$2】代表下载目录, 【$3】代表在线地址
#参数【$4】代表输出显示, 【$4】不启用重定向
#参数【$6】代表验证证书
if curl --version >/dev/null 2>& 1; then
[ " $4 " = "echooff" ] && progress = '-s' || progress = '-#'
[ " $5 " = "rediroff" ] && redirect = '' || redirect = '-L'
[ " $6 " = "skipceroff" ] && certificate = '' || certificate = '-k'
result = $( curl $agent -w %{ http_code} --connect-timeout 3 $progress $redirect $certificate -o " $2 " " $url " )
[ " $result " != "200" ] && export all_proxy = "" && result = $( curl $agent -w %{ http_code} --connect-timeout 5 $progress $redirect $certificate -o " $2 " " $3 " )
else
if wget --version >/dev/null 2>& 1; then
[ " $4 " = "echooff" ] && progress = '-q' || progress = '-q --show-progress'
[ " $5 " = "rediroff" ] && redirect = '--max-redirect=0' || redirect = ''
[ " $6 " = "skipceroff" ] && certificate = '' || certificate = '--no-check-certificate'
timeout = '--timeout=5'
2022-12-07 22:07:37 +08:00
fi
2024-04-13 14:01:58 +08:00
[ " $4 " = "echoon" ] && progress = ''
[ " $4 " = "echooff" ] && progress = '-q'
wget -Y on $agent $progress $redirect $certificate $timeout -O " $2 " " $url "
if [ " $? " != "0" ] ; then
wget -Y off $agent $progress $redirect $certificate $timeout -O " $2 " " $3 "
[ " $? " = "0" ] && result = "200"
2021-06-19 15:23:20 +08:00
else
2024-04-13 14:01:58 +08:00
result = "200"
2021-06-19 15:23:20 +08:00
fi
2024-04-13 14:01:58 +08:00
fi
[ " $result " = "200" ] && exit 0 || exit 1
; ;
2023-04-02 19:46:08 +08:00
*)
$1 $2 $3 $4 $5 $6 $7
; ;
2023-01-23 17:17:30 +08:00
2020-09-18 21:09:06 +08:00
esac