mirror of
https://github.com/juewuy/ShellCrash.git
synced 2024-11-16 11:42:18 +08:00
v1.8.9c
~优化iptables及nftables的模块检测机制 ~修复本机代理相关的一系列问题 ~修复保守模式启动报错 ~修复首次启动时定时任务提示找不到用户的bug ~修复自定义singbox配置文件功能导致的若干报错 ~修复systemd启动时的若干问题 ~修复保守模式启动时将信息输出到ssh中的bug
This commit is contained in:
parent
6d2edbdcd8
commit
1a14d3f8e2
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -5,4 +5,4 @@ meta_v=v1.18.0
|
|||
|
||||
singbox_v=1.8.4
|
||||
GeoIP_v=20240127
|
||||
versionsh=1.8.9c
|
||||
versionsh=1.8.9d
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
# Copyright (C) Juewuy
|
||||
|
||||
version=1.8.9c
|
||||
version=1.8.9d
|
||||
|
||||
setdir(){
|
||||
dir_avail(){
|
||||
|
@ -161,15 +161,21 @@ else
|
|||
if [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
|
||||
#创建shellcrash用户
|
||||
sed -i '/0:7890/d' /etc/passwd
|
||||
echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
|
||||
sed -i '/x:7890/d' /etc/group
|
||||
if type useradd &>/dev/null; then
|
||||
useradd shellcrash -u 7890
|
||||
sed -Ei s/7890:7890/0:7890/g /etc/passwd
|
||||
else
|
||||
echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
|
||||
fi
|
||||
#配置systemd
|
||||
mv -f ${CRASHDIR}/shellcrash.service $sysdir/shellcrash.service 2>/dev/null
|
||||
sed -i "s%/etc/ShellCrash%$CRASHDIR%g" $sysdir/shellcrash.service
|
||||
rm -rf $sysdir/clash.service #旧版文件清理
|
||||
systemctl daemon-reload
|
||||
fi
|
||||
#设为保守模式启动
|
||||
setconfig start_old 已开启
|
||||
#设为保守模式启动
|
||||
setconfig start_old 已开启
|
||||
fi
|
||||
#修饰文件及版本号
|
||||
command -v bash &>/dev/null && shtype=bash || shtype=sh
|
||||
|
@ -279,7 +285,8 @@ done
|
|||
chmod 755 ${CRASHDIR}/task/task.sh
|
||||
#旧版文件清理
|
||||
userdel shellclash &>/dev/null
|
||||
sed -i '/0:7890/d' /etc/passwd
|
||||
sed -i '/shellclash/d' /etc/passwd
|
||||
sed -i '/shellclash/d' /etc/group
|
||||
rm -rf /etc/init.d/clash
|
||||
[ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash
|
||||
for file in clash.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do
|
||||
|
|
|
@ -913,8 +913,8 @@ localproxy(){ #本机代理
|
|||
[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && [ -w /etc/passwd ] && local_enh=1
|
||||
echo -----------------------------------------------
|
||||
[ -n "$local_enh" ] && {
|
||||
ckcmd iptables && [ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)"
|
||||
ckcmd nft && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐!)"
|
||||
ckcmd iptables && [ -n "$(iptables -m owner --help | grep owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)"
|
||||
ckcmd nft && modprobe nf_nat &> /dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐!)"
|
||||
}
|
||||
echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐!)"
|
||||
echo -e " 0 返回上级菜单"
|
||||
|
@ -1026,6 +1026,8 @@ setboot(){ #启动相关设置
|
|||
if [ "$mini_clash" = "未开启" ]; then
|
||||
if [ "$dir_size" -gt 20480 ];then
|
||||
echo -e "\033[33m您的设备空间充足(>20M),无需开启!\033[0m"
|
||||
elif [ "start_old" != '已开启' -a "$(cat /proc/1/comm)" = "systemd" ];then
|
||||
echo -e "\033[33m不支持systemd启动模式,请先启用保守模式!\033[0m"
|
||||
else
|
||||
[ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR"
|
||||
echo -e "\033[32m已经启用小闪存功能!\033[0m"
|
||||
|
@ -1111,18 +1113,18 @@ normal_set(){ #基础设置
|
|||
}
|
||||
[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1
|
||||
[ -n "$(ls /dev/net/tun)" ] || ip tuntap &>/dev/null && sup_tun=1
|
||||
ckcmd nft && sup_nft=1
|
||||
ckcmd nft && modprobe nf_nat &> /dev/null && sup_nft=1 && modprobe nft_tproxy &> /dev/null && sup_nft=2
|
||||
|
||||
echo -----------------------------------------------
|
||||
echo -e "当前代理模式为:\033[47;30m $redir_mod \033[0m;Clash核心为:\033[47;30m $crashcore \033[0m"
|
||||
echo -e "\033[33m切换模式后需要手动重启服务以生效!\033[0m"
|
||||
echo -----------------------------------------------
|
||||
echo -e " 1 \033[32mRedir模式\033[0m: Redir转发TCP,不转发UDP"
|
||||
echo -e " 2 \033[36m混合模式\033[0m: Redir转发TCP,Tun转发UDP"
|
||||
[ -n "$sup_tp" ] && echo -e " 3 \033[32mTproxy混合\033[0m: Redir转发TCP,Tproxy转发UDP"
|
||||
ckcmd iptables && echo -e " 1 \033[32mRedir模式\033[0m: Redir转发TCP,不转发UDP"
|
||||
[ -n "$sup_tun" ] && echo -e " 2 \033[36m混合模式\033[0m: Redir转发TCP,Tun转发UDP"
|
||||
[ -n "$sup_tun" ] && echo -e " 4 \033[33mTun模式\033[0m: 使用Tun转发TCP&UDP(占用高)"
|
||||
[ -n "$sup_tp" ] && echo -e " 5 \033[32mTproxy模式\033[0m: 使用Tproxy转发TCP&UDP"
|
||||
[ -n "$sup_nft" ] && echo -e " 6 \033[36mNft基础\033[0m: 使用nftables转发TCP,不转发UDP"
|
||||
[ -n "$sup_nft" ] && echo -e " 7 \033[32mNft混合\033[0m: 使用nft_tproxy转发TCP&UDP"
|
||||
[ "$sup_nft" = 2 ] && echo -e " 7 \033[32mNft混合\033[0m: 使用nft_tproxy转发TCP&UDP"
|
||||
echo -e " 8 \033[36m纯净模式\033[0m: 不设置流量转发"
|
||||
echo " 0 返回上级菜单"
|
||||
read -p "请输入对应数字 > " num
|
||||
|
|
|
@ -5,7 +5,6 @@ After=network.target
|
|||
[Service]
|
||||
Type=simple
|
||||
User=shellcrash
|
||||
ExecStartPre=/etc/ShellCrash/start.sh bfstart
|
||||
ExecStart=/etc/ShellCrash/CrashCore run -D /etc/ShellCrash -C /tmp/ShellCrash/jsons
|
||||
ExecStartPost=/etc/ShellCrash/start.sh afstart >/dev/null &
|
||||
ExecStopPost=/etc/ShellCrash/start.sh stop_firewall ; /etc/ShellCrash/start.sh unset_proxy
|
||||
|
|
|
@ -113,15 +113,18 @@ croncmd(){ #定时任务工具
|
|||
[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
|
||||
[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
|
||||
[ ! -w "$crondir" ] && crondir="/var/spool/cron"
|
||||
[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
|
||||
[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
|
||||
[ -f "$1" ] && cat $1 > $crondir/$USER
|
||||
if [ -w "$crondir" ];then
|
||||
[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
|
||||
[ -f "$1" ] && cat $1 > $crondir/$USER
|
||||
else
|
||||
echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
cronset(){ #定时任务设置
|
||||
# 参数1代表要移除的关键字,参数2代表要添加的任务语句
|
||||
tmpcron=${TMPDIR}/cron_$USER
|
||||
croncmd -l > $tmpcron
|
||||
croncmd -l > $tmpcron 2>/dev/null
|
||||
sed -i "/$1/d" $tmpcron
|
||||
sed -i '/^$/d' $tmpcron
|
||||
echo "$2" >> $tmpcron
|
||||
|
@ -229,7 +232,7 @@ check_singbox_config(){ #检查singbox配置文件
|
|||
exit 1
|
||||
fi
|
||||
#检测SSR节点
|
||||
if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then
|
||||
if [ -n "$(cat $core_config_new | grep -oE '"shadowsocksr"')" ];then
|
||||
echo -----------------------------------------------
|
||||
logger "singbox主干已移除对SSR相关协议的支持,请使用clash系内核或者PuerNya分支!" 33
|
||||
fi
|
||||
|
@ -549,14 +552,13 @@ EOF
|
|||
else
|
||||
reverse_mapping=false
|
||||
fi
|
||||
[ -z "$(cat ${CRASHDIR}/jsons/dns.json 2>/dev/null | grep '"dns":')" ] && {
|
||||
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5' || dns_nameserver=$(echo $dns_nameserver | awk -F ',' '{print $1}')
|
||||
[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1' || dns_fallback=$(echo $dns_fallback | awk -F ',' '{print $1}')
|
||||
[ "$ipv6_dns" = "已开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
|
||||
[ "$dns_mod" = "redir_host" ] && proxy_dns=dns_proxy && direct_dns=dns_direct
|
||||
[ "$dns_mod" = "fake-ip" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
|
||||
[ "$dns_mod" = "mix" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
|
||||
cat > ${TMPDIR}/jsons/dns.json <<EOF
|
||||
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5' || dns_nameserver=$(echo $dns_nameserver | awk -F ',' '{print $1}')
|
||||
[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1' || dns_fallback=$(echo $dns_fallback | awk -F ',' '{print $1}')
|
||||
[ "$ipv6_dns" = "已开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
|
||||
[ "$dns_mod" = "redir_host" ] && proxy_dns=dns_proxy && direct_dns=dns_direct
|
||||
[ "$dns_mod" = "fake-ip" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
|
||||
[ "$dns_mod" = "mix" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
|
||||
cat > ${TMPDIR}/jsons/dns.json <<EOF
|
||||
{
|
||||
"dns": {
|
||||
"servers": [{
|
||||
|
@ -600,7 +602,6 @@ EOF
|
|||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
#生成ntp.json
|
||||
cat > ${TMPDIR}/jsons/ntp.json <<EOF
|
||||
{
|
||||
|
@ -747,10 +748,12 @@ EOF
|
|||
}
|
||||
done
|
||||
#测试自定义配置文件
|
||||
error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
|
||||
error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 )
|
||||
if [ -n "$error" ];then
|
||||
[ "$error" = 'add_rules.json' ] && error_file=${CRASHDIR}/yamls/rules.yaml自定义规则 || error_file=${CRASHDIR}/jsons/$error
|
||||
logger "自定义配置文件校验失败,请检查 ${error_file}文件!" 31
|
||||
echo $error
|
||||
error_file=$(echo $error | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
|
||||
[ "$error_file" = 'add_rules.json' ] && error_file=${CRASHDIR}/yamls/rules.yaml自定义规则 || error_file=${CRASHDIR}/jsons/$error_file
|
||||
logger "自定义配置文件校验失败,请检查【${error_file}】文件!" 31
|
||||
logger "尝试使用基础配置文件启动~" 33
|
||||
#清理自定义配置文件并还原基础配置
|
||||
rm -rf ${TMPDIR}/jsons/cust_*
|
||||
|
@ -1002,7 +1005,7 @@ start_output(){ #iptables本机代理
|
|||
iptables -t nat -N shellcrash_dns_out
|
||||
iptables -t nat -A shellcrash_dns_out -m owner --gid-owner 453 -j RETURN #绕过本机dnsmasq
|
||||
iptables -t nat -A shellcrash_dns_out -m owner --gid-owner 7890 -j RETURN
|
||||
iptables -t nat -A shellcrash_dns_out -p udp -s 127.0.0.0/8 -j REDIRECT --to $dns_port
|
||||
iptables -t nat -A shellcrash_dns_out -p udp -j REDIRECT --to $dns_port
|
||||
iptables -t nat -A OUTPUT -p udp --dport 53 -j shellcrash_dns_out
|
||||
}
|
||||
#Docker转发
|
||||
|
@ -1103,8 +1106,9 @@ start_nft(){ #nftables-allinone
|
|||
#获取局域网host地址
|
||||
getlanip
|
||||
[ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
|
||||
RESERVED_IP="$(echo $reserve_ipv4 | sed 's/ /, /g')"
|
||||
HOST_IP="$(echo $host_ipv4 | sed 's/ /, /g')"
|
||||
RESERVED_IP=$(echo $reserve_ipv4 | sed 's/ /, /g')
|
||||
LOCAL_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
|
||||
HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
|
||||
#设置策略路由
|
||||
ip rule add fwmark $fwmark table 100
|
||||
ip route add local default dev lo table 100
|
||||
|
@ -1173,12 +1177,13 @@ start_nft(){ #nftables-allinone
|
|||
nft add rule inet shellcrash output meta skgid 7890 return && {
|
||||
[ -n "$PORTS" ] && nft add rule inet shellcrash output tcp dport != {$PORTS} return
|
||||
nft add rule inet shellcrash output ip daddr {$RESERVED_IP} return
|
||||
nft add rule inet shellcrash output ip saddr != {$LOCAL_IP} return
|
||||
nft add rule inet shellcrash output meta l4proto tcp mark set $fwmark redirect to $redir_port
|
||||
}
|
||||
#Docker
|
||||
type docker &>/dev/null && {
|
||||
nft add chain inet shellcrash docker { type nat hook prerouting priority -100 \; }
|
||||
nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #进代理docker网段
|
||||
nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #只代理docker网段
|
||||
nft add rule inet shellcrash docker ip daddr {$RESERVED_IP} return #过滤保留地址
|
||||
nft add rule inet shellcrash docker udp dport 53 redirect to $dns_port
|
||||
nft add rule inet shellcrash docker meta l4proto tcp mark set $fwmark redirect to $redir_port
|
||||
|
@ -1468,6 +1473,7 @@ core_check(){
|
|||
fi
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
clash_check(){ #clash启动前检查
|
||||
#检测vless/hysteria协议
|
||||
|
@ -1513,6 +1519,7 @@ clash_check(){ #clash启动前检查
|
|||
[ "$?" = "1" ] && rm -rf ${BINDIR}/GeoSite.dat && logger "数据库下载失败,已退出,请前往更新界面尝试手动下载!" 31 && exit 1
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
singbox_check(){ #singbox启动前检查
|
||||
core_check
|
||||
|
@ -1540,6 +1547,7 @@ singbox_check(){ #singbox启动前检查
|
|||
setconfig Geo_v $Geo_v
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
bfstart(){ #启动前
|
||||
#读取ShellCrash配置
|
||||
|
@ -1580,7 +1588,13 @@ bfstart(){ #启动前
|
|||
[ -n "$(echo $local_type | grep '增强模式')" -o "$(cat /proc/1/comm)" = "systemd" ] && \
|
||||
[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
|
||||
sed -i '/0:7890/d' /etc/passwd
|
||||
echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
|
||||
sed -i '/x:7890/d' /etc/group
|
||||
if ckcmd useradd; then
|
||||
useradd shellcrash -u 7890
|
||||
sed -Ei s/7890:7890/0:7890/g /etc/passwd
|
||||
else
|
||||
echo "shellcrash:x:0:7890:::" >> /etc/passwd
|
||||
fi
|
||||
}
|
||||
#清理debug日志
|
||||
rm -rf ${TMPDIR}/debug.log
|
||||
|
@ -1666,14 +1680,14 @@ start_old(){ #保守模式
|
|||
#使用传统后台执行二进制文件的方式执行
|
||||
if [ "$local_proxy" = "已开启" -a -n "$(echo $local_type | grep '增强模式')" ];then
|
||||
if ckcmd su;then
|
||||
su shellcrash -c "$COMMAND &>/dev/null" &
|
||||
su shellcrash -c "$COMMAND >/dev/null 2>&1" &
|
||||
else
|
||||
logger "当前设备缺少su命令,保守模式下无法兼容本机代理增强模式,已停止启动!" 31
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
ckcmd nohup && nohup=nohup #华硕调用nohup启动
|
||||
$nohup $COMMAND &>/dev/null &
|
||||
ckcmd nohup && [ -d /jffs ] && nohup=nohup #华硕调用nohup启动
|
||||
$nohup $COMMAND >/dev/null 2>&1 &
|
||||
fi
|
||||
afstart
|
||||
cronset '保守模式守护进程' "* * * * * test -z \"\$(pidof CrashCore)\" && ${CRASHDIR}/start.sh daemon #ShellCrash保守模式守护进程"
|
||||
|
@ -1718,6 +1732,7 @@ start)
|
|||
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
|
||||
/etc/init.d/shellcrash start
|
||||
elif [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
|
||||
bfstart
|
||||
FragmentPath=$(systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//')
|
||||
setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath"
|
||||
systemctl daemon-reload
|
||||
|
@ -1736,7 +1751,7 @@ stop)
|
|||
cronset '流媒体预解析'
|
||||
#多种方式结束进程
|
||||
|
||||
if [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
|
||||
if [ "$start_old" != "已开启" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
|
||||
systemctl stop shellcrash.service &>/dev/null
|
||||
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
|
||||
/etc/init.d/shellcrash stop &>/dev/null
|
||||
|
|
|
@ -142,15 +142,18 @@ croncmd(){
|
|||
[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
|
||||
[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
|
||||
[ ! -w "$crondir" ] && crondir="/var/spool/cron"
|
||||
[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请前往 https://t.me/ShellCrash 申请适配!"
|
||||
[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
|
||||
[ -f "$1" ] && cat $1 > $crondir/$USER
|
||||
if [ -w "$crondir" ];then
|
||||
[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
|
||||
[ -f "$1" ] && cat $1 > $crondir/$USER
|
||||
else
|
||||
echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
cronset(){
|
||||
# 参数1代表要移除的关键字,参数2代表要添加的任务语句
|
||||
tmpcron=${TMPDIR}/cron_$USER
|
||||
croncmd -l > $tmpcron
|
||||
croncmd -l > $tmpcron 2>/dev/null
|
||||
sed -i "/$1/d" $tmpcron
|
||||
sed -i '/^$/d' $tmpcron
|
||||
echo "$2" >> $tmpcron
|
||||
|
|
Loading…
Reference in New Issue
Block a user