v1.8.9c

~优化iptables及nftables的模块检测机制
~修复本机代理相关的一系列问题
~修复保守模式启动报错
~修复首次启动时定时任务提示找不到用户的bug
~修复自定义singbox配置文件功能导致的若干报错
~修复systemd启动时的若干问题
~修复保守模式启动时将信息输出到ssh中的bug

bin/version

@@ -5,4 +5,4 @@ meta_v=v1.18.0
 
 singbox_v=1.8.4
 GeoIP_v=20240127
-versionsh=1.8.9c
+versionsh=1.8.9d

scripts/init.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-version=1.8.9c
+version=1.8.9d
 
 setdir(){
 	dir_avail(){
@@ -161,15 +161,21 @@ else
 	if [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
 		#创建shellcrash用户
 		sed -i '/0:7890/d' /etc/passwd
-		echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
+		sed -i '/x:7890/d' /etc/group
+		if type useradd &>/dev/null; then
+			useradd shellcrash -u 7890
+			sed -Ei s/7890:7890/0:7890/g /etc/passwd
+		else
+			echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
+		fi
 		#配置systemd
 		mv -f ${CRASHDIR}/shellcrash.service $sysdir/shellcrash.service 2>/dev/null
 		sed -i "s%/etc/ShellCrash%$CRASHDIR%g" $sysdir/shellcrash.service
 		rm -rf $sysdir/clash.service #旧版文件清理
 		systemctl daemon-reload
 	fi
-	#设为保守模式启动
-	setconfig start_old 已开启
+		#设为保守模式启动
+		setconfig start_old 已开启
 fi
 #修饰文件及版本号
 command -v bash &>/dev/null && shtype=bash || shtype=sh 
@@ -279,7 +285,8 @@ done
 chmod 755 ${CRASHDIR}/task/task.sh
 #旧版文件清理
 userdel shellclash &>/dev/null
-sed -i '/0:7890/d' /etc/passwd
+sed -i '/shellclash/d' /etc/passwd
+sed -i '/shellclash/d' /etc/group
 rm -rf /etc/init.d/clash
 [ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash
 for file in clash.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do

scripts/menu.sh

@@ -913,8 +913,8 @@ localproxy(){ #本机代理
 	[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && [ -w /etc/passwd ] && local_enh=1
 	echo -----------------------------------------------
 	[ -n "$local_enh" ] && {
-		ckcmd iptables && [ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
-		ckcmd nft && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐！)"
+		ckcmd iptables && [ -n "$(iptables -m owner --help | grep owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
+		ckcmd nft && modprobe nf_nat &> /dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐！)"
 	}
 	echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐！)"
 	echo -e " 0 返回上级菜单"
@@ -1026,6 +1026,8 @@ setboot(){ #启动相关设置
 		if [ "$mini_clash" = "未开启" ]; then 
 			if [ "$dir_size" -gt 20480 ];then
 				echo -e "\033[33m您的设备空间充足(>20M)，无需开启！\033[0m"
+			elif [ "start_old" != '已开启' -a "$(cat /proc/1/comm)" = "systemd" ];then
+				echo -e "\033[33m不支持systemd启动模式，请先启用保守模式！\033[0m"
 			else
 				[ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR"
 				echo -e "\033[32m已经启用小闪存功能！\033[0m"
@@ -1111,18 +1113,18 @@ normal_set(){ #基础设置
 		}
 		[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1
 		[ -n "$(ls /dev/net/tun)" ] || ip tuntap &>/dev/null && sup_tun=1
-		ckcmd nft && sup_nft=1
+		ckcmd nft && modprobe nf_nat &> /dev/null && sup_nft=1 && modprobe nft_tproxy &> /dev/null && sup_nft=2
+		
 		echo -----------------------------------------------
 		echo -e "当前代理模式为：\033[47;30m $redir_mod \033[0m；Clash核心为：\033[47;30m $crashcore \033[0m"
 		echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
 		echo -----------------------------------------------
-		echo -e " 1 \033[32mRedir模式\033[0m：    Redir转发TCP，不转发UDP"
-		echo -e " 2 \033[36m混合模式\033[0m：     Redir转发TCP，Tun转发UDP"
-		[ -n "$sup_tp" ] && echo -e " 3 \033[32mTproxy混合\033[0m：   Redir转发TCP，Tproxy转发UDP"
+		ckcmd iptables && echo -e " 1 \033[32mRedir模式\033[0m：    Redir转发TCP，不转发UDP"
+		[ -n "$sup_tun" ] && echo -e " 2 \033[36m混合模式\033[0m：     Redir转发TCP，Tun转发UDP"
 		[ -n "$sup_tun" ] && echo -e " 4 \033[33mTun模式\033[0m：      使用Tun转发TCP&UDP(占用高)"
 		[ -n "$sup_tp" ] && echo -e " 5 \033[32mTproxy模式\033[0m：   使用Tproxy转发TCP&UDP"
 		[ -n "$sup_nft" ] && echo -e " 6 \033[36mNft基础\033[0m：      使用nftables转发TCP，不转发UDP"
-		[ -n "$sup_nft" ] && echo -e " 7 \033[32mNft混合\033[0m：      使用nft_tproxy转发TCP&UDP"
+		[ "$sup_nft" = 2 ] && echo -e " 7 \033[32mNft混合\033[0m：      使用nft_tproxy转发TCP&UDP"
 		echo -e " 8 \033[36m纯净模式\033[0m：     不设置流量转发"
 		echo " 0 返回上级菜单"
 		read -p "请输入对应数字 > " num	

scripts/shellcrash.service

@@ -5,7 +5,6 @@ After=network.target
 [Service]
 Type=simple
 User=shellcrash
-ExecStartPre=/etc/ShellCrash/start.sh bfstart
 ExecStart=/etc/ShellCrash/CrashCore run -D /etc/ShellCrash -C /tmp/ShellCrash/jsons
 ExecStartPost=/etc/ShellCrash/start.sh afstart >/dev/null &
 ExecStopPost=/etc/ShellCrash/start.sh stop_firewall ; /etc/ShellCrash/start.sh unset_proxy

scripts/start.sh

@@ -113,15 +113,18 @@ croncmd(){ #定时任务工具
 		[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
 		[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
 		[ ! -w "$crondir" ] && crondir="/var/spool/cron"
-		[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请尝试使用搜索引擎查找安装方式！"
-		[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
-		[ -f "$1" ] && cat $1 > $crondir/$USER
+		if [ -w "$crondir" ];then
+			[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
+			[ -f "$1" ] && cat $1 > $crondir/$USER
+		else
+			echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请尝试使用搜索引擎查找安装方式！"
+		fi
 	fi
 }
 cronset(){ #定时任务设置
 	# 参数1代表要移除的关键字,参数2代表要添加的任务语句
 	tmpcron=${TMPDIR}/cron_$USER
-	croncmd -l > $tmpcron 
+	croncmd -l > $tmpcron 2>/dev/null
 	sed -i "/$1/d" $tmpcron
 	sed -i '/^$/d' $tmpcron
 	echo "$2" >> $tmpcron
@@ -229,7 +232,7 @@ check_singbox_config(){ #检查singbox配置文件
 		exit 1
 	fi
 	#检测SSR节点
-	if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then
+	if [ -n "$(cat $core_config_new | grep -oE '"shadowsocksr"')" ];then
 		echo -----------------------------------------------
 		logger "singbox主干已移除对SSR相关协议的支持，请使用clash系内核或者PuerNya分支！" 33
 	fi
@@ -549,14 +552,13 @@ EOF
 	else
 		reverse_mapping=false
 	fi
-	[ -z "$(cat ${CRASHDIR}/jsons/dns.json 2>/dev/null | grep '"dns":')" ] && { 
-		[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5' || dns_nameserver=$(echo $dns_nameserver | awk -F ',' '{print $1}')
-		[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1' || dns_fallback=$(echo $dns_fallback | awk -F ',' '{print $1}')
-		[ "$ipv6_dns" = "已开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
-		[ "$dns_mod" = "redir_host" ] && proxy_dns=dns_proxy && direct_dns=dns_direct
-		[ "$dns_mod" = "fake-ip" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
-		[ "$dns_mod" = "mix" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
-		cat > ${TMPDIR}/jsons/dns.json <<EOF
+	[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5' || dns_nameserver=$(echo $dns_nameserver | awk -F ',' '{print $1}')
+	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1' || dns_fallback=$(echo $dns_fallback | awk -F ',' '{print $1}')
+	[ "$ipv6_dns" = "已开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
+	[ "$dns_mod" = "redir_host" ] && proxy_dns=dns_proxy && direct_dns=dns_direct
+	[ "$dns_mod" = "fake-ip" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
+	[ "$dns_mod" = "mix" ] && proxy_dns=dns_fakeip && direct_dns=dns_direct
+	cat > ${TMPDIR}/jsons/dns.json <<EOF
 {
   "dns": { 
     "servers": [{
@@ -600,7 +602,6 @@ EOF
   }
 }
 EOF
-	}
 	#生成ntp.json
 	cat > ${TMPDIR}/jsons/ntp.json <<EOF
 {
@@ -747,10 +748,12 @@ EOF
 		}
 	done
 	#测试自定义配置文件
-	error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
+	error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 )
 	if [ -n "$error" ];then
-		[ "$error" = 'add_rules.json' ] && error_file=${CRASHDIR}/yamls/rules.yaml自定义规则 || error_file=${CRASHDIR}/jsons/$error
-		logger "自定义配置文件校验失败，请检查 ${error_file}文件！" 31
+		echo $error
+		error_file=$(echo $error | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
+		[ "$error_file" = 'add_rules.json' ] && error_file=${CRASHDIR}/yamls/rules.yaml自定义规则 || error_file=${CRASHDIR}/jsons/$error_file
+		logger "自定义配置文件校验失败，请检查【${error_file}】文件！" 31
 		logger "尝试使用基础配置文件启动~" 33
 		#清理自定义配置文件并还原基础配置
 		rm -rf ${TMPDIR}/jsons/cust_*
@@ -1002,7 +1005,7 @@ start_output(){ #iptables本机代理
 	iptables -t nat -N shellcrash_dns_out
 	iptables -t nat -A shellcrash_dns_out -m owner --gid-owner 453 -j RETURN #绕过本机dnsmasq
 	iptables -t nat -A shellcrash_dns_out -m owner --gid-owner 7890 -j RETURN
-	iptables -t nat -A shellcrash_dns_out -p udp -s 127.0.0.0/8 -j REDIRECT --to $dns_port
+	iptables -t nat -A shellcrash_dns_out -p udp -j REDIRECT --to $dns_port
 	iptables -t nat -A OUTPUT -p udp --dport 53 -j shellcrash_dns_out
 	}
 	#Docker转发
@@ -1103,8 +1106,9 @@ start_nft(){ #nftables-allinone
 	#获取局域网host地址
 	getlanip
 	[ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
-	RESERVED_IP="$(echo $reserve_ipv4 | sed 's/ /, /g')"
-	HOST_IP="$(echo $host_ipv4 | sed 's/ /, /g')"
+	RESERVED_IP=$(echo $reserve_ipv4 | sed 's/ /, /g')
+	LOCAL_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
+	HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
 	#设置策略路由
 	ip rule add fwmark $fwmark table 100
 	ip route add local default dev lo table 100
@@ -1173,12 +1177,13 @@ start_nft(){ #nftables-allinone
 		nft add rule inet shellcrash output meta skgid 7890 return && {
 			[ -n "$PORTS" ] && nft add rule inet shellcrash output tcp dport != {$PORTS} return
 			nft add rule inet shellcrash output ip daddr {$RESERVED_IP} return
+			nft add rule inet shellcrash output ip saddr != {$LOCAL_IP} return
 			nft add rule inet shellcrash output meta l4proto tcp mark set $fwmark redirect to $redir_port
 		}
 		#Docker
 		type docker &>/dev/null && {
 			nft add chain inet shellcrash docker { type nat hook prerouting priority -100 \; }
-			nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #进代理docker网段
+			nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #只代理docker网段
 			nft add rule inet shellcrash docker ip daddr {$RESERVED_IP} return #过滤保留地址
 			nft add rule inet shellcrash docker udp dport 53 redirect to $dns_port
 			nft add rule inet shellcrash docker meta l4proto tcp mark set $fwmark redirect to $redir_port
@@ -1468,6 +1473,7 @@ core_check(){
 			fi
 		fi
 	fi
+	return 0
 }
 clash_check(){ #clash启动前检查
 	#检测vless/hysteria协议
@@ -1513,6 +1519,7 @@ clash_check(){ #clash启动前检查
 			[ "$?" = "1" ] && rm -rf ${BINDIR}/GeoSite.dat && logger "数据库下载失败，已退出，请前往更新界面尝试手动下载！" 31 && exit 1
 		fi
 	fi
+	return 0
 }
 singbox_check(){ #singbox启动前检查
 	core_check
@@ -1540,6 +1547,7 @@ singbox_check(){ #singbox启动前检查
 			setconfig Geo_v $Geo_v
 		fi
 	fi
+	return 0
 }
 bfstart(){ #启动前
 	#读取ShellCrash配置
@@ -1580,7 +1588,13 @@ bfstart(){ #启动前
 	[ -n "$(echo $local_type | grep '增强模式')" -o "$(cat /proc/1/comm)" = "systemd" ] && \
 	[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
 		sed -i '/0:7890/d' /etc/passwd
-		echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
+		sed -i '/x:7890/d' /etc/group
+		if ckcmd useradd; then
+			useradd shellcrash -u 7890
+			sed -Ei s/7890:7890/0:7890/g /etc/passwd
+		else
+			echo "shellcrash:x:0:7890:::" >> /etc/passwd
+		fi
 	}
 	#清理debug日志
 	rm -rf ${TMPDIR}/debug.log
@@ -1666,14 +1680,14 @@ start_old(){ #保守模式
 	#使用传统后台执行二进制文件的方式执行
 	if [ "$local_proxy" = "已开启" -a -n "$(echo $local_type | grep '增强模式')" ];then
 		if ckcmd su;then
-			su shellcrash -c "$COMMAND &>/dev/null" &
+			su shellcrash -c "$COMMAND >/dev/null 2>&1" &
 		else
 			logger "当前设备缺少su命令，保守模式下无法兼容本机代理增强模式，已停止启动！" 31
 			exit 1
 		fi
 	else
-		ckcmd nohup && nohup=nohup #华硕调用nohup启动
-		$nohup $COMMAND &>/dev/null &
+		ckcmd nohup && [ -d /jffs ] && nohup=nohup #华硕调用nohup启动
+		$nohup $COMMAND >/dev/null 2>&1 &
 	fi
 	afstart
 	cronset '保守模式守护进程' "* * * * * test -z \"\$(pidof CrashCore)\" && ${CRASHDIR}/start.sh daemon #ShellCrash保守模式守护进程"
@@ -1718,6 +1732,7 @@ start)
 		elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
 			/etc/init.d/shellcrash start 
 		elif [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
+			bfstart
 			FragmentPath=$(systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//')
 			setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath"
 			systemctl daemon-reload
@@ -1736,7 +1751,7 @@ stop)
 		cronset '流媒体预解析'
 		#多种方式结束进程
 
-		if [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
+		if [ "$start_old" != "已开启" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
 			systemctl stop shellcrash.service &>/dev/null
 		elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
 			/etc/init.d/shellcrash stop &>/dev/null

scripts/task.sh

@@ -142,15 +142,18 @@ croncmd(){
 		[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
 		[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
 		[ ! -w "$crondir" ] && crondir="/var/spool/cron"
-		[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请前往 https://t.me/ShellCrash 申请适配！"
-		[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
-		[ -f "$1" ] && cat $1 > $crondir/$USER
+		if [ -w "$crondir" ];then
+			[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
+			[ -f "$1" ] && cat $1 > $crondir/$USER
+		else
+			echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请尝试使用搜索引擎查找安装方式！"
+		fi
 	fi
 }
 cronset(){
 	# 参数1代表要移除的关键字,参数2代表要添加的任务语句
 	tmpcron=${TMPDIR}/cron_$USER
-	croncmd -l > $tmpcron 
+	croncmd -l > $tmpcron 2>/dev/null
 	sed -i "/$1/d" $tmpcron
 	sed -i '/^$/d' $tmpcron
 	echo "$2" >> $tmpcron