~优化iptables及nftables的模块检测机制
~修复本机代理相关的一系列问题
~修复保守模式启动报错
~修复首次启动时定时任务提示找不到用户的bug
~修复自定义singbox配置文件功能导致的若干报错
~修复systemd启动时的若干问题
~修复保守模式启动时将信息输出到ssh中的bug
This commit is contained in:
juewuy 2024-01-30 11:40:55 +08:00
parent 6d2edbdcd8
commit 1a14d3f8e2
9 changed files with 70 additions and 44 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -5,4 +5,4 @@ meta_v=v1.18.0
singbox_v=1.8.4
GeoIP_v=20240127
versionsh=1.8.9c
versionsh=1.8.9d

View File

@ -1,7 +1,7 @@
#!/bin/sh
# Copyright (C) Juewuy
version=1.8.9c
version=1.8.9d
setdir(){
dir_avail(){
@ -161,7 +161,13 @@ else
if [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
#创建shellcrash用户
sed -i '/0:7890/d' /etc/passwd
sed -i '/x:7890/d' /etc/group
if type useradd &>/dev/null; then
useradd shellcrash -u 7890
sed -Ei s/7890:7890/0:7890/g /etc/passwd
else
echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
fi
#配置systemd
mv -f ${CRASHDIR}/shellcrash.service $sysdir/shellcrash.service 2>/dev/null
sed -i "s%/etc/ShellCrash%$CRASHDIR%g" $sysdir/shellcrash.service
@ -279,7 +285,8 @@ done
chmod 755 ${CRASHDIR}/task/task.sh
#旧版文件清理
userdel shellclash &>/dev/null
sed -i '/0:7890/d' /etc/passwd
sed -i '/shellclash/d' /etc/passwd
sed -i '/shellclash/d' /etc/group
rm -rf /etc/init.d/clash
[ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash
for file in clash.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do

View File

@ -913,8 +913,8 @@ localproxy(){ #本机代理
[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && [ -w /etc/passwd ] && local_enh=1
echo -----------------------------------------------
[ -n "$local_enh" ] && {
ckcmd iptables && [ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)"
ckcmd nft && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐!)"
ckcmd iptables && [ -n "$(iptables -m owner --help | grep owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)"
ckcmd nft && modprobe nf_nat &> /dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐!)"
}
echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐!)"
echo -e " 0 返回上级菜单"
@ -1026,6 +1026,8 @@ setboot(){ #启动相关设置
if [ "$mini_clash" = "未开启" ]; then
if [ "$dir_size" -gt 20480 ];then
echo -e "\033[33m您的设备空间充足(>20M),无需开启!\033[0m"
elif [ "start_old" != '已开启' -a "$(cat /proc/1/comm)" = "systemd" ];then
echo -e "\033[33m不支持systemd启动模式请先启用保守模式\033[0m"
else
[ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR"
echo -e "\033[32m已经启用小闪存功能\033[0m"
@ -1111,18 +1113,18 @@ normal_set(){ #基础设置
}
[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1
[ -n "$(ls /dev/net/tun)" ] || ip tuntap &>/dev/null && sup_tun=1
ckcmd nft && sup_nft=1
ckcmd nft && modprobe nf_nat &> /dev/null && sup_nft=1 && modprobe nft_tproxy &> /dev/null && sup_nft=2
echo -----------------------------------------------
echo -e "当前代理模式为:\033[47;30m $redir_mod \033[0mClash核心为\033[47;30m $crashcore \033[0m"
echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m"
echo -----------------------------------------------
echo -e " 1 \033[32mRedir模式\033[0m Redir转发TCP不转发UDP"
echo -e " 2 \033[36m混合模式\033[0m Redir转发TCPTun转发UDP"
[ -n "$sup_tp" ] && echo -e " 3 \033[32mTproxy混合\033[0m Redir转发TCPTproxy转发UDP"
ckcmd iptables && echo -e " 1 \033[32mRedir模式\033[0m Redir转发TCP不转发UDP"
[ -n "$sup_tun" ] && echo -e " 2 \033[36m混合模式\033[0m Redir转发TCPTun转发UDP"
[ -n "$sup_tun" ] && echo -e " 4 \033[33mTun模式\033[0m 使用Tun转发TCP&UDP(占用高)"
[ -n "$sup_tp" ] && echo -e " 5 \033[32mTproxy模式\033[0m 使用Tproxy转发TCP&UDP"
[ -n "$sup_nft" ] && echo -e " 6 \033[36mNft基础\033[0m 使用nftables转发TCP不转发UDP"
[ -n "$sup_nft" ] && echo -e " 7 \033[32mNft混合\033[0m 使用nft_tproxy转发TCP&UDP"
[ "$sup_nft" = 2 ] && echo -e " 7 \033[32mNft混合\033[0m 使用nft_tproxy转发TCP&UDP"
echo -e " 8 \033[36m纯净模式\033[0m 不设置流量转发"
echo " 0 返回上级菜单"
read -p "请输入对应数字 > " num

View File

@ -5,7 +5,6 @@ After=network.target
[Service]
Type=simple
User=shellcrash
ExecStartPre=/etc/ShellCrash/start.sh bfstart
ExecStart=/etc/ShellCrash/CrashCore run -D /etc/ShellCrash -C /tmp/ShellCrash/jsons
ExecStartPost=/etc/ShellCrash/start.sh afstart >/dev/null &
ExecStopPost=/etc/ShellCrash/start.sh stop_firewall ; /etc/ShellCrash/start.sh unset_proxy

View File

@ -113,15 +113,18 @@ croncmd(){ #定时任务工具
[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
[ ! -w "$crondir" ] && crondir="/var/spool/cron"
[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
if [ -w "$crondir" ];then
[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
[ -f "$1" ] && cat $1 > $crondir/$USER
else
echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
fi
fi
}
cronset(){ #定时任务设置
# 参数1代表要移除的关键字,参数2代表要添加的任务语句
tmpcron=${TMPDIR}/cron_$USER
croncmd -l > $tmpcron
croncmd -l > $tmpcron 2>/dev/null
sed -i "/$1/d" $tmpcron
sed -i '/^$/d' $tmpcron
echo "$2" >> $tmpcron
@ -229,7 +232,7 @@ check_singbox_config(){ #检查singbox配置文件
exit 1
fi
#检测SSR节点
if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then
if [ -n "$(cat $core_config_new | grep -oE '"shadowsocksr"')" ];then
echo -----------------------------------------------
logger "singbox主干已移除对SSR相关协议的支持请使用clash系内核或者PuerNya分支" 33
fi
@ -549,7 +552,6 @@ EOF
else
reverse_mapping=false
fi
[ -z "$(cat ${CRASHDIR}/jsons/dns.json 2>/dev/null | grep '"dns":')" ] && {
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5' || dns_nameserver=$(echo $dns_nameserver | awk -F ',' '{print $1}')
[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1' || dns_fallback=$(echo $dns_fallback | awk -F ',' '{print $1}')
[ "$ipv6_dns" = "已开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
@ -600,7 +602,6 @@ EOF
}
}
EOF
}
#生成ntp.json
cat > ${TMPDIR}/jsons/ntp.json <<EOF
{
@ -747,10 +748,12 @@ EOF
}
done
#测试自定义配置文件
error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 )
if [ -n "$error" ];then
[ "$error" = 'add_rules.json' ] && error_file=${CRASHDIR}/yamls/rules.yaml自定义规则 || error_file=${CRASHDIR}/jsons/$error
logger "自定义配置文件校验失败,请检查 ${error_file}文件!" 31
echo $error
error_file=$(echo $error | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
[ "$error_file" = 'add_rules.json' ] && error_file=${CRASHDIR}/yamls/rules.yaml自定义规则 || error_file=${CRASHDIR}/jsons/$error_file
logger "自定义配置文件校验失败,请检查【${error_file}】文件!" 31
logger "尝试使用基础配置文件启动~" 33
#清理自定义配置文件并还原基础配置
rm -rf ${TMPDIR}/jsons/cust_*
@ -1002,7 +1005,7 @@ start_output(){ #iptables本机代理
iptables -t nat -N shellcrash_dns_out
iptables -t nat -A shellcrash_dns_out -m owner --gid-owner 453 -j RETURN #绕过本机dnsmasq
iptables -t nat -A shellcrash_dns_out -m owner --gid-owner 7890 -j RETURN
iptables -t nat -A shellcrash_dns_out -p udp -s 127.0.0.0/8 -j REDIRECT --to $dns_port
iptables -t nat -A shellcrash_dns_out -p udp -j REDIRECT --to $dns_port
iptables -t nat -A OUTPUT -p udp --dport 53 -j shellcrash_dns_out
}
#Docker转发
@ -1103,8 +1106,9 @@ start_nft(){ #nftables-allinone
#获取局域网host地址
getlanip
[ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
RESERVED_IP="$(echo $reserve_ipv4 | sed 's/ /, /g')"
HOST_IP="$(echo $host_ipv4 | sed 's/ /, /g')"
RESERVED_IP=$(echo $reserve_ipv4 | sed 's/ /, /g')
LOCAL_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
#设置策略路由
ip rule add fwmark $fwmark table 100
ip route add local default dev lo table 100
@ -1173,12 +1177,13 @@ start_nft(){ #nftables-allinone
nft add rule inet shellcrash output meta skgid 7890 return && {
[ -n "$PORTS" ] && nft add rule inet shellcrash output tcp dport != {$PORTS} return
nft add rule inet shellcrash output ip daddr {$RESERVED_IP} return
nft add rule inet shellcrash output ip saddr != {$LOCAL_IP} return
nft add rule inet shellcrash output meta l4proto tcp mark set $fwmark redirect to $redir_port
}
#Docker
type docker &>/dev/null && {
nft add chain inet shellcrash docker { type nat hook prerouting priority -100 \; }
nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #代理docker网段
nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #代理docker网段
nft add rule inet shellcrash docker ip daddr {$RESERVED_IP} return #过滤保留地址
nft add rule inet shellcrash docker udp dport 53 redirect to $dns_port
nft add rule inet shellcrash docker meta l4proto tcp mark set $fwmark redirect to $redir_port
@ -1468,6 +1473,7 @@ core_check(){
fi
fi
fi
return 0
}
clash_check(){ #clash启动前检查
#检测vless/hysteria协议
@ -1513,6 +1519,7 @@ clash_check(){ #clash启动前检查
[ "$?" = "1" ] && rm -rf ${BINDIR}/GeoSite.dat && logger "数据库下载失败,已退出,请前往更新界面尝试手动下载!" 31 && exit 1
fi
fi
return 0
}
singbox_check(){ #singbox启动前检查
core_check
@ -1540,6 +1547,7 @@ singbox_check(){ #singbox启动前检查
setconfig Geo_v $Geo_v
fi
fi
return 0
}
bfstart(){ #启动前
#读取ShellCrash配置
@ -1580,7 +1588,13 @@ bfstart(){ #启动前
[ -n "$(echo $local_type | grep '增强模式')" -o "$(cat /proc/1/comm)" = "systemd" ] && \
[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
sed -i '/0:7890/d' /etc/passwd
echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
sed -i '/x:7890/d' /etc/group
if ckcmd useradd; then
useradd shellcrash -u 7890
sed -Ei s/7890:7890/0:7890/g /etc/passwd
else
echo "shellcrash:x:0:7890:::" >> /etc/passwd
fi
}
#清理debug日志
rm -rf ${TMPDIR}/debug.log
@ -1666,14 +1680,14 @@ start_old(){ #保守模式
#使用传统后台执行二进制文件的方式执行
if [ "$local_proxy" = "已开启" -a -n "$(echo $local_type | grep '增强模式')" ];then
if ckcmd su;then
su shellcrash -c "$COMMAND &>/dev/null" &
su shellcrash -c "$COMMAND >/dev/null 2>&1" &
else
logger "当前设备缺少su命令保守模式下无法兼容本机代理增强模式已停止启动" 31
exit 1
fi
else
ckcmd nohup && nohup=nohup #华硕调用nohup启动
$nohup $COMMAND &>/dev/null &
ckcmd nohup && [ -d /jffs ] && nohup=nohup #华硕调用nohup启动
$nohup $COMMAND >/dev/null 2>&1 &
fi
afstart
cronset '保守模式守护进程' "* * * * * test -z \"\$(pidof CrashCore)\" && ${CRASHDIR}/start.sh daemon #ShellCrash保守模式守护进程"
@ -1718,6 +1732,7 @@ start)
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
/etc/init.d/shellcrash start
elif [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
bfstart
FragmentPath=$(systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//')
setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath"
systemctl daemon-reload
@ -1736,7 +1751,7 @@ stop)
cronset '流媒体预解析'
#多种方式结束进程
if [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
if [ "$start_old" != "已开启" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
systemctl stop shellcrash.service &>/dev/null
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
/etc/init.d/shellcrash stop &>/dev/null

View File

@ -142,15 +142,18 @@ croncmd(){
[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
[ ! -w "$crondir" ] && crondir="/var/spool/cron"
[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请前往 https://t.me/ShellCrash 申请适配!"
if [ -w "$crondir" ];then
[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
[ -f "$1" ] && cat $1 > $crondir/$USER
else
echo "你的设备不支持定时任务配置,脚本大量功能无法启用,请尝试使用搜索引擎查找安装方式!"
fi
fi
}
cronset(){
# 参数1代表要移除的关键字,参数2代表要添加的任务语句
tmpcron=${TMPDIR}/cron_$USER
croncmd -l > $tmpcron
croncmd -l > $tmpcron 2>/dev/null
sed -i "/$1/d" $tmpcron
sed -i '/^$/d' $tmpcron
echo "$2" >> $tmpcron