v1.3.7-test

~增加CN_IP绕过内核功能

bin/version

@@ -1,4 +1,4 @@
 clash_v=1.6.0
 clashpre_v=2021.05.08
 GeoIP_v=20210514
-versionsh=1.3.6
+versionsh=1.3.7

scripts/clash.sh

@@ -733,6 +733,7 @@ clashadv(){
 	[ -z "$ipv6_support" ] && ipv6_support=未开启
 	[ -z "$start_old" ] && start_old=未开启
 	[ -z "$tproxy_mod" ] && tproxy_mod=未开启
+	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
 	[ "$bindir" = "/tmp/clash_$USER" ] && mini_clash=已开启 || mini_clash=未开启
 	[ -n "$(cat /etc/crontabs/root | grep otapredownload)" ] && mi_update=禁用 || mi_update=启用
 	#
@@ -744,10 +745,10 @@ clashadv(){
 	echo -e " 2 启用ipv6支持:	\033[36m$ipv6_support\033[0m	————实验性功能，可能不稳定"
 	echo -e " 3 Redir模式udp转发:	\033[36m$tproxy_mod\033[0m	————依赖iptables-mod-tproxy"
 	echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————不保存核心及数据库文件"
-	echo -e " 5 配置内置DNS服务	\033[36m$dns_no\033[0m"
-	echo -e " 6 手动指定相关端口、秘钥及本机host"
+	echo -e " 5 CN_IP绕过内核:	\033[36m$cn_ip_route\033[0m	————实验性功能，可能不稳定"
+	echo -e " 6 配置内置DNS服务	\033[36m$dns_no\033[0m"
 	echo -e " 7 使用自定义配置"
-	[ -x /usr/sbin/otapredownload ] && echo -e " 8 \033[33m$mi_update\033[0m小米系统自动更新"
+	echo -e " 8 手动指定相关端口、秘钥及本机host"
 	echo -----------------------------------------------
 	echo -e " 9 \033[31m重置\033[0m配置文件"
 	echo -e " 0 返回上级菜单 \033[0m"
@@ -841,6 +842,19 @@ clashadv(){
 		clashadv
 		
 	elif [ "$num" = 5 ]; then
+		echo -----------------------------------------------
+		if [ "$cn_ip_route" = "未开启" ]; then 
+			echo -e "\033[33m已开启CN_IP绕过内核功能！！\033[0m"
+			cn_ip_route=已开启
+			sleep 1
+		else
+			echo -e "\033[32m已禁用CN_IP绕过内核功能！！\033[0m"
+			cn_ip_route=未开启
+		fi
+		setconfig cn_ip_route $cn_ip_route
+		clashadv  	
+		
+	elif [ "$num" = 6 ]; then
 		source $ccfg
 		if [ "$dns_no" = "已禁用" ];then
 			read -p "检测到内置DNS已被禁用，是否启用内置DNS？(1/0) > " res
@@ -853,7 +867,7 @@ clashadv(){
 		fi
 		clashadv	
 		
-	elif [ "$num" = 6 ]; then
+	elif [ "$num" = 8 ]; then
 		source $ccfg
 		if [ -n "$(pidof clash)" ];then
 			echo -----------------------------------------------
@@ -896,13 +910,6 @@ EOF
 		sleep 3
 		clashadv
 		
-	elif [ -x /usr/sbin/otapredownload ] && [ "$num" = 8 ]; then	
-		[ "$mi_update" = "禁用" ] && sed -i "/otapredownload/d" /etc/crontabs/root || echo "15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >> /etc/crontabs/root	
-		echo -----------------------------------------------
-		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动启动，如未生效，请在官方APP中同步设置！"
-		sleep 1
-		clashadv
-		
 	elif [ "$num" = 9 ]; then	
 		read -p "确认重置配置文件？(1/0) > " res
 		if [ "$res" = "1" ];then

scripts/start.sh

@@ -26,6 +26,7 @@ getconfig(){
 	[ -z "$redir_port" ] && redir_port=7892
 	[ -z "$db_port" ] && db_port=9999
 	[ -z "$dns_port" ] && dns_port=1053
+	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
 	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
 	[ -z "$multiport" ] && multiport='22,53,587,465,995,993,143,80,443,8080'
@@ -300,6 +301,20 @@ EOF
 	rm -f $tmpdir/proxy.yaml
 }
 #设置路由规则
+cn_ip_route(){	
+	if [ ! -f $clashdir/cn_ip.txt ];then
+		logger "未找到cn_ip列表，正在下载！" 33
+		webget $clashdir/cn_ip.txt "$update_url/bin/china_ip_list.txt"
+		[ "$result" != 200 ] && rm -rf $clashdir/cn_ip.txt && logger "列表下载失败，已退出！" 31 && exit 1
+	fi
+	if [ -f $clashdir/cn_ip.txt ];then
+	echo "create cn_ip hash:net family inet hashsize 1024 maxelem 65536" > /tmp/cn_$USER.ipset
+	awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' $clashdir/cn_ip.txt >> /tmp/cn_$USER.ipset
+	ipset -! flush cn_ip
+	ipset -! restore < /tmp/cn_$USER.ipset 2>/dev/null
+	rm -rf cn_$USER.ipset
+	fi
+}
 start_redir(){
 	#获取本地局域网地址段
 	gethost
@@ -313,6 +328,7 @@ start_redir(){
 	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash -m set --match-set china dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -408,6 +424,7 @@ start_udp(){
 	iptables -t mangle -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t mangle -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t mangle -A clash -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t mangle -A clash -m set --match-set china dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -434,6 +451,7 @@ start_output(){
 	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash_out -m set --match-set china dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -499,6 +517,8 @@ stop_iptables(){
 	ip6tables -t nat -F clashv6_dns 2> /dev/null
 	ip6tables -t nat -X clashv6_dns 2> /dev/null
 	ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#清理ipset规则
+	ipset destroy cn_ip >/dev/null 2>&1
 }
 #面板配置保存相关
 web_save(){
@@ -595,7 +615,7 @@ bfstart(){
 			[ -z "$cpucore" ] && source $clashdir/getdate.sh && getcpucore
 			[ -z "$cpucore" ] && logger 找不到设备的CPU信息，请手动指定处理器架构类型！ 31 && setcpucore
 			webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
-			[ "$?" = 1 ] && logger "核心下载失败，已退出！" 31 && rm -f $bindir/clash && exit 1
+			[ "$result" != 200 ] && rm -rf $bindir/clash && logger "核心下载失败，已退出！" 31 && exit 1
 			[ ! -x $bindir/clash ] && chmod +x $bindir/clash 	#检测可执行权限
 			clashv=$($bindir/clash -v | awk '{print $2}')
 			setconfig clashv $clashv
@@ -609,7 +629,7 @@ bfstart(){
 			logger "未找到GeoIP数据库，正在下载！" 33
 			[ -z "$geotype" ] && geotype=cn_mini.mmdb
 			webget $bindir/Country.mmdb $update_url/bin/$geotype
-			[ "$?" = 1 ] && logger "数据库下载失败，已退出！" 31 && rm -f $bindir/Country.mmdb && exit 1
+			[ "$result" != 200 ] && rm -rf $bindir/Country.mmdb && logger "数据库下载失败，已退出！" 31 && exit 1
 			Geo_v=$(date +"%Y%m%d")
 			setconfig Geo_v $Geo_v
 		fi
@@ -638,6 +658,7 @@ afstart(){
 	$bindir/clash -t -d $bindir >/dev/null
 	if [ "$?" = 0 ];then
 		#设置iptables转发规则
+		[ "$dns_mod" = "redir_host" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route
 		[ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && start_dns
 		[ "$redir_mod" != "纯净模式" ] && [ "$redir_mod" != "Tun模式" ] && start_redir
 		[ "$redir_mod" = "Redir模式" ] && [ "$tproxy_mod" = "已开启" ] && start_udp