v1.9.1beta1

~移除了所有不支持vless及hy的在线sub服务器并将重试次数降低到3次 ~singbox内核不再默认启用ntp服务 ~自动任务中重启命令优化 ~修复providers中指定单独提供商生成配置失败的bug ~优化iptables/ip6tables检测机制，修复报错，修复旧设备ipv6运行出错导致的各种问题 ~优化cn绕过检测机制，修复报错 ~优化保持面板节点功能，增加了空文件校验，修复部分用户还原失败的bug
2024-11-15 19:22:54 +08:00 · 2024-03-19 13:58:02 +08:00 · 2024-03-19 13:58:02 +08:00 · fd1b592a7e
commit fd1b592a7e
parent 78d834bc7f
9 changed files with 46 additions and 50 deletions
--- a/bin/ShellCrash.tar.gz
+++ b/bin/ShellCrash.tar.gz
--- a/bin/clashfm.tar.gz
+++ b/bin/clashfm.tar.gz
--- a/bin/public.tar.gz
+++ b/bin/public.tar.gz
--- a/bin/version
+++ b/bin/version
@ -4,5 +4,5 @@ clash_v=v1.7.1
 meta_v=v1.18.1
 singboxp_v=1.9.0-beta.16-3140e7ac
 singbox_v=1.8.8
-versionsh=1.9.1alpha9
+versionsh=1.9.1beta1
 GeoIP_v=20240316
--- a/public/servers.list
+++ b/public/servers.list
@ -7,13 +7,9 @@

 201 wwng2333自建CN源(请勿滥用!)  https://mirrors.csgo.ovh/ShellClash 公测版
 202 http私人内测源(危险!非必要请勿使用)  http://t.jwsc.eu.org 开发版
-   
-301 墙洞提供,不支持vless|hy https://api.dler.io  
-302 SUB作者提供,不支持vless|hy https://sub.xeton.dev 
-303 品云提供,不支持vless|hy https://sub.id9.cc
 
-401 肥羊提供(有广告),支持vless|hy2 https://sub.d1.mk
-402 作者提供,支持vless|hy2 https://sub.jwsc.eu.org
+401 作者提供,支持vless|hy2 https://sub.jwsc.eu.org
+402 肥羊提供(有广告),支持vless|hy2 https://sub.d1.mk
 403 肥羊提供(有广告),支持vless|hy2 https://api.v1.mk

 497 作者提供,未加密仅备用 http://sub2.jwsc.eu.org  
--- a/public/task.list
+++ b/public/task.list
@ -13,6 +13,6 @@
 113#$CRASHDIR/task/task.sh update_mmdb#自动更新数据库文件

 121#$CRASHDIR/task/task.sh reset_firewall#重设透明路由防火墙
-122#reboot#重启路由设备(慎用)
+122#sleep 70 && touch /etc/banner && reboot#重启路由设备(慎用)


--- a/scripts/init.sh
+++ b/scripts/init.sh
@ -1,7 +1,7 @@
 #!/bin/sh
 # Copyright (C) Juewuy

-version=1.9.1alpha9
+version=1.9.1beta1

 setdir(){
 	dir_avail(){
--- a/scripts/start.sh
+++ b/scripts/start.sh
@ -275,10 +275,10 @@ check_singbox_config(){ #检查singbox配置文件
 }
 get_core_config(){ #下载内核配置文件
 	[ -z "$rule_link" ] && rule_link=1
-	[ -z "$server_link" ] && server_link=1
+	[ -z "$server_link" ] || [ $server_link -gt $(grep -aE '^4' ${CRASHDIR}/configs/servers.list | wc -l) ] && server_link=1
 	Server=$(grep -aE '^3|^4' ${CRASHDIR}/configs/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
 	[ -n "$(echo $Url | grep -oE 'vless:|hysteria:')" ] && Server=$(grep -aE '^4' ${CRASHDIR}/configs/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
-	[ "$retry" = 4 ] && Server=$(grep -aE '^497' ${CRASHDIR}/configs/servers.list | awk '{print $3}')
+	[ "$retry" = 3 ] && Server=$(grep -aE '^497' ${CRASHDIR}/configs/servers.list | awk '{print $3}')
 	Config=$(grep -aE '^5' ${CRASHDIR}/configs/servers.list | sed -n ""$rule_link"p" | awk '{print $3}')
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
@ -304,11 +304,11 @@ get_core_config(){ #下载内核配置文件
 			echo -----------------------------------------------
 			exit 1
 		else
-			if [ "$retry" = 4 ];then
+			if [ "$retry" = 3 ];then
 				logger "无法获取配置文件，请检查链接格式以及网络连接状态！" 31
 				echo -e "\033[32m也可用浏览器下载以上链接后，使用WinSCP手动上传到/tmp目录后执行crash命令本地导入！\033[0m"
 				exit 1
-			elif [ "$retry" = 3 ];then
+			elif [ "$retry" = 2 ];then
 				retry=4
 				logger "配置文件获取失败！将尝试使用http协议备用服务器获取！" 31
 				echo -e "\033[32m如担心数据安全，请在3s内使用【Ctrl+c】退出！\033[0m"
@ -319,8 +319,8 @@ get_core_config(){ #下载内核配置文件
 				retry=$((retry+1))
 				logger "配置文件获取失败！" 31
 				echo -e "\033[32m尝试使用其他服务器获取配置！\033[0m"
-				logger "正在重试第$retry次/共4次！" 33
-				if [ "$server_link" -ge 5 ]; then
+				logger "正在重试第$retry次/共3次！" 33
+				if [ "$server_link" -ge 4 ]; then
 					server_link=0
 				fi
 				server_link=$((server_link+1))
@ -677,17 +677,17 @@ EOF
 }
 EOF
 	#生成ntp.json
-	cat > ${TMPDIR}/jsons/ntp.json <<EOF
-{
-  "ntp": {
-    "enabled": true,
-    "server": "203.107.6.88",
-    "server_port": 123,
-    "interval": "30m0s",
-	"detour": "DIRECT"
-  }
-}
-EOF
+	# cat > ${TMPDIR}/jsons/ntp.json <<EOF
+# {
+  # "ntp": {
+    # "enabled": true,
+    # "server": "203.107.6.88",
+    # "server_port": 123,
+    # "interval": "30m0s",
+	# "detour": "DIRECT"
+  # }
+# }
+# EOF
 	#生成inbounds.json
 	[ -n "$authentication" ] && {
 		username=$(echo $authentication | awk -F ':' '{print $1}') #混合端口账号密码
@ -994,10 +994,10 @@ start_iptables(){ #iptables配置总入口
 	[ "$dns_no" != "已禁用" -a "$dns_redir" != "已开启" -a "$firewall_area" -le 3 ] && {
 		[ "$lan_proxy" = true ] && {
 			start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
-			if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then
+			if ip6tables -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports';then
 				start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
 			else
-				ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT 2>/dev/null
+				ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellCrash-IPV6_DNS-REJECT" -j REJECT
 			fi
 		}
 		[ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
@ -1008,7 +1008,7 @@ start_iptables(){ #iptables配置总入口
 		[ "$lan_proxy" = true ] && {
 			start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
 			[ "$ipv6_redir" = "已开启" ] && {
-			if [ -n "$(grep -E '^REDIRECT$' /proc/net/ip6_tables_targets)" ];then
+			if ip6tables -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports';then
 					start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
 				else
 					logger "当前设备内核缺少ip6tables_REDIRECT模块支持，已放弃启动相关规则！" 31
@ -1019,7 +1019,7 @@ start_iptables(){ #iptables配置总入口
 	}
 	[ "$redir_mod" = "Tproxy模式" ] && {
 		JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
-		if [ -n "$(grep -E '^TPROXY$' /proc/net/ip_tables_targets)" ];then
+		if iptables -j TPROXY -h 2>/dev/null | grep -q '\--on-port';then
 			[ "$lan_proxy" = true ] && start_ipt_route iptables mangle PREROUTING shellcrash_mark all
 			[ "$local_proxy" = true ] && {
 				if [ -n "$(grep -E '^MARK$' /proc/net/ip_tables_targets)" ];then
@ -1035,7 +1035,7 @@ start_iptables(){ #iptables配置总入口
 			logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持，已放弃启动相关规则！" 31
 		fi
 		[ "$ipv6_redir" = "已开启" ] && [ "$lan_proxy" = true ] && {
-			if [ -n "$(grep -E '^TPROXY$' /proc/net/ip6_tables_targets)" ];then
+			if ip6tables -j TPROXY -h 2>/dev/null | grep -q '\--on-port';then
 				JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
 				start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
 			else
@ -1048,12 +1048,9 @@ start_iptables(){ #iptables配置总入口
 		[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "T&U旁路转发" ] && protocol=all
 		[ "$redir_mod" = "混合模式" ] && protocol=udp
 		[ "$redir_mod" = "TCP旁路转发" ] && protocol=tcp
-		if [ -n "$(grep -E '^MARK$' /proc/net/ip_tables_targets)" ];then
+		if iptables -j MARK -h 2>/dev/null | grep -q '\--set-mark';then
 			[ "$lan_proxy" = true ] && {
-				[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
-					iptables -I FORWARD -o utun -j ACCEPT
-					#ip route show | grep "dev utun proto kernel scope link src" | while read route; do ip route del $route; done #移除内核生成的tun路由
-				}
+				[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && iptables -I FORWARD -o utun -j ACCEPT
 				start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol
 			}
 			[ "$local_proxy" = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol
@ -1061,7 +1058,7 @@ start_iptables(){ #iptables配置总入口
 			logger "当前设备内核可能缺少x_mark模块支持，已放弃启动相关规则！" 31
 		fi		
 		[ "$ipv6_redir" = "已开启" ] && [ "$lan_proxy" = true ] && [ "$crashcore" != clashpre ] && {
-			if [ -n "$(grep -E '^MARK$' /proc/net/ip6_tables_targets)" ];then
+			if ip6tables -j MARK -h 2>/dev/null | grep -q '\--set-mark';then
 				[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && ip6tables -I FORWARD -o utun -j ACCEPT
 				start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark $protocol
 			else
@ -1406,8 +1403,6 @@ web_save(){ #最小化保存面板节点选择
 		if [ -s ${TMPDIR}/${file} ];then
 			compare ${TMPDIR}/${file} ${CRASHDIR}/configs/${file}
 			[ "$?" = 0 ] && rm -rf ${TMPDIR}/${file} || mv -f ${TMPDIR}/${file} ${CRASHDIR}/configs/${file}
-		else
-			echo > ${CRASHDIR}/configs/${file}
 		fi
 	done
 }
@ -1610,8 +1605,10 @@ bfstart(){ #启动前
 		[ "$disoverride" != "1" ] && modify_yaml || ln -sf $core_config ${TMPDIR}/config.yaml
 	fi
 	#检查下载cnip绕过相关文件
-	[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route
-	[ "$ipv6_redir" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && cn_ipv6_route
+	[ "$firewall_mod" = nftables ] || ckcmd ipset && [ "$dns_mod" != "fake-ip" ] && {
+		[ "$cn_ip_route" = "已开启" ] && cn_ip_route
+		[ "$ipv6_redir" = "已开启" ] && [ "$cn_ipv6_route" = "已开启" ] && cn_ipv6_route
+	}
 	#添加shellcrash用户
 	[ "$firewall_area" = 2 ] || [ "$firewall_area" = 3 ] || [ "$(cat /proc/1/comm)" = "systemd" ] && \
 	[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
@ -1652,7 +1649,7 @@ afstart(){ #启动后
 		rm -rf ${TMPDIR}/CrashCore #删除缓存目录内核文件
 		start_firewall #配置防火墙流量劫持
 		mark_time #标记启动时间
-		[ -s ${CRASHDIR}/configs/web_save -o -s ${CRASHDIR}/configs/web_configs ] && web_restore >/dev/null 2>&1 & #后台还原面板配置
+		[ -s ${CRASHDIR}/configs/web_save ] && web_restore >/dev/null 2>&1 & #后台还原面板配置
 		{ sleep 5;logger ShellCrash服务已启动！;} & #推送日志
 		ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 & #Padavan保存/etc/storage
 		#加载定时任务
--- a/scripts/update.sh
+++ b/scripts/update.sh
@ -395,7 +395,7 @@ EOF
 	if [ -n "$2" ];then
 		gen_clash_providers_txt $1 $2
 		providers_tags=$1
-		sed -i 's/, {providers_tags}//g' ${TMPDIR}/providers/proxy-groups.yaml
+		echo '  - {name: '${1}', type: url-test, tolerance: 100, lazy: true, use: ['${1}']}' >> ${TMPDIR}/providers/proxy-groups.yaml
 	else
 		providers_tags=''
 		while read line;do
@ -479,14 +479,16 @@ EOF
 {
  "outbound_providers": [
 EOF
-	if [ -n "$2" ];then
-		gen_singbox_providers_txt $1 $2
-		providers_tags=\"$1\"
-	else
-		cat > ${TMPDIR}/providers/outbounds_add.json <<EOF
+	cat > ${TMPDIR}/providers/outbounds_add.json <<EOF
 {
  "outbounds": [
 EOF
+	#单独指定节点时使用特殊方式
+	if [ -n "$2" ];then
+		gen_singbox_providers_txt $1 $2
+		providers_tags=\"$1\"
+		echo '{ "tag": "'${1}'", "type": "urltest", "tolerance": 100, "providers": "'${1}'", "includes": ".*" },' >> ${TMPDIR}/providers/outbounds_add.json
+	else
 		providers_tags=''
 		while read line;do
 			tag=$(echo $line | awk '{print $1}')
@ -495,9 +497,10 @@ EOF
 			gen_singbox_providers_txt $tag $url
 			echo '{ "tag": "'${tag}'", "type": "urltest", "tolerance": 100, "providers": "'${tag}'", "includes": ".*" },' >> ${TMPDIR}/providers/outbounds_add.json
 		done < ${CRASHDIR}/configs/providers.cfg
-		sed -i '$s/},/}]}/' ${TMPDIR}/providers/outbounds_add.json #修复文件格式
 	fi
-	sed -i '$s/},/}]}/' ${TMPDIR}/providers/providers.json #修复文件格式
+	#修复文件格式
+	sed -i '$s/},/}]}/' ${TMPDIR}/providers/outbounds_add.json
+	sed -i '$s/},/}]}/' ${TMPDIR}/providers/providers.json
 	#使用模版生成outbounds和rules模块
 	cat ${TMPDIR}/provider_temp_file | sed "s/{providers_tags}/$providers_tags/g" >> ${TMPDIR}/providers/outbounds.json
 	rm -rf ${TMPDIR}/provider_temp_file