diff --git "a/apps/aria2/config/aria2.uci\"\"" "b/apps/aria2/config/aria2.uci\"\"" deleted file mode 100644 index 042afa6..0000000 --- "a/apps/aria2/config/aria2.uci\"\"" +++ /dev/null @@ -1,7 +0,0 @@ -service="Aria2" -appname="aria2" -needver="0.0.1" -supports="linux_arm,linux_mips,linux_x86_64" -appinfo="Linux下一款高效的下载工具" -newinfo="更新aria2web页面,修复日志问题" -version="0.0.2" diff --git "a/apps/baidupcs/config/baidupcs.uci\"\"" "b/apps/baidupcs/config/baidupcs.uci\"\"" deleted file mode 100644 index 0b19d45..0000000 --- "a/apps/baidupcs/config/baidupcs.uci\"\"" +++ /dev/null @@ -1,8 +0,0 @@ -service="BaiduPCS" -appname="baidupcs" -needver="0.0.1" -backupfiles="" -supports="linux_arm,linux_mips,linux_x86_64,darwin_x86_64" -appinfo="第三方百度网盘web客户端,基于Go语言" -newinfo="二进制更新至3.6.6" -version="0.0.4" diff --git "a/apps/filebrowser/config/filebrowser.uci\"\"" "b/apps/filebrowser/config/filebrowser.uci\"\"" deleted file mode 100644 index 099e095..0000000 --- "a/apps/filebrowser/config/filebrowser.uci\"\"" +++ /dev/null @@ -1,8 +0,0 @@ -service="FileBrowser" -appname="filebrowser" -needver="0.0.1" -appinfo="Web文件浏览器" -supports="linux_arm,linux_mips,linux_x86_64,darwin_x86_64" -backupfiles="config/filebrowser.conf" -newinfo="更新arm二进制至2.0.3" -version="0.0.2" diff --git "a/apps/frps/config/frps.uci\"\"" "b/apps/frps/config/frps.uci\"\"" deleted file mode 100644 index 41e2a77..0000000 --- "a/apps/frps/config/frps.uci\"\"" +++ /dev/null @@ -1,8 +0,0 @@ -service="Frps" -appname="frps" -needver="0.0.1" -openport="1" -supports="linux_arm,linux_mips,linux_x86_64,darwin_x86_64" -appinfo="内网穿透工具Frp服务端" -newinfo="frp程序更新到0.21.0" -version="..1" diff --git a/apps/shadowsocks/bin/kcptun_linux_arm b/apps/shadowsocks/bin/kcptun_linux_arm old mode 100644 new mode 100755 index 2cef452..ddee169 Binary files a/apps/shadowsocks/bin/kcptun_linux_arm and b/apps/shadowsocks/bin/kcptun_linux_arm differ diff --git a/apps/shadowsocks/bin/kcptun_linux_mips b/apps/shadowsocks/bin/kcptun_linux_mips old mode 100644 new mode 100755 index 4aa3f95..627c45a Binary files a/apps/shadowsocks/bin/kcptun_linux_mips and b/apps/shadowsocks/bin/kcptun_linux_mips differ diff --git a/apps/shadowsocks/bin/kcptun_linux_x86_64 b/apps/shadowsocks/bin/kcptun_linux_x86_64 old mode 100644 new mode 100755 index d4dd410..5bbddd4 Binary files a/apps/shadowsocks/bin/kcptun_linux_x86_64 and b/apps/shadowsocks/bin/kcptun_linux_x86_64 differ diff --git a/apps/shadowsocks/config/mixbox.conf b/apps/shadowsocks/config/mixbox.conf index e1c1884..0d0a661 100644 --- a/apps/shadowsocks/config/mixbox.conf +++ b/apps/shadowsocks/config/mixbox.conf @@ -310,13 +310,16 @@ shadowsocks() { readsh "请输入加速kcp服务器密码(--key)" "ss_kcp_password" readsh "请输入加速kcp模式(--mode)" "ss_kcp_mode" "fast" readsh "请输入加速kcp加密方式(--crypt)" "ss_kcp_crypt" "aes" + readsh "请输入加速kcp的DSCP(--dscp),需要与服务端的这个参数保持一致" "ss_kcp_dscp" "0" read -p "剩余一些不必要的配置,是否继续?[1/0] " res if [ "$res" = '1' ]; then readsh "请输入加速kcp的MTU(--mtu)" "ss_kcp_mtu" "1350" readsh "请输入加速kcp发送窗口(--sndwnd)" "ss_kcp_sndwnd" "128" readsh "请输入加速kcp接收窗口(--rcvwnd)" "ss_kcp_rcvwnd" "1024" readsh "请输入加速kcp链接数(--conn)" "ss_kcp_conn" "1" - readsh "请输入加速kcp关闭数据压缩(--nocomp)" "ss_kcp_compon" "1" + readsh "请输入加速kcp关闭数据压缩(--nocomp)" "ss_kcp_nocomp" "0" + readsh "请输入加速kcp的socket buffer(--sockbuf),单位: 字节" "ss_kcp_sockbuf" "4194304" + readsh "请输入加速kcp的全局de-mux buffer(--smuxbuf),单位: 字节" "ss_kcp_smuxbuf" "4194304" readsh "请输入加速kcp的其他配置项" "ss_kcp_config" fi fi @@ -444,4 +447,4 @@ shadowsocks() { } -#---------------【ShadowSocks】----------------- \ No newline at end of file +#---------------【ShadowSocks】----------------- diff --git a/apps/shadowsocks/scripts/shadowsocks.sh b/apps/shadowsocks/scripts/shadowsocks.sh index 96c84be..623192a 100644 --- a/apps/shadowsocks/scripts/shadowsocks.sh +++ b/apps/shadowsocks/scripts/shadowsocks.sh @@ -8,715 +8,728 @@ eval `mbdb export shadowsocks` [ -z "$ss_proxy_default_mode" ] && ss_proxy_default_mode=1 [ -z "$ss_game_default_mode" ] && ss_game_default_mode=0 [ -z "$dns_red_ip" ] && dns_red_ip="$lanip" +[ "$ssgena" != "1" ] && unset ssg_mode get_v2ray_bin() { - result1=$(curl -skL $mburl/appsbin/v2ray-bin/$model/lastest.txt) &> /dev/null - result2=$(${mbroot}/apps/${appname}/bin/v2ray -version | head -1 | cut -d' ' -f2) &> /dev/null - [ -z "$result1" ] && logsh "【$service】" "获取v2ray在线版本失败,请检查网络!" && exit 1 - logsh "【$service】" "检测v2ray版本,本地版本:$result2,在线版本:$result1" - if [ "$result1" != "$result2" ]; then - logsh "【$service】" "版本不一致,正在更新..." - wgetsh ${mbroot}/apps/${appname}/bin/v2ray $mburl/appsbin/v2ray-bin/$model/v2ray - wgetsh ${mbroot}/apps/${appname}/bin/v2ctl $mburl/appsbin/v2ray-bin/$model/v2ctl - chmod +x ${mbroot}/apps/${appname}/bin/v2ray - chmod +x ${mbroot}/apps/${appname}/bin/v2ctl - fi + result1=$(curl -skL $mburl/appsbin/v2ray-bin/$model/lastest.txt) &> /dev/null + result2=$(${mbroot}/apps/${appname}/bin/v2ray -version | head -1 | cut -d' ' -f2) &> /dev/null + [ -z "$result1" ] && logsh "【$service】" "获取v2ray在线版本失败,请检查网络!" && exit 1 + logsh "【$service】" "检测v2ray版本,本地版本:$result2,在线版本:$result1" + if [ "$result1" != "$result2" ]; then + logsh "【$service】" "版本不一致,正在更新..." + wgetsh ${mbroot}/apps/${appname}/bin/v2ray $mburl/appsbin/v2ray-bin/$model/v2ray + wgetsh ${mbroot}/apps/${appname}/bin/v2ctl $mburl/appsbin/v2ray-bin/$model/v2ctl + chmod +x ${mbroot}/apps/${appname}/bin/v2ray + chmod +x ${mbroot}/apps/${appname}/bin/v2ctl + fi } get_config() { - logsh "【$service】" "创建节点配置文件..." - [ -z "$id" ] && logsh "【$service】" "未配置运行节点!" && exit - local_ip=0.0.0.0 - [ -z "$id" ] && logsh "【$service】" "未配置运行节点!" && exit 1 - idinfo=`cat ${mbroot}/apps/${appname}/config/ssserver* | grep ",$id," | head -1` - [ -z "$idinfo" ] && logsh "【$service】" "未找到配置节点:$id" && exit - proxy_type=`cutsh "$idinfo" 1` - ss_name=`cutsh "$idinfo" 2` - ss_server=`cutsh "$idinfo" 3` - IFIP=`echo $ss_server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}|:"` - if [ -z "$IFIP" ]; then - ss_server_tmp=`nslookup $ss_server | sed 1,2d | grep -Eo "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | head -1` - [ -z "$ss_server_tmp" ] && logsh "【$service】" "服务器地址解析失败,跳过解析!" || ss_server="$ss_server_tmp" - fi - if [ "$proxy_type" = "v2ray" ]; then - get_v2ray_bin - ${mbroot}/apps/${appname}/scripts/general_v2ray_config.sh "$id" - else - ss_server_port=`cutsh "$idinfo" 4` - ss_password=`cutsh "$idinfo" 5` - ss_method=`cutsh "$idinfo" 6` - ssr_protocol=`cutsh "$idinfo" 7` - ssr_obfs=`cutsh "$idinfo" 8` - ssr_protocol_param=`cutsh "$idinfo" 9` - ssr_obfs_param=`cutsh "$idinfo" 10` - #生成配置文件 - if [ "$proxy_type" = "ss" ]; then - APPPATH=${mbroot}/apps/${appname}/bin/ss-redir - LOCALPATH=${mbroot}/apps/${appname}/bin/ss-local - cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF - { - "server":"$ss_server", - "server_port":$ss_server_port, - "local_address":"0.0.0.0", - "local_port":1081, - "password":"$ss_password", - "timeout":600, - "method":"$ss_method" - } - EOF - else - APPPATH=${mbroot}/apps/${appname}/bin/ssr-redir - LOCALPATH=${mbroot}/apps/${appname}/bin/ssr-local - cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF - { - "server":"$ss_server", - "server_port":$ss_server_port, - "local_address":"0.0.0.0", - "local_port":1081, - "password":"$ss_password", - "timeout":600, - "protocol":"$ssr_protocol", - "protocol_param":"$ssr_protocol_param", - "obfs":"$ssr_obfs", - "obfs_param":"$ssr_obfs_param", - "method":"$ss_method" - } - EOF - fi - cp ${mbroot}/apps/${appname}/config/ss.conf ${mbroot}/apps/${appname}/config/dns2socks.conf && sed -i 's/1081/1082/g' ${mbroot}/apps/${appname}/config/dns2socks.conf - fi + logsh "【$service】" "创建节点配置文件..." + [ -z "$id" ] && logsh "【$service】" "未配置运行节点!" && exit + local_ip=0.0.0.0 + [ -z "$id" ] && logsh "【$service】" "未配置运行节点!" && exit 1 + idinfo=`cat ${mbroot}/apps/${appname}/config/ssserver* | grep ",$id," | head -1` + [ -z "$idinfo" ] && logsh "【$service】" "未找到配置节点:$id" && exit + proxy_type=`cutsh "$idinfo" 1` + ss_name=`cutsh "$idinfo" 2` + ss_server=`cutsh "$idinfo" 3` + IFIP=`echo $ss_server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}|:"` + if [ -z "$IFIP" ]; then + ss_server_tmp=`nslookup $ss_server | sed 1,2d | grep -Eo "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | head -1` + [ -z "$ss_server_tmp" ] && logsh "【$service】" "服务器地址解析失败,跳过解析!" || ss_server="$ss_server_tmp" + fi + if [ "$proxy_type" = "v2ray" ]; then + get_v2ray_bin + ${mbroot}/apps/${appname}/scripts/general_v2ray_config.sh "$id" + else + ss_server_port=`cutsh "$idinfo" 4` + ss_password=`cutsh "$idinfo" 5` + ss_method=`cutsh "$idinfo" 6` + ssr_protocol=`cutsh "$idinfo" 7` + ssr_obfs=`cutsh "$idinfo" 8` + ssr_protocol_param=`cutsh "$idinfo" 9` + ssr_obfs_param=`cutsh "$idinfo" 10` + # 如果kcp成功启动,应该把ss服务端指向kcp服务端口 + if [ "$kcp_started" = 1 ]; then + ss_server=127.0.0.1 + ss_server_port=11183 + fi + #生成配置文件 + if [ "$proxy_type" = "ss" ]; then + APPPATH=${mbroot}/apps/${appname}/bin/ss-redir + LOCALPATH=${mbroot}/apps/${appname}/bin/ss-local + cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF + { + "server": "$ss_server", + "server_port": $ss_server_port, + "local_address": "0.0.0.0", + "local_port": 1081, + "password": "$ss_password", + "timeout": 600, + "method": "$ss_method" + } + EOF + else + APPPATH=${mbroot}/apps/${appname}/bin/ssr-redir + LOCALPATH=${mbroot}/apps/${appname}/bin/ssr-local + cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF + { + "server": "$ss_server", + "server_port": $ss_server_port, + "local_address": "0.0.0.0", + "local_port": 1081, + "password": "$ss_password", + "timeout": 600, + "protocol": "$ssr_protocol", + "protocol_param": "$ssr_protocol_param", + "obfs": "$ssr_obfs", + "obfs_param": "$ssr_obfs_param", + "method": "$ss_method" + } + EOF + fi + cp ${mbroot}/apps/${appname}/config/ss.conf ${mbroot}/apps/${appname}/config/dns2socks.conf && sed -i 's/1081/1082/g' ${mbroot}/apps/${appname}/config/dns2socks.conf + fi - if [ "$ssgena" == '1' ]; then - [ -z "$ssgid" ] && logsh "【$service】" "未配置游戏运行节点!" && exit - idinfo=`cat ${mbroot}/apps/${appname}/config/ssserver* | grep ",$ssgid," | head -1` - [ -z "$idinfo" ] && logsh "【$service】" "未找到配置节点:$ssgid" && exit - proxy_type_game=`cutsh "$idinfo" 1` - ssg_name=`cutsh "$idinfo" 2` - ssg_server=`cutsh "$idinfo" 3` - if [ "$proxy_type" = "v2ray" -a "$proxy_type_game" != "v2ray" -a "$ssg_server" != "$ss_server" ]; then - logsh "【$service】" "当主进程为v2ray代理时,游戏进程只能选择同样的v2ray节点!" - return - ssgena=0 - fi - if [ "$proxy_type" != "v2ray" -a "$proxy_type_game" = "v2ray" ]; then - logsh "【$service】" "只有当主进程为v2ray代理时,游戏进程才能启用v2ray!" - return - ssgena=0 - fi - [ "$proxy_type_game" = "v2ray" -o "$ssgid" == "$id" ] && return - ssg_server_port=`cutsh "$idinfo" 4` - ssg_password=`cutsh "$idinfo" 5` - ssg_method=`cutsh "$idinfo" 6` - ssg_protocol=`cutsh "$idinfo" 7` - ssg_obfs=`cutsh "$idinfo" 8` - ssg_protocol_param=`cutsh "$idinfo" 9` - ssg_obfs_param=`cutsh "$idinfo" 10` - IFIP=`echo $ssg_server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}|:"` - if [ -z "$IFIP" ]; then - ssg_server_tmp=`resolveip $ssg_server | head -1` - [ $? -ne 0 ] && logsh "【$service】" "游戏服务器地址解析失败,跳过解析!" || ssg_server="$ssg_server_tmp" - fi - if [ "$proxy_type_game" = "ss" ]; then - cp -rf ${mbroot}/apps/${appname}/bin/ss-redir ${mbroot}/apps/${appname}/bin/ssg-redir - cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF - { - "server":"$ssg_server", - "server_port":$ssg_server_port, - "local_address":"0.0.0.0", - "local_port":1085, - "password":"$ssg_password", - "timeout":600, - "method":"$ssg_method" - } - EOF - else - cp -rf ${mbroot}/apps/${appname}/bin/ssr-redir ${mbroot}/apps/${appname}/bin/ssg-redir - cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF - { - "server":"$ssg_server", - "server_port":$ssg_server_port, - "local_address":"0.0.0.0", - "local_port":1085, - "password":"$ssg_password", - "timeout":600, - "protocol":"$ssg_protocol", - "protocol_param":"$ssg_protocol_param", - "obfs":"$ssg_obfs", - "obfs_param":"$ssg_obfs_param", - "method":"$ssg_method" - } - EOF - fi - fi - # 保存代理类型 - mbdb set ${appname}.main.proxy_type="$proxy_type" + if [ "$ssgena" == '1' ]; then + [ -z "$ssgid" ] && logsh "【$service】" "未配置游戏运行节点!" && exit + idinfo=`cat ${mbroot}/apps/${appname}/config/ssserver* | grep ",$ssgid," | head -1` + [ -z "$idinfo" ] && logsh "【$service】" "未找到配置节点:$ssgid" && exit + proxy_type_game=`cutsh "$idinfo" 1` + ssg_name=`cutsh "$idinfo" 2` + ssg_server=`cutsh "$idinfo" 3` + if [ "$proxy_type" = "v2ray" -a "$proxy_type_game" != "v2ray" -a "$ssg_server" != "$ss_server" ]; then + logsh "【$service】" "当主进程为v2ray代理时,游戏进程只能选择同样的v2ray节点!" + return + ssgena=0 + fi + if [ "$proxy_type" != "v2ray" -a "$proxy_type_game" = "v2ray" ]; then + logsh "【$service】" "只有当主进程为v2ray代理时,游戏进程才能启用v2ray!" + return + ssgena=0 + fi + [ "$proxy_type_game" = "v2ray" -o "$ssgid" == "$id" ] && return + ssg_server_port=`cutsh "$idinfo" 4` + ssg_password=`cutsh "$idinfo" 5` + ssg_method=`cutsh "$idinfo" 6` + ssg_protocol=`cutsh "$idinfo" 7` + ssg_obfs=`cutsh "$idinfo" 8` + ssg_protocol_param=`cutsh "$idinfo" 9` + ssg_obfs_param=`cutsh "$idinfo" 10` + IFIP=`echo $ssg_server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}|:"` + if [ -z "$IFIP" ]; then + ssg_server_tmp=`resolveip $ssg_server | head -1` + [ $? -ne 0 ] && logsh "【$service】" "游戏服务器地址解析失败,跳过解析!" || ssg_server="$ssg_server_tmp" + fi + if [ "$proxy_type_game" = "ss" ]; then + cp -rf ${mbroot}/apps/${appname}/bin/ss-redir ${mbroot}/apps/${appname}/bin/ssg-redir + cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF + { + "server": "$ssg_server", + "server_port": $ssg_server_port, + "local_address": "0.0.0.0", + "local_port": 1085, + "password": "$ssg_password", + "timeout": 600, + "method": "$ssg_method" + } + EOF + else + cp -rf ${mbroot}/apps/${appname}/bin/ssr-redir ${mbroot}/apps/${appname}/bin/ssg-redir + cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF + { + "server": "$ssg_server", + "server_port": $ssg_server_port, + "local_address": "0.0.0.0", + "local_port": 1085, + "password": "$ssg_password", + "timeout": 600, + "protocol": "$ssg_protocol", + "protocol_param": "$ssg_protocol_param", + "obfs": "$ssg_obfs", + "obfs_param": "$ssg_obfs_param", + "method": "$ssg_method" + } + EOF + fi + fi + # 保存代理类型 + mbdb set ${appname}.main.proxy_type="$proxy_type" } dnsconfig() { - killall ss-local &> /dev/null - killall dns2socks > /dev/null 2>&1 - if [ "$proxy_type" != "v2ray" ]; then - logsh "【$service】" "启动ss-local本地socks5代理..." - daemon $LOCALPATH -c ${mbroot}/apps/${appname}/config/dns2socks.conf - fi - logsh "【$service】" "开启dns2socks进程..." - daemon ${mbroot}/apps/${appname}/bin/dns2socks 127.0.0.1:1082 $DNS_SERVER:$DNS_SERVER_PORT 127.0.0.1:15353 - if [ $? -ne 0 ]; then - logsh "【$service】" "启动失败!" - exit - fi - if [ "$dns_red_enable" == '1' ]; then - logsh "【$service】" "启用DNS重定向到$dns_red_ip" - iptables -t nat -I PREROUTING -s $lanip/24 -p udp --dport 53 -m comment --comment "${appname}"-dns -j DNAT --to $dns_red_ip &> /dev/null - fi + killall ss-local &> /dev/null + killall dns2socks > /dev/null 2>&1 + if [ "$proxy_type" != "v2ray" ]; then + logsh "【$service】" "启动ss-local本地socks5代理..." + daemon $LOCALPATH -c ${mbroot}/apps/${appname}/config/dns2socks.conf + fi + logsh "【$service】" "开启dns2socks进程..." + daemon ${mbroot}/apps/${appname}/bin/dns2socks 127.0.0.1:1082 $DNS_SERVER:$DNS_SERVER_PORT 127.0.0.1:15353 + if [ $? -ne 0 ]; then + logsh "【$service】" "启动失败!" + exit + fi + if [ "$dns_red_enable" == '1' ]; then + logsh "【$service】" "启用DNS重定向到$dns_red_ip" + iptables -t nat -I PREROUTING -s $lanip/24 -p udp --dport 53 -m comment --comment "${appname}"-dns -j DNAT --to $dns_red_ip &> /dev/null + fi } get_mode_name() { - case "$1" in - 0) - echo "不走代理" - ;; - 1) - echo "科学上网" - ;; - esac + case "$1" in + 0) + echo "不走代理" + ;; + 1) + echo "科学上网" + ;; + esac } get_game_mode() { - case "$1" in - 0) - echo "不走游戏" - ;; - 1) - echo "游戏加速" - ;; - esac + case "$1" in + 0) + echo "不走游戏" + ;; + 1) + echo "游戏加速" + ;; + esac } get_jump_mode(){ - case "$1" in - 0) - echo "-j" - ;; - *) - echo "-g" - ;; - esac + case "$1" in + 0) + echo "-j" + ;; + *) + echo "-g" + ;; + esac } get_action_chain() { - case "$1" in - 0) - echo "RETURN" - ;; - 1) - echo "SHADOWSOCK" - ;; - esac + case "$1" in + 0) + echo "RETURN" + ;; + 1) + echo "SHADOWSOCK" + ;; + esac } ipset_rules_smartdns() { - # ipset deal - logsh "【$service】" "创建ipset规则..." - [ ! -f ${mbroot}/apps/${appname}/config/customize_black.conf ] && touch ${mbroot}/apps/${appname}/config/customize_black.conf - [ ! -f ${mbroot}/apps/${appname}/config/customize_white.conf ] && touch ${mbroot}/apps/${appname}/config/customize_white.conf - rm -rf ${mbtmp}/wblist.conf - rm -rf ${mbtmp}/sscdn.conf - ipset -N customize_black iphash -! - ipset -N customize_white iphash -! - ipset -N router iphash -! - ipset -N gfwlist iphash -! + # ipset deal + logsh "【$service】" "创建ipset规则..." + [ ! -f ${mbroot}/apps/${appname}/config/customize_black.conf ] && touch ${mbroot}/apps/${appname}/config/customize_black.conf + [ ! -f ${mbroot}/apps/${appname}/config/customize_white.conf ] && touch ${mbroot}/apps/${appname}/config/customize_white.conf + rm -rf ${mbtmp}/wblist.conf + rm -rf ${mbtmp}/sscdn.conf + ipset -N customize_black iphash -! + ipset -N customize_white iphash -! + ipset -N router iphash -! + ipset -N gfwlist iphash -! - # 生成自定义黑名单规则,最后4个为tg的ip - ip_tg="149.154.0.0 91.108.4.0 91.108.56.0 109.239.140.0 67.198.55.0 91.108.4.0/22 91.108.56.0/22 149.154.160.0/20 149.154.164.0/22" - for ip in $ip_tg - do - ipset -! add customize_black $ip >/dev/null 2>&1 - done - cat ${mbroot}/apps/${appname}/config/customize_black.conf | grep -Ev '^$|^[#;]' | while read line - do - if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then - echo "ipset=/.${line}/customize_black" >> ${mbtmp}/wblist.conf - else - ipset -! add customize_black ${line} &> /dev/null - fi - done - - # 路由器自身规则 - if [ "$ss_mode" != "homemode" ]; then - echo "#for router itself" >> ${mbtmp}/wblist.conf - echo "ipset=/.google.com.tw/router" >> ${mbtmp}/wblist.conf - echo "ipset=/dns.google.com/router" >> ${mbtmp}/wblist.conf - echo "ipset=/.github.com/router" >> ${mbtmp}/wblist.conf - echo "ipset=/.github.io/router" >> ${mbtmp}/wblist.conf - echo "ipset=/.raw.githubusercontent.com/router" >> ${mbtmp}/wblist.conf - echo "ipset=/.adblockplus.org/router" >> ${mbtmp}/wblist.conf - echo "ipset=/.entware.net/router" >> ${mbtmp}/wblist.conf - echo "ipset=/.apnic.net/router" >> ${mbtmp}/wblist.conf - fi - - # 生成自定义白名单规则 - ip_tg="$lanip $wanip $ss_server $ssg_server $CDN 10.0.0.0 100.64.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 224.0.0.0 240.0.0.0 223.5.5.5 223.6.6.6 114.114.114.114 114.114.115.115 1.2.4.8 210.2.4.8 112.124.47.27 114.215.126.16 180.76.76.76 119.29.29.29 0.0.0.0" - for ip in $ip_tg; do - ipset -! add customize_white $ip >/dev/null 2>&1 - done - cat ${mbroot}/apps/${appname}/config/customize_white.conf | grep -Ev '^$|^[#;]' | while read line - do - if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then - echo "ipset=/.${line}/customize_white" >> ${mbtmp}/wblist.conf - else - ipset -! add customize_white ${line} &> /dev/null - fi - done - echo "ipset=/.apple.com/customize_white" >> ${mbtmp}/wblist.conf - echo "ipset=/.microsoft.com/customize_white" >> ${mbtmp}/wblist.conf - - #黑白名单规则 - if [ "$ss_mode" = "whitelist" -o "$ssg_mode" = "frgame" ]; then - sed -e "s/^/-A nogfwnet &/g" -e "1 i\-N nogfwnet hash:net" ${mbroot}/apps/${appname}/config/chnroute.txt | ipset -R -! - elif [ "$ss_mode" = "gfwlist" -o "$ssg_mode" = "cngame" ]; then - cp -rf ${mbroot}/apps/${appname}/config/gfwlist.conf ${mbtmp}/gfwlist.conf - sed -i 's/7913/15353/g' ${mbtmp}/gfwlist.conf - sed -i '/^server/d' ${mbtmp}/gfwlist.conf - ln -s ${mbtmp}/gfwlist.conf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf - fi - # 使规则生效 - ln -s ${mbtmp}/wblist.conf /tmp/etc/dnsmasq.d/wblist.conf + # 生成自定义黑名单规则,最后4个为tg的ip + ip_tg="149.154.0.0 91.108.4.0 91.108.56.0 109.239.140.0 67.198.55.0 91.108.4.0/22 91.108.56.0/22 149.154.160.0/20 149.154.164.0/22" + for ip in $ip_tg + do + ipset -! add customize_black $ip >/dev/null 2>&1 + done + cat ${mbroot}/apps/${appname}/config/customize_black.conf | grep -Ev '^$|^[#;]' | while read line + do + if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then + echo "ipset=/.${line}/customize_black" >> ${mbtmp}/wblist.conf + else + ipset -! add customize_black ${line} &> /dev/null + fi + done + + # 路由器自身规则 + if [ "$ss_mode" != "homemode" ]; then + echo "#for router itself" >> ${mbtmp}/wblist.conf + echo "ipset=/.google.com.tw/router" >> ${mbtmp}/wblist.conf + echo "ipset=/dns.google.com/router" >> ${mbtmp}/wblist.conf + echo "ipset=/.github.com/router" >> ${mbtmp}/wblist.conf + echo "ipset=/.github.io/router" >> ${mbtmp}/wblist.conf + echo "ipset=/.raw.githubusercontent.com/router" >> ${mbtmp}/wblist.conf + echo "ipset=/.adblockplus.org/router" >> ${mbtmp}/wblist.conf + echo "ipset=/.entware.net/router" >> ${mbtmp}/wblist.conf + echo "ipset=/.apnic.net/router" >> ${mbtmp}/wblist.conf + fi + + # 生成自定义白名单规则 + ip_tg="$lanip $wanip $ss_server $ssg_server $CDN 10.0.0.0 100.64.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 224.0.0.0 240.0.0.0 223.5.5.5 223.6.6.6 114.114.114.114 114.114.115.115 1.2.4.8 210.2.4.8 112.124.47.27 114.215.126.16 180.76.76.76 119.29.29.29 0.0.0.0" + for ip in $ip_tg; do + ipset -! add customize_white $ip >/dev/null 2>&1 + done + cat ${mbroot}/apps/${appname}/config/customize_white.conf | grep -Ev '^$|^[#;]' | while read line + do + if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then + echo "ipset=/.${line}/customize_white" >> ${mbtmp}/wblist.conf + else + ipset -! add customize_white ${line} &> /dev/null + fi + done + echo "ipset=/.apple.com/customize_white" >> ${mbtmp}/wblist.conf + echo "ipset=/.microsoft.com/customize_white" >> ${mbtmp}/wblist.conf + + #黑白名单规则 + if [ "$ss_mode" = "whitelist" -o "$ssg_mode" = "frgame" ]; then + sed -e "s/^/-A nogfwnet &/g" -e "1 i\-N nogfwnet hash:net" ${mbroot}/apps/${appname}/config/chnroute.txt | ipset -R -! + elif [ "$ss_mode" = "gfwlist" -o "$ssg_mode" = "cngame" ]; then + cp -rf ${mbroot}/apps/${appname}/config/gfwlist.conf ${mbtmp}/gfwlist.conf + sed -i 's/7913/15353/g' ${mbtmp}/gfwlist.conf + sed -i '/^server/d' ${mbtmp}/gfwlist.conf + ln -s ${mbtmp}/gfwlist.conf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf + fi + # 使规则生效 + ln -s ${mbtmp}/wblist.conf /tmp/etc/dnsmasq.d/wblist.conf } ipset_rules() { - # ipset deal - logsh "【$service】" "创建ipset规则..." - [ ! -f ${mbroot}/apps/${appname}/config/customize_black.conf ] && touch ${mbroot}/apps/${appname}/config/customize_black.conf - [ ! -f ${mbroot}/apps/${appname}/config/customize_white.conf ] && touch ${mbroot}/apps/${appname}/config/customize_white.conf - rm -rf ${mbtmp}/wblist.conf - rm -rf ${mbtmp}/sscdn.conf - ipset -N customize_black iphash -! - ipset -N customize_white iphash -! - ipset -N router iphash -! - ipset -N gfwlist iphash -! + # ipset deal + logsh "【$service】" "创建ipset规则..." + [ ! -f ${mbroot}/apps/${appname}/config/customize_black.conf ] && touch ${mbroot}/apps/${appname}/config/customize_black.conf + [ ! -f ${mbroot}/apps/${appname}/config/customize_white.conf ] && touch ${mbroot}/apps/${appname}/config/customize_white.conf + rm -rf ${mbtmp}/wblist.conf + rm -rf ${mbtmp}/sscdn.conf + ipset -N customize_black iphash -! + ipset -N customize_white iphash -! + ipset -N router iphash -! + ipset -N gfwlist iphash -! - # 生成自定义黑名单规则,最后4个为tg - ip_tg="149.154.0.0 91.108.4.0 91.108.56.0 109.239.140.0 67.198.55.0 91.108.4.0/22 91.108.56.0/22 149.154.160.0/20 149.154.164.0/22" - for ip in $ip_tg - do - ipset -! add customize_black $ip >/dev/null 2>&1 - done - cat ${mbroot}/apps/${appname}/config/customize_black.conf | grep -Ev '^$|^[#;]' | while read line - do - if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then - echo "server=/.${line}/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.${line}/customize_black" >> ${mbtmp}/wblist.conf - else - ipset -! add customize_black ${line} &> /dev/null - fi - done - - # 路由器自身规则 - if [ "$ss_mode" != "homemode" ]; then - echo "#for router itself" >> ${mbtmp}/wblist.conf - echo "server=/.google.com.tw/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.google.com.tw/router" >> ${mbtmp}/wblist.conf - echo "server=/dns.google.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/dns.google.com/router" >> ${mbtmp}/wblist.conf - echo "server=/.github.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.github.com/router" >> ${mbtmp}/wblist.conf - echo "server=/.github.io/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.github.io/router" >> ${mbtmp}/wblist.conf - echo "server=/.raw.githubusercontent.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.raw.githubusercontent.com/router" >> ${mbtmp}/wblist.conf - echo "server=/.adblockplus.org/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.adblockplus.org/router" >> ${mbtmp}/wblist.conf - echo "server=/.entware.net/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.entware.net/router" >> ${mbtmp}/wblist.conf - echo "server=/.apnic.net/127.0.0.1#15353" >> ${mbtmp}/wblist.conf - echo "ipset=/.apnic.net/router" >> ${mbtmp}/wblist.conf - fi - - # 生成自定义白名单规则 - ip_tg="$lanip $wanip $ss_server $ssg_server $CDN 10.0.0.0 100.64.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 224.0.0.0 240.0.0.0 223.5.5.5 223.6.6.6 114.114.114.114 114.114.115.115 1.2.4.8 210.2.4.8 112.124.47.27 114.215.126.16 180.76.76.76 119.29.29.29 0.0.0.0" - for ip in $ip_tg; do - ipset -! add customize_white $ip >/dev/null 2>&1 - done - cat ${mbroot}/apps/${appname}/config/customize_white.conf | grep -Ev '^$|^[#;]' | while read line - do - if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then - echo "server=/.${line}/$CDN#53" >> ${mbtmp}/wblist.conf - echo "ipset=/.${line}/customize_white" >> ${mbtmp}/wblist.conf - else - ipset -! add customize_white ${line} &> /dev/null - fi - done - if [ "$ss_mode" != "homemode" ]; then - echo "server=/.apple.com/$CDN#53" >> ${mbtmp}/wblist.conf - echo "ipset=/.apple.com/customize_white" >> ${mbtmp}/wblist.conf - echo "server=/.microsoft.com/$CDN#53" >> ${mbtmp}/wblist.conf - echo "ipset=/.microsoft.com/customize_white" >> ${mbtmp}/wblist.conf - fi - #黑白名单规则 - if [ "$ss_mode" = "whitelist" -o "$ssg_mode" = "frgame" -o "$ss_mode" = "homemode" ]; then - sed -e "s/^/-A nogfwnet &/g" -e "1 i\-N nogfwnet hash:net" ${mbroot}/apps/${appname}/config/chnroute.txt | ipset -R -! - elif [ "$ss_mode" = "gfwlist" -o "$ssg_mode" = "cngame" ]; then - cp -rf ${mbroot}/apps/${appname}/config/gfwlist.conf ${mbtmp}/gfwlist.conf - sed -i 's/7913/15353/g' ${mbtmp}/gfwlist.conf - ln -s ${mbtmp}/gfwlist.conf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf - fi - #加速cdn - if [ "$ss_mode" != "gfwlist" ]; then - cat ${mbroot}/apps/${appname}/config/cdn.txt | sed "s/^/server=&\/./g" | sed "s/$/\/&$CDN/g" | sort | awk '{if ($0!=line) print;line=$0}' >>${mbtmp}/sscdn.conf - ln -s ${mbtmp}/sscdn.conf /tmp/etc/dnsmasq.d/cdn.conf - fi - # 使规则生效 - ln -s ${mbtmp}/wblist.conf /tmp/etc/dnsmasq.d/wblist.conf + # 生成自定义黑名单规则,最后4个为tg + ip_tg="149.154.0.0 91.108.4.0 91.108.56.0 109.239.140.0 67.198.55.0 91.108.4.0/22 91.108.56.0/22 149.154.160.0/20 149.154.164.0/22" + for ip in $ip_tg + do + ipset -! add customize_black $ip >/dev/null 2>&1 + done + cat ${mbroot}/apps/${appname}/config/customize_black.conf | grep -Ev '^$|^[#;]' | while read line + do + if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then + echo "server=/.${line}/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.${line}/customize_black" >> ${mbtmp}/wblist.conf + else + ipset -! add customize_black ${line} &> /dev/null + fi + done + + # 路由器自身规则 + if [ "$ss_mode" != "homemode" ]; then + echo "#for router itself" >> ${mbtmp}/wblist.conf + echo "server=/.google.com.tw/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.google.com.tw/router" >> ${mbtmp}/wblist.conf + echo "server=/dns.google.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/dns.google.com/router" >> ${mbtmp}/wblist.conf + echo "server=/.github.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.github.com/router" >> ${mbtmp}/wblist.conf + echo "server=/.github.io/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.github.io/router" >> ${mbtmp}/wblist.conf + echo "server=/.raw.githubusercontent.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.raw.githubusercontent.com/router" >> ${mbtmp}/wblist.conf + echo "server=/.adblockplus.org/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.adblockplus.org/router" >> ${mbtmp}/wblist.conf + echo "server=/.entware.net/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.entware.net/router" >> ${mbtmp}/wblist.conf + echo "server=/.apnic.net/127.0.0.1#15353" >> ${mbtmp}/wblist.conf + echo "ipset=/.apnic.net/router" >> ${mbtmp}/wblist.conf + fi + + # 生成自定义白名单规则 + ip_tg="$lanip $wanip $ss_server $ssg_server $CDN 10.0.0.0 100.64.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 224.0.0.0 240.0.0.0 223.5.5.5 223.6.6.6 114.114.114.114 114.114.115.115 1.2.4.8 210.2.4.8 112.124.47.27 114.215.126.16 180.76.76.76 119.29.29.29 0.0.0.0" + for ip in $ip_tg; do + ipset -! add customize_white $ip >/dev/null 2>&1 + done + cat ${mbroot}/apps/${appname}/config/customize_white.conf | grep -Ev '^$|^[#;]' | while read line + do + if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then + echo "server=/.${line}/$CDN#53" >> ${mbtmp}/wblist.conf + echo "ipset=/.${line}/customize_white" >> ${mbtmp}/wblist.conf + else + ipset -! add customize_white ${line} &> /dev/null + fi + done + if [ "$ss_mode" != "homemode" ]; then + echo "server=/.apple.com/$CDN#53" >> ${mbtmp}/wblist.conf + echo "ipset=/.apple.com/customize_white" >> ${mbtmp}/wblist.conf + echo "server=/.microsoft.com/$CDN#53" >> ${mbtmp}/wblist.conf + echo "ipset=/.microsoft.com/customize_white" >> ${mbtmp}/wblist.conf + fi + #黑白名单规则 + if [ "$ss_mode" = "whitelist" -o "$ssg_mode" = "frgame" -o "$ss_mode" = "homemode" ]; then + sed -e "s/^/-A nogfwnet &/g" -e "1 i\-N nogfwnet hash:net" ${mbroot}/apps/${appname}/config/chnroute.txt | ipset -R -! + elif [ "$ss_mode" = "gfwlist" -o "$ssg_mode" = "cngame" ]; then + cp -rf ${mbroot}/apps/${appname}/config/gfwlist.conf ${mbtmp}/gfwlist.conf + sed -i 's/7913/15353/g' ${mbtmp}/gfwlist.conf + ln -s ${mbtmp}/gfwlist.conf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf + fi + #加速cdn + if [ "$ss_mode" != "gfwlist" ]; then + cat ${mbroot}/apps/${appname}/config/cdn.txt | sed "s/^/server=&\/./g" | sed "s/$/\/&$CDN/g" | sort | awk '{if ($0!=line) print;line=$0}' >>${mbtmp}/sscdn.conf + ln -s ${mbtmp}/sscdn.conf /tmp/etc/dnsmasq.d/cdn.conf + fi + # 使规则生效 + ln -s ${mbtmp}/wblist.conf /tmp/etc/dnsmasq.d/wblist.conf } lan_control() { - #lan access control - [ ! -f ${mbroot}/apps/${appname}/config/sscontrol.conf ] && touch ${mbroot}/apps/${appname}/config/sscontrol.conf - cat ${mbroot}/apps/${appname}/config/sscontrol.conf | while read line - do - mac=$(cutsh ${line} 2) - proxy_name=$(cutsh ${line} 1) - proxy_mode=$(cutsh ${line} 3) - game_mode=$(cutsh ${line} 4) - [ -z "$game_mode" ] && game_mode="$proxy_mode" - iptables -t nat -A SHADOWSOCKS -m mac --mac-source $mac $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode) - if [ "$ssgena" == '1' ]; then - iptables -t mangle -A SHADOWSOCKS -m mac --mac-source $mac $(get_jump_mode $game_mode) $(get_action_chain $game_mode) - args="[$(get_game_mode $game_mode)]" - else - args="" - fi - logsh "【$service】" "加载ACL规则:[$proxy_name]代理模式为:[$(get_mode_name $proxy_mode)]$args" - done - #default alc mode - iptables -t nat -A SHADOWSOCKS -p tcp -j $(get_action_chain $ss_proxy_default_mode) - [ "$ssgena" = '1' ] && iptables -t mangle -A SHADOWSOCKS -p udp -j $(get_action_chain $ss_game_default_mode) - result=$(cat ${mbroot}/apps/${appname}/config/sscontrol.conf | wc -l) - [ "$result" == '0' ] && flag="全部主机" || flag="其余主机" - [ "$ssgena" == '1' ] && args="[$(get_game_mode $ss_game_default_mode)]" || args="" - logsh "【$service】" "加载ACL规则:[$flag]代理模式为:[$(get_mode_name $ss_proxy_default_mode)]$args" + #lan access control + [ ! -f ${mbroot}/apps/${appname}/config/sscontrol.conf ] && touch ${mbroot}/apps/${appname}/config/sscontrol.conf + cat ${mbroot}/apps/${appname}/config/sscontrol.conf | while read line + do + mac=$(cutsh ${line} 2) + proxy_name=$(cutsh ${line} 1) + proxy_mode=$(cutsh ${line} 3) + game_mode=$(cutsh ${line} 4) + [ -z "$game_mode" ] && game_mode="$proxy_mode" + iptables -t nat -A SHADOWSOCKS -m mac --mac-source $mac $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode) + if [ "$ssgena" == '1' ]; then + iptables -t mangle -A SHADOWSOCKS -m mac --mac-source $mac $(get_jump_mode $game_mode) $(get_action_chain $game_mode) + args="[$(get_game_mode $game_mode)]" + else + args="" + fi + logsh "【$service】" "加载ACL规则:[$proxy_name]代理模式为:[$(get_mode_name $proxy_mode)]$args" + done + #default alc mode + iptables -t nat -A SHADOWSOCKS -p tcp -j $(get_action_chain $ss_proxy_default_mode) + [ "$ssgena" = '1' ] && iptables -t mangle -A SHADOWSOCKS -p udp -j $(get_action_chain $ss_game_default_mode) + result=$(cat ${mbroot}/apps/${appname}/config/sscontrol.conf | wc -l) + [ "$result" == '0' ] && flag="全部主机" || flag="其余主机" + [ "$ssgena" == '1' ] && args="[$(get_game_mode $ss_game_default_mode)]" || args="" + logsh "【$service】" "加载ACL规则:[$flag]代理模式为:[$(get_mode_name $ss_proxy_default_mode)]$args" } load_nat() { - logsh "【$service】" "加载iptables的nat规则..." - iptables -t nat -N SHADOWSOCKS - iptables -t nat -N SHADOWSOCK - # iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN - # iptables -t nat -A SHADOWSOCKS -d $lanip/24 -j RETURN - # iptables -t nat -A SHADOWSOCKS -d $wanip/16 -j RETURN - # iptables -t nat -A SHADOWSOCKS -d $ss_server -j RETURN - # iptables -t nat -A SHADOWSOCKS -d $ssg_server -j RETURN - # general rules - iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_white dst -j RETURN - #router itself - [ "$ss_mode" != "homemode" ] && iptables -t nat -A OUTPUT -p tcp -m set --match-set router dst -j REDIRECT --to-ports 1081 + logsh "【$service】" "加载iptables的nat规则..." + iptables -t nat -N SHADOWSOCKS + iptables -t nat -N SHADOWSOCK + # iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN + # iptables -t nat -A SHADOWSOCKS -d $lanip/24 -j RETURN + # iptables -t nat -A SHADOWSOCKS -d $wanip/16 -j RETURN + # iptables -t nat -A SHADOWSOCKS -d $ss_server -j RETURN + # iptables -t nat -A SHADOWSOCKS -d $ssg_server -j RETURN + # general rules + iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_white dst -j RETURN + #router itself + [ "$ss_mode" != "homemode" ] && iptables -t nat -A OUTPUT -p tcp -m set --match-set router dst -j REDIRECT --to-ports 1081 - case "$ss_mode" in - "gfwlist") - logsh "【$service】" "添加国外黑名单规则..." - iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-port 1081 - iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081 - ;; - "whitelist") - logsh "【$service】" "添加国外白名单规则..." - iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-ports 1081 - iptables -t nat -A SHADOWSOCK -p tcp -m set ! --match-set nogfwnet dst -j REDIRECT --to-ports 1081 - ;; - "wholemode") - logsh "【$service】" "添加全局模式iptables规则..." - iptables -t nat -A SHADOWSOCK -p tcp -j REDIRECT --to-ports 1081 - ;; - "homemode") - logsh "【$service】" "添加回国模式规则..." - iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-ports 1081 - iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set nogfwnet dst -j REDIRECT --to-ports 1081 - ;; - esac + case "$ss_mode" in + "gfwlist") + logsh "【$service】" "添加国外黑名单规则..." + iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-port 1081 + iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081 + ;; + "whitelist") + logsh "【$service】" "添加国外白名单规则..." + iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-ports 1081 + iptables -t nat -A SHADOWSOCK -p tcp -m set ! --match-set nogfwnet dst -j REDIRECT --to-ports 1081 + ;; + "wholemode") + logsh "【$service】" "添加全局模式iptables规则..." + iptables -t nat -A SHADOWSOCK -p tcp -j REDIRECT --to-ports 1081 + ;; + "homemode") + logsh "【$service】" "添加回国模式规则..." + iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-ports 1081 + iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set nogfwnet dst -j REDIRECT --to-ports 1081 + ;; + esac - if [ "$ssgena" == '1' ]; then - logsh "【$service】" "加载iptables的udp规则..." - ip rule add fwmark 0x01/0x01 table 300 - ip route add local 0.0.0.0/0 dev lo table 300 - iptables -t mangle -N SHADOWSOCKS - iptables -t mangle -N SHADOWSOCK - # iptables -t mangle -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN - # iptables -t mangle -A SHADOWSOCKS -d 127.0.0.1/16 -j RETURN - # iptables -t mangle -A SHADOWSOCKS -d $lanip/16 -j RETURN - # iptables -t mangle -A SHADOWSOCKS -d $wanip/16 -j RETURN - # iptables -t mangle -A SHADOWSOCKS -d $ss_server -j RETURN - iptables -t mangle -A SHADOWSOCK -p udp -m set --match-set customize_white dst -j RETURN - # chmod -x /opt/filetunnel/stunserver > /dev/null 2>&1 - # killall -9 stunserver > /dev/null 2>&1 - fi - case "ssg_mode" in - "cngame") - logsh "【$service】" "添加国内游戏iptables规则..." - iptables -t mangle -A SHADOWSOCK -p udp -m set ! --match-set gfwlist dst -j TPROXY --on-port "$ssg_port" --tproxy-mark 0x01/0x01 - ;; - "frgame") - logsh "【$service】" "添加国外游戏iptables规则..." - iptables -t mangle -A SHADOWSOCK -p udp -m set ! --match-set nogfwnet dst -j TPROXY --on-port "$ssg_port" --tproxy-mark 0x01/0x01 - ;; - esac + if [ "$ssgena" == '1' ]; then + logsh "【$service】" "加载iptables的udp规则..." + ip rule add fwmark 0x01/0x01 table 300 + ip route add local 0.0.0.0/0 dev lo table 300 + iptables -t mangle -N SHADOWSOCKS + iptables -t mangle -N SHADOWSOCK + # iptables -t mangle -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN + # iptables -t mangle -A SHADOWSOCKS -d 127.0.0.1/16 -j RETURN + # iptables -t mangle -A SHADOWSOCKS -d $lanip/16 -j RETURN + # iptables -t mangle -A SHADOWSOCKS -d $wanip/16 -j RETURN + # iptables -t mangle -A SHADOWSOCKS -d $ss_server -j RETURN + iptables -t mangle -A SHADOWSOCK -p udp -m set --match-set customize_white dst -j RETURN + # chmod -x /opt/filetunnel/stunserver > /dev/null 2>&1 + # killall -9 stunserver > /dev/null 2>&1 + fi + case "ssg_mode" in + "cngame") + logsh "【$service】" "添加国内游戏iptables规则..." + iptables -t mangle -A SHADOWSOCK -p udp -m set ! --match-set gfwlist dst -j TPROXY --on-port "$ssg_port" --tproxy-mark 0x01/0x01 + ;; + "frgame") + logsh "【$service】" "添加国外游戏iptables规则..." + iptables -t mangle -A SHADOWSOCK -p udp -m set ! --match-set nogfwnet dst -j TPROXY --on-port "$ssg_port" --tproxy-mark 0x01/0x01 + ;; + esac - lan_control - # last nat - iptablenu=$(iptables -nvL PREROUTING -t nat | sed 1,2d | sed -n '/KOOLPROXY/=' | head -n1) - if [ -z "$iptablenu" ];then - iptablenu=2 - fi - iptables -t nat -I PREROUTING "$iptablenu" -p tcp -j SHADOWSOCKS - [ "$ssgena" == '1' ] && iptables -t mangle -A PREROUTING -p udp -j SHADOWSOCKS + lan_control + # last nat + iptablenu=$(iptables -nvL PREROUTING -t nat | sed 1,2d | sed -n '/KOOLPROXY/=' | head -n1) + if [ -z "$iptablenu" ];then + iptablenu=2 + fi + iptables -t nat -I PREROUTING "$iptablenu" -p tcp -j SHADOWSOCKS + [ "$ssgena" == '1' ] && iptables -t mangle -A PREROUTING -p udp -j SHADOWSOCKS } start_kcp() { - if [ "$kcp_enable" = '1' ]; then - [ -z "$ss_kcp_node" ] && logsh "【$service】" "未配置kcp加速节点,不启用kcp!" && return - logsh "【$service】" "启动kcptun加速主进程($ss_kcp_node)..." - ss_kcp_node=`nslookup $ss_kcp_node | sed 1,2d | grep -Eo "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | head -1` - [ "$ss_server" != "$ss_kcp_node" ] && logsh "【$service】" "加速kcp服务器地址与ss服务器地址不一致,不启用kcp" && return - # [ "$proxy_type" = "v2ray" ] && logsh "【$service】" "启动代理节点类型为v2ray,不启用kcp" && return - [ -z "$ss_kcp_mtu" ] && ss_kcp_mtu="1350" - [ -z "$ss_kcp_sndwnd" ] && ss_kcp_sndwnd="128" - [ -z "$ss_kcp_rcvwnd" ] && ss_kcp_rcvwnd="1024" - [ -z "$ss_kcp_conn" ] && ss_kcp_conn="1" - [ -z "$ss_kcp_compon" ] && ss_kcp_compon="1" - daemon ${mbroot}/apps/${appname}/bin/kcptun \ - --localaddr 127.0.0.1:11183 \ - --remoteaddr $ss_kcp_node:$ss_kcp_port \ - --key $ss_kcp_password \ - --crypt $ss_kcp_crypt \ - --mode $ss_kcp_mode \ - --mtu $ss_kcp_mtu \ - --sndwnd $ss_kcp_sndwnd \ - --rcvwnd $ss_kcp_rcvwnd \ - --conn $ss_kcp_conn \ - --nocomp $ss_kcp_compon \ - --log ${mbroot}/var/log/kcptun.log \ - $ss_kcp_config - [ $? -ne 0 ] && logsh "【$service】" "启动失败!" && exit 1 - fi + if [ "$kcp_enable" = '1' ]; then + [ -z "$ss_kcp_node" ] && logsh "【$service】" "未配置kcp加速节点,不启用kcp!" && return + logsh "【$service】" "启动kcptun加速主进程($ss_kcp_node)..." + # [ "$proxy_type" = "v2ray" ] && logsh "【$service】" "启动代理节点类型为v2ray,不启用kcp" && return + [ -z "$ss_kcp_mtu" ] && ss_kcp_mtu="1350" + [ -z "$ss_kcp_sndwnd" ] && ss_kcp_sndwnd="128" + [ -z "$ss_kcp_rcvwnd" ] && ss_kcp_rcvwnd="1024" + [ -z "$ss_kcp_conn" ] && ss_kcp_conn="1" + [ -z "$ss_kcp_compon" ] && ss_kcp_compon="1" + daemon ${mbroot}/apps/${appname}/bin/kcptun \ + --localaddr=127.0.0.1:11183 \ + --remoteaddr=$ss_kcp_node:$ss_kcp_port \ + --key=$ss_kcp_password \ + --crypt=$ss_kcp_crypt \ + --mode=$ss_kcp_mode \ + --mtu=$ss_kcp_mtu \ + --sndwnd=$ss_kcp_sndwnd \ + --rcvwnd=$ss_kcp_rcvwnd \ + --conn=$ss_kcp_conn \ + --nocomp=$ss_kcp_nocomp \ + --dscp=$ss_kcp_dscp \ + --sockbuf=$ss_kcp_sockbuf \ + --smuxbuf=$ss_kcp_smuxbuf \ + --log=${mbroot}/var/log/kcptun.log \ + $ss_kcp_config + [ $? -ne 0 ] && logsh "【$service】" "启动失败!" && exit 1 + kcp_started=1 + fi } detect_status() { - [ ! -s ${mbroot}/apps/${appname}/config/ssserver.conf -a ! -s ${mbroot}/apps/${appname}/config/ssserver_online.conf ] && logsh "【$service】" "没有添加ss服务器!" && exit - result=$(ps | grep -E 'ss-redir|ssr-redir' | grep -v grep | wc -l) - if [ "$result" != '0' ];then - logsh "【$service】" "SS已经在运行!" - exit - fi + [ ! -s ${mbroot}/apps/${appname}/config/ssserver.conf -a ! -s ${mbroot}/apps/${appname}/config/ssserver_online.conf ] && logsh "【$service】" "没有添加ss服务器!" && exit + result=$(ps | grep -E 'ss-redir|ssr-redir' | grep -v grep | wc -l) + if [ "$result" != '0' ];then + logsh "【$service】" "SS已经在运行!" + exit + fi } write_cron_job() { - cru a "${appname}"_rule "20 5 * * * ${mbroot}/apps/${appname}/scripts/ss_rule_update.sh" - cru a "${appname}"_online "0 */6 * * * ${mbroot}/apps/${appname}/scripts/ss_online_update.sh" - cru a "${appname}" "0 6 * * * ${mbroot}/apps/${appname}/scripts/${appname}.sh restart" + cru a "${appname}"_rule "20 5 * * * ${mbroot}/apps/${appname}/scripts/ss_rule_update.sh" + cru a "${appname}"_online "0 */6 * * * ${mbroot}/apps/${appname}/scripts/ss_online_update.sh" + cru a "${appname}" "0 6 * * * ${mbroot}/apps/${appname}/scripts/${appname}.sh restart" } remote_cron_job() { - cru d "${appname}"_rule - cru d "${appname}"_online - cru d "${appname}" + cru d "${appname}"_rule + cru d "${appname}"_online + cru d "${appname}" } start_haveged () { - # 启动haveged用于生成随机数 - [ -x ${mbroot}/apps/${appname}/bin/haveged ] && ${mbroot}/apps/${appname}/bin/haveged -w 1024 &> /dev/null + # 启动haveged用于生成随机数 + [ -x ${mbroot}/apps/${appname}/bin/haveged ] && ${mbroot}/apps/${appname}/bin/haveged -w 1024 &> /dev/null } start_main_process() { - if [ "$proxy_type" = "v2ray" ]; then - logsh "【$service】" "启动代理为v2ray,测试配置文件" - # rm -rf ${mbroot}/bin/v2ray ${mbroot}/bin/v2ctl - # ln -s ${mbroot}/apps/${appname}/bin/v2ray ${mbroot}/bin/v2ray - # ln -s ${mbroot}/apps/${appname}/bin/v2ctl ${mbroot}/bin/v2ctl - killall -9 v2ray &> /dev/null - cd ${mbroot}/bin - result=$(${mbroot}/apps/${appname}/bin/v2ray -test -config="${mbroot}/apps/${appname}/config/v2ray.json" | grep "Configuration OK.") - [ -z "$result" ] && logsh "【$service】" "配置文件测试失败!" && exit 1 - logsh "【$service】" "启动v2ray主进程($id)..." - [ -z "$ss_mode" ] && logsh "【$service】" "未配置${appname}运行模式!" && exit 1 - daemon ${mbroot}/apps/${appname}/bin/v2ray -config="${mbroot}/apps/${appname}/config/v2ray.json" - [ $? -ne 0 ] && logsh "【$service】" "启动失败!" && exit 1 + if [ "$proxy_type" = "v2ray" ]; then + logsh "【$service】" "启动代理为v2ray,测试配置文件" + # rm -rf ${mbroot}/bin/v2ray ${mbroot}/bin/v2ctl + # ln -s ${mbroot}/apps/${appname}/bin/v2ray ${mbroot}/bin/v2ray + # ln -s ${mbroot}/apps/${appname}/bin/v2ctl ${mbroot}/bin/v2ctl + killall -9 v2ray &> /dev/null + cd ${mbroot}/bin + result=$(${mbroot}/apps/${appname}/bin/v2ray -test -config="${mbroot}/apps/${appname}/config/v2ray.json" | grep "Configuration OK.") + [ -z "$result" ] && logsh "【$service】" "配置文件测试失败!" && exit 1 + logsh "【$service】" "启动v2ray主进程($id)..." + [ -z "$ss_mode" ] && logsh "【$service】" "未配置${appname}运行模式!" && exit 1 + daemon ${mbroot}/apps/${appname}/bin/v2ray -config="${mbroot}/apps/${appname}/config/v2ray.json" + [ $? -ne 0 ] && logsh "【$service】" "启动失败!" && exit 1 else - logsh "【$service】" "启动ss主进程($id)..." - [ -z "$ss_mode" ] && logsh "【$service】" "未配置${appname}运行模式!" && exit 1 - killall ss-redir &> /dev/null - killall ssr-redir &> /dev/null - daemon $APPPATH -b 0.0.0.0 -u -c ${mbroot}/apps/${appname}/config/ss.conf - [ $? -ne 0 ] && logsh "【$service】" "启动失败!" && exit 1 - start_kcp - fi + logsh "【$service】" "启动ss主进程($id)..." + [ -z "$ss_mode" ] && logsh "【$service】" "未配置${appname}运行模式!" && exit 1 + killall ss-redir &> /dev/null + killall ssr-redir &> /dev/null + daemon $APPPATH -b 0.0.0.0 -u -c ${mbroot}/apps/${appname}/config/ss.conf + [ $? -ne 0 ] && logsh "【$service】" "启动失败!" && exit 1 + fi } start_game_process() { - if [ "$ssgena" == 1 ]; then - if [ "$proxy_type_game" = "v2ray" ]; then - logsh "【$service】" "游戏加速使用v2ray代理模式!" - [ -z "$ssg_mode" ] && logsh "【$service】" "未配置游戏进程运行模式!" && exit 1 - ssg_port=1081 - else - logsh "【$service】" "启动ss游戏进程($ssgid)..." - [ -z "$ssg_mode" ] && logsh "【$service】" "未配置${appname}游戏运行模式!" && exit 1 - if [ "$ssgid" != "$id" ]; then - daemon ${mbroot}/apps/${appname}/bin/ssg-redir -b 0.0.0.0 -u -c ${mbroot}/apps/${appname}/config/ssg.conf - if [ $? -ne 0 ]; then - logsh "【$service】" "启动失败!" - exit 1 - fi - ssg_port=1085 - else - ssg_port=1081 - fi - fi - fi + if [ "$ssgena" == 1 ]; then + if [ "$proxy_type_game" = "v2ray" ]; then + logsh "【$service】" "游戏加速使用v2ray代理模式!" + [ -z "$ssg_mode" ] && logsh "【$service】" "未配置游戏进程运行模式!" && exit 1 + ssg_port=1081 + else + logsh "【$service】" "启动ss游戏进程($ssgid)..." + [ -z "$ssg_mode" ] && logsh "【$service】" "未配置${appname}游戏运行模式!" && exit 1 + if [ "$ssgid" != "$id" ]; then + daemon ${mbroot}/apps/${appname}/bin/ssg-redir -b 0.0.0.0 -u -c ${mbroot}/apps/${appname}/config/ssg.conf + if [ $? -ne 0 ]; then + logsh "【$service】" "启动失败!" + exit 1 + fi + ssg_port=1085 + else + ssg_port=1081 + fi + fi + fi } flush_ss_rules() { - logsh "【$service】" "清除iptables规则..." - eval `iptables -t nat -S | grep SHADOWSOCK | sed -e "s/-A/iptables -t nat -D/" | sed -e 's/$/;/g'` &> /dev/null - ip rule del fwmark 0x01/0x01 table 300 &> /dev/null - ip route del local 0.0.0.0/0 dev lo table 300 &> /dev/null - iptables -t mangle -D PREROUTING -p udp -j SHADOWSOCKS &> /dev/null - iptables -t nat -D PREROUTING -p tcp -j SHADOWSOCKS &> /dev/null - iptables -t mangle -F SHADOWSOCKS &> /dev/null - iptables -t mangle -X SHADOWSOCKS &> /dev/null - iptables -t mangle -F SHADOWSOCK &> /dev/null - iptables -t mangle -X SHADOWSOCK &> /dev/null - iptables -t nat -F SHADOWSOCK &> /dev/null - iptables -t nat -X SHADOWSOCK &> /dev/null - iptables -t nat -F SHADOWSOCKS &> /dev/null - iptables -t nat -X SHADOWSOCKS &> /dev/null - iptables -t nat -D PREROUTING -s $lanip/24 -p udp --dport 53 -j DNAT --to $dns_red_ip > /dev/null 2>&1 - eval `iptables -t nat -S | grep "${appname}"-dns | head -1 | sed -e "s/-A/iptables -t nat -D/"` &> /dev/null - iptables -t nat -D OUTPUT -p tcp -m set --match-set router dst -j REDIRECT --to-ports 1081 &> /dev/null - chmod +x /opt/filetunnel/stunserver > /dev/null 2>&1 - ipset destroy nogfwnet &> /dev/null - ipset destroy gfwlist &> /dev/null - ipset destroy customize_black &> /dev/null - ipset destroy customize_white &> /dev/null - ipset destroy router &> /dev/null - rm -rf ${mbroot}/apps/${appname}/config/ss.conf - rm -rf ${mbroot}/apps/${appname}/config/dns2socks.conf - rm -rf ${mbroot}/apps/${appname}/config/ssg.conf - rm -rf ${mbroot}/apps/${appname}/bin/ssg-redir - rm -rf ${mbtmp}/wblist.conf - rm -rf ${mbtmp}/gfwlist.conf - rm -rf ${mbtmp}/sscdn.conf - rm -rf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf > /dev/null 2>&1 - rm -rf /tmp/etc/dnsmasq.d/wblist.conf > /dev/null 2>&1 - rm -rf /tmp/etc/dnsmasq.d/cdn.conf &> /dev/null - # rm -rf ${mbroot}/bin/v2ray &> /dev/null - # rm -rf ${mbroot}/bin/v2ctl &> /dev/null - /etc/init.d/dnsmasq restart - sleep 1 + logsh "【$service】" "清除iptables规则..." + eval `iptables -t nat -S | grep SHADOWSOCK | sed -e "s/-A/iptables -t nat -D/" | sed -e 's/$/;/g'` &> /dev/null + ip rule del fwmark 0x01/0x01 table 300 &> /dev/null + ip route del local 0.0.0.0/0 dev lo table 300 &> /dev/null + iptables -t mangle -D PREROUTING -p udp -j SHADOWSOCKS &> /dev/null + iptables -t nat -D PREROUTING -p tcp -j SHADOWSOCKS &> /dev/null + iptables -t mangle -F SHADOWSOCKS &> /dev/null + iptables -t mangle -X SHADOWSOCKS &> /dev/null + iptables -t mangle -F SHADOWSOCK &> /dev/null + iptables -t mangle -X SHADOWSOCK &> /dev/null + iptables -t nat -F SHADOWSOCK &> /dev/null + iptables -t nat -X SHADOWSOCK &> /dev/null + iptables -t nat -F SHADOWSOCKS &> /dev/null + iptables -t nat -X SHADOWSOCKS &> /dev/null + iptables -t nat -D PREROUTING -s $lanip/24 -p udp --dport 53 -j DNAT --to $dns_red_ip > /dev/null 2>&1 + eval `iptables -t nat -S | grep "${appname}"-dns | head -1 | sed -e "s/-A/iptables -t nat -D/"` &> /dev/null + iptables -t nat -D OUTPUT -p tcp -m set --match-set router dst -j REDIRECT --to-ports 1081 &> /dev/null + chmod +x /opt/filetunnel/stunserver > /dev/null 2>&1 + ipset destroy nogfwnet &> /dev/null + ipset destroy gfwlist &> /dev/null + ipset destroy customize_black &> /dev/null + ipset destroy customize_white &> /dev/null + ipset destroy router &> /dev/null + rm -rf ${mbroot}/apps/${appname}/config/ss.conf + rm -rf ${mbroot}/apps/${appname}/config/dns2socks.conf + rm -rf ${mbroot}/apps/${appname}/config/ssg.conf + rm -rf ${mbroot}/apps/${appname}/bin/ssg-redir + rm -rf ${mbtmp}/wblist.conf + rm -rf ${mbtmp}/gfwlist.conf + rm -rf ${mbtmp}/sscdn.conf + rm -rf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf > /dev/null 2>&1 + rm -rf /tmp/etc/dnsmasq.d/wblist.conf > /dev/null 2>&1 + rm -rf /tmp/etc/dnsmasq.d/cdn.conf &> /dev/null + # rm -rf ${mbroot}/bin/v2ray &> /dev/null + # rm -rf ${mbroot}/bin/v2ctl &> /dev/null + /etc/init.d/dnsmasq restart + sleep 1 } # detect_process () { -# sleep 1 -# [ -n "$(pssh | grep dns2socks)" ] && local dns_process=1 -# if [ "$proxy_type" = "v2ray" ]; then -# [ -n "$(pssh | grep v2ray)" ] && local v2ray_process=1 -# [ -z "$dns_process" -o -z "$v2ray_process" ] && logsh "【$service】" "进程启动异常,请尝试重新启动或查看日志${mbroot}/var/log/${appname}.log" -# else -# [ -n "$(pssh | grep ss-redir)" ] && local ssredir_process=1 -# [ -n "$(pssh | grep ss-local)" ] && local sslocal_process=1 -# [ -z "$dns_process" -o -z "$ssredir_process" -o -z "$sslocal_process" ] && logsh "【$service】" "进程启动异常,请尝试重新启动或查看日志${mbroot}/var/log/${appname}.log" -# fi +# sleep 1 +# [ -n "$(pssh | grep dns2socks)" ] && local dns_process=1 +# if [ "$proxy_type" = "v2ray" ]; then +# [ -n "$(pssh | grep v2ray)" ] && local v2ray_process=1 +# [ -z "$dns_process" -o -z "$v2ray_process" ] && logsh "【$service】" "进程启动异常,请尝试重新启动或查看日志${mbroot}/var/log/${appname}.log" +# else +# [ -n "$(pssh | grep ss-redir)" ] && local ssredir_process=1 +# [ -n "$(pssh | grep ss-local)" ] && local sslocal_process=1 +# [ -z "$dns_process" -o -z "$ssredir_process" -o -z "$sslocal_process" ] && logsh "【$service】" "进程启动异常,请尝试重新启动或查看日志${mbroot}/var/log/${appname}.log" +# fi # } start() { - insmod ipt_REDIRECT 2>/dev/null + insmod ipt_REDIRECT 2>/dev/null - detect_status + detect_status - get_config + start_kcp - start_haveged + get_config - sleep 1 + start_haveged - start_main_process + sleep 1 + + start_main_process start_game_process - # [ "$smartdns" = '1' ] && ipset_rules_smartdns || ipset_rules - ipset_rules + # [ "$smartdns" = '1' ] && ipset_rules_smartdns || ipset_rules + ipset_rules - load_nat + load_nat - # [ "$smartdns" != '1' ] && dnsconfig - dnsconfig + # [ "$smartdns" != '1' ] && dnsconfig + dnsconfig - #添加定时更新规则 - write_cron_job + #添加定时更新规则 + write_cron_job - write_firewall_start + write_firewall_start - /etc/init.d/dnsmasq restart + /etc/init.d/dnsmasq restart - logsh "【$service】" "启动${appname}服务完成,启动失败可查看日志或多次重试!" + logsh "【$service】" "启动${appname}服务完成,启动失败可查看日志或多次重试!" - # detect_process + # detect_process } stop() { - - logsh "【$service】" "关闭ss主进程..." - killall -9 ss-redir > /dev/null 2>&1 - killall -9 ssr-redir > /dev/null 2>&1 - killall -9 ssg-redir > /dev/null 2>&1 - killall -9 ss-local > /dev/null 2>&1 - killall -9 ssr-local > /dev/null 2>&1 - killall -9 dns2socks > /dev/null 2>&1 - killall -9 v2ray &> /dev/null - killall -9 haveged &> /dev/null - #删除定时规则 - remove_firewall_start - remote_cron_job - #ps | grep dns2socks | grep -v grep | xargs kill -9 > /dev/null 2>&1 - flush_ss_rules + + logsh "【$service】" "关闭ss主进程..." + killall -9 ss-redir &> /dev/null + killall -9 ssr-redir &> /dev/null + killall -9 ssg-redir &> /dev/null + killall -9 ss-local &> /dev/null + killall -9 ssr-local &> /dev/null + killall -9 dns2socks &> /dev/null + killall -9 v2ray &> /dev/null + killall -9 haveged &> /dev/null + killall -9 kcptun &> /dev/null + #删除定时规则 + remove_firewall_start + remote_cron_job + #ps | grep dns2socks | grep -v grep | xargs kill -9 > /dev/null 2>&1 + flush_ss_rules } - - status() { - result1=$(pssh | grep -v status | grep -c "${appname}") - #http_status=`curl -s -w %{http_code} https://www.google.com.hk/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png -k -o /dev/null --socks5 127.0.0.1:1082` - #if [ "$result" == '0' ] || [ "$http_status" != "200" ]; then - result2=$(iptables -t nat -S | grep SHADOWSOCK) - [ "$ssgena" == '1' ] && ssgflag=", 游戏节点: $ssgid($ssg_mode)" + result1=$(pssh | grep -v status | grep -c "${appname}") + #http_status=`curl -s -w %{http_code} https://www.google.com.hk/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png -k -o /dev/null --socks5 127.0.0.1:1082` + #if [ "$result" == '0' ] || [ "$http_status" != "200" ]; then + result2=$(iptables -t nat -S | grep SHADOWSOCK) + process_count=3 + [ "$ssgena" == '1' ] && ssgflag=", 游戏节点: $ssgid($ssg_mode)" + if [ "$kcp_enable" == '1' ]; then + ssgflag="$ssgflag, kcptun($ss_kcp_node):" + let "process_count++" + [ "$(pssh | grep -c kcptun)" -eq 1 ] && ssgflag="$ssgflag 运行中" || ssgflag="$ssgflag 未运行" + fi - process_count=3 - if [ "$proxy_type" == "v2ray" ]; then - process_count=2 - fi + if [ "$proxy_type" == "v2ray" ]; then + let "process_count--" + fi - if [ "$result1" -ge $process_count ]; then - if [ -n "$result2" ]; then - status="运行节点: $id($ss_mode)$ssgflag|1" - else - status="ss链路异常,可以尝试重启服务!|0" - fi - else - status="未运行|0" - fi - mbdb set $appname.main.status="$status" + if [ "$result1" -ge $process_count ]; then + if [ -n "$result2" ]; then + status="运行节点: $id($ss_mode)$ssgflag|1" + else + status="ss链路异常,可以尝试重启服务!|0" + fi + else + status="未运行|0" + fi + mbdb set $appname.main.status="$status" }