xm/MIXBOX-ARCHIVE
1
0
Fork 0
mirror of https://github.com/monlor/MIXBOX-ARCHIVE.git synced 2026-03-10 23:41:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
216802e228db5147599c20fe642b08327a957e2d
MIXBOX-ARCHIVE/apps/shadowsocks/scripts/shadowsocks.sh
Fred Liang 7436d54fb8 fix: check if dnsmasq tmp dir exists
2020-05-27 17:15:42 +08:00

782 lines
30 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/sh
source /etc/mixbox/bin/base
eval `mbdb export shadowsocks`
[ -z "$CDN" ] && CDN=223.5.5.5
[ -z "$DNS_SERVER" ] && DNS_SERVER=8.8.8.8
[ -z "$DNS_SERVER_PORT" ] && DNS_SERVER_PORT=53
[ -z "$ss_proxy_default_mode" ] && ss_proxy_default_mode=1
[ -z "$ss_game_default_mode" ] && ss_game_default_mode=0
[ -z "$dns_red_ip" ] && dns_red_ip="$lanip"
[ "$ssgena" != "1" ] && unset ssg_mode
get_v2ray_bin() {
result1=$(curl -skL $mburl/appsbin/v2ray-bin/$model/lastest.txt) &> /dev/null
result2=$(${mbroot}/apps/${appname}/bin/v2ray -version | head -1 | cut -d' ' -f2) &> /dev/null
if [ -z "$result1" ]; then
logsh "$service" "获取v2ray在线版本失败请检查网络"
else
logsh "$service" "检测v2ray版本本地版本$result2,在线版本:$result1"
if [ "$result1" != "$result2" ]; then
logsh "$service" "版本不一致,正在更新..."
wgetsh ${mbroot}/apps/${appname}/bin/v2ray $mburl/appsbin/v2ray-bin/$model/v2ray
wgetsh ${mbroot}/apps/${appname}/bin/v2ctl $mburl/appsbin/v2ray-bin/$model/v2ctl
chmod +x ${mbroot}/apps/${appname}/bin/v2ray
chmod +x ${mbroot}/apps/${appname}/bin/v2ctl
fi
fi
}
get_config() {
logsh "$service" "创建节点配置文件..."
[ -z "$id" ] && logsh "$service" "未配置运行节点!" && exit
local_ip=0.0.0.0
[ -z "$id" ] && logsh "$service" "未配置运行节点!" && exit 1
idinfo=`cat ${mbroot}/apps/${appname}/config/ssserver* | grep ",$id," | head -1`
[ -z "$idinfo" ] && logsh "$service" "未找到配置节点:$id" && exit
proxy_type=`cutsh "$idinfo" 1`
ss_name=`cutsh "$idinfo" 2`
ss_server=`cutsh "$idinfo" 3`
IFIP=`echo $ss_server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}|:"`
if [ -z "$IFIP" ]; then
ss_server_tmp=`nslookup $ss_server | sed 1,2d | grep -Eo "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | head -1`
[ -z "$ss_server_tmp" ] && logsh "$service" "服务器地址解析失败,跳过解析!" || ss_server="$ss_server_tmp"
fi
if [ "$proxy_type" = "v2ray" ]; then
get_v2ray_bin
${mbroot}/apps/${appname}/scripts/general_v2ray_config.sh "$id"
else
ss_server_port=`cutsh "$idinfo" 4`
ss_password=`cutsh "$idinfo" 5`
ss_method=`cutsh "$idinfo" 6`
ssr_protocol=`cutsh "$idinfo" 7`
ssr_obfs=`cutsh "$idinfo" 8`
ssr_protocol_param=`cutsh "$idinfo" 9`
ssr_obfs_param=`cutsh "$idinfo" 10`
# 如果kcp成功启动应该把ss服务端指向kcp服务端口
if [ "$kcp_started" = 1 ]; then
ss_server=127.0.0.1
ss_server_port=11183
fi
#生成配置文件
if [ "$proxy_type" = "ss" ]; then
APPPATH=${mbroot}/apps/${appname}/bin/ss-redir
LOCALPATH=${mbroot}/apps/${appname}/bin/ss-local
# 如果启用了ss混淆
if [ -n "$ssr_protocol_param" ]; then
cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF
{
"server": "$ss_server",
"server_port": $ss_server_port,
"local_address": "0.0.0.0",
"local_port": 1081,
"password": "$ss_password",
"timeout": 600,
"method": "$ss_method",
"plugin":"${mbroot}/apps/${appname}/bin/obfs-local",
"plugin_opts":"obfs=$ssr_protocol_param;obfs-host=$ssr_obfs_param"
}
EOF
else
cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF
{
"server": "$ss_server",
"server_port": $ss_server_port,
"local_address": "0.0.0.0",
"local_port": 1081,
"password": "$ss_password",
"timeout": 600,
"method": "$ss_method"
}
EOF
fi
else
APPPATH=${mbroot}/apps/${appname}/bin/ssr-redir
LOCALPATH=${mbroot}/apps/${appname}/bin/ssr-local
cat > ${mbroot}/apps/${appname}/config/ss.conf <<-EOF
{
"server": "$ss_server",
"server_port": $ss_server_port,
"local_address": "0.0.0.0",
"local_port": 1081,
"password": "$ss_password",
"timeout": 600,
"protocol": "$ssr_protocol",
"protocol_param": "$ssr_protocol_param",
"obfs": "$ssr_obfs",
"obfs_param": "$ssr_obfs_param",
"method": "$ss_method"
}
EOF
fi
cp ${mbroot}/apps/${appname}/config/ss.conf ${mbroot}/apps/${appname}/config/dns2socks.conf && sed -i 's/1081/1082/g' ${mbroot}/apps/${appname}/config/dns2socks.conf
fi
if [ "$ssgena" == '1' ]; then
[ -z "$ssgid" ] && logsh "$service" "未配置游戏运行节点!" && exit
idinfo=`cat ${mbroot}/apps/${appname}/config/ssserver* | grep ",$ssgid," | head -1`
[ -z "$idinfo" ] && logsh "$service" "未找到配置节点:$ssgid" && exit
proxy_type_game=`cutsh "$idinfo" 1`
ssg_name=`cutsh "$idinfo" 2`
ssg_server=`cutsh "$idinfo" 3`
if [ "$proxy_type" = "v2ray" -a "$proxy_type_game" != "v2ray" -a "$ssg_server" != "$ss_server" ]; then
logsh "$service" "当主进程为v2ray代理时游戏进程只能选择同样的v2ray节点"
return
ssgena=0
fi
if [ "$proxy_type" != "v2ray" -a "$proxy_type_game" = "v2ray" ]; then
logsh "$service" "只有当主进程为v2ray代理时游戏进程才能启用v2ray"
return
ssgena=0
fi
[ "$proxy_type_game" = "v2ray" -o "$ssgid" == "$id" ] && return
ssg_server_port=`cutsh "$idinfo" 4`
ssg_password=`cutsh "$idinfo" 5`
ssg_method=`cutsh "$idinfo" 6`
ssg_protocol=`cutsh "$idinfo" 7`
ssg_obfs=`cutsh "$idinfo" 8`
ssg_protocol_param=`cutsh "$idinfo" 9`
ssg_obfs_param=`cutsh "$idinfo" 10`
IFIP=`echo $ssg_server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}|:"`
if [ -z "$IFIP" ]; then
ssg_server_tmp=`resolveip $ssg_server | head -1`
[ $? -ne 0 ] && logsh "$service" "游戏服务器地址解析失败,跳过解析!" || ssg_server="$ssg_server_tmp"
fi
if [ "$proxy_type_game" = "ss" ]; then
cp -rf ${mbroot}/apps/${appname}/bin/ss-redir ${mbroot}/apps/${appname}/bin/ssg-redir
# 如果启用了ss混淆
if [ -n "$ssg_protocol_param" ]; then
cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF
{
"server": "$ssg_server",
"server_port": $ssg_server_port,
"local_address": "0.0.0.0",
"local_port": 1085,
"password": "$ssg_password",
"timeout": 600,
"method": "$ssg_method",
"plugin":"${mbroot}/apps/${appname}/bin/obfs-local",
"plugin_opts":"obfs=$ssg_protocol_param;obfs-host=$ssg_obfs_param"
}
EOF
else
cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF
{
"server": "$ssg_server",
"server_port": $ssg_server_port,
"local_address": "0.0.0.0",
"local_port": 1085,
"password": "$ssg_password",
"timeout": 600,
"method": "$ssg_method"
}
EOF
fi
else
cp -rf ${mbroot}/apps/${appname}/bin/ssr-redir ${mbroot}/apps/${appname}/bin/ssg-redir
cat > ${mbroot}/apps/${appname}/config/ssg.conf <<-EOF
{
"server": "$ssg_server",
"server_port": $ssg_server_port,
"local_address": "0.0.0.0",
"local_port": 1085,
"password": "$ssg_password",
"timeout": 600,
"protocol": "$ssg_protocol",
"protocol_param": "$ssg_protocol_param",
"obfs": "$ssg_obfs",
"obfs_param": "$ssg_obfs_param",
"method": "$ssg_method"
}
EOF
fi
fi
# 保存代理类型
mbdb set ${appname}.main.proxy_type="$proxy_type"
}
dnsconfig() {
killall ss-local &> /dev/null
killall dns2socks > /dev/null 2>&1
if [ "$proxy_type" != "v2ray" ]; then
logsh "$service" "启动ss-local本地socks5代理..."
daemon $LOCALPATH -c ${mbroot}/apps/${appname}/config/dns2socks.conf
fi
logsh "$service" "开启dns2socks进程..."
daemon ${mbroot}/apps/${appname}/bin/dns2socks 127.0.0.1:1082 $DNS_SERVER:$DNS_SERVER_PORT 127.0.0.1:15353
if [ $? -ne 0 ]; then
logsh "$service" "启动失败!"
exit
fi
if [ "$dns_red_enable" == '1' ]; then
logsh "$service" "启用DNS重定向到$dns_red_ip"
iptables -t nat -I PREROUTING -s $lanip/24 -p udp --dport 53 -m comment --comment "${appname}"-dns -j DNAT --to $dns_red_ip &> /dev/null
fi
}
get_mode_name() {
case "$1" in
0)
echo "不走代理"
;;
1)
echo "科学上网"
;;
esac
}
get_game_mode() {
case "$1" in
0)
echo "不走游戏"
;;
1)
echo "游戏加速"
;;
esac
}
get_jump_mode(){
case "$1" in
0)
echo "-j"
;;
*)
echo "-g"
;;
esac
}
get_action_chain() {
case "$1" in
0)
echo "RETURN"
;;
1)
echo "SHADOWSOCK"
;;
esac
}
ipset_rules_smartdns() {
# ipset deal
logsh "$service" "创建ipset规则..."
[ ! -f ${mbroot}/apps/${appname}/config/customize_black.conf ] && touch ${mbroot}/apps/${appname}/config/customize_black.conf
[ ! -f ${mbroot}/apps/${appname}/config/customize_white.conf ] && touch ${mbroot}/apps/${appname}/config/customize_white.conf
rm -rf ${mbtmp}/wblist.conf
rm -rf ${mbtmp}/sscdn.conf
ipset -N customize_black iphash -!
ipset -N customize_white iphash -!
ipset -N router iphash -!
ipset -N gfwlist iphash -!
# 生成自定义黑名单规则最后4个为tg的ip
ip_tg="149.154.0.0 91.108.4.0 91.108.56.0 109.239.140.0 67.198.55.0 91.108.4.0/22 91.108.56.0/22 149.154.160.0/20 149.154.164.0/22"
for ip in $ip_tg
do
ipset -! add customize_black $ip >/dev/null 2>&1
done
cat ${mbroot}/apps/${appname}/config/customize_black.conf | grep -Ev '^$|^[#;]' | while read line
do
if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then
echo "ipset=/.${line}/customize_black" >> ${mbtmp}/wblist.conf
else
ipset -! add customize_black ${line} &> /dev/null
fi
done
# 路由器自身规则
if [ "$ss_mode" != "homemode" ]; then
echo "#for router itself" >> ${mbtmp}/wblist.conf
echo "ipset=/.google.com.tw/router" >> ${mbtmp}/wblist.conf
echo "ipset=/dns.google.com/router" >> ${mbtmp}/wblist.conf
echo "ipset=/.github.com/router" >> ${mbtmp}/wblist.conf
echo "ipset=/.github.io/router" >> ${mbtmp}/wblist.conf
echo "ipset=/.raw.githubusercontent.com/router" >> ${mbtmp}/wblist.conf
echo "ipset=/.adblockplus.org/router" >> ${mbtmp}/wblist.conf
echo "ipset=/.entware.net/router" >> ${mbtmp}/wblist.conf
echo "ipset=/.apnic.net/router" >> ${mbtmp}/wblist.conf
fi
# 生成自定义白名单规则
ip_tg="$lanip $wanip $ss_server $ssg_server $CDN 10.0.0.0 100.64.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 224.0.0.0 240.0.0.0 223.5.5.5 223.6.6.6 114.114.114.114 114.114.115.115 1.2.4.8 210.2.4.8 112.124.47.27 114.215.126.16 180.76.76.76 119.29.29.29 0.0.0.0"
for ip in $ip_tg; do
ipset -! add customize_white $ip >/dev/null 2>&1
done
cat ${mbroot}/apps/${appname}/config/customize_white.conf | grep -Ev '^$|^[#;]' | while read line
do
if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then
echo "ipset=/.${line}/customize_white" >> ${mbtmp}/wblist.conf
else
ipset -! add customize_white ${line} &> /dev/null
fi
done
echo "ipset=/.apple.com/customize_white" >> ${mbtmp}/wblist.conf
echo "ipset=/.microsoft.com/customize_white" >> ${mbtmp}/wblist.conf
#黑白名单规则
if [ "$ss_mode" = "whitelist" -o "$ssg_mode" = "frgame" ]; then
sed -e "s/^/-A nogfwnet &/g" -e "1 i\-N nogfwnet hash:net" ${mbroot}/apps/${appname}/config/chnroute.txt | ipset -R -!
elif [ "$ss_mode" = "gfwlist" -o "$ssg_mode" = "cngame" ]; then
cp -rf ${mbroot}/apps/${appname}/config/gfwlist.conf ${mbtmp}/gfwlist.conf
sed -i 's/7913/15353/g' ${mbtmp}/gfwlist.conf
sed -i '/^server/d' ${mbtmp}/gfwlist.conf
ln -s ${mbtmp}/gfwlist.conf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf
fi
# 使规则生效
ln -s ${mbtmp}/wblist.conf /tmp/etc/dnsmasq.d/wblist.conf
}
ipset_rules() {
# ipset deal
logsh "$service" "创建ipset规则..."
[ ! -f ${mbroot}/apps/${appname}/config/customize_black.conf ] && touch ${mbroot}/apps/${appname}/config/customize_black.conf
[ ! -f ${mbroot}/apps/${appname}/config/customize_white.conf ] && touch ${mbroot}/apps/${appname}/config/customize_white.conf
rm -rf ${mbtmp}/wblist.conf
rm -rf ${mbtmp}/sscdn.conf
ipset -N customize_black iphash -!
ipset -N customize_white iphash -!
ipset -N router iphash -!
ipset -N gfwlist iphash -!
# 生成自定义黑名单规则最后4个为tg
ip_tg="149.154.0.0 91.108.4.0 91.108.56.0 109.239.140.0 67.198.55.0 91.108.4.0/22 91.108.56.0/22 149.154.160.0/20 149.154.164.0/22"
for ip in $ip_tg
do
ipset -! add customize_black $ip >/dev/null 2>&1
done
cat ${mbroot}/apps/${appname}/config/customize_black.conf | grep -Ev '^$|^[#;]' | while read line
do
if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then
echo "server=/.${line}/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.${line}/customize_black" >> ${mbtmp}/wblist.conf
else
ipset -! add customize_black ${line} &> /dev/null
fi
done
# 路由器自身规则
if [ "$ss_mode" != "homemode" ]; then
echo "#for router itself" >> ${mbtmp}/wblist.conf
echo "server=/.google.com.tw/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.google.com.tw/router" >> ${mbtmp}/wblist.conf
echo "server=/dns.google.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/dns.google.com/router" >> ${mbtmp}/wblist.conf
echo "server=/.github.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.github.com/router" >> ${mbtmp}/wblist.conf
echo "server=/.github.io/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.github.io/router" >> ${mbtmp}/wblist.conf
echo "server=/.raw.githubusercontent.com/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.raw.githubusercontent.com/router" >> ${mbtmp}/wblist.conf
echo "server=/.adblockplus.org/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.adblockplus.org/router" >> ${mbtmp}/wblist.conf
echo "server=/.entware.net/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.entware.net/router" >> ${mbtmp}/wblist.conf
echo "server=/.apnic.net/127.0.0.1#15353" >> ${mbtmp}/wblist.conf
echo "ipset=/.apnic.net/router" >> ${mbtmp}/wblist.conf
fi
# 生成自定义白名单规则
ip_tg="$lanip $wanip $ss_server $ssg_server $CDN 10.0.0.0 100.64.0.0 127.0.0.0 169.254.0.0 172.16.0.0 192.168.0.0 224.0.0.0 240.0.0.0 223.5.5.5 223.6.6.6 114.114.114.114 114.114.115.115 1.2.4.8 210.2.4.8 112.124.47.27 114.215.126.16 180.76.76.76 119.29.29.29 0.0.0.0"
for ip in $ip_tg; do
ipset -! add customize_white $ip >/dev/null 2>&1
done
cat ${mbroot}/apps/${appname}/config/customize_white.conf | grep -Ev '^$|^[#;]' | while read line
do
if [ -z "$(echo ${line} | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")" ]; then
echo "server=/.${line}/$CDN#53" >> ${mbtmp}/wblist.conf
echo "ipset=/.${line}/customize_white" >> ${mbtmp}/wblist.conf
else
ipset -! add customize_white ${line} &> /dev/null
fi
done
if [ "$ss_mode" != "homemode" ]; then
echo "server=/.apple.com/$CDN#53" >> ${mbtmp}/wblist.conf
echo "ipset=/.apple.com/customize_white" >> ${mbtmp}/wblist.conf
echo "server=/.microsoft.com/$CDN#53" >> ${mbtmp}/wblist.conf
echo "ipset=/.microsoft.com/customize_white" >> ${mbtmp}/wblist.conf
fi
#黑白名单规则
test ! -d /tmp/etc/dnsmasq.d && mkdir -p /tmp/etc/dnsmasq.d
if [ "$ss_mode" = "whitelist" -o "$ssg_mode" = "frgame" -o "$ss_mode" = "homemode" ]; then
sed -e "s/^/-A nogfwnet &/g" -e "1 i\-N nogfwnet hash:net" ${mbroot}/apps/${appname}/config/chnroute.txt | ipset -R -!
elif [ "$ss_mode" = "gfwlist" -o "$ssg_mode" = "cngame" ]; then
cp -rf ${mbroot}/apps/${appname}/config/gfwlist.conf ${mbtmp}/gfwlist.conf
sed -i 's/7913/15353/g' ${mbtmp}/gfwlist.conf
ln -s ${mbtmp}/gfwlist.conf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf
fi
#加速cdn
if [ "$ss_mode" != "gfwlist" ]; then
cat ${mbroot}/apps/${appname}/config/cdn.txt | sed "s/^/server=&\/./g" | sed "s/$/\/&$CDN/g" | sort | awk '{if ($0!=line) print;line=$0}' >>${mbtmp}/sscdn.conf
ln -s ${mbtmp}/sscdn.conf /tmp/etc/dnsmasq.d/cdn.conf
fi
# 使规则生效
ln -s ${mbtmp}/wblist.conf /tmp/etc/dnsmasq.d/wblist.conf
}
lan_control() {
#lan access control
[ ! -f ${mbroot}/apps/${appname}/config/sscontrol.conf ] && touch ${mbroot}/apps/${appname}/config/sscontrol.conf
cat ${mbroot}/apps/${appname}/config/sscontrol.conf | while read line
do
mac=$(cutsh ${line} 2)
proxy_name=$(cutsh ${line} 1)
proxy_mode=$(cutsh ${line} 3)
game_mode=$(cutsh ${line} 4)
[ -z "$game_mode" ] && game_mode="$proxy_mode"
iptables -t nat -A SHADOWSOCKS -m mac --mac-source $mac $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
if [ "$ssgena" == '1' ]; then
iptables -t mangle -A SHADOWSOCKS -m mac --mac-source $mac $(get_jump_mode $game_mode) $(get_action_chain $game_mode)
args="[$(get_game_mode $game_mode)]"
else
args=""
fi
logsh "$service" "加载ACL规则:[$proxy_name]代理模式为:[$(get_mode_name $proxy_mode)]$args"
done
#default alc mode
iptables -t nat -A SHADOWSOCKS -p tcp -j $(get_action_chain $ss_proxy_default_mode)
[ "$ssgena" = '1' ] && iptables -t mangle -A SHADOWSOCKS -p udp -j $(get_action_chain $ss_game_default_mode)
result=$(cat ${mbroot}/apps/${appname}/config/sscontrol.conf | wc -l)
[ "$result" == '0' ] && flag="全部主机" || flag="其余主机"
[ "$ssgena" == '1' ] && args="[$(get_game_mode $ss_game_default_mode)]" || args=""
logsh "$service" "加载ACL规则:[$flag]代理模式为:[$(get_mode_name $ss_proxy_default_mode)]$args"
}
load_nat() {
logsh "$service" "加载iptables的nat规则..."
iptables -t nat -N SHADOWSOCKS
iptables -t nat -N SHADOWSOCK
# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
# iptables -t nat -A SHADOWSOCKS -d $lanip/24 -j RETURN
# iptables -t nat -A SHADOWSOCKS -d $wanip/16 -j RETURN
# iptables -t nat -A SHADOWSOCKS -d $ss_server -j RETURN
# iptables -t nat -A SHADOWSOCKS -d $ssg_server -j RETURN
# general rules
iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_white dst -j RETURN
#router itself
[ "$ss_mode" != "homemode" ] && iptables -t nat -A OUTPUT -p tcp -m set --match-set router dst -j REDIRECT --to-ports 1081
case "$ss_mode" in
"gfwlist")
logsh "$service" "添加国外黑名单规则..."
iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-port 1081
iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-port 1081
;;
"whitelist")
logsh "$service" "添加国外白名单规则..."
iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-ports 1081
iptables -t nat -A SHADOWSOCK -p tcp -m set ! --match-set nogfwnet dst -j REDIRECT --to-ports 1081
;;
"wholemode")
logsh "$service" "添加全局模式iptables规则..."
iptables -t nat -A SHADOWSOCK -p tcp -j REDIRECT --to-ports 1081
;;
"homemode")
logsh "$service" "添加回国模式规则..."
iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set customize_black dst -j REDIRECT --to-ports 1081
iptables -t nat -A SHADOWSOCK -p tcp -m set --match-set nogfwnet dst -j REDIRECT --to-ports 1081
;;
esac
if [ "$ssgena" == '1' ]; then
logsh "$service" "加载iptables的udp规则..."
ip rule add fwmark 0x01/0x01 table 300
ip route add local 0.0.0.0/0 dev lo table 300
iptables -t mangle -N SHADOWSOCKS
iptables -t mangle -N SHADOWSOCK
# iptables -t mangle -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
# iptables -t mangle -A SHADOWSOCKS -d 127.0.0.1/16 -j RETURN
# iptables -t mangle -A SHADOWSOCKS -d $lanip/16 -j RETURN
# iptables -t mangle -A SHADOWSOCKS -d $wanip/16 -j RETURN
# iptables -t mangle -A SHADOWSOCKS -d $ss_server -j RETURN
iptables -t mangle -A SHADOWSOCK -p udp -m set --match-set customize_white dst -j RETURN
# chmod -x /opt/filetunnel/stunserver > /dev/null 2>&1
# killall -9 stunserver > /dev/null 2>&1
fi
case "ssg_mode" in
"cngame")
logsh "$service" "添加国内游戏iptables规则..."
iptables -t mangle -A SHADOWSOCK -p udp -m set ! --match-set gfwlist dst -j TPROXY --on-port "$ssg_port" --tproxy-mark 0x01/0x01
;;
"frgame")
logsh "$service" "添加国外游戏iptables规则..."
iptables -t mangle -A SHADOWSOCK -p udp -m set ! --match-set nogfwnet dst -j TPROXY --on-port "$ssg_port" --tproxy-mark 0x01/0x01
;;
esac
lan_control
# last nat
iptablenu=$(iptables -nvL PREROUTING -t nat | sed 1,2d | sed -n '/KOOLPROXY/=' | head -n1)
if [ -z "$iptablenu" ];then
iptablenu=2
fi
iptables -t nat -I PREROUTING "$iptablenu" -p tcp -j SHADOWSOCKS
[ "$ssgena" == '1' ] && iptables -t mangle -A PREROUTING -p udp -j SHADOWSOCKS
}
start_kcp() {
if [ "$kcp_enable" = '1' ]; then
[ -z "$ss_kcp_node" ] && logsh "$service" "未配置kcp加速节点不启用kcp" && return
logsh "$service" "启动kcptun加速主进程($ss_kcp_node)..."
# [ "$proxy_type" = "v2ray" ] && logsh "【$service】" "启动代理节点类型为v2ray不启用kcp" && return
[ -z "$ss_kcp_mtu" ] && ss_kcp_mtu="1350"
[ -z "$ss_kcp_sndwnd" ] && ss_kcp_sndwnd="128"
[ -z "$ss_kcp_rcvwnd" ] && ss_kcp_rcvwnd="1024"
[ -z "$ss_kcp_conn" ] && ss_kcp_conn="1"
[ -z "$ss_kcp_compon" ] && ss_kcp_compon="1"
daemon ${mbroot}/apps/${appname}/bin/kcptun \
--localaddr=127.0.0.1:11183 \
--remoteaddr=$ss_kcp_node:$ss_kcp_port \
--key=$ss_kcp_password \
--crypt=$ss_kcp_crypt \
--mode=$ss_kcp_mode \
--mtu=$ss_kcp_mtu \
--sndwnd=$ss_kcp_sndwnd \
--rcvwnd=$ss_kcp_rcvwnd \
--conn=$ss_kcp_conn \
--nocomp=$ss_kcp_nocomp \
--dscp=$ss_kcp_dscp \
--sockbuf=$ss_kcp_sockbuf \
--smuxbuf=$ss_kcp_smuxbuf \
--log=${mbroot}/var/log/kcptun.log \
$ss_kcp_config
[ $? -ne 0 ] && logsh "$service" "启动失败!" && exit 1
kcp_started=1
fi
}
detect_status() {
[ ! -s ${mbroot}/apps/${appname}/config/ssserver.conf -a ! -s ${mbroot}/apps/${appname}/config/ssserver_online.conf ] && logsh "$service" "没有添加ss服务器!" && exit
result=$(ps | grep -E 'ss-redir|ssr-redir' | grep -v grep | wc -l)
if [ "$result" != '0' ];then
logsh "$service" "SS已经在运行"
exit
fi
}
write_cron_job() {
cru a "${appname}"_rule "20 5 * * * ${mbroot}/apps/${appname}/scripts/ss_rule_update.sh"
cru a "${appname}"_online "0 */6 * * * ${mbroot}/apps/${appname}/scripts/ss_online_update.sh"
cru a "${appname}" "0 6 * * * ${mbroot}/apps/${appname}/scripts/${appname}.sh restart"
}
remote_cron_job() {
cru d "${appname}"_rule
cru d "${appname}"_online
cru d "${appname}"
}
start_haveged () {
# 启动haveged用于生成随机数
[ -x ${mbroot}/apps/${appname}/bin/haveged ] && ${mbroot}/apps/${appname}/bin/haveged -w 1024 &> /dev/null
}
start_main_process() {
if [ "$proxy_type" = "v2ray" ]; then
logsh "$service" "启动代理为v2ray测试配置文件"
# rm -rf ${mbroot}/bin/v2ray ${mbroot}/bin/v2ctl
# ln -s ${mbroot}/apps/${appname}/bin/v2ray ${mbroot}/bin/v2ray
# ln -s ${mbroot}/apps/${appname}/bin/v2ctl ${mbroot}/bin/v2ctl
killall -9 v2ray &> /dev/null
cd ${mbroot}/bin
result=$(${mbroot}/apps/${appname}/bin/v2ray -test -config="${mbroot}/apps/${appname}/config/v2ray.json" | grep "Configuration OK.")
[ -z "$result" ] && logsh "$service" "配置文件测试失败!"
logsh "$service" "启动v2ray主进程($id)..."
[ -z "$ss_mode" ] && logsh "$service" "未配置${appname}运行模式!" && exit 1
daemon ${mbroot}/apps/${appname}/bin/v2ray -config="${mbroot}/apps/${appname}/config/v2ray.json"
[ $? -ne 0 ] && logsh "$service" "启动失败!" && exit 1
else
logsh "$service" "启动ss主进程($id)..."
[ -z "$ss_mode" ] && logsh "$service" "未配置${appname}运行模式!" && exit 1
killall ss-redir &> /dev/null
killall ssr-redir &> /dev/null
daemon $APPPATH -b 0.0.0.0 -u -c ${mbroot}/apps/${appname}/config/ss.conf
[ $? -ne 0 ] && logsh "$service" "启动失败!" && exit 1
fi
}
start_game_process() {
if [ "$ssgena" == 1 ]; then
if [ "$proxy_type_game" = "v2ray" ]; then
logsh "$service" "游戏加速使用v2ray代理模式"
[ -z "$ssg_mode" ] && logsh "$service" "未配置游戏进程运行模式!" && exit 1
ssg_port=1081
else
logsh "$service" "启动ss游戏进程($ssgid)..."
[ -z "$ssg_mode" ] && logsh "$service" "未配置${appname}游戏运行模式!" && exit 1
if [ "$ssgid" != "$id" ]; then
daemon ${mbroot}/apps/${appname}/bin/ssg-redir -b 0.0.0.0 -u -c ${mbroot}/apps/${appname}/config/ssg.conf
if [ $? -ne 0 ]; then
logsh "$service" "启动失败!"
exit 1
fi
ssg_port=1085
else
ssg_port=1081
fi
fi
fi
}
flush_ss_rules() {
logsh "$service" "清除iptables规则..."
eval `iptables -t nat -S | grep SHADOWSOCK | sed -e "s/-A/iptables -t nat -D/" | sed -e 's/$/;/g'` &> /dev/null
ip rule del fwmark 0x01/0x01 table 300 &> /dev/null
ip route del local 0.0.0.0/0 dev lo table 300 &> /dev/null
iptables -t mangle -D PREROUTING -p udp -j SHADOWSOCKS &> /dev/null
iptables -t nat -D PREROUTING -p tcp -j SHADOWSOCKS &> /dev/null
iptables -t mangle -F SHADOWSOCKS &> /dev/null
iptables -t mangle -X SHADOWSOCKS &> /dev/null
iptables -t mangle -F SHADOWSOCK &> /dev/null
iptables -t mangle -X SHADOWSOCK &> /dev/null
iptables -t nat -F SHADOWSOCK &> /dev/null
iptables -t nat -X SHADOWSOCK &> /dev/null
iptables -t nat -F SHADOWSOCKS &> /dev/null
iptables -t nat -X SHADOWSOCKS &> /dev/null
iptables -t nat -D PREROUTING -s $lanip/24 -p udp --dport 53 -j DNAT --to $dns_red_ip > /dev/null 2>&1
eval `iptables -t nat -S | grep "${appname}"-dns | head -1 | sed -e "s/-A/iptables -t nat -D/"` &> /dev/null
iptables -t nat -D OUTPUT -p tcp -m set --match-set router dst -j REDIRECT --to-ports 1081 &> /dev/null
chmod +x /opt/filetunnel/stunserver > /dev/null 2>&1
ipset destroy nogfwnet &> /dev/null
ipset destroy gfwlist &> /dev/null
ipset destroy customize_black &> /dev/null
ipset destroy customize_white &> /dev/null
ipset destroy router &> /dev/null
rm -rf ${mbroot}/apps/${appname}/config/ss.conf
rm -rf ${mbroot}/apps/${appname}/config/dns2socks.conf
rm -rf ${mbroot}/apps/${appname}/config/ssg.conf
rm -rf ${mbroot}/apps/${appname}/bin/ssg-redir
rm -rf ${mbtmp}/wblist.conf
rm -rf ${mbtmp}/gfwlist.conf
rm -rf ${mbtmp}/sscdn.conf
rm -rf /tmp/etc/dnsmasq.d/gfwlist_ipset.conf > /dev/null 2>&1
rm -rf /tmp/etc/dnsmasq.d/wblist.conf > /dev/null 2>&1
rm -rf /tmp/etc/dnsmasq.d/cdn.conf &> /dev/null
# rm -rf ${mbroot}/bin/v2ray &> /dev/null
# rm -rf ${mbroot}/bin/v2ctl &> /dev/null
/etc/init.d/dnsmasq restart
sleep 1
}
# detect_process () {
# sleep 1
# [ -n "$(pssh | grep dns2socks)" ] && local dns_process=1
# if [ "$proxy_type" = "v2ray" ]; then
# [ -n "$(pssh | grep v2ray)" ] && local v2ray_process=1
# [ -z "$dns_process" -o -z "$v2ray_process" ] && logsh "【$service】" "进程启动异常,请尝试重新启动或查看日志${mbroot}/var/log/${appname}.log"
# else
# [ -n "$(pssh | grep ss-redir)" ] && local ssredir_process=1
# [ -n "$(pssh | grep ss-local)" ] && local sslocal_process=1
# [ -z "$dns_process" -o -z "$ssredir_process" -o -z "$sslocal_process" ] && logsh "【$service】" "进程启动异常,请尝试重新启动或查看日志${mbroot}/var/log/${appname}.log"
# fi
# }
start() {
insmod ipt_REDIRECT 2>/dev/null
detect_status
start_kcp
get_config
start_haveged
sleep 1
start_main_process
start_game_process
# [ "$smartdns" = '1' ] && ipset_rules_smartdns || ipset_rules
ipset_rules
load_nat
# [ "$smartdns" != '1' ] && dnsconfig
dnsconfig
#添加定时更新规则
write_cron_job
write_firewall_start
/etc/init.d/dnsmasq restart
logsh "$service" "启动${appname}服务完成,启动失败可查看日志或多次重试!"
# detect_process
}
stop() {
logsh "$service" "关闭ss主进程..."
killall -9 ss-redir &> /dev/null
killall -9 ssr-redir &> /dev/null
killall -9 ssg-redir &> /dev/null
killall -9 ss-local &> /dev/null
killall -9 ssr-local &> /dev/null
killall -9 dns2socks &> /dev/null
killall -9 v2ray &> /dev/null
killall -9 haveged &> /dev/null
killall -9 kcptun &> /dev/null
#删除定时规则
remove_firewall_start
remote_cron_job
#ps | grep dns2socks | grep -v grep | xargs kill -9 > /dev/null 2>&1
flush_ss_rules
}
status() {
result1=$(pssh | grep -v status | grep -c "${appname}")
#http_status=`curl -s -w %{http_code} https://www.google.com.hk/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png -k -o /dev/null --socks5 127.0.0.1:1082`
#if [ "$result" == '0' ] || [ "$http_status" != "200" ]; then
result2=$(iptables -t nat -S | grep SHADOWSOCK)
process_count=3
[ "$ssgena" == '1' ] && ssgflag=", 游戏节点: $ssgid($ssg_mode)"
if [ "$kcp_enable" == '1' ]; then
ssgflag="$ssgflag, kcptun($ss_kcp_node):"
let "process_count++"
[ "$(pssh | grep -c kcptun)" -eq 1 ] && ssgflag="$ssgflag 运行中" || ssgflag="$ssgflag 未运行"
fi
if [ "$proxy_type" == "v2ray" ]; then
let "process_count--"
fi
if [ "$result1" -ge $process_count ]; then
if [ -n "$result2" ]; then
status="运行节点: $id($ss_mode)$ssgflag|1"
else
status="ss链路异常可以尝试重启服务|0"
fi
else
status="未运行|0"
fi
mbdb set $appname.main.status="$status"
}
case "$1" in
start) start ;;
stop) stop ;;
restart) stop; start ;;
reload) stop; start ;;
status) status ;;
esac
Reference in New Issue View Git Blame Copy Permalink