diff --git a/scripts/init.sh b/scripts/init.sh index d5535529..4670d052 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -222,9 +222,10 @@ sed -i "s/clash_v/core_v/g" "$CFG_PATH" sed -i "s/clash.meta/meta/g" "$CFG_PATH" sed -i "s/ShellClash/ShellCrash/g" "$CFG_PATH" sed -i "s/cpucore=armv8/cpucore=arm64/g" "$CFG_PATH" -sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" "$CFG_PATH" -sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH" -sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH" +sed -i "s/redir_mod=Redir模式/redir_mod=Redir/g" "$CFG_PATH" +sed -i "s/redir_mod=Tproxy模式/redir_mod=Tproxy/g" "$CFG_PATH" +sed -i "s/redir_mod=Tun模式/redir_mod=Tun/g" "$CFG_PATH" +sed -i "s/redir_mod=混合模式/redir_mod=Mix/g" "$CFG_PATH" sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH" #变量统一使用ON/OFF sed -i 's/=\(已启用\|已开启\)$/=ON/' "$CFG_PATH" diff --git a/scripts/lang/chs/2_settings.lang b/scripts/lang/chs/2_settings.lang index b38b3402..caca1b1f 100644 --- a/scripts/lang/chs/2_settings.lang +++ b/scripts/lang/chs/2_settings.lang @@ -57,7 +57,9 @@ SET_REDIR_MIXDES="Redir转发TCP,Tun转发UDP" SET_REDIR_TPROXYDES="Tproxy转发TCP&UDP" SET_REDIR_TUNDES="Tun转发TCP&UDP(占用高不推荐)" -SET_NO_TUN="设备未检测到Tun内核模块,请安装相关依赖或选择其他模式!" +SET_NO_MOD="设备未检测到内核模块:" +SET_NO_MOD2="请尝试其他模式或者安装相关依赖!" +XIAOMI_QOS="小米设备的 QoS 服务与当前模式冲突,是否禁用相关功能?" # ================================================= # Firewall / VM @@ -73,6 +75,9 @@ FW_AREA_LAN="仅劫持局域网流量" FW_AREA_LOCAL="仅劫持本机流量" FW_AREA_BOTH="劫持局域网 + 本机流量" FW_AREA_NONE="不配置流量劫持(纯净模式)" +FW_NO_NFTABLES="当前设备未安装 nftables,或 nftables 版本过低(< 1.0.2),无法切换!" +FW_NO_IPTABLES="当前设备未安装 iptables,无法切换!" +FW_NO_FIREWALL_BACKEND="检测不到可用的防火墙应用(iptables / nftables),无法切换!" VM_DETECT_DESC="默认的容器/虚拟机网段为:" VM_ENABLE_AUTO="启用劫持并使用自动检测的网段" @@ -80,7 +85,11 @@ VM_ENABLE_MANUAL="启用劫持并手动指定网段" VM_DISABLE="禁用劫持" VM_INPUT_INFO="多个网段请用空格连接,可使用【ip route】命令查看,例如:" VM_INPUT_NET="请输入自定义网段" +VM_NO_NET_DETECTED="未检测到容器或虚拟机网段,请先运行容器后再运行脚本,或选择手动设置网段!" +VM_INPUT_DESC="多个网段请使用空格分隔,可通过【ip route】命令查看,例如:" +#inputport +INPUT_PORT="请输入端口号" # ================================================= # Advanced config # ================================================= @@ -93,6 +102,23 @@ ADV_PANEL_PASS="设置面板访问密码" ADV_PANEL_PASS_INPUT="请输入面板访问密码(输入0删除)" ADV_HOST="自定义本机 Host 地址" ADV_TABLE="自定义路由表" +# Advanced auth +ADV_AUTH_FORMAT_DESC="格式必须为 \033[32m用户名:密码\033[0m,请使用英文冒号分隔!" +ADV_AUTH_WARN="请尽量不要使用特殊符号,以避免产生未知错误!" +ADV_AUTH_REMOVE_HINT="输入 0 可删除认证信息" +ADV_AUTH_INPUT="请输入 HTTP / SOCKS5 用户名及密码" +ADV_AUTH_REMOVED="认证信息已移除!" +ADV_AUTH_ENV_CONFLICT="请先禁用本机劫持功能或使用增强模式!" +ADV_AUTH_INVALID="输入格式错误,请重新输入!" +# Host +ADV_HOST_WARN_LAN="如果你的局域网网段不是 192.168.x / 172.16.x / 10.x,请务必修改!" +ADV_HOST_WARN_CHANGE="设置后如本机 Host 地址发生变化,请务必重新修改!" +ADV_HOST_INPUT="请输入自定义 Host 地址(输入 0 移除)" +ADV_HOST_REMOVED="自定义 Host 地址已移除,请重新运行脚本以自动获取!" +ADV_HOST_INVALID="输入错误,请仔细核对!" +# Routing table +ADV_TABLE_WARN="仅当 Tproxy / Tun / 混合模式下路由表发生冲突时才需要设置!" +ADV_TABLE_INPUT="请输入路由表编号(不清楚请勿修改,建议 102-125)" # ================================================= # IPv6 diff --git a/scripts/lang/chs/common.lang b/scripts/lang/chs/common.lang index 6efb6d4f..3036c6c2 100644 --- a/scripts/lang/chs/common.lang +++ b/scripts/lang/chs/common.lang @@ -2,4 +2,5 @@ COMMON_INPUT="请输入对应数字" COMMON_BACK="返回上级菜单" COMMON_SUCCESS="设置成功!" +COMMON_FAILED="设置失败!" COMMON_UNSET="未设置" diff --git a/scripts/lang/en/2_settings.lang b/scripts/lang/en/2_settings.lang index 768c1558..a5f05c5a 100644 --- a/scripts/lang/en/2_settings.lang +++ b/scripts/lang/en/2_settings.lang @@ -57,7 +57,9 @@ SET_REDIR_MIXDES="Redirect TCP via Redir, UDP via Tun" SET_REDIR_TPROXYDES="Tproxy forwards both TCP UDP" SET_REDIR_TUNDES="Tun forwards both TCP UDP (high resource usage)" -SET_NO_TUN="Tun kernel module not detected. Please install required dependencies or select another mode!" +SET_NO_MOD="The kernel module not detected:" +SET_NO_MOD2="Please install required dependencies or select another mode!" +XIAOMI_QOS="Xiaomi QoS service conflicts with the current mode. Disable related features?" # ================================================= # Firewall / VM @@ -73,6 +75,9 @@ FW_AREA_LAN="Hijack LAN traffic only" FW_AREA_LOCAL="Hijack local device traffic only" FW_AREA_BOTH="Hijack both LAN and local device traffic" FW_AREA_NONE="Do not hijack traffic (Pure mode)" +FW_NO_NFTABLES="nftables is not installed, or the version is too old (< 1.0.2). Unable to switch!" +FW_NO_IPTABLES="iptables is not installed. Unable to switch!" +FW_NO_FIREWALL_BACKEND="No available firewall backend detected (iptables / nftables). Unable to switch!" VM_DETECT_DESC="Default Container/VM Subnet:" VM_ENABLE_AUTO="Enable hijacking using automatically detected subnets" @@ -80,7 +85,11 @@ VM_ENABLE_MANUAL="Enable hijacking and manually specify subnets" VM_DISABLE="Disable hijacking" VM_INPUT_INFO="Separate multiple segments with spaces. Check your configuration using ip route. Example:" VM_INPUT_NET="Please enter cust subnets" +VM_NO_NET_DETECTED="No container or VM subnet detected. Please start the container first, or configure the subnet manually!" +VM_INPUT_DESC="Multiple subnets should be separated by spaces. You can check them using the 'ip route' command, for example:" +#inputport +INPUT_PORT="Input port" # ================================================= # Advanced config # ================================================= @@ -93,7 +102,23 @@ ADV_PANEL_PASS="Set Web Panel Password" ADV_PANEL_PASS_INPUT="Enter web panel password (enter 0 to remove)" ADV_HOST="Custom Local Host Address" ADV_TABLE="Custom Routing Table" - +# Advanced auth +ADV_AUTH_FORMAT_DESC="Format must be \033[32musername:password\033[0m, separated by a colon!" +ADV_AUTH_WARN="Avoid using special characters to prevent unexpected issues!" +ADV_AUTH_REMOVE_HINT="Enter 0 to remove authentication" +ADV_AUTH_INPUT="Please enter HTTP / SOCKS5 username and password" +ADV_AUTH_REMOVED="Authentication information has been removed!" +ADV_AUTH_ENV_CONFLICT="Please disable local hijacking or switch to enhanced mode first!" +ADV_AUTH_INVALID="Invalid input format. Please try again!" +# Host +ADV_HOST_WARN_LAN="If your LAN subnet is not 192.168.x / 172.16.x / 10.x, you must modify it!" +ADV_HOST_WARN_CHANGE="If the local host address changes after setting, please update it again!" +ADV_HOST_INPUT="Please enter a custom host address (enter 0 to remove)" +ADV_HOST_REMOVED="Custom host address removed. Please rerun the script to auto-detect!" +ADV_HOST_INVALID="Invalid input. Please check carefully!" +# Routing table +ADV_TABLE_WARN="Only required when routing table conflicts occur in Tproxy, Tun, or Mixed mode!" +ADV_TABLE_INPUT="Please enter the routing table ID (do not modify unless necessary, recommended 102-125)" # ================================================= # IPv6 # ================================================= diff --git a/scripts/lang/en/common.lang b/scripts/lang/en/common.lang index 1f21342d..06905913 100644 --- a/scripts/lang/en/common.lang +++ b/scripts/lang/en/common.lang @@ -2,4 +2,5 @@ COMMON_INPUT="Please enter a number" COMMON_BACK="Back" COMMON_SUCCESS="Successfully set!" +COMMON_FAILED="Setup failed!" COMMON_UNSET="Not set" diff --git a/scripts/menus/1_start.sh b/scripts/menus/1_start.sh index 5fab1355..c1f6b291 100644 --- a/scripts/menus/1_start.sh +++ b/scripts/menus/1_start.sh @@ -11,7 +11,7 @@ startover() { echo -e "\033[32m$START_SERVICE_OK\033[0m" echo -e "$START_WEB_HINT \033[4;36mhttp://$host$hostdir\033[0m $START_WEB_HINT2" - if [ "$redir_mod" = "纯净模式" ]; then + if [ "$firewall_area" = 4 ]; then echo "-----------------------------------------------" echo -e "$START_PAC_HINT \033[4;32mhttp://$host:$db_port/ui/pac\033[0m" echo -e "$START_PROXY_HINT IP{\033[36m$host\033[0m} Port{\033[36m$mix_port\033[0m}" diff --git a/scripts/menus/2_settings.sh b/scripts/menus/2_settings.sh index 180f4fd0..db0ed608 100644 --- a/scripts/menus/2_settings.sh +++ b/scripts/menus/2_settings.sh @@ -141,8 +141,7 @@ set_redir_mod() { while true; do [ -n "$(ls /dev/net/tun 2>/dev/null)" ] || ip tuntap >/dev/null 2>&1 || modprobe tun 2>/dev/null && sup_tun=1 [ -z "$firewall_area" ] && firewall_area=1 - [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式' - [ -z "$redir_mod" ] && redir_mod='纯净模式' + [ -z "$redir_mod" ] && redir_mod='Redir' firewall_area_dsc=$(echo "$SET_FW_AREA_DESC($bypass_host)" | cut -d'|' -f$firewall_area) echo "-----------------------------------------------" echo -e "$SET_REDIR_CURRENT \033[47;30m$redir_mod\033[0m ; $SET_CORE_CURRENT \033[47;30m$crashcore\033[0m" @@ -172,50 +171,50 @@ set_redir_mod() { break ;; 1) - redir_mod=Redir模式 + redir_mod=Redir set_redir_config ;; 2) if [ -n "$sup_tun" ]; then - redir_mod=混合模式 + redir_mod=Mix set_redir_config else - echo -e "\033[31m设备未检测到Tun内核模块,请尝试其他模式或者安装相关依赖!\033[0m" + echo -e "\033[31m${SET_NO_MOD}TUN$SET_NO_MOD2\033[0m" sleep 1 fi ;; 3) if [ "$firewall_mod" = "iptables" ]; then if [ -f /etc/init.d/qca-nss-ecm -a "$systype" = "mi_snapshot" ]; then - read -p "xiaomi设备的QOS服务与本模式冲突,是否禁用相关功能?(1/0) > " res + read -p "$XIAOMI_QOS(1/0) > " res [ "$res" = '1' ] && { /data/shellcrash_init.sh tproxyfix - redir_mod=Tproxy模式 + redir_mod=Tproxy set_redir_config } elif grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then - redir_mod=Tproxy模式 + redir_mod=Tproxy set_redir_config else - echo -e "\033[31m设备未检测到iptables-mod-tproxy模块,请尝试其他模式或者安装相关依赖!\033[0m" + echo -e "\033[31m${SET_NO_MOD}iptables-mod-tproxy$SET_NO_MOD2\033[0m" sleep 1 fi elif [ "$firewall_mod" = "nftables" ]; then if modprobe nft_tproxy >/dev/null 2>&1 || lsmod 2>/dev/null | grep -q nft_tproxy; then - redir_mod=Tproxy模式 + redir_mod=Tproxy set_redir_config else - echo -e "\033[31m设备未检测到nft_tproxy内核模块,请尝试其他模式或者安装相关依赖!\033[0m" + echo -e "\033[31m${SET_NO_MOD}nft_tproxy$SET_NO_MOD2\033[0m" sleep 1 fi fi ;; 4) if [ -n "$sup_tun" ]; then - redir_mod=Tun模式 + redir_mod=Tun set_redir_config else - echo -e "\033[31m设备未检测到Tun内核模块,请尝试其他模式或者安装相关依赖!\033[0m" + echo -e "\033[31m$SET_NO_TUN\033[0m" sleep 1 fi ;; @@ -237,28 +236,28 @@ set_redir_mod() { if [ "$firewall_mod" = 'iptables' ]; then if nft add table inet shellcrash 2>/dev/null; then firewall_mod=nftables - redir_mod=Redir模式 + redir_mod=Redir setconfig redir_mod $redir_mod else - echo -e "\033[31m当前设备未安装nftables或者nftables版本过低(<1.0.2),无法切换!\033[0m" + echo -e "\033[31m$FW_NO_NFTABLES\033[0m" fi elif [ "$firewall_mod" = 'nftables' ]; then if ckcmd iptables; then firewall_mod=iptables - redir_mod=Redir模式 + redir_mod=Redir setconfig redir_mod $redir_mod else - echo -e "\033[31m当前设备未安装iptables,无法切换!\033[0m" + echo -e "\033[31m$FW_NO_IPTABLES\033[0m" fi else iptables -j REDIRECT -h >/dev/null 2>&1 && firewall_mod=iptables nft add table inet shellcrash 2>/dev/null && firewall_mod=nftables if [ -n "$firewall_mod" ]; then - redir_mod=Redir模式 + redir_mod=Redir setconfig redir_mod $redir_mod setconfig firewall_mod $firewall_mod else - echo -e "\033[31m检测不到可用的防火墙应用(iptables/nftables),无法切换!\033[0m" + echo -e "\033[31m$FW_NO_FIREWALL_BACKEND\033[0m" fi fi sleep 1 @@ -274,14 +273,14 @@ set_redir_mod() { } inputport() { - read -p "请输入端口号(1-65535) > " portx + read -p "$INPUT_PORT(1-65535) > " portx . "$CRASHDIR"/menus/check_port.sh # 加载测试函数 if check_port "$portx"; then setconfig "$xport" "$portx" - echo -e "\033[32m设置成功!!!\033[0m" + echo -e "\033[32m$COMMON_SUCCESS\033[0m" return 0 else - echo -e "\033[31m设置失败!!!\033[0m" + echo -e "\033[31m$COMMON_FAILED\033[0m" sleep 1 return 1 fi @@ -290,146 +289,118 @@ inputport() { # 端口设置 set_adv_config() { while true; do - . "$CFG_PATH" >/dev/null - [ -z "$secret" ] && secret="$COMMON_UNSET" - [ -z "$table" ] && table=100 - [ -z "$authentication" ] && auth="$COMMON_UNSET" || auth="******" + . "$CFG_PATH" >/dev/null + [ -z "$secret" ] && secret="$COMMON_UNSET" + [ -z "$table" ] && table=100 + [ -z "$authentication" ] && auth="$COMMON_UNSET" || auth="******" - echo "-----------------------------------------------" - echo -e " 1 $ADV_HTTP_PORT:\t\033[36m$mix_port\033[0m" - echo -e " 2 $ADV_HTTP_AUTH:\t\033[36m$auth\033[0m" - echo -e " 3 $ADV_REDIR_PORT:\t\033[36m$redir_port,$((redir_port+1))\033[0m" - echo -e " 4 $ADV_DNS_PORT:\t\033[36m$dns_port\033[0m" - echo -e " 5 $ADV_PANEL_PORT:\t\033[36m$db_port\033[0m" - echo -e " 6 $ADV_PANEL_PASS:\t\033[36m$secret\033[0m" - echo -e " 8 $ADV_HOST:\t\033[36m$host\033[0m" - echo -e " 9 $ADV_TABLE:\t\033[36m$table,$((table+1))\033[0m" - echo -e " 0 $COMMON_BACK" - read -p "$COMMON_INPUT > " num + echo "-----------------------------------------------" + echo -e " 1 $ADV_HTTP_PORT:\t\033[36m$mix_port\033[0m" + echo -e " 2 $ADV_HTTP_AUTH:\t\033[36m$auth\033[0m" + echo -e " 3 $ADV_REDIR_PORT:\t\033[36m$redir_port,$((redir_port+1))\033[0m" + echo -e " 4 $ADV_DNS_PORT:\t\033[36m$dns_port\033[0m" + echo -e " 5 $ADV_PANEL_PORT:\t\033[36m$db_port\033[0m" + echo -e " 6 $ADV_PANEL_PASS:\t\033[36m$secret\033[0m" + echo -e " 8 $ADV_HOST:\t\033[36m$host\033[0m" + echo -e " 9 $ADV_TABLE:\t\033[36m$table,$((table+1))\033[0m" + echo -e " 0 $COMMON_BACK" + read -p "$COMMON_INPUT > " num - case "$num" in + case "$num" in "" | 0) break - ;; + ;; 1) xport=mix_port inputport - ret=$? - if [ "$ret" -eq 1 ]; then - break - else - continue - fi - ;; + [ $? -eq 1 ] && break || continue + ;; 2) echo "-----------------------------------------------" - echo -e "格式必须是\033[32m 用户名:密码 \033[0m的形式,注意用小写冒号分隔!" - echo -e "请尽量不要使用特殊符号!避免产生未知错误!" - echo "输入 0 删除密码" + echo -e "$ADV_AUTH_FORMAT_DESC" + echo -e "$ADV_AUTH_WARN" + echo -e "$ADV_AUTH_REMOVE_HINT" echo "-----------------------------------------------" - read -p "请输入Http/Sock5用户名及密码 > " input + read -p "$ADV_AUTH_INPUT > " input + if [ "$input" = "0" ]; then authentication="" setconfig authentication - echo "密码已移除!" + echo -e "\033[32m$ADV_AUTH_REMOVED\033[0m" else - if [ "$local_proxy" = "ON" ] && [ "$local_type" = "环境变量" ]; then + if [ "$local_proxy" = "ON" ] && [ "$local_type" = "$LOCAL_TYPE_ENV" ]; then echo "-----------------------------------------------" - echo -e "\033[33m请先禁用本机劫持功能或使用增强模式!\033[0m" + echo -e "\033[33m$ADV_AUTH_ENV_CONFLICT\033[0m" sleep 1 else authentication=$(echo "$input" | grep :) if [ -n "$authentication" ]; then setconfig authentication "'$authentication'" - echo -e "\033[32m设置成功!!!\033[0m" + echo -e "\033[32m$COMMON_SUCCESS\033[0m" else - echo -e "\033[31m输入有误,请重新输入!\033[0m" + echo -e "\033[31m$ADV_AUTH_INVALID\033[0m" fi fi fi - - ret=$? - if [ "$ret" -eq 1 ]; then - break - else - continue - fi - ;; + ;; 3) xport=redir_port inputport - - ret=$? - if [ "$ret" -eq 1 ]; then - break - else - continue - fi - ;; + [ $? -eq 1 ] && break || continue + ;; 4) xport=dns_port inputport - - ret=$? - if [ "$ret" -eq 1 ]; then - break - else - continue - fi - ;; + [ $? -eq 1 ] && break || continue + ;; 5) xport=db_port inputport - - ret=$? - if [ "$ret" -eq 1 ]; then - break - else - continue - fi - ;; - 6) - read -p "$ADV_PANEL_PASS_INPUT > " secret + [ $? -eq 1 ] && break || continue + ;; + 6) + read -p "$ADV_PANEL_PASS_INPUT > " secret if [ -n "$secret" ]; then [ "$secret" = "0" ] && secret="" - setconfig secret "$secret" - echo -e "\033[32m$COMMON_SUCCESS\033[0m" + setconfig secret "$secret" + echo -e "\033[32m$COMMON_SUCCESS\033[0m" fi - ;; + ;; 8) echo "-----------------------------------------------" - echo -e "\033[33m如果你的局域网网段不是192.168.x或172.16.x或10.x开头,请务必修改!\033[0m" - echo -e "\033[31m设置后如本机host地址有变动,请务必重新修改!\033[0m" + echo -e "\033[33m$ADV_HOST_WARN_LAN\033[0m" + echo -e "\033[31m$ADV_HOST_WARN_CHANGE\033[0m" echo "-----------------------------------------------" - read -p "请输入自定义host地址(输入0移除自定义host) > " host + read -p "$ADV_HOST_INPUT > " host + if [ "$host" = "0" ]; then host="" setconfig host "$host" - echo -e "\033[32m已经移除自定义host地址,请重新运行脚本以自动获取host!!!\033[0m" + echo -e "\033[32m$ADV_HOST_REMOVED\033[0m" exit 0 - elif [ -n "$(echo "$host" | grep -E -o '\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[01][0-9]|22[0-3])\>(\.\<([0-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>){2}\.\<([1-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>')" ]; then + elif echo "$host" | grep -Eq '\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[01][0-9]|22[0-3])\>(\.\<([0-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>){2}\.\<([1-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>' ; then setconfig host "$host" - echo -e "\033[32m设置成功!!!\033[0m" + echo -e "\033[32m$COMMON_SUCCESS\033[0m" else host="" - echo -e "\033[31m输入错误,请仔细核对!!!\033[0m" + echo -e "\033[31m$ADV_HOST_INVALID\033[0m" fi sleep 1 - ;; + ;; 9) echo "-----------------------------------------------" - echo -e "\033[33m仅限Tproxy、Tun或混合模式路由表出现冲突时才需要设置!\033[0m" - read -p "请输入路由表地址(不明勿动!建议102-125之间) > " table + echo -e "\033[33m$ADV_TABLE_WARN\033[0m" + read -p "$ADV_TABLE_INPUT > " table if [ -n "$table" ]; then [ "$table" = "0" ] && table="100" setconfig table "$table" - echo -e "\033[32m设置成功!!!\033[0m" + echo -e "\033[32m$COMMON_SUCCESS\033[0m" fi - ;; + ;; *) errornum sleep 1 - ;; + ;; esac done } @@ -450,11 +421,7 @@ set_firewall_area() { case "$num" in [1-4]) [ $firewall_area -ge 4 ] && { - redir_mod=Redir模式 - setconfig redir_mod $redir_mod - } - [ "$num" = 4 ] && { - redir_mod=纯净模式 + redir_mod=Redir setconfig redir_mod $redir_mod } firewall_area=$num @@ -482,12 +449,7 @@ set_firewall_area() { sleep 1 } set_firewall_vm(){ - if [ -n "$vm_ipv4" ]; then - vm_des='当前劫持' - else - vm_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -E 'docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | sed 's/.*inet.//g' | sed 's/ br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ') - vm_des='当前获取到' - fi + [ -z "$vm_ipv4" ] && vm_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -E 'docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | sed 's/.*inet.//g' | sed 's/ br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ') echo "-----------------------------------------------" echo -e "$VM_DETECT_DESC\033[32m$vm_ipv4\033[0m" echo "-----------------------------------------------" @@ -503,11 +465,11 @@ set_firewall_vm(){ if [ -n "$vm_ipv4" ]; then vm_redir=ON else - echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m" + echo -e "\033[33m$VM_NO_NET_DETECTED\033[0m" fi ;; 2) - echo -e "多个网段请用空格连接,可使用【ip route】命令查看,例如:" + echo -e "$VM_INPUT_DESC" echo -e "\033[32m10.88.0.0/16 172.17.0.0/16\033[0m" read -p "$VM_INPUT_NET > " text [ -n "$text" ] && vm_ipv4="$text" && vm_redir=ON diff --git a/scripts/menus/8_tools.sh b/scripts/menus/8_tools.sh index d58eaf98..dad8304a 100644 --- a/scripts/menus/8_tools.sh +++ b/scripts/menus/8_tools.sh @@ -540,8 +540,8 @@ testcommand() { echo "----------------Redir+DNS---------------------" iptables -t nat -L PREROUTING --line-numbers iptables -t nat -L shellcrash_dns --line-numbers - [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash --line-numbers - [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { + [ -n "$(echo $redir_mod | grep -E 'Redir|Mix')" ] && iptables -t nat -L shellcrash --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Tproxy|Mix|Tun')" ] && { echo "----------------Tun/Tproxy-------------------" iptables -t mangle -L PREROUTING --line-numbers iptables -t mangle -L shellcrash_mark --line-numbers @@ -551,8 +551,8 @@ testcommand() { echo "-------------OUTPUT-Redir+DNS----------------" iptables -t nat -L OUTPUT --line-numbers iptables -t nat -L shellcrash_dns_out --line-numbers - [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash_out --line-numbers - [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { + [ -n "$(echo $redir_mod | grep -E 'Redir|Mix')" ] && iptables -t nat -L shellcrash_out --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Tproxy|Mix|Tun')" ] && { echo "------------OUTPUT-Tun/Tproxy---------------" iptables -t mangle -L OUTPUT --line-numbers iptables -t mangle -L shellcrash_mark_out --line-numbers @@ -564,9 +564,9 @@ testcommand() { echo "-------------IPV6-Redir+DNS-------------------" ip6tables -t nat -L PREROUTING --line-numbers ip6tables -t nat -L shellcrashv6_dns --line-numbers - [ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && ip6tables -t nat -L shellcrashv6 --line-numbers + [ -n "$(echo $redir_mod | grep -E 'Redir|Mix')" ] && ip6tables -t nat -L shellcrashv6 --line-numbers } - [ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && { + [ -n "$(echo $redir_mod | grep -E 'Tproxy|Mix|Tun')" ] && { echo "-------------IPV6-Tun/Tproxy------------------" ip6tables -t mangle -L PREROUTING --line-numbers ip6tables -t mangle -L shellcrashv6_mark --line-numbers diff --git a/scripts/menus/bot_tg.sh b/scripts/menus/bot_tg.sh index 05bab2b1..127755d3 100644 --- a/scripts/menus/bot_tg.sh +++ b/scripts/menus/bot_tg.sh @@ -160,7 +160,7 @@ download_file(){ } ### --- 具体操作函数 --- ### do_start_fw(){ - [ -z "$redir_mod_bf" ] && redir_mod_bf='Redir模式' + [ -z "$redir_mod_bf" ] && redir_mod_bf='Redir' redir_mod=$redir_mod_bf setconfig redir_mod $redir_mod "$CRASHDIR"/start.sh start_firewall @@ -168,8 +168,8 @@ do_start_fw(){ } do_stop_fw(){ redir_mod_bf=$redir_mod - redir_mod='纯净模式' - setconfig redir_mod $redir_mod + firewall_area=4 + setconfig firewall_area 4 "$CRASHDIR"/start.sh stop_firewall echo "ShellCrash 已切换到纯净模式!" > "$LOGFILE" } @@ -238,7 +238,7 @@ polling(){ [ -n "$FILE_ID" ] && download_file [ -n "$CALLBACK" ] && case "$CALLBACK" in "start_redir") - if [ "$redir_mod" = '纯净模式' ];then + if [ "$firewall_area" = 4 ];then do_start_fw send_msg "已切换到$redir_mod_bf!" else @@ -248,7 +248,7 @@ polling(){ continue ;; "stop_redir") - if [ "$redir_mod" != '纯净模式' ];then + if [ "$firewall_area" != 4 ];then do_stop_fw send_msg "已切换到纯净模式" else diff --git a/scripts/menus/userguide.sh b/scripts/menus/userguide.sh index 7b2839b4..087aa6f8 100644 --- a/scripts/menus/userguide.sh +++ b/scripts/menus/userguide.sh @@ -20,12 +20,12 @@ forwhat() { case "$num" in "" | 1) # 设置运行模式 - redir_mod="混合模式" + redir_mod="Mix" echo "$cputype" | grep -Eq 'linux.*mips.*' && { if grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then - redir_mod="Tproxy模式" + redir_mod="Tproxy" else - redir_mod="Redir模式" + redir_mod="Redir" fi } @@ -67,7 +67,7 @@ forwhat() { break ;; 2) - setconfig redir_mod "Redir模式" + setconfig redir_mod "Redir" echo "$cputype" | grep -Eq "linux.*mips.*" && setconfig crashcore "clash" setconfig common_ports "OFF" setconfig firewall_area '2' diff --git a/scripts/starts/bfstart.sh b/scripts/starts/bfstart.sh index 1dfd1af2..09060756 100644 --- a/scripts/starts/bfstart.sh +++ b/scripts/starts/bfstart.sh @@ -18,7 +18,7 @@ . "$CRASHDIR"/starts/check_geo.sh . "$CRASHDIR"/starts/check_core.sh #缺省值 -[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式' +[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir' [ -z "$dns_mod" ] && dns_mod='redir_host' [ -z "$redir_mod" ] && firewall_area='4' routing_mark=$((fwmark + 2)) @@ -135,7 +135,7 @@ fi fi } #加载系统内核组件 -[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && ckcmd modprobe && modprobe tun 2>/dev/null +[ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && ckcmd modprobe && modprobe tun 2>/dev/null #清理debug日志 rm -rf /tmp/ShellCrash/debug.log rm -rf "$CRASHDIR"/debug.log diff --git a/scripts/starts/clash_check.sh b/scripts/starts/clash_check.sh index 413aae1c..f74a85d6 100644 --- a/scripts/starts/clash_check.sh +++ b/scripts/starts/clash_check.sh @@ -5,8 +5,8 @@ clash_check() { #clash启动前检查 #检测是否存在高级版规则或者tun模式 if [ "$crashcore" = "clash" ]; then [ -n "$(cat $core_config | grep -aiE '^script:|proxy-providers|rule-providers|rule-set')" ] || - [ "$redir_mod" = "混合模式" ] || - [ "$redir_mod" = "Tun模式" ] && core_exchange meta '当前内核不支持的配置' + [ "$redir_mod" = "Mix" ] || + [ "$redir_mod" = "Tun" ] && core_exchange meta '当前内核不支持的配置' fi [ "$crashcore" = "clash" ] && [ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '0:7890' /etc/passwd)" ] && core_exchange meta '当前内核不支持非root用户启用本机代理' diff --git a/scripts/starts/clash_modify.sh b/scripts/starts/clash_modify.sh index e08e9be1..d2a35236 100644 --- a/scripts/starts/clash_modify.sh +++ b/scripts/starts/clash_modify.sh @@ -6,7 +6,7 @@ modify_yaml() { ##########需要变更的配置########### [ "$ipv6_dns" != "OFF" ] && dns_v6='true' || dns_v6='false' external="external-controller: 0.0.0.0:$db_port" - if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then + if [ "$redir_mod" = "Mix" -o "$redir_mod" = "Tun" ]; then [ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false' tun="tun: {enable: true, stack: system$tun_meta}" else @@ -15,7 +15,7 @@ modify_yaml() { exper='experimental: {ignore-resolve-fail: true, interface-name: en0}' #Meta内核专属配置 [ "$crashcore" = 'meta' ] && { - [ "$redir_mod" != "纯净模式" ] && [ -z "$(grep 'PROCESS' "$CRASHDIR"/yamls/*.yaml)" ] && find_process='find-process-mode: "off"' + [ -z "$(grep 'PROCESS' "$CRASHDIR"/yamls/*.yaml)" ] && find_process='find-process-mode: "off"' #ecs优化 [ "$ecs_subnet" = ON ] && { . "$CRASHDIR"/libs/get_ecsip.sh diff --git a/scripts/starts/fw_iptables.sh b/scripts/starts/fw_iptables.sh index 8105bb7a..73b41af0 100644 --- a/scripts/starts/fw_iptables.sh +++ b/scripts/starts/fw_iptables.sh @@ -170,7 +170,7 @@ start_iptables() { #iptables配置总入口 #启动公网访问防火墙 [ "$fw_wan" != OFF ] && start_ipt_wan #分模式设置流量劫持 - [ "$redir_mod" = "Redir模式" -o "$redir_mod" = "混合模式" ] && { + [ "$redir_mod" = "Redir" -o "$redir_mod" = "Mix" ] && { JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && { start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发 @@ -193,7 +193,7 @@ start_iptables() { #iptables配置总入口 } } } - [ "$redir_mod" = "Tproxy模式" ] && { + [ "$redir_mod" = "Tproxy" ] && { modprobe xt_TPROXY >/dev/null 2>&1 JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令 if $iptable -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then @@ -230,14 +230,14 @@ start_iptables() { #iptables配置总入口 fi } } - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" -o "$redir_mod" = "T&U旁路转发" -o "$redir_mod" = "TCP旁路转发" ] && { + [ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" -o "$redir_mod" = "T&U旁路转发" -o "$redir_mod" = "TCP旁路转发" ] && { JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令 - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "T&U旁路转发" ] && protocol=all - [ "$redir_mod" = "混合模式" ] && protocol=udp + [ "$redir_mod" = "Tun" -o "$redir_mod" = "T&U旁路转发" ] && protocol=all + [ "$redir_mod" = "Mix" ] && protocol=udp [ "$redir_mod" = "TCP旁路转发" ] && protocol=tcp if $iptable -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then [ "$lan_proxy" = true ] && { - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $iptable -I FORWARD -o utun -j ACCEPT + [ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && $iptable -I FORWARD -o utun -j ACCEPT start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol } [ "$local_proxy" = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol @@ -247,7 +247,7 @@ start_iptables() { #iptables配置总入口 [ "$ipv6_redir" = "ON" ] && [ "$crashcore" != clashpre ] && { if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then [ "$lan_proxy" = true ] && { - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT + [ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && $ip6table -I FORWARD -o utun -j ACCEPT start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark $protocol } [ "$local_proxy" = true ] && start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out $protocol @@ -275,16 +275,16 @@ start_iptables() { #iptables配置总入口 [ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发 } #屏蔽QUIC - [ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && { + [ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir" ] && { [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" ] && { set_cn_ip='-m set ! --match-set cn_ip dst' set_cn_ip6='-m set ! --match-set cn_ip6 dst' } - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && { + [ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && { $iptable -I FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT >/dev/null 2>&1 $ip6table -I FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT >/dev/null 2>&1 } - [ "$redir_mod" = "Tproxy模式" ] && { + [ "$redir_mod" = "Tproxy" ] && { $iptable -I INPUT -p udp --dport 443 $set_cn_ip -j REJECT >/dev/null 2>&1 $ip6table -I INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT >/dev/null 2>&1 } diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh index 1600cd35..4b5bbf2c 100644 --- a/scripts/starts/fw_nftables.sh +++ b/scripts/starts/fw_nftables.sh @@ -96,7 +96,7 @@ start_nft_route() { #nftables-route通用工具 #添加通用路由 nft add rule inet shellcrash "$1" "$JUMP" #处理特殊路由 - [ "$redir_mod" = "混合模式" ] && { + [ "$redir_mod" = "Mix" ] && { nft add rule inet shellcrash $1 meta l4proto tcp mark set $((fwmark + 1)) nft add chain inet shellcrash "$1"_mixtcp { type nat hook $2 priority -100 \; } nft add rule inet shellcrash "$1"_mixtcp mark $((fwmark + 1)) meta l4proto tcp redirect to $redir_port @@ -168,12 +168,12 @@ start_nftables() { #nftables配置总入口 [ "$local_proxy" = true ] && start_nft_dns output output #本机dns转发 } #分模式设置流量劫持 - [ "$redir_mod" = "Redir模式" ] && { + [ "$redir_mod" = "Redir" ] && { JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting nat -100 [ "$local_proxy" = true ] && start_nft_route output output nat -100 } - [ "$redir_mod" = "Tproxy模式" ] && (modprobe nft_tproxy >/dev/null 2>&1 || lsmod 2>/dev/null | grep -q nft_tproxy) && { + [ "$redir_mod" = "Tproxy" ] && (modprobe nft_tproxy >/dev/null 2>&1 || lsmod 2>/dev/null | grep -q nft_tproxy) && { JUMP="meta l4proto {tcp, udp} mark set $fwmark tproxy to :$tproxy_port" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150 [ "$local_proxy" = true ] && { @@ -184,8 +184,8 @@ start_nftables() { #nftables配置总入口 } } [ "$tun_statu" = true ] && { - [ "$redir_mod" = "Tun模式" ] && JUMP="meta l4proto {tcp, udp} mark set $fwmark" #跳转劫持的具体命令 - [ "$redir_mod" = "混合模式" ] && JUMP="meta l4proto udp mark set $fwmark" #跳转劫持的具体命令 + [ "$redir_mod" = "Tun" ] && JUMP="meta l4proto {tcp, udp} mark set $fwmark" #跳转劫持的具体命令 + [ "$redir_mod" = "Mix" ] && JUMP="meta l4proto udp mark set $fwmark" #跳转劫持的具体命令 [ "$lan_proxy" = true ] && { start_nft_route prerouting prerouting filter -150 #放行流量 diff --git a/scripts/starts/fw_start.sh b/scripts/starts/fw_start.sh index f0ae831f..36a985c8 100644 --- a/scripts/starts/fw_start.sh +++ b/scripts/starts/fw_start.sh @@ -8,14 +8,14 @@ [ -z "$common_ports" ] && common_ports='ON' [ -z "$multiport" ] && multiport='22,80,443,8080,8443' [ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport" -[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式' +[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir' [ -z "$dns_mod" ] && dns_mod='redir_host' [ -z "$redir_mod" ] && firewall_area='4' #设置策略路由 [ "$firewall_area" != 4 ] && { - [ "$redir_mod" = "Tproxy模式" ] && ip route add local default dev lo table $table 2>/dev/null - [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && { + [ "$redir_mod" = "Tproxy" ] && ip route add local default dev lo table $table 2>/dev/null + [ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && { i=1 while [ -z "$(ip route list | grep utun)" -a "$i" -le 29 ]; do sleep 1 @@ -28,13 +28,13 @@ fi } [ "$firewall_area" = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null - [ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null + [ "$redir_mod" != "Redir" ] && ip rule add fwmark $fwmark table $table 2>/dev/null } #添加ipv6路由 [ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && { - [ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null + [ "$redir_mod" = "Tproxy" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null [ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null - [ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null + [ "$redir_mod" != "Redir" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null } #判断代理用途 [ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && local_proxy=true diff --git a/scripts/starts/singbox_modify.sh b/scripts/starts/singbox_modify.sh index d3416f59..edec27cf 100644 --- a/scripts/starts/singbox_modify.sh +++ b/scripts/starts/singbox_modify.sh @@ -267,7 +267,7 @@ EOF . "$CRASHDIR"/configs/gateway.cfg . "$CRASHDIR"/libs/sb_inbounds.sh } - if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then + if [ "$redir_mod" = "Mix" -o "$redir_mod" = "Tun" ]; then [ "ipv6_redir" = 'ON' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",' cat >>"$TMPDIR"/jsons/tun.json <