xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-14 17:31:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into gateway

Browse Source 
# Conflicts:
#	scripts/start.sh
This commit is contained in:
juewuy
2025-12-15 21:35:44 +08:00
parent 9c8e9d65a5 cc607ae2b2
commit 0aff2018ff
8 changed files with 1850 additions and 1804 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
ShellCrash.tar.gz
View File

Binary file not shown.

BIN
bin/clashfm.tar.gz
View File

Binary file not shown.

2
bin/version
View File

@@ -1,4 +1,4 @@
meta_v=v1.19.17
singboxr_v=1.13.0-alpha.27
versionsh=1.9.3beta7fix
versionsh=1.9.3beta8
GeoIP_v=20251205

29
scripts/init.sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh
# Copyright (C) Juewuy
version=1.9.3beta7fix
version=1.9.3beta8
setdir() {
dir_avail() {
@@ -159,12 +159,12 @@ setconfig() { #脚本配置工具
fi
}
#特殊固件识别及标记
[ -f "/etc/storage/started_script.sh" ] && {
systype=Padavan #老毛子固件
[ -f "/etc/storage/started_script.sh" ] && { #老毛子固件
systype=Padavan
initdir='/etc/storage/started_script.sh'
}
[ -d "/jffs" ] && {
systype=asusrouter #华硕固件
[ -d "/jffs" ] && { #华硕固件
systype=asusrouter
[ -f "/jffs/.asusrouter" ] && initdir='/jffs/.asusrouter'
[ -d "/jffs/scripts" ] && initdir='/jffs/scripts/nat-start'
#华硕启用jffs
@@ -173,7 +173,8 @@ setconfig() { #脚本配置工具
}
[ -f "/data/etc/crontabs/root" ] && systype=mi_snapshot #小米设备
[ -w "/var/mnt/cfg/firewall" ] && systype=ng_snapshot #NETGEAR设备
#容器内环境
grep -qE '/(docker|lxc|kubepods|crio|containerd)/' /proc/1/cgroup || [ -f /run/.containerenv ] || [ -f /.dockerenv ] && systype=container
#检查环境变量
[ -z "$CRASHDIR" -a -n "$clashdir" ] && CRASHDIR=$clashdir
[ -z "$CRASHDIR" -a -d /tmp/SC_tmp ] && setdir
@@ -290,7 +291,6 @@ if [ "$systype" = "mi_snapshot" -o "$systype" = "ng_snapshot" ]; then
uci set firewall.ShellCrash.path="$CRASHDIR/misnap_init.sh"
uci set firewall.ShellCrash.enabled='1'
uci commit firewall
setconfig systype $systype
else
rm -rf ${CRASHDIR}/misnap_init.sh
fi
@@ -303,6 +303,18 @@ fi
#华硕下载大师启动额外设置
[ -f "$dir/asusware.arm/etc/init.d/S50downloadmaster" ] && [ -z "$(grep 'ShellCrash' $dir/asusware.arm/etc/init.d/S50downloadmaster)" ] &&
sed -i "/^PATH=/a\\$CRASHDIR/start.sh init & #ShellCrash初始化脚本" "$dir/asusware.arm/etc/init.d/S50downloadmaster"
#容器环境额外设置
[ "$systype" = 'container' ] && {
setconfig userguide '1'
setconfig crashcore 'meta'
setconfig redir_mod "混合模式"
setconfig dns_mod 'mix'
setconfig firewall_area '1'
setconfig firewall_mod 'nftables'
setconfig start_old '已开启'
echo "$CRASHDIR/menu.sh" >> /etc/profile
}
setconfig systype $systype
#删除临时文件
rm -rf /tmp/*rash*gz
rm -rf /tmp/SC_tmp
@@ -360,7 +372,4 @@ sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" $configpath
sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" $configpath
sed -i "s/redir_mod=纯净模式/firewall_area=4/g" $configpath
#清理路由器空间
[ -d /data/etc_bak ] && rm -rf /data/etc_bak
echo -e "\033[32m脚本初始化完成,请输入\033[30;47m crash \033[0;33m命令开始使用\033[0m"

4
scripts/menu.sh
View File

@@ -694,7 +694,7 @@ setport() { #端口设置
esac
}
setdns() { #DNS详细设置
[ -z "$dns_nameserver" ] && dns_nameserver='180.184.1.1, 1.2.4.8'
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5, 1.2.4.8'
[ -z "$dns_fallback" ] && dns_fallback="1.1.1.1, 8.8.8.8"
[ -z "$dns_resolver" ] && dns_resolver="223.5.5.5, 2400:3200::1"
[ -z "$hosts_opt" ] && hosts_opt=已启用
@@ -811,7 +811,7 @@ setdns() { #DNS详细设置
openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
if [ -s "$openssldir/certs/ca-certificates.crt" ] || [ -s "/etc/ssl/certs/ca-certificates.crt" ] ||
echo "$crashcore" | grep -qE 'meta|singbox'; then
dns_nameserver='https://doh.360.cn/dns-query, https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
setconfig dns_nameserver "'$dns_nameserver'"

123
scripts/start.sh
View File

@@ -51,7 +51,7 @@ getconfig() { #读取配置及全局变量
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
#默认dns
[ -z "$dns_nameserver" ] && dns_nameserver='180.184.1.1, 1.2.4.8'
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5, 1.2.4.8'
[ -z "$dns_fallback" ] && dns_fallback="1.1.1.1, 8.8.8.8"
[ -z "$dns_resolver" ] && dns_resolver="223.5.5.5, 2400:3200::1"
#自动生成ua
@@ -182,7 +182,7 @@ croncmd() { #定时任务工具
}
cronset() { #定时任务设置
# 参数1代表要移除的关键字,参数2代表要添加的任务语句
tmpcron="$TMPDIR"/cron_$USER
tmpcron="$TMPDIR"/cron_tmp
croncmd -l >"$tmpcron" 2>/dev/null
sed -i "/$1/d" "$tmpcron"
sed -i '/^$/d' "$tmpcron"
@@ -250,6 +250,59 @@ getlanip() { #获取局域网host地址
[ -z "$reserve_ipv4" ] && reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
[ -z "$reserve_ipv6" ] && reserve_ipv6="::/128 ::1/128 ::ffff:0:0/96 64:ff9b::/96 100::/64 2001::/32 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8"
}
parse_singbox_dns() { #singbox的dns分割工具
first_dns=$(echo "$1" | cut -d',' -f1 | cut -d' ' -f1)
type=""
server=""
port=""
case "$first_dns" in
*://*)
type="${first_dns%%://*}"
tmp="${first_dns#*://}"
;;
*)
type="udp"
tmp="$first_dns"
;;
esac
case "$tmp" in
\[*\]*)
server="${tmp%%]*}"
server="${server#[}"
port="${tmp#*\]}"
port="${port#:}"
;;
*)
server="${tmp%%[:/]*}"
port="${tmp#*:}"
[ "$port" = "$tmp" ] && port=""
;;
esac
if [ -z "$port" ]; then
case "$type" in
udp|tcp) port=53 ;;
doh|https) port=443 ;;
dot|tls) port=853 ;;
*) port=53 ;;
esac
fi
# 输出
echo '"type": "'"$type"'", "server": "'"$server"'", "server_port": '"$port"','
}
urlencode() {
local i c hex
LC_ALL=C
for i in $(printf '%s' "$1" | od -An -tx1); do
case "$i" in
2d|2e|5f|7e|3[0-9]|4[1-9A-Fa-f]|5[A-Fa-f]|6[1-9A-Fa-f]|7[0-9A-Ea-e])
printf "\\$(printf '%03o' "0x$i")"
;;
*)
printf '%%%02X' "0x$i"
;;
esac
done
}
#配置文件相关
check_clash_config() { #检查clash配置文件
#检测节点或providers
@@ -336,8 +389,8 @@ get_core_config() { #下载内核配置文件
#如果传来的是Url链接则合成Https链接否则直接使用Https链接
if [ -z "$Https" ]; then
#Urlencord转码处理保留字符
Url=$(echo $Url | sed 's/;/\%3B/g; s|/|\%2F|g; s/?/\%3F/g; s/:/\%3A/g; s/@/\%40/g; s/=/\%3D/g; s/&/\%26/g')
Https="${Server}/sub?target=${target}&${Server_ua}=${user_agent}&insert=true&new_name=true&scv=true&udp=true&exclude=${exclude}&include=${include}&url=${Url}&config=${Config}"
urlencodeUrl="exclude=$(urlencode "$exclude")&include=$(urlencode "$include")&url=$(urlencode "$Url")&config=$(urlencode "$Config")"
Https="${Server}/sub?target=${target}&${Server_ua}=${user_agent}&insert=true&new_name=true&scv=true&udp=true&${urlencodeUrl}"
url_type=true
fi
#输出
@@ -425,7 +478,7 @@ dns:
ipv6: $dns_v6
default-nameserver: [ $dns_resolver ]
enhanced-mode: fake-ip
fake-ip-range: 28.0.0.1/8
fake-ip-range: 28.0.0.0/8
fake-ip-range6: fc00::/16
fake-ip-filter:
EOF
@@ -438,7 +491,7 @@ EOF
[ "$dns_mod" = "mix" ] && echo ' - "rule-set:cn"' >>"$TMPDIR"/dns.yaml
#mix模式和route模式插入分流设置
if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ]; then
[ "$dns_protect" = "OFF" ] && dns_final="$dns_fallback" || dns_final="$dns_nameserver"
[ "$dns_protect" != "OFF" ] && dns_final="$dns_fallback" || dns_final="$dns_nameserver"
cat >>"$TMPDIR"/dns.yaml <<EOF
respect-rules: true
nameserver-policy: {'rule-set:cn': [ $dns_nameserver ]}
@@ -633,7 +686,7 @@ modify_json() { #修饰singbox1.13配置文件
cat "$TMPDIR"/format.json | sed -n '/^ "providers":/,/^ "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/providers.json
}
cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\( "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
#加载端点配置文件并生成
#生成log.json
[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/components/endpoints.sh
@@ -678,18 +731,6 @@ EOF
EOF
fi
#生成dns.json
dns_direct_1st=$(echo $dns_nameserver | awk -F ',' '{print $1}')
dns_direct=$(echo $dns_direct_1st | sed 's|.*://||' | sed 's|/.*||')
dns_direct_type=$(echo "$dns_direct_1st" | awk -F '://' '{print $1}')
[ "$dns_direct_type" = "$dns_direct" ] && dns_direct_type="udp"
dns_proxy_1st=$(echo $dns_fallback | awk -F ',' '{print $1}')
dns_proxy=$(echo $dns_proxy_1st | sed 's|.*://||' | sed 's|/.*||')
dns_proxy_type=$(echo "$dns_proxy_1st" | awk -F '://' '{print $1}')
[ "$dns_proxy_type" = "$dns_proxy" ] && dns_proxy_type="udp"
dns_resolver_1st=$(echo $dns_resolver | awk -F ',' '{print $1}')
dns_resolverip=$(echo $dns_resolver_1st | sed 's|.*://||' | sed 's|/.*||')
dns_resolver_type=$(echo "$dns_resolver_1st" | awk -F '://' '{print $1}')
[ "$dns_resolver_type" = "$dns_resolverip" ] && dns_resolver_type="udp"
[ "$ipv6_dns" = "已开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
#获取detour出口
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
@@ -740,29 +781,26 @@ EOF
"servers": [
{
"tag": "dns_proxy",
"type": "$dns_proxy_type",
"server": "$dns_proxy",
$(parse_singbox_dns "$dns_fallback")
"routing_mark": $routing_mark,
"detour": $auto_detour,
"domain_resolver": "dns_resolver"
},
{
"tag": "dns_direct",
"type": "$dns_direct_type",
"server": "$dns_direct",
$(parse_singbox_dns "$dns_nameserver")
"routing_mark": $routing_mark,
"domain_resolver": "dns_resolver"
},
{
"tag": "dns_fakeip",
"type": "fakeip",
"inet4_range": "28.0.0.1/8",
"inet4_range": "28.0.0.0/8",
"inet6_range": "fc00::/16"
},
{
"tag": "dns_resolver",
"type": "$dns_resolver_type",
"server": "$dns_resolverip",
$(parse_singbox_dns "$dns_resolver")
"routing_mark": $routing_mark
}
],
@@ -850,7 +888,7 @@ EOF
}
EOF
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "ipv6_redir" = '已开启' ] && ipv6_address='"fdfe:dcba:9876::1/126",'
[ "ipv6_redir" = '已开启' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
cat >>"$TMPDIR"/jsons/tun.json <<EOF
{
"inbounds": [
@@ -860,7 +898,7 @@ EOF
"interface_name": "utun",
"address": [
$ipv6_address
"172.18.0.1/30"
"28.0.0.1/30"
],
"auto_route": false,
"stack": "system"
@@ -1063,7 +1101,7 @@ start_ipt_route() { #iptables-route通用工具
fi
#将所在链指定流量指向shellcrash表
$1 $w -t $2 -I $3 -p $5 $ports -j $4
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 $w -t $2 -I $3 -p $5 -d 28.0.0.1/8 -j $4
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = iptables ] && $1 $w -t $2 -I $3 -p $5 -d 28.0.0.0/8 -j $4
[ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "已开启" ] && [ "$1" = ip6tables ] && $1 $w -t $2 -I $3 -p $5 -d fc00::/16 -j $4
}
[ "$5" = "tcp" -o "$5" = "all" ] && proxy_set $1 $2 $3 $4 tcp
@@ -1298,10 +1336,12 @@ start_nft_route() { #nftables-route通用工具
[ -z "$ports" ] && nft add rule inet shellcrash $1 tcp dport {"$mix_port, $redir_port, $tproxy_port"} return
#过滤常用端口
[ -n "$PORTS" ] && {
nft add rule inet shellcrash $1 ip daddr != {28.0.0.1/8} tcp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} tcp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} udp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} tcp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} udp dport != {$PORTS} return
}
#nft add rule inet shellcrash $1 ip saddr 28.0.0.1/8 return
#nft add rule inet shellcrash $1 ip saddr 28.0.0.0/8 return
nft add rule inet shellcrash $1 ip daddr {$RESERVED_IP} return #过滤保留地址
#过滤局域网设备
[ "$1" = 'prerouting' ] && {
@@ -1521,7 +1561,7 @@ start_firewall() { #路由规则总入口
[ "$firewall_mod" = 'iptables' ] && start_iptables
[ "$firewall_mod" = 'nftables' ] && start_nftables
#修复部分虚拟机dns查询失败的问题
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '127.0.0.1' /etc/resolv.conf 2>/dev/null)" ] && [ -w /etc/resolv.conf ] && {
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '127.0.0.1' /etc/resolv.conf 2>/dev/null)" ] && [ "$systype" != 'container' ] && {
line=$(grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}')
sed -i "$line i\nameserver 127.0.0.1 #shellcrash-dns-repair" /etc/resolv.conf >/dev/null 2>&1
}
@@ -1550,24 +1590,24 @@ stop_firewall() { #还原防火墙配置
$iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
#redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.1/8 -j shellcrash 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.1/8 -j shellcrash_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_out 2>/dev/null
#vm_dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
#vm_redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.1/8 -j shellcrash_vm 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_vm 2>/dev/null
#TPROXY&tun
$iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.1/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.1/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.1/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.1/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
@@ -1736,10 +1776,7 @@ makehtml() { #生成面板跳转文件
<h1>您还未安装本地面板</h1>
<h3>请在脚本更新功能中(9-4)安装<br>或者使用在线面板:</h3>
<h4>请复制当前地址/ui(不包括)前面的内容填入url位置即可连接</h3>
<a href="https://metacubexd.pages.dev" style="font-size: 24px;">Meta XD面板(推荐)<br></a>
<a href="https://board.zash.run.place" style="font-size: 24px;">zashboard面板<br></a>
<a href="https://yacd.metacubex.one" style="font-size: 24px;">Meta YACD面板(推荐)<br></a>
<a href="https://yacd.haishan.me" style="font-size: 24px;">Clash YACD面板<br></a>
<a href="http://board.zash.run.place" style="font-size: 24px;">Zashboard面板(推荐)<br></a>
<a style="font-size: 21px;"><br>如已安装请使用Ctrl+F5强制刷新此页面<br></a>
</div>
</body>

4
scripts/webget.sh
View File

@@ -452,7 +452,7 @@ EOF
"url": "${2}",
"path": "./providers/${1}.yaml",
"user_agent": "clash.meta;mihomo",
"update_interval": "24h",
"update_interval": "12h",
EOF
fi
#通用部分生成
@@ -2352,7 +2352,7 @@ userguide(){
fi
#设置加密DNS
if [ -s $openssldir/certs/ca-certificates.crt ];then
dns_nameserver='https://doh.360.cn/dns-query, https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
setconfig dns_nameserver "'$dns_nameserver'"

2
version
View File

@@ -1 +1 @@
1.9.3beta7fix
1.9.3beta8