diff --git a/scripts/libs/README.md b/scripts/libs/README.md new file mode 100644 index 00000000..1454be14 --- /dev/null +++ b/scripts/libs/README.md @@ -0,0 +1,11 @@ +用于存放脚本内置工具的脚本 + +引用方式必须为: + +```shell +. "$CRASHDIR"/libs/xxx.sh +``` + +返回码必须是return x而不能是exit x + +此处脚本内容不应包含文字输出和log输出 \ No newline at end of file diff --git a/scripts/libs/meta_listeners.sh b/scripts/libs/meta_listeners.sh new file mode 100644 index 00000000..c338a769 --- /dev/null +++ b/scripts/libs/meta_listeners.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# Copyright (C) Juewuy + +#meta内核vmess入站生成 +[ "$vms_service" = ON ] && { + cat >>"$TMPDIR"/listeners.yaml <>"$TMPDIR"/listeners.yaml <"$TMPDIR"/jsons/tailscale.json <"$TMPDIR"/jsons/wireguard.json <"$TMPDIR"/jsons/vmess-in.json <"$TMPDIR"/jsons/ss-in.json </dev/null 2>&1; then + curl -ksSl --connect-timeout 3 "$1" 2>/dev/null + else + wget -Y on -q --timeout=3 -O - "$1" + fi +} +web_json_post() { + setproxy + if curl --version >/dev/null 2>&1; then + curl -ksSl -X POST --connect-timeout 3 -H "Content-Type: application/json; charset=utf-8" "$1" -d "$2" >/dev/null 2>&1 + else + wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json; charset=utf-8" --body-data="$2" "$1" + fi +} diff --git a/scripts/menu.sh b/scripts/menu.sh index 5248794d..a86824b6 100644 --- a/scripts/menu.sh +++ b/scripts/menu.sh @@ -569,10 +569,10 @@ setport() { #端口设置 elif [ -n "$(netstat -ntul | grep ":$portx ")" ]; then echo -e "\033[31m当前端口已被其他进程占用,请重新输入!\033[0m" inputport - else + else setconfig $xport $portx echo -e "\033[32m设置成功!!!\033[0m" - setport + setport fi } echo "-----------------------------------------------" @@ -895,46 +895,7 @@ setipv6() { #ipv6设置 esac } setfirewall() { #防火墙设置 - set_cust_host_ipv4() { - [ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用" - echo "-----------------------------------------------" - echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m" - echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m" - echo "-----------------------------------------------" - echo -e " 1 移除所有自定义网段" - echo -e " 2 使用自定义网段覆盖默认网段 \033[36m$replace_default_host_ipv4\033[0m" - echo -e " 0 返回上级菜单" - read -p "请输入对应的序号或需要额外添加的网段 > " text - case "$text" in - 2) - if [ "$replace_default_host_ipv4" == "未启用" ]; then - replace_default_host_ipv4="已启用" - else - replace_default_host_ipv4="未启用" - fi - setconfig replace_default_host_ipv4 "$replace_default_host_ipv4" - set_cust_host_ipv4 - ;; - 1) - unset cust_host_ipv4 - setconfig cust_host_ipv4 - set_cust_host_ipv4 - ;; - 0) ;; - *) - if [ -n "$(echo $text | grep -Eo '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'$)" -a -z "$(echo $cust_host_ipv4 | grep "$text")" ]; then - cust_host_ipv4="$cust_host_ipv4 $text" - setconfig cust_host_ipv4 "'$cust_host_ipv4'" - else - echo "-----------------------------------------------" - echo -e "\033[31m请输入正确的网段地址!\033[0m" - fi - sleep 1 - set_cust_host_ipv4 - ;; - esac - } [ -z "$public_support" ] && public_support=未开启 [ -z "$public_mixport" ] && public_mixport=未开启 [ -z "$ipv6_dns" ] && ipv6_dns=已开启 @@ -1868,7 +1829,7 @@ advanced_set() { #进阶设置 echo -e "\033[30;47m欢迎使用进阶模式菜单:\033[0m" echo -e "\033[33m如您并不了解ShellCrash的运行机制,请勿更改本页面功能!\033[0m" echo "-----------------------------------------------" - #echo -e " 2 配置Meta特性" + echo -e " 1 访问与控制" echo -e " 3 配置公网及局域网防火墙" [ "$disoverride" != "1" ] && { echo -e " 4 启用域名嗅探: \033[36m$sniffer\033[0m ————用于流媒体及防DNS污染" @@ -1881,10 +1842,14 @@ advanced_set() { #进阶设置 read -p "请输入对应数字 > " num case "$num" in 0) ;; + 1) + . "$CRASHDIR"/menus/gateway.sh && gateway + advanced_set + ;; 3) setfirewall advanced_set - ;; + ;; 4) echo "-----------------------------------------------" if [ "$sniffer" = "未启用" ]; then @@ -1906,7 +1871,7 @@ advanced_set() { #进阶设置 echo -e "\033[32m设置成功!\033[0m" sleep 1 advanced_set - ;; + ;; 5) if [ -n "$(pidof CrashCore)" ]; then echo "-----------------------------------------------" @@ -1920,7 +1885,7 @@ advanced_set() { #进阶设置 setport fi advanced_set - ;; + ;; 9) echo -e " 1 备份脚本设置" echo -e " 2 还原脚本设置" @@ -1951,7 +1916,7 @@ advanced_set() { #进阶设置 fi echo -e "\033[33m请重新启动脚本!\033[0m" exit 0 - ;; + ;; *) errornum ;; esac } @@ -2248,7 +2213,7 @@ main_menu() { ;; 2) checkcfg=$(cat $CFG_PATH) - normal_set + . "$CRASHDIR"/menus/normal_set.sh && normal_set if [ -n "$PID" ]; then checkcfg_new=$(cat $CFG_PATH) [ "$checkcfg" != "$checkcfg_new" ] && checkrestart diff --git a/scripts/menus/README.md b/scripts/menus/README.md new file mode 100644 index 00000000..1762fba9 --- /dev/null +++ b/scripts/menus/README.md @@ -0,0 +1,3 @@ +用于存放脚本各级菜单界面的脚本 + +此处脚本内容包含各类文字说明 \ No newline at end of file diff --git a/scripts/menus/bot_tg.sh b/scripts/menus/bot_tg.sh new file mode 100644 index 00000000..3ca5ba2f --- /dev/null +++ b/scripts/menus/bot_tg.sh @@ -0,0 +1,190 @@ +#!/bin/sh + +. "$CRASHDIR"/configs/ShellCrash.cfg +. "$CRASHDIR"/configs/gateway.cfg +. "$CRASHDIR"/libs/web_json.sh + +OFFSET=0 +API="https://api.telegram.org/bot$TG_TOKEN" +STATE_FILE="/tmp/ShellCrash/tgbot_state" +LOGFILE="/tmp/ShellCrash/tgbot.log" + +### --- 基础函数 --- ### +send_msg() { + TEXT="$1" + web_json_post "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\"}" +} +send_help(){ + TEXT=$(cat < "$LOGFILE" +} +do_stop_fw() { + redir_mod_bf=$redir_mod + redir_mod='纯净模式' + setconfig redir_mod $redir_mod + "$CRASHDIR"/start.sh stop_firewall + echo "ShellCrash 已切换到纯净模式!" > "$LOGFILE" +} +do_restart() { + "$CRASHDIR"/start.sh restart + echo "ShellCrash 服务已重启!" > "$LOGFILE" +} +do_refresh() { + "$CRASHDIR"/start.sh hotupdate + echo "ShellCrash 已完成热更新订阅!" > "$LOGFILE" +} +do_set_sub() { + #echo "$1" "$2" >> "$CRASHDIR"/configs/providers.cfg + echo "错误,还未完成的功能!" > "$LOGFILE" + +} + +### --- 轮询主进程 --- ### +polling(){ + while true; do + UPDATES=$(web_json_get "$API/getUpdates?timeout=25&offset=$OFFSET") + + echo "$UPDATES" | grep -q '"update_id"' || continue + + OFFSET=$(echo "$UPDATES" | grep -o '"update_id":[0-9]*' | tail -n1 | cut -d: -f2) + OFFSET=$((OFFSET + 1)) + + ### --- 处理按钮事件 --- ### + CALLBACK=$(echo "$UPDATES" | grep -o '"data":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//') + + case "$CALLBACK" in + "start_redir") + if [ "$redir_mod" = '纯净模式' ];then + do_start_fw + send_msg "已切换到$redir_mod_bf!" + else + send_msg "当前已经是$redir_mod!" + fi + send_menu + continue + ;; + "stop_redir") + if [ "$redir_mod" != '纯净模式' ];then + do_stop_fw + send_msg "已切换到纯净模式" + else + send_msg "当前已经是纯净模式!" + fi + send_menu + continue + ;; + "restart") + do_restart + send_msg "🔄 服务已重启" + sleep 10 + send_menu + continue + ;; + "refresh") + do_refresh + send_msg "🌀 刷新完成:\n$(cat "$LOGFILE")" + send_menu + continue + ;; + "set_sub") + echo "await_sub" > "$STATE_FILE" + send_msg "✏ 请输入新的订阅链接:" + continue + ;; + esac + + + ### --- 处理订阅输入 --- ### + TEXT=$(echo "$UPDATES" | grep -o '"text":"[^"]*"' | tail -n1 | sed 's/.*"text":"//;s/"$//') + + if [ "$(cat "$STATE_FILE" 2>/dev/null)" = "await_sub" ]; then + echo "" > "$STATE_FILE" + do_set_sub "$TEXT" + send_msg "订阅更新完成:\n$(cat "$LOGFILE")" + send_menu + continue + fi + + + ### 处理命令 ### + case "$TEXT" in + /crash) + send_menu + ;; + /help) + send_help + ;; + esac + + done +} +send_menu +polling + diff --git a/scripts/menus/check_port.sh b/scripts/menus/check_port.sh new file mode 100644 index 00000000..76ca118d --- /dev/null +++ b/scripts/menus/check_port.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Copyright (C) Juewuy + + +if [ $1 -gt 65535 -o $1 -le 1 ]; then + echo -e "\033[31m输入错误!请输入正确的数值(1-65535)!\033[0m" + exit 1 +elif [ -n "$(echo "|$mix_port|$redir_port|$dns_port|$db_port|" | grep "|$1|")" ]; then + echo -e "\033[31m输入错误!请不要输入重复的端口!\033[0m" + exit 1 +elif [ -n "$(netstat -ntul | grep ":$1 ")" ]; then + echo -e "\033[31m当前端口已被其他进程占用,请重新输入!\033[0m" + exit 1 +else + exit 0 +fi + diff --git a/scripts/menus/ddns_op.sh b/scripts/menus/ddns_op.sh new file mode 100644 index 00000000..a51d3afb --- /dev/null +++ b/scripts/menus/ddns_op.sh @@ -0,0 +1,178 @@ +#! /bin/bash +# Copyright (C) Juewuy + +ddns_dir=/etc/config/ddns +tmp_dir=/tmp/ddns_$USER + +[ ! -f $ddns_dir ] && echo -e "本脚本依赖OpenWrt内置的DDNS服务,当前设备无法运行,已退出!" && exit 1 +echo ----------------------------------------------- +echo -e "\033[30;46m欢迎使用ShellDDNS!\033[0m" +echo -e "TG群:\033[36;4mhttps://t.me/ShellCrash\033[0m" + +add_ddns() { + cat >>$ddns_dir </dev/null 2>&1 & + sleep 3 + echo 服务已经添加! +} +set_ddns() { + echo ----------------------------------------------- + read -p "请输入你的域名 > " str + [ -z "$str" ] && domain=$domain || domain=$str + echo ----------------------------------------------- + read -p "请输入用户名或邮箱 > " str + [ -z "$str" ] && username=$username || username=$str + echo ----------------------------------------------- + read -p "请输入密码或令牌秘钥 > " str + [ -z "$str" ] && password=$password || password=$str + echo ----------------------------------------------- + read -p "请输入检测更新间隔(单位:分钟;默认为10) > " check_interval + [ -z "$check_interval" ] || [ "$check_interval" -lt 1 -o "$check_interval" -gt 1440 ] && check_interval=10 + echo ----------------------------------------------- + read -p "请输入强制更新间隔(单位:小时;默认为24) > " force_interval + [ -z "$force_interval" ] || [ "$force_interval" -lt 1 -o "$force_interval" -gt 240 ] && force_interval=24 + echo ----------------------------------------------- + echo -e "请核对如下信息:" + echo -e "服务商: \033[32m$service\033[0m" + echo -e "域名: \033[32m$domain\033[0m" + echo -e "用户名: \033[32m$username\033[0m" + echo -e "检测间隔: \033[32m$check_interval\033[0m" + echo ----------------------------------------------- + read -p "确认添加?(1/0) > " res + [ "$res" = 1 ] && add_ddns || set_ddns +} + +set_service() { + services_dir=/etc/ddns/$serv + [ -s $services_dir ] || services_dir=/usr/share/ddns/list + echo ----------------------------------------------- + echo -e "\033[32m请选择服务提供商\033[0m" + cat $services_dir | grep -v '^#' | awk '{print " "NR" " $1}' + nr=$(cat $services_dir | grep -v '^#' | wc -l) + read -p "请输入对应数字 > " num + if [ -z "$num" ]; then + i= + elif [ "$num" -gt 0 -a "$num" -lt $nr ]; then + service_name=$(cat $services_dir | grep -v '^#' | awk '{print $1}' | sed -n "$num"p | sed 's/"//g') + service=$(echo $service_name | sed 's/\./_/g') + set_ddns + else + echo "输入错误,请重新输入!" + sleep 1 + set_service + fi +} + +network_type() { + echo ----------------------------------------------- + echo -e "\033[32m请选择网络模式\033[0m" + echo -e " 1 \033[36mIPV4\033[0m" + echo -e " 2 \033[36mIPV6\033[0m" + read -p "请输入对应数字 > " num + if [ -z "$num" ]; then + i= + elif [ "$num" = 1 ]; then + use_ipv6=0 + serv=services + set_service + elif [ "$num" = 2 ]; then + use_ipv6=1 + serv=services_ipv6 + set_service + else + echo "输入错误,请重新输入!" + sleep 1 + network_type + fi +} + +rev_service() { + enabled=$(uci show ddns.$service | grep 'enabled' | awk -F "=" '{print $2}' | tr -d "'\"") + [ "$enabled" = 1 ] && enabled_b="停用" || enabled_b="启用" + echo ----------------------------------------------- + echo -e " 1 \033[32m立即更新\033[0m" + echo -e " 2 编辑当前服务\033[0m" + echo -e " 3 $enabled_b当前服务" + echo -e " 4 移除当前服务" + echo -e " 5 查看运行日志" + echo -e " 0 返回上级菜单" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + if [ -z "$num" -o "$num" = 0 ]; then + i= + elif [ "$num" = 1 ]; then + /usr/lib/ddns/dynamic_dns_updater.sh -S $service start >/dev/null 2>&1 & + sleep 3 + elif [ "$num" = 2 ]; then + domain=$(uci show ddns.$service | grep 'domain' | awk -F "=" '{print $2}' | tr -d "'\"") + username=$(uci show ddns.$service | grep 'username' | awk -F "=" '{print $2}' | tr -d "'\"") + password=$(uci show ddns.$service | grep 'password' | awk -F "=" '{print $2}' | tr -d "'\"") + service_name=$(uci show ddns.$service | grep 'service_name' | awk -F "=" '{print $2}' | tr -d "'\"") + uci delete ddns.$service + set_ddns + elif [ "$num" = 3 ]; then + [ "$enabled" = 1 ] && uci set ddns.$service.enabled='0' || uci set ddns.$service.enabled='1' && sleep 3 + uci commit ddns.$service + elif [ "$num" = 4 ]; then + uci delete ddns.$service + uci commit ddns.$service + elif [ "$num" = 5 ]; then + echo ----------------------------------------------- + cat /var/log/ddns/$service.log 2>/dev/null + sleep 1 + fi +} + +load_ddns() { + nr=0 + cat $ddns_dir | grep 'config service' | awk '{print $3}' | sed "s/\'//g" | sed "s/\"//g" >$tmp_dir + echo ----------------------------------------------- + echo -e "列表 域名 启用 IP地址" + echo ----------------------------------------------- + for service in $(cat $tmp_dir); do + #echo $service >>$tmp_dir + nr=$((nr + 1)) + enabled=$(uci show ddns.$service 2>/dev/null | grep 'enabled' | awk -F "=" '{print $2}' | tr -d "'\"") + domain=$(uci show ddns.$service 2>/dev/null | grep 'domain' | awk -F "=" '{print $2}' | tr -d "'\"") + local_ip=$(sed '1!G;h;$!d' /var/log/ddns/$service.log 2>/dev/null | grep -E 'Registered IP' | tail -1 | awk -F "'" '{print $2}' | tr -d "'\"") + echo -e " $nr $domain $enabled $local_ip" + done + echo -e " $((nr + 1)) 添加DDNS服务" + echo -e " 0 退出" + echo ----------------------------------------------- + read -p "请输入对应序号 > " num + if [ -z "$num" -o "$num" = 0 ]; then + i= + elif [ "$num" -gt $nr ]; then + network_type + load_ddns + elif [ "$num" -gt 0 -a "$num" -le $nr ]; then + service=$(cat $tmp_dir | sed -n "$num"p) + rev_service + load_ddns + else + echo "请输入正确数字!" && load_ddns + fi +} + +load_ddns +rm -rf $tmp_dir diff --git a/scripts/menus/gateway.sh b/scripts/menus/gateway.sh new file mode 100644 index 00000000..3c192806 --- /dev/null +++ b/scripts/menus/gateway.sh @@ -0,0 +1,488 @@ +#!/bin/sh +# Copyright (C) Juewuy + +CFG="$CRASHDIR"/configs/gateway.cfg +touch "$CFG" +. "$CFG" + +gateway(){ #访问与控制主菜单 + echo ----------------------------------------------- + echo -e "\033[30;47m欢迎使用访问与控制菜单:\033[0m" + echo ----------------------------------------------- + echo -e " 1 配置公网访问防火墙" + echo -e " 2 配置Telegram专属控制机器人 \033[32m$bot_tg_service\033[0m" + echo -e " 3 配置DDNS自动域名" + [ "$disoverride" != "1" ] && { + echo -e " 4 自定义\033[33m公网Vmess入站\033[0m节点 \033[32m$vms_service\033[0m" + echo -e " 5 自定义\033[33m公网ShadowSocks入站\033[0m节点 \033[32m$sss_service\033[0m" + echo -e " 6 配置\033[36mTailscale内网穿透\033[0m(限Singbox) \033[32m$ts_service\033[0m" + echo -e " 7 配置\033[36mWireguard客户端\033[0m(限Singbox) \033[32m$wg_service\033[0m" + } + echo -e " 0 返回上级菜单 \033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + set_pub_fw + gateway + ;; + 2) + set_bot_tg + gateway + ;; + 3) + set_ddns + gateway + ;; + 4) + set_vmess + gateway + ;; + 5) + set_shadowsocks + gateway + ;; + 6) + if echo "$crashcore" | grep -q 'sing';then + set_tailscale + else + echo -e "\033[33m$crashcore内核暂不支持此功能,请先更换内核!\033[0m" + sleep 1 + fi + gateway + ;; + 7) + if echo "$crashcore" | grep -q 'sing';then + set_wireguard + else + echo -e "\033[33m$crashcore内核暂不支持此功能,请先更换内核!\033[0m" + sleep 1 + fi + gateway + ;; + *) errornum ;; + esac +} +set_pub_fw() { #公网防火墙设置 + [ -z "$public_support" ] && public_support=未开启 + [ -z "$public_mixport" ] && public_mixport=未开启 + echo ----------------------------------------------- + echo -e " 1 公网访问Dashboard面板: \033[36m$public_support\033[0m" + echo -e " 2 公网访问Socks/Http代理: \033[36m$public_mixport\033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case $num in + 1) + if [ "$public_support" = "未开启" ]; then + public_support=已开启 + else + public_support=未开启 + fi + setconfig public_support $public_support + setfirewall + ;; + 2) + if [ "$public_mixport" = "未开启" ]; then + if [ "$mix_port" = "7890" -o -z "$authentication" ]; then + echo ----------------------------------------------- + echo -e "\033[33m为了安全考虑,请先修改默认Socks/Http端口并设置代理密码\033[0m" + sleep 1 + setport + else + public_mixport=已开启 + fi + else + public_mixport=未开启 + fi + setconfig public_mixport $public_mixport + setfirewall + ;; + 3) + set_cust_host_ipv4 + setfirewall + ;; + *) + errornum + ;; + esac +} +set_bot_tg_init(){ + echo ----------------------------------------------- + echo -e "请先通过 \033[32;4mhttps://t.me/BotFather\033[0m 申请TG机器人并获取其\033[36mAPI TOKEN\033[0m" + echo ----------------------------------------------- + read -p "请输入你获取到的API TOKEN > " TOKEN + echo ----------------------------------------------- + echo -e "请向\033[32m你申请的机器人\033[31m而不是BotFather\033[0m,发送任意几条消息!" + echo ----------------------------------------------- + read -p "我已经发送完成(1/0) > " res + if [ "$res" = 1 ]; then + . "$CRASHDIR"/libs/web_json.sh #加载web工具 + bot_api=https://api.telegram.org/bot$TOKEN + chat=$(web_json_get "$bot_api/getUpdates" | tail -n -1) + [ -n "$chat" ] && chat_ID=$(echo $chat | grep -oE '"id":.*,"is_bot":false' | sed s'/"id"://'g | sed s'/,"is_bot":false//'g) + [ -z "$chat_ID" ] && { + echo -e "\033[31m无法获取对话ID,请确认使用的不是已经被绑定的机器人,或手动输入ChatID!\033[0m" + echo -e "通常访问 $url_tg 即可看到ChatID,也可以尝试其他方法\033[0m" + read -p "请手动输入ChatID > " chat_ID + } + if [ -n "$chat_ID" ]; then + setconfig TG_TOKEN $TOKEN "$CFG" + setconfig TG_CHATID $chat_ID "$CFG" + #设置机器人快捷命令 + JSON=$(cat </dev/null 2>&1 + else + bot_tg_service=ON + [ -z "$PID" ] && "$CRASHDIR"/menus/bot_tg.sh & + fi + setconfig bot_tg_service "$bot_tg_service" +} +set_bot_tg(){ + [ -n "$ts_auth_key" ] && ts_auth_key_info='已设置' + echo ----------------------------------------------- + echo -e "\033[31m注意:\033[0m由于网络环境原因,此机器人仅限服务启动时运行!" + echo -e "此机器人与推送机器人互不影响,请尽量不要设置成同一机器人" + echo ----------------------------------------------- + echo -e " 1 启用/关闭TG-BOT服务 \033[32m$bot_tg_service\033[0m" + echo -e " 2 TG-BOT绑定设置" + echo -e " 0 返回上级菜单 \033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + . "$CFG" + if [ -n "$TG_CHATID" ];then + set_bot_tg_service + else + set_bot_tg_init && set_bot_tg_service + fi + sleep 1 + set_bot_tg + ;; + 2) + set_bot_tg_init && set_bot_tg_service + set_bot_tg + ;; + *) + errornum + ;; + esac +} +set_ddns(){ + echo 等待施工 +} +set_vmess(){ + echo ----------------------------------------------- + echo -e "\033[31m注意:\033[0m启动内核服务后会自动开放相应端口公网访问,请谨慎使用!\n 脚本只提供基础功能,更多需求请使用自定义配置文件功能!" + echo ----------------------------------------------- + echo -e " 1 \033[32m启用/关闭\033[0mVmess入站 \033[32m$vms_service\033[0m" + echo ----------------------------------------------- + echo -e " 2 设置\033[36m监听端口\033[0m: \033[36m$vms_port\033[0m" + echo -e " 3 设置\033[33mWS-path(可选)\033[0m: \033[33m$vms_ws_path\033[0m" + echo -e " 4 设置\033[36m秘钥-uuid\033[0m: \033[36m$vms_uuid\033[0m" + echo -e " 5 一键生成\033[32m随机秘钥\033[0m" + echo -e " 0 返回上级菜单 \033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + if [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then + [ "$vms_service" = ON ] && vms_service=OFF || vms_service=ON + setconfig vms_service "$vms_service" + else + echo -e "\033[31m请先完成必选设置!\033[0m" + sleep 1 + fi + set_vmess + ;; + 2) + read -p "请输入端口号(输入0删除) > " text + [ "$text" = 0 ] && unset vms_port + if sh "$CRASHDIR"/menus/check_port.sh "$text"; then + vms_port="$text" + setconfig vms_port "$text" "$CFG" + else + sleep 1 + fi + set_vmess + ;; + 3) + read -p "请输入ws-path路径(输入0删除) > " text + [ "$text" = 0 ] && unset vms_ws_path + if echo "$text" |grep -qE '^/';then + vms_ws_path="$text" + setconfig vms_ws_path "$text" "$CFG" + else + echo -e "\033[31m不是合法的path路径,必须以【/】开头!\033[0m" + sleep 1 + fi + set_vmess + ;; + 4) + read -p "请输入UUID(输入0删除) > " text + [ "$text" = 0 ] && unset vms_uuid + if echo "$text" |grep -qiE '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$';then + vms_uuid="$text" + setconfig vms_uuid "$text" "$CFG" + else + echo -e "\033[31m不是合法的UUID格式,请重新输入或使用随机生成功能!\033[0m" + sleep 1 + fi + set_vmess + ;; + 5) + vms_uuid=$(cat /proc/sys/kernel/random/uuid) + setconfig vms_uuid "$vms_uuid" "$CFG" + sleep 1 + set_vmess + ;; + *) errornum ;; + esac +} +set_shadowsocks(){ + [ -z "$sss_cipher" ] && sss_cipher='xchacha20-ietf-poly1305' + echo ----------------------------------------------- + echo -e "\033[31m注意:\033[0m启动内核服务后会自动开放相应端口公网访问,请谨慎使用!\n 脚本只提供基础功能,更多需求请使用自定义配置文件功能!" + echo ----------------------------------------------- + echo -e " 1 \033[32m启用/关闭\033[0mShadowSocks入站 \033[32m$sss_service\033[0m" + echo ----------------------------------------------- + echo -e " 2 设置\033[36m监听端口\033[0m: \033[36m$sss_port\033[0m" + echo -e " 3 选择\033[33m加密协议\033[0m: \033[33m$sss_cipher\033[0m" + echo -e " 4 设置\033[36mpassword\033[0m: \033[36m$sss_pwd\033[0m" + echo -e " 0 返回上级菜单 \033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + if [ -n "$sss_port" ] && [ -n "$sss_pwd" ];then + [ "$sss_service" = ON ] && sss_service=OFF || sss_service=ON + setconfig sss_service "$sss_service" + else + echo -e "\033[31m请先完成必选设置!\033[0m" + sleep 1 + fi + set_shadowsocks + ;; + 2) + read -p "请输入端口号(输入0删除) > " text + [ "$text" = 0 ] && unset sss_port + if sh "$CRASHDIR"/menus/check_port.sh "$text"; then + sss_port="$text" + setconfig sss_port "$text" "$CFG" + else + sleep 1 + fi + set_shadowsocks + ;; + 3) + echo ----------------------------------------------- + echo -e " 1 \033[32mxchacha20-ietf-poly1305\033[0m" + echo -e " 2 \033[32mchacha20-ietf-poly1305\033[0m" + echo -e " 3 \033[32maes-128-gcm\033[0m" + echo -e " 4 \033[32maes-256-gcm\033[0m" + ckcmd openssl && { + echo ----------------------------------------------- + echo -e "\033[31m注意:\033[0m2022系列加密必须使用OpenSSL随机生成的password!" + echo -e " 5 \033[32m2022-blake3-chacha20-poly1305\033[0m" + echo -e " 6 \033[32m2022-blake3-aes-128-gcm\033[0m" + echo -e " 7 \033[32m2022-blake3-aes-256-gcm\033[0m" + } + echo ----------------------------------------------- + echo -e " 0 返回上级菜单" + read -p "请选择要使用的加密协议 > " num + case "$num" in + 1) + sss_cipher=xchacha20-ietf-poly1305 + sss_pwd=$(cat /proc/sys/kernel/random/uuid) + ;; + 2) + sss_cipher=chacha20-ietf-poly1305 + sss_pwd=$(cat /proc/sys/kernel/random/uuid) + ;; + 3) + sss_cipher=aes-128-gcm + sss_pwd=$(cat /proc/sys/kernel/random/uuid) + ;; + 4) + sss_cipher=aes-256-gcm + sss_pwd=$(cat /proc/sys/kernel/random/uuid) + ;; + 5) + sss_cipher=2022-blake3-chacha20-poly1305 + sss_pwd=$(openssl rand --base64 32) + ;; + 6) + sss_cipher=2022-blake3-aes-128-gcm + sss_pwd=$(openssl rand --base64 16) + ;; + 7) + sss_cipher=2022-blake3-aes-256-gcm + sss_pwd=$(openssl rand --base64 32) + ;; + *) + ;; + esac + setconfig sss_cipher "$sss_cipher" "$CFG" + setconfig sss_pwd "$sss_pwd" "$CFG" + set_shadowsocks + ;; + 4) + if echo "$sss_cipher" |grep -q '2022-blake3';then + echo -e "\033[31m注意:\033[0m2022系列加密必须使用脚本随机生成的password!" + sleep 1 + else + read -p "请输入秘钥(输入0删除) > " text + [ "$text" = 0 ] && unset sss_pwd + sss_pwd="$text" + setconfig sss_pwd "$text" "$CFG" + fi + set_shadowsocks + ;; + *) errornum ;; + esac +} +set_tailscale(){ + [ -n "$ts_auth_key" ] && ts_auth_key_info='*********' + echo ----------------------------------------------- + echo -e "\033[31m注意:\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件!" + echo -e "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m" + echo -e "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m" + echo -e "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式" + echo ----------------------------------------------- + echo -e " 1 \033[32m启用/关闭\033[0mTailscale服务 \033[32m$ts_service\033[0m" + echo -e " 2 设置\033[36m秘钥\033[0m(Auth Key) $ts_auth_key_info" + echo -e " 3 通告路由\033[33m内网地址\033[0m(Subnet) \033[36m$ts_subnet\033[0m" + echo -e " 4 通告路由\033[31m全部流量\033[0m(EXIT-NODE) \033[36m$ts_exit_node\033[0m" + echo -e " 0 返回上级菜单 \033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + if [ -n "$ts_auth_key" ];then + [ "$ts_service" = ON ] && ts_service=OFF || ts_service=ON + setconfig ts_service "$ts_service" + else + echo -e "\033[31m请先设置秘钥!\033[0m" + sleep 1 + fi + set_tailscale + ;; + 2) + read -p "请输入秘钥(输入0删除) > " text + [ "$text" = 0 ] && unset ts_auth_key ts_auth_key_info || ts_auth_key="$text" + [ -n "$ts_auth_key" ] && setconfig ts_auth_key "$ts_auth_key" "$CFG" + set_tailscale + ;; + 3) + [ "$ts_subnet" = true ] && ts_subnet=false || ts_subnet=true + setconfig ts_subnet "$ts_subnet" "$CFG" + set_tailscale + ;; + 4) + [ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true + setconfig ts_exit_node "$ts_exit_node" "$CFG" + set_tailscale + ;; + *) errornum ;; + esac +} +set_wireguard(){ + [ -n "$wg_public_key" ] && wgp_key_info='*********' || unset wgp_key_info + [ -n "$wg_private_key" ] && wgv_key_info='*********' || unset wgv_key_info + [ -n "$wg_pre_shared_key" ] && wgpsk_key_info='*********' || unset wgpsk_key_info + echo ----------------------------------------------- + echo -e "\033[31m注意:\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件!" + echo ----------------------------------------------- + echo -e " 1 \033[32m启用/关闭\033[0mWireguard服务 \033[32m$wg_service\033[0m" + echo ----------------------------------------------- + echo -e " 2 设置\033[36mEndpoint地址\033[0m: \033[36m$wg_server\033[0m" + echo -e " 3 设置\033[36mEndpoint端口\033[0m: \033[36m$wg_port\033[0m" + echo -e " 4 设置\033[36m公钥-PublicKey\033[0m: \033[36m$wgp_key_info\033[0m" + echo -e " 5 设置\033[36m密钥-PresharedKey\033[0m: \033[36m$wgpsk_key_info\033[0m" + echo ----------------------------------------------- + echo -e " 6 设置\033[33m私钥-PrivateKey\033[0m: \033[33m$wgv_key_info\033[0m" + echo -e " 7 设置\033[33m组网IPV4地址\033[0m: \033[33m$wg_ipv4\033[0m" + echo -e " 8 可选\033[33m组网IPV6地址\033[0m: \033[33m$wg_ipv6\033[0m" + echo -e " 0 返回上级菜单 \033[0m" + echo ----------------------------------------------- + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + if [ -n "$wg_server" ] && [ -n "$wg_port" ] && [ -n "$wg_public_key" ] && [ -n "$wg_pre_shared_key" ] && [ -n "$wg_private_key" ] && [ -n "$wg_ipv4" ];then + [ "$wg_service" = ON ] && wg_service=OFF || wg_service=ON + setconfig wg_service "$wg_service" + else + echo -e "\033[31m请先完成必选设置!\033[0m" + sleep 1 + fi + set_wireguard + ;; + [1-8]) + read -p "请输入相应内容(回车或0删除) > " text + [ "$text" = 0 ] && text='' + case "$num" in + 2) + wg_server="$text" + setconfig wg_server "$text" "$CFG" + ;; + 3) + wg_port="$text" + setconfig wg_port "$text" "$CFG" + ;; + 4) + wg_public_key="$text" + setconfig wg_public_key "$text" "$CFG" + ;; + 5) + wg_pre_shared_key="$text" + setconfig wg_pre_shared_key "$text" "$CFG" + ;; + 6) + wg_private_key="$text" + setconfig wg_private_key "$text" "$CFG" + ;; + 7) + wg_ipv4="$text" + setconfig wg_ipv4 "$text" "$CFG" + ;; + 8) + wg_ipv6="$text" + setconfig wg_ipv6 "$text" "$CFG" + ;; + + esac + set_wireguard + ;; + *) errornum ;; + esac +} + diff --git a/scripts/menus/normal_set.sh b/scripts/menus/normal_set.sh new file mode 100644 index 00000000..ee3d1a7d --- /dev/null +++ b/scripts/menus/normal_set.sh @@ -0,0 +1,422 @@ +#!/bin/sh +# Copyright (C) Juewuy + +normal_set() { #基础设置 + #获取设置默认显示 + [ -z "$skip_cert" ] && skip_cert=已开启 + [ -z "$common_ports" ] && common_ports=已开启 + [ -z "$dns_mod" ] && dns_mod=fake-ip + [ -z "$dns_over" ] && dns_over=已开启 + [ -z "$cn_ip_route" ] && cn_ip_route=未开启 + [ -z "$local_proxy" ] && local_proxy=未开启 + [ -z "$quic_rj" ] && quic_rj=未开启 + [ -z "$(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null)" ] && mac_return=未开启 || mac_return=已启用 + # + echo "-----------------------------------------------" + echo -e "\033[30;47m欢迎使用功能设置菜单:\033[0m" + echo "-----------------------------------------------" + echo -e " 1 切换防火墙运行模式: \033[36m$redir_mod\033[0m" + [ "$disoverride" != "1" ] && { + echo -e " 2 切换DNS运行模式: \033[36m$dns_mod\033[0m" + echo -e " 3 跳过本地证书验证: \033[36m$skip_cert\033[0m ————解决节点证书验证错误" + } + echo -e " 4 设置流量过滤" + [ "$disoverride" != "1" ] && { + [ "$dns_mod" != "redir_host" ] && + echo -e " 9 管理Fake-ip过滤列表" + } + echo "-----------------------------------------------" + echo -e " 0 返回上级菜单 \033[0m" + echo "-----------------------------------------------" + read -p "请输入对应数字 > " num + case "$num" in + 0) + ;; + 1) + if [ "$USER" != "root" -a "$USER" != "admin" ]; then + echo "-----------------------------------------------" + read -p "非root用户可能无法正确配置其他模式!依然尝试吗?(1/0) > " res + [ "$res" = 1 ] && set_redir_mod + else + set_redir_mod + fi + normal_set + ;; + 2) + set_dns_mod + sleep 1 + normal_set + ;; + 4) + set_fw_filter + sleep 1 + normal_set + ;; + 3) + echo "-----------------------------------------------" + if [ "$skip_cert" = "未开启" ] >/dev/null 2>&1; then + echo -e "\033[33m已设为开启跳过本地证书验证!!\033[0m" + skip_cert=已开启 + else + echo -e "\033[33m已设为禁止跳过本地证书验证!!\033[0m" + skip_cert=未开启 + fi + setconfig skip_cert $skip_cert + normal_set + ;; + 9) + echo "-----------------------------------------------" + fake_ip_filter + normal_set + ;; + *) + errornum + ;; + esac +} + +set_fw_filter(){ #流量过滤 + echo "-----------------------------------------------" + echo -e " 1 过滤非常用端口: \033[36m$common_ports\033[0m ————用于过滤P2P流量" + echo -e " 2 过滤局域网设备: \033[36m$mac_return\033[0m ————使用黑/白名单进行过滤" + echo -e " 3 过滤QUIC协议: \033[36m$quic_rj\033[0m ————优化视频性能" + [ "$dns_mod" != "fake-ip" ] && + echo -e " 4 过滤CN_IP(6)列表: \033[36m$cn_ip_route\033[0m ————优化性能,不兼容Fake-ip" + echo -e " 5 自定义透明路由ipv4网段: 适合vlan等复杂网络环境" + echo -e " 6 自定义保留地址ipv4网段: 需要以保留地址为访问目标的环境" + echo "-----------------------------------------------" + echo -e " 0 返回上级菜单 \033[0m" + echo "-----------------------------------------------" + read -p "请输入对应数字 > " num + case "$num" in + 0) + ;; + 1) + set_common_ports() { + if [ "$common_ports" = "未开启" ]; then + echo -e "\033[33m当前代理端口为:【$multiport】\033[0m" + echo -e "\033[31m注意,fake-ip模式下,非常用端口的域名连接将不受影响!!\033[0m" + read -p "是否修改默认端口?(1/0) > " res + [ "$res" = "1" ] && { + read -p "请输入自定义端口,注意用小写逗号分隔 > " text + [ -n "$text" ] && setconfig multiport $text && echo -e "\033[33m已设为代理【$multiport】端口!!\033[0m" + } + common_ports=已开启 + sleep 1 + else + echo -e "\033[33m已设为代理全部端口!!\033[0m" + common_ports=未开启 + fi + setconfig common_ports $common_ports + } + echo "-----------------------------------------------" + if [ -n "$(pidof CrashCore)" ]; then + read -p "切换时将停止服务,是否继续?(1/0) > " res + [ "$res" = 1 ] && ${CRASHDIR}/start.sh stop && set_common_ports + else + set_common_ports + fi + set_fw_filter + ;; + 2) + checkcfg_mac=$(cat ${CRASHDIR}/configs/mac) + fw_filter_lan + if [ -n "$PID" ]; then + checkcfg_mac_new=$(cat ${CRASHDIR}/configs/mac) + [ "$checkcfg_mac" != "$checkcfg_mac_new" ] && checkrestart + fi + set_fw_filter + ;; + 3) + echo "-----------------------------------------------" + if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then + if [ "$quic_rj" = "未开启" ]; then + echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核!!\033[0m" + quic_rj=已启用 + else + echo -e "\033[33m已取消禁止QUIC协议流量!!\033[0m" + quic_rj=未开启 + fi + setconfig quic_rj $quic_rj + else + echo -e "\033[33m当前模式默认不会代理UDP流量,无需设置!!\033[0m" + fi + sleep 1 + set_fw_filter + ;; + 4) + if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then + if [ "$cn_ip_route" = "未开启" ]; then + echo -e "\033[32m已开启CN_IP绕过内核功能!!\033[0m" + echo -e "\033[31m注意!!!此功能会导致全局模式及一切CN相关规则失效!!!\033[0m" + cn_ip_route=已开启 + sleep 2 + else + echo -e "\033[33m已禁用CN_IP绕过内核功能!!\033[0m" + cn_ip_route=未开启 + fi + setconfig cn_ip_route $cn_ip_route + else + echo -e "\033[31m当前设备缺少ipset模块或未使用nftables模式,无法启用绕过功能!!\033[0m" + sleep 1 + fi + set_fw_filter + ;; + 5) + set_cust_host_ipv4 + set_fw_filter + ;; + 6) + [ -z "$reserve_ipv4" ] && reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4" + echo -e "当前网段:\033[36m$reserve_ipv4\033[0m" + echo -e "\033[33m地址必须是空格分隔,错误的设置可能导致网络回环或启动报错,请务必谨慎!\033[0m" + read -p "请输入 > " text + if [ -n "$( + echo $text | grep -E "(((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])/(3[0-2]|[1-2]?[0-9]))( +|$)+" + )" ]; then + reserve_ipv4="$text" + echo -e "已将保留地址网段设为:\033[32m$reserve_ipv4\033[0m" + setconfig reserve_ipv4 "'$reserve_ipv4'" + else + echo -e "\033[31m输入有误,操作已取消!\033[0m" + fi + sleep 1 + set_fw_filter + ;; + *) + errornum + ;; + esac +} +set_cust_host_ipv4() { + [ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用" + echo "-----------------------------------------------" + echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m" + echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m" + echo "-----------------------------------------------" + echo -e " 1 移除所有自定义网段" + echo -e " 2 使用自定义网段覆盖默认网段 \033[36m$replace_default_host_ipv4\033[0m" + echo -e " 0 返回上级菜单" + read -p "请输入对应的序号或需要额外添加的网段 > " text + case "$text" in + 2) + if [ "$replace_default_host_ipv4" == "未启用" ]; then + replace_default_host_ipv4="已启用" + else + replace_default_host_ipv4="未启用" + fi + setconfig replace_default_host_ipv4 "$replace_default_host_ipv4" + set_cust_host_ipv4 + ;; + 1) + unset cust_host_ipv4 + setconfig cust_host_ipv4 + set_cust_host_ipv4 + ;; + 0) ;; + *) + if [ -n "$(echo $text | grep -Eo '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'$)" -a -z "$(echo $cust_host_ipv4 | grep "$text")" ]; then + cust_host_ipv4="$cust_host_ipv4 $text" + setconfig cust_host_ipv4 "'$cust_host_ipv4'" + else + echo "-----------------------------------------------" + echo -e "\033[31m请输入正确的网段地址!\033[0m" + fi + sleep 1 + set_cust_host_ipv4 + ;; + esac +} +fw_filter_lan() { #局域网设备过滤 + get_devinfo() { + dev_ip=$(cat $dhcpdir | grep " $dev " | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip=$dev + dev_mac=$(cat $dhcpdir | grep " $dev " | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$dev + dev_name=$(cat $dhcpdir | grep " $dev " | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备' + } + add_mac() { + echo "-----------------------------------------------" + echo 已添加的mac地址: + cat ${CRASHDIR}/configs/mac 2>/dev/null + echo "-----------------------------------------------" + echo -e "\033[33m序号 设备IP 设备mac地址 设备名称\033[32m" + cat $dhcpdir | awk '{print " "NR" "$3,$2,$4}' + echo -e "\033[0m-----------------------------------------------" + echo -e "手动输入mac地址时仅支持\033[32mxx:xx:xx:xx:xx:xx\033[0m的形式" + echo -e " 0 或回车 结束添加" + echo "-----------------------------------------------" + read -p "请输入对应序号或直接输入mac地址 > " num + if [ -z "$num" -o "$num" = 0 ]; then + i= + elif [ -n "$(echo $num | grep -aE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$')" ]; then + if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$num")" ]; then + echo $num | grep -oE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$' >>${CRASHDIR}/configs/mac + else + echo "-----------------------------------------------" + echo -e "\033[31m已添加的设备,请勿重复添加!\033[0m" + fi + add_mac + elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then + macadd=$(cat $dhcpdir | awk '{print $2}' | sed -n "$num"p) + if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$macadd")" ]; then + echo $macadd >>${CRASHDIR}/configs/mac + else + echo "-----------------------------------------------" + echo -e "\033[31m已添加的设备,请勿重复添加!\033[0m" + fi + add_mac + else + echo "-----------------------------------------------" + echo -e "\033[31m输入有误,请重新输入!\033[0m" + add_mac + fi + } + add_ip() { + echo "-----------------------------------------------" + echo "已添加的IP地址(段):" + cat ${CRASHDIR}/configs/ip_filter 2>/dev/null + echo "-----------------------------------------------" + echo -e "\033[33m序号 设备IP 设备名称\033[32m" + cat $dhcpdir | awk '{print " "NR" "$3,$4}' + echo -e "\033[0m-----------------------------------------------" + echo -e "手动输入时仅支持\033[32m 192.168.1.0/24\033[0m 或 \033[32m192.168.1.0\033[0m 的形式" + echo -e "不支持ipv6地址过滤,如有需求请使用mac地址过滤" + echo -e " 0 或回车 结束添加" + echo "-----------------------------------------------" + read -p "请输入对应序号或直接输入IP地址段 > " num + if [ -z "$num" -o "$num" = 0 ]; then + i= + elif [ -n "$(echo $num | grep -aE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$')" ]; then + if [ -z "$(cat ${CRASHDIR}/configs/ip_filter | grep -E "$num")" ]; then + echo $num | grep -oE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$' >>${CRASHDIR}/configs/ip_filter + else + echo "-----------------------------------------------" + echo -e "\033[31m已添加的地址,请勿重复添加!\033[0m" + fi + add_ip + elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then + ipadd=$(cat $dhcpdir | awk '{print $3}' | sed -n "$num"p) + if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$ipadd")" ]; then + echo $ipadd >>${CRASHDIR}/configs/ip_filter + else + echo "-----------------------------------------------" + echo -e "\033[31m已添加的地址,请勿重复添加!\033[0m" + fi + add_ip + else + echo "-----------------------------------------------" + echo -e "\033[31m输入有误,请重新输入!\033[0m" + add_ip + fi + } + del_all() { + echo "-----------------------------------------------" + if [ -z "$(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null)" ]; then + echo -e "\033[31m列表中没有需要移除的设备!\033[0m" + sleep 1 + else + echo -e "请选择需要移除的设备:\033[36m" + echo -e "\033[33m 设备IP 设备mac地址 设备名称\033[0m" + i=1 + for dev in $(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null); do + get_devinfo + echo -e " $i \033[32m$dev_ip \033[36m$dev_mac \033[32m$dev_name\033[0m" + i=$((i + 1)) + done + echo "-----------------------------------------------" + echo -e "\033[0m 0 或回车 结束删除" + read -p "请输入需要移除的设备的对应序号 > " num + mac_filter_rows=$(cat ${CRASHDIR}/configs/mac 2>/dev/null | wc -l) + ip_filter_rows=$(cat ${CRASHDIR}/configs/ip_filter 2>/dev/null | wc -l) + if [ -z "$num" ] || [ "$num" -le 0 ]; then + n= + elif [ $num -le $mac_filter_rows ]; then + sed -i "${num}d" ${CRASHDIR}/configs/mac + echo "-----------------------------------------------" + echo -e "\033[32m对应设备已移除!\033[0m" + del_all + elif [ $num -le $((mac_filter_rows + ip_filter_rows)) ]; then + num=$((num - mac_filter_rows)) + sed -i "${num}d" ${CRASHDIR}/configs/ip_filter + echo "-----------------------------------------------" + echo -e "\033[32m对应设备已移除!\033[0m" + del_all + else + echo "-----------------------------------------------" + echo -e "\033[31m输入有误,请重新输入!\033[0m" + del_all + fi + fi + } + echo "-----------------------------------------------" + [ -z "$dhcpdir" ] && [ -f /var/lib/dhcp/dhcpd.leases ] && dhcpdir='/var/lib/dhcp/dhcpd.leases' + [ -z "$dhcpdir" ] && [ -f /var/lib/dhcpd/dhcpd.leases ] && dhcpdir='/var/lib/dhcpd/dhcpd.leases' + [ -z "$dhcpdir" ] && [ -f /tmp/dhcp.leases ] && dhcpdir='/tmp/dhcp.leases' + [ -z "$dhcpdir" ] && [ -f /tmp/dnsmasq.leases ] && dhcpdir='/tmp/dnsmasq.leases' + [ -z "$dhcpdir" ] && dhcpdir='/dev/null' + [ -z "$fw_filter_lan_type" ] && fw_filter_lan_type='黑名单' + if [ "$fw_filter_lan_type" = "黑名单" ]; then + fw_filter_lan_over='白名单' + fw_filter_lan_scrip='不' + else + fw_filter_lan_over='黑名单' + fw_filter_lan_scrip='' + fi + ###### + echo -e "\033[30;47m请在此添加或移除设备\033[0m" + echo -e "当前过滤方式为:\033[33m$fw_filter_lan_type模式\033[0m" + echo -e "仅列表内设备流量\033[36m$fw_filter_lan_scrip经过\033[0m内核" + if [ -n "$(cat ${CRASHDIR}/configs/mac)" ]; then + echo "-----------------------------------------------" + echo -e "当前已过滤设备为:\033[36m" + echo -e "\033[33m 设备mac/ip地址 设备名称\033[0m" + for dev in $(cat ${CRASHDIR}/configs/mac 2>/dev/null); do + get_devinfo + echo -e "\033[36m$dev_mac \033[0m$dev_name" + done + for dev in $(cat ${CRASHDIR}/configs/ip_filter 2>/dev/null); do + get_devinfo + echo -e "\033[32m$dev_ip \033[0m$dev_name" + done + echo "-----------------------------------------------" + fi + echo -e " 1 切换为\033[33m$fw_filter_lan_over模式\033[0m" + echo -e " 2 \033[32m添加指定设备(mac地址)\033[0m" + echo -e " 3 \033[32m添加指定设备(IP地址/网段)\033[0m" + echo -e " 4 \033[36m移除指定设备\033[0m" + echo -e " 9 \033[31m清空整个列表\033[0m" + echo -e " 0 返回上级菜单" + read -p "请输入对应数字 > " num + case "$num" in + 0) ;; + 1) + fw_filter_lan_type=$fw_filter_lan_over + setconfig fw_filter_lan_type $fw_filter_lan_type + echo "-----------------------------------------------" + echo -e "\033[32m已切换为$fw_filter_lan_type模式!\033[0m" + fw_filter_lan + ;; + 2) + add_mac + fw_filter_lan + ;; + 3) + add_ip + fw_filter_lan + ;; + 4) + del_all + fw_filter_lan + ;; + 9) + : >${CRASHDIR}/configs/mac + : >${CRASHDIR}/configs/ip_filter + echo "-----------------------------------------------" + echo -e "\033[31m设备列表已清空!\033[0m" + fw_filter_lan + ;; + *) + errornum + ;; + esac +} + diff --git a/scripts/start.sh b/scripts/start.sh index 49cb15a1..3465fd70 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -295,7 +295,7 @@ urlencode() { | hexdump -v -e '/1 "%02X\n"' \ | while read -r hex; do case "$hex" in - 2D|2E|5F|7E|3[0-9]|4[1-9A-F]|5[0-9A]|6[1-9A-F]|7[0-9A-E]) + 2D|2E|5F|7E|3[0-9]|4[1-9A-F]|5[0-9A]|6[1-9A-F]|7[0-9A-E]) printf "\\$(printf '%03o' "0x$hex")" ;; *) @@ -617,6 +617,11 @@ EOF IFS="$oldIFS" done } + #添加自定义入站 + [ "$vms_service" = ON ] || [ "$sss_service" = ON ] && { + . "$CRASHDIR"/configs/gateway.cfg + . "$CRASHDIR"/libs/meta_listeners.sh + } #节点绕过功能支持 sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml [ "$proxies_bypass" = "已启用" ] && { @@ -656,7 +661,7 @@ EOF for char in $yaml_char; do #将额外配置文件合并 [ -s "$TMPDIR"/${char}.yaml ] && { sed -i "1i\\${char}:" "$TMPDIR"/${char}.yaml - yaml_add="$yaml_add "$TMPDIR"/${char}.yaml" + yaml_add="$yaml_add $TMPDIR/${char}.yaml" } done #合并完整配置文件 @@ -692,7 +697,12 @@ modify_json() { #修饰singbox1.13配置文件 cat "$TMPDIR"/format.json | sed -n '/^ "providers":/,/^ "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/providers.json } cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\( "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json - #生成log.json + #生成endpoints.json + [ "$ts_service" = ON ] || [ "$wg_service" = ON ] && { + . "$CRASHDIR"/configs/gateway.cfg + . "$CRASHDIR"/libs/sb_endpoints.sh + } + #生成log.json cat >"$TMPDIR"/jsons/log.json <"$TMPDIR"/jsons/add_route.json <>"$TMPDIR"/jsons/tun.json </dev/null 2>&1 && return 0 sleep 5 done @@ -2001,6 +2018,8 @@ afstart() { #启动后 line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1) sed -i "${line}a\\. "$CRASHDIR"/task/affirewall" /etc/init.d/firewall } & + #启动TG机器人 + [ "$bot_tg_service" = ON ] && "$CRASHDIR"/menus/bot_tg.sh & else start_error $0 stop @@ -2098,6 +2117,7 @@ stop) stop_firewall #清理路由策略 fi PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1 + PID=$(pidof /bin/sh "$CRASHDIR"/menus/bot_tg.sh) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1 #清理缓存目录 rm -rf "$TMPDIR"/CrashCore ;; diff --git a/scripts/starts/README.md b/scripts/starts/README.md new file mode 100644 index 00000000..4a6cf025 --- /dev/null +++ b/scripts/starts/README.md @@ -0,0 +1,3 @@ +用于存放负责启动和服务相关的脚本 + +此处脚本内容不应包含任何具体中文说明,log内容的文字应当从相关lang文件调用 \ No newline at end of file