xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-11 07:51:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into dev

Browse Source
This commit is contained in:
juewuy
2026-01-14 18:49:36 +08:00
parent b2be8ab3fd aef509de62
commit 27906ee244
11 changed files with 36 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/init.sh
View File

@@ -102,7 +102,7 @@ grep -q 'firewall_mod' "$CRASHDIR/configs/ShellClash.cfg" 2>/dev/null || {
#设置更新地址 #设置更新地址
[ -n "$url" ] && setconfig update_url $url [ -n "$url" ] && setconfig update_url $url
#设置环境变量 #设置环境变量
[ -w /opt/etc/profile ] && profile=/opt/etc/profile [ -w /opt/etc/profile ] && [ "$systype" = "Padavan" ] && profile=/opt/etc/profile
[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add [ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
[ -z "$profile" ] && profile=/etc/profile [ -z "$profile" ] && profile=/etc/profile
if [ -n "$profile" ]; then if [ -n "$profile" ]; then

3
scripts/libs/set_proxy.sh
View File

@@ -3,6 +3,7 @@ setproxy(){
[ -n "$(pidof CrashCore)" ] && { [ -n "$(pidof CrashCore)" ] && {
[ -n "$authentication" ] && auth="$authentication@" || auth="" [ -n "$authentication" ] && auth="$authentication@" || auth=""
[ -z "$mix_port" ] && mix_port=7890 [ -z "$mix_port" ] && mix_port=7890
export all_proxy="http://${auth}127.0.0.1:$mix_port" export https_proxy="http://${auth}127.0.0.1:$mix_port"
export http_proxy="http://${auth}127.0.0.1:$mix_port"
} }
} }

3
scripts/libs/web_get.sh
View File

@@ -32,7 +32,8 @@ webget(){
result=$(curl $agent -w '%{http_code}' --connect-timeout 3 $progress $redirect $certificate -o "$1" "$url") result=$(curl $agent -w '%{http_code}' --connect-timeout 3 $progress $redirect $certificate -o "$1" "$url")
fi fi
[ "$result" = "200" ] && return 0 #成功则退出否则重试 [ "$result" = "200" ] && return 0 #成功则退出否则重试
export all_proxy="" export https_proxy=""
export http_proxy=""
result=$(curl $agent -w '%{http_code}' --connect-timeout 5 $progress $redirect $certificate -o "$1" "$2") result=$(curl $agent -w '%{http_code}' --connect-timeout 5 $progress $redirect $certificate -o "$1" "$2")
[ "$result" = "200" ] [ "$result" = "200" ]
return $? return $?

12
scripts/libs/web_save.sh
View File

@@ -20,11 +20,13 @@ web_save() { #最小化保存面板节点选择
} }
done <"$TMPDIR"/web_proxies done <"$TMPDIR"/web_proxies
rm -rf "$TMPDIR"/web_proxies rm -rf "$TMPDIR"/web_proxies
#对比文件,如果有变动且不为空则写入磁盘,否则清除缓存 #对比文件,如果有变动则写入磁盘,否则清除缓存
for file in web_save web_configs; do for file in web_save; do
if [ -s "$TMPDIR"/${file} ]; then if [ -s "$TMPDIR/$file" ]; then
. "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR"/${file} "$CRASHDIR"/configs/${file} . "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR/$file" "$CRASHDIR/configs/$file"
[ "$?" = 0 ] && rm -rf "$TMPDIR"/${file} || mv -f "$TMPDIR"/${file} "$CRASHDIR"/configs/${file} [ "$?" = 0 ] && rm -f "$TMPDIR/$file" || mv -f "$TMPDIR/$file" "$CRASHDIR/configs/$file"
else
rm -f "$CRASHDIR/configs/$file" #空文件时移除旧文件
fi fi
done done
} }

1
scripts/start.sh
View File

@@ -37,6 +37,7 @@ case "$1" in
start) start)
[ -n "$(pidof CrashCore)" ] && $0 stop #禁止多实例 [ -n "$(pidof CrashCore)" ] && $0 stop #禁止多实例
stop_firewall #清理路由策略 stop_firewall #清理路由策略
rm -f "CRASHDIR"/.start_error #移除自启失败标记
#使用不同方式启动服务 #使用不同方式启动服务
if [ "$firewall_area" = "5" ]; then #主旁转发 if [ "$firewall_area" = "5" ]; then #主旁转发
. "$CRASHDIR"/starts/fw_start.sh . "$CRASHDIR"/starts/fw_start.sh

8
scripts/starts/bfstart.sh
View File

@@ -6,6 +6,9 @@
. "$CRASHDIR"/libs/get_config.sh . "$CRASHDIR"/libs/get_config.sh
[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1 [ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1
[ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR" [ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR"
#当上次启动失败时终止自启动
[ -f "CRASHDIR"/.start_error ] && exit 1
#加载工具 #加载工具
. "$CRASHDIR"/libs/check_cmd.sh . "$CRASHDIR"/libs/check_cmd.sh
. "$CRASHDIR"/libs/check_target.sh . "$CRASHDIR"/libs/check_target.sh
@@ -18,6 +21,7 @@
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式' [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$dns_mod" ] && dns_mod='redir_host' [ -z "$dns_mod" ] && dns_mod='redir_host'
[ -z "$redir_mod" ] && firewall_area='4' [ -z "$redir_mod" ] && firewall_area='4'
routing_mark=$((fwmark + 2))
makehtml() { #生成面板跳转文件 makehtml() { #生成面板跳转文件
cat >"$BINDIR"/ui/index.html <<EOF cat >"$BINDIR"/ui/index.html <<EOF
@@ -69,7 +73,7 @@ EOF
[ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac [ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
} }
routing_mark=$((fwmark + 2))
#检测网络连接 #检测网络连接
[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network [ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui [ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
@@ -99,7 +103,7 @@ if echo "$crashcore" | grep -q 'singbox'; then
if [ "$disoverride" != "1" ];then if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/singbox_modify.sh && modify_json . "$CRASHDIR"/starts/singbox_modify.sh && modify_json
else else
ln -sf "$core_config" "$TMPDIR"/config.json ln -sf "$core_config" "$TMPDIR"/configs/config.json
fi fi
else else
. "$CRASHDIR"/starts/clash_check.sh && clash_check . "$CRASHDIR"/starts/clash_check.sh && clash_check

4
scripts/starts/fw_getlanip.sh
View File

@@ -2,8 +2,8 @@
getlanip() { #获取局域网host地址 getlanip() { #获取局域网host地址
i=1 i=1
while [ "$i" -le "20" ]; do while [ "$i" -le "20" ]; do
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/[[:space:]]br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段 host_ipv4=$(ip route show scope link | grep -Ev 'wan|utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | awk '{print $1}') #ipv4局域网网段
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段 [ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip -6 route show | grep 'default' | awk '{print $3}') #ipv6公网地址段
[ -f "$TMPDIR"/ShellCrash.log ] && break [ -f "$TMPDIR"/ShellCrash.log ] && break
[ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break [ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break [ -n "$host_ipv4" -a -n "$host_ipv6" ] && break

12
scripts/starts/fw_iptables.sh
View File

@@ -1,6 +1,9 @@
#!/bin/sh #!/bin/sh
# Copyright (C) Juewuy # Copyright (C) Juewuy
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
start_ipt_route() { #iptables-route通用工具 start_ipt_route() { #iptables-route通用工具
#$1:iptables/ip6tables $2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING) $4:新创建的shellcrash链表 $5:tcp/udp/all #$1:iptables/ip6tables $2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING) $4:新创建的shellcrash链表 $5:tcp/udp/all
#区分ipv4/ipv6 #区分ipv4/ipv6
@@ -28,7 +31,10 @@ start_ipt_route() { #iptables-route通用工具
"$1" $w -t "$2" -A "$4" -m owner --gid-owner $gid -j RETURN "$1" $w -t "$2" -A "$4" -m owner --gid-owner $gid -j RETURN
done done
[ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN [ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN
[ -z "$ports" ] && "$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN [ -z "$ports" ] && {
"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
}
#跳过目标保留地址及目标本机网段 #跳过目标保留地址及目标本机网段
for ip in $HOST_IP $RESERVED_IP; do for ip in $HOST_IP $RESERVED_IP; do
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN "$1" $w -t "$2" -A "$4" -d $ip -j RETURN
@@ -130,8 +136,6 @@ start_ipt_dns() { #iptables-dns通用工具
"$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3" "$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
} }
start_ipt_wan() { #iptables公网防火墙 start_ipt_wan() { #iptables公网防火墙
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
ipt_wan_accept(){ ipt_wan_accept(){
$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT $iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
@@ -141,7 +145,7 @@ start_ipt_wan() { #iptables公网防火墙
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
} }
#端口拦截 #端口拦截
reject_ports="$mix_port,$db_port,$dns_port" reject_ports="$mix_port,$db_port"
ipt_wan_reject tcp ipt_wan_reject tcp
ipt_wan_reject udp ipt_wan_reject udp
#端口放行 #端口放行

2
scripts/starts/fw_nftables.sh
View File

@@ -146,7 +146,7 @@ start_nft_wan() { #nftables公网防火墙
nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
} }
#端口拦截 #端口拦截
reject_ports="{ $mix_port, $db_port, $dns_port }" reject_ports="{ $mix_port, $db_port }"
nft add rule inet shellcrash input ip saddr {$HOST_IP} accept nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
nft add rule inet shellcrash input tcp dport $reject_ports reject nft add rule inet shellcrash input tcp dport $reject_ports reject

8
scripts/starts/fw_stop.sh
View File

@@ -55,8 +55,8 @@ ckcmd iptables && {
done done
$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null $iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null $iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null $iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null $iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表 #清理shellcrash自建表
for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
$iptable -t nat -F "$text" 2>/dev/null $iptable -t nat -F "$text" 2>/dev/null
@@ -105,8 +105,8 @@ ckcmd ip6tables && {
done done
$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null $ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null $ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null $ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null $ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表 #清理shellcrash自建表
for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
$ip6table -t nat -F "$text" 2>/dev/null $ip6table -t nat -F "$text" 2>/dev/null

3
scripts/starts/start_error.sh
View File

@@ -7,6 +7,7 @@ else
sleep 2 sleep 2
kill $! >/dev/null 2>&1 kill $! >/dev/null 2>&1
fi fi
error=$(cat $TMPDIR/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*') touch "CRASHDIR"/.start_error #标记启动失败,防止自启
error=$(cat "$TMPDIR"/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33 logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33
logger "$error" 31 logger "$error" 31