xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-12 00:11:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

~脚本进行大量拆分和优化

Browse Source
This commit is contained in:
juewuy
2025-12-25 15:50:58 +08:00
parent e62f485df4
commit 647b52e016
49 changed files with 1948 additions and 2449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
scripts/starts/afstart.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/ash
# Copyright (C) Juewuy
#初始化目录
[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
. "$CRASHDIR"/libs/get_config.sh
#加载工具
. "$CRASHDIR"/libs/check_cmd.sh
. "$CRASHDIR"/libs/logger.sh
. "$CRASHDIR"/libs/set_cron.sh
#缺省值
[ -z "$firewall_area" ] && firewall_area=1
#延迟启动
[ ! -f "$TMPDIR"/crash_start_time ] && [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && {
logger "ShellCrash将延迟$start_delay秒启动" 31
sleep "$start_delay"
}
#设置循环检测面板端口以判定服务启动是否成功
. "$CRASHDIR"/libs/start_wait.sh
if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
[ "$start_old" = "已开启" ] && rm -rf "$TMPDIR"/CrashCore #删除缓存目录内核文件
. "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持
date +%s >"$TMPDIR"/crash_start_time #标记启动时间
#后台还原面板配置
[ -s "$CRASHDIR"/configs/web_save ] && {
. "$CRASHDIR"/libs/web_restore.sh
web_restore >/dev/null 2>&1 &
}
#推送日志
{
sleep 5
logger ShellCrash服务已启动
} &
ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 & #Padavan保存/etc/storage
#加载定时任务
[ -s "$CRASHDIR"/task/cron ] && croncmd "$CRASHDIR"/task/cron
[ -s "$CRASHDIR"/task/running ] && {
cronset '运行时每'
while read line; do
cronset '2fjdi124dd12s' "$line"
done <"$CRASHDIR"/task/running
}
[ "$start_old" = "已开启" ] && cronset '保守模式守护进程' "* * * * * test -z \"\$(pidof CrashCore)\" && $CRASHDIR/start.sh daemon #ShellCrash保守模式守护进程"
#加载条件任务
[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
#注入防火墙
line=$(grep -En "fw.* restart" /etc/init.d/firewall | cut -d ":" -f 1)
sed -i.bak "${line}a\\. "$CRASHDIR"/task/affirewall" /etc/init.d/firewall
line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
sed -i "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
} &
#启动TG机器人
[ "$bot_tg_service" = ON ] && "$CRASHDIR"/menus/bot_tg.sh &
else
. "$CRASHDIR"/starts/start_error.sh
"$CRASHDIR"/start.sh stop
fi

136
scripts/starts/bfstart.sh Normal file
View File

@@ -0,0 +1,136 @@
#!/bin/ash
# Copyright (C) Juewuy
[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
. "$CRASHDIR"/libs/get_config.sh
[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1
[ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR"
#加载工具
. "$CRASHDIR"/libs/check_cmd.sh
. "$CRASHDIR"/libs/check_target.sh
. "$CRASHDIR"/libs/logger.sh
. "$CRASHDIR"/libs/web_get_bin.sh
. "$CRASHDIR"/libs/compare.sh
. "$CRASHDIR"/starts/check_geo.sh
. "$CRASHDIR"/starts/check_core.sh
#缺省值
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$dns_mod" ] && dns_mod='redir_host'
[ -z "$redir_mod" ] && firewall_area='4'
makehtml() { #生成面板跳转文件
cat >"$BINDIR"/ui/index.html <<EOF
<!DOCTYPE html>
<html lang="en">
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>ShellCrash面板提示</title>
</head>
<body>
<div style="text-align: center; margin-top: 50px;">
<h1>您还未安装本地面板</h1>
<h3>请在脚本更新功能中(9-4)安装<br>或者使用在线面板:</h3>
<h4>请复制当前地址/ui(不包括)前面的内容填入url位置即可连接</h3>
<a href="http://board.zash.run.place" style="font-size: 24px;">Zashboard面板(推荐)<br></a>
<a style="font-size: 21px;"><br>如已安装请使用Ctrl+F5强制刷新此页面<br></a>
</div>
</body>
</html
EOF
}
catpac() { #生成pac文件
#获取本机host地址
[ -n "$host" ] && host_pac=$host
[ -z "$host_pac" ] && host_pac=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
[ -z "$host_pac" ] && host_pac=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
cat >"$TMPDIR"/shellcrash_pac <<EOF
function FindProxyForURL(url, host) {
if (
isInNet(host, "0.0.0.0", "255.0.0.0")||
isInNet(host, "10.0.0.0", "255.0.0.0")||
isInNet(host, "127.0.0.0", "255.0.0.0")||
isInNet(host, "224.0.0.0", "224.0.0.0")||
isInNet(host, "240.0.0.0", "240.0.0.0")||
isInNet(host, "172.16.0.0", "255.240.0.0")||
isInNet(host, "192.168.0.0", "255.255.0.0")||
isInNet(host, "169.254.0.0", "255.255.0.0")
)
return "DIRECT";
else
return "PROXY $host_pac:$mix_port; DIRECT; SOCKS5 $host_pac:$mix_port"
}
EOF
compare "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
[ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
}
routing_mark=$((fwmark + 2))
#检测网络连接
[ "$network_check" != "已禁用" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/network_check && network_check
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
[ -z "$crashcore" ] && crashcore=meta
#执行条件任务
[ -s "$CRASHDIR"/task/bfstart ] && . "$CRASHDIR"/task/bfstart
#检查内核配置文件
if [ ! -f "$core_config" ]; then
if [ -n "$Url" -o -n "$Https" ]; then
logger "未找到配置文件,正在下载!" 33
. "$CRASHDIR"/starts/core_config.sh && get_core_config
else
logger "未找到配置文件链接,请先导入配置文件!" 31
exit 1
fi
fi
#检查dashboard文件
if [ -f "$CRASHDIR"/ui/CNAME -a ! -f "$BINDIR"/ui/CNAME ]; then
cp -rf "$CRASHDIR"/ui "$BINDIR"
fi
[ ! -s "$BINDIR"/ui/index.html ] && makehtml #如没有面板则创建跳转界面
catpac #生成pac文件
#内核及内核配置文件检查
if echo "$crashcore" | grep -q 'singbox'; then
. "$CRASHDIR"/starts/singbox_check.sh && singbox_check
[ -d "$TMPDIR"/jsons ] && rm -rf "$TMPDIR"/jsons/* || mkdir -p "$TMPDIR"/jsons #准备目录
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
else
ln -sf "$core_config" "$TMPDIR"/config.json
fi
else
. "$CRASHDIR"/starts/clash_check.sh && clash_check
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/clash_modify.sh && modify_yaml
else
ln -sf "$core_config" "$TMPDIR"/config.yaml
fi
fi
#检查下载cnip绕过相关文件
[ "$cn_ip_route" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && {
[ "$firewall_mod" = nftables ] || ckcmd ipset && {
. "$CRASHDIR"/starts/check_cnip.sh
ck_cn_ipv4
[ "$ipv6_redir" = "已开启" ] && ck_cn_ipv6
}
}
#添加shellcrash用户
[ "$firewall_area" = 2 ] || [ "$firewall_area" = 3 ] || [ "$(cat /proc/1/comm)" = "systemd" ] &&
[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
ckcmd userdel && userdel shellcrash 2>/dev/null
sed -i '/0:7890/d' /etc/passwd
sed -i '/x:7890/d' /etc/group
if ckcmd useradd; then
useradd shellcrash -u 7890
sed -Ei s/7890:7890/0:7890/g /etc/passwd
else
echo "shellcrash:x:0:7890:::" >>/etc/passwd
fi
}
#清理debug日志
rm -rf /tmp/ShellCrash/debug.log
rm -rf "$CRASHDIR"/debug.log
return 0

24
scripts/starts/check_cnip.sh Normal file
View File

@@ -0,0 +1,24 @@
ck_cn_ipv4() { #CN-IP绕过
check_geo cn_ip.txt china_ip_list.txt
[ -f "$BINDIR"/cn_ip.txt ] && [ "$firewall_mod" = iptables ] && {
# see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" >"$TMPDIR"/cn_ip.ipset
awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' "$BINDIR"/cn_ip.txt >>"$TMPDIR"/cn_ip.ipset
ipset destroy cn_ip >/dev/null 2>&1
ipset -! restore <"$TMPDIR"/cn_ip.ipset
rm -rf "$TMPDIR"/cn_ip.ipset
}
}
ck_cn_ipv6() { #CN-IPV6绕过
check_geo cn_ipv6.txt china_ipv6_list.txt
[ -f "$BINDIR"/cn_ipv6.txt ] && [ "$firewall_mod" = iptables ] && {
#ipv6
#see https://ispip.clang.cn/all_cn_ipv6.txt
echo "create cn_ip6 hash:net family inet6 hashsize 5120 maxelem 5120" >"$TMPDIR"/cn_ipv6.ipset
awk '!/^$/&&!/^#/{printf("add cn_ip6 %s'" "'\n",$0)}' "$BINDIR"/cn_ipv6.txt >>"$TMPDIR"/cn_ipv6.ipset
ipset destroy cn_ip6 >/dev/null 2>&1
ipset -! restore <"$TMPDIR"/cn_ipv6.ipset
rm -rf "$TMPDIR"/cn_ipv6.ipset
}
}

18
scripts/starts/check_core.sh Normal file
View File

@@ -0,0 +1,18 @@
. "$CRASHDIR"/libs/check_target.sh
. "$CRASHDIR"/libs/core_tools.sh
. "$CRASHDIR"/configs/command.env
check_core() { #检查及下载内核文件
[ -n "$(find --help 2>&1 | grep -o size)" ] && find_para=' -size +2000' #find命令兼容
[ -z "$(find "$TMPDIR"/CrashCore $find_para 2>/dev/null)" ] && core_find
[ -z "$(find "$TMPDIR"/CrashCore 2>/dev/null)" ] && {
logger "未找到【$crashcore】核心,正在下载!" 33
[ -z "$cpucore" ] && . "$CRASHDIR"/libs/check_cpucore.sh && check_cpucore
[ -z "$cpucore" ] && logger 找不到设备的CPU信息请手动指定处理器架构类型 31 && exit 1
core_webget || logger "核心下载失败,请重新运行或更换安装源!" 31
}
[ ! -x "$TMPDIR"/CrashCore ] && chmod +x "$TMPDIR"/CrashCore 2>/dev/null #自动授权
[ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
return 0
}

16
scripts/starts/check_geo.sh Normal file
View File

@@ -0,0 +1,16 @@
check_geo() { #查找及下载Geo数据文件
[ ! -d "$BINDIR"/ruleset ] && mkdir -p "$BINDIR"/ruleset
find --help 2>&1 | grep -q size && find_para=' -size +20' #find命令兼容
[ -z "$(find "$BINDIR"/"$1" "$find_para" 2>/dev/null)" ] && {
if [ -n "$(find "$CRASHDIR"/"$1" "$find_para" 2>/dev/null)" ]; then
mv "$CRASHDIR"/"$1" "$BINDIR"/"$1" #小闪存模式移动文件
else
logger "未找到${1}文件,正在下载!" 33
get_bin "$BINDIR"/"$1" bin/geodata/"$2"
[ "$?" = "1" ] && rm -rf "${BINDIR}"/"${1}" && logger "${1}文件下载失败,已退出!请前往更新界面尝试手动下载!" 31 && exit 1
geo_v="$(echo "$2" | awk -F "." '{print $1}')_v"
setconfig "$geo_v" "$(date +"%Y%m%d")"
fi
}
}

11
scripts/starts/check_network.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
# Copyright (C) Juewuy
network_check() { #检查是否联网
for text in 223.5.5.5 1.2.4.8 dns.alidns.com doh.pub; do
ping -c 3 $text >/dev/null 2>&1 && return 0
sleep 5
done
logger "当前设备无法连接网络,已停止启动!" 33
exit 1
}

21
scripts/starts/clash_check.sh Normal file
View File

@@ -0,0 +1,21 @@
clash_check() { #clash启动前检查
#检测vless/hysteria协议
[ "$crashcore" != "meta" ] && [ -n "$(cat $core_config | grep -oE 'type: vless|type: hysteria')" ] && core_exchange meta 'vless/hy协议'
#检测是否存在高级版规则或者tun模式
if [ "$crashcore" = "clash" ]; then
[ -n "$(cat $core_config | grep -aiE '^script:|proxy-providers|rule-providers|rule-set')" ] ||
[ "$redir_mod" = "混合模式" ] ||
[ "$redir_mod" = "Tun模式" ] && core_exchange meta '当前内核不支持的配置'
fi
[ "$crashcore" = "clash" ] && [ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '0:7890' /etc/passwd)" ] &&
core_exchange meta '当前内核不支持非root用户启用本机代理'
check_core
#预下载GeoIP数据库并排除存在自定义数据库链接的情况
[ -n "$(grep -oEi 'geoip:' "$CRASHDIR"/yamls/*.yaml)" ] && [ -z "$(grep -oEi 'geoip:|mmdb:' "$CRASHDIR"/yamls/*.yaml)" ] && check_geo Country.mmdb cn_mini.mmdb
#预下载GeoSite数据库并排除存在自定义数据库链接的情况
[ -n "$(grep -oEi 'geosite:' "$CRASHDIR"/yamls/*.yaml)" ] && [ -z "$(grep -oEi 'geosite:' "$CRASHDIR"/yamls/*.yaml)" ] && check_geo GeoSite.dat geosite.dat
#预下载cn.mrs数据库
[ -n "$(cat "$CRASHDIR"/yamls/*.yaml | grep -oEi 'rule_set.*cn')" ] || [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && check_geo ruleset/cn.mrs mrs_geosite_cn.mrs
return 0
}

41
scripts/starts/clash_config_check.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/sh
# Copyright (C) Juewuy
check_config() { #检查clash配置文件
#检测节点或providers
sed -n "/^proxies:/,/^[a-z]/ { /^[a-z]/d; p; }" "$core_config_new" >"$TMPDIR"/proxies.yaml
if ! grep -Eq 'server:|server":|server'\'':' "$TMPDIR"/proxies.yaml && ! grep -q 'proxy-providers:' "$core_config_new"; then
echo "-----------------------------------------------"
logger "获取到了配置文件【$core_config_new】,但似乎并不包含正确的节点信息!" 31
cat "$TMPDIR"/proxies.yaml
sleep 1
echo "-----------------------------------------------"
echo "请尝试使用6-2或者6-3的方式生成配置文件"
exit 1
fi
rm -rf "$TMPDIR"/proxies.yaml
#检测旧格式
if cat "$core_config_new" | grep 'Proxy Group:' >/dev/null; then
echo "-----------------------------------------------"
logger "已经停止对旧格式配置文件的支持!!!" 31
echo -e "请使用新格式或者使用【在线生成配置文件】功能!"
echo "-----------------------------------------------"
exit 1
fi
#检测不支持的加密协议
if cat "$core_config_new" | grep 'cipher: chacha20,' >/dev/null; then
echo "-----------------------------------------------"
logger "已停止支持chacha20加密请更换更安全的节点加密协议" 31
echo "-----------------------------------------------"
exit 1
fi
#检测并去除无效策略组
[ -n "$url_type" ] && ckcmd xargs && {
cat "$core_config_new" | sed '/^rules:/,$d' | grep -A 15 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/- //g' | grep -E '#DIRECT $|#DIRECT$' | grep -Ev '全球直连|direct|Direct' | awk -F '#' '{print $1}' >"$TMPDIR"/clash_proxies
while read line; do
sed -i "/- $line/d" "$core_config_new"
sed -i "/- name: $line/,/- DIRECT/d" "$core_config_new"
done <"$TMPDIR"/clash_proxies
rm -rf "$TMPDIR"/clash_proxies
}
}

236
scripts/starts/clash_modify.sh Normal file
View File

@@ -0,0 +1,236 @@
#!/bin/sh
# Copyright (C) Juewuy
#默认dns
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5, 1.2.4.8'
[ -z "$dns_fallback" ] && dns_fallback="1.1.1.1, 8.8.8.8"
[ -z "$dns_resolver" ] && dns_resolver="223.5.5.5, 2400:3200::1"
#修饰clash配置文件
modify_yaml() {
##########需要变更的配置###########
[ "$ipv6_dns" != "未开启" ] && dns_v6='true' || dns_v6='false'
external="external-controller: 0.0.0.0:$db_port"
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false'
tun="tun: {enable: true, stack: system$tun_meta}"
else
tun='tun: {enable: false}'
fi
exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
#Meta内核专属配置
[ "$crashcore" = 'meta' ] && {
[ "$redir_mod" != "纯净模式" ] && [ -z "$(grep 'PROCESS' "$CRASHDIR"/yamls/*.yaml)" ] && find_process='find-process-mode: "off"'
}
#dns配置
[ -z "$(cat "$CRASHDIR"/yamls/user.yaml 2>/dev/null | grep '^dns:')" ] && {
[ "$crashcore" != meta ] && dns_resolver='223.5.5.5'
cat >"$TMPDIR"/dns.yaml <<EOF
dns:
enable: true
listen: :$dns_port
use-hosts: true
ipv6: $dns_v6
default-nameserver: [ $dns_resolver ]
enhanced-mode: fake-ip
fake-ip-range: 28.0.0.0/8
fake-ip-range6: fc00::/16
fake-ip-filter:
EOF
if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "fake-ip" ]; then
cat "$CRASHDIR"/configs/fake_ip_filter "$CRASHDIR"/configs/fake_ip_filter.list 2>/dev/null | grep -v '#' | sed "s/^/ - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml
else
echo " - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host
fi
#mix模式fakeip绕过cn
[ "$dns_mod" = "mix" ] && echo ' - "rule-set:cn"' >>"$TMPDIR"/dns.yaml
#mix模式和route模式插入分流设置
if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ]; then
[ "$dns_protect" != "OFF" ] && dns_final="$dns_fallback" || dns_final="$dns_nameserver"
cat >>"$TMPDIR"/dns.yaml <<EOF
respect-rules: true
nameserver-policy: {'rule-set:cn': [ $dns_nameserver ]}
proxy-server-nameserver : [ $dns_resolver ]
nameserver: [ $dns_final ]
EOF
else
cat >>"$TMPDIR"/dns.yaml <<EOF
nameserver: [ $dns_nameserver ]
EOF
fi
}
#域名嗅探配置
[ "$sniffer" = "已启用" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
[ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "已启用" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
#生成set.yaml
cat >"$TMPDIR"/set.yaml <<EOF
mixed-port: $mix_port
redir-port: $redir_port
tproxy-port: $tproxy_port
authentication: ["$authentication"]
allow-lan: true
mode: Rule
log-level: info
ipv6: true
external-controller: :$db_port
external-ui: ui
external-ui-url: "$external_ui_url"
secret: $secret
$tun
$exper
$sniffer_set
$find_process
routing-mark: $routing_mark
EOF
#读取本机hosts并生成配置文件
if [ "$hosts_opt" != "未启用" ] && [ -z "$(grep -aE '^hosts:' "$CRASHDIR"/yamls/user.yaml 2>/dev/null)" ]; then
#NTP劫持
cat >"$TMPDIR"/hosts.yaml <<EOF
use-system-hosts: true
hosts:
'time.android.com': 203.107.6.88
'time.facebook.com': 203.107.6.88
EOF
if [ "$crashcore" = "meta" ]; then
echo " 'services.googleapis.cn': services.googleapis.com" >>"$TMPDIR"/hosts.yaml
else
#加载本机hosts
sys_hosts=/etc/hosts
[ -f /data/etc/custom_hosts ] && sys_hosts=/data/etc/custom_hosts
while read line; do
[ -n "$(echo "$line" | grep -oE "([0-9]{1,3}[\.]){3}")" ] &&
[ -z "$(echo "$line" | grep -oE '^#')" ] &&
hosts_ip=$(echo $line | awk '{print $1}') &&
hosts_domain=$(echo $line | awk '{print $2}') &&
[ -z "$(cat "$TMPDIR"/hosts.yaml | grep -oE "$hosts_domain")" ] &&
echo " '$hosts_domain': $hosts_ip" >>"$TMPDIR"/hosts.yaml
done <$sys_hosts
fi
fi
#分割配置文件
yaml_char='proxies proxy-groups proxy-providers rules rule-providers sub-rules listeners'
for char in $yaml_char; do
sed -n "/^$char:/,/^[a-z]/ { /^[a-z]/d; p; }" $core_config >"$TMPDIR"/${char}.yaml
done
#跳过本地tls证书验证
[ "$skip_cert" != "未开启" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml
#插入自定义策略组
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
sed -i "/#自定义策略组/d" "$TMPDIR"/proxy-groups.yaml
[ -n "$(grep -Ev '^#' "$CRASHDIR"/yamls/proxy-groups.yaml 2>/dev/null)" ] && {
#获取空格数
space_name=$(grep -aE '^ *- \{?name: ' "$TMPDIR"/proxy-groups.yaml | head -n 1 | grep -oE '^ *')
space_proxy="$space_name "
#合并自定义策略组到proxy-groups.yaml
cat "$CRASHDIR"/yamls/proxy-groups.yaml | sed "/^#/d" | sed "s/#.*//g" | sed '1i\ #自定义策略组开始' | sed '$a\ #自定义策略组结束' | sed "s/^ */${space_name} /g" | sed "s/^ *- /${space_proxy}- /g" | sed "s/^ *- name: /${space_name}- name: /g" | sed "s/^ *- {name: /${space_name}- {name: /g" >"$TMPDIR"/proxy-groups_add.yaml
cat "$TMPDIR"/proxy-groups.yaml >>"$TMPDIR"/proxy-groups_add.yaml
mv -f "$TMPDIR"/proxy-groups_add.yaml "$TMPDIR"/proxy-groups.yaml
oldIFS="$IFS"
grep "\- name: " "$CRASHDIR"/yamls/proxy-groups.yaml | sed "/^#/d" | while read line; do #将自定义策略组插入现有的proxy-group
new_group=$(echo $line | grep -Eo '^ *- name:.*#' | cut -d'#' -f1 | sed 's/.*name: //g')
proxy_groups=$(echo $line | grep -Eo '#.*' | sed "s/#//")
IFS="#"
for name in $proxy_groups; do
line_a=$(grep -n "\- name: $name" "$TMPDIR"/proxy-groups.yaml | head -n 1 | awk -F: '{print $1}') #获取group行号
[ -n "$line_a" ] && {
line_b=$(grep -A 8 "\- name: $name" "$TMPDIR"/proxy-groups.yaml | grep -n "proxies:$" | head -n 1 | awk -F: '{print $1}') #获取proxies行号
line_c=$((line_a + line_b - 1)) #计算需要插入的行号
space=$(sed -n "$((line_c + 1))p" "$TMPDIR"/proxy-groups.yaml | grep -oE '^ *') #获取空格数
[ "$line_c" -gt 2 ] && sed -i "${line_c}a\\${space}- ${new_group} #自定义策略组" "$TMPDIR"/proxy-groups.yaml
}
done
IFS="$oldIFS"
done
}
#插入自定义代理
sed -i "/#自定义代理/d" "$TMPDIR"/proxies.yaml
sed -i "/#自定义代理/d" "$TMPDIR"/proxy-groups.yaml
[ -n "$(grep -Ev '^#' "$CRASHDIR"/yamls/proxies.yaml 2>/dev/null)" ] && {
space_proxy=$(cat "$TMPDIR"/proxies.yaml | grep -aE '^ *- ' | head -n 1 | grep -oE '^ *') #获取空格数
cat "$CRASHDIR"/yamls/proxies.yaml | sed "s/^ *- /${space_proxy}- /g" | sed "/^#/d" | sed "/^ *$/d" | sed 's/#.*/ #自定义代理/g' >>"$TMPDIR"/proxies.yaml #插入节点
oldIFS="$IFS"
cat "$CRASHDIR"/yamls/proxies.yaml | sed "/^#/d" | while read line; do #将节点插入proxy-group
proxy_name=$(echo $line | grep -Eo 'name: .+, ' | cut -d',' -f1 | sed 's/name: //g')
proxy_groups=$(echo $line | grep -Eo '#.*' | sed "s/#//")
IFS="#"
for name in $proxy_groups; do
line_a=$(grep -n "\- name: $name" "$TMPDIR"/proxy-groups.yaml | head -n 1 | awk -F: '{print $1}') #获取group行号
[ -n "$line_a" ] && {
line_b=$(grep -A 8 "\- name: $name" "$TMPDIR"/proxy-groups.yaml | grep -n "proxies:$" | head -n 1 | awk -F: '{print $1}') #获取proxies行号
line_c=$((line_a + line_b - 1)) #计算需要插入的行号
space=$(sed -n "$((line_c + 1))p" "$TMPDIR"/proxy-groups.yaml | grep -oE '^ *') #获取空格数
[ "$line_c" -gt 2 ] && sed -i "${line_c}a\\${space}- ${proxy_name} #自定义代理" "$TMPDIR"/proxy-groups.yaml
}
done
IFS="$oldIFS"
done
}
#添加自定义入站
[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/meta_listeners.sh
}
#节点绕过功能支持
sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
[ "$proxies_bypass" = "已启用" ] && {
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass
cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass
cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass
mv -f "$TMPDIR"/proxies_bypass "$TMPDIR"/rules.yaml
}
#插入自定义规则
sed -i "/#自定义规则/d" "$TMPDIR"/rules.yaml
[ -s "$CRASHDIR"/yamls/rules.yaml ] && {
cat "$CRASHDIR"/yamls/rules.yaml | sed "/^#/d" | sed '$a\' | sed 's/$/ #自定义规则/g' >"$TMPDIR"/rules.add
cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/rules.add
mv -f "$TMPDIR"/rules.add "$TMPDIR"/rules.yaml
}
#mix和route模式生成rule-providers
[ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -q 'cn:' "$TMPDIR"/rule-providers.yaml && ! grep -q '^rule-providers' "$CRASHDIR"/yamls/others.yaml 2>/dev/null && {
space=$(sed -n "1p" "$TMPDIR"/rule-providers.yaml | grep -oE '^ *') #获取空格数
[ -z "$space" ] && space=' '
echo "${space}cn: {type: http, behavior: domain, format: mrs, path: ./ruleset/cn.mrs, url: https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@update/bin/geodata/mrs_geosite_cn.mrs}" >>"$TMPDIR"/rule-providers.yaml
}
#对齐rules中的空格
sed -i 's/^ *-/ -/g' "$TMPDIR"/rules.yaml
#合并文件
[ -s "$CRASHDIR"/yamls/user.yaml ] && {
yaml_user="$CRASHDIR"/yamls/user.yaml
#set和user去重,且优先使用user.yaml
cp -f "$TMPDIR"/set.yaml "$TMPDIR"/set_bak.yaml
for char in mode allow-lan log-level tun experimental external-ui-url interface-name dns store-selected; do
[ -n "$(grep -E "^$char" $yaml_user)" ] && sed -i "/^$char/d" "$TMPDIR"/set.yaml
done
}
[ -s "$TMPDIR"/dns.yaml ] && yaml_dns="$TMPDIR"/dns.yaml
[ -s "$TMPDIR"/hosts.yaml ] && yaml_hosts="$TMPDIR"/hosts.yaml
[ -s "$CRASHDIR"/yamls/others.yaml ] && yaml_others="$CRASHDIR"/yamls/others.yaml
yaml_add=
for char in $yaml_char; do #将额外配置文件合并
[ -s "$TMPDIR"/${char}.yaml ] && {
sed -i "1i\\${char}:" "$TMPDIR"/${char}.yaml
yaml_add="$yaml_add $TMPDIR/${char}.yaml"
}
done
#合并完整配置文件
cut -c 1- "$TMPDIR"/set.yaml $yaml_dns $yaml_hosts $yaml_user $yaml_others $yaml_add >"$TMPDIR"/config.yaml
#测试自定义配置文件
"$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml >/dev/null
if [ "$?" != 0 ]; then
logger "$("$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml | grep -Eo 'error.*=.*')" 31
logger "自定义配置文件校验失败!将使用基础配置文件启动!" 33
logger "错误详情请参考 "$TMPDIR"/error.yaml 文件!" 33
mv -f "$TMPDIR"/config.yaml "$TMPDIR"/error.yaml >/dev/null 2>&1
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
mv -f "$TMPDIR"/set_bak.yaml "$TMPDIR"/set.yaml >/dev/null 2>&1
#合并基础配置文件
cut -c 1- "$TMPDIR"/set.yaml $yaml_dns $yaml_add >"$TMPDIR"/config.yaml
sed -i "/#自定义/d" "$TMPDIR"/config.yaml
fi
#建立软连接
[ ""$TMPDIR"" = ""$BINDIR"" ] || ln -sf "$TMPDIR"/config.yaml "$BINDIR"/config.yaml 2>/dev/null || cp -f "$TMPDIR"/config.yaml "$BINDIR"/config.yaml
#清理缓存
for char in $yaml_char set set_bak dns hosts; do
rm -f "$TMPDIR"/${char}.yaml
done
}

103
scripts/starts/core_config.sh Normal file
View File

@@ -0,0 +1,103 @@
#!/bin/sh
# Copyright (C) Juewuy
. "$CRASHDIR"/libs/urlencode.sh
. "$CRASHDIR"/libs/check_target.sh
. "$CRASHDIR"/libs/web_get_bin.sh
. "$CRASHDIR"/libs/compare.sh
. "$CRASHDIR"/libs/set_config.sh
update_servers() { #更新servers.list
get_bin "$TMPDIR"/servers.list public/servers.list
[ "$?" = 0 ] && mv -f "$TMPDIR"/servers.list "$CRASHDIR"/configs/servers.list
}
gen_ua(){ #自动生成ua
[ -z "$user_agent" -o "$user_agent" = "auto" ] && {
if echo "$crashcore" | grep -q 'singbox'; then
user_agent="sing-box/singbox/$core_v"
elif [ "$crashcore" = meta ]; then
user_agent="clash.meta/mihomo/$core_v"
else
user_agent="clash"
fi
}
[ "$user_agent" = "none" ] && unset user_agent
}
get_core_config() { #下载内核配置文件
[ -z "$rule_link" ] && rule_link=1
[ -z "$server_link" ] || [ $server_link -gt $(grep -aE '^4' "$CRASHDIR"/configs/servers.list | wc -l) ] && server_link=1
Server=$(grep -aE '^3|^4' "$CRASHDIR"/configs/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
Server_ua=$(grep -aE '^4' "$CRASHDIR"/configs/servers.list | sed -n ""$server_link"p" | awk '{print $4}')
Config=$(grep -aE '^5' "$CRASHDIR"/configs/servers.list | sed -n ""$rule_link"p" | awk '{print $3}')
gen_ua
#如果传来的是Url链接则合成Https链接否则直接使用Https链接
if [ -z "$Https" ]; then
#Urlencord转码处理保留字符
if ckcmd hexdump;then
Url=$(echo $Url | sed 's/%26/\&/g') #处理分隔符
urlencodeUrl="exclude=$(urlencode "$exclude")&include=$(urlencode "$include")&url=$(urlencode "$Url")&config=$(urlencode "$Config")"
else
urlencodeUrl="exclude=$exclude&include=$include&url=$Url&config=$Config"
fi
Https="${Server}/sub?target=${target}&${Server_ua}=${user_agent}&insert=true&new_name=true&scv=true&udp=true&${urlencodeUrl}"
url_type=true
fi
#输出
echo "-----------------------------------------------"
logger "正在连接服务器获取【$target】配置文件…………"
echo -e "链接地址为:\033[4;32m$Https\033[0m"
echo 可以手动复制该链接到浏览器打开并查看数据是否正常!
#获取在线config文件
core_config_new="$TMPDIR"/"$target"_config."$format"
rm -rf "$core_config_new"
webget "$core_config_new" "$Https" echoon rediron skipceron "$user_agent"
if [ "$?" != "0" ]; then
if [ -z "$url_type" ]; then
echo "-----------------------------------------------"
logger "配置文件获取失败!" 31
echo -e "\033[31m请尝试使用【在线生成配置文件】功能\033[0m"
echo "-----------------------------------------------"
exit 1
else
if [ -n "$retry" ] && [ "$retry" -ge 3 ]; then
logger "无法获取配置文件,请检查链接格式以及网络连接状态!" 31
echo -e "\033[32m也可用浏览器下载以上链接后使用WinSCP手动上传到/tmp目录后执行crash命令本地导入\033[0m"
exit 1
else
retry=$((retry + 1))
logger "配置文件获取失败!" 31
if [ "$retry" = 1 ]; then
echo -e "\033[32m尝试更新服务器列表并使用其他服务器获取配置\033[0m"
update_servers
else
echo -e "\033[32m尝试使用其他服务器获取配置\033[0m"
fi
echo -e "正在重试\033[33m第$retry次/共3次\033[0m"
if [ "$server_link" -ge 4 ]; then
server_link=0
fi
server_link=$((server_link + 1))
setconfig server_link $server_link
Https=""
get_core_config
fi
fi
else
Https=""
if echo "$crashcore" | grep -q 'singbox'; then
. "$CRASHDIR"/starts/singbox_config_check.sh
else
. "$CRASHDIR"/starts/clash_config_check.sh
fi
check_config
#如果不同则备份并替换文件
if [ -s "$core_config" ]; then
compare "$core_config_new" "$core_config"
[ "$?" = 0 ] || mv -f "$core_config" "$core_config".bak && mv -f "$core_config_new" "$core_config"
else
mv -f "$core_config_new" "$core_config"
fi
echo -e "\033[32m已成功获取配置文件\033[0m"
fi
return 0
}

11
scripts/starts/core_exchange.sh Normal file
View File

@@ -0,0 +1,11 @@
core_exchange() { #升级为高级内核
#$1目标内核 $2提示语句
logger "检测到${2}!将改为使用${1}核心启动!" 33
rm -rf "$TMPDIR"/CrashCore
rm -rf "$BINDIR"/CrashCore
rm -rf "$BINDIR"/CrashCore.tar.gz
crashcore="$1"
setconfig crashcore "$1"
echo "-----------------------------------------------"
}

27
scripts/starts/fw_getlanip.sh Normal file
View File

@@ -0,0 +1,27 @@
getlanip() { #获取局域网host地址
i=1
while [ "$i" -le "20" ]; do
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
[ "$ipv6_redir" = "已开启" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
[ -f "$TMPDIR"/ShellCrash.log ] && break
[ -n "$host_ipv4" -a "$ipv6_redir" != "已开启" ] && break
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
sleep 1 && i=$((i + 1))
done
#添加自定义ipv4局域网网段
if [ "$replace_default_host_ipv4" == "已启用" ]; then
host_ipv4="$cust_host_ipv4"
else
host_ipv4="$host_ipv4$cust_host_ipv4"
fi
#缺省配置
[ -z "$host_ipv4" ] && host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
host_ipv6="fe80::/10 fd00::/8 $host_ipv6"
#获取本机出口IP地址
local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
[ -z "$local_ipv4" ] && local_ipv4=$(ip route 2>&1 | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
#保留地址
[ -z "$reserve_ipv4" ] && reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
[ -z "$reserve_ipv6" ] && reserve_ipv6="::/128 ::1/128 ::ffff:0:0/96 64:ff9b::/96 100::/64 2001::/32 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8"
}

2
scripts/starts/fw_iptables.sh
View File

@@ -130,6 +130,8 @@ start_ipt_dns() { #iptables-dns通用工具
"$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
}
start_ipt_wan() { #iptables公网防火墙
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
ipt_wan_accept(){
$iptable -I INPUT -p "$1" -m multiport --dports "$fw_wan_ports" -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$fw_wan_ports" -j ACCEPT

83
scripts/starts/fw_start.sh
View File

@@ -1,42 +1,49 @@
#!/bin/sh
# Copyright (C) Juewuy
#路由规则总入口
start_firewall() {
getlanip #获取局域网host地址
#设置策略路由
[ "$firewall_area" != 4 ] && {
[ "$redir_mod" = "Tproxy模式" ] && ip route add local default dev lo table $table 2>/dev/null
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
i=1
while [ -z "$(ip route list | grep utun)" -a "$i" -le 29 ]; do
sleep 1
i=$((i + 1))
done
if [ -z "$(ip route list | grep utun)" ]; then
logger "找不到tun模块放弃启动tun相关防火墙规则" 31
else
ip route add default dev utun table $table && tun_statu=true
fi
}
[ "$firewall_area" = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null
[ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
}
#添加ipv6路由
[ "$ipv6_redir" = "已开启" -a "$firewall_area" -le 3 ] && {
[ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
[ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null
}
#判断代理用途
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && local_proxy=true
[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 ] && lan_proxy=true
#防火墙配置
[ "$firewall_mod" = 'iptables' ] && . "$CRASHDIR"/starts/fw_iptables.sh && start_iptables
[ "$firewall_mod" = 'nftables' ] && . "$CRASHDIR"/starts/fw_nftables.sh && start_nftables
#修复部分虚拟机dns查询失败的问题
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '127.0.0.1' /etc/resolv.conf 2>/dev/null)" ] && [ "$systype" != 'container' ] && {
line=$(grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}')
sed -i "$line i\nameserver 127.0.0.1 #shellcrash-dns-repair" /etc/resolv.conf >/dev/null 2>&1
}
#获取局域网host地址
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
#缺省值
[ -z "$macfilter_type" ] && macfilter_type='黑名单'
[ -z "$common_ports" ] && common_ports='已开启'
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$dns_mod" ] && dns_mod='redir_host'
[ -z "$redir_mod" ] && firewall_area='4'
#设置策略路由
[ "$firewall_area" != 4 ] && {
[ "$redir_mod" = "Tproxy模式" ] && ip route add local default dev lo table $table 2>/dev/null
[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
i=1
while [ -z "$(ip route list | grep utun)" -a "$i" -le 29 ]; do
sleep 1
i=$((i + 1))
done
if [ -z "$(ip route list | grep utun)" ]; then
logger "找不到tun模块放弃启动tun相关防火墙规则" 31
else
ip route add default dev utun table $table && tun_statu=true
fi
}
[ "$firewall_area" = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null
[ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
}
#添加ipv6路由
[ "$ipv6_redir" = "已开启" -a "$firewall_area" -le 3 ] && {
[ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
[ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null
}
#判断代理用途
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && local_proxy=true
[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 ] && lan_proxy=true
#防火墙配置
[ "$firewall_mod" = 'iptables' ] && . "$CRASHDIR"/starts/fw_iptables.sh && start_iptables
[ "$firewall_mod" = 'nftables' ] && . "$CRASHDIR"/starts/fw_nftables.sh && start_nftables
#修复部分虚拟机dns查询失败的问题
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '127.0.0.1' /etc/resolv.conf 2>/dev/null)" ] && [ "$systype" != 'container' ] && {
line=$(grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}')
sed -i "$line i\nameserver 127.0.0.1 #shellcrash-dns-repair" /etc/resolv.conf >/dev/null 2>&1
}

258
scripts/starts/fw_stop.sh
View File

@@ -1,130 +1,136 @@
#!/bin/sh
# Copyright (C) Juewuy
#还原防火墙配置
stop_firewall() {
#获取局域网host地址
getlanip
#重置iptables相关规则
ckcmd iptables && {
#dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
#redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_out 2>/dev/null
#vm_dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
#vm_redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_vm 2>/dev/null
#TPROXY&tun
$iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
#公网访问
$iptable -D INPUT -i lo -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for words in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
$iptable -t nat -F $words 2>/dev/null
$iptable -t nat -X $words 2>/dev/null
done
for words in shellcrash_mark shellcrash_mark_out; do
$iptable -t mangle -F $words 2>/dev/null
$iptable -t mangle -X $words 2>/dev/null
done
}
#重置ipv6规则
ckcmd ip6tables && {
#dns
$ip6table -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
#redir
$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
#mark
$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问
$ip6table -D INPUT -i lo -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for words in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
$ip6table -t nat -F $words 2>/dev/null
$ip6table -t nat -X $words 2>/dev/null
done
for words in shellcrashv6_mark shellcrashv6_mark_out; do
$ip6table -t mangle -F $words 2>/dev/null
$ip6table -t mangle -X $words 2>/dev/null
done
$ip6table -t mangle -F shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -X shellcrashv6_mark 2>/dev/null
}
#清理ipset规则
ipset destroy cn_ip >/dev/null 2>&1
ipset destroy cn_ip6 >/dev/null 2>&1
#移除dnsmasq转发规则
[ "$dns_redir" = "已开启" ] && {
uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
uci set dhcp.@dnsmasq[0].noresolv=0 2>/dev/null
uci commit dhcp >/dev/null 2>&1
/etc/init.d/dnsmasq restart >/dev/null 2>&1
}
#清理路由规则
ip rule del fwmark $fwmark table $table 2>/dev/null
ip route flush table $table 2>/dev/null
ip -6 rule del fwmark $fwmark table $((table + 1)) 2>/dev/null
ip -6 route flush table $((table + 1)) 2>/dev/null
#重置nftables相关规则
ckcmd nft && {
nft flush table inet shellcrash >/dev/null 2>&1
nft delete table inet shellcrash >/dev/null 2>&1
}
#还原防火墙文件
[ -s /etc/init.d/firewall.bak ] && mv -f /etc/init.d/firewall.bak /etc/init.d/firewall
#others
[ "$systype" != 'container' ] && sed -i '/shellcrash-dns-repair/d' /etc/resolv.conf >/dev/null 2>&1
. "$CRASHDIR"/configs/ShellCrash.cfg
. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址
#缺省值
[ -z "$common_ports" ] && common_ports='已开启'
[ -z "$multiport" ] && multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
#重置iptables相关规则
ckcmd iptables && {
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
#dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
#redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_out 2>/dev/null
#vm_dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
#vm_redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_vm 2>/dev/null
#TPROXY&tun
$iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
#公网访问
$iptable -D INPUT -i lo -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
$iptable -t nat -F "$text" 2>/dev/null
$iptable -t nat -X "$text" 2>/dev/null
done
for text in shellcrash_mark shellcrash_mark_out; do
$iptable -t mangle -F "$text" 2>/dev/null
$iptable -t mangle -X "$text" 2>/dev/null
done
}
#重置ipv6规则
ckcmd ip6tables && {
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
#dns
$ip6table -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
#redir
$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
#mark
$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "未开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问
$ip6table -D INPUT -i lo -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$fw_wan_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
$ip6table -t nat -F "$text" 2>/dev/null
$ip6table -t nat -X "$text" 2>/dev/null
done
for text in shellcrashv6_mark shellcrashv6_mark_out; do
$ip6table -t mangle -F "$text" 2>/dev/null
$ip6table -t mangle -X "$text" 2>/dev/null
done
$ip6table -t mangle -F shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -X shellcrashv6_mark 2>/dev/null
}
#清理ipset规则
ipset destroy cn_ip >/dev/null 2>&1
ipset destroy cn_ip6 >/dev/null 2>&1
#移除dnsmasq转发规则
[ "$dns_redir" = "已开启" ] && {
uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
uci set dhcp.@dnsmasq[0].noresolv=0 2>/dev/null
uci commit dhcp >/dev/null 2>&1
/etc/init.d/dnsmasq restart >/dev/null 2>&1
}
#清理路由规则
ip rule del fwmark $fwmark table $table 2>/dev/null
ip route flush table $table 2>/dev/null
ip -6 rule del fwmark $fwmark table $((table + 1)) 2>/dev/null
ip -6 route flush table $((table + 1)) 2>/dev/null
#重置nftables相关规则
ckcmd nft && {
nft flush table inet shellcrash >/dev/null 2>&1
nft delete table inet shellcrash >/dev/null 2>&1
}
#还原防火墙文件
[ -s /etc/init.d/firewall.bak ] && mv -f /etc/init.d/firewall.bak /etc/init.d/firewall
#others
[ "$systype" != 'container' ] && sed -i '/shellcrash-dns-repair/d' /etc/resolv.conf >/dev/null 2>&1

34
scripts/starts/general_init.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
# Copyright (C) Juewuy
#初始化目录
CRASHDIR=$(
cd $(dirname $0)
cd ..
pwd
)
profile=/etc/profile
. "$CRASHDIR"/libs/set_profile.sh
. "$CRASHDIR"/libs/set_cron.sh
. "$CRASHDIR"/configs/ShellCrash.cfg
#padavan和华硕环境变量目录设置
if [ -d "/etc/storage/clash" -o -d "/etc/storage/ShellCrash" ]; then
i=1
while [ ! -w /etc/profile -a "$i" -lt 10 ]; do
sleep 3 && i=$((i + 1))
done
[ -w "$profile" ] || profile=/etc_ro/profile
mount -t tmpfs -o remount,rw,size=45M tmpfs /tmp #增加/tmp空间以适配新的内核压缩方式
sed -i '' "$profile" #将软链接转化为一般文件
elif [ -d "/jffs" ]; then
sleep 60
[ -w "$profile" ] || profile=$(cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}')
fi
#写入环境变量
set_profile "$profile"
#启动进程或删除守护进程
if [ -f "$CRASHDIR"/.dis_startup ];then
cronset "保守模式守护进程"
else
"$CRASHDIR"/start.sh start
fi

73
scripts/starts/shellcrash.openrc
View File

@@ -1,73 +0,0 @@
#!/sbin/openrc-run
# 服务名
name="shellcrash"
description="Custom proxy service for ShellCrash"
#获取目录
CRASHDIR=$(cat /etc/profile | grep CRASHDIR | awk -F "\"" '{print $2}')
[ -z "$CRASHDIR" ] && CRASHDIR=$(cat ~/.bashrc | grep CRASHDIR | awk -F "\"" '{print $2}')
source ${CRASHDIR}/configs/command.env #加载启动命令和启动目录
# PID 文件
pidfile="/run/shellcrash.pid"
depend() {
#need net
after firewall
}
start() {
ebegin "Starting ShellCrash service"
# 如果 firewal_area=5 则运行主旁转发脚本
if grep -q 'firewall_area=5' "$CRASHDIR/configs/ShellCrash.cfg" 2>/dev/null; then
"$CRASHDIR/start.sh" start_firewall
eend $? "Firewall start failed"
return
fi
# 确定运行用户shellcrash 或 root
if grep -q 'shellcrash:x:0:7890' /etc/passwd; then
runuser="shellcrash"
else
runuser="root"
fi
# 必要文件检测
"$CRASHDIR/start.sh" bfstart
if [ "$?" != "0" ]; then
eend 1 "bfstart check failed"
return
fi
# 启动主程序(自动守护 + 自动重启)
supervise-daemon "${name}" \
--pidfile "${pidfile}" \
--user "${runuser}" \
--respawn-max 0 \
--respawn-delay 3 \
--start ${COMMAND%% *} -- ${COMMAND#* }
ret=$?
eend $ret
[ $ret -ne 0 ] && return
# 启动后操作
"$CRASHDIR/start.sh" afstart &
}
stop() {
ebegin "Stopping ShellCrash service"
# 停止后台进程
start-stop-daemon --stop \
--pidfile "${pidfile}" \
--retry 5
rm -f "${pidfile}"
# 清理 firewall、proxy
"$CRASHDIR/start.sh" stop_firewall
eend $?
}

38
scripts/starts/shellcrash.procd
View File

@@ -1,38 +0,0 @@
#!/bin/sh /etc/rc.common
START=99
SERVICE_DAEMONIZE=1
SERVICE_WRITE_PID=1
USE_PROCD=1
#获取目录
CRASHDIR=$(cat /etc/profile | grep CRASHDIR | awk -F "\"" '{print $2}')
[ -z "$CRASHDIR" ] && CRASHDIR=$(cat ~/.bashrc | grep CRASHDIR | awk -F "\"" '{print $2}')
source ${CRASHDIR}/configs/command.env #加载启动命令和启动目录
start_service() {
if [ -n "$(cat $CRASHDIR/configs/ShellCrash.cfg | grep 'firewall_area=5')" ]; then
$CRASHDIR/start.sh start_firewall #主旁转发
else
#本机代理用户
[ -n "$(grep 'shellcrash:x:0:7890' /etc/passwd)" ] && USER=shellcrash || USER=root
#检测必须文件
$CRASHDIR/start.sh bfstart
if [ "$?" = "0" ]; then
#使用procd创建clash后台进程
procd_open_instance
procd_set_param user $USER
procd_set_param respawn
procd_set_param command $COMMAND
procd_set_param stderr 0
procd_set_param stdout 0
procd_close_instance
#启动结束执行
$CRASHDIR/start.sh afstart &
fi
fi
}
stop_service() {
procd_close_instance
$CRASHDIR/start.sh stop_firewall
}

20
scripts/starts/shellcrash.service
View File

@@ -1,20 +0,0 @@
[Unit]
Description=ShellCrash Core
After=network.target
[Service]
Type=simple
User=shellcrash
User=shellcrash
StandardOutput=null
ExecStartPre=/etc/ShellCrash/start.sh bfstart
ExecStart=/etc/ShellCrash/CrashCore run -D /etc/ShellCrash -C /tmp/ShellCrash/jsons >/dev/null
ExecStartPost=/etc/ShellCrash/start.sh afstart
ExecStopPost=/etc/ShellCrash/start.sh stop_firewall
Restart=on-abnormal
RestartSec=10s
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target

13
scripts/starts/singbox_check.sh Normal file
View File

@@ -0,0 +1,13 @@
singbox_check() { #singbox启动前检查
#检测singboxr专属功能
[ "$crashcore" != "singboxr" ] && [ -n "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"shadowsocksr"|"providers"')" ] && {
. "$CRASHDIR"/starts/core_exchange.sh && core_exchange singboxr 'singboxr内核专属功能'
}
check_core
#预下载geoip-cn.srs数据库
[ -n "$(cat "$CRASHDIR"/jsons/*.json | grep -oEi '"rule_set" *: *"geoip-cn"')" ] && check_geo ruleset/geoip-cn.srs srs_geoip_cn.srs
#预下载cn.srs数据库
[ -n "$(cat "$CRASHDIR"/jsons/*.json | grep -oEi '"rule_set" *: *"cn"')" ] || [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && check_geo ruleset/cn.srs srs_geosite_cn.srs
return 0
}

37
scripts/starts/singbox_config_check.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
# Copyright (C) Juewuy
check_config() { #检查singbox配置文件
#检测节点或providers
if ! grep -qE '"(socks|http|shadowsocks(r)?|vmess|trojan|wireguard|hysteria(2)?|vless|shadowtls|tuic|ssh|tor|providers|anytls|soduku)"' "$core_config_new"; then
echo "-----------------------------------------------"
logger "获取到了配置文件【$core_config_new】,但似乎并不包含正确的节点信息!" 31
echo "请尝试使用6-2或者6-3的方式生成配置文件"
exit 1
fi
#删除不兼容的旧版内容
[ "$(wc -l <"$core_config_new")" -lt 3 ] && {
sed -i 's/^.*"inbounds":/{"inbounds":/' "$core_config_new"
sed -i 's/{[^{}]*"dns-out"[^{}]*}//g' "$core_config_new"
}
#检查不支持的旧版内容
grep -q '"sni"' "$core_config_new" && {
logger "获取到了不支持的旧版(<1.12)配置文件【$core_config_new】!" 31
echo "请尝试使用支持1.12以上版本内核的方式生成配置文件!"
exit 1
}
#检测并去除无效策略组
[ -n "$url_type" ] && {
#获得无效策略组名称
grep -oE '\{"type":"urltest","tag":"[^"]*","outbounds":\["DIRECT"\]' "$core_config_new" | sed -n 's/.*"tag":"\([^"]*\)".*/\1/p' >"$TMPDIR"/singbox_tags
#删除策略组
sed -i 's/{"type":"urltest","tag":"[^"]*","outbounds":\["DIRECT"\]}//g; s/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\],"url":"[^"]*","interval":"[^"]*","tolerance":[^}]*}//g' "$core_config_new"
#删除全部包含策略组名称的规则
while read line; do
sed -i "s/\"$line\"//g" "$core_config_new"
done <"$TMPDIR"/singbox_tags
rm -rf "$TMPDIR"/singbox_tags
}
#清理多余逗号
sed -i 's/,\+/,/g; s/\[,/\[/g; s/,]/]/g' "$core_config_new"
}

387
scripts/starts/singbox_modify.sh Normal file
View File

@@ -0,0 +1,387 @@
#!/bin/sh
# Copyright (C) Juewuy
#默认dns
[ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5'
[ -z "$dns_fallback" ] && dns_fallback="1.1.1.1"
[ -z "$dns_resolver" ] && dns_resolver="223.5.5.5"
#修饰singbox配置文件
parse_singbox_dns() { #dns转换
first_dns=$(echo "$1" | cut -d',' -f1 | cut -d' ' -f1)
type=""
server=""
port=""
case "$first_dns" in
*://*)
type="${first_dns%%://*}"
tmp="${first_dns#*://}"
;;
*)
type="udp"
tmp="$first_dns"
;;
esac
case "$tmp" in
\[*\]*)
server="${tmp%%]*}"
server="${server#[}"
port="${tmp#*\]}"
port="${port#:}"
;;
*)
server="${tmp%%[:/]*}"
port="${tmp#*:}"
[ "$port" = "$tmp" ] && port=""
;;
esac
if [ -z "$port" ]; then
case "$type" in
udp|tcp) port=53 ;;
doh|https) port=443 ;;
dot|tls) port=853 ;;
*) port=53 ;;
esac
fi
# 输出
echo '"type": "'"$type"'", "server": "'"$server"'", "server_port": '"$port"','
}
modify_json() {
#提取配置文件以获得outbounds.json,providers.json及route.json
"$TMPDIR"/CrashCore format -c $core_config >"$TMPDIR"/format.json
echo '{' >"$TMPDIR"/jsons/outbounds.json
echo '{' >"$TMPDIR"/jsons/route.json
cat "$TMPDIR"/format.json | sed -n '/"outbounds":/,/^ "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/outbounds.json
[ "$crashcore" = "singboxr" ] && {
echo '{' >"$TMPDIR"/jsons/providers.json
cat "$TMPDIR"/format.json | sed -n '/^ "providers":/,/^ "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/providers.json
}
cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\( "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
#生成endpoints.json
[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/sb_endpoints.sh
}
#生成log.json
cat >"$TMPDIR"/jsons/log.json <<EOF
{ "log": { "level": "info", "timestamp": true } }
EOF
#生成add_hosts.json
if [ "$hosts_opt" != "未启用" ]; then #本机hosts
sys_hosts=/etc/hosts
[ -s /data/etc/custom_hosts ] && sys_hosts=/data/etc/custom_hosts
#NTP劫持
cat >"$TMPDIR"/jsons/add_hosts.json <<EOF
{
"dns": {
"servers": [
{
"type": "hosts",
"tag": "hosts",
"path": [
"$sys_hosts",
"$HOME/.hosts"
],
"predefined": {
"localhost": [
"127.0.0.1",
"::1"
],
"time.android.com": "203.107.6.88",
"time.facebook.com": "203.107.6.88"
}
}
],
"rules": [
{
"ip_accept_any": true,
"server": "hosts"
}
]}
}
EOF
fi
#生成dns.json
[ "$ipv6_dns" != "未开启" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
#获取detour出口
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "selector"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour='"DIRECT"'
#根据dns模式生成
[ "$dns_mod" = "redir_host" ] && {
global_dns=dns_proxy
direct_dns='{ "inbound": [ "dns-in" ], "server": "dns_direct" }'
}
[ "$dns_mod" = "fake-ip" ] || [ "$dns_mod" = "mix" ] && {
global_dns=dns_fakeip
fake_ip_filter_domain=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
fake_ip_filter_suffix=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
fake_ip_filter_regex=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/\./\\\\./g' | sed 's/\*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
[ -n "$fake_ip_filter_domain" ] && fake_ip_filter_domain="{ \"domain\": [$fake_ip_filter_domain], \"server\": \"dns_direct\" },"
[ -n "$fake_ip_filter_suffix" ] && fake_ip_filter_suffix="{ \"domain_suffix\": [$fake_ip_filter_suffix], \"server\": \"dns_direct\" },"
[ -n "$fake_ip_filter_regex" ] && fake_ip_filter_regex="{ \"domain_regex\": [$fake_ip_filter_regex], \"server\": \"dns_direct\" },"
proxy_dns='{ "query_type": ["A", "AAAA"], "server": "dns_fakeip", "strategy": "'"$strategy"'", "rewrite_ttl": 1 }'
#mix模式插入fakeip过滤规则
[ "$dns_mod" = "mix" ] && direct_dns='{ "rule_set": ["cn"], "server": "dns_direct" },'
}
[ "$dns_mod" = "route" ] && {
global_dns=dns_proxy
direct_dns='{ "rule_set": ["cn"], "server": "dns_direct" }'
}
#防泄露设置
[ "$dns_protect" = "OFF" ] && sed -i 's/"server": "dns_proxy"/"server": "dns_direct"/g' "$TMPDIR"/jsons/route.json
#生成add_rule_set.json
[ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] &&
[ -z "$(cat "$CRASHDIR"/jsons/*.json | grep -Ei '"tag" *: *"cn"')" ] &&
cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
{
"route": {
"rule_set": [
{
"tag": "cn",
"type": "local",
"path": "./ruleset/cn.srs"
}
]
}
}
EOF
cat >"$TMPDIR"/jsons/dns.json <<EOF
{
"dns": {
"servers": [
{
"tag": "dns_proxy",
$(parse_singbox_dns "$dns_fallback")
"routing_mark": $routing_mark,
"detour": $auto_detour,
"domain_resolver": "dns_resolver"
},
{
"tag": "dns_direct",
$(parse_singbox_dns "$dns_nameserver")
"routing_mark": $routing_mark,
"domain_resolver": "dns_resolver"
},
{
"tag": "dns_fakeip",
"type": "fakeip",
"inet4_range": "28.0.0.0/8",
"inet6_range": "fc00::/16"
},
{
"tag": "dns_resolver",
$(parse_singbox_dns "$dns_resolver")
"routing_mark": $routing_mark
}
],
"rules": [
{ "clash_mode": "Direct", "server": "dns_direct", "strategy": "$strategy" },
{ "domain_suffix": ["services.googleapis.cn"], "server": "dns_fakeip", "strategy": "$strategy", "rewrite_ttl": 1 },
$fake_ip_filter_domain
$fake_ip_filter_suffix
$fake_ip_filter_regex
{ "clash_mode": "Global", "query_type": ["A", "AAAA"], "server": "$global_dns", "strategy": "$strategy", "rewrite_ttl": 1 },
$direct_dns
$proxy_dns
],
"final": "dns_proxy",
"strategy": "$strategy",
"independent_cache": true,
"reverse_mapping": true
}
}
EOF
#生成add_route.json
#域名嗅探配置
[ "$sniffer" = "已启用" ] && sniffer_set='{ "inbound": [ "redirect-in", "tproxy-in", "tun-in" ], "action": "sniff", "timeout": "500ms" },'
[ "advertise_exit_node" = true ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },'
cat >"$TMPDIR"/jsons/add_route.json <<EOF
{
"route": {
"default_domain_resolver": "dns_resolver",
"default_mark": $routing_mark,
"rules": [
{ "inbound": [ "dns-in" ], "action": "hijack-dns" },
$tailscale_set
$sniffer_set
{ "clash_mode": "Direct" , "outbound": "DIRECT" },
{ "clash_mode": "Global" , "outbound": "GLOBAL" }
]
}
}
EOF
#生成certificate.json
cat >"$TMPDIR"/jsons/certificate.json <<EOF
{
"certificate": {
"store": "mozilla"
}
}
EOF
#生成inbounds.json
[ -n "$authentication" ] && {
username=$(echo $authentication | awk -F ':' '{print $1}') #混合端口账号密码
password=$(echo $authentication | awk -F ':' '{print $2}')
userpass='"users": [{ "username": "'$username'", "password": "'$password'" }], '
}
cat >"$TMPDIR"/jsons/inbounds.json <<EOF
{
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
$userpass
"listen_port": $mix_port
},
{
"type": "direct",
"tag": "dns-in",
"listen": "::",
"listen_port": $dns_port
},
{
"type": "redirect",
"tag": "redirect-in",
"listen": "::",
"listen_port": $redir_port
},
{
"type": "tproxy",
"tag": "tproxy-in",
"listen": "::",
"listen_port": $tproxy_port
}
]
}
EOF
#inbounds.json添加自定义入站
[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/sb_inbounds.sh
}
if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
[ "ipv6_redir" = '已开启' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
cat >>"$TMPDIR"/jsons/tun.json <<EOF
{
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "utun",
"address": [
$ipv6_address
"28.0.0.1/30"
],
"auto_route": false,
"stack": "system"
}
]
}
EOF
fi
#生成add_outbounds.json
grep -qE '"tag": "DIRECT"' "$TMPDIR"/jsons/outbounds.json || add_direct='{ "tag": "DIRECT", "type": "direct" }'
grep -qE '"tag": "REJECT"' "$TMPDIR"/jsons/outbounds.json || add_reject='{ "tag": "REJECT", "type": "block" }'
grep -qE '"tag": "GLOBAL"' "$TMPDIR"/jsons/outbounds.json || {
auto_proxies=$(grep -E '"type": "(selector|urltest)"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | sed 's/^[[:space:]]*"tag": //;$ s/,$//')
[ -n "$auto_proxies" ] && add_global='{ "tag": "GLOBAL", "type": "selector", "outbounds": ['"$auto_proxies"', "DIRECT"]}'
}
[ -n "$add_direct" -a -n "$add_reject" ] && add_direct="${add_direct},"
[ -n "$add_reject" -a -n "$add_global" ] && add_reject="${add_reject},"
[ -n "$add_direct$add_reject$add_global" ] && cat >"$TMPDIR"/jsons/add_outbounds.json <<EOF
{
"outbounds": [
$add_direct
$add_reject
$add_global
]
}
EOF
#生成experimental.json
cat >"$TMPDIR"/jsons/experimental.json <<EOF
{
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:$db_port",
"external_ui": "ui",
"external_ui_download_url": "$external_ui_url",
"secret": "$secret",
"default_mode": "Rule"
}
}
}
EOF
#生成自定义规则文件
[ -n "$(grep -Ev ^# "$CRASHDIR"/yamls/rules.yaml 2>/dev/null)" ] && {
cat "$CRASHDIR"/yamls/rules.yaml |
sed '/#.*/d' |
sed 's/,no-resolve//g' |
grep -oE '\-.*,.*,.*' |
sed 's/- DOMAIN-SUFFIX,/{ "domain_suffix": [ "/g' |
sed 's/- DOMAIN-KEYWORD,/{ "domain_keyword": [ "/g' |
sed 's/- IP-CIDR,/{ "ip_cidr": [ "/g' |
sed 's/- SRC-IP-CIDR,/{ "._ip_cidr": [ "/g' |
sed 's/- DST-PORT,/{ "port": [ "/g' |
sed 's/- SRC-PORT,/{ "._port": [ "/g' |
sed 's/- GEOIP,/{ "geoip": [ "/g' |
sed 's/- GEOSITE,/{ "geosite": [ "/g' |
sed 's/- IP-CIDR6,/{ "ip_cidr": [ "/g' |
sed 's/- DOMAIN,/{ "domain": [ "/g' |
sed 's/- PROCESS-NAME,/{ "process_name": [ "/g' |
sed 's/,/" ], "outbound": "/g' |
sed 's/$/" },/g' |
sed '1i\{ "route": { "rules": [ ' |
sed '$s/,$/ ] } }/' >"$TMPDIR"/jsons/cust_add_rules.json
[ ! -s "$TMPDIR"/jsons/cust_add_rules.json ] && rm -rf "$TMPDIR"/jsons/cust_add_rules.json
}
#清理route.json中的process_name规则以及"auto_detect_interface"
sed -i '/"process_name": \[/,/],$/d' "$TMPDIR"/jsons/route.json
sed -i '/"process_name": "[^"]*",/d' "$TMPDIR"/jsons/route.json
sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' "$TMPDIR"/jsons/route.json
#跳过本地tls证书验证
if [ "$skip_cert" != "未开启" ]; then
sed -i 's/"insecure": false/"insecure": true/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
else
sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
fi
#判断可用并修饰outbounds&providers&route.json结尾
for file in outbounds providers route; do
if [ -n "$(grep ${file} "$TMPDIR"/jsons/${file}.json 2>/dev/null)" ]; then
sed -i 's/^ },$/ }/; s/^ ],$/ ]/' "$TMPDIR"/jsons/${file}.json
echo '}' >>"$TMPDIR"/jsons/${file}.json
else
rm -rf "$TMPDIR"/jsons/${file}.json
fi
done
#加载自定义配置文件
mkdir -p "$TMPDIR"/jsons_base
#以下为覆盖脚本的自定义文件
for char in log dns ntp certificate experimental; do
[ -s "$CRASHDIR"/jsons/${char}.json ] && {
ln -sf "$CRASHDIR"/jsons/${char}.json "$TMPDIR"/jsons/cust_${char}.json
mv -f "$TMPDIR"/jsons/${char}.json "$TMPDIR"/jsons_base #如果重复则临时备份
}
done
#以下为增量添加的自定义文件
for char in others endpoints inbounds outbounds providers route services; do
[ -s "$CRASHDIR"/jsons/${char}.json ] && {
ln -sf "$CRASHDIR"/jsons/${char}.json "$TMPDIR"/jsons/cust_${char}.json
}
done
#测试自定义配置文件
if ! error=$("$TMPDIR"/CrashCore check -D "$BINDIR" -C "$TMPDIR"/jsons 2>&1); then
echo $error
error_file=$(echo $error | grep -Eo 'cust.*\.json' | sed 's/cust_//g')
[ "$error_file" = 'add_rules.json' ] && error_file="$CRASHDIR"/yamls/rules.yaml自定义规则 || error_file="$CRASHDIR"/jsons/$error_file
logger "自定义配置文件校验失败,请检查【${error_file}】文件!" 31
logger "尝试使用基础配置文件启动~" 33
#清理自定义配置文件并还原基础配置
rm -rf "$TMPDIR"/jsons/cust_*
mv -f "$TMPDIR"/jsons_base/* "$TMPDIR"/jsons 2>/dev/null
fi
#清理缓存
rm -rf "$TMPDIR"/*.json
rm -rf "$TMPDIR"/jsons_base
return 0
}

94
scripts/starts/snapshot_init.sh
View File

@@ -1,94 +0,0 @@
#!/bin/sh
# Copyright (C) Juewuy
CRASHDIR="$(uci get firewall.ShellCrash.path | sed 's/\/misnap_init.sh//')"
profile=/etc/profile
. "$CRASHDIR"/configs/ShellCrash.cfg
autoSSH(){
#自动开启SSH
[ "`uci -c /usr/share/xiaoqiang get xiaoqiang_version.version.CHANNEL`" != 'stable' ] && {
uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable'
uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version
}
[ -z "$(pidof dropbear)" -o -z "$(netstat -ntul | grep :22)" ] && {
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
/etc/init.d/dropbear restart
mi_autoSSH_pwd=$(grep 'mi_autoSSH_pwd=' $CRASHDIR/configs/ShellCrash.cfg | awk -F "=" '{print $2}')
[ -n "$mi_autoSSH_pwd" ] && echo -e "$mi_autoSSH_pwd\n$mi_autoSSH_pwd" | passwd root
}
#配置nvram
[ "$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1
[ "$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1
nvram commit &> /dev/null
#备份还原SSH秘钥
[ -f $CRASHDIR/configs/dropbear_rsa_host_key ] && ln -sf $CRASHDIR/configs/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
[ -f $CRASHDIR/configs/authorized_keys ] && ln -sf $CRASHDIR/configs/authorized_keys /etc/dropbear/authorized_keys
}
tunfix(){
ko_dir=$(modinfo ip_tables | grep -Eo '/lib/modules.*/ip_tables.ko' | sed 's|/ip_tables.ko||' )
#在/tmp创建并挂载overlay
mkdir -p /tmp/overlay
mkdir -p /tmp/overlay/upper
mkdir -p /tmp/overlay/work
mount -o noatime,lowerdir=${ko_dir},upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" ${ko_dir}
#将tun.ko链接到lib
ln -sf $CRASHDIR/tools/tun.ko ${ko_dir}/tun.ko || $CRASHDIR/start.sh loggger "小米Tun模块修复失败"
}
tproxyfix(){
sed -i 's/sysctl -w net.bridge.bridge-nf-call-ip/#sysctl -w net.bridge.bridge-nf-call-ip/g' /etc/init.d/qca-nss-ecm
sysctl -w net.bridge.bridge-nf-call-iptables=0
sysctl -w net.bridge.bridge-nf-call-ip6tables=0
}
auto_clean(){
#自动清理升级备份文件夹
rm -rf /data/etc_bak
#自动清理被写入闪存的系统日志并禁止服务
/etc/init.d/stat_points stop 2>/dev/null
/etc/init.d/stat_points disable 2>/dev/null
sed -i '\#/logrotate#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
rm -rf /data/usr/log
}
init(){
#等待启动完成
while ! ip a| grep -q lan; do
sleep 10
done
sleep 20
#初始化环境变量
[ -z "$my_alias" ] && my_alias=crash
sed -i "/ShellCrash\/menu.sh/"d "$profile"
echo "alias ${my_alias}=\"sh $CRASHDIR/menu.sh\"" >>"$profile"
sed -i "/export CRASHDIR/d" "$profile"
echo "export CRASHDIR=\"$CRASHDIR\"" >>"$profile"
autoSSH #软固化功能
auto_clean #自动清理
#设置init.d服务
cp -f $CRASHDIR/shellcrash.procd /etc/init.d/shellcrash
chmod 755 /etc/init.d/shellcrash
#启动服务
if [ ! -f $CRASHDIR/.dis_startup ]; then
#AX6S/AX6000修复tun功能
[ -s $CRASHDIR/tools/tun.ko ] && tunfix
#小米7000/小米万兆修复tproxy
[ -f /etc/init.d/qca-nss-ecm ] && [ -n "$(grep 'redir_mod=Tproxy' $CRASHDIR/configs/ShellCrash.cfg )" ] && tproxyfix
#自动覆盖根证书文件
[ -s $CRASHDIR/tools/ca-certificates.crt ] && cp -f $CRASHDIR/tools/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
#启动服务
$CRASHDIR/start.sh start
/etc/init.d/shellcrash enable
fi
}
case "$1" in
tunfix) tunfix ;;
tproxyfix) tproxyfix ;;
auto_clean) auto_clean ;;
init) init ;;
*)
if [ -z $(pidof CrashCore) ];then
init &
fi
;;
esac

12
scripts/starts/start_error.sh Normal file
View File

@@ -0,0 +1,12 @@
if [ "$start_old" != "已开启" ] && ckcmd journalctl; then
journalctl -u shellcrash >"$TMPDIR"/core_test.log
else
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1
${COMMAND} >"$TMPDIR"/core_test.log 2>&1 &
sleep 2
kill $! >/dev/null 2>&1
fi
error=$(cat $TMPDIR/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33
logger "$error" 31