xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.7.6

Browse Source 
~sniffer参数优化,加入了米家屏蔽及端口限定
~为小米增强启动、华硕/梅林自启动添加了内置的60s开机初始化延迟
~iptables/nftables的fwmark默认值由1改为默认7892(=$redir_port)
~修复部分情况下无法正确显示内存占用的问题
~修复了下载自定义内核时无法调用本机代理的bug
~修复了小闪存模式设置为自定义目录时无法正确加载配置文件的bug
~修复了部分设备偶尔使用tproxy模式失败的问题
~修复部分情况下tun及混合模式的回环问题
~尝试修复linux因ntp自动同步导致的systemd报错问题
~优化了部分脚本说明
This commit is contained in:
juewuy
2023-04-26 21:24:26 +08:00
parent 0f99b7fcb5
commit 7f35305a63
5 changed files with 63 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/clash.sh
View File

@@ -63,7 +63,7 @@ ckstatus(){
auto1="\033[36m允许\033[0mclash开机启动" auto1="\033[36m允许\033[0mclash开机启动"
fi fi
#获取运行状态 #获取运行状态
PID=$(pidof clash) PID=$(pidof clash | awk '{print $NF}')
if [ -n "$PID" ];then if [ -n "$PID" ];then
run="\033[32m正在运行$redir_mod\033[0m" run="\033[32m正在运行$redir_mod\033[0m"
VmRSS=`cat /proc/$PID/status|grep -w VmRSS|awk '{print $2,$3}'` VmRSS=`cat /proc/$PID/status|grep -w VmRSS|awk '{print $2,$3}'`
@@ -597,6 +597,7 @@ setipv6(){
echo -e " 2 ipv6透明代理: \033[36m$ipv6_redir\033[0m ——代理ipv6流量" echo -e " 2 ipv6透明代理: \033[36m$ipv6_redir\033[0m ——代理ipv6流量"
echo -e " 3 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址" echo -e " 3 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址"
echo -e " 4 CNIP绕过内核: \033[36m$cn_ipv6_route\033[0m ——优化性能不兼容fake-ip" echo -e " 4 CNIP绕过内核: \033[36m$cn_ipv6_route\033[0m ——优化性能不兼容fake-ip"
echo -e " 0 返回上级菜单"
echo ----------------------------------------------- echo -----------------------------------------------
read -p "请输入对应数字 > " num read -p "请输入对应数字 > " num
case $num in case $num in
@@ -1991,9 +1992,9 @@ case "$1" in
echo " -h 帮助列表" echo " -h 帮助列表"
echo " -u 卸载脚本" echo " -u 卸载脚本"
echo ----------------------------------------- echo -----------------------------------------
echo " $clashdir/start.sh start 启动服务" echo " clash -s start 启动服务"
echo " $clashdir/start.sh stop 停止服务" echo " clash -s stop 停止服务"
echo " $clashdir/start.sh init 写入服务" echo " 安装目录/start.sh init 开机初始化"
echo ----------------------------------------- echo -----------------------------------------
echo "在线求助t.me/ShellClash" echo "在线求助t.me/ShellClash"
echo "官方博客juewuy.github.io" echo "官方博客juewuy.github.io"

12
scripts/getdate.sh
View File

@@ -1126,9 +1126,15 @@ testcommand(){
elif [ "$num" = 1 ]; then elif [ "$num" = 1 ]; then
$clashdir/start.sh stop $clashdir/start.sh stop
echo ----------------------------------------------- echo -----------------------------------------------
[ -x $clashdir/clash ] && $clashdir/clash -t -d $clashdir if $clashdir/clash -v &>/dev/null;then
[ "$?" = 0 ] && testover=32m测试通过|| testover=31m出现错误请截图后到TG群询问 $clashdir/clash -t -d $clashdir
echo -e "\033[$testover\033[0m" [ "$?" = 0 ] && testover=32m测试通过|| testover=31m出现错误请截图后到TG群询问
echo -e "\033[$testover\033[0m"
else
echo -e "\033[31m你没有安装clash内核或内核不完整请先前往更新界面安装内核\033[0m"
update
testcommand
fi
exit; exit;
elif [ "$num" = 2 ]; then elif [ "$num" = 2 ]; then
echo ----------------------------------------------- echo -----------------------------------------------

1
scripts/init.sh
View File

@@ -215,6 +215,7 @@ if [ "$systype" = "mi_snapshot" ];then
uci set firewall.ShellClash.enabled='1' uci set firewall.ShellClash.enabled='1'
uci commit firewall uci commit firewall
setconfig systype $systype setconfig systype $systype
setconfig start_delay 90
else else
rm -rf $clashdir/misnap_init.sh rm -rf $clashdir/misnap_init.sh
fi fi

4
scripts/misnap_init.sh
View File

@@ -52,7 +52,9 @@ init(){
[ -n "$(grep 'init complete' $log_file)" ] && i=10 || i=$((i + 1)) [ -n "$(grep 'init complete' $log_file)" ] && i=10 || i=$((i + 1))
done done
#AX6S/AX6000修复tun功能 #AX6S/AX6000修复tun功能
[ -f $clashdir/tun.ko -a ! -f /lib/modules/4.4.198/tun.ko ] && tunfix && sleep 10 [ -f $clashdir/tun.ko -a ! -f /lib/modules/4.4.198/tun.ko ] && tunfix
#启动延迟
sleep 60
#启动服务 #启动服务
/etc/init.d/clash start /etc/init.d/clash start
/etc/init.d/clash enable /etc/init.d/clash enable

85
scripts/start.sh
View File

@@ -25,6 +25,7 @@ getconfig(){
[ -z "$tproxy_port" ] && tproxy_port=7893 [ -z "$tproxy_port" ] && tproxy_port=7893
[ -z "$db_port" ] && db_port=9999 [ -z "$db_port" ] && db_port=9999
[ -z "$dns_port" ] && dns_port=1053 [ -z "$dns_port" ] && dns_port=1053
[ -z "$fwmark" ] && fwmark=$redir_port
[ -z "$sniffer" ] && sniffer=已开启 [ -z "$sniffer" ] && sniffer=已开启
#是否代理常用端口 #是否代理常用端口
[ -z "$common_ports" ] && common_ports=已开启 [ -z "$common_ports" ] && common_ports=已开启
@@ -322,7 +323,7 @@ modify_yaml(){
fi fi
} }
#域名嗅探配置 #域名嗅探配置
[ "$sniffer" = "已启用" ] && [ "$clashcore" = "clash.meta" ] && sniffer_set="sniffer: {enable: true, sniffing: [tls, http]}" [ "$sniffer" = "已启用" ] && [ "$clashcore" = "clash.meta" ] && sniffer_set="sniffer: {enable: true, skip-domain: [Mijia Cloud], sniff: {tls: {ports: [443, 8443]}, http: {ports: [80, 8080-8880]}}}"
[ "$clashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0, sniff-tls-sni: true}" [ "$clashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0, sniff-tls-sni: true}"
#设置目录 #设置目录
@@ -442,10 +443,12 @@ EOF
sed -i "/^proxy-groups:/a\\$line #自定义策略组" $tmpdir/config.yaml sed -i "/^proxy-groups:/a\\$line #自定义策略组" $tmpdir/config.yaml
done done
fi fi
#如果没有使用小闪存模式 #存档
if [ "$tmpdir" != "$bindir" ];then if [ "$clashdir" = "$bindir" ];then
cmp -s $tmpdir/config.yaml $yaml >/dev/null 2>&1 cmp -s $tmpdir/config.yaml $yaml >/dev/null 2>&1
[ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml [ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml
elif [ "$tmpdir" != "$bindir" ];then
mv -f $tmpdir/config.yaml $bindir/config.yaml
fi fi
rm -f $tmpdir/set.yaml rm -f $tmpdir/set.yaml
rm -f $tmpdir/proxy.yaml rm -f $tmpdir/proxy.yaml
@@ -587,7 +590,8 @@ start_ipt_dns(){
start_tproxy(){ start_tproxy(){
#获取局域网host地址 #获取局域网host地址
getlanip getlanip
ip rule add fwmark 1 table 100 modprobe xt_TPROXY &>/dev/null
ip rule add fwmark $fwmark table 100
ip route add local default dev lo table 100 ip route add local default dev lo table 100
iptables -t mangle -N clash iptables -t mangle -N clash
iptables -t mangle -A clash -p udp --dport 53 -j RETURN iptables -t mangle -A clash -p udp --dport 53 -j RETURN
@@ -601,7 +605,7 @@ start_tproxy(){
tproxy_set(){ tproxy_set(){
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
for mac in $(cat $clashdir/mac); do #mac白名单 for mac in $(cat $clashdir/mac); do #mac白名单
iptables -t mangle -A clash -p $1 -m mac --mac-source $mac -j TPROXY --on-port $tproxy_port --tproxy-mark 1 iptables -t mangle -A clash -p $1 -m mac --mac-source $mac -j TPROXY --on-port $tproxy_port --tproxy-mark $fwmark
done done
else else
for mac in $(cat $clashdir/mac); do #mac黑名单 for mac in $(cat $clashdir/mac); do #mac黑名单
@@ -609,7 +613,7 @@ start_tproxy(){
done done
#仅代理本机局域网网段流量 #仅代理本机局域网网段流量
for ip in $host_ipv4;do for ip in $host_ipv4;do
iptables -t mangle -A clash -p $1 -s $ip -j TPROXY --on-port $tproxy_port --tproxy-mark 1 iptables -t mangle -A clash -p $1 -s $ip -j TPROXY --on-port $tproxy_port --tproxy-mark $fwmark
done done
fi fi
iptables -t mangle -A PREROUTING -p $1 $ports -j clash iptables -t mangle -A PREROUTING -p $1 $ports -j clash
@@ -625,7 +629,7 @@ start_tproxy(){
} }
#设置ipv6转发 #设置ipv6转发
[ "$ipv6_redir" = "已开启" ] && { [ "$ipv6_redir" = "已开启" ] && {
ip -6 rule add fwmark 1 table 101 ip -6 rule add fwmark $fwmark table 101
ip -6 route add local ::/0 dev lo table 101 ip -6 route add local ::/0 dev lo table 101
ip6tables -t mangle -N clashv6 ip6tables -t mangle -N clashv6
ip6tables -t mangle -A clashv6 -p udp --dport 53 -j RETURN ip6tables -t mangle -A clashv6 -p udp --dport 53 -j RETURN
@@ -640,7 +644,7 @@ start_tproxy(){
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
#mac白名单 #mac白名单
for mac in $(cat $clashdir/mac); do for mac in $(cat $clashdir/mac); do
ip6tables -t mangle -A clashv6 -p $1 -m mac --mac-source $mac -j TPROXY --on-port $tproxy_port --tproxy-mark 1 ip6tables -t mangle -A clashv6 -p $1 -m mac --mac-source $mac -j TPROXY --on-port $tproxy_port --tproxy-mark $fwmark
done done
else else
#mac黑名单 #mac黑名单
@@ -649,7 +653,7 @@ start_tproxy(){
done done
#仅代理本机局域网网段流量 #仅代理本机局域网网段流量
for ip in $host_ipv6;do for ip in $host_ipv6;do
ip6tables -t mangle -A clashv6 -p $1 -s $ip -j TPROXY --on-port $tproxy_port --tproxy-mark 1 ip6tables -t mangle -A clashv6 -p $1 -s $ip -j TPROXY --on-port $tproxy_port --tproxy-mark $fwmark
done done
fi fi
ip6tables -t mangle -A PREROUTING -p $1 $ports -j clashv6 ip6tables -t mangle -A PREROUTING -p $1 $ports -j clashv6
@@ -700,9 +704,10 @@ start_output(){
} }
} }
start_tun(){ start_tun(){
modprobe tun &>/dev/null
#允许流量 #允许流量
iptables -I FORWARD -o utun -j ACCEPT iptables -I FORWARD -o utun -j ACCEPT
iptables -I FORWARD -s 198.18.0.0/16 -o utun -j RETURN iptables -I FORWARD -s 198.18.0.0/16 -o utun -j RETURN #防止回环
ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1 ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1
#屏蔽QUIC #屏蔽QUIC
if [ "$quic_rj" = 已启用 ];then if [ "$quic_rj" = 已启用 ];then
@@ -710,14 +715,14 @@ start_tun(){
iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
#ip6tables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" -j REJECT >/dev/null 2>&1 #ip6tables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" -j REJECT >/dev/null 2>&1
fi fi
modprobe xt_mark &> /dev/null && { modprobe xt_mark &>/dev/null && {
i=1 i=1
while [ -z "$(ip route list |grep utun)" -a "$i" -le 29 ];do while [ -z "$(ip route list |grep utun)" -a "$i" -le 29 ];do
sleep 1 sleep 1
i=$((i+1)) i=$((i+1))
done done
ip route add default dev utun table 100 ip route add default dev utun table 100
ip rule add fwmark 1 table 100 ip rule add fwmark $fwmark table 100
#获取局域网host地址 #获取局域网host地址
getlanip getlanip
iptables -t mangle -N clash iptables -t mangle -N clash
@@ -725,13 +730,15 @@ start_tun(){
for ip in $host_ipv4 $reserve_ipv4;do #跳过目标保留地址及目标本机网段 for ip in $host_ipv4 $reserve_ipv4;do #跳过目标保留地址及目标本机网段
iptables -t mangle -A clash -d $ip -j RETURN iptables -t mangle -A clash -d $ip -j RETURN
done done
#防止回环
iptables -t mangle -A clash -s 198.18.0.0/16 -j RETURN
#绕过CN_IP #绕过CN_IP
[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \ [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
iptables -t mangle -A clash -m set --match-set cn_ip dst -j RETURN 2>/dev/null iptables -t mangle -A clash -m set --match-set cn_ip dst -j RETURN 2>/dev/null
#局域网设备过滤 #局域网设备过滤
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
for mac in $(cat $clashdir/mac); do #mac白名单 for mac in $(cat $clashdir/mac); do #mac白名单
iptables -t mangle -A clash -m mac --mac-source $mac -j MARK --set-mark 1 iptables -t mangle -A clash -m mac --mac-source $mac -j MARK --set-mark $fwmark
done done
else else
for mac in $(cat $clashdir/mac); do #mac黑名单 for mac in $(cat $clashdir/mac); do #mac黑名单
@@ -739,7 +746,7 @@ start_tun(){
done done
#仅代理本机局域网网段流量 #仅代理本机局域网网段流量
for ip in $host_ipv4;do for ip in $host_ipv4;do
iptables -t mangle -A clash -s $ip -j MARK --set-mark 1 iptables -t mangle -A clash -s $ip -j MARK --set-mark $fwmark
done done
fi fi
iptables -t mangle -A PREROUTING -p udp $ports -j clash iptables -t mangle -A PREROUTING -p udp $ports -j clash
@@ -748,7 +755,7 @@ start_tun(){
#设置ipv6转发 #设置ipv6转发
[ "$ipv6_redir" = "已开启" -a "$clashcore" = "clash.meta" ] && { [ "$ipv6_redir" = "已开启" -a "$clashcore" = "clash.meta" ] && {
ip -6 route add default dev utun table 101 ip -6 route add default dev utun table 101
ip -6 rule add fwmark 1 table 101 ip -6 rule add fwmark $fwmark table 101
ip6tables -t mangle -N clashv6 ip6tables -t mangle -N clashv6
ip6tables -t mangle -A clashv6 -p udp --dport 53 -j RETURN ip6tables -t mangle -A clashv6 -p udp --dport 53 -j RETURN
for ip in $host_ipv6 $reserve_ipv6;do #跳过目标保留地址及目标本机网段 for ip in $host_ipv6 $reserve_ipv6;do #跳过目标保留地址及目标本机网段
@@ -760,7 +767,7 @@ start_tun(){
#局域网设备过滤 #局域网设备过滤
if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
for mac in $(cat $clashdir/mac); do #mac白名单 for mac in $(cat $clashdir/mac); do #mac白名单
ip6tables -t mangle -A clashv6 -m mac --mac-source $mac -j MARK --set-mark 1 ip6tables -t mangle -A clashv6 -m mac --mac-source $mac -j MARK --set-mark $fwmark
done done
else else
for mac in $(cat $clashdir/mac); do #mac黑名单 for mac in $(cat $clashdir/mac); do #mac黑名单
@@ -768,7 +775,7 @@ start_tun(){
done done
#仅代理本机局域网网段流量 #仅代理本机局域网网段流量
for ip in $host_ipv6;do for ip in $host_ipv6;do
ip6tables -t mangle -A clashv6 -s $ip -j MARK --set-mark 1 ip6tables -t mangle -A clashv6 -s $ip -j MARK --set-mark $fwmark
done done
fi fi
ip6tables -t mangle -A PREROUTING -p udp $ports -j clashv6 ip6tables -t mangle -A PREROUTING -p udp $ports -j clashv6
@@ -783,7 +790,7 @@ start_nft(){
RESERVED_IP="$(echo $reserve_ipv4 | sed 's/ /, /g')" RESERVED_IP="$(echo $reserve_ipv4 | sed 's/ /, /g')"
HOST_IP="$(echo $host_ipv4 | sed 's/ /, /g')" HOST_IP="$(echo $host_ipv4 | sed 's/ /, /g')"
#设置策略路由 #设置策略路由
ip rule add fwmark 1 table 100 ip rule add fwmark $fwmark table 100
ip route add local default dev lo table 100 ip route add local default dev lo table 100
[ "$redir_mod" = "Nft基础" ] && \ [ "$redir_mod" = "Nft基础" ] && \
nft add chain inet shellclash prerouting { type nat hook prerouting priority -100 \; } nft add chain inet shellclash prerouting { type nat hook prerouting priority -100 \; }
@@ -814,7 +821,7 @@ start_nft(){
if [ "$ipv6_redir" = "已开启" ];then if [ "$ipv6_redir" = "已开启" ];then
RESERVED_IP6="$(echo "$reserve_ipv6 $host_ipv6" | sed 's/ /, /g')" RESERVED_IP6="$(echo "$reserve_ipv6 $host_ipv6" | sed 's/ /, /g')"
HOST_IP6="$(echo $host_ipv6 | sed 's/ /, /g')" HOST_IP6="$(echo $host_ipv6 | sed 's/ /, /g')"
ip -6 rule add fwmark 1 table 101 2> /dev/null ip -6 rule add fwmark $fwmark table 101 2> /dev/null
ip -6 route add local ::/0 dev lo table 101 2> /dev/null ip -6 route add local ::/0 dev lo table 101 2> /dev/null
#过滤保留地址及本机地址 #过滤保留地址及本机地址
nft add rule inet shellclash prerouting ip6 daddr {$RESERVED_IP6} return nft add rule inet shellclash prerouting ip6 daddr {$RESERVED_IP6} return
@@ -829,8 +836,8 @@ start_nft(){
nft add rule inet shellclash prerouting meta nfproto ipv6 return nft add rule inet shellclash prerouting meta nfproto ipv6 return
fi fi
#透明路由 #透明路由
[ "$redir_mod" = "Nft基础" ] && nft add rule inet shellclash prerouting meta l4proto tcp mark set 1 redirect to ${redir_port} [ "$redir_mod" = "Nft基础" ] && nft add rule inet shellclash prerouting meta l4proto tcp mark set $fwmark redirect to $redir_port
[ "$redir_mod" = "Nft混合" ] && nft add rule inet shellclash prerouting meta l4proto {tcp, udp} mark set 1 tproxy to :${tproxy_port} [ "$redir_mod" = "Nft混合" ] && nft add rule inet shellclash prerouting meta l4proto {tcp, udp} mark set $fwmark tproxy to :$tproxy_port
} }
#屏蔽QUIC #屏蔽QUIC
[ "$quic_rj" = 已启用 ] && { [ "$quic_rj" = 已启用 ] && {
@@ -844,17 +851,17 @@ start_nft(){
#dns #dns
nft add chain inet shellclash dns_out { type nat hook output priority -100 \; } nft add chain inet shellclash dns_out { type nat hook output priority -100 \; }
nft add rule inet shellclash dns_out meta skgid 7890 return && \ nft add rule inet shellclash dns_out meta skgid 7890 return && \
nft add rule inet shellclash dns_out udp dport 53 redirect to ${dns_port} nft add rule inet shellclash dns_out udp dport 53 redirect to $dns_port
#output #output
nft add chain inet shellclash output { type nat hook output priority -100 \; } nft add chain inet shellclash output { type nat hook output priority -100 \; }
nft add rule inet shellclash output meta skgid 7890 return && { nft add rule inet shellclash output meta skgid 7890 return && {
[ -n "$PORTS" ] && nft add rule inet shellclash output tcp dport != {$PORTS} return [ -n "$PORTS" ] && nft add rule inet shellclash output tcp dport != {$PORTS} return
nft add rule inet shellclash output ip daddr {$RESERVED_IP} return nft add rule inet shellclash output ip daddr {$RESERVED_IP} return
nft add rule inet shellclash output meta l4proto tcp mark set 1 redirect to ${redir_port} nft add rule inet shellclash output meta l4proto tcp mark set $fwmark redirect to $redir_port
} }
#Docker #Docker
type docker &>/dev/null && { type docker &>/dev/null && {
ip rule add fwmark 1 table 102 2> /dev/null ip rule add fwmark $fwmark table 102 2> /dev/null
ip route add local 172.16.0.0/12 dev lo table 102 2> /dev/null ip route add local 172.16.0.0/12 dev lo table 102 2> /dev/null
} }
} }
@@ -990,11 +997,11 @@ stop_firewall(){
/etc/init.d/dnsmasq restart >/dev/null 2>&1 /etc/init.d/dnsmasq restart >/dev/null 2>&1
} }
#清理路由规则 #清理路由规则
ip rule del fwmark 1 table 100 2> /dev/null ip rule del fwmark $fwmark table 100 2> /dev/null
ip route del local default dev lo table 100 2> /dev/null ip route del local default dev lo table 100 2> /dev/null
ip -6 rule del fwmark 1 table 101 2> /dev/null ip -6 rule del fwmark $fwmark table 101 2> /dev/null
ip -6 route del local ::/0 dev lo table 101 2> /dev/null ip -6 route del local ::/0 dev lo table 101 2> /dev/null
ip rule del fwmark 1 table 102 2> /dev/null ip rule del fwmark $fwmark table 102 2> /dev/null
ip route del local 172.16.0.0/12 dev lo table 102 2> /dev/null ip route del local 172.16.0.0/12 dev lo table 102 2> /dev/null
#重置nftables相关规则 #重置nftables相关规则
ckcmd nft && { ckcmd nft && {
@@ -1201,8 +1208,8 @@ afstart(){
getconfig getconfig
#延迟启动 #延迟启动
[ ! -f /tmp/clash_start_time ] && [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && { [ ! -f /tmp/clash_start_time ] && [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && {
logger "clash将延迟$start_delay秒启动" 31 pushoff logger "clash将延迟$start_delay秒启动" 31 pushoff
sleep $start_delay sleep $start_delay
} }
$bindir/clash -t -d $bindir >/dev/null $bindir/clash -t -d $bindir >/dev/null
if [ "$?" = 0 ];then if [ "$?" = 0 ];then
@@ -1244,8 +1251,6 @@ afstart(){
[ "$local_type" = "nftables增强模式" ] && [ "$redir_mod" = "纯净模式" ] && start_nft [ "$local_type" = "nftables增强模式" ] && [ "$redir_mod" = "纯净模式" ] && start_nft
} }
ckcmd iptables && start_wan ckcmd iptables && start_wan
#同步本机时间
ckcmd ntpd && ntpd -n -q -p 203.107.6.88 &>/dev/null &
#标记启动时间 #标记启动时间
mark_time mark_time
#加载定时任务 #加载定时任务
@@ -1254,7 +1259,9 @@ afstart(){
cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"\$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置" cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"\$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置 [ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
#推送日志 #推送日志
{ sleep 30;logger Clash服务已启动;} & { sleep 5;logger Clash服务已启动;} &
#同步本机时间
{ ckcmd ntpd && ntpd -n -q -p 203.107.6.88 &>/dev/null;exit 0 ;} &
else else
logger "Clash服务启动失败请查看报错信息" 33 logger "Clash服务启动失败请查看报错信息" 33
logger "$($bindir/clash -t -d $bindir | grep -Eo 'error.*=.*')" 31 logger "$($bindir/clash -t -d $bindir | grep -Eo 'error.*=.*')" 31
@@ -1324,25 +1331,23 @@ restart)
$0 start $0 start
;; ;;
init) init)
clashdir=$(cd $(dirname $0);pwd)
profile=/etc/profile
if [ -d "/etc/storage/clash" ];then if [ -d "/etc/storage/clash" ];then
clashdir=/etc/storage/clash clashdir=/etc/storage/clash
i=1 i=1
while [ ! -w "/etc/profile" -a "$i" -lt 7 ];do while [ ! -w /etc/profile -a "$i" -lt 10 ];do
sleep 5 && i=$((i+1)) sleep 5 && i=$((i+1))
done done
profile=/etc/profile profile=/etc/profile
sed -i '' $profile #将软链接转化为一般文件 sed -i '' $profile #将软链接转化为一般文件
elif [ -d "/jffs" ];then elif [ -d "/jffs" ];then
sleep 40 sleep 60
clashdir=$(cd $(dirname $0);pwd)
if [ -w /etc/profile ];then if [ -w /etc/profile ];then
profile=/etc/profile profile=/etc/profile
else else
profile=$(cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}') profile=$(cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}')
fi fi
else
clashdir=$(cd $(dirname $0);pwd)
profile=/etc/profile
fi fi
sed -i "/alias clash/d" $profile sed -i "/alias clash/d" $profile
sed -i "/export clashdir/d" $profile sed -i "/export clashdir/d" $profile
@@ -1371,9 +1376,9 @@ webget)
getconfig getconfig
[ -n "$authentication" ] && auth="$authentication@" [ -n "$authentication" ] && auth="$authentication@"
export https_proxy="http://${auth}127.0.0.1:$mix_port" export https_proxy="http://${auth}127.0.0.1:$mix_port"
url=$(echo $3 | sed 's#https://.*/juewuy/ShellClash[@|/]#https://raw.githubusercontent.com/juewuy/ShellClash/#' | sed 's#https://gh.jwsc.eu.org/#https://raw.githubusercontent.com/juewuy/ShellClash/#') url=$(echo $3 | sed 's#https://fastly.jsdelivr.net/gh/juewuy/ShellClash[@|/]#https://raw.githubusercontent.com/juewuy/ShellClash/#' | sed 's#https://gh.jwsc.eu.org/#https://raw.githubusercontent.com/juewuy/ShellClash/#')
else else
url=$(echo $3 | sed 's#https://.*/juewuy/ShellClash/#https://fastly.jsdelivr.net/gh/juewuy/ShellClash@#') url=$(echo $3 | sed 's#https://raw.githubusercontent.com/juewuy/ShellClash/#https://fastly.jsdelivr.net/gh/juewuy/ShellClash@#')
fi fi
#参数【$2】代表下载目录【$3】代表在线地址 #参数【$2】代表下载目录【$3】代表在线地址
#参数【$4】代表输出显示【$4】不启用重定向 #参数【$4】代表输出显示【$4】不启用重定向