xm/ShellCrash
1
0
Fork 0
mirror of https://github.com/juewuy/ShellCrash.git synced 2026-03-10 23:41:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

repair accidental deletion operation

Browse Source
This commit is contained in:
Sofia
2026-01-15 02:49:01 +08:00
committed by GitHub
parent 3977565ad1
commit 82f5fce989
1 changed files with 412 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

412
scripts/menus/2_settings.sh
View File

@@ -1,3 +1,286 @@
#!/bin/sh
# Copyright (C) Juewuy
[ -n "$__IS_MODULE_2_SETTINGS_LOADED" ] && return
__IS_MODULE_2_SETTINGS_LOADED=1
# 功能设置
settings() {
while true; do
# 获取设置默认显示
[ -z "$skip_cert" ] && skip_cert=ON
[ -z "$sniffer" ] && sniffer=OFF
[ -z "$dns_mod" ] && dns_mod='redir_host'
echo "-----------------------------------------------"
echo -e "\033[30;47m欢迎使用功能设置菜单\033[0m"
echo "-----------------------------------------------"
echo -e " 1 路由模式设置: \033[36m$redir_mod\033[0m"
echo -e " 2 DNS设置 \033[36m$dns_mod\033[0m"
echo -e " 3 透明路由\033[32m流量过滤\033[0m"
[ "$disoverride" != "1" ] && {
echo -e " 4 跳过证书验证: \033[36m$skip_cert\033[0m"
echo -e " 5 启用域名嗅探: \033[36m$sniffer\033[0m"
echo -e " 6 自定义\033[32m端口及秘钥\033[0m"
}
echo -e " 8 ipv6设置 \033[36m$ipv6_redir\033[0m"
echo "-----------------------------------------------"
echo -e " 9 \033[31m重置/备份/还原\033[0m脚本设置"
echo -e " 0 返回上级菜单 \033[0m"
echo "-----------------------------------------------"
read -p "请输入对应数字 > " num
case "$num" in
"" | 0)
break
;;
1)
if [ "$USER" != "root" -a "$USER" != "admin" ]; then
echo "-----------------------------------------------"
read -p "非root用户可能无法正确配置其他模式依然尝试吗(1/0) > " res
[ "$res" = 1 ] && set_redir_mod
else
set_redir_mod
fi
sleep 1
;;
2)
. "$CRASHDIR"/menus/dns.sh && set_dns_mod
sleep 1
;;
3)
. "$CRASHDIR"/menus/fw_filter.sh && set_fw_filter
sleep 1
;;
4)
echo "-----------------------------------------------"
if [ "$skip_cert" = "OFF" ] >/dev/null 2>&1; then
echo -e "\033[33m已设为开启跳过本地证书验证\033[0m"
skip_cert=ON
else
echo -e "\033[33m已设为禁止跳过本地证书验证\033[0m"
skip_cert=OFF
fi
setconfig skip_cert $skip_cert
;;
5)
echo "-----------------------------------------------"
if [ "$sniffer" = "OFF" ]; then
if [ "$crashcore" = "clash" ]; then
rm -rf ${TMPDIR}/CrashCore
rm -rf "$CRASHDIR"/CrashCore
rm -rf "$CRASHDIR"/CrashCore.tar.gz
crashcore=meta
setconfig crashcore $crashcore
echo "已将ShellCrash内核切换为Meta内核域名嗅探依赖Meta或者高版本clashpre内核"
fi
sniffer=ON
elif [ "$crashcore" = "clashpre" -a "$dns_mod" = "redir_host" ]; then
echo -e "\033[31m使用clashpre内核且开启redir-host模式时无法关闭\033[0m"
else
sniffer=OFF
fi
setconfig sniffer $sniffer
;;
6)
if [ -n "$(pidof CrashCore)" ]; then
echo "-----------------------------------------------"
echo -e "\033[33m检测到服务正在运行需要先停止服务\033[0m"
read -p "是否停止服务?(1/0) > " res
if [ "$res" = "1" ]; then
"$CRASHDIR"/start.sh stop
set_adv_config
fi
else
set_adv_config
fi
;;
8)
set_ipv6
;;
9)
echo "-----------------------------------------------"
echo -e " 1 备份脚本设置"
echo -e " 2 还原脚本设置"
echo -e " 3 重置脚本设置"
echo -e " 0 返回上级菜单"
echo "-----------------------------------------------"
read -p "请输入对应数字 > " num
if [ -z "$num" ]; then
errornum
elif [ "$num" = 0 ]; then
i=
elif [ "$num" = 1 ]; then
cp -f "$CFG_PATH" "$CFG_PATH".bak
echo -e "\033[32m脚本设置已备份\033[0m"
elif [ "$num" = 2 ]; then
if [ -f "$CFG_PATH.bak" ]; then
mv -f "$CFG_PATH" "$CFG_PATH".bak2
mv -f "$CFG_PATH".bak "$CFG_PATH"
mv -f "$CFG_PATH".bak2 "$CFG_PATH".bak
echo -e "\033[32m脚本设置已还原(被覆盖的配置已备份!)\033[0m"
else
echo -e "\033[31m找不到备份文件请先备份脚本设置\033[0m"
fi
elif [ "$num" = 3 ]; then
mv -f "$CFG_PATH" "$CFG_PATH".bak
. "$CRASHDIR"/init.sh >/dev/null
echo -e "\033[32m脚本设置已重置(旧文件已备份!)\033[0m"
fi
echo -e "\033[33m请重新启动脚本\033[0m"
exit 0
;;
*)
errornum
sleep 1
break
;;
esac
done
}
set_redir_config() {
setconfig redir_mod $redir_mod
setconfig dns_mod $dns_mod
echo "-----------------------------------------------"
echo -e "\033[36m已设为 $redir_mod \033[0m"
}
# 路由模式设置
set_redir_mod() {
while true; do
[ -n "$(ls /dev/net/tun 2>/dev/null)" ] || ip tuntap >/dev/null 2>&1 || modprobe tun 2>/dev/null && sup_tun=1
[ -z "$firewall_area" ] && firewall_area=1
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
[ -z "$redir_mod" ] && redir_mod='纯净模式'
firewall_area_dsc=$(echo "仅局域网 仅本机 局域网+本机 纯净模式 主-旁转发($bypass_host)" | cut -d' ' -f$firewall_area)
echo "-----------------------------------------------"
echo -e "当前路由模式为:\033[47;30m$redir_mod\033[0mShellCrash核心为\033[47;30m $crashcore \033[0m"
echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m"
echo "-----------------------------------------------"
[ $firewall_area -le 3 ] && {
echo -e " 1 \033[32mRedir模式\033[0m Redir转发TCP不转发UDP"
echo -e " 2 \033[36m混合模式\033[0m Redir转发TCPTun转发UDP"
echo -e " 3 \033[32mTproxy模式\033[0m Tproxy转发TCP&UDP"
echo -e " 4 \033[33mTun模式\033[0m Tun转发TCP&UDP(占用高不推荐)"
echo "-----------------------------------------------"
}
[ "$firewall_area" = 5 ] && {
echo -e " 5 \033[32mTCP旁路转发\033[0m 仅转发TCP流量至旁路由"
echo -e " 6 \033[36mT&U旁路转发\033[0m 转发TCP&UDP流量至旁路由"
echo "-----------------------------------------------"
}
echo -e " 7 设置路由劫持范围: \033[47;30m$firewall_area_dsc\033[0m"
echo -e " 8 容器/虚拟机劫持: \033[47;30m$vm_redir\033[0m"
echo -e " 9 切换防火墙应用: \033[47;30m$firewall_mod\033[0m"
echo "-----------------------------------------------"
echo " 0 返回上级菜单"
read -p "请输入对应数字 > " num
case "$num" in
"" | 0)
break
;;
1)
redir_mod=Redir模式
set_redir_config
;;
2)
if [ -n "$sup_tun" ]; then
redir_mod=混合模式
set_redir_config
else
echo -e "\033[31m设备未检测到Tun内核模块请尝试其他模式或者安装相关依赖\033[0m"
sleep 1
fi
;;
3)
if [ "$firewall_mod" = "iptables" ]; then
if [ -f /etc/init.d/qca-nss-ecm -a "$systype" = "mi_snapshot" ]; then
read -p "xiaomi设备的QOS服务与本模式冲突是否禁用相关功能(1/0) > " res
[ "$res" = '1' ] && {
/data/shellcrash_init.sh tproxyfix
redir_mod=Tproxy模式
set_redir_config
}
elif grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then
redir_mod=Tproxy模式
set_redir_config
else
echo -e "\033[31m设备未检测到iptables-mod-tproxy模块请尝试其他模式或者安装相关依赖\033[0m"
sleep 1
fi
elif [ "$firewall_mod" = "nftables" ]; then
if modprobe nft_tproxy >/dev/null 2>&1 || lsmod 2>/dev/null | grep -q nft_tproxy; then
redir_mod=Tproxy模式
set_redir_config
else
echo -e "\033[31m设备未检测到nft_tproxy内核模块请尝试其他模式或者安装相关依赖\033[0m"
sleep 1
fi
fi
;;
4)
if [ -n "$sup_tun" ]; then
redir_mod=Tun模式
set_redir_config
else
echo -e "\033[31m设备未检测到Tun内核模块请尝试其他模式或者安装相关依赖\033[0m"
sleep 1
fi
;;
5)
redir_mod='TCP旁路转发'
set_redir_config
;;
6)
redir_mod='T&U旁路转发'
set_redir_config
;;
7)
set_firewall_area
;;
8)
set_firewall_vm
;;
9)
if [ "$firewall_mod" = 'iptables' ]; then
if nft add table inet shellcrash 2>/dev/null; then
firewall_mod=nftables
redir_mod=Redir模式
setconfig redir_mod $redir_mod
else
echo -e "\033[31m当前设备未安装nftables或者nftables版本过低(<1.0.2),无法切换!\033[0m"
fi
elif [ "$firewall_mod" = 'nftables' ]; then
if ckcmd iptables; then
firewall_mod=iptables
redir_mod=Redir模式
setconfig redir_mod $redir_mod
else
echo -e "\033[31m当前设备未安装iptables,无法切换!\033[0m"
fi
else
iptables -j REDIRECT -h >/dev/null 2>&1 && firewall_mod=iptables
nft add table inet shellcrash 2>/dev/null && firewall_mod=nftables
if [ -n "$firewall_mod" ]; then
redir_mod=Redir模式
setconfig redir_mod $redir_mod
setconfig firewall_mod $firewall_mod
else
echo -e "\033[31m检测不到可用的防火墙应用(iptables/nftables),无法切换!\033[0m"
fi
fi
sleep 1
setconfig firewall_mod $firewall_mod
;;
*)
errornum
sleep 1
break
;;
esac
done
}
inputport() {
read -p "请输入端口号(1-65535) > " portx
. "$CRASHDIR"/menus/check_port.sh # 加载测试函数
@@ -156,3 +439,132 @@ set_adv_config() {
esac
done
}
set_firewall_area() { #路由范围设置
[ -z "$vm_redir" ] && vm_redir='OFF'
echo "-----------------------------------------------"
echo -e "\033[31m注意\033[0m基于桥接网卡的Docker/虚拟机流量,请单独启用!"
echo -e "\033[33m如你使用了第三方DNS如smartdns等请勿启用本机劫持或使用shellcrash用户执行\033[0m"
echo "-----------------------------------------------"
echo -e " 1 \033[32m仅劫持局域网流量\033[0m"
echo -e " 2 \033[36m仅劫持本机流量\033[0m"
echo -e " 3 \033[32m劫持局域网+本机流量\033[0m"
echo -e " 4 不配置流量劫持(纯净模式)\033[0m"
#echo -e " 5 \033[33m转发局域网流量到旁路由设备\033[0m"
echo -e " 0 返回上级菜单"
echo "-----------------------------------------------"
read -p "请输入对应数字 > " num
case "$num" in
0) ;;
[1-4])
[ $firewall_area -ge 4 ] && {
redir_mod=Redir模式
setconfig redir_mod $redir_mod
}
[ "$num" = 4 ] && {
redir_mod=纯净模式
setconfig redir_mod $redir_mod
}
firewall_area=$num
setconfig firewall_area $firewall_area
;;
5)
echo "-----------------------------------------------"
echo -e "\033[31m注意\033[0m此功能存在多种风险如无网络基础请勿尝试"
echo -e "\033[33m说明\033[0m此功能不启动内核仅配置防火墙转发且子设备无需额外设置网关DNS"
echo -e "\033[33m说明\033[0m支持防火墙分流及设备过滤支持部分定时任务但不支持ipv6"
echo -e "\033[31m注意\033[0m如需代理UDP请确保旁路由运行了支持UDP代理的模式"
echo -e "\033[31m注意\033[0m如使用systemd方式启动内核依然会空载运行建议使用保守模式"
echo "-----------------------------------------------"
read -p "请输入旁路由IPV4地址 > " bypass_host
[ -n "$bypass_host" ] && {
firewall_area=$num
setconfig firewall_area $firewall_area
setconfig bypass_host $bypass_host
redir_mod=TCP旁路转发
setconfig redir_mod $redir_mod
}
;;
*) errornum ;;
esac
sleep 1
}
set_firewall_vm(){
if [ -n "$vm_ipv4" ]; then
vm_des='当前劫持'
else
vm_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -E 'docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | sed 's/.*inet.//g' | sed 's/ br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ')
vm_des='当前获取到'
fi
echo "-----------------------------------------------"
echo -e "$vm_des的容器/虚拟机网段为:\033[32m$vm_ipv4\033[0m"
echo -e "如未包含容器网段,请先运行容器再运行脚本或者手动设置网段"
echo "-----------------------------------------------"
echo -e " 1 \033[32m启用劫持并使用默认网段\033[0m"
echo -e " 2 \033[36m启用劫持并自定义网段\033[0m"
echo -e " 3 \033[31m禁用劫持\033[0m"
echo -e " 0 返回上级菜单"
echo "-----------------------------------------------"
read -p "请输入对应数字 > " num
case "$num" in
1)
if [ -n "$vm_ipv4" ]; then
vm_redir=ON
else
echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m"
fi
;;
2)
echo -e "多个网段请用空格连接可运行容器后使用【ip route】命令查看网段地址"
echo -e "示例:\033[32m10.88.0.0/16 172.17.0.0/16\033[0m"
read -p "请输入自定义网段 > " text
[ -n "$text" ] && vm_ipv4=$text && vm_redir=ON
;;
3)
vm_redir=OFF
unset vm_ipv4
;;
*) ;;
esac
setconfig vm_redir $vm_redir
setconfig vm_ipv4 "'$vm_ipv4'"
}
# ipv6设置
set_ipv6() {
while true; do
[ -z "$ipv6_redir" ] && ipv6_redir=OFF
[ -z "$ipv6_dns" ] && ipv6_dns=ON
echo "-----------------------------------------------"
echo -e " 1 ipv6透明路由: \033[36m$ipv6_redir\033[0m ——劫持ipv6流量"
[ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析: \033[36m$ipv6_dns\033[0m ——决定内置DNS是否返回ipv6地址"
echo -e " 0 返回上级菜单"
echo "-----------------------------------------------"
read -p "请输入对应数字 > " num
case "$num" in
"" | 0)
break
;;
1)
if [ "$ipv6_redir" = "OFF" ]; then
ipv6_support=ON
ipv6_redir=ON
sleep 2
else
ipv6_redir=OFF
fi
setconfig ipv6_redir $ipv6_redir
setconfig ipv6_support $ipv6_support
;;
2)
[ "$ipv6_dns" = "OFF" ] && ipv6_dns=ON || ipv6_dns=OFF
setconfig ipv6_dns $ipv6_dns
;;
*)
errornum
sleep 1
break
;;
esac
done
}