v1.8.9

~适配singbox自定义规则
~适配singbox在线生成配置文件时的自动去除无效策略组功能
~singbox配置文件修饰方式及执行方式调整，可更友好的自定义json模块
~移除了切换singbox内核时是否保留clash配置文件的提醒
~优化了面板下载，在使用singbox内核时屏蔽基础面板的下载
~修复mix模式下cn绕过功能未能实际生效的bug
~修复部分未安装nftables的设备新手引导设置nft模式的bug
~修复用户组相关报错bug
~修复部分旧设备无法正确显示开机启动的bug

bin/version

@@ -5,4 +5,4 @@ meta_v=v1.18.0
 
 singbox_v=1.7.8
 GeoIP_v=20240120
-versionsh=1.8.8g
+versionsh=1.8.9

scripts/getdate.sh

@@ -366,13 +366,13 @@ EOF
 set_singbox_adv(){ #自定义singbox配置文件
 		echo -----------------------------------------------
 		echo -e "singbox配置文件中，支持自定义的模块有：\033[0m"
-		echo -e "\033[32mdns.json inbounds.json outbounds.json route.json\033[0m"
+		echo -e "\033[32mlog dns ntp inbounds outbounds outbound_providers route experimental\033[0m"
 		echo -e "将相应json文件放入\033[32m$JSONSDIR\033[0m目录后即可在启动时加载"
-		echo -e "\033[31m自定义的内容不会追加，而是完整替换原配置文件相应模块，请谨慎使用！\033[0m"
+		echo -e "\033[31m注意：自定义的log dns ntp experimental将完整替换内置设定而非增量合并！\033[0m"
 		echo -e "singbox官方文档：\033[36mhttps://sing-box.sagernet.org/zh/\033[0m"
 		echo -----------------------------------------------
 		echo -e "Windows下请\n使用\033[33mWinSCP软件\033[0m进行编辑！\033[0m"
-		echo -e "MacOS下请\n使用\033[33mSecureFX软件\033[0m进行编辑！\033[0m"\
+		echo -e "MacOS下请\n使用\033[33mSecureFX软件\033[0m进行编辑！\033[0m"
 }
 override(){ #配置文件覆写
 	[ -z "$rule_link" ] && rule_link=1
@@ -868,9 +868,6 @@ switch_core(){
 			 setconfig geoip_cn_v
 			 setconfig geosite_cn_v
 		}
-		read -p "是否保留$core_old相关配置文件？(1/0) > " res
-		[ "$res" = '0' ] && [ "$core_old" = "clash" ] && rm -rf ${CRASHDIR}/yamls/*
-		[ "$res" = '0' ] && [ "$core_old" = "singbox" ] && rm -rf ${CRASHDIR}/jsons/*	
 	}
 	if [ "$crashcore" = singbox ];then
 		COMMAND='"$BINDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons"'
@@ -1385,31 +1382,40 @@ setdb(){
 	echo -----------------------------------------------
 	echo -e "请选择面板\033[33m安装类型：\033[0m"
 	echo -----------------------------------------------
-	echo -e " 1 安装\033[32m官方面板\033[0m(约500kb)"
-	echo -e " 2 安装\033[32mMeta面板\033[0m(约800kb)"
-	echo -e " 3 安装\033[32mYacd面板\033[0m(约1.1mb)"
-	echo -e " 4 安装\033[32mYacd-Meta魔改面板\033[0m(约1.5mb)"
-	echo -e " 5 安装\033[32mMetaXD面板\033[0m(约1.5mb)"
-	echo -e " 6 卸载\033[33m本地面板\033[0m"
+	echo -e " 1 安装\033[32mYacd面板\033[0m(约1.1mb)"
+	echo -e " 2 安装\033[32mYacd-Meta魔改面板\033[0m(约1.5mb)"
+	echo -e " 3 安装\033[32mMetaXD面板\033[0m(约1.5mb)"
+	[ "$crashcore" != singbox ] && {
+		echo -e " 4 安装\033[32m基础面板\033[0m(约500kb)"
+		echo -e " 5 安装\033[32mMeta基础面板\033[0m(约800kb)"
+	}
+	echo -e " 9 卸载\033[33m本地面板\033[0m"
 	echo " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 
-	if [ "$num" = '1' ]; then
-		db_type=clashdb
-		dbdir
-	elif [ "$num" = '2' ]; then
-		db_type=meta_db
-		dbdir
-	elif [ "$num" = '3' ]; then
+	case "$num" in
+	0) ;;
+	1)
 		db_type=yacd
 		dbdir
-	elif [ "$num" = '4' ]; then
+	;;
+	2)
 		db_type=meta_yacd
 		dbdir
-	elif [ "$num" = '5' ]; then
+	;;
+	3)
 		db_type=meta_xd
 		dbdir
-	elif [ "$num" = '6' ]; then
+	;;
+	4)
+		db_type=clashdb
+		dbdir
+	;;
+	5)
+		db_type=meta_db
+		dbdir
+	;;
+	9)
 		read -p "确认卸载本地面板？(1/0) > " res
 		if [ "$res" = 1 ];then
 			rm -rf /www/clash
@@ -1419,9 +1425,11 @@ setdb(){
 			echo -e "\033[31m面板已经卸载！\033[0m"
 			sleep 1
 		fi
-	else
+	;;
+	*)
 		errornum
-	fi
+	;;
+	esac
 }
 
 getcrt(){
@@ -1722,8 +1730,10 @@ userguide(){
 		elif [ "$num" = 1 ];then
 			#设置运行模式
 			redir_mod="Redir模式"
-			ckcmd nft && redir_mod="Nft基础"
-			modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合"
+			ckcmd nft && {
+				redir_mod="Nft基础"
+				modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合"
+			}
 			setconfig redir_mod "$redir_mod"
 			#自动识别IPV6
 			[ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && {
@@ -1999,4 +2009,4 @@ case "$1" in
 	*)
 		$1
 	;;
-esac
+esac

scripts/init.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-version=1.8.8g
+version=1.8.9
 
 setdir(){
 	dir_avail(){
@@ -160,13 +160,13 @@ else
 	[ -w /etc/systemd/system ] && sysdir=/etc/systemd/system
 	if [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
 		#创建shellcrash用户并赋予root权限
-		sed -i '/0:7890/d' /etc/passwd
 		if type userdel useradd groupmod; then
 			userdel shellcrash 2>/dev/null
 			useradd shellcrash -u 7890 2>/dev/null
 			groupmod shellcrash -g 7890 2>/dev/null
 			sed -Ei s/7890:7890/0:7890/g /etc/passwd
 		else
+			sed -i '/0:7890/d' /etc/passwd
 			echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
 		fi
 		#配置systemd
@@ -285,6 +285,8 @@ for file in cron task.sh task.list;do
 done
 chmod 755 ${CRASHDIR}/task/task.sh
 #旧版文件清理
+userdel shellclash &>/dev/null
+sed -i '/0:7890/d' /etc/passwd
 rm -rf /etc/init.d/clash
 [ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash
 for file in clash.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do

scripts/menu.sh

@@ -49,7 +49,7 @@ ckstatus(){
 	[ -f ${CRASHDIR}/ui/index.html ] && dbdir=${CRASHDIR}/ui && hostdir=":$db_port/ui"
 	[ -f /www/clash/index.html ] && dbdir=/www/clash && hostdir=/clash
 	#开机自启检测
-	if [ -f /etc/rc.common ];then
+	if [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
 		[ -n "$(find /etc/rc.d -name '*shellcrash')" ] && autostart=enable || autostart=disable
 	elif ckcmd systemctl;then
 		[ "$(systemctl is-enabled shellcrash.service 2>&1)" = enabled ] && autostart=enable || autostart=disable
@@ -910,7 +910,7 @@ macfilter(){ #局域网设备过滤
 }
 localproxy(){ #本机代理
 	[ -w /etc/systemd/system/shellcrash.service -o -w /usr/lib/systemd/system/shellcrash.service -o -x /bin/su ] && local_enh=1
-	[ -f /etc/rc.common -a -w /etc/passwd ] && local_enh=1
+	[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && [ -w /etc/passwd ] && local_enh=1
 	echo -----------------------------------------------
 	[ -n "$local_enh" ] && {
 		ckcmd iptables && [ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
@@ -975,7 +975,7 @@ setboot(){ #启动相关设置
 			autostart=disable
 			echo -e "\033[33m已禁止Clash开机启动！\033[0m"
 		elif [ "$autostart" = "disable" ]; then
-			[ -f /etc/rc.common ] && /etc/init.d/shellcrash enable
+			[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
 			ckcmd systemctl && systemctl enable shellcrash.service > /dev/null 2>&1
 			rm -rf ${CRASHDIR}/.dis_startup
 			autostart=enable

scripts/start.sh

@@ -211,7 +211,7 @@ check_clash_config(){ #检查clash配置文件
 		echo -----------------------------------------------
 		exit 1
 	fi
-	#检测并去除无效节点组
+	#检测并去除无效策略组
 	[ -n "$url_type" ] && ckcmd xargs && {
 		cat $core_config_new | sed '/^rules:/,$d' | grep -A 15 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/- //g' | grep -E '#DIRECT $|#DIRECT$' | awk -F '#' '{print $1}' > ${TMPDIR}/clash_proxies_$USER
 		while read line ;do
@@ -222,19 +222,31 @@ check_clash_config(){ #检查clash配置文件
 	}
 }
 check_singbox_config(){ #检查singbox配置文件
-	#使用核心内置format功能检测并格式化
-	if [ -x ${BINDIR}/CrashCore ];then
-		echo -e "\033[36m已获取配置文件，正在调用内核检查文件可用性！\033[0m"
-		${BINDIR}/CrashCore format -c $core_config_new > ${TMPDIR}/format.json
-		if [ "$?" != "0" ];then
-			logger "配置文件加载失败！请查看报错信息！" 31
-			${BINDIR}/CrashCore check -c $core_config_new
-			echo "$($BINDIR/CrashCore check -c $core_config_new)" >> ${TMPDIR}/ShellCrash.log
-			exit 1
-		else
-			mv -f ${TMPDIR}/format.json $core_config_new
-		fi
+	#检测节点或providers
+	if [ -z "$(cat $core_config_new | grep -Eo '"server":|"outbound_providers":' )" ];then
+		echo -----------------------------------------------
+		logger "获取到了配置文件【$core_config_new】，但似乎并不包含正确的节点信息！" 31
+		exit 1
 	fi
+	#检测SSR节点
+	if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then
+		echo -----------------------------------------------
+		logger "singbox主干已移除对SSR相关协议的支持，请使用clash系内核或者PuerNya分支！" 33
+	fi
+	#检测并去除无效策略组
+	[ -n "$url_type" ] && {
+		#获得无效策略组名称
+		grep -oE '\{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\]' $core_config_new | sed -n 's/.*"tag":"\([^"]*\)".*/\1/p' > ${TMPDIR}/singbox_tags
+		#删除策略组
+		sed -i 's/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\]}//g; s/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\],"url":"[^"]*","interval":"[^"]*","tolerance":[^}]*}//g' $core_config_new
+		#删除全部包含策略组名称的规则
+		while read line ;do
+			sed -i "s/\"$line\"//g" $core_config_new
+		done < ${TMPDIR}/singbox_tags
+		rm -rf ${TMPDIR}/singbox_tags
+		#删除多余逗号
+		sed -i 's/,\+/,/g; s/\[,/\[/g; s/,]/]/g' $core_config_new
+	} 
 }
 get_core_config(){ #下载内核配置文件
 	getconfig
@@ -724,12 +736,17 @@ EOF
 	sed -i 's/^  },$/  } }/' ${TMPDIR}/jsons/route.json
 	#加载自定义配置文件
 	mkdir -p ${TMPDIR}/jsons_base
-	for char in log dns ntp inbounds outbounds route experimental;do
+	for char in log dns ntp experimental;do
 		[ -s ${CRASHDIR}/jsons/${char}.json ] && {
 			ln -s ${CRASHDIR}/jsons/${char}.json ${TMPDIR}/jsons/cust_${char}.json
 			mv -f ${TMPDIR}/jsons/${char}.json ${TMPDIR}/jsons_base #如果重复则临时备份
 		}
 	done
+	for char in inbounds outbounds outbound_providers route;do
+		[ -s ${CRASHDIR}/jsons/${char}.json ] && {
+			ln -s ${CRASHDIR}/jsons/${char}.json ${TMPDIR}/jsons/cust_${char}.json
+		}
+	done
 	#测试自定义配置文件
 	error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 | grep -Eo 'cust.*\.json' | sed 's/cust_//g' )
 	if [ -n "$error" ];then
@@ -794,7 +811,7 @@ start_redir(){ #iptables-redir
 		iptables -t nat -A shellcrash -d $ip -j RETURN
 	done
 	#绕过CN_IP
-	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+	[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \
 	iptables -t nat -A shellcrash -m set --match-set cn_ip dst -j RETURN 2>/dev/null
 	#局域网设备过滤
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then
@@ -820,7 +837,7 @@ start_redir(){ #iptables-redir
 			ip6tables -t nat -A shellcrashv6 -d $ip -j RETURN
 		done
 		#绕过CN_IPV6
-		[ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && \
+		[ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && \
 		ip6tables -t nat -A shellcrashv6 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
 		#局域网设备过滤
 		if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then
@@ -895,7 +912,7 @@ start_tproxy(){ #iptables-tproxy
 		iptables -t mangle -A shellcrash -d $ip -j RETURN
 	done
 	#绕过CN_IP
-	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+	[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \
 	iptables -t mangle -A shellcrash -m set --match-set cn_ip dst -j RETURN 2>/dev/null
 	#tcp&udp分别进代理链
 	tproxy_set(){
@@ -920,7 +937,7 @@ start_tproxy(){ #iptables-tproxy
 	
 	#屏蔽QUIC
 	[ "$quic_rj" = 已启用 ] && {
-		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
+		[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
 		iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	}
 	#设置ipv6转发
@@ -933,7 +950,7 @@ start_tproxy(){ #iptables-tproxy
 			ip6tables -t mangle -A shellcrashv6 -d $ip -j RETURN
 		done
 		#绕过CN_IPV6
-		[ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && \
+		[ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && \
 		ip6tables -t mangle -A shellcrashv6 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
 		#tcp&udp分别进代理链
 		tproxy_set6(){
@@ -959,7 +976,7 @@ start_tproxy(){ #iptables-tproxy
 		
 		#屏蔽QUIC
 		[ "$quic_rj" = 已启用 ] && {
-			[ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
+			[ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
 			ip6tables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null
 		}	
 	}
@@ -974,7 +991,7 @@ start_output(){ #iptables本机代理
 		iptables -t nat -A shellcrash_out -d $ip -j RETURN
 	done
 	#绕过CN_IP
-	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+	[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \
 	iptables -t nat -A shellcrash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 
 	#仅允许本机流量
 	for ip in 127.0.0.0/8 $local_ipv4;do 
@@ -1008,7 +1025,7 @@ start_tun(){ #iptables-tun
 	ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1
 	#屏蔽QUIC
 	if [ "$quic_rj" = 已启用 ];then
-		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && {
+		[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && {
 			set_cn_ip='-m set ! --match-set cn_ip dst'
 			set_cn_ip6='-m set ! --match-set cn_ip6 dst'
 		}
@@ -1033,7 +1050,7 @@ start_tun(){ #iptables-tun
 		#防止回环
 		iptables -t mangle -A shellcrash -s 198.18.0.0/16 -j RETURN
 		#绕过CN_IP
-		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+		[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \
 		iptables -t mangle -A shellcrash -m set --match-set cn_ip dst -j RETURN 2>/dev/null
 		#局域网设备过滤
 		if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then
@@ -1062,7 +1079,7 @@ start_tun(){ #iptables-tun
 				ip6tables -t mangle -A shellcrashv6 -d $ip -j RETURN
 			done
 			#绕过CN_IPV6
-			[ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && \
+			[ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && \
 			ip6tables -t mangle -A shellcrashv6 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
 			#局域网设备过滤
 			if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then
@@ -1228,7 +1245,7 @@ stop_firewall(){ #还原防火墙配置
 		iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
 		iptables -D FORWARD -s 198.18.0.0/16 -o utun -j RETURN 2> /dev/null
 		#屏蔽QUIC
-		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
+		[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
 		iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
 		iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
 		#本机代理
@@ -1277,7 +1294,7 @@ stop_firewall(){ #还原防火墙配置
 		ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null
 		ip6tables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" -j REJECT >/dev/null 2>&1
 		#屏蔽QUIC
-		[ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
+		[ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
 		iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2> /dev/null
 		iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2> /dev/null
 		#公网访问
@@ -1499,11 +1516,6 @@ clash_check(){ #clash启动前检查
 	fi
 }
 singbox_check(){ #singbox启动前检查
-	#检测SSR节点
-	if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then
-		echo -----------------------------------------------
-		logger "singbox以移除对SSR相关协议的支持，请使用clash系内核或者PuerNya分支！" 33
-	fi
 	core_check
 	#预下载GeoIP数据库
 	if [ ! -f ${BINDIR}/geoip.db ];then
@@ -1594,8 +1606,8 @@ afstart(){ #启动后
 	}
 	#设置DNS转发
 	start_dns(){
-		[ "$dns_mod" = "redir_host" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route
-		[ "$ipv6_redir" = "已开启" ] && [ "$dns_mod" = "redir_host" ] && [ "$cn_ipv6_route" = "已开启" ] && cn_ipv6_route
+		[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route
+		[ "$ipv6_redir" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && cn_ipv6_route
 		if [ "$dns_no" != "已禁用" ];then
 			if [ "$dns_redir" != "已开启" ];then
 				[ -n "$(echo $redir_mod|grep Nft)" ] && start_nft_dns || start_ipt_dns