diff --git a/bin/ShellCrash.tar.gz b/bin/ShellCrash.tar.gz index ead3dbc..29952da 100644 Binary files a/bin/ShellCrash.tar.gz and b/bin/ShellCrash.tar.gz differ diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz index 1cc8923..eb4c56a 100644 Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ diff --git a/bin/public.tar.gz b/bin/public.tar.gz index 4be8543..4fd1cc0 100644 Binary files a/bin/public.tar.gz and b/bin/public.tar.gz differ diff --git a/bin/version b/bin/version index 5fceec1..e8ca99e 100644 --- a/bin/version +++ b/bin/version @@ -5,4 +5,4 @@ meta_v=v1.18.0 singbox_v=1.7.8 GeoIP_v=20240120 -versionsh=1.8.8g +versionsh=1.8.9 diff --git a/scripts/getdate.sh b/scripts/getdate.sh index 46122c7..10c9108 100644 --- a/scripts/getdate.sh +++ b/scripts/getdate.sh @@ -366,13 +366,13 @@ EOF set_singbox_adv(){ #自定义singbox配置文件 echo ----------------------------------------------- echo -e "singbox配置文件中,支持自定义的模块有:\033[0m" - echo -e "\033[32mdns.json inbounds.json outbounds.json route.json\033[0m" + echo -e "\033[32mlog dns ntp inbounds outbounds outbound_providers route experimental\033[0m" echo -e "将相应json文件放入\033[32m$JSONSDIR\033[0m目录后即可在启动时加载" - echo -e "\033[31m自定义的内容不会追加,而是完整替换原配置文件相应模块,请谨慎使用!\033[0m" + echo -e "\033[31m注意:自定义的log dns ntp experimental将完整替换内置设定而非增量合并!\033[0m" echo -e "singbox官方文档:\033[36mhttps://sing-box.sagernet.org/zh/\033[0m" echo ----------------------------------------------- echo -e "Windows下请\n使用\033[33mWinSCP软件\033[0m进行编辑!\033[0m" - echo -e "MacOS下请\n使用\033[33mSecureFX软件\033[0m进行编辑!\033[0m"\ + echo -e "MacOS下请\n使用\033[33mSecureFX软件\033[0m进行编辑!\033[0m" } override(){ #配置文件覆写 [ -z "$rule_link" ] && rule_link=1 @@ -868,9 +868,6 @@ switch_core(){ setconfig geoip_cn_v setconfig geosite_cn_v } - read -p "是否保留$core_old相关配置文件?(1/0) > " res - [ "$res" = '0' ] && [ "$core_old" = "clash" ] && rm -rf ${CRASHDIR}/yamls/* - [ "$res" = '0' ] && [ "$core_old" = "singbox" ] && rm -rf ${CRASHDIR}/jsons/* } if [ "$crashcore" = singbox ];then COMMAND='"$BINDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons"' @@ -1385,31 +1382,40 @@ setdb(){ echo ----------------------------------------------- echo -e "请选择面板\033[33m安装类型:\033[0m" echo ----------------------------------------------- - echo -e " 1 安装\033[32m官方面板\033[0m(约500kb)" - echo -e " 2 安装\033[32mMeta面板\033[0m(约800kb)" - echo -e " 3 安装\033[32mYacd面板\033[0m(约1.1mb)" - echo -e " 4 安装\033[32mYacd-Meta魔改面板\033[0m(约1.5mb)" - echo -e " 5 安装\033[32mMetaXD面板\033[0m(约1.5mb)" - echo -e " 6 卸载\033[33m本地面板\033[0m" + echo -e " 1 安装\033[32mYacd面板\033[0m(约1.1mb)" + echo -e " 2 安装\033[32mYacd-Meta魔改面板\033[0m(约1.5mb)" + echo -e " 3 安装\033[32mMetaXD面板\033[0m(约1.5mb)" + [ "$crashcore" != singbox ] && { + echo -e " 4 安装\033[32m基础面板\033[0m(约500kb)" + echo -e " 5 安装\033[32mMeta基础面板\033[0m(约800kb)" + } + echo -e " 9 卸载\033[33m本地面板\033[0m" echo " 0 返回上级菜单" read -p "请输入对应数字 > " num - if [ "$num" = '1' ]; then - db_type=clashdb - dbdir - elif [ "$num" = '2' ]; then - db_type=meta_db - dbdir - elif [ "$num" = '3' ]; then + case "$num" in + 0) ;; + 1) db_type=yacd dbdir - elif [ "$num" = '4' ]; then + ;; + 2) db_type=meta_yacd dbdir - elif [ "$num" = '5' ]; then + ;; + 3) db_type=meta_xd dbdir - elif [ "$num" = '6' ]; then + ;; + 4) + db_type=clashdb + dbdir + ;; + 5) + db_type=meta_db + dbdir + ;; + 9) read -p "确认卸载本地面板?(1/0) > " res if [ "$res" = 1 ];then rm -rf /www/clash @@ -1419,9 +1425,11 @@ setdb(){ echo -e "\033[31m面板已经卸载!\033[0m" sleep 1 fi - else + ;; + *) errornum - fi + ;; + esac } getcrt(){ @@ -1722,8 +1730,10 @@ userguide(){ elif [ "$num" = 1 ];then #设置运行模式 redir_mod="Redir模式" - ckcmd nft && redir_mod="Nft基础" - modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合" + ckcmd nft && { + redir_mod="Nft基础" + modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合" + } setconfig redir_mod "$redir_mod" #自动识别IPV6 [ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && { @@ -1999,4 +2009,4 @@ case "$1" in *) $1 ;; -esac \ No newline at end of file +esac diff --git a/scripts/init.sh b/scripts/init.sh index ad9e708..453b2b5 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -1,7 +1,7 @@ #!/bin/sh # Copyright (C) Juewuy -version=1.8.8g +version=1.8.9 setdir(){ dir_avail(){ @@ -160,13 +160,13 @@ else [ -w /etc/systemd/system ] && sysdir=/etc/systemd/system if [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then #创建shellcrash用户并赋予root权限 - sed -i '/0:7890/d' /etc/passwd if type userdel useradd groupmod; then userdel shellcrash 2>/dev/null useradd shellcrash -u 7890 2>/dev/null groupmod shellcrash -g 7890 2>/dev/null sed -Ei s/7890:7890/0:7890/g /etc/passwd else + sed -i '/0:7890/d' /etc/passwd echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd fi #配置systemd @@ -285,6 +285,8 @@ for file in cron task.sh task.list;do done chmod 755 ${CRASHDIR}/task/task.sh #旧版文件清理 +userdel shellclash &>/dev/null +sed -i '/0:7890/d' /etc/passwd rm -rf /etc/init.d/clash [ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash for file in clash.sh shellcrash.rc core.new clashservice log shellcrash.service mark? mark.bak;do diff --git a/scripts/menu.sh b/scripts/menu.sh index 7edf484..f244da8 100644 --- a/scripts/menu.sh +++ b/scripts/menu.sh @@ -49,7 +49,7 @@ ckstatus(){ [ -f ${CRASHDIR}/ui/index.html ] && dbdir=${CRASHDIR}/ui && hostdir=":$db_port/ui" [ -f /www/clash/index.html ] && dbdir=/www/clash && hostdir=/clash #开机自启检测 - if [ -f /etc/rc.common ];then + if [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then [ -n "$(find /etc/rc.d -name '*shellcrash')" ] && autostart=enable || autostart=disable elif ckcmd systemctl;then [ "$(systemctl is-enabled shellcrash.service 2>&1)" = enabled ] && autostart=enable || autostart=disable @@ -910,7 +910,7 @@ macfilter(){ #局域网设备过滤 } localproxy(){ #本机代理 [ -w /etc/systemd/system/shellcrash.service -o -w /usr/lib/systemd/system/shellcrash.service -o -x /bin/su ] && local_enh=1 - [ -f /etc/rc.common -a -w /etc/passwd ] && local_enh=1 + [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && [ -w /etc/passwd ] && local_enh=1 echo ----------------------------------------------- [ -n "$local_enh" ] && { ckcmd iptables && [ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)" @@ -975,7 +975,7 @@ setboot(){ #启动相关设置 autostart=disable echo -e "\033[33m已禁止Clash开机启动!\033[0m" elif [ "$autostart" = "disable" ]; then - [ -f /etc/rc.common ] && /etc/init.d/shellcrash enable + [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable ckcmd systemctl && systemctl enable shellcrash.service > /dev/null 2>&1 rm -rf ${CRASHDIR}/.dis_startup autostart=enable diff --git a/scripts/start.sh b/scripts/start.sh index f9a2003..d44334e 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -211,7 +211,7 @@ check_clash_config(){ #检查clash配置文件 echo ----------------------------------------------- exit 1 fi - #检测并去除无效节点组 + #检测并去除无效策略组 [ -n "$url_type" ] && ckcmd xargs && { cat $core_config_new | sed '/^rules:/,$d' | grep -A 15 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/- //g' | grep -E '#DIRECT $|#DIRECT$' | awk -F '#' '{print $1}' > ${TMPDIR}/clash_proxies_$USER while read line ;do @@ -222,19 +222,31 @@ check_clash_config(){ #检查clash配置文件 } } check_singbox_config(){ #检查singbox配置文件 - #使用核心内置format功能检测并格式化 - if [ -x ${BINDIR}/CrashCore ];then - echo -e "\033[36m已获取配置文件,正在调用内核检查文件可用性!\033[0m" - ${BINDIR}/CrashCore format -c $core_config_new > ${TMPDIR}/format.json - if [ "$?" != "0" ];then - logger "配置文件加载失败!请查看报错信息!" 31 - ${BINDIR}/CrashCore check -c $core_config_new - echo "$($BINDIR/CrashCore check -c $core_config_new)" >> ${TMPDIR}/ShellCrash.log - exit 1 - else - mv -f ${TMPDIR}/format.json $core_config_new - fi + #检测节点或providers + if [ -z "$(cat $core_config_new | grep -Eo '"server":|"outbound_providers":' )" ];then + echo ----------------------------------------------- + logger "获取到了配置文件【$core_config_new】,但似乎并不包含正确的节点信息!" 31 + exit 1 fi + #检测SSR节点 + if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then + echo ----------------------------------------------- + logger "singbox主干已移除对SSR相关协议的支持,请使用clash系内核或者PuerNya分支!" 33 + fi + #检测并去除无效策略组 + [ -n "$url_type" ] && { + #获得无效策略组名称 + grep -oE '\{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\]' $core_config_new | sed -n 's/.*"tag":"\([^"]*\)".*/\1/p' > ${TMPDIR}/singbox_tags + #删除策略组 + sed -i 's/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\]}//g; s/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\],"url":"[^"]*","interval":"[^"]*","tolerance":[^}]*}//g' $core_config_new + #删除全部包含策略组名称的规则 + while read line ;do + sed -i "s/\"$line\"//g" $core_config_new + done < ${TMPDIR}/singbox_tags + rm -rf ${TMPDIR}/singbox_tags + #删除多余逗号 + sed -i 's/,\+/,/g; s/\[,/\[/g; s/,]/]/g' $core_config_new + } } get_core_config(){ #下载内核配置文件 getconfig @@ -724,12 +736,17 @@ EOF sed -i 's/^ },$/ } }/' ${TMPDIR}/jsons/route.json #加载自定义配置文件 mkdir -p ${TMPDIR}/jsons_base - for char in log dns ntp inbounds outbounds route experimental;do + for char in log dns ntp experimental;do [ -s ${CRASHDIR}/jsons/${char}.json ] && { ln -s ${CRASHDIR}/jsons/${char}.json ${TMPDIR}/jsons/cust_${char}.json mv -f ${TMPDIR}/jsons/${char}.json ${TMPDIR}/jsons_base #如果重复则临时备份 } done + for char in inbounds outbounds outbound_providers route;do + [ -s ${CRASHDIR}/jsons/${char}.json ] && { + ln -s ${CRASHDIR}/jsons/${char}.json ${TMPDIR}/jsons/cust_${char}.json + } + done #测试自定义配置文件 error=$(${BINDIR}/CrashCore check -D ${BINDIR} -C ${TMPDIR}/jsons 2>&1 | grep -Eo 'cust.*\.json' | sed 's/cust_//g' ) if [ -n "$error" ];then @@ -794,7 +811,7 @@ start_redir(){ #iptables-redir iptables -t nat -A shellcrash -d $ip -j RETURN done #绕过CN_IP - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \ iptables -t nat -A shellcrash -m set --match-set cn_ip dst -j RETURN 2>/dev/null #局域网设备过滤 if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then @@ -820,7 +837,7 @@ start_redir(){ #iptables-redir ip6tables -t nat -A shellcrashv6 -d $ip -j RETURN done #绕过CN_IPV6 - [ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && \ ip6tables -t nat -A shellcrashv6 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null #局域网设备过滤 if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then @@ -895,7 +912,7 @@ start_tproxy(){ #iptables-tproxy iptables -t mangle -A shellcrash -d $ip -j RETURN done #绕过CN_IP - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \ iptables -t mangle -A shellcrash -m set --match-set cn_ip dst -j RETURN 2>/dev/null #tcp&udp分别进代理链 tproxy_set(){ @@ -920,7 +937,7 @@ start_tproxy(){ #iptables-tproxy #屏蔽QUIC [ "$quic_rj" = 已启用 ] && { - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 } #设置ipv6转发 @@ -933,7 +950,7 @@ start_tproxy(){ #iptables-tproxy ip6tables -t mangle -A shellcrashv6 -d $ip -j RETURN done #绕过CN_IPV6 - [ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && \ ip6tables -t mangle -A shellcrashv6 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null #tcp&udp分别进代理链 tproxy_set6(){ @@ -959,7 +976,7 @@ start_tproxy(){ #iptables-tproxy #屏蔽QUIC [ "$quic_rj" = 已启用 ] && { - [ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' + [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' ip6tables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2>/dev/null } } @@ -974,7 +991,7 @@ start_output(){ #iptables本机代理 iptables -t nat -A shellcrash_out -d $ip -j RETURN done #绕过CN_IP - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \ iptables -t nat -A shellcrash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #仅允许本机流量 for ip in 127.0.0.0/8 $local_ipv4;do @@ -1008,7 +1025,7 @@ start_tun(){ #iptables-tun ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1 #屏蔽QUIC if [ "$quic_rj" = 已启用 ];then - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && { + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && { set_cn_ip='-m set ! --match-set cn_ip dst' set_cn_ip6='-m set ! --match-set cn_ip6 dst' } @@ -1033,7 +1050,7 @@ start_tun(){ #iptables-tun #防止回环 iptables -t mangle -A shellcrash -s 198.18.0.0/16 -j RETURN #绕过CN_IP - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && \ iptables -t mangle -A shellcrash -m set --match-set cn_ip dst -j RETURN 2>/dev/null #局域网设备过滤 if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then @@ -1062,7 +1079,7 @@ start_tun(){ #iptables-tun ip6tables -t mangle -A shellcrashv6 -d $ip -j RETURN done #绕过CN_IPV6 - [ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && \ + [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && \ ip6tables -t mangle -A shellcrashv6 -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null #局域网设备过滤 if [ "$macfilter_type" = "白名单" -a -n "$(cat ${CRASHDIR}/configs/mac)" ];then @@ -1228,7 +1245,7 @@ stop_firewall(){ #还原防火墙配置 iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null iptables -D FORWARD -s 198.18.0.0/16 -o utun -j RETURN 2> /dev/null #屏蔽QUIC - [ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst' iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null #本机代理 @@ -1277,7 +1294,7 @@ stop_firewall(){ #还原防火墙配置 ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null ip6tables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" -j REJECT >/dev/null 2>&1 #屏蔽QUIC - [ "$dns_mod" = "redir_host" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' + [ "$dns_mod" != "fake-ip" -a "$cn_ipv6_route" = "已开启" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst' iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2> /dev/null iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT 2> /dev/null #公网访问 @@ -1499,11 +1516,6 @@ clash_check(){ #clash启动前检查 fi } singbox_check(){ #singbox启动前检查 - #检测SSR节点 - if [ -n "$(cat $core_config | grep -oE '"shadowsocksr"')" ];then - echo ----------------------------------------------- - logger "singbox以移除对SSR相关协议的支持,请使用clash系内核或者PuerNya分支!" 33 - fi core_check #预下载GeoIP数据库 if [ ! -f ${BINDIR}/geoip.db ];then @@ -1594,8 +1606,8 @@ afstart(){ #启动后 } #设置DNS转发 start_dns(){ - [ "$dns_mod" = "redir_host" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route - [ "$ipv6_redir" = "已开启" ] && [ "$dns_mod" = "redir_host" ] && [ "$cn_ipv6_route" = "已开启" ] && cn_ipv6_route + [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route + [ "$ipv6_redir" = "已开启" ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ipv6_route" = "已开启" ] && cn_ipv6_route if [ "$dns_no" != "已禁用" ];then if [ "$dns_redir" != "已开启" ];then [ -n "$(echo $redir_mod|grep Nft)" ] && start_nft_dns || start_ipt_dns