xm/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

~优化nftables检测机制

Browse Source 
~优化小闪存模式内存占用
~修复并屏蔽因部分linux系统不支持&>写法而导致的大量无效输出
~修复singbox的ntp服务
~尝试修复部分linux设备因selinux导致使用systemd启动服务失败的问题
~优化crash -d命令debug功能
This commit is contained in:
juewuy
2024-02-04 16:55:06 +08:00
parent 905bcc8769
commit a6c254e183
5 changed files with 58 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/getdate.sh
View File

@@ -7,7 +7,7 @@ error_down(){
sleep 1 sleep 1
} }
dir_avail(){ dir_avail(){
df -h &>/dev/null && h=$2 df -h >/dev/null 2>&1 && h=$2
df $h $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep -E 'Ava|可用' |awk '{print $2}' df $h $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep -E 'Ava|可用' |awk '{print $2}'
} }
@@ -1819,7 +1819,7 @@ userguide(){
redir_mod="Redir模式" redir_mod="Redir模式"
ckcmd nft && { ckcmd nft && {
redir_mod="Nft基础" redir_mod="Nft基础"
modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合" modprobe nft_tproxy >/dev/null 2>&1 && redir_mod="Nft混合"
} }
setconfig redir_mod "$redir_mod" setconfig redir_mod "$redir_mod"
#自动识别IPV6 #自动识别IPV6
@@ -1975,7 +1975,7 @@ debug(){
$CRASHDIR/start.sh bfstart $CRASHDIR/start.sh bfstart
if [ "$crashcore" = singbox -o "$crashcore" = singboxp ] ;then if [ "$crashcore" = singbox -o "$crashcore" = singboxp ] ;then
$TMPDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons & $TMPDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons &
{ sleep 4 ; kill $! &>/dev/null & } { sleep 4 ; kill $! >/dev/null 2>&1 & }
wait wait
else else
$TMPDIR/CrashCore -t -d $BINDIR -f $TMPDIR/config.yaml $TMPDIR/CrashCore -t -d $BINDIR -f $TMPDIR/config.yaml
@@ -2091,7 +2091,7 @@ testcommand(){
exit; exit;
elif [ "$num" = 6 ]; then elif [ "$num" = 6 ]; then
echo "注意依赖curl(不支持wget),且测试结果不保证一定准确!" echo "注意依赖curl(不支持wget),且测试结果不保证一定准确!"
delay=`curl -kx ${authentication}@127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! &>/dev/null & }` > /dev/null 2>&1 delay=`curl -kx ${authentication}@127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! >/dev/null 2>&1 & }` > /dev/null 2>&1
delay=`echo |awk "{print $delay*1000}"` > /dev/null 2>&1 delay=`echo |awk "{print $delay*1000}"` > /dev/null 2>&1
echo ----------------------------------------------- echo -----------------------------------------------
if [ `echo ${#delay}` -gt 1 ];then if [ `echo ${#delay}` -gt 1 ];then

12
scripts/init.sh
View File

@@ -162,8 +162,8 @@ else
#创建shellcrash用户 #创建shellcrash用户
sed -i '/0:7890/d' /etc/passwd sed -i '/0:7890/d' /etc/passwd
sed -i '/x:7890/d' /etc/group sed -i '/x:7890/d' /etc/group
if type useradd &>/dev/null; then if type useradd >/dev/null 2>&1; then
useradd shellcrash -u 7890 useradd shellcrash -u 7890 2>/dev/null
sed -Ei s/7890:7890/0:7890/g /etc/passwd sed -Ei s/7890:7890/0:7890/g /etc/passwd
else else
echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
@@ -178,7 +178,7 @@ else
setconfig start_old 已开启 setconfig start_old 已开启
fi fi
#修饰文件及版本号 #修饰文件及版本号
command -v bash &>/dev/null && shtype=bash || shtype=sh command -v bash >/dev/null 2>&1 && shtype=bash || shtype=sh
for file in start.sh task.sh ;do for file in start.sh task.sh ;do
sed -i "s|/bin/sh|/bin/$shtype|" ${CRASHDIR}/${file} sed -i "s|/bin/sh|/bin/$shtype|" ${CRASHDIR}/${file}
chmod 755 ${CRASHDIR}/${file} chmod 755 ${CRASHDIR}/${file}
@@ -212,7 +212,7 @@ if [ -n "$profile" ];then
echo "alias clash=\"$shtype $CRASHDIR/menu.sh\"" >> $profile #设置快捷命令环境变量 echo "alias clash=\"$shtype $CRASHDIR/menu.sh\"" >> $profile #设置快捷命令环境变量
sed -i '/export CRASHDIR=*/'d $profile sed -i '/export CRASHDIR=*/'d $profile
echo "export CRASHDIR=\"$CRASHDIR\"" >> $profile #设置路径环境变量 echo "export CRASHDIR=\"$CRASHDIR\"" >> $profile #设置路径环境变量
source $profile &>/dev/null || echo 运行错误请使用bash而不是dash运行安装命令 source $profile >/dev/null 2>&1 || echo 运行错误请使用bash而不是dash运行安装命令
#适配zsh环境变量 #适配zsh环境变量
[ -n "$(cat /etc/shells 2>/dev/null|grep -oE 'zsh')" ] && [ -z "$(cat ~/.zshrc 2>/dev/null|grep CRASHDIR)" ] && { [ -n "$(cat /etc/shells 2>/dev/null|grep -oE 'zsh')" ] && [ -z "$(cat ~/.zshrc 2>/dev/null|grep CRASHDIR)" ] && {
sed -i '/alias crash=*/'d ~/.zshrc sed -i '/alias crash=*/'d ~/.zshrc
@@ -222,7 +222,7 @@ if [ -n "$profile" ];then
echo "alias clash=\"$shtype $CRASHDIR/menu.sh\"" >> ~/.zshrc echo "alias clash=\"$shtype $CRASHDIR/menu.sh\"" >> ~/.zshrc
sed -i '/export CRASHDIR=*/'d ~/.zshrc sed -i '/export CRASHDIR=*/'d ~/.zshrc
echo "export CRASHDIR=\"$CRASHDIR\"" >> ~/.zshrc echo "export CRASHDIR=\"$CRASHDIR\"" >> ~/.zshrc
source ~/.zshrc &>/dev/null source ~/.zshrc >/dev/null 2>&1
} }
else else
echo -e "\033[33m无法写入环境变量请检查安装权限\033[0m" echo -e "\033[33m无法写入环境变量请检查安装权限\033[0m"
@@ -286,7 +286,7 @@ for file in cron task.sh task.list;do
done done
chmod 755 ${CRASHDIR}/task/task.sh chmod 755 ${CRASHDIR}/task/task.sh
#旧版文件清理 #旧版文件清理
userdel shellclash &>/dev/null userdel shellclash >/dev/null 2>&1
sed -i '/shellclash/d' /etc/passwd sed -i '/shellclash/d' /etc/passwd
sed -i '/shellclash/d' /etc/group sed -i '/shellclash/d' /etc/group
rm -rf /etc/init.d/clash rm -rf /etc/init.d/clash

26
scripts/menu.sh
View File

@@ -5,8 +5,8 @@ CFG_PATH=${CRASHDIR}/configs/ShellCrash.cfg
YAMLSDIR=${CRASHDIR}/yamls YAMLSDIR=${CRASHDIR}/yamls
JSONSDIR=${CRASHDIR}/jsons JSONSDIR=${CRASHDIR}/jsons
#加载执行目录,失败则初始化 #加载执行目录,失败则初始化
source ${CRASHDIR}/configs/command.env &>/dev/null source ${CRASHDIR}/configs/command.env >/dev/null 2>&1
[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh &>/dev/null [ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh >/dev/null 2>&1
[ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR} [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR}
[ -n "$(tar --help 2>&1|grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容 [ -n "$(tar --help 2>&1|grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容
@@ -17,7 +17,7 @@ setconfig(){
[ -n "$(grep "${1}=" "$configpath")" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath [ -n "$(grep "${1}=" "$configpath")" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
} }
ckcmd(){ ckcmd(){
command -v sh &>/dev/null && command -v $1 &>/dev/null || type $1 &>/dev/null command -v sh >/dev/null 2>&1 && command -v $1 >/dev/null 2>&1 || type $1 >/dev/null 2>&1
} }
#脚本启动前检查 #脚本启动前检查
@@ -25,9 +25,9 @@ ckstatus(){
#检查/读取脚本配置文件 #检查/读取脚本配置文件
if [ -f $CFG_PATH ];then if [ -f $CFG_PATH ];then
[ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' $CFG_PATH > $CFG_PATH #检查重复行并去除 [ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' $CFG_PATH > $CFG_PATH #检查重复行并去除
source $CFG_PATH &>/dev/null source $CFG_PATH >/dev/null 2>&1
else else
source ${CRASHDIR}/init.sh &>/dev/null source ${CRASHDIR}/init.sh >/dev/null 2>&1
fi fi
versionsh=$(cat ${CRASHDIR}/init.sh | grep -E ^version= | head -n 1 | sed 's/version=//') versionsh=$(cat ${CRASHDIR}/init.sh | grep -E ^version= | head -n 1 | sed 's/version=//')
[ -n "$versionsh" ] && versionsh_l=$versionsh [ -n "$versionsh" ] && versionsh_l=$versionsh
@@ -253,7 +253,7 @@ log_pusher(){ #日志菜单
url_tg=https://api.telegram.org/bot${TOKEN}/getUpdates url_tg=https://api.telegram.org/bot${TOKEN}/getUpdates
[ -n "$authentication" ] && auth="$authentication@" [ -n "$authentication" ] && auth="$authentication@"
export https_proxy="http://${auth}127.0.0.1:$mix_port" export https_proxy="http://${auth}127.0.0.1:$mix_port"
if curl --version &> /dev/null;then if curl --version >/dev/null 2>&1;then
chat=$(curl -kfsSl $url_tg 2>/dev/null| tail -n -1) chat=$(curl -kfsSl $url_tg 2>/dev/null| tail -n -1)
else else
chat=$(wget -Y on -q -O - $url_tg | tail -n -1) chat=$(wget -Y on -q -O - $url_tg | tail -n -1)
@@ -344,7 +344,7 @@ log_pusher(){ #日志菜单
setconfig push_Po setconfig push_Po
setconfig push_Po_key setconfig push_Po_key
} }
elif curl --version &> /dev/null;then elif curl --version >/dev/null 2>&1;then
#echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m" #echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
echo -e "请先通过 \033[32;4mhttps://pushover.net/\033[0m 注册账号并获取\033[36mUser Key\033[0m" echo -e "请先通过 \033[32;4mhttps://pushover.net/\033[0m 注册账号并获取\033[36mUser Key\033[0m"
echo ----------------------------------------------- echo -----------------------------------------------
@@ -918,7 +918,7 @@ localproxy(){ #本机代理
echo ----------------------------------------------- echo -----------------------------------------------
[ -n "$local_enh" ] && { [ -n "$local_enh" ] && {
ckcmd iptables && [ -n "$(iptables -m owner --help | grep owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)" ckcmd iptables && [ -n "$(iptables -m owner --help | grep owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐!)"
ckcmd nft && modprobe nf_nat &> /dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐!)" nft add table inet shellcrash 2>/dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐!)"
} }
echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐!)" echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐!)"
echo -e " 0 返回上级菜单" echo -e " 0 返回上级菜单"
@@ -1116,9 +1116,8 @@ normal_set(){ #基础设置
echo -e "\033[36m已设为 $redir_mod \033[0m" echo -e "\033[36m已设为 $redir_mod \033[0m"
} }
[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1 [ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1
[ -n "$(ls /dev/net/tun)" ] || ip tuntap &>/dev/null && sup_tun=1 [ -n "$(ls /dev/net/tun)" ] || ip tuntap >/dev/null 2>&1 && sup_tun=1
ckcmd nft && modprobe nf_nat &> /dev/null && sup_nft=1 && modprobe nft_tproxy &> /dev/null && sup_nft=2 nft add table inet shellcrash 2>/dev/null && sup_nft=1 && modprobe nft_tproxy >/dev/null 2>&1 && sup_nft=2
echo ----------------------------------------------- echo -----------------------------------------------
echo -e "当前代理模式为:\033[47;30m $redir_mod \033[0mClash核心为\033[47;30m $crashcore \033[0m" echo -e "当前代理模式为:\033[47;30m $redir_mod \033[0mClash核心为\033[47;30m $crashcore \033[0m"
echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m" echo -e "\033[33m切换模式后需要手动重启服务以生效\033[0m"
@@ -1926,9 +1925,10 @@ case "$1" in
-d) -d)
shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash
echo -e "正在测试运行!如发现错误请截图后前往\033[32;4mt.me/ShellClash\033[0m咨询" echo -e "正在测试运行!如发现错误请截图后前往\033[32;4mt.me/ShellClash\033[0m咨询"
$shtype ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/sh_bug $shtype ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/debug_sh_bug.log
$shtype -x ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/debug_sh.log $shtype -x ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/debug_sh.log
echo ----------------------------------------- echo -----------------------------------------
cat ${TMPDIR}/debug_sh_bug.log | grep 'start\.sh' > ${TMPDIR}/sh_bug
if [ -s ${TMPDIR}/sh_bug ];then if [ -s ${TMPDIR}/sh_bug ];then
while read line ;do while read line ;do
echo -e "发现错误:\033[33;4m$line\033[0m" echo -e "发现错误:\033[33;4m$line\033[0m"
@@ -1938,7 +1938,7 @@ case "$1" in
rm -rf ${TMPDIR}/sh_bug rm -rf ${TMPDIR}/sh_bug
echo -e "\033[32m测试完成\033[0m完整执行记录请查看\033[36m${TMPDIR}/debug_sh.log\033[0m" echo -e "\033[32m测试完成\033[0m完整执行记录请查看\033[36m${TMPDIR}/debug_sh.log\033[0m"
else else
echo -e "\033[32m测试完成没有发现问题~\033[0m" echo -e "\033[32m测试完成没有发现问题,请重新启动服务~\033[0m"
rm -rf ${TMPDIR}/debug_sh.log rm -rf ${TMPDIR}/debug_sh.log
fi fi
${CRASHDIR}/start.sh stop ${CRASHDIR}/start.sh stop

63
scripts/start.sh
View File

@@ -4,8 +4,8 @@
#初始化目录 #初始化目录
CRASHDIR=$(cd $(dirname $0);pwd) CRASHDIR=$(cd $(dirname $0);pwd)
#加载执行目录,失败则初始化 #加载执行目录,失败则初始化
source ${CRASHDIR}/configs/command.env &>/dev/null source ${CRASHDIR}/configs/command.env >/dev/null 2>&1
[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh &>/dev/null [ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh >/dev/null 2>&1
[ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR} [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR}
#脚本内部工具 #脚本内部工具
@@ -49,7 +49,7 @@ setconfig(){ #脚本配置工具
[ -n "$(grep "${1}=" "$configpath")" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath [ -n "$(grep "${1}=" "$configpath")" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
} }
ckcmd(){ #检查命令是否存在 ckcmd(){ #检查命令是否存在
command -v sh &>/dev/null && command -v $1 &>/dev/null || type $1 &>/dev/null command -v sh >/dev/null 2>&1 && command -v $1 >/dev/null 2>&1 || type $1 >/dev/null 2>&1
} }
ckgeo(){ #查找及下载Geo数据文件 ckgeo(){ #查找及下载Geo数据文件
[ -n "$(find --help 2>&1|grep -o size)" ] && find_para=' -size +20' #find命令兼容 [ -n "$(find --help 2>&1|grep -o size)" ] && find_para=' -size +20' #find命令兼容
@@ -91,31 +91,31 @@ logger(){ #日志工具
url=https://api.telegram.org/bot${push_TG}/sendMessage url=https://api.telegram.org/bot${push_TG}/sendMessage
curl_data="-d chat_id=$chat_ID&text=$log_text" curl_data="-d chat_id=$chat_ID&text=$log_text"
wget_data="--post-data=$chat_ID&text=$log_text" wget_data="--post-data=$chat_ID&text=$log_text"
if curl --version &> /dev/null;then if curl --version >/dev/null 2>&1;then
curl -kfsSl --connect-timeout 3 -d "chat_id=$chat_ID&text=$log_text" "$url" &>/dev/null curl -kfsSl --connect-timeout 3 -d "chat_id=$chat_ID&text=$log_text" "$url" >/dev/null 2>&1
else else
wget -Y on -q --timeout=3 -t 1 --post-data="chat_id=$chat_ID&text=$log_text" "$url" wget -Y on -q --timeout=3 -t 1 --post-data="chat_id=$chat_ID&text=$log_text" "$url"
fi fi
} }
[ -n "$push_bark" ] && { [ -n "$push_bark" ] && {
url=${push_bark}/${log_text}${bark_param} url=${push_bark}/${log_text}${bark_param}
if curl --version &> /dev/null;then if curl --version >/dev/null 2>&1;then
curl -kfsSl --connect-timeout 3 "$url" &>/dev/null curl -kfsSl --connect-timeout 3 "$url" >/dev/null 2>&1
else else
wget -Y on -q --timeout=3 -t 1 "$url" wget -Y on -q --timeout=3 -t 1 "$url"
fi fi
} }
[ -n "$push_Deer" ] && { [ -n "$push_Deer" ] && {
url=https://api2.pushdeer.com/message/push?pushkey=${push_Deer} url=https://api2.pushdeer.com/message/push?pushkey=${push_Deer}
if curl --version &> /dev/null;then if curl --version >/dev/null 2>&1;then
curl -kfsSl --connect-timeout 3 "$url"\&text="$log_text" &>/dev/null curl -kfsSl --connect-timeout 3 "$url"\&text="$log_text" >/dev/null 2>&1
else else
wget -Y on -q --timeout=3 -t 1 "$url"\&text="$log_text" wget -Y on -q --timeout=3 -t 1 "$url"\&text="$log_text"
fi fi
} }
[ -n "$push_Po" ] && { [ -n "$push_Po" ] && {
url=https://api.pushover.net/1/messages.json url=https://api.pushover.net/1/messages.json
curl -kfsSl --connect-timeout 3 --form-string "token=$push_Po" --form-string "user=$push_Po_key" --form-string "message=$log_text" "$url" &>/dev/null curl -kfsSl --connect-timeout 3 --form-string "token=$push_Po" --form-string "user=$push_Po_key" --form-string "message=$log_text" "$url" >/dev/null 2>&1
} }
} & } &
} }
@@ -329,6 +329,7 @@ get_core_config(){ #下载内核配置文件
fi fi
echo -e "\033[32m已成功获取配置文件\033[0m" echo -e "\033[32m已成功获取配置文件\033[0m"
fi fi
return 0
} }
modify_yaml(){ #修饰clash配置文件 modify_yaml(){ #修饰clash配置文件
##########需要变更的配置########### ##########需要变更的配置###########
@@ -524,9 +525,9 @@ EOF
logger "$(${TMPDIR}/CrashCore -t -d ${BINDIR} -f ${TMPDIR}/config.yaml | grep -Eo 'error.*=.*')" 31 logger "$(${TMPDIR}/CrashCore -t -d ${BINDIR} -f ${TMPDIR}/config.yaml | grep -Eo 'error.*=.*')" 31
logger "自定义配置文件校验失败!将使用基础配置文件启动!" 33 logger "自定义配置文件校验失败!将使用基础配置文件启动!" 33
logger "错误详情请参考 ${TMPDIR}/error.yaml 文件!" 33 logger "错误详情请参考 ${TMPDIR}/error.yaml 文件!" 33
mv -f ${TMPDIR}/config.yaml ${TMPDIR}/error.yaml &>/dev/null mv -f ${TMPDIR}/config.yaml ${TMPDIR}/error.yaml >/dev/null 2>&1
sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" ${TMPDIR}/proxy-groups.yaml sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" ${TMPDIR}/proxy-groups.yaml
mv -f ${TMPDIR}/set_bak.yaml ${TMPDIR}/set.yaml &>/dev/null mv -f ${TMPDIR}/set_bak.yaml ${TMPDIR}/set.yaml >/dev/null 2>&1
#合并基础配置文件 #合并基础配置文件
cut -c 1- ${TMPDIR}/set.yaml $yaml_dns $yaml_add > ${TMPDIR}/config.yaml cut -c 1- ${TMPDIR}/set.yaml $yaml_dns $yaml_add > ${TMPDIR}/config.yaml
sed -i "/#自定义/d" ${TMPDIR}/config.yaml sed -i "/#自定义/d" ${TMPDIR}/config.yaml
@@ -649,7 +650,7 @@ EOF
} }
EOF EOF
#生成ntp.json #生成ntp.json
[ -z "$(grep '自动同步ntp时间' $CRASHDIR/task/afstart 2>/dev/null)" ] && cat > ${TMPDIR}/jsons/ntp.json <<EOF cat > ${TMPDIR}/jsons/ntp.json <<EOF
{ {
"ntp": { "ntp": {
"enabled": true, "enabled": true,
@@ -872,7 +873,7 @@ start_redir(){ #iptables-redir
iptables -t nat -A PREROUTING -p tcp $ports -j shellcrash iptables -t nat -A PREROUTING -p tcp $ports -j shellcrash
[ "$dns_mod" != "redir_host" -a "$common_ports" = "已开启" ] && iptables -t nat -A PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash [ "$dns_mod" != "redir_host" -a "$common_ports" = "已开启" ] && iptables -t nat -A PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash
#设置ipv6转发 #设置ipv6转发
if [ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L &>/dev/null;then if [ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L >/dev/null 2>&1;then
ip6tables -t nat -N shellcrashv6 ip6tables -t nat -N shellcrashv6
for ip in $reserve_ipv6 $host_ipv6;do #跳过目标保留地址及目标本机网段 for ip in $reserve_ipv6 $host_ipv6;do #跳过目标保留地址及目标本机网段
ip6tables -t nat -A shellcrashv6 -d $ip -j RETURN ip6tables -t nat -A shellcrashv6 -d $ip -j RETURN
@@ -944,7 +945,7 @@ start_ipt_dns(){ #iptables-dns
start_tproxy(){ #iptables-tproxy start_tproxy(){ #iptables-tproxy
#获取局域网host地址 #获取局域网host地址
getlanip getlanip
modprobe xt_TPROXY &>/dev/null modprobe xt_TPROXY >/dev/null 2>&1
ip rule add fwmark $fwmark table 100 ip rule add fwmark $fwmark table 100
ip route add local default dev lo table 100 ip route add local default dev lo table 100
iptables -t mangle -N shellcrash iptables -t mangle -N shellcrash
@@ -982,7 +983,7 @@ start_tproxy(){ #iptables-tproxy
iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
} }
#设置ipv6转发 #设置ipv6转发
[ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L &>/dev/null && { [ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L >/dev/null 2>&1 && {
ip -6 rule add fwmark $fwmark table 101 ip -6 rule add fwmark $fwmark table 101
ip -6 route add local ::/0 dev lo table 101 ip -6 route add local ::/0 dev lo table 101
ip6tables -t mangle -N shellcrashv6 ip6tables -t mangle -N shellcrashv6
@@ -1059,7 +1060,7 @@ start_output(){ #iptables本机代理
} }
} }
start_tun(){ #iptables-tun start_tun(){ #iptables-tun
modprobe tun &>/dev/null modprobe tun >/dev/null 2>&1
#允许流量 #允许流量
iptables -I FORWARD -o utun -j ACCEPT iptables -I FORWARD -o utun -j ACCEPT
iptables -I FORWARD -s 198.18.0.0/16 -o utun -j RETURN #防止回环 iptables -I FORWARD -s 198.18.0.0/16 -o utun -j RETURN #防止回环
@@ -1073,7 +1074,7 @@ start_tun(){ #iptables-tun
iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
ip6tables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT >/dev/null 2>&1 ip6tables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT >/dev/null 2>&1
fi fi
modprobe xt_mark &>/dev/null && { modprobe xt_mark >/dev/null 2>&1 && {
i=1 i=1
while [ -z "$(ip route list |grep utun)" -a "$i" -le 29 ];do while [ -z "$(ip route list |grep utun)" -a "$i" -le 29 ];do
sleep 1 sleep 1
@@ -1114,7 +1115,7 @@ start_tun(){ #iptables-tun
[ "$1" = "all" ] && iptables -t mangle -A PREROUTING -p tcp $ports -j shellcrash [ "$1" = "all" ] && iptables -t mangle -A PREROUTING -p tcp $ports -j shellcrash
#设置ipv6转发 #设置ipv6转发
[ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L &>/dev/null && [ "$crashcore" != clash ] && { [ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L >/dev/null 2>&1 && [ "$crashcore" != clash ] && {
ip -6 route add default dev utun table 101 ip -6 route add default dev utun table 101
ip -6 rule add fwmark $fwmark table 101 ip -6 rule add fwmark $fwmark table 101
ip6tables -t mangle -N shellcrashv6 ip6tables -t mangle -N shellcrashv6
@@ -1158,7 +1159,7 @@ start_nft(){ #nftables-allinone
[ "$redir_mod" = "Nft基础" ] && \ [ "$redir_mod" = "Nft基础" ] && \
nft add chain inet shellcrash prerouting { type nat hook prerouting priority -100 \; } nft add chain inet shellcrash prerouting { type nat hook prerouting priority -100 \; }
[ "$redir_mod" = "Nft混合" ] && { [ "$redir_mod" = "Nft混合" ] && {
modprobe nft_tproxy &> /dev/null modprobe nft_tproxy >/dev/null 2>&1
nft add chain inet shellcrash prerouting { type filter hook prerouting priority 0 \; } nft add chain inet shellcrash prerouting { type filter hook prerouting priority 0 \; }
} }
[ -n "$(echo $redir_mod|grep Nft)" ] && { [ -n "$(echo $redir_mod|grep Nft)" ] && {
@@ -1224,7 +1225,7 @@ start_nft(){ #nftables-allinone
nft add rule inet shellcrash output meta l4proto tcp mark set $fwmark redirect to $redir_port nft add rule inet shellcrash output meta l4proto tcp mark set $fwmark redirect to $redir_port
} }
#Docker #Docker
type docker &>/dev/null && { type docker >/dev/null 2>&1 && {
nft add chain inet shellcrash docker { type nat hook prerouting priority -100 \; } nft add chain inet shellcrash docker { type nat hook prerouting priority -100 \; }
nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #进代理docker网段 nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #进代理docker网段
nft add rule inet shellcrash docker ip daddr {$RESERVED_IP} return #过滤保留地址 nft add rule inet shellcrash docker ip daddr {$RESERVED_IP} return #过滤保留地址
@@ -1521,6 +1522,7 @@ core_check(){ #检查及下载内核文件
else else
mv -f ${TMPDIR}/core_new ${TMPDIR}/CrashCore mv -f ${TMPDIR}/core_new ${TMPDIR}/CrashCore
mv -f ${TMPDIR}/CrashCore.tar.gz ${BINDIR}/CrashCore.tar.gz mv -f ${TMPDIR}/CrashCore.tar.gz ${BINDIR}/CrashCore.tar.gz
rm -rf ${TMPDIR}/CrashCore.tar.gz #小闪存模式清理文件优化内存占用
setconfig COMMAND "$COMMAND" ${CRASHDIR}/configs/command.env && source ${CRASHDIR}/configs/command.env setconfig COMMAND "$COMMAND" ${CRASHDIR}/configs/command.env && source ${CRASHDIR}/configs/command.env
setconfig crashcore $crashcore setconfig crashcore $crashcore
setconfig core_v $core_v setconfig core_v $core_v
@@ -1595,7 +1597,6 @@ bfstart(){ #启动前
if [ -n "$Url" -o -n "$Https" ];then if [ -n "$Url" -o -n "$Https" ];then
logger "未找到配置文件,正在下载!" 33 logger "未找到配置文件,正在下载!" 33
get_core_config get_core_config
exit 0
else else
logger "未找到配置文件链接,请先导入配置文件!" 31 logger "未找到配置文件链接,请先导入配置文件!" 31
exit 1 exit 1
@@ -1608,7 +1609,6 @@ bfstart(){ #启动前
[ ! -s ${BINDIR}/ui/index.html ] && makehtml #如没有面板则创建跳转界面 [ ! -s ${BINDIR}/ui/index.html ] && makehtml #如没有面板则创建跳转界面
catpac #生成pac文件 catpac #生成pac文件
#内核及内核配置文件检查 #内核及内核配置文件检查
[ ! -x ${TMPDIR}/CrashCore ] && chmod +x ${TMPDIR}/CrashCore 2>/dev/null #检测可执行权限
if [ "$crashcore" = singbox -o "$crashcore" = singboxp ];then if [ "$crashcore" = singbox -o "$crashcore" = singboxp ];then
singbox_check singbox_check
[ -d ${TMPDIR}/jsons ] && rm -rf ${TMPDIR}/jsons/* || mkdir -p ${TMPDIR}/jsons #准备目录 [ -d ${TMPDIR}/jsons ] && rm -rf ${TMPDIR}/jsons/* || mkdir -p ${TMPDIR}/jsons #准备目录
@@ -1629,6 +1629,7 @@ bfstart(){ #启动前
echo "shellcrash:x:0:7890:::" >> /etc/passwd echo "shellcrash:x:0:7890:::" >> /etc/passwd
fi fi
} }
[ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && ckcmd restorecon && restorecon -rv $CRASHDIR 2>/dev/null #修复selinux权限问题
#清理debug日志 #清理debug日志
rm -rf ${TMPDIR}/debug.log rm -rf ${TMPDIR}/debug.log
return 0 return 0
@@ -1692,9 +1693,9 @@ afstart(){ #启动后
} }
ckcmd iptables && start_wan #本地防火墙 ckcmd iptables && start_wan #本地防火墙
mark_time #标记启动时间 mark_time #标记启动时间
[ -s ${CRASHDIR}/configs/web_save -o -s ${CRASHDIR}/configs/web_configs ] && web_restore &>/dev/null & #后台还原面板配置 [ -s ${CRASHDIR}/configs/web_save -o -s ${CRASHDIR}/configs/web_configs ] && web_restore >/dev/null 2>&1 & #后台还原面板配置
{ sleep 5;logger ShellCrash服务已启动;} & #推送日志 { sleep 5;logger ShellCrash服务已启动;} & #推送日志
ckcmd mtd_storage.sh && mtd_storage.sh save &>/dev/null & #Padavan保存/etc/storage ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 & #Padavan保存/etc/storage
#加载定时任务 #加载定时任务
[ -s ${CRASHDIR}/task/cron ] && croncmd ${CRASHDIR}/task/cron [ -s ${CRASHDIR}/task/cron ] && croncmd ${CRASHDIR}/task/cron
[ -s ${CRASHDIR}/task/running ] && { [ -s ${CRASHDIR}/task/running ] && {
@@ -1722,8 +1723,8 @@ start_error(){ #启动报错
if [ "$start_old" != "已开启" ] && ckcmd journalctl;then if [ "$start_old" != "已开启" ] && ckcmd journalctl;then
journalctl -u shellcrash > $TMPDIR/core_test.log journalctl -u shellcrash > $TMPDIR/core_test.log
else else
${COMMAND} &>${TMPDIR}/core_test.log & ${COMMAND} >${TMPDIR}/core_test.log 2>&1 &
sleep 2 ; kill $! &>/dev/null sleep 2 ; kill $! >/dev/null 2>&1
fi fi
error=$(cat $TMPDIR/core_test.log | grep -Eo 'error.*=.*|.*ERROR.*|.*FATAL.*') error=$(cat $TMPDIR/core_test.log | grep -Eo 'error.*=.*|.*ERROR.*|.*FATAL.*')
logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33 logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33
@@ -1786,7 +1787,7 @@ start)
/etc/init.d/shellcrash start /etc/init.d/shellcrash start
elif [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then elif [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
FragmentPath=$(systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//') FragmentPath=$(systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//')
setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath" [ -f $FragmentPath ] && setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath"
systemctl daemon-reload systemctl daemon-reload
systemctl start shellcrash.service || start_error systemctl start shellcrash.service || start_error
else else
@@ -1804,14 +1805,14 @@ stop)
#多种方式结束进程 #多种方式结束进程
if [ "$start_old" != "已开启" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then if [ "$start_old" != "已开启" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
systemctl stop shellcrash.service &>/dev/null systemctl stop shellcrash.service >/dev/null 2>&1
elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
/etc/init.d/shellcrash stop &>/dev/null /etc/init.d/shellcrash stop >/dev/null 2>&1
else else
stop_firewall #清理路由策略 stop_firewall #清理路由策略
unset_proxy #禁用本机代理 unset_proxy #禁用本机代理
fi fi
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 $PID &>/dev/null PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1
;; ;;
restart) restart)
$0 stop $0 stop

6
scripts/task.sh
View File

@@ -6,7 +6,7 @@
[ -z "$BINDIR" ] && BINDIR=${CRASHDIR} [ -z "$BINDIR" ] && BINDIR=${CRASHDIR}
CFG_PATH=${CRASHDIR}/configs/ShellCrash.cfg CFG_PATH=${CRASHDIR}/configs/ShellCrash.cfg
TMPDIR=/tmp/ShellCrash && [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR} TMPDIR=/tmp/ShellCrash && [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR}
source $CFG_PATH &> /dev/null source $CFG_PATH >/dev/null 2>&1
[ -n "$(tar --help 2>&1|grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容 [ -n "$(tar --help 2>&1|grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容
setconfig(){ setconfig(){
@@ -15,7 +15,7 @@ setconfig(){
[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath [ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
} }
ckcmd(){ #检查命令是否存在 ckcmd(){ #检查命令是否存在
command -v sh &>/dev/null && command -v $1 &>/dev/null || type $1 &>/dev/null command -v sh >/dev/null 2>&1 && command -v $1 >/dev/null 2>&1 || type $1 >/dev/null 2>&1
} }
#任务命令 #任务命令
@@ -148,7 +148,7 @@ reset_firewall(){ #重设透明路由防火墙
${CRASHDIR}/start.sh afstart ${CRASHDIR}/start.sh afstart
} }
ntp(){ ntp(){
[ "$crashcore" != singbox ] && ckcmd ntpd && ntpd -n -q -p 203.107.6.88 &>/dev/null || exit 0 & [ "$crashcore" != singbox ] && ckcmd ntpd && ntpd -n -q -p 203.107.6.88 >/dev/null 2>&1 || exit 0 &
} }
#任务工具 #任务工具