mirror of
https://github.com/juewuy/ShellCrash.git
synced 2026-03-10 23:41:22 +00:00
~增加自启检测,修复反复自启导致死机循环的bug
~优化本地ipv4路由网段获取,修复Tailscale通告相关问题 ~修复由于公网防火墙导致的本机及容器代理查询dns失败的相关bug ~修复entware环境兼容问题 ~修复部分版本wget命令兼容问题 ~修复保存面板节点功能相关bug ~修复singbox内核禁用配置覆写后启动失败的bug
This commit is contained in:
juewuy
@@ -6,6 +6,9 @@
|
||||
. "$CRASHDIR"/libs/get_config.sh
|
||||
[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1
|
||||
[ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR"
|
||||
|
||||
#当上次启动失败时终止自启动
|
||||
[ -f "CRASHDIR"/.start_error ] && exit 1
|
||||
#加载工具
|
||||
. "$CRASHDIR"/libs/check_cmd.sh
|
||||
. "$CRASHDIR"/libs/check_target.sh
|
||||
@@ -18,6 +21,7 @@
|
||||
[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
|
||||
[ -z "$dns_mod" ] && dns_mod='redir_host'
|
||||
[ -z "$redir_mod" ] && firewall_area='4'
|
||||
routing_mark=$((fwmark + 2))
|
||||
|
||||
makehtml() { #生成面板跳转文件
|
||||
cat >"$BINDIR"/ui/index.html <<EOF
|
||||
@@ -69,7 +73,7 @@ EOF
|
||||
[ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
|
||||
}
|
||||
|
||||
routing_mark=$((fwmark + 2))
|
||||
|
||||
#检测网络连接
|
||||
[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
|
||||
[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
|
||||
@@ -99,7 +103,7 @@ if echo "$crashcore" | grep -q 'singbox'; then
|
||||
if [ "$disoverride" != "1" ];then
|
||||
. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
|
||||
else
|
||||
ln -sf "$core_config" "$TMPDIR"/config.json
|
||||
ln -sf "$core_config" "$TMPDIR"/configs/config.json
|
||||
fi
|
||||
else
|
||||
. "$CRASHDIR"/starts/clash_check.sh && clash_check
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
getlanip() { #获取局域网host地址
|
||||
i=1
|
||||
while [ "$i" -le "20" ]; do
|
||||
host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/[[:space:]]br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
|
||||
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g') #ipv6公网地址段
|
||||
host_ipv4=$(ip route show scope link | grep -Ev 'wan|utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | awk '{print $1}') #ipv4局域网网段
|
||||
[ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip -6 route show | grep 'default' | awk '{print $3}') #ipv6公网地址段
|
||||
[ -f "$TMPDIR"/ShellCrash.log ] && break
|
||||
[ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
|
||||
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
#!/bin/sh
|
||||
# Copyright (C) Juewuy
|
||||
|
||||
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
|
||||
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
|
||||
|
||||
start_ipt_route() { #iptables-route通用工具
|
||||
#$1:iptables/ip6tables $2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING) $4:新创建的shellcrash链表 $5:tcp/udp/all
|
||||
#区分ipv4/ipv6
|
||||
@@ -28,7 +31,10 @@ start_ipt_route() { #iptables-route通用工具
|
||||
"$1" $w -t "$2" -A "$4" -m owner --gid-owner $gid -j RETURN
|
||||
done
|
||||
[ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN
|
||||
[ -z "$ports" ] && "$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
|
||||
[ -z "$ports" ] && {
|
||||
"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
|
||||
"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
|
||||
}
|
||||
#跳过目标保留地址及目标本机网段
|
||||
for ip in $HOST_IP $RESERVED_IP; do
|
||||
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN
|
||||
@@ -130,8 +136,6 @@ start_ipt_dns() { #iptables-dns通用工具
|
||||
"$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
|
||||
}
|
||||
start_ipt_wan() { #iptables公网防火墙
|
||||
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
|
||||
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
|
||||
ipt_wan_accept(){
|
||||
$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
|
||||
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
|
||||
@@ -141,7 +145,7 @@ start_ipt_wan() { #iptables公网防火墙
|
||||
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
|
||||
}
|
||||
#端口拦截
|
||||
reject_ports="$mix_port,$db_port,$dns_port"
|
||||
reject_ports="$mix_port,$db_port"
|
||||
ipt_wan_reject tcp
|
||||
ipt_wan_reject udp
|
||||
#端口放行
|
||||
|
||||
@@ -146,7 +146,7 @@ start_nft_wan() { #nftables公网防火墙
|
||||
nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
|
||||
}
|
||||
#端口拦截
|
||||
reject_ports="{ $mix_port, $db_port, $dns_port }"
|
||||
reject_ports="{ $mix_port, $db_port }"
|
||||
nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
|
||||
nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
|
||||
nft add rule inet shellcrash input tcp dport $reject_ports reject
|
||||
|
||||
@@ -55,8 +55,8 @@ ckcmd iptables && {
|
||||
done
|
||||
$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
|
||||
$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
|
||||
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
|
||||
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
|
||||
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
|
||||
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
|
||||
#清理shellcrash自建表
|
||||
for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
|
||||
$iptable -t nat -F "$text" 2>/dev/null
|
||||
@@ -105,8 +105,8 @@ ckcmd ip6tables && {
|
||||
done
|
||||
$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
|
||||
$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
|
||||
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
|
||||
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
|
||||
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
|
||||
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
|
||||
#清理shellcrash自建表
|
||||
for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
|
||||
$ip6table -t nat -F "$text" 2>/dev/null
|
||||
|
||||
@@ -7,6 +7,7 @@ else
|
||||
sleep 2
|
||||
kill $! >/dev/null 2>&1
|
||||
fi
|
||||
error=$(cat $TMPDIR/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
|
||||
touch "CRASHDIR"/.start_error #标记启动失败,防止自启
|
||||
error=$(cat "$TMPDIR"/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
|
||||
logger "服务启动失败!请查看报错信息!详细信息请查看$TMPDIR/core_test.log" 33
|
||||
logger "$error" 31
|
||||
|
||||
Reference in New Issue
Block a user