From b524c6e32a521e9ed699463ebbb4abc133e4430d Mon Sep 17 00:00:00 2001 From: juewuy Date: Sat, 17 Aug 2024 19:08:41 +0800 Subject: [PATCH] =?UTF-8?q?v1.9.1beta14=20~=E5=90=8C=E6=AD=A5=E6=9C=80?= =?UTF-8?q?=E6=96=B0=E7=89=88=E6=9C=ACmeta=E5=86=85=E6=A0=B8=E5=8F=8Asingb?= =?UTF-8?q?oxp=E5=86=85=E6=A0=B8=20~=E5=BB=B6=E8=BF=9F=E5=90=AF=E5=8A=A8?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E6=94=B9=E5=9B=9E=E5=9C=A8afstart=E5=87=BD?= =?UTF-8?q?=E6=95=B0=E6=89=A7=E8=A1=8C=EF=BC=8C=E4=BB=A5=E9=98=B2=E6=AD=A2?= =?UTF-8?q?systemd=E5=90=AF=E5=8A=A8=E8=B6=85=E6=97=B6=20~=E9=80=8F?= =?UTF-8?q?=E6=98=8E=E4=BB=A3=E7=90=86=E8=A7=84=E5=88=99=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E8=BF=87=E6=BB=A453=E7=AB=AF=E5=8F=A3=E6=9C=BA=E5=88=B6?= =?UTF-8?q?=EF=BC=8C=E9=98=B2=E6=AD=A2dns=E8=A2=ABtun=E6=88=96=E8=80=85tpr?= =?UTF-8?q?oxy=E5=8A=AB=E6=8C=81=E5=AF=BC=E8=87=B4=E7=9A=84=E4=B8=80?= =?UTF-8?q?=E7=B3=BB=E5=88=97=E9=97=AE=E9=A2=98=20~=E4=B8=BAsingbox?= =?UTF-8?q?=E5=86=85=E6=A0=B8=E5=85=A5=E7=AB=99=E6=B7=BB=E5=8A=A0"domain?= =?UTF-8?q?=5Fstrategy":"prefer=5Fipv4"=E5=AD=97=E6=AE=B5=E4=BB=A5?= =?UTF-8?q?=E9=80=82=E5=BA=94geoip=E7=9B=B8=E5=85=B3=E8=A7=84=E5=88=99=20~?= =?UTF-8?q?=E4=BF=AE=E5=A4=8Dsingbox=E5=86=85=E6=A0=B8fakeip=E5=88=97?= =?UTF-8?q?=E8=A1=A8=E4=B8=AD=E5=85=B3=E4=BA=8E=E6=AD=A3=E5=88=99=E8=A1=A8?= =?UTF-8?q?=E8=BE=BE=E5=BC=8F=E5=8C=B9=E9=85=8D=E6=9C=89=E8=AF=AF=E7=9A=84?= =?UTF-8?q?bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/menu.sh | 2 +- scripts/start.sh | 24 +++++++++++++++++------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/scripts/menu.sh b/scripts/menu.sh index fa532ae..adaee91 100644 --- a/scripts/menu.sh +++ b/scripts/menu.sh @@ -75,7 +75,7 @@ ckstatus(){ PID=$(pidof CrashCore | awk '{print $NF}') if [ -n "$PID" ];then run="\033[32m正在运行($redir_mod)\033[0m" - VmRSS=`cat /proc/$PID/status|grep -w VmRSS|awk 'unit="MB"{print $2/1000, unit}'` + VmRSS=`cat /proc/$PID/status|grep -w VmRSS|awk 'unit="MB" {printf "%.2f %s\n", $2/1000, unit}'` #获取运行时长 touch ${TMPDIR}/crash_start_time #用于延迟启动的校验 start_time=$(cat ${TMPDIR}/crash_start_time) diff --git a/scripts/start.sh b/scripts/start.sh index 9b82427..c2635f5 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -599,10 +599,10 @@ EOF global_dns=dns_fakeip fake_ip_filter_domain=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//') fake_ip_filter_suffix=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//') - fake_ip_filter_regex=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/^*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//') + fake_ip_filter_regex=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/\./\\\\./g' | sed 's/\*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//') [ -n "$fake_ip_filter_domain" ] && fake_ip_filter_domain="{ \"domain\": [$fake_ip_filter_domain], \"server\": \"dns_direct\" }," [ -n "$fake_ip_filter_suffix" ] && fake_ip_filter_suffix="{ \"domain_suffix\": [$fake_ip_filter_suffix], \"server\": \"dns_direct\" }," - [ -n "$fake_ip_filter_regex" ] && fake_ip_filter_regex="{ \"domain_regex\": [$fake_ip_filter_regex], \"server\": \"dns_direct\" }," + [ -n "$fake_ip_filter_regex" ] && fake_ip_filter_regex="{ \"domain_regex\": [$fake_ip_filter_regex], \"server\": \"dns_direct\" }," } [ "$dns_mod" = "mix" ] && { global_dns=dns_fakeip @@ -711,6 +711,7 @@ EOF "listen": "::", "listen_port": $mix_port, $userpass + "domain_strategy":"prefer_ipv4", "sniff": false }, { "type": "direct", @@ -722,6 +723,7 @@ EOF "tag": "redirect-in", "listen": "::", "listen_port": $redir_port, + "domain_strategy":"prefer_ipv4", "sniff": true, "sniff_override_destination": $sniffer }, { @@ -729,6 +731,7 @@ EOF "tag": "tproxy-in", "listen": "::", "listen_port": $tproxy_port, + "domain_strategy":"prefer_ipv4", "sniff": true, "sniff_override_destination": $sniffer } @@ -746,6 +749,7 @@ EOF "inet4_address": "172.19.0.1/30", "auto_route": false, "stack": "system", + "domain_strategy":"prefer_ipv4", "sniff": true, "sniff_override_destination": $sniffer } @@ -901,6 +905,9 @@ start_ipt_route() { #iptables-route通用工具 } #创建新的shellcrash链表 $1 -t $2 -N $4 + #过滤dns + $1 -t $2 -A $4 -p tcp --dport 53 -j RETURN + $1 -t $2 -A $4 -p udp --dport 53 -j RETURN #防回环 $1 -t $2 -A $4 -m mark --mark $routing_mark -j RETURN [ "$3" = 'OUTPUT' ] && for gid in 453 7890; do @@ -1126,6 +1133,9 @@ start_nft_route() { #nftables-route通用工具 [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')" #添加新链 nft add chain inet shellcrash $1 { type $3 hook $2 priority $4 \; } + #过滤dns + nft add rule inet shellcrash $1 tcp dport 53 return + nft add rule inet shellcrash $1 udp dport 53 return #防回环 nft add rule inet shellcrash $1 meta mark $routing_mark return nft add rule inet shellcrash $1 meta skgid 7890 return @@ -1650,11 +1660,6 @@ bfstart() { #启动前 routing_mark=$((fwmark + 2)) #启动前等待 [ ! -f "$TMPDIR"/crash_start_time ] && { - #延迟启动 - [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && { - logger "ShellCrash将延迟$start_delay秒启动" 31 pushoff - sleep $start_delay - } #检测网络连接 network_check } @@ -1712,6 +1717,11 @@ bfstart() { #启动前 } afstart() { #启动后 [ -z "$firewall_area" ] && firewall_area=1 + #延迟启动 + [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && { + logger "ShellCrash将延迟$start_delay秒启动" 31 pushoff + sleep $start_delay + } #设置循环检测面板端口以判定服务启动是否成功 i=1 while [ -z "$test" -a "$i" -lt 10 ]; do