diff --git a/scripts/libs/web_data.sh b/scripts/libs/web_data.sh deleted file mode 100644 index 993a214f..00000000 --- a/scripts/libs/web_data.sh +++ /dev/null @@ -1,18 +0,0 @@ -. "$CRASHDIR"/libs/set_proxy.sh -#$1:目标地址 $2:json字符串 -web_data_get() { - setproxy - if curl --version >/dev/null 2>&1; then - curl -ksSl --connect-timeout 3 "$1" 2>/dev/null - else - wget -Y on -q --timeout=3 -O - "$1" - fi -} -web_data_post() { - setproxy - if curl --version >/dev/null 2>&1; then - curl -ksSl -X POST --connect-timeout 3 "$1" "$2" >/dev/null 2>&1 - else - wget -Y on -q --timeout=3 --header="Content-Type: application/octet-stream" --method=POST --body-file="$2" "$1" - fi -} diff --git a/scripts/libs/web_get_lite.sh b/scripts/libs/web_get_lite.sh new file mode 100644 index 00000000..c8172674 --- /dev/null +++ b/scripts/libs/web_get_lite.sh @@ -0,0 +1,10 @@ +. "$CRASHDIR"/libs/set_proxy.sh +#$1:目标地址 $2:json字符串 +web_get_lite() { + setproxy + if curl --version >/dev/null 2>&1; then + curl -ksSl --connect-timeout 3 "$1" 2>/dev/null + else + wget -Y on -q --timeout=3 -O - "$1" + fi +} diff --git a/scripts/libs/web_json.sh b/scripts/libs/web_json.sh index 4a20a8e9..3c76260b 100644 --- a/scripts/libs/web_json.sh +++ b/scripts/libs/web_json.sh @@ -3,7 +3,7 @@ web_json_post() { setproxy if curl --version >/dev/null 2>&1; then - curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json" "$1" -d "$2" >/dev/null + curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json" "$1" -d "$2" >/dev/null 2>&1 else wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json" --body-data="$2" "$1" fi diff --git a/scripts/menus/8_tools.sh b/scripts/menus/8_tools.sh index ee01d4a2..fa4696c6 100644 --- a/scripts/menus/8_tools.sh +++ b/scripts/menus/8_tools.sh @@ -514,7 +514,7 @@ testcommand(){ ;; 4) if [ "$firewall_mod" = "nftables" ];then - nft list table inet shellcrash + nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d' else [ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && { echo "----------------Redir+DNS---------------------" diff --git a/scripts/menus/9_upgrade.sh b/scripts/menus/9_upgrade.sh index 6bd5c392..9c4c188b 100644 --- a/scripts/menus/9_upgrade.sh +++ b/scripts/menus/9_upgrade.sh @@ -75,7 +75,7 @@ upgrade(){ upgrade ;; 8) - . "$CRASHDIR"/task/task.sh && task_add + . "$CRASHDIR"/menus/5_task.sh && task_add upgrade ;; 9) diff --git a/scripts/menus/bot_tg.sh b/scripts/menus/bot_tg.sh index a74a68b8..1ea71237 100644 --- a/scripts/menus/bot_tg.sh +++ b/scripts/menus/bot_tg.sh @@ -1,6 +1,8 @@ #!/bin/sh +[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd) . "$CRASHDIR"/libs/web_json.sh +. "$CRASHDIR"/libs/web_get_lite.sh . "$CRASHDIR"/menus/running_status.sh . "$CRASHDIR"/configs/gateway.cfg . "$CRASHDIR"/configs/ShellCrash.cfg @@ -12,14 +14,6 @@ LOGFILE="$TMPDIR/tgbot.log" OFFSET=0 ### --- 基础函数 --- ### -web_get(){ - setproxy - if curl1 --version >/dev/null 2>&1; then - curl -kfsSl --connect-timeout 3 "$1" - else - wget -Y on -q --timeout=3 -O - "$1" - fi -} web_download(){ setproxy if curl --version >/dev/null 2>&1; then @@ -150,7 +144,7 @@ process_file(){ download_file(){ FILE_NAME=$(echo "$UPDATES" | sed 's/"callback_query".*//g' | grep -o '"file_name":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//' | grep -E '\.(gz|upx|json|yaml)$') if [ -n "$FILE_NAME" ];then - FILE_PATH=$(web_get "$API/getFile?file_id=$FILE_ID" | grep -o '"file_path":"[^"]*"' | sed 's/.*:"//;s/"$//') + FILE_PATH=$(web_get_lite "$API/getFile?file_id=$FILE_ID" | grep -o '"file_path":"[^"]*"' | sed 's/.*:"//;s/"$//') API_FILE="https://api.telegram.org/file/bot$TG_TOKEN" web_download "$API_FILE/$FILE_PATH" "$TMPDIR/$FILE_NAME" if [ "$?" = 0 ];then @@ -227,10 +221,13 @@ transport(){ #文件传输 ### --- 轮询主进程 --- ### polling(){ while true; do - UPDATES=$(web_get "$API/getUpdates?timeout=25&offset=$OFFSET") - - echo "$UPDATES" | grep -q '"update_id"' || continue + UPDATES=$(web_get_lite "$API/getUpdates?timeout=25&offset=$OFFSET") + echo "$UPDATES" | grep -q '"update_id"' || { + sleep 10 #防止网络不佳时疯狂请求 + continue + } + OFFSET=$(echo "$UPDATES" | grep -o '"update_id":[0-9]*' | tail -n1 | cut -d: -f2) OFFSET=$((OFFSET + 1)) diff --git a/scripts/menus/bot_tg_bind.sh b/scripts/menus/bot_tg_bind.sh index a0f2842e..e0d1a2d1 100644 --- a/scripts/menus/bot_tg_bind.sh +++ b/scripts/menus/bot_tg_bind.sh @@ -1,6 +1,6 @@ #!/bin/sh -. "$CRASHDIR"/libs/web_json.sh +. "$CRASHDIR"/libs/web_get_lite.sh private_bot() { echo "-----------------------------------------------" @@ -28,7 +28,7 @@ set_bot() { echo "-----------------------------------------------" read -p "我已经发送完成(1/0) > " res if [ "$res" = 1 ]; then - chat=$(web_json_get $url_tg 2>/dev/null) + chat=$(web_get_lite $url_tg 2>/dev/null) [ -n "$chat" ] && chat_ID=$(echo $chat | sed 's/"update_id":/{\n"update_id":/g' | grep "$public_key" | head -n1 | grep -oE '"id":.*,"is_bot' | sed s'/"id"://' | sed s'/,"is_bot//') [ -z "$chat_ID" ] && [ "$TOKEN" != 'publictoken' ] && { echo -e "\033[31m无法获取对话ID,请返回重新设置或手动输入ChatID!\033[0m" diff --git a/scripts/menus/bot_tg_service.sh b/scripts/menus/bot_tg_service.sh index 6ed6239b..65038970 100644 --- a/scripts/menus/bot_tg_service.sh +++ b/scripts/menus/bot_tg_service.sh @@ -4,7 +4,7 @@ bot_tg_start(){ . "$CRASHDIR"/starts/start_legacy.sh start_legacy "$CRASHDIR/menus/bot_tg.sh" 'bot_tg' - cronset 'TG_BOT守护进程' "*/10 * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程" + cronset 'TG_BOT守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程" } bot_tg_stop(){ cronset 'TG_BOT守护进程' diff --git a/scripts/start.sh b/scripts/start.sh index 8a6ba343..a3bd559c 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -88,7 +88,7 @@ stop) else stop_firewall #清理路由策略 fi - PID=$(pidof CrashCore) && [ -n "$PID" ] && ckcmd killall && killall CrashCore >/dev/null + PID=$(pidof CrashCore) && [ -n "$PID" ] && ckcmd killall && killall CrashCore 2>/dev/null #清理缓存目录 rm -rf "$TMPDIR"/CrashCore ;; diff --git a/scripts/starts/check_geo.sh b/scripts/starts/check_geo.sh index d9129198..bc52f6a1 100644 --- a/scripts/starts/check_geo.sh +++ b/scripts/starts/check_geo.sh @@ -1,4 +1,6 @@ +. "$CRASHDIR"/libs/set_config.sh + check_geo() { #查找及下载Geo数据文件 [ ! -d "$BINDIR"/ruleset ] && mkdir -p "$BINDIR"/ruleset find --help 2>&1 | grep -q size && find_para=' -size +20' #find命令兼容 diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh index 23560e64..a076e122 100644 --- a/scripts/starts/fw_nftables.sh +++ b/scripts/starts/fw_nftables.sh @@ -1,14 +1,28 @@ #!/bin/sh # Copyright (C) Juewuy -HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g') -HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g') RESERVED_IP=$(echo $reserve_ipv4 | sed 's/ /, /g') RESERVED_IP6=$(echo "$reserve_ipv6 $host_ipv6" | sed 's/ /, /g') +add_ip6_route(){ + #过滤保留地址及本机地址 + nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return + #仅代理本机局域网网段流量 + nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return + #绕过CN_IPV6 + [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && { + CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt) + [ -n "$CN_IP6" ] && { + nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; } + nft add element inet shellcrash cn_ip6 { $CN_IP6 } + nft add rule inet shellcrash $1 ip6 daddr @cn_ip6 return + } + } +} start_nft_route() { #nftables-route通用工具 #$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150) [ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g') + [ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g') [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')" [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')" #添加新链 @@ -61,31 +75,19 @@ start_nft_route() { #nftables-route通用工具 #绕过CN-IP [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && { CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt) - [ -n "$CN_IP" ] && nft add rule inet shellcrash $1 ip daddr {$CN_IP} return - } + [ -n "$CN_IP" ] && { + nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; } + nft add element inet shellcrash cn_ip { $CN_IP } + nft add rule inet shellcrash $1 ip daddr @cn_ip return + } + } #局域网ipv6支持 if [ "$ipv6_redir" = "已开启" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then - #过滤保留地址及本机地址 - nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return - #仅代理本机局域网网段流量 - nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return - #绕过CN_IPV6 - [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && { - CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt) - [ -n "$CN_IP6" ] && nft add rule inet shellcrash $1 ip6 daddr {$CN_IP6} return - } + HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g') + add_ip6_route "$1" elif [ "$ipv6_redir" = "已开启" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then - RESERVED_IP6="$(echo "$reserve_ipv6 $host_ipv6" | sed 's/ /, /g')" HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')" - #过滤保留地址及本机地址 - nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return - #仅代理本机局域网网段流量 - nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return - #绕过CN_IPV6 - [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && { - CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt) - [ -n "$CN_IP6" ] && nft add rule inet shellcrash $1 ip6 daddr {$CN_IP6} return - } + add_ip6_route "$1" else nft add rule inet shellcrash $1 meta nfproto ipv6 return fi @@ -100,6 +102,7 @@ start_nft_route() { #nftables-route通用工具 #nft add rule inet shellcrash local_tproxy log prefix \"pre\" level debug } start_nft_dns() { #nftables-dns + [ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g') [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')" [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')" nft add chain inet shellcrash "$1"_dns { type nat hook $2 priority -100 \; } @@ -196,14 +199,14 @@ start_nftables() { #nftables配置总入口 [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && { [ "$redir_mod" = "Tproxy模式" ] && { nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; } - [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr {$CN_IP} return - [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr {$CN_IP6} return + [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return + [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT' } [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && { nft insert rule inet fw4 forward oifname "utun" udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT' - [ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr {$CN_IP} return - [ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr {$CN_IP6} return + [ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr @cn_ip return + [ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr @cn_ip6 return } } } diff --git a/scripts/starts/fw_stop.sh b/scripts/starts/fw_stop.sh index 6491eba9..25c8d0e3 100644 --- a/scripts/starts/fw_stop.sh +++ b/scripts/starts/fw_stop.sh @@ -133,10 +133,7 @@ ip route flush table $table 2>/dev/null ip -6 rule del fwmark $fwmark table $((table + 1)) 2>/dev/null ip -6 route flush table $((table + 1)) 2>/dev/null #重置nftables相关规则 -ckcmd nft && { - nft flush table inet shellcrash >/dev/null 2>&1 - nft delete table inet shellcrash >/dev/null 2>&1 -} +ckcmd nft && nft delete table inet shellcrash >/dev/null 2>&1 #还原防火墙文件 [ -s /etc/init.d/firewall.bak ] && mv -f /etc/init.d/firewall.bak /etc/init.d/firewall #others diff --git a/scripts/starts/start_legacy.sh b/scripts/starts/start_legacy.sh index b4147622..f05df7f9 100644 --- a/scripts/starts/start_legacy.sh +++ b/scripts/starts/start_legacy.sh @@ -2,8 +2,11 @@ . "$CRASHDIR"/libs/check_cmd.sh start_legacy(){ - if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd; then + if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd;then su shellcrash -c "$1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid" + elif ckcmd setsid; then + setsid $1 >/dev/null 2>&1 & + echo $! > "/tmp/ShellCrash/$2.pid" elif ckcmd nohup; then nohup $1 >/dev/null 2>&1 & echo $! > "/tmp/ShellCrash/$2.pid" diff --git a/scripts/starts/start_legacy_wd.sh b/scripts/starts/start_legacy_wd.sh index b81252eb..eb084eef 100644 --- a/scripts/starts/start_legacy_wd.sh +++ b/scripts/starts/start_legacy_wd.sh @@ -1,4 +1,5 @@ +[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd) PIDFILE="/tmp/ShellCrash/$1.pid" if [ -f "$PIDFILE" ]; then