~优化tg-bot启动流程，兼容更多设备

~优化nftables启动流程，优化启用cn绕过时的运行效率和数据显示
~修复tg机器人守护进程没有生效的bug
~修复tg机器人总是绑定失败的bug
~修复9-8功能找不到文件的bug
~修复停止服务时的报错
~修复启动时自动下载缺失数据库时的意外报错
~修复nftables启用了本机代理后局域网代理出错的bug

scripts/libs/web_data.sh

@@ -1,18 +0,0 @@
-. "$CRASHDIR"/libs/set_proxy.sh
-#$1:目标地址 $2:json字符串
-web_data_get() {
-	setproxy
-	if curl --version >/dev/null 2>&1; then
-		curl -ksSl --connect-timeout 3 "$1" 2>/dev/null
-	else
-		wget -Y on -q --timeout=3 -O - "$1"
-	fi
-}
-web_data_post() {
-	setproxy
-	if curl --version >/dev/null 2>&1; then
-		curl -ksSl -X POST --connect-timeout 3 "$1" "$2" >/dev/null 2>&1
-	else
-		wget -Y on -q --timeout=3 --header="Content-Type: application/octet-stream" --method=POST --body-file="$2" "$1"
-	fi
-}

scripts/libs/web_get_lite.sh

@@ -0,0 +1,10 @@
+. "$CRASHDIR"/libs/set_proxy.sh
+#$1:目标地址 $2:json字符串
+web_get_lite() {
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -ksSl --connect-timeout 3 "$1" 2>/dev/null
+	else
+		wget -Y on -q --timeout=3 -O - "$1"
+	fi
+}

scripts/libs/web_json.sh

@@ -3,7 +3,7 @@
 web_json_post() {
 	setproxy
 	if curl --version >/dev/null 2>&1; then
-		curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json" "$1" -d "$2" >/dev/null
+		curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json" "$1" -d "$2" >/dev/null 2>&1
 	else
 		wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json" --body-data="$2" "$1"
 	fi

scripts/menus/8_tools.sh

@@ -514,7 +514,7 @@ testcommand(){
 	    ;;
 	4)
 		if [ "$firewall_mod" = "nftables" ];then
-			nft list table inet shellcrash
+			nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d'
 		else
 			[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "已开启" ] && {
 				echo "----------------Redir+DNS---------------------"

scripts/menus/9_upgrade.sh

@@ -75,7 +75,7 @@ upgrade(){
 	    upgrade
 	    ;;
 	8)
-	    . "$CRASHDIR"/task/task.sh && task_add
+	    . "$CRASHDIR"/menus/5_task.sh && task_add
 	    upgrade
 	    ;;
 	9)

scripts/menus/bot_tg.sh

@@ -1,6 +1,8 @@
 #!/bin/sh
 
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
 . "$CRASHDIR"/libs/web_json.sh
+. "$CRASHDIR"/libs/web_get_lite.sh
 . "$CRASHDIR"/menus/running_status.sh
 . "$CRASHDIR"/configs/gateway.cfg
 . "$CRASHDIR"/configs/ShellCrash.cfg
@@ -12,14 +14,6 @@ LOGFILE="$TMPDIR/tgbot.log"
 OFFSET=0
 
 ### --- 基础函数 --- ###
-web_get(){
-	setproxy
-	if curl1 --version >/dev/null 2>&1; then
-		curl -kfsSl --connect-timeout 3 "$1" 
-	else
-		wget -Y on -q --timeout=3 -O - "$1"
-	fi
-}
 web_download(){
 	setproxy
 	if curl --version >/dev/null 2>&1; then
@@ -150,7 +144,7 @@ process_file(){
 download_file(){
 	FILE_NAME=$(echo "$UPDATES" | sed 's/"callback_query".*//g' | grep -o '"file_name":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//' | grep -E '\.(gz|upx|json|yaml)$')
 	if [ -n "$FILE_NAME" ];then
-		FILE_PATH=$(web_get "$API/getFile?file_id=$FILE_ID" | grep -o '"file_path":"[^"]*"' | sed 's/.*:"//;s/"$//')
+		FILE_PATH=$(web_get_lite "$API/getFile?file_id=$FILE_ID" | grep -o '"file_path":"[^"]*"' | sed 's/.*:"//;s/"$//')
 		API_FILE="https://api.telegram.org/file/bot$TG_TOKEN"
 		web_download "$API_FILE/$FILE_PATH" "$TMPDIR/$FILE_NAME"
 		if [ "$?" = 0 ];then
@@ -227,10 +221,13 @@ transport(){ #文件传输
 ### --- 轮询主进程 --- ###
 polling(){
 	while true; do
-		UPDATES=$(web_get "$API/getUpdates?timeout=25&offset=$OFFSET")
-
-		echo "$UPDATES" | grep -q '"update_id"' || continue
+		UPDATES=$(web_get_lite "$API/getUpdates?timeout=25&offset=$OFFSET")
 
+		echo "$UPDATES" | grep -q '"update_id"' || {
+			sleep 10 #防止网络不佳时疯狂请求
+			continue
+		}
+		
 		OFFSET=$(echo "$UPDATES" | grep -o '"update_id":[0-9]*' | tail -n1 | cut -d: -f2)
 		OFFSET=$((OFFSET + 1))
 		

scripts/menus/bot_tg_bind.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-. "$CRASHDIR"/libs/web_json.sh
+. "$CRASHDIR"/libs/web_get_lite.sh
 
 private_bot() {
 	echo "-----------------------------------------------"
@@ -28,7 +28,7 @@ set_bot() {
 	echo "-----------------------------------------------"
 	read -p "我已经发送完成(1/0) > " res
 	if [ "$res" = 1 ]; then
-		chat=$(web_json_get $url_tg 2>/dev/null)
+		chat=$(web_get_lite $url_tg 2>/dev/null)
 		[ -n "$chat" ] && chat_ID=$(echo $chat | sed 's/"update_id":/{\n"update_id":/g' | grep "$public_key" | head -n1 | grep -oE '"id":.*,"is_bot' | sed s'/"id"://' | sed s'/,"is_bot//')
 		[ -z "$chat_ID" ] && [ "$TOKEN" != 'publictoken' ] && {
 			echo -e "\033[31m无法获取对话ID，请返回重新设置或手动输入ChatID！\033[0m"

scripts/menus/bot_tg_service.sh

@@ -4,7 +4,7 @@
 bot_tg_start(){
 	. "$CRASHDIR"/starts/start_legacy.sh
 	start_legacy "$CRASHDIR/menus/bot_tg.sh" 'bot_tg'
-	cronset 'TG_BOT守护进程' "*/10 * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程"
+	cronset 'TG_BOT守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程"
 }
 bot_tg_stop(){
 	cronset 'TG_BOT守护进程'

scripts/start.sh

@@ -88,7 +88,7 @@ stop)
     else
         stop_firewall #清理路由策略
     fi
-    PID=$(pidof CrashCore) && [ -n "$PID" ] && ckcmd killall && killall CrashCore >/dev/null
+    PID=$(pidof CrashCore) && [ -n "$PID" ] && ckcmd killall && killall CrashCore 2>/dev/null
     #清理缓存目录
     rm -rf "$TMPDIR"/CrashCore
     ;;

scripts/starts/check_geo.sh

@@ -1,4 +1,6 @@
 
+. "$CRASHDIR"/libs/set_config.sh
+
 check_geo() { #查找及下载Geo数据文件
     [ ! -d "$BINDIR"/ruleset ] && mkdir -p "$BINDIR"/ruleset
     find --help 2>&1 | grep -q size && find_para=' -size +20' #find命令兼容

scripts/starts/fw_nftables.sh

@@ -1,14 +1,28 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
-HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g')
 RESERVED_IP=$(echo $reserve_ipv4 | sed 's/ /, /g')
 RESERVED_IP6=$(echo "$reserve_ipv6 $host_ipv6" | sed 's/ /, /g')
 
+add_ip6_route(){
+	#过滤保留地址及本机地址
+	nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return
+	#仅代理本机局域网网段流量
+	nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
+	#绕过CN_IPV6
+	[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && {
+		CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
+		[ -n "$CN_IP6" ] && {
+			nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
+			nft add element inet shellcrash cn_ip6 { $CN_IP6 }
+			nft add rule inet shellcrash $1 ip6 daddr @cn_ip6 return
+		}
+	}
+}
 start_nft_route() { #nftables-route通用工具
     #$1:name  $2:hook(prerouting/output)  $3:type(nat/mangle/filter)  $4:priority(-100/-150)
     [ "$common_ports" = "已开启" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
+	[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
     [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
     [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')"
     #添加新链
@@ -61,31 +75,19 @@ start_nft_route() { #nftables-route通用工具
     #绕过CN-IP
     [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ip.txt ] && {
         CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
-        [ -n "$CN_IP" ] && nft add rule inet shellcrash $1 ip daddr {$CN_IP} return
-    }
+        [ -n "$CN_IP" ] && {
+			nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
+			nft add element inet shellcrash cn_ip { $CN_IP }
+			nft add rule inet shellcrash $1 ip daddr @cn_ip return
+		}
+	}
     #局域网ipv6支持
     if [ "$ipv6_redir" = "已开启" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
-        #过滤保留地址及本机地址
-        nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return
-        #仅代理本机局域网网段流量
-        nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
-        #绕过CN_IPV6
-        [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && {
-            CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
-            [ -n "$CN_IP6" ] && nft add rule inet shellcrash $1 ip6 daddr {$CN_IP6} return
-        }
+		HOST_IP6=$(echo $host_ipv6 | sed 's/ /, /g')
+        add_ip6_route "$1"
     elif [ "$ipv6_redir" = "已开启" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
-        RESERVED_IP6="$(echo "$reserve_ipv6 $host_ipv6" | sed 's/ /, /g')"
         HOST_IP6="::1, $(echo $host_ipv6 | sed 's/ /, /g')"
-        #过滤保留地址及本机地址
-        nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return
-        #仅代理本机局域网网段流量
-        nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
-        #绕过CN_IPV6
-        [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "已开启" -a -f "$BINDIR"/cn_ipv6.txt ] && {
-            CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
-            [ -n "$CN_IP6" ] && nft add rule inet shellcrash $1 ip6 daddr {$CN_IP6} return
-        }
+		add_ip6_route "$1"
     else
         nft add rule inet shellcrash $1 meta nfproto ipv6 return
     fi
@@ -100,6 +102,7 @@ start_nft_route() { #nftables-route通用工具
     #nft add rule inet shellcrash local_tproxy log prefix \"pre\" level debug
 }
 start_nft_dns() { #nftables-dns
+	[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/ /, /g')
     [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/ /, /g')"
     [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/ /, /g')"
     nft add chain inet shellcrash "$1"_dns { type nat hook $2 priority -100 \; }
@@ -196,14 +199,14 @@ start_nftables() { #nftables配置总入口
     [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && {
         [ "$redir_mod" = "Tproxy模式" ] && {
             nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; }
-            [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr {$CN_IP} return
-            [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr {$CN_IP6} return
+            [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return
+            [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return
             nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
         }
         [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
             nft insert rule inet fw4 forward oifname "utun" udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
-            [ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr {$CN_IP} return
-            [ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr {$CN_IP6} return
+            [ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr @cn_ip return
+            [ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr @cn_ip6 return
         }
     }
 }

scripts/starts/fw_stop.sh

@@ -133,10 +133,7 @@ ip route flush table $table 2>/dev/null
 ip -6 rule del fwmark $fwmark table $((table + 1)) 2>/dev/null
 ip -6 route flush table $((table + 1)) 2>/dev/null
 #重置nftables相关规则
-ckcmd nft && {
-	nft flush table inet shellcrash >/dev/null 2>&1
-	nft delete table inet shellcrash >/dev/null 2>&1
-}
+ckcmd nft && nft delete table inet shellcrash >/dev/null 2>&1
 #还原防火墙文件
 [ -s /etc/init.d/firewall.bak ] && mv -f /etc/init.d/firewall.bak /etc/init.d/firewall
 #others

scripts/starts/start_legacy.sh

@@ -2,8 +2,11 @@
 . "$CRASHDIR"/libs/check_cmd.sh
 
 start_legacy(){	
-	if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd; then
+	if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd;then
 		su shellcrash -c "$1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid"
+	elif ckcmd setsid; then
+        setsid $1 >/dev/null 2>&1 &
+        echo $! > "/tmp/ShellCrash/$2.pid"
 	elif ckcmd nohup; then
 		nohup $1 >/dev/null 2>&1 &
 		echo $! > "/tmp/ShellCrash/$2.pid"

scripts/starts/start_legacy_wd.sh

@@ -1,4 +1,5 @@
 
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
 PIDFILE="/tmp/ShellCrash/$1.pid"
 
 if [ -f "$PIDFILE" ]; then