v1.0.0beta18fix

~回退armv5核心为未压缩状态
~修复定时任务界面层级错乱的bug
~修复过滤局域网设备无法正确读取dhcp列表的bug

README.md

@@ -1,55 +1,105 @@
-# clash-for-Miwifi
-在小米AX3600/AX1800/AX5等路由器上使用clash做透明代理
+
+
+# ShellClash（原Clash for Miwifi）
+
+在Shell环境下一键部署及管理[Clash](https://github.com/Dreamacro/clash)
 =====
 
 功能简介：
 --
-~支持小米全系列路由器设备使用clash做透明代理，更多的设备支持可以前往TG群报名参与测试<br>
-~支持SS、SSR、v2ray、trojan、sock5等协议<br>
-~支持批量导入节点链接及订阅链接<br>
-~支持使用网页面板管理规则组<br>
-~支持多种模式切换，支持在线更新<br>
-~支持部署内置的管理面板<br>
-~更多功能可在使用中发掘<br>
+~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
+~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
+~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的节点、订阅及配置链接<br>~支持配置定时任务，以及定时更新订阅<br>~支持在线安装及使用网页面板管理规则组<br>
+~支持局域网透明代理/纯净模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机系统级代理<br>~支持在线更新<br>
 
-使用依赖：
+设备支持：
 --
-~路由器或设备已经开启SSH并获取root权限<br>
-~SSH连接工具，例如putty，bitvise，JuiceSSH（支持安卓手机）等<br>
 
-一键安装：
+~支持小米/红米全系使用官方系统或官方开发版系统的路由器设备<br>
+~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
+~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>——————————
+~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
+
+使用方式：
 --
-```Shell
-sh -c "$(curl -kfsSl https://juewuy.xyz/clash/install.sh)" && source /etc/profile &> /dev/null
+~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
+~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
+~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
+
+```shell
+opkg update && opkg install curl
 ```
 
+~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
+
+~**使用curl安装**：<br>
+
+```Shell
+#Release版本-github直连
+sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
+#Release版本-jsdelivrCDN源
+sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
+#Test版本-github直连
+sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+```
+
+~**使用wget安装**：<br>
+
+```sh
+#Release版本-jsdelivrCDN源
+wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
+
+```shell
+source ~/.bashrc &> /dev/null
+```
+
+~安装完成管理脚本后，执行如下命令以**运行管理脚本**<br>
+
+```Shell
+clash #正常模式运行
+clash -h #脚本帮助及说明
+clash -t #测试模式运行
+```
+
+~**运行时的额外依赖**：<br>
+
+`大部分的设备/系统都已经预装了以下的大部分依赖，使用时如无影响可以无视之`
+
+```sh
+bash/ash		必须		全部缺少时无法安装及运行脚本
+curl/wget		必须		全部缺少时无法在线安装及更新，无法使用节点保存功能
+iptables		重要		缺少时只能使用纯净模式
+systemd/rc.common	一般		全部缺少时只能使用保守模式
+iptables-mod-nat	一般		缺少时无法使用redir模式，混合模式
+ip6tables-mod-nat	较低		缺少时影响redir模式，混合模式对ipv6的支持
+crontab			较低		缺少时无法启用定时任务功能
+net-tools		极低		缺少时无法正常检测端口占用
+ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
+```
+
+
+
+更新日志：
+--
+
+### [点击查看](https://github.com/juewuy/ShellClash/releases)
+
 交流反馈：
 --
-### https://t.me/clashfm 
+### [TG讨论组](https://t.me/clashfm) 
 
-已知问题：
+相关Q&A：
 --
-~Tun模式下clash服务可能会和小米路由器内置的tx网游加速器冲突，请谨慎同时使用<br>
-~Redir模式无法转发udp流量，外服游戏可能会受影响，此功能是由官方系统阉割了Tproxy导致，暂时无解，外服游戏用户建议使用Tun模式<br>
 
-ToDo：
---
-~~增加订阅功能~~<br>
-~~添加一键安装脚本~~<br>
-~~增加屏蔽P2P流量功能~~<br>
-~~增加更新功能~~<br>
-~~修复redir-host DNS以及IPV6支持~~<br>
-~~增加定时功能~~<br>
-~~增加屏蔽局域网设备~~<br>
-~~增加更多设备支持~~<br>
+### [详见博客](https://juewuy.github.io)
 
-感谢：
---
-~https://lancellc.gitbook.io/clash/start-clash/clash-tun-mode<br>
-~https://comzyh.gitbook.io/clash/<br>
-~https://h-cheung.gitlab.io/post/使用_clash_和路由表实现透明代理<br>
-~https://www.right.com.cn/forum/thread-4042741-1-1.html<br>
+## 捐赠此项目：
 
-请喝杯茶：
+### [前往页面](https://juewuy.github.io/yOF4Yf06Q/)
+
+友情推广：
 --
- ![](https://juewuy.xyz/clash/others/qrcodevx.png)
+### [顶级8K专线机场-墙洞](https://dler.best/auth/register?affid=89698)

bin/clash/version

@@ -1 +0,0 @@
-version=1.1.0

bin/clashpre/version

@@ -1 +0,0 @@
-version=2020.08.16

bin/clashr/version

@@ -1 +0,0 @@
-version=1.0.0

bin/release_version

@@ -0,0 +1,6 @@
+1.0.0beta18
+1.0.0beta17
+1.0.0beta15
+1.0.0beta11
+1.0.0beta5
+0.9.7

bin/version

@@ -1 +1,4 @@
-versionsh=0.9.5
+GeoIP_v=20201211
+clash_v=1.3.0
+clashpre_v=2020.11.20
+versionsh=1.0.0beta18fix

install.sh

@@ -1,86 +1,193 @@
- #!/bin/sh
+#! /bin/bash
 # Copyright (C) Juewuy
 
+echo='echo -e' && [ -n "$(echo -e|grep e)" ] && echo=echo
+[ -z "$1" ] && test=0 || test=$1
+
 echo "***********************************************"
 echo "**                 欢迎使用                  **"
-echo "**             Clash for Miwifi              **"
+echo "**                ShellClash                 **"
 echo "**                             by  Juewuy    **"
 echo "***********************************************"
 
-url="https://juewuy.xyz/clash/"
-result=$(curl -w %{http_code} -skLo /tmp/clashversion $url/bin/version)
-[ "$result" != "200" ] && echo "无法连接到服务器！" && exit 1
-source /tmp/clashversion
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-echo -e "~~~~版本：\033[32m$versionsh\033[0m"
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-echo -e "\033[44m使用中如遇问题请加TG群反馈：\033[42;30m t.me/clashfm \033[0m"
-echo -e "\033[37m目前仅支持小米AX系列3款路由器"
-echo -e "\033[44m其余型号可到TG群报名参与测试\033[0m"
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-echo -e "\033[32m 1 在默认目录(/etc)安装Clash for Miwifi"
-echo -e "\033[33m 2 手动设置安装目录（不明勿用！）"
-echo -e "\033[0m 0 退出安装"
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-read -p "请输入相应数字 > " num
+#检查root权限
+if [ "$USER" != "root" ];then
+	echo 当前用户:$USER
+	$echo "\033[31m请尽量使用root用户执行安装!\033[0m"
+	echo -----------------------------------------------
+	read -p "仍要安装？可能会产生大量未知错误！(1/0) > " res
+	[ "$res" != "1" ] && exit
+fi
+webget(){
+	#参数【$1】代表下载目录，【$2】代表在线地址
+	#参数【$3】代表输出显示，【$4】不启用重定向
+	if curl --version > /dev/null 2>&1;then
+		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
+		[ -z "$4" ] && redirect='-L' || redirect=''
+		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
+	else
+		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+		[ "$3" = "echoon" ] && progress=''
+		[ -z "$4" ] && redirect='' || redirect='--max-redirect=0'
+		wget -Y on $progress $redirect --no-check-certificate --timeout=5 -O $1 $2 
+		[ $? -eq 0 ] && result="200"
+	fi
+}
+#检查更新
+url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
+if [ "$test" -gt 0 ];then 
+	url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master"
+	[ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash"
+	[ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi"
+else
+	webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
+	[ "$result" = "200" ] && release_new=$(cat /tmp/clashrelease | head -1)
+	[ -z "$release_new" ] && release_new=master
+	url=$url@$release_new
+fi
+webget /tmp/clashversion $url/bin/version echooff
+[ "$result" = "200" ] && versionsh=$(cat /tmp/clashversion | grep "versionsh" | awk -F "=" '{print $2}')
+[ -z "$release_new" ] && release_new=$versionsh
+rm -rf /tmp/clashversion
+rm -rf /tmp/clashrelease
+[ -z "$release_new" ] && echo "无法连接服务器！" && exit
 
+tarurl=$url/bin/clashfm.tar.gz
+
+gettar(){
+	webget /tmp/clashfm.tar.gz $tarurl
+	[ "$result" != "200" ] && echo "文件下载失败！" && exit 1
+	#解压
+	echo -----------------------------------------------
+	echo 开始解压文件！
+	mkdir -p $clashdir > /dev/null
+	tar -zxvf '/tmp/clashfm.tar.gz' -C $clashdir/
+	[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
+	#初始化文件目录
+	[ -f "$clashdir/mark" ] || echo '#标识clash运行状态的文件，不明勿动！' > $clashdir/mark
+	#判断系统类型写入不同的启动文件
+	if [ -f /etc/rc.common ];then
+			#设为init.d方式启动
+			mv $clashdir/clashservice /etc/init.d/clash
+			chmod  777 /etc/init.d/clash
+	else
+		[ -w /etc/systemd/system ] && sysdir=/etc/systemd/system
+		[ -w /usr/lib/systemd/system ] && sysdir=/usr/lib/systemd/system
+		if [ -n "$sysdir" ];then
+			#设为systemd方式启动
+			mv $clashdir/clash.service $sysdir/clash.service
+			sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
+			systemctl daemon-reload
+		else
+			#设为保守模式启动
+			sed -i '/start_old=*/'d $clashdir/mark
+			echo start_old=已开启 >> $clashdir/mark
+		fi
+	fi
+	#修饰文件及版本号
+	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
+	sed -i "s%#!/bin/sh%#!/bin/$shtype%g" $clashdir/start.sh
+	chmod  777 $clashdir/start.sh
+	sed -i '/versionsh_l=*/'d $clashdir/mark
+	echo versionsh_l=$release_new >> $clashdir/mark
+	#设置环境变量
+	[ -w ~/.bashrc ] && profile=~/.bashrc
+	[ -w /etc/profile ] && profile=/etc/profile
+	sed -i '/alias clash=*/'d $profile
+	echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
+	sed -i '/export clashdir=*/'d $profile
+	echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	#删除临时文件
+	rm -rf /tmp/clashfm.tar.gz 
+	rm -rf $clashdir/clashservice
+	rm -rf $clashdir/clash.service
+}
+#下载及安装
+install(){
+echo -----------------------------------------------
+echo 开始从服务器获取安装文件！
+echo -----------------------------------------------
+gettar
+echo -----------------------------------------------
+echo ShellClash 已经安装成功!
+[ "$USER" != "root" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
+echo -----------------------------------------------
+$echo "\033[33m输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
+echo -----------------------------------------------
+}
+setdir(){		
+echo -----------------------------------------------
+$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
+$echo " 1 在\033[32m/etc目录\033[0m下安装(适合路由设备)"
+$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合大多数设备)"
+$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
+$echo " 4 手动设置安装目录"
+$echo " 0 退出安装"
+echo -----------------------------------------------
+read -p "请输入相应数字 > " num
+#设置目录
 if [ -z $num ];then
 	echo 安装已取消
 	exit;
-elif [[ $num == 1 ]];then
+elif [ "$num" = "1" ];then
 	dir=/etc
-elif [[ $num == 2 ]];then
-	echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+elif [ "$num" = "2" ];then
+	dir=/usr/share
+elif [ "$num" = "3" ];then
+	dir=~/.local/share
+	mkdir -p ~/.config/systemd/user
+elif [ "$num" = "4" ];then
+	echo -----------------------------------------------
 	echo '可用路径 剩余空间:'
-	df -h | awk '{print $6,$2}'| sed 1d 
+	df -h | awk '{print $6,$4}'| sed 1d 
 	echo '路径是必须带 / 的格式，写入虚拟内存(/tmp,/sys,..)的文件会在重启后消失！！！'
 	read -p "请输入自定义路径 > " dir
-	if [ -z $dir ];then
-		echo 路径错误！已取消安装！
+	if [ -z "$dir" ];then
+		$echo "\033[31m路径错误！请重新设置！\033[0m"
+		setdir
+	fi
+else
+	echo 安装已取消！！！
+	exit;
+fi
+if [ ! -w $dir ];then
+	$echo "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
+else
+	echo 目标目录磁盘剩余：$(df -h $dir | awk '{print $4}' | sed 1d )
+	read -p "确认安装？(1/0) > " res
+	[ "$res" = "1" ] && clashdir=$dir/clash || setdir
+fi
+}
+
+#输出
+$echo "最新版本：\033[32m$release_new\033[0m"
+echo -----------------------------------------------
+$echo "\033[44m如遇问题请加TG群反馈：\033[42;30m t.me/clashfm \033[0m"
+$echo "\033[37m支持各种基于openwrt的路由器设备"
+$echo "\033[33m支持Debian、Centos等标准Linux系统\033[0m"
+
+if [ -n "$clashdir" ];then
+	echo -----------------------------------------------
+	$echo "检测到旧的安装目录\033[36m$clashdir\033[0m，是否覆盖安装？"
+	$echo "\033[32m覆盖安装时不会移除配置文件！\033[0m"
+	read -p "覆盖安装/卸载旧版本？(1/0) > " res
+	if [ "$res" = "1" ];then
+		install
+	elif [ "$res" = "0" ];then
+		rm -rf $clashdir
+		echo -----------------------------------------------
+		$echo "\033[31m 旧版本文件已卸载！\033[0m"
+		setdir
+		install
+	elif [ "$res" = "9" ];then
+		echo 测试模式，变更安装位置
+		setdir
+		install
+	else
+		$echo "\033[31m输入错误！已取消安装！\033[0m"
 		exit;
 	fi
 else
-	echo 安装已取消
-	exit;
+	setdir
+	install
 fi
-#下载文件包
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-echo 开始从服务器获取安装文件！
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-tarurl=$url/bin/clashfm.tar.gz
-if command -v curl &> /dev/null; then
-	result=$(curl -w %{http_code} -kLo /tmp/clashfm.tar.gz $tarurl)
-else $result
-	wget-ssl -q --no-check-certificate --tries=1 --timeout=10 -O /tmp/clashfm.tar.gz $tarurl
-	[ $? -eq 0 ] && result="200"
-fi
-[ "$result" != "200" ] && echo "文件下载失败！" && exit 1
-#解压
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-echo 开始解压文件！
-mkdir -p $dir/clash > /dev/null
-tar -zxvf '/tmp/clashfm.tar.gz' -C $dir/clash/
-[ $? -ne 0 ] && echo "文件解压失败！" && exit 1 
-#初始化文件目录
-mv $dir/clash/clashservice /etc/init.d/clash #将clash服务文件移动到系统目录
-chmod  777 /etc/init.d/clash #授予权限
-if [ ! -f "$dir/clash/mark" ]; then
-cat >$dir/clash/mark<<EOF
-#标识clash运行状态的文件，不明勿动！
-EOF
-fi
-sed -i '/versionsh_l=*/'d $dir/clash/mark
-sed -i "1i\versionsh_l=$versionsh" $dir/clash/mark
-#设置环境变量
-sed -i '/alias clash=*/'d /etc/profile
-echo "alias clash=\"sh $dir/clash/clash.sh\"" >> /etc/profile #设置快捷命令环境变量
-sed -i '/export clashdir=*/'d /etc/profile
-echo "export clashdir=\"$dir/clash\"" >> /etc/profile #设置clash路径环境变量
-#删除临时文件
-rm -rf /tmp/clashfm.tar.gz 
-#提示
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-echo clash for Miwifi 已经安装成功!
-echo -e "\033[33m直接输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
-echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-

scripts/clash.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=clash
+After=network.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=/etc/clash/clash -d /etc/clash
+ExecStartPost=/etc/clash/start.sh afstart
+Restart=on-failure
+RestartSec=3s
+
+
+[Install]
+WantedBy=multi-user.target

scripts/clashservice

@@ -1,174 +1,41 @@
 #!/bin/sh /etc/rc.common
-# Example script
-# Copyright (C) 2007 OpenWrt.org
 
-USE_PROCD=1
 START=92
 
-getconfig(){
-#开机加载环境变量保证找到文件路径
-source /etc/profile > /dev/null 2>&1
-ccfg=$clashdir/mark
-if [ ! -f "$ccfg" ]; then
-	echo mark文件不存在，默认以Redir模式运行！
-cat >$ccfg<<EOF
-#标识clash运行状态的文件，不明勿动！
-EOF
-	#指定一些默认状态
-	redir_mod=redir模式
-	common_ports=未开启
-	dns_mod=redir-host
-	modify_yaml=未开启
-	ipv6_support=未开启
-fi
-source $ccfg #加载配置文件
-#是否代理常用端口
-if [ "$common_ports" = "已开启" ];then
-	ports='-m multiport --dports 22,53,587,465,995,993,143,80,443 '
-fi
-#DNS模式
-if [ "$common_ports" = "已开启" ];then
-	ports='-m multiport --dports 22,53,587,465,995,993,143,80,443 '
-fi
-#检测系统端口占用
-for portx in 1053 7890 7892 9999 ;do
-	[ -n "$(netstat -ntulp |grep $portx|grep -v clash)" ] && echo -e "检测到端口：\033[30;47m $portx \033[0m被占用！clash无法启动！" && exit;
-done
-}
-modify_yaml(){
-##########需要变更的配置###########
-mix='mixed-port: 7890'
-redir='redir-port: 7892'
-lan='allow-lan: true'
-mode='mode: Rule'
-log='log-level: info'
-if [ "$ipv6_support" = "已开启" ];then
-ipv6='ipv6: true'
-else
-ipv6='ipv6: false'
-fi
-external='external-controller: 0.0.0.0:9999'
-if [ "$dns_mod" = "fake-ip" ];then
-dns='dns: {enable: true, listen: 0.0.0.0:1053, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, nameserver: [114.114.114.114, 127.0.0.1:53], fallback: [tcp://1.0.0.1, 8.8.4.4]}'
-else
-dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:1053, enhanced-mode: redir-host, nameserver: [114.114.114.114, 127.0.0.1:53], fallback: [1.0.0.1, 8.8.4.4]}'
-fi
-if [ "$redir_mod" != "Redir模式" ];then
-tun='tun: {enable: true, stack: system}'
-else
-tun='tun: {enable: false}'
-fi 
-exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
-###################################
-	#预删除需要添加的项目
-	i=$(grep  -n  "^proxies:" $clashdir/config.yaml | head -1 | cut -d ":" -f 1)
-	i=$(($i-1))
-	sed -i '1,'$i'd' $clashdir/config.yaml
-	#添加配置
-	sed -i "1i$mix" $clashdir/config.yaml
-	sed -i "1a$redir" $clashdir/config.yaml
-	sed -i "2a$lan" $clashdir/config.yaml
-	sed -i "3a$mode" $clashdir/config.yaml
-	sed -i "4a$log" $clashdir/config.yaml
-	sed -i "5a$ipv6" $clashdir/config.yaml
-	sed -i "6a$external" $clashdir/config.yaml
-	sed -i "7a$dns" $clashdir/config.yaml
-	sed -i "8a$tun" $clashdir/config.yaml
-	sed -i "9a$exper" $clashdir/config.yaml
-	#跳过本地tls证书验证
-	if [ "$skip_cert" != "未开启" ];then
-	sed -i "10,99s/sni: \S*/\1skip-cert-verify: true}/" $clashdir/config.yaml  #跳过trojan本地证书验证
-	sed -i '10,99s/}}/}, skip-cert-verify: true}/' $clashdir/config.yaml  #跳过v2+ssl本地证书验证
-	fi
-	#sed -i '/rules:/a \ - DOMAIN-SUFFIX,clash.razord.top,🎯 全球直连' $clashdir/config.yaml
-}
-mark_time(){
-	start_time=`date +%s`
-	sed -i '/start_time*/'d $ccfg
-	sed -i "3i\start_time=$start_time" $ccfg
-}
-start_redir(){
-	#修改iptables规则使流量进入clash
-	iptables -t nat -N clash
-	iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
-	iptables -t nat -A clash -d 10.0.0.0/8 -j RETURN
-	iptables -t nat -A clash -d 127.0.0.0/8 -j RETURN
-	iptables -t nat -A clash -d 169.254.0.0/16 -j RETURN
-	iptables -t nat -A clash -d 172.16.0.0/12 -j RETURN
-	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
-	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
-	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
-	for mac in $(cat $clashdir/mac); do
-		iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
-	done
-	
-	iptables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports 7892
-	iptables -t nat -A PREROUTING -p tcp -j clash
-	if [ "$ipv6_support" = "已开启" ];then
-		ip6tables -t nat -N clash
-		for mac in $(cat $clashdir/mac); do
-			ip6tables -t nat -A clash -m mac --mac-source $mac -j RETURN
-		done
-		ip6tables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports 7892
-		ip6tables -t nat -A PREROUTING -p tcp -j clash
-	fi
-}
-stop_iptables(){
-    #重置iptables规则
-	iptables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1
-	iptables -t nat -D PREROUTING -p udp -j clash_dns > /dev/null 2>&1
-	iptables -t nat -F clash > /dev/null 2>&1
-	iptables -t nat -X clash > /dev/null 2>&1
-	iptables -t nat -F clash_dns > /dev/null 2>&1
-	iptables -t nat -X clash_dns > /dev/null 2>&1
-	#重置ipv6规则
-	ip6tables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1
-	ip6tables -t nat -D PREROUTING -p udp -j clash_dns > /dev/null 2>&1
-	ip6tables -t nat -F clash > /dev/null 2>&1
-	ip6tables -t nat -X clash > /dev/null 2>&1
-	ip6tables -t nat -F clash_dns > /dev/null 2>&1
-	ip6tables -t nat -X clash_dns > /dev/null 2>&1
-}
-start_dns(){
-	#允许tun网卡接受流量
-	iptables -I FORWARD -o utun -j ACCEPT
-	ip6tables -I FORWARD -o utun -j ACCEPT
-	#设置dns转发
-	iptables -t nat -N clash_dns
-	for mac in $(cat $clashdir/mac); do
-		iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
-	done
-	iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to 1053
-	iptables -t nat -A PREROUTING -p udp -j clash_dns
-	#ipv6DNS
-	ip6tables -t nat -N clash_dns
-	for mac in $(cat $clashdir/mac); do
-		ip6tables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
-	done
-	ip6tables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to 1053
-	ip6tables -t nat -A PREROUTING -p udp -j clash_dns
-}
+SERVICE_DAEMONIZE=1
+SERVICE_WRITE_PID=1
+USE_PROCD=1
+#获取目录
+DIR=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
+[ -z "$DIR" ] && DIR=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
+BINDIR=$(cat $DIR/mark | grep bindir | awk -F "=" '{print $2}')
+[ -z "$BINDIR" ] && BINDIR=$DIR
+
 start_service() {
-	getconfig
-	#使用内置规则强行覆盖config配置文件
-	if [ "$modify_yaml" != "已开启" ];then
-	modify_yaml
-	fi
-    #创建clash后台进程
+	#检测必须文件
+	$DIR/start.sh bfstart
+	#使用procd创建clash后台进程
 	procd_open_instance
 	procd_set_param respawn
 	procd_set_param stderr 1
 	procd_set_param stdout 1
-	procd_set_param command $clashdir/clash -d $clashdir
+	procd_set_param command $BINDIR/clash -d $BINDIR
 	procd_close_instance
-	#修改iptables规则使流量进入clash
-	stop_iptables
-	start_dns
-	if [ "$redir_mod" != "Tun模式" ];then
-	start_redir
-	fi
-	mark_time
+	#其他设置
+	$DIR/start.sh afstart
 }
-stop_service() {
-	stop_iptables
+
+start() {
+	if [ -z "$(pidof procd)" ];then
+		#检测必须文件
+		$DIR/start.sh bfstart
+		#创建后台进程
+		service_start  $BINDIR/clash -d $BINDIR
+		#其他设置
+		$DIR/start.sh afstart
+		#设置守护进程
+		$DIR/start.sh deamon
+	else
+		start_service
+	fi
 }

scripts/start.sh

@@ -0,0 +1,687 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#脚本内部工具
+getconfig(){
+	#加载配置文件
+	[ -z "$clashdir" ] && clashdir=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
+	[ -z "$clashdir" ] && clashdir=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
+	ccfg=$clashdir/mark
+	[ -f $ccfg ] && source $ccfg
+	#默认设置
+	[ -z "$bindir" ] && bindir=$clashdir
+	[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod=Redir模式
+	[ -z "$redir_mod" ] && redir_mod=Redir模式
+	[ -z "$skip_cert" ] && skip_cert=已开启
+	[ -z "$common_ports" ] && common_ports=已开启
+	[ -z "$dns_mod" ] && dns_mod=redir_host
+	[ -z "$dns_over" ] && dns_over=已开启
+	[ -z "$modify_yaml" ] && modify_yaml=未开启
+	[ -z "$ipv6_support" ] && ipv6_support=未开启
+	[ -z "$start_old" ] && start_old=未开启
+	[ -z "$local_proxy" ] && local_proxy=未开启
+	[ -z "$mix_port" ] && mix_port=7890
+	[ -z "$redir_port" ] && redir_port=7892
+	[ -z "$db_port" ] && db_port=9999
+	[ -z "$dns_port" ] && dns_port=1053
+	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
+	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
+	[ -z "$multiport" ] && multiport='53,587,465,995,993,143,80,443'
+	#是否代理常用端口
+	[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
+	}
+setconfig(){
+	#参数1代表变量名，参数2代表变量值,参数3即文件路径
+	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
+	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
+}
+compare(){
+	if [ ! -f $1 -o ! -f $2 ];then
+		return 1
+	elif command -v cmp >/dev/null 2>&1;then
+		cmp -s $1 $2
+	else
+		[ "$(cat $1)" = "$(cat $2)" ] && return 0 || return 1
+	fi
+}
+webget(){
+	[ -n "$(pidof clash)" ] && export all_proxy="http://$authentication@127.0.0.1:$mix_port" #设置临时http代理 
+	#参数【$1】代表下载目录，【$2】代表在线地址
+	#参数【$3】代表输出显示，【$4】不启用重定向
+	#参数【$5】代表验证证书
+	if curl --version > /dev/null 2>&1;then
+		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
+		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
+		[ "$5" = "skipceroff" ] && certificate='' || certificate='-k'
+		result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
+		[ "$result" != "200" ] && export all_proxy="" && result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
+	else
+		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+		[ "$3" = "echoon" ] && progress=''
+		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+		[ "$5" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
+		wget -Y on $progress $redirect $certificate --timeout=3 -O $1 $2 
+		if [ "$?" != "0" ];then
+			wget $progress $redirect $certificate --timeout=3 -O $1 $2
+			[ "$?" = "0" ] && result="200"
+		else
+			result="200"
+		fi
+	fi
+	export all_proxy=""
+}
+logger(){
+	[ -n "$2" ] && echo -e "\033[$2m$1\033[0m"
+	echo `date "+%G-%m-%d %H:%M:%S"` $1 >> $clashdir/log
+	[ "$(wc -l $clashdir/log | awk '{print $1}')" -gt 30 ] && sed -i '1,5d' $clashdir/log
+}
+cronset(){
+	# 参数1代表要移除的关键字,参数2代表要添加的任务语句
+	crondir=/tmp/cron_$USER
+	crontab -l > $crondir
+	sed -i "/$1/d" $crondir
+	echo "$2" >> $crondir
+	crontab $crondir
+	rm -f $crondir
+}
+mark_time(){
+	start_time=`date +%s`
+	sed -i '/start_time*/'d $clashdir/mark
+	echo start_time=$start_time >> $clashdir/mark
+}
+#配置文件相关
+getyaml(){
+	[ -z "$rule_link" ] && rule_link=1
+	[ -z "$server_link" ] && server_link=1
+	#前后端订阅服务器地址索引，可在此处添加！
+	Server=`sed -n ""$server_link"p"<<EOF
+subcon.dlj.tf
+subconverter.herokuapp.com
+subconverter-web.now.sh
+api.dler.io
+api.wcc.best
+EOF`
+	Config=`sed -n ""$rule_link"p"<<EOF
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_NoReject.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Mini_MultiMode.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_AdblockPlus.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Mini_AdblockPlus.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Full_Netflix.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Full_AdblockPlus.ini
+https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/lhie1_clash.ini
+https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/lhie1_dler.ini
+https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/connershua_pro.ini
+https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/connershua_backtocn.ini
+https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/dlercloud_lige_platinum.ini
+https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/basic.ini
+https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/netease.ini
+EOF`
+	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
+	if [ -z "$Https" ];then
+		Https="https://$Server/sub?target=clash&insert=true&new_name=true&scv=true&exclude=$exclude&include=$include&url=$Url&config=$Config"
+		markhttp=1
+	fi
+	#输出
+	echo -----------------------------------------------
+	echo 正在连接服务器获取配置文件…………链接地址为：
+	echo -e "\033[4;32m$Https\033[0m"
+	echo 可以手动复制该链接到浏览器打开并查看数据是否正常！
+	#获取在线yaml文件
+	yaml=$clashdir/config.yaml
+	yamlnew=/tmp/clash_config_$USER.yaml
+	rm -rf $yamlnew
+	webget $yamlnew $Https
+	if [ "$result" != "200" ];then
+		if [ -z "$markhttp" ];then
+			echo -----------------------------------------------
+			logger "配置文件获取失败！" 31
+			echo -e "\033[31m请尝试使用【导入订阅】功能！\033[0m"
+			echo -----------------------------------------------
+			exit 1
+		else
+			if [ "$retry" -ge 5 ];then
+				logger "无法获取配置文件，请检查链接格式以及网络连接状态！" 31
+				exit 1
+			else
+				retry=$((retry+1))
+				logger "配置文件获取失败！" 31
+				echo -e "\033[32m尝试使用其他服务器获取配置！\033[0m"
+				logger "正在重试第$retry次/共5次！" 32
+				sed -i '/server_link=*/'d $ccfg
+				if [ "$server_link" -ge 5 ]; then
+					server_link=0
+				fi
+				server_link=$((server_link+1))
+				echo server_link=$server_link >> $ccfg
+				Https=""
+				getyaml
+			fi
+		fi
+	else
+		Https=""
+		#检测节点或providers
+		if [ -z "$(cat $yamlnew | grep -E 'server:|proxy-providers:' | grep -v 'nameserver')" ];then
+			echo -----------------------------------------------
+			logger "获取到了配置文件，但似乎并不包含正确的节点信息！" 31
+			echo -----------------------------------------------
+			sed -n '1,30p' $yamlnew
+			echo -----------------------------------------------
+			echo -e "\033[33m请检查如上配置文件信息:\033[0m"
+			echo -----------------------------------------------
+			exit 1
+		fi
+		#检测旧格式
+		if cat $yamlnew | grep 'Proxy Group:' >/dev/null;then
+			echo -----------------------------------------------
+			logger "已经停止对旧格式配置文件的支持！！！" 31
+			echo -e "请使用新格式或者使用【导入节点/链接】功能！"
+			echo -----------------------------------------------
+			exit 1
+		fi
+		#检测不支持的加密协议
+		if cat $yamlnew | grep 'cipher: chacha20,' >/dev/null;then
+			echo -----------------------------------------------
+			logger "已停止支持chacha20加密，请更换更安全的节点加密协议！" 31
+			echo -----------------------------------------------
+			exit 1
+		fi
+		#使用核心内置test功能检测
+		if [ -x $bindir/clash ];then
+			$bindir/clash -t -d $bindir -f $yamlnew >/dev/null
+			if [ "$?" != "0" ];then
+				logger "配置文件加载失败！请查看报错信息！" 31
+				$bindir/clash -t -d $bindir -f $yamlnew
+				echo "$($bindir/clash -t -d $bindir -f $yamlnew)" >> $clashdir/log
+				exit 1
+			fi
+		fi
+		#如果不同则备份并替换文件
+		if [ -f $yaml ];then
+			compare $yamlnew $yaml
+			[ "$?" = 0 ] || mv -f $yaml $yaml.bak && mv -f $yamlnew $yaml
+		else
+			mv -f $yamlnew $yaml
+		fi
+		echo -e "\033[32m已成功获取配置文件！\033[0m"
+		rm -rf $yamlnew
+		exit 0
+	fi
+}
+modify_yaml(){
+##########需要变更的配置###########
+	lan='allow-lan: true'
+	mode='mode: Rule'
+	log='log-level: info'
+	[ "$ipv6_support" = "已开启" ] && ipv6='ipv6: true' || ipv6='ipv6: false'
+	external="external-controller: 0.0.0.0:$db_port"
+	[ -d $clashdir/ui ] && db_ui=ui
+	[ "$redir_mod" != "Redir模式" ] && tun='tun: {enable: true, stack: system}' || tun='tun: {enable: false}'
+	exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
+	#dns配置
+	if [ "$dns_mod" = "fake-ip" ];then
+		dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
+	else
+		dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: ['$dns_nameserver$dns_local'], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
+	fi
+	#设置目录
+	yaml=$clashdir/config.yaml
+	tmpdir=/tmp/clash_$USER
+	#预删除需要添加的项目
+	a=$(grep -n "port:" $yaml | head -1 | cut -d ":" -f 1)
+	b=$(grep -n "^prox" $yaml | head -1 | cut -d ":" -f 1)
+	b=$((b-1))
+	mkdir -p $tmpdir > /dev/null
+	sed "${a},${b}d" $yaml > $tmpdir/proxy.yaml
+	#跳过本地tls证书验证
+	[ "$skip_cert" = "已开启" ] && sed -i '10,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/proxy.yaml
+	#添加配置
+###################################
+	cat > $tmpdir/set.yaml <<EOF
+mixed-port: $mix_port
+redir-port: $redir_port
+authentication: ["$authentication"]
+$lan
+$mode
+$log
+$ipv6
+external-controller: :$db_port
+external-ui: $db_ui
+secret: $secret
+$tun
+$exper
+$dns
+EOF
+###################################
+	[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
+	#合并文件
+	cut -c 1- $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml
+	#插入自定义规则
+	if [ -f $clashdir/rules.yaml ];then
+		while read line;do
+			[ -z "$(echo "$line" | grep '#')" ] && \
+			[ -n "$(echo "$line" | grep '\-\ ')" ] && \
+			sed -i "/$line/d" $tmpdir/config.yaml && \
+			sed -i "/^rules:/a\ $line" $tmpdir/config.yaml
+		done < $clashdir/rules.yaml
+	fi
+	#如果没有使用小闪存模式
+	if [ "$tmpdir" != "$bindir" ];then
+		compare $tmpdir/config.yaml $yaml
+		[ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml
+	fi
+	rm -f $tmpdir/set.yaml
+	rm -f $tmpdir/proxy.yaml
+}
+#设置路由规则
+start_redir(){
+	#流量过滤规则
+	iptables -t nat -N clash
+	iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
+	iptables -t nat -A clash -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash -d 169.254.0.0/16 -j RETURN
+	iptables -t nat -A clash -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
+	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port
+	fi
+	iptables -t nat -A PREROUTING -p tcp -j clash
+	#设置ipv6转发
+	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
+	if [ -n "$ip6_nat" -a "$ipv6_support" = "已开启" ];then
+		ip6tables -t nat -N clashv6
+		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+			#mac白名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6 -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+			done
+		else
+			#mac黑名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN
+			done
+			ip6tables -t nat -A clashv6 -p tcp $ports -j REDIRECT --to-ports $redir_port
+		fi
+		ip6tables -t nat -A PREROUTING -p tcp -j clashv6
+	fi
+}
+start_dns(){
+	#允许tun网卡接受流量
+	if [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ];then
+		iptables -I FORWARD -o utun -j ACCEPT
+		[ "$ipv6_support" = "已开启" ] && ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1
+	fi
+	#设置dns转发
+	iptables -t nat -N clash_dns
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			iptables -t nat -A clash_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
+		done	
+		iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to $dns_port
+		iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+	fi
+	iptables -t nat -A PREROUTING -p udp -j clash_dns
+	#Google home DNS特殊处理
+	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash_dns
+	iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j clash_dns
+	#ipv6DNS
+	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
+	if [ -n "$ip6_nat" ];then
+		ip6tables -t nat -N clashv6_dns > /dev/null 2>&1
+		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+			#mac白名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+				ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			done
+		else
+			#mac黑名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6_dns -m mac --mac-source $mac -j RETURN
+			done	
+			ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port
+			ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+		fi
+		ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns
+	else
+		ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1
+		ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1
+	fi
+}
+start_udp(){
+	ip rule add fwmark 1 table 100
+	ip route add local default dev lo table 100
+	iptables -t mangle -N clash
+	iptables -t mangle -A clash -d 0.0.0.0/8 -j RETURN
+	iptables -t mangle -A clash -d 10.0.0.0/8 -j RETURN
+	iptables -t mangle -A clash -d 127.0.0.0/8 -j RETURN
+	iptables -t mangle -A clash -d 169.254.0.0/16 -j RETURN
+	iptables -t mangle -A clash -d 172.16.0.0/12 -j RETURN
+	iptables -t mangle -A clash -d 192.168.0.0/16 -j RETURN
+	iptables -t mangle -A clash -d 224.0.0.0/4 -j RETURN
+	iptables -t mangle -A clash -d 240.0.0.0/4 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t mangle -A clash -p udp -m mac --mac-source $mac -j TPROXY --on-port $redir_port --tproxy-mark 1
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t mangle -A clash -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t mangle -A clash -p udp -j TPROXY --on-port $redir_port --tproxy-mark 1
+	fi
+	iptables -t mangle -A PREROUTING -p udp -j clash
+}
+stop_iptables(){
+    #重置iptables规则
+	ip rule del fwmark 1 table 100  2> /dev/null
+	ip route del local default dev lo table 100 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -p udp -j clash_dns 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash_dns 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash_dns 2> /dev/null
+	iptables -t nat -F clash 2> /dev/null
+	iptables -t nat -X clash 2> /dev/null
+	iptables -t nat -F clash_dns 2> /dev/null
+	iptables -t nat -X clash_dns 2> /dev/null
+	iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#重置udp规则
+	iptables -t mangle -D PREROUTING -p udp -j clash 2> /dev/null
+	iptables -t mangle -F clash 2> /dev/null
+	iptables -t mangle -X clash 2> /dev/null
+	#重置ipv6规则
+	ip6tables -t nat -D PREROUTING -p tcp -j clashv6 2> /dev/null
+	ip6tables -t nat -D PREROUTING -p udp -j clashv6_dns 2> /dev/null
+	ip6tables -t nat -F clashv6 2> /dev/null
+	ip6tables -t nat -X clashv6 2> /dev/null
+	ip6tables -t nat -F clashv6_dns 2> /dev/null
+	ip6tables -t nat -X clashv6_dns 2> /dev/null
+	ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+}
+#面板配置保存相关
+web_save(){
+	get_save(){
+		if curl --version > /dev/null 2>&1;then
+			curl -s -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1"
+		elif [ -n "$(wget --help 2>&1|grep '\-\-method')" ];then
+			wget -q --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" -O - "$1"
+		else
+			logger 当前系统未安装curl且wget的版本太低，无法保存节点配置！ 31
+			getconfig
+			cronset '保存节点配置'
+		fi
+	}
+	#使用get_save获取面板节点设置
+	get_save http://localhost:${db_port}/proxies | awk -F "{" '{for(i=1;i<=NF;i++) print $i}' | grep -E '^"all".*"Selector"' > /tmp/clash_web_check_$USER
+	while read line ;do
+		def=$(echo $line | awk -F "[\[,]" '{print $2}')
+		now=$(echo $line | grep -oE '"now".*",' | sed 's/"now"://g'| sed 's/,//g')
+		[ "$def" != "$now" ] && echo $line | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g'| sed 's/"//g' >> /tmp/clash_web_save_$USER
+	done < /tmp/clash_web_check_$USER
+	rm -rf /tmp/clash_web_check_$USER
+	#对比文件，如果有变动且不为空则写入磁盘，否则清除缓存
+	if [ -s /tmp/clash_web_save_$USER ];then
+		compare /tmp/clash_web_save_$USER $clashdir/web_save
+		[ "$?" = 0 ] && rm -rf /tmp/clash_web_save_$USER || mv -f /tmp/clash_web_save_$USER $clashdir/web_save
+	fi
+}
+web_restore(){
+	put_save(){
+		if curl --version > /dev/null 2>&1;then
+			curl -sS -X PUT -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1" -d "$2" >/dev/null
+		else
+			wget -q --method=PUT --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" --body-data="$2" "$1" >/dev/null
+		fi
+	}
+	#设置循环检测clash面板端口
+	i=1
+	while [ $i -lt 10 ];do
+		sleep 1
+		if curl --version > /dev/null 2>&1;then
+			test=$(curl -s http://localhost:${db_port})
+		else
+			test=$(wget -q -O - http://localhost:${db_port})
+		fi
+		[ -n "$test" ] && i=10
+	done
+	#发送数据
+	num=$(cat $clashdir/web_save | wc -l)
+	for i in `seq $num`;
+	do
+		group_name=$(awk -F ',' 'NR=="'${i}'" {print $1}' $clashdir/web_save | sed 's/ /%20/g')
+		now_name=$(awk -F ',' 'NR=="'${i}'" {print $2}' $clashdir/web_save)
+		put_save http://localhost:${db_port}/proxies/${group_name} "{\"name\":\"${now_name}\"}"
+	done
+}
+#启动相关
+catpac(){
+	host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '192.|10.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+	[ -z "$host" ] && host=127.0.0.1
+	cat > /tmp/clash_pac <<EOF
+function FindProxyForURL(url, host) {
+	if (
+		isInNet(host, "0.0.0.0", "255.0.0.0")||
+		isInNet(host, "10.0.0.0", "255.0.0.0")||
+		isInNet(host, "127.0.0.0", "255.0.0.0")||
+		isInNet(host, "224.0.0.0", "224.0.0.0")||
+		isInNet(host, "240.0.0.0", "240.0.0.0")||
+		isInNet(host, "172.16.0.0",  "255.240.0.0")||
+		isInNet(host, "192.168.0.0", "255.255.0.0")||
+		isInNet(host, "169.254.0.0", "255.255.0.0")
+	)
+		return "DIRECT";
+	else
+		return "PROXY 192.168.31.1:7890; DIRECT; SOCKS5 192.168.31.1:7890"
+}
+EOF
+	compare /tmp/clash_pac $bindir/ui/pac
+	[ "$?" = 0 ] && rm -rf /tmp/clash_pac || mv -f /tmp/clash_pac $bindir/ui/pac
+}
+bfstart(){
+	#读取配置文件
+	getconfig
+	[ ! -d $bindir/ui ] && mkdir -p $bindir/ui
+	[ -z "$update_url" ] && update_url=https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master
+	#检查clash核心
+	if [ ! -f $bindir/clash ];then
+		if [ -f $clashdir/clash ];then
+			mv $clashdir/clash $bindir/clash && chmod +x $bindir/clash
+		else
+			logger "未找到clash核心，正在下载！" 33
+			if [ -z "$clashcore" ];then
+				[ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ] && clashcore=clashpre || clashcore=clash
+			fi
+			[ -z "$cpucore" ] && source $clashdir/getdate.sh && getcpucore
+			[ -z "$cpucore" ] && logger 找不到设备的CPU信息，请手动指定处理器架构类型！ 31 && setcpucore
+			webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
+			[ "$?" = 1 ] && logger "核心下载失败，已退出！" 31 && rm -f $bindir/clash && exit 1
+			[ ! -x $bindir/clash ] && chmod +x $bindir/clash 	#检测可执行权限
+			clashv=$($bindir/clash -v | awk '{print $2}')
+			setconfig clashv $clashv
+		fi
+	fi
+	#检查数据库文件
+	if [ ! -f $bindir/Country.mmdb ];then
+		if [ -f $clashdir/Country.mmdb ];then
+			mv $clashdir/Country.mmdb $bindir/Country.mmdb
+		else
+			logger "未找到GeoIP数据库，正在下载！" 33
+			[ -z "$geotype" ] && geotype=cn_mini.mmdb
+			webget $bindir/Country.mmdb $update_url/bin/$geotype
+			[ "$?" = 1 ] && logger "数据库下载失败，已退出！" 31 && rm -f $bindir/Country.mmdb && exit 1
+			Geo_v=$(date +"%Y%m%d")
+			setconfig Geo_v $Geo_v
+		fi
+	fi
+	#检查dashboard文件
+	if [ -f $clashdir/ui/index.html -a ! -f $bindir/ui/index.html ];then
+		cp -rf $clashdir/ui $bindir
+	fi
+	catpac #生成pac文件
+	#检查yaml配置文件
+	if [ ! -f $clashdir/config.yaml ];then
+		if [ -n "$Url" -o -n "$Https" ];then
+			logger "未找到配置文件，正在下载！" 33
+			getyaml
+			exit 0
+		else
+			logger "未找到配置文件链接，请先导入配置文件！" 31
+			exit 1
+		fi
+	fi
+}
+afstart(){
+
+	#读取配置文件
+	getconfig
+	$bindir/clash -t -d $bindir >/dev/null
+	if [ "$?" = 0 ];then
+		#设置iptables转发规则
+		[ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && start_dns
+		[ "$redir_mod" != "纯净模式" ] && [ "$redir_mod" != "Tun模式" ] && start_redir
+		[ "$redir_mod" = "Redir模式" ] && [ "$tproxy_mod" = "已开启" ] && start_udp
+		#标记启动时间
+		mark_time
+		#设置本机代理
+		[ "$local_proxy" = "已开启" ] && $0 set_proxy $mix_port $db_port
+		#启用面板配置自动保存
+		cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
+		[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
+	else
+		logger "clash服务启动失败！请查看报错信息！" 31
+		$bindir/clash -t -d $bindir
+		echo "$($bindir/clash -t -d $bindir)" >> $clashdir/log
+		$0 stop
+		exit 1
+	fi
+}
+start_old(){
+	#使用传统后台执行二进制文件的方式执行
+	$bindir/clash -d $bindir >/dev/null &
+	afstart
+	$0 daemon
+}
+
+case "$1" in
+
+bfstart)
+		bfstart
+	;;
+afstart)
+		afstart
+	;;
+start)		
+		[ -n "$(pidof clash)" ] && $0 stop #禁止多实例
+		getconfig
+		#检测必须文件并下载
+		bfstart
+		stop_iptables #清理iptables
+		#使用内置规则强行覆盖config配置文件
+		[ "$modify_yaml" != "已开启" ] && modify_yaml
+		#使用不同方式启动clash服务
+		if [ "$start_old" = "已开启" ];then
+			start_old
+		elif [ -f /etc/rc.common ];then
+			/etc/init.d/clash start
+		elif [ "$USER" = "root" ];then
+			systemctl start clash.service
+		else
+			start_old
+		fi
+	;;
+stop)	
+		getconfig
+		[ -n "$(pidof clash)" ] && web_save #保存面板配置
+		#删除守护进程&面板配置自动保存
+		cronset "clash保守模式守护进程"
+		cronset "保存节点配置"
+		#多种方式结束进程
+		if [ -f /etc/rc.common ];then
+			/etc/init.d/clash stop >/dev/null 2>&1
+		elif [ "$USER" = "root" ];then
+			systemctl stop clash.service >/dev/null 2>&1
+		fi
+		PID=$(pidof clash) && [ -n "$PID" ] &&  kill -9 $PID >/dev/null 2>&1
+		stop_iptables #清理iptables
+		[ "$local_proxy" = "已开启" ] && $0 unset_proxy #禁用本机代理
+        ;;
+restart)
+        $0 stop
+        $0 start
+        ;;
+getyaml)	
+		getconfig
+		getyaml
+		;;
+updateyaml)	
+		$0 getyaml
+		$0 restart
+		;;
+webget)
+		webget $2 $3 $4 $5
+		;;
+web_save)
+		getconfig
+		web_save
+	;;
+daemon)
+		getconfig
+		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
+	;;
+set_proxy)
+		getconfig
+		#GNOME配置
+		if  [ "$local_proxy_type" = "GNOME" ];then
+			gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac"
+			gsettings set org.gnome.system.proxy mode "auto"
+		#KDE配置
+		elif  [ "$local_proxy_type" = "KDE" ];then
+			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac"
+			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2
+		#环境变量方式
+		else
+			[ -w ~/.bashrc ] && profile=~/.bashrc
+			[ -w /etc/profile ] && profile=/etc/profile
+			echo 'export all_proxy=http://127.0.0.1:'"$mix_port" >> $profile
+			echo 'export ALL_PROXY=$all_proxy' >>  $profile
+		fi
+	;;
+unset_proxy)
+		#GNOME配置
+		if  gsettings --version >/dev/null 2>&1 ;then
+			gsettings set org.gnome.system.proxy mode "none"
+		fi
+		#KDE配置
+		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
+			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0
+		fi
+		#环境变量方式
+		[ -w ~/.bashrc ] && profile=~/.bashrc
+		[ -w /etc/profile ] && profile=/etc/profile
+		sed -i '/all_proxy/'d  $profile
+		sed -i '/ALL_PROXY/'d  $profile
+	;;
+esac
+
+exit 0