moliayako/ShellCrash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

~统一缩进

Browse Source
This commit is contained in:
juewuy
2026-03-25 20:15:42 +08:00
parent ab29b5c036
commit 837f99727a
60 changed files with 2846 additions and 2846 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
scripts/starts/afstart.sh
View File

@@ -12,45 +12,45 @@
[ -z "$firewall_area" ] && firewall_area=1
#延迟启动
[ ! -f "$TMPDIR"/crash_start_time ] && [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && {
logger "ShellCrash将延迟$start_delay秒启动" 31
sleep "$start_delay"
logger "ShellCrash将延迟$start_delay秒启动" 31
sleep "$start_delay"
}
#设置循环检测面板端口以判定服务启动是否成功
. "$CRASHDIR"/libs/start_wait.sh
if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
[ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
. "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持
date +%s >"$TMPDIR"/crash_start_time #标记启动时间
#后台还原面板配置
[ -s "$CRASHDIR"/configs/web_save ] && {
. "$CRASHDIR"/libs/web_restore.sh
web_restore >/dev/null 2>&1 &
}
#推送日志
{
sleep 5
logger ShellCrash服务已启动
} &
ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 #Padavan保存/etc/storage
#加载定时任务
cronload | grep -v '^$' > "$TMPDIR"/cron_tmp
[ -s "$CRASHDIR"/task/cron ] && cat "$CRASHDIR"/task/cron >> "$TMPDIR"/cron_tmp
[ -s "$CRASHDIR"/task/running ] && cat "$CRASHDIR"/task/running >> "$TMPDIR"/cron_tmp
[ "$bot_tg_service" = ON ] && echo "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程" >> "$TMPDIR"/cron_tmp
[ "$start_old" = ON ] && echo "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程" >> "$TMPDIR"/cron_tmp
awk '!x[$0]++' "$TMPDIR"/cron_tmp > "$TMPDIR"/cron_tmp2 #删除重复行
cronadd "$TMPDIR"/cron_tmp2
rm -f "$TMPDIR"/cron_tmp "$TMPDIR"/cron_tmp2
#加载条件任务
[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
#注入防火墙
line=$(grep -En "fw.* restart" /etc/init.d/firewall | cut -d ":" -f 1)
sed -i.bak "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
sed -i "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
} &
exit 0
[ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore #删除缓存目录内核文件
. "$CRASHDIR"/starts/fw_start.sh #配置防火墙流量劫持
date +%s >"$TMPDIR"/crash_start_time #标记启动时间
#后台还原面板配置
[ -s "$CRASHDIR"/configs/web_save ] && {
. "$CRASHDIR"/libs/web_restore.sh
web_restore >/dev/null 2>&1 &
}
#推送日志
{
sleep 5
logger ShellCrash服务已启动
} &
ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 #Padavan保存/etc/storage
#加载定时任务
cronload | grep -v '^$' > "$TMPDIR"/cron_tmp
[ -s "$CRASHDIR"/task/cron ] && cat "$CRASHDIR"/task/cron >> "$TMPDIR"/cron_tmp
[ -s "$CRASHDIR"/task/running ] && cat "$CRASHDIR"/task/running >> "$TMPDIR"/cron_tmp
[ "$bot_tg_service" = ON ] && echo "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程" >> "$TMPDIR"/cron_tmp
[ "$start_old" = ON ] && echo "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程" >> "$TMPDIR"/cron_tmp
awk '!x[$0]++' "$TMPDIR"/cron_tmp > "$TMPDIR"/cron_tmp2 #删除重复行
cronadd "$TMPDIR"/cron_tmp2
rm -f "$TMPDIR"/cron_tmp "$TMPDIR"/cron_tmp2
#加载条件任务
[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
#注入防火墙
line=$(grep -En "fw.* restart" /etc/init.d/firewall | cut -d ":" -f 1)
sed -i.bak "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
sed -i "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
} &
exit 0
else
. "$CRASHDIR"/starts/start_error.sh
. "$CRASHDIR"/starts/start_error.sh
fi

106
scripts/starts/bfstart.sh
View File

@@ -38,8 +38,8 @@ makehtml() { #生成面板跳转文件
<body>
<div style="text-align: center; margin-top: 50px;">
<h1>您还未安装本地面板</h1>
<h3>请在脚本更新功能中(9-4)安装<br>或者使用在线面板:</h3>
<h4>请复制当前地址/ui(不包括)前面的内容填入url位置即可连接</h3>
<h3>请在脚本更新功能中(9-4)安装<br>或者使用在线面板:</h3>
<h4>请复制当前地址/ui(不包括)前面的内容填入url位置即可连接</h3>
<a href="http://board.zash.run.place" style="font-size: 24px;">Zashboard面板(推荐)<br></a>
<a style="font-size: 21px;"><br>如已安装请使用Ctrl+F5强制刷新此页面<br></a>
</div>
@@ -54,19 +54,19 @@ catpac() { #生成pac文件
[ -z "$host_pac" ] && host_pac=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
cat >"$TMPDIR"/shellcrash_pac <<EOF
function FindProxyForURL(url, host) {
if (
isInNet(host, "0.0.0.0", "255.0.0.0")||
isInNet(host, "10.0.0.0", "255.0.0.0")||
isInNet(host, "127.0.0.0", "255.0.0.0")||
isInNet(host, "224.0.0.0", "224.0.0.0")||
isInNet(host, "240.0.0.0", "240.0.0.0")||
isInNet(host, "172.16.0.0", "255.240.0.0")||
isInNet(host, "192.168.0.0", "255.255.0.0")||
isInNet(host, "169.254.0.0", "255.255.0.0")
)
return "DIRECT";
else
return "PROXY $host_pac:$mix_port; DIRECT; SOCKS5 $host_pac:$mix_port"
if (
isInNet(host, "0.0.0.0", "255.0.0.0")||
isInNet(host, "10.0.0.0", "255.0.0.0")||
isInNet(host, "127.0.0.0", "255.0.0.0")||
isInNet(host, "224.0.0.0", "224.0.0.0")||
isInNet(host, "240.0.0.0", "240.0.0.0")||
isInNet(host, "172.16.0.0", "255.240.0.0")||
isInNet(host, "192.168.0.0", "255.255.0.0")||
isInNet(host, "169.254.0.0", "255.255.0.0")
)
return "DIRECT";
else
return "PROXY $host_pac:$mix_port; DIRECT; SOCKS5 $host_pac:$mix_port"
}
EOF
compare "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
@@ -82,61 +82,61 @@ EOF
[ -s "$CRASHDIR"/task/bfstart ] && . "$CRASHDIR"/task/bfstart
#检查内核配置文件
if [ ! -f "$core_config" ]; then
if [ -n "$Url" -o -n "$Https" ]; then
logger "未找到配置文件,正在下载!" 33
. "$CRASHDIR"/starts/core_config.sh && get_core_config
else
logger "未找到配置文件链接,请先导入配置文件!" 31
exit 1
fi
if [ -n "$Url" -o -n "$Https" ]; then
logger "未找到配置文件,正在下载!" 33
. "$CRASHDIR"/starts/core_config.sh && get_core_config
else
logger "未找到配置文件链接,请先导入配置文件!" 31
exit 1
fi
fi
#检查dashboard文件
if [ -f "$CRASHDIR"/ui/CNAME -a ! -f "$BINDIR"/ui/CNAME ]; then
cp -rf "$CRASHDIR"/ui "$BINDIR"
cp -rf "$CRASHDIR"/ui "$BINDIR"
fi
[ ! -s "$BINDIR"/ui/index.html ] && makehtml #如没有面板则创建跳转界面
catpac #生成pac文件
#内核及内核配置文件检查
[ "$CRASHDIR" != "$BINDIR" ] && {
mkdir -p "$BINDIR"/providers
ln -sf "$CRASHDIR"/providers/* "$BINDIR"/providers/
mkdir -p "$BINDIR"/providers
ln -sf "$CRASHDIR"/providers/* "$BINDIR"/providers/
}
if echo "$crashcore" | grep -q 'singbox'; then
. "$CRASHDIR"/starts/singbox_check.sh && singbox_check
[ -d "$TMPDIR"/jsons ] && rm -rf "$TMPDIR"/jsons/* || mkdir -p "$TMPDIR"/jsons #准备目录
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
else
ln -sf "$core_config" "$TMPDIR"/jsons/config.json
fi
. "$CRASHDIR"/starts/singbox_check.sh && singbox_check
[ -d "$TMPDIR"/jsons ] && rm -rf "$TMPDIR"/jsons/* || mkdir -p "$TMPDIR"/jsons #准备目录
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
else
ln -sf "$core_config" "$TMPDIR"/jsons/config.json
fi
else
. "$CRASHDIR"/starts/clash_check.sh && clash_check
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/clash_modify.sh && modify_yaml
else
ln -sf "$core_config" "$TMPDIR"/config.yaml
fi
. "$CRASHDIR"/starts/clash_check.sh && clash_check
if [ "$disoverride" != "1" ];then
. "$CRASHDIR"/starts/clash_modify.sh && modify_yaml
else
ln -sf "$core_config" "$TMPDIR"/config.yaml
fi
fi
#检查下载cnip绕过相关文件
[ "$cn_ip_route" = "ON" ] && [ "$dns_mod" != "fake-ip" ] && {
[ "$firewall_mod" = nftables ] || ckcmd ipset && {
. "$CRASHDIR"/starts/check_cnip.sh
ck_cn_ipv4
[ "$ipv6_redir" = "ON" ] && ck_cn_ipv6
}
[ "$firewall_mod" = nftables ] || ckcmd ipset && {
. "$CRASHDIR"/starts/check_cnip.sh
ck_cn_ipv4
[ "$ipv6_redir" = "ON" ] && ck_cn_ipv6
}
}
#添加shellcrash用户
[ "$firewall_area" = 2 ] || [ "$firewall_area" = 3 ] || [ "$(cat /proc/1/comm)" = "systemd" ] &&
[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
ckcmd userdel && userdel shellcrash 2>/dev/null
sed -i '/0:7890/d' /etc/passwd
sed -i '/x:7890/d' /etc/group
if ckcmd useradd; then
useradd shellcrash -u 7890
sed -Ei s/7890:7890/0:7890/g /etc/passwd
else
echo "shellcrash:x:0:7890:::" >>/etc/passwd
fi
[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
ckcmd userdel && userdel shellcrash 2>/dev/null
sed -i '/0:7890/d' /etc/passwd
sed -i '/x:7890/d' /etc/group
if ckcmd useradd; then
useradd shellcrash -u 7890
sed -Ei s/7890:7890/0:7890/g /etc/passwd
else
echo "shellcrash:x:0:7890:::" >>/etc/passwd
fi
}
#加载系统内核组件
[ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && ckcmd modprobe && modprobe tun 2>/dev/null

2
scripts/starts/check_core.sh
View File

@@ -5,7 +5,7 @@
check_core() { #检查及下载内核文件
[ -n "$(find --help 2>&1 | grep -o size)" ] && find_para=' -size +2000' #find命令兼容
[ -z "$(find "$TMPDIR"/CrashCore $find_para 2>/dev/null)" ] && core_find
[ -z "$(find "$TMPDIR"/CrashCore $find_para 2>/dev/null)" ] && core_find
[ ! -f "$TMPDIR"/CrashCore ] && {
logger "未找到【$crashcore】核心,正在下载!" 33
[ -z "$cpucore" ] && . "$CRASHDIR"/libs/check_cpucore.sh && check_cpucore

48
scripts/starts/clash_modify.sh
View File

@@ -16,15 +16,15 @@ modify_yaml() {
#Meta内核专属配置
[ "$crashcore" = 'meta' ] && {
[ -z "$(grep 'PROCESS' "$CRASHDIR"/yamls/*.yaml)" ] && find_process='find-process-mode: "off"'
#ecs优化
[ "$ecs_subnet" = ON ] && {
. "$CRASHDIR"/libs/get_ecsip.sh
if [ -n "$ecs_address" ];then
dns_fallback=$(echo "$dns_fallback, " | sed "s|, |#ecs-override=true\&ecs=$ecs_address, |g" | sed 's|, $||')
else
logger "自动获取ecs网段失败"
fi
}
#ecs优化
[ "$ecs_subnet" = ON ] && {
. "$CRASHDIR"/libs/get_ecsip.sh
if [ -n "$ecs_address" ];then
dns_fallback=$(echo "$dns_fallback, " | sed "s|, |#ecs-override=true\&ecs=$ecs_address, |g" | sed 's|, $||')
else
logger "自动获取ecs网段失败"
fi
}
}
#dns配置
[ -z "$(cat "$CRASHDIR"/yamls/user.yaml 2>/dev/null | grep '^dns:')" ] && {
@@ -100,17 +100,17 @@ EOF
if [ "$crashcore" = "meta" ]; then
echo " 'services.googleapis.cn': services.googleapis.com" >>"$TMPDIR"/hosts.yaml
fi
#加载本机hosts
sys_hosts=/etc/hosts
[ -f /data/etc/custom_hosts ] && sys_hosts='/etc/hosts /data/etc/custom_hosts'
cat $sys_hosts | while read line; do
[ -n "$(echo "$line" | grep -oE "([0-9]{1,3}[\.]){3}")" ] &&
[ -z "$(echo "$line" | grep -oE '^#')" ] &&
hosts_ip=$(echo $line | awk '{print $1}') &&
hosts_domain=$(echo $line | awk '{print $2}') &&
[ -z "$(cat "$TMPDIR"/hosts.yaml | grep -oE "$hosts_domain")" ] &&
echo " '$hosts_domain': $hosts_ip" >>"$TMPDIR"/hosts.yaml
done
#加载本机hosts
sys_hosts=/etc/hosts
[ -f /data/etc/custom_hosts ] && sys_hosts='/etc/hosts /data/etc/custom_hosts'
cat $sys_hosts | while read line; do
[ -n "$(echo "$line" | grep -oE "([0-9]{1,3}[\.]){3}")" ] &&
[ -z "$(echo "$line" | grep -oE '^#')" ] &&
hosts_ip=$(echo $line | awk '{print $1}') &&
hosts_domain=$(echo $line | awk '{print $2}') &&
[ -z "$(cat "$TMPDIR"/hosts.yaml | grep -oE "$hosts_domain")" ] &&
echo " '$hosts_domain': $hosts_ip" >>"$TMPDIR"/hosts.yaml
done
fi
#分割配置文件
yaml_char='proxies proxy-groups proxy-providers rules rule-providers sub-rules listeners'
@@ -172,10 +172,10 @@ EOF
done
}
#添加自定义入站
[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/meta_listeners.sh
}
[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/meta_listeners.sh
}
#节点绕过功能支持
sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
[ "$proxies_bypass" = "ON" ] && {

18
scripts/starts/core_config.sh
View File

@@ -31,19 +31,19 @@ get_core_config() { #下载内核配置文件
Server_ua=$(grep -aE '^4' "$CRASHDIR"/configs/servers.list | sed -n ""$server_link"p" | awk '{print $4}')
Config=$(grep -aE '^5' "$CRASHDIR"/configs/servers.list | sed -n ""$rule_link"p" | awk '{print $3}')
gen_ua
#如果传来的是Url链接则合成Https链接否则直接使用Https链接
#如果传来的是Url链接则合成Https链接否则直接使用Https链接
if [ -z "$Https" ]; then
#Urlencord转码处理保留字符
if ckcmd hexdump;then
Url=$(echo $Url | sed 's/%26/\&/g') #处理分隔符
urlencodeUrl="exclude=$(urlencode "$exclude")&include=$(urlencode "$include")&url=$(urlencode "$Url")&config=$(urlencode "$Config")"
else
urlencodeUrl="exclude=$exclude&include=$include&url=$Url&config=$Config"
fi
Url=$(echo $Url | sed 's/%26/\&/g') #处理分隔符
urlencodeUrl="exclude=$(urlencode "$exclude")&include=$(urlencode "$include")&url=$(urlencode "$Url")&config=$(urlencode "$Config")"
else
urlencodeUrl="exclude=$exclude&include=$include&url=$Url&config=$Config"
fi
Https="${Server}/sub?target=${target}&${Server_ua}=${user_agent}&insert=true&new_name=true&scv=true&udp=true&${urlencodeUrl}"
url_type=true
else
Https=$(echo $Https | sed 's/\\&/\&/g') #还原转义
else
Https=$(echo $Https | sed 's/\\&/\&/g') #还原转义
fi
#输出
echo "-----------------------------------------------"
@@ -92,7 +92,7 @@ get_core_config() { #下载内核配置文件
else
. "$CRASHDIR"/starts/clash_config_check.sh
fi
check_config
check_config
#如果不同则备份并替换文件
if [ -s "$core_config" ]; then
compare "$core_config_new" "$core_config"

28
scripts/starts/fw_getlanip.sh
View File

@@ -9,17 +9,17 @@ getlanip() { #获取局域网host地址
[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
sleep 1 && i=$((i + 1))
done
#Tailscale
[ "$ts_service" = ON ] && {
ts_host_ipv4=' 100.64.0.0/10'
ts_host_ipv6=' fd7a:115c:a1e0::/48'
}
#Wireguard
[ "$wg_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
wg_host_ipv4=' $wg_ipv4'
[ -n "$wg_ipv6" ] && wg_host_ipv6=' $wg_ipv6'
}
#Tailscale
[ "$ts_service" = ON ] && {
ts_host_ipv4=' 100.64.0.0/10'
ts_host_ipv6=' fd7a:115c:a1e0::/48'
}
#Wireguard
[ "$wg_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
wg_host_ipv4=' $wg_ipv4'
[ -n "$wg_ipv6" ] && wg_host_ipv6=' $wg_ipv6'
}
#添加自定义ipv4局域网网段
if [ "$replace_default_host_ipv4" == "ON" ]; then
host_ipv4="$cust_host_ipv4"
@@ -28,9 +28,9 @@ getlanip() { #获取局域网host地址
fi
#缺省配置
[ -z "$host_ipv4" ] && {
host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
logger "无法获取本地LAN-IPV4网段请前往流量过滤设置界面设置自定义网段" 31
}
host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
logger "无法获取本地LAN-IPV4网段请前往流量过滤设置界面设置自定义网段" 31
}
host_ipv6="fe80::/10 fd00::/8 $host_ipv6$ts_host_ipv6$wg_host_ipv6"
#获取本机出口IP地址
local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)

64
scripts/starts/fw_iptables.sh
View File

@@ -3,7 +3,7 @@
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
start_ipt_route() { #iptables-route通用工具
#$1:iptables/ip6tables $2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING) $4:新创建的shellcrash链表 $5:tcp/udp/all
#区分ipv4/ipv6
@@ -32,9 +32,9 @@ start_ipt_route() { #iptables-route通用工具
done
[ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN
[ -z "$ports" ] && {
"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
}
"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
}
#跳过目标保留地址及目标本机网段
for ip in $HOST_IP $RESERVED_IP; do
"$1" $w -t "$2" -A "$4" -d $ip -j RETURN
@@ -136,35 +136,35 @@ start_ipt_dns() { #iptables-dns通用工具
"$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
}
start_ipt_wan() { #iptables公网防火墙
ipt_wan_accept(){
$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
}
ipt_wan_reject(){
$iptable -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
}
#端口拦截
reject_ports="$mix_port,$db_port"
ipt_wan_reject tcp
ipt_wan_reject udp
#端口放行
[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//")
ipt_wan_accept(){
$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
}
ipt_wan_reject(){
$iptable -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
}
#端口拦截
reject_ports="$mix_port,$db_port"
ipt_wan_reject tcp
ipt_wan_reject udp
#端口放行
[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//")
[ -n "$accept_ports" ] && {
ipt_wan_accept tcp
ipt_wan_accept udp
}
#局域网请求放行
for ip in $host_ipv4; do
$iptable -I INPUT -s $ip -j ACCEPT
done
ckcmd ip6tables && for ip in $host_ipv6; do
$ip6table -I INPUT -s $ip -j ACCEPT
done
#本机请求全放行
$iptable -I INPUT -i lo -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -i lo -j ACCEPT
ipt_wan_accept tcp
ipt_wan_accept udp
}
#局域网请求放行
for ip in $host_ipv4; do
$iptable -I INPUT -s $ip -j ACCEPT
done
ckcmd ip6tables && for ip in $host_ipv6; do
$ip6table -I INPUT -s $ip -j ACCEPT
done
#本机请求全放行
$iptable -I INPUT -i lo -j ACCEPT
ckcmd ip6tables && $ip6table -I INPUT -i lo -j ACCEPT
}
start_iptables() { #iptables配置总入口
#启动公网访问防火墙

92
scripts/starts/fw_nftables.sh
View File

@@ -5,24 +5,24 @@ RESERVED_IP=$(echo $reserve_ipv4 | sed 's/[[:space:]]\+/, /g')
RESERVED_IP6=$(echo "$reserve_ipv6 $host_ipv6" | sed 's/[[:space:]]\+/, /g')
add_ip6_route(){
#过滤保留地址及本机地址
nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return
#仅代理本机局域网网段流量
nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
#绕过CN_IPV6
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && {
CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
[ -n "$CN_IP6" ] && {
nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
nft add element inet shellcrash cn_ip6 { $CN_IP6 }
nft add rule inet shellcrash $1 ip6 daddr @cn_ip6 return
}
}
#过滤保留地址及本机地址
nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return
#仅代理本机局域网网段流量
nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
#绕过CN_IPV6
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && {
CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
[ -n "$CN_IP6" ] && {
nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
nft add element inet shellcrash cn_ip6 { $CN_IP6 }
nft add rule inet shellcrash $1 ip6 daddr @cn_ip6 return
}
}
}
start_nft_route() { #nftables-route通用工具
#$1:name $2:hook(prerouting/output) $3:type(nat/mangle/filter) $4:priority(-100/-150)
[ "$common_ports" = "ON" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
[ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/[[:space:]]\+/, /g')"
[ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/[[:space:]]\+/, /g')"
#添加新链
@@ -39,9 +39,9 @@ start_nft_route() { #nftables-route通用工具
#过滤常用端口
[ -n "$PORTS" ] && {
nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} tcp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} udp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} udp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} tcp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} udp dport != {$PORTS} return
nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} udp dport != {$PORTS} return
}
#nft add rule inet shellcrash $1 ip saddr 28.0.0.0/8 return
nft add rule inet shellcrash $1 ip daddr {$RESERVED_IP} return #过滤保留地址
@@ -76,23 +76,23 @@ start_nft_route() { #nftables-route通用工具
[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ip.txt ] && {
CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
[ -n "$CN_IP" ] && {
nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
nft add element inet shellcrash cn_ip { $CN_IP }
nft add rule inet shellcrash $1 ip daddr @cn_ip return
}
}
nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
nft add element inet shellcrash cn_ip { $CN_IP }
nft add rule inet shellcrash $1 ip daddr @cn_ip return
}
}
#局域网ipv6支持
if [ "$ipv6_redir" = "ON" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
add_ip6_route "$1"
elif [ "$ipv6_redir" = "ON" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
HOST_IP6="::1, $(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')"
add_ip6_route "$1"
add_ip6_route "$1"
else
nft add rule inet shellcrash $1 meta nfproto ipv6 return
fi
#屏蔽quic
[ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
#屏蔽quic
[ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
#添加通用路由
nft add rule inet shellcrash "$1" "$JUMP"
#处理特殊路由
@@ -104,10 +104,10 @@ start_nft_route() { #nftables-route通用工具
#nft add rule inet shellcrash local_tproxy log prefix \"pre\" level debug
}
start_nft_dns() { #nftables-dns
[ "$1" = 'prerouting' ] && {
HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
}
[ "$1" = 'prerouting' ] && {
HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
}
[ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/[[:space:]]\+/, /g')"
[ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/[[:space:]]\+/, /g')"
nft add chain inet shellcrash "$1"_dns { type nat hook $2 priority -100 \; }
@@ -133,26 +133,26 @@ start_nft_dns() { #nftables-dns
nft add rule inet shellcrash "$1"_dns tcp dport 53 redirect to "$dns_redir_port"
}
start_nft_wan() { #nftables公网防火墙
HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
nft add chain inet shellcrash input { type filter hook input priority -100 \; }
nft add rule inet shellcrash input iif lo accept #本机请求全放行
#端口放行
[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
#端口放行
[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
[ -n "$accept_ports" ] && {
fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
nft add rule inet shellcrash input tcp dport $fw_wan_nfports meta mark set 0x67890 accept
nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
}
#端口拦截
reject_ports="{ $mix_port, $db_port }"
nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
nft add rule inet shellcrash input tcp dport $reject_ports reject
nft add rule inet shellcrash input udp dport $reject_ports reject
#fw4特殊处理
nft list chain inet fw4 input >/dev/null 2>&1 && \
fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
nft add rule inet shellcrash input tcp dport $fw_wan_nfports meta mark set 0x67890 accept
nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
}
#端口拦截
reject_ports="{ $mix_port, $db_port }"
nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
nft add rule inet shellcrash input tcp dport $reject_ports reject
nft add rule inet shellcrash input udp dport $reject_ports reject
#fw4特殊处理
nft list chain inet fw4 input >/dev/null 2>&1 && \
nft list chain inet fw4 input | grep -q '67890' || \
nft insert rule inet fw4 input meta mark 0x67890 accept 2>/dev/null
}

44
scripts/starts/fw_start.sh
View File

@@ -14,27 +14,27 @@
#设置策略路由
[ "$firewall_area" != 4 ] && {
[ "$redir_mod" = "Tproxy" ] && ip route add local default dev lo table $table 2>/dev/null
[ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && {
i=1
while [ -z "$(ip route list | grep utun)" -a "$i" -le 29 ]; do
sleep 1
i=$((i + 1))
done
if [ -z "$(ip route list | grep utun)" ]; then
logger "找不到tun模块放弃启动tun相关防火墙规则" 31
else
ip route add default dev utun table $table && tun_statu=true
fi
}
[ "$firewall_area" = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null
[ "$redir_mod" != "Redir" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
[ "$redir_mod" = "Tproxy" ] && ip route add local default dev lo table $table 2>/dev/null
[ "$redir_mod" = "Tun" -o "$redir_mod" = "Mix" ] && {
i=1
while [ -z "$(ip route list | grep utun)" -a "$i" -le 29 ]; do
sleep 1
i=$((i + 1))
done
if [ -z "$(ip route list | grep utun)" ]; then
logger "找不到tun模块放弃启动tun相关防火墙规则" 31
else
ip route add default dev utun table $table && tun_statu=true
fi
}
[ "$firewall_area" = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null
[ "$redir_mod" != "Redir" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
}
#添加ipv6路由
[ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && {
[ "$redir_mod" = "Tproxy" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
[ "$redir_mod" != "Redir" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null
[ "$redir_mod" = "Tproxy" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
[ "$redir_mod" != "Redir" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null
}
#判断代理用途
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && local_proxy=true
@@ -44,11 +44,11 @@
[ "$firewall_mod" = 'nftables' ] && . "$CRASHDIR"/starts/fw_nftables.sh && start_nftables
#修复部分虚拟机dns查询失败的问题
[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '127.0.0.1' /etc/resolv.conf 2>/dev/null)" ] && [ "$systype" != 'container' ] && {
line=$(grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}')
sed -i "$line i\nameserver 127.0.0.1 #shellcrash-dns-repair" /etc/resolv.conf >/dev/null 2>&1
line=$(grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}')
sed -i "$line i\nameserver 127.0.0.1 #shellcrash-dns-repair" /etc/resolv.conf >/dev/null 2>&1
}
#移除openwrt-dnsmasq的DNS重定向
[ "$(uci get dhcp.@dnsmasq[0].dns_redirect 2>/dev/null)" = 1 ] && {
uci del dhcp.@dnsmasq[0].dns_redirect
uci commit dhcp.@dnsmasq[0]
uci del dhcp.@dnsmasq[0].dns_redirect
uci commit dhcp.@dnsmasq[0]
}

202
scripts/starts/fw_stop.sh
View File

@@ -14,110 +14,110 @@
accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//")
#重置iptables相关规则
ckcmd iptables && {
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
#dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
#redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_out 2>/dev/null
#vm_dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
#vm_redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_vm 2>/dev/null
#TPROXY&tun
$iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
#公网访问
$iptable -D INPUT -i lo -j ACCEPT 2>/dev/null
for ip in $host_ipv4; do
$iptable -D INPUT -s $ip -j ACCEPT 2>/dev/null
done
$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
$iptable -t nat -F "$text" 2>/dev/null
$iptable -t nat -X "$text" 2>/dev/null
done
for text in shellcrash_mark shellcrash_mark_out; do
$iptable -t mangle -F "$text" 2>/dev/null
$iptable -t mangle -X "$text" 2>/dev/null
done
ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
#dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
$iptable -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
#redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_out 2>/dev/null
#vm_dns
$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
#vm_redir
$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_vm 2>/dev/null
#TPROXY&tun
$iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
#公网访问
$iptable -D INPUT -i lo -j ACCEPT 2>/dev/null
for ip in $host_ipv4; do
$iptable -D INPUT -s $ip -j ACCEPT 2>/dev/null
done
$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
$iptable -t nat -F "$text" 2>/dev/null
$iptable -t nat -X "$text" 2>/dev/null
done
for text in shellcrash_mark shellcrash_mark_out; do
$iptable -t mangle -F "$text" 2>/dev/null
$iptable -t mangle -X "$text" 2>/dev/null
done
}
#重置ipv6规则
ckcmd ip6tables && {
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
#dns
$ip6table -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
#redir
$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
#mark
$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问
$ip6table -D INPUT -i lo -j ACCEPT 2>/dev/null
for ip in $host_ipv6; do
$ip6table -D INPUT -s $ip -j ACCEPT 2>/dev/null
done
$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
$ip6table -t nat -F "$text" 2>/dev/null
$ip6table -t nat -X "$text" 2>/dev/null
done
for text in shellcrashv6_mark shellcrashv6_mark_out; do
$ip6table -t mangle -F "$text" 2>/dev/null
$ip6table -t mangle -X "$text" 2>/dev/null
done
$ip6table -t mangle -F shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -X shellcrashv6_mark 2>/dev/null
ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
#dns
$ip6table -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
#redir
$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
#mark
$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
#tun
$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
#屏蔽QUIC
[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
#公网访问
$ip6table -D INPUT -i lo -j ACCEPT 2>/dev/null
for ip in $host_ipv6; do
$ip6table -D INPUT -s $ip -j ACCEPT 2>/dev/null
done
$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
#清理shellcrash自建表
for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
$ip6table -t nat -F "$text" 2>/dev/null
$ip6table -t nat -X "$text" 2>/dev/null
done
for text in shellcrashv6_mark shellcrashv6_mark_out; do
$ip6table -t mangle -F "$text" 2>/dev/null
$ip6table -t mangle -X "$text" 2>/dev/null
done
$ip6table -t mangle -F shellcrashv6_mark 2>/dev/null
$ip6table -t mangle -X shellcrashv6_mark 2>/dev/null
}
#清理ipset规则
ipset destroy cn_ip >/dev/null 2>&1

22
scripts/starts/general_init.sh
View File

@@ -9,22 +9,22 @@ profile=/etc/profile
. "$CRASHDIR"/configs/ShellCrash.cfg
#padavan和华硕环境变量目录设置
if [ -d "/etc/storage/clash" -o -d "/etc/storage/ShellCrash" ]; then
i=1
while [ ! -w /etc/profile -a "$i" -lt 10 ]; do
sleep 3 && i=$((i + 1))
done
[ -w "$profile" ] || profile=/etc_ro/profile
[ "$zip_type" = 'upx' ] || mount -t tmpfs -o remount,rw,size=45M tmpfs /tmp #增加/tmp空间以适配新的内核压缩方式
sed -i '' "$profile" #将软链接转化为一般文件
i=1
while [ ! -w /etc/profile -a "$i" -lt 10 ]; do
sleep 3 && i=$((i + 1))
done
[ -w "$profile" ] || profile=/etc_ro/profile
[ "$zip_type" = 'upx' ] || mount -t tmpfs -o remount,rw,size=45M tmpfs /tmp #增加/tmp空间以适配新的内核压缩方式
sed -i '' "$profile" #将软链接转化为一般文件
elif [ -d "/jffs" ]; then
sleep 60
[ -w "$profile" ] || profile=$(cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}')
sleep 60
[ -w "$profile" ] || profile=$(cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}')
fi
#写入环境变量
set_profile "$profile"
#启动进程或删除守护进程
if [ -f "$CRASHDIR"/.dis_startup ] || [ -f "$CRASHDIR"/.start_error ];then
cronset "保守模式守护进程"
cronset "保守模式守护进程"
else
"$CRASHDIR"/start.sh start
"$CRASHDIR"/start.sh start
fi

4
scripts/starts/singbox_check.sh
View File

@@ -2,8 +2,8 @@
singbox_check() { #singbox启动前检查
#检测singboxr专属功能
[ "$crashcore" != "singboxr" ] && [ -n "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"shadowsocksr"|"providers"')" ] && {
. "$CRASHDIR"/starts/core_exchange.sh && core_exchange singboxr 'singboxr内核专属功能'
}
. "$CRASHDIR"/starts/core_exchange.sh && core_exchange singboxr 'singboxr内核专属功能'
}
check_core
#预下载cn.srs数据库
[ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -Eq '"tag" *:[[:space:]]*"cn"' "$CRASHDIR"/jsons/*.json && check_geo ruleset/cn.srs srs_geosite_cn.srs

66
scripts/starts/singbox_modify.sh
View File

@@ -39,7 +39,7 @@ parse_singbox_dns() { #dns转换
esac
fi
# 输出
echo '"type": "'"$type"'", "server": "'"$server"'", "server_port": '"$port"','
echo '"type": "'"$type"'", "server": "'"$server"'", "server_port": '"$port"','
}
modify_json() {
#提取配置文件以获得outbounds.json,providers.json及route.json
@@ -53,11 +53,11 @@ modify_json() {
}
cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\( "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
#生成endpoints.json
[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && [ "$zip_type" != upx ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/sb_endpoints.sh
}
#生成log.json
[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && [ "$zip_type" != upx ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/sb_endpoints.sh
}
#生成log.json
cat >"$TMPDIR"/jsons/log.json <<EOF
{ "log": { "level": "info", "timestamp": true } }
EOF
@@ -75,7 +75,7 @@ EOF
"path": [
$custom_hosts
"$HOME/.hosts",
"/etc/hosts"
"/etc/hosts"
],
"predefined": {
"localhost": [
@@ -86,28 +86,28 @@ EOF
"time.facebook.com": "203.107.6.88"
}
}
],
],
"rules": [
{
"ip_accept_any": true,
"server": "hosts"
}
]}
]}
}
EOF
fi
#生成dns.json
[ "$ipv6_dns" != "OFF" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
#获取detour出口
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "selector"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
[ -z "$auto_detour" ] && auto_detour='"DIRECT"'
#ecs优化
[ "$ecs_subnet" = ON ] && {
. "$CRASHDIR"/libs/get_ecsip.sh
client_subnet='"client_subnet": "'"$ecs_address"'",'
}
#ecs优化
[ "$ecs_subnet" = ON ] && {
. "$CRASHDIR"/libs/get_ecsip.sh
client_subnet='"client_subnet": "'"$ecs_address"'",'
}
#根据dns模式生成
[ "$dns_mod" = "redir_host" ] && {
global_dns=dns_proxy
@@ -133,7 +133,7 @@ EOF
[ "$dns_protect" = "OFF" ] && sed -i 's/"server": "dns_proxy"/"server": "dns_direct"/g' "$TMPDIR"/jsons/route.json
#生成add_rule_set.json
[ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -Eq '"tag" *:[[:space:]]*"cn"' "$CRASHDIR"/jsons/*.json && {
[ "$crashcore" = "singboxr" ] && srs_path='"path": "./ruleset/cn.srs",'
[ "$crashcore" = "singboxr" ] && srs_path='"path": "./ruleset/cn.srs",'
cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
{
"route": {
@@ -158,14 +158,14 @@ EOF
{
"tag": "dns_proxy",
$(parse_singbox_dns "$dns_fallback")
"routing_mark": $routing_mark,
"detour": $auto_detour,
"routing_mark": $routing_mark,
"detour": $auto_detour,
"domain_resolver": "dns_resolver"
},
{
"tag": "dns_direct",
$(parse_singbox_dns "$dns_nameserver")
"routing_mark": $routing_mark,
"routing_mark": $routing_mark,
"domain_resolver": "dns_resolver"
},
{
@@ -177,7 +177,7 @@ EOF
{
"tag": "dns_resolver",
$(parse_singbox_dns "$dns_resolver")
"routing_mark": $routing_mark
"routing_mark": $routing_mark
}
],
"rules": [
@@ -186,14 +186,14 @@ EOF
$fake_ip_filter_domain
$fake_ip_filter_suffix
$fake_ip_filter_regex
{ "clash_mode": "Global", "query_type": ["A", "AAAA"], "server": "$global_dns", "strategy": "$strategy", "rewrite_ttl": 1 },
{ "clash_mode": "Global", "query_type": ["A", "AAAA"], "server": "$global_dns", "strategy": "$strategy", "rewrite_ttl": 1 },
$direct_dns
$proxy_dns
$proxy_dns
],
"final": "dns_proxy",
"strategy": "$strategy",
"strategy": "$strategy",
"independent_cache": true,
$client_subnet
$client_subnet
"reverse_mapping": true
}
}
@@ -263,10 +263,10 @@ EOF
}
EOF
#inbounds.json添加自定义入站
[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/sb_inbounds.sh
}
[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
. "$CRASHDIR"/configs/gateway.cfg
. "$CRASHDIR"/libs/sb_inbounds.sh
}
if [ "$redir_mod" = "Mix" -o "$redir_mod" = "Tun" ]; then
[ "ipv6_redir" = 'ON' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
cat >>"$TMPDIR"/jsons/tun.json <<EOF
@@ -299,21 +299,21 @@ EOF
[ -n "$add_direct$add_reject$add_global" ] && cat >"$TMPDIR"/jsons/add_outbounds.json <<EOF
{
"outbounds": [
$add_direct
$add_reject
$add_global
$add_direct
$add_reject
$add_global
]
}
EOF
#生成experimental.json
[ "$crashcore" = "singboxr" ] && urltest_unified_delay=',"urltest_unified_delay": true'
[ "$crashcore" = "singboxr" ] && urltest_unified_delay=',"urltest_unified_delay": true'
cat >"$TMPDIR"/jsons/experimental.json <<EOF
{
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:$db_port",
"external_ui": "ui",
"external_ui_download_url": "$external_ui_url",
"external_ui_download_url": "$external_ui_url",
"secret": "$secret",
"default_mode": "Rule"
}$urltest_unified_delay

162
scripts/starts/snapshot_init.sh
View File

@@ -8,104 +8,104 @@ crontab -l | grep -v 'start_legacy_wd.sh shellcrash' | crontab -
#防止usb未加载
i=0
while [ ! -f "$CRASHDIR/configs/ShellCrash.cfg" ]; do
[ $i -gt 20 ] && exit 1
i=$((i + 1))
sleep 3
[ $i -gt 20 ] && exit 1
i=$((i + 1))
sleep 3
done
. "$CRASHDIR"/configs/ShellCrash.cfg
autoSSH(){
#自动开启SSH
#自动开启SSH
[ "`uci -c /usr/share/xiaoqiang get xiaoqiang_version.version.CHANNEL`" != 'stable' ] && {
uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable'
uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version
}
[ -z "$(pidof dropbear)" -o -z "$(netstat -ntul | grep :22)" ] && {
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
/etc/init.d/dropbear restart
[ -n "$mi_autoSSH_pwd" ] && echo -e "$mi_autoSSH_pwd\n$mi_autoSSH_pwd" | passwd root
}
#配置nvram
[ "$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1
[ "$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1
nvram commit &> /dev/null
#备份还原SSH秘钥
[ -f "$CRASHDIR"/configs/dropbear_rsa_host_key ] && ln -sf "$CRASHDIR"/configs/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
[ -f "$CRASHDIR"/configs/authorized_keys ] && ln -sf "$CRASHDIR"/configs/authorized_keys /etc/dropbear/authorized_keys
uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable'
uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version
}
[ -z "$(pidof dropbear)" -o -z "$(netstat -ntul | grep :22)" ] && {
sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
/etc/init.d/dropbear restart
[ -n "$mi_autoSSH_pwd" ] && echo -e "$mi_autoSSH_pwd\n$mi_autoSSH_pwd" | passwd root
}
#配置nvram
[ "$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1
[ "$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1
nvram commit &> /dev/null
#备份还原SSH秘钥
[ -f "$CRASHDIR"/configs/dropbear_rsa_host_key ] && ln -sf "$CRASHDIR"/configs/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
[ -f "$CRASHDIR"/configs/authorized_keys ] && ln -sf "$CRASHDIR"/configs/authorized_keys /etc/dropbear/authorized_keys
}
tunfix(){
ko_dir=$(modinfo ip_tables | grep -Eo '/lib/modules.*/ip_tables.ko' | sed 's|/ip_tables.ko||' )
#在/tmp创建并挂载overlay
mkdir -p /tmp/overlay
mkdir -p /tmp/overlay/upper
mkdir -p /tmp/overlay/work
mount -o noatime,lowerdir="$ko_dir",upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" "$ko_dir"
#将tun.ko链接到lib
ln -sf "$CRASHDIR"/tools/tun.ko "$ko_dir"/tun.ko
ko_dir=$(modinfo ip_tables | grep -Eo '/lib/modules.*/ip_tables.ko' | sed 's|/ip_tables.ko||' )
#在/tmp创建并挂载overlay
mkdir -p /tmp/overlay
mkdir -p /tmp/overlay/upper
mkdir -p /tmp/overlay/work
mount -o noatime,lowerdir="$ko_dir",upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" "$ko_dir"
#将tun.ko链接到lib
ln -sf "$CRASHDIR"/tools/tun.ko "$ko_dir"/tun.ko
}
tproxyfix(){
sed -i 's/sysctl -w net.bridge.bridge-nf-call-ip/#sysctl -w net.bridge.bridge-nf-call-ip/g' /etc/init.d/qca-nss-ecm
sysctl -w net.bridge.bridge-nf-call-iptables=0
sysctl -w net.bridge.bridge-nf-call-ip6tables=0
sed -i 's/sysctl -w net.bridge.bridge-nf-call-ip/#sysctl -w net.bridge.bridge-nf-call-ip/g' /etc/init.d/qca-nss-ecm
sysctl -w net.bridge.bridge-nf-call-iptables=0
sysctl -w net.bridge.bridge-nf-call-ip6tables=0
}
auto_clean(){
#自动清理升级备份文件夹
rm -rf /data/etc_bak
#自动清理被写入闪存的系统日志并禁止服务
/etc/init.d/stat_points stop 2>/dev/null
/etc/init.d/stat_points disable 2>/dev/null
sed -i '\#/logrotate#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
sed -i '\#/sec_cfg_bak#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
rm -rf /data/usr/log /data/usr/sec_cfg
#自动清理升级备份文件夹
rm -rf /data/etc_bak
#自动清理被写入闪存的系统日志并禁止服务
/etc/init.d/stat_points stop 2>/dev/null
/etc/init.d/stat_points disable 2>/dev/null
sed -i '\#/logrotate#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
sed -i '\#/sec_cfg_bak#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
rm -rf /data/usr/log /data/usr/sec_cfg
}
auto_start(){
#设置init.d服务
[ ! -x /etc/init.d/shellcrash ] && {
cp -f "$CRASHDIR"/starts/shellcrash.procd /etc/init.d/shellcrash
chmod 755 /etc/init.d/shellcrash
}
#初始化环境变量
grep -q '^export CRASHDIR=' '/etc/profile' || {
. "$CRASHDIR"/libs/set_profile.sh
set_profile '/etc/profile'
}
#启动服务
if [ ! -f "$CRASHDIR"/.dis_startup ] && [ ! -f "$CRASHDIR"/.start_error ]; then
#AX6S/AX6000修复tun功能
[ -s "$CRASHDIR"/tools/tun.ko ] && tunfix
#小米7000/小米万兆修复tproxy
[ -f /etc/init.d/qca-nss-ecm ] && echo "$redir_mod" | grep -q 'Tproxy' && tproxyfix
#自动覆盖根证书文件
[ -s "$CRASHDIR"/tools/ca-certificates.crt ] && cp -f "$CRASHDIR"/tools/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
#启动服务
"$CRASHDIR"/start.sh stop
/etc/init.d/shellcrash start && /etc/init.d/shellcrash enable
fi
#设置init.d服务
[ ! -x /etc/init.d/shellcrash ] && {
cp -f "$CRASHDIR"/starts/shellcrash.procd /etc/init.d/shellcrash
chmod 755 /etc/init.d/shellcrash
}
#初始化环境变量
grep -q '^export CRASHDIR=' '/etc/profile' || {
. "$CRASHDIR"/libs/set_profile.sh
set_profile '/etc/profile'
}
#启动服务
if [ ! -f "$CRASHDIR"/.dis_startup ] && [ ! -f "$CRASHDIR"/.start_error ]; then
#AX6S/AX6000修复tun功能
[ -s "$CRASHDIR"/tools/tun.ko ] && tunfix
#小米7000/小米万兆修复tproxy
[ -f /etc/init.d/qca-nss-ecm ] && echo "$redir_mod" | grep -q 'Tproxy' && tproxyfix
#自动覆盖根证书文件
[ -s "$CRASHDIR"/tools/ca-certificates.crt ] && cp -f "$CRASHDIR"/tools/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
#启动服务
"$CRASHDIR"/start.sh stop
/etc/init.d/shellcrash start && /etc/init.d/shellcrash enable
fi
}
init(){
#等待启动完成
while ! ip a| grep -q lan; do
sleep 10
done
autoSSH #软固化功能
auto_clean #自动清理
auto_start
#启动自定义服务
[ -s /data/auto_start.sh ] && /bin/sh /data/auto_start.sh &
#兼容auto_ssh脚本
[ -s /data/auto_ssh/auto_ssh.sh ] && /bin/sh /data/auto_ssh/auto_ssh.sh &
#等待启动完成
while ! ip a| grep -q lan; do
sleep 10
done
autoSSH #软固化功能
auto_clean #自动清理
auto_start
#启动自定义服务
[ -s /data/auto_start.sh ] && /bin/sh /data/auto_start.sh &
#兼容auto_ssh脚本
[ -s /data/auto_ssh/auto_ssh.sh ] && /bin/sh /data/auto_ssh/auto_ssh.sh &
}
case "$1" in
tunfix) tunfix ;;
tproxyfix) tproxyfix ;;
auto_clean) auto_clean ;;
init) init ;;
*)
if [ -z "$(pidof CrashCore)" ];then
init &
fi
;;
tunfix) tunfix ;;
tproxyfix) tproxyfix ;;
auto_clean) auto_clean ;;
init) init ;;
*)
if [ -z "$(pidof CrashCore)" ];then
init &
fi
;;
esac

10
scripts/starts/start_error.sh
View File

@@ -1,11 +1,11 @@
if [ "$start_old" != "ON" ] && ckcmd journalctl; then
journalctl -u shellcrash >"$TMPDIR"/core_test.log
journalctl -u shellcrash >"$TMPDIR"/core_test.log
else
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1
${COMMAND} >"$TMPDIR"/core_test.log 2>&1 &
sleep 2
kill $! >/dev/null 2>&1
PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1
${COMMAND} >"$TMPDIR"/core_test.log 2>&1 &
sleep 2
kill $! >/dev/null 2>&1
fi
touch "$CRASHDIR"/.start_error #标记启动失败,防止自启
error=$(cat "$TMPDIR"/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')

16
scripts/starts/start_legacy.sh
View File

@@ -2,14 +2,14 @@
. "$CRASHDIR"/libs/check_cmd.sh
start_legacy(){
ckcmd nohup && _nohup=nohup
if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd;then
su shellcrash -c "$_nohup $1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid"
elif ckcmd setsid; then
ckcmd nohup && _nohup=nohup
if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd;then
su shellcrash -c "$_nohup $1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid"
elif ckcmd setsid; then
$_nohup setsid $1 >/dev/null 2>&1 &
echo $! > "/tmp/ShellCrash/$2.pid"
else
$_nohup $1 >/dev/null 2>&1 &
echo $! > "/tmp/ShellCrash/$2.pid"
fi
else
$_nohup $1 >/dev/null 2>&1 &
echo $! > "/tmp/ShellCrash/$2.pid"
fi
}

26
scripts/starts/start_legacy_wd.sh
View File

@@ -7,24 +7,24 @@ LOCKDIR="/tmp/ShellCrash/start_$1.lock"
mkdir "$LOCKDIR" 2>/dev/null || exit 1
if [ -f "$PIDFILE" ]; then
PID="$(cat "$PIDFILE")"
if [ -n "$PID" ] && [ "$PID" -eq "$PID" ] 2>/dev/null; then
if kill -0 "$PID" 2>/dev/null || [ -d "/proc/$PID" ]; then
rm -fr "$LOCKDIR" 2>/dev/null
exit 0
fi
else
rm -f "$PIDFILE"
fi
PID="$(cat "$PIDFILE")"
if [ -n "$PID" ] && [ "$PID" -eq "$PID" ] 2>/dev/null; then
if kill -0 "$PID" 2>/dev/null || [ -d "/proc/$PID" ]; then
rm -fr "$LOCKDIR" 2>/dev/null
exit 0
fi
else
rm -f "$PIDFILE"
fi
fi
#如果没有进程则拉起
if [ "$1" = "shellcrash" ]; then
"$CRASHDIR"/start.sh start
"$CRASHDIR"/start.sh start
else
[ -f "$CRASHDIR/starts/start_legacy.sh" ] && . "$CRASHDIR/starts/start_legacy.sh"
killall bot_tg.sh 2>/dev/null
start_legacy "$CRASHDIR/menus/bot_tg.sh" "$1"
[ -f "$CRASHDIR/starts/start_legacy.sh" ] && . "$CRASHDIR/starts/start_legacy.sh"
killall bot_tg.sh 2>/dev/null
start_legacy "$CRASHDIR/menus/bot_tg.sh" "$1"
fi
rm -fr "$LOCKDIR" 2>/dev/null