透明代理的旁路由虚拟网关
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

354 lines
8.6 KiB

XRAY_DIR="/etc/xray"
LOG_DIR="$XRAY_DIR/expose/log"
ASSET_DIR="$XRAY_DIR/expose/asset"
CONFIG_DIR="$XRAY_DIR/expose/config"
NETWORK_DIR="$XRAY_DIR/expose/network"
load_log(){
log_level=`cat $LOG_DIR/level`
legal=false
[ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning"
if [ "$log_level" != "none" ]; then
[ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
[ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
fi
cat>$XRAY_DIR/config/log.json<<EOF
{
"log": {
"loglevel": "$log_level",
"access": "$LOG_DIR/access.log",
"error": "$LOG_DIR/error.log"
}
}
EOF
}
load_inbounds(){
cat>$XRAY_DIR/config/inbounds.json<<EOF
{
"inbounds": [
{
"tag": "tproxy",
"port": 7288,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "tproxy6",
"port": 7289,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "socks",
"port": 1080,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "http",
"port": 1081,
"protocol": "http",
"settings": {
"allowTransparent": false
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
]
}
EOF
}
load_dns(){
cat>$CONFIG_DIR/dns.json<<EOF
{
"dns": {
"servers": [
"localhost"
]
}
}
EOF
}
load_outbounds(){
cat>$CONFIG_DIR/outbounds.json<<EOF
{
"outbounds": [
{
"tag": "node",
"protocol": "freedom",
"settings": {}
}
]
}
EOF
}
load_routing(){
cat>$CONFIG_DIR/routing.json<<EOF
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
3 years ago
"network": "tcp,udp",
"outboundTag": "node"
}
]
}
}
EOF
}
load_asset_update(){
cat>$ASSET_DIR/update.sh<<"EOF"
GITHUB="github.com"
ASSET_REPO="Loyalsoldier/v2ray-rules-dat"
VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
mkdir -p ./temp/
wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat"
file_size=`du ./temp/geoip.dat | awk '{print $1}'`
[ $file_size != "0" ] && mv -f ./temp/geoip.dat ./
wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat"
file_size=`du ./temp/geosite.dat | awk '{print $1}'`
[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./
rm -rf ./temp/
EOF
chmod +x $ASSET_DIR/update.sh
}
load_bypass_ipv4(){
cat>"$NETWORK_DIR/bypass/ipv4"<<EOF
169.254.0.0/16
224.0.0.0/3
EOF
}
load_bypass_ipv6(){
cat>"$NETWORK_DIR/bypass/ipv6"<<EOF
fc00::/7
fe80::/10
ff00::/8
EOF
}
load_network_ipv4(){
cat>"$NETWORK_DIR/interface/ipv4"<<EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
load_network_ipv6(){
cat>"$NETWORK_DIR/interface/ipv6"<<EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
init_dns(){
cat /dev/null > /etc/resolv.conf
while read -r row
do
echo "nameserver $row" >> /etc/resolv.conf
done < $NETWORK_DIR/dns
}
init_network(){
ifconfig eth0 down
ip -4 addr flush dev eth0
ip -6 addr flush dev eth0
ifconfig eth0 up
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv4_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv4_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv4_forward=$temp
done < $NETWORK_DIR/interface/ipv4
[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
if [ -n "$ipv4_forward" ]; then
if [ "$ipv4_forward" = "true" ]; then
eval "sysctl -w net.ipv4.ip_forward=1"
else
eval "sysctl -w net.ipv4.ip_forward=0"
fi
fi
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv6_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv6_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv6_forward=$temp
done < $NETWORK_DIR/interface/ipv6
[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
if [ -n "$ipv6_forward" ]; then
if [ "$ipv6_forward" = "true" ]; then
eval "sysctl -w net.ipv6.conf.all.forwarding=1"
else
eval "sysctl -w net.ipv6.conf.all.forwarding=0"
fi
fi
}
load_radvd_conf(){
cat>$NETWORK_DIR/radvd/config<<EOF
AdvSendAdvert=on
AdvManagedFlag=off
AdvOtherConfigFlag=off
MinRtrAdvInterval=10
MaxRtrAdvInterval=30
MinDelayBetweenRAs=3
AdvOnLink=on
AdvAutonomous=on
AdvRouterAddr=off
AdvValidLifetime=600
AdvPreferredLifetime=100
EOF
}
init_radvd(){
while read -r row
do
temp=${row#AdvSendAdvert=}
[ "$row" != "$temp" ] && AdvSendAdvert=$temp
temp=${row#AdvManagedFlag=}
[ "$row" != "$temp" ] && AdvManagedFlag=$temp
temp=${row#AdvOtherConfigFlag=}
[ "$row" != "$temp" ] && AdvOtherConfigFlag=$temp
temp=${row#MinRtrAdvInterval=}
[ "$row" != "$temp" ] && MinRtrAdvInterval=$temp
temp=${row#MaxRtrAdvInterval=}
[ "$row" != "$temp" ] && MaxRtrAdvInterval=$temp
temp=${row#MinDelayBetweenRAs=}
[ "$row" != "$temp" ] && MinDelayBetweenRAs=$temp
temp=${row#AdvOnLink=}
[ "$row" != "$temp" ] && AdvOnLink=$temp
temp=${row#AdvAutonomous=}
[ "$row" != "$temp" ] && AdvAutonomous=$temp
temp=${row#AdvRouterAddr=}
[ "$row" != "$temp" ] && AdvRouterAddr=$temp
temp=${row#AdvValidLifetime=}
[ "$row" != "$temp" ] && AdvValidLifetime=$temp
temp=${row#AdvPreferredLifetime=}
[ "$row" != "$temp" ] && AdvPreferredLifetime=$temp
done < $NETWORK_DIR/radvd/config
RADVD_CONF="/etc/radvd.conf"
echo "interface eth0 {" > $RADVD_CONF
[ -n "$AdvSendAdvert" ] && echo " AdvSendAdvert $AdvSendAdvert;" >> $RADVD_CONF
[ -n "$AdvManagedFlag" ] && echo " AdvManagedFlag $AdvManagedFlag;" >> $RADVD_CONF
[ -n "$AdvOtherConfigFlag" ] && echo " AdvOtherConfigFlag $AdvOtherConfigFlag;" >> $RADVD_CONF
[ -n "$MinRtrAdvInterval" ] && echo " MinRtrAdvInterval $MinRtrAdvInterval;" >> $RADVD_CONF
[ -n "$MaxRtrAdvInterval" ] && echo " MaxRtrAdvInterval $MaxRtrAdvInterval;" >> $RADVD_CONF
[ -n "$MinDelayBetweenRAs" ] && echo " MinDelayBetweenRAs $MinDelayBetweenRAs;" >> $RADVD_CONF
if [ -n "$ipv6_address" ]; then
echo " prefix $ipv6_address {" >> $RADVD_CONF
[ -n "$AdvOnLink" ] && echo " AdvOnLink $AdvOnLink;" >> $RADVD_CONF
[ -n "$AdvAutonomous" ] && echo " AdvAutonomous $AdvAutonomous;" >> $RADVD_CONF
[ -n "$AdvRouterAddr" ] && echo " AdvRouterAddr $AdvRouterAddr;" >> $RADVD_CONF
[ -n "$AdvValidLifetime" ] && echo " AdvValidLifetime $AdvValidLifetime;" >> $RADVD_CONF
[ -n "$AdvPreferredLifetime" ] && echo " AdvPreferredLifetime $AdvPreferredLifetime;" >> $RADVD_CONF
echo " };" >> $RADVD_CONF
fi
echo "};" >> $RADVD_CONF
radvd -C $RADVD_CONF
}
mkdir -p $LOG_DIR
mkdir -p $ASSET_DIR
mkdir -p $CONFIG_DIR
mkdir -p $NETWORK_DIR
load_log
load_inbounds
[ ! -s "$CONFIG_DIR/outbounds.json" ] && load_outbounds
[ ! -s "$CONFIG_DIR/routing.json" ] && load_routing
[ ! -s "$CONFIG_DIR/dns.json" ] && load_dns
cp $CONFIG_DIR/*.json $XRAY_DIR/config/
[ ! -s "$ASSET_DIR/geoip.dat" ] && cp $XRAY_DIR/asset/geoip.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/geosite.dat" ] && cp $XRAY_DIR/asset/geosite.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/update.sh" ] && load_asset_update
cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
mkdir -p $NETWORK_DIR/radvd
mkdir -p $NETWORK_DIR/bypass
mkdir -p $NETWORK_DIR/interface
[ -s "$NETWORK_DIR/dns" ] && init_dns
[ ! -f "$NETWORK_DIR/bypass/ipv4" ] && load_bypass_ipv4
[ ! -f "$NETWORK_DIR/bypass/ipv6" ] && load_bypass_ipv6
if [ ! -f "$NETWORK_DIR/interface/ignore" ]; then
[ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4
[ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6
init_network
fi
if [ ! -f "$NETWORK_DIR/radvd/ignore" ]; then
[ ! -s "$NETWORK_DIR/radvd/config" ] && load_radvd_conf
init_radvd
fi