透明代理的旁路由虚拟网关
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

356 lines
8.9 KiB

XRAY_DIR="/etc/xray"
LOG_DIR="$XRAY_DIR/expose/log"
ASSET_DIR="$XRAY_DIR/expose/asset"
CONFIG_DIR="$XRAY_DIR/expose/config"
NETWORK_DIR="$XRAY_DIR/expose/network"
load_xray_log() {
if [ -f "$LOG_DIR/level" ]; then
log_level=$(cat $LOG_DIR/level)
else
log_level="warning"
fi
legal=false
[ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning"
if [ "$log_level" != "none" ]; then
[ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
[ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
fi
cat > $XRAY_DIR/config/log.json << EOF
{
"log": {
"loglevel": "$log_level",
"access": "$LOG_DIR/access.log",
"error": "$LOG_DIR/error.log"
}
}
EOF
}
load_xray_inbounds() {
cat > $XRAY_DIR/config/inbounds.json << EOF
{
"inbounds": [
{
"tag": "tproxy",
"port": 7288,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "tproxy6",
"port": 7289,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "socks",
"port": 1080,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"tag": "http",
"port": 1081,
"protocol": "http",
"settings": {
"allowTransparent": false
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
]
}
EOF
}
load_xray_dns() {
cat > $CONFIG_DIR/dns.json << EOF
{
"dns": {
"servers": [
"localhost"
]
}
}
EOF
}
load_xray_outbounds() {
cat > $CONFIG_DIR/outbounds.json << EOF
{
"outbounds": [
{
"tag": "node",
"protocol": "freedom",
"settings": {}
}
]
}
EOF
}
load_xray_routing() {
cat > $CONFIG_DIR/routing.json << EOF
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
3 years ago
"network": "tcp,udp",
"outboundTag": "node"
}
]
}
}
EOF
}
load_update_script() {
cat > $ASSET_DIR/update.sh << "EOF"
VERSION=$(curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
mkdir temp/ && cd temp/
wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geoip.dat"
wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geosite.dat"
[ -s "geoip.dat" ] && mv -f geoip.dat ../
[ -s "geosite.dat" ] && mv -f geosite.dat ../
cd ../ && rm -rf temp/
EOF
chmod +x $ASSET_DIR/update.sh
}
load_radvd_conf() {
cat > $NETWORK_DIR/radvd/config << EOF
AdvSendAdvert=on
AdvManagedFlag=off
AdvOtherConfigFlag=off
MinRtrAdvInterval=10
MaxRtrAdvInterval=30
MinDelayBetweenRAs=3
AdvOnLink=on
AdvAutonomous=on
AdvRouterAddr=off
AdvValidLifetime=600
AdvPreferredLifetime=100
EOF
}
load_bypass_ipv4() {
cat > $NETWORK_DIR/bypass/ipv4 << EOF
169.254.0.0/16
224.0.0.0/3
EOF
}
load_bypass_ipv6() {
cat > $NETWORK_DIR/bypass/ipv6 << EOF
fc00::/7
fe80::/10
ff00::/8
EOF
}
load_network_ipv4() {
cat > $NETWORK_DIR/interface/ipv4 << EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
load_network_ipv6() {
cat > $NETWORK_DIR/interface/ipv6 << EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
init_dns() {
cat /dev/null > /etc/resolv.conf
while read -r row
do
echo "nameserver $row" >> /etc/resolv.conf
done < $NETWORK_DIR/dns
}
init_network() {
ifconfig eth0 down
ip -4 addr flush dev eth0
ip -6 addr flush dev eth0
ifconfig eth0 up
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv4_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv4_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv4_forward=$temp
done < $NETWORK_DIR/interface/ipv4
[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
if [ -n "$ipv4_forward" ]; then
if [ "$ipv4_forward" = "true" ]; then
eval "sysctl -w net.ipv4.ip_forward=1"
else
eval "sysctl -w net.ipv4.ip_forward=0"
fi
fi
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv6_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv6_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv6_forward=$temp
done < $NETWORK_DIR/interface/ipv6
[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
if [ -n "$ipv6_forward" ]; then
if [ "$ipv6_forward" = "true" ]; then
eval "sysctl -w net.ipv6.conf.all.forwarding=1"
else
eval "sysctl -w net.ipv6.conf.all.forwarding=0"
fi
fi
}
init_radvd() {
while read -r row
do
temp=${row#AdvSendAdvert=}
[ "$row" != "$temp" ] && AdvSendAdvert=$temp
temp=${row#AdvManagedFlag=}
[ "$row" != "$temp" ] && AdvManagedFlag=$temp
temp=${row#AdvOtherConfigFlag=}
[ "$row" != "$temp" ] && AdvOtherConfigFlag=$temp
temp=${row#MinRtrAdvInterval=}
[ "$row" != "$temp" ] && MinRtrAdvInterval=$temp
temp=${row#MaxRtrAdvInterval=}
[ "$row" != "$temp" ] && MaxRtrAdvInterval=$temp
temp=${row#MinDelayBetweenRAs=}
[ "$row" != "$temp" ] && MinDelayBetweenRAs=$temp
temp=${row#AdvOnLink=}
[ "$row" != "$temp" ] && AdvOnLink=$temp
temp=${row#AdvAutonomous=}
[ "$row" != "$temp" ] && AdvAutonomous=$temp
temp=${row#AdvRouterAddr=}
[ "$row" != "$temp" ] && AdvRouterAddr=$temp
temp=${row#AdvValidLifetime=}
[ "$row" != "$temp" ] && AdvValidLifetime=$temp
temp=${row#AdvPreferredLifetime=}
[ "$row" != "$temp" ] && AdvPreferredLifetime=$temp
done < $NETWORK_DIR/radvd/config
RADVD_CONF="/etc/radvd.conf"
echo "interface eth0 {" > $RADVD_CONF
[ -n "$AdvSendAdvert" ] && echo " AdvSendAdvert $AdvSendAdvert;" >> $RADVD_CONF
[ -n "$AdvManagedFlag" ] && echo " AdvManagedFlag $AdvManagedFlag;" >> $RADVD_CONF
[ -n "$AdvOtherConfigFlag" ] && echo " AdvOtherConfigFlag $AdvOtherConfigFlag;" >> $RADVD_CONF
[ -n "$MinRtrAdvInterval" ] && echo " MinRtrAdvInterval $MinRtrAdvInterval;" >> $RADVD_CONF
[ -n "$MaxRtrAdvInterval" ] && echo " MaxRtrAdvInterval $MaxRtrAdvInterval;" >> $RADVD_CONF
[ -n "$MinDelayBetweenRAs" ] && echo " MinDelayBetweenRAs $MinDelayBetweenRAs;" >> $RADVD_CONF
if [ -n "$ipv6_address" ]; then
echo " prefix $ipv6_address {" >> $RADVD_CONF
[ -n "$AdvOnLink" ] && echo " AdvOnLink $AdvOnLink;" >> $RADVD_CONF
[ -n "$AdvAutonomous" ] && echo " AdvAutonomous $AdvAutonomous;" >> $RADVD_CONF
[ -n "$AdvRouterAddr" ] && echo " AdvRouterAddr $AdvRouterAddr;" >> $RADVD_CONF
[ -n "$AdvValidLifetime" ] && echo " AdvValidLifetime $AdvValidLifetime;" >> $RADVD_CONF
[ -n "$AdvPreferredLifetime" ] && echo " AdvPreferredLifetime $AdvPreferredLifetime;" >> $RADVD_CONF
echo " };" >> $RADVD_CONF
fi
echo "};" >> $RADVD_CONF
radvd -C $RADVD_CONF
}
mkdir -p $LOG_DIR
mkdir -p $ASSET_DIR
mkdir -p $CONFIG_DIR
mkdir -p $NETWORK_DIR
mkdir -p $XRAY_DIR/config
load_xray_log
load_xray_inbounds
[ ! -s "$CONFIG_DIR/outbounds.json" ] && load_xray_outbounds
[ ! -s "$CONFIG_DIR/routing.json" ] && load_xray_routing
[ ! -s "$CONFIG_DIR/dns.json" ] && load_xray_dns
cp $CONFIG_DIR/*.json $XRAY_DIR/config/
tar -C $XRAY_DIR -xf $XRAY_DIR/asset.tar.gz
[ ! -s "$ASSET_DIR/geoip.dat" ] && cp $XRAY_DIR/asset/geoip.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/geosite.dat" ] && cp $XRAY_DIR/asset/geosite.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/update.sh" ] && load_update_script
cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
mkdir -p $NETWORK_DIR/radvd
mkdir -p $NETWORK_DIR/bypass
mkdir -p $NETWORK_DIR/interface
[ -s "$NETWORK_DIR/dns" ] && init_dns
[ ! -f "$NETWORK_DIR/bypass/ipv4" ] && load_bypass_ipv4
[ ! -f "$NETWORK_DIR/bypass/ipv6" ] && load_bypass_ipv6
if [ ! -f "$NETWORK_DIR/interface/ignore" ]; then
[ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4
[ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6
init_network
fi
if [ ! -f "$NETWORK_DIR/radvd/ignore" ]; then
[ ! -s "$NETWORK_DIR/radvd/config" ] && load_radvd_conf
init_radvd
fi