From 84302e33c3820205419a493c24f4b45c97f9bb09 Mon Sep 17 00:00:00 2001 From: dnomd343 Date: Sat, 12 Mar 2022 00:33:30 +0800 Subject: [PATCH] refactor: working script --- .gitignore | 1 + Dockerfile | 6 ++-- load.sh | 80 ++++++++++++++++++++++++++---------------------------- tproxy.sh | 38 +++++++++++++++----------- 4 files changed, 64 insertions(+), 61 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57f1cb2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.idea/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 93c98cd..f2553f0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,8 +8,8 @@ COPY ["./load.sh", "./tproxy.sh", "/etc/xray/"] COPY --from=asset /tmp/asset/ /etc/xray/asset/ COPY --from=asset /tmp/xray/xray /usr/bin/ ENV XRAY_LOCATION_ASSET=/etc/xray/asset -RUN apk --update add --no-cache iptables ip6tables radvd && \ +RUN apk add --no-cache iptables ip6tables radvd && \ mkdir -p /etc/xray/config && \ mkdir -p /run/radvd/ && \ - mv /etc/xray/tproxy.sh / -CMD ["sh","/tproxy.sh"] + mv /etc/xray/tproxy.sh /tproxy +ENTRYPOINT ["sh","tproxy"] diff --git a/load.sh b/load.sh index d02f4c7..c0b6a0d 100755 --- a/load.sh +++ b/load.sh @@ -4,8 +4,8 @@ ASSET_DIR="$XRAY_DIR/expose/asset" CONFIG_DIR="$XRAY_DIR/expose/config" NETWORK_DIR="$XRAY_DIR/expose/network" -load_log(){ -log_level=`cat $LOG_DIR/level` +load_xray_log(){ +log_level=$(cat $LOG_DIR/level) legal=false [ "$log_level" == "debug" ] && legal=true [ "$log_level" == "info" ] && legal=true @@ -28,7 +28,7 @@ cat>$XRAY_DIR/config/log.json<$XRAY_DIR/config/inbounds.json<$XRAY_DIR/config/inbounds.json<$CONFIG_DIR/dns.json<$CONFIG_DIR/dns.json<$CONFIG_DIR/outbounds.json<$CONFIG_DIR/outbounds.json<$CONFIG_DIR/routing.json<$CONFIG_DIR/routing.json<$ASSET_DIR/update.sh<<"EOF" -GITHUB="github.com" -ASSET_REPO="Loyalsoldier/v2ray-rules-dat" -VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); -mkdir -p ./temp/ -wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat" -file_size=`du ./temp/geoip.dat | awk '{print $1}'` -[ $file_size != "0" ] && mv -f ./temp/geoip.dat ./ -wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat" -file_size=`du ./temp/geosite.dat | awk '{print $1}'` -[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./ -rm -rf ./temp/ +VERSION=$(curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') +mkdir temp/ && cd temp/ +wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geoip.dat" +wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geosite.dat" +[ -s "geoip.dat" ] && mv -f geoip.dat ../ +[ -s "geosite.dat" ] && mv -f geosite.dat ../ +cd ../ && rm -rf temp/ EOF chmod +x $ASSET_DIR/update.sh } +load_radvd_conf(){ +cat>$NETWORK_DIR/radvd/config<"$NETWORK_DIR/bypass/ipv4"<$NETWORK_DIR/radvd/config< /ipv4_range -while read -r segment + +for cidr in $(ip -4 addr | grep -w "inet" | awk '{print $2}') # bypass local ipv4 range do - eval "iptables -t mangle -A XRAY -d $segment -j RETURN" -done < /ipv4_range -rm -f /ipv4_range -while read -r segment + eval "iptables -t mangle -A XRAY -d $cidr -j RETURN" +done + +while read -r cidr # bypass custom ipv4 range do - eval "iptables -t mangle -A XRAY -d $segment -j RETURN" + eval "iptables -t mangle -A XRAY -d $cidr -j RETURN" done < /etc/xray/expose/network/bypass/ipv4 + iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 iptables -t mangle -A PREROUTING -j XRAY +# IPv6 tproxy settings ip -6 rule add fwmark 1 table 106 ip -6 route add local ::/0 dev lo table 106 ip6tables -t mangle -N XRAY6 -ip -6 addr | grep -w "inet6" | awk '{print $2}' > /ipv6_range -while read -r segment + +for cidr in $(ip -6 addr | grep -w "inet6" | awk '{print $2}') # bypass local ipv6 range do - eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" -done < /ipv6_range -rm -f /ipv6_range -while read -r segment + eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN" +done + +while read -r cidr # bypass custom ipv6 range do - eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" + eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN" done < /etc/xray/expose/network/bypass/ipv6 + ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1 ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1 ip6tables -t mangle -A PREROUTING -j XRAY6 -xray -confdir /etc/xray/config/ +sh /etc/xray/load.sh +xray -confdir /etc/xray/config/ # start xray server