dnomd343
/
TProxy
mirror of https://github.com/dnomd343/TProxy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'dev'

master
dnomd343 3 years ago
parent
8c9816b8e4 e5448123ec
commit
8d6d60ef00
4 changed files with 189 additions and 87 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Dockerfile
  2. 2
      asset.sh
  3. 242
      load.sh
  4. 26
      tproxy.sh

6
Dockerfile
View File

@ -1,6 +1,6 @@
FROM alpine as asset
COPY ./asset.sh /
RUN apk --update add --no-cache curl wget && \
RUN apk --update add --no-cache curl wget jq && \
sh /asset.sh
FROM alpine
@ -9,8 +9,6 @@ COPY --from=asset /tmp/asset/ /etc/xray/asset/
COPY --from=asset /tmp/xray/xray /usr/bin/
ENV XRAY_LOCATION_ASSET=/etc/xray/asset
RUN apk --update add --no-cache iptables ip6tables && \
mkdir -p /etc/xray/conf && \
mkdir -p /etc/xray/expose/log && \
mkdir -p /etc/xray/expose/segment && \
mkdir -p /etc/xray/config && \
mv /etc/xray/tproxy.sh /
CMD ["sh","/tproxy.sh"]

2
asset.sh
View File

@ -1,5 +1,5 @@
get_github_latest_version() {
VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | jq | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
}
get_architecture() {

242
load.sh
View File

@ -1,20 +1,62 @@
XRAY_DIR="/etc/xray"
LOG_DIR="$XRAY_DIR/expose/log"
ASSET_DIR="$XRAY_DIR/expose/asset"
CONFIG_DIR="$XRAY_DIR/expose/config"
NETWORK_DIR="$XRAY_DIR/expose/network"
load_log(){
log_level=`cat $LOG_DIR/level`
legal=false
[ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning"
if [ "$log_level" != "none" ]; then
[ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
[ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
fi
cat>$XRAY_DIR/config/log.json<<EOF
{
"log": {
"loglevel": "$log_level",
"access": "$LOG_DIR/access.log",
"error": "$LOG_DIR/error.log"
}
}
EOF
}
load_inbounds(){
cat>$XRAY_DIR/conf/inbounds.json<<EOF
cat>$XRAY_DIR/config/inbounds.json<<EOF
{
"inbounds": [
{
"tag": "tproxy",
"port": 7288,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
}
},
{
"tag": "tproxy6",
"port": 7289,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
@ -61,54 +103,32 @@ cat>$XRAY_DIR/conf/inbounds.json<<EOF
"tls"
]
}
},
{
"tag": "proxy",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
]
}
EOF
}
load_log(){
log_level=`cat $LOG_DIR/level`
legal=false
[ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning"
cat>$XRAY_DIR/conf/log.json<<EOF
load_dns(){
cat>$CONFIG_DIR/dns.json<<EOF
{
"log": {
"loglevel": "$log_level",
"access": "$LOG_DIR/access.log",
"error": "$LOG_DIR/error.log"
"dns": {
"servers": [
"localhost"
]
}
}
EOF
}
load_outbounds(){
cat>$XRAY_DIR/expose/outbounds.json<<EOF
cat>$CONFIG_DIR/outbounds.json<<EOF
{
"outbounds": [
{
"tag": "node",
"protocol": "freedom"
"protocol": "freedom",
"settings": {}
}
]
}
@ -116,18 +136,11 @@ EOF
}
load_routing(){
cat>$XRAY_DIR/expose/routing.json<<EOF
cat>$CONFIG_DIR/routing.json<<EOF
{
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"proxy"
],
"outboundTag": "node"
},
{
"type": "field",
"network": "tcp,udp",
@ -139,49 +152,128 @@ cat>$XRAY_DIR/expose/routing.json<<EOF
EOF
}
load_dns(){
cat>$XRAY_DIR/expose/dns.json<<EOF
{
"dns": {
"servers": [
"223.5.5.5",
"119.29.29.29"
]
}
}
load_asset_update(){
cat>$ASSET_DIR/update.sh<<"EOF"
GITHUB="github.com"
ASSET_REPO="Loyalsoldier/v2ray-rules-dat"
VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
mkdir -p ./temp/
wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat"
file_size=`du ./temp/geoip.dat | awk '{print $1}'`
[ $file_size != "0" ] && mv -f ./temp/geoip.dat ./
wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat"
file_size=`du ./temp/geosite.dat | awk '{print $1}'`
[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./
rm -rf ./temp/
EOF
chmod +x $ASSET_DIR/update.sh
}
load_ipv4(){
cat>$XRAY_DIR/expose/segment/ipv4<<EOF
127.0.0.0/8
load_bypass_ipv4(){
cat>"$NETWORK_DIR/bypass/ipv4"<<EOF
169.254.0.0/16
224.0.0.0/3
EOF
}
load_ipv6(){
cat>$XRAY_DIR/expose/segment/ipv6<<EOF
::1/128
FC00::/7
FE80::/10
FF00::/8
load_bypass_ipv6(){
cat>"$NETWORK_DIR/bypass/ipv6"<<EOF
fc00::/7
fe80::/10
ff00::/8
EOF
}
load_network_ipv4(){
cat>"$NETWORK_DIR/interface/ipv4"<<EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
load_network_ipv6(){
cat>"$NETWORK_DIR/interface/ipv6"<<EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
mkdir -p $XRAY_DIR/conf
mkdir -p $XRAY_DIR/expose/segment
init_dns(){
cat /dev/null > /etc/resolv.conf
while read -r row
do
echo "nameserver $row" >> /etc/resolv.conf
done < $NETWORK_DIR/dns
}
init_network(){
ifconfig eth0 down
ip -4 addr flush dev eth0
ip -6 addr flush dev eth0
ifconfig eth0 up
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv4_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv4_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv4_forward=$temp
done < $NETWORK_DIR/interface/ipv4
[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
if [ -n "$ipv4_forward" ]; then
if [ "$ipv4_forward" = "true" ]; then
eval "sysctl -w net.ipv4.ip_forward=1"
else
eval "sysctl -w net.ipv4.ip_forward=0"
fi
fi
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv6_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv6_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv6_forward=$temp
done < $NETWORK_DIR/interface/ipv6
[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
if [ -n "$ipv6_forward" ]; then
if [ "$ipv6_forward" = "true" ]; then
eval "sysctl -w net.ipv6.conf.all.forwarding=1"
else
eval "sysctl -w net.ipv6.conf.all.forwarding=0"
fi
fi
}
mkdir -p $LOG_DIR
[ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
[ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
load_inbounds
mkdir -p $ASSET_DIR
mkdir -p $CONFIG_DIR
mkdir -p $NETWORK_DIR
load_log
[ ! -s "$XRAY_DIR/expose/outbounds.json" ] && load_outbounds
[ ! -s "$XRAY_DIR/expose/routing.json" ] && load_routing
[ ! -s "$XRAY_DIR/expose/dns.json" ] && load_dns
cp $XRAY_DIR/expose/outbounds.json $XRAY_DIR/conf/
cp $XRAY_DIR/expose/routing.json $XRAY_DIR/conf/
cp $XRAY_DIR/expose/dns.json $XRAY_DIR/conf/
[ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4
[ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6
load_inbounds
[ ! -s "$CONFIG_DIR/outbounds.json" ] && load_outbounds
[ ! -s "$CONFIG_DIR/routing.json" ] && load_routing
[ ! -s "$CONFIG_DIR/dns.json" ] && load_dns
cp $CONFIG_DIR/*.json $XRAY_DIR/config/
[ ! -s "$ASSET_DIR/geoip.dat" ] && cp $XRAY_DIR/asset/geoip.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/geosite.dat" ] && cp $XRAY_DIR/asset/geosite.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/update.sh" ] && load_asset_update
cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
mkdir -p $NETWORK_DIR/bypass
mkdir -p $NETWORK_DIR/interface
[ -s "$NETWORK_DIR/dns" ] && init_dns
[ ! -f "$NETWORK_DIR/bypass/ipv4" ] && load_bypass_ipv4
[ ! -f "$NETWORK_DIR/bypass/ipv6" ] && load_bypass_ipv6
[ -f "$NETWORK_DIR/interface/ignore" ] && exit
[ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4
[ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6
init_network

26
tproxy.sh
View File

@ -1,13 +1,19 @@
[ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh
sh /etc/xray/load.sh
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
ip -4 rule add fwmark 1 table 100
ip -4 route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY
ip -4 addr | grep -w "inet" | awk '{print $2}' > /ipv4_range
while read -r segment
do
eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
done < /etc/xray/expose/segment/ipv4
done < /ipv4_range
rm -f /ipv4_range
while read -r segment
do
eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
done < /etc/xray/expose/network/bypass/ipv4
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
@ -15,12 +21,18 @@ iptables -t mangle -A PREROUTING -j XRAY
ip -6 rule add fwmark 1 table 106
ip -6 route add local ::/0 dev lo table 106
ip6tables -t mangle -N XRAY6
ip -6 addr | grep -w "inet6" | awk '{print $2}' > /ipv6_range
while read -r segment
do
eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
done < /ipv6_range
rm -f /ipv6_range
while read -r segment
do
eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
done < /etc/xray/expose/segment/ipv6
ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
done < /etc/xray/expose/network/bypass/ipv6
ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A PREROUTING -j XRAY6
xray -confdir /etc/xray/conf/
xray -confdir /etc/xray/config/

Write Preview
Loading…
Cancel
Save