diff --git a/README.md b/README.md index 8854576..0c16c34 100755 --- a/README.md +++ b/README.md @@ -51,10 +51,10 @@ You can download the release [installer zip](https://github.com/taamarin/Clashfo ##### Change proxy mode - Clash uses `TPROXY` transparent proxy `TCP + UDP` by default, if it detects that the device does not support `TPROXY`, it will automatically use `REDIRECT` to proxy only `TCP` -- Open `${MODDIR}/scripts/clash.config` file line [17-18](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L17-#L18), modify the value of `network_mode` to `TCP` or `MIXED `to use `REDIRECT` to proxy `TCP`, and `UDP` will not be proxied when `TUN` is not enabled in the Clash kernel +- Open `${MODDIR}/scripts/clash.config` file line [14-15](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L14-#L15), modify the value of `network_mode` to `TCP` or `MIXED `to use `REDIRECT` to proxy `TCP`, and `UDP` will not be proxied when `TUN` is not enabled in the Clash kernel ##### Bypass transparent proxy when connected to Wi-Fi or open a hotspot -Clash default transparent proxy local and hotspot, line [20-23](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L20-#L23) +Clash default transparent proxy local and hotspot, line [17-21](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L17-#L21) - Open the `${MODDIR}/scripts/clash.config` file, modify the `ignore_out_list` array and add the `wlan+` element, the transparent proxy will `bypass` the `WLAN`, and the hotspot will not be affected @@ -62,7 +62,7 @@ Clash default transparent proxy local and hotspot, line [20-23](https://github.c ##### Select which packages to proxy - If you expect all Apps proxy by Clash with transparent proxy EXCEPT specific Apps, write down bypass at the first line then these Apps' packages separated as above in file `/data/clash/packages.list` -- clash.config line [14-15](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L14-#L15) +- clash.config line [11-12](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L11-#L12) - `blacklist` & `whitelits`, not working on `fake-ip` - dns: @@ -87,7 +87,7 @@ Clash default transparent proxy local and hotspot, line [20-23](https://github.c ##### subscription you can use SubScription -- open `/data/clash/clash.config` line [30-35](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L30-#L35) +- open `/data/clash/clash.config` line [29-34](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L29-#L34) - update_interval="interval contab" - Subcript_url="your_link" - auto_updateSubcript="true" @@ -98,7 +98,7 @@ ${MODDIR}/scripts/clash.tool -s ``` ##### Config Online -- **clash.config** line [37-38](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L37-#L38), If true, +- **clash.config** line [36-37](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L36-#L37), If true, - use it to download the subscription configuration, when starting Clash , So no need to type `${MODDIR}/scripts/clash.tool -s` anymore ##### Change Clash kernel @@ -108,13 +108,13 @@ You can use Clash.Premium and Clash.Meta - Clash Premium - `/data/clash/kernel/lib/Clash.Premium` -you can download the Kernel automatically, for the settings in the **clash.config** line [85-109](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L85-#L109) +you can download the Kernel automatically, for the settings in the **clash.config** line [79-103](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L79-#L103) ```shell ${MODDIR}/scripts/clash.tool -k ``` ##### GeoSite, GeoIP, and Mmdb -- settings are in clash.config line [111-135](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L111-#L135) +- settings are in clash.config line [105-116](https://github.com/taamarin/ClashforMagisk/blob/master/scripts/clash.config#L105-#L116) - if true, will be updated every day at 00.00 - you can change the URL diff --git a/binary/arm.tar.bz2 b/binary/arm.tar.bz2 index d2d71bb..23a39ef 100755 Binary files a/binary/arm.tar.bz2 and b/binary/arm.tar.bz2 differ diff --git a/binary/arm64.tar.bz2 b/binary/arm64.tar.bz2 index 6e82ea5..d63d7aa 100755 Binary files a/binary/arm64.tar.bz2 and b/binary/arm64.tar.bz2 differ diff --git a/customize.sh b/customize.sh index 24affbe..eb05644 100755 --- a/customize.sh +++ b/customize.sh @@ -19,10 +19,32 @@ mod_config="${clash_data_sc}/clash.config" yacd_dir="${clash_data_dir}/dashboard" latest=$(date +%Y%m%d%H%M) -if [ $BOOTMODE ! = true ] ; then - ui_print "- Installing through TWRP Not supported" - ui_print "- Intsall this module via Magisk Manager" - abort "- ! Aborting installation !" +if $BOOTMODE; then + ui_print "- Installing from Magisk app" +else + ui_print "*********************************************************" + ui_print "! Install from recovery is NOT supported" + ui_print "! Some recovery has broken implementations, install with such recovery will finally cause CFM modules not working" + ui_print "! Please install from Magisk app" + abort "*********************************************************" +fi + +# check Magisk +ui_print "- Magisk version: $MAGISK_VER ($MAGISK_VER_CODE)" + +# check android +if [ "$API" -lt 19 ]; then + ui_print "! Unsupported sdk: $API" + abort "! Minimal supported sdk is 19 (Android 4.4)" +else + ui_print "- Device sdk: $API" +fi + +# check architecture +if [ "$ARCH" != "arm" ] && [ "$ARCH" != "arm64" ] && [ "$ARCH" != "x86" ] && [ "$ARCH" != "x64" ]; then + abort "! Unsupported platform: $ARCH" +else + ui_print "- Device platform: $ARCH" fi ui_print "- Installing Clash for Magisk" @@ -46,7 +68,6 @@ mkdir -p ${clash_data_dir}/dashboard mkdir -p ${MODPATH}/system/bin mkdir -p ${clash_data_dir}/run mkdir -p ${clash_data_dir}/scripts -mkdir -p ${clash_data_dir}/mosdns mkdir -p ${clash_data_dir}/assets case "${ARCH}" in @@ -71,6 +92,7 @@ unzip -o ${MODPATH}/dashboard.zip -d ${clash_data_dir}/dashboard/ >&2 ui_print "- Move Scripts Clash" mv ${MODPATH}/scripts/* ${clash_data_dir}/scripts/ +mv ${clash_data_dir}/scripts/config.yaml ${clash_data_dir}/ mv ${clash_data_dir}/scripts/template ${clash_data_dir}/ ui_print "- Move Cert&Geo" @@ -106,9 +128,7 @@ mv ${clash_data_dir_kernel}/setcap ${MODPATH}${bin_path}/ mv ${clash_data_dir_kernel}/getpcaps ${MODPATH}${bin_path}/ mv ${clash_data_dir_kernel}/getcap ${MODPATH}${bin_path}/ mv ${clash_data_dir}/scripts/clash.config ${clash_data_dir}/ -mv ${clash_data_dir}/scripts/mosdns ${clash_data_dir}/ -mv ${clash_data_dir}/mosdns/mosdns ${clash_data_dir_kernel}/ -mv ${clash_data_dir}/mosdns/dnstt-client ${clash_data_dir_kernel}/ +mv ${clash_data_dir}/scripts/dnstt/dnstt-client ${clash_data_dir_kernel}/ if [ ! -f "${bin_path}/ss" ] ; then mv ${clash_data_dir_kernel}/ss ${MODPATH}${bin_path}/ @@ -122,6 +142,7 @@ rm -rf ${MODPATH}/geo rm -rf ${MODPATH}/binary rm -rf ${MODPATH}/clash_service.sh rm -rf ${clash_data_dir}/scripts/config.yaml +rm -rf ${clash_data_dir}/scripts/dnstt rm -rf ${clash_data_dir_kernel}/curl sleep 1 @@ -150,7 +171,6 @@ set_perm ${clash_data_dir}/scripts/clash.cron 0 0 0755 set_perm ${clash_data_dir}/scripts/start.sh 0 0 0755 set_perm ${clash_data_dir}/scripts/usage.sh 0 0 0755 set_perm ${clash_data_dir}/clash.config ${uid} ${gid} 0755 -set_perm ${clash_data_dir}/kernel/mosdns 0 0 0755 set_perm ${clash_data_dir}/kernel/dnstt-client 0 0 0755 set_perm ${clash_service_dir}/clash_service.sh 0 0 0755 sleep 1 diff --git a/geo/config.yaml b/geo/config.yaml deleted file mode 100755 index 138c4bb..0000000 --- a/geo/config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -proxies: - - {name: "free", server: 172.67.199.34, port: 80, type: vmess, uuid: 109acde5-d130-4a0c-822d-751769f3db3a, alterId: 0, cipher: auto, tls: false, skip-cert-verify: false, servername: do-gayeng.potatonc.my.id, network: ws, ws-opts: {path: /vmess, headers: {Host: do-gayeng.potatonc.my.id}}, udp: true} -proxy-groups: - - name: "LLYCORIS" - type: select - proxies: - - free - use: - - provide -proxy-providers: - provide: - type: file - path: ./assets/akun.yaml - health-check: - enable: true - url: http://cp.cloudflare.com/generate_204 - interval: 1200 -rules: - - DOMAIN-SUFFIX,googlesyndication.com,LLYCORIS - - AND,((DST-PORT,5228-5230),(NETWORK,TCP)),DIRECT - - GEOSITE,CATEGORY-ADS-ALL,REJECT - - MATCH,LLYCORIS \ No newline at end of file diff --git a/module.prop b/module.prop index 9e805c4..3989bd9 100755 --- a/module.prop +++ b/module.prop @@ -1,7 +1,7 @@ id=ClashForMagisk name=Clash for Magisk -version=v2.5.1 -versionCode=20221201 +version=v2.5.4 +versionCode=20221227 author=t🌸amarin description= Use iptables to support Clash's transparent proxy. Hey, damn half-crippled Android!!! updateJson=https://github.com/taamarin/ClashforMagisk/raw/master/update.json \ No newline at end of file diff --git a/scripts/clash.config b/scripts/clash.config index 9bc86b1..823fbb8 100755 --- a/scripts/clash.config +++ b/scripts/clash.config @@ -1,27 +1,26 @@ #!/system/bin/sh # busybox path +now=$(date +"%I.%M %p") busybox_path="/data/adb/magisk/busybox" ipv6=$(grep "ipv6" /data/clash/template | ${busybox_path} awk -F ': ' '{print $2}' | head -1) run_usage="false" # display usage res cpu in loh - mark_id="2022" -run_mosdns="0" -# 0 is to start only clash, 1 is clash+mosdns - -# blacklist ,whitelist, or core +# blacklist / whitelist, or / core [only tun] mode="blacklist" network_mode="UDP" # TCP: REDIRECT / UDP: TPROXY / MIXED: TCP + TUN -ap_list=("wlan+" "ap+" "rndis+") +# ap_list=("softap+" "wlan+" "swlan+" "ap+" "rndis+") +# untuk info AP type ifconfig di terminal +ap_list=("softap+" "wlan+" "swlan+" "ap+" "rndis+") ignore_out_list=() # ap list -port_detect="false" +port_detect="true" # detected port use_premium="false" @@ -31,7 +30,7 @@ update_interval="0 00 * * *" # set interval update, info: https://crontab.guru/ auto_updateSubcript="false" # setting auto update subcript -Subcript_url="https://is.gd/subscmfa" +Subcript_url="link url" # url langganan config config_online="false" @@ -52,42 +51,37 @@ Cgroup_memory_limit="50M" Clash_bin_name="clash" Clash_data_dir="/data/clash" # directory clash & file -Clash_template="$Clash_data_dir/template" +Clash_template="${Clash_data_dir}/template" # directory template -Clash_run_path="$Clash_data_dir/run" -CFM_logs_file="$Clash_run_path/run.logs" -Clash_pid_file="$Clash_run_path/clash.pid" -Clash_bin="$Clash_data_dir/kernel" -Clash_lib="$Clash_bin/lib" -Clash_bin_path="$Clash_bin/${Clash_bin_name}" -Clash_Premium="$Clash_lib/Clash.Premium" -Clash_Meta="$Clash_lib/Clash.Meta" -Clash_scripts_dir="$Clash_data_dir/scripts" -appuid_file="$Clash_run_path/appuid.list" -filter_packages_file="$Clash_data_dir/packages.list" +Clash_run_path="${Clash_data_dir}/run" +CFM_logs_file="${Clash_run_path}/run.logs" +Clash_pid_file="${Clash_run_path}/clash.pid" +Clash_bin="${Clash_data_dir}/kernel" +Clash_lib="${Clash_bin}/lib" +Clash_bin_path="${Clash_bin}/${Clash_bin_name}" +Clash_Premium="${Clash_lib}/clash.premium" +Clash_Meta="${Clash_lib}/clash.meta" +Clash_scripts_dir="${Clash_data_dir}/scripts" +appuid_file="${Clash_run_path}/appuid.list" +filter_packages_file="${Clash_data_dir}/packages.list" system_packages_file="/data/system/packages.list" # directory lservice use_config="false" if [ "${use_config}" == "false" ] ; then - Clash_config_file="$Clash_data_dir/config.yaml" + Clash_config_file="${Clash_data_dir}/config.yaml" else - Clash_config_file="$Clash_data_dir/assets/${use_config}" + Clash_config_file="${Clash_data_dir}/assets/${use_config}" fi -temporary_config_file="$Clash_run_path/config.yaml" +temporary_config_file="${Clash_run_path}/config.yaml" # custom config.yaml -mosdns_data_dir="$Clash_data_dir/mosdns" -mosdns_bin_path="$Clash_bin/mosdns" -mosdns_config_file="$mosdns_data_dir/config.yaml" -# moddns is a plug-in DNS forwarder. Users can splicing plug-ins as needed to customize their own DNS processing logic. - schedule_update_core="false" url_meta="https://github.com/MetaCubeX/Clash.Meta/releases" url_premium="https://github.com/Dreamacro/clash/releases" arm=$(uname -m) if [ "${use_premium}" == "false" ] ; then - file_kernel="Clash.Meta" + file_kernel="clash.meta" meta_alpha="true" tag="Prerelease-Alpha" tag_name="alpha-[0-9,a-z]+" @@ -99,50 +93,43 @@ if [ "${use_premium}" == "false" ] ; then arch="armv7" fi else - file_kernel="Clash.Premium" + file_kernel="clash.premium" platform="linux" if [ ${arm} == "aarch64" ] ; then - arch="armv8" + arch="arm64" else arch="armv7" fi fi -auto_updateGeoX="true" +auto_updateGeoX="false" Clash_geodata_mode=$(grep "geodata-mode" ${Clash_template} | ${busybox_path} awk -F ': ' '{print $2}') if [ "${use_premium}" == "true" ] ; then - Clash_GeoIP_file="$Clash_data_dir/Country.mmdb" + Clash_GeoIP_file="${Clash_data_dir}/Country.mmdb" GeoIP_dat_url="https://github.com/Loyalsoldier/geoip/raw/release/Country.mmdb" else - Clash_GeoIP_file="$Clash_data_dir/GeoIP.dat" + Clash_GeoIP_file="${Clash_data_dir}/GeoIP.dat" GeoIP_dat_url="https://github.com/v2fly/geoip/raw/release/geoip-only-cn-private.dat" fi -Clash_GeoSite_file="$Clash_data_dir/GeoSite.dat" +Clash_GeoSite_file="${Clash_data_dir}/GeoSite.dat" GeoSite_url="https://github.com/CHIZI-0618/v2ray-rules-dat/raw/release/geosite.dat" iptables_version=$(iptables -V | grep -o "v1\.[0-9]") -if [ "${iptables_version}" = "v1.4" ] ; then - export ANDROID_DATA=/data - export ANDROID_ROOT=/system - iptables_wait="iptables" - ip6tables_wait="ip6tables" -elif [ "${iptables_version}" = "v1.6" ] || [ "${iptables_version}" = "v1.8" ] ; then +if [ "${iptables_version}" = "v1.6" ] || [ "${iptables_version}" = "v1.8" ] ; then iptables_wait="iptables -w 100" ip6tables_wait="ip6tables -w 100" else + export ANDROID_DATA=/data + export ANDROID_ROOT=/system iptables_wait="iptables" - ip6tables_wait="ip6tables" + ip6tables_wait="ip6tables" fi # tproxy-port Clash_tproxy_port=$(grep "tproxy-port" ${Clash_template} | ${busybox_path} awk -F ': ' '{print $2}') Clash_redir_port=$(grep "redir-port" ${Clash_template} | ${busybox_path} awk -F ': ' '{print $2}') # dns -if [ "${run_mosdns}" == "1" ] ; then - Clash_dns_port="2053" -else - Clash_dns_port=$(grep "listen" ${Clash_template} | ${busybox_path} awk -F ':' '{print $3}') -fi +Clash_dns_port=$(grep "listen" ${Clash_template} | ${busybox_path} awk -F ':' '{print $3}') # tun status Clash_tun_status=$(${busybox_path} awk -F ': ' '/^tun: *$/{getline; print $2}' ${Clash_template}) Clash_stack_mode=$(grep "stack" ${Clash_template} | ${busybox_path} awk -F ': ' '{print $2}') @@ -153,7 +140,7 @@ Clash_fake_ip_range=$(grep "fake-ip-range" ${Clash_template} | ${busybox_path} a # v2dns, 0 is v2dns off, 1 is v2dns on # create akun v2dns di whyvpn , dnstt_bin_name="dnstt-client" -dnstt_client_bin="$Clash_bin/$dnstt_bin_name" +dnstt_client_bin="${Clash_bin}/${dnstt_bin_name}" run_dnstt="0" dns_for_dnstt="1.1.1.1" pubkey="" @@ -164,9 +151,9 @@ reserved_ip6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001: log() { export TZ=Asia/Jakarta - echo "$(date '+%H:%M %z') $*" | tee -a ${CFM_logs_file} >> /dev/null 2>&1 + echo "${now} $*" | tee -a ${CFM_logs_file} >> /dev/null 2>&1 } logs() { export TZ=Asia/Jakarta - echo -n "$(date '+%H:%M %z') $*" | tee -a ${CFM_logs_file} >> /dev/null 2>&1 + echo -n "${now} $*" | tee -a ${CFM_logs_file} >> /dev/null 2>&1 } \ No newline at end of file diff --git a/scripts/clash.inotify b/scripts/clash.inotify index 6326b03..a4e0422 100755 --- a/scripts/clash.inotify +++ b/scripts/clash.inotify @@ -22,7 +22,7 @@ service_control() { if [ "${events}" = "d" ]; then ${service_path} -s &> ${log} && ${iptables_path} -s &>> ${log} & elif [ "${events}" = "n" ]; then - ${service_path} -k &>> ${log} && ${iptables_path} -k &>> ${log} & + ${iptables_path} -k &>> ${log} && ${service_path} -k &>> ${log} & fi fi } diff --git a/scripts/clash.iptables b/scripts/clash.iptables index cf8a68d..63504ad 100755 --- a/scripts/clash.iptables +++ b/scripts/clash.iptables @@ -40,6 +40,7 @@ start_redirect() { for ap in ${ap_list[*]} ; do ${iptables_wait} -t nat -A BOX_EXTERNAL -p tcp -i ${ap} -j REDIRECT --to-ports ${Clash_redir_port} done + log "[info] ${ap_list[*]} transparent proxy." ${iptables_wait} -t nat -I PREROUTING -j BOX_EXTERNAL @@ -162,6 +163,7 @@ start_tproxy() { ${iptables_wait} -t mangle -A BOX_EXTERNAL -p tcp -i ${ap} -j TPROXY --on-port ${Clash_tproxy_port} --tproxy-mark ${mark_id} ${iptables_wait} -t mangle -A BOX_EXTERNAL -p udp -i ${ap} -j TPROXY --on-port ${Clash_tproxy_port} --tproxy-mark ${mark_id} done + log "[info] ${ap_list[*]} transparent proxy." if [ "${ipv6}" = "true" ] ; then for ap6 in ${ap_list[*]} ; do ${ip6tables_wait} -t mangle -A BOX_EXTERNAL -p tcp -i ${ap6} -j TPROXY --on-port ${Clash_tproxy_port} --tproxy-mark ${mark_id} @@ -419,28 +421,22 @@ if [ "${mode}" != "core" ] ; then sleep 0.75 detected_port if [ "${network_mode}" = "UDP" ] ; then - # if (zcat /proc/config.gz | grep -q TPROXY) ; then - log "[info] use TPROXY:TCP+UDP." + log "[info] use TPROXY: TCP+UDP." log "[info] creating iptables transparent proxy rules." - start_tproxy && log "[info] create iptables transparent proxy rules done." || log "[error] create iptables transparent proxy rule failed." - # else - # log "[warning] the device does not support TPROXY, please switch network_mode." - # log "[info] use REDIRECT:TCP." - # log "[info] creating iptables transparent proxy rules." - # start_redirect && log "[info] create iptables transparent proxy rules done." || log "[error] create iptables transparent proxy rule failed." - # fi + time start_tproxy && log "[info] create iptables transparent proxy rules done." || log "[error] create iptables transparent proxy rule failed." else - [ "${network_mode}" = "TCP" ] && log "[info] use REDIRECT:TCP." || log "[info] use MIXED:TCP+TUN." + [ "${network_mode}" = "TCP" ] && log "[info] use REDIRECT:TCP." || log "[info] use MIXED: TCP+TUN." log "[info] creating iptables transparent proxy rules." - start_redirect && log "[info] create iptables transparent proxy rules done." || log "[error] create iptables transparent proxy rule failed." - forward -I + time start_redirect && log "[info] create iptables transparent proxy rules done." || log "[error] create iptables transparent proxy rule failed." + time forward -I fi + log "[info] Clash terhubung." ;; k) log "[warning] cleaning up iptables transparent proxy rules." - stop_tproxy - stop_redirect - forward -D + time stop_tproxy + time stop_redirect + time forward -D log "[warning] clean up iptables transparent proxy rules done." ;; ?) @@ -455,13 +451,14 @@ else stop_tproxy >> /dev/null 2>&1 stop_redirect >> /dev/null 2>&1 forward -D >> /dev/null 2>&1 - forward -I - log "[info] mode: ${mode} disable transparent proxy." + time forward -I + log "[info] mode: ${mode}, disable transparent proxy." + log "[info] Clash terhubung." ;; k) stop_tproxy >> /dev/null 2>&1 stop_redirect >> /dev/null 2>&1 - forward -D + time forward -D log "[warning] cleaning up proxy rules." ;; *) diff --git a/scripts/clash.service b/scripts/clash.service index 331b3fa..54270f8 100755 --- a/scripts/clash.service +++ b/scripts/clash.service @@ -5,10 +5,9 @@ scripts_dir=$(dirname ${scripts}) source /data/clash/clash.config dow_config() { - if [ "${config_online}" == "true" ]; then - if ! [ "$(head -1 ${Clash_run_path}/root)" == "disable" ]; then - if ! (${scripts_dir}/clash.tool -o) - then + if [ "${config_online}" = "true" ] ; then + if ! [ "$(head -1 ${Clash_run_path}/root)" = "disable" ] ; then + if ! (${scripts_dir}/clash.tool -o) ; then log "[error] failed to download config" log "[error] make sure you are connected to the internet" && exit 1 fi @@ -17,74 +16,65 @@ dow_config() { } replace_kernel() { - chmod 0755 ${Clash_lib}/* - rm -rf ${Clash_bin}/clash - err="failed to replace kernel。" - if [ "${use_premium}" == "true" ]; then - cp -f ${Clash_Premium} ${Clash_bin}/clash \ - && echo "" || log "[error] ${err}" + chmod 0755 ${Clash_lib}/* && rm -rf ${Clash_bin}/clash + err="failed to replace kernel." + if [ "${use_premium}" = "true" ] ; then + cp -f ${Clash_Premium} ${Clash_bin}/clash && echo "" || log "[error] ${err}" else - cp -f ${Clash_Meta} ${Clash_bin}/clash \ - && echo "" || log "[error] ${err}" + cp -f ${Clash_Meta} ${Clash_bin}/clash && echo "" || log "[error] ${err}" fi } use_clash() { - if [ "${use_premium}" == "true" ]; then - if [ -f "${Clash_bin_path}" ]; then - log "[info] Clash Premium is enable。" - else - log "[error] kernel not detected ${Clash_bin_path}" - exit 1 - fi - else - if [ -f "${Clash_bin_path}" ]; then - log "[info] Clash Meta is enable。" - else + [ "${use_premium}" = "true" ] \ + && log "[info] β˜‘ Clash Premium is enable." || log "[info] β˜‘ Clash Meta is enable." + if [ ! -f "${Clash_bin_path}" ] ; then log "[error] kernel not detected ${Clash_bin_path}" exit 1 fi - fi - log "[info] konfigurasi ${Clash_config_file}。" + log "[info] konfigurasi ${Clash_config_file}." } ceks_clash() { local PID=$(pidof clash 2> /dev/null) - if (cat /proc/${PID}/cmdline | grep -q ${Clash_bin_name}); then + if (cat /proc/${PID}/cmdline | grep -q ${Clash_bin_name}) ; then log "[warning] Clash service still started" && exit 1 fi } +tun_alive() { + mkdir -p /dev/net + [ ! -L /dev/net/tun ] && ln -sf /dev/tun /dev/net/tun +} + tun_tproxy() { - if [ "${Clash_tun_status}" == "true" ]; then - if [ ${arm} == "aarch64" ]; then - mkdir -p /dev/net - [ ! -L /dev/net/tun ] && ln -sf /dev/tun /dev/net/tun + if [ "${Clash_tun_status}" = "true" ] ; then + if [ ${arm} = "aarch64" ] ; then + tun_alive log "[info] turn on tun mode, stack: [${Clash_stack_mode}] " - log "[info] create /dev/net/tun。" - sed -i 's/auto-detect-interface:.*/auto-detect-interface: true/' $Clash_template - sed -i 's/auto-route:.*/auto-route: true/' $Clash_template - sed -i 's/tproxy-port:.*/tproxy-port: 0/' $Clash_template + log "[info] create /dev/net/tun." + sed -i 's/auto-detect-interface:.*/auto-detect-interface: true/' ${Clash_template} + sed -i 's/auto-route:.*/auto-route: true/' ${Clash_template} + sed -i 's/tproxy-port:.*/tproxy-port: 0/' ${Clash_template} sed -i 's/network_mode=.*/network_mode="MIXED"/' /data/clash/clash.config else log "[error] tun only for arm64/armv8" && exit 1 fi else - sed -i 's/auto-detect-interface:.*/auto-detect-interface: false/' $Clash_template - sed -i 's/auto-route:.*/auto-route: false/' $Clash_template - sed -i 's/tproxy-port:.*/tproxy-port: 9898/' $Clash_template + sed -i 's/auto-detect-interface:.*/auto-detect-interface: false/' ${Clash_template} + sed -i 's/auto-route:.*/auto-route: false/' ${Clash_template} + sed -i 's/tproxy-port:.*/tproxy-port: 9898/' ${Clash_template} sed -i 's/network_mode=.*/network_mode="UDP"/' /data/clash/clash.config - log "[info] turn on tproxy mode。" + log "[info] turn on tproxy mode." fi } temporary_config_file() { - sed -i '/^[ ]*$/d' ${Clash_template} - if [ -f "${Clash_template}" ]; then - if [ -f "${Clash_config_file}" ]; then - cp -f ${Clash_template} ${temporary_config_file}.swp && echo "\n" >> ${temporary_config_file}.swp - sed -n -E '/^proxies:$/,$p' ${Clash_config_file} >> ${temporary_config_file}.swp - sed -i '/^[ ]*$/d' ${temporary_config_file}.swp + if [ -f "${Clash_template}" ] ; then + if [ -f "${Clash_config_file}" ] ; then + cp -f ${Clash_template} ${temporary_config_file}.temp && echo "\n" >> ${temporary_config_file}.temp + sed -n -E '/^proxies:$/,$p' ${Clash_config_file} >> ${temporary_config_file}.temp + sed -i '/^[ ]*$/d' ${temporary_config_file}.temp else log "[error] ${Clash_config_file} file is missing!!!" && exit 1 fi @@ -92,157 +82,116 @@ temporary_config_file() { log "[error] ${Clash_template} file is missing !!!" && exit 1 fi - mv ${temporary_config_file}.swp ${temporary_config_file} \ + mv ${temporary_config_file}.temp ${temporary_config_file} \ && log "[info] merge files ${Clash_config_file} & template Succes" || log "[error] merge files ${Clash_config_file} & template failed !!!" - if [ ! -f "${temporary_config_file}" ]; then + if [ ! -f "${temporary_config_file}" ] ; then log "[error] ${temporary_config_file} file is missing !!!" && exit 1 fi } crontab_sec() { - if [ ! "${schedule_update_core}" == "false" ]; then - echo "${schedule_update_core} ${scripts_dir}/clash.tool -k" >> ${Clash_run_path}/root && log "[info] Crontab Update kernel (${schedule_update_core})" - else - log "[info] Update kernel is disable。" - fi - if [ ! "${update_interval}" == "false" ]; then - echo "${update_interval} ${scripts_dir}/clash.tool -s" >> ${Clash_run_path}/root && log "[info] Crontab 'Geo' and 'Subscription' (${update_interval})。" - log "[info] Geox (${auto_updateGeoX})。" - log "[info] Subscription (${auto_updateSubcript})。" + if [ ! "${schedule_update_core}" = "false" ] ; then + echo "${schedule_update_core} ${scripts_dir}/clash.tool -k" >> ${Clash_run_path}/root + log "[info] Crontab Update kernel (${schedule_update_core})" + log "[info] Update kernel is β˜‘ enable." + fi + if [ ! "${update_interval}" = "false" ] ; then + echo "${update_interval} ${scripts_dir}/clash.tool -s" >> ${Clash_run_path}/root + log "[info] Crontab (geo) and (subscription) (${update_interval})." + log "[info] clash geox ☐ (${auto_updateGeoX})." + log "[info] clash subscription ☐ (${auto_updateSubcript})." else - log "[info] Crontab GeoX & Subscription is disable" + log "[info] Crontab geox & subscription is β˜’ disable" fi } -mosdns() { - if ! [ -f $mosdns_bin_path ]; then - log "[error] mosdns kernel is missing." && exit 1 - fi - - if [ -f ${mosdns_config_file} ]; then - if [ "${run_mosdns}" == "1" ]; then - nohup ${mosdns_bin_path} start -d ${mosdns_data_dir} > ${Clash_run_path}/mosdns.log 2>&1 & - echo -n $! > ${Clash_run_path}/mosdns.pid && sleep 1 +log_suc() { + sed -i s/.*msg=// ${Clash_run_path}/error.log + sed -i 's/configuration file*//' ${Clash_run_path}/error.log + while read p ; do + log "[info]" "$p" + done <${Clash_run_path}/error.log +} - local mosdns_pid=$(pidof mosdns 2> /dev/null) - if (cat /proc/${mosdns_pid}/cmdline | grep -q mosdns); then - log "[info] mosdns is enable." - else - log "[error] mosdns The configuration is incorrect, the startup fails, and the following is the error" - sed -i s/.*Error// ${Clash_run_path}/mosdns.log - sed -i 's/mosdns*//' ${Clash_run_path}/mosdns.log - while read p ; do - log "[error]" "$p" - done <${Clash_run_path}/mosdns.log && exit 1 - fi - fi - else - log "[info] mosdns Configuration file is missing." && exit 1 - fi +log_failed() { + log "[error] ${Clash_config_file} failed" + sed -i s/.*msg=// ${Clash_run_path}/error.log + sed -i 's/fatal msg=*//' ${Clash_run_path}/error.log + sed -i 's/configuration file*//' ${Clash_run_path}/error.log + while read p ; do + log "[error]" "$p" + done <${Clash_run_path}/error.log } run_clash() { - ${Clash_bin_path} -t -d ${Clash_data_dir} -f ${temporary_config_file} > ${Clash_run_path}/err.log - if [ "$?" = "0" ]; then + ${Clash_bin_path} -t -d ${Clash_data_dir} -f ${temporary_config_file} > ${Clash_run_path}/error.log + if [ "$?" = "0" ] ; then ulimit -SHn 1000000 nohup ${busybox_path} setuidgid 0:3005 ${Clash_bin_path} -d ${Clash_data_dir} -f ${temporary_config_file} > ${Clash_run_path}/output-clash.log 2>&1 & echo -n $! > ${Clash_pid_file} - - sed -i s/.*msg=// ${Clash_run_path}/err.log - sed -i 's/configuration file*//' ${Clash_run_path}/err.log - while read p ; do - log "[info]" "$p" - done <${Clash_run_path}/err.log + log_suc else - log "[error] ${Clash_config_file} failed" - sed -i s/.*msg=// ${Clash_run_path}/err.log - sed -i 's/fatal msg=*//' ${Clash_run_path}/err.log - sed -i 's/configuration file*//' ${Clash_run_path}/err.log - while read p ; do - log "[error]" "$p" - done <${Clash_run_path}/err.log - - if [ "${use_config}" == "false" ]; then - mv ${temporary_config_file} ${Clash_data_dir}/config.yaml - else - mv ${temporary_config_file} ${Clash_data_dir}/${use_config} - fi + log_failed + [ "${use_config}" = "false" ] \ + && (mv ${temporary_config_file} ${Clash_data_dir}/config.yaml) || (mv ${temporary_config_file} ${Clash_data_dir}/${use_config}) log "[error] please check ${Clash_config_file} configuration" && exit 1 fi - rm -rf ${Clash_run_path}/err.log + rm -rf ${Clash_run_path}/error.log } cgroup_limit() { - if [ "${Cgroup_memory}" == "true" ]; then - if ! (${scripts_dir}/clash.tool -l); then - log "[warning] kernel does not support cgroup" - log "[warning] will not affect Clash" - else - log "[info] cgroup limit: ${Cgroup_memory_limit}" - fi + if [ "${Cgroup_memory}" = "true" ] ; then + [ "${scripts_dir}/clash.tool -l" ] \ + && log "[warning] kernel does not support cgroup" || log "[info] cgroup limit: ${Cgroup_memory_limit}" fi } start_clash() { dow_config replace_kernel - echo $(date) > $CFM_logs_file - echo "$(${Clash_bin_path} -v)" >> $CFM_logs_file - echo "Clash for Magisk v2.5.1" > /dev/null - echo "CPU: % | RES: kb" >> $CFM_logs_file - echo "━━━━━━━━━━━━━━━━━━━━━━━━━" >> $CFM_logs_file + echo $(date) > ${CFM_logs_file} + echo "$(${Clash_bin_path} -v)" >> ${CFM_logs_file} + echo "Clash for Magisk v2.5.4" > /dev/null + echo "CPU: % | RES: kb" >> ${CFM_logs_file} + echo "━━━━━━━━━━━━━━━━━━━━━━━━━" >> ${CFM_logs_file} if [ "${ipv6}" = "false" ] ; then echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra echo 0 > /proc/sys/net/ipv6/conf/wlan0/accept_ra echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6 echo 1 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6 - ip -6 rule add unreachable pref 100 - log "[info] Ipv6: disable" + log "[info] Ipv6: β˜’ disable" else echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra echo 1 > /proc/sys/net/ipv6/conf/wlan0/accept_ra echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6 echo 0 > /proc/sys/net/ipv6/conf/default/disable_ipv6 echo 0 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6 - ip -6 rule del unreachable pref 100 - log "[info] Ipv6: enable" + log "[info] Ipv6: β˜‘ enable" fi use_clash ceks_clash tun_tproxy temporary_config_file - if [ -f "${Clash_bin_path}" ]; then - chown 0:3005 ${Clash_bin_path} - chown 0:3005 ${temporary_config_file} - chmod 0700 ${Clash_bin_path} - chmod 0700 ${temporary_config_file} - # setcap 'cap_net_admin,cap_net_raw+ep' ${Clash_bin_path} + if [ -f "${Clash_bin_path}" ] ; then + chown 0:3005 ${Clash_bin_path} && chown 0:3005 ${temporary_config_file} + chmod 0700 ${Clash_bin_path} && chmod 0700 ${temporary_config_file} nohup ${busybox_path} crond -c ${Clash_run_path} > /dev/null 2>&1 & - sleep 0.5 ${busybox_path} crontab -c ${Clash_run_path} -r touch ${Clash_run_path}/root chmod 0600 ${Clash_run_path}/root crontab_sec else - log "[error] Clash kernel ${Clash_bin_path} file is missing !!!。" && exit 1 + log "[error] Clash kernel ${Clash_bin_path} file is missing !!!." && exit 1 fi - if [ "${run_mosdns}" == "1" ]; then - mosdns - else - rm -rf ${Clash_run_path}/mosdns.log - fi - if [ -f ${temporary_config_file} ]; then - if (${Clash_bin_path} -v > /dev/null 2>&1); then + + if [ -f ${temporary_config_file} ] ; then + if (${Clash_bin_path} -v > /dev/null 2>&1) ; then run_clash - sleep 0.5 cgroup_limit - if [ "$run_usage" == "true" ]; then - nohup ${scripts_dir}/usage.sh > /dev/null 2>&1 & - else - log "[info] display Usage ( RES: / CPU: ) is disabled" - fi + [ "$run_usage" = "true" ] \ + && (nohup ${scripts_dir}/usage.sh > /dev/null 2>&1 &) || log "[info] display Usage RES:/CPU: is disabled" else log "[error] kernel Clash error/broken/not supported" && exit 1 fi @@ -253,26 +202,23 @@ start_clash() { kill_tool() { cronkill=$(ps -ef | grep root | grep "crond -c /data/clash/" | ${busybox_path} awk '{ print $2 }' | sort -u) - for cron in ${cronkill[*]}; do - kill ${cron} + for cron in ${cronkill[*]} ; do + kill -9 ${cron} done - - if (kill $(cat ${Clash_run_path}/mosdns.pid)); then - rm -rf ${Clash_run_path}/mosdns.pid - log "[warning] mos-dns terminated。" - fi - - if (kill $(cat ${Clash_run_path}/dnstt.pid)); then + if (kill -9 $(cat ${Clash_run_path}/dnstt.pid)) ; then rm -rf ${Clash_run_path}/dnstt.pid - log "[warning] $dnstt_bin_name terminated。" + log "[warning] ${dnstt_bin_name} terminated." fi } stop_clash() { kill_tool - if (kill -15 $(pidof clash)); then + if (kill -9 $(pidof clash) || killall -9 clash) ; then rm -rf ${Clash_pid_file} - log "[warning] Clash shutting down。" + sleep 0.75 + [ $(pidof clash) ] \ + && log "[warning] Clash service is still running" || log "[warning] Clash shutting down." + [ ! $(pidof clash) ] && log "[warning] Clash terputus." else log "[error] failed stop Clash" fi @@ -282,10 +228,10 @@ while getopts ":sk" signal ; do case ${signal} in s) stop_clash >> /dev/null 2>&1 - start_clash + time start_clash ;; k) - stop_clash + time stop_clash ;; ?) echo "" diff --git a/scripts/clash.tool b/scripts/clash.tool index a4d35b4..6ea231e 100755 --- a/scripts/clash.tool +++ b/scripts/clash.tool @@ -6,7 +6,7 @@ source /data/clash/clash.config find_packages_uid() { echo -n "" > ${appuid_file} - if [ "${Clash_enhanced_mode}" == "redir-host" ]; then + if [ "${Clash_enhanced_mode}" == "redir-host" ] ; then for package in $(cat ${filter_packages_file} | sort -u) ; do ${busybox_path} awk '$1~/'^"${package}"$'/{print $2}' ${system_packages_file} >> ${appuid_file} done @@ -21,7 +21,7 @@ restart_clash() { echo -n "disable" > ${Clash_run_path}/root sleep 0.5 ${scripts_dir}/clash.service -s && ${scripts_dir}/clash.iptables -s - if [ "$?" == "0" ]; then + if [ "$?" == "0" ] ; then log "[info] $(date), Clash restart" else log "[error] $(date), Clash Failed to restart." @@ -32,38 +32,38 @@ update_file() { file="$1" file_bak="${file}.bak" update_url="$2" - if [ -f ${file} ]; then + if [ -f ${file} ] ; then mv -f ${file} ${file_bak} fi - echo "curl -k --insecure -L -A 'clash' ${update_url} -o ${file}" - curl -k --insecure -L -A 'clash' ${update_url} -o ${file} 2>&1 + echo "/data/adb/magisk/busybox wget --no-check-certificate ${update_url} -o ${file}" + /data/adb/magisk/busybox wget --no-check-certificate ${update_url} -O ${file} 2>&1 sleep 0.5 - if [ -f "${file}" ]; then + if [ -f "${file}" ] ; then echo "" else - if [ -f "${file_bak}" ]; then + if [ -f "${file_bak}" ] ; then mv ${file_bak} ${file} fi fi } update_geo() { - if [ "${auto_updateGeoX}" == "true" ]; then + if [ "${auto_updateGeoX}" == "true" ] ; then update_file ${Clash_GeoIP_file} ${GeoIP_dat_url} update_file ${Clash_GeoSite_file} ${GeoSite_url} - if [ "$?" = "0" ]; then + if [ "$?" = "0" ] ; then flag=false fi fi - if [ ${auto_updateSubcript} == "true" ]; then + if [ ${auto_updateSubcript} == "true" ] ; then update_file ${Clash_config_file} ${Subcript_url} - if [ "$?" = "0" ]; then + if [ "$?" = "0" ] ; then flag=true fi fi - if [ -f "${Clash_pid_file}" ] && [ ${flag} == true ]; then + if [ -f "${Clash_pid_file}" ] && [ ${flag} == true ] ; then restart_clash fi } @@ -74,11 +74,11 @@ config_online() { log "[warning] Download Config online" > ${CFM_logs_file} update_file ${Clash_config_file} ${Subcript_url} sleep 0.5 - if [ -f "${Clash_config_file}" ]; then + if [ -f "${Clash_config_file}" ] ; then match_count=$((${match_count} + 1)) fi - if [ ${match_count} -ge 1 ]; then + if [ ${match_count} -ge 1 ] ; then log "[info] download succes." exit 0 else @@ -102,52 +102,52 @@ port_detection() { logs "[info] port detected: " for sub_port in ${clash_port[*]} ; do sleep 0.5 - echo -n "${sub_port} / " >> ${CFM_logs_file} + echo -n "${sub_port} " >> ${CFM_logs_file} done echo "" >> ${CFM_logs_file} } update_kernel() { - if [ "${use_premium}" == "false" ]; then - if [ "${meta_alpha}" == "false" ]; then - tag_meta=$(curl -fsSL ${url_meta} | grep -oE "v[0-9]+\.[0-9]+\.[0-9]+" | head -1) + if [ "${use_premium}" == "false" ] ; then + if [ "${meta_alpha}" == "false" ] ; then + tag_meta=$(/data/adb/magisk/busybox wget --no-check-certificate -qO- ${url_meta} | grep -oE "v[0-9]+\.[0-9]+\.[0-9]+" | head -1) filename="${file_kernel}-${platform}-${arch}-${tag_meta}" - update_file ${Clash_data_dir}/${file_kernel}.gz ${url_meta}/download/${tag_meta}/${filename}.gz + update_file "${Clash_data_dir}/${file_kernel}.gz" "${url_meta}/download/${tag_meta}/${filename}.gz" if [ "$?" = "0" ] then flag=false fi else - tag_meta=$(curl -fsSL ${url_meta}/expanded_assets/${tag} | grep -oE "${tag_name}" | head -1) + tag_meta=$(/data/adb/magisk/busybox wget --no-check-certificate -qO- ${url_meta}/expanded_assets/${tag} | grep -oE "${tag_name}" | head -1) filename="${file_kernel}-${platform}-${arch}-${tag_meta}" - update_file ${Clash_data_dir}/${file_kernel}.gz ${url_meta}/download/${tag}/${filename}.gz + update_file "${Clash_data_dir}/${file_kernel}.gz" "${url_meta}/download/${tag}/${filename}.gz" if [ "$?" = "0" ] then flag=false fi fi else - filename=$(curl -fsSL ${url_premium}/expanded_assets/premium | grep -oE "clash-${platform}-${arch}-[0-9]+.[0-9]+.[0-9]+" | head -1) - update_file ${Clash_data_dir}/${file_kernel}.gz ${url_premium}/download/premium/${filename}.gz - if [ "$?" = "0" ]; then + filename=$(/data/adb/magisk/busybox wget --no-check-certificate -qO- "${url_premium}/expanded_assets/premium" | grep -oE "clash-${platform}-${arch}-[0-9]+.[0-9]+.[0-9]+" | head -1) + update_file "${Clash_data_dir}/${file_kernel}.gz" "${url_premium}/download/premium/${filename}.gz" + if [ "$?" = "0" ] ; then flag=false fi fi - if [ ${flag} == false ]; then + if [ ${flag} == false ] ; then if (gunzip --help > /dev/null 2>&1); then - if [ -f ${Clash_data_dir}/"${file_kernel}".gz ]; then - if (gunzip ${Clash_data_dir}/"${file_kernel}".gz); then + if [ -f "${Clash_data_dir}/${file_kernel}.gz" ] ; then + if (gunzip "${Clash_data_dir}/${file_kernel}.gz"); then echo "" else log "[error] gunzip ${file_kernel}.gz failed" > ${CFM_logs_file} log "[warning] periksa kembali url" - if [ -f ${Clash_data_dir}/"${file_kernel}".gz.bak ]; then - rm -rf ${Clash_data_dir}/"${file_kernel}".gz.bak + if [ -f "${Clash_data_dir}/${file_kernel}.gz.bak" ] ; then + rm -rf "${Clash_data_dir}/${file_kernel}.gz.bak" else - rm -rf ${Clash_data_dir}/"${file_kernel}".gz + rm -rf "${Clash_data_dir}/${file_kernel}.gz" fi - if [ -f ${Clash_run_path}/clash.pid ]; then + if [ -f ${Clash_run_path}/clash.pid ] ; then log "[info] Clash service is running (PID: $(cat ${Clash_pid_file}))" log "[info] Connect" fi @@ -164,13 +164,13 @@ update_kernel() { fi fi - mv -f ${Clash_data_dir}/"${file_kernel}" ${Clash_data_dir}/kernel/lib + mv -f "${Clash_data_dir}/${file_kernel}" ${Clash_data_dir}/kernel/lib - if [ "$?" = "0" ]; then + if [ "$?" = "0" ] ; then flag=true fi - if [ -f "${Clash_pid_file}" ] && [ ${flag} == true ]; then + if [ -f "${Clash_pid_file}" ] && [ ${flag} == true ] ; then restart_clash else log "[warning] Clash tidak dimulai ulang" @@ -178,10 +178,10 @@ update_kernel() { } cgroup_limit() { - if [ "${Cgroup_memory_limit}" == "" ]; then + if [ "${Cgroup_memory_limit}" == "" ] ; then return fi - if [ "${Cgroup_memory_path}" == "" ]; then + if [ "${Cgroup_memory_path}" == "" ] ; then Cgroup_memory_path=$(mount | grep cgroup | ${busybox_path} awk '/memory/{print $3}' | head -1) fi @@ -198,21 +198,20 @@ update_dashboard () { file_dasboard="${Clash_data_dir}/dashboard.zip" rm -rf ${Clash_data_dir}/dashboard/dist - curl -L -A 'clash' ${url_dashboard} -o ${file_dasboard} 2>&1 + /data/adb/magisk/busybox wget --no-check-certificate ${url_dashboard} -o ${file_dasboard} 2>&1 unzip -o "${file_dasboard}" "yacd-gh-pages/*" -d ${Clash_data_dir}/dashboard >&2 mv -f ${Clash_data_dir}/dashboard/yacd-gh-pages ${Clash_data_dir}/dashboard/dist rm -rf ${file_dasboard} } dnstt_client() { - if [ "${run_dnstt}" == "1" ]; then - if [ -f ${dnstt_client_bin} ]; then + if [ "${run_dnstt}" == "1" ] ; then + if [ -f ${dnstt_client_bin} ] ; then chmod 0700 ${dnstt_client_bin} chown 0:3005 ${dnstt_client_bin} - if [ ! ${nsdomain} == "" ] && [ ! ${pubkey} == "" ]; then + if [ ! ${nsdomain} == "" ] && [ ! ${pubkey} == "" ] ; then nohup ${busybox_path} setuidgid 0:3005 ${dnstt_client_bin} -udp ${dns_for_dnstt}:53 -pubkey ${pubkey} ${nsdomain} 127.0.0.1:9553 > /dev/null 2>&1 & echo -n $! > ${Clash_run_path}/dnstt.pid - sleep 1 local dnstt_pid=$(cat ${Clash_run_path}/dnstt.pid 2> /dev/null) if (cat /proc/$dnstt_pid/cmdline | grep -q ${dnstt_bin_name}); then @@ -224,7 +223,7 @@ dnstt_client() { fi else log "[warning] ${dnstt_bin_name} tidak aktif," - log "[warning] 'nsdomain' & 'pubkey' kosong," + log "[warning] (nsdomain) & (pubkey) kosong," fi else log "[error] kernel ${dnstt_bin_name} tidak ada." diff --git a/scripts/config.yaml b/scripts/config.yaml new file mode 100755 index 0000000..3995e2e --- /dev/null +++ b/scripts/config.yaml @@ -0,0 +1,16 @@ +proxies: +proxy-groups: + - name: "LLYCORIS" + type: select + use: + - provide +proxy-providers: + provide: + type: file + path: ./assets/akun.yaml + health-check: + enable: true + url: http://cp.cloudflare.com/generate_204 + interval: 1200 +rules: + - MATCH,LLYCORIS \ No newline at end of file diff --git a/scripts/mosdns/dnstt-client b/scripts/dnstt/dnstt-client similarity index 100% rename from scripts/mosdns/dnstt-client rename to scripts/dnstt/dnstt-client diff --git a/scripts/mosdns/config.yaml b/scripts/mosdns/config.yaml deleted file mode 100755 index f2ae3ef..0000000 --- a/scripts/mosdns/config.yaml +++ /dev/null @@ -1,126 +0,0 @@ -log: - level: debug - file: /data/clash/run/mosdns.log - -data_providers: - - tag: geosite - file: ../GeoSite.dat - auto_reload: false - - tag: geoip - file: ../GeoIP.dat - auto_reload: false - - tag: hosts - file: ./hosts.txt - -plugins: - - - tag: hosts - type: hosts - args: - hosts: - - "provider:hosts" - - - tag: proxy - type: fast_forward - args: - upstream: - - addr: https://8.8.4.4/dns-query - idle_timeout: 86400 - socks5: 127.0.0.1:7890 - - addr: https://1.0.0.1/dns-query - idle_timeout: 86400 - socks5: 127.0.0.1:7890 - - - tag: cache - type: cache - args: - size: 65536 - lazy_cache_ttl: 86400 - lazy_cache_reply_ttl: 15 - cache_everything: true - - - tag: ttl - type: ttl - args: - minimal_ttl: 600 - maximum_ttl: 3600 - - - tag: direct - type: fast_forward - args: - upstream: - - addr: https://120.53.53.53/dns-query - idle_timeout: 86400 - trusted: true - - addr: https://223.5.5.5/dns-query - idle_timeout: 86400 - - - tag: direct_domain - type: query_matcher - args: - domain: - - provider:geosite:geolocation-cn - - - tag: direct_ip - type: response_matcher - args: - ip: - - provider:geoip:cn - - - tag: clash - type: fast_forward - args: - upstream: - - addr: 127.0.0.1:1053 - idle_timeout: 86400 - trusted: true - - - tag: query_is_ad_domain - type: query_matcher - args: - domain: - - 'provider:geosite:category-ads-all' - - - tag: entrance_clash - type: sequence - args: - exec: - - hosts - - _misc_optm - - cache - - _pad_query - - if: direct_domain - exec: - - direct - - _return - else_exec: - - proxy - - if: (! direct_ip) - exec: - - _return - else_exec: - - direct - - _return - - ttl - - - tag: entrance - type: sequence - args: - exec: - - if: query_is_ad_domain - exec: - - _new_nxdomain_response - - _return - - clash - - _return - -servers: - - exec: entrance - listeners: - - protocol: udp - addr: localhost:2053 - - - exec: entrance_clash - listeners: - - protocol: udp - addr: localhost:3053 \ No newline at end of file diff --git a/scripts/mosdns/hosts.txt b/scripts/mosdns/hosts.txt deleted file mode 100755 index 597991c..0000000 --- a/scripts/mosdns/hosts.txt +++ /dev/null @@ -1,2 +0,0 @@ -#η€ΊδΎ‹ -#gov.cn 127.0.0.1 \ No newline at end of file diff --git a/scripts/mosdns/mosdns b/scripts/mosdns/mosdns deleted file mode 100755 index 201a10e..0000000 Binary files a/scripts/mosdns/mosdns and /dev/null differ diff --git a/scripts/template b/scripts/template index da13324..66efe2a 100755 --- a/scripts/template +++ b/scripts/template @@ -1,50 +1,69 @@ -tproxy-port: 9898 +# port: 7890 +# socks-port: 7891 +# mixed-port: 7890 redir-port: 9797 +tproxy-port: 9898 mode: rule allow-lan: true unified-delay: true bind-address: '*' +# info / warning / error / debug / silent log-level: error ipv6: true geodata-mode: true +geodata-loader: memconservative external-controller: 0.0.0.0:9090 -external-ui: dashboard/dist -tcp-concurrent: false -# interface-name: "" +external-ui: ./dashboard/dist +# secret: "" +# tcp-concurrent: false enable-process: false -geodata-loader: memconservative +# inbound-tfo: false +# interface-name: "" # routing-mark: 233 -inbound-tfo: false -# secret: "" -# geox-url: {mmdb: "", geoip: "", geosite: ""} +# geox-url: { + # mmdb: "", + # geoip: "", + # geosite: "" +# } + profile: store-selected: true store-fake-ip: false -experimental: {sniff-tls-sni: true, fingerprint: ""} -sniffer: + +# experimental: + # sniff-tls-sni: true + # udp-fallback-match: true + # fingerprint: "" + +sniffer: # sniff domain name optional configuration enable: false - sniffing: [tls, http] + # sniffing protocol required + sniffing: + - tls + - http + # force sniffing on this domain name force-domain: - - '+' - skip-domain: - - '+.google.com' + - +.v2ex.com + # Sniff only on ports in the whitelist, default 443, 80 port-whitelist: - - '443' - - '80' - force-dns-mapping: true - parse-pure-ip: true -# hosts: {"cacerts.digicert.com": "104.21.21.147", "ota.googlezip.net": "127.0.0.1", "ota-cache1.googlezip.net": "127.0.0.1", "ota-cache2.googlezip.net": "127.0.0.1"} + - 80 + - 443 + # force-dns-mapping: true + # parse-pure-ip: true + tun: enable: false + # biarkan default utun device: utun + mtu: 9000 + # gvisor / lwip / system stack: system dns-hijack: - any:53 auto-route: false auto-detect-interface: false - inet4-address: 198.18.0.1/30 - inet6-address: [fdfe:dcba:9876::1/126] - mtu: 9000 + # inet4-address: 49.0.0.1/30 + # inet6-address: [fdfe:dcba:9876::1/126] strict-route: false # inet4-route-address: # - 0.0.0.0/1 @@ -54,33 +73,60 @@ tun: # - '8000::/1' # include-android-user: # - 0 + # - 10 + dns: enable: true - ipv6: true + ipv6: true # false akan mengembalikan hasil kosong untuk AAAA prefer-h3: false default-nameserver: - - '1.1.1.1' + - 8.8.8.8 listen: 0.0.0.0:1053 use-hosts: true + # redir-host / fake-ip enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 - fake-ip-filter: ["*.local", "*.localhost"] - # proxy-server-nameserver: - # - '8.8.8.8' + fake-ip-filter: + - '+.lan' + - '+.stun.*.*' + - '+.stun.*.*.*' + - '+.stun.*.*.*.*' + - '+.stun.*.*.*.*.*' + proxy-server-nameserver: + - '1.0.0.1' nameserver: - - 'tcp://1.0.0.1' - - 'tcp://8.8.4.4' - fallback: - - 'https://1.1.1.1/dns-query' - - 'https://8.8.8.8/dns-query' - fallback-filter: - geoip: false - geoip-code: '!ID' + - 1.1.1.1 + - 8.8.8.8 + # - tls://1.1.1.1:853 # DNS over TLS + # - dhcp://rmnet_data+ # dns from dhcp + # - https://doh.pub/dns-query # DNS over HTTPS + # - https://dns.alidns.com/dns-query#h3=true # Mandatory HTTP/3, irrelevant to perfer-h3, mandatory HTTP/3 support for DoH, if not supported, it will not work + # - https://mozilla.cloudflare-dns.com/dns-query#DNS&h3=true # Specify policy group and use HTTP/3 + # - quic://dns.adguard.com:784 # DNS over QUIC + # - '8.8.8.8#en0' # Compatible with designated DNS egress NIC + # nameserver-policy: + # '*.v2-ray.com': '1.1.1.1' + # '*.vmess.sbs': '1.1.1.1' + # '*.1server.co': '1.1.1.1' + # '*.serverip.xyz': '1.1.1.1' + # '*.bypass.id': '1.1.1.1' + # fallback: + # - 'https://1.0.0.1/dns-query' + # - 'https://9.9.9.9/dns-query' + # fallback-filter: + # geoip: false + # geoip-code: 'ID' # geosite: # - gfw # ipcidr: # - 240.0.0.0/4 - domain: - - '+.google.com' - - '+.facebook.com' - - '+.youtube.com' + # domain: + # - '+.google.com' + # - '+.facebook.com' + # - '+.youtube.com' + +hosts: + '+.clash.meta': 127.0.0.1 + 'ota.googlezip.net': 127.0.0.1 + 'ota-cache1.googlezip.net': 127.0.0.1 + 'ota-cache2.googlezip.net': 127.0.0.1 diff --git a/scripts/usage.sh b/scripts/usage.sh index eb68c77..864153f 100755 --- a/scripts/usage.sh +++ b/scripts/usage.sh @@ -1,10 +1,9 @@ #!/system/bin/sh getmemory(){ - clash_pid=$(cat /data/clash/run/clash.pid) + local clash_pid=$(cat /data/clash/run/clash.pid) clash_alive=$(grep VmRSS /proc/${clash_pid}/status | /data/adb/magisk/busybox awk -F':' '{print $2}' | /data/adb/magisk/busybox awk '{print $1}') - if [ ${clash_alive} -ge 1024 ] - then + if [ ${clash_alive} -ge 1024 ] ; then clash_res="$(expr ${clash_alive} / 1024)Mb" else clash_res="${clash_alive}Kb" @@ -15,12 +14,11 @@ getmemory(){ } usage() { - interval="1" - while [ -f /data/clash/run/clash.pid ] - do + local interval="1" + while [ -f /data/clash/run/clash.pid ] ; do getmemory &> /dev/null [ ! -f /data/clash/run/clash.pid ] && break - now=$(date +%s) + local now=$(date +%s) sleep $(( $interval - $now % $interval )) done }