-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathss-tun2socks
executable file
·280 lines (244 loc) · 9.21 KB
/
ss-tun2socks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
#!/bin/bash
main_cfg='/etc/tun2socks/ss-tun2socks.conf'
if [ ! -e "${main_cfg}" ]; then
echo -e "\e[37m${main_cfg}\e[0m [\e[1;35mnot_exist\e[0m]"
exit 1
else
source "${main_cfg}"
fi
function dnsfwd_update() {
if [ ! -d ~/.dnsforwarder ]; then
rm -fr ~/.dnsforwarder
mkdir -p ~/.dnsforwarder
fi
cat << EOF > ${dnsforwarder_config}
# Generated by ss-tun2socks at $(date '+%F %T')
#### 日志相关 ####
LogOn ${dnsforwarder_log_on} # 启用日志
LogFileThresholdLength ${dnsforwarder_log_size} # 日志大小临界值,大于该值则将原文件备份,使用新文件记录日志
LogFileFolder ${dnsforwarder_log_dir} # 日志文件所在的文件夹
#### 监听地址 ####
UDPLocal ${dnsforwarder_listen} # 可以有多个,使用逗号隔开,默认端口53
#### 上游dns ####
UDPGroup ${dnsforwarder_upstream} * on # chinadns 作为上游 dns 服务器
BlockNegativeResponse ${dnsforwarder_upstream_block_negative_response} # 过滤上游 dns 未成功的响应
#### hosts文件 ####
Hosts ${dnsforwarder_hosts_url} # 本机 hosts 文件路径
HostsUpdateInterval ${dnsforwarder_hosts_update_interval} # 运行期间不重载 hosts
#### dns缓存 ####
UseCache ${dnsforwarder_cache_on} # 启用缓存(文件缓存)
MemoryCache ${dnsforwarder_cache_use_memory} # 不使用内存缓存
CacheSize ${dnsforwarder_cache_size} # 缓存大小,不能小于 102400
IgnoreTTL ${dnsforwarder_cache_ignore_ttl} # 忽略 TTL 值
CacheControl iok.la nocache # 不缓存以 'iok.la' 结尾的域名
ReloadCache ${dnsforwarder_cache_reload_on_start} # 启动时加载已有的文件缓存
OverwriteCache ${dnsforwarder_cache_overwrite_when_reload_failed} # 当已有的文件缓存载入失败时,覆盖原文件
EOF
}
function dnsfwd_flush() {
if [ $(pgrep -c dnsforwarder) -eq 0 ]; then
rm -fr ~/.dnsforwarder/cache
else
pgrep dnsforwarder | xargs kill -9 &> /dev/null
rm -fr ~/.dnsforwarder/cache
sleep 3
dnsforwarder -f $dnsforwarder_config -q -d &> /dev/null
fi
}
function chnip_update() {
#chnip_url="http://f.ip.cn/rt/chnroutes.txt"
chnip_url="https://github.com/17mon/china_ip_list/raw/master/china_ip_list.txt"
curl -4sSkL ${chnip_url} | egrep -v '^\s*$|^\s*#' > ${chinadns_chnroute}
cat ${chinadns_chnroute} | xargs -n1 echo add chnroute > ${ipset_save_file}
ipset -L chnroute &> /dev/null
if [ $? -ne 0 ]; then
ipset -N chnroute hash:net
else
ipset -F chnroute &> /dev/null
fi
ipset -R < ${ipset_save_file}
ipset -S chnroute > ${ipset_save_file}
}
function ipts_update() {
iptables -t mangle -F OUTPUT
iptables -t mangle -F PREROUTING
iptables -t mangle -F TUN2SOCKS &> /dev/null
iptables -t mangle -X TUN2SOCKS &> /dev/null
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -t mangle -N TUN2SOCKS
iptables -t mangle -A TUN2SOCKS -d 0/8 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 127/8 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 10/8 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 169.254/16 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 172.16/12 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 192.168/16 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 224/4 -j RETURN
iptables -t mangle -A TUN2SOCKS -d 240/4 -j RETURN
iptables -t mangle -A TUN2SOCKS -d ${socks5_remote} -j RETURN
iptables -t mangle -A TUN2SOCKS -m set --match-set chnroute dst -j RETURN
iptables -t mangle -A TUN2SOCKS -j MARK --set-mark ${iptables_mark}
iptables -t mangle -A OUTPUT -p tcp -j TUN2SOCKS
iptables -t mangle -A OUTPUT -p udp -j TUN2SOCKS
iptables -t mangle -A PREROUTING -p udp -s ${iptables_intranet} ! -d ${iptables_intranet} --dport 53 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -s ${iptables_intranet} -j TUN2SOCKS
iptables -t mangle -A PREROUTING -p udp -s ${iptables_intranet} -j TUN2SOCKS
iptables -t nat -A PREROUTING -p udp -s ${iptables_intranet} ! -d ${iptables_intranet} --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A POSTROUTING -s ${iptables_intranet} ! -d ${iptables_intranet} -j MASQUERADE
}
function ipts_origin() {
iptables -t mangle -F OUTPUT
iptables -t mangle -F PREROUTING
iptables -t mangle -F TUN2SOCKS &> /dev/null
iptables -t mangle -X TUN2SOCKS &> /dev/null
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
iptables -t nat -A PREROUTING -p udp -s ${iptables_intranet} -d ${iptables_intranet} --dport 53 -j DNAT --to-destination ${dns_original_1}
iptables -t nat -A POSTROUTING -s ${iptables_intranet} ! -d ${iptables_intranet} -j MASQUERADE
}
function pbr_add() {
ip route add 0/0 via ${tun2socks_gateway} dev ${tun2socks_tundev} table ${pbr_table}
ip rule add fwmark ${iptables_mark} table ${pbr_table}
}
function pbr_del() {
ip rule show | grep "fwmark ${iptables_mark}" | awk -F':' '{print $1}' | xargs -n1 ip rule del pref &> /dev/null
ip route flush table ${pbr_table}
}
function kernel_opts() {
if [ $(cat /proc/sys/net/ipv4/ip_forward) -ne 1 ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
if [ $(cat /proc/sys/net/ipv4/conf/$tun2socks_tundev/rp_filter) -ne 2 ]; then
echo 2 > /proc/sys/net/ipv4/conf/$tun2socks_tundev/rp_filter
fi
}
function dns_update() {
cat << EOF > /etc/resolv.conf
# Generated by ss-tun2socks at $(date '+%F %T')
nameserver 127.0.0.1
EOF
}
function dns_origin() {
cat << EOF > /etc/resolv.conf
# Generated by ss-tun2socks at $(date '+%F %T')
nameserver ${dns_original_1}
nameserver ${dns_original_2}
EOF
}
function current_ip() {
ip_info=$(curl -4skL ip.chinaz.com/getip.aspx | sed -r "s/^\{ip:'(.*)',address:'(.*)'\}$/\1|\2/g")
my_ip=$(echo ${ip_info} | awk -F'|' '{print $1}')
my_loc=$(echo ${ip_info} | awk -F'|' '{print $2}')
echo -e "\e[37mIP:\e[0m ${my_ip}\t\e[37m位置:\e[0m ${my_loc}"
}
function start() {
dns_origin
if [ ! -e ${chinadns_chnroute} ]; then
echo -e "\e[37m${chinadns_chnroute}\e[0m [\e[1;35mnot_exist\e[0m]"
exit 1
fi
eval "${socks5_runcmd}"
nohup tun2socks -tun-device $tun2socks_tundev -tun-address $tun2socks_address -tun-mask $tun2socks_netmask -tun-gw $tun2socks_gateway -local-socks-addr $socks5_listen -public-only < /dev/null &>> $tun2socks_log &
chinadns_params="-b ${chinadns_addr} -p ${chinadns_port} -s ${chinadns_upstream} -c ${chinadns_chnroute}"
if [ "${chinadns_mutation}" = 'true' ]; then chinadns_params+=" -m"; fi
if [ "${chinadns_verbose}" = 'true' ]; then chinadns_params+=" -v"; fi
nohup chinadns $chinadns_params < /dev/null &>> "${chinadns_log}" &
dnsfwd_update
dnsforwarder -f $dnsforwarder_config -q -d &> /dev/null
ipset -X chnroute &> /dev/null
ipset -R < ${ipset_save_file}
ipts_update
pbr_add
kernel_opts
dns_update
}
function stop() {
port=$(echo $socks5_listen | awk -F: '{print $2}')
ss -lnptu | grep :$port | grep -Eo 'pid=[0-9]+' | awk -F= '{print $2}' | sort -n | uniq | xargs kill -9 &> /dev/null
pgrep '^tun2socks$' | xargs kill &> /dev/null
pgrep '^chinadns$' | xargs kill -9 &> /dev/null
pgrep '^dnsforwarder$' | xargs kill -9 &> /dev/null
ipts_origin
ipset -X chnroute &> /dev/null
pbr_del
dns_origin
}
function status() {
port=$(echo $socks5_listen | awk -F: '{print $2}')
if [ $(ss -lnpt | grep :$port | wc -l) -ne 0 ]; then
echo -e "\e[37msocks5/tcp\e[0m\t[\e[1;32mrunning\e[0m]"
else
echo -e "\e[37msocks5/tcp\e[0m\t[\e[1;35mstopped\e[0m]"
fi
if [ $(ss -lnpu | grep :$port | wc -l) -ne 0 ]; then
echo -e "\e[37msocks5/udp\e[0m\t[\e[1;32mrunning\e[0m]"
else
echo -e "\e[37msocks5/udp\e[0m\t[\e[1;35mstopped\e[0m]"
fi
if [ $(pgrep -c '^tun2socks$') -ge 1 ]; then
echo -e "\e[37mtun2socks\e[0m\t[\e[1;32mrunning\e[0m]"
else
echo -e "\e[37mtun2socks\e[0m\t[\e[1;35mstopped\e[0m]"
fi
if [ $(pgrep -c '^chinadns$') -ge 1 ]; then
echo -e "\e[37mchinadns\e[0m\t[\e[1;32mrunning\e[0m]"
else
echo -e "\e[37mchinadns\e[0m\t[\e[1;35mstopped\e[0m]"
fi
if [ $(pgrep -c '^dnsforwarder$') -ge 1 ]; then
echo -e "\e[37mdnsforwarder\e[0m\t[\e[1;32mrunning\e[0m]"
else
echo -e "\e[37mdnsforwarder\e[0m\t[\e[1;35mstopped\e[0m]"
fi
}
function usage() {
{
echo -e "\e[37mUsage:\e[0m \e[36m${0}\e[0m \e[1;37mCOMMAND\e[0m"
echo -e "\e[1;37mCOMMAND\e[0m := {"
echo -e "\t\e[33mstart\e[0m\t\tstart ss-tun2socks"
echo -e "\t\e[33mstop\e[0m\t\tstop ss-tun2socks"
echo -e "\t\e[33mrestart\e[0m\t\trestart ss-tun2socks"
echo -e "\t\e[33mstatus\e[0m\t\tshow ss-tun2socks status"
echo
echo -e "\t\e[33mcurrent_ip\e[0m\tshow current_ip info"
echo -e "\t\e[33mflush_dnsche\e[0m\tflush dnsforwarder cache"
echo -e "\t\e[33mupdate_chnip\e[0m\tupdate ipset-chnroute lists"
echo -e "}"
} | more
}
case $1 in
star*) # start
start
status
;;
stat*) # status
status
;;
sto*) # stop
stop
status
;;
r*) # restart
stop
status
echo
start
status
;;
c*) # current_ip
current_ip
;;
f*) # flush_dnsche
dnsfwd_flush
;;
u*) # update_chnip
chnip_update
;;
h*) # help
usage
;;
*)
usage
exit 1
;;
esac