tproxy check

Dockerfile

@@ -2,7 +2,7 @@ FROM ubuntu:20.04
 RUN sed -i s@/archive.ubuntu.com/@/mirrors.aliyun.com/@g /etc/apt/sources.list \
     && apt-get clean \
     && apt-get update \
-    && apt-get install -y wget xz-utils iproute2 iptables python3 python3-yaml \
+    && apt-get install -y wget xz-utils iproute2 iptables python3 python3-yaml kmod \
     && rm -rf /var/lib/apt/lists/*
 ARG ARCH=amd64
 ARG CLASHVER=v1.10.6

start.sh

@@ -1,5 +1,8 @@
 #!/bin/bash
-set -eEx
+set -eE
+echolog() {
+    echo -e "\033[32m[chislash log]\033[0m" $*
+}
 setroute() {
     /transparent_proxy/tproxy.start
     if [ "$IPV6_PROXY" == "1" ]; then
@@ -14,23 +17,24 @@ unsetroute() {
 }
 #清理
 _term() {
-    echo "Caught SIGTERM signal!"
-    echo "Tell the clash session to shut down."
+    echolog "Caught SIGTERM signal!"
+    echolog "Tell the clash session to shut down."
     pid=`cat /var/clash.pid` || true
     # terminate when the clash-daemon process dies
     __=`kill -9 ${pid} 2>&1 >/dev/null` || true
     tail --pid=${pid} -f /dev/null || true
     if [ "$IP_ROUTE" == "1" ]; then
-        echo "unset iproutes ..."
+        echolog "unset iproutes ..."
         __=`unsetroute 2>&1 >/dev/null` || true
-        echo "done."
+        echolog "done."
     fi
     mv /etc/clash/config.yaml.org /etc/clash/config.yaml || true
+    exit 0
 }
 trap _term SIGTERM SIGINT ERR
 # 初始化 /etc/clash
 if [ ! -f "/etc/clash/config.yaml" ]; then
-    echo "mixed-port: 7890" > /etc/clash/config.yaml
+    echolog "mixed-port: $CLASH_MIXED_PORT" > /etc/clash/config.yaml
 fi
 if [ ! -f "/etc/clash/Country.mmdb" ]; then
     cp -arp /default/clash/Country.mmdb /etc/clash/Country.mmdb
@@ -45,32 +49,29 @@ su - clash -c '/usr/bin/clash -d /etc/clash -ext-ctl '"0.0.0.0:$DASH_PORT"' -ext
 EXPID=$!
 while :
 do
-    set +eE
-    PID=`ps -def|grep -P '^clash'|awk '{print $2}'`
-    PORT_EXIST=`ss -tlnp| awk '{print $4}'|grep -P ".*:$CLASH_TPROXY_PORT"`
-    set -eE
+    PID=`ps -def|grep -P '^clash'|awk '{print $2}'` || true
+    PORT_EXIST=`ss -tlnp| awk '{print $4}'|grep -P ".*:$CLASH_TPROXY_PORT"` || true
     if [ "$PID" == "" ] || [ "$PORT_EXIST" == "" ]; then
-        EXPID_EXIST=$(ps aux | awk '{print $2}'| grep -w $EXPID)
+        EXPID_EXIST=$(ps aux | awk '{print $2}'| grep -w $EXPID) || true
         if [ ! $EXPID_EXIST ];then
             cat /etc/clash/clash.log
             exit 1
         fi
-        echo 'waiting for clash ...'
+        echolog 'waiting for clash ...'
         sleep 1
         continue
     fi
     echo $PID > /var/clash.pid
     break
 done
-cat /var/clash.pid
 if [ "$IP_ROUTE" == "1" ]; then
-    echo "set iproutes ..."
-    set +eEx
+    echolog "set iproutes ..."
+    set +eE
     __=`unsetroute 2>&1 >/dev/null`
-    set -eEx
+    set -eE
     __=`setroute 2>&1 >/dev/null`
-    echo "done."
+    echolog "done."
 fi
-echo "Dashboard Address: http://YOUR_IP:$DASH_PORT/ui"
+echolog "Dashboard Address: http://"`ip a | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' |head -n 1`":$DASH_PORT/ui"
 tail -f /etc/clash/clash.log &
 wait

transparent_proxy/tproxy.start

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-set -ex
+# set -eEx
 
 IP_CMD='ip'
 IPTABLES_CMD='iptables'
@@ -12,7 +12,10 @@ if [ "$1" == "ipv6" ]; then
     IP_STACK='ipv6'
     NO_PROXY_IP=(`ip a|grep inet6| awk '{print $2}'|grep -v -P '^(:|f)'` "::/128" "::1/128" "::ffff:0:0/96" "::ffff:0:0:0/96" "64:ff9b::/96" "100::/64" "2001::/32" "2001:20::/28" "2001:db8::/32" "2002::/16" "fc00::/7" "fe80::/10" "ff00::/8")
 fi
-
+if [ "`lsmod |grep nf_tproxy_$IP_STACK`" == "" ]; then
+    echo "tproxy is not supported"
+    exit 1
+fi
 # ENABLE ip forward
 if [ "$IP_STACK" == "ipv4" ]; then
     sysctl -w net.ipv4.ip_forward=1

transparent_proxy/tproxy.stop

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-set -x
+# set -x
 
 IP_CMD='ip'
 IPTABLES_CMD='iptables'