├── LICENSE ├── README.md ├── Tools ├── config.json ├── xray_vless+reality_国内百度直连_config.json ├── xray_vless+reality_国内直连_config.json ├── xray_vmess+tcp_国内百度直连_config.json └── xray_vmess+tcp_国内直连_config.json ├── disabled └── mlk.sh /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 介绍 2 | 3 | 这是一个整合了 [`thread_socket`](https://github.com/sdk250/socket) 和 [`xray`](https://github.com/XTLS/Xray-core) 的全局代理脚本。 4 | 5 | 为了仓库的精简,我省略了二进制程序,你也可以通过上面给出的仓库自行编译后放在 `Tools/` 目录下。 6 | 7 | 当然你也依然可以从 [`Releases`](https://github.com/sdk250/MLKit/releases) 下载编译好的版本 8 | 9 | 从全局代理的角度出发,它很轻量,对于 `t模式` 仅使用了一个 `thread_socket` 来实现效果; 10 | 即使是具有分流功能的 `x模式` 也仅使用了 `xray` 核心通过 `iptables tproxy` 的方式来实现转发流量。 11 | 12 | # 功能 13 | 14 | 目前拥有两种模式 15 | 16 | ## `t` 模式 17 | 18 | 出口为 `thread_socket` ,仅有中国的IP 19 | 20 | ## `x` 模式 21 | 22 | 核心为 `xray` ,在 `Tools/config.json` 中配置好相应的出站后就可以使用,具体配置可以看该文件夹下的参考。 23 | 24 | 该模式支持 `全局 IPv6` ,只需要添加一个 `IPv6出站` 在 `config.json` 中并修改 `mlk.sh` 的字段 `ENABLE_IPv6` 为 `1` 即可。 25 | 如果遇到 IPv6 不可用的情况下,尝试: `./mlk.sh x r` 来刷新路由表。 26 | 27 | ## `s` 模式 28 | 29 | 查看 `MLKit` 的运行状态 30 | 31 | # 使用方法 & 配置修改 32 | 33 | ```shell 34 | ./mlk.sh 35 | ``` 36 | 37 | `mode` 为 `t` 、`s` 、 `x`。 38 | 39 | ## 配置修改 40 | 41 | 仅需修改 `Tools/config.json` 下的服务器固定字段 `address` , `port` , `uuid` 为自己的特定配置项。 42 | 43 | 路由配置项参考[官方文档](https://xtls.github.io/config/routing.html)。 44 | 45 | 默认为国内外分流出口 46 | 47 | 对于 `mlk.sh` ,我大部分写有注释,请到文件内查看。 48 | -------------------------------------------------------------------------------- /Tools/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "access": "none", 4 | "error": "none", 5 | "level": "none", 6 | "dnsLog": false 7 | }, 8 | "dns": { 9 | "hosts": { 10 | "local": "127.0.0.1" 11 | }, 12 | "servers": [ 13 | "119.29.29.29" 14 | ], 15 | "disableCache": false, 16 | "tag": "dns" 17 | }, 18 | "routing": { 19 | "domainStrategy": "AsIs", 20 | "domainMatcher": "hybrid", 21 | "rules": [{ 22 | "type": "field", 23 | "port": "53,5353,853", 24 | "inboundTag": ["in-global"], 25 | "outboundTag": "out-dns", 26 | "ruleTag": "DNS - OUT" 27 | }, { 28 | "type": "field", 29 | "inboundTag": ["dns"], 30 | "outboundTag": "out-direct", 31 | "ruleTag": "DNS - OUT" 32 | }, { 33 | "type": "field", 34 | "domain": ["geosite:category-ads-all"], 35 | "inboundTag": ["in-global"], 36 | "outboundTag": "out-block", 37 | "ruleTag": "AD - OUT" 38 | // }, { 39 | // "type": "field", 40 | // "domain": ["domain:openai.com", "domain:chatgpt.com"], 41 | // "inboundTag": ["in-global"], 42 | // "outboundTag": "out-ai", 43 | // "ruleTag": "AI - OUT" 44 | }, { 45 | "type": "field", 46 | "ip": ["geoip:cn"], 47 | "inboundTag": ["in-global"], 48 | "outboundTag": "out-cn", 49 | "ruleTag": "CN - OUT" 50 | }, { 51 | "type": "field", 52 | "domain": ["geosite:cn"], 53 | "inboundTag": ["in-global"], 54 | "outboundTag": "out-cn", 55 | "ruleTag": "CN - OUT" 56 | }, { 57 | "type": "field", 58 | "inboundTag": ["in-global"], 59 | "outboundTag": "out-global", 60 | "ruleTag": "GLOBAL - OUT" 61 | }] 62 | }, 63 | "policy": {}, 64 | "inbounds": [{ 65 | "tag": "in-global", 66 | "listen": "0.0.0.0", 67 | "port": 20801, 68 | "protocol": "dokodemo-door", 69 | "settings": { 70 | "network": "tcp,udp", 71 | "followRedirect": true 72 | }, 73 | "streamSettings": { 74 | "sockopt": { 75 | "tproxy": "tproxy" 76 | } 77 | }, 78 | "sniffing": { 79 | "enabled": true, 80 | "destOverride": ["http", "tls"], 81 | "metadataOnly": true, 82 | "routeOnly": true 83 | } 84 | }], 85 | "outbounds": [{ 86 | "tag": "out-global", 87 | "protocol": "vmess", 88 | "settings": { 89 | "vnext": [{ 90 | "address": "8.8.8.8", 91 | "port": 80, 92 | "users": [{ 93 | "id": "2d1ebedb-8936-473b-9dbb-7564fbf70e97", 94 | "security": "auto" 95 | }] 96 | }] 97 | }, 98 | "streamSettings": { 99 | // TCP 传输方法 100 | "network": "raw", 101 | "security": "none", 102 | "rawSettings": { 103 | "header": { 104 | "type": "http", 105 | "request": { 106 | "headers": { 107 | "Host": ["dm.toutiao.com"] 108 | } 109 | } 110 | } 111 | } 112 | // WebSocket 传输方法 113 | // "network": "ws", 114 | // "wsSettings": { 115 | // "path": "/", 116 | // "headers": { 117 | // "Host": "dm.toutiao.com" 118 | // } 119 | // } 120 | } 121 | }, { 122 | "tag": "out-cn", 123 | "protocol": "vmess", 124 | "settings": { 125 | "vnext": [{ 126 | "address": "8.8.8.8", 127 | "port": 443, 128 | "users": [{ 129 | "id": "2d1ebedb-8936-473b-9dbb-7564fbf70e97", 130 | "security": "auto" 131 | }] 132 | }] 133 | }, 134 | "streamSettings": { 135 | "network": "ws", 136 | "wsSettings": { 137 | "path": "/", 138 | "headers": { 139 | "Host": "dm.toutiao.com" 140 | } 141 | } 142 | } 143 | }, { 144 | "tag": "out-ai", 145 | "protocol": "vmess", 146 | "settings": { 147 | "vnext": [{ 148 | "address": "8.8.8.8", 149 | "port": 57351, 150 | "users": [{ 151 | "id": "e8851564-b1cf-4fe7-ac87-b903f1386678", 152 | "security": "auto" 153 | }] 154 | }] 155 | }, 156 | "streamSettings": { 157 | "network": "ws", 158 | "wsSettings": { 159 | "path": "/head?ed=2048", 160 | "headers": { 161 | "Host": "host" 162 | } 163 | } 164 | } 165 | }, { 166 | "tag": "out-dns", 167 | "protocol": "dns" 168 | }, { 169 | "tag": "out-direct", 170 | "protocol": "freedom" 171 | }, { 172 | "tag": "out-block", 173 | "protocol": "blackhole" 174 | }] 175 | } 176 | -------------------------------------------------------------------------------- /Tools/xray_vless+reality_国内百度直连_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "access": "none", 4 | "error": "none", 5 | "level": "none", 6 | "dnsLog": false 7 | }, 8 | "dns": { 9 | "hosts": { 10 | "sdk250": "127.0.0.1" 11 | }, 12 | "servers": [{ 13 | "address": "fakedns" 14 | }, { 15 | "tag": "cn-dns", 16 | "address": "223.5.5.5", 17 | "port": 53, 18 | "domains": ["geosite:cn"] 19 | }], 20 | "disableCache": false, 21 | "tag": "in-dns" 22 | }, 23 | "fakedns": [{ 24 | "ipPool": "198.18.0.0/15", 25 | "poolSize": 65535 26 | }, { 27 | "ipPool": "fc00::/18", 28 | "poolSize": 65535 29 | }], 30 | "routing": { 31 | "domainStrategy": "AsIs", 32 | "domainMatcher": "hybrid", 33 | "rules": [{ 34 | "type": "field", 35 | "inboundTag": ["cn-dns"], 36 | "outboundTag": "out-bd", 37 | "ruleTag": "DNS CN - OUT" 38 | }, { 39 | "type": "field", 40 | "port": "53", 41 | "inboundTag": ["in-global"], 42 | "outboundTag": "out-dns", 43 | "ruleTag": "DNS - HOOK" 44 | }, { 45 | "type": "field", 46 | "domain": ["geosite:category-ads-all"], 47 | "inboundTag": ["in-global"], 48 | "outboundTag": "out-block", 49 | "ruleTag": "AD - OUT" 50 | }, { 51 | "type": "field", 52 | "domain": ["geosite:google"], 53 | "inboundTag": ["in-global"], 54 | "outboundTag": "out-global", 55 | "ruleTag": "Google CN SITE - OUT" 56 | }, { 57 | "type": "field", 58 | "ip": ["geoip:cn"], 59 | "inboundTag": ["in-global"], 60 | "outboundTag": "out-bd", 61 | "ruleTag": "CN IP - OUT" 62 | }, { 63 | "type": "field", 64 | "domain": ["geosite:cn"], 65 | "inboundTag": ["in-global"], 66 | "outboundTag": "out-bd", 67 | "ruleTag": "CN SITE - OUT" 68 | }] 69 | }, 70 | "policy": {}, 71 | "inbounds": [{ 72 | "tag": "in-global", 73 | "listen": "::", 74 | "port": 20801, 75 | "protocol": "dokodemo-door", 76 | "settings": { 77 | "network": "tcp,udp", 78 | "followRedirect": true 79 | }, 80 | "streamSettings": { 81 | "sockopt": { 82 | "tproxy": "tproxy" 83 | } 84 | }, 85 | "sniffing": { 86 | "enabled": true, 87 | "destOverride": ["fakedns"], 88 | "metadataOnly": true, 89 | "routeOnly": true 90 | } 91 | }], 92 | "outbounds": [{ 93 | "tag": "out-global", 94 | "protocol": "vless", 95 | "settings": { 96 | "vnext": [{ 97 | "address": "127.0.0.1", 98 | "port": 443, 99 | "users": [{ 100 | "id": "19b3d3cd-cbb6-53d7-b418-4d656853e5b8", 101 | "flow": "xtls-rprx-vision", 102 | "encryption": "none" 103 | }] 104 | }] 105 | }, 106 | "streamSettings": { 107 | "network": "raw", 108 | "rawSettings": { 109 | "header": { 110 | "type": "none" 111 | } 112 | }, 113 | "security": "reality", 114 | "realitySettings": { 115 | "show": false, 116 | "serverName": "dm.toutiao.com", 117 | "fingerprint": "chrome", 118 | "publicKey": "EAJEJ2z2iFhO_iDpGtwt8123T9KwjbSuK0Yz1OBr---", 119 | "shortId": "ffff", 120 | "spiderX": "/robots.txt" 121 | } 122 | } 123 | }, { 124 | "tag": "out-bd", 125 | "protocol": "http", 126 | "settings": { 127 | "servers": [{ 128 | "address": "127.0.0.1", 129 | "port": 20802 130 | }] 131 | } 132 | }, { 133 | "tag": "out-dns", 134 | "protocol": "dns" 135 | }, { 136 | "tag": "out-direct", 137 | "protocol": "freedom" 138 | }, { 139 | "tag": "out-block", 140 | "protocol": "blackhole" 141 | }] 142 | } 143 | -------------------------------------------------------------------------------- /Tools/xray_vless+reality_国内直连_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "access": "none", 4 | "error": "none", 5 | "level": "none", 6 | "dnsLog": false 7 | }, 8 | "dns": { 9 | "hosts": { 10 | "sdk250": "127.0.0.1" 11 | }, 12 | "servers": [{ 13 | "address": "fakedns" 14 | }, { 15 | "tag": "cn-dns", 16 | "address": "223.5.5.5", 17 | "port": 53, 18 | "domains": ["geosite:cn"] 19 | }], 20 | "disableCache": false, 21 | "tag": "in-dns" 22 | }, 23 | "fakedns": [{ 24 | "ipPool": "198.18.0.0/15", 25 | "poolSize": 65535 26 | }, { 27 | "ipPool": "fc00::/18", 28 | "poolSize": 65535 29 | }], 30 | "routing": { 31 | "domainStrategy": "AsIs", 32 | "domainMatcher": "hybrid", 33 | "rules": [{ 34 | "type": "field", 35 | "inboundTag": ["cn-dns"], 36 | "outboundTag": "out-direct", 37 | "ruleTag": "DNS CN - OUT" 38 | }, { 39 | "type": "field", 40 | "port": "53", 41 | "inboundTag": ["in-global"], 42 | "outboundTag": "out-dns", 43 | "ruleTag": "DNS - HOOK" 44 | }, { 45 | "type": "field", 46 | "domain": ["geosite:category-ads-all"], 47 | "inboundTag": ["in-global"], 48 | "outboundTag": "out-block", 49 | "ruleTag": "AD - OUT" 50 | }, { 51 | "type": "field", 52 | "domain": ["geosite:google"], 53 | "inboundTag": ["in-global"], 54 | "outboundTag": "out-global", 55 | "ruleTag": "Google CN SITE - OUT" 56 | }, { 57 | "type": "field", 58 | "ip": ["geoip:cn"], 59 | "inboundTag": ["in-global"], 60 | "outboundTag": "out-direct", 61 | "ruleTag": "CN IP - OUT" 62 | }, { 63 | "type": "field", 64 | "domain": ["geosite:cn"], 65 | "inboundTag": ["in-global"], 66 | "outboundTag": "out-direct", 67 | "ruleTag": "CN SITE - OUT" 68 | }] 69 | }, 70 | "policy": {}, 71 | "inbounds": [{ 72 | "tag": "in-global", 73 | "listen": "::", 74 | "port": 20801, 75 | "protocol": "dokodemo-door", 76 | "settings": { 77 | "network": "tcp,udp", 78 | "followRedirect": true 79 | }, 80 | "streamSettings": { 81 | "sockopt": { 82 | "tproxy": "tproxy" 83 | } 84 | }, 85 | "sniffing": { 86 | "enabled": true, 87 | "destOverride": ["fakedns"], 88 | "metadataOnly": true, 89 | "routeOnly": true 90 | } 91 | }], 92 | "outbounds": [{ 93 | "tag": "out-global", 94 | "protocol": "vless", 95 | "settings": { 96 | "vnext": [{ 97 | "address": "127.0.0.1", 98 | "port": 443, 99 | "users": [{ 100 | "id": "19b3d3cd-cbb6-53d7-b418-4d656853e5b8", 101 | "flow": "xtls-rprx-vision", 102 | "encryption": "none" 103 | }] 104 | }] 105 | }, 106 | "streamSettings": { 107 | "network": "raw", 108 | "rawSettings": { 109 | "header": { 110 | "type": "none" 111 | } 112 | }, 113 | "security": "reality", 114 | "realitySettings": { 115 | "show": false, 116 | "serverName": "dm.toutiao.com", 117 | "fingerprint": "chrome", 118 | "publicKey": "EAJEJ2z2iFhO_iDpGtwt8123T9KwjbSuK0Yz1OBr---", 119 | "shortId": "ffff", 120 | "spiderX": "/robots.txt" 121 | } 122 | } 123 | }, { 124 | "tag": "out-bd", 125 | "protocol": "http", 126 | "settings": { 127 | "servers": [{ 128 | "address": "127.0.0.1", 129 | "port": 20802 130 | }] 131 | } 132 | }, { 133 | "tag": "out-dns", 134 | "protocol": "dns" 135 | }, { 136 | "tag": "out-direct", 137 | "protocol": "freedom" 138 | }, { 139 | "tag": "out-block", 140 | "protocol": "blackhole" 141 | }] 142 | } 143 | -------------------------------------------------------------------------------- /Tools/xray_vmess+tcp_国内百度直连_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "access": "none", 4 | "error": "none", 5 | "level": "none", 6 | "dnsLog": false 7 | }, 8 | "dns": { 9 | "hosts": { 10 | "sdk250": "127.0.0.1" 11 | }, 12 | "servers": [{ 13 | "address": "fakedns" 14 | }, { 15 | "tag": "cn-dns", 16 | "address": "223.5.5.5", 17 | "port": 53, 18 | "domains": ["geosite:cn"] 19 | }], 20 | "disableCache": false, 21 | "tag": "in-dns" 22 | }, 23 | "fakedns": [{ 24 | "ipPool": "198.18.0.0/15", 25 | "poolSize": 65535 26 | }, { 27 | "ipPool": "fc00::/18", 28 | "poolSize": 65535 29 | }], 30 | "routing": { 31 | "domainStrategy": "AsIs", 32 | "domainMatcher": "hybrid", 33 | "rules": [{ 34 | "type": "field", 35 | "inboundTag": ["cn-dns"], 36 | "outboundTag": "out-bd", 37 | "ruleTag": "DNS CN - OUT" 38 | }, { 39 | "type": "field", 40 | "port": "53", 41 | "inboundTag": ["in-global"], 42 | "outboundTag": "out-dns", 43 | "ruleTag": "DNS - HOOK" 44 | }, { 45 | "type": "field", 46 | "domain": ["geosite:category-ads-all"], 47 | "inboundTag": ["in-global"], 48 | "outboundTag": "out-block", 49 | "ruleTag": "AD - OUT" 50 | }, { 51 | "type": "field", 52 | "domain": ["geosite:google"], 53 | "inboundTag": ["in-global"], 54 | "outboundTag": "out-global", 55 | "ruleTag": "Google CN SITE - OUT" 56 | }, { 57 | "type": "field", 58 | "ip": ["geoip:cn"], 59 | "inboundTag": ["in-global"], 60 | "outboundTag": "out-bd", 61 | "ruleTag": "CN IP - OUT" 62 | }, { 63 | "type": "field", 64 | "domain": ["geosite:cn"], 65 | "inboundTag": ["in-global"], 66 | "outboundTag": "out-bd", 67 | "ruleTag": "CN SITE - OUT" 68 | }] 69 | }, 70 | "policy": {}, 71 | "inbounds": [{ 72 | "tag": "in-global", 73 | "listen": "::", 74 | "port": 20801, 75 | "protocol": "dokodemo-door", 76 | "settings": { 77 | "network": "tcp,udp", 78 | "followRedirect": true 79 | }, 80 | "streamSettings": { 81 | "sockopt": { 82 | "tproxy": "tproxy" 83 | } 84 | }, 85 | "sniffing": { 86 | "enabled": true, 87 | "destOverride": ["fakedns"], 88 | "metadataOnly": true, 89 | "routeOnly": true 90 | } 91 | }], 92 | "outbounds": [{ 93 | "tag": "out-global", 94 | "protocol": "vmess", 95 | "settings": { 96 | "vnext": [{ 97 | "address": "127.0.0.1", 98 | "port": 80, 99 | "users": [{ 100 | "id": "2f1ebedb-8936-473b-9dbb-8144fbf70e97", 101 | "security": "auto" 102 | }] 103 | }] 104 | }, 105 | "streamSettings": { 106 | "network": "raw", 107 | "rawSettings": { 108 | "header": { 109 | "type": "http", 110 | "request": { 111 | "method": "GET", 112 | "version": "1.1", 113 | "path": "/", 114 | "host": "dm.toutiao.com" 115 | } 116 | } 117 | }, 118 | "security": "none" 119 | } 120 | }, { 121 | "tag": "out-bd", 122 | "protocol": "http", 123 | "settings": { 124 | "servers": [{ 125 | "address": "127.0.0.1", 126 | "port": 20802 127 | }] 128 | } 129 | }, { 130 | "tag": "out-dns", 131 | "protocol": "dns" 132 | }, { 133 | "tag": "out-direct", 134 | "protocol": "freedom" 135 | }, { 136 | "tag": "out-block", 137 | "protocol": "blackhole" 138 | }] 139 | } 140 | -------------------------------------------------------------------------------- /Tools/xray_vmess+tcp_国内直连_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "access": "none", 4 | "error": "none", 5 | "level": "none", 6 | "dnsLog": false 7 | }, 8 | "dns": { 9 | "hosts": { 10 | "sdk250": "127.0.0.1" 11 | }, 12 | "servers": [{ 13 | "address": "fakedns" 14 | }, { 15 | "tag": "cn-dns", 16 | "address": "223.5.5.5", 17 | "port": 53, 18 | "domains": ["geosite:cn"] 19 | }], 20 | "disableCache": false, 21 | "tag": "in-dns" 22 | }, 23 | "fakedns": [{ 24 | "ipPool": "198.18.0.0/15", 25 | "poolSize": 65535 26 | }, { 27 | "ipPool": "fc00::/18", 28 | "poolSize": 65535 29 | }], 30 | "routing": { 31 | "domainStrategy": "AsIs", 32 | "domainMatcher": "hybrid", 33 | "rules": [{ 34 | "type": "field", 35 | "inboundTag": ["cn-dns"], 36 | "outboundTag": "out-direct", 37 | "ruleTag": "DNS CN - OUT" 38 | }, { 39 | "type": "field", 40 | "port": "53", 41 | "inboundTag": ["in-global"], 42 | "outboundTag": "out-dns", 43 | "ruleTag": "DNS - HOOK" 44 | }, { 45 | "type": "field", 46 | "domain": ["geosite:category-ads-all"], 47 | "inboundTag": ["in-global"], 48 | "outboundTag": "out-block", 49 | "ruleTag": "AD - OUT" 50 | }, { 51 | "type": "field", 52 | "domain": ["geosite:google"], 53 | "inboundTag": ["in-global"], 54 | "outboundTag": "out-global", 55 | "ruleTag": "Google CN SITE - OUT" 56 | }, { 57 | "type": "field", 58 | "ip": ["geoip:cn"], 59 | "inboundTag": ["in-global"], 60 | "outboundTag": "out-direct", 61 | "ruleTag": "CN IP - OUT" 62 | }, { 63 | "type": "field", 64 | "domain": ["geosite:cn"], 65 | "inboundTag": ["in-global"], 66 | "outboundTag": "out-direct", 67 | "ruleTag": "CN SITE - OUT" 68 | }] 69 | }, 70 | "policy": {}, 71 | "inbounds": [{ 72 | "tag": "in-global", 73 | "listen": "::", 74 | "port": 20801, 75 | "protocol": "dokodemo-door", 76 | "settings": { 77 | "network": "tcp,udp", 78 | "followRedirect": true 79 | }, 80 | "streamSettings": { 81 | "sockopt": { 82 | "tproxy": "tproxy" 83 | } 84 | }, 85 | "sniffing": { 86 | "enabled": true, 87 | "destOverride": ["fakedns"], 88 | "metadataOnly": true, 89 | "routeOnly": true 90 | } 91 | }], 92 | "outbounds": [{ 93 | "tag": "out-global", 94 | "protocol": "vmess", 95 | "settings": { 96 | "vnext": [{ 97 | "address": "127.0.0.1", 98 | "port": 80, 99 | "users": [{ 100 | "id": "2f1ebedb-8936-473b-9dbb-8144fbf70e97", 101 | "security": "auto" 102 | }] 103 | }] 104 | }, 105 | "streamSettings": { 106 | "network": "raw", 107 | "rawSettings": { 108 | "header": { 109 | "type": "http", 110 | "request": { 111 | "method": "GET", 112 | "version": "1.1", 113 | "path": "/", 114 | "host": "dm.toutiao.com" 115 | } 116 | } 117 | }, 118 | "security": "none" 119 | } 120 | }, { 121 | "tag": "out-bd", 122 | "protocol": "http", 123 | "settings": { 124 | "servers": [{ 125 | "address": "127.0.0.1", 126 | "port": 20802 127 | }] 128 | } 129 | }, { 130 | "tag": "out-dns", 131 | "protocol": "dns" 132 | }, { 133 | "tag": "out-direct", 134 | "protocol": "freedom" 135 | }, { 136 | "tag": "out-block", 137 | "protocol": "blackhole" 138 | }] 139 | } 140 | -------------------------------------------------------------------------------- /disabled: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /mlk.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | # Powered by sdk250 3 | 4 | home_path="${0%/*}/Tools" 5 | 6 | # thread_socket 连接的IP(百度系) 7 | SERVER_ADDR='110.242.70.68' 8 | 9 | # Allow IP 10 | ALLOW_IP="127.0.0.1/32 \ 11 | 10.0.0.0/8 \ 12 | 172.16.0.0/12 \ 13 | 169.254.0.0/16 \ 14 | 224.0.0.0/4 \ 15 | 192.168.0.0/16 \ 16 | 100.64.0.0/10 \ 17 | 240.0.0.0/4 \ 18 | 255.255.255.255/32 \ 19 | ${SERVER_ADDR}/32" 20 | 21 | ALLOW_IPv6="fe80::/64" 22 | 23 | LOCAL_IPv6='' 24 | 25 | ENABLE_IPv6=1 26 | 27 | # 仅适用于Android系统 28 | PACKAGES="/data/system/packages.list" 29 | 30 | # 在 Android 系统中的需要放行的应用的包名 31 | ALLOW_PACKAGES="com.android.bankabc \ 32 | com.nasoft.socmark \ 33 | com.v2ray.ang \ 34 | com.tmri.app.main" 35 | 36 | # 同上,不过是针对放行UDP 37 | ALLOW_UDP_PACKAGES="com.tencent.tmgp.pubgmhd \ 38 | com.tencent.tmgp.sgame \ 39 | com.miHoYo.Yuanshen" 40 | 41 | # 适用于 Linux,需要放行的UID 42 | ALLOW_ALL_UID='' 43 | 44 | # UDP 放行 45 | ALLOW_UDP_UID='' 46 | 47 | # 放行本机DNS 48 | ALLOW_LOCAL_DNS=0 49 | 50 | # 放行热点DNS 51 | ALLOW_REMOTE_DNS=0 52 | 53 | # 放行本机UDP 54 | ALLOW_LOCAL_UDP=0 55 | 56 | # 放行本机TCP 57 | ALLOW_LOCAL_TCP=0 58 | 59 | # 放行热点UDP 60 | ALLOW_REMOTE_UDP=0 61 | 62 | # 放行热点TCP 63 | ALLOW_REMOTE_TCP=0 64 | 65 | # 放行 WiFi 66 | ALLOW_WLAN=0 67 | 68 | # 需要放行的网卡,添加 wlan+ 进入可以放行Wifi 69 | ALLOW_LOOKUP='tun+ lo' 70 | 71 | # Be care for using 72 | ALLOW_UID=0 73 | 74 | ALLOW_PORT=20822 75 | TCP_PORT=20802 76 | MARK=10086 77 | GID=10086 78 | TUNDEV='tunDev' 79 | TABLE=101 80 | PREF=100 81 | TUN_ADDR='172.24.0.1/30' 82 | WAIT_TIME=3 83 | 84 | echo_v() 85 | { 86 | eval "local value=\$${1}" 87 | echo "${1}=${value}" >> ${home_path}/.uid 88 | } 89 | 90 | generate_uid() 91 | { 92 | echo -e "# This file is automatical" \ 93 | "genrated by \`mlk\`\n# DO NOT edit it\n" > ${home_path}/.uid 94 | 95 | echo -n "ALLOW_ALL_UID=" >> ${home_path}/.uid 96 | find_uid "${ALLOW_PACKAGES}" "${ALLOW_ALL_UID}" 97 | echo -n "ALLOW_UDP_UID=" >> ${home_path}/.uid 98 | find_uid "${ALLOW_UDP_PACKAGES}" "${ALLOW_UDP_UID}" 99 | 100 | # Saving configuration 101 | local vars 102 | vars=( 103 | SERVER_ADDR 104 | ALLOW_IP 105 | ALLOW_IPv6 106 | LOCAL_IPv6 107 | ENABLE_IPv6 108 | PACKAGES 109 | ALLOW_PACKAGES 110 | ALLOW_UDP_PACKAGES 111 | ALLOW_LOCAL_DNS 112 | ALLOW_REMOTE_DNS 113 | ALLOW_LOCAL_UDP 114 | ALLOW_LOCAL_TCP 115 | ALLOW_REMOTE_UDP 116 | ALLOW_REMOTE_TCP 117 | ALLOW_WLAN 118 | ALLOW_LOOKUP 119 | ALLOW_UID 120 | ALLOW_PORT 121 | TCP_PORT 122 | MARK 123 | TUNDEV 124 | TABLE 125 | PREF 126 | TUN_ADDR 127 | WAIT_TIME 128 | ) 129 | 130 | for var in ${vars[@]} 131 | do 132 | echo_v ${var} 133 | done 134 | } 135 | 136 | find_uid() 137 | { 138 | if [ -f ${PACKAGES} ] 139 | then 140 | for PACKAGE in ${1} 141 | do 142 | uid=$(awk "/^${PACKAGE} /{print \$2}" ${PACKAGES}) 143 | if [ ! -z ${uid} ] && ! $(echo "${2}" | grep -q ${uid}) 144 | then 145 | echo -n "${uid} " >> ${home_path}/.uid 146 | fi 147 | done 148 | fi 149 | echo "${2} " >> ${home_path}/.uid 150 | } 151 | 152 | create_tun() 153 | { 154 | if [ -c /dev/tun ] 155 | then 156 | [ -f /dev/net/tun ] || ( mkdir -p /dev/net \ 157 | && ln -sf /dev/tun /dev/net/tun ) 158 | else 159 | [ -c /dev/net/tun ] || ( mkdir -p /dev/net \ 160 | && mknod /dev/net/tun c 10 200 \ 161 | && chmod 600 /dev/net/tun ) 162 | fi 163 | } 164 | 165 | find_configuration() 166 | { 167 | echo $(grep -E '^[^#]' ${home_path}/.uid | \ 168 | grep -E "^${1}=" | awk -F= '{print $2}' \ 169 | ) 170 | } 171 | 172 | load_configuration() 173 | { 174 | SERVER_ADDR="$(find_configuration SERVER_ADDR)" 175 | ALLOW_IP="$(find_configuration ALLOW_IP)" 176 | ALLOW_IPv6="$(find_configuration ALLOW_IPv6)" 177 | LOCAL_IPv6="$(find_configuration LOCAL_IPv6)" 178 | ENABLE_IPv6="$(find_configuration ENABLE_IPv6)" 179 | PACKAGES="$(find_configuration PACKAGES)" 180 | ALLOW_PACKAGES="$(find_configuration ALLOW_PACKAGES)" 181 | ALLOW_UDP_PACKAGES="$(find_configuration ALLOW_UDP_PACKAGES)" 182 | ALLOW_ALL_UID="$(find_configuration ALLOW_ALL_UID)" 183 | ALLOW_UDP_UID="$(find_configuration ALLOW_UDP_UID)" 184 | ALLOW_LOCAL_DNS="$(find_configuration ALLOW_LOCAL_DNS)" 185 | ALLOW_REMOTE_DNS="$(find_configuration ALLOW_REMOTE_DNS)" 186 | ALLOW_LOCAL_UDP="$(find_configuration ALLOW_LOCAL_UDP)" 187 | ALLOW_LOCAL_TCP="$(find_configuration ALLOW_LOCAL_TCP)" 188 | ALLOW_REMOTE_UDP="$(find_configuration ALLOW_REMOTE_UDP)" 189 | ALLOW_REMOTE_TCP="$(find_configuration ALLOW_REMOTE_TCP)" 190 | ALLOW_WLAN="$(find_configuration ALLOW_WLAN)" 191 | ALLOW_LOOKUP="$(find_configuration ALLOW_LOOKUP)" 192 | ALLOW_UID="$(find_configuration ALLOW_UID)" 193 | ALLOW_PORT="$(find_configuration ALLOW_PORT)" 194 | TCP_PORT="$(find_configuration TCP_PORT)" 195 | MARK="$(find_configuration MARK)" 196 | TUNDEV="$(find_configuration TUNDEV)" 197 | TABLE="$(find_configuration TABLE)" 198 | PREF="$(find_configuration PREF)" 199 | TUN_ADDR="$(find_configuration TUN_ADDR)" 200 | WAIT_TIME="$(find_configuration WAIT_TIME)" 201 | } 202 | 203 | allow_app_network() 204 | { 205 | for UID in $(find_configuration uid) 206 | do 207 | iptables -t ${1} ${2} OUTPUT ${3} \ 208 | -w ${WAIT_TIME} \ 209 | -m owner \ 210 | --uid ${UID} \ 211 | -j ACCEPT 212 | done 213 | for UID in $(find_configuration udp_uid) 214 | do 215 | iptables -t ${1} ${2} OUTPUT ${3} \ 216 | -w ${WAIT_TIME} \ 217 | -p udp \ 218 | -m owner \ 219 | --uid ${UID} \ 220 | -j ACCEPT 221 | done 222 | } 223 | 224 | allow_core() 225 | { 226 | # Allow DHCP service 227 | iptables -t ${1} ${2} OUTPUT ${3} \ 228 | -w ${WAIT_TIME} \ 229 | -p udp \ 230 | --dport 67:68 \ 231 | -j ACCEPT 232 | 233 | for IP in ${ALLOW_IP} 234 | do 235 | # Allow IP range 236 | iptables -t ${1} ${2} PREROUTING ${3} \ 237 | -w ${WAIT_TIME} \ 238 | -d ${IP} \ 239 | -j ACCEPT 240 | iptables -t ${1} ${2} OUTPUT ${3} \ 241 | -w ${WAIT_TIME} \ 242 | -d ${IP} \ 243 | -j ACCEPT 244 | done 245 | 246 | local wlan='' 247 | [ ${ALLOW_WLAN} == 1 ] && wlan='wlan+' 248 | for LOOKUP in ${ALLOW_LOOKUP} ${wlan} 249 | do 250 | # Allow lookup 251 | iptables -t ${1} ${2} OUTPUT ${3} \ 252 | -w ${WAIT_TIME} \ 253 | -o ${LOOKUP} \ 254 | -j ACCEPT 255 | done 256 | } 257 | 258 | ip46tables() 259 | { 260 | iptables ${@} 261 | [ ${ENABLE_IPv6} == 1 ] && ip6tables ${@} 262 | } 263 | 264 | ip46route() 265 | { 266 | ip -4 route ${@} 267 | [ ${ENABLE_IPv6} == 1 ] && ip -6 route ${@} 268 | } 269 | 270 | ip46rule() 271 | { 272 | ip -4 rule ${@} 273 | [ ${ENABLE_IPv6} == 1 ] && ip -6 rule ${@} 274 | } 275 | 276 | xray_subrule() 277 | { 278 | ip6tables -t mangle -${1} XRAY \ 279 | -d ${2} -j RETURN 280 | ip6tables -t mangle -${1} XRAY_MASK \ 281 | -d ${2} -j RETURN 282 | } 283 | 284 | xray_final_rule() 285 | { 286 | for PROTO in tcp udp 287 | do 288 | ip46tables -t mangle -${1} XRAY \ 289 | -p ${PROTO} \ 290 | -j TPROXY \ 291 | --on-port 20801 --tproxy-mark ${MARK} 292 | ip46tables -t mangle -${1} XRAY_MASK \ 293 | -p ${PROTO} \ 294 | -j MARK --set-mark ${MARK} 295 | done 296 | } 297 | 298 | xray_rule() 299 | { 300 | ip46rule ${1} fwmark ${MARK} lookup ${TABLE} pref ${PREF} 301 | ip46route ${1} local default dev lo table ${TABLE} 302 | 303 | ip46tables -t mangle -${2} XRAY \ 304 | -p udp --dport 67:68 \ 305 | -j RETURN 306 | 307 | [ ${ALLOW_REMOTE_UDP} == 1 ] && \ 308 | ip46tables -t mangle \ 309 | -${2} XRAY \ 310 | -p udp ! --dport 53 \ 311 | -m mark ! --mark ${MARK} \ 312 | -j RETURN 313 | [ ${ALLOW_LOCAL_UDP} == 1 ] && \ 314 | ip46tables -t mangle \ 315 | -${2} XRAY_MASK \ 316 | -p udp ! --dport 53 \ 317 | -j RETURN 318 | [ ${ALLOW_REMOTE_TCP} == 1 ] && \ 319 | ip46tables -t mangle \ 320 | -${2} XRAY \ 321 | -p tcp \ 322 | -m mark ! --mark ${MARK} \ 323 | -j RETURN 324 | [ ${ALLOW_LOCAL_TCP} == 1 ] && \ 325 | ip46tables -t mangle \ 326 | -${2} XRAY_MASK \ 327 | -p tcp \ 328 | -j RETURN 329 | 330 | for PROTO in tcp udp 331 | do 332 | [ ${ALLOW_REMOTE_DNS} == 1 ] && \ 333 | ip46tables -t mangle -${2} XRAY \ 334 | -p ${PROTO} --dport 53 \ 335 | -m mark ! --mark ${MARK} \ 336 | -j RETURN 337 | 338 | [ ${ALLOW_LOCAL_DNS} == 1 ] && \ 339 | ip46tables -t mangle -${2} XRAY_MASK \ 340 | -p ${PROTO} --dport 53 \ 341 | -j RETURN 342 | 343 | ip46tables -t mangle -${2} XRAY \ 344 | -p ${PROTO} --dport 53 \ 345 | -j TPROXY --on-port 20801 --tproxy-mark ${MARK} 346 | 347 | ip46tables -t mangle -${2} XRAY_MASK \ 348 | -p ${PROTO} --dport 53 \ 349 | -j MARK --set-mark ${MARK} 350 | done 351 | 352 | for IP in ${ALLOW_IP} 353 | do 354 | iptables -t mangle -${2} XRAY \ 355 | -d ${IP} -j RETURN 356 | iptables -t mangle -${2} XRAY_MASK \ 357 | -d ${IP} -j RETURN 358 | done 359 | 360 | if [ ${ENABLE_IPv6} == 1 ] 361 | then 362 | for IP in ${ALLOW_IPv6} ${LOCAL_IPv6} 363 | do 364 | xray_subrule ${2} ${IP} 365 | done 366 | fi 367 | 368 | [ ${ALLOW_WLAN} == 1 ] && \ 369 | ip46tables -t mangle -${2} OUTPUT \ 370 | -o wlan+ \ 371 | -j ACCEPT 372 | 373 | for UID in ${ALLOW_ALL_UID} 374 | do 375 | [ -z ${UID} ] || \ 376 | ip46tables -t mangle -${2} XRAY_MASK \ 377 | -m owner --uid ${UID} -j RETURN 378 | done 379 | for UID in ${ALLOW_UDP_UID} 380 | do 381 | [ -z ${UID} ] || \ 382 | ip46tables -t mangle -${2} XRAY_MASK \ 383 | -p udp -m owner --uid ${UID} -j RETURN 384 | done 385 | 386 | xray_final_rule ${2} 387 | for PROTO in tcp udp 388 | do 389 | ip46tables -t mangle \ 390 | -${2} PREROUTING \ 391 | -w 2 \ 392 | -p ${PROTO} -j XRAY 393 | ip46tables -t mangle \ 394 | -${2} OUTPUT \ 395 | -w 2 \ 396 | -p ${PROTO} \ 397 | -m owner ! --gid ${GID} -j XRAY_MASK 398 | done 399 | } 400 | 401 | tiny_rule_1() 402 | { 403 | allow_core nat ${1} ${2} 404 | allow_core mangle ${1} ${2} 405 | 406 | iptables -t nat ${1} OUTPUT ${2} \ 407 | -w ${WAIT_TIME} \ 408 | -m owner \ 409 | --uid ${ALLOW_UID} \ 410 | -j ACCEPT 411 | iptables -t mangle ${1} OUTPUT ${2} \ 412 | -w ${WAIT_TIME} \ 413 | -m owner \ 414 | --uid ${ALLOW_UID} \ 415 | -j ACCEPT 416 | iptables -t mangle ${1} OUTPUT ${2} \ 417 | -w ${WAIT_TIME} \ 418 | -p tcp \ 419 | -m state \ 420 | --state NEW,ESTABLISHED,RELATED \ 421 | -j ACCEPT 422 | ( [ ${ALLOW_LOCAL_UDP} == 1 ] || [ ${ALLOW_REMOTE_UDP} == 1 ] ) && \ 423 | iptables -t mangle ${1} OUTPUT ${2} \ 424 | -w ${WAIT_TIME} \ 425 | -p udp \ 426 | -m state \ 427 | --state NEW,ESTABLISHED,RELATED \ 428 | -j ACCEPT 429 | iptables -t mangle ${1} OUTPUT ${2} \ 430 | -w ${WAIT_TIME} \ 431 | -p udp \ 432 | --dport 53 \ 433 | -m state \ 434 | --state NEW,ESTABLISHED,RELATED \ 435 | -j ACCEPT 436 | } 437 | 438 | tiny_rule_2() 439 | { 440 | allow_app_network nat ${1} 441 | allow_app_network mangle ${1} 442 | 443 | # Begin proxy TCP 444 | # iptables -t mangle ${1} OUTPUT -w ${WAIT_TIME} -m owner ! --uid 0-99999 -j DROP 445 | [ ${ALLOW_LOCAL_TCP} == 1 ] || iptables -t nat ${1} OUTPUT \ 446 | -w ${WAIT_TIME} \ 447 | -p tcp \ 448 | -j REDIRECT \ 449 | --to ${TCP_PORT} 450 | # iptables -t nat ${1} OUTPUT -w ${WAIT_TIME} -p udp \ 451 | # --dport 53 -j REDIRECT --to 65053 452 | 453 | [ ${ALLOW_LOCAL_UDP} == 1 ] && iptables -t nat ${1} OUTPUT \ 454 | -w ${WAIT_TIME} \ 455 | -p udp \ 456 | -j ACCEPT 457 | 458 | # Allow DNS network 459 | iptables -t nat ${1} OUTPUT \ 460 | -w ${WAIT_TIME} \ 461 | -p udp \ 462 | --dport 53 \ 463 | -j ACCEPT 464 | 465 | iptables -t mangle -P OUTPUT ${2} -w ${WAIT_TIME} 466 | # End proxy TCP 467 | 468 | # Begin proxy forward 469 | iptables -t mangle -P FORWARD ${2} -w ${WAIT_TIME} 470 | ip6tables -t mangle -P FORWARD ${2} -w ${WAIT_TIME} 471 | [ ${ALLOW_REMOTE_TCP} == 1 ] || iptables -t nat ${1} PREROUTING \ 472 | -w ${WAIT_TIME} \ 473 | -p tcp \ 474 | -j REDIRECT \ 475 | --to ${TCP_PORT} 476 | # iptables -t nat ${1} PREROUTING -w ${WAIT_TIME} \ 477 | # -p udp --dport 53 -j REDIRECT --to 65053 478 | 479 | [ ${ALLOW_REMOTE_UDP} == 1 ] && iptables -t mangle ${1} FORWARD \ 480 | -w ${WAIT_TIME} \ 481 | -p udp \ 482 | -j ACCEPT 483 | 484 | # Allow forward DNS network 485 | iptables -t mangle ${1} FORWARD \ 486 | -w ${WAIT_TIME} \ 487 | -p udp \ 488 | --dport 53 \ 489 | -j ACCEPT 490 | # End proxy forward 491 | } 492 | 493 | xray_open() { 494 | if [ ${ENABLE_IPv6} == 1 ] 495 | then 496 | for IP in $(ip -6 addr | grep inet | awk '{print $2}' | grep '^2') 497 | do 498 | if [ ! -z "${IP}" ] 499 | then 500 | LOCAL_IPv6="${LOCAL_IPv6} ${IP}" 501 | fi 502 | done 503 | fi 504 | 505 | generate_uid 506 | load_configuration 507 | 508 | ${home_path}/busybox nohup \ 509 | ${home_path}/busybox setuidgid 0:${GID} \ 510 | ${home_path}/xray run \ 511 | -c ${home_path}/config.json 2>&1 > ${home_path}/xray.log & 512 | ${home_path}/thread_socket \ 513 | -p ${TCP_PORT} \ 514 | -u ${ALLOW_UID} \ 515 | -r ${SERVER_ADDR} \ 516 | -d &> ${home_path}/sock.log 517 | ip46tables -t mangle -N XRAY 518 | ip46tables -t mangle -N XRAY_MASK 519 | xray_rule add A 520 | 521 | [ ${ENABLE_IPv6} == 0 ] && ip -6 rule add unreachable pref ${PREF} # Deny IPV6 522 | 523 | mv ${0%/*}/disabled ${0%/*}/enabled && echo "xray" > ${0%/*}/enabled 524 | echo -e "\x1b[92mXray Done.\x1b[0m" 525 | exit 0 526 | } 527 | 528 | xray_close() { 529 | load_configuration 530 | 531 | xray_rule del D 532 | ip46tables -t mangle -X XRAY 533 | ip46tables -t mangle -X XRAY_MASK 534 | 535 | [ ${ENABLE_IPv6} == 0 ] && ip -6 rule del pref ${PREF} # Allow IPV6 536 | 537 | killall xray \ 538 | thread_socket 539 | 540 | rm -f ${home_path}/.uid 541 | mv ${0%/*}/enabled ${0%/*}/disabled 542 | } 543 | 544 | tiny_open() { 545 | echo 1 > /proc/sys/net/ipv4/ip_forward 546 | echo 1 > /proc/sys/net/ipv4/ip_dynaddr 547 | 548 | generate_uid 549 | 550 | create_tun 551 | 552 | ip -6 rule add unreachable pref ${PREF} 553 | ${home_path}/thread_socket \ 554 | -p ${TCP_PORT} \ 555 | -u ${ALLOW_UID} \ 556 | -r ${SERVER_ADDR} \ 557 | -d &> ${home_path}/sock.log 558 | 559 | tiny_rule_1 -I 1 560 | 561 | tiny_rule_2 -A DROP 562 | 563 | mv ${0%/*}/disabled ${0%/*}/enabled && echo "thread_socket" > ${0%/*}/enabled 564 | echo -e "\x1b[92mTiny Done.\x1b[0m" 565 | exit 0 566 | } 567 | 568 | tiny_close() { 569 | echo 0 > /proc/sys/net/ipv4/ip_forward 570 | echo 0 > /proc/sys/net/ipv4/ip_dynaddr 571 | 572 | load_configuration 573 | 574 | ip -6 rule del pref ${PREF} 575 | killall thread_socket 576 | 577 | tiny_rule_1 -D 578 | 579 | tiny_rule_2 -D ACCEPT 580 | 581 | rm -f ${home_path}/.uid 582 | mv ${0%/*}/enabled ${0%/*}/disabled 583 | } 584 | 585 | close() { 586 | case $(cat ${0%/*}/enabled) in 587 | 'thread_socket') 588 | tiny_close 589 | ;; 590 | 'xray') 591 | xray_close 592 | ;; 593 | *) 594 | echo 'Undefined error.' 595 | exit 127 596 | esac 597 | } 598 | 599 | if [ -f ${0%/*}/disabled ] 600 | then 601 | if [ ${#} -eq 1 ] 602 | then 603 | case ${1} in 604 | 't') 605 | tiny_open 606 | ;; 607 | 'x') 608 | xray_open 609 | ;; 610 | 's') 611 | echo 'MLKit is stopped.' 612 | exit 0 613 | ;; 614 | *) 615 | echo "Undefined core." 616 | exit -1 617 | esac 618 | else 619 | echo "Need a parameter of core." 620 | exit -3 621 | fi 622 | elif [ -f ${0%/*}/enabled ] 623 | then 624 | if [ ${#} -le 2 ] 625 | then 626 | status=$(cat ${0%/*}/enabled) 627 | case ${1} in 628 | 't') 629 | if [ 'thread_socket' == ${status} ] 630 | then 631 | tiny_close 632 | exit 0 633 | else 634 | close 635 | tiny_open 636 | fi 637 | ;; 638 | 'x') 639 | if [ 'xray' == ${status} ] 640 | then 641 | load_configuration 642 | if [ 'r' == "${2}" ] && [ ${ENABLE_IPv6} == 1 ] 643 | then 644 | origin_LOCAL_IPv6=${LOCAL_IPv6} 645 | xray_final_rule D 646 | 647 | LOCAL_IPv6='' 648 | for IP in $(ip -6 addr | grep inet | awk '{print $2}' | grep '^2') 649 | do 650 | if [ ! -z ${IP} ] 651 | then 652 | LOCAL_IPv6="${LOCAL_IPv6} ${IP}" 653 | fi 654 | done 655 | if [ ! -z "${origin_LOCAL_IPv6}" ] 656 | then 657 | for IP in ${origin_LOCAL_IPv6} 658 | do 659 | xray_subrule D ${IP} 660 | done 661 | fi 662 | if [ ! -z "${LOCAL_IPv6}" ] 663 | then 664 | for IP in ${LOCAL_IPv6} 665 | do 666 | xray_subrule A ${IP} 667 | done 668 | echo "Refresh IPv6!" 669 | else 670 | echo 'Refresh failed.' 671 | fi 672 | 673 | xray_final_rule A 674 | generate_uid 675 | exit 0 676 | fi 677 | [ "${2}" != 'r' ] && xray_close 678 | exit 0 679 | else 680 | if [ 'r' != "${2}" ] 681 | then 682 | close 683 | xray_open 684 | fi 685 | fi 686 | ;; 687 | 's') 688 | echo "MLKit is running. (${status})" 689 | exit 0 690 | ;; 691 | *) 692 | echo "Core selected is invalid." 693 | esac 694 | else 695 | echo "Need a parameter of core." 696 | exit -3 697 | fi 698 | else 699 | echo "Undefined error." 700 | exit 1 701 | fi 702 | exit 127 703 | 704 | --------------------------------------------------------------------------------