clean commit

README.md

@@ -0,0 +1,89 @@
+
+
+# 🚀 脚本工具集
+
+常用 Linux/路由器/服务器 Bash 工具脚本，适合自动化、性能优化、代理配置等场景。
+
+---
+
+## 🛠️ 工具与一键命令
+
+### 1. tcp.sh  —— TCP 网络优化
+优化：
+
+```bash
+bash <(curl -fsSL "https://raw.githubusercontent.com/sushen339/tools/main/tcp.sh") 1
+```
+
+代理加速：
+
+```bash
+bash <(curl -fsSL "https://gh-proxy.net/https://raw.githubusercontent.com/sushen339/tools/main/tcp.sh") 1
+```
+
+
+---
+
+### 2. tproxy.sh  —— OpenWrt/路由透明代理自动配置
+一键运行：
+
+```bash
+bash <(curl -fsSL "https://raw.githubusercontent.com/sushen339/tools/main/tproxy.sh")
+```
+
+代理加速：
+
+```bash
+bash <(curl -fsSL "https://gh-proxy.net/https://raw.githubusercontent.com/sushen339/tools/main/tproxy.sh")
+```
+
+---
+
+### 3. mihomo-install.sh  —— Mihomo 加速核心一键安装
+一键安装：
+
+```bash
+bash <(curl -fsSL "https://raw.githubusercontent.com/sushen339/tools/main/mihomo-install.sh")
+```
+
+代理加速：
+
+```bash
+bash <(curl -fsSL "https://gh-proxy.net/https://raw.githubusercontent.com/sushen339/tools/main/mihomo-install.sh")
+```
+
+---
+
+### 4. mssh.sh  —— 多主机 SSH 管理与端口转发
+一键运行：
+
+```bash
+bash <(curl -fsSL "https://raw.githubusercontent.com/sushen339/tools/main/mssh.sh")
+```
+
+代理加速：
+
+```bash
+bash <(curl -fsSL "https://gh-proxy.net/https://raw.githubusercontent.com/sushen339/tools/main/mssh.sh")
+```
+
+---
+
+### 5. curl-cc.sh  —— 模拟浏览器 UA 自动访问签到
+一键运行：
+
+```bash
+bash <(curl -fsSL "https://raw.githubusercontent.com/sushen339/tools/main/curl-cc.sh")
+```
+
+代理加速：
+
+```bash
+bash <(curl -fsSL "https://gh-proxy.net/https://raw.githubusercontent.com/sushen339/tools/main/curl-cc.sh")
+```
+
+---
+
+> 建议所有脚本以 root 权限运行，详细参数和说明请阅读各脚本头部注释。
+
+> 建议所有脚本以 root 权限运行，详细参数和说明请阅读各脚本头部注释。

curl-cc.sh

@@ -0,0 +1,345 @@
+#!/usr/bin/env bash
+# curl-cc.sh
+# 自动访问指定网站，模拟真实浏览器行为
+# 用法: ./curl-cc.sh [-v|--verbose] [-h|--help]
+
+set -o pipefail
+
+# 配置选项
+VERBOSE=0
+SCRIPT_NAME=$(basename "$0")
+
+# 显示帮助信息
+show_help() {
+  cat << EOF
+用法: $SCRIPT_NAME [选项]
+
+描述:
+  自动访问指定网站，模拟真实浏览器行为进行签到或访问
+
+选项:
+  -v, --verbose    显示详细输出信息
+  -h, --help       显示此帮助信息
+
+示例:
+  $SCRIPT_NAME           # 静默模式运行
+  $SCRIPT_NAME -v        # 详细模式运行
+
+EOF
+  exit 0
+}
+
+# 日志函数
+log_info() {
+  if [ "$VERBOSE" -eq 1 ]; then
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*"
+  fi
+}
+
+log_error() {
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*" >&2
+}
+
+# 解析命令行参数
+while [ $# -gt 0 ]; do
+  case "$1" in
+    -v|--verbose)
+      VERBOSE=1
+      shift
+      ;;
+    -h|--help)
+      show_help
+      ;;
+    *)
+      echo "未知选项: $1"
+      echo "使用 -h 或 --help 查看帮助"
+      exit 1
+      ;;
+  esac
+done
+
+VISIT_PATH="/short_code/visit_short_code_proc_ajax.php?ref="
+CLICK_PATH="/short_code/click_short_code_proc_ajax.php?c=c"
+
+# Referer 来源列表（最常用的社交媒体和平台）
+REFERERS=(
+  # 主流社交媒体
+  "https://www.facebook.com/"
+  "https://twitter.com/"
+  "https://www.instagram.com/"
+  "https://www.tiktok.com/"
+  "https://www.reddit.com/"
+  
+  # 视频平台
+  "https://www.youtube.com/"
+  
+  # 搜索引擎
+  "https://www.google.com/"
+  
+  # 通讯工具
+  "https://t.me/"
+)
+
+# User-Agent 列表（2025年最新版本，最常用设备）
+UAS=(
+  # === Android 设备 ===
+  # Samsung Galaxy (市场占有率最高)
+  "Mozilla/5.0 (Linux; Android 14; SM-S24 Ultra) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36"
+  "Mozilla/5.0 (Linux; Android 14; SM-S23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36"
+  
+  # Google Pixel
+  "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.58 Mobile Safari/537.36"
+  
+  # === iOS 设备 ===
+  # iPhone - Safari (最常用)
+  "Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Mobile/15E148 Safari/604.1"
+  "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.7 Mobile/15E148 Safari/604.1"
+  
+  # iPhone - Chrome
+  "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/130.0.6723.90 Mobile/15E148 Safari/604.1"
+  
+  # === Windows 桌面 ===
+  # Chrome (最常用)
+  "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
+  
+  # Edge
+  "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.2849.68"
+  
+  # === macOS 桌面 ===
+  # Safari
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15"
+  
+  # Chrome on Mac
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
+)
+
+hosts=( "org.cc.cc" "sky.cc.cc" )
+
+# 生成随机 ref 参数（30% 概率为空，70% 概率为 6-12 位随机字符串）
+rand_ref() {
+  if [ $((RANDOM % 10)) -lt 3 ]; then
+    printf ""
+  else
+    local len=$((6 + RANDOM % 7))
+    # 使用更便携的随机字符串生成方式
+    if [ -r /dev/urandom ]; then
+      head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c "$len"
+    else
+      # 备用方案（如果 /dev/urandom 不可用）
+      < /dev/urandom tr -dc 'a-zA-Z0-9' | head -c "$len"
+    fi
+  fi
+}
+
+# 随机选择一个 User-Agent
+choose_ua() {
+  echo "${UAS[$((RANDOM % ${#UAS[@]}))]}"
+}
+
+# 随机选择一个 Referer
+choose_referer() {
+  echo "${REFERERS[$((RANDOM % ${#REFERERS[@]}))]}"
+}
+
+# 根据地理位置获取 Accept-Language
+get_accept_language() {
+  local country_code=""
+  
+  # 尝试从 ipinfo.io 获取国家代码（设置超时 3 秒）
+  if command -v curl &> /dev/null; then
+    country_code=$(curl -s --max-time 3 https://ipinfo.io/country 2>/dev/null | tr -d '[:space:]')
+  fi
+  
+  # 根据国家代码返回对应的 Accept-Language
+  case "$country_code" in
+    CN|HK|TW|MO)  # 中国、香港、台湾、澳门
+      echo "zh-CN,zh;q=0.9,en;q=0.8"
+      ;;
+    JP)  # 日本
+      echo "ja,en;q=0.9"
+      ;;
+    KR)  # 韩国
+      echo "ko,en;q=0.9"
+      ;;
+    ES|MX|AR|CO|CL|PE|VE)  # 西班牙语国家
+      echo "es,en;q=0.9"
+      ;;
+    FR|BE|CH)  # 法语国家
+      echo "fr,en;q=0.9"
+      ;;
+    DE|AT)  # 德语国家
+      echo "de,en;q=0.9"
+      ;;
+    RU|BY|KZ|UA)  # 俄语国家
+      echo "ru,en;q=0.9"
+      ;;
+    PT|BR)  # 葡萄牙语国家
+      echo "pt,en;q=0.9"
+      ;;
+    IT)  # 意大利
+      echo "it,en;q=0.9"
+      ;;
+    TR)  # 土耳其
+      echo "tr,en;q=0.9"
+      ;;
+    SA|AE|EG|IQ|JO)  # 阿拉伯语国家
+      echo "ar,en;q=0.9"
+      ;;
+    IN)  # 印度
+      echo "en-IN,hi;q=0.9,en;q=0.8"
+      ;;
+    *)  # 默认英文（包括 US, GB, CA, AU, SG 等）
+      echo "en-US,en;q=0.9"
+      ;;
+  esac
+}
+
+# 执行访问请求
+make_visit_request() {
+  local host="$1"
+  local ref_url="$2"        # URL 参数中的 ref（referral site URL）
+  local ua="$3"
+  local referer="https://${host}/"  # HTTP Header 中的 Referer 固定为自身
+  
+  # 构建完整 URL，ref 参数为 referral site 的完整 URL
+  local url="https://${host}${VISIT_PATH}${ref_url}"
+  
+  log_info "正在访问: ${host}"
+  log_info "URL: ${url}"
+  log_info "Referer Header: ${referer}"
+  log_info "User-Agent: ${ua}"
+  
+  # 使用 || true 确保即使 curl 失败也不会导致脚本退出
+  local curl_exit_code=0
+  curl -s -S -X GET "$url" \
+    -H "Host: ${host}" \
+    -H "Connection: keep-alive" \
+    -H "Accept: */*" \
+    -H "X-Requested-With: XMLHttpRequest" \
+    -H "User-Agent: ${ua}" \
+    -H "Content-Type: charset=utf-8" \
+    -H "Referer: ${referer}" \
+    -H "Accept-Encoding: gzip, deflate" \
+    -H "Accept-Language: ${ACCEPT_LANG}" \
+    --compressed -o /dev/null --max-time ${MAX_TIME} || curl_exit_code=$?
+  
+  if [ $curl_exit_code -eq 0 ]; then
+    log_info "✓ ${host} 访问成功"
+    return 0
+  else
+    log_error "✗ ${host} 访问失败 (curl 退出码: ${curl_exit_code})"
+    return 1
+  fi
+}
+
+# 执行电话点击请求
+make_click_request() {
+  local host="$1"
+  local ua="$2"
+  local referer="https://${host}/"  # HTTP Header 中的 Referer 固定为自身
+  
+  # 构建完整 URL
+  local url="https://${host}${CLICK_PATH}"
+  
+  log_info "  ├─ 电话点击统计"
+  log_info "  ├─ URL: ${url}"
+  
+  # 使用 || true 确保即使 curl 失败也不会导致脚本退出
+  local curl_exit_code=0
+  curl -s -S -X GET "$url" \
+    -H "Host: ${host}" \
+    -H "Connection: keep-alive" \
+    -H "Accept: */*" \
+    -H "X-Requested-With: XMLHttpRequest" \
+    -H "User-Agent: ${ua}" \
+    -H "Content-Type: charset=utf-8" \
+    -H "Referer: ${referer}" \
+    -H "Accept-Encoding: gzip, deflate" \
+    -H "Accept-Language: ${ACCEPT_LANG}" \
+    --compressed -o /dev/null --max-time ${MAX_TIME} || curl_exit_code=$?
+  
+  if [ $curl_exit_code -eq 0 ]; then
+    log_info "  └─ ✓ 电话点击记录成功"
+    return 0
+  else
+    log_error "  └─ ✗ 电话点击记录失败 (curl 退出码: ${curl_exit_code})"
+    return 1
+  fi
+}
+
+MAX_TIME=15
+SLEEP_MIN=3
+SLEEP_MAX=6
+
+# 主执行流程
+main() {
+  log_info "==================== 开始执行 ===================="
+  log_info "目标主机数量: ${#hosts[@]}"
+  
+  local success_count=0
+  local fail_count=0
+  
+  # 获取地理位置对应的语言
+  ACCEPT_LANG="$(get_accept_language)"
+  log_info "Accept-Language: ${ACCEPT_LANG}"
+  
+  # 为本次执行生成统一的 UA（所有请求使用同一个 UA）
+  local ua
+  ua="$(choose_ua)"
+  
+  for host in "${hosts[@]}"; do
+    local ref_url=""
+    
+    # 33% 概率直接访问（unknown），67% 概率从社交媒体跳转
+    if [ $((RANDOM % 3)) -eq 0 ]; then
+      # 直接访问，ref 参数为空
+      ref_url=""
+      log_info "直接访问（referral site: unknown）"
+    else
+      # 从随机社交媒体跳转
+      ref_url="$(choose_referer)"
+      log_info "referral site: ${ref_url}"
+    fi
+    
+    # 执行访问请求，不管成功失败都继续
+    if make_visit_request "$host" "$ref_url" "$ua"; then
+      ((success_count++))
+      
+      # 20% 概率点击电话统计
+      if [ $((RANDOM % 5)) -eq 0 ]; then
+        log_info "  ↳ 触发电话点击（20% 概率）"
+        make_click_request "$host" "$ua" || true
+      fi
+    else
+      ((fail_count++))
+    fi
+    
+    # 在请求之间随机等待（最后一个请求除外）
+    if [ "$host" != "${hosts[-1]}" ]; then
+      local sleep_sec=$((SLEEP_MIN + RANDOM % (SLEEP_MAX - SLEEP_MIN + 1)))
+      local ms=$((RANDOM % 1000))
+      local sleep_time
+      
+      # 检查 awk 是否可用
+      if command -v awk &> /dev/null; then
+        sleep_time=$(awk "BEGIN{printf \"%.3f\", ${sleep_sec} + ${ms}/1000}")
+      else
+        sleep_time="${sleep_sec}"
+      fi
+      
+      log_info "等待 ${sleep_time} 秒..."
+      sleep "$sleep_time"
+    fi
+  done
+  
+  log_info "==================== 执行完成 ===================="
+  log_info "成功: ${success_count}, 失败: ${fail_count}"
+  
+  # 如果有失败的请求，返回非零退出码
+  if [ "$fail_count" -gt 0 ]; then
+    exit 1
+  fi
+}
+
+# 执行主函数
+main

mihomo-install.sh

@@ -0,0 +1,581 @@
+#!/bin/bash
+# mihomo 安装脚本
+# 作者: su
+# 版本: v1.0.0
+# 日期: 2024年11月14日
+
+set -e -o pipefail
+
+# 定义颜色
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # 无颜色
+
+# 检测系统类型和架构
+detect_system() {
+    if [ -f /etc/alpine-release ]; then
+        SYSTEM_TYPE="Alpine"
+    elif command -v systemctl > /dev/null; then
+        SYSTEM_TYPE="Debian"
+    elif [ -f /etc/openwrt_release ]; then
+        SYSTEM_TYPE="OpenWrt"
+    elif [ -d /etc/init.d ]; then
+        SYSTEM_TYPE="Init.d"
+    else
+        echo "不支持的初始化系统"
+        exit 1
+    fi
+
+    ARCH_RAW=$(uname -m)
+    case "${ARCH_RAW}" in
+        'x86_64')    ARCH='amd64';;
+        'x86' | 'i686' | 'i386')     ARCH='386';;
+        'aarch64' | 'arm64') ARCH='arm64';;
+        'armv7l')   ARCH='armv7';;
+        's390x')    ARCH='s390x';;
+        *)          echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;;
+    esac
+
+    if [ "$SYSTEM_TYPE" == "Debian" ]; then
+        SYSTEM_VERSION=$(cat /etc/os-release | grep VERSION_ID | cut -d'=' -f2 | tr -d '"')
+    elif [ "$SYSTEM_TYPE" == "Alpine" ]; then
+        SYSTEM_VERSION=$(cat /etc/alpine-release)
+    elif [ "$SYSTEM_TYPE" == "OpenWrt" ]; then
+        SYSTEM_VERSION=$(cat /etc/openwrt_release | grep DISTRIB_RELEASE | cut -d'=' -f2)
+    else
+        SYSTEM_VERSION="Unknown"
+    fi
+    echo -e "${GREEN}当前系统为 ${SYSTEM_TYPE}-${SYSTEM_VERSION}_${ARCH_RAW}${NC}"
+}
+
+# 设置时区
+set_timezone() {
+    if [ "$SYSTEM_TYPE" == "Alpine" ]; then
+        echo -e "${YELLOW}检测到 Alpine 系统，使用 cp 和 echo 设置时区${NC}"
+        apk add --no-cache tzdata
+        cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
+        echo "Asia/Shanghai" > /etc/timezone
+        apk del tzdata
+    else
+        CURRENT_TIMEZONE=$(timedatectl show --property=Timezone --value)
+        if [ "$CURRENT_TIMEZONE" != "Asia/Shanghai" ]; then
+            echo -e "${YELLOW}设置时区为Asia/Shanghai${NC}"
+            timedatectl set-timezone Asia/Shanghai
+        fi
+    fi
+}
+
+# 安装必要软件
+install_software() {
+    if [ "$SYSTEM_TYPE" == "Alpine" ]; then
+        echo -e "${YELLOW}正在安装必要软件${NC}"
+        apk add --no-cache curl nano grep gzip
+    else
+        echo -e "${YELLOW}正在安装必要软件${NC}"
+        if command -v apt-get > /dev/null; then
+            apt-get update
+            apt-get install -y curl nano gzip
+        elif command -v yum > /dev/null; then
+            yum install -y curl nano gzip
+        else
+            echo -e "${RED}不支持的包管理器${NC}"
+            exit 1
+        fi
+    fi
+}
+
+# 检测并下载 mihomo 版本
+download_mihomo() {
+    VERSION=$(curl -sL "https://gh.llkk.cc/https://api.github.com/repos/MetaCubeX/mihomo/releases/latest" | grep -oP '"tag_name": "\K(.*)(?=")')
+    if [ -z "$VERSION" ]; then
+        echo -e "${RED}无法获取最新版本号${NC}"
+        exit 1
+    fi
+    echo -e "${GREEN}获取到的版本: ${VERSION}${NC}"
+
+    DOWNLOAD_URL="https://gh.llkk.cc/https://github.com/MetaCubeX/mihomo/releases/download/${VERSION}/mihomo-linux-${ARCH}-${VERSION}.gz"
+    echo "从 ${DOWNLOAD_URL} 下载 mihomo"
+    curl -Lo mihomo.gz "${DOWNLOAD_URL}"
+    echo -e "${YELLOW}Mihomo ${VERSION} 下载完成, 开始安装${NC}"
+    gzip -d mihomo.gz
+    chmod +x mihomo
+    mv mihomo /usr/local/bin/
+}
+
+# 删除已有服务
+remove_existing_service() {
+    if [ -f /etc/systemd/system/mihomo.service ] || [ -f /etc/init.d/mihomo ] || [ -f /etc/rc.d/mihomo ]; then
+        read -p "检测到已有的 mihomo 服务，是否删除？(y/n): " choice
+        case "$choice" in
+            y|Y )
+                if [ -f /etc/systemd/system/mihomo.service ]; then
+                    systemctl stop mihomo
+                    systemctl disable mihomo
+                    rm -f /etc/systemd/system/mihomo.service
+                    systemctl daemon-reload
+                fi
+
+                if [ -f /etc/init.d/mihomo ]; then
+                    /etc/init.d/mihomo stop
+                    rm -f /etc/init.d/mihomo
+                fi
+
+                if [ -f /etc/rc.d/mihomo ]; then
+                    /etc/rc.d/mihomo stop
+                    rm -f /etc/rc.d/mihomo
+                fi
+                ;;
+            n|N )
+                echo -e "${YELLOW}保留已有的 mihomo 服务，退出安装。${NC}"
+                exit 0
+                ;;
+            * )
+                echo -e "${RED}无效的选择，退出安装。${NC}"
+                exit 1
+                ;;
+        esac
+    fi
+}
+
+# 配置 OpenRC 服务，Alpine 专用
+configure_openrc() {
+    echo "创建 OpenRC 服务文件"
+    cat <<EOF > /etc/init.d/mihomo
+#!/sbin/openrc-run
+command="/usr/local/bin/mihomo"
+command_args="-d /etc/mihomo"
+command_background=true
+pidfile="/var/run/mihomo.pid"
+name="Mihomo Service"
+
+depend() {
+    need net
+}
+
+start_pre() {
+    ebegin "等待 1 秒"
+    sleep 1
+    eend \$?
+}
+EOF
+    chmod +x /etc/init.d/mihomo
+    rc-update add mihomo default
+    rc-service mihomo start
+}
+
+# 配置 systemd 服务，Debian系 专用
+configure_systemd() {
+    echo "创建 systemd 服务文件"
+    cat <<EOF > /etc/systemd/system/mihomo.service
+[Unit]
+Description=mihomo Daemon, Another Clash Kernel.
+After=network.target NetworkManager.service systemd-networkd.service iwd.service
+
+[Service]
+Type=simple
+LimitNPROC=500
+LimitNOFILE=1000000
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+Restart=always
+ExecStartPre=/usr/bin/sleep 1s
+ExecStart=/usr/local/bin/mihomo -d /etc/mihomo
+ExecReload=/bin/kill -HUP \$MAINPID
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    systemctl daemon-reload
+    systemctl start mihomo
+    systemctl enable mihomo
+}
+
+# 配置 init.d 服务，OpenWrt 和 Init.d 专用
+configure_initd() {
+    echo "创建 init.d 服务文件"
+    cat <<EOF > /etc/init.d/mihomo
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          mihomo
+# Required-Start:    \$network
+# Required-Stop:     \$network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Mihomo Service
+### END INIT INFO
+
+start() {
+    echo "Starting mihomo"
+    /usr/bin/sleep 1
+    /usr/local/bin/mihomo -d /etc/mihomo &
+}
+
+stop() {
+    echo "Stopping mihomo"
+    pkill -f /usr/local/bin/mihomo
+}
+
+restart() {
+    stop
+    start
+}
+
+case "\$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    restart)
+        restart
+        ;;
+    *)
+        echo "Usage: /etc/init.d/mihomo {start|stop|restart}"
+        exit 1
+        ;;
+esac
+
+exit 0
+EOF
+    chmod +x /etc/init.d/mihomo
+    update-rc.d mihomo defaults
+    /etc/init.d/mihomo start
+}
+
+# 内置配置
+BUILTIN_CONFIG=$(cat <<EOF
+port: 7890
+socks-port: 7891
+redir-port: 7892
+tproxy-port: 7893
+mixed-port: 1080
+mode: rule
+log-level: info
+allow-lan: true     # 允许局域网连接
+bind-address: "*"   # 绑定所有地址
+ipv6: true      # IPv6 总开关
+tcp-concurrent: true    # tcp 并发
+unified-delay: true     # 统一延迟
+find-process-mode: strict      # 进程匹配
+global-client-fingerprint: random  # 随机指纹
+global-ua: clash-verge/v1.8.10  # 下载资源 UA
+
+
+proxies:
+# clashMeta配置参考可以看看这个wiki
+# https://wiki.metacubex.one
+
+### 锚点
+p: &p   # 订阅
+  type: http
+  interval: 1800
+  health-check:
+    enable: true
+    url: https://www.gstatic.com/generate_204
+    interval: 300
+t : &t   # 节点
+  type: url-test
+  include-all: true
+  url: https://www.gstatic.com/generate_204
+  interval: 300
+  skip-cert-verify: true  # 跳过 TLS 证书验证
+  tolerance: 15 # 存在比当前节点延迟低15时切换
+  lazy: true # 未选择此策略组时,不会进行检测
+  sort:
+    delay: asc
+    speed: desc
+r: &r    # 规则
+  type: http
+  format: yaml
+  behavior: classical
+  interval: 86400
+
+# 代理提供(订阅)组
+proxy-providers:
+  1.机场1:  # 机场名
+    url: ""
+    path: ./proxy_providers/机场1.yaml
+    #指定保存路径 非必填
+    <<: *p
+  
+  2.机场2:  # 机场名
+    url: ""
+    path: ./proxy_providers/机场2.yaml
+    proxy: DIRECT
+    <<: *p
+
+
+# 代理组
+proxy-groups:
+  - name: 🎯 总模式
+    type: select
+    proxies:
+      - ♻️ 自动选择
+      - 🚀 手动选择
+      - 🇭🇰 香港节点
+      - 🇸🇬 狮城节点
+      - 🇹🇼 台湾节点
+      - 🇯🇵 日本节点
+      - 🇺🇸 美国节点
+      - 🌎 其它地区
+      - 🔃 负载均衡-轮询
+      - 🔃 负载均衡-散列
+      - 直连
+
+# 策略组
+  - name: ♻️ 自动选择
+    <<: *t
+    
+  - name: 🚀 手动选择
+    type: select
+    <<: *t
+      
+  - name: 🇭🇰 香港节点
+    filter: "(?i)🇭🇰|港|hk|hongkong|hong kong"
+    <<: *t
+
+  - name: 🇸🇬 狮城节点
+    filter: "(?i)🇸🇬|新|sg|singapore"
+    <<: *t
+
+  - name: 🇹🇼 台湾节点
+    filter: "(?i)🇹🇼|台|tw|taiwan"
+    <<: *t
+
+  - name: 🇯🇵 日本节点
+    filter: "(?i)🇯🇵|日|jp|japan"
+    <<: *t
+
+  - name: 🇺🇸 美国节点
+    filter: "(?i)🇺🇸|美|us|unitedstates|united states"
+    <<: *t
+
+  - name: 🌎 其它地区
+    type: select
+    filter: "(?i)^(?!.*(?:🇭🇰|🇯🇵|🇺🇸|🇸🇬|🇨🇳|港|hk|hongkong|台|tw|taiwan|日|jp|japan|新|sg|singapore|美|us|unitedstates)).*"
+    <<: *t
+
+  - name: 🔃 负载均衡-轮询
+    type: load-balance
+    strategy: round-robin
+    filter: "🇭🇰|🇯🇵|🇸🇬|香港|hk|HK|hongkong|台|台湾|TW|taiwan|日本|jp|JP|新加坡|sg|韩国|中转|狮城|菲律宾"
+    <<: *t
+
+  - name: 🔃 负载均衡-散列
+    type: load-balance
+    strategy: consistent-hashing
+    filter: "🇭🇰|🇯🇵|🇺🇸|🇸🇬|香港|hk|HK|hongkong|台|台湾|TW|taiwan|日本|jp|JP|新加坡|sg|美国|US"
+    <<: *t
+  
+  - name: 直连
+    type: select
+    proxies:
+      - DIRECT
+      
+
+# 分流规则提供(订阅)组
+rule-providers:
+  AWAvenue: # 秋风去广告
+    behavior: domain
+    path: ./rule_providers/AWAvenue-Ads-Rule-Clash.yaml
+    url: "https://raw.githubusercontent.com/TG-Twilight/AWAvenue-Ads-Rule/main/Filters/AWAvenue-Ads-Rule-Clash.yaml"
+    <<: *r
+#  OpenAi:   # AI 服务
+#    path: ./rule_providers/OpenAi.yaml
+#    url: "https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Providers/Ruleset/OpenAi.yaml"
+#    <<: *r
+  直连:   # 自定义直连
+    type: file
+    behavior: domain
+    format: text
+    path: ./rule_providers/直连.yaml
+    
+  代理:   # 自定义代理
+    type: file
+    behavior: domain
+    format: text
+    path: ./rule_providers/代理.yaml
+
+#   其他参数
+sniffer:
+  enable: true
+  sniff:
+    HTTP:
+      ports: [80, 8080-8880]
+    TLS:
+      ports: [443, 8443]
+    QUIC:
+      ports: [443, 8443]
+  skip-domain:
+    - Mijia Cloud
+
+profile:
+  store-selected: true   # 存储 select 选择记录
+  store-fake-ip: true    # 持久化 fake-ip
+  
+#   webui
+external-controller: 0.0.0.0:9090
+external-ui: webui
+external-ui-name: xd
+external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"
+
+#   geo
+geox-url:
+  geoip: "https://gcore.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat"
+  geosite: "https://gcore.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat"
+  mmdb: "https://gcore.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb"
+geodata-mode: true
+geodata-loader: standard
+geo-auto-update: true
+geo-update-interval: 24
+
+tun:
+  enable: true
+  device: tun
+  stack: mixed
+  dns-hijack:
+    - any:53
+    - tcp://any:53
+  auto-route: true
+  auto-redirect: true
+  auto-detect-interface: true
+
+dns:
+  enable: true
+  cache-algorithm: arc
+  use-system-hosts: true
+  ipv6: true
+  listen: 0.0.0.0:1053
+  enhanced-mode: redir-host  # fake-ip
+  fake-ip-range: 198.18.0.1/16
+  fake-ip-filter:
+    - '+.lan'
+    - '+.invalid.*'
+    - '+.localhost'
+    - '+.local.*'
+    - '+.time.*'
+    - '+.ntp.*'
+    - '+.time.edu.cn'
+    - '+.ntp.org.cn'
+    - '+.pool.ntp.org'
+    - '+.qpic.cn'
+    - "+.stun.*"
+    - "+.stun.*.*"
+    - "+.stun.*.*.*"
+    - '+.sushen.tk'
+    - localhost.ptlogin2.qq.com
+    - dns.msftncsi.com
+    - www.msftncsi.com
+    - www.msftconnecttest.com
+    - time1.cloud.tencent.com
+    
+  nameserver:
+    - https://1.0.0.1/dns-query
+    - https://8.8.8.8/dns-query
+    - https://208.67.222.222/dns-query
+  proxy-server-nameserver:
+    - https://119.29.29.29/dns-query
+    - https://223.5.5.5/dns-query
+  nameserver-policy:
+    "geosite:category-ads-all":
+      - rcode://success
+  direct-nameserver:
+    - system
+    - 119.29.29.29
+    - 223.5.5.5
+  direct-nameserver-follow-policy: true
+
+
+# 分流规则
+rules:
+  - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOSITE,CN))),REJECT-DROP # 禁用quic(不包括国内)
+  - RULE-SET,AWAvenue,REJECT-DROP
+#  - RULE-SET,OpenAi,🇸🇬 狮城节点
+  - RULE-SET,直连,DIRECT
+  - RULE-SET,代理,🎯 总模式
+#  - IP-CIDR,192.168.0.0/16,DIRECT,no-resolve
+  
+  - GEOSITE,openai,🇸🇬 狮城节点
+  
+  - GEOSITE,ehentai,🎯 总模式
+  - GEOSITE,github,🎯 总模式
+  - GEOSITE,twitter,🎯 总模式
+  - GEOSITE,youtube,🎯 总模式
+  - GEOSITE,google,🎯 总模式
+  - GEOSITE,telegram,🎯 总模式
+  - GEOSITE,netflix,🎯 总模式
+  - GEOSITE,bahamut,🎯 总模式
+  - GEOSITE,spotify,🎯 总模式
+  - GEOSITE,bilibili,DIRECT
+  - GEOSITE,CN,DIRECT
+  - GEOSITE,private,DIRECT
+  - GEOSITE,category-ads-all,REJECT-DROP
+  
+  - GEOIP,google,🎯 总模式
+  - GEOIP,netflix,🎯 总模式
+  - GEOIP,telegram,🎯 总模式
+  - GEOIP,twitter,🎯 总模式
+  - GEOIP,CN,DIRECT,no-resolve
+  - GEOIP,private,DIRECT,no-resolve
+  
+  - MATCH,🎯 总模式
+EOF
+)
+
+# 询问是否使用内置配置
+ask_builtin_config() {
+    read -p "是否使用内置配置？(y/n): " choice
+    case "$choice" in
+        y|Y )
+            echo -e "${YELLOW}使用内置配置，请在配置中添加订阅${NC}"
+            mkdir /etc/mihomo/
+            echo "$BUILTIN_CONFIG" > /etc/mihomo/config.yaml
+            ;;
+        n|N )
+            echo -e "${YELLOW}不使用内置配置，请上传配置到/etc/mihomo/config.yaml${NC}"
+            ;;
+        * )
+            echo -e "${RED}无效的选择，退出安装。${NC}"
+            exit 1
+            ;;
+    esac
+}
+
+# 启用系统转发
+enable_ip_forwarding() {
+    echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
+    echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.conf
+    sysctl -p
+    if [ "$SYSTEM_TYPE" == "Alpine" ]; then
+        rc-update add sysctl
+    fi
+}
+
+# 主函数
+main() {
+    detect_system
+    set_timezone
+    install_software
+    remove_existing_service
+    download_mihomo
+    ask_builtin_config
+   # enable_ip_forwarding
+
+    case "$SYSTEM_TYPE" in
+        "Alpine")
+            configure_openrc
+            ;;
+        "Debian")
+            configure_systemd
+            ;;
+        "OpenWrt" | "Init.d")
+            configure_initd
+            ;;
+    esac
+
+    echo -e "${GREEN}脚本执行完毕。${NC}"
+}
+
+main

mssh.sh

@@ -0,0 +1,726 @@
+#!/bin/bash
+
+# mssh - SSH 管理工具
+
+# 配置文件路径
+CONFIG_FILE="$HOME/.mssh.conf"
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+ORANGE='\033[0;33m'
+BLUE='\033[0;34m'
+PURPLE='\033[0;35m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+# Emoji 定义
+SERVER_EMOJI="🌐"
+KEY_EMOJI="🔑"
+PASSWORD_EMOJI="🔒"
+CONNECT_EMOJI="🔌"
+SUCCESS_EMOJI="✅"
+ERROR_EMOJI="❌"
+WARNING_EMOJI="⚠️"
+INFO_EMOJI="𝒊"
+FORWARD_EMOJI="📡"
+
+# 信号处理
+graceful_exit() {
+    echo -e "\n${INFO_EMOJI} ${CYAN}  正在退出 mssh...${NC}"
+    
+    # 检查是否有活跃的端口转发
+    local active_forwards
+    active_forwards=$(get_section "active_forwards")
+    
+    if [ -n "$active_forwards" ]; then
+        echo -e "${WARNING_EMOJI} ${YELLOW}检测到活跃的端口转发进程${NC}"
+        echo -e "${INFO_EMOJI} ${CYAN}这些进程将继续在后台运行${NC}"
+        echo -e "${CYAN}您可以随时重新启动 mssh 来管理它们${NC}"
+        echo
+        
+        # 显示活跃的转发
+        local i=1
+        while IFS='|' read -r rule_name local_port pid user_host port server_alias remote_host remote_port; do
+            [ -z "$rule_name" ] && continue
+            printf "  ${GREEN}%2d.${NC} ${FORWARD_EMOJI} ${YELLOW}%s${NC} (PID:%s)\n" "$i" "$rule_name" "$pid"
+            ((i++))
+        done <<< "$active_forwards"
+    fi
+    
+    echo -e "\n🔚 脚本已退出"
+    exit 0
+}
+
+# 设置信号处理
+trap graceful_exit SIGINT SIGTERM SIGQUIT
+
+# 密码加密函数
+encrypt_password() {
+    local password="$1"
+    [ -z "$password" ] && return
+    
+    # 简单的字符位移 + base64
+    local encrypted
+    encrypted=$(echo "$password" | tr 'A-Za-z0-9' 'N-ZA-Mn-za-m5-90-4' | base64 -w 0)
+    echo "ENC:$encrypted"
+}
+
+# 密码解密函数  
+decrypt_password() {
+    local encrypted="$1"
+    [ -z "$encrypted" ] && return
+    
+    # 解密格式：ENC:base64data
+    if [[ "$encrypted" =~ ^ENC: ]]; then
+        local encrypted_data="${encrypted#ENC:}"
+        echo "$encrypted_data" | base64 -d | tr 'N-ZA-Mn-za-m5-90-4' 'A-Za-z0-9'
+    fi
+}
+
+# 安全读取函数
+safe_read() {
+    local prompt="$1"
+    local var_name="$2"
+    local response
+    
+    if ! read -r -p "$prompt" response; then
+        graceful_exit
+    fi
+    
+    if [ -n "$var_name" ]; then
+        eval "$var_name=\"$response\""
+    fi
+}
+
+# 检查 sshpass
+check_sshpass() {
+    if ! command -v sshpass >/dev/null 2>&1; then
+        echo -e "${ERROR_EMOJI} ${RED}未找到 sshpass。某些功能可能不可用。${NC}"
+        echo -e "${INFO_EMOJI} ${YELLOW}可以运行以下命令安装：${NC}"
+        echo -e "  ${CYAN}Ubuntu/Debian: sudo apt install sshpass${NC}"
+        echo -e "  ${CYAN}CentOS/RHEL: sudo yum install sshpass${NC}"
+    fi
+}
+
+# 初始化配置文件
+init_config() {
+    if [ ! -f "$CONFIG_FILE" ]; then
+        cat > "$CONFIG_FILE" << 'EOF'
+# mssh 配置文件
+# 格式说明：
+# [servers] 部分：alias|user@host|port|keypath|encrypted_password
+# [port_forwards] 部分：server_alias|rule_name|local_port|remote_host|remote_port|user@host|port|keypath|encrypted_password
+# [active_forwards] 部分：rule_name|local_port|pid|user@host|port|server_alias|remote_host|remote_port
+
+[servers]
+
+[port_forwards]
+
+[active_forwards]
+
+EOF
+        echo -e "${SUCCESS_EMOJI} ${GREEN}配置文件已创建: $CONFIG_FILE${NC}"
+    fi
+}
+
+# 获取配置文件中的特定部分
+get_section() {
+    local section="$1"
+    local config_file="${2:-$CONFIG_FILE}"
+    
+    awk -v section="[$section]" '
+    $0 == section { in_section = 1; next }
+    /^\[.*\]$/ { in_section = 0; next }
+    in_section && NF > 0 && !/^#/ { print }
+    ' "$config_file"
+}
+
+# 格式化端口转发显示
+format_forward_display() {
+    local num="$1"
+    local rule_name="$2"
+    local local_port="$3"
+    local server_alias="$4"
+    local remote_host="$5"
+    local remote_port="$6"
+    local pid="$7"
+    
+    local pid_text=""
+    [ -n "$pid" ] && pid_text=" PID:$pid"
+    
+    if [ "$remote_host" = "127.0.0.1" ]; then
+        printf "  ${GREEN}%2d.${NC} ${FORWARD_EMOJI} ${YELLOW}%s${NC} (本地:%s -> %s:%s)%s\n" \
+               "$num" "$rule_name" "$local_port" "$server_alias" "$remote_port" "$pid_text"
+    else
+        printf "  ${GREEN}%2d.${NC} ${FORWARD_EMOJI} ${YELLOW}%s${NC} (本地:%s -> %s -> %s:%s)%s\n" \
+               "$num" "$rule_name" "$local_port" "$server_alias" "$remote_host" "$remote_port" "$pid_text"
+    fi
+}
+
+# 显示服务器列表
+show_servers() {
+    echo -e "${CYAN}已保存的服务器:${NC}"
+    echo -e "${CYAN}---------------${NC}"
+    
+    local servers
+    servers=$(get_section "servers")
+    if [ -z "$servers" ]; then
+        echo -e "  ${YELLOW}暂无服务器${NC}"
+        return 0
+    fi
+    
+    local i=1
+    while IFS='|' read -r alias_name user_host port key_path password; do
+        [ -z "$alias_name" ] && continue
+        
+        # 显示密码和密钥状态
+        local has_password=""
+        local has_key=""
+        [ -n "$password" ] && has_password="${PASSWORD_EMOJI}"
+        [ -n "$key_path" ] && [ -f "$key_path" ] && has_key="${KEY_EMOJI}"
+        
+        printf "  ${GREEN}%2d.${NC} ${SERVER_EMOJI} ${YELLOW}%s${NC} (%s:%s) %s%s\n" \
+               "$i" "$alias_name" "$user_host" "$port" "$has_password" "$has_key"
+        ((i++))
+    done <<< "$servers"
+    
+    return $((i-1))
+}
+
+# 显示活跃的端口转发
+show_active_forwards() {
+    local active_forwards
+    active_forwards=$(get_section "active_forwards")
+    if [ -n "$active_forwards" ]; then
+        echo
+        echo -e "${CYAN}已启用的端口转发:${NC}"
+        echo -e "${CYAN}------------------${NC}"
+        
+        local i=1
+        while IFS='|' read -r rule_name local_port pid user_host port server_alias remote_host remote_port; do
+            [ -z "$rule_name" ] && continue
+            format_forward_display "$i" "$rule_name" "$local_port" "$server_alias" "$remote_host" "$remote_port" "$pid"
+            ((i++))
+        done <<< "$active_forwards"
+        return 0
+    else
+        return 1
+    fi
+}
+
+# 检查并清理无效的端口转发进程
+check_and_cleanup_forwards() {
+    local active_forwards
+    active_forwards=$(get_section "active_forwards")
+    
+    if [ -z "$active_forwards" ]; then
+        return 0
+    fi
+    
+    local temp_file
+    temp_file=$(mktemp)
+    local cleanup_needed=false
+    local cleaned_count=0
+    
+    # 复制配置文件到临时文件
+    cp "$CONFIG_FILE" "$temp_file"
+    
+    while IFS='|' read -r rule_name local_port pid user_host port server_alias remote_host remote_port; do
+        [ -z "$rule_name" ] && continue
+        
+        # 检查进程是否存在
+        if ! kill -0 "$pid" 2>/dev/null; then
+            # 进程不存在，从配置中移除
+            local rule_line="${rule_name}|${local_port}|${pid}|${user_host}|${port}|${server_alias}|${remote_host}|${remote_port}"
+            
+            awk -v target_line="$rule_line" '
+            $0 == target_line && in_active { next }
+            /^\[active_forwards\]$/ { in_active=1 }
+            /^\[.*\]$/ && !/^\[active_forwards\]$/ { in_active=0 }
+            { print }
+            ' "$temp_file" > "${temp_file}.new" && mv "${temp_file}.new" "$temp_file"
+            
+            cleanup_needed=true
+            ((cleaned_count++))
+        fi
+    done <<< "$active_forwards"
+    
+    # 如果有清理，更新配置文件并显示信息
+    if [ "$cleanup_needed" = true ]; then
+        mv "$temp_file" "$CONFIG_FILE"
+        if [ "$cleaned_count" -gt 0 ]; then
+            echo -e "${INFO_EMOJI} ${YELLOW}已清理 $cleaned_count 个失效的端口转发进程${NC}"
+            sleep 1
+        fi
+    else
+        rm -f "$temp_file"
+    fi
+}
+
+# 主菜单
+main_menu() {
+    # 在显示菜单前检查并清理无效的端口转发进程
+    check_and_cleanup_forwards
+    
+    clear
+    echo -e "${PURPLE}==========================================${NC}"
+    echo -e "${PURPLE}::          mssh - SSH 管理工具         ::${NC}"
+    echo -e "${PURPLE}==========================================${NC}"
+    echo
+    
+    show_servers
+    show_active_forwards
+    local has_active_forwards=$?
+    
+    echo
+    echo -e "${BLUE}选项分区:${NC}"
+    echo -e "${BLUE}---------${NC}"
+    echo -e "  ${GREEN}[a] 增加服务器${NC}"
+    echo -e "  ${RED}[d] 删除服务器${NC}"
+    echo -e "  ${BLUE}[p] 端口转发${NC}"
+    echo -e "  ${CYAN}[q] 退出${NC}"
+    
+    # 显示端口转发持久化提示
+    if [ $has_active_forwards -eq 0 ]; then
+        echo
+        echo -e "${INFO_EMOJI} ${YELLOW}提示：端口转发将在退出程序后继续运行${NC}"
+    fi
+    
+    echo
+    echo -ne "${GREEN}请选择操作: ${NC}"
+}
+
+# 添加服务器
+add_server() {
+    while true; do
+        clear
+        echo -e "${PURPLE}============ 添加服务器 ============${NC}"
+        echo
+        echo -e "${INFO_EMOJI} ${CYAN}添加新服务器 (0或回车返回)${NC}"
+        echo
+        safe_read "$(echo -e "${CYAN}输入别名: ${NC}")" alias_name; [ "$alias_name" = "0" ] || [ -z "$alias_name" ] && return
+        safe_read "$(echo -e "${CYAN}输入用户名@主机: ${NC}")" user_host; [ "$user_host" = "0" ] || [ -z "$user_host" ] && return
+        safe_read "$(echo -e "${CYAN}输入端口 (默认22): ${NC}")" port; [ "$port" = "0" ] && return; port=${port:-22}
+        echo -ne "${CYAN}输入密码 (可选): ${NC}"
+        read -r -s password
+        echo
+        safe_read "$(echo -e "${CYAN}输入私钥路径 (可选): ${NC}")" key_path; [ "$key_path" = "0" ] && return
+        
+        if [ -n "$key_path" ] && [ ! -f "$key_path" ]; then
+            echo -e "${ERROR_EMOJI} ${RED}密钥文件不存在${NC}"
+            safe_read "$(echo -e "${YELLOW}是否继续? (y/N): ${NC}")" continue_without_key
+            if [[ ! "${continue_without_key:-n}" =~ [yY] ]]; then
+                continue
+            fi
+            key_path=""
+        fi
+        
+        # 加密密码
+        [ -n "$password" ] && password=$(encrypt_password "$password")
+        
+        # 添加到配置文件
+        local temp_file
+        temp_file=$(mktemp)
+        awk -v new_server="${alias_name}|${user_host}|${port}|${key_path}|${password}" '
+        /^\[servers\]$/ { print; in_servers=1; next }
+        /^\[.*\]$/ { in_servers=0 }
+        in_servers && /^$/ { print new_server; added=1 }
+        { print }
+        END { if (!added && in_servers) print new_server }
+        ' "$CONFIG_FILE" > "$temp_file" && mv "$temp_file" "$CONFIG_FILE"
+        
+        echo -e "${SUCCESS_EMOJI} ${GREEN}服务器已添加: $alias_name${NC}"
+        echo
+        safe_read "$(echo -e "${YELLOW}是否继续添加? (y/N): ${NC}")" continue_add
+        if [[ ! "${continue_add:-n}" =~ [yY] ]]; then
+            break
+        fi
+    done
+}
+
+# 删除服务器
+delete_server() {
+    while true; do
+        clear
+        echo -e "${PURPLE}============ 删除服务器 ============${NC}"
+        echo
+        echo -e "${WARNING_EMOJI} ${YELLOW}删除服务器${NC}"
+        echo
+        show_servers
+        echo
+        safe_read "$(echo -e "${CYAN}选择要删除的服务器编号 (0或回车返回): ${NC}")" choice
+        [ "$choice" = "0" ] || [ -z "$choice" ] && return
+        
+        local servers
+        servers=$(get_section "servers")
+        local server_line
+        server_line=$(echo "$servers" | sed -n "${choice}p")
+        
+        if [ -n "$server_line" ]; then
+            local alias_name
+            alias_name=$(echo "$server_line" | cut -d'|' -f1)
+            echo -e "${WARNING_EMOJI} ${YELLOW}确认删除服务器: $alias_name${NC}"
+            
+            local temp_file
+            temp_file=$(mktemp)
+            awk -v target_line="$server_line" '
+            $0 == target_line && in_servers { next }
+            /^\[servers\]$/ { in_servers=1 }
+            /^\[.*\]$/ && !/^\[servers\]$/ { in_servers=0 }
+            { print }
+            ' "$CONFIG_FILE" > "$temp_file" && mv "$temp_file" "$CONFIG_FILE"
+            
+            echo -e "${SUCCESS_EMOJI} ${GREEN}服务器已删除: $alias_name${NC}"
+        else
+            echo -e "${ERROR_EMOJI} ${RED}无效的服务器编号!${NC}"
+        fi
+        
+        echo
+        safe_read "$(echo -e "${YELLOW}是否继续删除? (y/N): ${NC}")" continue_del
+        if [[ ! "${continue_del:-n}" =~ [yY] ]]; then
+            break
+        fi
+    done
+}
+
+# 添加端口转发规则
+add_port_forward_rule() {
+    echo -e "${INFO_EMOJI} ${CYAN}添加新端口转发规则 (0或回车返回):${NC}"
+    
+    safe_read "$(echo -e "${CYAN}输入规则名称: ${NC}")" rule_name
+    if [ "$rule_name" = "0" ] || [ -z "$rule_name" ]; then
+        return 1
+    fi
+    
+    safe_read "$(echo -e "${CYAN}输入本地端口: ${NC}")" local_port
+    if [ "$local_port" = "0" ] || [ -z "$local_port" ]; then
+        return 1
+    fi
+    
+    safe_read "$(echo -e "${CYAN}输入远程主机 (默认127.0.0.1): ${NC}")" remote_host
+    if [ "$remote_host" = "0" ]; then
+        return 1
+    fi
+    remote_host=${remote_host:-127.0.0.1}
+    
+    safe_read "$(echo -e "${CYAN}输入远程端口 (默认${local_port}): ${NC}")" remote_port
+    if [ "$remote_port" = "0" ]; then
+        return 1
+    fi
+    remote_port=${remote_port:-$local_port}
+    
+    echo -e "\n${CYAN}请选择要使用的服务器:${NC}"
+    show_servers
+    echo
+    safe_read "$(echo -e "${CYAN}选择服务器编号: ${NC}")" server_choice
+    if [ "$server_choice" = "0" ] || [ -z "$server_choice" ]; then
+        return 1
+    fi
+    
+    local servers
+    servers=$(get_section "servers")
+    local selected_server
+    selected_server=$(echo "$servers" | sed -n "${server_choice}p")
+    if [ -n "$selected_server" ]; then
+        IFS='|' read -r server_alias user_host port key_path password <<< "$selected_server"
+        
+        local temp_file
+        temp_file=$(mktemp)
+        awk -v new_rule="${server_alias}|${rule_name}|${local_port}|${remote_host}|${remote_port}|${user_host}|${port}|${key_path}|${password}" '
+        /^\[port_forwards\]$/ { print; in_forwards=1; next }
+        /^\[.*\]$/ { in_forwards=0 }
+        in_forwards && /^$/ { print new_rule; added=1 }
+        { print }
+        END { if (!added && in_forwards) print new_rule }
+        ' "$CONFIG_FILE" > "$temp_file" && mv "$temp_file" "$CONFIG_FILE"
+        
+        echo -e "${SUCCESS_EMOJI} ${GREEN}端口转发规则已添加: $rule_name${NC}"
+        return 0
+    else
+        echo -e "${ERROR_EMOJI} ${RED}无效的服务器编号!${NC}"
+        return 1
+    fi
+}
+
+# 删除端口转发规则
+delete_port_forward() {
+    local rule_number="$1"
+    
+    local forwards
+    forwards=$(get_section "port_forwards")
+    local rule_line
+    rule_line=$(echo "$forwards" | sed -n "${rule_number}p")
+    
+    if [ -n "$rule_line" ]; then
+        local rule_name
+        rule_name=$(echo "$rule_line" | cut -d'|' -f2)
+        
+        local temp_file
+        temp_file=$(mktemp)
+        awk -v target_line="$rule_line" '
+        $0 == target_line && in_forwards { next }
+        /^\[port_forwards\]$/ { in_forwards=1 }
+        /^\[.*\]$/ && !/^\[port_forwards\]$/ { in_forwards=0 }
+        { print }
+        ' "$CONFIG_FILE" > "$temp_file" && mv "$temp_file" "$CONFIG_FILE"
+        
+        echo -e "${SUCCESS_EMOJI} ${GREEN}规则已删除: $rule_name${NC}"
+    else
+        echo -e "${ERROR_EMOJI} ${RED}无效的规则编号!${NC}"
+    fi
+}
+
+# 停止后台端口转发
+stop_background_forward() {
+    local rule_number="$1"
+    
+    local active_forwards
+    active_forwards=$(get_section "active_forwards")
+    local active_line
+    active_line=$(echo "$active_forwards" | sed -n "${rule_number}p")
+    
+    if [ -n "$active_line" ]; then
+        IFS='|' read -r rule_name local_port pid user_host port server_alias remote_host remote_port <<< "$active_line"
+        
+        if kill "$pid" 2>/dev/null; then
+            echo -e "${SUCCESS_EMOJI} ${GREEN}端口转发已停止: $rule_name (PID: $pid)${NC}"
+        else
+            echo -e "${WARNING_EMOJI} ${YELLOW}进程可能已经停止: $rule_name (PID: $pid)${NC}"
+        fi
+        
+        # 从活跃转发列表中移除
+        local temp_file
+        temp_file=$(mktemp)
+        awk -v target_line="$active_line" '
+        $0 == target_line && in_active { next }
+        /^\[active_forwards\]$/ { in_active=1 }
+        /^\[.*\]$/ && !/^\[active_forwards\]$/ { in_active=0 }
+        { print }
+        ' "$CONFIG_FILE" > "$temp_file" && mv "$temp_file" "$CONFIG_FILE"
+    else
+        echo -e "${ERROR_EMOJI} ${RED}无效的活跃转发编号!${NC}"
+    fi
+}
+
+# 启动后台端口转发
+start_background_forward() {
+    local rule_number="$1"
+    
+    local forwards
+    forwards=$(get_section "port_forwards")
+    local rule_line
+    rule_line=$(echo "$forwards" | sed -n "${rule_number}p")
+    
+    if [ -n "$rule_line" ]; then
+        IFS='|' read -r server_alias rule_name local_port remote_host remote_port user_host port key_path password <<< "$rule_line"
+        
+        # 解密密码
+        [ -n "$password" ] && password=$(decrypt_password "$password")
+        
+        # 构建 SSH 命令
+        local ssh_args=("-p" "$port" "-L" "${local_port}:${remote_host}:${remote_port}" "-N" "$user_host")
+        [ -n "$key_path" ] && ssh_args+=("-i" "$key_path")
+        
+        # 启动后台进程 (使用密码或密钥认证)
+        local ssh_pid
+        if [ -n "$password" ] && command -v sshpass >/dev/null 2>&1; then
+            echo -e "${INFO_EMOJI} ${YELLOW}使用保存的密码启动端口转发...${NC}"
+            nohup sshpass -p "$password" ssh "${ssh_args[@]}" >/dev/null 2>&1 &
+            ssh_pid=$!
+            disown $ssh_pid 2>/dev/null
+            
+            # 等待SSH连接建立
+            sleep 1
+            
+            # 检查进程是否仍在运行
+            if ! kill -0 "$ssh_pid" 2>/dev/null; then
+                echo -e "${ERROR_EMOJI} ${RED}端口转发启动失败，请检查网络连接和认证信息${NC}"
+                return 1
+            fi         
+        else
+            echo -e "${INFO_EMOJI} ${YELLOW}启动端口转发 (需要手动输入密码)...${NC}"
+            nohup ssh "${ssh_args[@]}" </dev/tty >/dev/null 2>&1 &
+            ssh_pid=$!
+            disown $ssh_pid 2>/dev/null
+            
+            # 给用户一些时间输入密码
+            echo -e "${INFO_EMOJI} ${CYAN}请在上方输入SSH密码...${NC}"
+            sleep 3
+            
+            # 检查进程是否仍在运行
+            if ! kill -0 "$ssh_pid" 2>/dev/null; then
+                echo -e "${ERROR_EMOJI} ${RED}端口转发启动失败，请检查网络连接和认证信息${NC}"
+                return 1
+            fi
+        fi
+        
+        local temp_file
+        temp_file=$(mktemp)
+        awk -v new_active="${rule_name}|${local_port}|${ssh_pid}|${user_host}|${port}|${server_alias}|${remote_host}|${remote_port}" '
+        /^\[active_forwards\]$/ { print; in_active=1; next }
+        /^\[.*\]$/ { in_active=0 }
+        in_active && /^$/ { print new_active; added=1 }
+        { print }
+        END { if (!added && in_active) print new_active }
+        ' "$CONFIG_FILE" > "$temp_file" && mv "$temp_file" "$CONFIG_FILE"
+        
+        echo -e "${SUCCESS_EMOJI} ${GREEN}端口转发已启动: $rule_name (PID: $ssh_pid)${NC}"
+    else
+        echo -e "${ERROR_EMOJI} ${RED}无效的规则编号!${NC}"
+    fi
+}
+
+# 端口转发管理
+list_port_forwards() {
+    while true; do
+        clear
+        echo -e "${PURPLE}=========== 端口转发管理 ===========${NC}"
+        echo
+        
+        local forwards
+        forwards=$(get_section "port_forwards")
+        if [ -z "$forwards" ]; then
+            echo -e "${CYAN}已配置的端口转发规则:${NC}"
+            echo -e "${CYAN}------------------------${NC}"
+            echo -e "  ${YELLOW}暂无端口转发规则${NC}"
+        else
+            echo -e "${CYAN}已配置的端口转发规则:${NC}"
+            echo -e "${CYAN}------------------------${NC}"
+            local i=1
+            while IFS='|' read -r server_alias rule_name local_port remote_host remote_port _ _ _ _ || [ -n "$rule_name" ]; do
+                [ -z "$rule_name" ] && continue
+                format_forward_display "$i" "$rule_name" "$local_port" "$server_alias" "$remote_host" "$remote_port"
+                ((i++))
+            done <<< "$forwards"
+        fi
+        
+        show_active_forwards
+        
+        echo
+        echo -e "${BLUE}操作选项:${NC}"
+        echo -e "${BLUE}---------${NC}"
+        echo -e "  ${GREEN}[1] 添加端口转发${NC}"
+        echo -e "  ${YELLOW}[2] 启动端口转发${NC}"
+        echo -e "  ${ORANGE}[3] 停止端口转发${NC}"
+        echo -e "  ${RED}[4] 删除转发规则${NC}"
+        echo
+        safe_read "$(echo -e "${CYAN}请选择操作 (0或回车返回): ${NC}")" choice
+        
+        case $choice in
+            0|"") return ;;
+            1) 
+                echo
+                if add_port_forward_rule; then
+                    safe_read "按回车键继续..." pause_key
+                fi
+                ;;
+            2) 
+                if [ -z "$forwards" ]; then
+                    echo -e "${ERROR_EMOJI} ${RED}暂无端口转发规则可启动!${NC}"
+                    safe_read "按回车键继续..." pause_key
+                else
+                    safe_read "$(echo -e "${CYAN}输入要启动的规则编号: ${NC}")" start_choice
+                    if [ -n "$start_choice" ]; then
+                        start_background_forward "$start_choice"
+                    fi
+                    safe_read "按回车键继续..." pause_key
+                fi
+                ;;
+            3)
+                local active_forwards
+                active_forwards=$(get_section "active_forwards")
+                if [ -z "$active_forwards" ]; then
+                    echo -e "${ERROR_EMOJI} ${RED}暂无活跃的端口转发可停止!${NC}"
+                    safe_read "按回车键继续..." pause_key
+                else
+                    echo
+                    echo -e "${CYAN}当前活跃的端口转发:${NC}"
+                    local i=1
+                    while IFS='|' read -r rule_name local_port pid user_host port server_alias remote_host remote_port; do
+                        [ -z "$rule_name" ] && continue
+                        format_forward_display "$i" "$rule_name" "$local_port" "$server_alias" "$remote_host" "$remote_port" "$pid"
+                        ((i++))
+                    done <<< "$active_forwards"
+                    echo
+                    safe_read "$(echo -e "${CYAN}输入要停止的端口转发编号: ${NC}")" stop_choice
+                    if [ -n "$stop_choice" ]; then
+                        stop_background_forward "$stop_choice"
+                    fi
+                    safe_read "按回车键继续..." pause_key
+                fi
+                ;;
+            4)
+                if [ -z "$forwards" ]; then
+                    echo -e "${ERROR_EMOJI} ${RED}暂无端口转发规则可删除!${NC}"
+                    safe_read "按回车键继续..." pause_key
+                else
+                    safe_read "$(echo -e "${CYAN}输入要删除的规则编号: ${NC}")" del_choice
+                    if [ -n "$del_choice" ]; then
+                        delete_port_forward "$del_choice"
+                    fi
+                    safe_read "按回车键继续..." pause_key
+                fi
+                ;;
+            *) echo -e "${ERROR_EMOJI} ${RED}无效选项!${NC}"; sleep 1 ;;
+        esac
+    done
+}
+
+# 连接服务器
+connect_server() {
+    local choice=$1
+    
+    local servers
+    servers=$(get_section "servers")
+    local selected_server
+    selected_server=$(echo "$servers" | sed -n "${choice}p")
+    
+    if [ -n "$selected_server" ]; then
+        IFS='|' read -r alias_name user_host port key_path password <<< "$selected_server"
+        
+        # 解密密码
+        [ -n "$password" ] && password=$(decrypt_password "$password")
+        
+        echo -e "${CONNECT_EMOJI} ${GREEN}连接到: $alias_name ($user_host:$port)${NC}"
+        
+        local ssh_args=("-p" "$port" "$user_host")
+        [ -n "$key_path" ] && ssh_args+=("-i" "$key_path")
+        
+        if [ -n "$password" ] && command -v sshpass >/dev/null 2>&1; then
+            echo -e "${WARNING_EMOJI} ${YELLOW}使用保存的密码连接...${NC}"
+            sshpass -p "$password" ssh "${ssh_args[@]}"
+        else
+            ssh "${ssh_args[@]}"
+        fi
+    else
+        echo -e "${ERROR_EMOJI} ${RED}无效的服务器编号!${NC}"
+        sleep 1
+    fi
+}
+
+# 主程序
+check_sshpass
+init_config
+
+while true; do
+    main_menu
+    safe_read "" choice
+    
+    case $choice in
+        [0-9]*) 
+            if [[ "$choice" =~ ^[0-9]+$ ]]; then 
+                connect_server "$choice"
+            else 
+                echo -e "${ERROR_EMOJI} ${RED}无效的服务器编号!${NC}"
+                sleep 1
+            fi 
+            ;;
+        a|A) add_server ;;
+        d|D) delete_server ;;
+        p|P) list_port_forwards ;;
+        q|Q) graceful_exit ;;
+        *) echo -e "${ERROR_EMOJI} ${RED}无效选项!${NC}"; sleep 1 ;;
+    esac
+done

tcp.sh

@@ -0,0 +1,255 @@
+#!/bin/bash
+# tcp调优脚本 v25.10.11
+# 用法:
+#   ./tcp.sh 1   启用调优
+#   ./tcp.sh 0   还原配置
+#   ./tcp.sh 2   对比优化前后的参数
+
+BACKUP_FILE="/var/backups/tcp_backup_adaptive.conf"
+TUNE_FILE="/etc/sysctl.d/tcp_bbr_adaptive.conf"
+
+# 检查是否以 root 权限运行
+check_root() {
+    if [ "$EUID" -ne 0 ]; then
+        echo "✗ 错误: 此脚本需要 root 权限运行"
+        echo "  请使用: sudo $0"
+        exit 1
+    fi
+}
+
+# 确保备份目录存在
+ensure_backup_dir() {
+    local backup_dir
+    backup_dir=$(dirname "$BACKUP_FILE")
+    if [ ! -d "$backup_dir" ]; then
+        mkdir -p "$backup_dir" 2>/dev/null || {
+            echo "✗ 无法创建备份目录: $backup_dir"
+            exit 1
+        }
+    fi
+}
+
+PARAMS=(
+    "net.core.default_qdisc"
+    "net.ipv4.tcp_congestion_control"
+    "net.core.rmem_max"
+    "net.core.wmem_max"
+    "net.ipv4.tcp_rmem"
+    "net.ipv4.tcp_wmem"
+)
+
+get_sys_info() {
+    MEM_KB=$(grep MemTotal /proc/meminfo | awk '{print $2}')
+    MEM_BYTES=$((MEM_KB * 1024))
+    echo "内存: $((MEM_BYTES/1024/1024)) MB, CPU: $(nproc) 核"
+}
+
+ask_network_info() {
+    # 读取并验证带宽输入
+    while true; do
+        read -p "最大带宽 (Mbps): " BW
+        if [[ "$BW" =~ ^[0-9]+(\.[0-9]+)?$ ]] && (( $(echo "$BW > 0" | bc -l) )); then
+            break
+        else
+            echo "✗ 无效输入，请输入正数 (例如: 100 或 1000)"
+        fi
+    done
+    
+    # 读取并验证 RTT 输入
+    while true; do
+        read -p "平均延迟 RTT (ms): " RTT
+        if [[ "$RTT" =~ ^[0-9]+(\.[0-9]+)?$ ]] && (( $(echo "$RTT > 0" | bc -l) )); then
+            break
+        else
+            echo "✗ 无效输入，请输入正数 (例如: 10 或 50)"
+        fi
+    done
+    
+    BW_BITS=$((BW * 1000000))
+    RTT_SEC=$(awk "BEGIN {print $RTT/1000}")
+    BDP_BITS=$(awk "BEGIN {print $BW_BITS * $RTT_SEC}")
+    BDP_BYTES=$(awk "BEGIN {print int($BDP_BITS/8)}")
+    MIN_BUF=$((4*1024*1024))
+    MAX_BUF_LIMIT=$((MEM_BYTES/8))
+    if [ $BDP_BYTES -lt $MIN_BUF ]; then
+        BUF=$MIN_BUF
+    elif [ $BDP_BYTES -gt $MAX_BUF_LIMIT ]; then
+        BUF=$MAX_BUF_LIMIT
+    else
+        BUF=$BDP_BYTES
+    fi
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "计算结果:"
+    echo "  带宽延迟积 (BDP): $(numfmt --to=iec-i --suffix=B $BDP_BYTES)"
+    echo "  缓冲区上限: $(numfmt --to=iec-i --suffix=B $BUF)"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+}
+
+check_bbr() {
+    if ! sysctl net.ipv4.tcp_available_congestion_control 2>/dev/null | grep -qw bbr; then
+        echo "⚠️ 未检测到 BBR 支持，尝试加载 tcp_bbr 模块..."
+        if modprobe tcp_bbr 2>/dev/null; then
+            echo "✓ tcp_bbr 模块加载成功"
+            # 添加到开机自动加载
+            if [ ! -f /etc/modules-load.d/tcp_bbr.conf ]; then
+                echo "tcp_bbr" > /etc/modules-load.d/tcp_bbr.conf
+                echo "✓ 已设置 BBR 模块开机自动加载"
+            fi
+        else
+            echo "✗ 内核不支持 BBR，无法加载模块"
+            echo "  请确认内核版本 >= 4.9 或更新内核"
+            exit 1
+        fi
+    else
+        echo "✓ BBR 支持已启用"
+    fi
+}
+
+apply_tune() {
+    check_root
+    ensure_backup_dir
+    
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "         系统信息检测"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    get_sys_info
+    echo ""
+    check_bbr
+    echo ""
+    
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "         网络参数配置"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    ask_network_info
+    echo ""
+    
+    if [ ! -f "$BACKUP_FILE" ]; then
+        echo "📋 备份当前参数到 $BACKUP_FILE"
+        for p in "${PARAMS[@]}"; do
+            echo "$p = $(sysctl -n $p)" >> "$BACKUP_FILE"
+        done
+        echo "✓ 备份完成"
+    else
+        echo "ℹ️  检测到已存在备份文件，跳过备份"
+    fi
+    
+    echo ""
+    echo "📝 生成配置文件: $TUNE_FILE"
+    cat > "$TUNE_FILE" <<EOF
+net.core.default_qdisc = fq
+net.ipv4.tcp_congestion_control = bbr
+net.core.rmem_max = $BUF
+net.core.wmem_max = $BUF
+net.ipv4.tcp_rmem = 4096 87380 $BUF
+net.ipv4.tcp_wmem = 4096 65536 $BUF
+EOF
+    
+    echo "⚙️  应用配置..."
+    if sysctl -p "$TUNE_FILE" >/dev/null 2>&1; then
+        echo "✓ 配置应用成功"
+    else
+        echo "✗ 配置应用失败"
+        exit 1
+    fi
+    
+    echo ""
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "         当前参数"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    for p in "${PARAMS[@]}"; do
+        printf "%-35s %s\n" "$p" "$(sysctl -n $p)"
+    done
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+}
+
+restore_tune() {
+    check_root
+    
+    if [ ! -f "$BACKUP_FILE" ]; then
+        echo "✗ 未找到备份文件: $BACKUP_FILE"
+        echo "  无法还原配置"
+        exit 1
+    fi
+    
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "         还原配置"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    
+    [ -f "$TUNE_FILE" ] && rm -f "$TUNE_FILE" && echo "✓ 已删除调优配置文件"
+    
+    echo "⚙️  还原系统参数..."
+    while IFS= read -r line; do
+        key=$(echo "$line" | awk -F= '{print $1}' | xargs)
+        value=$(echo "$line" | awk -F= '{print $2}' | xargs)
+        if [ -n "$key" ] && [ -n "$value" ]; then
+            if sysctl -w "$key=$value" >/dev/null 2>&1; then
+                echo "  ✓ $key"
+            else
+                echo "  ✗ $key (失败)"
+            fi
+        fi
+    done < "$BACKUP_FILE"
+    
+    echo ""
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "         当前参数"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    for p in "${PARAMS[@]}"; do
+        printf "%-35s %s\n" "$p" "$(sysctl -n $p)"
+    done
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    
+    read -p "是否删除备份文件? (y/N): " del_backup
+    if [[ "$del_backup" =~ ^[Yy]$ ]]; then
+        rm -f "$BACKUP_FILE"
+        echo "✓ 已删除备份文件"
+    else
+        echo "ℹ️  保留备份文件: $BACKUP_FILE"
+    fi
+}
+
+compare_params() {
+    if [ ! -f "$BACKUP_FILE" ]; then
+        echo "✗ 未找到备份文件: $BACKUP_FILE"
+        echo "  无法对比参数"
+        exit 1
+    fi
+    
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    printf "%-35s %-25s %-25s\n" "参数" "优化前" "优化后"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    for p in "${PARAMS[@]}"; do
+        old=$(grep "^$p" "$BACKUP_FILE" | awk -F= '{print $2}' | xargs)
+        new=$(sysctl -n $p 2>/dev/null || echo "N/A")
+        printf "%-35s %-25s %-25s\n" "$p" "$old" "$new"
+    done
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+}
+
+if [ -z "$1" ]; then
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "       TCP 调优脚本 v25.10.11"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "请选择操作："
+    echo "  1 - 启用 BBR 调优"
+    echo "  0 - 还原默认配置"
+    echo "  2 - 对比优化前后参数"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    read -p "请输入选项 (1/0/2): " choice
+    case "$choice" in
+        1) apply_tune ;;
+        0) restore_tune ;;
+        2) compare_params ;;
+        *) echo "✗ 无效选项" ; exit 1 ;;
+    esac
+else
+    case "$1" in
+        1) apply_tune ;;
+        0) restore_tune ;;
+        2) compare_params ;;
+        *) echo "用法: $0 {1|0|2} 
+    1 = 启用调优 
+    0 = 还原配置 
+    2 = 对比优化前后的参数" ; exit 1 ;;
+    esac
+fi

tproxy.sh

@@ -0,0 +1,346 @@
+#!/bin/sh
+
+# TPROXY 透明代理脚本 for OpenWrt with NFTables
+# 功能: IPv4/v6, DNS劫持(可选), IP分流, 本机代理
+# 版本: 1.1.2 (2025-06-16)
+# 维护: su
+
+# --- [ 用户配置区: 请根据您的环境修改此区域 ] ---
+
+# --- 功能开关 ---
+# 是否开启DNS劫持功能. "true":开启, "false":关闭
+ENABLE_DNS_HIJACKING="false"
+
+# --- 核心设置 ---
+# TPROXY 代理服务监听的 TCP/UDP 端口
+PROXY_PORT=7893
+# Adguard 或其他 DNS 软件的监听端口
+ADGUARDHOME_DNS_PORT=553
+# 代理软件的 DNS 监听端口 (仅在开启劫持时有效)
+PROXY_DNS_PORT=1053
+
+# --- 系统集成设置 ---
+# LAN 接口名称
+LAN_IF="br-lan"
+# 运行代理软件的用户名 (用于豁免代理自身流量，防止死循环)
+PROXY_USER="root"
+# 存放 .nft 自定义规则文件的目录
+NFT_CUSTOM_PATH="/etc/nikki/nftables"
+# 您正在使用的 nftables 表名
+NFT_TABLE="nikki"
+
+# --- IP 集合名称 (需与 .nft 文件中定义的名称完全一致) ---
+NFT_SET_RESERVED_V4="reserved_ip"
+NFT_SET_RESERVED_V6="reserved_ip6"
+NFT_SET_BYPASS_V4="china_ip"
+NFT_SET_BYPASS_V6="china_ip6"
+
+# --- 高级设置 ---
+# 防火墙标记 (fwmark) 和策略路由表 ID
+PROXY_MARK=0xff
+ROUTE_TABLE=100
+
+# 锁文件路径 (防止重复运行)
+LOCK_FILE="/var/run/tproxy.lock"
+
+
+# --- [ 核心逻辑区: 通常无需修改 ] ---
+
+check_root() {
+    if [ "$(id -u)" -ne 0 ]; then
+        printf "错误: 此脚本需要以 root 权限运行。\n" >&2
+        exit 1
+    fi
+}
+
+# 检查是否已有实例运行
+check_lock() {
+    if [ -f "$LOCK_FILE" ]; then
+        # 检查服务是否真正在运行（通过防火墙表存在性判断）
+        if nft list table inet "$NFT_TABLE" >/dev/null 2>&1; then
+            printf "错误: TPROXY 服务已在运行中\n" >&2
+            printf "如需重新启动，请使用: %s restart\n" "$0" >&2
+            printf "如需强制启动，请先停止服务: %s stop\n" "$0" >&2
+            exit 1
+        else
+            # 清理失效的锁文件
+            printf "  -> 清理失效的锁文件...\n"
+            rm -f "$LOCK_FILE"
+        fi
+    fi
+}
+
+# 创建锁文件
+create_lock() {
+    # 确保锁文件目录存在
+    local lock_dir=$(dirname "$LOCK_FILE")
+    [ ! -d "$lock_dir" ] && mkdir -p "$lock_dir" 2>/dev/null
+    
+    # 写入启动时间戳而不是PID，因为脚本执行完后进程会结束
+    date '+%Y-%m-%d %H:%M:%S' > "$LOCK_FILE"
+    if [ $? -ne 0 ]; then
+        printf "警告: 无法创建锁文件 %s\n" "$LOCK_FILE" >&2
+    else
+        printf "  -> 锁文件已创建: %s\n" "$LOCK_FILE"
+    fi
+}
+
+# 清理锁文件
+remove_lock() {
+    if [ -f "$LOCK_FILE" ]; then
+        rm -f "$LOCK_FILE"
+        printf "  -> 锁文件已清理: %s\n" "$LOCK_FILE"
+    fi
+}
+
+load_user_nft_files() {
+    if [ ! -d "$NFT_CUSTOM_PATH" ]; then
+        printf "错误: 找不到目录 %s\n" "$NFT_CUSTOM_PATH" >&2
+        exit 1
+    fi
+    printf "  -> 正在从 %s 加载自定义规则...\n" "$NFT_CUSTOM_PATH"
+    
+    # 检查是否存在 .nft 文件
+    file_count=$(find "$NFT_CUSTOM_PATH" -name "*.nft" -type f | wc -l)
+    if [ "$file_count" -eq 0 ]; then
+        printf "警告: 目录 %s 中没有找到 .nft 文件\n" "$NFT_CUSTOM_PATH" >&2
+        return 0
+    fi
+    
+    for file in "$NFT_CUSTOM_PATH"/*.nft; do
+        if [ -f "$file" ]; then
+            printf "     - 加载 %s\n" "$(basename "$file")"
+            if ! nft -f "$file"; then
+                printf "错误: 加载 %s 时发生错误！\n" "$file" >&2
+                exit 1
+            fi
+        fi
+    done
+}
+
+do_start() {
+    printf "▶️  启动透明代理服务...\n"
+    check_lock
+    
+    # 先清理可能存在的残留规则，但不删除锁文件
+    printf "  -> 清理可能存在的残留规则...\n"
+    ip -4 rule del fwmark $PROXY_MARK lookup $ROUTE_TABLE 2>/dev/null || true
+    ip -6 rule del fwmark $PROXY_MARK lookup $ROUTE_TABLE 2>/dev/null || true
+    ip -4 route flush table $ROUTE_TABLE 2>/dev/null
+    ip -6 route flush table $ROUTE_TABLE 2>/dev/null
+    nft delete table inet $NFT_TABLE 2>/dev/null || true
+    
+    # 创建锁文件
+    create_lock
+    
+    # 设置异常退出时自动清理锁文件
+    trap 'remove_lock; exit' INT TERM
+
+    # 1. 设置策略路由
+    printf "  -> 正在设置策略路由...\n"
+    ip -4 rule add fwmark $PROXY_MARK lookup $ROUTE_TABLE
+    ip -6 rule add fwmark $PROXY_MARK lookup $ROUTE_TABLE
+    ip -4 route add local default dev lo table $ROUTE_TABLE
+    ip -6 route add local default dev lo table $ROUTE_TABLE
+
+    # 2. 加载并配置 nftables
+    printf "  -> 正在加载并配置 nftables...\n"
+
+    nft add table inet $NFT_TABLE
+    if [ $? -ne 0 ]; then
+        printf "错误: 创建 nftables 表 '%s' 失败。请检查是否已有同名表或nftables服务是否正常。\n" "$NFT_TABLE" >&2
+        exit 1
+    fi
+
+    # 加载 IP Set 文件
+    load_user_nft_files
+
+    nft add chain inet $NFT_TABLE mangle_prerouting { type filter hook prerouting priority -150\; }; nft flush chain inet $NFT_TABLE mangle_prerouting
+    nft add chain inet $NFT_TABLE mangle_output { type route hook output priority -150\; }; nft flush chain inet $NFT_TABLE mangle_output
+    for chain in tproxy_lan_v4 tproxy_lan_v6 tproxy_loc_v4 tproxy_loc_v6; do
+        nft add chain inet $NFT_TABLE "$chain"; nft flush chain inet $NFT_TABLE "$chain"
+    done
+
+    # 3. 应用规则
+    printf "  -> 正在应用核心防火墙规则...\n"
+    # 规则 A: DNS 劫持 (可选)
+    if [ "$ENABLE_DNS_HIJACKING" = "true" ]; then
+        printf "     - DNS 劫持已开启。\n"
+        nft add chain inet $NFT_TABLE dns_redirect { type nat hook prerouting priority -100\; }; nft flush chain inet $NFT_TABLE dns_redirect
+        nft add rule inet $NFT_TABLE dns_redirect iifname $LAN_IF meta l4proto {tcp, udp} th dport 53 redirect to :$PROXY_DNS_PORT
+    else
+        printf "     - DNS 劫持已关闭。\n"
+    fi
+
+    # 规则 B: 处理本机发出流量 (在 OUTPUT 链中仅作标记)
+    nft add rule inet $NFT_TABLE mangle_output meta nfproto ipv4 jump tproxy_loc_v4
+    nft add rule inet $NFT_TABLE mangle_output meta nfproto ipv6 jump tproxy_loc_v6
+    nft add rule inet $NFT_TABLE tproxy_loc_v4 skuid $PROXY_USER return # 关键: 豁免代理程序自身，防止死循环
+    nft add rule inet $NFT_TABLE tproxy_loc_v4 ip daddr @$NFT_SET_RESERVED_V4 return
+    nft add rule inet $NFT_TABLE tproxy_loc_v4 ip daddr @$NFT_SET_BYPASS_V4 return
+    # 不处理 DNS 流量
+    nft add rule inet $NFT_TABLE tproxy_loc_v4 meta l4proto {tcp, udp} th dport {53, $ADGUARDHOME_DNS_PORT, $PROXY_DNS_PORT} return
+    nft add rule inet $NFT_TABLE tproxy_loc_v4 meta l4proto {tcp, udp} meta mark set $PROXY_MARK
+    nft add rule inet $NFT_TABLE tproxy_loc_v6 skuid $PROXY_USER return
+    nft add rule inet $NFT_TABLE tproxy_loc_v6 ip6 daddr @$NFT_SET_RESERVED_V6 return
+    nft add rule inet $NFT_TABLE tproxy_loc_v6 ip6 daddr @$NFT_SET_BYPASS_V6 return
+    # 不处理 DNS 流量
+    nft add rule inet $NFT_TABLE tproxy_loc_v6 meta l4proto {tcp, udp} th dport {53, $ADGUARDHOME_DNS_PORT, $PROXY_DNS_PORT} return
+    nft add rule inet $NFT_TABLE tproxy_loc_v6 meta l4proto {tcp, udp} meta mark set $PROXY_MARK
+
+    # 规则 C: 处理局域网及本机回环流量 (在 PREROUTING 链中执行 TPROXY)
+    nft add rule inet $NFT_TABLE mangle_prerouting iifname $LAN_IF meta nfproto ipv4 meta l4proto {tcp, udp} jump tproxy_lan_v4
+    nft add rule inet $NFT_TABLE mangle_prerouting iifname $LAN_IF meta nfproto ipv6 meta l4proto {tcp, udp} jump tproxy_lan_v6
+    nft add rule inet $NFT_TABLE mangle_prerouting iifname "lo" meta nfproto ipv4 meta l4proto {tcp, udp} meta mark $PROXY_MARK jump tproxy_lan_v4
+    nft add rule inet $NFT_TABLE mangle_prerouting iifname "lo" meta nfproto ipv6 meta l4proto {tcp, udp} meta mark $PROXY_MARK jump tproxy_lan_v6
+    
+    nft add rule inet $NFT_TABLE tproxy_lan_v4 ip daddr @$NFT_SET_RESERVED_V4 return
+    nft add rule inet $NFT_TABLE tproxy_lan_v4 ip daddr @$NFT_SET_BYPASS_V4 return
+    # 不处理 DNS 流量
+    nft add rule inet $NFT_TABLE tproxy_lan_v4 meta l4proto {tcp, udp} th dport {53, $ADGUARDHOME_DNS_PORT, $PROXY_DNS_PORT} return
+    nft add rule inet $NFT_TABLE tproxy_lan_v4 meta l4proto {tcp, udp} meta mark set $PROXY_MARK tproxy to :$PROXY_PORT
+    nft add rule inet $NFT_TABLE tproxy_lan_v6 ip6 daddr @$NFT_SET_RESERVED_V6 return
+    nft add rule inet $NFT_TABLE tproxy_lan_v6 ip6 daddr @$NFT_SET_BYPASS_V6 return
+    # 不处理 DNS 流量
+    nft add rule inet $NFT_TABLE tproxy_lan_v6 meta l4proto {tcp, udp} th dport {53, $ADGUARDHOME_DNS_PORT, $PROXY_DNS_PORT} return
+    nft add rule inet $NFT_TABLE tproxy_lan_v6 meta l4proto {tcp, udp} meta mark set $PROXY_MARK tproxy to :$PROXY_PORT
+
+    printf "✅ 透明代理服务已成功启动。\n"
+    
+    # 清除陷阱，正常启动时保持锁文件
+    trap - INT TERM
+}
+
+do_stop() {
+    printf "⏹️  停止透明代理服务...\n"
+    
+    # 清理策略路由
+    ip -4 rule del fwmark $PROXY_MARK lookup $ROUTE_TABLE 2>/dev/null || true
+    ip -6 rule del fwmark $PROXY_MARK lookup $ROUTE_TABLE 2>/dev/null || true
+    # 清理自定义路由表内容
+    ip -4 route flush table $ROUTE_TABLE 2>/dev/null
+    ip -6 route flush table $ROUTE_TABLE 2>/dev/null
+    # 删除 nft 路由表
+    printf "  -> 正在清理防火墙表 '%s'...\n" "$NFT_TABLE"
+    nft delete table inet $NFT_TABLE 2>/dev/null || true
+    
+    # 清理锁文件
+    remove_lock
+    
+    printf "🛑 透明代理服务已完全停止。\n"
+}
+
+do_status() {
+    ICON_OK="✅"
+    ICON_FAIL="❌"
+    ICON_INFO="ℹ️"
+    ICON_OFF="⚪️"
+
+    printf "--- TPROXY 服务状态检查 ---\n"
+
+    # 检查锁文件状态
+    if [ -f "$LOCK_FILE" ]; then
+        local start_time=$(cat "$LOCK_FILE" 2>/dev/null)
+        if [ -n "$start_time" ]; then
+            printf "锁文件状态: %s 存在 (启动时间: %s)\n" "$ICON_OK" "$start_time"
+        else
+            printf "锁文件状态: %s 存在但无效\n" "$ICON_FAIL"
+        fi
+    else
+        printf "锁文件状态: %s 不存在\n" "$ICON_OFF"
+    fi
+
+    if ! nft list table inet "$NFT_TABLE" >/dev/null 2>&1; then
+        printf "总状态: %s 未激活 (找不到防火墙表 '%s')\n" "$ICON_OFF" "$NFT_TABLE"
+        exit 0
+    fi
+
+    if ip rule show | grep -q "fwmark $PROXY_MARK lookup $ROUTE_TABLE"; then
+        printf "总状态: %s 激活\n" "$ICON_OK"
+    else
+        printf "总状态: %s 部分激活 (防火墙规则存在，但策略路由缺失)\n" "$ICON_FAIL"
+    fi
+
+    printf "\n[+] IP 路由与规则:\n"
+    if ip rule show | grep -q "fwmark $PROXY_MARK"; then
+        printf "  %s 策略路由:\n" "$ICON_INFO"
+        ip rule show | grep "fwmark $PROXY_MARK" | sed 's/^/    -> /'
+    else
+        printf "  %s 策略路由: %s 缺失!\n" "$ICON_FAIL" "$ICON_FAIL"
+    fi
+    printf "  %s 自定义路由表 (ID: %s):\n" "$ICON_INFO" "$ROUTE_TABLE"
+    ip route show table "$ROUTE_TABLE" | sed 's/^/    -> /'
+
+    printf "\n[+] NFTables 规则状态 (主表: %s)\n" "$NFT_TABLE"
+
+    if [ "$ENABLE_DNS_HIJACKING" = "true" ]; then
+        if nft list chain inet "$NFT_TABLE" "dns_redirect" >/dev/null 2>&1; then
+            printf "  %s DNS 劫持: 已激活 (转发至端口 %s)\n" "$ICON_OK" "$PROXY_DNS_PORT"
+        else
+            printf "  %s DNS 劫持: 激活失败\n" "$ICON_FAIL"
+        fi
+    else
+        printf "  %s DNS 劫持: 已禁用\n" "$ICON_OFF"
+    fi
+
+    if nft list chain inet "$NFT_TABLE" "tproxy_lan_v4" >/dev/null 2>&1; then
+        printf "  %s TPROXY 代理: 已激活 (监听端口 %s)\n" "$ICON_OK" "$PROXY_PORT"
+    else
+        printf "  %s TPROXY 代理: 激活失败\n" "$ICON_FAIL"
+    fi
+
+    printf "  %s IP 列表加载状态:\n" "$ICON_INFO"
+    if nft list set inet "$NFT_TABLE" "$NFT_SET_RESERVED_V4" >/dev/null 2>&1; then
+        printf "    - %s: %s\n" "$NFT_SET_RESERVED_V4" "$ICON_OK 本地 IPv4 已直连"
+    else
+        printf "    - %s: %s\n" "$NFT_SET_RESERVED_V4" "$ICON_FAIL 未加载"
+    fi
+    if nft list set inet "$NFT_TABLE" "$NFT_SET_RESERVED_V6" >/dev/null 2>&1; then
+        printf "    - %s: %s\n" "$NFT_SET_RESERVED_V6" "$ICON_OK 本地 IPv6 已直连"
+    else
+        printf "    - %s: %s\n" "$NFT_SET_RESERVED_V6" "$ICON_FAIL 未加载"
+    fi
+    if nft list set inet "$NFT_TABLE" "$NFT_SET_BYPASS_V4" >/dev/null 2>&1; then
+        printf "    - %s: %s\n" "$NFT_SET_BYPASS_V4" "$ICON_OK 国内 IPv4 已直连"
+    else
+        printf "    - %s: %s\n" "$NFT_SET_BYPASS_V4" "$ICON_FAIL 未加载"
+    fi
+    if nft list set inet "$NFT_TABLE" "$NFT_SET_BYPASS_V6" >/dev/null 2>&1; then
+        printf "    - %s: %s\n" "$NFT_SET_BYPASS_V6" "$ICON_OK 国内 IPv6 已直连"
+    else
+        printf "    - %s: %s\n" "$NFT_SET_BYPASS_V6" "$ICON_FAIL 未加载"
+    fi
+
+    printf -- "--------------------------------\n"
+}
+
+# --- 脚本主入口 ---
+check_root
+
+case "$1" in
+    start)
+        do_start
+        ;;
+    stop)
+        do_stop
+        ;;
+    restart)
+        printf "🔄 重启透明代理服务...\n"
+        do_stop
+        sleep 1
+        do_start
+        ;;
+    status)
+        do_status
+        ;;
+    *)
+        printf "用法: %s {start|stop|restart|status}\n" "$0"
+        printf "  start   - 启动透明代理服务\n"
+        printf "  stop    - 停止透明代理服务\n"
+        printf "  restart - 重启透明代理服务\n"
+        printf "  status  - 查看服务状态\n"
+        exit 1
+        ;;
+esac
+
+exit 0