From 5fbc1e3fb357fbddab8443381e7b218eb8a68188 Mon Sep 17 00:00:00 2001
From: hotyue <52734432+hotyue@users.noreply.github.com>
Date: Fri, 24 Apr 2026 13:36:11 +0000
Subject: [PATCH] =?UTF-8?q?fix(agent):=20=E4=BF=AE=E5=A4=8D=20NAT=20?=
 =?UTF-8?q?=E6=9E=B6=E6=9E=84=E4=B8=8B=E5=BC=BA=E5=88=B6=E7=BB=91=E5=AE=9A?=
 =?UTF-8?q?=E5=87=BA=E5=8F=A3=E5=AF=BC=E8=87=B4=E6=8E=A2=E9=92=88=E5=B4=A9?=
 =?UTF-8?q?=E6=BA=83=E7=9A=84=E6=AD=BB=E9=94=81=EF=BC=8C=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=20-f=20=E6=A0=87=E5=BF=97=E8=BE=93=E5=87=BA=E5=AE=8C=E6=95=B4?=
 =?UTF-8?q?=E6=98=8E=E6=96=87=20IP=EF=BC=8C=E5=B9=B6=E8=A7=84=E8=8C=83?=
 =?UTF-8?q?=E5=8C=96=E9=9D=A2=E6=9D=BF=E6=9C=AF=E8=AF=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/mod_quality.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/core/mod_quality.sh b/core/mod_quality.sh
index 7a0bdf4..cdec041 100755
--- a/core/mod_quality.sh
+++ b/core/mod_quality.sh
@@ -5,9 +5,16 @@
 
 source /opt/ip_sentinel/config.conf
 
-TARGET_IP=$(echo "${BIND_IP:-$PUBLIC_IP}" | tr -d '[]')
 IP_PROTO="${IP_PREF:-4}"
 
+# [核心修复] 动态装配参数阵列：默认注入 -y(跳过确认), -j(输出JSON), -f(输出完整明文IP)
+PROBE_ARGS=("-y" "-j" "-f" "-${IP_PROTO}")
+
+# 仅当 BIND_IP 真实存在时（即非 NAT 的纯物理直连机），才向官方探针下发强制绑卡指令
+if [ -n "$BIND_IP" ]; then
+    PROBE_ARGS+=("-i" "$(echo "$BIND_IP" | tr -d '[]')")
+fi
+
 # 1. 静默拉取原始数据 (消除短链接 RCE 劫持风险，收编为本地固化执行)
 PROBE_SCRIPT="/opt/ip_sentinel/core/ip_probe.sh"
 if [ ! -x "$PROBE_SCRIPT" ]; then
@@ -16,8 +23,8 @@ if [ ! -x "$PROBE_SCRIPT" ]; then
     chmod +x "$PROBE_SCRIPT" 2>/dev/null
 fi
 
-# 采用本地执行，彻底封死运行时的外部投毒通道
-RAW_OUTPUT=$(timeout 180 bash "$PROBE_SCRIPT" -y -j -${IP_PROTO} -i "${TARGET_IP}" 2>/dev/null)
+# 采用本地执行，将动态参数阵列展开，彻底封死外部投毒与 NAT 死锁陷阱
+RAW_OUTPUT=$(timeout 180 bash "$PROBE_SCRIPT" "${PROBE_ARGS[@]}" 2>/dev/null)
 
 # 2. 极致截取 JSON (无视开头的赞助商广告与不可见字符，精准提取)
 JSON_DATA="{${RAW_OUTPUT#*\{}"
@@ -127,7 +134,7 @@ REPORT="🎯 *IP-Sentinel 深海声呐报告*
 *🛡️ 欺诈雷达 (0为最优)*
 • **Scamalytics:** \`${SCAM_SCORE}/100\`
 • **AbuseIPDB:** \`${ABUSE_SCORE}/100\`
-• **IPQuality:** \`${IPQS_SCORE}/100\`
+• **IPQS:** \`${IPQS_SCORE}/100\`
 • **IP2Location:** \`${IP2L_SCORE}/100\`
 • **IPAPI 风险率:** \`${FRAUD_RISK}\`