From f418a118e1a26b2d3c21d35800f8fe6a26dcdb2d Mon Sep 17 00:00:00 2001 From: hotyue <52734432+hotyue@users.noreply.github.com> Date: Mon, 1 Jun 2026 05:51:52 +0000 Subject: [PATCH] =?UTF-8?q?feat(network):=20=E8=B7=83=E5=8D=87=20v4.2.1?= =?UTF-8?q?=EF=BC=8C=E5=BC=BA=E5=8C=96=E9=9B=B7=E8=BE=BE=E5=97=85=E6=8E=A2?= =?UTF-8?q?=E5=BA=95=E5=B1=82=E9=80=BB=E8=BE=91=EF=BC=8C=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=20WARP=20=E4=BB=A3=E7=90=86=E5=8F=8A=20CGNAT=20=E5=A4=A7?= =?UTF-8?q?=E5=86=85=E7=BD=91=20IP=20=E7=9A=84=E7=89=A9=E7=90=86=E7=BA=A7?= =?UTF-8?q?=E6=8B=A6=E6=88=AA=EF=BC=8C=E5=BD=BB=E5=BA=95=E8=A7=A3=E5=86=B3?= =?UTF-8?q?=E7=BA=AF=20IPv6=20=E8=8A=82=E7=82=B9=E5=9B=A0=E5=85=A8?= =?UTF-8?q?=E5=B1=80=E4=BB=A3=E7=90=86=E7=A9=BF=E9=80=8F=E5=AF=BC=E8=87=B4?= =?UTF-8?q?=E7=9A=84=E6=8E=A7=E5=88=B6=E9=9D=A2=E5=81=87=E6=AD=BB=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/install.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/core/install.sh b/core/install.sh index 8ed6349..29a7079 100755 --- a/core/install.sh +++ b/core/install.sh @@ -415,8 +415,25 @@ if [ "$UPGRADE_MODE" == "false" ]; then # ---------------------------------------------------------- echo -e "\n\033[36m[4.5/7] 正在探测本机网络栈与可用出口 (多节点雷达扫描中)...\033[0m" - DETECT_V4=$( (curl -4 -s -m 3 api.ip.sb/ip || curl -4 -s -m 3 ifconfig.me || curl -4 -s -m 3 ipv4.icanhazip.com) 2>/dev/null | grep -E "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | head -n 1 | tr -d '[:space:]') - DETECT_V6=$( (curl -6 -s -m 3 api.ip.sb/ip || curl -6 -s -m 3 ifconfig.me || curl -6 -s -m 3 ipv6.icanhazip.com) 2>/dev/null | grep -E "^[0-9a-fA-F:]+.*:" | head -n 1 | tr -d '[:space:]') + RAW_DETECT_V4=$( (curl -4 -s -m 3 api.ip.sb/ip || curl -4 -s -m 3 ifconfig.me || curl -4 -s -m 3 ipv4.icanhazip.com) 2>/dev/null | grep -E "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | head -n 1 | tr -d '[:space:]') + RAW_DETECT_V6=$( (curl -6 -s -m 3 api.ip.sb/ip || curl -6 -s -m 3 ifconfig.me || curl -6 -s -m 3 ipv6.icanhazip.com) 2>/dev/null | grep -E "^[0-9a-fA-F:]+.*:" | head -n 1 | tr -d '[:space:]') + + # [v4.2.1 源头防线] 剔除 WARP 伪装 IP (如 104.28.x.x) 及各类云服务商大内网/CGNAT 保留段 + # 防止纯 v6 机器开启 WARP v4 后,错误将代理 IP 当作入站网卡,导致双轨架构及端口监听彻底崩溃 + DETECT_V4="" + if [[ -n "$RAW_DETECT_V4" ]] && \ + ! [[ "$RAW_DETECT_V4" =~ ^104\.28\. ]] && \ + ! [[ "$RAW_DETECT_V4" =~ ^10\.|^192\.168\.|^172\.(1[6-9]|2[0-9]|3[0-1])\.|^100\.(6[4-9]|[7-9][0-9]|1[0-1][0-9]|12[0-7])\. ]]; then + DETECT_V4="$RAW_DETECT_V4" + elif [[ -n "$RAW_DETECT_V4" ]]; then + echo -e " \033[33m⚠️ 雷达警告: 发现异常 IPv4 出口 ($RAW_DETECT_V4),疑似 WARP/NAT 代理,已从通讯候选池中隔离。\033[0m" + fi + + # [容灾] v6 也做最基础的本地链路段拦截 (极少发生,兜底防御) + DETECT_V6="" + if [[ -n "$RAW_DETECT_V6" ]] && ! [[ "$RAW_DETECT_V6" =~ ^fe80:|^::1 ]]; then + DETECT_V6="$RAW_DETECT_V6" + fi IP_OPTIONS=() IP_PROTO=()