路由器 on 欧式fifty 的 bloghttps://blog.ous50.moe/categories/%E8%B7%AF%E7%94%B1%E5%99%A8/Recent content in 路由器 on 欧式fifty 的 blogHugo -- gohugo.iozh-cn欧式fifty 2020-Thu, 29 Jan 2026 00:58:18 +0800如何在 RouterOS 上利用 OSPF 和 PVE 上的 ShellCrash 打造无感网络https://blog.ous50.moe/p/%E5%A6%82%E4%BD%95%E5%9C%A8-routeros-%E4%B8%8A%E5%88%A9%E7%94%A8-ospf-%E5%92%8C-pve-%E4%B8%8A%E7%9A%84-shellcrash-%E6%89%93%E9%80%A0%E6%97%A0%E6%84%9F%E7%BD%91%E7%BB%9C/Thu, 29 Jan 2026 00:58:18 +0800https://blog.ous50.moe/p/%E5%A6%82%E4%BD%95%E5%9C%A8-routeros-%E4%B8%8A%E5%88%A9%E7%94%A8-ospf-%E5%92%8C-pve-%E4%B8%8A%E7%9A%84-shellcrash-%E6%89%93%E9%80%A0%E6%97%A0%E6%84%9F%E7%BD%91%E7%BB%9C/ <style> .light-quote { font-weight: 300; } .bold-quote { font-weight: 700; } .extrabold-quote { font-weight: 900} </style> <blockquote class="gh-blockquote gh-note"> <span class="extrabold-quote">Note</span> <br> 本文内容基于 <strong>2026年1月29日</strong> 的环境撰写,使用的是 RouterOS <code>7.20.1</code> 和 ShellCrash <code>1.9.4beta6</code>,两者均作为 KVM 实例运行在 PVE 上。如果你使用的 RouterOS 或 ShellCrash 版本不同,具体内容可能会有所差异,请灵活变通。 </blockquote> <h2 id="简介"><a href="#%e7%ae%80%e4%bb%8b" class="header-anchor"></a>简介 </h2><p>以前我通过 DHCP 指定网关的方式让网络中的设备使用代理。虽然这种方法能成功实现无感代理,但我没法把这种体验扩展到所有设备上,因为 ShellCrash 有时候是真的会“Crash(崩溃)”,这会直接影响正常的网络流量。我对 OSPF 功能早有耳闻,所以最近参考 <a class="link" href="https://deeprouter.org/article/routeros-ospf-intelligent-traffic-split" target="_blank" rel="noopener" >DeepRouter 的文章</a> 在 RouterOS 上配置了 OSPF。这篇文章主要用来记录我的折腾经验,并分享我是如何增强整个系统的健壮性(Robustness)的。</p> <h2 id="shellcrash-和-bird-的配置"><a href="#shellcrash-%e5%92%8c-bird-%e7%9a%84%e9%85%8d%e7%bd%ae" class="header-anchor"></a>ShellCrash 和 Bird 的配置 </h2><p>虽然把 ShellCrash 和 BIRD 部署在不同的实例里也没问题,但我 <strong>强烈建议</strong> 将它们部署在同一个实例中。</p> <p>这里略过 ShellCrash 的安装过程,请确保在 DNS 配置中使用了 MIX 模式(按 <code>2</code> (功能设置) - <code>2</code> (DNS 设置))。</p> <h3 id="检查-ipv4-和-ipv6-转发配置"><a href="#%e6%a3%80%e6%9f%a5-ipv4-%e5%92%8c-ipv6-%e8%bd%ac%e5%8f%91%e9%85%8d%e7%bd%ae" class="header-anchor"></a>检查 IPv4 和 IPv6 转发配置 </h3><p>运行 <code>sudo sysctl -p</code> 并检查以下项是否已正确配置:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">net.ipv4.ip_forward=1 </span></span><span class="line"><span class="cl">net.ipv6.conf.all.forwarding=1 </span></span></code></pre></div><p>如果没有,请编辑 <code>/etc/sysctl.conf</code> 进行修改。</p> <h3 id="bird"><a href="#bird" class="header-anchor"></a>BIRD </h3><p>我们将使用 <a class="link" href="https://github.com/ous50/nchnroutes" target="_blank" rel="noopener" >!chnroutes</a> 来区分国内 IP。</p> <p>安装完 bird 后,请确保不要立即启用或启动它。我们需要先做一些配置工作。</p> <p>对于 Debian 系统:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo apt update </span></span><span class="line"><span class="cl">sudo apt install bird2 make </span></span></code></pre></div><h4 id="birdconf"><a href="#birdconf" class="header-anchor"></a>bird.conf </h4><p>编辑 <code>/etc/bird/bird.conf</code> 并按照如下内容进行修改。</p> <p>请确保:</p> <ul> <li><code>router id</code> 是你的 ShellCrash/BIRD 实例的 IP。</li> <li>ospf v2 和 v3 中的 <code>interface</code> 都要设置为该实例连接网关(LAN口)所使用的网卡接口名称。 你可以通过 <code>ip a</code> 或 <code>ip link</code> 来查看,找到那个 <strong>不是</strong> <code>lo</code> 的接口。</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="nb">log</span> <span class="n">syslog</span> <span class="n">all</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">router</span> <span class="n">id</span> <span class="mf">192.168</span><span class="o">.</span><span class="mf">114.51</span><span class="p">;</span> <span class="c1"># 这里改成你实例的 IP</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">device</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">scan</span> <span class="n">time</span> <span class="mi">60</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">kernel</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv4</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">import</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">kernel</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv6</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">import</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="k">static</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv4</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="n">include</span> <span class="s2">&#34;/etc/bird/routes4.conf&#34;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="k">static</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv6</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="n">include</span> <span class="s2">&#34;/etc/bird/routes6.conf&#34;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">ospf</span> <span class="n">v2</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv4</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">all</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="n">area</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">interface</span> <span class="s2">&#34;ens18&#34;</span> <span class="p">{</span> <span class="c1"># 改成你的网卡接口名称</span> </span></span><span class="line"><span class="cl"> <span class="n">type</span> <span class="n">pointopoint</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">ospf</span> <span class="n">v3</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv6</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">all</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="n">area</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">interface</span> <span class="s2">&#34;ens18&#34;</span> <span class="p">{</span> <span class="c1"># 改成你的网卡接口名称</span> </span></span><span class="line"><span class="cl"> <span class="n">type</span> <span class="n">pointopoint</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h4 id="生成路由表"><a href="#%e7%94%9f%e6%88%90%e8%b7%af%e7%94%b1%e8%a1%a8" class="header-anchor"></a>生成路由表 </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">git clone https://github.com/ous50/nchnroutes.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> nchnroutes </span></span><span class="line"><span class="cl">make </span></span></code></pre></div><p>如果你连接 github.com 有困难,可以使用镜像站:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">git clone https://hk.gh-proxy.org/https://github.com/ous50/nchnroutes.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> nchnroutes </span></span><span class="line"><span class="cl">make </span></span></code></pre></div><p>如果看到以下输出,说明一切顺利,可以继续:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">python3 produce.py </span></span><span class="line"><span class="cl">sudo mv routes4.conf /etc/bird/routes4.conf </span></span><span class="line"><span class="cl">sudo mv routes6.conf /etc/bird/routes6.conf </span></span><span class="line"><span class="cl">sudo birdc configure </span></span><span class="line"><span class="cl">BIRD 2.0.12 ready. </span></span><span class="line"><span class="cl">Reading configuration from /etc/bird/bird.conf </span></span><span class="line"><span class="cl">Reconfigured </span></span></code></pre></div><h2 id="routeros-配置"><a href="#routeros-%e9%85%8d%e7%bd%ae" class="header-anchor"></a>RouterOS 配置 </h2><p>你需要先设置一个旁路路由表,以防止 OSPF 邻居建立后瞬间发生环路。</p> <h3 id="绕过-shellcrash-防止环路并设置例外"><a href="#%e7%bb%95%e8%bf%87-shellcrash-%e9%98%b2%e6%ad%a2%e7%8e%af%e8%b7%af%e5%b9%b6%e8%ae%be%e7%bd%ae%e4%be%8b%e5%a4%96" class="header-anchor"></a>绕过 ShellCrash 防止环路并设置例外 </h3><p>我们将创建一个新的路由表来绕过来自 ShellCrash 的流量,从而防止死循环。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">/routing table </span></span><span class="line"><span class="cl">add disabled=no fib name=bypass-shellcrash </span></span><span class="line"><span class="cl">/routing rule </span></span><span class="line"><span class="cl">add action=lookup-only-in-table comment=&#34;Bypass Shellcrash Gateway using Routing Mark&#34; disabled=no routing-mark=bypass-shellcrash table=bypass-shellcrash </span></span></code></pre></div><p>将你的默认路由从 <code>main</code> 表迁移到 <code>bypass-shellcrash</code> 表:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="o">/</span><span class="n">ip</span> <span class="n">route</span> </span></span><span class="line"><span class="cl"><span class="n">add</span> <span class="n">disabled</span><span class="o">=</span><span class="n">no</span> <span class="n">distance</span><span class="o">=</span><span class="mi">1</span> <span class="n">dst</span><span class="o">-</span><span class="n">address</span><span class="o">=&lt;</span><span class="err">你的局域网网段带掩码</span><span class="o">&gt;</span> <span class="n">gateway</span><span class="o">=</span><span class="n">lan</span> <span class="n">routing</span><span class="o">-</span><span class="n">table</span><span class="o">=</span><span class="n">bypass</span><span class="o">-</span><span class="n">shellcrash</span> <span class="n">scope</span><span class="o">=</span><span class="mi">30</span> <span class="n">suppress</span><span class="o">-</span><span class="n">hw</span><span class="o">-</span><span class="n">offload</span><span class="o">=</span><span class="n">no</span> <span class="n">target</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="mi">10</span> </span></span><span class="line"><span class="cl"><span class="n">add</span> <span class="n">disabled</span><span class="o">=</span><span class="n">no</span> <span class="n">distance</span><span class="o">=</span><span class="mi">1</span> <span class="n">dst</span><span class="o">-</span><span class="n">address</span><span class="o">=</span><span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">0</span> <span class="n">gateway</span><span class="o">=&lt;</span><span class="err">你的互联网网关</span><span class="o">&gt;</span> <span class="n">routing</span><span class="o">-</span><span class="n">table</span><span class="o">=</span><span class="n">bypass</span><span class="o">-</span><span class="n">shellcrash</span> <span class="n">scope</span><span class="o">=</span><span class="mi">30</span> <span class="n">suppress</span><span class="o">-</span><span class="n">hw</span><span class="o">-</span><span class="n">offload</span><span class="o">=</span><span class="n">no</span> <span class="n">target</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="mi">10</span> </span></span></code></pre></div><h4 id="防火墙标记-mangle"><a href="#%e9%98%b2%e7%81%ab%e5%a2%99%e6%a0%87%e8%ae%b0-mangle" class="header-anchor"></a>防火墙标记 (Mangle) </h4><p>请确保:</p> <ul> <li>将 dst-address 改为你的局域网网段,保留前面的感叹号 <code>!</code>。</li> <li>将 src-mac-address 改为 ShellCrash 实例网卡接口的 MAC 地址(可以在 ShellCrash 实例中用 <code>ip link</code> 查看,或者直接在 PVE 界面看)。</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">/ip firewall mangle </span></span><span class="line"><span class="cl">add action=mark-routing chain=prerouting comment=bypass-shellcrash-gateway dst-address=!192.168.0.0/23 new-routing-mark=bypass-shellcrash src-mac-address=11:45:14:19:19:81 </span></span></code></pre></div><h3 id="ospf-配置"><a href="#ospf-%e9%85%8d%e7%bd%ae" class="header-anchor"></a>OSPF 配置 </h3><p>默认情况下,你不需要更改此脚本中的任何内容。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">/routing ospf instance </span></span><span class="line"><span class="cl">add disabled=no name=shellcrash </span></span><span class="line"><span class="cl">add disabled=no name=shellcrash-v6 version=3 </span></span><span class="line"><span class="cl">/routing ospf area </span></span><span class="line"><span class="cl">add disabled=no instance=shellcrash name=ospf-area-v4 </span></span><span class="line"><span class="cl">add disabled=no instance=shellcrash-v6 name=ospf-area-v6 </span></span><span class="line"><span class="cl">/routing ospf interface-template </span></span><span class="line"><span class="cl">add area=ospf-area-v4 cost=10 disabled=no priority=32 type=ptp </span></span><span class="line"><span class="cl">add area=ospf-area-v6 cost=10 disabled=no priority=32 type=ptp </span></span></code></pre></div><h2 id="进阶技巧-tricks"><a href="#%e8%bf%9b%e9%98%b6%e6%8a%80%e5%b7%a7-tricks" class="header-anchor"></a>进阶技巧 (Tricks) </h2><h3 id="健壮的-dns-设置"><a href="#%e5%81%a5%e5%a3%ae%e7%9a%84-dns-%e8%ae%be%e7%bd%ae" class="header-anchor"></a>健壮的 DNS 设置 </h3><p>由于 ShellCrash 使用了 <code>fake-ip</code> 模式,你应该将 ShellCrash 的 DNS 设置为上游。</p> <p>在这种情况下,我们假设将 RouterOS 的 DNS 下发给客户端,并使用以下 RouterOS 脚本来动态更新上游 DNS 源,以增强健壮性,防止 ShellCrash 挂掉导致全网断网。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">:global ospfInstance &#34;shellsrash&#34; </span></span><span class="line"><span class="cl">:global ospfDNS &#34;1.1.4.5&#34; # 你的 ShellCrash 实例 IP </span></span><span class="line"><span class="cl">:global publicDNS &#34;223.5.5.5&#34; # 这里改为你用于直接上网的公共 DNS </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># (true / false), 测试完成后关闭调试模式,否则日志里全是烦人的调试信息。 </span></span><span class="line"><span class="cl">:local DEBUG false </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 标记最终状态,默认值为 false (down) </span></span><span class="line"><span class="cl">:local isOspfActive false </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 尝试寻找邻居 </span></span><span class="line"><span class="cl">:local neighborIds [/routing ospf neighbor find instance=$ospfInstance] </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 检查是否找到邻居 </span></span><span class="line"><span class="cl">:if ([:len $neighborIds] &gt; 0) do={ </span></span><span class="line"><span class="cl"> # 注意:这里我们假设只使用一个实例。 </span></span><span class="line"><span class="cl"> # 如果你有多个实例,可能需要遍历查找。 </span></span><span class="line"><span class="cl"> :local neighborState [/routing ospf neighbor get ($neighborIds-&gt;0) state] </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] Neighbor found! State: $neighborState&#34;} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> # 只有当状态为 &#34;Full&#34; 时才认为 OSPF 活跃。记住是 &#34;Full&#34; 不是 &#34;full&#34;。这个状态名在不同 RouterOS 版本可能不同。 </span></span><span class="line"><span class="cl"> :if ($neighborState = &#34;Full&#34;) do={ </span></span><span class="line"><span class="cl"> :set isOspfActive true </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} else={ </span></span><span class="line"><span class="cl"> # 如果长度为 0,说明未找到邻居。检查 bird 配置/状态。 </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] No OSPF neighbor found. Logic assumes DOWN.&#34;} </span></span><span class="line"><span class="cl"> :set isOspfActive false </span></span><span class="line"><span class="cl">} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 根据变量 isOspfActive 更改 DNS </span></span><span class="line"><span class="cl">:local currentDNS [/ip dns get servers] </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">:if ($isOspfActive) do={ </span></span><span class="line"><span class="cl"> # OSPF 在线 </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] Decision: OSPF is UP.&#34;} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> :if ($currentDNS != $ospfDNS) do={ </span></span><span class="line"><span class="cl"> :log warning &#34;OSPF Shellcrash Up: Switching to OSPF DNS ($ospfDNS).&#34; </span></span><span class="line"><span class="cl"> /ip dns set servers=$ospfDNS </span></span><span class="line"><span class="cl"> /ip dns cache flush </span></span><span class="line"><span class="cl"> } else={ </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] DNS is already correct (OSPF).&#34;} </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} else={ </span></span><span class="line"><span class="cl"> # OSPF 离线 (或丢失邻居) </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] Decision: OSPF is DOWN/MISSING.&#34;} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> :if ($currentDNS != $publicDNS) do={ </span></span><span class="line"><span class="cl"> :log warning &#34;OSPF Shellcrash Down: Switching to Public DNS ($publicDNS).&#34; </span></span><span class="line"><span class="cl"> /ip dns set servers=$publicDNS </span></span><span class="line"><span class="cl"> /ip dns cache flush </span></span><span class="line"><span class="cl"> } else={ </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] DNS is already correct (Public).&#34;} </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} </span></span></code></pre></div><h3 id="当-shellcrash-崩溃时关闭-bird"><a href="#%e5%bd%93-shellcrash-%e5%b4%a9%e6%ba%83%e6%97%b6%e5%85%b3%e9%97%ad-bird" class="header-anchor"></a>当 ShellCrash 崩溃时关闭 Bird </h3><p>我们将使用一个 bash 脚本来主动检查 ShellCrash 是否存活。如果 API 无法连接,它将停止 Bird 服务以撤回 OSPF 路由。</p> <p>将以下代码块复制并粘贴到你的 PVE Shell 中(以 <code>clash</code> 用户登录,或具有 sudo 权限的用户):</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># 1. 创建看门狗脚本 (Watchdog script)</span> </span></span><span class="line"><span class="cl"><span class="c1"># 注意:我们使用 &#39;EOF&#39; (带引号) 来防止创建时变量被展开。</span> </span></span><span class="line"><span class="cl">sudo tee /home/clash/check_clash.sh &gt; /dev/null <span class="s">&lt;&lt; &#39;EOF&#39; </span></span></span><span class="line"><span class="cl"><span class="s">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"># 配置 </span></span></span><span class="line"><span class="cl"><span class="s">API_URL=&#34;http://127.0.0.1:9999/&#34; </span></span></span><span class="line"><span class="cl"><span class="s">LOG_FILE=&#34;/home/clash/clash_watchdog.log&#34; </span></span></span><span class="line"><span class="cl"><span class="s">DEBUG=false </span></span></span><span class="line"><span class="cl"><span class="s">INTERVAL=3 </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"># 初始化状态 (0=未知, 1=正常, 2=已崩溃) </span></span></span><span class="line"><span class="cl"><span class="s">LAST_STATE=0 </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s">while true; do </span></span></span><span class="line"><span class="cl"><span class="s"> # 检查 ShellCrash API </span></span></span><span class="line"><span class="cl"><span class="s"> HTTP_CODE=$(curl -s -m 1 -o /dev/null -w &#34;%{http_code}&#34; &#34;$API_URL&#34;) </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$DEBUG&#34; = &#34;true&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[DEBUG] Dashboard code: $HTTP_CODE&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$HTTP_CODE&#34; == &#34;200&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> # ShellCrash 存活 </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$LAST_STATE&#34; != &#34;1&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> DATE=$(date &#34;+%Y-%m-%d %H:%M:%S&#34;) </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> # 使用 systemctl 的返回码检查 Bird 是否在运行 (更可靠) </span></span></span><span class="line"><span class="cl"><span class="s"> sudo systemctl is-active --quiet bird </span></span></span><span class="line"><span class="cl"><span class="s"> BIRD_EXIT_CODE=$? </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> if [ $BIRD_EXIT_CODE -ne 0 ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$DEBUG&#34; = &#34;true&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;ShellCrash detected. Starting Bird...&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[$DATE] ShellCrash recovered/detected. Starting Bird...&#34; &gt;&gt; $LOG_FILE </span></span></span><span class="line"><span class="cl"><span class="s"> sudo systemctl start bird </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> LAST_STATE=1 </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> else </span></span></span><span class="line"><span class="cl"><span class="s"> # ShellCrash 已挂 </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$LAST_STATE&#34; != &#34;2&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> DATE=$(date &#34;+%Y-%m-%d %H:%M:%S&#34;) </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$DEBUG&#34; = &#34;true&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[$DATE] Alert! ShellCrash died (Code: $HTTP_CODE). Stopping Bird!&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[$DATE] Alert! ShellCrash died (Code: $HTTP_CODE). Stopping Bird!&#34; &gt;&gt; $LOG_FILE </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> sudo systemctl stop bird </span></span></span><span class="line"><span class="cl"><span class="s"> LAST_STATE=2 </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> sleep $INTERVAL </span></span></span><span class="line"><span class="cl"><span class="s">done </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 赋予执行权限</span> </span></span><span class="line"><span class="cl">sudo chmod +x /home/clash/check_clash.sh </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 创建 Systemd 服务</span> </span></span><span class="line"><span class="cl">sudo tee /etc/systemd/system/clash-watchdog.service &gt; /dev/null <span class="s">&lt;&lt; EOF </span></span></span><span class="line"><span class="cl"><span class="s">[Unit] </span></span></span><span class="line"><span class="cl"><span class="s">Description=ShellCrash Watchdog for Bird OSPF </span></span></span><span class="line"><span class="cl"><span class="s">After=network.target </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s">[Service] </span></span></span><span class="line"><span class="cl"><span class="s">User=clash </span></span></span><span class="line"><span class="cl"><span class="s">Group=clash </span></span></span><span class="line"><span class="cl"><span class="s">ExecStart=/home/clash/check_clash.sh </span></span></span><span class="line"><span class="cl"><span class="s">Restart=always </span></span></span><span class="line"><span class="cl"><span class="s">RestartSec=3 </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s">[Install] </span></span></span><span class="line"><span class="cl"><span class="s">WantedBy=multi-user.target </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 4. 启用并启动</span> </span></span><span class="line"><span class="cl">sudo systemctl daemon-reload </span></span><span class="line"><span class="cl">sudo systemctl <span class="nb">enable</span> --now clash-watchdog.service </span></span><span class="line"><span class="cl">sudo systemctl status clash-watchdog.service </span></span></code></pre></div>