RouterOS on 欧式fifty 嘅 bloghttps://blog.ous50.moe/yue-cn/categories/routeros/Recent content in RouterOS on 欧式fifty 嘅 blogHugo -- gohugo.ioyue-cn欧式fifty 2020-Thu, 29 Jan 2026 00:58:18 +0800我係点样喺 RouterOS 用 OSPF 同 PVE 上嘅 ShellCrash 搞个无感网络https://blog.ous50.moe/yue-cn/p/%E6%88%91%E4%BF%82%E7%82%B9%E6%A0%B7%E5%96%BA-routeros-%E7%94%A8-ospf-%E5%90%8C-pve-%E4%B8%8A%E5%98%85-shellcrash-%E6%90%9E%E4%B8%AA%E6%97%A0%E6%84%9F%E7%BD%91%E7%BB%9C/Thu, 29 Jan 2026 00:58:18 +0800https://blog.ous50.moe/yue-cn/p/%E6%88%91%E4%BF%82%E7%82%B9%E6%A0%B7%E5%96%BA-routeros-%E7%94%A8-ospf-%E5%90%8C-pve-%E4%B8%8A%E5%98%85-shellcrash-%E6%90%9E%E4%B8%AA%E6%97%A0%E6%84%9F%E7%BD%91%E7%BB%9C/ <style> .light-quote { font-weight: 300; } .bold-quote { font-weight: 700; } .extrabold-quote { font-weight: 900} </style> <blockquote class="gh-blockquote gh-note"> <span class="extrabold-quote">Note</span> <br> 呢篇文章係基于 <strong>2026年1月29日</strong> 嘅环境写嘅,RouterOS 版本係 <code>7.20.1</code>,ShellCrash 版本係 <code>1.9.4beta6</code>,两个都係喺 PVE 上面跑嘅 KVM。如果你用紧唔同版本嘅 RouterOS 或者 ShellCrash,内容可能会有啲出入,大家自己执生啦。 </blockquote> <h2 id="简介"><a href="#%e7%ae%80%e4%bb%8b" class="header-anchor"></a>简介 </h2><p>之前我係用 DHCP 指定 Gateway 嘅方法令网络入面嘅机用 Proxy。虽然呢招都可以做到无感 Proxy,但我无办法将呢种体验扩展到全部机度,因为 ShellCrash 有时真係会“Crash(瓜柴)”,咁就会直接搞到正常上网都受影响。我对 OSPF 呢个功能听咗好耐,所以最近跟住 <a class="link" href="https://deeprouter.org/article/routeros-ospf-intelligent-traffic-split" target="_blank" rel="noopener" >DeepRouter 篇文章</a> 喺 RouterOS 上面 Set 咗 OSPF。呢篇文主要係用来记低我嘅折腾经验,同埋分享下我点样令成个係统稳阵啲 (Robustness)。</p> <h2 id="shellcrash-同-bird-嘅配置"><a href="#shellcrash-%e5%90%8c-bird-%e5%98%85%e9%85%8d%e7%bd%ae" class="header-anchor"></a>ShellCrash 同 Bird 嘅配置 </h2><p>虽然将 ShellCrash 同 BIRD 放喺唔同 Instance 跑都得,但我 <strong>极度建议</strong> 放喺同一个 Instance 入面。</p> <p>ShellCrash 安装过程就唔讲啦,记得喺 DNS 配置度用 MIX 模式(按 <code>2</code> (功能设置) - <code>2</code> (DNS 设置))。</p> <h3 id="check-下-ipv4-同-ipv6-forward-配置"><a href="#check-%e4%b8%8b-ipv4-%e5%90%8c-ipv6-forward-%e9%85%8d%e7%bd%ae" class="header-anchor"></a>Check 下 IPv4 同 IPv6 Forward 配置 </h3><p>Run 下 <code>sudo sysctl -p</code> 睇下下面几行係咪 Set 好咗:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">net.ipv4.ip_forward=1 </span></span><span class="line"><span class="cl">net.ipv6.conf.all.forwarding=1 </span></span></code></pre></div><p>如果未,就改下 <code>/etc/sysctl.conf</code>。</p> <h3 id="bird"><a href="#bird" class="header-anchor"></a>BIRD </h3><p>我哋会用 <a class="link" href="https://github.com/ous50/nchnroutes" target="_blank" rel="noopener" >!chnroutes</a> 来分返开国内 IP。</p> <p>装完 bird 之后,记住千祈唔好即刻着咗佢 (start service)。我哋要搞掂啲配置先。</p> <p>Debian 嘅话:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo apt update </span></span><span class="line"><span class="cl">sudo apt install bird2 make </span></span></code></pre></div><h4 id="birdconf"><a href="#birdconf" class="header-anchor"></a>bird.conf </h4><p>Edit 下 <code>/etc/bird/bird.conf</code> 跟住下面咁改。</p> <p>记得 Check 清楚:</p> <ul> <li><code>router id</code> 係你 ShellCrash/BIRD 嗰个 Instance 嘅 IP。</li> <li>ospf v2 同 v3 入面嘅 <code>interface</code> 都要 Set 做连去 Gateway(LAN口)嗰张网卡。 你可以用 <code>ip a</code> 或者 <code>ip link</code> 来睇,揾嗰个 <strong>唔係</strong> <code>lo</code> 嘅 interface 就係啦。</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="nb">log</span> <span class="n">syslog</span> <span class="n">all</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">router</span> <span class="n">id</span> <span class="mf">192.168</span><span class="o">.</span><span class="mf">114.51</span><span class="p">;</span> <span class="c1"># 这里改做你 Instance 嘅 IP</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">device</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">scan</span> <span class="n">time</span> <span class="mi">60</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">kernel</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv4</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">import</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">kernel</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv6</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">import</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">none</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="k">static</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv4</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="n">include</span> <span class="s2">&#34;/etc/bird/routes4.conf&#34;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="k">static</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv6</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="n">include</span> <span class="s2">&#34;/etc/bird/routes6.conf&#34;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">ospf</span> <span class="n">v2</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv4</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">all</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="n">area</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">interface</span> <span class="s2">&#34;ens18&#34;</span> <span class="p">{</span> <span class="c1"># 改做你张网卡个名</span> </span></span><span class="line"><span class="cl"> <span class="n">type</span> <span class="n">pointopoint</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="n">protocol</span> <span class="n">ospf</span> <span class="n">v3</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">ipv6</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">export</span> <span class="n">all</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="n">area</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">interface</span> <span class="s2">&#34;ens18&#34;</span> <span class="p">{</span> <span class="c1"># 改做你张网卡个名</span> </span></span><span class="line"><span class="cl"> <span class="n">type</span> <span class="n">pointopoint</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h4 id="generate-啲-route-出来"><a href="#generate-%e5%95%b2-route-%e5%87%ba%e6%9d%a5" class="header-anchor"></a>Generate 啲 Route 出来 </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">git clone https://github.com/ous50/nchnroutes.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> nchnroutes </span></span><span class="line"><span class="cl">make </span></span></code></pre></div><p>如果你连 github.com 有困难,可以用 Mirror:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">git clone https://hk.gh-proxy.org/https://github.com/ous50/nchnroutes.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> nchnroutes </span></span><span class="line"><span class="cl">make </span></span></code></pre></div><p>见到下面呢啲 Output 就即係搞掂,可以继续:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">python3 produce.py </span></span><span class="line"><span class="cl">sudo mv routes4.conf /etc/bird/routes4.conf </span></span><span class="line"><span class="cl">sudo mv routes6.conf /etc/bird/routes6.conf </span></span><span class="line"><span class="cl">sudo birdc configure </span></span><span class="line"><span class="cl">BIRD 2.0.12 ready. </span></span><span class="line"><span class="cl">Reading configuration from /etc/bird/bird.conf </span></span><span class="line"><span class="cl">Reconfigured </span></span></code></pre></div><h2 id="routeros-配置"><a href="#routeros-%e9%85%8d%e7%bd%ae" class="header-anchor"></a>RouterOS 配置 </h2><p>你需要先 Set 好个旁路路由表,防止 OSPF 邻居一建立就好易 Loop 死 (infinite loop)。</p> <h3 id="bypass-shellcrash-防止-loop-同埋-set-例外"><a href="#bypass-shellcrash-%e9%98%b2%e6%ad%a2-loop-%e5%90%8c%e5%9f%8b-set-%e4%be%8b%e5%a4%96" class="header-anchor"></a>Bypass ShellCrash 防止 Loop 同埋 Set 例外 </h3><p>我哋会整多张 Routing Table 来 Bypass 来自 ShellCrash 嘅流量,费事佢 Loop。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">/routing table </span></span><span class="line"><span class="cl">add disabled=no fib name=bypass-shellcrash </span></span><span class="line"><span class="cl">/routing rule </span></span><span class="line"><span class="cl">add action=lookup-only-in-table comment=&#34;Bypass Shellcrash Gateway using Routing Mark&#34; disabled=no routing-mark=bypass-shellcrash table=bypass-shellcrash </span></span></code></pre></div><p>将你 Default Route 从 <code>main</code> 表搬去 <code>bypass-shellcrash</code> 表:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="o">/</span><span class="n">ip</span> <span class="n">route</span> </span></span><span class="line"><span class="cl"><span class="n">add</span> <span class="n">disabled</span><span class="o">=</span><span class="n">no</span> <span class="n">distance</span><span class="o">=</span><span class="mi">1</span> <span class="n">dst</span><span class="o">-</span><span class="n">address</span><span class="o">=&lt;</span><span class="err">你个</span> <span class="n">LAN</span> <span class="err">网段带</span> <span class="n">CIDR</span><span class="o">&gt;</span> <span class="n">gateway</span><span class="o">=</span><span class="n">lan</span> <span class="n">routing</span><span class="o">-</span><span class="n">table</span><span class="o">=</span><span class="n">bypass</span><span class="o">-</span><span class="n">shellcrash</span> <span class="n">scope</span><span class="o">=</span><span class="mi">30</span> <span class="n">suppress</span><span class="o">-</span><span class="n">hw</span><span class="o">-</span><span class="n">offload</span><span class="o">=</span><span class="n">no</span> <span class="n">target</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="mi">10</span> </span></span><span class="line"><span class="cl"><span class="n">add</span> <span class="n">disabled</span><span class="o">=</span><span class="n">no</span> <span class="n">distance</span><span class="o">=</span><span class="mi">1</span> <span class="n">dst</span><span class="o">-</span><span class="n">address</span><span class="o">=</span><span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">0</span> <span class="n">gateway</span><span class="o">=&lt;</span><span class="err">你个</span> <span class="n">Internet</span> <span class="n">Gateway</span><span class="o">&gt;</span> <span class="n">routing</span><span class="o">-</span><span class="n">table</span><span class="o">=</span><span class="n">bypass</span><span class="o">-</span><span class="n">shellcrash</span> <span class="n">scope</span><span class="o">=</span><span class="mi">30</span> <span class="n">suppress</span><span class="o">-</span><span class="n">hw</span><span class="o">-</span><span class="n">offload</span><span class="o">=</span><span class="n">no</span> <span class="n">target</span><span class="o">-</span><span class="n">scope</span><span class="o">=</span><span class="mi">10</span> </span></span></code></pre></div><h4 id="firewall-tagging-mangle"><a href="#firewall-tagging-mangle" class="header-anchor"></a>Firewall Tagging (Mangle) </h4><p>记得留意:</p> <ul> <li>将 dst-address 改做你嘅 LAN 网段,前面的感叹号 <code>!</code> 要留返喺度。</li> <li>将 src-mac-address 改做 ShellCrash 嗰张网卡嘅 MAC Address(可以喺 ShellCrash 入面打 <code>ip link</code> 睇,或者直接喺 PVE 界面睇都得)。</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">/ip firewall mangle </span></span><span class="line"><span class="cl">add action=mark-routing chain=prerouting comment=bypass-shellcrash-gateway dst-address=!192.168.0.0/23 new-routing-mark=bypass-shellcrash src-mac-address=11:45:14:19:19:81 </span></span></code></pre></div><h3 id="ospf-config"><a href="#ospf-config" class="header-anchor"></a>OSPF Config </h3><p>默认来讲,呢段 Script 你咩都唔使改。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">/routing ospf instance </span></span><span class="line"><span class="cl">add disabled=no name=shellcrash </span></span><span class="line"><span class="cl">add disabled=no name=shellcrash-v6 version=3 </span></span><span class="line"><span class="cl">/routing ospf area </span></span><span class="line"><span class="cl">add disabled=no instance=shellcrash name=ospf-area-v4 </span></span><span class="line"><span class="cl">add disabled=no instance=shellcrash-v6 name=ospf-area-v6 </span></span><span class="line"><span class="cl">/routing ospf interface-template </span></span><span class="line"><span class="cl">add area=ospf-area-v4 cost=10 disabled=no priority=32 type=ptp </span></span><span class="line"><span class="cl">add area=ospf-area-v6 cost=10 disabled=no priority=32 type=ptp </span></span></code></pre></div><h2 id="醒目-tips-tricks"><a href="#%e9%86%92%e7%9b%ae-tips-tricks" class="header-anchor"></a>醒目 Tips (Tricks) </h2><h3 id="稳阵嘅-dns-setting"><a href="#%e7%a8%b3%e9%98%b5%e5%98%85-dns-setting" class="header-anchor"></a>稳阵嘅 DNS Setting </h3><p>因为 ShellCrash 用咗 <code>fake-ip</code> 模式,你应该将 ShellCrash 嘅 DNS Set 做上游。</p> <p>喺呢个 Case 入面,我哋假设将 RouterOS 嘅 DNS 派俾 Client,跟住用下面呢段 RouterOS Script 动态 Update 上游 DNS,咁样稳阵啲,万一 ShellCrash 瓜咗都唔会搞到全屋断网。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">:global ospfInstance &#34;shellsrash&#34; </span></span><span class="line"><span class="cl">:global ospfDNS &#34;1.1.4.5&#34; # 你个 ShellCrash Instance IP </span></span><span class="line"><span class="cl">:global publicDNS &#34;223.5.5.5&#34; # 这里改做你用来直接上网个 Public DNS </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># (true / false), Test 完记得关咗 Debug 佢,如果唔係个 Log 会好鬼烦。 </span></span><span class="line"><span class="cl">:local DEBUG false </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># Mark 低个最终状态,Default 係 false (down) </span></span><span class="line"><span class="cl">:local isOspfActive false </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 尝试揾邻居 </span></span><span class="line"><span class="cl">:local neighborIds [/routing ospf neighbor find instance=$ospfInstance] </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># Check 下揾唔揾到 </span></span><span class="line"><span class="cl">:if ([:len $neighborIds] &gt; 0) do={ </span></span><span class="line"><span class="cl"> # Note: 呢度我哋假设只用一个 Instance。 </span></span><span class="line"><span class="cl"> # 如果你有几个 Instance,可能要 Loop 下去揾。 </span></span><span class="line"><span class="cl"> :local neighborState [/routing ospf neighbor get ($neighborIds-&gt;0) state] </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] Neighbor found! State: $neighborState&#34;} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> # 只有当状态係 &#34;Full&#34; 先当 OSPF Active。记住係 &#34;Full&#34; 唔係 &#34;full&#34;。呢个状态名喺唔同 RouterOS 版本可能有分别。 </span></span><span class="line"><span class="cl"> :if ($neighborState = &#34;Full&#34;) do={ </span></span><span class="line"><span class="cl"> :set isOspfActive true </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} else={ </span></span><span class="line"><span class="cl"> # 如果长度係 0,即係揾唔到邻居。Check 下 bird 配置/状态啦。 </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] No OSPF neighbor found. Logic assumes DOWN.&#34;} </span></span><span class="line"><span class="cl"> :set isOspfActive false </span></span><span class="line"><span class="cl">} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 根据 isOspfActive 呢个变量来改 DNS </span></span><span class="line"><span class="cl">:local currentDNS [/ip dns get servers] </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">:if ($isOspfActive) do={ </span></span><span class="line"><span class="cl"> # OSPF Up 咗 </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] Decision: OSPF is UP.&#34;} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> :if ($currentDNS != $ospfDNS) do={ </span></span><span class="line"><span class="cl"> :log warning &#34;OSPF Shellcrash Up: Switching to OSPF DNS ($ospfDNS).&#34; </span></span><span class="line"><span class="cl"> /ip dns set servers=$ospfDNS </span></span><span class="line"><span class="cl"> /ip dns cache flush </span></span><span class="line"><span class="cl"> } else={ </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] DNS is already correct (OSPF).&#34;} </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} else={ </span></span><span class="line"><span class="cl"> # OSPF Down 咗 (或者揾唔到邻居) </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] Decision: OSPF is DOWN/MISSING.&#34;} </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> :if ($currentDNS != $publicDNS) do={ </span></span><span class="line"><span class="cl"> :log warning &#34;OSPF Shellcrash Down: Switching to Public DNS ($publicDNS).&#34; </span></span><span class="line"><span class="cl"> /ip dns set servers=$publicDNS </span></span><span class="line"><span class="cl"> /ip dns cache flush </span></span><span class="line"><span class="cl"> } else={ </span></span><span class="line"><span class="cl"> :if ($DEBUG) do={:log info &#34;[DEBUG] DNS is already correct (Public).&#34;} </span></span><span class="line"><span class="cl"> } </span></span><span class="line"><span class="cl">} </span></span></code></pre></div><h3 id="shellcrash-瓜咗嗰阵自动熄-bird"><a href="#shellcrash-%e7%93%9c%e5%92%97%e5%97%b0%e9%98%b5%e8%87%aa%e5%8a%a8%e7%86%84-bird" class="header-anchor"></a>ShellCrash 瓜咗嗰阵自动熄 Bird </h3><p>我哋会用个 bash script 主动 check 住 ShellCrash 仲係咪生勾勾 (alive)。如果 API 连唔到,佢就会停咗个 Bird Service 嚟收返啲 OSPF Route。</p> <p>Copy 下面段 Code 再 Paste 入你 PVE 个 Shell 度(用 <code>clash</code> user 登录,或者用有 sudo 权限嘅 user):</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="c1"># 1. 整返个 Watchdog script</span> </span></span><span class="line"><span class="cl"><span class="c1"># Note: 我哋用 &#39;EOF&#39; (带引号) 来防止 Create 嗰阵啲变量被 Expand 咗。</span> </span></span><span class="line"><span class="cl">sudo tee /home/clash/check_clash.sh &gt; /dev/null <span class="s">&lt;&lt; &#39;EOF&#39; </span></span></span><span class="line"><span class="cl"><span class="s">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"># Configuration </span></span></span><span class="line"><span class="cl"><span class="s">API_URL=&#34;http://127.0.0.1:9999/&#34; </span></span></span><span class="line"><span class="cl"><span class="s">LOG_FILE=&#34;/home/clash/clash_watchdog.log&#34; </span></span></span><span class="line"><span class="cl"><span class="s">DEBUG=false </span></span></span><span class="line"><span class="cl"><span class="s">INTERVAL=3 </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"># Init 状态 (0=唔知, 1=正常, 2=瓜咗) </span></span></span><span class="line"><span class="cl"><span class="s">LAST_STATE=0 </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s">while true; do </span></span></span><span class="line"><span class="cl"><span class="s"> # Check ShellCrash API </span></span></span><span class="line"><span class="cl"><span class="s"> HTTP_CODE=$(curl -s -m 1 -o /dev/null -w &#34;%{http_code}&#34; &#34;$API_URL&#34;) </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$DEBUG&#34; = &#34;true&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[DEBUG] Dashboard code: $HTTP_CODE&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$HTTP_CODE&#34; == &#34;200&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> # ShellCrash 生存 </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$LAST_STATE&#34; != &#34;1&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> DATE=$(date &#34;+%Y-%m-%d %H:%M:%S&#34;) </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> # 用 systemctl 个 return code 睇下 Bird 有无跑紧 (稳阵啲) </span></span></span><span class="line"><span class="cl"><span class="s"> sudo systemctl is-active --quiet bird </span></span></span><span class="line"><span class="cl"><span class="s"> BIRD_EXIT_CODE=$? </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> if [ $BIRD_EXIT_CODE -ne 0 ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$DEBUG&#34; = &#34;true&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;ShellCrash detected. Starting Bird...&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[$DATE] ShellCrash recovered/detected. Starting Bird...&#34; &gt;&gt; $LOG_FILE </span></span></span><span class="line"><span class="cl"><span class="s"> sudo systemctl start bird </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> LAST_STATE=1 </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> else </span></span></span><span class="line"><span class="cl"><span class="s"> # ShellCrash 瓜咗 </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$LAST_STATE&#34; != &#34;2&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> DATE=$(date &#34;+%Y-%m-%d %H:%M:%S&#34;) </span></span></span><span class="line"><span class="cl"><span class="s"> if [ &#34;$DEBUG&#34; = &#34;true&#34; ]; then </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[$DATE] Alert! ShellCrash died (Code: $HTTP_CODE). Stopping Bird!&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> echo &#34;[$DATE] Alert! ShellCrash died (Code: $HTTP_CODE). Stopping Bird!&#34; &gt;&gt; $LOG_FILE </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> sudo systemctl stop bird </span></span></span><span class="line"><span class="cl"><span class="s"> LAST_STATE=2 </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> fi </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s"> sleep $INTERVAL </span></span></span><span class="line"><span class="cl"><span class="s">done </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 俾个 Execute 权限佢</span> </span></span><span class="line"><span class="cl">sudo chmod +x /home/clash/check_clash.sh </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 整返个 Systemd Service</span> </span></span><span class="line"><span class="cl">sudo tee /etc/systemd/system/clash-watchdog.service &gt; /dev/null <span class="s">&lt;&lt; EOF </span></span></span><span class="line"><span class="cl"><span class="s">[Unit] </span></span></span><span class="line"><span class="cl"><span class="s">Description=ShellCrash Watchdog for Bird OSPF </span></span></span><span class="line"><span class="cl"><span class="s">After=network.target </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s">[Service] </span></span></span><span class="line"><span class="cl"><span class="s">User=clash </span></span></span><span class="line"><span class="cl"><span class="s">Group=clash </span></span></span><span class="line"><span class="cl"><span class="s">ExecStart=/home/clash/check_clash.sh </span></span></span><span class="line"><span class="cl"><span class="s">Restart=always </span></span></span><span class="line"><span class="cl"><span class="s">RestartSec=3 </span></span></span><span class="line"><span class="cl"><span class="s"> </span></span></span><span class="line"><span class="cl"><span class="s">[Install] </span></span></span><span class="line"><span class="cl"><span class="s">WantedBy=multi-user.target </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 4. Enable 同 Start 佢</span> </span></span><span class="line"><span class="cl">sudo systemctl daemon-reload </span></span><span class="line"><span class="cl">sudo systemctl <span class="nb">enable</span> --now clash-watchdog.service </span></span><span class="line"><span class="cl">sudo systemctl status clash-watchdog.service </span></span></code></pre></div>