#!/bin/ash # shellcheck shell=dash # alpine / debian initrd 共用此脚本 mac_addr=$1 ipv4_addr=$2 ipv4_gateway=$3 ipv6_addr=$4 ipv6_gateway=$5 is_in_china=$6 DHCP_TIMEOUT=15 DNS_FILE_TIMEOUT=5 TEST_TIMEOUT=10 # 检测是否有网络是通过检测这些 IP 的端口是否开放 # 因为 debian initrd 没有 nslookup # 改成 generate_204?但检测网络时可能 resolv.conf 为空 # HTTP 80 # HTTPS/DOH 443 # DOT 853 if $is_in_china; then ipv4_dns1='223.5.5.5' ipv4_dns2='119.29.29.29' # 不开放 853 ipv6_dns1='2400:3200::1' ipv6_dns2='2402:4e00::' # 不开放 853 else ipv4_dns1='1.1.1.1' ipv4_dns2='8.8.8.8' # 不开放 80 ipv6_dns1='2606:4700:4700::1111' ipv6_dns2='2001:4860:4860::8888' # 不开放 80 fi # 找到主网卡 # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs get_ethx() { # 过滤 azure vf (带 master ethx) # 2: eth0: mtu 1500 qdisc mq state UP qlen 1000\ link/ether 60:45:bd:21:8a:51 brd ff:ff:ff:ff:ff:ff # 3: eth1: mtu 1500 qdisc mq master eth0 state UP qlen 1000\ link/ether 60:45:bd:21:8a:51 brd ff:ff:ff if false; then ip -o link | grep -i "$mac_addr" | grep -v master | awk '{print $2}' | cut -d: -f1 else ip -o link | grep -i "$mac_addr" | grep -v master | cut -d' ' -f2 | cut -d: -f1 fi } get_ipv4_gateway() { # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs ip -4 route show default dev "$ethx" | head -1 | cut -d ' ' -f3 } get_ipv6_gateway() { # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs ip -6 route show default dev "$ethx" | head -1 | cut -d ' ' -f3 } get_first_ipv4_addr() { # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs if false; then ip -4 -o addr show scope global dev "$ethx" | head -1 | awk '{print $4}' else ip -4 -o addr show scope global dev "$ethx" | head -1 | grep -o '[0-9\.]*/[0-9]*' fi } get_first_ipv4_gateway() { # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs if false; then ip -4 route show default dev "$ethx" | head -1 | awk '{print $3}' else ip -4 route show default dev "$ethx" | head -1 | cut -d' ' -f3 fi } remove_netmask() { cut -d/ -f1 } get_first_ipv6_addr() { # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs if false; then ip -6 -o addr show scope global dev "$ethx" | head -1 | awk '{print $4}' else ip -6 -o addr show scope global dev "$ethx" | head -1 | grep -o '[0-9a-f\:]*/[0-9]*' fi } get_first_ipv6_gateway() { # debian 11 initrd 没有 xargs awk # debian 12 initrd 没有 xargs if false; then ip -6 route show default dev "$ethx" | head -1 | awk '{print $3}' else ip -6 route show default dev "$ethx" | head -1 | cut -d' ' -f3 fi } is_have_ipv4_addr() { ip -4 addr show scope global dev "$ethx" | grep -q inet } is_have_ipv6_addr() { ip -6 addr show scope global dev "$ethx" | grep -q inet6 } is_have_ipv4_gateway() { ip -4 route show default dev "$ethx" | grep -q . } is_have_ipv6_gateway() { ip -6 route show default dev "$ethx" | grep -q . } is_have_ipv4() { is_have_ipv4_addr && is_have_ipv4_gateway } is_have_ipv6() { is_have_ipv6_addr && is_have_ipv6_gateway } is_have_ipv4_dns() { [ -f /etc/resolv.conf ] && grep -q '^nameserver .*\.' /etc/resolv.conf } is_have_ipv6_dns() { [ -f /etc/resolv.conf ] && grep -q '^nameserver .*:' /etc/resolv.conf } add_missing_ipv4_config() { if [ -n "$ipv4_addr" ] && [ -n "$ipv4_gateway" ]; then if ! is_have_ipv4_addr; then ip -4 addr add "$ipv4_addr" dev "$ethx" fi if ! is_have_ipv4_gateway; then # 如果 dhcp 无法设置onlink网关,那么在这里设置 # debian 9 ipv6 不能识别 onlink,但 ipv4 能识别 onlink if true; then ip -4 route add "$ipv4_gateway" dev "$ethx" ip -4 route add default via "$ipv4_gateway" dev "$ethx" else ip -4 route add default via "$ipv4_gateway" dev "$ethx" onlink fi fi fi } add_missing_ipv6_config() { if [ -n "$ipv6_addr" ] && [ -n "$ipv6_gateway" ]; then if ! is_have_ipv6_addr; then ip -6 addr add "$ipv6_addr" dev "$ethx" fi if ! is_have_ipv6_gateway; then # 如果 dhcp 无法设置onlink网关,那么在这里设置 # debian 9 ipv6 不能识别 onlink if true; then ip -6 route add "$ipv6_gateway" dev "$ethx" ip -6 route add default via "$ipv6_gateway" dev "$ethx" else ip -6 route add default via "$ipv6_gateway" dev "$ethx" onlink fi fi fi } is_need_test_ipv4() { is_have_ipv4 && ! $ipv4_has_internet } is_need_test_ipv6() { is_have_ipv6 && ! $ipv6_has_internet } # 测试方法: # ping 有的机器禁止 # nc 测试 dot doh 端口是否开启 # wget 测试下载 # initrd 里面的软件版本,是否支持指定源IP/网卡 # 软件 nc wget nslookup # debian9 × √ 没有此软件 # alpine √ × × test_by_wget() { src=$1 dst=$2 # ipv6 需要添加 [] if echo "$dst" | grep -q ':'; then url="https://[$dst]" else url="https://$dst" fi # tcp 443 通了就算成功,不管 http 是不是 404 wget -T "$TEST_TIMEOUT" \ --bind-address="$src" \ --no-check-certificate \ --max-redirect 0 \ --tries 1 \ -O /dev/null \ "$url" 2>&1 | grep -iq connected } test_by_nc() { src=$1 dst=$2 # tcp 443 通了就算成功 nc -z -v \ -w "$TEST_TIMEOUT" \ -s "$src" \ "$dst" 443 } is_debian() { [ -f /etc/lsb-release ] && grep -iq Debian /etc/lsb-release } test_connect() { if is_debian; then test_by_wget "$1" "$2" else test_by_nc "$1" "$2" fi } test_internet() { for i in $(seq 5); do echo "Testing Internet Connection. Test $i... " if is_need_test_ipv4 && test_connect "$(get_first_ipv4_addr | remove_netmask)" "$ipv4_dns1" >/dev/null 2>&1; then echo "IPv4 has internet." ipv4_has_internet=true fi if is_need_test_ipv6 && test_connect "$(get_first_ipv6_addr | remove_netmask)" "$ipv6_dns1" >/dev/null 2>&1; then echo "IPv6 has internet." ipv6_has_internet=true fi if ! is_need_test_ipv4 && ! is_need_test_ipv6; then break fi sleep 1 done } flush_ipv4_config() { ip -4 addr flush scope global dev "$ethx" ip -4 route flush dev "$ethx" } flush_ipv6_config() { # 是否临时禁用 ra / slaac if [ "$1" = true ]; then echo 0 >"/proc/sys/net/ipv6/conf/$ethx/autoconf" fi ip -6 addr flush scope global dev "$ethx" ip -6 route flush dev "$ethx" } ethx=$(get_ethx) if [ -z "$ethx" ]; then echo "Not found network card: $mac_addr" exit fi echo "Configuring $ethx ($mac_addr)..." # 开启 ethx ip link set dev "$ethx" up sleep 1 # 开启 dhcpv4/v6 # debian / kali if [ -f /usr/share/debconf/confmodule ]; then # shellcheck source=/dev/null . /usr/share/debconf/confmodule db_progress STEP 1 # dhcpv4 # 无需等待写入 dns,在 dhcpv6 等待 db_progress INFO netcfg/dhcp_progress udhcpc -i "$ethx" -f -q -n || true db_progress STEP 1 # slaac + dhcpv6 db_progress INFO netcfg/slaac_wait_title # https://salsa.debian.org/installer-team/netcfg/-/blob/master/autoconfig.c#L148 cat </var/lib/netcfg/dhcp6c.conf interface $ethx { send ia-na 0; request domain-name-servers; request domain-name; script "/lib/netcfg/print-dhcp6c-info"; }; id-assoc na 0 { }; EOF dhcp6c -c /var/lib/netcfg/dhcp6c.conf "$ethx" || true sleep $DHCP_TIMEOUT # 等待获取 ip 和写入 dns # kill-all-dhcp kill -9 "$(cat /var/run/dhcp6c.pid)" || true db_progress STEP 1 # 静态 + 检测网络提示 db_subst netcfg/link_detect_progress interface "$ethx" db_progress INFO netcfg/link_detect_progress else # alpine # h3c 移动云电脑使用 udhcpc 会重复提示 sending select,无法获得 ipv6,因此使用 dhcpcd method=dhcpcd case "$method" in udhcpc) udhcpc -i "$ethx" -f -q -n || true udhcpc6 -i "$ethx" -f -q -n || true sleep $DNS_FILE_TIMEOUT # 好像不用等待写入 dns,但是以防万一 ;; dhcpcd) # https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/dhcpcd/dhcpcd.pre-install grep -q dhcpcd /etc/group || addgroup -S dhcpcd grep -q dhcpcd /etc/passwd || adduser -S -D \ -h /var/lib/dhcpcd \ -s /sbin/nologin \ -G dhcpcd \ -g dhcpcd \ dhcpcd # --noipv4ll 禁止生成 169.254.x.x if false; then # 等待 DHCP 全过程 timeout $DHCP_TIMEOUT \ dhcpcd --persistent --noipv4ll --nobackground "$ethx" else # 等待 DNS dhcpcd --persistent --noipv4ll "$ethx" # 获取到 IP 后立即切换到后台 sleep $DNS_FILE_TIMEOUT # 需要等待写入 dns dhcpcd -x "$ethx" # 终止 fi ;; esac fi # 等待slaac # 有ipv6地址就跳过,不管是slaac或者dhcpv6 # 因为会在trans里判断 # 这里等待5秒就够了,因为之前尝试获取dhcp6也用了一段时间 for i in $(seq 5 -1 0); do is_have_ipv6 && break echo "waiting slaac for ${i}s" sleep 1 done # 记录是否有动态地址 # 由于还没设置静态ip,所以有条目表示有动态地址 is_have_ipv4_addr && dhcpv4=true || dhcpv4=false is_have_ipv6_addr && dhcpv6_or_slaac=true || dhcpv6_or_slaac=false should_disable_ra_slaac=false # 如果自动获取的 IPv4 地址不是重装前的,则使用之前的 if $dhcpv4 && [ -n "$ipv4_addr" ] && [ -n "$ipv4_gateway" ] && ! [ "$ipv4_addr" = "$(get_first_ipv4_addr)" ]; then echo "IPv4 address auto obtained is different from old system." dhcpv4=false flush_ipv4_config fi # 如果自动获取的 IPv6 地址不是重装前的,则使用之前的 if $dhcpv6_or_slaac && [ -n "$ipv6_addr" ] && [ -n "$ipv6_gateway" ] && ! [ "$ipv6_addr" = "$(get_first_ipv6_addr)" ]; then echo "IPv6 address auto obtained is different from old system." dhcpv6_or_slaac=false should_disable_ra_slaac=true flush_ipv6_config fi # 设置静态地址,或者设置 debian 9 udhcpc 无法设置的网关 add_missing_ipv4_config add_missing_ipv6_config # 检查 ipv4/ipv6 是否连接联网 ipv4_has_internet=false ipv6_has_internet=false test_internet # 如果 IPv4 无法上网,并且自动获取的网关不是重装前的网关,则改成静态 if ! $ipv4_has_internet && $dhcpv4 && [ -n "$ipv4_addr" ] && [ -n "$ipv4_gateway" ] && ! [ "$ipv4_gateway" = "$(get_first_ipv4_gateway)" ]; then echo "IPv4 gateway auto obtained is different from old system." dhcpv4=false flush_ipv4_config add_missing_ipv4_config test_internet fi # 如果 IPv6 无法上网,并且自动获取的网关不是重装前的网关,则改成静态 if ! $ipv6_has_internet && $dhcpv6_or_slaac && [ -n "$ipv6_addr" ] && [ -n "$ipv6_gateway" ] && ! [ "$ipv6_gateway" = "$(get_first_ipv6_gateway)" ]; then echo "IPv6 gateway auto obtained is different from old system." dhcpv6_or_slaac=false should_disable_ra_slaac=true flush_ipv6_config true add_missing_ipv6_config test_internet fi # 要删除不联网协议的ip,因为 # 1 甲骨文云管理面板添加ipv6地址然后取消 # 依然会分配ipv6地址,但ipv6没网络 # 此时alpine只会用ipv6下载apk,而不用会ipv4下载 # 2 有ipv4地址但没有ipv4网关的情况(vultr),aria2会用ipv4下载 if $ipv4_has_internet && ! $ipv6_has_internet; then echo 0 >"/proc/sys/net/ipv6/conf/$ethx/accept_ra" ip -6 addr flush scope global dev "$ethx" elif ! $ipv4_has_internet && $ipv6_has_internet; then ip -4 addr flush scope global dev "$ethx" fi # 如果联网了,但没获取到默认 DNS,则添加我们的 DNS if $ipv4_has_internet && ! { [ -e /etc/resolv.conf ] && is_have_ipv4_dns; }; then echo "nameserver $ipv4_dns1" >>/etc/resolv.conf echo "nameserver $ipv4_dns2" >>/etc/resolv.conf fi if $ipv6_has_internet && ! { [ -e /etc/resolv.conf ] && is_have_ipv6_dns; }; then echo "nameserver $ipv6_dns1" >>/etc/resolv.conf echo "nameserver $ipv6_dns2" >>/etc/resolv.conf fi # 传参给 trans.start netconf="/dev/netconf/$ethx" mkdir -p "$netconf" $dhcpv4 && echo 1 >"$netconf/dhcpv4" || echo 0 >"$netconf/dhcpv4" $should_disable_ra_slaac && echo 1 >"$netconf/should_disable_ra_slaac" || echo 0 >"$netconf/should_disable_ra_slaac" $is_in_china && echo 1 >"$netconf/is_in_china" || echo 0 >"$netconf/is_in_china" echo "$ethx" >"$netconf/ethx" echo "$mac_addr" >"$netconf/mac_addr" echo "$ipv4_addr" >"$netconf/ipv4_addr" echo "$ipv4_gateway" >"$netconf/ipv4_gateway" echo "$ipv6_addr" >"$netconf/ipv6_addr" echo "$ipv6_gateway" >"$netconf/ipv6_gateway" $ipv4_has_internet && echo 1 >"$netconf/ipv4_has_internet" || echo 0 >"$netconf/ipv4_has_internet" $ipv6_has_internet && echo 1 >"$netconf/ipv6_has_internet" || echo 0 >"$netconf/ipv6_has_internet"