chunyu/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-07-25 23:44:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chunyu:dev-next
Branches Tags
chunyu:dev-next
chunyu:renovate/major-github-actions
chunyu:docs
chunyu:dev
chunyu:main
chunyu:main-next
chunyu:dev-auto-redirect-firewalld
chunyu:dev-dns-timeout
chunyu:dev-wip
chunyu:dev-mitm-3
chunyu:dev-mitm-2
chunyu:dev-test-mitm
chunyu:dev-ping
chunyu:dev-mitm
chunyu:dev-tls-fragment
chunyu:dev-ts
chunyu:stable
chunyu:stable-next
chunyu:dev-ndis
chunyu:dev-go124-ech
chunyu:dev-next-wip
chunyu:renovate/github-actions
chunyu:dependabot/go_modules/test/github.com/cloudflare/circl-1.3.7
chunyu:dependabot/go_modules/github.com/cloudflare/circl-1.3.7
chunyu:dev-sentry-debug
chunyu:archive
chunyu:dev-l3-route
chunyu:dev-ssm-api
chunyu:dev-daemon
chunyu:v1.12.0-rc.3
chunyu:v1.12.0-rc.2
chunyu:v1.12.0-rc.1
chunyu:v1.12.0-beta.35
chunyu:v1.12.0-beta.34
chunyu:v1.12.0-beta.33
chunyu:v1.11.15
chunyu:v1.12.0-beta.31
chunyu:v1.12.0-beta.30
chunyu:v1.12.0-beta.29
chunyu:v1.12.0-beta.28
chunyu:v1.12.0-beta.27
chunyu:v1.11.14
chunyu:v1.12.0-beta.26
chunyu:v1.12.0-beta.25
chunyu:v1.12.0-beta.24
chunyu:v1.12.0-beta.23
chunyu:v1.12.0-beta.22
chunyu:v1.12.0-beta.21
chunyu:v1.11.13
chunyu:v1.12.0-beta.19
chunyu:v1.12.0-beta.18
chunyu:v1.12.0-beta.17
chunyu:v1.12.0-beta.16
chunyu:v1.12.0-beta.15
chunyu:v1.11.11
chunyu:v1.12.0-beta.14
chunyu:v1.12.0-beta.13
chunyu:v1.12.0-beta.12
chunyu:v1.12.0-beta.11
chunyu:v1.12.0-beta.10
chunyu:v1.11.10
chunyu:v1.12.0-beta.9
chunyu:v1.12.0-beta.8
chunyu:v1.12.0-beta.7
chunyu:v1.12.0-beta.6
chunyu:v1.11.9
chunyu:v1.12.0-beta.5
chunyu:v1.12.0-beta.4
chunyu:v1.11.8
chunyu:v1.12.0-beta.3
chunyu:v1.12.0-beta.2
chunyu:v1.11.7
chunyu:v1.12.0-beta.1
chunyu:v1.12.0-alpha.23
chunyu:v1.12.0-alpha.22
chunyu:v1.12.0-alpha.21
chunyu:v1.11.6
chunyu:v1.12.0-alpha.20
chunyu:v1.12.0-alpha.19
chunyu:v1.12.0-alpha.18
chunyu:v1.12.0-alpha.17
chunyu:v1.12.0-alpha.16
chunyu:v1.12.0-alpha.15
chunyu:v1.12.0-alpha.14
chunyu:v1.11.5
chunyu:v1.12.0-alpha.13
chunyu:v1.12.0-alpha.12
chunyu:v1.11.4
chunyu:v1.12.0-alpha.11
chunyu:v1.12.0-alpha.10
chunyu:v1.12.0-alpha.9
chunyu:v1.12.0-alpha.8
chunyu:v1.12.0-alpha.7
chunyu:v1.12.0-alpha.6
chunyu:v1.11.3
chunyu:v1.12.0-alpha.5
chunyu:v1.11.2
chunyu:v1.12.0-alpha.4
chunyu:v1.12.0-alpha.3
chunyu:v1.11.1
chunyu:v1.12.0-alpha.2
chunyu:v1.12.0-alpha.1
chunyu:v1.11.0
chunyu:v1.11.0-rc.1
chunyu:v1.11.0-beta.24
chunyu:v1.11.0-beta.23
chunyu:v1.10.7
chunyu:v1.11.0-beta.22
chunyu:v1.11.0-beta.21
chunyu:v1.11.0-beta.20
chunyu:v1.10.6
chunyu:v1.11.0-beta.19
chunyu:v1.11.0-beta.18
chunyu:v1.11.0-beta.17
chunyu:v1.11.0-beta.16
chunyu:v1.11.0-beta.15
chunyu:v1.11.0-beta.14
chunyu:v1.11.0-beta.13
chunyu:v1.11.0-beta.12
chunyu:v1.10.5
chunyu:v1.10.4
chunyu:v1.11.0-beta.11
chunyu:v1.11.0-beta.10
chunyu:v1.11.0-beta.9
chunyu:v1.11.0-beta.8
chunyu:v1.11.0-beta.7
chunyu:v1.11.0-beta.6
chunyu:v1.11.0-beta.5
chunyu:v1.11.0-beta.4
chunyu:v1.11.0-beta.3
chunyu:v1.11.0-beta.2
chunyu:v1.11.0-beta.1
chunyu:v1.10.3
chunyu:v1.11.0-alpha.26
chunyu:v1.11.0-alpha.25
chunyu:v1.11.0-alpha.24
chunyu:v1.11.0-alpha.23
chunyu:v1.11.0-alpha.22
chunyu:v1.11.0-alpha.21
chunyu:v1.11.0-alpha.20
chunyu:v1.11.0-alpha.19
chunyu:v1.10.2
chunyu:v1.11.0-alpha.18
chunyu:v1.11.0-alpha.17
chunyu:v1.11.0-alpha.16
chunyu:v1.11.0-alpha.15
chunyu:v1.11.0-alpha.14
chunyu:v1.11.0-alpha.13
chunyu:v1.11.0-alpha.12
chunyu:v1.11.0-alpha.11
chunyu:v1.11.0-alpha.10
chunyu:v1.11.0-alpha.9
chunyu:v1.11.0-alpha.8
chunyu:v1.11.0-alpha.7
chunyu:v1.11.0-alpha.6
chunyu:v1.11.0-alpha.5
chunyu:v1.11.0-alpha.4
chunyu:v1.11.0-alpha.2
chunyu:v1.11.0-alpha.1
chunyu:v1.10.1
chunyu:v1.10.0
chunyu:v1.10.0-rc.1
chunyu:v1.10.0-beta.12
chunyu:v1.9.7
chunyu:v1.10.0-beta.11
chunyu:v1.10.0-beta.10
chunyu:v1.9.6
chunyu:v1.10.0-beta.9
chunyu:v1.9.5
chunyu:v1.10.0-beta.8
chunyu:v1.10.0-beta.7
chunyu:v1.10.0-beta.6
chunyu:v1.10.0-beta.5
chunyu:v1.10.0-beta.4
chunyu:v1.10.0-beta.3
chunyu:v1.10.0-beta.2
chunyu:v1.10.0-beta.1
chunyu:v1.9.4
chunyu:v1.10.0-alpha.29
chunyu:v1.10.0-alpha.28
chunyu:v1.10.0-alpha.27
chunyu:v1.10.0-alpha.26
chunyu:v1.10.0-alpha.25
chunyu:v1.10.0-alpha.24
chunyu:v1.10.0-alpha.23
chunyu:v1.10.0-alpha.22
chunyu:v1.10.0-alpha.21
chunyu:v1.10.0-alpha.20
chunyu:v1.10.0-alpha.19
chunyu:v1.10.0-alpha.18
chunyu:v1.10.0-alpha.17
chunyu:v1.10.0-alpha.16
chunyu:v1.10.0-alpha.15
chunyu:v1.10.0-alpha.14
chunyu:v1.10.0-alpha.13
chunyu:v1.10.0-alpha.12
chunyu:v1.10.0-alpha.11
chunyu:v1.9.3
chunyu:v1.10.0-alpha.10
chunyu:v1.10.0-alpha.9
chunyu:v1.9.2
chunyu:v1.10.0-alpha.8
chunyu:v1.9.1
chunyu:v1.10.0-alpha.7
chunyu:v1.10.0-alpha.6
chunyu:v1.10.0-alpha.5
chunyu:v1.10.0-alpha.4
chunyu:v1.10.0-alpha.2
chunyu:v1.10.0-alpha.1
chunyu:v1.9.0
chunyu:v1.9.0-rc.22
chunyu:v1.9.0-rc.21
chunyu:v1.9.0-rc.20
chunyu:v1.9.0-rc.19
chunyu:v1.8.14
chunyu:v1.9.0-rc.18
chunyu:v1.9.0-rc.17
chunyu:v1.9.0-rc.16
chunyu:v1.9.0-rc.15
chunyu:v1.8.13
chunyu:v1.9.0-rc.14
chunyu:v1.9.0-rc.13
chunyu:v1.9.0-rc.12
chunyu:v1.9.0-rc.11
chunyu:v1.9.0-rc.10
chunyu:v1.8.12
chunyu:v1.9.0-rc.9
chunyu:v1.9.0-rc.7
chunyu:v1.9.0-rc.6
chunyu:v1.8.11
chunyu:v1.9.0-rc.4
chunyu:v1.9.0-rc.3
chunyu:v1.9.0-rc.2
chunyu:v1.9.0-rc.1
chunyu:v1.8.10
chunyu:v1.9.0-beta.17
chunyu:v1.9.0-beta.16
chunyu:v1.9.0-beta.15
chunyu:v1.8.9
chunyu:v1.9.0-beta.14
chunyu:v1.9.0-beta.13
chunyu:v1.9.0-beta.12
chunyu:v1.9.0-beta.11
chunyu:v1.9.0-beta.10
chunyu:v1.9.0-beta.8
chunyu:v1.8.8
chunyu:v1.9.0-beta.7
chunyu:v1.9.0-beta.6
chunyu:v1.9.0-beta.5
chunyu:v1.9.0-beta.4
chunyu:v1.9.0-beta.1
chunyu:v1.8.7
chunyu:v1.9.0-alpha.15
chunyu:v1.9.0-alpha.14
chunyu:v1.9.0-alpha.13
chunyu:v1.8.6
chunyu:v1.9.0-alpha.12
chunyu:v1.9.0-alpha.11
chunyu:v1.9.0-alpha.10
chunyu:v1.9.0-alpha.9
chunyu:v1.9.0-alpha.8
chunyu:v1.9.0-alpha.7
chunyu:v1.9.0-alpha.6
chunyu:v1.9.0-alpha.5
chunyu:v1.9.0-alpha.4
chunyu:v1.9.0-alpha.3
chunyu:v1.9.0-alpha.2
chunyu:v1.9.0-alpha.1
chunyu:v1.8.5
chunyu:v1.8.4
chunyu:v1.8.2
chunyu:v1.8.1
chunyu:v1.8.0
chunyu:v1.8.0-rc.11
chunyu:v1.7.8
chunyu:v1.8.0-rc.10
chunyu:v1.8.0-rc.9
chunyu:v1.8.0-rc.8
chunyu:v1.7.7
chunyu:v1.8.0-rc.7
chunyu:v1.8.0-rc.6
chunyu:v1.8.0-rc.5
chunyu:v1.8.0-rc.4
chunyu:v1.8.0-rc.3
chunyu:v1.8.0-rc.2
chunyu:v1.7.6
chunyu:v1.8.0-rc.1
chunyu:v1.8.0-beta.9
chunyu:v1.8.0-beta.8
chunyu:v1.8.0-beta.7
chunyu:v1.8.0-beta.6
chunyu:v1.8.0-beta.5
chunyu:v1.8.0-beta.4
chunyu:v1.8.0-beta.3
chunyu:v1.8.0-beta.2
chunyu:v1.7.5
chunyu:v1.8.0-beta.1
chunyu:v1.8.0-alpha.17
chunyu:v1.7.4
chunyu:v1.7.3
chunyu:v1.8.0-alpha.16
chunyu:v1.8.0-alpha.15
chunyu:v1.8.0-alpha.14
chunyu:v1.8.0-alpha.13
chunyu:v1.8.0-alpha.12
chunyu:v1.8.0-alpha.11
chunyu:v1.7.2
chunyu:v1.8.0-alpha.10
chunyu:v1.8.0-alpha.9
chunyu:v1.8.0-alpha.8
chunyu:v1.7.1
chunyu:v1.8.0-alpha.7
chunyu:v1.8.0-alpha.6
chunyu:v1.8.0-alpha.5
chunyu:v1.8.0-alpha.4
chunyu:v1.8.0-alpha.3
chunyu:v1.8.0-alpha.2
chunyu:v1.8.0-alpha.1
chunyu:v1.7.0
chunyu:v1.7.0-rc.3
chunyu:v1.6.7
chunyu:v1.7.0-rc.2
chunyu:v1.7.0-rc.1
chunyu:v1.6.6
chunyu:v1.7.0-beta.5
chunyu:v1.7.0-beta.4
chunyu:v1.7.0-beta.3
chunyu:v1.6.5
chunyu:v1.7.0-beta.2
chunyu:v1.6.4
chunyu:v1.7.0-beta.1
chunyu:v1.6.3
chunyu:v1.7.0-alpha.11
chunyu:v1.7.0-alpha.10
chunyu:v1.7.0-alpha.9
chunyu:v1.6.2
chunyu:v1.7.0-alpha.8
chunyu:v1.6.1
chunyu:v1.7.0-alpha.6
chunyu:v1.7.0-alpha.5
chunyu:v1.7.0-alpha.4
chunyu:v1.7.0-alpha.3
chunyu:v1.7.0-alpha.2
chunyu:v1.7.0-alpha.1
chunyu:v1.6.0
chunyu:v1.5.5
chunyu:v1.6.0-rc.3
chunyu:v1.6.0-rc.2
chunyu:v1.6.0-rc.1
chunyu:v1.6.0-beta.4
chunyu:v1.5.4
chunyu:v1.6.0-beta.3
chunyu:v1.6.0-beta.2
chunyu:v1.6.0-beta.1
chunyu:v1.5.3
chunyu:v1.6.0-alpha.5
chunyu:v1.6.0-alpha.4
chunyu:v1.5.2
chunyu:v1.6.0-alpha.3
chunyu:v1.6.0-alpha.2
chunyu:v1.5.1
chunyu:v1.6.0-alpha.1
chunyu:v1.5.0
chunyu:v1.5.0-rc.6
chunyu:v1.4.6
chunyu:v1.5.0-rc.5
chunyu:v1.4.5
chunyu:v1.4.4
chunyu:v1.5.0-rc.4
chunyu:v1.5.0-rc.3
chunyu:v1.5.0-rc.2
chunyu:v1.5.0-rc.1
chunyu:v1.5.0-beta.12
chunyu:v1.5.0-beta.11
chunyu:v1.5.0-beta.10
chunyu:v1.5.0-beta.9
chunyu:v1.5.0-beta.8
chunyu:v1.4.3
chunyu:v1.5.0-beta.7
chunyu:v1.4.2
chunyu:v1.5.0-beta.6
chunyu:v1.5.0-beta.5
chunyu:v1.5.0-beta.4
chunyu:v1.5.0-beta.3
chunyu:v1.5.0-beta.2
chunyu:v1.5.0-beta.1
chunyu:v1.4.1
chunyu:v1.4.0
chunyu:v1.4.0-rc.3
chunyu:v1.4.0-rc.2
chunyu:v1.4.0-rc.1
chunyu:v1.4.0-beta.6
chunyu:v1.4.0-beta.5
chunyu:v1.4.0-beta.4
chunyu:v1.4.0-beta.3
chunyu:v1.4.0-beta.2
chunyu:v1.4.0-beta.1
chunyu:v1.3.6
chunyu:v1.3.5
chunyu:v1.3.4
chunyu:v1.3.3
chunyu:v1.3.1-rc.1
chunyu:v1.3.1-beta.3
chunyu:v1.3.1-beta.2
chunyu:v1.3.1-beta.1
chunyu:v1.3.0
chunyu:v1.3-rc2
chunyu:v1.3-rc1
chunyu:v1.3-beta14
chunyu:v1.3-beta13
chunyu:v1.3-beta12
chunyu:v1.2.7
chunyu:v1.3-beta11
chunyu:v1.3-beta10
chunyu:v1.3-beta9
chunyu:v1.2.6
chunyu:v1.2.5
chunyu:v1.3-beta8
chunyu:v1.3-beta7
chunyu:v1.2.4
chunyu:v1.3-beta6
chunyu:v1.3-beta5
chunyu:v1.3-beta4
chunyu:v1.3-beta2
chunyu:v1.3-beta1
chunyu:v1.2.3
chunyu:v1.2.2
chunyu:v1.2.1
chunyu:v1.2.0
chunyu:v1.2-rc1
chunyu:v1.2-beta10
chunyu:v1.1.7
chunyu:v1.2-beta9
chunyu:v1.2-beta8
chunyu:v1.2-beta7
chunyu:v1.2-beta6
chunyu:v1.2-beta5
chunyu:v1.1.6
chunyu:v1.2-beta4
chunyu:v1.2-beta3
chunyu:v1.2-beta2
chunyu:v1.2-beta1
chunyu:v1.1.5
chunyu:v1.1.4
chunyu:v1.1.2
chunyu:v1.1.1
chunyu:v1.1.0
chunyu:v1.1
chunyu:v1.1-rc1
chunyu:v1.1-beta18
chunyu:1.1-beta17
chunyu:v1.0.7
chunyu:v1.1-beta16
chunyu:v1.1-beta15
chunyu:v1.1-beta14
chunyu:v1.1-beta13
chunyu:v1.1-beta12
chunyu:v1.1-beta11
chunyu:v1.1-beta10
chunyu:v1.0.6
chunyu:v1.1-beta9
chunyu:v1.1-beta8
chunyu:v1.0.5
chunyu:v1.1-beta7
chunyu:v1.1-beta6
chunyu:v1.1-beta5
chunyu:v1.0.4
chunyu:v1.0.3
chunyu:v1.1-beta4
chunyu:v1.1-beta3
chunyu:v1.1-beta2
chunyu:v1.0.2
chunyu:v1.1-beta1
chunyu:v1.0.1
chunyu:v1.0
chunyu:v1.0-rc1
chunyu:v1.0-beta3
chunyu:v1.0-beta2
chunyu:v1.0-beta1
chunyu:v0.1.0
..
compare: chunyu:v1.12.0-beta.27
Branches Tags
chunyu:dev-next
chunyu:renovate/major-github-actions
chunyu:docs
chunyu:dev
chunyu:main
chunyu:main-next
chunyu:dev-auto-redirect-firewalld
chunyu:dev-dns-timeout
chunyu:dev-wip
chunyu:dev-mitm-3
chunyu:dev-mitm-2
chunyu:dev-test-mitm
chunyu:dev-ping
chunyu:dev-mitm
chunyu:dev-tls-fragment
chunyu:dev-ts
chunyu:stable
chunyu:stable-next
chunyu:dev-ndis
chunyu:dev-go124-ech
chunyu:dev-next-wip
chunyu:renovate/github-actions
chunyu:dependabot/go_modules/test/github.com/cloudflare/circl-1.3.7
chunyu:dependabot/go_modules/github.com/cloudflare/circl-1.3.7
chunyu:dev-sentry-debug
chunyu:archive
chunyu:dev-l3-route
chunyu:dev-ssm-api
chunyu:dev-daemon
chunyu:v1.12.0-rc.3
chunyu:v1.12.0-rc.2
chunyu:v1.12.0-rc.1
chunyu:v1.12.0-beta.35
chunyu:v1.12.0-beta.34
chunyu:v1.12.0-beta.33
chunyu:v1.11.15
chunyu:v1.12.0-beta.31
chunyu:v1.12.0-beta.30
chunyu:v1.12.0-beta.29
chunyu:v1.12.0-beta.28
chunyu:v1.12.0-beta.27
chunyu:v1.11.14
chunyu:v1.12.0-beta.26
chunyu:v1.12.0-beta.25
chunyu:v1.12.0-beta.24
chunyu:v1.12.0-beta.23
chunyu:v1.12.0-beta.22
chunyu:v1.12.0-beta.21
chunyu:v1.11.13
chunyu:v1.12.0-beta.19
chunyu:v1.12.0-beta.18
chunyu:v1.12.0-beta.17
chunyu:v1.12.0-beta.16
chunyu:v1.12.0-beta.15
chunyu:v1.11.11
chunyu:v1.12.0-beta.14
chunyu:v1.12.0-beta.13
chunyu:v1.12.0-beta.12
chunyu:v1.12.0-beta.11
chunyu:v1.12.0-beta.10
chunyu:v1.11.10
chunyu:v1.12.0-beta.9
chunyu:v1.12.0-beta.8
chunyu:v1.12.0-beta.7
chunyu:v1.12.0-beta.6
chunyu:v1.11.9
chunyu:v1.12.0-beta.5
chunyu:v1.12.0-beta.4
chunyu:v1.11.8
chunyu:v1.12.0-beta.3
chunyu:v1.12.0-beta.2
chunyu:v1.11.7
chunyu:v1.12.0-beta.1
chunyu:v1.12.0-alpha.23
chunyu:v1.12.0-alpha.22
chunyu:v1.12.0-alpha.21
chunyu:v1.11.6
chunyu:v1.12.0-alpha.20
chunyu:v1.12.0-alpha.19
chunyu:v1.12.0-alpha.18
chunyu:v1.12.0-alpha.17
chunyu:v1.12.0-alpha.16
chunyu:v1.12.0-alpha.15
chunyu:v1.12.0-alpha.14
chunyu:v1.11.5
chunyu:v1.12.0-alpha.13
chunyu:v1.12.0-alpha.12
chunyu:v1.11.4
chunyu:v1.12.0-alpha.11
chunyu:v1.12.0-alpha.10
chunyu:v1.12.0-alpha.9
chunyu:v1.12.0-alpha.8
chunyu:v1.12.0-alpha.7
chunyu:v1.12.0-alpha.6
chunyu:v1.11.3
chunyu:v1.12.0-alpha.5
chunyu:v1.11.2
chunyu:v1.12.0-alpha.4
chunyu:v1.12.0-alpha.3
chunyu:v1.11.1
chunyu:v1.12.0-alpha.2
chunyu:v1.12.0-alpha.1
chunyu:v1.11.0
chunyu:v1.11.0-rc.1
chunyu:v1.11.0-beta.24
chunyu:v1.11.0-beta.23
chunyu:v1.10.7
chunyu:v1.11.0-beta.22
chunyu:v1.11.0-beta.21
chunyu:v1.11.0-beta.20
chunyu:v1.10.6
chunyu:v1.11.0-beta.19
chunyu:v1.11.0-beta.18
chunyu:v1.11.0-beta.17
chunyu:v1.11.0-beta.16
chunyu:v1.11.0-beta.15
chunyu:v1.11.0-beta.14
chunyu:v1.11.0-beta.13
chunyu:v1.11.0-beta.12
chunyu:v1.10.5
chunyu:v1.10.4
chunyu:v1.11.0-beta.11
chunyu:v1.11.0-beta.10
chunyu:v1.11.0-beta.9
chunyu:v1.11.0-beta.8
chunyu:v1.11.0-beta.7
chunyu:v1.11.0-beta.6
chunyu:v1.11.0-beta.5
chunyu:v1.11.0-beta.4
chunyu:v1.11.0-beta.3
chunyu:v1.11.0-beta.2
chunyu:v1.11.0-beta.1
chunyu:v1.10.3
chunyu:v1.11.0-alpha.26
chunyu:v1.11.0-alpha.25
chunyu:v1.11.0-alpha.24
chunyu:v1.11.0-alpha.23
chunyu:v1.11.0-alpha.22
chunyu:v1.11.0-alpha.21
chunyu:v1.11.0-alpha.20
chunyu:v1.11.0-alpha.19
chunyu:v1.10.2
chunyu:v1.11.0-alpha.18
chunyu:v1.11.0-alpha.17
chunyu:v1.11.0-alpha.16
chunyu:v1.11.0-alpha.15
chunyu:v1.11.0-alpha.14
chunyu:v1.11.0-alpha.13
chunyu:v1.11.0-alpha.12
chunyu:v1.11.0-alpha.11
chunyu:v1.11.0-alpha.10
chunyu:v1.11.0-alpha.9
chunyu:v1.11.0-alpha.8
chunyu:v1.11.0-alpha.7
chunyu:v1.11.0-alpha.6
chunyu:v1.11.0-alpha.5
chunyu:v1.11.0-alpha.4
chunyu:v1.11.0-alpha.2
chunyu:v1.11.0-alpha.1
chunyu:v1.10.1
chunyu:v1.10.0
chunyu:v1.10.0-rc.1
chunyu:v1.10.0-beta.12
chunyu:v1.9.7
chunyu:v1.10.0-beta.11
chunyu:v1.10.0-beta.10
chunyu:v1.9.6
chunyu:v1.10.0-beta.9
chunyu:v1.9.5
chunyu:v1.10.0-beta.8
chunyu:v1.10.0-beta.7
chunyu:v1.10.0-beta.6
chunyu:v1.10.0-beta.5
chunyu:v1.10.0-beta.4
chunyu:v1.10.0-beta.3
chunyu:v1.10.0-beta.2
chunyu:v1.10.0-beta.1
chunyu:v1.9.4
chunyu:v1.10.0-alpha.29
chunyu:v1.10.0-alpha.28
chunyu:v1.10.0-alpha.27
chunyu:v1.10.0-alpha.26
chunyu:v1.10.0-alpha.25
chunyu:v1.10.0-alpha.24
chunyu:v1.10.0-alpha.23
chunyu:v1.10.0-alpha.22
chunyu:v1.10.0-alpha.21
chunyu:v1.10.0-alpha.20
chunyu:v1.10.0-alpha.19
chunyu:v1.10.0-alpha.18
chunyu:v1.10.0-alpha.17
chunyu:v1.10.0-alpha.16
chunyu:v1.10.0-alpha.15
chunyu:v1.10.0-alpha.14
chunyu:v1.10.0-alpha.13
chunyu:v1.10.0-alpha.12
chunyu:v1.10.0-alpha.11
chunyu:v1.9.3
chunyu:v1.10.0-alpha.10
chunyu:v1.10.0-alpha.9
chunyu:v1.9.2
chunyu:v1.10.0-alpha.8
chunyu:v1.9.1
chunyu:v1.10.0-alpha.7
chunyu:v1.10.0-alpha.6
chunyu:v1.10.0-alpha.5
chunyu:v1.10.0-alpha.4
chunyu:v1.10.0-alpha.2
chunyu:v1.10.0-alpha.1
chunyu:v1.9.0
chunyu:v1.9.0-rc.22
chunyu:v1.9.0-rc.21
chunyu:v1.9.0-rc.20
chunyu:v1.9.0-rc.19
chunyu:v1.8.14
chunyu:v1.9.0-rc.18
chunyu:v1.9.0-rc.17
chunyu:v1.9.0-rc.16
chunyu:v1.9.0-rc.15
chunyu:v1.8.13
chunyu:v1.9.0-rc.14
chunyu:v1.9.0-rc.13
chunyu:v1.9.0-rc.12
chunyu:v1.9.0-rc.11
chunyu:v1.9.0-rc.10
chunyu:v1.8.12
chunyu:v1.9.0-rc.9
chunyu:v1.9.0-rc.7
chunyu:v1.9.0-rc.6
chunyu:v1.8.11
chunyu:v1.9.0-rc.4
chunyu:v1.9.0-rc.3
chunyu:v1.9.0-rc.2
chunyu:v1.9.0-rc.1
chunyu:v1.8.10
chunyu:v1.9.0-beta.17
chunyu:v1.9.0-beta.16
chunyu:v1.9.0-beta.15
chunyu:v1.8.9
chunyu:v1.9.0-beta.14
chunyu:v1.9.0-beta.13
chunyu:v1.9.0-beta.12
chunyu:v1.9.0-beta.11
chunyu:v1.9.0-beta.10
chunyu:v1.9.0-beta.8
chunyu:v1.8.8
chunyu:v1.9.0-beta.7
chunyu:v1.9.0-beta.6
chunyu:v1.9.0-beta.5
chunyu:v1.9.0-beta.4
chunyu:v1.9.0-beta.1
chunyu:v1.8.7
chunyu:v1.9.0-alpha.15
chunyu:v1.9.0-alpha.14
chunyu:v1.9.0-alpha.13
chunyu:v1.8.6
chunyu:v1.9.0-alpha.12
chunyu:v1.9.0-alpha.11
chunyu:v1.9.0-alpha.10
chunyu:v1.9.0-alpha.9
chunyu:v1.9.0-alpha.8
chunyu:v1.9.0-alpha.7
chunyu:v1.9.0-alpha.6
chunyu:v1.9.0-alpha.5
chunyu:v1.9.0-alpha.4
chunyu:v1.9.0-alpha.3
chunyu:v1.9.0-alpha.2
chunyu:v1.9.0-alpha.1
chunyu:v1.8.5
chunyu:v1.8.4
chunyu:v1.8.2
chunyu:v1.8.1
chunyu:v1.8.0
chunyu:v1.8.0-rc.11
chunyu:v1.7.8
chunyu:v1.8.0-rc.10
chunyu:v1.8.0-rc.9
chunyu:v1.8.0-rc.8
chunyu:v1.7.7
chunyu:v1.8.0-rc.7
chunyu:v1.8.0-rc.6
chunyu:v1.8.0-rc.5
chunyu:v1.8.0-rc.4
chunyu:v1.8.0-rc.3
chunyu:v1.8.0-rc.2
chunyu:v1.7.6
chunyu:v1.8.0-rc.1
chunyu:v1.8.0-beta.9
chunyu:v1.8.0-beta.8
chunyu:v1.8.0-beta.7
chunyu:v1.8.0-beta.6
chunyu:v1.8.0-beta.5
chunyu:v1.8.0-beta.4
chunyu:v1.8.0-beta.3
chunyu:v1.8.0-beta.2
chunyu:v1.7.5
chunyu:v1.8.0-beta.1
chunyu:v1.8.0-alpha.17
chunyu:v1.7.4
chunyu:v1.7.3
chunyu:v1.8.0-alpha.16
chunyu:v1.8.0-alpha.15
chunyu:v1.8.0-alpha.14
chunyu:v1.8.0-alpha.13
chunyu:v1.8.0-alpha.12
chunyu:v1.8.0-alpha.11
chunyu:v1.7.2
chunyu:v1.8.0-alpha.10
chunyu:v1.8.0-alpha.9
chunyu:v1.8.0-alpha.8
chunyu:v1.7.1
chunyu:v1.8.0-alpha.7
chunyu:v1.8.0-alpha.6
chunyu:v1.8.0-alpha.5
chunyu:v1.8.0-alpha.4
chunyu:v1.8.0-alpha.3
chunyu:v1.8.0-alpha.2
chunyu:v1.8.0-alpha.1
chunyu:v1.7.0
chunyu:v1.7.0-rc.3
chunyu:v1.6.7
chunyu:v1.7.0-rc.2
chunyu:v1.7.0-rc.1
chunyu:v1.6.6
chunyu:v1.7.0-beta.5
chunyu:v1.7.0-beta.4
chunyu:v1.7.0-beta.3
chunyu:v1.6.5
chunyu:v1.7.0-beta.2
chunyu:v1.6.4
chunyu:v1.7.0-beta.1
chunyu:v1.6.3
chunyu:v1.7.0-alpha.11
chunyu:v1.7.0-alpha.10
chunyu:v1.7.0-alpha.9
chunyu:v1.6.2
chunyu:v1.7.0-alpha.8
chunyu:v1.6.1
chunyu:v1.7.0-alpha.6
chunyu:v1.7.0-alpha.5
chunyu:v1.7.0-alpha.4
chunyu:v1.7.0-alpha.3
chunyu:v1.7.0-alpha.2
chunyu:v1.7.0-alpha.1
chunyu:v1.6.0
chunyu:v1.5.5
chunyu:v1.6.0-rc.3
chunyu:v1.6.0-rc.2
chunyu:v1.6.0-rc.1
chunyu:v1.6.0-beta.4
chunyu:v1.5.4
chunyu:v1.6.0-beta.3
chunyu:v1.6.0-beta.2
chunyu:v1.6.0-beta.1
chunyu:v1.5.3
chunyu:v1.6.0-alpha.5
chunyu:v1.6.0-alpha.4
chunyu:v1.5.2
chunyu:v1.6.0-alpha.3
chunyu:v1.6.0-alpha.2
chunyu:v1.5.1
chunyu:v1.6.0-alpha.1
chunyu:v1.5.0
chunyu:v1.5.0-rc.6
chunyu:v1.4.6
chunyu:v1.5.0-rc.5
chunyu:v1.4.5
chunyu:v1.4.4
chunyu:v1.5.0-rc.4
chunyu:v1.5.0-rc.3
chunyu:v1.5.0-rc.2
chunyu:v1.5.0-rc.1
chunyu:v1.5.0-beta.12
chunyu:v1.5.0-beta.11
chunyu:v1.5.0-beta.10
chunyu:v1.5.0-beta.9
chunyu:v1.5.0-beta.8
chunyu:v1.4.3
chunyu:v1.5.0-beta.7
chunyu:v1.4.2
chunyu:v1.5.0-beta.6
chunyu:v1.5.0-beta.5
chunyu:v1.5.0-beta.4
chunyu:v1.5.0-beta.3
chunyu:v1.5.0-beta.2
chunyu:v1.5.0-beta.1
chunyu:v1.4.1
chunyu:v1.4.0
chunyu:v1.4.0-rc.3
chunyu:v1.4.0-rc.2
chunyu:v1.4.0-rc.1
chunyu:v1.4.0-beta.6
chunyu:v1.4.0-beta.5
chunyu:v1.4.0-beta.4
chunyu:v1.4.0-beta.3
chunyu:v1.4.0-beta.2
chunyu:v1.4.0-beta.1
chunyu:v1.3.6
chunyu:v1.3.5
chunyu:v1.3.4
chunyu:v1.3.3
chunyu:v1.3.1-rc.1
chunyu:v1.3.1-beta.3
chunyu:v1.3.1-beta.2
chunyu:v1.3.1-beta.1
chunyu:v1.3.0
chunyu:v1.3-rc2
chunyu:v1.3-rc1
chunyu:v1.3-beta14
chunyu:v1.3-beta13
chunyu:v1.3-beta12
chunyu:v1.2.7
chunyu:v1.3-beta11
chunyu:v1.3-beta10
chunyu:v1.3-beta9
chunyu:v1.2.6
chunyu:v1.2.5
chunyu:v1.3-beta8
chunyu:v1.3-beta7
chunyu:v1.2.4
chunyu:v1.3-beta6
chunyu:v1.3-beta5
chunyu:v1.3-beta4
chunyu:v1.3-beta2
chunyu:v1.3-beta1
chunyu:v1.2.3
chunyu:v1.2.2
chunyu:v1.2.1
chunyu:v1.2.0
chunyu:v1.2-rc1
chunyu:v1.2-beta10
chunyu:v1.1.7
chunyu:v1.2-beta9
chunyu:v1.2-beta8
chunyu:v1.2-beta7
chunyu:v1.2-beta6
chunyu:v1.2-beta5
chunyu:v1.1.6
chunyu:v1.2-beta4
chunyu:v1.2-beta3
chunyu:v1.2-beta2
chunyu:v1.2-beta1
chunyu:v1.1.5
chunyu:v1.1.4
chunyu:v1.1.2
chunyu:v1.1.1
chunyu:v1.1.0
chunyu:v1.1
chunyu:v1.1-rc1
chunyu:v1.1-beta18
chunyu:1.1-beta17
chunyu:v1.0.7
chunyu:v1.1-beta16
chunyu:v1.1-beta15
chunyu:v1.1-beta14
chunyu:v1.1-beta13
chunyu:v1.1-beta12
chunyu:v1.1-beta11
chunyu:v1.1-beta10
chunyu:v1.0.6
chunyu:v1.1-beta9
chunyu:v1.1-beta8
chunyu:v1.0.5
chunyu:v1.1-beta7
chunyu:v1.1-beta6
chunyu:v1.1-beta5
chunyu:v1.0.4
chunyu:v1.0.3
chunyu:v1.1-beta4
chunyu:v1.1-beta3
chunyu:v1.1-beta2
chunyu:v1.0.2
chunyu:v1.1-beta1
chunyu:v1.0.1
chunyu:v1.0
chunyu:v1.0-rc1
chunyu:v1.0-beta3
chunyu:v1.0-beta2
chunyu:v1.0-beta1
chunyu:v0.1.0

107 Commits
dev-next ... v1.12.0-be

Author SHA1 Message Date
世界
46bb372a37
documentation: Bump version 2025-06-20 14:10:49 +08:00
世界
9e3b34ea50
Add API to dump AdGuard rules 2025-06-20 13:21:22 +08:00
Sukka
983421c1cb
Improve AdGuard rule-set parser 2025-06-20 13:21:05 +08:00
Restia-Ashbell
4861ceb6ee
Add ECH support for uTLS 2025-06-20 13:21:04 +08:00
世界
4f4e3eb8c3
Improve TLS fragments 2025-06-20 13:21:04 +08:00
世界
7b7feb794e
Add cache support for ssm-api 2025-06-20 13:21:04 +08:00
世界
b3b8d1fa29
Fix service will not be closed 2025-06-20 13:21:04 +08:00
世界
da924b51c8
Add loopback address support for tun 2025-06-20 13:21:04 +08:00
世界
fb3983ff6d
Fix tproxy listener 2025-06-20 13:21:04 +08:00
世界
07ec062876
Fix systemd package 2025-06-20 13:21:04 +08:00
世界
80f43fa51b
Fix missing home for derp service 2025-06-20 13:21:03 +08:00
Zero Clover
e0e9160290
documentation: Fix services 2025-06-20 13:21:03 +08:00
世界
5d1f13385b
Fix dns.client_subnet ignored 2025-06-20 13:21:03 +08:00
世界
9ef08196a4
documentation: Minor fixes 2025-06-20 13:21:03 +08:00
世界
cf26a7b6f6
Fix tailscale forward 2025-06-20 13:21:03 +08:00
世界
49efb2b8de
Minor fixes 2025-06-20 13:21:03 +08:00
世界
965bec8967
Add SSM API service 2025-06-20 13:21:03 +08:00
世界
cc34e8391d
Add resolved service and DNS server 2025-06-20 13:21:02 +08:00
世界
b89158efb9
Add DERP service 2025-06-20 13:20:54 +08:00
世界
a226bdca28
Add service component type 2025-06-20 13:20:53 +08:00
世界
360130af7b
Fix tproxy tcp control 2025-06-20 13:20:53 +08:00
愚者
f327ea7737
release: Fix build tags for android 
Signed-off-by: 愚者 <11926619+FansChou@users.noreply.github.com>
 2025-06-20 13:20:53 +08:00
世界
90d6de9220
prevent creation of bind and mark controls on unsupported platforms 2025-06-20 13:20:53 +08:00
PuerNya
6d71e440e0
documentation: Fix description of reject DNS action behavior 2025-06-20 13:20:52 +08:00
Restia-Ashbell
d249150a63
Fix TLS record fragment 2025-06-20 13:20:52 +08:00
世界
b3921910e4
Add missing accept_routes option for Tailscale 2025-06-20 13:20:52 +08:00
世界
b9163feb77
Add TLS record fragment support 2025-06-20 13:20:52 +08:00
世界
40d7e13103
Fix set edns0 client subnet 2025-06-20 13:20:52 +08:00
世界
7b56fb370f
Update minor dependencies 2025-06-20 13:20:52 +08:00
世界
6036174a37
Update certmagic and providers 2025-06-20 13:20:52 +08:00
世界
6ed4a3e25e
Update protobuf and grpc 2025-06-20 13:20:52 +08:00
世界
168809cfe2
Add control options for listeners 2025-06-20 13:20:51 +08:00
世界
b6ca331c7d
Update quic-go to v0.52.0 2025-06-20 13:20:51 +08:00
世界
d2a04c4e41
Update utls to v1.7.2 2025-06-20 13:20:51 +08:00
世界
027ff49390
Handle EDNS version downgrade 2025-06-20 13:20:43 +08:00
世界
8936f41e54
documentation: Fix anytls padding scheme description 2025-06-20 13:20:42 +08:00
安容
e8a6ae0ac7
Report invalid DNS address early 2025-06-20 13:20:42 +08:00
世界
df36013d7d
Fix wireguard listen_port 2025-06-20 13:20:42 +08:00
世界
a9cd830a9a
clash-api: Add more meta api 2025-06-20 13:20:42 +08:00
世界
306abab55d
Fix DNS lookup 2025-06-20 13:20:41 +08:00
世界
f7a92111c5
Fix fetch ECH configs 2025-06-20 13:20:41 +08:00
reletor
dfe82895ab
documentation: Minor fixes 2025-06-20 13:20:41 +08:00
caelansar
973ab97813
Fix callback deletion in UDP transport 2025-06-20 13:20:41 +08:00
世界
a78f3cb116
documentation: Try to make the play review happy 2025-06-20 13:20:41 +08:00
世界
13037a56d8
Fix missing handling of legacy domain_strategy options 2025-06-20 13:20:41 +08:00
世界
3dc3a0b6e3
Improve local DNS server 2025-06-20 13:20:40 +08:00
anytls
577c51a1f1
Update anytls 
Co-authored-by: anytls <anytls>
 2025-06-20 13:20:25 +08:00
世界
64db52f638
Fix DNS dialer 2025-06-20 13:20:25 +08:00
世界
1b6521f5f8
release: Skip override version for iOS 2025-06-20 13:20:25 +08:00
iikira
ec8821fc94
Fix UDP DNS server crash 
Signed-off-by: iikira <i2@mail.iikira.com>
 2025-06-20 13:20:25 +08:00
ReleTor
c90e0ad48d
Fix fetch ECH configs 2025-06-20 13:20:24 +08:00
世界
38676a2f06
Allow direct outbounds without domain_resolver 2025-06-20 13:20:24 +08:00
世界
8d2b641f92
Fix Tailscale dialer 2025-06-20 13:20:24 +08:00
dyhkwong
f0bf1f0ae8
Fix DNS over QUIC stream close 2025-06-20 13:20:24 +08:00
anytls
084071e882
Update anytls 
Co-authored-by: anytls <anytls>
 2025-06-20 13:20:24 +08:00
Rambling2076
90499e90de
Fix missing with_tailscale in Dockerfile 
Signed-off-by: Rambling2076 <Rambling2076@proton.me>
 2025-06-20 13:20:23 +08:00
世界
20055a362c
Fail when default DNS server not found 2025-06-20 13:20:23 +08:00
世界
376dd20254
Update gVisor to 20250319.0 2025-06-20 13:20:22 +08:00
世界
9a83c088b1
Explicitly reject detour to empty direct outbounds 2025-06-20 13:20:22 +08:00
世界
2b4c6f4ebb
Add netns support 2025-06-20 13:20:22 +08:00
世界
3ca6fee62f
Add wildcard name support for predefined records 2025-06-20 13:20:22 +08:00
世界
372ac544c8
Remove map usage in options 2025-06-20 13:20:22 +08:00
世界
138c1e4969
Fix unhandled DNS loop 2025-06-20 13:20:22 +08:00
世界
8a586db5f1
Add wildcard-sni support for shadow-tls inbound 2025-06-20 13:20:21 +08:00
k9982874
9959239b1a
Add ntp protocol sniffing 2025-06-20 13:20:13 +08:00
世界
4d96d78cd8
option: Fix marshal legacy DNS options 2025-06-20 13:20:13 +08:00
世界
d3d58b37e8
Make domain_resolver optional when only one DNS server is configured 2025-06-20 13:20:12 +08:00
世界
21e7bbdffc
Fix DNS lookup context pollution 2025-06-20 13:20:12 +08:00
世界
c0b6a876ff
Fix http3 DNS server connecting to wrong address 2025-06-20 13:20:12 +08:00
Restia-Ashbell
9b42c2efac
documentation: Fix typo 2025-06-20 13:20:12 +08:00
anytls
dc433869cd
Update sing-anytls 
Co-authored-by: anytls <anytls>
 2025-06-20 13:20:11 +08:00
k9982874
98db9aa3ec
Fix hosts DNS server 2025-06-20 13:20:11 +08:00
世界
46a7a2b457
Fix UDP DNS server crash 2025-06-20 13:20:11 +08:00
世界
279fa7379c
documentation: Fix missing ip_accept_any DNS rule option 2025-06-20 13:20:10 +08:00
世界
d896cbe623
Fix anytls dialer usage 2025-06-20 13:20:10 +08:00
世界
2b1d40c9b7
Move predefined DNS server to rule action 2025-06-20 13:20:10 +08:00
世界
ca304a9d6f
Fix domain resolver on direct outbound 2025-06-20 13:20:09 +08:00
Zephyruso
7bc733b5b1
Fix missing AnyTLS display name 2025-06-20 13:20:09 +08:00
anytls
a6a934a91b
Update sing-anytls 
Co-authored-by: anytls <anytls>
 2025-06-20 13:20:09 +08:00
Estel
cf5a34a318
documentation: Fix typo 
Signed-off-by: Estel <callmebedrockdigger@gmail.com>
 2025-06-20 13:20:08 +08:00
TargetLocked
9570568caa
Fix parsing legacy DNS options 2025-06-20 13:20:08 +08:00
世界
bf1962cfe4
Fix DNS fallback 2025-06-20 13:20:08 +08:00
世界
e6a07492d0
documentation: Fix missing hosts DNS server 2025-06-20 13:20:07 +08:00
anytls
36b12f4ab5
Add MinIdleSession option to AnyTLS outbound 
Co-authored-by: anytls <anytls>
 2025-06-20 13:20:07 +08:00
ReleTor
bc0cbef785
documentation: Minor fixes 2025-06-20 13:20:07 +08:00
libtry486
8dc7698c5f
documentation: Fix typo 
fix typo

Signed-off-by: libtry486 <89328481+libtry486@users.noreply.github.com>
 2025-06-20 13:20:06 +08:00
Alireza Ahmadi
cc59cb27e9
Fix Outbound deadlock 2025-06-20 13:20:06 +08:00
世界
0e1c8a1134
documentation: Fix AnyTLS doc 2025-06-20 13:20:06 +08:00
anytls
418f6fff49
Add AnyTLS protocol 2025-06-20 13:20:06 +08:00
世界
e5f87fab4b
Migrate to stdlib ECH support 2025-06-20 13:20:05 +08:00
世界
61e9a9f674
Add fallback local DNS server for iOS 2025-06-20 13:20:05 +08:00
世界
19fd3e836e
Get darwin local DNS server from libresolv 2025-06-20 13:20:05 +08:00
世界
78515fd9c7
Improve resolve action 2025-06-20 13:20:04 +08:00
世界
7506b2711c
Add back port hopping to hysteria 1 2025-06-20 13:20:04 +08:00
xchacha20-poly1305
07817df680
Remove single quotes of raw Moziila certs 2025-06-20 13:20:03 +08:00
世界
dc9b7c880d
Add Tailscale endpoint 2025-06-20 13:20:03 +08:00
世界
b79f1b2540
Build legacy binaries with latest Go 2025-06-20 13:20:03 +08:00
世界
7487fa28be
documentation: Remove outdated icons 2025-06-20 13:20:03 +08:00
世界
10c7c67e3c
documentation: Certificate store 2025-06-20 13:20:02 +08:00
世界
ca2a10f9f6
documentation: TLS fragment 2025-06-20 13:20:02 +08:00
世界
ddc6cdc3fb
documentation: Outbound domain resolver 2025-06-20 13:20:01 +08:00
世界
2e96569fef
documentation: Refactor DNS 2025-06-20 13:20:01 +08:00
世界
fe5ee7d31d
Add certificate store 2025-06-20 13:20:01 +08:00
世界
06c2824df9
Add TLS fragment support 2025-06-20 13:20:01 +08:00
世界
b28d19cfa7
refactor: Outbound domain resolver 2025-06-20 13:20:01 +08:00
世界
1709ad7f7f
refactor: DNS 2025-06-20 13:19:42 +08:00
世界
842f209da0
Fix log for rejected connections 2025-06-20 13:12:49 +08:00
43 changed files with 512 additions and 828 deletions
Show Stats Expand all files Collapse all files

16
.github/workflows/build.yml vendored
View File

@ -46,7 +46,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Check input version - name: Check input version
if: github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
run: |- run: |-
@ -109,7 +109,7 @@ jobs:
if: ${{ ! matrix.legacy_go }} if: ${{ ! matrix.legacy_go }}
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Cache Legacy Go - name: Cache Legacy Go
if: matrix.require_legacy_go if: matrix.require_legacy_go
id: cache-legacy-go id: cache-legacy-go
@ -294,7 +294,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Setup Android NDK - name: Setup Android NDK
id: setup-ndk id: setup-ndk
uses: nttld/setup-ndk@v1 uses: nttld/setup-ndk@v1
@ -374,7 +374,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Setup Android NDK - name: Setup Android NDK
id: setup-ndk id: setup-ndk
uses: nttld/setup-ndk@v1 uses: nttld/setup-ndk@v1
@ -472,15 +472,15 @@ jobs:
if: matrix.if if: matrix.if
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Setup Xcode stable - name: Setup Xcode stable
if: matrix.if && github.ref == 'refs/heads/main-next' if: matrix.if && github.ref == 'refs/heads/main-next'
run: |- run: |-
sudo xcode-select -s /Applications/Xcode_16.4.app sudo xcode-select -s /Applications/Xcode_16.2.app
- name: Setup Xcode beta - name: Setup Xcode beta
if: matrix.if && github.ref == 'refs/heads/dev-next' if: matrix.if && github.ref == 'refs/heads/dev-next'
run: |- run: |-
sudo xcode-select -s /Applications/Xcode_16.4.app sudo xcode-select -s /Applications/Xcode_16.2.app
- name: Set tag - name: Set tag
if: matrix.if if: matrix.if
run: |- run: |-
@ -615,7 +615,7 @@ jobs:
path: 'dist' path: 'dist'
upload: upload:
name: Upload builds name: Upload builds
if: "!failure() && github.event_name == 'workflow_dispatch' && (inputs.build == 'All' || inputs.build == 'Binary' || inputs.build == 'Android' || inputs.build == 'Apple' || inputs.build == 'macOS-standalone')" if: always() && github.event_name == 'workflow_dispatch' && (inputs.build == 'All' || inputs.build == 'Binary' || inputs.build == 'Android' || inputs.build == 'Apple' || inputs.build == 'macOS-standalone')
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- calculate_version - calculate_version

2
.github/workflows/lint.yml vendored
View File

@ -28,7 +28,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@v6 uses: golangci/golangci-lint-action@v6
with: with:

4
.github/workflows/linux.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Check input version - name: Check input version
if: github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
run: |- run: |-
@ -66,7 +66,7 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version: ^1.24.5 go-version: ^1.24
- name: Setup Android NDK - name: Setup Android NDK
if: matrix.os == 'android' if: matrix.os == 'android'
uses: nttld/setup-ndk@v1 uses: nttld/setup-ndk@v1

24
Makefile
View File

@ -108,16 +108,6 @@ upload_ios_app_store:
cd ../sing-box-for-apple && \ cd ../sing-box-for-apple && \
xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
export_ios_ipa:
cd ../sing-box-for-apple && \
xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Export.plist -allowProvisioningUpdates -exportPath build/SFI && \
cp build/SFI/sing-box.ipa dist/SFI.ipa
upload_ios_ipa:
cd dist && \
cp SFI.ipa "SFI-${VERSION}.ipa" && \
ghr --replace --draft --prerelease "v${VERSION}" "SFI-${VERSION}.ipa"
release_ios: build_ios upload_ios_app_store release_ios: build_ios upload_ios_app_store
build_macos: build_macos:
@ -185,16 +175,6 @@ upload_tvos_app_store:
cd ../sing-box-for-apple && \ cd ../sing-box-for-apple && \
xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
export_tvos_ipa:
cd ../sing-box-for-apple && \
xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Export.plist -allowProvisioningUpdates -exportPath build/SFT && \
cp build/SFT/sing-box.ipa dist/SFT.ipa
upload_tvos_ipa:
cd dist && \
cp SFT.ipa "SFT-${VERSION}.ipa" && \
ghr --replace --draft --prerelease "v${VERSION}" "SFT-${VERSION}.ipa"
release_tvos: build_tvos upload_tvos_app_store release_tvos: build_tvos upload_tvos_app_store
update_apple_version: update_apple_version:
@ -245,8 +225,8 @@ lib:
go run ./cmd/internal/build_libbox -target ios go run ./cmd/internal/build_libbox -target ios
lib_install: lib_install:
go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.7 go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.6
go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.7 go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.6
docs: docs:
venv/bin/mkdocs serve venv/bin/mkdocs serve

10
adapter/inbound.go
View File

@ -53,11 +53,11 @@ type InboundContext struct {
// sniffer // sniffer
Protocol string Protocol string
Domain string Domain string
Client string Client string
SniffContext any SniffContext any
SniffError error PacketSniffError error
// cache // cache

2
clients/android

@ -1 +1 @@
Subproject commit 7f1fa971e3c7bbc504c2bd455f4e813a562990cb Subproject commit eb2e13a6f9a8c03a35ae672395ccab0a6bdcd954

2
clients/apple

@ -1 +1 @@
Subproject commit f7883b0f3ec26c449cba26b3b1a692f070f5424d Subproject commit ae5818ee5a24af965dc91f80bffa16e1e6c109c1

2
cmd/internal/app_store_connect/main.go
View File

@ -177,7 +177,7 @@ func publishTestflight(ctx context.Context) error {
} }
log.Info(string(platform), " ", tag, " publish") log.Info(string(platform), " ", tag, " publish")
response, err := client.TestFlight.AddBuildsToBetaGroup(ctx, groupID, []string{build.ID}) response, err := client.TestFlight.AddBuildsToBetaGroup(ctx, groupID, []string{build.ID})
if response != nil && (response.StatusCode == http.StatusUnprocessableEntity || response.StatusCode == http.StatusNotFound) { if response != nil && response.StatusCode == http.StatusUnprocessableEntity {
log.Info("waiting for process") log.Info("waiting for process")
time.Sleep(15 * time.Second) time.Sleep(15 * time.Second)
continue continue

24
cmd/internal/build_libbox/main.go
View File

@ -16,17 +16,15 @@ import (
) )
var ( var (
debugEnabled bool debugEnabled bool
target string target string
platform string platform string
withTailscale bool
) )
func init() { func init() {
flag.BoolVar(&debugEnabled, "debug", false, "enable debug") flag.BoolVar(&debugEnabled, "debug", false, "enable debug")
flag.StringVar(&target, "target", "android", "target platform") flag.StringVar(&target, "target", "android", "target platform")
flag.StringVar(&platform, "platform", "", "specify platform") flag.StringVar(&platform, "platform", "", "specify platform")
flag.BoolVar(&withTailscale, "with-tailscale", false, "build tailscale for iOS and tvOS")
} }
func main() { func main() {
@ -46,9 +44,8 @@ var (
sharedFlags []string sharedFlags []string
debugFlags []string debugFlags []string
sharedTags []string sharedTags []string
darwinTags []string iosTags []string
memcTags []string memcTags []string
notMemcTags []string
debugTags []string debugTags []string
) )
@ -63,9 +60,8 @@ func init() {
debugFlags = append(debugFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag) debugFlags = append(debugFlags, "-ldflags", "-X github.com/sagernet/sing-box/constant.Version="+currentTag)
sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_utls", "with_clash_api", "with_conntrack") sharedTags = append(sharedTags, "with_gvisor", "with_quic", "with_wireguard", "with_utls", "with_clash_api", "with_conntrack")
darwinTags = append(darwinTags, "with_dhcp") iosTags = append(iosTags, "with_dhcp", "with_low_memory")
memcTags = append(memcTags, "with_tailscale") memcTags = append(memcTags, "with_tailscale")
notMemcTags = append(notMemcTags, "with_low_memory")
debugTags = append(debugTags, "debug") debugTags = append(debugTags, "debug")
} }
@ -155,10 +151,7 @@ func buildApple() {
"-v", "-v",
"-target", bindTarget, "-target", bindTarget,
"-libname=box", "-libname=box",
"-tags-not-macos=with_low_memory", "-tags-macos=" + strings.Join(memcTags, ","),
}
if !withTailscale {
args = append(args, "-tags-macos="+strings.Join(memcTags, ","))
} }
if !debugEnabled { if !debugEnabled {
@ -167,10 +160,7 @@ func buildApple() {
args = append(args, debugFlags...) args = append(args, debugFlags...)
} }
tags := append(sharedTags, darwinTags...) tags := append(sharedTags, iosTags...)
if withTailscale {
tags = append(tags, memcTags...)
}
if debugEnabled { if debugEnabled {
tags = append(tags, debugTags...) tags = append(tags, debugTags...)
} }

286
cmd/internal/tun_bench/main.go
View File

@ -1,286 +0,0 @@
package main
import (
"context"
"fmt"
"io"
"net/netip"
"os"
"os/exec"
"strings"
"syscall"
"time"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/include"
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing/common"
E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/json"
"github.com/sagernet/sing/common/shell"
)
var iperf3Path string
func main() {
err := main0()
if err != nil {
log.Fatal(err)
}
}
func main0() error {
err := shell.Exec("sudo", "ls").Run()
if err != nil {
return err
}
results, err := runTests()
if err != nil {
return err
}
encoder := json.NewEncoder(os.Stdout)
encoder.SetIndent("", " ")
return encoder.Encode(results)
}
func runTests() ([]TestResult, error) {
boxPaths := []string{
//"/Users/sekai/Downloads/sing-box-1.11.15-darwin-arm64/sing-box",
//"/Users/sekai/Downloads/sing-box-1.11.15-linux-arm64/sing-box",
"./sing-box",
}
stacks := []string{
"gvisor",
"system",
}
mtus := []int{
// 1500,
// 4064,
// 16384,
32768,
49152,
65535,
}
flagList := [][]string{
{},
}
var results []TestResult
for _, boxPath := range boxPaths {
for _, stack := range stacks {
for _, mtu := range mtus {
if strings.HasPrefix(boxPath, ".") {
for _, flags := range flagList {
result, err := testOnce(boxPath, stack, mtu, false, flags)
if err != nil {
return nil, err
}
results = append(results, *result)
}
} else {
result, err := testOnce(boxPath, stack, mtu, false, nil)
if err != nil {
return nil, err
}
results = append(results, *result)
}
}
}
}
return results, nil
}
type TestResult struct {
BoxPath string `json:"box_path"`
Stack string `json:"stack"`
MTU int `json:"mtu"`
Flags []string `json:"flags"`
MultiThread bool `json:"multi_thread"`
UploadSpeed string `json:"upload_speed"`
DownloadSpeed string `json:"download_speed"`
}
func testOnce(boxPath string, stackName string, mtu int, multiThread bool, flags []string) (result *TestResult, err error) {
testAddress := netip.MustParseAddr("1.1.1.1")
testConfig := option.Options{
Inbounds: []option.Inbound{
{
Type: C.TypeTun,
Options: &option.TunInboundOptions{
Address: []netip.Prefix{netip.MustParsePrefix("172.18.0.1/30")},
AutoRoute: true,
MTU: uint32(mtu),
Stack: stackName,
RouteAddress: []netip.Prefix{netip.PrefixFrom(testAddress, testAddress.BitLen())},
},
},
},
Route: &option.RouteOptions{
Rules: []option.Rule{
{
Type: C.RuleTypeDefault,
DefaultOptions: option.DefaultRule{
RawDefaultRule: option.RawDefaultRule{
IPCIDR: []string{testAddress.String()},
},
RuleAction: option.RuleAction{
Action: C.RuleActionTypeRouteOptions,
RouteOptionsOptions: option.RouteOptionsActionOptions{
OverrideAddress: "127.0.0.1",
},
},
},
},
},
AutoDetectInterface: true,
},
}
ctx := include.Context(context.Background())
tempConfig, err := os.CreateTemp("", "tun-bench-*.json")
if err != nil {
return
}
defer os.Remove(tempConfig.Name())
encoder := json.NewEncoderContext(ctx, tempConfig)
encoder.SetIndent("", " ")
err = encoder.Encode(testConfig)
if err != nil {
return nil, E.Cause(err, "encode test config")
}
tempConfig.Close()
var sudoArgs []string
if len(flags) > 0 {
sudoArgs = append(sudoArgs, "env")
for _, flag := range flags {
sudoArgs = append(sudoArgs, flag)
}
}
sudoArgs = append(sudoArgs, boxPath, "run", "-c", tempConfig.Name())
boxProcess := shell.Exec("sudo", sudoArgs...)
boxProcess.Stdout = &stderrWriter{}
boxProcess.Stderr = io.Discard
err = boxProcess.Start()
if err != nil {
return
}
if C.IsDarwin {
iperf3Path, err = exec.LookPath("iperf3-darwin")
} else {
iperf3Path, err = exec.LookPath("iperf3")
}
if err != nil {
return
}
serverProcess := shell.Exec(iperf3Path, "-s")
serverProcess.Stdout = io.Discard
serverProcess.Stderr = io.Discard
err = serverProcess.Start()
if err != nil {
return nil, E.Cause(err, "start iperf3 server")
}
time.Sleep(time.Second)
args := []string{"-c", testAddress.String(), "-t", "5"}
if multiThread {
args = append(args, "-P", "10")
}
uploadProcess := shell.Exec(iperf3Path, args...)
output, err := uploadProcess.Read()
if err != nil {
boxProcess.Process.Signal(syscall.SIGKILL)
serverProcess.Process.Signal(syscall.SIGKILL)
println(output)
return
}
uploadResult := common.SubstringBeforeLast(output, "iperf Done.")
uploadResult = common.SubstringBeforeLast(uploadResult, "sender")
uploadResult = common.SubstringBeforeLast(uploadResult, "bits/sec")
uploadResult = common.SubstringAfterLast(uploadResult, "Bytes")
uploadResult = strings.ReplaceAll(uploadResult, " ", "")
result = &TestResult{
BoxPath: boxPath,
Stack: stackName,
MTU: mtu,
Flags: flags,
MultiThread: multiThread,
UploadSpeed: uploadResult,
}
downloadProcess := shell.Exec(iperf3Path, append(args, "-R")...)
output, err = downloadProcess.Read()
if err != nil {
boxProcess.Process.Signal(syscall.SIGKILL)
serverProcess.Process.Signal(syscall.SIGKILL)
println(output)
return
}
downloadResult := common.SubstringBeforeLast(output, "iperf Done.")
downloadResult = common.SubstringBeforeLast(downloadResult, "receiver")
downloadResult = common.SubstringBeforeLast(downloadResult, "bits/sec")
downloadResult = common.SubstringAfterLast(downloadResult, "Bytes")
downloadResult = strings.ReplaceAll(downloadResult, " ", "")
result.DownloadSpeed = downloadResult
printArgs := []any{boxPath, stackName, mtu, "upload", uploadResult, "download", downloadResult}
if len(flags) > 0 {
printArgs = append(printArgs, "flags", strings.Join(flags, " "))
}
if multiThread {
printArgs = append(printArgs, "(-P 10)")
}
fmt.Println(printArgs...)
err = boxProcess.Process.Signal(syscall.SIGTERM)
if err != nil {
return
}
err = serverProcess.Process.Signal(syscall.SIGTERM)
if err != nil {
return
}
boxDone := make(chan struct{})
go func() {
boxProcess.Cmd.Wait()
close(boxDone)
}()
serverDone := make(chan struct{})
go func() {
serverProcess.Process.Wait()
close(serverDone)
}()
select {
case <-boxDone:
case <-time.After(2 * time.Second):
boxProcess.Process.Kill()
case <-time.After(4 * time.Second):
println("box process did not close!")
os.Exit(1)
}
select {
case <-serverDone:
case <-time.After(2 * time.Second):
serverProcess.Process.Kill()
case <-time.After(4 * time.Second):
println("server process did not close!")
os.Exit(1)
}
return
}
type stderrWriter struct{}
func (w *stderrWriter) Write(p []byte) (n int, err error) {
return os.Stderr.Write(p)
}

25
common/convertor/adguard/convertor.go
View File

@ -96,7 +96,7 @@ parseLine:
} }
if !ignored { if !ignored {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", originRuleLine) logger.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", ruleLine)
continue parseLine continue parseLine
} }
} }
@ -124,35 +124,34 @@ parseLine:
ruleLine = ruleLine[1 : len(ruleLine)-1] ruleLine = ruleLine[1 : len(ruleLine)-1]
if ignoreIPCIDRRegexp(ruleLine) { if ignoreIPCIDRRegexp(ruleLine) {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported rule with IPCIDR regexp: ", originRuleLine) logger.Debug("ignored unsupported rule with IPCIDR regexp: ", ruleLine)
continue continue
} }
isRegexp = true isRegexp = true
} else { } else {
if strings.Contains(ruleLine, "://") { if strings.Contains(ruleLine, "://") {
ruleLine = common.SubstringAfter(ruleLine, "://") ruleLine = common.SubstringAfter(ruleLine, "://")
isSuffix = true
} }
if strings.Contains(ruleLine, "/") { if strings.Contains(ruleLine, "/") {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported rule with path: ", originRuleLine) logger.Debug("ignored unsupported rule with path: ", ruleLine)
continue continue
} }
if strings.Contains(ruleLine, "?") || strings.Contains(ruleLine, "&") { if strings.Contains(ruleLine, "?") || strings.Contains(ruleLine, "&") {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported rule with query: ", originRuleLine) logger.Debug("ignored unsupported rule with query: ", ruleLine)
continue continue
} }
if strings.Contains(ruleLine, "[") || strings.Contains(ruleLine, "]") || if strings.Contains(ruleLine, "[") || strings.Contains(ruleLine, "]") ||
strings.Contains(ruleLine, "(") || strings.Contains(ruleLine, ")") || strings.Contains(ruleLine, "(") || strings.Contains(ruleLine, ")") ||
strings.Contains(ruleLine, "!") || strings.Contains(ruleLine, "#") { strings.Contains(ruleLine, "!") || strings.Contains(ruleLine, "#") {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported cosmetic filter: ", originRuleLine) logger.Debug("ignored unsupported cosmetic filter: ", ruleLine)
continue continue
} }
if strings.Contains(ruleLine, "~") { if strings.Contains(ruleLine, "~") {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported rule modifier: ", originRuleLine) logger.Debug("ignored unsupported rule modifier: ", ruleLine)
continue continue
} }
var domainCheck string var domainCheck string
@ -171,13 +170,13 @@ parseLine:
_, ipErr := parseADGuardIPCIDRLine(ruleLine) _, ipErr := parseADGuardIPCIDRLine(ruleLine)
if ipErr == nil { if ipErr == nil {
ignoredLines++ ignoredLines++
logger.Debug("ignored unsupported rule with IPCIDR: ", originRuleLine) logger.Debug("ignored unsupported rule with IPCIDR: ", ruleLine)
continue continue
} }
if M.ParseSocksaddr(domainCheck).Port != 0 { if M.ParseSocksaddr(domainCheck).Port != 0 {
logger.Debug("ignored unsupported rule with port: ", originRuleLine) logger.Debug("ignored unsupported rule with port: ", ruleLine)
} else { } else {
logger.Debug("ignored unsupported rule with invalid domain: ", originRuleLine) logger.Debug("ignored unsupported rule with invalid domain: ", ruleLine)
} }
ignoredLines++ ignoredLines++
continue continue
@ -408,9 +407,11 @@ func ignoreIPCIDRRegexp(ruleLine string) bool {
ruleLine = ruleLine[13:] ruleLine = ruleLine[13:]
} else if strings.HasPrefix(ruleLine, "^") { } else if strings.HasPrefix(ruleLine, "^") {
ruleLine = ruleLine[1:] ruleLine = ruleLine[1:]
} else {
return false
} }
return common.Error(strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)) == nil || _, parseErr := strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)
common.Error(strconv.ParseUint(common.SubstringBefore(ruleLine, "."), 10, 8)) == nil return parseErr == nil
} }
func parseAdGuardHostLine(ruleLine string) (string, error) { func parseAdGuardHostLine(ruleLine string) (string, error) {

49
common/tls/acme.go
View File

@ -5,13 +5,13 @@ package tls
import ( import (
"context" "context"
"crypto/tls" "crypto/tls"
"os"
"strings" "strings"
"github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter"
C "github.com/sagernet/sing-box/constant" C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/option" "github.com/sagernet/sing-box/option"
E "github.com/sagernet/sing/common/exceptions" E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
"github.com/caddyserver/certmagic" "github.com/caddyserver/certmagic"
"github.com/libdns/alidns" "github.com/libdns/alidns"
@ -37,38 +37,7 @@ func (w *acmeWrapper) Close() error {
return nil return nil
} }
type acmeLogWriter struct { func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
logger logger.Logger
}
func (w *acmeLogWriter) Write(p []byte) (n int, err error) {
logLine := strings.ReplaceAll(string(p), " ", ": ")
switch {
case strings.HasPrefix(logLine, "error: "):
w.logger.Error(logLine[7:])
case strings.HasPrefix(logLine, "warn: "):
w.logger.Warn(logLine[6:])
case strings.HasPrefix(logLine, "info: "):
w.logger.Info(logLine[6:])
case strings.HasPrefix(logLine, "debug: "):
w.logger.Debug(logLine[7:])
default:
w.logger.Debug(logLine)
}
return len(p), nil
}
func (w *acmeLogWriter) Sync() error {
return nil
}
func encoderConfig() zapcore.EncoderConfig {
config := zap.NewProductionEncoderConfig()
config.TimeKey = zapcore.OmitKey
return config
}
func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
var acmeServer string var acmeServer string
switch options.Provider { switch options.Provider {
case "", "letsencrypt": case "", "letsencrypt":
@ -89,15 +58,14 @@ func startACME(ctx context.Context, logger logger.Logger, options option.Inbound
} else { } else {
storage = certmagic.Default.Storage storage = certmagic.Default.Storage
} }
zapLogger := zap.New(zapcore.NewCore(
zapcore.NewConsoleEncoder(encoderConfig()),
&acmeLogWriter{logger: logger},
zap.DebugLevel,
))
config := &certmagic.Config{ config := &certmagic.Config{
DefaultServerName: options.DefaultServerName, DefaultServerName: options.DefaultServerName,
Storage: storage, Storage: storage,
Logger: zapLogger, Logger: zap.New(zapcore.NewCore(
zapcore.NewConsoleEncoder(zap.NewProductionEncoderConfig()),
os.Stderr,
zap.InfoLevel,
)),
} }
acmeConfig := certmagic.ACMEIssuer{ acmeConfig := certmagic.ACMEIssuer{
CA: acmeServer, CA: acmeServer,
@ -107,7 +75,7 @@ func startACME(ctx context.Context, logger logger.Logger, options option.Inbound
DisableTLSALPNChallenge: options.DisableTLSALPNChallenge, DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
AltHTTPPort: int(options.AlternativeHTTPPort), AltHTTPPort: int(options.AlternativeHTTPPort),
AltTLSALPNPort: int(options.AlternativeTLSPort), AltTLSALPNPort: int(options.AlternativeTLSPort),
Logger: zapLogger, Logger: config.Logger,
} }
if dnsOptions := options.DNS01Challenge; dnsOptions != nil && dnsOptions.Provider != "" { if dnsOptions := options.DNS01Challenge; dnsOptions != nil && dnsOptions.Provider != "" {
var solver certmagic.DNS01Solver var solver certmagic.DNS01Solver
@ -135,7 +103,6 @@ func startACME(ctx context.Context, logger logger.Logger, options option.Inbound
GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) { GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
return config, nil return config, nil
}, },
Logger: zapLogger,
}) })
config = certmagic.New(cache, *config) config = certmagic.New(cache, *config)
var tlsConfig *tls.Config var tlsConfig *tls.Config

3
common/tls/acme_stub.go
View File

@ -9,9 +9,8 @@ import (
"github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/option" "github.com/sagernet/sing-box/option"
E "github.com/sagernet/sing/common/exceptions" E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
) )
func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) { func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`) return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
} }

196
common/tls/ech_shared.go
View File

@ -1,11 +1,14 @@
package tls package tls
import ( import (
"crypto/ecdh" "bytes"
"crypto/rand" "encoding/binary"
"encoding/pem" "encoding/pem"
"golang.org/x/crypto/cryptobyte" E "github.com/sagernet/sing/common/exceptions"
"github.com/cloudflare/circl/hpke"
"github.com/cloudflare/circl/kem"
) )
type ECHCapableConfig interface { type ECHCapableConfig interface {
@ -14,68 +17,145 @@ type ECHCapableConfig interface {
SetECHConfigList([]byte) SetECHConfigList([]byte)
} }
func ECHKeygenDefault(publicName string) (configPem string, keyPem string, err error) { func ECHKeygenDefault(serverName string) (configPem string, keyPem string, err error) {
echKey, err := ecdh.X25519().GenerateKey(rand.Reader) cipherSuites := []echCipherSuite{
{
kdf: hpke.KDF_HKDF_SHA256,
aead: hpke.AEAD_AES128GCM,
}, {
kdf: hpke.KDF_HKDF_SHA256,
aead: hpke.AEAD_ChaCha20Poly1305,
},
}
keyConfig := []myECHKeyConfig{
{id: 0, kem: hpke.KEM_X25519_HKDF_SHA256},
}
keyPairs, err := echKeygen(0xfe0d, serverName, keyConfig, cipherSuites)
if err != nil { if err != nil {
return return
} }
echConfig, err := marshalECHConfig(0, echKey.PublicKey().Bytes(), publicName, 0)
if err != nil { var configBuffer bytes.Buffer
return var totalLen uint16
for _, keyPair := range keyPairs {
totalLen += uint16(len(keyPair.rawConf))
} }
configBuilder := cryptobyte.NewBuilder(nil) binary.Write(&configBuffer, binary.BigEndian, totalLen)
configBuilder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { for _, keyPair := range keyPairs {
builder.AddBytes(echConfig) configBuffer.Write(keyPair.rawConf)
})
configBytes, err := configBuilder.Bytes()
if err != nil {
return
} }
keyBuilder := cryptobyte.NewBuilder(nil)
keyBuilder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { var keyBuffer bytes.Buffer
builder.AddBytes(echKey.Bytes()) for _, keyPair := range keyPairs {
}) keyBuffer.Write(keyPair.rawKey)
keyBuilder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) {
builder.AddBytes(echConfig)
})
keyBytes, err := keyBuilder.Bytes()
if err != nil {
return
} }
configPem = string(pem.EncodeToMemory(&pem.Block{Type: "ECH CONFIGS", Bytes: configBytes}))
keyPem = string(pem.EncodeToMemory(&pem.Block{Type: "ECH KEYS", Bytes: keyBytes})) configPem = string(pem.EncodeToMemory(&pem.Block{Type: "ECH CONFIGS", Bytes: configBuffer.Bytes()}))
keyPem = string(pem.EncodeToMemory(&pem.Block{Type: "ECH KEYS", Bytes: keyBuffer.Bytes()}))
return return
} }
func marshalECHConfig(id uint8, pubKey []byte, publicName string, maxNameLen uint8) ([]byte, error) { type echKeyConfigPair struct {
const extensionEncryptedClientHello = 0xfe0d id uint8
const DHKEM_X25519_HKDF_SHA256 = 0x0020 rawKey []byte
const KDF_HKDF_SHA256 = 0x0001 conf myECHKeyConfig
builder := cryptobyte.NewBuilder(nil) rawConf []byte
builder.AddUint16(extensionEncryptedClientHello) }
builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) {
builder.AddUint8(id) type echCipherSuite struct {
kdf hpke.KDF
builder.AddUint16(DHKEM_X25519_HKDF_SHA256) // The only DHKEM we support aead hpke.AEAD
builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { }
builder.AddBytes(pubKey)
}) type myECHKeyConfig struct {
builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { id uint8
const ( kem hpke.KEM
AEAD_AES_128_GCM = 0x0001 seed []byte
AEAD_AES_256_GCM = 0x0002 }
AEAD_ChaCha20Poly1305 = 0x0003
) func echKeygen(version uint16, serverName string, conf []myECHKeyConfig, suite []echCipherSuite) ([]echKeyConfigPair, error) {
for _, aeadID := range []uint16{AEAD_AES_128_GCM, AEAD_AES_256_GCM, AEAD_ChaCha20Poly1305} { be := binary.BigEndian
builder.AddUint16(KDF_HKDF_SHA256) // The only KDF we support // prepare for future update
builder.AddUint16(aeadID) if version != 0xfe0d {
} return nil, E.New("unsupported ECH version", version)
}) }
builder.AddUint8(maxNameLen)
builder.AddUint8LengthPrefixed(func(builder *cryptobyte.Builder) { suiteBuf := make([]byte, 0, len(suite)*4+2)
builder.AddBytes([]byte(publicName)) suiteBuf = be.AppendUint16(suiteBuf, uint16(len(suite))*4)
}) for _, s := range suite {
builder.AddUint16(0) // extensions if !s.kdf.IsValid() || !s.aead.IsValid() {
}) return nil, E.New("invalid HPKE cipher suite")
return builder.Bytes() }
suiteBuf = be.AppendUint16(suiteBuf, uint16(s.kdf))
suiteBuf = be.AppendUint16(suiteBuf, uint16(s.aead))
}
pairs := []echKeyConfigPair{}
for _, c := range conf {
pair := echKeyConfigPair{}
pair.id = c.id
pair.conf = c
if !c.kem.IsValid() {
return nil, E.New("invalid HPKE KEM")
}
kpGenerator := c.kem.Scheme().GenerateKeyPair
if len(c.seed) > 0 {
kpGenerator = func() (kem.PublicKey, kem.PrivateKey, error) {
pub, sec := c.kem.Scheme().DeriveKeyPair(c.seed)
return pub, sec, nil
}
if len(c.seed) < c.kem.Scheme().PrivateKeySize() {
return nil, E.New("HPKE KEM seed too short")
}
}
pub, sec, err := kpGenerator()
if err != nil {
return nil, E.Cause(err, "generate ECH config key pair")
}
b := []byte{}
b = be.AppendUint16(b, version)
b = be.AppendUint16(b, 0) // length field
// contents
// key config
b = append(b, c.id)
b = be.AppendUint16(b, uint16(c.kem))
pubBuf, err := pub.MarshalBinary()
if err != nil {
return nil, E.Cause(err, "serialize ECH public key")
}
b = be.AppendUint16(b, uint16(len(pubBuf)))
b = append(b, pubBuf...)
b = append(b, suiteBuf...)
// end key config
// max name len, not supported
b = append(b, 0)
// server name
b = append(b, byte(len(serverName)))
b = append(b, []byte(serverName)...)
// extensions, not supported
b = be.AppendUint16(b, 0)
be.PutUint16(b[2:], uint16(len(b)-4))
pair.rawConf = b
secBuf, err := sec.MarshalBinary()
if err != nil {
return nil, E.Cause(err, "serialize ECH private key")
}
sk := []byte{}
sk = be.AppendUint16(sk, uint16(len(secBuf)))
sk = append(sk, secBuf...)
sk = be.AppendUint16(sk, uint16(len(b)))
sk = append(sk, b...)
pair.rawKey = sk
pairs = append(pairs, pair)
}
return pairs, nil
} }

4
common/tls/std_client.go
View File

@ -86,16 +86,12 @@ func NewSTDClient(ctx context.Context, serverAddress string, options option.Outb
tlsConfig.InsecureSkipVerify = true tlsConfig.InsecureSkipVerify = true
tlsConfig.VerifyConnection = func(state tls.ConnectionState) error { tlsConfig.VerifyConnection = func(state tls.ConnectionState) error {
verifyOptions := x509.VerifyOptions{ verifyOptions := x509.VerifyOptions{
Roots: tlsConfig.RootCAs,
DNSName: serverName, DNSName: serverName,
Intermediates: x509.NewCertPool(), Intermediates: x509.NewCertPool(),
} }
for _, cert := range state.PeerCertificates[1:] { for _, cert := range state.PeerCertificates[1:] {
verifyOptions.Intermediates.AddCert(cert) verifyOptions.Intermediates.AddCert(cert)
} }
if tlsConfig.Time != nil {
verifyOptions.CurrentTime = tlsConfig.Time()
}
_, err := state.PeerCertificates[0].Verify(verifyOptions) _, err := state.PeerCertificates[0].Verify(verifyOptions)
return err return err
} }

2
common/tls/std_server.go
View File

@ -169,7 +169,7 @@ func NewSTDServer(ctx context.Context, logger log.Logger, options option.Inbound
var err error var err error
if options.ACME != nil && len(options.ACME.Domain) > 0 { if options.ACME != nil && len(options.ACME.Domain) > 0 {
//nolint:staticcheck //nolint:staticcheck
tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME)) tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME))
if err != nil { if err != nil {
return nil, err return nil, err
} }

9
common/tls/time_wrapper.go
View File

@ -11,13 +11,10 @@ type TimeServiceWrapper struct {
} }
func (w *TimeServiceWrapper) TimeFunc() func() time.Time { func (w *TimeServiceWrapper) TimeFunc() func() time.Time {
return func() time.Time { if w.TimeService == nil {
if w.TimeService != nil { return nil
return w.TimeService.TimeFunc()()
} else {
return time.Now()
}
} }
return w.TimeService.TimeFunc()
} }
func (w *TimeServiceWrapper) Upstream() any { func (w *TimeServiceWrapper) Upstream() any {

9
common/tls/utls_client.go
View File

@ -145,16 +145,11 @@ func NewUTLSClient(ctx context.Context, serverAddress string, options option.Out
var tlsConfig utls.Config var tlsConfig utls.Config
tlsConfig.Time = ntp.TimeFuncFromContext(ctx) tlsConfig.Time = ntp.TimeFuncFromContext(ctx)
tlsConfig.RootCAs = adapter.RootPoolFromContext(ctx) tlsConfig.RootCAs = adapter.RootPoolFromContext(ctx)
if !options.DisableSNI { tlsConfig.ServerName = serverName
tlsConfig.ServerName = serverName
}
if options.Insecure { if options.Insecure {
tlsConfig.InsecureSkipVerify = options.Insecure tlsConfig.InsecureSkipVerify = options.Insecure
} else if options.DisableSNI { } else if options.DisableSNI {
if options.Reality != nil && options.Reality.Enabled { return nil, E.New("disable_sni is unsupported in uTLS")
return nil, E.New("disable_sni is unsupported in reality")
}
tlsConfig.InsecureServerNameToVerify = serverName
} }
if len(options.ALPN) > 0 { if len(options.ALPN) > 0 {
tlsConfig.NextProtos = options.ALPN tlsConfig.NextProtos = options.ALPN

2
common/tlsfragment/conn.go
View File

@ -45,7 +45,7 @@ func (c *Conn) Write(b []byte) (n int, err error) {
defer func() { defer func() {
c.firstPacketWritten = true c.firstPacketWritten = true
}() }()
serverName := IndexTLSServerName(b) serverName := indexTLSServerName(b)
if serverName != nil { if serverName != nil {
if c.splitPacket { if c.splitPacket {
if c.tcpConn != nil { if c.tcpConn != nil {

46
common/tlsfragment/index.go
View File

@ -22,13 +22,13 @@ const (
tls13 uint16 = 0x0304 tls13 uint16 = 0x0304
) )
type MyServerName struct { type myServerName struct {
Index int Index int
Length int Length int
ServerName string ServerName string
} }
func IndexTLSServerName(payload []byte) *MyServerName { func indexTLSServerName(payload []byte) *myServerName {
if len(payload) < recordLayerHeaderLen || payload[0] != contentType { if len(payload) < recordLayerHeaderLen || payload[0] != contentType {
return nil return nil
} }
@ -36,48 +36,47 @@ func IndexTLSServerName(payload []byte) *MyServerName {
if len(payload) < recordLayerHeaderLen+int(segmentLen) { if len(payload) < recordLayerHeaderLen+int(segmentLen) {
return nil return nil
} }
serverName := indexTLSServerNameFromHandshake(payload[recordLayerHeaderLen:]) serverName := indexTLSServerNameFromHandshake(payload[recordLayerHeaderLen : recordLayerHeaderLen+int(segmentLen)])
if serverName == nil { if serverName == nil {
return nil return nil
} }
serverName.Index += recordLayerHeaderLen serverName.Length += recordLayerHeaderLen
return serverName return serverName
} }
func indexTLSServerNameFromHandshake(handshake []byte) *MyServerName { func indexTLSServerNameFromHandshake(hs []byte) *myServerName {
if len(handshake) < handshakeHeaderLen+randomDataLen+sessionIDHeaderLen { if len(hs) < handshakeHeaderLen+randomDataLen+sessionIDHeaderLen {
return nil return nil
} }
if handshake[0] != handshakeType { if hs[0] != handshakeType {
return nil return nil
} }
handshakeLen := uint32(handshake[1])<<16 | uint32(handshake[2])<<8 | uint32(handshake[3]) handshakeLen := uint32(hs[1])<<16 | uint32(hs[2])<<8 | uint32(hs[3])
if len(handshake[4:]) != int(handshakeLen) { if len(hs[4:]) != int(handshakeLen) {
return nil return nil
} }
tlsVersion := uint16(handshake[4])<<8 | uint16(handshake[5]) tlsVersion := uint16(hs[4])<<8 | uint16(hs[5])
if tlsVersion&tlsVersionBitmask != 0x0300 && tlsVersion != tls13 { if tlsVersion&tlsVersionBitmask != 0x0300 && tlsVersion != tls13 {
return nil return nil
} }
sessionIDLen := handshake[38] sessionIDLen := hs[38]
currentIndex := handshakeHeaderLen + randomDataLen + sessionIDHeaderLen + int(sessionIDLen) if len(hs) < handshakeHeaderLen+randomDataLen+sessionIDHeaderLen+int(sessionIDLen) {
if len(handshake) < currentIndex {
return nil return nil
} }
cipherSuites := handshake[currentIndex:] cs := hs[handshakeHeaderLen+randomDataLen+sessionIDHeaderLen+int(sessionIDLen):]
if len(cipherSuites) < cipherSuiteHeaderLen { if len(cs) < cipherSuiteHeaderLen {
return nil return nil
} }
csLen := uint16(cipherSuites[0])<<8 | uint16(cipherSuites[1]) csLen := uint16(cs[0])<<8 | uint16(cs[1])
if len(cipherSuites) < cipherSuiteHeaderLen+int(csLen)+compressMethodHeaderLen { if len(cs) < cipherSuiteHeaderLen+int(csLen)+compressMethodHeaderLen {
return nil return nil
} }
compressMethodLen := uint16(cipherSuites[cipherSuiteHeaderLen+int(csLen)]) compressMethodLen := uint16(cs[cipherSuiteHeaderLen+int(csLen)])
currentIndex += cipherSuiteHeaderLen + int(csLen) + compressMethodHeaderLen + int(compressMethodLen) if len(cs) < cipherSuiteHeaderLen+int(csLen)+compressMethodHeaderLen+int(compressMethodLen) {
if len(handshake) < currentIndex {
return nil return nil
} }
serverName := indexTLSServerNameFromExtensions(handshake[currentIndex:]) currentIndex := cipherSuiteHeaderLen + int(csLen) + compressMethodHeaderLen + int(compressMethodLen)
serverName := indexTLSServerNameFromExtensions(cs[currentIndex:])
if serverName == nil { if serverName == nil {
return nil return nil
} }
@ -85,7 +84,7 @@ func indexTLSServerNameFromHandshake(handshake []byte) *MyServerName {
return serverName return serverName
} }
func indexTLSServerNameFromExtensions(exs []byte) *MyServerName { func indexTLSServerNameFromExtensions(exs []byte) *myServerName {
if len(exs) == 0 { if len(exs) == 0 {
return nil return nil
} }
@ -119,8 +118,7 @@ func indexTLSServerNameFromExtensions(exs []byte) *MyServerName {
} }
sniLen := uint16(sex[3])<<8 | uint16(sex[4]) sniLen := uint16(sex[3])<<8 | uint16(sex[4])
sex = sex[sniExtensionHeaderLen:] sex = sex[sniExtensionHeaderLen:]
return &myServerName{
return &MyServerName{
Index: currentIndex + extensionHeaderLen + sniExtensionHeaderLen, Index: currentIndex + extensionHeaderLen + sniExtensionHeaderLen,
Length: int(sniLen), Length: int(sniLen),
ServerName: string(sex), ServerName: string(sex),

20
common/tlsfragment/index_test.go
View File

@ -1,20 +0,0 @@
package tf_test
import (
"encoding/hex"
"testing"
"github.com/sagernet/sing-box/common/tlsfragment"
"github.com/stretchr/testify/require"
)
func TestIndexTLSServerName(t *testing.T) {
t.Parallel()
payload, err := hex.DecodeString("16030105f8010005f403036e35de7389a679c54029cf452611f2211c70d9ac3897271de589ab6155f8e4ab20637d225f1ef969ad87ed78bfb9d171300bcb1703b6f314ccefb964f79b7d0961002a0a0a130213031301c02cc02bcca9c030c02fcca8c00ac009c014c013009d009c0035002fc008c012000a01000581baba00000000000f000d00000a6769746875622e636f6d00170000ff01000100000a000e000c3a3a11ec001d001700180019000b000201000010000e000c02683208687474702f312e31000500050100000000000d00160014040308040401050308050805050108060601020100120000003304ef04ed3a3a00010011ec04c0aeb2250c092a3463161cccb29d9183331a424964248579507ed23a180b0ceab2a5f5d9ce41547e497a89055471ea572867ba3a1fc3c9e45025274a20f60c6b60e62476b6afed0403af59ab83660ef4112ae20386a602010d0a5d454c0ed34c84ed4423e750213e6a2baab1bf9c4367a6007ab40a33d95220c2dcaa44f257024a5626b545db0510f4311b1a60714154909c6a61fdfca011fb2626d657aeb6070bf078508babe3b584555013e34acc56198ed4663742b3155a664a9901794c4586820a7dc162c01827291f3792e1237f801a8d1ef096013c181c4a58d2f6859ba75022d18cc4418bd4f351d5c18f83a58857d05af860c4b9ac018a5b63f17184e591532c6bc2cf2215d4a282c8a8a4f6f7aee110422c8bc9ebd3b1d609c568523aaae555db320e6c269473d87af38c256cbb9febc20aea6380c32a8916f7a373c8b1e37554e3260bf6621f6b804ee80b3c516b1d01985bf4c603b6daa9a5991de6a7a29f3a7122b8afb843a7660110fce62b43c615f5bcc2db688ba012649c0952b0a2c031e732d2b454c6b2968683cb8d244be2c9a7fa163222979eaf92722b92b862d81a3d94450c2b60c318421ebb4307c42d1f0473592a5c30e42039cc68cda9721e61aa63f49def17c15221680ed444896340133bbee67556f56b9f9d78a4df715f926a12add0cc9c862e46ea8b7316ae468282c18601b2771c9c9322f982228cf93effaacd3f80cbd12bce5fc36f56e2a3caf91e578a5fae00c9b23a8ed1a66764f4433c3628a70b8f0a6196adc60a4cb4226f07ba4c6b363fe9065563bfc1347452946386bab488686e837ab979c64f9047417fca635fe1bb4f074f256cc8af837c7b455e280426547755af90a61640169ef180aea3a77e662bb6dac1b6c3696027129b1a5edf495314e9c7f4b6110e16378ec893fa24642330a40aba1a85326101acb97c620fd8d71389e69eaed7bdb01bbe1fd428d66191150c7b2cd1ad4257391676a82ba8ce07fb2667c3b289f159003a7c7bc31d361b7b7f49a802961739d950dfcc0fa1c7abce5abdd2245101da391151490862028110465950b9e9c03d08a90998ab83267838d2e74a0593bc81f74cdf734519a05b351c0e5488c68dd810e6e9142ccc1e2f4a7f464297eb340e27acc6b9d64e12e38cce8492b3d939140b5a9e149a75597f10a23874c84323a07cdd657274378f887c85c4259b9c04cd33ba58ed630ef2a744f8e19dd34843dff331d2a6be7e2332c599289cd248a611c73d7481cd4a9bd43449a3836f14b2af18a1739e17999e4c67e85cc5bcecabb14185e5bcaff3c96098f03dc5aba819f29587758f49f940585354a2a780830528d68ccd166920dadcaa25cab5fc1907272a826aba3f08bc6b88757776812ecb6c7cec69a223ec0a13a7b62a2349a0f63ed7a27a3b15ba21d71fe6864ec6e089ae17cadd433fa3138f7ee24353c11365818f8fc34f43a05542d18efaac24bfccc1f748a0cc1a67ad379468b76fd34973dba785f5c91d618333cd810fe0700d1bbc8422029782628070a624c52c5309a4a64d625b11f8033ab28df34a1add297517fcc06b92b6817b3c5144438cf260867c57bde68c8c4b82e6a135ef676a52fbae5708002a404e6189a60e2836de565ad1b29e3819e5ed49f6810bcb28e1bd6de57306f94b79d9dae1cc4624d2a068499beef81cd5fe4b76dcbfff2a2008001d002001976128c6d5a934533f28b9914d2480aab2a8c1ab03d212529ce8b27640a716002d00020101002b000706caca03040303001b00030200015a5a000100")
require.NoError(t, err)
serverName := tf.IndexTLSServerName(payload)
require.NotNil(t, serverName)
require.Equal(t, serverName.ServerName, string(payload[serverName.Index:serverName.Index+serverName.Length]))
require.Equal(t, "github.com", serverName.ServerName)
}

26
dns/client.go
View File

@ -195,13 +195,8 @@ func (c *Client) Exchange(ctx context.Context, transport adapter.DNSTransport, m
} }
}*/ }*/
if responseChecker != nil { if responseChecker != nil {
var rejected bool addr, addrErr := MessageToAddresses(response)
if !(response.Rcode == dns.RcodeSuccess || response.Rcode == dns.RcodeNameError) { if addrErr != nil || !responseChecker(addr) {
rejected = true
} else {
rejected = !responseChecker(MessageToAddresses(response))
}
if rejected {
if c.rdrc != nil { if c.rdrc != nil {
c.rdrc.SaveRDRCAsync(transport.Tag(), question.Name, question.Qtype, c.logger) c.rdrc.SaveRDRCAsync(transport.Tag(), question.Name, question.Qtype, c.logger)
} }
@ -425,10 +420,7 @@ func (c *Client) lookupToExchange(ctx context.Context, transport adapter.DNSTran
if err != nil { if err != nil {
return nil, err return nil, err
} }
if response.Rcode != dns.RcodeSuccess { return MessageToAddresses(response)
return nil, RcodeError(response.Rcode)
}
return MessageToAddresses(response), nil
} }
func (c *Client) questionCache(question dns.Question, transport adapter.DNSTransport) ([]netip.Addr, error) { func (c *Client) questionCache(question dns.Question, transport adapter.DNSTransport) ([]netip.Addr, error) {
@ -436,10 +428,7 @@ func (c *Client) questionCache(question dns.Question, transport adapter.DNSTrans
if response == nil { if response == nil {
return nil, ErrNotCached return nil, ErrNotCached
} }
if response.Rcode != dns.RcodeSuccess { return MessageToAddresses(response)
return nil, RcodeError(response.Rcode)
}
return MessageToAddresses(response), nil
} }
func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransport) (*dns.Msg, int) { func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransport) (*dns.Msg, int) {
@ -516,7 +505,10 @@ func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransp
} }
} }
func MessageToAddresses(response *dns.Msg) []netip.Addr { func MessageToAddresses(response *dns.Msg) ([]netip.Addr, error) {
if response.Rcode != dns.RcodeSuccess {
return nil, RcodeError(response.Rcode)
}
addresses := make([]netip.Addr, 0, len(response.Answer)) addresses := make([]netip.Addr, 0, len(response.Answer))
for _, rawAnswer := range response.Answer { for _, rawAnswer := range response.Answer {
switch answer := rawAnswer.(type) { switch answer := rawAnswer.(type) {
@ -532,7 +524,7 @@ func MessageToAddresses(response *dns.Msg) []netip.Addr {
} }
} }
} }
return addresses return addresses, nil
} }
func wrapError(err error) error { func wrapError(err error) error {

37
dns/transport/https.go
View File

@ -3,15 +3,11 @@ package transport
import ( import (
"bytes" "bytes"
"context" "context"
"errors"
"io" "io"
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
"os"
"strconv" "strconv"
"sync"
"time"
"github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/common/dialer" "github.com/sagernet/sing-box/common/dialer"
@ -43,13 +39,11 @@ func RegisterHTTPS(registry *dns.TransportRegistry) {
type HTTPSTransport struct { type HTTPSTransport struct {
dns.TransportAdapter dns.TransportAdapter
logger logger.ContextLogger logger logger.ContextLogger
dialer N.Dialer dialer N.Dialer
destination *url.URL destination *url.URL
headers http.Header headers http.Header
transportAccess sync.Mutex transport *http.Transport
transport *http.Transport
transportResetAt time.Time
} }
func NewHTTPS(ctx context.Context, logger log.ContextLogger, tag string, options option.RemoteHTTPSDNSServerOptions) (adapter.DNSTransport, error) { func NewHTTPS(ctx context.Context, logger log.ContextLogger, tag string, options option.RemoteHTTPSDNSServerOptions) (adapter.DNSTransport, error) {
@ -167,33 +161,12 @@ func (t *HTTPSTransport) Start(stage adapter.StartStage) error {
} }
func (t *HTTPSTransport) Close() error { func (t *HTTPSTransport) Close() error {
t.transportAccess.Lock()
defer t.transportAccess.Unlock()
t.transport.CloseIdleConnections() t.transport.CloseIdleConnections()
t.transport = t.transport.Clone() t.transport = t.transport.Clone()
return nil return nil
} }
func (t *HTTPSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) { func (t *HTTPSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) {
startAt := time.Now()
response, err := t.exchange(ctx, message)
if err != nil {
if errors.Is(err, os.ErrDeadlineExceeded) {
t.transportAccess.Lock()
defer t.transportAccess.Unlock()
if t.transportResetAt.After(startAt) {
return nil, err
}
t.transport.CloseIdleConnections()
t.transport = t.transport.Clone()
t.transportResetAt = time.Now()
}
return nil, err
}
return response, nil
}
func (t *HTTPSTransport) exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) {
exMessage := *message exMessage := *message
exMessage.Id = 0 exMessage.Id = 0
exMessage.Compress = true exMessage.Compress = true

7
dns/transport/local/local.go
View File

@ -3,6 +3,7 @@ package local
import ( import (
"context" "context"
"math/rand" "math/rand"
"net/netip"
"time" "time"
"github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/adapter"
@ -90,9 +91,9 @@ func (t *Transport) exchangeParallel(ctx context.Context, systemConfig *dnsConfi
startRacer := func(ctx context.Context, fqdn string) { startRacer := func(ctx context.Context, fqdn string) {
response, err := t.tryOneName(ctx, systemConfig, fqdn, message) response, err := t.tryOneName(ctx, systemConfig, fqdn, message)
if err == nil { if err == nil {
if response.Rcode != mDNS.RcodeSuccess { var addresses []netip.Addr
err = dns.RcodeError(response.Rcode) addresses, err = dns.MessageToAddresses(response)
} else if len(dns.MessageToAddresses(response)) == 0 { if err == nil && len(addresses) == 0 {
err = E.New(fqdn, ": empty result") err = E.New(fqdn, ": empty result")
} }
} }

11
dns/transport/local/resolv_darwin_cgo.go
View File

@ -20,8 +20,7 @@ import (
) )
func dnsReadConfig(_ context.Context, _ string) *dnsConfig { func dnsReadConfig(_ context.Context, _ string) *dnsConfig {
var state C.res_state if C.res_init() != 0 {
if C.res_ninit(state) != 0 {
return &dnsConfig{ return &dnsConfig{
servers: defaultNS, servers: defaultNS,
search: dnsDefaultSearch(), search: dnsDefaultSearch(),
@ -34,10 +33,10 @@ func dnsReadConfig(_ context.Context, _ string) *dnsConfig {
conf := &dnsConfig{ conf := &dnsConfig{
ndots: 1, ndots: 1,
timeout: 5 * time.Second, timeout: 5 * time.Second,
attempts: int(state.retry), attempts: int(C._res.retry),
} }
for i := 0; i < int(state.nscount); i++ { for i := 0; i < int(C._res.nscount); i++ {
ns := state.nsaddr_list[i] ns := C._res.nsaddr_list[i]
addr := C.inet_ntoa(ns.sin_addr) addr := C.inet_ntoa(ns.sin_addr)
if addr == nil { if addr == nil {
continue continue
@ -45,7 +44,7 @@ func dnsReadConfig(_ context.Context, _ string) *dnsConfig {
conf.servers = append(conf.servers, C.GoString(addr)) conf.servers = append(conf.servers, C.GoString(addr))
} }
for i := 0; ; i++ { for i := 0; ; i++ {
search := state.dnsrch[i] search := C._res.dnsrch[i]
if search == nil { if search == nil {
break break
} }

16
dns/transport/udp.go
View File

@ -60,7 +60,7 @@ func NewUDPRaw(logger logger.ContextLogger, adapter dns.TransportAdapter, dialer
logger: logger, logger: logger,
dialer: dialer, dialer: dialer,
serverAddr: serverAddr, serverAddr: serverAddr,
udpSize: 2048, udpSize: 512,
tcpTransport: &TCPTransport{ tcpTransport: &TCPTransport{
dialer: dialer, dialer: dialer,
serverAddr: serverAddr, serverAddr: serverAddr,
@ -97,19 +97,15 @@ func (t *UDPTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M
} }
func (t *UDPTransport) exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) { func (t *UDPTransport) exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) {
t.access.Lock()
if edns0Opt := message.IsEdns0(); edns0Opt != nil {
if udpSize := int(edns0Opt.UDPSize()); udpSize > t.udpSize {
t.udpSize = udpSize
close(t.done)
t.done = make(chan struct{})
}
}
t.access.Unlock()
conn, err := t.open(ctx) conn, err := t.open(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if edns0Opt := message.IsEdns0(); edns0Opt != nil {
if udpSize := int(edns0Opt.UDPSize()); udpSize > t.udpSize {
t.udpSize = udpSize
}
}
buffer := buf.NewSize(1 + message.Len()) buffer := buf.NewSize(1 + message.Len())
defer buffer.Release() defer buffer.Release()
exMessage := *message exMessage := *message

18
docs/changelog.md
View File

@ -2,26 +2,10 @@
icon: material/alert-decagram icon: material/alert-decagram
--- ---
#### 1.12.0-rc.3 #### 1.12.0-beta.27
* Fixes and improvements * Fixes and improvements
### 1.11.15
* Fixes and improvements
_We are temporarily unable to update sing-box apps on the App Store because the reviewer mistakenly found that we
violated the rules (TestFlight users are not affected)._
#### 1.12.0-beta.32
* Improve tun performance on Apple platforms **1**
* Fixes and improvements
**1**:
We have significantly improved the performance of tun inbound on Apple platforms, especially in the gVisor stack.
### 1.11.14 ### 1.11.14
* Fixes and improvements * Fixes and improvements

2
docs/configuration/endpoint/index.zh.md
View File

@ -25,7 +25,7 @@ icon: material/new-box
| 类型 | 格式 | | 类型 | 格式 |
|-------------|---------------------------| |-------------|---------------------------|
| `wireguard` | [WireGuard](./wireguard/) | | `wireguard` | [WireGuard](./wiregaurd/) |
| `tailscale` | [Tailscale](./tailscale/) | | `tailscale` | [Tailscale](./tailscale/) |
#### tag #### tag

2
docs/configuration/experimental/clash-api.md
View File

@ -59,7 +59,7 @@
{ {
"external_controller": "0.0.0.0:9090", "external_controller": "0.0.0.0:9090",
"external_ui": "dashboard" "external_ui": "dashboard"
// "external_ui_download_detour": "direct" // external_ui_download_detour: "direct"
} }
``` ```

2
docs/configuration/experimental/clash-api.zh.md
View File

@ -59,7 +59,7 @@
{ {
"external_controller": "0.0.0.0:9090", "external_controller": "0.0.0.0:9090",
"external_ui": "dashboard" "external_ui": "dashboard"
// "external_ui_download_detour": "direct" // external_ui_download_detour: "direct"
} }
``` ```

4
docs/configuration/inbound/tun.md
View File

@ -64,7 +64,7 @@ icon: material/new-box
"auto_redirect_input_mark": "0x2023", "auto_redirect_input_mark": "0x2023",
"auto_redirect_output_mark": "0x2024", "auto_redirect_output_mark": "0x2024",
"loopback_address": [ "loopback_address": [
"10.7.0.1" "10.0.7.1"
], ],
"strict_route": true, "strict_route": true,
"route_address": [ "route_address": [
@ -284,7 +284,7 @@ Connection output mark used by `auto_redirect`.
Loopback addresses make TCP connections to the specified address connect to the source address. Loopback addresses make TCP connections to the specified address connect to the source address.
Setting option value to `10.7.0.1` achieves the same behavior as SideStore/StosVPN. Setting option value to `10.0.7.1` achieves the same behavior as SideStore/StosVPN.
When `auto_redirect` is enabled, the same behavior can be achieved for LAN devices (not just local) as a gateway. When `auto_redirect` is enabled, the same behavior can be achieved for LAN devices (not just local) as a gateway.

4
docs/configuration/inbound/tun.zh.md
View File

@ -64,7 +64,7 @@ icon: material/new-box
"auto_redirect_input_mark": "0x2023", "auto_redirect_input_mark": "0x2023",
"auto_redirect_output_mark": "0x2024", "auto_redirect_output_mark": "0x2024",
"loopback_address": [ "loopback_address": [
"10.7.0.1" "10.0.7.1"
], ],
"strict_route": true, "strict_route": true,
"route_address": [ "route_address": [
@ -283,7 +283,7 @@ tun 接口的 IPv6 前缀。
环回地址是用于使指向指定地址的 TCP 连接连接到来源地址的。 环回地址是用于使指向指定地址的 TCP 连接连接到来源地址的。
将选项值设置为 `10.7.0.1` 可实现与 SideStore/StosVPN 相同的行为。 将选项值设置为 `10.0.7.1` 可实现与 SideStore/StosVPN 相同的行为。
当启用 `auto_redirect` 时,可以作为网关为局域网设备(而不仅仅是本地)实现相同的行为。 当启用 `auto_redirect` 时,可以作为网关为局域网设备(而不仅仅是本地)实现相同的行为。

229
docs/manual/proxy/client.md
View File

@ -94,13 +94,18 @@ flowchart TB
"servers": [ "servers": [
{ {
"tag": "google", "tag": "google",
"type": "tls", "address": "tls://8.8.8.8"
"server": "8.8.8.8"
}, },
{ {
"tag": "local", "tag": "local",
"type": "udp", "address": "223.5.5.5",
"server": "223.5.5.5" "detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "local"
} }
], ],
"strategy": "ipv4_only" "strategy": "ipv4_only"
@ -110,8 +115,7 @@ flowchart TB
"type": "tun", "type": "tun",
"inet4_address": "172.19.0.1/30", "inet4_address": "172.19.0.1/30",
"auto_route": true, "auto_route": true,
// "auto_redirect": true, // On linux "strict_route": false
"strict_route": true
} }
], ],
"outbounds": [ "outbounds": [
@ -119,23 +123,25 @@ flowchart TB
{ {
"type": "direct", "type": "direct",
"tag": "direct" "tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
} }
], ],
"route": { "route": {
"rules": [ "rules": [
{
"action": "sniff"
},
{ {
"protocol": "dns", "protocol": "dns",
"action": "hijack-dns" "outbound": "dns-out"
}, },
{ {
"ip_is_private": true, "geoip": [
"private"
],
"outbound": "direct" "outbound": "direct"
} }
], ],
"default_domain_resolver": "local",
"auto_detect_interface": true "auto_detect_interface": true
} }
} }
@ -149,13 +155,18 @@ flowchart TB
"servers": [ "servers": [
{ {
"tag": "google", "tag": "google",
"type": "tls", "address": "tls://8.8.8.8"
"server": "8.8.8.8"
}, },
{ {
"tag": "local", "tag": "local",
"type": "udp", "address": "223.5.5.5",
"server": "223.5.5.5" "detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "local"
} }
] ]
}, },
@ -165,8 +176,7 @@ flowchart TB
"inet4_address": "172.19.0.1/30", "inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126", "inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true, "auto_route": true,
// "auto_redirect": true, // On linux "strict_route": false
"strict_route": true
} }
], ],
"outbounds": [ "outbounds": [
@ -174,23 +184,25 @@ flowchart TB
{ {
"type": "direct", "type": "direct",
"tag": "direct" "tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
} }
], ],
"route": { "route": {
"rules": [ "rules": [
{
"action": "sniff"
},
{ {
"protocol": "dns", "protocol": "dns",
"action": "hijack-dns" "outbound": "dns-out"
}, },
{ {
"ip_is_private": true, "geoip": [
"private"
],
"outbound": "direct" "outbound": "direct"
} }
], ],
"default_domain_resolver": "local",
"auto_detect_interface": true "auto_detect_interface": true
} }
} }
@ -204,22 +216,23 @@ flowchart TB
"servers": [ "servers": [
{ {
"tag": "google", "tag": "google",
"type": "tls", "address": "tls://8.8.8.8"
"server": "8.8.8.8"
}, },
{ {
"tag": "local", "tag": "local",
"type": "udp", "address": "223.5.5.5",
"server": "223.5.5.5" "detour": "direct"
}, },
{ {
"tag": "remote", "tag": "remote",
"type": "fakeip", "address": "fakeip"
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
} }
], ],
"rules": [ "rules": [
{
"outbound": "any",
"server": "local"
},
{ {
"query_type": [ "query_type": [
"A", "A",
@ -228,6 +241,11 @@ flowchart TB
"server": "remote" "server": "remote"
} }
], ],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"independent_cache": true "independent_cache": true
}, },
"inbounds": [ "inbounds": [
@ -236,7 +254,6 @@ flowchart TB
"inet4_address": "172.19.0.1/30", "inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126", "inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true, "auto_route": true,
// "auto_redirect": true, // On linux
"strict_route": true "strict_route": true
} }
], ],
@ -245,23 +262,25 @@ flowchart TB
{ {
"type": "direct", "type": "direct",
"tag": "direct" "tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
} }
], ],
"route": { "route": {
"rules": [ "rules": [
{
"action": "sniff"
},
{ {
"protocol": "dns", "protocol": "dns",
"action": "hijack-dns" "outbound": "dns-out"
}, },
{ {
"ip_is_private": true, "geoip": [
"private"
],
"outbound": "direct" "outbound": "direct"
} }
], ],
"default_domain_resolver": "local",
"auto_detect_interface": true "auto_detect_interface": true
} }
} }
@ -271,6 +290,54 @@ flowchart TB
=== ":material-dns: DNS rules" === ":material-dns: DNS rules"
```json
{
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://8.8.8.8"
},
{
"tag": "local",
"address": "223.5.5.5",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "local"
},
{
"clash_mode": "Direct",
"server": "local"
},
{
"clash_mode": "Global",
"server": "google"
},
{
"rule_set": "geosite-geolocation-cn",
"server": "local"
}
]
},
"route": {
"rule_set": [
{
"type": "remote",
"tag": "geosite-geolocation-cn",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs"
}
]
}
}
```
=== ":material-dns: DNS rules (Enhanced, but slower) (1.9.0+)"
=== ":material-shield-off: With DNS leaks" === ":material-shield-off: With DNS leaks"
```json ```json
@ -279,20 +346,35 @@ flowchart TB
"servers": [ "servers": [
{ {
"tag": "google", "tag": "google",
"type": "tls", "address": "tls://8.8.8.8"
"server": "8.8.8.8"
}, },
{ {
"tag": "local", "tag": "local",
"type": "https", "address": "https://223.5.5.5/dns-query",
"server": "223.5.5.5" "detour": "direct"
} }
], ],
"rules": [ "rules": [
{
"outbound": "any",
"server": "local"
},
{
"clash_mode": "Direct",
"server": "local"
},
{
"clash_mode": "Global",
"server": "google"
},
{ {
"rule_set": "geosite-geolocation-cn", "rule_set": "geosite-geolocation-cn",
"server": "local" "server": "local"
}, },
{
"clash_mode": "Default",
"server": "google"
},
{ {
"type": "logical", "type": "logical",
"mode": "and", "mode": "and",
@ -310,7 +392,6 @@ flowchart TB
] ]
}, },
"route": { "route": {
"default_domain_resolver": "local",
"rule_set": [ "rule_set": [
{ {
"type": "remote", "type": "remote",
@ -344,24 +425,35 @@ flowchart TB
} }
``` ```
=== ":material-security: Without DNS leaks, but slower" === ":material-security: Without DNS leaks, but slower (1.9.0-alpha.2+)"
```json ```json
{ {
"dns": { "dns": {
"servers": [ "servers": [
{ {
"tag": "google", "tag": "google",
"type": "tls", "address": "tls://8.8.8.8"
"server": "8.8.8.8"
}, },
{ {
"tag": "local", "tag": "local",
"type": "https", "address": "https://223.5.5.5/dns-query",
"server": "223.5.5.5" "detour": "direct"
} }
], ],
"rules": [ "rules": [
{
"outbound": "any",
"server": "local"
},
{
"clash_mode": "Direct",
"server": "local"
},
{
"clash_mode": "Global",
"server": "google"
},
{ {
"rule_set": "geosite-geolocation-cn", "rule_set": "geosite-geolocation-cn",
"server": "local" "server": "local"
@ -384,7 +476,6 @@ flowchart TB
] ]
}, },
"route": { "route": {
"default_domain_resolver": "local",
"rule_set": [ "rule_set": [
{ {
"type": "remote", "type": "remote",
@ -426,13 +517,14 @@ flowchart TB
{ {
"type": "direct", "type": "direct",
"tag": "direct" "tag": "direct"
},
{
"type": "block",
"tag": "block"
} }
], ],
"route": { "route": {
"rules": [ "rules": [
{
"action": "sniff"
},
{ {
"type": "logical", "type": "logical",
"mode": "or", "mode": "or",
@ -444,12 +536,20 @@ flowchart TB
"port": 53 "port": 53
} }
], ],
"action": "hijack-dns" "outbound": "dns"
}, },
{ {
"ip_is_private": true, "ip_is_private": true,
"outbound": "direct" "outbound": "direct"
}, },
{
"clash_mode": "Direct",
"outbound": "direct"
},
{
"clash_mode": "Global",
"outbound": "default"
},
{ {
"type": "logical", "type": "logical",
"mode": "or", "mode": "or",
@ -465,23 +565,12 @@ flowchart TB
"protocol": "stun" "protocol": "stun"
} }
], ],
"action": "reject" "outbound": "block"
}, },
{ {
"rule_set": "geosite-geolocation-cn", "rule_set": [
"outbound": "direct" "geoip-cn",
}, "geosite-geolocation-cn"
{
"type": "logical",
"mode": "and",
"rules": [
{
"rule_set": "geoip-cn"
},
{
"rule_set": "geosite-geolocation-!cn",
"invert": true
}
], ],
"outbound": "direct" "outbound": "direct"
} }
@ -502,4 +591,4 @@ flowchart TB
] ]
} }
} }
``` ```

47
go.mod
View File

@ -5,36 +5,37 @@ go 1.23.1
require ( require (
github.com/anytls/sing-anytls v0.0.8 github.com/anytls/sing-anytls v0.0.8
github.com/caddyserver/certmagic v0.23.0 github.com/caddyserver/certmagic v0.23.0
github.com/coder/websocket v1.8.13 github.com/cloudflare/circl v1.6.1
github.com/coder/websocket v1.8.12
github.com/cretz/bine v0.2.0 github.com/cretz/bine v0.2.0
github.com/go-chi/chi/v5 v5.2.2 github.com/go-chi/chi/v5 v5.2.1
github.com/go-chi/render v1.0.3 github.com/go-chi/render v1.0.3
github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466
github.com/gofrs/uuid/v5 v5.3.2 github.com/gofrs/uuid/v5 v5.3.2
github.com/insomniacslk/dhcp v0.0.0-20250417080101-5f8cf70e8c5f github.com/insomniacslk/dhcp v0.0.0-20250417080101-5f8cf70e8c5f
github.com/libdns/alidns v1.0.5-libdns.v1.beta1 github.com/libdns/alidns v1.0.4-libdns.v1.beta1
github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6 github.com/libdns/cloudflare v0.2.2-0.20250430151523-b46a2b0885f6
github.com/logrusorgru/aurora v2.0.3+incompatible github.com/logrusorgru/aurora v2.0.3+incompatible
github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422
github.com/metacubex/utls v1.8.0 github.com/metacubex/utls v1.7.0-alpha.3
github.com/mholt/acmez/v3 v3.1.2 github.com/mholt/acmez/v3 v3.1.2
github.com/miekg/dns v1.1.67 github.com/miekg/dns v1.1.66
github.com/oschwald/maxminddb-golang v1.13.1 github.com/oschwald/maxminddb-golang v1.13.1
github.com/sagernet/asc-go v0.0.0-20241217030726-d563060fe4e1 github.com/sagernet/asc-go v0.0.0-20241217030726-d563060fe4e1
github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a
github.com/sagernet/cors v1.2.1 github.com/sagernet/cors v1.2.1
github.com/sagernet/fswatch v0.1.1 github.com/sagernet/fswatch v0.1.1
github.com/sagernet/gomobile v0.1.7 github.com/sagernet/gomobile v0.1.6
github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb
github.com/sagernet/quic-go v0.52.0-beta.1 github.com/sagernet/quic-go v0.52.0-beta.1
github.com/sagernet/sing v0.7.0-beta.1.0.20250722151551-64142925accb github.com/sagernet/sing v0.6.11-0.20250521033217-30d675ea099b
github.com/sagernet/sing-mux v0.3.2 github.com/sagernet/sing-mux v0.3.2
github.com/sagernet/sing-quic v0.5.0-beta.3 github.com/sagernet/sing-quic v0.5.0-beta.2
github.com/sagernet/sing-shadowsocks v0.2.8 github.com/sagernet/sing-shadowsocks v0.2.8
github.com/sagernet/sing-shadowsocks2 v0.2.1 github.com/sagernet/sing-shadowsocks2 v0.2.1
github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11
github.com/sagernet/sing-tun v0.6.10-0.20250721014417-ebbe32588cfb github.com/sagernet/sing-tun v0.6.10-0.20250620051458-5e343c4b66b2
github.com/sagernet/sing-vmess v0.2.4 github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88
github.com/sagernet/smux v1.5.34-mod.2 github.com/sagernet/smux v1.5.34-mod.2
github.com/sagernet/tailscale v1.80.3-mod.5 github.com/sagernet/tailscale v1.80.3-mod.5
github.com/sagernet/wireguard-go v0.0.1-beta.7 github.com/sagernet/wireguard-go v0.0.1-beta.7
@ -44,13 +45,13 @@ require (
github.com/vishvananda/netns v0.0.5 github.com/vishvananda/netns v0.0.5
go.uber.org/zap v1.27.0 go.uber.org/zap v1.27.0
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
golang.org/x/crypto v0.40.0 golang.org/x/crypto v0.38.0
golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
golang.org/x/mod v0.26.0 golang.org/x/mod v0.24.0
golang.org/x/net v0.42.0 golang.org/x/net v0.40.0
golang.org/x/sys v0.34.0 golang.org/x/sys v0.33.0
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10
google.golang.org/grpc v1.73.0 google.golang.org/grpc v1.72.0
google.golang.org/protobuf v1.36.6 google.golang.org/protobuf v1.36.6
howett.net/plist v1.0.1 howett.net/plist v1.0.1
) )
@ -80,7 +81,7 @@ require (
github.com/gobwas/pool v0.2.1 // indirect github.com/gobwas/pool v0.2.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/btree v1.1.3 // indirect github.com/google/btree v1.1.3 // indirect
github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect
github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect
github.com/google/uuid v1.6.0 // indirect github.com/google/uuid v1.6.0 // indirect
@ -94,7 +95,7 @@ require (
github.com/klauspost/compress v1.17.11 // indirect github.com/klauspost/compress v1.17.11 // indirect
github.com/klauspost/cpuid/v2 v2.2.10 // indirect github.com/klauspost/cpuid/v2 v2.2.10 // indirect
github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect
github.com/libdns/libdns v1.1.0 // indirect github.com/libdns/libdns v1.0.0-beta.1 // indirect
github.com/mdlayher/genetlink v1.3.2 // indirect github.com/mdlayher/genetlink v1.3.2 // indirect
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect
github.com/mdlayher/sdnotify v1.0.0 // indirect github.com/mdlayher/sdnotify v1.0.0 // indirect
@ -122,14 +123,14 @@ require (
go.uber.org/multierr v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap/exp v0.3.0 // indirect go.uber.org/zap/exp v0.3.0 // indirect
go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect
golang.org/x/sync v0.16.0 // indirect golang.org/x/sync v0.14.0 // indirect
golang.org/x/term v0.33.0 // indirect golang.org/x/term v0.32.0 // indirect
golang.org/x/text v0.27.0 // indirect golang.org/x/text v0.25.0 // indirect
golang.org/x/time v0.9.0 // indirect golang.org/x/time v0.9.0 // indirect
golang.org/x/tools v0.34.0 // indirect golang.org/x/tools v0.33.0 // indirect
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
golang.zx2c4.com/wireguard/windows v0.5.3 // indirect golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/blake3 v1.3.0 // indirect lukechampine.com/blake3 v1.3.0 // indirect
) )

113
go.sum
View File

@ -20,8 +20,10 @@ github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK3
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk= github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk=
github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso= github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso=
github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE= github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs= github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 h1:8h5+bWd7R6AYUslN6c6iuZWTKsKxUFDlpnmilO6R2n0= github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 h1:8h5+bWd7R6AYUslN6c6iuZWTKsKxUFDlpnmilO6R2n0=
github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
@ -45,8 +47,8 @@ github.com/gaissmai/bart v0.11.1 h1:5Uv5XwsaFBRo4E5VBcb9TzY8B7zxFf+U7isDxqOrRfc=
github.com/gaissmai/bart v0.11.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg= github.com/gaissmai/bart v0.11.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg=
github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I= github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I=
github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo= github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo=
github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618= github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops= github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4= github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0= github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
github.com/go-json-experiment/json v0.0.0-20250103232110-6a9a0fde9288 h1:KbX3Z3CgiYlbaavUq3Cj9/MjpO+88S7/AGXzynVDv84= github.com/go-json-experiment/json v0.0.0-20250103232110-6a9a0fde9288 h1:KbX3Z3CgiYlbaavUq3Cj9/MjpO+88S7/AGXzynVDv84=
@ -72,8 +74,8 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@ -105,13 +107,12 @@ github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2
github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ= github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ=
github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk= github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk=
github.com/libdns/alidns v1.0.5-libdns.v1.beta1 h1:txHK7UxDed3WFBDjrTZPuMn8X+WmhjBTTAMW5xdy5pQ= github.com/libdns/alidns v1.0.4-libdns.v1.beta1 h1:ods22gD4PcT0g4qRX77ucykjz7Rppnkz3vQoxDbbKTM=
github.com/libdns/alidns v1.0.5-libdns.v1.beta1/go.mod h1:ystHmPwcGoWjPrGpensQSMY9VoCx4cpR2hXNlwk9H/g= github.com/libdns/alidns v1.0.4-libdns.v1.beta1/go.mod h1:ystHmPwcGoWjPrGpensQSMY9VoCx4cpR2hXNlwk9H/g=
github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6 h1:3MGrVWs2COjMkQR17oUw1zMIPbm2YAzxDC3oGVZvQs8= github.com/libdns/cloudflare v0.2.2-0.20250430151523-b46a2b0885f6 h1:0dlpPjNr8TaYZbkpwCiee4udBNrYrWG8EZPYEbjHEn8=
github.com/libdns/cloudflare v0.2.2-0.20250708034226-c574dccb31a6/go.mod h1:w9uTmRCDlAoafAsTPnn2nJ0XHK/eaUMh86DUk8BWi60= github.com/libdns/cloudflare v0.2.2-0.20250430151523-b46a2b0885f6/go.mod h1:Aq4IXdjalB6mD0ELvKqJiIGim8zSC6mlIshRPMOAb5w=
github.com/libdns/libdns v1.0.0-beta.1 h1:KIf4wLfsrEpXpZ3vmc/poM8zCATXT2klbdPe6hyOBjQ=
github.com/libdns/libdns v1.0.0-beta.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ= github.com/libdns/libdns v1.0.0-beta.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
github.com/libdns/libdns v1.1.0 h1:9ze/tWvt7Df6sbhOJRB8jT33GHEHpEQXdtkE3hPthbU=
github.com/libdns/libdns v1.1.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8= github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw= github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
@ -124,12 +125,12 @@ github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos
github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ= github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 h1:zGeQt3UyNydIVrMRB97AA5WsYEau/TyCnRtTf1yUmJY= github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 h1:zGeQt3UyNydIVrMRB97AA5WsYEau/TyCnRtTf1yUmJY=
github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw= github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw=
github.com/metacubex/utls v1.8.0 h1:mSYi6FMnmc5riARl5UZDmWVy710z+P5b7xuGW0lV9ac= github.com/metacubex/utls v1.7.0-alpha.3 h1:cp1cEMUnoifiWrGHRzo+nCwPRveN9yPD8QaRFmfcYxA=
github.com/metacubex/utls v1.8.0/go.mod h1:FdjYzVfCtgtna19hX0ER1Xsa5uJInwdQ4IcaaI98lEQ= github.com/metacubex/utls v1.7.0-alpha.3/go.mod h1:oknYT0qTOwE4hjPmZOEpzVdefnW7bAdGLvZcqmk4TLU=
github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc= github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ= github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
github.com/miekg/dns v1.1.67 h1:kg0EHj0G4bfT5/oOys6HhZw4vmMlnoZ+gDu8tJ/AlI0= github.com/miekg/dns v1.1.66 h1:FeZXOS3VCVsKnEAd+wBkjMC3D2K+ww66Cq3VnCINuJE=
github.com/miekg/dns v1.1.67/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps= github.com/miekg/dns v1.1.66/go.mod h1:jGFzBsSNbJw6z1HYut1RKBKHA9PBdxeHrZG8J+gC2WE=
github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ= github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ=
@ -156,8 +157,8 @@ github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ=
github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI= github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI=
github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs= github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs=
github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o= github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
github.com/sagernet/gomobile v0.1.7 h1:I9jCJZTH0weP5MsuydvYHX5QfN/r6Fe8ptAIj1+SJVg= github.com/sagernet/gomobile v0.1.6 h1:JkR1ToKOrdoiwULte4pYS5HYdPBzl2N+JNuuwVuLs0k=
github.com/sagernet/gomobile v0.1.7/go.mod h1:Pqq2+ZVvs10U7xK+UwJgwYWUykewi8H6vlslAO73n9E= github.com/sagernet/gomobile v0.1.6/go.mod h1:Pqq2+ZVvs10U7xK+UwJgwYWUykewi8H6vlslAO73n9E=
github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb h1:pprQtDqNgqXkRsXn+0E8ikKOemzmum8bODjSfDene38= github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb h1:pprQtDqNgqXkRsXn+0E8ikKOemzmum8bODjSfDene38=
github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb/go.mod h1:QkkPEJLw59/tfxgapHta14UL5qMUah5NXhO0Kw2Kan4= github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb/go.mod h1:QkkPEJLw59/tfxgapHta14UL5qMUah5NXhO0Kw2Kan4=
github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis= github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
@ -167,22 +168,22 @@ github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/l
github.com/sagernet/quic-go v0.52.0-beta.1 h1:hWkojLg64zjV+MJOvJU/kOeWndm3tiEfBLx5foisszs= github.com/sagernet/quic-go v0.52.0-beta.1 h1:hWkojLg64zjV+MJOvJU/kOeWndm3tiEfBLx5foisszs=
github.com/sagernet/quic-go v0.52.0-beta.1/go.mod h1:OV+V5kEBb8kJS7k29MzDu6oj9GyMc7HA07sE1tedxz4= github.com/sagernet/quic-go v0.52.0-beta.1/go.mod h1:OV+V5kEBb8kJS7k29MzDu6oj9GyMc7HA07sE1tedxz4=
github.com/sagernet/sing v0.6.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak= github.com/sagernet/sing v0.6.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
github.com/sagernet/sing v0.7.0-beta.1.0.20250722151551-64142925accb h1:9DU5JA9Cow/bUfdP1v1pYMbAkFiW17UbI4b/iEPjVnc= github.com/sagernet/sing v0.6.11-0.20250521033217-30d675ea099b h1:ZjTCYPb5f7aHdf1UpUvE22dVmf7BL8eQ/zLZhjgh7Wo=
github.com/sagernet/sing v0.7.0-beta.1.0.20250722151551-64142925accb/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak= github.com/sagernet/sing v0.6.11-0.20250521033217-30d675ea099b/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
github.com/sagernet/sing-mux v0.3.2 h1:meZVFiiStvHThb/trcpAkCrmtJOuItG5Dzl1RRP5/NE= github.com/sagernet/sing-mux v0.3.2 h1:meZVFiiStvHThb/trcpAkCrmtJOuItG5Dzl1RRP5/NE=
github.com/sagernet/sing-mux v0.3.2/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA= github.com/sagernet/sing-mux v0.3.2/go.mod h1:pht8iFY4c9Xltj7rhVd208npkNaeCxzyXCgulDPLUDA=
github.com/sagernet/sing-quic v0.5.0-beta.3 h1:X/acRNsqQNfDlmwE7SorHfaZiny5e67hqIzM/592ric= github.com/sagernet/sing-quic v0.5.0-beta.2 h1:j7KAbBuGmsKwSxVAQL5soJ+wDqxim4/llK2kxB0hSKk=
github.com/sagernet/sing-quic v0.5.0-beta.3/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0= github.com/sagernet/sing-quic v0.5.0-beta.2/go.mod h1:SAv/qdeDN+75msGG5U5ZIwG+3Ua50jVIKNrRSY8pkx0=
github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE= github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE=
github.com/sagernet/sing-shadowsocks v0.2.8/go.mod h1:lo7TWEMDcN5/h5B8S0ew+r78ZODn6SwVaFhvB6H+PTI= github.com/sagernet/sing-shadowsocks v0.2.8/go.mod h1:lo7TWEMDcN5/h5B8S0ew+r78ZODn6SwVaFhvB6H+PTI=
github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnqqs2gQ2/Qioo= github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnqqs2gQ2/Qioo=
github.com/sagernet/sing-shadowsocks2 v0.2.1/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ= github.com/sagernet/sing-shadowsocks2 v0.2.1/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w= github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w=
github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA= github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA=
github.com/sagernet/sing-tun v0.6.10-0.20250721014417-ebbe32588cfb h1:cvHEzjk3sVy80UA9PFKX15MzSP0g1uKwUspOm2ds3no= github.com/sagernet/sing-tun v0.6.10-0.20250620051458-5e343c4b66b2 h1:ykbqGFHDNVvp0jhgLime/XBAtQpcOcFpT8Rs5Hcc5n4=
github.com/sagernet/sing-tun v0.6.10-0.20250721014417-ebbe32588cfb/go.mod h1:AHJuRrLbNRJuivuFZ2VhXwDj4ViYp14szG5EkkKAqRQ= github.com/sagernet/sing-tun v0.6.10-0.20250620051458-5e343c4b66b2/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
github.com/sagernet/sing-vmess v0.2.4 h1:wSg/SdxThELAvoRIN2yCZgu5xsmP1FWPBrP2ab2wq3A= github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88 h1:0pVm8sPOel+BoiCddW3pV3cKDKEaSioVTYDdTSKjyFI=
github.com/sagernet/sing-vmess v0.2.4/go.mod h1:5aYoOtYksAyS0NXDm0qKeTYW1yoE1bJVcv+XLcVoyJs= github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88/go.mod h1:IL8Rr+EGwuqijszZkNrEFTQDKhilEpkqFqOlvdpS6/w=
github.com/sagernet/smux v1.5.34-mod.2 h1:gkmBjIjlJ2zQKpLigOkFur5kBKdV6bNRoFu2WkltRQ4= github.com/sagernet/smux v1.5.34-mod.2 h1:gkmBjIjlJ2zQKpLigOkFur5kBKdV6bNRoFu2WkltRQ4=
github.com/sagernet/smux v1.5.34-mod.2/go.mod h1:0KW0+R+ycvA2INW4gbsd7BNyg+HEfLIAxa5N02/28Zc= github.com/sagernet/smux v1.5.34-mod.2/go.mod h1:0KW0+R+ycvA2INW4gbsd7BNyg+HEfLIAxa5N02/28Zc=
github.com/sagernet/tailscale v1.80.3-mod.5 h1:7V7z+p2C//TGtff20pPnDCt3qP6uFyY62peJoKF9z/A= github.com/sagernet/tailscale v1.80.3-mod.5 h1:7V7z+p2C//TGtff20pPnDCt3qP6uFyY62peJoKF9z/A=
@ -239,16 +240,16 @@ github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@ -262,21 +263,21 @@ go4.org/mem v0.0.0-20240501181205-ae6ca9944745/go.mod h1:reUoABIJ9ikfM5sgtSF3Wus
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M= go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y= go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI= golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ= golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
golang.org/x/image v0.23.0 h1:HseQ7c2OpPKTPVzNjG5fwJsOTCiiwS4QdsYi5XU6H68= golang.org/x/image v0.23.0 h1:HseQ7c2OpPKTPVzNjG5fwJsOTCiiwS4QdsYi5XU6H68=
golang.org/x/image v0.23.0/go.mod h1:wJJBTdLfCCf3tiHa1fNxpZmUI4mmoZvwMCPP0ddoNKY= golang.org/x/image v0.23.0/go.mod h1:wJJBTdLfCCf3tiHa1fNxpZmUI4mmoZvwMCPP0ddoNKY=
golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg= golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -285,20 +286,20 @@ golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -308,10 +309,10 @@ golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 h1:3GDAcqdI
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10/go.mod h1:T97yPqesLiNrOYxkwmhMI0ZIlJDm+p0PMR8eRVeR5tQ= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10/go.mod h1:T97yPqesLiNrOYxkwmhMI0ZIlJDm+p0PMR8eRVeR5tQ=
golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE= golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI= golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g= google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a h1:51aaUVRocpvUOSQKM6Q7VuoaktNIaMCLuhZB6DKksq4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a/go.mod h1:uRxBH1mhmO8PGhU89cMcHaXKZqO+OfakD8QQO0oYwlQ=
google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=
google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

19
option/dns.go
View File

@ -180,7 +180,7 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
options := o.Options.(*LegacyDNSServerOptions) options := o.Options.(*LegacyDNSServerOptions)
serverURL, _ := url.Parse(options.Address) serverURL, _ := url.Parse(options.Address)
var serverType string var serverType string
if serverURL != nil && serverURL.Scheme != "" { if serverURL.Scheme != "" {
serverType = serverURL.Scheme serverType = serverURL.Scheme
} else { } else {
switch options.Address { switch options.Address {
@ -217,7 +217,7 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
o.Type = C.DNSTypeUDP o.Type = C.DNSTypeUDP
o.Options = &remoteOptions o.Options = &remoteOptions
var serverAddr M.Socksaddr var serverAddr M.Socksaddr
if serverURL == nil || serverURL.Scheme == "" { if serverURL.Scheme == "" {
serverAddr = M.ParseSocksaddr(options.Address) serverAddr = M.ParseSocksaddr(options.Address)
} else { } else {
serverAddr = M.ParseSocksaddr(serverURL.Host) serverAddr = M.ParseSocksaddr(serverURL.Host)
@ -232,9 +232,6 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
case C.DNSTypeTCP: case C.DNSTypeTCP:
o.Type = C.DNSTypeTCP o.Type = C.DNSTypeTCP
o.Options = &remoteOptions o.Options = &remoteOptions
if serverURL == nil {
return E.New("invalid server address")
}
serverAddr := M.ParseSocksaddr(serverURL.Host) serverAddr := M.ParseSocksaddr(serverURL.Host)
if !serverAddr.IsValid() { if !serverAddr.IsValid() {
return E.New("invalid server address") return E.New("invalid server address")
@ -245,9 +242,6 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
} }
case C.DNSTypeTLS, C.DNSTypeQUIC: case C.DNSTypeTLS, C.DNSTypeQUIC:
o.Type = serverType o.Type = serverType
if serverURL == nil {
return E.New("invalid server address")
}
serverAddr := M.ParseSocksaddr(serverURL.Host) serverAddr := M.ParseSocksaddr(serverURL.Host)
if !serverAddr.IsValid() { if !serverAddr.IsValid() {
return E.New("invalid server address") return E.New("invalid server address")
@ -267,9 +261,6 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
}, },
} }
o.Options = &httpsOptions o.Options = &httpsOptions
if serverURL == nil {
return E.New("invalid server address")
}
serverAddr := M.ParseSocksaddr(serverURL.Host) serverAddr := M.ParseSocksaddr(serverURL.Host)
if !serverAddr.IsValid() { if !serverAddr.IsValid() {
return E.New("invalid server address") return E.New("invalid server address")
@ -283,9 +274,6 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
} }
case "rcode": case "rcode":
var rcode int var rcode int
if serverURL == nil {
return E.New("invalid server address")
}
switch serverURL.Host { switch serverURL.Host {
case "success": case "success":
rcode = dns.RcodeSuccess rcode = dns.RcodeSuccess
@ -307,9 +295,6 @@ func (o *DNSServerOptions) Upgrade(ctx context.Context) error {
case C.DNSTypeDHCP: case C.DNSTypeDHCP:
o.Type = C.DNSTypeDHCP o.Type = C.DNSTypeDHCP
dhcpOptions := DHCPDNSServerOptions{} dhcpOptions := DHCPDNSServerOptions{}
if serverURL == nil {
return E.New("invalid server address")
}
if serverURL.Host != "" && serverURL.Host != "auto" { if serverURL.Host != "" && serverURL.Host != "auto" {
dhcpOptions.Interface = serverURL.Host dhcpOptions.Interface = serverURL.Host
} }

14
protocol/tun/inbound.go
View File

@ -130,16 +130,9 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
deprecated.Report(ctx, deprecated.OptionTUNGSO) deprecated.Report(ctx, deprecated.OptionTUNGSO)
} }
platformInterface := service.FromContext[platform.Interface](ctx)
tunMTU := options.MTU tunMTU := options.MTU
enableGSO := C.IsLinux && options.Stack == "gvisor" && platformInterface == nil && tunMTU > 0 && tunMTU < 49152
if tunMTU == 0 { if tunMTU == 0 {
if platformInterface != nil && platformInterface.UnderNetworkExtension() { tunMTU = 9000
// In Network Extension, when MTU exceeds 4064 (4096-UTUN_IF_HEADROOM_SIZE), the performance of tun will drop significantly, which may be a system bug.
tunMTU = 4064
} else {
tunMTU = 65535
}
} }
var udpTimeout time.Duration var udpTimeout time.Duration
if options.UDPTimeout != 0 { if options.UDPTimeout != 0 {
@ -180,7 +173,6 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
outputMark = tun.DefaultAutoRedirectOutputMark outputMark = tun.DefaultAutoRedirectOutputMark
} }
networkManager := service.FromContext[adapter.NetworkManager](ctx) networkManager := service.FromContext[adapter.NetworkManager](ctx)
multiPendingPackets := C.IsDarwin && ((options.Stack == "gvisor" && tunMTU < 32768) || (options.Stack != "gvisor" && options.MTU <= 9000))
inbound := &Inbound{ inbound := &Inbound{
tag: tag, tag: tag,
ctx: ctx, ctx: ctx,
@ -191,7 +183,6 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
tunOptions: tun.Options{ tunOptions: tun.Options{
Name: options.InterfaceName, Name: options.InterfaceName,
MTU: tunMTU, MTU: tunMTU,
GSO: enableGSO,
Inet4Address: inet4Address, Inet4Address: inet4Address,
Inet6Address: inet6Address, Inet6Address: inet6Address,
AutoRoute: options.AutoRoute, AutoRoute: options.AutoRoute,
@ -214,11 +205,10 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
IncludePackage: options.IncludePackage, IncludePackage: options.IncludePackage,
ExcludePackage: options.ExcludePackage, ExcludePackage: options.ExcludePackage,
InterfaceMonitor: networkManager.InterfaceMonitor(), InterfaceMonitor: networkManager.InterfaceMonitor(),
EXP_MultiPendingPackets: multiPendingPackets,
}, },
udpTimeout: udpTimeout, udpTimeout: udpTimeout,
stack: options.Stack, stack: options.Stack,
platformInterface: platformInterface, platformInterface: service.FromContext[platform.Interface](ctx),
platformOptions: common.PtrValueOrDefault(options.Platform), platformOptions: common.PtrValueOrDefault(options.Platform),
} }
for _, routeAddressSet := range options.RouteAddressSet { for _, routeAddressSet := range options.RouteAddressSet {

4
protocol/vless/inbound.go
View File

@ -205,10 +205,6 @@ func (h *inboundTransportHandler) NewConnectionEx(ctx context.Context, conn net.
var metadata adapter.InboundContext var metadata adapter.InboundContext
metadata.Source = source metadata.Source = source
metadata.Destination = destination metadata.Destination = destination
//nolint:staticcheck
metadata.InboundDetour = h.listener.ListenOptions().Detour
//nolint:staticcheck
metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source) h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
(*Inbound)(h).NewConnectionEx(ctx, conn, metadata, onClose) (*Inbound)(h).NewConnectionEx(ctx, conn, metadata, onClose)
} }

4
protocol/vmess/inbound.go
View File

@ -219,10 +219,6 @@ func (h *inboundTransportHandler) NewConnectionEx(ctx context.Context, conn net.
var metadata adapter.InboundContext var metadata adapter.InboundContext
metadata.Source = source metadata.Source = source
metadata.Destination = destination metadata.Destination = destination
//nolint:staticcheck
metadata.InboundDetour = h.listener.ListenOptions().Detour
//nolint:staticcheck
metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source) h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
(*Inbound)(h).NewConnectionEx(ctx, conn, metadata, onClose) (*Inbound)(h).NewConnectionEx(ctx, conn, metadata, onClose)
} }

2
route/conn.go
View File

@ -277,7 +277,7 @@ func (m *ConnectionManager) connectionCopy(ctx context.Context, source net.Conn,
return return
} }
} }
_, err := bufio.CopyWithCounters(destinationWriter, sourceReader, source, readCounters, writeCounters, bufio.DefaultIncreaseBufferAfter, bufio.DefaultBatchSize) _, err := bufio.CopyWithCounters(destinationWriter, sourceReader, source, readCounters, writeCounters)
if err != nil { if err != nil {
common.Close(source, destination) common.Close(source, destination)
} else if duplexDst, isDuplex := destination.(N.WriteCloser); isDuplex { } else if duplexDst, isDuplex := destination.(N.WriteCloser); isDuplex {

12
route/route.go
View File

@ -501,9 +501,6 @@ func (r *Router) actionSniff(
if inputConn != nil { if inputConn != nil {
if len(action.StreamSniffers) == 0 && len(action.PacketSniffers) > 0 { if len(action.StreamSniffers) == 0 && len(action.PacketSniffers) > 0 {
return return
} else if metadata.SniffError != nil && !errors.Is(metadata.SniffError, sniff.ErrNeedMoreData) {
r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.SniffError)
return
} }
var streamSniffers []sniff.StreamSniffer var streamSniffers []sniff.StreamSniffer
if len(action.StreamSniffers) > 0 { if len(action.StreamSniffers) > 0 {
@ -528,7 +525,6 @@ func (r *Router) actionSniff(
action.Timeout, action.Timeout,
streamSniffers..., streamSniffers...,
) )
metadata.SniffError = err
if err == nil { if err == nil {
//goland:noinspection GoDeprecation //goland:noinspection GoDeprecation
if action.OverrideDestination && M.IsDomainName(metadata.Domain) { if action.OverrideDestination && M.IsDomainName(metadata.Domain) {
@ -553,8 +549,8 @@ func (r *Router) actionSniff(
} else if inputPacketConn != nil { } else if inputPacketConn != nil {
if len(action.PacketSniffers) == 0 && len(action.StreamSniffers) > 0 { if len(action.PacketSniffers) == 0 && len(action.StreamSniffers) > 0 {
return return
} else if metadata.SniffError != nil && !errors.Is(metadata.SniffError, sniff.ErrNeedMoreData) { } else if metadata.PacketSniffError != nil && !errors.Is(metadata.PacketSniffError, sniff.ErrNeedMoreData) {
r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.SniffError) r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.PacketSniffError)
return return
} }
var packetSniffers []sniff.PacketSniffer var packetSniffers []sniff.PacketSniffer
@ -602,7 +598,7 @@ func (r *Router) actionSniff(
return return
} }
} else { } else {
if len(packetBuffers) > 0 || metadata.SniffError != nil { if len(packetBuffers) > 0 || metadata.PacketSniffError != nil {
err = sniff.PeekPacket( err = sniff.PeekPacket(
ctx, ctx,
metadata, metadata,
@ -622,7 +618,7 @@ func (r *Router) actionSniff(
Destination: destination, Destination: destination,
} }
packetBuffers = append(packetBuffers, packetBuffer) packetBuffers = append(packetBuffers, packetBuffer)
metadata.SniffError = err metadata.PacketSniffError = err
if errors.Is(err, sniff.ErrNeedMoreData) { if errors.Is(err, sniff.ErrNeedMoreData) {
// TODO: replace with generic message when there are more multi-packet protocols // TODO: replace with generic message when there are more multi-packet protocols
r.logger.DebugContext(ctx, "attempt to sniff fragmented QUIC client hello") r.logger.DebugContext(ctx, "attempt to sniff fragmented QUIC client hello")

24
service/ssmapi/traffic.go
View File

@ -50,24 +50,12 @@ func (s *TrafficManager) UpdateUsers(users []string) {
newUserTCPSessions := make(map[string]*atomic.Int64) newUserTCPSessions := make(map[string]*atomic.Int64)
newUserUDPSessions := make(map[string]*atomic.Int64) newUserUDPSessions := make(map[string]*atomic.Int64)
for _, user := range users { for _, user := range users {
if counter, loaded := s.userUplink[user]; loaded { newUserUplink[user] = s.userUplinkPackets[user]
newUserUplink[user] = counter newUserDownlink[user] = s.userDownlinkPackets[user]
} newUserUplinkPackets[user] = s.userUplinkPackets[user]
if counter, loaded := s.userDownlink[user]; loaded { newUserDownlinkPackets[user] = s.userDownlinkPackets[user]
newUserDownlink[user] = counter newUserTCPSessions[user] = s.userTCPSessions[user]
} newUserUDPSessions[user] = s.userUDPSessions[user]
if counter, loaded := s.userUplinkPackets[user]; loaded {
newUserUplinkPackets[user] = counter
}
if counter, loaded := s.userDownlinkPackets[user]; loaded {
newUserDownlinkPackets[user] = counter
}
if counter, loaded := s.userTCPSessions[user]; loaded {
newUserTCPSessions[user] = counter
}
if counter, loaded := s.userUDPSessions[user]; loaded {
newUserUDPSessions[user] = counter
}
} }
s.userUplink = newUserUplink s.userUplink = newUserUplink
s.userDownlink = newUserDownlink s.userDownlink = newUserDownlink

6
transport/v2rayhttp/conn.go
View File

@ -31,9 +31,6 @@ type HTTPConn struct {
} }
func NewHTTP1Conn(conn net.Conn, request *http.Request) *HTTPConn { func NewHTTP1Conn(conn net.Conn, request *http.Request) *HTTPConn {
if request.Header.Get("Host") == "" {
request.Header.Set("Host", request.Host)
}
return &HTTPConn{ return &HTTPConn{
Conn: conn, Conn: conn,
request: request, request: request,
@ -92,6 +89,9 @@ func (c *HTTPConn) writeRequest(payload []byte) error {
if err != nil { if err != nil {
return err return err
} }
if c.request.Header.Get("Host") == "" {
c.request.Header.Set("Host", c.request.Host)
}
for key, value := range c.request.Header { for key, value := range c.request.Header {
_, err = writer.Write([]byte(F.ToString(key, ": ", strings.Join(value, ", "), CRLF))) _, err = writer.Write([]byte(F.ToString(key, ": ", strings.Join(value, ", "), CRLF)))
if err != nil { if err != nil {