diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml index 20dd4ca68f..def969a360 100644 --- a/.github/workflows/debug.yml +++ b/.github/workflows/debug.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Get latest go version @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Setup Go @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Setup Go @@ -201,7 +201,7 @@ jobs: TAGS: with_clash_api,with_quic steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: Get latest go version diff --git a/.goreleaser.yaml b/.goreleaser.yaml index d425db9136..2fe2e27704 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -24,6 +24,7 @@ builds: env: - CGO_ENABLED=0 targets: + - linux_386 - linux_amd64_v1 - linux_amd64_v3 - linux_arm64 @@ -157,6 +158,7 @@ nfpms: formats: - deb - rpm + - archlinux priority: extra contents: - src: release/config/config.json diff --git a/Makefile b/Makefile index f8efc9cc2d..f1889ffc50 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ MAIN_PARAMS = $(PARAMS) -tags $(TAGS) MAIN = ./cmd/sing-box PREFIX ?= $(shell go env GOPATH) -.PHONY: test release +.PHONY: test release docs build: go build $(MAIN_PARAMS) $(MAIN) @@ -61,7 +61,7 @@ proto_install: release: go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1 mkdir dist/release - mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release + mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/*.pkg.tar.zst dist/release ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release rm -r dist/release @@ -182,6 +182,14 @@ lib_install: go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230915142329-c6740b6d2950 go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230915142329-c6740b6d2950 +docs: + mkdocs serve + +publish_docs: + mkdocs gh-deploy -m "Update" --force --ignore-version --no-history + +docs_install: + pip install --force-reinstall mkdocs-material=="9.*" mkdocs-static-i18n=="1.2.*" clean: rm -rf bin dist sing-box rm -f $(shell go env GOPATH)/sing-box diff --git a/adapter/router.go b/adapter/router.go index ab2d916c65..e4c3904d51 100644 --- a/adapter/router.go +++ b/adapter/router.go @@ -41,6 +41,7 @@ type Router interface { NetworkMonitor() tun.NetworkUpdateMonitor InterfaceMonitor() tun.DefaultInterfaceMonitor PackageManager() tun.PackageManager + WIFIState() WIFIState Rules() []Rule ClashServer() ClashServer @@ -78,3 +79,8 @@ type DNSRule interface { type InterfaceUpdateListener interface { InterfaceUpdated() } + +type WIFIState struct { + SSID string + BSSID string +} diff --git a/box.go b/box.go index d8694d1fd0..f0593a3aeb 100644 --- a/box.go +++ b/box.go @@ -41,6 +41,7 @@ type Options struct { option.Options Context context.Context PlatformInterface platform.Interface + PlatformLogWriter log.PlatformWriter } func New(options Options) (*Box, error) { @@ -55,7 +56,7 @@ func New(options Options) (*Box, error) { applyDebugOptions(common.PtrValueOrDefault(experimentalOptions.Debug)) var needClashAPI bool var needV2RayAPI bool - if experimentalOptions.ClashAPI != nil || options.PlatformInterface != nil { + if experimentalOptions.ClashAPI != nil || options.PlatformLogWriter != nil { needClashAPI = true } if experimentalOptions.V2RayAPI != nil && experimentalOptions.V2RayAPI.Listen != "" { @@ -71,7 +72,7 @@ func New(options Options) (*Box, error) { Observable: needClashAPI, DefaultWriter: defaultLogWriter, BaseTime: createdAt, - PlatformWriter: options.PlatformInterface, + PlatformWriter: options.PlatformLogWriter, }) if err != nil { return nil, E.Cause(err, "create log factory") diff --git a/cmd/internal/build/main.go b/cmd/internal/build/main.go index c7a64bb80d..cae67ba41c 100644 --- a/cmd/internal/build/main.go +++ b/cmd/internal/build/main.go @@ -12,7 +12,7 @@ import ( func main() { build_shared.FindSDK() - if os.Getenv("build.Default.GOPATH") == "" { + if os.Getenv("GOPATH") == "" { os.Setenv("GOPATH", build.Default.GOPATH) } diff --git a/common/sniff/quic.go b/common/sniff/quic.go index c18e09a0e1..55dc1c0023 100644 --- a/common/sniff/quic.go +++ b/common/sniff/quic.go @@ -182,11 +182,52 @@ func QUICClientHello(ctx context.Context, packet []byte) (*adapter.InboundContex break } switch frameType { - case 0x0: + case 0x00: // PADDING continue - case 0x1: + case 0x01: // PING continue - case 0x6: + case 0x02, 0x03: // ACK + _, err = qtls.ReadUvarint(decryptedReader) // Largest Acknowledged + if err != nil { + return nil, err + } + _, err = qtls.ReadUvarint(decryptedReader) // ACK Delay + if err != nil { + return nil, err + } + ackRangeCount, err := qtls.ReadUvarint(decryptedReader) // ACK Range Count + if err != nil { + return nil, err + } + _, err = qtls.ReadUvarint(decryptedReader) // First ACK Range + if err != nil { + return nil, err + } + for i := 0; i < int(ackRangeCount); i++ { + _, err = qtls.ReadUvarint(decryptedReader) // Gap + if err != nil { + return nil, err + } + _, err = qtls.ReadUvarint(decryptedReader) // ACK Range Length + if err != nil { + return nil, err + } + } + if frameType == 0x03 { + _, err = qtls.ReadUvarint(decryptedReader) // ECT0 Count + if err != nil { + return nil, err + } + _, err = qtls.ReadUvarint(decryptedReader) // ECT1 Count + if err != nil { + return nil, err + } + _, err = qtls.ReadUvarint(decryptedReader) // ECN-CE Count + if err != nil { + return nil, err + } + } + case 0x06: // CRYPTO var offset uint64 offset, err = qtls.ReadUvarint(decryptedReader) if err != nil { @@ -208,8 +249,26 @@ func QUICClientHello(ctx context.Context, packet []byte) (*adapter.InboundContex if err != nil { return nil, err } + case 0x1c: // CONNECTION_CLOSE + _, err = qtls.ReadUvarint(decryptedReader) // Error Code + if err != nil { + return nil, err + } + _, err = qtls.ReadUvarint(decryptedReader) // Frame Type + if err != nil { + return nil, err + } + var length uint64 + length, err = qtls.ReadUvarint(decryptedReader) // Reason Phrase Length + if err != nil { + return nil, err + } + _, err = decryptedReader.Seek(int64(length), io.SeekCurrent) // Reason Phrase + if err != nil { + return nil, err + } default: - // ignore unknown frame type + return nil, os.ErrInvalid } } tlsHdr := make([]byte, 5) diff --git a/docs/changelog.md b/docs/changelog.md index 188c47d325..9837ffc74a 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,65 @@ +--- +icon: material/alert-decagram +--- + +# ChangeLog + +#### 1.7.0-rc.2 + +* Fix missing UDP user context on TUIC/Hysteria2 inbounds +* macOS: Add button for uninstall SystemExtension in the standalone graphical client + +#### 1.6.6 + +* Fixes and improvements + +#### 1.7.0-rc.1 + +* Fixes and improvements + +#### 1.7.0-beta.5 + +* Update gVisor to 20231113.0 +* Fixes and improvements + +#### 1.7.0-beta.4 + +* Add `wifi_ssid` and `wifi_bssid` route and DNS rules **1** +* Fixes and improvements + +**1**: + +Only supported in graphical clients on Android and iOS. + +#### 1.7.0-beta.3 + +* Fix zero TTL was incorrectly reset +* Fixes and improvements + +#### 1.6.5 + +* Fix crash if TUIC inbound authentication failed +* Fixes and improvements + +#### 1.7.0-beta.2 + +* Fix crash if TUIC inbound authentication failed +* Update quic-go to v0.40.0 +* Fixes and improvements + +#### 1.6.4 + +* Fixes and improvements + +#### 1.7.0-beta.1 + +* Fixes and improvements + +#### 1.6.3 + +* iOS/Android: Fix profile auto update +* Fixes and improvements + #### 1.7.0-alpha.11 * iOS/Android: Fix profile auto update diff --git a/docs/clients/android/features.md b/docs/clients/android/features.md new file mode 100644 index 0000000000..2702e6fa8c --- /dev/null +++ b/docs/clients/android/features.md @@ -0,0 +1,64 @@ +# :material-decagram: Features + +#### UI options + +* Display realtime network speed in the notification + +#### Service + +SFA allows you to run sing-box through ForegroundService or VpnService (when TUN is required). + +#### TUN + +SFA provides an unprivileged TUN implementation through Android VpnService. + +| TUN inbound option | Available | Note | +|-------------------------------|------------------|--------------------| +| `interface_name` | :material-close: | Managed by Android | +| `inet4_address` | :material-check: | / | +| `inet6_address` | :material-check: | / | +| `mtu` | :material-check: | / | +| `auto_route` | :material-check: | / | +| `strict_route` | :material-close: | Not implemented | +| `inet4_route_address` | :material-check: | / | +| `inet6_route_address` | :material-check: | / | +| `inet4_route_exclude_address` | :material-check: | / | +| `inet6_route_exclude_address` | :material-check: | / | +| `endpoint_independent_nat` | :material-check: | / | +| `stack` | :material-check: | / | +| `include_interface` | :material-close: | No permission | +| `exclude_interface` | :material-close: | No permission | +| `include_uid` | :material-close: | No permission | +| `exclude_uid` | :material-close: | No permission | +| `include_android_user` | :material-close: | No permission | +| `include_package` | :material-check: | / | +| `exclude_package` | :material-check: | / | +| `platform` | :material-check: | / | + +| Route/DNS rule option | Available | Note | +|-----------------------|------------------|-----------------------------------| +| `process_name` | :material-close: | No permission | +| `process_path` | :material-close: | No permission | +| `package_name` | :material-check: | / | +| `user` | :material-close: | Use `package_name` instead | +| `user_id` | :material-close: | Use `package_name` instead | +| `wifi_ssid` | :material-check: | Fine location permission required | +| `wifi_bssid` | :material-check: | Fine location permission required | + +### Override + +Overrides profile configuration items with platform-specific values. + +#### Per-app proxy + +SFA allows you to select a list of Android apps that require proxying or bypassing in the graphical interface to +override the `include_package` and `exclude_package` configuration items. + +In particular, the selector also provides the “China apps” scanning feature, providing Chinese users with an excellent +experience to bypass apps that do not require a proxy. Specifically, by scanning China application or SDK +characteristics through dex class path and other means, there will be almost no missed reports. + +### Chore + +* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory) +* Crash logs is located in `$working_directory/stderr.log` diff --git a/docs/clients/android/index.md b/docs/clients/android/index.md new file mode 100644 index 0000000000..cbd1d387de --- /dev/null +++ b/docs/clients/android/index.md @@ -0,0 +1,22 @@ +--- +icon: material/android +--- + +# sing-box for Android + +SFA allows users to manage and run local or remote sing-box configuration files, and provides +platform-specific function implementation, such as TUN transparent proxy implementation. + +## :material-graph: Requirements + +* Android 5.0+ + +## :material-download: Download + +* [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa) +* [Play Store (Beta)](https://play.google.com/apps/testing/io.nekohasekai.sfa) +* [GitHub Releases](https://github.com/SagerNet/sing-box/releases) + +## :material-source-repository: Source code + +* [GitHub](https://github.com/SagerNet/sing-box-for-android) diff --git a/docs/clients/apple/features.md b/docs/clients/apple/features.md new file mode 100644 index 0000000000..95143d98f8 --- /dev/null +++ b/docs/clients/apple/features.md @@ -0,0 +1,52 @@ +# :material-decagram: Features + +#### UI options + +* Always On +* Include All Networks (Proxy traffic for LAN and cellular services) +* (Apple tvOS) Import profile from iPhone/iPad + +#### Service + +SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application Extension or System Extension. + +#### TUN + +SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension. + +| TUN inbound option | Available | Note | +|-------------------------------|-----------|-------------------| +| `interface_name` | ✖️ | Managed by Darwin | +| `inet4_address` | ✔️ | / | +| `inet6_address` | ✔️ | / | +| `mtu` | ✔️ | / | +| `auto_route` | ✔️ | / | +| `strict_route` | ✖️ | Not implemented | +| `inet4_route_address` | ✔️ | / | +| `inet6_route_address` | ✔️ | / | +| `inet4_route_exclude_address` | ✔️ | / | +| `inet6_route_exclude_address` | ✔️ | / | +| `endpoint_independent_nat` | ✔️ | / | +| `stack` | ✔️ | / | +| `include_interface` | ✖️ | Not implemented | +| `exclude_interface` | ✖️ | Not implemented | +| `include_uid` | ✖️ | Not implemented | +| `exclude_uid` | ✖️ | Not implemented | +| `include_android_user` | ✖️ | Not implemented | +| `include_package` | ✖️ | Not implemented | +| `exclude_package` | ✖️ | Not implemented | +| `platform` | ✔️ | / | + +| Route/DNS rule option | Available | Note | +|-----------------------|------------------|-----------------------| +| `process_name` | :material-close: | No permission | +| `process_path` | :material-close: | No permission | +| `package_name` | :material-close: | / | +| `user` | :material-close: | No permission | +| `user_id` | :material-close: | No permission | +| `wifi_ssid` | :material-alert: | Only supported on iOS | +| `wifi_bssid` | :material-alert: | Only supported on iOS | + +### Chore + +* Crash logs is located in `Settings` -> `View Service Log` diff --git a/docs/clients/apple/index.md b/docs/clients/apple/index.md new file mode 100644 index 0000000000..36a4edd9f4 --- /dev/null +++ b/docs/clients/apple/index.md @@ -0,0 +1,32 @@ +--- +icon: material/apple +--- + +# sing-box for Apple platforms + +SFI/SFM/SFT allows users to manage and run local or remote sing-box configuration files, and provides +platform-specific function implementation, such as TUN transparent proxy implementation. + +## :material-graph: Requirements + +* iOS 15.0+ / macOS 13.0+ / Apple tvOS 17.0+ +* An Apple account outside of mainland China + +## :material-download: Download + +* [App Store](https://apps.apple.com/us/app/sing-box/id6451272673) +* [TestFlight (Beta)](https://testflight.apple.com/join/AcqO44FH) + +## :material-file-download: Download (macOS standalone version) + +* [Homebrew Cask](https://formulae.brew.sh/cask/sfm) + +```bash +brew install sfm +``` + +* [GitHub Releases](https://github.com/SagerNet/sing-box/releases) + +## :material-source-repository: Source code + +* [GitHub](https://github.com/SagerNet/sing-box-for-apple) diff --git a/docs/clients/general.md b/docs/clients/general.md new file mode 100644 index 0000000000..4d57c991ce --- /dev/null +++ b/docs/clients/general.md @@ -0,0 +1,63 @@ +--- +icon: material/pencil-ruler +--- + +# General + +Describes and explains the functions implemented uniformly by sing-box graphical clients. + +### Profile + +Profile describes a sing-box configuration file and its state. + +#### Local + +* Local Profile represents a local sing-box configuration with minimal state +* The graphical client must provide an editor to modify configuration content + +#### iCloud (on iOS and macOS) + +* iCloud Profile represents a remote sing-box configuration with iCloud as the update source +* The configuration file is stored in the sing-box folder under iCloud +* The graphical client must provide an editor to modify configuration content + +#### Remote + +* Remote Profile represents a remote sing-box configuration with a URL as the update source. +* The graphical client should provide a configuration content viewer +* The graphical client must implement automatic profile update (default interval is 60 minutes) and HTTP Basic + authorization. + +At the same time, the graphical client must provide support for importing remote profiles +through a specific URL Scheme. The URL is defined as follows: + +``` +sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName +``` + +### Dashboard + +While the sing-box service is running, the graphical client should provide a Dashboard interface to manage the service. + +#### Status + +Dashboard should display status information such as memory, connection, and traffic. + +#### Mode + +Dashboard should provide a Mode selector for switching when the configuration uses at least two `clash_mode` values. + +#### Groups + +When the configuration includes group outbounds (specifically, Selector or URLTest), +the dashboard should provide a Group selector for status display or switching. + +### Chore + +#### Core + +Graphical clients should provide a Core region: + +* Display the current sing-box version +* Provides a button to clean the working directory +* Provides a memory limiter switch \ No newline at end of file diff --git a/docs/clients/index.md b/docs/clients/index.md new file mode 100644 index 0000000000..b80c161867 --- /dev/null +++ b/docs/clients/index.md @@ -0,0 +1,13 @@ +# :material-cellphone-link: Graphical Clients + +Maintained by Project S to provide a unified experience and platform-specific functionality. + +| Platform | Client | +|---------------------------------------|-----------------------------------------| +| :material-android: Android | [sing-box for Android](./android) | +| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) | +| :material-laptop: Desktop | Working in progress | + +Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core +motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN +client features, the code is usually of poor quality and contains ads. diff --git a/docs/clients/index.zh.md b/docs/clients/index.zh.md new file mode 100644 index 0000000000..ef643086ac --- /dev/null +++ b/docs/clients/index.zh.md @@ -0,0 +1,12 @@ +# :material-cellphone-link: 图形界面客户端 + +由 Project S 维护,提供统一的体验与平台特定的功能。 + +| 平台 | 客户端 | +|---------------------------------------|-----------------------------------------| +| :material-android: Android | [sing-box for Android](./android) | +| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) | +| :material-laptop: Desktop | 施工中 | + +此处没有列出一些声称使用或以 sing-box 为卖点的第三方项目。此类项目维护者的动机是获得更多用户,即使它们提供友好的商业 +VPN 客户端功能, 但代码质量很差且包含广告。 diff --git a/docs/clients/privacy.md b/docs/clients/privacy.md new file mode 100644 index 0000000000..f8b51afd1a --- /dev/null +++ b/docs/clients/privacy.md @@ -0,0 +1,8 @@ +--- +icon: material/security +--- + +# Privacy policy + +sing-box and official graphics clients do not collect or share personal data, +and the data generated by the software is always on your device. diff --git a/docs/configuration/dns/rule.md b/docs/configuration/dns/rule.md index f7c46db396..18e352b407 100644 --- a/docs/configuration/dns/rule.md +++ b/docs/configuration/dns/rule.md @@ -79,6 +79,12 @@ 1000 ], "clash_mode": "direct", + "wifi_ssid": [ + "My WIFI" + ], + "wifi_bssid": [ + "00:00:00:00:00:00" + ], "invert": false, "outbound": [ "direct" @@ -188,7 +194,7 @@ Match port range. #### process_name -!!! error "" +!!! quote "" Only supported on Linux, Windows, and macOS. @@ -196,7 +202,7 @@ Match process name. #### process_path -!!! error "" +!!! quote "" Only supported on Linux, Windows, and macOS. @@ -208,7 +214,7 @@ Match android package name. #### user -!!! error "" +!!! quote "" Only supported on Linux. @@ -216,7 +222,7 @@ Match user name. #### user_id -!!! error "" +!!! quote "" Only supported on Linux. @@ -226,6 +232,24 @@ Match user id. Match Clash mode. +#### wifi_ssid + + + +!!! quote "" + + Only supported in graphical clients on Android and iOS. + +Match WiFi SSID. + +#### wifi_bssid + +!!! quote "" + + Only supported in graphical clients on Android and iOS. + +Match WiFi BSSID. + #### invert Invert match result. diff --git a/docs/configuration/dns/rule.zh.md b/docs/configuration/dns/rule.zh.md index 9af71a40b3..98bfa8ab9a 100644 --- a/docs/configuration/dns/rule.zh.md +++ b/docs/configuration/dns/rule.zh.md @@ -78,6 +78,12 @@ 1000 ], "clash_mode": "direct", + "wifi_ssid": [ + "My WIFI" + ], + "wifi_bssid": [ + "00:00:00:00:00:00" + ], "invert": false, "outbound": [ "direct" @@ -185,7 +191,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 #### process_name -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS. @@ -193,7 +199,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 #### process_path -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS. @@ -205,7 +211,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 #### user -!!! error "" +!!! quote "" 仅支持 Linux。 @@ -213,7 +219,7 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 #### user_id -!!! error "" +!!! quote "" 仅支持 Linux。 @@ -223,6 +229,22 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 匹配 Clash 模式。 +#### wifi_ssid + +!!! quote "" + + 仅在 Android 与 iOS 的图形客户端中支持。 + +匹配 WiFi SSID。 + +#### wifi_bssid + +!!! quote "" + + 仅在 Android 与 iOS 的图形客户端中支持。 + +匹配 WiFi BSSID。 + #### invert 反选匹配结果。 diff --git a/docs/configuration/dns/server.md b/docs/configuration/dns/server.md index 48fb1bb0c0..2ce50b38e1 100644 --- a/docs/configuration/dns/server.md +++ b/docs/configuration/dns/server.md @@ -49,7 +49,7 @@ The address of the dns server. !!! warning "" - QUIC and HTTP3 transport is not included by default, see [Installation](/#installation). + QUIC and HTTP3 transport is not included by default, see [Installation](./#installation). !!! info "" @@ -57,7 +57,7 @@ The address of the dns server. !!! warning "" - DHCP transport is not included by default, see [Installation](/#installation). + DHCP transport is not included by default, see [Installation](./#installation). | RCode | Description | |-------------------|-----------------------| diff --git a/docs/configuration/experimental/index.md b/docs/configuration/experimental/index.md index 9af9ec09a9..308e851c3b 100644 --- a/docs/configuration/experimental/index.md +++ b/docs/configuration/experimental/index.md @@ -44,9 +44,9 @@ ### Clash API Fields -!!! error "" +!!! quote "" - Clash API is not included by default, see [Installation](/#installation). + Clash API is not included by default, see [Installation](./#installation). #### external_controller @@ -110,9 +110,9 @@ If not empty, `store_selected` will use a separate store keyed by it. ### V2Ray API Fields -!!! error "" +!!! quote "" - V2Ray API is not included by default, see [Installation](/#installation). + V2Ray API is not included by default, see [Installation](./#installation). #### listen diff --git a/docs/configuration/experimental/index.zh.md b/docs/configuration/experimental/index.zh.md index 7bc2a62c9d..88a95852c9 100644 --- a/docs/configuration/experimental/index.zh.md +++ b/docs/configuration/experimental/index.zh.md @@ -44,7 +44,7 @@ ### Clash API 字段 -!!! error "" +!!! quote "" 默认安装不包含 Clash API,参阅 [安装](/zh/#_2)。 @@ -108,7 +108,7 @@ Clash 中的默认模式,默认使用 `Rule`。 ### V2Ray API 字段 -!!! error "" +!!! quote "" 默认安装不包含 V2Ray API,参阅 [安装](/zh/#_2)。 diff --git a/docs/configuration/inbound/http.md b/docs/configuration/inbound/http.md index dc80cf0aa9..3b14905015 100644 --- a/docs/configuration/inbound/http.md +++ b/docs/configuration/inbound/http.md @@ -36,7 +36,7 @@ No authentication required if empty. #### set_system_proxy -!!! error "" +!!! quote "" Only supported on Linux, Android, Windows, and macOS. diff --git a/docs/configuration/inbound/http.zh.md b/docs/configuration/inbound/http.zh.md index b7228eb9c3..2f3d44f556 100644 --- a/docs/configuration/inbound/http.zh.md +++ b/docs/configuration/inbound/http.zh.md @@ -36,7 +36,7 @@ HTTP 用户 #### set_system_proxy -!!! error "" +!!! quote "" 仅支持 Linux、Android、Windows 和 macOS。 diff --git a/docs/configuration/inbound/hysteria.md b/docs/configuration/inbound/hysteria.md index 5026010493..f027a05650 100644 --- a/docs/configuration/inbound/hysteria.md +++ b/docs/configuration/inbound/hysteria.md @@ -31,7 +31,7 @@ !!! warning "" - QUIC, which is required by hysteria is not included by default, see [Installation](/#installation). + QUIC, which is required by hysteria is not included by default, see [Installation](./#installation). ### Listen Fields diff --git a/docs/configuration/inbound/hysteria2.md b/docs/configuration/inbound/hysteria2.md index ab6f2e4dd1..4427b6517e 100644 --- a/docs/configuration/inbound/hysteria2.md +++ b/docs/configuration/inbound/hysteria2.md @@ -4,8 +4,8 @@ { "type": "hysteria2", "tag": "hy2-in", - - ... // Listen Fields + ... + // Listen Fields "up_mbps": 100, "down_mbps": 100, @@ -28,7 +28,14 @@ !!! warning "" - QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation). + QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation). + +!!! warning "Difference from official Hysteria2" + + The official program supports an authentication method called **userpass**, + which essentially uses a combination of `:` as the actual password, + while sing-box does not provide this alias. + To use sing-box with the official program, you need to fill in that combination as the actual password. ### Listen Fields diff --git a/docs/configuration/inbound/hysteria2.zh.md b/docs/configuration/inbound/hysteria2.zh.md index f43188c09f..4d5a94157c 100644 --- a/docs/configuration/inbound/hysteria2.zh.md +++ b/docs/configuration/inbound/hysteria2.zh.md @@ -4,8 +4,8 @@ { "type": "hysteria2", "tag": "hy2-in", - - ... // 监听字段 + ... + // 监听字段 "up_mbps": 100, "down_mbps": 100, @@ -30,6 +30,12 @@ 默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。 +!!! warning "与官方 Hysteria2 的区别" + + 官方程序支持一种名为 **userpass** 的验证方式, + 本质上上是将用户名与密码的组合 `:` 作为实际上的密码,而 sing-box 不提供此别名。 + 要将 sing-box 与官方程序一起使用, 您需要填写该组合作为实际密码。 + ### 监听字段 参阅 [监听字段](/zh/configuration/shared/listen/)。 diff --git a/docs/configuration/inbound/mixed.md b/docs/configuration/inbound/mixed.md index 9e262c7d57..62313f489d 100644 --- a/docs/configuration/inbound/mixed.md +++ b/docs/configuration/inbound/mixed.md @@ -33,7 +33,7 @@ No authentication required if empty. #### set_system_proxy -!!! error "" +!!! quote "" Only supported on Linux, Android, Windows, and macOS. diff --git a/docs/configuration/inbound/mixed.zh.md b/docs/configuration/inbound/mixed.zh.md index 8f00af14d4..448c66b464 100644 --- a/docs/configuration/inbound/mixed.zh.md +++ b/docs/configuration/inbound/mixed.zh.md @@ -33,7 +33,7 @@ SOCKS 和 HTTP 用户 #### set_system_proxy -!!! error "" +!!! quote "" 仅支持 Linux、Android、Windows 和 macOS。 diff --git a/docs/configuration/inbound/naive.md b/docs/configuration/inbound/naive.md index 35ad109616..562a70703d 100644 --- a/docs/configuration/inbound/naive.md +++ b/docs/configuration/inbound/naive.md @@ -20,7 +20,7 @@ !!! warning "" - HTTP3 transport is not included by default, see [Installation](/#installation). + HTTP3 transport is not included by default, see [Installation](./#installation). ### Listen Fields diff --git a/docs/configuration/inbound/redirect.md b/docs/configuration/inbound/redirect.md index 9ea418eef6..97736e286b 100644 --- a/docs/configuration/inbound/redirect.md +++ b/docs/configuration/inbound/redirect.md @@ -1,4 +1,4 @@ -!!! error "" +!!! quote "" Only supported on Linux and macOS. diff --git a/docs/configuration/inbound/redirect.zh.md b/docs/configuration/inbound/redirect.zh.md index 125dc73f84..a03049e5cd 100644 --- a/docs/configuration/inbound/redirect.zh.md +++ b/docs/configuration/inbound/redirect.zh.md @@ -1,4 +1,4 @@ -!!! error "" +!!! quote "" 仅支持 Linux 和 macOS。 diff --git a/docs/configuration/inbound/tproxy.md b/docs/configuration/inbound/tproxy.md index c637707294..4975931e89 100644 --- a/docs/configuration/inbound/tproxy.md +++ b/docs/configuration/inbound/tproxy.md @@ -1,4 +1,4 @@ -!!! error "" +!!! quote "" Only supported on Linux. diff --git a/docs/configuration/inbound/tproxy.zh.md b/docs/configuration/inbound/tproxy.zh.md index 9ab98e5782..6e35ad5e0c 100644 --- a/docs/configuration/inbound/tproxy.zh.md +++ b/docs/configuration/inbound/tproxy.zh.md @@ -1,4 +1,4 @@ -!!! error "" +!!! quote "" 仅支持 Linux。 diff --git a/docs/configuration/inbound/trojan.md b/docs/configuration/inbound/trojan.md index 787d2b11bf..cd45539ddc 100644 --- a/docs/configuration/inbound/trojan.md +++ b/docs/configuration/inbound/trojan.md @@ -47,7 +47,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#inbound). #### fallback -!!! error "" +!!! quote "" There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature. diff --git a/docs/configuration/inbound/trojan.zh.md b/docs/configuration/inbound/trojan.zh.md index f52422af82..54144ae680 100644 --- a/docs/configuration/inbound/trojan.zh.md +++ b/docs/configuration/inbound/trojan.zh.md @@ -49,7 +49,7 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。 #### fallback -!!! error "" +!!! quote "" 没有证据表明 GFW 基于 HTTP 响应检测并阻止 Trojan 服务器,并且在服务器上打开标准 http/s 端口是一个更大的特征。 diff --git a/docs/configuration/inbound/tuic.md b/docs/configuration/inbound/tuic.md index 51724e5d84..d4d9aafdb2 100644 --- a/docs/configuration/inbound/tuic.md +++ b/docs/configuration/inbound/tuic.md @@ -24,7 +24,7 @@ !!! warning "" - QUIC, which is required by TUIC is not included by default, see [Installation](/#installation). + QUIC, which is required by TUIC is not included by default, see [Installation](./#installation). ### Listen Fields diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index e6c52c54c1..1d493d58e8 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -1,4 +1,4 @@ -!!! error "" +!!! quote "" Only supported on Linux, Windows and macOS. @@ -102,7 +102,7 @@ The maximum transmission unit. Set the default route to the Tun. -!!! error "" +!!! quote "" To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface` @@ -171,11 +171,11 @@ TCP/IP stack. !!! warning "" - gVisor and LWIP stacks is not included by default, see [Installation](/#installation). + gVisor and LWIP stacks is not included by default, see [Installation](./#installation). #### include_interface -!!! error "" +!!! quote "" Interface rules are only supported on Linux and require auto_route. @@ -191,7 +191,7 @@ Conflict with `include_interface`. #### include_uid -!!! error "" +!!! quote "" UID rules are only supported on Linux and require auto_route. @@ -211,7 +211,7 @@ Exclude users in route, but in range. #### include_android_user -!!! error "" +!!! quote "" Android user and package rules are only supported on Android and require auto_route. diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index 8f246c042b..7ea3a6a030 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -1,4 +1,4 @@ -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS。 @@ -102,7 +102,7 @@ tun 接口的 IPv6 前缀。 设置到 Tun 的默认路由。 -!!! error "" +!!! quote "" 为避免流量环回,请设置 `route.auto_detect_interface` 或 `route.default_interface` 或 `outbound.bind_interface`。 @@ -171,7 +171,7 @@ TCP/IP 栈。 #### include_interface -!!! error "" +!!! quote "" 接口规则仅在 Linux 下被支持,并且需要 `auto_route`。 @@ -187,7 +187,7 @@ TCP/IP 栈。 #### include_uid -!!! error "" +!!! quote "" UID 规则仅在 Linux 下被支持,并且需要 `auto_route`。 @@ -207,7 +207,7 @@ TCP/IP 栈。 #### include_android_user -!!! error "" +!!! quote "" Android 用户和应用规则仅在 Android 下被支持,并且需要 `auto_route`。 diff --git a/docs/configuration/outbound/hysteria.md b/docs/configuration/outbound/hysteria.md index 8eafa99c27..ff9974de61 100644 --- a/docs/configuration/outbound/hysteria.md +++ b/docs/configuration/outbound/hysteria.md @@ -26,7 +26,7 @@ !!! warning "" - QUIC, which is required by hysteria is not included by default, see [Installation](/#installation). + QUIC, which is required by hysteria is not included by default, see [Installation](./#installation). ### Fields diff --git a/docs/configuration/outbound/hysteria2.md b/docs/configuration/outbound/hysteria2.md index 9861e332ac..90860c1c4f 100644 --- a/docs/configuration/outbound/hysteria2.md +++ b/docs/configuration/outbound/hysteria2.md @@ -24,7 +24,15 @@ !!! warning "" - QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation). + QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation). + +!!! warning "Difference from official Hysteria2" + + The official Hysteria2 supports an authentication method called **userpass**, + which essentially uses a combination of `:` as the actual password, + while sing-box does not provide this alias. + If you are planning to use sing-box with the official program, + please note that you will need to fill the combination as the password. ### Fields diff --git a/docs/configuration/outbound/hysteria2.zh.md b/docs/configuration/outbound/hysteria2.zh.md index 1e490a63af..5d20802794 100644 --- a/docs/configuration/outbound/hysteria2.zh.md +++ b/docs/configuration/outbound/hysteria2.zh.md @@ -26,6 +26,12 @@ 默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。 +!!! warning "与官方 Hysteria2 的区别" + + 官方程序支持一种名为 **userpass** 的验证方式, + 本质上上是将用户名与密码的组合 `:` 作为实际上的密码,而 sing-box 不提供此别名。 + 要将 sing-box 与官方程序一起使用, 您需要填写该组合作为实际密码。 + ### 字段 #### server diff --git a/docs/configuration/outbound/selector.md b/docs/configuration/outbound/selector.md index 1d2c74a9ea..ee75358f5b 100644 --- a/docs/configuration/outbound/selector.md +++ b/docs/configuration/outbound/selector.md @@ -15,7 +15,7 @@ } ``` -!!! error "" +!!! quote "" The selector can only be controlled through the [Clash API](/configuration/experimental#clash-api-fields) currently. diff --git a/docs/configuration/outbound/selector.zh.md b/docs/configuration/outbound/selector.zh.md index 9e985ab1fa..ffe2d70ae1 100644 --- a/docs/configuration/outbound/selector.zh.md +++ b/docs/configuration/outbound/selector.zh.md @@ -15,7 +15,7 @@ } ``` -!!! error "" +!!! quote "" 选择器目前只能通过 [Clash API](/zh/configuration/experimental#clash-api) 来控制。 diff --git a/docs/configuration/outbound/shadowsocksr.md b/docs/configuration/outbound/shadowsocksr.md index 43c71b990f..0c7f1b32b7 100644 --- a/docs/configuration/outbound/shadowsocksr.md +++ b/docs/configuration/outbound/shadowsocksr.md @@ -25,7 +25,7 @@ !!! warning "" - ShadowsocksR is not included by default, see [Installation](/#installation). + ShadowsocksR is not included by default, see [Installation](./#installation). ### Fields diff --git a/docs/configuration/outbound/tor.md b/docs/configuration/outbound/tor.md index 2b0cc9f00e..fe7e4ff6f9 100644 --- a/docs/configuration/outbound/tor.md +++ b/docs/configuration/outbound/tor.md @@ -18,7 +18,7 @@ !!! info "" - Embedded tor is not included by default, see [Installation](/#installation). + Embedded tor is not included by default, see [Installation](./#installation). ### Fields diff --git a/docs/configuration/outbound/tuic.md b/docs/configuration/outbound/tuic.md index bbcc199ff2..522e78924a 100644 --- a/docs/configuration/outbound/tuic.md +++ b/docs/configuration/outbound/tuic.md @@ -23,7 +23,7 @@ !!! warning "" - QUIC, which is required by TUIC is not included by default, see [Installation](/#installation). + QUIC, which is required by TUIC is not included by default, see [Installation](./#installation). ### Fields diff --git a/docs/configuration/outbound/wireguard.md b/docs/configuration/outbound/wireguard.md index f4a8810895..c9c49c79b8 100644 --- a/docs/configuration/outbound/wireguard.md +++ b/docs/configuration/outbound/wireguard.md @@ -38,11 +38,11 @@ !!! warning "" - WireGuard is not included by default, see [Installation](/#installation). + WireGuard is not included by default, see [Installation](./#installation). !!! warning "" - gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation). + gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](./#installation). ### Fields diff --git a/docs/configuration/route/index.md b/docs/configuration/route/index.md index 8c6ca6e110..846d497330 100644 --- a/docs/configuration/route/index.md +++ b/docs/configuration/route/index.md @@ -31,7 +31,7 @@ Default outbound tag. the first outbound will be used if empty. #### auto_detect_interface -!!! error "" +!!! quote "" Only supported on Linux, Windows and macOS. @@ -41,7 +41,7 @@ Takes no effect if `outbound.bind_interface` is set. #### override_android_vpn -!!! error "" +!!! quote "" Only supported on Android. @@ -49,7 +49,7 @@ Accept Android VPN as upstream NIC when `auto_detect_interface` enabled. #### default_interface -!!! error "" +!!! quote "" Only supported on Linux, Windows and macOS. @@ -59,7 +59,7 @@ Takes no effect if `auto_detect_interface` is set. #### default_mark -!!! error "" +!!! quote "" Only supported on Linux. diff --git a/docs/configuration/route/index.zh.md b/docs/configuration/route/index.zh.md index c05bb2e14a..8bef5bea9a 100644 --- a/docs/configuration/route/index.zh.md +++ b/docs/configuration/route/index.zh.md @@ -28,11 +28,11 @@ #### final -默认出站标签。如果未空,将使用第一个可用于对应协议的出站。 +默认出站标签。如果为空,将使用第一个可用于对应协议的出站。 #### auto_detect_interface -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS。 @@ -42,7 +42,7 @@ #### override_android_vpn -!!! error "" +!!! quote "" 仅支持 Android。 @@ -50,7 +50,7 @@ #### default_interface -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS。 @@ -60,10 +60,10 @@ #### default_mark -!!! error "" +!!! quote "" 仅支持 Linux。 默认为出站连接设置路由标记。 -如果设置了 `outbound.routing_mark` 设置,则不生效。 \ No newline at end of file +如果设置了 `outbound.routing_mark` 设置,则不生效。 diff --git a/docs/configuration/route/rule.md b/docs/configuration/route/rule.md index 3cee478dc3..abbfde6fdc 100644 --- a/docs/configuration/route/rule.md +++ b/docs/configuration/route/rule.md @@ -83,6 +83,12 @@ 1000 ], "clash_mode": "direct", + "wifi_ssid": [ + "My WIFI" + ], + "wifi_bssid": [ + "00:00:00:00:00:00" + ], "invert": false, "outbound": "direct" }, @@ -190,7 +196,7 @@ Match port range. #### process_name -!!! error "" +!!! quote "" Only supported on Linux, Windows, and macOS. @@ -198,7 +204,7 @@ Match process name. #### process_path -!!! error "" +!!! quote "" Only supported on Linux, Windows, and macOS. @@ -210,7 +216,7 @@ Match android package name. #### user -!!! error "" +!!! quote "" Only supported on Linux. @@ -218,7 +224,7 @@ Match user name. #### user_id -!!! error "" +!!! quote "" Only supported on Linux. @@ -228,6 +234,22 @@ Match user id. Match Clash mode. +#### wifi_ssid + +!!! quote "" + + Only supported in graphical clients on Android and iOS. + +Match WiFi SSID. + +#### wifi_bssid + +!!! quote "" + + Only supported in graphical clients on Android and iOS. + +Match WiFi BSSID. + #### invert Invert match result. diff --git a/docs/configuration/route/rule.zh.md b/docs/configuration/route/rule.zh.md index 4a09ed8e64..f4ab7890a7 100644 --- a/docs/configuration/route/rule.zh.md +++ b/docs/configuration/route/rule.zh.md @@ -81,6 +81,12 @@ 1000 ], "clash_mode": "direct", + "wifi_ssid": [ + "My WIFI" + ], + "wifi_bssid": [ + "00:00:00:00:00:00" + ], "invert": false, "outbound": "direct" }, @@ -188,7 +194,7 @@ #### process_name -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS。 @@ -196,7 +202,7 @@ #### process_path -!!! error "" +!!! quote "" 仅支持 Linux、Windows 和 macOS. @@ -208,7 +214,7 @@ #### user -!!! error "" +!!! quote "" 仅支持 Linux. @@ -216,7 +222,7 @@ #### user_id -!!! error "" +!!! quote "" 仅支持 Linux. @@ -226,6 +232,22 @@ 匹配 Clash 模式。 +#### wifi_ssid + +!!! quote "" + + 仅在 Android 与 iOS 的图形客户端中支持。 + +匹配 WiFi SSID。 + +#### wifi_bssid + +!!! quote "" + + 仅在 Android 与 iOS 的图形客户端中支持。 + +匹配 WiFi BSSID。 + #### invert 反选匹配结果。 diff --git a/docs/configuration/shared/dial.md b/docs/configuration/shared/dial.md index 1f524f0800..8139c7518c 100644 --- a/docs/configuration/shared/dial.md +++ b/docs/configuration/shared/dial.md @@ -41,7 +41,7 @@ The IPv6 address to bind to. #### routing_mark -!!! error "" +!!! quote "" Only supported on Linux. diff --git a/docs/configuration/shared/dial.zh.md b/docs/configuration/shared/dial.zh.md index 62b094f3fb..300e99ff7a 100644 --- a/docs/configuration/shared/dial.zh.md +++ b/docs/configuration/shared/dial.zh.md @@ -44,7 +44,7 @@ #### routing_mark -!!! error "" +!!! quote "" 仅支持 Linux。 diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md index 4d395f7786..9a02bbff2f 100644 --- a/docs/configuration/shared/tls.md +++ b/docs/configuration/shared/tls.md @@ -201,7 +201,7 @@ The path to the server private key, in PEM format. !!! warning "" - uTLS is not included by default, see [Installation](/#installation). + uTLS is not included by default, see [Installation](./#installation). !!! note "" @@ -228,7 +228,7 @@ Chrome fingerprint will be used if empty. !!! warning "" - ECH is not included by default, see [Installation](/#installation). + ECH is not included by default, see [Installation](./#installation). ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message. @@ -280,7 +280,7 @@ If empty, load from DNS will be attempted. !!! warning "" - ACME is not included by default, see [Installation](/#installation). + ACME is not included by default, see [Installation](./#installation). #### domain @@ -359,11 +359,11 @@ See [DNS01 Challenge Fields](/configuration/shared/dns01_challenge) for details. !!! warning "" - reality server is not included by default, see [Installation](/#installation). + reality server is not included by default, see [Installation](./#installation). !!! warning "" - uTLS, which is required by reality client is not included by default, see [Installation](/#installation). + uTLS, which is required by reality client is not included by default, see [Installation](./#installation). #### handshake diff --git a/docs/configuration/shared/v2ray-transport.md b/docs/configuration/shared/v2ray-transport.md index 418ef28db2..b078bac8af 100644 --- a/docs/configuration/shared/v2ray-transport.md +++ b/docs/configuration/shared/v2ray-transport.md @@ -131,7 +131,7 @@ It needs to be consistent with the server. !!! warning "" - QUIC is not included by default, see [Installation](/#installation). + QUIC is not included by default, see [Installation](./#installation). !!! warning "Difference from v2ray-core" @@ -142,7 +142,7 @@ It needs to be consistent with the server. !!! note "" - standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](/#installation). + standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](./#installation). ```json { diff --git a/docs/contributing/environment.md b/docs/contributing/environment.md deleted file mode 100644 index db2ac91aff..0000000000 --- a/docs/contributing/environment.md +++ /dev/null @@ -1,50 +0,0 @@ -# Development environment - -#### For the documentation - -##### Setup - -You need to configure python3 and pip first. - -```shell -pip install mkdocs-material mkdocs-static-i18n -``` - -##### Run the site locally - -```shell -mkdocs serve -``` - -or - -```shell -python3 -m mkdocs serve -``` - -#### For the project - -By default you have the latest Go installed (currently 1.19), and added `GOPATH/bin` to the PATH environment variable. - -##### Setup - -```shell -make fmt_insalll -make lint_install -``` - -This installs the formatting and lint tools, which can be used via `make fmt` and `make lint`. - -For ProtoBuffer changes, you also need `make proto_install` and `make proto`. - -##### Build binary to the project directory - -```shell -make -``` - -##### Install binary to GOPATH/bin - -```shell -make install -``` \ No newline at end of file diff --git a/docs/contributing/index.md b/docs/contributing/index.md deleted file mode 100644 index d669bda62c..0000000000 --- a/docs/contributing/index.md +++ /dev/null @@ -1,17 +0,0 @@ -# Contributing to sing-box - -An introduction to contributing to the sing-box project. - -The sing-box project welcomes, and depends, on contributions from developers and users in the open source community. -Contributions can be made in a number of ways, a few examples are: - -* Code patches via pull requests -* Documentation improvements -* Bug reports and patch reviews - -### Reporting an Issue? - -Please follow -the [issue template](https://github.com/SagerNet/sing-box/issues/new?assignees=&labels=&template=bug_report.yml) to -submit bugs. Always include **FULL** log content, especially if you don't understand the code that generates it. - diff --git a/docs/contributing/sub-projects.md b/docs/contributing/sub-projects.md deleted file mode 100644 index 3f62a52cd9..0000000000 --- a/docs/contributing/sub-projects.md +++ /dev/null @@ -1,67 +0,0 @@ -The sing-box uses the following projects which also need to be maintained: - -#### sing - -Link: [GitHub repository](https://github.com/SagerNet/sing) - -As a base tool library, there are no dependencies other than `golang.org/x/sys`. - -#### sing-dns - -Link: [GitHub repository](https://github.com/SagerNet/sing-dns) - -Handles DNS lookups and caching. - -#### sing-tun - -Link: [GitHub repository](https://github.com/SagerNet/sing-tun) - -Handle Tun traffic forwarding, configure routing, monitor network and routing. - -This library needs to periodically update its dependency gVisor (according to tags), including checking for changes to -the used parts of the code and updating its usage. If you are involved in maintenance, you also need to check that if it -works or contains memory leaks. - -#### sing-shadowsocks - -Link: [GitHub repository](https://github.com/SagerNet/sing-shadowsocks) - -Provides Shadowsocks client and server - -#### sing-vmess - -Link: [GitHub repository](https://github.com/SagerNet/sing-vmess) - -Provides VMess client and server - -#### netlink - -Link: [GitHub repository](https://github.com/SagerNet/netlink) - -Fork of `vishvananda/netlink`, with some rule fixes. - -The library needs to be updated with the upstream. - -#### quic-go - -Link: [GitHub repository](https://github.com/SagerNet/quic-go) - -Fork of `lucas-clemente/quic-go` and `HyNetwork/quic-go`, contains quic flow control and other fixes used by Hysteria. - -Since the author of Hysteria does not follow the upstream updates in time, and the provided fork needs to use replace, -we need to do this. - -The library needs to be updated with the upstream. - -#### smux - -Link: [GitHub repository](https://github.com/SagerNet/smux) - -Fork of `xtaci/smux` - -Modify the code to support the writev it uses internally and unify the buffer pool, which prevents it from allocating -64k buffers for per connection and improves performance. - -Upstream doesn't seem to be updated anymore, maybe a replacement is needed. - -Note: while yamux is still actively maintained and better known, it seems to be less performant. diff --git a/docs/deprecated.md b/docs/deprecated.md index 521a399490..91a3b25e58 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -1,5 +1,11 @@ +--- +icon: material/delete-alert +--- + # Deprecated Feature List +### 1.6.0 + The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0. #### ShadowsocksR diff --git a/docs/deprecated.zh.md b/docs/deprecated.zh.md new file mode 100644 index 0000000000..f1125565f9 --- /dev/null +++ b/docs/deprecated.zh.md @@ -0,0 +1,17 @@ +--- +icon: material/delete-alert +--- + +# 废弃功能列表 + +### 1.6.0 + +下列功能已在 1.5.0 中标记为已弃用,并在 1.6.0 中完全删除。 + +#### ShadowsocksR + +ShadowsocksR 支持从未默认启用,自从常用的黑产代理销售面板停止使用该协议,继续维护它是没有意义的。 + +#### Proxy Protocol + +Proxy Protocol 支持由 Pull Request 添加,存在问题且仅由 HTTP 多路复用器(如 nginx)的后端使用,具有侵入性,对于代理目的毫无意义。 diff --git a/docs/examples/clash-api.md b/docs/examples/clash-api.md deleted file mode 100644 index ca5a01338f..0000000000 --- a/docs/examples/clash-api.md +++ /dev/null @@ -1,52 +0,0 @@ -```json -{ - "dns": { - "rules": [ - { - "domain": [ - "clash.razord.top", - "yacd.haishan.me" - ], - "server": "local" - }, - { - "clash_mode": "direct", - "server": "local" - } - ] - }, - "outbounds": [ - { - "type": "selector", - "tag": "default", - "outbounds": [ - "proxy-a", - "proxy-b" - ] - } - ], - "route": { - "rules": [ - { - "clash_mode": "direct", - "outbound": "direct" - }, - { - "domain": [ - "clash.razord.top", - "yacd.haishan.me" - ], - "outbound": "direct" - } - ], - "final": "default" - }, - "experimental": { - "clash_api": { - "external_controller": "127.0.0.1:9090", - "store_selected": true - } - } -} - -``` \ No newline at end of file diff --git a/docs/examples/dns-hijack.md b/docs/examples/dns-hijack.md deleted file mode 100644 index db9e86b808..0000000000 --- a/docs/examples/dns-hijack.md +++ /dev/null @@ -1,65 +0,0 @@ -#### Sniff Mode - -```json -{ - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "sniff": true // required - } - ], - "outbounds": [ - { - "type": "direct" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "protocol": "dns", - "outbound": "dns-out" - } - ], - "auto_detect_interface": true - } -} -``` - -#### Port Mode - -```json -{ - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "sniff": true // not required - } - ], - "outbounds": [ - { - "type": "direct" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "port": 53, - "outbound": "dns-out" - } - ], - "auto_detect_interface": true - } -} -``` \ No newline at end of file diff --git a/docs/examples/dns-hijack.zh.md b/docs/examples/dns-hijack.zh.md deleted file mode 100644 index 2e75b13a7b..0000000000 --- a/docs/examples/dns-hijack.zh.md +++ /dev/null @@ -1,65 +0,0 @@ -#### 探测模式 - -```json -{ - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "sniff": true // 必须 - } - ], - "outbounds": [ - { - "type": "direct" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "protocol": "dns", - "outbound": "dns-out" - } - ], - "auto_detect_interface": true - } -} -``` - -#### 端口模式 - -```json -{ - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "sniff": true // 非必须 - } - ], - "outbounds": [ - { - "type": "direct" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "port": 53, - "outbound": "dns-out" - } - ], - "auto_detect_interface": true - } -} -``` \ No newline at end of file diff --git a/docs/examples/fakeip.md b/docs/examples/fakeip.md deleted file mode 100644 index 21407eced4..0000000000 --- a/docs/examples/fakeip.md +++ /dev/null @@ -1,106 +0,0 @@ -```json -{ - "dns": { - "servers": [ - { - "tag": "google", - "address": "tls://8.8.8.8" - }, - { - "tag": "local", - "address": "223.5.5.5", - "detour": "direct" - }, - { - "tag": "remote", - "address": "fakeip" - }, - { - "tag": "block", - "address": "rcode://success" - } - ], - "rules": [ - { - "geosite": "category-ads-all", - "server": "block", - "disable_cache": true - }, - { - "outbound": "any", - "server": "local" - }, - { - "geosite": "cn", - "server": "local" - }, - { - "query_type": [ - "A", - "AAAA" - ], - "server": "remote" - } - ], - "fakeip": { - "enabled": true, - "inet4_range": "198.18.0.0/15", - "inet6_range": "fc00::/18" - }, - "independent_cache": true, - "strategy": "ipv4_only" - }, - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "sniff": true, - "domain_strategy": "ipv4_only" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior). - } - ], - "outbounds": [ - { - "type": "shadowsocks", - "tag": "proxy", - "server": "mydomain.com", - "server_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==" - }, - { - "type": "direct", - "tag": "direct" - }, - { - "type": "block", - "tag": "block" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "protocol": "dns", - "outbound": "dns-out" - }, - { - "geosite": "cn", - "geoip": [ - "private", - "cn" - ], - "outbound": "direct" - }, - { - "geosite": "category-ads-all", - "outbound": "block" - } - ], - "auto_detect_interface": true - } -} -``` \ No newline at end of file diff --git a/docs/examples/fakeip.zh.md b/docs/examples/fakeip.zh.md deleted file mode 100644 index 947ce387ae..0000000000 --- a/docs/examples/fakeip.zh.md +++ /dev/null @@ -1,106 +0,0 @@ -```json -{ - "dns": { - "servers": [ - { - "tag": "google", - "address": "tls://8.8.8.8" - }, - { - "tag": "local", - "address": "223.5.5.5", - "detour": "direct" - }, - { - "tag": "remote", - "address": "fakeip" - }, - { - "tag": "block", - "address": "rcode://success" - } - ], - "rules": [ - { - "geosite": "category-ads-all", - "server": "block", - "disable_cache": true - }, - { - "outbound": "any", - "server": "local" - }, - { - "geosite": "cn", - "server": "local" - }, - { - "query_type": [ - "A", - "AAAA" - ], - "server": "remote" - } - ], - "fakeip": { - "enabled": true, - "inet4_range": "198.18.0.0/15", - "inet6_range": "fc00::/18" - }, - "independent_cache": true, - "strategy": "ipv4_only" - }, - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "sniff": true, - "domain_strategy": "ipv4_only" // 如果您想在远程解析域,删除此行 (如果服务器程序不为 sing-box,可能由于错误的行为导致 UDP 无法使用)。 - } - ], - "outbounds": [ - { - "type": "shadowsocks", - "tag": "proxy", - "server": "mydomain.com", - "server_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==" - }, - { - "type": "direct", - "tag": "direct" - }, - { - "type": "block", - "tag": "block" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "protocol": "dns", - "outbound": "dns-out" - }, - { - "geosite": "cn", - "geoip": [ - "private", - "cn" - ], - "outbound": "direct" - }, - { - "geosite": "category-ads-all", - "outbound": "block" - } - ], - "auto_detect_interface": true - } -} -``` \ No newline at end of file diff --git a/docs/examples/index.md b/docs/examples/index.md deleted file mode 100644 index 6bbab74145..0000000000 --- a/docs/examples/index.md +++ /dev/null @@ -1,11 +0,0 @@ -# Examples - -Configuration examples for sing-box. - -* [Linux Server Installation](./linux-server-installation) -* [Tun](./tun) -* [DNS Hijack](./dns-hijack.md) -* [Shadowsocks](./shadowsocks) -* [ShadowTLS](./shadowtls) -* [Clash API](./clash-api) -* [FakeIP](./fakeip) diff --git a/docs/examples/index.zh.md b/docs/examples/index.zh.md deleted file mode 100644 index 7528e5d438..0000000000 --- a/docs/examples/index.zh.md +++ /dev/null @@ -1,11 +0,0 @@ -# 示例 - -sing-box 的配置示例。 - -* [Linux 服务器安装](./linux-server-installation) -* [Tun](./tun) -* [DNS 劫持](./dns-hijack.md) -* [Shadowsocks](./shadowsocks) -* [ShadowTLS](./shadowtls) -* [Clash API](./clash-api) -* [FakeIP](./fakeip) diff --git a/docs/examples/linux-server-installation.md b/docs/examples/linux-server-installation.md deleted file mode 100644 index a785b130b7..0000000000 --- a/docs/examples/linux-server-installation.md +++ /dev/null @@ -1,38 +0,0 @@ -#### Requirements - -* Linux & Systemd -* Git -* C compiler environment - -#### Install - -```shell -git clone -b main https://github.com/SagerNet/sing-box -cd sing-box -./release/local/install_go.sh # skip if you have golang already installed -./release/local/install.sh -``` - -Edit configuration file in `/usr/local/etc/sing-box/config.json` - -```shell -./release/local/enable.sh -``` - -#### Update - -```shell -./release/local/update.sh -``` - -#### Other commands - -| Operation | Command | -|-----------|-----------------------------------------------| -| Start | `sudo systemctl start sing-box` | -| Stop | `sudo systemctl stop sing-box` | -| Kill | `sudo systemctl kill sing-box` | -| Restart | `sudo systemctl restart sing-box` | -| Logs | `sudo journalctl -u sing-box --output cat -e` | -| New Logs | `sudo journalctl -u sing-box --output cat -f` | -| Uninstall | `./release/local/uninstall.sh` | \ No newline at end of file diff --git a/docs/examples/linux-server-installation.zh.md b/docs/examples/linux-server-installation.zh.md deleted file mode 100644 index 91d908d67d..0000000000 --- a/docs/examples/linux-server-installation.zh.md +++ /dev/null @@ -1,38 +0,0 @@ -#### 依赖 - -* Linux & Systemd -* Git -* C 编译器环境 - -#### 安装 - -```shell -git clone -b main https://github.com/SagerNet/sing-box -cd sing-box -./release/local/install_go.sh # 如果已安装 golang 则跳过 -./release/local/install.sh -``` - -编辑配置文件 `/usr/local/etc/sing-box/config.json` - -```shell -./release/local/enable.sh -``` - -#### 更新 - -```shell -./release/local/update.sh -``` - -#### 其他命令 - -| 操作 | 命令 | -|------|-----------------------------------------------| -| 启动 | `sudo systemctl start sing-box` | -| 停止 | `sudo systemctl stop sing-box` | -| 强制停止 | `sudo systemctl kill sing-box` | -| 重启 | `sudo systemctl restart sing-box` | -| 查看日志 | `sudo journalctl -u sing-box --output cat -e` | -| 实时日志 | `sudo journalctl -u sing-box --output cat -f` | -| 卸载 | `./release/local/uninstall.sh` | \ No newline at end of file diff --git a/docs/examples/shadowsocks.md b/docs/examples/shadowsocks.md deleted file mode 100644 index 7e002fab4d..0000000000 --- a/docs/examples/shadowsocks.md +++ /dev/null @@ -1,163 +0,0 @@ -# Shadowsocks - -!!! warning "" - - For censorship bypass usage in China, we recommend using UDP over TCP and disabling UDP on the server. - -## Single User - -#### Server - -```json -{ - "inbounds": [ - { - "type": "shadowsocks", - "listen": "::", - "listen_port": 8080, - "network": "tcp", - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==" - } - ] -} -``` - -#### Client - -```json -{ - "inbounds": [ - { - "type": "mixed", - "listen": "::", - "listen_port": 2080 - } - ], - "outbounds": [ - { - "type": "shadowsocks", - "server": "127.0.0.1", - "server_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==", - "udp_over_tcp": true - } - ] -} - -``` - -## Multiple Users - -#### Server - -```json -{ - "inbounds": [ - { - "type": "shadowsocks", - "listen": "::", - "listen_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==", - "users": [ - { - "name": "sekai", - "password": "BXYxVUXJ9NgF7c7KPLQjkg==" - } - ] - } - ] -} -``` - -#### Client - -```json -{ - "inbounds": [ - { - "type": "mixed", - "listen": "::", - "listen_port": 2080 - } - ], - "outbounds": [ - { - "type": "shadowsocks", - "server": "127.0.0.1", - "server_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg==" - } - ] -} - -``` - -## Relay - -#### Server - -```json -{ - "inbounds": [ - { - "type": "shadowsocks", - "listen": "::", - "listen_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==" - } - ] -} -``` - -#### Relay - -```json -{ - "inbounds": [ - { - "type": "shadowsocks", - "listen": "::", - "listen_port": 8081, - "method": "2022-blake3-aes-128-gcm", - "password": "BXYxVUXJ9NgF7c7KPLQjkg==", - "destinations": [ - { - "name": "my_server", - "password": "8JCsPssfgS8tiRwiMlhARg==", - "server": "127.0.0.1", - "server_port": 8080 - } - ] - } - ] -} -``` - -#### Client - -```json -{ - "inbounds": [ - { - "type": "mixed", - "listen": "::", - "listen_port": 2080 - } - ], - "outbounds": [ - { - "type": "shadowsocks", - "server": "127.0.0.1", - "server_port": 8081, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg==" - } - ] -} - -``` \ No newline at end of file diff --git a/docs/examples/shadowtls.md b/docs/examples/shadowtls.md deleted file mode 100644 index 352a305846..0000000000 --- a/docs/examples/shadowtls.md +++ /dev/null @@ -1,70 +0,0 @@ -#### Server - -```json -{ - "inbounds": [ - { - "type": "shadowtls", - "listen": "::", - "listen_port": 4443, - "version": 3, - "users": [ - { - "name": "sekai", - "password": "8JCsPssfgS8tiRwiMlhARg==" - } - ], - "handshake": { - "server": "google.com", - "server_port": 443 - }, - "detour": "shadowsocks-in" - }, - { - "type": "shadowsocks", - "tag": "shadowsocks-in", - "listen": "127.0.0.1", - "network": "tcp", - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==" - } - ] -} -``` - -#### Client - -```json -{ - "outbounds": [ - { - "type": "shadowsocks", - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==", - "detour": "shadowtls-out", - "multiplex": { - "enabled": true, - "max_connections": 4, - "min_streams": 4 - } - // or "udp_over_tcp": true - }, - { - "type": "shadowtls", - "tag": "shadowtls-out", - "server": "127.0.0.1", - "server_port": 4443, - "version": 3, - "password": "8JCsPssfgS8tiRwiMlhARg==", - "tls": { - "enabled": true, - "server_name": "google.com", - "utls": { - "enabled": true, - "fingerprint": "chrome" - } - } - } - ] -} -``` diff --git a/docs/examples/tun.md b/docs/examples/tun.md deleted file mode 100644 index 8671ef76a6..0000000000 --- a/docs/examples/tun.md +++ /dev/null @@ -1,89 +0,0 @@ -```json -{ - "dns": { - "servers": [ - { - "tag": "google", - "address": "tls://8.8.8.8" - }, - { - "tag": "local", - "address": "223.5.5.5", - "detour": "direct" - }, - { - "tag": "block", - "address": "rcode://success" - } - ], - "rules": [ - { - "geosite": "category-ads-all", - "server": "block", - "disable_cache": true - }, - { - "outbound": "any", - "server": "local" - }, - { - "geosite": "cn", - "server": "local" - } - ], - "strategy": "ipv4_only" - }, - "inbounds": [ - { - "type": "tun", - "inet4_address": "172.19.0.1/30", - "auto_route": true, - "strict_route": false, - "sniff": true - } - ], - "outbounds": [ - { - "type": "shadowsocks", - "tag": "proxy", - "server": "mydomain.com", - "server_port": 8080, - "method": "2022-blake3-aes-128-gcm", - "password": "8JCsPssfgS8tiRwiMlhARg==" - }, - { - "type": "direct", - "tag": "direct" - }, - { - "type": "block", - "tag": "block" - }, - { - "type": "dns", - "tag": "dns-out" - } - ], - "route": { - "rules": [ - { - "protocol": "dns", - "outbound": "dns-out" - }, - { - "geosite": "cn", - "geoip": [ - "private", - "cn" - ], - "outbound": "direct" - }, - { - "geosite": "category-ads-all", - "outbound": "block" - } - ], - "auto_detect_interface": true - } -} -``` \ No newline at end of file diff --git a/docs/faq/fakeip.md b/docs/faq/fakeip.md deleted file mode 100644 index 59d9e730d9..0000000000 --- a/docs/faq/fakeip.md +++ /dev/null @@ -1,19 +0,0 @@ -# FakeIP - -FakeIP refers to a type of behavior in a program that simultaneously hijacks both DNS and connection requests. It -responds to DNS requests with virtual results and restores mapping when accepting connections. - -#### Advantage - -* - -#### Limitation - -* Its mechanism breaks applications that depend on returning correct remote addresses. -* Only A and AAAA (IP) requests are supported, which may break applications that rely on other requests. - -#### Recommendation - -* Enable `dns.independent_cache` unless you always resolve FakeIP domains remotely. -* If using tun, make sure FakeIP ranges is included in the tun's routes. -* Enable `experimental.clash_api.store_fakeip` to persist FakeIP records, or use `dns.rules.rewrite_ttl` to avoid losing records after program restart in DNS cached environments. diff --git a/docs/faq/fakeip.zh.md b/docs/faq/fakeip.zh.md deleted file mode 100644 index 3ab77d2c6a..0000000000 --- a/docs/faq/fakeip.zh.md +++ /dev/null @@ -1,18 +0,0 @@ -# FakeIP - -FakeIP 是指同时劫持 DNS 和连接请求的程序中的一种行为。它通过虚拟结果响应 DNS 请求,在接受连接时恢复映射。 - -#### 优点 - -* - -#### 限制 - -* 它的机制会破坏依赖于返回正确远程地址的应用程序。 -* 仅支持 A 和 AAAA(IP)请求,这可能会破坏依赖于其他请求的应用程序。 - -#### 建议 - -* 启用 `dns.independent_cache` 除非您始终远程解析 FakeIP 域。 -* 如果使用 tun,请确保 tun 路由中包含 FakeIP 地址范围。 -* 启用 `experimental.clash_api.store_fakeip` 以持久化 FakeIP 记录,或者使用 `dns.rules.rewrite_ttl` 避免程序重启后在 DNS 被缓存的环境中丢失记录。 diff --git a/docs/faq/index.md b/docs/faq/index.md deleted file mode 100644 index c7ce30ad65..0000000000 --- a/docs/faq/index.md +++ /dev/null @@ -1,58 +0,0 @@ -# Frequently Asked Questions (FAQ) - -## Design - -#### Why does sing-box not have feature X? - -Every program contains novel features and omits someone's favorite feature. sing-box is designed with an eye to the -needs of performance, lightweight, usability, modularity, and code quality. Your favorite feature may be missing because -it doesn't fit, because it compromises performance or design clarity, or because it's a bad idea. - -If it bothers you that sing-box is missing feature X, please forgive us and investigate the features that sing-box does -have. You might find that they compensate in interesting ways for the lack of X. - -#### Naive outbound - -NaïveProxy's main function is chromium's network stack, and it makes no sense to implement only its transport protocol. - -#### Protocol combinations - -The "underlying transport" in v2ray-core is actually a combination of a number of proprietary protocols and uses the -names of their upstream protocols, resulting in a great deal of Linguistic corruption. - -For example, Trojan with v2ray's proprietary gRPC protocol, called Trojan gRPC by the v2ray community, is not actually a -protocol and has no role outside of abusing CDNs. - -## Tun - -#### What is tun? - -tun is a virtual network device in unix systems, and in windows there is wintun developed by WireGuard as an -alternative. The tun module of sing-box includes traffic processing, automatic routing, and network device listening, -and is mainly used as a transparent proxy. - -#### How is it different from system proxy? - -System proxy usually only supports TCP and is not accepted by all applications, but tun can handle all traffic. - -#### How is it different from traditional transparent proxy? - -They are usually only supported under Linux and require manipulation of firewalls like iptables, while tun only modifies -the routing table. - -The tproxy UDP is considered to have poor performance due to the need to create a new connection every write back in -v2ray and clash, but it is optimized in sing-box so you can still use it if needed. - -#### How does it handle DNS? - -In traditional transparent proxies, it is usually necessary to manually hijack port 53 to the DNS proxy server, while -tun is more flexible. - -sing-box's `auto_route` will hijack all DNS requests except on [macOS and Android](./known-issues#dns). - -You need to manually configure how to handle tun hijacked DNS traffic, see [Hijack DNS](/examples/dns-hijack). - -#### Why I can't use it with other local proxies (e.g. via socks)? - -Tun will hijack all traffic, including other proxy applications. In order to make tun work with other applications, you -need to create an inbound to proxy traffic from other applications or make them bypass the route. \ No newline at end of file diff --git a/docs/faq/index.zh.md b/docs/faq/index.zh.md deleted file mode 100644 index 557c53c7fa..0000000000 --- a/docs/faq/index.zh.md +++ /dev/null @@ -1,50 +0,0 @@ -# 常见问题 - -## 设计 - -#### 为什么 sing-box 没有功能 X? - -每个程序都包含新颖的功能并省略了某人最喜欢的功能。 sing-box 的设计着眼于高性能、轻量、可用性、模块化和代码质量的需求。 -您最喜欢的功能可能会丢失,因为它不适合,因为它会影响性能或设计清晰度,或者因为它是一个坏主意。 - -如果 sing-box 缺少功能 X 让您感到困扰,请原谅我们并调查 sing-box 确实有的功能。 您可能会发现它们以有趣的方式弥补了 X 的缺失。 - -#### Naive 出站 - -NaïveProxy 的主要功能是 chromium 的网络栈,仅实现它的传输协议是舍本逐末的。 - -#### 协议组合 - -v2ray-core 中的 "底层传输协议" 实际上是一些专有协议的组合,并使用其上游协议的名称,造成了大量的语言腐败。 - -例如,v2ray 社区将 v2ray 专有的 gRPC 协议称为 Trojan gRPC,其实并不是一个 协议,在滥用 CDN 之外没有任何作用。 - -## Tun - -#### 什么是 tun? - -tun 是 unix 系统中的虚拟网络设备,在 windows 中有 WireGuard 开发的 wintun 作为替代。 -sing-box 的 tun 模块包括流量处理、自动路由和网络设备监听,并主要用作透明代理。 - -#### 它与系统代理有什么不同? - -系统代理通常只支持 TCP,且不被所有应用程序接受,但 tun 可以处理所有流量。 - -#### 它与传统的透明代理有什么不同? - -它们通常仅支持 Linux,并且需要操作防火墙像 iptables,而 tun 仅修改路由表。 - -tproxy UDP 被认为性能很差,因为在 v2ray 和 clash 中每次回写都需要创建一个新连接,但 sing-box 进行了优化,因此您仍然可以在需要时使用它。 - -#### 它如何处理 DNS? - -在传统的透明代理中,通常需要手动劫持 53 端口到 DNS 代理服务器,而 tun 更灵活。 - -sing-box 的 `auto_route` 将劫持所有 DNS 请求,除了 [特殊情况](./known-issues#dns)。 - -您需要手动配置以处理 tun 劫持的 DNS 流量,请参阅 [DNS劫持](/zh/examples/dns-hijack)。 - -#### 为什么我不能将它与其他本地代理一起使用(例如通过 socks)? - -tun 将劫持所有流量,包括其他代理应用程序。 -为了使 tun 与其他应用程序一起工作,您需要创建入站以代理来自其他程序的流量或让它们绕过路由。 \ No newline at end of file diff --git a/docs/faq/known-issues.md b/docs/faq/known-issues.md deleted file mode 100644 index ac6892e1ee..0000000000 --- a/docs/faq/known-issues.md +++ /dev/null @@ -1,20 +0,0 @@ -#### DNS - -##### on macOS - -`auto-route` cannot automatically hijack DNS requests sent to the LAN, so it's need to manually set DNS to servers on -the public internet. - -##### on Android - -`auto-route` cannot automatically hijack DNS requests when Android's `Private DNS` enabled or `strict_route` disabled. - -#### System proxy - -##### on Linux - -Usually only browsers and GNOME applications accept GNOME proxy settings. - -##### on Android - -With the system proxy enabled, some applications will error out (usually from China). \ No newline at end of file diff --git a/docs/faq/known-issues.zh.md b/docs/faq/known-issues.zh.md deleted file mode 100644 index 1d25e723cb..0000000000 --- a/docs/faq/known-issues.zh.md +++ /dev/null @@ -1,19 +0,0 @@ -#### DNS - -##### macOS - -`auto-route` 无法自动劫持发往局域网的 DNS 请求,需要手动设置位于公网的 DNS 服务器。 - -##### Android - -`auto-route` 无法自动劫持 DNS 请求如果 `私人 DNS` 开启或 `strict_route` 禁用。 - -#### 系统代理 - -##### Linux - -通常只有浏览器和 GNOME 应用程序接受 GNOME 代理设置。 - -##### Android - -启用系统代理后,某些应用程序会出错(通常来自中国)。 diff --git a/docs/features.md b/docs/features.md deleted file mode 100644 index 84185bca2b..0000000000 --- a/docs/features.md +++ /dev/null @@ -1,121 +0,0 @@ -#### Server - -| Feature | v2ray-core | clash | -|------------------------------------------------------------|------------|-------| -| Direct inbound | ✔ | X | -| SOCKS4a inbound | ✔ | X | -| Mixed (http/socks) inbound | X | ✔ | -| Shadowsocks AEAD 2022 single-user/multi-user/relay inbound | X | X | -| VMess/Trojan inbound | ✔ | X | -| Naive/Hysteria inbound | X | X | -| Resolve incoming domain names using custom policy | X | X | -| Set system proxy on Windows/Linux/macOS/Android | X | X | -| TLS certificate auto reload | X | X | -| TLS ACME certificate issuer | X | X | - -#### Client - -| Feature | v2ray-core | clash | -|--------------------------------------------------------|------------------------------------|----------| -| Set upstream client (proxy chain) | TCP only, and has poor performance | TCP only | -| Bind to network interface | Linux only | ✔ | -| Custom dns strategy for resolving server address | X | X | -| Fast fallback (RFC 6555) support for connect to server | X | X | -| SOCKS4/4a outbound | added by me | X | -| Shadowsocks AEAD 2022 outbound | X | X | -| Shadowsocks UDP over TCP | X | X | -| Multiplex (smux/yamux) | mux.cool | X | -| Tor/WireGuard/Hysteria outbound | X | X | -| Selector outbound and Clash API | X | ✔ | - -#### Sniffing - -| Protocol | v2ray-core | clash-premium | -|------------------|-------------|---------------| -| HTTP Host | ✔ | X | -| QUIC ClientHello | added by me | added by me | -| STUN | X | X | - -| Feature | v2ray-core | clash-premium | -|-----------------------------------------|---------------------------|---------------| -| For routing only | added by me | X | -| No performance impact (like TCP splice) | no general splice support | X | -| Set separately for each server | ✔ | X | - -#### Routing - -| Feature | v2ray-core | clash-premium | -|----------------------------|------------|---------------| -| Auto detect interface | X | tun only | -| Set default interface name | X | tun only | -| Set default firewall mark | X | X | - -#### Routing Rule - -| Rule | v2ray-core | clash | -|----------------------|----------------------------|-------| -| Inbound | ✔ | X | -| IP Version | X | X | -| User from inbound | vmess and shadowsocks only | X | -| Sniffed protocol | ✔ | X | -| GeoSite | ✔ | X | -| Process name | X | ✔ | -| Android package name | X | X | -| Linux user/user id | X | X | -| Invert rule | X | X | -| Logical rule | X | X | - -#### DNS - -| Feature | v2ray-core | clash | -|------------------------------------|-------------|-------| -| DNS proxy | A/AAAA only | ✔ | -| DNS cache | A/AAAA only | X | -| DNS routing | X | X | -| DNS Over QUIC | ✔ | X | -| DNS Over HTTP3 | X | X | -| Fake dns response with custom code | X | X | - -#### Tun - -| Feature | clash-premium | -|-------------------------------------------|---------------| -| Full IPv6 support | X | -| Auto route on Linux/Windows/macOS/Android | ✔ | -| Embed windows driver | X | -| Custom address/mtu | X | -| Limit uid (Linux) in routing | X | -| Limit android user in routing | X | -| Limit android package in routing | X | - -#### Memory usage - -| GeoSite code | sing-box | v2ray-core | -|-------------------|----------|------------| -| cn | 17.8M | 140.3M | -| cn (Loyalsoldier) | 74.3M | 246.7M | - -#### Benchmark - -##### Shadowsocks - -| / | none | aes-128-gcm | 2022-blake3-aes-128-gcm | -|------------------------------------|:---------:|:-----------:|:-----------------------:| -| v2ray-core (5.0.7) | 13.0 Gbps | 5.02 Gbps | / | -| shadowsocks-rust (v1.15.0-alpha.5) | 10.7 Gbps | / | 9.36 Gbps | -| sing-box | 29.0 Gbps | / | 11.8 Gbps | - -##### VMess - -| / | TCP | HTTP | H2 TLS | WebSocket TLS | gRPC TLS | -|--------------------|:---------:|:---------:|:---------:|:-------------:|:---------:| -| v2ray-core (5.1.0) | 7.86 GBps | 2.86 Gbps | 1.83 Gbps | 2.36 Gbps | 2.43 Gbps | -| sing-box | 7.96 Gbps | 8.09 Gbps | 6.11 Gbps | 8.02 Gbps | 6.35 Gbps | - -#### License - -| / | License | -|------------|-----------------------------------| -| sing-box | GPLv3 or later (Full open-source) | -| v2ray-core | MIT (Full open-source) | -| clash | GPLv3 | \ No newline at end of file diff --git a/docs/index.md b/docs/index.md index 2c34509c24..2af7222e7b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -2,7 +2,7 @@ description: Welcome to the wiki page for the sing-box project. --- -# Home +# :material-home: Home Welcome to the wiki page for the sing-box project. diff --git a/docs/index.zh.md b/docs/index.zh.md index 2453bb73b4..72877118f3 100644 --- a/docs/index.zh.md +++ b/docs/index.zh.md @@ -2,7 +2,7 @@ description: 欢迎来到该 sing-box 项目的文档页。 --- -# 开始 +# :material-home: 开始 欢迎来到该 sing-box 项目的文档页。 diff --git a/docs/installation/build-from-source.md b/docs/installation/build-from-source.md new file mode 100644 index 0000000000..0ac7169a14 --- /dev/null +++ b/docs/installation/build-from-source.md @@ -0,0 +1,63 @@ +--- +icon: material/file-code +--- + +# Build from source + +## :material-graph: Requirements + +Before sing-box 1.4.0: + +* Go 1.18.5 - 1.20.x + +Since sing-box 1.4.0: + +* Go 1.18.5 - ~ +* Go 1.20.0 - ~ if `with_quic` tag enabled + +You can download and install Go from: https://go.dev/doc/install, latest version is recommended. + +## :material-fast-forward: Simple Build + +```bash +make +``` + +Or build and install binary to `GOBIN`: + +```bash +make install +``` + +## :material-cog: Custom Build + +```bash +TAGS="tag_a tag_b" make +``` + +or + +```bash +go build -tags "tag_a tag_b" ./cmd/sing-box +``` + +## :material-folder-settings: Build Tags + +| Build Tag | Enabled by default | Description | +|------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `with_quic` | ✔ | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). | +| `with_grpc` | ✖️ | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | +| `with_dhcp` | ✔ | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). | +| `with_wireguard` | ✔ | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). | +| `with_ech` | ✔ | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). | +| `with_utls` | ✔ | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | +| `with_reality_server` | ✔ | Build with reality TLS server support, see [TLS](/configuration/shared/tls). | +| `with_acme` | ✔ | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). | +| `with_clash_api` | ✔ | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | +| `with_v2ray_api` | ✖️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | +| `with_gvisor` | ✔ | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). | +| `with_embedded_tor` (CGO required) | ✖️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). | +| `with_lwip` (CGO required) | ✖️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | + + +It is not recommended to change the default build tag list unless you really know what you are adding. diff --git a/docs/installation/clients/sfa.md b/docs/installation/clients/sfa.md deleted file mode 100644 index 54b4f3e553..0000000000 --- a/docs/installation/clients/sfa.md +++ /dev/null @@ -1,23 +0,0 @@ -# SFA - -Experimental Android client for sing-box. - -#### Requirements - -* Android 5.0+ - -#### Download - -* [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa) -* [Github Releases](https://github.com/SagerNet/sing-box/releases) - -#### Note - -* User Agent in remote profile request is `SFA/$version ($version_code; sing-box $sing_box_version)` -* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory) -* Crash logs is located in `$working_directory/stderr.log` - -#### Privacy policy - -* SFA did not collect or share personal data. -* The data generated by the software is always on your device. diff --git a/docs/installation/clients/sfa.zh.md b/docs/installation/clients/sfa.zh.md deleted file mode 100644 index 7dfe63352e..0000000000 --- a/docs/installation/clients/sfa.zh.md +++ /dev/null @@ -1,23 +0,0 @@ -# SFA - -实验性的 Android sing-box 客户端。 - -#### 要求 - -* Android 5.0+ - -#### 下载 - -* [AppCenter](https://install.appcenter.ms/users/nekohasekai/apps/sfa/distribution_groups/publictest) -* [Github Releases](https://github.com/SagerNet/sing-box/releases) - -#### 注意事项 - -* 远程配置文件请求中的 User Agent 为 `SFA/$version ($version_code; sing-box $sing_box_version)` -* 工作目录位于 `/sdcard/Android/data/io.nekohasekai.sfa/files` (外部文件目录) -* 崩溃日志位于 `$working_directory/stderr.log` - -#### 隐私政策 - -* SFA 不收集或共享个人数据。 -* 软件生成的数据始终在您的设备上。 diff --git a/docs/installation/clients/sfi.md b/docs/installation/clients/sfi.md deleted file mode 100644 index 35c15c918b..0000000000 --- a/docs/installation/clients/sfi.md +++ /dev/null @@ -1,23 +0,0 @@ -# SFI - -Experimental iOS client for sing-box. - -#### Requirements - -* iOS 15.0+ -* An Apple account outside of mainland China - -#### Download - -* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673) -* [TestFlight](https://testflight.apple.com/join/AcqO44FH) - -#### Note - -* User Agent in remote profile request is `SFI/$version ($version_code; sing-box $sing_box_version)` -* Crash logs is located in `Settings` -> `View Service Log` - -#### Privacy policy - -* SFI did not collect or share personal data. -* The data generated by the software is always on your device. diff --git a/docs/installation/clients/sfi.zh.md b/docs/installation/clients/sfi.zh.md deleted file mode 100644 index 90c3845f4f..0000000000 --- a/docs/installation/clients/sfi.zh.md +++ /dev/null @@ -1,23 +0,0 @@ -# SFI - -实验性的 iOS sing-box 客户端。 - -#### 要求 - -* iOS 15.0+ -* 一个非中国大陆地区的 Apple 账号 - -#### 下载 - -* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673) -* [TestFlight](https://testflight.apple.com/join/AcqO44FH) - -#### 注意事项 - -* 远程配置文件请求中的 User Agent 为 `SFI/$version ($version_code; sing-box $sing_box_version)` -* 崩溃日志位于 `Settings` -> `View Service Log` - -#### 隐私政策 - -* SFI 不收集或共享个人数据。 -* 软件生成的数据始终在您的设备上。 diff --git a/docs/installation/clients/sfm.md b/docs/installation/clients/sfm.md deleted file mode 100644 index 8d2237c0a6..0000000000 --- a/docs/installation/clients/sfm.md +++ /dev/null @@ -1,29 +0,0 @@ -# SFM - -Experimental macOS client for sing-box. - -#### Requirements - -* macOS 13.0+ -* An Apple account outside of mainland China (App Store Version) - -#### Download (App Store Version) - -* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673) -* [TestFlight](https://testflight.apple.com/join/AcqO44FH) - -#### Download (Independent Version) - -* [GitHub Release](https://github.com/SagerNet/sing-box/releases/latest) -* Homebrew (Cask): `brew install sfm` -* Homebrew (Tap): `brew tap sagernet/sing-box && brew install sagernet/sing-box/sfm` - -#### Note - -* User Agent in remote profile request is `SFM/$version ($version_code; sing-box $sing_box_version)` -* Crash logs is located in `Settings` -> `View Service Log` - -#### Privacy policy - -* SFM did not collect or share personal data. -* The data generated by the software is always on your device. diff --git a/docs/installation/clients/sfm.zh.md b/docs/installation/clients/sfm.zh.md deleted file mode 100644 index a6e42b8186..0000000000 --- a/docs/installation/clients/sfm.zh.md +++ /dev/null @@ -1,29 +0,0 @@ -# SFM - -实验性的 macOS sing-box 客户端。 - -#### 要求 - -* macOS 13.0+ -* 一个非中国大陆地区的 Apple 账号 (商店版本) - -#### 下载 (商店版本) - -* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673) -* [TestFlight](https://testflight.apple.com/join/AcqO44FH) - -#### 下载 (独立版本) - -* [GitHub Release](https://github.com/SagerNet/sing-box/releases/latest) -* Homebrew (Cask): `brew install sfm` -* Homebrew (Tap): `brew tap sagernet/sing-box && brew install sagernet/sing-box/sfm` - -#### 注意事项 - -* 远程配置文件请求中的 User Agent 为 `SFM/$version ($version_code; sing-box $sing_box_version)` -* 崩溃日志位于 `Settings` -> `View Service Log` - -#### 隐私政策 - -* SFM 不收集或共享个人数据。 -* 软件生成的数据始终在您的设备上。 diff --git a/docs/installation/clients/sft.md b/docs/installation/clients/sft.md deleted file mode 100644 index b05bc07edf..0000000000 --- a/docs/installation/clients/sft.md +++ /dev/null @@ -1,30 +0,0 @@ -# SFT - -Experimental Apple tvOS client for sing-box. - -#### Requirements - -* tvOS 17.0+ - -#### Download - -* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673) -* [TestFlight](https://testflight.apple.com/join/AcqO44FH) - -#### Features - -Full functionality, except for: - -* Only remote configuration files can be created manually -* You need to update SFI to the latest version to import profiles from iPhone/iPad -* No iCloud profile support - -#### Note - -* User Agent in remote profile request is `SFT/$version ($version_code; sing-box $sing_box_version)` -* Crash logs is located in `Settings` -> `View Service Log` - -#### Privacy policy - -* SFT did not collect or share personal data. -* The data generated by the software is always on your device. diff --git a/docs/installation/clients/sft.zh.md b/docs/installation/clients/sft.zh.md deleted file mode 100644 index 239d76e2e1..0000000000 --- a/docs/installation/clients/sft.zh.md +++ /dev/null @@ -1,31 +0,0 @@ -# SFI - -实验性的 Apple tvOS sing-box 客户端。 - -#### 要求 - -* tvOS 17.0+ -* 一个非中国大陆地区的 Apple 账号 - -#### 下载 - -* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673) -* [TestFlight](https://testflight.apple.com/join/AcqO44FH) - -#### 特性 - -完整的功能,除了: - -* 只能手动创建远程配置文件 -* 您需要将 SFI 更新到最新版本才能从 iPhone/iPad 导入配置文件 -* 没有 iCloud 配置文件支持 - -#### 注意事项 - -* 远程配置文件请求中的 User Agent 为 `SFT/$version ($version_code; sing-box $sing_box_version)` -* 崩溃日志位于 `Settings` -> `View Service Log` - -#### 隐私政策 - -* SFT 不收集或共享个人数据。 -* 软件生成的数据始终在您的设备上。 diff --git a/docs/installation/clients/specification.md b/docs/installation/clients/specification.md deleted file mode 100644 index ec36dd78cf..0000000000 --- a/docs/installation/clients/specification.md +++ /dev/null @@ -1,25 +0,0 @@ -# Specification - -## Profile - -Profile defines a sing-box configuration with metadata in a GUI client. - -## Profile Types - -### Local - -Create a empty configuration or import from a local file. - -### iCloud (on Apple platforms) - -Create a new configuration or use an existing configuration on iCloud. - -### Remote - -Use a remote URL as the configuration source, with HTTP basic authentication and automatic update support. - -#### URL specification - -``` -sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName -``` \ No newline at end of file diff --git a/docs/installation/docker.md b/docs/installation/docker.md new file mode 100644 index 0000000000..ae1682dd70 --- /dev/null +++ b/docs/installation/docker.md @@ -0,0 +1,31 @@ +--- +icon: material/docker +--- + +# Docker + +## :material-console: Command + +```bash +docker run -d \ + -v /etc/sing-box:/etc/sing-box/ \ + --name=sing-box \ + --restart=always \ + ghcr.io/sagernet/sing-box \ + -D /var/lib/sing-box \ + -C /etc/sing-box/ run +``` + +## :material-box-shadow: Compose + +```yaml +version: "3.8" +services: + sing-box: + image: ghcr.io/sagernet/sing-box + container_name: sing-box + restart: always + volumes: + - /etc/sing-box:/etc/sing-box/ + command: -D /var/lib/sing-box -C /etc/sing-box/ run +``` diff --git a/docs/installation/from-source.md b/docs/installation/from-source.md deleted file mode 100644 index da0ffc02d8..0000000000 --- a/docs/installation/from-source.md +++ /dev/null @@ -1,50 +0,0 @@ -# Install from source - -## Requirements - -Before sing-box 1.4.0: - -* Go 1.18.5 - 1.20.x - -Since sing-box 1.4.0: - -* Go 1.18.5 - ~ -* Go 1.20.0 - ~ if `with_quic` tag enabled - -## Installation - -```bash -go install -v github.com/sagernet/sing-box/cmd/sing-box@latest -``` - -Install with options: - -```bash -go install -v -tags with_quic,with_wireguard github.com/sagernet/sing-box/cmd/sing-box@latest -``` - -| Build Tag | Description | -|------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `with_quic` | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). | -| `with_grpc` | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | -| `with_dhcp` | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). | -| `with_wireguard` | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). | -| `with_shadowsocksr` | Build with ShadowsocksR support, see [ShadowsocksR outbound](/configuration/outbound/shadowsocksr). | -| `with_ech` | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). | -| `with_utls` | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | -| `with_reality_server` | Build with reality TLS server support, see [TLS](/configuration/shared/tls). | -| `with_acme` | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). | -| `with_clash_api` | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | -| `with_v2ray_api` | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | -| `with_gvisor` | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). | -| `with_embedded_tor` (CGO required) | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). | -| `with_lwip` (CGO required) | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | - -The binary is built under $GOPATH/bin - -```bash -sing-box version -``` - -It is also recommended to use systemd to manage sing-box service, -see [Linux server installation example](/examples/linux-server-installation). \ No newline at end of file diff --git a/docs/installation/from-source.zh.md b/docs/installation/from-source.zh.md deleted file mode 100644 index fbcb9ba827..0000000000 --- a/docs/installation/from-source.zh.md +++ /dev/null @@ -1,39 +0,0 @@ -# 从源代码安装 - -sing-box 需要 Golang **1.18.5** 或更高版本。 - -```bash -go install -v github.com/sagernet/sing-box/cmd/sing-box@latest -``` - -自定义安装: - -```bash -go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@latest -``` - -| 构建标志 | 描述 | -|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `with_quic` | 启用 QUIC 支持,参阅 [QUIC 和 HTTP3 DNS 传输层](/configuration/dns/server),[Naive 入站](/configuration/inbound/naive),[Hysteria 入站](/configuration/inbound/hysteria),[Hysteria 出站](/configuration/outbound/hysteria) 和 [V2Ray 传输层#QUIC](/configuration/shared/v2ray-transport#quic)。 | -| `with_grpc` | 启用标准 gRPC 支持,参阅 [V2Ray 传输层#gRPC](/configuration/shared/v2ray-transport#grpc)。 | -| `with_dhcp` | 启用 DHCP 支持,参阅 [DHCP DNS 传输层](/configuration/dns/server)。 | -| `with_wireguard` | 启用 WireGuard 支持,参阅 [WireGuard 出站](/configuration/outbound/wireguard)。 | -| `with_shadowsocksr` | 启用 ShadowsocksR 支持,参阅 [ShadowsocksR 出站](/configuration/outbound/shadowsocksr)。 | -| `with_ech` | 启用 TLS ECH 扩展支持,参阅 [TLS](/configuration/shared/tls#ech)。 | -| `with_utls` | 启用 [uTLS](https://github.com/refraction-networking/utls) 支持,参阅 [TLS](/configuration/shared/tls#utls)。 | -| `with_reality_server` | 启用 reality TLS 服务器支持,参阅 [TLS](/configuration/shared/tls)。 | -| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](/configuration/shared/tls)。 | -| `with_clash_api` | 启用 Clash API 支持,参阅 [实验性](/configuration/experimental#clash-api-fields)。 | -| `with_v2ray_api` | 启用 V2Ray API 支持,参阅 [实验性](/configuration/experimental#v2ray-api-fields)。 | -| `with_gvisor` | 启用 gVisor 支持,参阅 [Tun 入站](/configuration/inbound/tun#stack) 和 [WireGuard 出站](/configuration/outbound/wireguard#system_interface)。 | -| `with_embedded_tor` (需要 CGO) | 启用 嵌入式 Tor 支持,参阅 [Tor 出站](/configuration/outbound/tor)。 | -| `with_lwip` (需要 CGO) | 启用 LWIP Tun 栈支持,参阅 [Tun 入站](/configuration/inbound/tun#stack)。 | - -二进制文件将被构建在 `$GOPATH/bin` 下。 - -```bash -sing-box version -``` - -同时推荐使用 systemd 来管理 sing-box 服务器实例。 -参阅 [Linux 服务器安装示例](/examples/linux-server-installation)。 \ No newline at end of file diff --git a/docs/installation/package-manager.md b/docs/installation/package-manager.md new file mode 100644 index 0000000000..6ce1669d02 --- /dev/null +++ b/docs/installation/package-manager.md @@ -0,0 +1,90 @@ +--- +icon: material/package +--- + +# Package Manager + +## :material-download-box: Manual Installation + +=== ":material-debian: Debian / DEB" + + ```bash + bash <(curl -fsSL https://sing-box.app/deb-install.sh) + ``` + +=== ":material-redhat: Redhat / RPM" + + ```bash + bash <(curl -fsSL https://sing-box.app/rpm-install.sh) + ``` + +=== ":simple-archlinux: Archlinux / PKG" + + ```bash + bash <(curl -fsSL https://sing-box.app/arch-install.sh) + ``` + +## :material-book-lock-open: Managed Installation + +=== ":material-linux: Linux" + + | Type | Platform | Link | Command | Actively maintained | + |----------|--------------------|---------------------|------------------------------|---------------------| + | AUR | (Linux) Arch Linux | [sing-box][aur] ᴬᵁᴿ | `? -S sing-box` | :material-check: | + | nixpkgs | (Linux) NixOS | [sing-box][nixpkgs] | `nix-env -iA nixos.sing-box` | :material-check: | + | Homebrew | macOS / Linux | [sing-box][brew] | `brew install sing-box` | :material-check: | + | Alpine | (Linux) Alpine | [sing-box][alpine] | `apk add sing-box` | :material-alert: | + +=== ":material-apple: macOS" + + | Type | Platform | Link | Command | Actively maintained | + |----------|---------------|------------------|-------------------------|---------------------| + | Homebrew | macOS / Linux | [sing-box][brew] | `brew install sing-box` | :material-check: | + +=== ":material-microsoft-windows: Windows" + + | Type | Platform | Link | Command | Actively maintained | + |------------|--------------------|---------------------|------------------------------|---------------------| + | Scoop | Windows | [sing-box][scoop] | `scoop install sing-box` | :material-check: | + | Chocolatey | Windows | [sing-box][choco] | `choco install sing-box` | :material-check: | + | winget | Windows | [sing-box][winget] | `winget install sing-box` | :material-alert: | + +=== ":material-android: Android" + + | Type | Platform | Link | Command | Actively maintained | + |------------|--------------------|---------------------|------------------------------|---------------------| + | Termux | Android | [sing-box][termux] | `pkg add sing-box` | :material-check: | + +## :material-book-multiple: Service Management + +For Linux systems with [systemd][systemd], usually the installation already includes a sing-box service, +you can manage the service using the following command: + +| Operation | Command | +|-----------|-----------------------------------------------| +| Enable | `sudo systemctl enable sing-box` | +| Disable | `sudo systemctl disable sing-box` | +| Start | `sudo systemctl start sing-box` | +| Stop | `sudo systemctl stop sing-box` | +| Kill | `sudo systemctl kill sing-box` | +| Restart | `sudo systemctl restart sing-box` | +| Logs | `sudo journalctl -u sing-box --output cat -e` | +| New Logs | `sudo journalctl -u sing-box --output cat -f` | + +[alpine]: https://pkgs.alpinelinux.org/packages?name=sing-box + +[aur]: https://aur.archlinux.org/packages/sing-box + +[nixpkgs]: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/networking/sing-box/default.nix + +[termux]: https://github.com/termux/termux-packages/tree/master/packages/sing-box + +[brew]: https://formulae.brew.sh/formula/sing-box + +[choco]: https://chocolatey.org/packages/sing-box + +[scoop]: https://github.com/ScoopInstaller/Main/blob/master/bucket/sing-box.json + +[winget]: https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/SagerNet/sing-box + +[systemd]: https://systemd.io/ \ No newline at end of file diff --git a/docs/installation/package-manager/android.md b/docs/installation/package-manager/android.md deleted file mode 100644 index 1177b86b3a..0000000000 --- a/docs/installation/package-manager/android.md +++ /dev/null @@ -1,7 +0,0 @@ -# Android - -## Termux - -```shell -pkg add sing-box -``` diff --git a/docs/installation/package-manager/macOS.md b/docs/installation/package-manager/macOS.md deleted file mode 100644 index f0192b5a6c..0000000000 --- a/docs/installation/package-manager/macOS.md +++ /dev/null @@ -1,14 +0,0 @@ -# macOS - -## Homebrew (core) - -```shell -brew install sing-box -``` - -## Homebrew (Tap) - -```shell -brew tap sagernet/sing-box -brew install sagernet/sing-box/sing-box -``` \ No newline at end of file diff --git a/docs/installation/package-manager/windows.md b/docs/installation/package-manager/windows.md deleted file mode 100644 index 46e078b93f..0000000000 --- a/docs/installation/package-manager/windows.md +++ /dev/null @@ -1,13 +0,0 @@ -# Windows - -## Chocolatey - -```shell -choco install sing-box -``` - -## winget - -```shell -winget install sing-box -``` \ No newline at end of file diff --git a/docs/installation/scripts/arch-install.sh b/docs/installation/scripts/arch-install.sh new file mode 100644 index 0000000000..50ce57679d --- /dev/null +++ b/docs/installation/scripts/arch-install.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e -o pipefail + +ARCH_RAW=$(uname -m) +case "${ARCH_RAW}" in + 'x86_64') ARCH='amd64';; + 'x86' | 'i686' | 'i386') ARCH='386';; + 'aarch64' | 'arm64') ARCH='arm64';; + 'armv7l') ARCH='armv7';; + 's390x') ARCH='s390x';; + *) echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;; +esac + +VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \ + | grep tag_name \ + | cut -d ":" -f2 \ + | sed 's/\"//g;s/\,//g;s/\ //g;s/v//') + +curl -Lo sing-box.pkg.tar.zst "https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.pkg.tar.zst" +sudo pacman -U sing-box.pkg.tar.zst +rm sing-box.pkg.tar.zst diff --git a/docs/installation/scripts/deb-install.sh b/docs/installation/scripts/deb-install.sh new file mode 100644 index 0000000000..587b6f61ba --- /dev/null +++ b/docs/installation/scripts/deb-install.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e -o pipefail + +ARCH_RAW=$(uname -m) +case "${ARCH_RAW}" in + 'x86_64') ARCH='amd64';; + 'x86' | 'i686' | 'i386') ARCH='386';; + 'aarch64' | 'arm64') ARCH='arm64';; + 'armv7l') ARCH='armv7';; + 's390x') ARCH='s390x';; + *) echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;; +esac + +VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \ + | grep tag_name \ + | cut -d ":" -f2 \ + | sed 's/\"//g;s/\,//g;s/\ //g;s/v//') + +curl -Lo sing-box.deb "https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.deb" +sudo dpkg -i sing-box.deb +rm sing-box.deb + diff --git a/docs/installation/scripts/rpm-install.sh b/docs/installation/scripts/rpm-install.sh new file mode 100644 index 0000000000..fc3d731400 --- /dev/null +++ b/docs/installation/scripts/rpm-install.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e -o pipefail + +ARCH_RAW=$(uname -m) +case "${ARCH_RAW}" in + 'x86_64') ARCH='amd64';; + 'x86' | 'i686' | 'i386') ARCH='386';; + 'aarch64' | 'arm64') ARCH='arm64';; + 'armv7l') ARCH='armv7';; + 's390x') ARCH='s390x';; + *) echo "Unsupported architecture: ${ARCH_RAW}"; exit 1;; +esac + +VERSION=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \ + | grep tag_name \ + | cut -d ":" -f2 \ + | sed 's/\"//g;s/\,//g;s/\ //g;s/v//') + +curl -Lo sing-box.rpm "https://github.com/SagerNet/sing-box/releases/download/v${VERSION}/sing-box_${VERSION}_linux_${ARCH}.rpm" +sudo rpm -i sing-box.rpm +rm sing-box.rpm diff --git a/docs/manual/proxy-protocol/hysteria2.md b/docs/manual/proxy-protocol/hysteria2.md new file mode 100644 index 0000000000..9cc07e6f12 --- /dev/null +++ b/docs/manual/proxy-protocol/hysteria2.md @@ -0,0 +1,211 @@ +--- +icon: material/lightning-bolt +--- + +# Hysteria 2 + +The most popular Chinese-made simple protocol based on QUIC, the selling point is Brutal, +a congestion control algorithm that can resist packet loss by manually specifying the required rate by the user. + +!!! warning + + Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies. + +| Specification | Binary Characteristics | Active Detect Hiddenness | +|---------------------------------------------------------------------------|------------------------|--------------------------| +| [hysteria.network](https://v2.hysteria.network/docs/developers/Protocol/) | :material-alert: | :material-check: | + +## :material-text-box-check: Password Generator + +| Generate Password | Action | +|----------------------------|-----------------------------------------------------------------| +| | | + + + +## :material-alert: Difference from official Hysteria + +The official program supports an authentication method called **userpass**, +which essentially uses a combination of `:` as the actual password, +while sing-box does not provide this alias. +To use sing-box with the official program, you need to fill in that combination as the actual password. + +## :material-server: Server Example + +!!! info "" + + Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your server. + +=== ":material-harddisk: With local certificate" + + ```json + { + "inbounds": [ + { + "type": "hysteria2", + "listen": "::", + "listen_port": 8080, + "up_mbps": 100, + "down_mbps": 100, + "users": [ + { + "name": "sekai", + "password": "" + } + ], + "tls": { + "enabled": true, + "server_name": "example.org", + "key_path": "/path/to/key.pem", + "certificate_path": "/path/to/certificate.pem" + } + } + ] + } + ``` + +=== ":material-auto-fix: With ACME" + + ```json + { + "inbounds": [ + { + "type": "hysteria2", + "listen": "::", + "listen_port": 8080, + "up_mbps": 100, + "down_mbps": 100, + "users": [ + { + "name": "sekai", + "password": "" + } + ], + "tls": { + "enabled": true, + "server_name": "example.org", + "acme": { + "domain": "example.org", + "email": "admin@example.org" + } + } + } + ] + } + ``` + +=== ":material-cloud: With ACME and Cloudflare API" + + ```json + { + "inbounds": [ + { + "type": "hysteria2", + "listen": "::", + "listen_port": 8080, + "up_mbps": 100, + "down_mbps": 100, + "users": [ + { + "name": "sekai", + "password": "" + } + ], + "tls": { + "enabled": true, + "server_name": "example.org", + "acme": { + "domain": "example.org", + "email": "admin@example.org", + "dns01_challenge": { + "provider": "cloudflare", + "api_token": "my_token" + } + } + } + } + ] + } + ``` + +## :material-cellphone-link: Client Example + +!!! info "" + + Replace `up_mbps` and `down_mbps` values with the actual bandwidth of your client. + +=== ":material-web-check: With valid certificate" + + ```json + { + "outbounds": [ + { + "type": "hysteria2", + "server": "127.0.0.1", + "server_port": 8080, + "up_mbps": 100, + "down_mbps": 100, + "password": "", + "tls": { + "enabled": true, + "server_name": "example.org" + } + } + ] + } + ``` + +=== ":material-check: With self-sign certificate" + + !!! info "Tip" + + Use `sing-box merge` command to merge configuration and certificate into one file. + + ```json + { + "outbounds": [ + { + "type": "hysteria2", + "server": "127.0.0.1", + "server_port": 8080, + "up_mbps": 100, + "down_mbps": 100, + "password": "", + "tls": { + "enabled": true, + "server_name": "example.org", + "certificate_path": "/path/to/certificate.pem" + } + } + ] + } + ``` + +=== ":material-alert: Ignore certificate verification" + + ```json + { + "outbounds": [ + { + "type": "hysteria2", + "server": "127.0.0.1", + "server_port": 8080, + "up_mbps": 100, + "down_mbps": 100, + "password": "", + "tls": { + "enabled": true, + "server_name": "example.org", + "insecure": true + } + } + ] + } + ``` diff --git a/docs/manual/proxy-protocol/shadowsocks.md b/docs/manual/proxy-protocol/shadowsocks.md new file mode 100644 index 0000000000..be0bc20800 --- /dev/null +++ b/docs/manual/proxy-protocol/shadowsocks.md @@ -0,0 +1,126 @@ +--- +icon: material/send +--- + +# Shadowsocks + +As the most well-known Chinese-made proxy protocol, +Shadowsocks exists in multiple versions, +but only AEAD 2022 ciphers TCP with multiplexing is recommended. + +| Ciphers | Specification | Cryptographic Security | Binary Characteristics | Active Detect Hiddenness | +|----------------|------------------------------------------------------------|------------------------|------------------------|--------------------------| +| Stream Ciphers | [shadowsocks.org](https://shadowsocks.org/doc/stream.html) | :material-alert: | :material-alert: | :material-alert: | +| AEAD | [shadowsocks.org](https://shadowsocks.org/doc/aead.html) | :material-check: | :material-alert: | :material-alert: | +| AEAD 2022 | [shadowsocks.org](https://shadowsocks.org/doc/sip022.html) | :material-check: | :material-check: | :material-help: | + +## :material-text-box-check: Password Generator + +| For `2022-blake3-aes-128-gcm` cipher | For other ciphers | Action | +|--------------------------------------|-------------------------------|-----------------------------------------------------------------| +| | | | + + + +## :material-server: Server Example + +!!! info "" + + Password of cipher `2022-blake3-aes-128-gcm` can be generated by command `sing-box generate rand 16 --base64` + +=== ":material-account: Single-user" + + ```json + { + "inbounds": [ + { + "type": "shadowsocks", + "listen": "::", + "listen_port": 8080, + "network": "tcp", + "method": "2022-blake3-aes-128-gcm", + "password": "", + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +=== ":material-account-multiple: Multi-user" + + ```json + { + "inbounds": [ + { + "type": "shadowsocks", + "listen": "::", + "listen_port": 8080, + "network": "tcp", + "method": "2022-blake3-aes-128-gcm", + "password": "", + "users": [ + { + "name": "sekai", + "password": "" + } + ], + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +## :material-cellphone-link: Client Example + +=== ":material-account: Single-user" + + ```json + { + "outbounds": [ + { + "type": "shadowsocks", + "server": "127.0.0.1", + "server_port": 8080, + "method": "2022-blake3-aes-128-gcm", + "password": "", + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +=== ":material-account-multiple: Multi-user" + + ```json + { + "outbounds": [ + { + "type": "shadowsocks", + "server": "127.0.0.1", + "server_port": 8080, + "method": "2022-blake3-aes-128-gcm", + "password": ":", + "multiplex": { + "enabled": true + } + } + ] + } + ``` diff --git a/docs/manual/proxy-protocol/trojan.md b/docs/manual/proxy-protocol/trojan.md new file mode 100644 index 0000000000..4c2e16f17e --- /dev/null +++ b/docs/manual/proxy-protocol/trojan.md @@ -0,0 +1,214 @@ +--- +icon: material/horse +--- + +# Trojan + +As the most commonly used TLS proxy made in China, Trojan can be used in various combinations, +but only the combination of uTLS and multiplexing is recommended. + +| Protocol and implementation combination | Specification | Binary Characteristics | Active Detect Hiddenness | +|-----------------------------------------|----------------------------------------------------------------------|------------------------|--------------------------| +| Origin / trojan-gfw | [trojan-gfw.github.io](https://trojan-gfw.github.io/trojan/protocol) | :material-check: | :material-check: | +| Basic Go implementation | / | :material-alert: | :material-check: | +| with privates transport by V2Ray | No formal definition | :material-alert: | :material-alert: | +| with uTLS enabled | No formal definition | :material-help: | :material-check: | + +## :material-text-box-check: Password Generator + +| Generate Password | Action | +|----------------------------|-----------------------------------------------------------------| +| | | + + + +## :material-server: Server Example + +=== ":material-harddisk: With local certificate" + + ```json + { + "inbounds": [ + { + "type": "trojan", + "listen": "::", + "listen_port": 8080, + "users": [ + { + "name": "example", + "password": "password" + } + ], + "tls": { + "enabled": true, + "server_name": "example.org", + "key_path": "/path/to/key.pem", + "certificate_path": "/path/to/certificate.pem" + }, + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +=== ":material-auto-fix: With ACME" + + ```json + { + "inbounds": [ + { + "type": "trojan", + "listen": "::", + "listen_port": 8080, + "users": [ + { + "name": "example", + "password": "password" + } + ], + "tls": { + "enabled": true, + "server_name": "example.org", + "acme": { + "domain": "example.org", + "email": "admin@example.org" + } + }, + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +=== ":material-cloud: With ACME and Cloudflare API" + + ```json + { + "inbounds": [ + { + "type": "trojan", + "listen": "::", + "listen_port": 8080, + "users": [ + { + "name": "example", + "password": "password" + } + ], + "tls": { + "enabled": true, + "server_name": "example.org", + "acme": { + "domain": "example.org", + "email": "admin@example.org", + "dns01_challenge": { + "provider": "cloudflare", + "api_token": "my_token" + } + } + }, + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +## :material-cellphone-link: Client Example + +=== ":material-web-check: With valid certificate" + + ```json + { + "outbounds": [ + { + "type": "trojan", + "server": "127.0.0.1", + "server_port": 8080, + "password": "password", + "tls": { + "enabled": true, + "server_name": "example.org", + "utls": { + "enabled": true, + "fingerprint": "firefox" + } + }, + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +=== ":material-check: With self-sign certificate" + + !!! info "Tip" + + Use `sing-box merge` command to merge configuration and certificate into one file. + + ```json + { + "outbounds": [ + { + "type": "trojan", + "server": "127.0.0.1", + "server_port": 8080, + "password": "password", + "tls": { + "enabled": true, + "server_name": "example.org", + "certificate_path": "/path/to/certificate.pem", + "utls": { + "enabled": true, + "fingerprint": "firefox" + } + }, + "multiplex": { + "enabled": true + } + } + ] + } + ``` + +=== ":material-alert: Ignore certificate verification" + + ```json + { + "outbounds": [ + { + "type": "trojan", + "server": "127.0.0.1", + "server_port": 8080, + "password": "password", + "tls": { + "enabled": true, + "server_name": "example.org", + "insecure": true, + "utls": { + "enabled": true, + "fingerprint": "firefox" + } + }, + "multiplex": { + "enabled": true + } + } + ] + } + ``` + diff --git a/docs/manual/proxy-protocol/tuic.md b/docs/manual/proxy-protocol/tuic.md new file mode 100644 index 0000000000..a2e01d882b --- /dev/null +++ b/docs/manual/proxy-protocol/tuic.md @@ -0,0 +1,208 @@ +--- +icon: material/alpha-t-box +--- + +# TUIC + +A recently popular Chinese-made simple protocol based on QUIC, the selling point is the BBR congestion control algorithm. + +!!! warning + + Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more characteristics than TCP based proxies. + +| Specification | Binary Characteristics | Active Detect Hiddenness | +|-----------------------------------------------------------|------------------------|--------------------------| +| [GitHub](https://github.com/EAimTY/tuic/blob/dev/SPEC.md) | :material-alert: | :material-check: | + +## Password Generator + +| Generated UUID | Generated Password | Action | +|------------------------|----------------------------|-----------------------------------------------------------------| +| | | | + + + +## :material-server: Server Example + +=== ":material-harddisk: With local certificate" + + ```json + { + "inbounds": [ + { + "type": "tuic", + "listen": "::", + "listen_port": 8080, + "users": [ + { + "name": "sekai", + "uuid": "", + "password": "" + } + ], + "congestion_control": "bbr", + "tls": { + "enabled": true, + "server_name": "example.org", + "key_path": "/path/to/key.pem", + "certificate_path": "/path/to/certificate.pem" + } + } + ] + } + ``` + +=== ":material-auto-fix: With ACME" + + ```json + { + "inbounds": [ + { + "type": "tuic", + "listen": "::", + "listen_port": 8080, + "users": [ + { + "name": "sekai", + "uuid": "", + "password": "" + } + ], + "congestion_control": "bbr", + "tls": { + "enabled": true, + "server_name": "example.org", + "acme": { + "domain": "example.org", + "email": "admin@example.org" + } + } + } + ] + } + ``` + +=== ":material-cloud: With ACME and Cloudflare API" + + ```json + { + "inbounds": [ + { + "type": "tuic", + "listen": "::", + "listen_port": 8080, + "users": [ + { + "name": "sekai", + "uuid": "", + "password": "" + } + ], + "congestion_control": "bbr", + "tls": { + "enabled": true, + "server_name": "example.org", + "acme": { + "domain": "example.org", + "email": "admin@example.org", + "dns01_challenge": { + "provider": "cloudflare", + "api_token": "my_token" + } + } + } + } + ] + } + ``` + +## :material-cellphone-link: Client Example + +=== ":material-web-check: With valid certificate" + + ```json + { + "outbounds": [ + { + "type": "tuic", + "server": "127.0.0.1", + "server_port": 8080, + "uuid": "", + "password": "", + "congestion_control": "bbr", + "tls": { + "enabled": true, + "server_name": "example.org" + } + } + ] + } + ``` + +=== ":material-check: With self-sign certificate" + + !!! info "Tip" + + Use `sing-box merge` command to merge configuration and certificate into one file. + + ```json + { + "outbounds": [ + { + "type": "tuic", + "server": "127.0.0.1", + "server_port": 8080, + "uuid": "", + "password": "", + "congestion_control": "bbr", + "tls": { + "enabled": true, + "server_name": "example.org", + "certificate_path": "/path/to/certificate.pem" + } + } + ] + } + ``` + +=== ":material-alert: Ignore certificate verification" + + ```json + { + "outbounds": [ + { + "type": "tuic", + "server": "127.0.0.1", + "server_port": 8080, + "uuid": "", + "password": "", + "congestion_control": "bbr", + "tls": { + "enabled": true, + "server_name": "example.org", + "insecure": true + } + } + ] + } + ``` + diff --git a/docs/manual/proxy/client.md b/docs/manual/proxy/client.md new file mode 100644 index 0000000000..675c2af095 --- /dev/null +++ b/docs/manual/proxy/client.md @@ -0,0 +1,287 @@ +--- +icon: material/cellphone-link +--- + +# Client + +### :material-ray-start: Introduction + +For a long time, the modern usage and principles of proxy clients +for graphical operating systems have not been clearly described. +However, we can categorize them into three types: +system proxy, firewall redirection, and virtual interface. + +### :material-web-refresh: System Proxy + +Almost all graphical environments support system-level proxies, +which are essentially ordinary HTTP proxies that only support TCP. + +| Operating System / Desktop Environment | System Proxy | Application Support | +|:---------------------------------------------|:-------------------------------------|:--------------------| +| Windows | :material-check: | :material-check: | +| macOS | :material-check: | :material-check: | +| GNOME/KDE | :material-check: | :material-check: | +| Android | ROOT or adb (permission) is required | :material-check: | +| Android/iOS (with sing-box graphical client) | via `tun.platform.http_proxy` | :material-check: | + +As one of the most well-known proxy methods, it has many shortcomings: +many TCP clients that are not based on HTTP do not check and use the system proxy. +Moreover, UDP and ICMP traffics bypass the proxy. + +```mermaid +flowchart LR + dns[DNS query] -- Is HTTP request? --> proxy[HTTP proxy] + dns --> leak[Leak] + tcp[TCP connection] -- Is HTTP request? --> proxy + tcp -- Check and use HTTP CONNECT? --> proxy + tcp --> leak + udp[UDP packet] --> leak +``` + +### :material-wall-fire: Firewall Redirection + +This type of usage typically relies on the firewall or hook interface provided by the operating system, +such as Windows’ WFP, Linux’s redirect, TProxy and eBPF, and macOS’s pf. +Although it is intrusive and cumbersome to configure, +it remains popular within the community of amateur proxy open source projects like V2Ray, +due to the low technical requirements it imposes on the software. + +### :material-expansion-card: Virtual Interface + +All L2/L3 proxies (seriously defined VPNs, such as OpenVPN, WireGuard) are based on virtual network interfaces, +which is also the only way for all L4 proxies to work as VPNs on mobile platforms like Android, iOS. + +The sing-box inherits and develops clash-premium’s TUN inbound (L3 to L4 conversion) +as the most reasonable method for performing transparent proxying. + +```mermaid +flowchart TB + packet[IP Packet] + packet --> windows[Windows / macOS] + packet --> linux[Linux] + tun[TUN interface] + windows -. route .-> tun + linux -. iproute2 route/rule .-> tun + tun --> gvisor[gVisor TUN stack] + tun --> system[system TUN stack] + assemble([L3 to L4 assemble]) + gvisor --> assemble + system --> assemble + assemble --> conn[TCP and UDP connections] + conn --> router[sing-box Router] + router --> direct[Direct outbound] + router --> proxy[Proxy outbounds] + router -- DNS hijack --> dns_out[DNS outbound] + dns_out --> dns_router[DNS router] + dns_router --> router + direct --> adi([auto detect interface]) + proxy --> adi + adi --> default[Default network interface in the system] + default --> destination[Destination server] + default --> proxy_server[Proxy server] + proxy_server --> destination +``` + +## :material-cellphone-link: Examples + +### Basic TUN usage for Chinese users + +=== ":material-numeric-4-box: IPv4 only" + + ```json + { + "dns": { + "servers": [ + { + "tag": "google", + "address": "tls://8.8.8.8" + }, + { + "tag": "local", + "address": "223.5.5.5", + "detour": "direct" + } + ], + "rules": [ + { + "outbound": "any", + "server": "local" + } + ], + "strategy": "ipv4_only" + }, + "inbounds": [ + { + "type": "tun", + "inet4_address": "172.19.0.1/30", + "auto_route": true, + "strict_route": false + } + ], + "outbounds": [ + // ... + { + "type": "direct", + "tag": "direct" + }, + { + "type": "dns", + "tag": "dns-out" + } + ], + "route": { + "rules": [ + { + "protocol": "dns", + "outbound": "dns-out" + }, + { + "geoip": [ + "private" + ], + "outbound": "direct" + } + ], + "auto_detect_interface": true + } + } + ``` + +=== ":material-numeric-6-box: IPv4 & IPv6" + + ```json + { + "dns": { + "servers": [ + { + "tag": "google", + "address": "tls://8.8.8.8" + }, + { + "tag": "local", + "address": "223.5.5.5", + "detour": "direct" + } + ], + "rules": [ + { + "outbound": "any", + "server": "local" + } + ] + }, + "inbounds": [ + { + "type": "tun", + "inet4_address": "172.19.0.1/30", + "inet6_address": "fdfe:dcba:9876::1/126", + "auto_route": true, + "strict_route": false + } + ], + "outbounds": [ + // ... + { + "type": "direct", + "tag": "direct" + }, + { + "type": "dns", + "tag": "dns-out" + } + ], + "route": { + "rules": [ + { + "protocol": "dns", + "outbound": "dns-out" + }, + { + "geoip": [ + "private" + ], + "outbound": "direct" + } + ], + "auto_detect_interface": true + } + } + ``` + +=== ":material-domain-switch: FakeIP" + + ```json + { + "dns": { + "servers": [ + { + "tag": "google", + "address": "tls://8.8.8.8" + }, + { + "tag": "local", + "address": "223.5.5.5", + "detour": "direct" + }, + { + "tag": "remote", + "address": "fakeip" + } + ], + "rules": [ + { + "outbound": "any", + "server": "local" + }, + { + "query_type": [ + "A", + "AAAA" + ], + "server": "remote" + } + ], + "fakeip": { + "enabled": true, + "inet4_range": "198.18.0.0/15", + "inet6_range": "fc00::/18" + }, + "independent_cache": true + }, + "inbounds": [ + { + "type": "tun", + "inet4_address": "172.19.0.1/30", + "inet6_address": "fdfe:dcba:9876::1/126", + "auto_route": true, + "strict_route": true + } + ], + "outbounds": [ + // ... + { + "type": "direct", + "tag": "direct" + }, + { + "type": "dns", + "tag": "dns-out" + } + ], + "route": { + "rules": [ + { + "protocol": "dns", + "outbound": "dns-out" + }, + { + "geoip": [ + "private" + ], + "outbound": "direct" + } + ], + "auto_detect_interface": true + } + } + ``` \ No newline at end of file diff --git a/docs/manual/proxy/server.md b/docs/manual/proxy/server.md new file mode 100644 index 0000000000..4d2667e039 --- /dev/null +++ b/docs/manual/proxy/server.md @@ -0,0 +1,10 @@ +--- +icon: material/server +--- + +# Server + +To use sing-box as a proxy protocol server, you pretty much only need to configure the inbound for that protocol. + +The Proxy Protocol menu below contains descriptions and configuration examples +of recommended protocols for bypassing GFW. diff --git a/docs/manual/proxy/tun.md b/docs/manual/proxy/tun.md new file mode 100644 index 0000000000..65cfb1cfd1 --- /dev/null +++ b/docs/manual/proxy/tun.md @@ -0,0 +1,66 @@ +# :material-expansion-card: TUN + +## :material-text-box: Definition + +Refers to TUNnel, a virtual network device supported by the kernel. +It’s also used in sing-box to denote the extensive functionality surrounding TUN inbound: +including traffic assembly, automatic routing, and network and default interface monitoring. + +The following flow chart describes the minimal TUN-based transparent proxy process in sing-box: + +``` mermaid +flowchart LR + subgraph inbound [Inbound] + direction TB + packet[IP Packet] + packet --> windows[Windows / macOS] + packet --> linux[Linux] + tun[TUN interface] + windows -. route .-> tun + linux -. iproute2 route/rule .-> tun + tun --> gvisor[gVisor TUN stack] + tun --> system[system TUN stack] + assemble([L3 to L4 assemble]) + gvisor --> assemble + system --> assemble + assemble --> conn[TCP and UDP connections] + conn --> router[sing-box Router] + end + + subgraph outbound [Outbound] + direction TB + direct[Direct outbound] + proxy[Proxy outbounds] + direct --> adi([auto detect interface]) + proxy --> adi + adi --> default[Default network interface in the system] + default --> destination[Destination server] + default --> proxy_server[Proxy server] + proxy_server --> destination + end + + inbound --> outbound +``` + +## :material-help-box: How to + +A basic TUN-based transparent proxy configuration file includes: an TUN inbound, `route.auto_detect_interface`, like: + +```json +{ + "inbounds": [ + { + "type": "tun", + "inet4_address": "172.19.0.1/30", + "inet6_address": "fdfe:dcba:9876::1/126", + "auto_route": true, + "strict_route": true + } + ], + "route": { + "auto_detect_interface": true + } +} +``` + +TODO: finish this wiki \ No newline at end of file diff --git a/docs/support.md b/docs/support.md index 257b343992..9ddb4ecfff 100644 --- a/docs/support.md +++ b/docs/support.md @@ -1,4 +1,13 @@ -Github Issue: [Issues · SagerNet/sing-box](https://github.com/SagerNet/sing-box/issues) -Telegram Notification channel: [@yapnc](https://t.me/yapnc) -Telegram User group: [@yapug](https://t.me/yapug) -Email: [contact@sagernet.org](mailto:contact@sagernet.org) +--- +icon: material/forum +--- + +# Support + +| Channel | Link | +|:------------------------------|:--------------------------------------------| +| Community | https://community.sagernet.org | +| GitHub Issues | https://github.com/SagerNet/sing-box/issues | +| Telegram notification channel | https://t.me/yapnc | +| Telegram user group | https://t.me/yapug | +| Email | contact@sagernet.org | diff --git a/docs/support.zh.md b/docs/support.zh.md index 031bf6f9a4..eb07ea8292 100644 --- a/docs/support.zh.md +++ b/docs/support.zh.md @@ -1,4 +1,14 @@ -Github 工单: [Issues · SagerNet/sing-box](https://github.com/SagerNet/sing-box/issues) -Telegram 通知频道: [@yapnc](https://t.me/yapnc) -Telegram 用户组: [@yapug](https://t.me/yapug) -Email: [contact@sagernet.org](mailto:contact@sagernet.org) +--- +icon: material/forum +--- + +# 支持 + +| 通道 | 链接 | +|:--------------|:--------------------------------------------| +| 社区 | https://community.sagernet.org | +| GitHub Issues | https://github.com/SagerNet/sing-box/issues | +| Telegram 通知频道 | https://t.me/yapnc | +| Telegram 用户组 | https://t.me/yapug | +| 邮件 | contact@sagernet.org | + diff --git a/experimental/clashapi/cachefile/cache.go b/experimental/clashapi/cachefile/cache.go index 0b96fa5def..0911829749 100644 --- a/experimental/clashapi/cachefile/cache.go +++ b/experimental/clashapi/cachefile/cache.go @@ -1,6 +1,7 @@ package cachefile import ( + "context" "errors" "net/netip" "os" @@ -13,6 +14,7 @@ import ( "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing/common" E "github.com/sagernet/sing/common/exceptions" + "github.com/sagernet/sing/service/filemanager" ) var ( @@ -41,7 +43,7 @@ type CacheFile struct { saveMetadataTimer *time.Timer } -func Open(path string, cacheID string) (*CacheFile, error) { +func Open(ctx context.Context, path string, cacheID string) (*CacheFile, error) { const fileMode = 0o666 options := bbolt.Options{Timeout: time.Second} var ( @@ -67,6 +69,10 @@ func Open(path string, cacheID string) (*CacheFile, error) { if err != nil { return nil, err } + err = filemanager.Chown(ctx, path) + if err != nil { + return nil, E.Cause(err, "platform chown") + } var cacheIDBytes []byte if cacheID != "" { cacheIDBytes = append([]byte{0}, []byte(cacheID)...) diff --git a/experimental/clashapi/proxies.go b/experimental/clashapi/proxies.go index f312481c49..050efd8d17 100644 --- a/experimental/clashapi/proxies.go +++ b/experimental/clashapi/proxies.go @@ -2,7 +2,6 @@ package clashapi import ( "context" - "fmt" "net/http" "sort" "strconv" @@ -176,7 +175,7 @@ func updateProxy(w http.ResponseWriter, r *http.Request) { if !selector.SelectOutbound(req.Name) { render.Status(r, http.StatusBadRequest) - render.JSON(w, r, newError(fmt.Sprintf("Selector update error: not found"))) + render.JSON(w, r, newError("Selector update error: not found")) return } diff --git a/experimental/clashapi/server.go b/experimental/clashapi/server.go index 493d73972b..6a3d6f66f7 100644 --- a/experimental/clashapi/server.go +++ b/experimental/clashapi/server.go @@ -148,7 +148,7 @@ func NewServer(ctx context.Context, router adapter.Router, logFactory log.Observ func (s *Server) PreStart() error { if s.cacheFilePath != "" { - cacheFile, err := cachefile.Open(s.cacheFilePath, s.cacheID) + cacheFile, err := cachefile.Open(s.ctx, s.cacheFilePath, s.cacheID) if err != nil { return E.Cause(err, "open cache file") } diff --git a/experimental/clashapi/trafficontrol/manager.go b/experimental/clashapi/trafficontrol/manager.go index 17efe1abda..eac7aee4d8 100644 --- a/experimental/clashapi/trafficontrol/manager.go +++ b/experimental/clashapi/trafficontrol/manager.go @@ -70,9 +70,6 @@ func (m *Manager) Snapshot() *Snapshot { return true }) - //if memoryInfo, err := m.process.MemoryInfo(); err == nil { - // m.memory = memoryInfo.RSS - //} else { var memStats runtime.MemStats runtime.ReadMemStats(&memStats) m.memory = memStats.StackInuse + memStats.HeapInuse + memStats.HeapIdle - memStats.HeapReleased diff --git a/experimental/libbox/command_log.go b/experimental/libbox/command_log.go index ce72010dd0..da142657e6 100644 --- a/experimental/libbox/command_log.go +++ b/experimental/libbox/command_log.go @@ -60,11 +60,11 @@ func (s *CommandServer) handleLogConn(conn net.Conn) error { for element := s.savedLines.Front(); element != nil; element = element.Next() { savedLines = append(savedLines, element.Value) } - s.access.Unlock() subscription, done, err := s.observer.Subscribe() if err != nil { return err } + s.access.Unlock() defer s.observer.UnSubscribe(subscription) for _, line := range savedLines { err = writeLog(conn, []byte(line)) diff --git a/experimental/libbox/command_status.go b/experimental/libbox/command_status.go index dbf1ad2efa..7f1eca8c03 100644 --- a/experimental/libbox/command_status.go +++ b/experimental/libbox/command_status.go @@ -14,7 +14,6 @@ import ( type StatusMessage struct { Memory int64 - MemoryInuse int64 Goroutines int32 ConnectionsIn int32 ConnectionsOut int32 diff --git a/experimental/libbox/platform.go b/experimental/libbox/platform.go index b7418bd279..451a72a9e1 100644 --- a/experimental/libbox/platform.go +++ b/experimental/libbox/platform.go @@ -19,6 +19,7 @@ type PlatformInterface interface { UsePlatformInterfaceGetter() bool GetInterfaces() (NetworkInterfaceIterator, error) UnderNetworkExtension() bool + ReadWIFIState() *WIFIState ClearDNSCache() } @@ -38,6 +39,15 @@ type NetworkInterface struct { Addresses StringIterator } +type WIFIState struct { + SSID string + BSSID string +} + +func NewWIFIState(wifiSSID string, wifiBSSID string) *WIFIState { + return &WIFIState{wifiSSID, wifiBSSID} +} + type NetworkInterfaceIterator interface { Next() *NetworkInterface HasNext() bool diff --git a/experimental/libbox/platform/interface.go b/experimental/libbox/platform/interface.go index 77afa17b53..54d35fa315 100644 --- a/experimental/libbox/platform/interface.go +++ b/experimental/libbox/platform/interface.go @@ -2,7 +2,6 @@ package platform import ( "context" - "io" "net/netip" "github.com/sagernet/sing-box/adapter" @@ -24,8 +23,8 @@ type Interface interface { Interfaces() ([]NetworkInterface, error) UnderNetworkExtension() bool ClearDNSCache() + ReadWIFIState() adapter.WIFIState process.Searcher - io.Writer } type NetworkInterface struct { diff --git a/experimental/libbox/service.go b/experimental/libbox/service.go index 102d796b1f..3375f7502c 100644 --- a/experimental/libbox/service.go +++ b/experimental/libbox/service.go @@ -3,6 +3,7 @@ package libbox import ( "context" "net/netip" + "runtime" runtimeDebug "runtime/debug" "syscall" @@ -12,6 +13,7 @@ import ( "github.com/sagernet/sing-box/common/urltest" "github.com/sagernet/sing-box/experimental/libbox/internal/procfs" "github.com/sagernet/sing-box/experimental/libbox/platform" + "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" "github.com/sagernet/sing-tun" "github.com/sagernet/sing/common" @@ -44,10 +46,12 @@ func NewService(configContent string, platformInterface PlatformInterface) (*Box ctx = service.ContextWithPtr(ctx, urlTestHistoryStorage) pauseManager := pause.NewDefaultManager(ctx) ctx = pause.ContextWithManager(ctx, pauseManager) + platformWrapper := &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()} instance, err := box.New(box.Options{ Context: ctx, Options: options, - PlatformInterface: &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()}, + PlatformInterface: platformWrapper, + PlatformLogWriter: platformWrapper, }) if err != nil { cancel() @@ -83,7 +87,10 @@ func (s *BoxService) Wake() { _ = s.instance.Router().ResetNetwork() } -var _ platform.Interface = (*platformInterfaceWrapper)(nil) +var ( + _ platform.Interface = (*platformInterfaceWrapper)(nil) + _ log.PlatformWriter = (*platformInterfaceWrapper)(nil) +) type platformInterfaceWrapper struct { iif PlatformInterface @@ -135,11 +142,6 @@ func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions return tun.New(*options) } -func (w *platformInterfaceWrapper) Write(p []byte) (n int, err error) { - w.iif.WriteLog(string(p)) - return len(p), nil -} - func (w *platformInterfaceWrapper) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*process.Info, error) { var uid int32 if w.useProcFS { @@ -207,3 +209,19 @@ func (w *platformInterfaceWrapper) UnderNetworkExtension() bool { func (w *platformInterfaceWrapper) ClearDNSCache() { w.iif.ClearDNSCache() } + +func (w *platformInterfaceWrapper) ReadWIFIState() adapter.WIFIState { + wifiState := w.iif.ReadWIFIState() + if wifiState == nil { + return adapter.WIFIState{} + } + return (adapter.WIFIState)(*wifiState) +} + +func (w *platformInterfaceWrapper) DisableColors() bool { + return runtime.GOOS != "android" +} + +func (w *platformInterfaceWrapper) WriteMessage(level log.Level, message string) { + w.iif.WriteLog(message) +} diff --git a/go.mod b/go.mod index 6c79043fff..cf8d83d1a0 100644 --- a/go.mod +++ b/go.mod @@ -17,25 +17,23 @@ require ( github.com/libdns/cloudflare v0.1.0 github.com/logrusorgru/aurora v2.0.3+incompatible github.com/mholt/acmez v1.2.0 - github.com/miekg/dns v1.1.56 + github.com/miekg/dns v1.1.57 github.com/ooni/go-libtor v1.1.8 github.com/oschwald/maxminddb-golang v1.12.0 - github.com/pion/logging v0.2.2 - github.com/pion/turn/v3 v3.0.1 github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a github.com/sagernet/cloudflare-tls v0.0.0-20230829051644-4a68352d0c4a github.com/sagernet/gomobile v0.0.0-20230915142329-c6740b6d2950 - github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab - github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460 + github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930 + github.com/sagernet/quic-go v0.40.0 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 - github.com/sagernet/sing v0.2.18-0.20231108041402-4fbbd193203c - github.com/sagernet/sing-dns v0.1.10 + github.com/sagernet/sing v0.2.18-0.20231119032432-6a556bfa50cc + github.com/sagernet/sing-dns v0.1.11 github.com/sagernet/sing-mux v0.1.5-0.20231109075101-6b086ed6bb07 - github.com/sagernet/sing-quic v0.1.3 + github.com/sagernet/sing-quic v0.1.5-0.20231123150216-00957d136203 github.com/sagernet/sing-shadowsocks v0.2.5 - github.com/sagernet/sing-shadowsocks2 v0.1.4 + github.com/sagernet/sing-shadowsocks2 v0.1.5 github.com/sagernet/sing-shadowtls v0.1.4 - github.com/sagernet/sing-tun v0.1.20-0.20231107141025-be3aecff893d + github.com/sagernet/sing-tun v0.1.21-0.20231119035513-f6ea97c5af71 github.com/sagernet/sing-vmess v0.1.8 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6 @@ -67,7 +65,7 @@ require ( github.com/gobwas/pool v0.2.1 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect + github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a // indirect github.com/hashicorp/yamux v0.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/native v1.1.0 // indirect @@ -75,7 +73,7 @@ require ( github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/libdns/libdns v0.2.1 // indirect github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect - github.com/onsi/ginkgo/v2 v2.9.5 // indirect + github.com/onsi/ginkgo/v2 v2.9.7 // indirect github.com/pierrec/lz4/v4 v4.1.14 // indirect github.com/pion/dtls/v2 v2.2.7 // indirect github.com/pion/randutil v0.1.0 // indirect @@ -84,7 +82,7 @@ require ( github.com/pion/transport/v3 v3.0.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect - github.com/quic-go/qtls-go1-20 v0.3.4 // indirect + github.com/quic-go/qtls-go1-20 v0.4.1 // indirect github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect @@ -93,11 +91,11 @@ require ( github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect github.com/zeebo/blake3 v0.2.3 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect - golang.org/x/mod v0.13.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/mod v0.14.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/time v0.4.0 // indirect + golang.org/x/tools v0.15.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 2c1ce160d1..9b3d740b72 100644 --- a/go.sum +++ b/go.sum @@ -6,9 +6,6 @@ github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/ github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/caddyserver/certmagic v0.19.2 h1:HZd1AKLx4592MalEGQS39DKs2ZOAJCEM/xYPMQ2/ui0= github.com/caddyserver/certmagic v0.19.2/go.mod h1:fsL01NomQ6N+kE2j37ZCnig2MFosG+MIO4ztnmG/zz8= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg= github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -44,11 +41,10 @@ github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a h1:fEBsGL/sjAuJrgah5XqmmYsTLzJp/TO9Lhy39gkverk= +github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c h1:PgxFEySCI41sH0mB7/2XswdXbUykQsRUGod8Rn+NubM= @@ -76,39 +72,25 @@ github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczG github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/mholt/acmez v1.2.0 h1:1hhLxSgY5FvH5HCnGUuwbKY2VQVo8IU7rxXKSnZ7F30= github.com/mholt/acmez v1.2.0/go.mod h1:VT9YwH1xgNX1kmYY89gY8xPJC84BFAisjo8Egigt4kE= -github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE= -github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= +github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss= +github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= +github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= github.com/ooni/go-libtor v1.1.8 h1:Wo3V3DVTxl5vZdxtQakqYP+DAHx7pPtAFSl1bnAa08w= github.com/ooni/go-libtor v1.1.8/go.mod h1:q1YyLwRD9GeMyeerVvwc0vJ2YgwDLTp2bdVcrh/JXyI= github.com/oschwald/maxminddb-golang v1.12.0 h1:9FnTOD0YOhP7DGxGsq4glzpGy5+w7pq50AS6wALUMYs= github.com/oschwald/maxminddb-golang v1.12.0/go.mod h1:q0Nob5lTCqyQ8WT6FYgS1L7PXKVVbgiymefNwIjPzgY= github.com/pierrec/lz4/v4 v4.1.14 h1:+fL8AQEZtz/ijeNnpduH0bROTu0O3NZAlPjQxGn8LwE= github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8= -github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s= -github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY= -github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms= -github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA= -github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8= -github.com/pion/stun/v2 v2.0.0 h1:A5+wXKLAypxQri59+tmQKVs7+l6mMM+3d+eER9ifRU0= -github.com/pion/stun/v2 v2.0.0/go.mod h1:22qRSh08fSEttYUmJZGlriq9+03jtVmXNODgLccj8GQ= -github.com/pion/transport/v2 v2.2.1 h1:7qYnCBlpgSJNYMbLCKuSY9KbQdBFoETvPNETv0y4N7c= -github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g= -github.com/pion/transport/v3 v3.0.1 h1:gDTlPJwROfSfz6QfSi0ZmeCSkFcnWWiiR9ES0ouANiM= -github.com/pion/transport/v3 v3.0.1/go.mod h1:UY7kiITrlMv7/IKgd5eTUcaahZx5oUN3l9SzK5f5xE0= -github.com/pion/turn/v3 v3.0.1 h1:wLi7BTQr6/Q20R0vt/lHbjv6y4GChFtC33nkYbasoT8= -github.com/pion/turn/v3 v3.0.1/go.mod h1:MrJDKgqryDyWy1/4NT9TWfXWGMC7UHT6pJIv1+gMeNE= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= -github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg= -github.com/quic-go/qtls-go1-20 v0.3.4/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= +github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs= +github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a h1:+NkI2670SQpQWvkkD2QgdTuzQG263YZ+2emfpeyGqW0= github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a/go.mod h1:63s7jpZqcDAIpj8oI/1v4Izok+npJOHACFCU6+huCkM= @@ -118,32 +100,32 @@ github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms= github.com/sagernet/gomobile v0.0.0-20230915142329-c6740b6d2950 h1:hUz/2mJLgi7l2H36JGpDY+jou9FmI6kAm0ZkU+xPpgE= github.com/sagernet/gomobile v0.0.0-20230915142329-c6740b6d2950/go.mod h1:5YE39YkJkCcMsfq1jMKkjsrM2GfBoF9JVWnvU89hmvU= -github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab h1:u+xQoi/Yc6bNUvTfrDD6HhGRybn2lzrhf5vmS+wb4Ho= -github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab/go.mod h1:3akUhSHSVtLuJaYcW5JPepUraBOW06Ibz2HKwaK5rOk= +github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930 h1:dSPgjIw0CT6ISLeEh8Q20dZMBMFCcEceo23+LncRcNQ= +github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930/go.mod h1:JpKHkOYgh4wLwrX2BhH3ZIvCvazCkTnPeEcmigZJfHY= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= -github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460 h1:dAe4OIJAtE0nHOzTHhAReQteh3+sa63rvXbuIpbeOTY= -github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460/go.mod h1:uJGpmJCOcMQqMlHKc3P1Vz6uygmpz4bPeVIoOhdVQnM= +github.com/sagernet/quic-go v0.40.0 h1:DvQNPb72lzvNQDe9tcUyHTw8eRv6PLtM2mNYmdlzUMo= +github.com/sagernet/quic-go v0.40.0/go.mod h1:VqtdhlbkeeG5Okhb3eDMb/9o0EoglReHunNT9ukrJAI= github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc= github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU= github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= -github.com/sagernet/sing v0.2.18-0.20231108041402-4fbbd193203c h1:uask61Pxc3nGqsOSjqnBKrwfODWRoEa80lXm04LNk0E= -github.com/sagernet/sing v0.2.18-0.20231108041402-4fbbd193203c/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo= -github.com/sagernet/sing-dns v0.1.10 h1:iIU7nRBlUYj+fF2TaktGIvRiTFFrHwSMedLQsvlTZCI= -github.com/sagernet/sing-dns v0.1.10/go.mod h1:vtUimtf7Nq9EdvD5WTpfCr69KL1M7bcgOVKiYBiAY/c= +github.com/sagernet/sing v0.2.18-0.20231119032432-6a556bfa50cc h1:dmU0chO0QrBpARo8sqyOc+mvPLW+qux4ca16kb2WIc8= +github.com/sagernet/sing v0.2.18-0.20231119032432-6a556bfa50cc/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo= +github.com/sagernet/sing-dns v0.1.11 h1:PPrMCVVrAeR3f5X23I+cmvacXJ+kzuyAsBiWyUKhGSE= +github.com/sagernet/sing-dns v0.1.11/go.mod h1:zJ/YjnYB61SYE+ubMcMqVdpaSvsyQ2iShQGO3vuLvvE= github.com/sagernet/sing-mux v0.1.5-0.20231109075101-6b086ed6bb07 h1:ncKb5tVOsCQgCsv6UpsA0jinbNb5OQ5GMPJlyQP3EHM= github.com/sagernet/sing-mux v0.1.5-0.20231109075101-6b086ed6bb07/go.mod h1:u/MZf32xPG8jEKe3t+xUV67EBnKtDtCaPhsJQOQGUYU= -github.com/sagernet/sing-quic v0.1.3 h1:YfSPGQdlE6YspjPSlQJaVH333leFiYQM8JX7TumsWQs= -github.com/sagernet/sing-quic v0.1.3/go.mod h1:wvGU7MYih+cpJV2VrrpSGyjZIFSmUyqzawzmDyqeWJA= +github.com/sagernet/sing-quic v0.1.5-0.20231123150216-00957d136203 h1:e3C94gdfTDal52fk0BS/BRcDeF3USqBr8OjQc7XBk4E= +github.com/sagernet/sing-quic v0.1.5-0.20231123150216-00957d136203/go.mod h1:B6OgRz+qLn3N1114dcZVExkdarArtsAX2MgWJIfB72c= github.com/sagernet/sing-shadowsocks v0.2.5 h1:qxIttos4xu6ii7MTVJYA8EFQR7Q3KG6xMqmLJIFtBaY= github.com/sagernet/sing-shadowsocks v0.2.5/go.mod h1:MGWGkcU2xW2G2mfArT9/QqpVLOGU+dBaahZCtPHdt7A= -github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+MUhpQnAux728= -github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc= +github.com/sagernet/sing-shadowsocks2 v0.1.5 h1:JDeAJ4ZWlYZ7F6qEVdDKPhQEangxKw/JtmU+i/YfCYE= +github.com/sagernet/sing-shadowsocks2 v0.1.5/go.mod h1:KF65y8lI5PGHyMgRZGYXYsH9ilgRc/yr+NYbSNGuBm4= github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k= github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4= -github.com/sagernet/sing-tun v0.1.20-0.20231107141025-be3aecff893d h1:p5bBqVLO+JHJW+REJ0F0HsMWUYU3CPxKTK/gE5tua60= -github.com/sagernet/sing-tun v0.1.20-0.20231107141025-be3aecff893d/go.mod h1:kN9m94o4LSan0iRiZfpTuJPF7oLyy65dyGZX4doqnco= +github.com/sagernet/sing-tun v0.1.21-0.20231119035513-f6ea97c5af71 h1:WQi0TwhjbSNFFbxybIgAUSjVvo7uWSsLD28ldoM2avY= +github.com/sagernet/sing-tun v0.1.21-0.20231119035513-f6ea97c5af71/go.mod h1:hyzA4gDWbeg2SXklqPDswBKa//QcjlZqKw9aPcNdQ9A= github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc= github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA= github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as= @@ -194,34 +176,18 @@ go4.org/netipx v0.0.0-20230824141953-6213f710f925/go.mod h1:PLyyIXexvUFg3Owu6p/W golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -233,36 +199,19 @@ golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY= +golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 h1:CawjfCvYQH2OU3/TnxLx97WDSUDRABfT18pCOYwc2GE= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6/go.mod h1:3rxYc4HtVcSG9gVaTs2GEBdehh+sYPOwKtyUWEOTb80= diff --git a/log/default.go b/log/default.go index e355464797..c2e1c7452e 100644 --- a/log/default.go +++ b/log/default.go @@ -16,11 +16,11 @@ type simpleFactory struct { formatter Formatter platformFormatter Formatter writer io.Writer - platformWriter io.Writer + platformWriter PlatformWriter level Level } -func NewFactory(formatter Formatter, writer io.Writer, platformWriter io.Writer) Factory { +func NewFactory(formatter Formatter, writer io.Writer, platformWriter PlatformWriter) Factory { return &simpleFactory{ formatter: formatter, platformFormatter: Formatter{ @@ -76,7 +76,7 @@ func (l *simpleLogger) Log(ctx context.Context, level Level, args []any) { os.Exit(1) } if l.platformWriter != nil { - l.platformWriter.Write([]byte(l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime))) + l.platformWriter.WriteMessage(level, l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime)) } } diff --git a/log/log.go b/log/log.go index b6b0805c9d..19dbbbd912 100644 --- a/log/log.go +++ b/log/log.go @@ -42,7 +42,7 @@ type Options struct { Observable bool DefaultWriter io.Writer BaseTime time.Time - PlatformWriter io.Writer + PlatformWriter PlatformWriter } func New(options Options) (Factory, error) { diff --git a/log/observable.go b/log/observable.go index 83d9cf9c62..c12cbbbe24 100644 --- a/log/observable.go +++ b/log/observable.go @@ -6,7 +6,6 @@ import ( "os" "time" - C "github.com/sagernet/sing-box/constant" "github.com/sagernet/sing/common" F "github.com/sagernet/sing/common/format" "github.com/sagernet/sing/common/observable" @@ -18,18 +17,17 @@ type observableFactory struct { formatter Formatter platformFormatter Formatter writer io.Writer - platformWriter io.Writer + platformWriter PlatformWriter level Level subscriber *observable.Subscriber[Entry] observer *observable.Observer[Entry] } -func NewObservableFactory(formatter Formatter, writer io.Writer, platformWriter io.Writer) ObservableFactory { +func NewObservableFactory(formatter Formatter, writer io.Writer, platformWriter PlatformWriter) ObservableFactory { factory := &observableFactory{ formatter: formatter, platformFormatter: Formatter{ BaseTime: formatter.BaseTime, - DisableColors: C.IsDarwin || C.IsIos, DisableLineBreak: true, }, writer: writer, @@ -37,6 +35,9 @@ func NewObservableFactory(formatter Formatter, writer io.Writer, platformWriter level: LevelTrace, subscriber: observable.NewSubscriber[Entry](128), } + if platformWriter != nil { + factory.platformFormatter.DisableColors = platformWriter.DisableColors() + } factory.observer = observable.NewObserver[Entry](factory.subscriber, 64) return factory } @@ -94,7 +95,7 @@ func (l *observableLogger) Log(ctx context.Context, level Level, args []any) { } l.subscriber.Emit(Entry{level, messageSimple}) if l.platformWriter != nil { - l.platformWriter.Write([]byte(l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime))) + l.platformWriter.WriteMessage(level, l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime)) } } diff --git a/log/platform.go b/log/platform.go new file mode 100644 index 0000000000..c6a9e525a1 --- /dev/null +++ b/log/platform.go @@ -0,0 +1,6 @@ +package log + +type PlatformWriter interface { + DisableColors() bool + WriteMessage(level Level, message string) +} diff --git a/mkdocs.yml b/mkdocs.yml index 98c46c6fb9..1d4b1d8b0e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -29,25 +29,39 @@ theme: - navigation.expand - navigation.sections - header.autohide + - content.code.copy + - content.code.select + - content.code.annotate nav: - Home: - index.md - - Features: features.md - Deprecated: deprecated.md - Support: support.md - Change Log: changelog.md - Installation: - - From source: installation/from-source.md - - Package Manager: - - macOS: installation/package-manager/macOS.md - - Windows: installation/package-manager/windows.md - - Android: installation/package-manager/android.md - - Clients: - - Specification: installation/clients/specification.md - - iOS: installation/clients/sfi.md - - macOS: installation/clients/sfm.md - - Apple tvOS: installation/clients/sft.md - - Android: installation/clients/sfa.md + - Package Manager: installation/package-manager.md + - Docker: installation/docker.md + - Build from source: installation/build-from-source.md + - Graphical Clients: + - clients/index.md + - Android: + - clients/android/index.md + - Features: clients/android/features.md + - Apple platforms: + - clients/apple/index.md + - Features: clients/apple/features.md + - General: clients/general.md + - Privacy policy: clients/privacy.md + - Manual: + - Proxy: + - Server: manual/proxy/server.md + - Client: manual/proxy/client.md +# - TUN: manual/proxy/tun.md + - Proxy Protocol: + - Shadowsocks: manual/proxy-protocol/shadowsocks.md + - Trojan: manual/proxy-protocol/trojan.md + - TUIC: manual/proxy-protocol/tuic.md + - Hysteria 2: manual/proxy-protocol/hysteria2.md - Configuration: - configuration/index.md - Log: @@ -115,24 +129,6 @@ nav: - DNS: configuration/outbound/dns.md - Selector: configuration/outbound/selector.md - URLTest: configuration/outbound/urltest.md - - FAQ: - - faq/index.md - - FakeIP: faq/fakeip.md - - Known Issues: faq/known-issues.md - - Examples: - - examples/index.md - - Linux Server Installation: examples/linux-server-installation.md - - Tun: examples/tun.md - - DNS Hijack: examples/dns-hijack.md - - Shadowsocks: examples/shadowsocks.md - - ShadowTLS: examples/shadowtls.md - - Clash API: examples/clash-api.md - - FakeIP: examples/fakeip.md - - Contributing: - - contributing/index.md - - Developing: - - Environment: contributing/environment.md - - Sub projects: contributing/sub-projects.md markdown_extensions: - pymdownx.inlinehilite - pymdownx.snippets @@ -143,6 +139,7 @@ markdown_extensions: - pymdownx.keys - pymdownx.mark - pymdownx.tilde + - pymdownx.magiclink - admonition - attr_list - md_in_html @@ -154,6 +151,14 @@ markdown_extensions: alternate_style: true - pymdownx.tasklist: custom_checkbox: true + - pymdownx.emoji: + emoji_index: !!python/name:material.extensions.emoji.twemoji + emoji_generator: !!python/name:material.extensions.emoji.to_svg + - pymdownx.superfences: + custom_fences: + - name: mermaid + class: mermaid + format: !!python/name:pymdownx.superfences.fence_code_format extra: social: - icon: fontawesome/brands/github @@ -162,48 +167,58 @@ extra: plugins: - search - i18n: - default_language: en + docs_structure: suffix + fallback_to_default: true languages: - en: + - build: true + default: true + locale: en name: English - build: false - zh: + - build: true + default: false + locale: zh name: 简体中文 - material_alternate: true - nav_translations: - zh: - Getting Started: 开始 - Features: 特性 - Support: 支持 - Change Log: 更新日志 + nav_translations: + Home: 开始 + Deprecated: 废弃功能列表 + Support: 支持 + Change Log: 更新日志 - Installation: 安装 - From source: 从源代码 - Clients: 客户端 + Installation: 安装 + Package Manager: 包管理器 + Build from source: 从源代码构建 - Configuration: 配置 - Log: 日志 - DNS Server: DNS 服务器 - DNS Rule: DNS 规则 + Graphical Clients: 图形界面客户端 + Features: 特性 + Apple platforms: Apple 平台 + General: 通用 + Privacy policy: 隐私政策 - Route: 路由 - Route Rule: 路由规则 - Protocol Sniff: 协议探测 + Configuration: 配置 + Log: 日志 + DNS Server: DNS 服务器 + DNS Rule: DNS 规则 - Experimental: 实验性 + Route: 路由 + Route Rule: 路由规则 + Protocol Sniff: 协议探测 - Shared: 通用 - Listen Fields: 监听字段 - Dial Fields: 拨号字段 - DNS01 Challenge Fields: DNS01 验证字段 - Multiplex: 多路复用 - V2Ray Transport: V2Ray 传输层 + Experimental: 实验性 - Inbound: 入站 - Outbound: 出站 + Shared: 通用 + Listen Fields: 监听字段 + Dial Fields: 拨号字段 + DNS01 Challenge Fields: DNS01 验证字段 + Multiplex: 多路复用 + V2Ray Transport: V2Ray 传输层 - FAQ: 常见问题 - Known Issues: 已知问题 - Examples: 示例 - Linux Server Installation: Linux 服务器安装 - DNS Hijack: DNS 劫持 + Inbound: 入站 + Outbound: 出站 + + FAQ: 常见问题 + Known Issues: 已知问题 + Examples: 示例 + Linux Server Installation: Linux 服务器安装 + DNS Hijack: DNS 劫持 + reconfigure_material: true + reconfigure_search: true \ No newline at end of file diff --git a/option/rule.go b/option/rule.go index f78a752d91..8caba96e57 100644 --- a/option/rule.go +++ b/option/rule.go @@ -78,6 +78,8 @@ type DefaultRule struct { User Listable[string] `json:"user,omitempty"` UserID Listable[int32] `json:"user_id,omitempty"` ClashMode string `json:"clash_mode,omitempty"` + WIFISSID Listable[string] `json:"wifi_ssid,omitempty"` + WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"` Invert bool `json:"invert,omitempty"` Outbound string `json:"outbound,omitempty"` } diff --git a/option/rule_dns.go b/option/rule_dns.go index 563d30850b..ba572b9aa2 100644 --- a/option/rule_dns.go +++ b/option/rule_dns.go @@ -78,6 +78,8 @@ type DefaultDNSRule struct { UserID Listable[int32] `json:"user_id,omitempty"` Outbound Listable[string] `json:"outbound,omitempty"` ClashMode string `json:"clash_mode,omitempty"` + WIFISSID Listable[string] `json:"wifi_ssid,omitempty"` + WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"` Invert bool `json:"invert,omitempty"` Server string `json:"server,omitempty"` DisableCache bool `json:"disable_cache,omitempty"` diff --git a/option/wireguard.go b/option/wireguard.go index 866fa17a8e..9c43d60d07 100644 --- a/option/wireguard.go +++ b/option/wireguard.go @@ -1,6 +1,7 @@ package option -import "net/netip" +import "net/netip" + type WireGuardOutboundOptions struct { DialerOptions SystemInterface bool `json:"system_interface,omitempty"` diff --git a/route/router.go b/route/router.go index 2d2f2cde57..972c4ec048 100644 --- a/route/router.go +++ b/route/router.go @@ -86,6 +86,8 @@ type Router struct { clashServer adapter.ClashServer v2rayServer adapter.V2RayServer platformInterface platform.Interface + needWIFIState bool + wifiState adapter.WIFIState } func NewRouter( @@ -116,6 +118,7 @@ func NewRouter( defaultMark: options.DefaultMark, pauseManager: pause.ManagerFromContext(ctx), platformInterface: platformInterface, + needWIFIState: hasRule(options.Rules, isWIFIRule) || hasDNSRule(dnsOptions.Rules, isWIFIDNSRule), } router.dnsClient = dns.NewClient(dns.ClientOptions{ DisableCache: dnsOptions.DNSClientOptions.DisableCache, @@ -328,6 +331,11 @@ func NewRouter( service.ContextWith[serviceNTP.TimeService](ctx, timeService) router.timeService = timeService } + if platformInterface != nil && router.interfaceMonitor != nil && router.needWIFIState { + router.interfaceMonitor.RegisterCallback(func(_ int) { + router.updateWIFIState() + }) + } return router, nil } @@ -468,6 +476,9 @@ func (r *Router) Start() error { r.geositeCache = nil r.geositeReader = nil } + if r.needWIFIState { + r.updateWIFIState() + } for i, rule := range r.rules { err := rule.Start() if err != nil { @@ -940,6 +951,10 @@ func (r *Router) Rules() []adapter.Rule { return r.rules } +func (r *Router) WIFIState() adapter.WIFIState { + return r.wifiState +} + func (r *Router) NetworkMonitor() tun.NetworkUpdateMonitor { return r.networkMonitor } @@ -1019,3 +1034,14 @@ func (r *Router) ResetNetwork() error { } return nil } + +func (r *Router) updateWIFIState() { + if r.platformInterface == nil { + return + } + state := r.platformInterface.ReadWIFIState() + if state != r.wifiState { + r.wifiState = state + r.logger.Info("updated WIFI state: SSID=", state.SSID, ", BSSID=", state.BSSID) + } +} diff --git a/route/router_geo_resources.go b/route/router_geo_resources.go index 523833dcff..8715cf922c 100644 --- a/route/router_geo_resources.go +++ b/route/router_geo_resources.go @@ -307,3 +307,11 @@ func isProcessDNSRule(rule option.DefaultDNSRule) bool { func notPrivateNode(code string) bool { return code != "private" } + +func isWIFIRule(rule option.DefaultRule) bool { + return len(rule.WIFISSID) > 0 || len(rule.WIFIBSSID) > 0 +} + +func isWIFIDNSRule(rule option.DefaultDNSRule) bool { + return len(rule.WIFISSID) > 0 || len(rule.WIFIBSSID) > 0 +} diff --git a/route/rule_default.go b/route/rule_default.go index 01322c13aa..2d62f97a46 100644 --- a/route/rule_default.go +++ b/route/rule_default.go @@ -184,6 +184,16 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } + if len(options.WIFISSID) > 0 { + item := NewWIFISSIDItem(router, options.WIFISSID) + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } + if len(options.WIFIBSSID) > 0 { + item := NewWIFIBSSIDItem(router, options.WIFIBSSID) + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } return rule, nil } diff --git a/route/rule_dns.go b/route/rule_dns.go index 15e4b16ff1..5132f02456 100644 --- a/route/rule_dns.go +++ b/route/rule_dns.go @@ -180,6 +180,16 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } + if len(options.WIFISSID) > 0 { + item := NewWIFISSIDItem(router, options.WIFISSID) + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } + if len(options.WIFIBSSID) > 0 { + item := NewWIFIBSSIDItem(router, options.WIFIBSSID) + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } return rule, nil } diff --git a/route/rule_item_wifi_bssid.go b/route/rule_item_wifi_bssid.go new file mode 100644 index 0000000000..3b1ff9c852 --- /dev/null +++ b/route/rule_item_wifi_bssid.go @@ -0,0 +1,39 @@ +package route + +import ( + "strings" + + "github.com/sagernet/sing-box/adapter" + F "github.com/sagernet/sing/common/format" +) + +var _ RuleItem = (*WIFIBSSIDItem)(nil) + +type WIFIBSSIDItem struct { + bssidList []string + bssidMap map[string]bool + router adapter.Router +} + +func NewWIFIBSSIDItem(router adapter.Router, bssidList []string) *WIFIBSSIDItem { + bssidMap := make(map[string]bool) + for _, bssid := range bssidList { + bssidMap[bssid] = true + } + return &WIFIBSSIDItem{ + bssidList, + bssidMap, + router, + } +} + +func (r *WIFIBSSIDItem) Match(metadata *adapter.InboundContext) bool { + return r.bssidMap[r.router.WIFIState().BSSID] +} + +func (r *WIFIBSSIDItem) String() string { + if len(r.bssidList) == 1 { + return F.ToString("wifi_bssid=", r.bssidList[0]) + } + return F.ToString("wifi_bssid=[", strings.Join(r.bssidList, " "), "]") +} diff --git a/route/rule_item_wifi_ssid.go b/route/rule_item_wifi_ssid.go new file mode 100644 index 0000000000..62cf935eb0 --- /dev/null +++ b/route/rule_item_wifi_ssid.go @@ -0,0 +1,39 @@ +package route + +import ( + "strings" + + "github.com/sagernet/sing-box/adapter" + F "github.com/sagernet/sing/common/format" +) + +var _ RuleItem = (*WIFISSIDItem)(nil) + +type WIFISSIDItem struct { + ssidList []string + ssidMap map[string]bool + router adapter.Router +} + +func NewWIFISSIDItem(router adapter.Router, ssidList []string) *WIFISSIDItem { + ssidMap := make(map[string]bool) + for _, ssid := range ssidList { + ssidMap[ssid] = true + } + return &WIFISSIDItem{ + ssidList, + ssidMap, + router, + } +} + +func (r *WIFISSIDItem) Match(metadata *adapter.InboundContext) bool { + return r.ssidMap[r.router.WIFIState().SSID] +} + +func (r *WIFISSIDItem) String() string { + if len(r.ssidList) == 1 { + return F.ToString("wifi_ssid=", r.ssidList[0]) + } + return F.ToString("wifi_ssid=[", strings.Join(r.ssidList, " "), "]") +} diff --git a/test/go.mod b/test/go.mod index c1bca3e40d..42c9d087b4 100644 --- a/test/go.mod +++ b/test/go.mod @@ -11,11 +11,11 @@ require ( github.com/docker/go-connections v0.4.0 github.com/gofrs/uuid/v5 v5.0.0 github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460 - github.com/sagernet/sing v0.2.18-0.20231108041402-4fbbd193203c - github.com/sagernet/sing-dns v0.1.10 - github.com/sagernet/sing-quic v0.1.3 + github.com/sagernet/sing v0.2.18-0.20231119032432-6a556bfa50cc + github.com/sagernet/sing-dns v0.1.11 + github.com/sagernet/sing-quic v0.1.4 github.com/sagernet/sing-shadowsocks v0.2.5 - github.com/sagernet/sing-shadowsocks2 v0.1.4 + github.com/sagernet/sing-shadowsocks2 v0.1.5 github.com/spyzhov/ajson v0.9.0 github.com/stretchr/testify v1.8.4 go.uber.org/goleak v1.3.0 @@ -56,7 +56,7 @@ require ( github.com/libdns/libdns v0.2.1 // indirect github.com/logrusorgru/aurora v2.0.3+incompatible // indirect github.com/mholt/acmez v1.2.0 // indirect - github.com/miekg/dns v1.1.56 // indirect + github.com/miekg/dns v1.1.57 // indirect github.com/moby/term v0.5.0 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/onsi/ginkgo/v2 v2.9.5 // indirect @@ -72,13 +72,12 @@ require ( github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a // indirect github.com/sagernet/cloudflare-tls v0.0.0-20230829051644-4a68352d0c4a // indirect github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect - github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab // indirect + github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930 // indirect github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect - github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460 // indirect github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 // indirect github.com/sagernet/sing-mux v0.1.5-0.20231109075101-6b086ed6bb07 // indirect github.com/sagernet/sing-shadowtls v0.1.4 // indirect - github.com/sagernet/sing-tun v0.1.20-0.20231107141025-be3aecff893d // indirect + github.com/sagernet/sing-tun v0.1.21-0.20231119035513-f6ea97c5af71 // indirect github.com/sagernet/sing-vmess v0.1.8 // indirect github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 // indirect github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6 // indirect @@ -93,12 +92,12 @@ require ( go.uber.org/zap v1.26.0 // indirect go4.org/netipx v0.0.0-20230824141953-6213f710f925 // indirect golang.org/x/crypto v0.15.0 // indirect - golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect - golang.org/x/mod v0.13.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/mod v0.14.0 // indirect golang.org/x/sys v0.14.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/time v0.4.0 // indirect + golang.org/x/tools v0.15.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/grpc v1.59.0 // indirect google.golang.org/protobuf v1.31.0 // indirect diff --git a/test/go.sum b/test/go.sum index 7520eb3199..c3d155cb45 100644 --- a/test/go.sum +++ b/test/go.sum @@ -87,8 +87,8 @@ github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczG github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/mholt/acmez v1.2.0 h1:1hhLxSgY5FvH5HCnGUuwbKY2VQVo8IU7rxXKSnZ7F30= github.com/mholt/acmez v1.2.0/go.mod h1:VT9YwH1xgNX1kmYY89gY8xPJC84BFAisjo8Egigt4kE= -github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE= -github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= @@ -121,8 +121,8 @@ github.com/sagernet/cloudflare-tls v0.0.0-20230829051644-4a68352d0c4a h1:wZHruBx github.com/sagernet/cloudflare-tls v0.0.0-20230829051644-4a68352d0c4a/go.mod h1:dNV1ZP9y3qx5ltULeKaQZTZWTLHflgW5DES+Ses7cMI= github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA= github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms= -github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab h1:u+xQoi/Yc6bNUvTfrDD6HhGRybn2lzrhf5vmS+wb4Ho= -github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab/go.mod h1:3akUhSHSVtLuJaYcW5JPepUraBOW06Ibz2HKwaK5rOk= +github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930 h1:dSPgjIw0CT6ISLeEh8Q20dZMBMFCcEceo23+LncRcNQ= +github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930/go.mod h1:JpKHkOYgh4wLwrX2BhH3ZIvCvazCkTnPeEcmigZJfHY= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460 h1:dAe4OIJAtE0nHOzTHhAReQteh3+sa63rvXbuIpbeOTY= @@ -131,22 +131,22 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU= github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= -github.com/sagernet/sing v0.2.18-0.20231108041402-4fbbd193203c h1:uask61Pxc3nGqsOSjqnBKrwfODWRoEa80lXm04LNk0E= -github.com/sagernet/sing v0.2.18-0.20231108041402-4fbbd193203c/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo= -github.com/sagernet/sing-dns v0.1.10 h1:iIU7nRBlUYj+fF2TaktGIvRiTFFrHwSMedLQsvlTZCI= -github.com/sagernet/sing-dns v0.1.10/go.mod h1:vtUimtf7Nq9EdvD5WTpfCr69KL1M7bcgOVKiYBiAY/c= +github.com/sagernet/sing v0.2.18-0.20231119032432-6a556bfa50cc h1:dmU0chO0QrBpARo8sqyOc+mvPLW+qux4ca16kb2WIc8= +github.com/sagernet/sing v0.2.18-0.20231119032432-6a556bfa50cc/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo= +github.com/sagernet/sing-dns v0.1.11 h1:PPrMCVVrAeR3f5X23I+cmvacXJ+kzuyAsBiWyUKhGSE= +github.com/sagernet/sing-dns v0.1.11/go.mod h1:zJ/YjnYB61SYE+ubMcMqVdpaSvsyQ2iShQGO3vuLvvE= github.com/sagernet/sing-mux v0.1.5-0.20231109075101-6b086ed6bb07 h1:ncKb5tVOsCQgCsv6UpsA0jinbNb5OQ5GMPJlyQP3EHM= github.com/sagernet/sing-mux v0.1.5-0.20231109075101-6b086ed6bb07/go.mod h1:u/MZf32xPG8jEKe3t+xUV67EBnKtDtCaPhsJQOQGUYU= -github.com/sagernet/sing-quic v0.1.3 h1:YfSPGQdlE6YspjPSlQJaVH333leFiYQM8JX7TumsWQs= -github.com/sagernet/sing-quic v0.1.3/go.mod h1:wvGU7MYih+cpJV2VrrpSGyjZIFSmUyqzawzmDyqeWJA= +github.com/sagernet/sing-quic v0.1.4 h1:F5KRGXMXKQEmP8VrzVollf9HWcRqggcuG9nRCL+5IJ8= +github.com/sagernet/sing-quic v0.1.4/go.mod h1:aXHVP+osF3w5wJzoWZbJSrX3ceJiU9QMd0KPnKV6C/o= github.com/sagernet/sing-shadowsocks v0.2.5 h1:qxIttos4xu6ii7MTVJYA8EFQR7Q3KG6xMqmLJIFtBaY= github.com/sagernet/sing-shadowsocks v0.2.5/go.mod h1:MGWGkcU2xW2G2mfArT9/QqpVLOGU+dBaahZCtPHdt7A= -github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+MUhpQnAux728= -github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc= +github.com/sagernet/sing-shadowsocks2 v0.1.5 h1:JDeAJ4ZWlYZ7F6qEVdDKPhQEangxKw/JtmU+i/YfCYE= +github.com/sagernet/sing-shadowsocks2 v0.1.5/go.mod h1:KF65y8lI5PGHyMgRZGYXYsH9ilgRc/yr+NYbSNGuBm4= github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k= github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4= -github.com/sagernet/sing-tun v0.1.20-0.20231107141025-be3aecff893d h1:p5bBqVLO+JHJW+REJ0F0HsMWUYU3CPxKTK/gE5tua60= -github.com/sagernet/sing-tun v0.1.20-0.20231107141025-be3aecff893d/go.mod h1:kN9m94o4LSan0iRiZfpTuJPF7oLyy65dyGZX4doqnco= +github.com/sagernet/sing-tun v0.1.21-0.20231119035513-f6ea97c5af71 h1:WQi0TwhjbSNFFbxybIgAUSjVvo7uWSsLD28ldoM2avY= +github.com/sagernet/sing-tun v0.1.21-0.20231119035513-f6ea97c5af71/go.mod h1:hyzA4gDWbeg2SXklqPDswBKa//QcjlZqKw9aPcNdQ9A= github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc= github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA= github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as= @@ -196,12 +196,12 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -213,7 +213,7 @@ golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -236,14 +236,14 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY= +golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/test/shadowsocks_test.go b/test/shadowsocks_test.go index f88715861a..7d063d9a96 100644 --- a/test/shadowsocks_test.go +++ b/test/shadowsocks_test.go @@ -74,6 +74,23 @@ func TestShadowsocks2022(t *testing.T) { } } +func TestShadowsocks2022EIH(t *testing.T) { + for _, method16 := range []string{ + "2022-blake3-aes-128-gcm", + } { + t.Run(method16, func(t *testing.T) { + testShadowsocks2022EIH(t, method16, mkBase64(t, 16)) + }) + } + for _, method32 := range []string{ + "2022-blake3-aes-256-gcm", + } { + t.Run(method32, func(t *testing.T) { + testShadowsocks2022EIH(t, method32, mkBase64(t, 32)) + }) + } +} + func testShadowsocksInboundWithShadowsocksRust(t *testing.T, method string, password string) { startDockerContainer(t, DockerOptions{ Image: ImageShadowsocksRustClient, @@ -252,6 +269,67 @@ func TestShadowsocksUoT(t *testing.T) { testSuit(t, clientPort, testPort) } +func testShadowsocks2022EIH(t *testing.T, method string, password string) { + startInstance(t, option.Options{ + Inbounds: []option.Inbound{ + { + Type: C.TypeMixed, + Tag: "mixed-in", + MixedOptions: option.HTTPMixedInboundOptions{ + ListenOptions: option.ListenOptions{ + Listen: option.NewListenAddress(netip.IPv4Unspecified()), + ListenPort: clientPort, + }, + }, + }, + { + Type: C.TypeShadowsocks, + ShadowsocksOptions: option.ShadowsocksInboundOptions{ + ListenOptions: option.ListenOptions{ + Listen: option.NewListenAddress(netip.IPv4Unspecified()), + ListenPort: serverPort, + }, + Method: method, + Password: password, + Users: []option.ShadowsocksUser{ + { + Password: password, + }, + }, + }, + }, + }, + Outbounds: []option.Outbound{ + { + Type: C.TypeDirect, + }, + { + Type: C.TypeShadowsocks, + Tag: "ss-out", + ShadowsocksOptions: option.ShadowsocksOutboundOptions{ + ServerOptions: option.ServerOptions{ + Server: "127.0.0.1", + ServerPort: serverPort, + }, + Method: method, + Password: password + ":" + password, + }, + }, + }, + Route: &option.RouteOptions{ + Rules: []option.Rule{ + { + DefaultOptions: option.DefaultRule{ + Inbound: []string{"mixed-in"}, + Outbound: "ss-out", + }, + }, + }, + }, + }) + testSuit(t, clientPort, testPort) +} + func mkBase64(t *testing.T, length int) string { psk := make([]byte, length) _, err := rand.Read(psk) diff --git a/transport/v2raywebsocket/conn.go b/transport/v2raywebsocket/conn.go index 11d85b5943..5b51e5c528 100644 --- a/transport/v2raywebsocket/conn.go +++ b/transport/v2raywebsocket/conn.go @@ -178,11 +178,17 @@ func (c *EarlyWebsocketConn) writeRequest(content []byte) error { } else { conn, err = c.dialContext(c.ctx, &c.requestURL, c.headers) } - c.conn = conn + if err != nil { + return err + } if len(lateData) > 0 { - _, err = c.conn.Write(lateData) + _, err = conn.Write(lateData) + if err != nil { + return err + } } - return err + c.conn = conn + return nil } func (c *EarlyWebsocketConn) Write(b []byte) (n int, err error) {