zishuo/Archive
1
0
Fork 0
mirror of https://github.com/bolucat/Archive.git synced 2026-04-22 16:07:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update On Thu Nov 14 19:39:50 CET 2024

Browse Source
This commit is contained in:
github-action[bot]
2024-11-14 19:39:51 +01:00
parent 04a9a67727
commit c75b0aadf8
78 changed files with 1175 additions and 712 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/update.log
+1
View File
@@ -824,3 +824,4 @@ Update On Sun Nov 10 19:32:01 CET 2024
Update On Mon Nov 11 19:36:15 CET 2024
Update On Tue Nov 12 19:37:38 CET 2024
Update On Wed Nov 13 19:34:22 CET 2024
Update On Thu Nov 14 19:39:40 CET 2024
clash-meta/adapter/adapter.go
+2
View File
@@ -165,6 +165,8 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
mapping["udp"] = p.SupportUDP()
mapping["xudp"] = p.SupportXUDP()
mapping["tfo"] = p.SupportTFO()
mapping["mptcp"] = p.SupportMPTCP()
mapping["smux"] = p.SupportSMUX()
return json.Marshal(mapping)
}
clash-meta/adapter/outbound/base.go
+10
View File
@@ -95,6 +95,16 @@ func (b *Base) SupportTFO() bool {
return b.tfo
}
// SupportMPTCP implements C.ProxyAdapter
func (b *Base) SupportMPTCP() bool {
return b.mpTcp
}
// SupportSMUX implements C.ProxyAdapter
func (b *Base) SupportSMUX() bool {
return false
}
// IsL3Protocol implements C.ProxyAdapter
func (b *Base) IsL3Protocol(metadata *C.Metadata) bool {
return false
clash-meta/adapter/outbound/singmux.go
+4
View File
@@ -97,6 +97,10 @@ func (s *SingMux) SupportUOT() bool {
return true
}
func (s *SingMux) SupportSMUX() bool {
return true
}
func closeSingMux(s *SingMux) {
_ = s.client.Close()
}
clash-meta/adapter/outbound/wireguard.go
+14
View File
@@ -625,6 +625,20 @@ func (r *refProxyAdapter) SupportTFO() bool {
return false
}
func (r *refProxyAdapter) SupportMPTCP() bool {
if r.proxyAdapter != nil {
return r.proxyAdapter.SupportMPTCP()
}
return false
}
func (r *refProxyAdapter) SupportSMUX() bool {
if r.proxyAdapter != nil {
return r.proxyAdapter.SupportSMUX()
}
return false
}
func (r *refProxyAdapter) MarshalJSON() ([]byte, error) {
if r.proxyAdapter != nil {
return r.proxyAdapter.MarshalJSON()
clash-meta/constant/adapters.go
+2
View File
@@ -106,6 +106,8 @@ type ProxyAdapter interface {
SupportUDP() bool
SupportXUDP() bool
SupportTFO() bool
SupportMPTCP() bool
SupportSMUX() bool
MarshalJSON() ([]byte, error)
// Deprecated: use DialContextWithDialer and ListenPacketWithDialer instead.
clash-nyanpasu/backend/Cargo.lock
Generated
+7 -7
View File
@@ -1432,9 +1432,9 @@ dependencies = [
[[package]]
name = "clap"
version = "4.5.20"
version = "4.5.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8"
checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f"
dependencies = [
"clap_builder",
"clap_derive",
@@ -1442,9 +1442,9 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.5.20"
version = "4.5.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54"
checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec"
dependencies = [
"anstream",
"anstyle",
@@ -4717,7 +4717,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
dependencies = [
"cfg-if",
"windows-targets 0.52.6",
"windows-targets 0.48.5",
]
[[package]]
@@ -8810,7 +8810,7 @@ dependencies = [
"fastrand 2.1.1",
"once_cell",
"rustix",
"windows-sys 0.59.0",
"windows-sys 0.52.0",
]
[[package]]
@@ -10429,7 +10429,7 @@ version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
dependencies = [
"windows-sys 0.59.0",
"windows-sys 0.48.0",
]
[[package]]
clash-nyanpasu/frontend/nyanpasu/package.json
+9 -9
View File
@@ -16,12 +16,12 @@
"@emotion/styled": "11.13.0",
"@juggle/resize-observer": "3.4.0",
"@material/material-color-utilities": "0.3.0",
"@mui/icons-material": "6.1.6",
"@mui/lab": "6.0.0-beta.14",
"@mui/material": "6.1.6",
"@mui/icons-material": "6.1.7",
"@mui/lab": "6.0.0-beta.15",
"@mui/material": "6.1.7",
"@nyanpasu/interface": "workspace:^",
"@nyanpasu/ui": "workspace:^",
"@tanstack/router-zod-adapter": "1.81.4",
"@tanstack/router-zod-adapter": "1.81.5",
"@tauri-apps/api": "2.1.1",
"@types/json-schema": "7.0.15",
"ahooks": "3.8.1",
@@ -34,7 +34,7 @@
"json-schema": "0.4.0",
"material-react-table": "3.0.1",
"monaco-editor": "0.52.0",
"mui-color-input": "4.0.2",
"mui-color-input": "5.0.1",
"react": "rc",
"react-dom": "rc",
"react-error-boundary": "4.1.2",
@@ -52,10 +52,10 @@
"@csstools/normalize.css": "12.1.1",
"@emotion/babel-plugin": "11.12.0",
"@emotion/react": "11.13.3",
"@iconify/json": "2.2.271",
"@iconify/json": "2.2.272",
"@monaco-editor/react": "4.6.0",
"@tanstack/react-router": "1.81.4",
"@tanstack/router-devtools": "1.81.4",
"@tanstack/react-router": "1.81.5",
"@tanstack/router-devtools": "1.81.5",
"@tanstack/router-plugin": "1.79.0",
"@tauri-apps/plugin-clipboard-manager": "2.0.0",
"@tauri-apps/plugin-dialog": "2.0.1",
@@ -81,7 +81,7 @@
"sass": "1.80.7",
"shiki": "1.22.2",
"tailwindcss-textshadow": "2.1.3",
"unplugin-auto-import": "0.18.3",
"unplugin-auto-import": "0.18.4",
"unplugin-icons": "0.20.1",
"validator": "13.12.0",
"vite": "5.4.11",
clash-nyanpasu/frontend/ui/package.json
+3 -3
View File
@@ -17,9 +17,9 @@
},
"dependencies": {
"@material/material-color-utilities": "0.3.0",
"@mui/icons-material": "6.1.6",
"@mui/lab": "6.0.0-beta.14",
"@mui/material": "6.1.6",
"@mui/icons-material": "6.1.7",
"@mui/lab": "6.0.0-beta.15",
"@mui/material": "6.1.7",
"@radix-ui/react-portal": "1.1.2",
"@radix-ui/react-scroll-area": "1.2.1",
"@tauri-apps/api": "2.1.1",
clash-nyanpasu/package.json
+2 -2
View File
@@ -82,7 +82,7 @@
"eslint-plugin-react": "7.37.2",
"eslint-plugin-react-compiler": "0.0.0-experimental-fcabbc1-20241106",
"eslint-plugin-react-hooks": "4.6.2",
"knip": "5.36.7",
"knip": "5.37.0",
"lint-staged": "15.2.10",
"npm-run-all2": "7.0.1",
"postcss": "8.4.49",
@@ -104,7 +104,7 @@
"tsx": "4.19.2",
"typescript": "5.6.3"
},
"packageManager": "pnpm@9.12.3+sha512.cce0f9de9c5a7c95bef944169cc5dfe8741abfb145078c0d508b868056848a87c81e626246cb60967cbd7fd29a6c062ef73ff840d96b3c86c40ac92cf4a813ee",
"packageManager": "pnpm@9.13.0+sha512.beb9e2a803db336c10c9af682b58ad7181ca0fbd0d4119f2b33d5f2582e96d6c0d93c85b23869295b765170fbdaa92890c0da6ada457415039769edf3c959efe",
"engines": {
"node": "22.11.0"
},
clash-nyanpasu/pnpm-lock.yaml
Generated
+392 -368
View File
File diff suppressed because it is too large Load Diff
dns-over-https/.github/workflows/go.yml
Vendored
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
make
- name: Upload Linux build
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: linux-amd64
path: |
dns-over-https/go.mod
+1 -3
View File
@@ -1,8 +1,6 @@
module github.com/m13253/dns-over-https/v2
go 1.22.0
toolchain go1.23.2
go 1.23.3
require (
github.com/BurntSushi/toml v1.4.0
lede/Config.in
+1 -1
View File
@@ -2,7 +2,7 @@
#
# Copyright (C) 2006-2013 OpenWrt.org
mainmenu "OpenWrt Configuration"
mainmenu "LEDE Configuration"
config MODULES
modules
lede/Makefile
+1 -1
View File
@@ -10,7 +10,7 @@ export TOPDIR LC_ALL LANG TZ
empty:=
space:= $(empty) $(empty)
$(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt directory must not include any spaces))
$(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the LEDE directory must not include any spaces))
world:
lede/include/image.mk
+1 -1
View File
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2006-2020 OpenWrt.org
# Copyright (C) 2006-2020 LEDE.org
override TARGET_BUILD=
include $(INCLUDE_DIR)/prereq.mk
lede/include/prereq-build.mk
+1 -1
View File
@@ -15,7 +15,7 @@ $(eval $(call TestHostCommand,working-make, \
$(MAKE) -v | grep -E 'Make (4\.[1-9]|[5-9]\.)'))
$(eval $(call TestHostCommand,case-sensitive-fs, \
OpenWrt can only be built on a case-sensitive filesystem, \
LEDE can only be built on a case-sensitive filesystem, \
rm -f $(TMP_DIR)/test.*; touch $(TMP_DIR)/test.fs; \
test ! -f $(TMP_DIR)/test.FS))
lede/package/base-files/Makefile
+1 -1
View File
@@ -40,7 +40,7 @@ define Package/base-files
SECTION:=base
CATEGORY:=Base system
DEPENDS:=+netifd +libc +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
TITLE:=Base filesystem for OpenWrt
TITLE:=Base filesystem for LEDE
URL:=http://openwrt.org/
VERSION:=$(PKG_RELEASE)-$(REVISION)
endef
lede/package/base-files/files/bin/config_generate
+1 -1
View File
@@ -296,7 +296,7 @@ generate_static_system() {
uci -q batch <<-EOF
delete system.@system[0]
add system system
set system.@system[-1].hostname='OpenWrt'
set system.@system[-1].hostname='LEDE'
set system.@system[-1].timezone='UTC'
set system.@system[-1].ttylogin='0'
set system.@system[-1].log_size='64'
lede/package/base-files/files/etc/init.d/system
+1 -1
View File
@@ -6,7 +6,7 @@ USE_PROCD=1
validate_system_section() {
uci_load_validate system system "$1" "$2" \
'hostname:string:OpenWrt' \
'hostname:string:LEDE' \
'conloglevel:uinteger' \
'buffersize:uinteger' \
'timezone:string:UTC' \
lede/package/base-files/image-config.in
+4 -4
View File
@@ -165,7 +165,7 @@ if VERSIONOPT
config VERSION_DIST
string
prompt "Release distribution"
default "OpenWrt"
default "LEDE"
help
This is the name of the release distribution.
If unspecified, it defaults to OpenWrt.
@@ -199,13 +199,13 @@ if VERSIONOPT
%v .. Configured release version number or "snapshot", lowercase
%C .. Configured release revision code or value of %R, uppercase
%c .. Configured release revision code or value of %R, lowercase
%D .. Distribution name or "OpenWrt", uppercase
%d .. Distribution name or "openwrt", lowercase
%D .. Distribution name or "LEDE", uppercase
%d .. Distribution name or "lede", lowercase
%T .. Target name
%S .. Target/Subtarget name
%A .. Package architecture
%t .. Build taint flags, e.g. "no-all busybox"
%M .. Manufacturer name or "OpenWrt"
%M .. Manufacturer name or "LEDE"
%P .. Product name or "Generic"
%h .. Hardware revision or "v0"
lede/package/base-files/luci2/bin/config_generate
+1 -1
View File
@@ -311,7 +311,7 @@ generate_static_system() {
uci -q batch <<-EOF
delete system.@system[0]
add system system
set system.@system[-1].hostname='OpenWrt'
set system.@system[-1].hostname='LEDE'
set system.@system[-1].timezone='UTC'
set system.@system[-1].ttylogin='0'
set system.@system[-1].log_size='64'
lede/package/kernel/ath10k-ct/Makefile
+1 -1
View File
@@ -29,7 +29,7 @@ include $(INCLUDE_DIR)/package.mk
define KernelPackage/ath10k-ct
SUBMENU:=Wireless Drivers
TITLE:=ath10k-ct driver optimized for CT ath10k firmware
DEPENDS:=@(arm||aarch64||mips||mipsel) +kmod-mac80211 +kmod-ath +@DRIVER_11N_SUPPORT +@DRIVER_11AC_SUPPORT @PCI_SUPPORT +kmod-hwmon-core
DEPENDS:=@(TARGET_ipq40xx||TARGET_ipq806x||TARGET_qualcommax||TARGET_ath79) +kmod-mac80211 +kmod-ath +@DRIVER_11N_SUPPORT +@DRIVER_11AC_SUPPORT @PCI_SUPPORT +kmod-hwmon-core
FILES:=\
$(PKG_BUILD_DIR)/ath10k$(CT_KVER)/ath10k_pci.ko \
$(PKG_BUILD_DIR)/ath10k$(CT_KVER)/ath10k_core.ko
lede/package/kernel/linux/modules/fs.mk
-17
View File
@@ -638,23 +638,6 @@ endef
$(eval $(call KernelPackage,fs-vfat))
define KernelPackage/fs-virtiofs
SUBMENU:=$(FS_MENU)
TITLE:=Virtiofs filesystem support
DEPENDS:=+kmod-fuse
KCONFIG:=CONFIG_VIRTIO_FS
FILES:=$(LINUX_DIR)/fs/fuse/virtiofs.ko
AUTOLOAD:=$(call AutoLoad,30,virtiofs)
endef
define KernelPackage/fs-virtiofs/description
Kernel module for Virtiofs filesystem support
endef
$(eval $(call KernelPackage,fs-virtiofs))
define KernelPackage/fs-xfs
SUBMENU:=$(FS_MENU)
TITLE:=XFS filesystem support
lede/package/kernel/linux/modules/other.mk
+2
View File
@@ -762,6 +762,7 @@ define KernelPackage/mtdtests
TITLE:=MTD subsystem tests
KCONFIG:=CONFIG_MTD_TESTS
FILES:=\
$(LINUX_DIR)/drivers/mtd/tests/mtd_nandbiterrs.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_nandecctest.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_oobtest.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_pagetest.ko \
@@ -769,6 +770,7 @@ define KernelPackage/mtdtests
$(LINUX_DIR)/drivers/mtd/tests/mtd_speedtest.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_stresstest.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_subpagetest.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_test.ko \
$(LINUX_DIR)/drivers/mtd/tests/mtd_torturetest.ko
endef
lede/package/kernel/mac80211/files/lib/wifi/mac80211.sh
+1 -1
View File
@@ -181,7 +181,7 @@ detect_mac80211() {
set wireless.default_radio${devidx}.device=radio${devidx}
set wireless.default_radio${devidx}.network=lan
set wireless.default_radio${devidx}.mode=ap
set wireless.default_radio${devidx}.ssid=OpenWrt
set wireless.default_radio${devidx}.ssid=LEDE
set wireless.default_radio${devidx}.encryption=none
EOF
uci -q commit wireless
lede/package/kernel/ubnt-ledbar/Makefile
+1 -1
View File
@@ -20,7 +20,7 @@ define KernelPackage/leds-ubnt-ledbar
FILES:= \
$(PKG_BUILD_DIR)/leds-ubnt-ledbar.ko
AUTOLOAD:=$(call AutoProbe,leds-ubnt-ledbar,1)
DEPENDS:=+kmod-i2c-core
DEPENDS:=@TARGET_mediatek_mt7622||TARGET_ramips_mt7621 +kmod-i2c-core
endef
define KernelPackage/leds-ubnt-ledbar/description
lede/package/kernel/ubnt-ledbar/src/leds-ubnt-ledbar.c
+10 -32
View File
@@ -149,7 +149,6 @@ static int ubnt_ledbar_init_led(struct device_node *np, struct ubnt_ledbar *ledb
struct led_classdev *led_cdev)
{
struct led_init_data init_data = {};
int ret;
if (!np)
return 0;
@@ -158,21 +157,14 @@ static int ubnt_ledbar_init_led(struct device_node *np, struct ubnt_ledbar *ledb
led_cdev->max_brightness = UBNT_LEDBAR_MAX_BRIGHTNESS;
ret = devm_led_classdev_register_ext(&ledbar->client->dev, led_cdev,
&init_data);
if (ret)
dev_err(&ledbar->client->dev, "led register err: %d\n", ret);
return ret;
return devm_led_classdev_register_ext(&ledbar->client->dev, led_cdev, &init_data);
}
static int ubnt_ledbar_probe(struct i2c_client *client,
const struct i2c_device_id *id)
static int ubnt_ledbar_probe(struct i2c_client *client)
{
struct device_node *np = client->dev.of_node;
struct ubnt_ledbar *ledbar;
int ret;
int err;
ledbar = devm_kzalloc(&client->dev, sizeof(*ledbar), GFP_KERNEL);
if (!ledbar)
@@ -180,26 +172,22 @@ static int ubnt_ledbar_probe(struct i2c_client *client,
ledbar->enable_gpio = devm_gpiod_get(&client->dev, "enable", GPIOD_OUT_LOW);
if (IS_ERR(ledbar->enable_gpio)) {
ret = PTR_ERR(ledbar->enable_gpio);
dev_err(&client->dev, "Failed to get enable gpio: %d\n", ret);
return ret;
}
if (IS_ERR(ledbar->enable_gpio))
return dev_err_probe(&client->dev, PTR_ERR(ledbar->enable_gpio), "Failed to get enable gpio");
ledbar->reset_gpio = devm_gpiod_get_optional(&client->dev, "reset", GPIOD_OUT_LOW);
if (IS_ERR(ledbar->reset_gpio)) {
ret = PTR_ERR(ledbar->reset_gpio);
dev_err(&client->dev, "Failed to get reset gpio: %d\n", ret);
return ret;
}
if (IS_ERR(ledbar->reset_gpio))
return dev_err_probe(&client->dev, PTR_ERR(ledbar->reset_gpio), "Failed to get reset gpio");
ledbar->led_count = 1;
of_property_read_u32(np, "led-count", &ledbar->led_count);
ledbar->client = client;
mutex_init(&ledbar->lock);
err = devm_mutex_init(&client->dev, &ledbar->lock);
if (err)
return err;
i2c_set_clientdata(client, ledbar);
@@ -218,15 +206,6 @@ static int ubnt_ledbar_probe(struct i2c_client *client,
return ubnt_ledbar_apply_state(ledbar);
}
static int ubnt_ledbar_remove(struct i2c_client *client)
{
struct ubnt_ledbar *ledbar = i2c_get_clientdata(client);
mutex_destroy(&ledbar->lock);
return 0;
}
static const struct i2c_device_id ubnt_ledbar_id[] = {
{ "ubnt-ledbar", 0 },
{ }
@@ -245,7 +224,6 @@ static struct i2c_driver ubnt_ledbar_driver = {
.of_match_table = of_ubnt_ledbar_match,
},
.probe = ubnt_ledbar_probe,
.remove = ubnt_ledbar_remove,
.id_table = ubnt_ledbar_id,
};
module_i2c_driver(ubnt_ledbar_driver);
lede/package/lean/default-settings/files/zzz-default-settings
+1 -1
View File
@@ -47,7 +47,7 @@ sed -i '/option disabled/d' /etc/config/wireless
sed -i '/set wireless.radio${devidx}.disabled/d' /lib/wifi/mac80211.sh
sed -i '/DISTRIB_REVISION/d' /etc/openwrt_release
echo "DISTRIB_REVISION='R24.10.24'" >> /etc/openwrt_release
echo "DISTRIB_REVISION='R24.11.11'" >> /etc/openwrt_release
sed -i '/DISTRIB_DESCRIPTION/d' /etc/openwrt_release
echo "DISTRIB_DESCRIPTION='LEDE '" >> /etc/openwrt_release
lede/target/imagebuilder/Config.in
+1 -1
View File
@@ -1,5 +1,5 @@
config IB
bool "Build the OpenWrt Image Builder"
bool "Build the LEDE Image Builder"
depends on !EXTERNAL_TOOLCHAIN
default BUILDBOT
help
lede/target/sdk/Config.in
+1 -1
View File
@@ -1,5 +1,5 @@
config SDK
bool "Build the OpenWrt SDK"
bool "Build the LEDE SDK"
depends on !EXTERNAL_TOOLCHAIN
default BUILDBOT
help
lede/target/toolchain/Config.in
+1 -1
View File
@@ -1,5 +1,5 @@
config MAKE_TOOLCHAIN
bool "Package the OpenWrt-based Toolchain"
bool "Package the LEDE-based Toolchain"
depends on !EXTERNAL_TOOLCHAIN
default BUILDBOT
help
mihomo/adapter/adapter.go
+2
View File
@@ -165,6 +165,8 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
mapping["udp"] = p.SupportUDP()
mapping["xudp"] = p.SupportXUDP()
mapping["tfo"] = p.SupportTFO()
mapping["mptcp"] = p.SupportMPTCP()
mapping["smux"] = p.SupportSMUX()
return json.Marshal(mapping)
}
mihomo/adapter/outbound/base.go
+10
View File
@@ -95,6 +95,16 @@ func (b *Base) SupportTFO() bool {
return b.tfo
}
// SupportMPTCP implements C.ProxyAdapter
func (b *Base) SupportMPTCP() bool {
return b.mpTcp
}
// SupportSMUX implements C.ProxyAdapter
func (b *Base) SupportSMUX() bool {
return false
}
// IsL3Protocol implements C.ProxyAdapter
func (b *Base) IsL3Protocol(metadata *C.Metadata) bool {
return false
mihomo/adapter/outbound/singmux.go
+4
View File
@@ -97,6 +97,10 @@ func (s *SingMux) SupportUOT() bool {
return true
}
func (s *SingMux) SupportSMUX() bool {
return true
}
func closeSingMux(s *SingMux) {
_ = s.client.Close()
}
mihomo/adapter/outbound/wireguard.go
+14
View File
@@ -625,6 +625,20 @@ func (r *refProxyAdapter) SupportTFO() bool {
return false
}
func (r *refProxyAdapter) SupportMPTCP() bool {
if r.proxyAdapter != nil {
return r.proxyAdapter.SupportMPTCP()
}
return false
}
func (r *refProxyAdapter) SupportSMUX() bool {
if r.proxyAdapter != nil {
return r.proxyAdapter.SupportSMUX()
}
return false
}
func (r *refProxyAdapter) MarshalJSON() ([]byte, error) {
if r.proxyAdapter != nil {
return r.proxyAdapter.MarshalJSON()
mihomo/constant/adapters.go
+2
View File
@@ -106,6 +106,8 @@ type ProxyAdapter interface {
SupportUDP() bool
SupportXUDP() bool
SupportTFO() bool
SupportMPTCP() bool
SupportSMUX() bool
MarshalJSON() ([]byte, error)
// Deprecated: use DialContextWithDialer and ListenPacketWithDialer instead.
openwrt-passwall/luci-app-passwall/root/usr/share/passwall/app.sh
+5 -2
View File
@@ -208,13 +208,16 @@ check_port_exists() {
check_depends() {
local depends
local tables=${1}
local file_path="/usr/lib/opkg/info"
local file_ext=".control"
[ -d "/lib/apk/packages" ] && file_path="/lib/apk/packages" && file_ext=".list"
if [ "$tables" == "iptables" ]; then
for depends in "iptables-mod-tproxy" "iptables-mod-socket" "iptables-mod-iprange" "iptables-mod-conntrack-extra" "kmod-ipt-nat"; do
[ -s "/usr/lib/opkg/info/${depends}.control" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
[ -s "${file_path}/${depends}${file_ext}" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
done
else
for depends in "kmod-nft-socket" "kmod-nft-tproxy" "kmod-nft-nat"; do
[ -s "/usr/lib/opkg/info/${depends}.control" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
[ -s "${file_path}/${depends}${file_ext}" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
done
fi
}
openwrt-passwall/luci-app-passwall/root/usr/share/passwall/iptables.sh
+27 -22
View File
@@ -743,26 +743,31 @@ add_firewall_rule() {
ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
#分流规则的IP列表
local node_protocol=$(config_n_get $TCP_NODE protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $TCP_NODE default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $TCP_NODE $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
else
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$PROXY_IPV6" = "1" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
}
fi
}
done
fi
process_shunt_rules() {
local _node=$1
local node_protocol=$(config_n_get $_node protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $_node default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $_node $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
else
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$PROXY_IPV6" = "1" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
}
fi
}
done
fi
}
[ "$TCP_NODE" ] && process_shunt_rules $TCP_NODE
[ "$UDP_NODE" ] && [ "$TCP_UDP" = "0" ] && process_shunt_rules $UDP_NODE
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
@@ -1228,7 +1233,7 @@ del_firewall_rule() {
destroy_ipset $IPSET_LANLIST
destroy_ipset $IPSET_VPSLIST
#destroy_ipset $IPSET_SHUNTLIST
destroy_ipset $IPSET_SHUNTLIST
#destroy_ipset $IPSET_GFW
#destroy_ipset $IPSET_CHN
#destroy_ipset $IPSET_BLACKLIST
@@ -1237,7 +1242,7 @@ del_firewall_rule() {
destroy_ipset $IPSET_LANLIST6
destroy_ipset $IPSET_VPSLIST6
#destroy_ipset $IPSET_SHUNTLIST6
destroy_ipset $IPSET_SHUNTLIST6
#destroy_ipset $IPSET_GFW6
#destroy_ipset $IPSET_CHN6
#destroy_ipset $IPSET_BLACKLIST6
openwrt-passwall/luci-app-passwall/root/usr/share/passwall/nftables.sh
+27 -22
View File
@@ -829,26 +829,31 @@ add_firewall_rule() {
gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0
#分流规则的IP列表
local node_protocol=$(config_n_get $TCP_NODE protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $TCP_NODE default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $TCP_NODE $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
insert_nftset $NFTSET_WHITELIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
else
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
[ "$PROXY_IPV6" = "1" ] && {
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
}
fi
}
done
fi
process_shunt_rules() {
local _node=$1
local node_protocol=$(config_n_get $_node protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $_node default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $_node $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
insert_nftset $NFTSET_WHITELIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
else
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
[ "$PROXY_IPV6" = "1" ] && {
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
}
fi
}
done
fi
}
[ "$TCP_NODE" ] && process_shunt_rules $TCP_NODE
[ "$UDP_NODE" ] && [ "$TCP_UDP" = "0" ] && process_shunt_rules $UDP_NODE
# 忽略特殊IP段
local lan_ifname lan_ip
@@ -1295,7 +1300,7 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST
destroy_nftset $NFTSET_VPSLIST
#destroy_nftset $NFTSET_SHUNTLIST
destroy_nftset $NFTSET_SHUNTLIST
#destroy_nftset $NFTSET_GFW
#destroy_nftset $NFTSET_CHN
#destroy_nftset $NFTSET_BLACKLIST
@@ -1304,7 +1309,7 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST6
destroy_nftset $NFTSET_VPSLIST6
#destroy_nftset $NFTSET_SHUNTLIST6
destroy_nftset $NFTSET_SHUNTLIST6
#destroy_nftset $NFTSET_GFW6
#destroy_nftset $NFTSET_CHN6
#destroy_nftset $NFTSET_BLACKLIST6
shadowsocks-rust/Cargo.lock
Generated
+5 -5
View File
@@ -547,18 +547,18 @@ dependencies = [
[[package]]
name = "clap"
version = "4.5.20"
version = "4.5.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8"
checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f"
dependencies = [
"clap_builder",
]
[[package]]
name = "clap_builder"
version = "4.5.20"
version = "4.5.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54"
checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec"
dependencies = [
"anstream",
"anstyle",
@@ -4222,7 +4222,7 @@ version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
dependencies = [
"windows-sys 0.59.0",
"windows-sys 0.48.0",
]
[[package]]
sing-box/Makefile
+7 -7
View File
@@ -96,11 +96,7 @@ upload_android:
release_android: lib_android update_android_version build_android upload_android
publish_android:
cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle
publish_android_appcenter:
cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadPlayRelease
cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle && ./gradlew --stop
# TODO: find why and remove `-destination 'generic/platform=iOS'`
build_ios:
@@ -147,9 +143,13 @@ build_macos_dmg:
--hide-extension "SFM.app" \
--app-drop-link 0 0 \
--skip-jenkins \
--notarize "notarytool-password" \
"../sing-box/dist/SFM/SFM.dmg" "build/SFM.System/SFM.app"
notarize_macos_dmg:
xcrun notarytool submit "dist/SFM/SFM.dmg" --wait \
--keychain-profile "notarytool-password" \
--no-s3-acceleration
upload_macos_dmg:
cd dist/SFM && \
cp SFM.dmg "SFM-${VERSION}-universal.dmg" && \
@@ -164,7 +164,7 @@ upload_macos_dsyms:
cp SFM.dSYMs.zip "SFM-${VERSION}-universal.dSYMs.zip" && \
ghr --replace --draft --prerelease "v${VERSION}" "SFM-${VERSION}-universal.dSYMs.zip"
release_macos_standalone: build_macos_standalone build_macos_dmg upload_macos_dmg upload_macos_dsyms
release_macos_standalone: build_macos_standalone build_macos_dmg notarize_macos_dmg upload_macos_dmg upload_macos_dsyms
build_tvos:
cd ../sing-box-for-apple && \
sing-box/docs/changelog.md
+9
View File
@@ -2,6 +2,15 @@
icon: material/alert-decagram
---
#### 1.11.0-alpha.16
* Add `cache_capacity` DNS option **1**
* Fixes and improvements
**1**:
See [DNS](/configuration/dns/#cache_capacity).
#### 1.11.0-alpha.15
* Improve multi network dialing **1**
sing-box/docs/configuration/dns/index.md
+18
View File
@@ -1,3 +1,12 @@
---
icon: material/new
---
!!! quote "Changes in sing-box 1.11.0"
:material-plus: [cache_capacity](#cache_capacity)
!!! quote "Changes in sing-box 1.9.0"
:material-plus: [client_subnet](#client_subnet)
@@ -16,6 +25,7 @@
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"cache_capacity": 0,
"reverse_mapping": false,
"client_subnet": "",
"fakeip": {}
@@ -58,6 +68,14 @@ Disable dns cache expire.
Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.
#### cache_capacity
!!! quote "Since sing-box 1.11.0"
LRU cache capacity.
Value less than 1024 will be ignored.
#### reverse_mapping
Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.
sing-box/docs/configuration/dns/index.zh.md
+18 -1
View File
@@ -1,4 +1,12 @@
!!! quote "sing-box 1.9.0 中的更改"
---
icon: material/new
---
!!! quote "自 sing-box 1.11.0 起"
:material-plus: [cache_capacity](#cache_capacity)
!!! quote "自 sing-box 1.9.0 起"
:material-plus: [client_subnet](#client_subnet)
@@ -16,6 +24,7 @@
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"cache_capacity": 0,
"reverse_mapping": false,
"client_subnet": "",
"fakeip": {}
@@ -57,6 +66,14 @@
使每个 DNS 服务器的缓存独立,以满足特殊目的。如果启用,将轻微降低性能。
#### cache_capacity
!!! quote "自 sing-box 1.11.0 起"
LRU 缓存容量。
小于 1024 的值将被忽略。
#### reverse_mapping
在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
sing-box/go.mod
+2 -2
View File
@@ -25,8 +25,8 @@ require (
github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3
github.com/sagernet/quic-go v0.48.1-beta.1
github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
github.com/sagernet/sing v0.6.0-alpha.9
github.com/sagernet/sing-dns v0.4.0-alpha.1
github.com/sagernet/sing v0.6.0-alpha.9.0.20241114050315-4d3f04d2ed9b
github.com/sagernet/sing-dns v0.4.0-alpha.1.0.20241114050436-c6f02f9bdd5c
github.com/sagernet/sing-mux v0.3.0-alpha.1
github.com/sagernet/sing-quic v0.3.0-rc.2
github.com/sagernet/sing-shadowsocks v0.2.7
sing-box/go.sum
+4 -4
View File
@@ -110,10 +110,10 @@ github.com/sagernet/quic-go v0.48.1-beta.1/go.mod h1:1WgdDIVD1Gybp40JTWketeSfKA/
github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc=
github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
github.com/sagernet/sing v0.2.18/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo=
github.com/sagernet/sing v0.6.0-alpha.9 h1:tOeHdRECQwe9R/1edVHbckF/IBoJoGzqhHRnHsNAQb8=
github.com/sagernet/sing v0.6.0-alpha.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
github.com/sagernet/sing-dns v0.4.0-alpha.1 h1:2KlP8DeqtGkULFiZtvG2r7SuoJP6orANFzJwC5vDKvg=
github.com/sagernet/sing-dns v0.4.0-alpha.1/go.mod h1:vgHATsm4wdymwpvBZPei8RY+546iGXS6hlWv2x6YKcM=
github.com/sagernet/sing v0.6.0-alpha.9.0.20241114050315-4d3f04d2ed9b h1:9uCKmb7UsGQpVM0qAOTQXk4dQBhmJc6PC5pyxT2hxWU=
github.com/sagernet/sing v0.6.0-alpha.9.0.20241114050315-4d3f04d2ed9b/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
github.com/sagernet/sing-dns v0.4.0-alpha.1.0.20241114050436-c6f02f9bdd5c h1:2gDzgQ6PBEfj/Cr9itS7XE/w9ya6l/EzJXIzBXb0vXU=
github.com/sagernet/sing-dns v0.4.0-alpha.1.0.20241114050436-c6f02f9bdd5c/go.mod h1:MSv9hJRUrIi35pvlSTgrwWFl/owYyUhpV+m4d9YkteI=
github.com/sagernet/sing-mux v0.3.0-alpha.1 h1:IgNX5bJBpL41gGbp05pdDOvh/b5eUQ6cv9240+Ngipg=
github.com/sagernet/sing-mux v0.3.0-alpha.1/go.mod h1:FTcImmdfW38Lz7b+HQ+mxxOth1lz4ao8uEnz+MwIJQE=
github.com/sagernet/sing-quic v0.3.0-rc.2 h1:7vcC4bdS1GBJzHZhfmJiH0CfzQ4mYLUW51Z2RNHcGwc=
sing-box/option/dns.go
+1
View File
@@ -31,6 +31,7 @@ type DNSClientOptions struct {
DisableCache bool `json:"disable_cache,omitempty"`
DisableExpire bool `json:"disable_expire,omitempty"`
IndependentCache bool `json:"independent_cache,omitempty"`
CacheCapacity uint32 `json:"cache_capacity,omitempty"`
ClientSubnet *badoption.Prefixable `json:"client_subnet,omitempty"`
}
sing-box/option/rule_dns.go
+1 -1
View File
@@ -146,7 +146,7 @@ type LogicalDNSRule struct {
DNSRuleAction
}
func (r *LogicalDNSRule) MarshalJSON() ([]byte, error) {
func (r LogicalDNSRule) MarshalJSON() ([]byte, error) {
return badjson.MarshallObjects(r.RawLogicalDNSRule, r.DNSRuleAction)
}
sing-box/route/router.go
+1
View File
@@ -96,6 +96,7 @@ func NewRouter(ctx context.Context, logFactory log.Factory, options option.Route
DisableCache: dnsOptions.DNSClientOptions.DisableCache,
DisableExpire: dnsOptions.DNSClientOptions.DisableExpire,
IndependentCache: dnsOptions.DNSClientOptions.IndependentCache,
CacheCapacity: dnsOptions.DNSClientOptions.CacheCapacity,
RDRC: func() dns.RDRCStore {
cacheFile := service.FromContext[adapter.CacheFile](ctx)
if cacheFile == nil {
small/luci-app-passwall/root/usr/share/passwall/app.sh
+5 -2
View File
@@ -208,13 +208,16 @@ check_port_exists() {
check_depends() {
local depends
local tables=${1}
local file_path="/usr/lib/opkg/info"
local file_ext=".control"
[ -d "/lib/apk/packages" ] && file_path="/lib/apk/packages" && file_ext=".list"
if [ "$tables" == "iptables" ]; then
for depends in "iptables-mod-tproxy" "iptables-mod-socket" "iptables-mod-iprange" "iptables-mod-conntrack-extra" "kmod-ipt-nat"; do
[ -s "/usr/lib/opkg/info/${depends}.control" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
[ -s "${file_path}/${depends}${file_ext}" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
done
else
for depends in "kmod-nft-socket" "kmod-nft-tproxy" "kmod-nft-nat"; do
[ -s "/usr/lib/opkg/info/${depends}.control" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
[ -s "${file_path}/${depends}${file_ext}" ] || echolog "$tables透明代理基础依赖 $depends 未安装..."
done
fi
}
small/luci-app-passwall/root/usr/share/passwall/iptables.sh
+27 -22
View File
@@ -743,26 +743,31 @@ add_firewall_rule() {
ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
#分流规则的IP列表
local node_protocol=$(config_n_get $TCP_NODE protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $TCP_NODE default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $TCP_NODE $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
else
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$PROXY_IPV6" = "1" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
}
fi
}
done
fi
process_shunt_rules() {
local _node=$1
local node_protocol=$(config_n_get $_node protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $_node default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $_node $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
else
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$PROXY_IPV6" = "1" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
}
fi
}
done
fi
}
[ "$TCP_NODE" ] && process_shunt_rules $TCP_NODE
[ "$UDP_NODE" ] && [ "$TCP_UDP" = "0" ] && process_shunt_rules $UDP_NODE
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
@@ -1228,7 +1233,7 @@ del_firewall_rule() {
destroy_ipset $IPSET_LANLIST
destroy_ipset $IPSET_VPSLIST
#destroy_ipset $IPSET_SHUNTLIST
destroy_ipset $IPSET_SHUNTLIST
#destroy_ipset $IPSET_GFW
#destroy_ipset $IPSET_CHN
#destroy_ipset $IPSET_BLACKLIST
@@ -1237,7 +1242,7 @@ del_firewall_rule() {
destroy_ipset $IPSET_LANLIST6
destroy_ipset $IPSET_VPSLIST6
#destroy_ipset $IPSET_SHUNTLIST6
destroy_ipset $IPSET_SHUNTLIST6
#destroy_ipset $IPSET_GFW6
#destroy_ipset $IPSET_CHN6
#destroy_ipset $IPSET_BLACKLIST6
small/luci-app-passwall/root/usr/share/passwall/nftables.sh
+27 -22
View File
@@ -829,26 +829,31 @@ add_firewall_rule() {
gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0
#分流规则的IP列表
local node_protocol=$(config_n_get $TCP_NODE protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $TCP_NODE default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $TCP_NODE $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
insert_nftset $NFTSET_WHITELIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
else
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
[ "$PROXY_IPV6" = "1" ] && {
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
}
fi
}
done
fi
process_shunt_rules() {
local _node=$1
local node_protocol=$(config_n_get $_node protocol)
if [ "$node_protocol" = "_shunt" ]; then
local default_node_id=$(config_n_get $_node default_node "_direct")
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local _node_id=$(config_n_get $_node $shunt_id "nil")
[ "$_node_id" != "nil" ] && {
[ "$_node_id" = "_default" ] && _node_id=$default_node_id
if [ "$_node_id" = "_direct" ]; then
insert_nftset $NFTSET_WHITELIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
else
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
[ "$PROXY_IPV6" = "1" ] && {
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
}
fi
}
done
fi
}
[ "$TCP_NODE" ] && process_shunt_rules $TCP_NODE
[ "$UDP_NODE" ] && [ "$TCP_UDP" = "0" ] && process_shunt_rules $UDP_NODE
# 忽略特殊IP段
local lan_ifname lan_ip
@@ -1295,7 +1300,7 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST
destroy_nftset $NFTSET_VPSLIST
#destroy_nftset $NFTSET_SHUNTLIST
destroy_nftset $NFTSET_SHUNTLIST
#destroy_nftset $NFTSET_GFW
#destroy_nftset $NFTSET_CHN
#destroy_nftset $NFTSET_BLACKLIST
@@ -1304,7 +1309,7 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST6
destroy_nftset $NFTSET_VPSLIST6
#destroy_nftset $NFTSET_SHUNTLIST6
destroy_nftset $NFTSET_SHUNTLIST6
#destroy_nftset $NFTSET_GFW6
#destroy_nftset $NFTSET_CHN6
#destroy_nftset $NFTSET_BLACKLIST6
small/v2ray-geodata/Makefile
+2 -2
View File
@@ -12,13 +12,13 @@ PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
include $(INCLUDE_DIR)/package.mk
GEOIP_VER:=202411070052
GEOIP_VER:=202411140052
GEOIP_FILE:=geoip.dat.$(GEOIP_VER)
define Download/geoip
URL:=https://github.com/v2fly/geoip/releases/download/$(GEOIP_VER)/
URL_FILE:=geoip.dat
FILE:=$(GEOIP_FILE)
HASH:=719260cdfc5b8d88e51a52d91cf5c9f8e89bdcc1820ba556bf1c8a10152f8496
HASH:=c9114fd3157e44f1234976a3cba6d8ffee28fb8331890f0909d64e5b6677494e
endef
GEOSITE_VER:=20241112092643
v2rayn/v2rayN/ServiceLib/Global.cs
+4 -3
View File
@@ -187,6 +187,7 @@
public static readonly List<string> DomainMatchers = new() { "linear", "mph", "" };
public static readonly List<string> Fingerprints = new() { "chrome", "firefox", "safari", "ios", "android", "edge", "360", "qq", "random", "randomized", "" };
public static readonly List<string> UserAgent = new() { "chrome", "firefox", "safari", "edge", "none" };
public static readonly List<string> XhttpMode = new() { "auto", "packet-up", "stream-up" };
public static readonly List<string> AllowInsecure = new() { "true", "false", "" };
public static readonly List<string> DomainStrategy4Freedoms = new() { "AsIs", "UseIP", "UseIPv4", "UseIPv6", "" };
@@ -206,9 +207,9 @@
public static readonly List<string> SingboxMuxs = new() { "h2mux", "smux", "yamux", "" };
public static readonly List<string> TuicCongestionControls = new() { "cubic", "new_reno", "bbr" };
public static readonly List<string> allowSelectType = new List<string> { "selector", "urltest", "loadbalance", "fallback" };
public static readonly List<string> notAllowTestType = new List<string> { "selector", "urltest", "direct", "reject", "compatible", "pass", "loadbalance", "fallback" };
public static readonly List<string> proxyVehicleType = new List<string> { "file", "http" };
public static readonly List<string> allowSelectType = new() { "selector", "urltest", "loadbalance", "fallback" };
public static readonly List<string> notAllowTestType = new() { "selector", "urltest", "direct", "reject", "compatible", "pass", "loadbalance", "fallback" };
public static readonly List<string> proxyVehicleType = new() { "file", "http" };
#endregion const
}
v2rayn/v2rayN/ServiceLib/Handler/ConfigHandler.cs
+1
View File
@@ -240,6 +240,7 @@ namespace ServiceLib.Handler
item.PublicKey = profileItem.PublicKey;
item.ShortId = profileItem.ShortId;
item.SpiderX = profileItem.SpiderX;
item.Extra = profileItem.Extra;
}
var ret = item.ConfigType switch
v2rayn/v2rayN/ServiceLib/Handler/Fmt/BaseFmt.cs
+24
View File
@@ -83,6 +83,16 @@ namespace ServiceLib.Handler.Fmt
case nameof(ETransport.ws):
case nameof(ETransport.httpupgrade):
if (Utils.IsNotEmpty(item.RequestHost))
{
dicQuery.Add("host", Utils.UrlEncode(item.RequestHost));
}
if (Utils.IsNotEmpty(item.Path))
{
dicQuery.Add("path", Utils.UrlEncode(item.Path));
}
break;
case nameof(ETransport.splithttp):
case nameof(ETransport.xhttp):
if (Utils.IsNotEmpty(item.RequestHost))
@@ -93,6 +103,14 @@ namespace ServiceLib.Handler.Fmt
{
dicQuery.Add("path", Utils.UrlEncode(item.Path));
}
if (Utils.IsNotEmpty(item.HeaderType) && Global.XhttpMode.Contains(item.HeaderType))
{
dicQuery.Add("mode", Utils.UrlEncode(item.HeaderType));
}
if (Utils.IsNotEmpty(item.Extra))
{
dicQuery.Add("extra", Utils.UrlEncode(item.Extra));
}
break;
case nameof(ETransport.http):
@@ -157,10 +175,16 @@ namespace ServiceLib.Handler.Fmt
case nameof(ETransport.ws):
case nameof(ETransport.httpupgrade):
item.RequestHost = Utils.UrlDecode(query["host"] ?? "");
item.Path = Utils.UrlDecode(query["path"] ?? "/");
break;
case nameof(ETransport.splithttp):
case nameof(ETransport.xhttp):
item.RequestHost = Utils.UrlDecode(query["host"] ?? "");
item.Path = Utils.UrlDecode(query["path"] ?? "/");
item.HeaderType = Utils.UrlDecode(query["mode"] ?? "");
item.Extra = Utils.UrlDecode(query["extra"] ?? "");
break;
case nameof(ETransport.http):
v2rayn/v2rayN/ServiceLib/Models/ProfileItem.cs
+13 -31
View File
@@ -30,44 +30,25 @@ namespace ServiceLib.Models
public string GetSummary()
{
string summary = string.Format("[{0}] ", (ConfigType).ToString());
string[] arrAddr = Address.Split('.');
string addr;
if (arrAddr.Length > 2)
var summary = $"[{(ConfigType).ToString()}] ";
var arrAddr = Address.Split('.');
var addr = arrAddr.Length switch
{
addr = $"{arrAddr.First()}***{arrAddr.Last()}";
}
else if (arrAddr.Length > 1)
> 2 => $"{arrAddr.First()}***{arrAddr.Last()}",
> 1 => $"***{arrAddr.Last()}",
_ => Address
};
summary += ConfigType switch
{
addr = $"***{arrAddr.Last()}";
}
else
{
addr = Address;
}
switch (ConfigType)
{
case EConfigType.Custom:
summary += string.Format("[{1}]{0}", Remarks, CoreType.ToString());
break;
default:
summary += string.Format("{0}({1}:{2})", Remarks, addr, Port);
break;
}
EConfigType.Custom => $"[{CoreType.ToString()}]{Remarks}",
_ => $"{Remarks}({addr}:{Port})"
};
return summary;
}
public List<string>? GetAlpn()
{
if (Utils.IsNullOrEmpty(Alpn))
{
return null;
}
else
{
return Utils.String2List(Alpn);
}
return Utils.IsNullOrEmpty(Alpn) ? null : Utils.String2List(Alpn);
}
public string GetNetwork()
@@ -110,5 +91,6 @@ namespace ServiceLib.Models
public string PublicKey { get; set; }
public string ShortId { get; set; }
public string SpiderX { get; set; }
public string Extra { get; set; }
}
}
v2rayn/v2rayN/ServiceLib/Models/V2rayConfig.cs
+2
View File
@@ -348,10 +348,12 @@ namespace ServiceLib.Models
{
public string? path { get; set; }
public string? host { get; set; }
public string? mode { get; set; }
public string? scMaxEachPostBytes { get; set; }
public string? scMaxConcurrentPosts { get; set; }
public string? scMinPostsIntervalMs { get; set; }
public Xmux4Ray? xmux { get; set; }
public object? extra { get; set; }
}
public class Xmux4Ray
v2rayn/v2rayN/ServiceLib/Resx/ResUI.Designer.cs
Generated
+18
View File
@@ -3697,6 +3697,15 @@ namespace ServiceLib.Resx {
}
}
/// <summary>
/// 查找类似 XHTTP Extra raw JSON, format: { XHTTPObject } 的本地化字符串。
/// </summary>
public static string TransportExtraTip {
get {
return ResourceManager.GetString("TransportExtraTip", resourceCulture);
}
}
/// <summary>
/// 查找类似 *tcp camouflage type 的本地化字符串。
/// </summary>
@@ -3733,6 +3742,15 @@ namespace ServiceLib.Resx {
}
}
/// <summary>
/// 查找类似 *xhttp mode 的本地化字符串。
/// </summary>
public static string TransportHeaderTypeTip5 {
get {
return ResourceManager.GetString("TransportHeaderTypeTip5", resourceCulture);
}
}
/// <summary>
/// 查找类似 *ws/httpupgrade/xhttp path 的本地化字符串。
/// </summary>
v2rayn/v2rayN/ServiceLib/Resx/ResUI.fa-Ir.resx
+6
View File
@@ -1381,4 +1381,10 @@
<data name="TbSettingsLinuxSudoPasswordNotSudoRunApp" xml:space="preserve">
<value>Please do not run this app with sudo</value>
</data>
<data name="TransportHeaderTypeTip5" xml:space="preserve">
<value>*xhttp mode</value>
</data>
<data name="TransportExtraTip" xml:space="preserve">
<value>XHTTP Extra raw JSON, format: { XHTTPObject }</value>
</data>
</root>
v2rayn/v2rayN/ServiceLib/Resx/ResUI.resx
+6
View File
@@ -1381,4 +1381,10 @@
<data name="TbSettingsLinuxSudoPasswordNotSudoRunApp" xml:space="preserve">
<value>Please do not run this app with sudo</value>
</data>
<data name="TransportHeaderTypeTip5" xml:space="preserve">
<value>*xhttp mode</value>
</data>
<data name="TransportExtraTip" xml:space="preserve">
<value>XHTTP Extra raw JSON, format: { XHTTPObject }</value>
</data>
</root>
v2rayn/v2rayN/ServiceLib/Resx/ResUI.ru.resx
+6
View File
@@ -1381,4 +1381,10 @@
<data name="TbSettingsLinuxSudoPasswordNotSudoRunApp" xml:space="preserve">
<value>Please do not run this app with sudo</value>
</data>
<data name="TransportHeaderTypeTip5" xml:space="preserve">
<value>*xhttp mode</value>
</data>
<data name="TransportExtraTip" xml:space="preserve">
<value>XHTTP Extra raw JSON, format: { XHTTPObject }</value>
</data>
</root>
v2rayn/v2rayN/ServiceLib/Resx/ResUI.zh-Hans.resx
+6
View File
@@ -1378,4 +1378,10 @@
<data name="TbSettingsLinuxSudoPasswordNotSudoRunApp" xml:space="preserve">
<value>请不要用sudo运行本app</value>
</data>
<data name="TransportHeaderTypeTip5" xml:space="preserve">
<value>*xhttp 模式</value>
</data>
<data name="TransportExtraTip" xml:space="preserve">
<value>XHTTP Extra 原始 JSON,格式: { XHTTPObject }</value>
</data>
</root>
v2rayn/v2rayN/ServiceLib/Resx/ResUI.zh-Hant.resx
+7 -1
View File
@@ -1366,7 +1366,7 @@
<data name="TbPath7" xml:space="preserve">
<value>混淆密碼(obfs password)</value>
</data>
<data name="TbSettingsLinuxSudoPassword" xml:space="preserve">
<data name="TbSettingsLinuxSudoPassword" xml:space="preserve">
<value>Linux系統的sudo密碼</value>
</data>
<data name="TbSettingsLinuxSudoPasswordTip" xml:space="preserve">
@@ -1378,4 +1378,10 @@
<data name="TbSettingsLinuxSudoPasswordNotSudoRunApp" xml:space="preserve">
<value>請不要用sudo來運行本app</value>
</data>
<data name="TransportHeaderTypeTip5" xml:space="preserve">
<value>*xhttp 模式</value>
</data>
<data name="TransportExtraTip" xml:space="preserve">
<value>XHTTP Extra 原始 JSON,格式: { XHTTPObject }</value>
</data>
</root>
v2rayn/v2rayN/ServiceLib/ServiceLib.csproj
+1 -1
View File
@@ -4,7 +4,7 @@
<TargetFramework>net8.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<Version>7.0.9</Version>
<Version>7.1.0</Version>
</PropertyGroup>
<ItemGroup>
v2rayn/v2rayN/ServiceLib/Services/CoreConfig/CoreConfigV2rayService.cs
+9
View File
@@ -945,6 +945,15 @@ namespace ServiceLib.Services.CoreConfig
{
xhttpSettings.host = host;
}
if (Utils.IsNotEmpty(node.HeaderType) && Global.XhttpMode.Contains(node.HeaderType))
{
xhttpSettings.mode = node.HeaderType;
}
if (Utils.IsNotEmpty(node.Extra))
{
xhttpSettings.extra = JsonUtils.ParseJson(node.Extra);
}
streamSettings.xhttpSettings = xhttpSettings;
break;
v2rayn/v2rayN/v2rayN.Desktop/Views/AddServerWindow.axaml
+49 -11
View File
@@ -112,7 +112,7 @@
x:Name="txtPort"
Grid.Row="3"
Grid.Column="1"
Width="100"
Width="200"
HorizontalAlignment="Left"
Classes="Margin8" />
</Grid>
@@ -164,7 +164,7 @@
x:Name="txtAlterId"
Grid.Row="2"
Grid.Column="1"
Width="100"
Width="200"
HorizontalAlignment="Left"
Classes="Margin8" />
@@ -458,7 +458,7 @@
x:Name="cmbHeaderType8"
Grid.Row="3"
Grid.Column="1"
Width="100"
Width="200"
Classes="Margin8" />
</Grid>
<Grid
@@ -541,7 +541,7 @@
x:Name="txtShortId9"
Grid.Row="5"
Grid.Column="1"
Width="100"
Width="200"
HorizontalAlignment="Left"
Classes="Margin8" />
</Grid>
@@ -584,7 +584,7 @@
x:Name="cmbNetwork"
Grid.Row="1"
Grid.Column="1"
Width="100"
Width="200"
Classes="Margin8" />
<TextBlock
Grid.Row="1"
@@ -600,12 +600,50 @@
VerticalAlignment="Center"
Classes="Margin8"
Text="{x:Static resx:ResUI.TbHeaderType}" />
<ComboBox
x:Name="cmbHeaderType"
<StackPanel
Grid.Row="2"
Grid.Column="1"
Width="100"
Classes="Margin8" />
VerticalAlignment="Center"
Orientation="Horizontal">
<ComboBox
x:Name="cmbHeaderType"
Width="200"
Classes="Margin8" />
<Button
x:Name="btnExtra"
Width="30"
Height="30"
Margin="10,0"
Theme="{DynamicResource BorderlessButton}">
<Button.Content>
<PathIcon
Width="20"
Height="20"
Data="{StaticResource building_more}"
Foreground="{DynamicResource ButtonDefaultTertiaryForeground}" />
</Button.Content>
<Button.Flyout>
<Flyout>
<StackPanel>
<TextBlock
VerticalAlignment="Center"
Classes="Margin8"
Text="{x:Static resx:ResUI.TransportExtraTip}" />
<TextBox
x:Name="txtExtra"
Width="400"
MinHeight="100"
HorizontalAlignment="Stretch"
VerticalAlignment="Center"
Classes="TextArea Margin8"
MinLines="6"
TextWrapping="Wrap" />
</StackPanel>
</Flyout>
</Button.Flyout>
</Button>
</StackPanel>
<TextBlock
x:Name="tipHeaderType"
Grid.Row="2"
@@ -680,7 +718,7 @@
x:Name="cmbStreamSecurity"
Grid.Row="0"
Grid.Column="1"
Width="100"
Width="200"
Classes="Margin8" />
</Grid>
<Grid
@@ -749,7 +787,7 @@
x:Name="cmbAllowInsecure"
Grid.Row="4"
Grid.Column="1"
Width="100"
Width="200"
Classes="Margin8" />
</Grid>
<Grid
v2rayn/v2rayN/v2rayN.Desktop/Views/AddServerWindow.axaml.cs
+17 -1
View File
@@ -208,7 +208,8 @@ namespace v2rayN.Desktop.Views
this.Bind(ViewModel, vm => vm.SelectedSource.HeaderType, v => v.cmbHeaderType.SelectedValue).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.RequestHost, v => v.txtRequestHost.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.Path, v => v.txtPath.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.Extra, v => v.txtExtra.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.StreamSecurity, v => v.cmbStreamSecurity.SelectedValue).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.Sni, v => v.txtSNI.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.AllowInsecure, v => v.cmbAllowInsecure.SelectedValue).DisposeWith(disposables);
@@ -299,6 +300,13 @@ namespace v2rayN.Desktop.Views
cmbHeaderType.Items.Add(it);
});
}
else if (network is nameof(ETransport.splithttp) or nameof(ETransport.xhttp))
{
Global.XhttpMode.ForEach(it =>
{
cmbHeaderType.Items.Add(it);
});
}
else if (network == nameof(ETransport.grpc))
{
cmbHeaderType.Items.Add(Global.GrpcGunMode);
@@ -319,6 +327,7 @@ namespace v2rayN.Desktop.Views
network = Global.DefaultNetwork;
}
labHeaderType.IsVisible = true;
btnExtra.IsVisible = false;
tipRequestHost.Text =
tipPath.Text =
tipHeaderType.Text = string.Empty;
@@ -337,10 +346,17 @@ namespace v2rayN.Desktop.Views
case nameof(ETransport.ws):
case nameof(ETransport.httpupgrade):
tipRequestHost.Text = ResUI.TransportRequestHostTip2;
tipPath.Text = ResUI.TransportPathTip1;
break;
case nameof(ETransport.splithttp):
case nameof(ETransport.xhttp):
tipRequestHost.Text = ResUI.TransportRequestHostTip2;
tipPath.Text = ResUI.TransportPathTip1;
tipHeaderType.Text = ResUI.TransportHeaderTypeTip5;
labHeaderType.IsVisible = false;
btnExtra.IsVisible = true;
break;
case nameof(ETransport.h2):
v2rayn/v2rayN/v2rayN.Desktop/Views/ProfilesView.axaml.cs
+1 -1
View File
@@ -198,7 +198,7 @@ namespace v2rayN.Desktop.Views
private void LstProfiles_DoubleTapped(object? sender, Avalonia.Input.TappedEventArgs e)
{
var source = e.Source as Border;
if (source == null || source.Name != "CellBorder") return;
if (source?.Name == "HeaderBackground") return;
if (_config.UiItem.DoubleClick2Activate)
{
ViewModel?.SetDefaultServer();
v2rayn/v2rayN/v2rayN.Desktop/Views/SubEditWindow.axaml
+35 -18
View File
@@ -95,6 +95,41 @@
Classes="Margin8"
TextWrapping="Wrap"
Watermark="{x:Static resx:ResUI.SubUrlTips}" />
<Button
Grid.Row="2"
Grid.Column="2"
Width="30"
Height="30"
Margin="10,0"
Theme="{DynamicResource BorderlessButton}">
<Button.Content>
<PathIcon
Width="20"
Height="20"
Data="{StaticResource building_more}"
Foreground="{DynamicResource ButtonDefaultTertiaryForeground}" />
</Button.Content>
<Button.Flyout>
<Flyout>
<StackPanel>
<TextBlock
VerticalAlignment="Center"
Classes="Margin8"
Text="{x:Static resx:ResUI.LvMoreUrl}" />
<TextBox
x:Name="txtMoreUrl"
Width="400"
MinHeight="100"
HorizontalAlignment="Stretch"
VerticalAlignment="Center"
Classes="TextArea Margin8"
MinLines="4"
TextWrapping="Wrap"
Watermark="{x:Static resx:ResUI.SubUrlTips}" />
</StackPanel>
</Flyout>
</Button.Flyout>
</Button>
<TextBlock
Grid.Row="3"
@@ -245,24 +280,6 @@
Classes="Margin8"
TextWrapping="Wrap" />
<TextBlock
Grid.Row="13"
Grid.Column="0"
Grid.ColumnSpan="2"
VerticalAlignment="Center"
Classes="Margin8"
Text="{x:Static resx:ResUI.LvMoreUrl}" />
<TextBox
x:Name="txtMoreUrl"
Grid.Row="14"
Grid.Column="1"
MinHeight="100"
HorizontalAlignment="Stretch"
VerticalAlignment="Center"
Classes="TextArea Margin8"
MinLines="4"
TextWrapping="Wrap"
Watermark="{x:Static resx:ResUI.SubUrlTips}" />
</Grid>
</ScrollViewer>
</DockPanel>
v2rayn/v2rayN/v2rayN/Views/AddServerWindow.xaml
+46 -12
View File
@@ -17,6 +17,13 @@
Style="{StaticResource WindowGlobal}"
WindowStartupLocation="CenterScreen"
mc:Ignorable="d">
<Window.Resources>
<ResourceDictionary>
<ResourceDictionary.MergedDictionaries>
<ResourceDictionary Source="pack://application:,,,/MaterialDesignThemes.Wpf;component/Themes/MaterialDesignTheme.Popupbox.xaml" />
</ResourceDictionary.MergedDictionaries>
</ResourceDictionary>
</Window.Resources>
<DockPanel Margin="{StaticResource Margin8}">
<StackPanel
Margin="{StaticResource Margin4}"
@@ -128,7 +135,7 @@
x:Name="txtPort"
Grid.Row="3"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
HorizontalAlignment="Left"
Style="{StaticResource DefTextBox}" />
@@ -188,7 +195,7 @@
x:Name="txtAlterId"
Grid.Row="2"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
HorizontalAlignment="Left"
Style="{StaticResource DefTextBox}" />
@@ -513,7 +520,7 @@
x:Name="cmbHeaderType8"
Grid.Row="3"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
Style="{StaticResource DefComboBox}" />
</Grid>
@@ -606,7 +613,7 @@
x:Name="txtShortId9"
Grid.Row="5"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
HorizontalAlignment="Left"
Style="{StaticResource DefTextBox}" />
@@ -653,7 +660,7 @@
x:Name="cmbNetwork"
Grid.Row="1"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
Style="{StaticResource DefComboBox}" />
<TextBlock
@@ -672,13 +679,40 @@
VerticalAlignment="Center"
Style="{StaticResource ToolbarTextBlock}"
Text="{x:Static resx:ResUI.TbHeaderType}" />
<ComboBox
x:Name="cmbHeaderType"
<StackPanel
Grid.Row="2"
Grid.Column="1"
Width="100"
Margin="{StaticResource Margin4}"
Style="{StaticResource DefComboBox}" />
VerticalAlignment="Center"
Orientation="Horizontal">
<ComboBox
x:Name="cmbHeaderType"
Width="200"
Margin="{StaticResource Margin4}"
Style="{StaticResource DefComboBox}" />
<materialDesign:PopupBox
x:Name="popExtra"
HorizontalAlignment="Right"
StaysOpen="True"
Style="{StaticResource MaterialDesignToolForegroundPopupBox}">
<StackPanel>
<TextBlock
Margin="{StaticResource Margin4}"
VerticalAlignment="Center"
Style="{StaticResource ToolbarTextBlock}"
Text="{x:Static resx:ResUI.TransportExtraTip}" />
<TextBox
x:Name="txtExtra"
Width="400"
Margin="{StaticResource Margin4}"
VerticalAlignment="Top"
AcceptsReturn="True"
MinLines="6"
Style="{StaticResource MyOutlinedTextBox}"
TextWrapping="Wrap" />
</StackPanel>
</materialDesign:PopupBox>
</StackPanel>
<TextBlock
x:Name="tipHeaderType"
Grid.Row="2"
@@ -764,7 +798,7 @@
x:Name="cmbStreamSecurity"
Grid.Row="0"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
Style="{StaticResource DefComboBox}" />
</Grid>
@@ -842,7 +876,7 @@
x:Name="cmbAllowInsecure"
Grid.Row="4"
Grid.Column="1"
Width="100"
Width="200"
Margin="{StaticResource Margin4}"
Style="{StaticResource DefComboBox}" />
</Grid>
v2rayn/v2rayN/v2rayN/Views/AddServerWindow.xaml.cs
+17 -1
View File
@@ -202,7 +202,8 @@ namespace v2rayN.Views
this.Bind(ViewModel, vm => vm.SelectedSource.HeaderType, v => v.cmbHeaderType.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.RequestHost, v => v.txtRequestHost.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.Path, v => v.txtPath.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.Extra, v => v.txtExtra.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.StreamSecurity, v => v.cmbStreamSecurity.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.Sni, v => v.txtSNI.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.AllowInsecure, v => v.cmbAllowInsecure.Text).DisposeWith(disposables);
@@ -294,6 +295,13 @@ namespace v2rayN.Views
cmbHeaderType.Items.Add(it);
});
}
else if (network is nameof(ETransport.splithttp) or nameof(ETransport.xhttp))
{
Global.XhttpMode.ForEach(it =>
{
cmbHeaderType.Items.Add(it);
});
}
else if (network == nameof(ETransport.grpc))
{
cmbHeaderType.Items.Add(Global.GrpcGunMode);
@@ -314,6 +322,7 @@ namespace v2rayN.Views
network = Global.DefaultNetwork;
}
labHeaderType.Visibility = Visibility.Visible;
popExtra.Visibility = Visibility.Hidden;
tipRequestHost.Text =
tipPath.Text =
tipHeaderType.Text = string.Empty;
@@ -332,10 +341,17 @@ namespace v2rayN.Views
case nameof(ETransport.ws):
case nameof(ETransport.httpupgrade):
tipRequestHost.Text = ResUI.TransportRequestHostTip2;
tipPath.Text = ResUI.TransportPathTip1;
break;
case nameof(ETransport.splithttp):
case nameof(ETransport.xhttp):
tipRequestHost.Text = ResUI.TransportRequestHostTip2;
tipPath.Text = ResUI.TransportPathTip1;
tipHeaderType.Text = ResUI.TransportHeaderTypeTip5;
labHeaderType.Visibility = Visibility.Hidden;
popExtra.Visibility = Visibility.Visible;
break;
case nameof(ETransport.h2):
xray-core/infra/conf/dns_test.go
-20
View File
@@ -2,35 +2,15 @@ package conf_test
import (
"encoding/json"
"os"
"path/filepath"
"testing"
"github.com/xtls/xray-core/app/dns"
"github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/net"
"github.com/xtls/xray-core/common/platform"
"github.com/xtls/xray-core/common/platform/filesystem"
. "github.com/xtls/xray-core/infra/conf"
"google.golang.org/protobuf/proto"
)
func init() {
wd, err := os.Getwd()
common.Must(err)
if _, err := os.Stat(platform.GetAssetLocation("geoip.dat")); err != nil && os.IsNotExist(err) {
common.Must(filesystem.CopyFile(platform.GetAssetLocation("geoip.dat"), filepath.Join(wd, "..", "..", "resources", "geoip.dat")))
}
os.Setenv("xray.location.asset", wd)
}
func TestDNSConfigParsing(t *testing.T) {
defer func() {
os.Unsetenv("xray.location.asset")
}()
parserCreator := func() func(string) (proto.Message, error) {
return func(s string) (proto.Message, error) {
config := new(DNSConfig)
xray-core/infra/conf/router_test.go
+34 -10
View File
@@ -2,6 +2,7 @@ package conf_test
import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"testing"
@@ -18,21 +19,44 @@ import (
"google.golang.org/protobuf/proto"
)
func init() {
wd, err := os.Getwd()
common.Must(err)
if _, err := os.Stat(platform.GetAssetLocation("geoip.dat")); err != nil && os.IsNotExist(err) {
common.Must(filesystem.CopyFile(platform.GetAssetLocation("geoip.dat"), filepath.Join(wd, "..", "..", "resources", "geoip.dat")))
func getAssetPath(file string) (string, error) {
path := platform.GetAssetLocation(file)
_, err := os.Stat(path)
if os.IsNotExist(err) {
path := filepath.Join("..", "..", "resources", file)
_, err := os.Stat(path)
if os.IsNotExist(err) {
return "", fmt.Errorf("can't find %s in standard asset locations or {project_root}/resources", file)
}
if err != nil {
return "", fmt.Errorf("can't stat %s: %v", path, err)
}
return path, nil
}
if err != nil {
return "", fmt.Errorf("can't stat %s: %v", path, err)
}
os.Setenv("xray.location.asset", wd)
return path, nil
}
func TestToCidrList(t *testing.T) {
t.Log(os.Getenv("xray.location.asset"))
tempDir, err := os.MkdirTemp("", "test-")
if err != nil {
t.Fatalf("can't create temp dir: %v", err)
}
defer os.RemoveAll(tempDir)
common.Must(filesystem.CopyFile(platform.GetAssetLocation("geoiptestrouter.dat"), "geoip.dat"))
geoipPath, err := getAssetPath("geoip.dat")
if err != nil {
t.Fatal(err)
}
common.Must(filesystem.CopyFile(filepath.Join(tempDir, "geoip.dat"), geoipPath))
common.Must(filesystem.CopyFile(filepath.Join(tempDir, "geoiptestrouter.dat"), geoipPath))
os.Setenv("xray.location.asset", tempDir)
defer os.Unsetenv("xray.location.asset")
ips := StringList([]string{
"geoip:us",
@@ -44,7 +68,7 @@ func TestToCidrList(t *testing.T) {
"ext-ip:geoiptestrouter.dat:!ca",
})
_, err := ToCidrList(ips)
_, err = ToCidrList(ips)
if err != nil {
t.Fatalf("Failed to parse geoip list, got %s", err)
}
xray-core/proxy/wireguard/tun_linux.go
+22 -3
View File
@@ -4,16 +4,18 @@ package wireguard
import (
"context"
"errors"
goerrors "errors"
"fmt"
"net"
"net/netip"
"os"
"sync"
"golang.org/x/sys/unix"
"github.com/sagernet/sing/common/control"
"github.com/vishvananda/netlink"
"github.com/xtls/xray-core/common/errors"
wgtun "golang.zx2c4.com/wireguard/tun"
)
@@ -27,6 +29,23 @@ type deviceNet struct {
rules []*netlink.Rule
}
var (
tableIndex int = 10230
mu sync.Mutex
)
func allocateIPv6TableIndex() int {
mu.Lock()
defer mu.Unlock()
if tableIndex > 10230 {
errors.LogInfo(context.Background(), "allocate new ipv6 table index: ", tableIndex)
}
currentIndex := tableIndex
tableIndex++
return currentIndex
}
func newDeviceNet(interfaceName string) *deviceNet {
var dialer net.Dialer
bindControl := control.BindToInterface(control.NewDefaultInterfaceFinder(), interfaceName, -1)
@@ -68,7 +87,7 @@ func (d *deviceNet) Close() (err error) {
if len(errs) == 0 {
return nil
}
return errors.Join(errs...)
return goerrors.Join(errs...)
}
func createKernelTun(localAddresses []netip.Addr, mtu int, handler promiscuousModeHandler) (t Tunnel, err error) {
@@ -138,7 +157,7 @@ func createKernelTun(localAddresses []netip.Addr, mtu int, handler promiscuousMo
}
}
ipv6TableIndex := 1023
ipv6TableIndex := allocateIPv6TableIndex()
if v6 != nil {
r := &netlink.Route{Table: ipv6TableIndex}
for {
yass/src/net/asio_ssl.cpp
+141 -24
View File
@@ -252,6 +252,7 @@ bool IsNotAcceptableIntermediate(const bssl::ParsedCertificate* cert, const CFSt
static bool found_isrg_root_x1 = false;
static bool found_isrg_root_x2 = false;
static bool found_digicert_root_g2 = false;
static bool found_gts_root_r4 = false;
void print_openssl_error() {
const char* file;
@@ -295,6 +296,10 @@ static bool load_ca_cert_to_x509_trust(X509_STORE* store, bssl::UniquePtr<X509>
VLOG(1) << "Loading DigiCert Global Root G2 CA";
found_digicert_root_g2 = true;
}
if (commonName == "GTS Root R4"sv) {
VLOG(1) << "Loading GTS Root R4 CA";
found_gts_root_r4 = true;
}
}
if (X509_STORE_add_cert(store, cert.get()) == 1) {
@@ -504,29 +509,71 @@ static int load_ca_to_ssl_ctx_yass_ca_bundle(SSL_CTX* ssl_ctx) {
return 0;
}
int load_ca_to_ssl_ctx_system(SSL_CTX* ssl_ctx) {
#ifdef _WIN32
HCERTSTORE cert_store = NULL;
asio::error_code ec;
PCCERT_CONTEXT cert = nullptr;
X509_STORE* store = nullptr;
// Returns true if the cert can be used for server authentication, based on
// certificate properties.
//
// While there are a variety of certificate properties that can affect how
// trust is computed, the main property is CERT_ENHKEY_USAGE_PROP_ID, which
// is intersected with the certificate's EKU extension (if present).
// The intersection is documented in the Remarks section of
// CertGetEnhancedKeyUsage, and is as follows:
// - No EKU property, and no EKU extension = Trusted for all purpose
// - Either an EKU property, or EKU extension, but not both = Trusted only
// for the listed purposes
// - Both an EKU property and an EKU extension = Trusted for the set
// intersection of the listed purposes
// CertGetEnhancedKeyUsage handles this logic, and if an empty set is
// returned, the distinction between the first and third case can be
// determined by GetLastError() returning CRYPT_E_NOT_FOUND.
//
// See:
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetenhancedkeyusage
//
// If we run into any errors reading the certificate properties, we fail
// closed.
bool IsCertTrustedForServerAuth(PCCERT_CONTEXT cert) {
DWORD usage_size = 0;
if (!CertGetEnhancedKeyUsage(cert, 0, nullptr, &usage_size)) {
return false;
}
std::vector<BYTE> usage_bytes(usage_size);
CERT_ENHKEY_USAGE* usage = reinterpret_cast<CERT_ENHKEY_USAGE*>(usage_bytes.data());
if (!CertGetEnhancedKeyUsage(cert, 0, usage, &usage_size)) {
return false;
}
if (usage->cUsageIdentifier == 0) {
// check GetLastError
HRESULT error_code = GetLastError();
switch (error_code) {
case CRYPT_E_NOT_FOUND:
return true;
case S_OK:
return false;
default:
return false;
}
}
for (DWORD i = 0; i < usage->cUsageIdentifier; i++) {
std::string_view eku = std::string_view(usage->rgpszUsageIdentifier[i]);
if ((eku == szOID_PKIX_KP_SERVER_AUTH) || (eku == szOID_ANY_ENHANCED_KEY_USAGE)) {
return true;
}
}
return false;
}
int load_ca_to_ssl_store_from_schannel_store(X509_STORE* store, HCERTSTORE cert_store) {
PCCERT_CONTEXT cert_context = NULL;
int count = 0;
cert_store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"ROOT");
if (!cert_store) {
PLOG(WARNING) << "CertOpenStore failed";
goto out;
}
store = SSL_CTX_get_cert_store(ssl_ctx);
if (!store) {
LOG(WARNING) << "Can't get SSL CTX cert store";
goto out;
}
while ((cert = CertEnumCertificatesInStore(cert_store, cert))) {
const char* data = (const char*)cert->pbCertEncoded;
size_t len = cert->cbCertEncoded;
while ((cert_context = CertEnumCertificatesInStore(cert_store, cert_context))) {
const char* data = reinterpret_cast<const char*>(cert_context->pbCertEncoded);
size_t len = cert_context->cbCertEncoded;
bssl::UniquePtr<CRYPTO_BUFFER> buffer = net::x509_util::CreateCryptoBuffer(std::string_view(data, len));
bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buffer.get()));
if (!cert) {
@@ -534,15 +581,81 @@ int load_ca_to_ssl_ctx_system(SSL_CTX* ssl_ctx) {
LOG(WARNING) << "Loading ca failure from: cert store";
continue;
}
if (!IsCertTrustedForServerAuth(cert_context)) {
char buf[4096] = {};
const char* const subject_name = X509_NAME_oneline(X509_get_subject_name(cert.get()), buf, sizeof(buf));
LOG(WARNING) << "Skip cert without server auth support: " << subject_name;
continue;
}
if (load_ca_cert_to_x509_trust(store, std::move(cert))) {
++count;
}
}
out:
if (cert_store) {
CertCloseStore(cert_store, CERT_CLOSE_STORE_FORCE_FLAG);
return count;
}
void GatherEnterpriseCertsForLocation(HCERTSTORE cert_store, DWORD location, LPCWSTR store_name) {
if (!(location == CERT_SYSTEM_STORE_LOCAL_MACHINE || location == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
location == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE || location == CERT_SYSTEM_STORE_CURRENT_USER ||
location == CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY)) {
return;
}
DWORD flags = location | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG;
HCERTSTORE enterprise_root_store = NULL;
enterprise_root_store = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, NULL, flags, store_name);
if (!enterprise_root_store) {
return;
}
// Priority of the opened cert store in the collection does not matter, so set
// everything to priority 0.
CertAddStoreToCollection(cert_store, enterprise_root_store,
/*dwUpdateFlags=*/0, /*dwPriority=*/0);
if (!CertCloseStore(enterprise_root_store, 0)) {
PLOG(WARNING) << "CertCloseStore() call failed";
}
}
#endif
int load_ca_to_ssl_ctx_system(SSL_CTX* ssl_ctx) {
#ifdef _WIN32
HCERTSTORE root_store = NULL;
int count = 0;
X509_STORE* store = SSL_CTX_get_cert_store(ssl_ctx);
if (!store) {
LOG(WARNING) << "Can't get SSL CTX cert store";
goto out;
}
root_store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, NULL, 0, nullptr);
if (!root_store) {
LOG(WARNING) << "Can't get cert store";
goto out;
}
// Grab the user-added roots.
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"ROOT");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, L"ROOT");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE, L"ROOT");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_CURRENT_USER, L"ROOT");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY, L"ROOT");
// Grab the user-added intermediates (optional).
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"CA");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, L"CA");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE, L"CA");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_CURRENT_USER, L"CA");
GatherEnterpriseCertsForLocation(root_store, CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY, L"CA");
count = load_ca_to_ssl_store_from_schannel_store(store, root_store);
if (!CertCloseStore(root_store, 0)) {
PLOG(WARNING) << "CertCloseStore() call failed";
}
out:
LOG(INFO) << "Loaded ca from SChannel: " << count << " certificates";
return count;
#elif BUILDFLAG(IS_IOS)
@@ -672,6 +785,7 @@ void load_ca_to_ssl_ctx(SSL_CTX* ssl_ctx) {
found_isrg_root_x1 = false;
found_isrg_root_x2 = false;
found_digicert_root_g2 = false;
found_gts_root_r4 = false;
load_ca_to_ssl_ctx_cacert(ssl_ctx);
#ifdef HAVE_BUILTIN_CA_BUNDLE_CRT
@@ -708,7 +822,7 @@ void load_ca_to_ssl_ctx(SSL_CTX* ssl_ctx) {
}
// TODO we can add the missing CA if required
if (!found_isrg_root_x1 || !found_isrg_root_x2 || !found_digicert_root_g2) {
if (!found_isrg_root_x1 || !found_isrg_root_x2 || !found_digicert_root_g2 || !found_gts_root_r4) {
if (!found_isrg_root_x1) {
LOG(INFO) << "Missing ISRG Root X1 CA";
}
@@ -718,6 +832,9 @@ void load_ca_to_ssl_ctx(SSL_CTX* ssl_ctx) {
if (!found_digicert_root_g2) {
LOG(INFO) << "Missing DigiCert Global Root G2 CA";
}
if (!found_gts_root_r4) {
LOG(INFO) << "Missing GTS Root R4 CA";
}
std::string_view ca_content(_binary_supplementary_ca_bundle_crt_start,
_binary_supplementary_ca_bundle_crt_end - _binary_supplementary_ca_bundle_crt_start);
int result = load_ca_to_ssl_ctx_from_mem(ssl_ctx, ca_content);
yass/third_party/ca-certificates/supplementary-ca-bundle.crt
Vendored
+13
View File
@@ -65,3 +65,16 @@ Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD
VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG
A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw
WjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz
IExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
AATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi
QHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR
HYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
BBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D
9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8
p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD
-----END CERTIFICATE-----