mirror of
https://github.com/shtorm-7/sing-box-extended.git
synced 2026-07-04 15:47:27 +03:00
Compare commits
1 Commits
v1.7.0-bet
...
dev-sentry
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
05b4d98852 |
2
.github/ISSUE_TEMPLATE/bug_report.yml
vendored
2
.github/ISSUE_TEMPLATE/bug_report.yml
vendored
@@ -46,7 +46,6 @@ body:
|
|||||||
description: If you are using the original command line program, please provide the output of the `sing-box version` command.
|
description: If you are using the original command line program, please provide the output of the `sing-box version` command.
|
||||||
value: |-
|
value: |-
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# Replace this line with the output
|
# Replace this line with the output
|
||||||
```
|
```
|
||||||
@@ -72,7 +71,6 @@ body:
|
|||||||
For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs.
|
For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs.
|
||||||
value: |-
|
value: |-
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# Replace this line with logs
|
# Replace this line with logs
|
||||||
```
|
```
|
||||||
|
|||||||
2
.github/ISSUE_TEMPLATE/bug_report_zh.yml
vendored
2
.github/ISSUE_TEMPLATE/bug_report_zh.yml
vendored
@@ -46,7 +46,6 @@ body:
|
|||||||
description: 如果您使用原始命令行程序,请提供 `sing-box version` 命令的输出。
|
description: 如果您使用原始命令行程序,请提供 `sing-box version` 命令的输出。
|
||||||
value: |-
|
value: |-
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# 使用输出内容覆盖此行
|
# 使用输出内容覆盖此行
|
||||||
```
|
```
|
||||||
@@ -72,7 +71,6 @@ body:
|
|||||||
对于 Android 图形客户端程序,请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。
|
对于 Android 图形客户端程序,请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。
|
||||||
value: |-
|
value: |-
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# 使用日志内容覆盖此行
|
# 使用日志内容覆盖此行
|
||||||
```
|
```
|
||||||
|
|||||||
8
.github/workflows/debug.yml
vendored
8
.github/workflows/debug.yml
vendored
@@ -22,7 +22,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Get latest go version
|
- name: Get latest go version
|
||||||
@@ -50,7 +50,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
@@ -70,7 +70,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
@@ -201,7 +201,7 @@ jobs:
|
|||||||
TAGS: with_clash_api,with_quic
|
TAGS: with_clash_api,with_quic
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Get latest go version
|
- name: Get latest go version
|
||||||
|
|||||||
4
.github/workflows/docker.yml
vendored
4
.github/workflows/docker.yml
vendored
@@ -9,7 +9,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
|
||||||
- name: Setup Docker Buildx
|
- name: Setup Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
- name: Setup QEMU for Docker Buildx
|
- name: Setup QEMU for Docker Buildx
|
||||||
@@ -39,8 +39,6 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
platforms: linux/386,linux/amd64,linux/arm64,linux/s390x
|
platforms: linux/386,linux/amd64,linux/arm64,linux/s390x
|
||||||
target: dist
|
target: dist
|
||||||
build-args: |
|
|
||||||
BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
|
|
||||||
tags: |
|
tags: |
|
||||||
${{ steps.tag.outputs.latest }}
|
${{ steps.tag.outputs.latest }}
|
||||||
${{ steps.tag.outputs.versioned }}
|
${{ steps.tag.outputs.versioned }}
|
||||||
|
|||||||
2
.github/workflows/lint.yml
vendored
2
.github/workflows/lint.yml
vendored
@@ -22,7 +22,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
|
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Get latest go version
|
- name: Get latest go version
|
||||||
|
|||||||
@@ -19,12 +19,10 @@ builds:
|
|||||||
- with_ech
|
- with_ech
|
||||||
- with_utls
|
- with_utls
|
||||||
- with_reality_server
|
- with_reality_server
|
||||||
- with_acme
|
|
||||||
- with_clash_api
|
- with_clash_api
|
||||||
env:
|
env:
|
||||||
- CGO_ENABLED=0
|
- CGO_ENABLED=0
|
||||||
targets:
|
targets:
|
||||||
- linux_386
|
|
||||||
- linux_amd64_v1
|
- linux_amd64_v1
|
||||||
- linux_amd64_v3
|
- linux_amd64_v3
|
||||||
- linux_arm64
|
- linux_arm64
|
||||||
@@ -57,12 +55,11 @@ builds:
|
|||||||
- with_ech
|
- with_ech
|
||||||
- with_utls
|
- with_utls
|
||||||
- with_reality_server
|
- with_reality_server
|
||||||
- with_acme
|
|
||||||
- with_clash_api
|
- with_clash_api
|
||||||
env:
|
env:
|
||||||
- CGO_ENABLED=0
|
- CGO_ENABLED=0
|
||||||
- GOROOT=/nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/share/go
|
- GOROOT=/nix/store/5h8gjl89zx8qxgc572wa3k81zplv8v4z-go-1.20.10/share/go
|
||||||
gobinary: /nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/bin/go
|
gobinary: /nix/store/5h8gjl89zx8qxgc572wa3k81zplv8v4z-go-1.20.10/bin/go
|
||||||
targets:
|
targets:
|
||||||
- windows_amd64_v1
|
- windows_amd64_v1
|
||||||
- windows_386
|
- windows_386
|
||||||
@@ -86,8 +83,6 @@ builds:
|
|||||||
- with_wireguard
|
- with_wireguard
|
||||||
- with_ech
|
- with_ech
|
||||||
- with_utls
|
- with_utls
|
||||||
- with_reality_server
|
|
||||||
- with_acme
|
|
||||||
- with_clash_api
|
- with_clash_api
|
||||||
env:
|
env:
|
||||||
- CGO_ENABLED=1
|
- CGO_ENABLED=1
|
||||||
@@ -158,7 +153,6 @@ nfpms:
|
|||||||
formats:
|
formats:
|
||||||
- deb
|
- deb
|
||||||
- rpm
|
- rpm
|
||||||
- archlinux
|
|
||||||
priority: extra
|
priority: extra
|
||||||
contents:
|
contents:
|
||||||
- src: release/config/config.json
|
- src: release/config/config.json
|
||||||
|
|||||||
12
Dockerfile
12
Dockerfile
@@ -1,27 +1,23 @@
|
|||||||
FROM --platform=$BUILDPLATFORM golang:1.21-alpine AS builder
|
FROM golang:1.21-alpine AS builder
|
||||||
LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
|
LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
|
||||||
COPY . /go/src/github.com/sagernet/sing-box
|
COPY . /go/src/github.com/sagernet/sing-box
|
||||||
WORKDIR /go/src/github.com/sagernet/sing-box
|
WORKDIR /go/src/github.com/sagernet/sing-box
|
||||||
ARG TARGETOS TARGETARCH
|
|
||||||
ARG GOPROXY=""
|
ARG GOPROXY=""
|
||||||
ENV GOPROXY ${GOPROXY}
|
ENV GOPROXY ${GOPROXY}
|
||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
ENV GOOS=$TARGETOS
|
|
||||||
ENV GOARCH=$TARGETARCH
|
|
||||||
RUN set -ex \
|
RUN set -ex \
|
||||||
&& apk add git build-base \
|
&& apk add git build-base \
|
||||||
&& export COMMIT=$(git rev-parse --short HEAD) \
|
&& export COMMIT=$(git rev-parse --short HEAD) \
|
||||||
&& export VERSION=$(go run ./cmd/internal/read_tag) \
|
&& export VERSION=$(go run ./cmd/internal/read_tag) \
|
||||||
&& go build -v -trimpath -tags \
|
&& go build -v -trimpath -tags with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_clash_api,with_acme \
|
||||||
"with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api" \
|
|
||||||
-o /go/bin/sing-box \
|
-o /go/bin/sing-box \
|
||||||
-ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
|
-ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
|
||||||
./cmd/sing-box
|
./cmd/sing-box
|
||||||
FROM --platform=$TARGETPLATFORM alpine AS dist
|
FROM alpine AS dist
|
||||||
LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
|
LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
|
||||||
RUN set -ex \
|
RUN set -ex \
|
||||||
&& apk upgrade \
|
&& apk upgrade \
|
||||||
&& apk add bash tzdata ca-certificates \
|
&& apk add bash tzdata ca-certificates \
|
||||||
&& rm -rf /var/cache/apk/*
|
&& rm -rf /var/cache/apk/*
|
||||||
COPY --from=builder /go/bin/sing-box /usr/local/bin/sing-box
|
COPY --from=builder /go/bin/sing-box /usr/local/bin/sing-box
|
||||||
ENTRYPOINT ["sing-box"]
|
ENTRYPOINT ["sing-box"]
|
||||||
25
Makefile
25
Makefile
@@ -3,7 +3,7 @@ COMMIT = $(shell git rev-parse --short HEAD)
|
|||||||
TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api
|
TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api
|
||||||
TAGS_GO120 = with_quic,with_ech
|
TAGS_GO120 = with_quic,with_ech
|
||||||
TAGS ?= $(TAGS_GO118),$(TAGS_GO120)
|
TAGS ?= $(TAGS_GO118),$(TAGS_GO120)
|
||||||
TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server
|
TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server,with_shadowsocksr
|
||||||
|
|
||||||
GOHOSTOS = $(shell go env GOHOSTOS)
|
GOHOSTOS = $(shell go env GOHOSTOS)
|
||||||
GOHOSTARCH = $(shell go env GOHOSTARCH)
|
GOHOSTARCH = $(shell go env GOHOSTARCH)
|
||||||
@@ -14,7 +14,7 @@ MAIN_PARAMS = $(PARAMS) -tags $(TAGS)
|
|||||||
MAIN = ./cmd/sing-box
|
MAIN = ./cmd/sing-box
|
||||||
PREFIX ?= $(shell go env GOPATH)
|
PREFIX ?= $(shell go env GOPATH)
|
||||||
|
|
||||||
.PHONY: test release docs
|
.PHONY: test release
|
||||||
|
|
||||||
build:
|
build:
|
||||||
go build $(MAIN_PARAMS) $(MAIN)
|
go build $(MAIN_PARAMS) $(MAIN)
|
||||||
@@ -61,7 +61,7 @@ proto_install:
|
|||||||
release:
|
release:
|
||||||
go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1
|
go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1
|
||||||
mkdir dist/release
|
mkdir dist/release
|
||||||
mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/*.pkg.tar.zst dist/release
|
mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release
|
||||||
ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release
|
ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release
|
||||||
rm -r dist/release
|
rm -r dist/release
|
||||||
|
|
||||||
@@ -73,21 +73,18 @@ update_android_version:
|
|||||||
go run ./cmd/internal/update_android_version
|
go run ./cmd/internal/update_android_version
|
||||||
|
|
||||||
build_android:
|
build_android:
|
||||||
cd ../sing-box-for-android && ./gradlew :app:assemblePlayRelease && ./gradlew --stop
|
cd ../sing-box-for-android && ./gradlew :app:assembleRelease && ./gradlew --stop
|
||||||
|
|
||||||
upload_android:
|
upload_android:
|
||||||
mkdir -p dist/release_android
|
mkdir -p dist/release_android
|
||||||
cp ../sing-box-for-android/app/build/outputs/apk/play/release/*.apk dist/release_android
|
cp ../sing-box-for-android/app/build/outputs/apk/release/*.apk dist/release_android
|
||||||
ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release_android
|
ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release_android
|
||||||
rm -rf dist/release_android
|
rm -rf dist/release_android
|
||||||
|
|
||||||
release_android: lib_android update_android_version build_android upload_android
|
release_android: lib_android update_android_version build_android upload_android
|
||||||
|
|
||||||
publish_android:
|
publish_android:
|
||||||
cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle
|
cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadRelease
|
||||||
|
|
||||||
publish_android_appcenter:
|
|
||||||
cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadPlayRelease
|
|
||||||
|
|
||||||
build_ios:
|
build_ios:
|
||||||
cd ../sing-box-for-apple && \
|
cd ../sing-box-for-apple && \
|
||||||
@@ -152,8 +149,10 @@ update_apple_version:
|
|||||||
go run ./cmd/internal/update_apple_version
|
go run ./cmd/internal/update_apple_version
|
||||||
|
|
||||||
release_apple: lib_ios update_apple_version release_ios release_macos release_tvos release_macos_independent
|
release_apple: lib_ios update_apple_version release_ios release_macos release_tvos release_macos_independent
|
||||||
|
rm -rf dist
|
||||||
|
|
||||||
release_apple_beta: update_apple_version release_ios release_macos release_tvos
|
release_apple_beta: update_apple_version release_ios release_macos release_tvos
|
||||||
|
rm -rf dist
|
||||||
|
|
||||||
test:
|
test:
|
||||||
@go test -v ./... && \
|
@go test -v ./... && \
|
||||||
@@ -182,14 +181,6 @@ lib_install:
|
|||||||
go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230915142329-c6740b6d2950
|
go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.0.0-20230915142329-c6740b6d2950
|
||||||
go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230915142329-c6740b6d2950
|
go install -v github.com/sagernet/gomobile/cmd/gobind@v0.0.0-20230915142329-c6740b6d2950
|
||||||
|
|
||||||
docs:
|
|
||||||
mkdocs serve
|
|
||||||
|
|
||||||
publish_docs:
|
|
||||||
mkdocs gh-deploy -m "Update" --force --ignore-version --no-history
|
|
||||||
|
|
||||||
docs_install:
|
|
||||||
pip install --force-reinstall mkdocs-material=="9.*" mkdocs-static-i18n=="1.2.*"
|
|
||||||
clean:
|
clean:
|
||||||
rm -rf bin dist sing-box
|
rm -rf bin dist sing-box
|
||||||
rm -f $(shell go env GOPATH)/sing-box
|
rm -f $(shell go env GOPATH)/sing-box
|
||||||
|
|||||||
@@ -1,104 +0,0 @@
|
|||||||
package adapter
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"net"
|
|
||||||
|
|
||||||
"github.com/sagernet/sing/common/logger"
|
|
||||||
M "github.com/sagernet/sing/common/metadata"
|
|
||||||
N "github.com/sagernet/sing/common/network"
|
|
||||||
)
|
|
||||||
|
|
||||||
type ConnectionRouter interface {
|
|
||||||
RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
|
|
||||||
RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewRouteHandler(
|
|
||||||
metadata InboundContext,
|
|
||||||
router ConnectionRouter,
|
|
||||||
logger logger.ContextLogger,
|
|
||||||
) UpstreamHandlerAdapter {
|
|
||||||
return &routeHandlerWrapper{
|
|
||||||
metadata: metadata,
|
|
||||||
router: router,
|
|
||||||
logger: logger,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewRouteContextHandler(
|
|
||||||
router ConnectionRouter,
|
|
||||||
logger logger.ContextLogger,
|
|
||||||
) UpstreamHandlerAdapter {
|
|
||||||
return &routeContextHandlerWrapper{
|
|
||||||
router: router,
|
|
||||||
logger: logger,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var _ UpstreamHandlerAdapter = (*routeHandlerWrapper)(nil)
|
|
||||||
|
|
||||||
type routeHandlerWrapper struct {
|
|
||||||
metadata InboundContext
|
|
||||||
router ConnectionRouter
|
|
||||||
logger logger.ContextLogger
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *routeHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
|
|
||||||
myMetadata := w.metadata
|
|
||||||
if metadata.Source.IsValid() {
|
|
||||||
myMetadata.Source = metadata.Source
|
|
||||||
}
|
|
||||||
if metadata.Destination.IsValid() {
|
|
||||||
myMetadata.Destination = metadata.Destination
|
|
||||||
}
|
|
||||||
return w.router.RouteConnection(ctx, conn, myMetadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *routeHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
|
|
||||||
myMetadata := w.metadata
|
|
||||||
if metadata.Source.IsValid() {
|
|
||||||
myMetadata.Source = metadata.Source
|
|
||||||
}
|
|
||||||
if metadata.Destination.IsValid() {
|
|
||||||
myMetadata.Destination = metadata.Destination
|
|
||||||
}
|
|
||||||
return w.router.RoutePacketConnection(ctx, conn, myMetadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *routeHandlerWrapper) NewError(ctx context.Context, err error) {
|
|
||||||
w.logger.ErrorContext(ctx, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var _ UpstreamHandlerAdapter = (*routeContextHandlerWrapper)(nil)
|
|
||||||
|
|
||||||
type routeContextHandlerWrapper struct {
|
|
||||||
router ConnectionRouter
|
|
||||||
logger logger.ContextLogger
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *routeContextHandlerWrapper) NewConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
|
|
||||||
myMetadata := ContextFrom(ctx)
|
|
||||||
if metadata.Source.IsValid() {
|
|
||||||
myMetadata.Source = metadata.Source
|
|
||||||
}
|
|
||||||
if metadata.Destination.IsValid() {
|
|
||||||
myMetadata.Destination = metadata.Destination
|
|
||||||
}
|
|
||||||
return w.router.RouteConnection(ctx, conn, *myMetadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *routeContextHandlerWrapper) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata M.Metadata) error {
|
|
||||||
myMetadata := ContextFrom(ctx)
|
|
||||||
if metadata.Source.IsValid() {
|
|
||||||
myMetadata.Source = metadata.Source
|
|
||||||
}
|
|
||||||
if metadata.Destination.IsValid() {
|
|
||||||
myMetadata.Destination = metadata.Destination
|
|
||||||
}
|
|
||||||
return w.router.RoutePacketConnection(ctx, conn, *myMetadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (w *routeContextHandlerWrapper) NewError(ctx context.Context, err error) {
|
|
||||||
w.logger.ErrorContext(ctx, err)
|
|
||||||
}
|
|
||||||
@@ -2,12 +2,14 @@ package adapter
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"net"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
|
|
||||||
"github.com/sagernet/sing-box/common/geoip"
|
"github.com/sagernet/sing-box/common/geoip"
|
||||||
"github.com/sagernet/sing-dns"
|
"github.com/sagernet/sing-dns"
|
||||||
"github.com/sagernet/sing-tun"
|
"github.com/sagernet/sing-tun"
|
||||||
"github.com/sagernet/sing/common/control"
|
"github.com/sagernet/sing/common/control"
|
||||||
|
N "github.com/sagernet/sing/common/network"
|
||||||
"github.com/sagernet/sing/service"
|
"github.com/sagernet/sing/service"
|
||||||
|
|
||||||
mdns "github.com/miekg/dns"
|
mdns "github.com/miekg/dns"
|
||||||
@@ -22,7 +24,8 @@ type Router interface {
|
|||||||
|
|
||||||
FakeIPStore() FakeIPStore
|
FakeIPStore() FakeIPStore
|
||||||
|
|
||||||
ConnectionRouter
|
RouteConnection(ctx context.Context, conn net.Conn, metadata InboundContext) error
|
||||||
|
RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata InboundContext) error
|
||||||
|
|
||||||
GeoIPReader() *geoip.Reader
|
GeoIPReader() *geoip.Reader
|
||||||
LoadGeosite(code string) (Rule, error)
|
LoadGeosite(code string) (Rule, error)
|
||||||
|
|||||||
3
box.go
3
box.go
@@ -41,7 +41,6 @@ type Options struct {
|
|||||||
option.Options
|
option.Options
|
||||||
Context context.Context
|
Context context.Context
|
||||||
PlatformInterface platform.Interface
|
PlatformInterface platform.Interface
|
||||||
PlatformLogWriter log.PlatformWriter
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func New(options Options) (*Box, error) {
|
func New(options Options) (*Box, error) {
|
||||||
@@ -72,7 +71,7 @@ func New(options Options) (*Box, error) {
|
|||||||
Observable: needClashAPI,
|
Observable: needClashAPI,
|
||||||
DefaultWriter: defaultLogWriter,
|
DefaultWriter: defaultLogWriter,
|
||||||
BaseTime: createdAt,
|
BaseTime: createdAt,
|
||||||
PlatformWriter: options.PlatformLogWriter,
|
PlatformWriter: options.PlatformInterface,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, E.Cause(err, "create log factory")
|
return nil, E.Cause(err, "create log factory")
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ import (
|
|||||||
func main() {
|
func main() {
|
||||||
build_shared.FindSDK()
|
build_shared.FindSDK()
|
||||||
|
|
||||||
if os.Getenv("GOPATH") == "" {
|
if os.Getenv("build.Default.GOPATH") == "" {
|
||||||
os.Setenv("GOPATH", build.Default.GOPATH)
|
os.Setenv("GOPATH", build.Default.GOPATH)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,9 @@ func ReadTag() (string, error) {
|
|||||||
}
|
}
|
||||||
shortCommit, _ := shell.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
|
shortCommit, _ := shell.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
|
||||||
version := badversion.Parse(currentTagRev[1:])
|
version := badversion.Parse(currentTagRev[1:])
|
||||||
|
if version.PreReleaseIdentifier == "" {
|
||||||
|
version.Patch++
|
||||||
|
}
|
||||||
return version.String() + "-" + shortCommit, nil
|
return version.String() + "-" + shortCommit, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/getsentry/sentry-go"
|
||||||
"os"
|
"os"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -15,6 +16,7 @@ var (
|
|||||||
configDirectories []string
|
configDirectories []string
|
||||||
workingDir string
|
workingDir string
|
||||||
disableColor bool
|
disableColor bool
|
||||||
|
enableDebug bool
|
||||||
)
|
)
|
||||||
|
|
||||||
var mainCommand = &cobra.Command{
|
var mainCommand = &cobra.Command{
|
||||||
@@ -27,12 +29,25 @@ func init() {
|
|||||||
mainCommand.PersistentFlags().StringArrayVarP(&configDirectories, "config-directory", "C", nil, "set configuration directory path")
|
mainCommand.PersistentFlags().StringArrayVarP(&configDirectories, "config-directory", "C", nil, "set configuration directory path")
|
||||||
mainCommand.PersistentFlags().StringVarP(&workingDir, "directory", "D", "", "set working directory")
|
mainCommand.PersistentFlags().StringVarP(&workingDir, "directory", "D", "", "set working directory")
|
||||||
mainCommand.PersistentFlags().BoolVarP(&disableColor, "disable-color", "", false, "disable color output")
|
mainCommand.PersistentFlags().BoolVarP(&disableColor, "disable-color", "", false, "disable color output")
|
||||||
|
mainCommand.PersistentFlags().BoolVarP(&enableDebug, "debug", "", false, "enable sentry debug mode")
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
if err := mainCommand.Execute(); err != nil {
|
if err := mainCommand.Execute(); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if enableDebug {
|
||||||
|
err := sentry.Init(sentry.ClientOptions{
|
||||||
|
Dsn: "",
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal("sentry.Init: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
defer sentry.Flush(2 * time.Second)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func preRun(cmd *cobra.Command, args []string) {
|
func preRun(cmd *cobra.Command, args []string) {
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ import (
|
|||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/sagernet/sing-box/adapter"
|
"github.com/sagernet/sing-box/adapter"
|
||||||
"github.com/sagernet/sing/common/bufio/deadline"
|
|
||||||
E "github.com/sagernet/sing/common/exceptions"
|
E "github.com/sagernet/sing/common/exceptions"
|
||||||
M "github.com/sagernet/sing/common/metadata"
|
M "github.com/sagernet/sing/common/metadata"
|
||||||
N "github.com/sagernet/sing/common/network"
|
N "github.com/sagernet/sing/common/network"
|
||||||
@@ -45,14 +44,7 @@ func (d *DetourDialer) DialContext(ctx context.Context, network string, destinat
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
conn, err := dialer.DialContext(ctx, network, destination)
|
return dialer.DialContext(ctx, network, destination)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if deadline.NeedAdditionalReadDeadline(conn) {
|
|
||||||
conn = deadline.NewConn(conn)
|
|
||||||
}
|
|
||||||
return conn, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *DetourDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
|
func (d *DetourDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
|
||||||
|
|||||||
@@ -1,42 +1,21 @@
|
|||||||
package mux
|
package mux
|
||||||
|
|
||||||
import (
|
import (
|
||||||
C "github.com/sagernet/sing-box/constant"
|
|
||||||
"github.com/sagernet/sing-box/option"
|
"github.com/sagernet/sing-box/option"
|
||||||
"github.com/sagernet/sing-mux"
|
"github.com/sagernet/sing-mux"
|
||||||
E "github.com/sagernet/sing/common/exceptions"
|
|
||||||
"github.com/sagernet/sing/common/logger"
|
|
||||||
N "github.com/sagernet/sing/common/network"
|
N "github.com/sagernet/sing/common/network"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Client = mux.Client
|
func NewClientWithOptions(dialer N.Dialer, options option.MultiplexOptions) (*Client, error) {
|
||||||
|
|
||||||
func NewClientWithOptions(dialer N.Dialer, logger logger.Logger, options option.OutboundMultiplexOptions) (*Client, error) {
|
|
||||||
if !options.Enabled {
|
if !options.Enabled {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
var brutalOptions mux.BrutalOptions
|
|
||||||
if options.Brutal != nil && options.Brutal.Enabled {
|
|
||||||
brutalOptions = mux.BrutalOptions{
|
|
||||||
Enabled: true,
|
|
||||||
SendBPS: uint64(options.Brutal.UpMbps * C.MbpsToBps),
|
|
||||||
ReceiveBPS: uint64(options.Brutal.DownMbps * C.MbpsToBps),
|
|
||||||
}
|
|
||||||
if brutalOptions.SendBPS < mux.BrutalMinSpeedBPS {
|
|
||||||
return nil, E.New("brutal: invalid upload speed")
|
|
||||||
}
|
|
||||||
if brutalOptions.ReceiveBPS < mux.BrutalMinSpeedBPS {
|
|
||||||
return nil, E.New("brutal: invalid download speed")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return mux.NewClient(mux.Options{
|
return mux.NewClient(mux.Options{
|
||||||
Dialer: dialer,
|
Dialer: dialer,
|
||||||
Logger: logger,
|
|
||||||
Protocol: options.Protocol,
|
Protocol: options.Protocol,
|
||||||
MaxConnections: options.MaxConnections,
|
MaxConnections: options.MaxConnections,
|
||||||
MinStreams: options.MinStreams,
|
MinStreams: options.MinStreams,
|
||||||
MaxStreams: options.MaxStreams,
|
MaxStreams: options.MaxStreams,
|
||||||
Padding: options.Padding,
|
Padding: options.Padding,
|
||||||
Brutal: brutalOptions,
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
14
common/mux/protocol.go
Normal file
14
common/mux/protocol.go
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
package mux
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/sagernet/sing-mux"
|
||||||
|
)
|
||||||
|
|
||||||
|
type (
|
||||||
|
Client = mux.Client
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
Destination = mux.Destination
|
||||||
|
HandleConnection = mux.HandleConnection
|
||||||
|
)
|
||||||
@@ -1,65 +0,0 @@
|
|||||||
package mux
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"net"
|
|
||||||
|
|
||||||
"github.com/sagernet/sing-box/adapter"
|
|
||||||
C "github.com/sagernet/sing-box/constant"
|
|
||||||
"github.com/sagernet/sing-box/log"
|
|
||||||
"github.com/sagernet/sing-box/option"
|
|
||||||
"github.com/sagernet/sing-mux"
|
|
||||||
E "github.com/sagernet/sing/common/exceptions"
|
|
||||||
"github.com/sagernet/sing/common/logger"
|
|
||||||
N "github.com/sagernet/sing/common/network"
|
|
||||||
)
|
|
||||||
|
|
||||||
type Router struct {
|
|
||||||
router adapter.ConnectionRouter
|
|
||||||
service *mux.Service
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewRouterWithOptions(router adapter.ConnectionRouter, logger logger.ContextLogger, options option.InboundMultiplexOptions) (adapter.ConnectionRouter, error) {
|
|
||||||
if !options.Enabled {
|
|
||||||
return router, nil
|
|
||||||
}
|
|
||||||
var brutalOptions mux.BrutalOptions
|
|
||||||
if options.Brutal != nil && options.Brutal.Enabled {
|
|
||||||
brutalOptions = mux.BrutalOptions{
|
|
||||||
Enabled: true,
|
|
||||||
SendBPS: uint64(options.Brutal.UpMbps * C.MbpsToBps),
|
|
||||||
ReceiveBPS: uint64(options.Brutal.DownMbps * C.MbpsToBps),
|
|
||||||
}
|
|
||||||
if brutalOptions.SendBPS < mux.BrutalMinSpeedBPS {
|
|
||||||
return nil, E.New("brutal: invalid upload speed")
|
|
||||||
}
|
|
||||||
if brutalOptions.ReceiveBPS < mux.BrutalMinSpeedBPS {
|
|
||||||
return nil, E.New("brutal: invalid download speed")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
service, err := mux.NewService(mux.ServiceOptions{
|
|
||||||
NewStreamContext: func(ctx context.Context, conn net.Conn) context.Context {
|
|
||||||
return log.ContextWithNewID(ctx)
|
|
||||||
},
|
|
||||||
Logger: logger,
|
|
||||||
Handler: adapter.NewRouteContextHandler(router, logger),
|
|
||||||
Padding: options.Padding,
|
|
||||||
Brutal: brutalOptions,
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &Router{router, service}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
|
|
||||||
if metadata.Destination == mux.Destination {
|
|
||||||
return r.service.NewConnection(adapter.WithContext(ctx, &metadata), conn, adapter.UpstreamMetadata(metadata))
|
|
||||||
} else {
|
|
||||||
return r.router.RouteConnection(ctx, conn, metadata)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
|
|
||||||
return r.router.RoutePacketConnection(ctx, conn, metadata)
|
|
||||||
}
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
package mux
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"net"
|
|
||||||
|
|
||||||
"github.com/sagernet/sing-box/adapter"
|
|
||||||
vmess "github.com/sagernet/sing-vmess"
|
|
||||||
"github.com/sagernet/sing/common/logger"
|
|
||||||
N "github.com/sagernet/sing/common/network"
|
|
||||||
)
|
|
||||||
|
|
||||||
type V2RayLegacyRouter struct {
|
|
||||||
router adapter.ConnectionRouter
|
|
||||||
logger logger.ContextLogger
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewV2RayLegacyRouter(router adapter.ConnectionRouter, logger logger.ContextLogger) adapter.ConnectionRouter {
|
|
||||||
return &V2RayLegacyRouter{router, logger}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *V2RayLegacyRouter) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
|
|
||||||
if metadata.Destination.Fqdn == vmess.MuxDestination.Fqdn {
|
|
||||||
r.logger.InfoContext(ctx, "inbound legacy multiplex connection")
|
|
||||||
return vmess.HandleMuxConnection(ctx, conn, adapter.NewRouteHandler(metadata, r.router, r.logger))
|
|
||||||
}
|
|
||||||
return r.router.RouteConnection(ctx, conn, metadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *V2RayLegacyRouter) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
|
|
||||||
return r.router.RoutePacketConnection(ctx, conn, metadata)
|
|
||||||
}
|
|
||||||
@@ -1,53 +0,0 @@
|
|||||||
package uot
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"net"
|
|
||||||
"net/netip"
|
|
||||||
|
|
||||||
"github.com/sagernet/sing-box/adapter"
|
|
||||||
E "github.com/sagernet/sing/common/exceptions"
|
|
||||||
"github.com/sagernet/sing/common/logger"
|
|
||||||
M "github.com/sagernet/sing/common/metadata"
|
|
||||||
N "github.com/sagernet/sing/common/network"
|
|
||||||
"github.com/sagernet/sing/common/uot"
|
|
||||||
)
|
|
||||||
|
|
||||||
var _ adapter.ConnectionRouter = (*Router)(nil)
|
|
||||||
|
|
||||||
type Router struct {
|
|
||||||
router adapter.ConnectionRouter
|
|
||||||
logger logger.ContextLogger
|
|
||||||
}
|
|
||||||
|
|
||||||
func NewRouter(router adapter.ConnectionRouter, logger logger.ContextLogger) *Router {
|
|
||||||
return &Router{router, logger}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
|
|
||||||
switch metadata.Destination.Fqdn {
|
|
||||||
case uot.MagicAddress:
|
|
||||||
request, err := uot.ReadRequest(conn)
|
|
||||||
if err != nil {
|
|
||||||
return E.Cause(err, "read UoT request")
|
|
||||||
}
|
|
||||||
if request.IsConnect {
|
|
||||||
r.logger.InfoContext(ctx, "inbound UoT connect connection to ", request.Destination)
|
|
||||||
} else {
|
|
||||||
r.logger.InfoContext(ctx, "inbound UoT connection to ", request.Destination)
|
|
||||||
}
|
|
||||||
metadata.Domain = metadata.Destination.Fqdn
|
|
||||||
metadata.Destination = request.Destination
|
|
||||||
return r.router.RoutePacketConnection(ctx, uot.NewConn(conn, *request), metadata)
|
|
||||||
case uot.LegacyMagicAddress:
|
|
||||||
r.logger.InfoContext(ctx, "inbound legacy UoT connection")
|
|
||||||
metadata.Domain = metadata.Destination.Fqdn
|
|
||||||
metadata.Destination = M.Socksaddr{Addr: netip.IPv4Unspecified()}
|
|
||||||
return r.RoutePacketConnection(ctx, uot.NewConn(conn, uot.Request{}), metadata)
|
|
||||||
}
|
|
||||||
return r.router.RouteConnection(ctx, conn, metadata)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
|
|
||||||
return r.router.RoutePacketConnection(ctx, conn, metadata)
|
|
||||||
}
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
package constant
|
|
||||||
|
|
||||||
const MbpsToBps = 125000
|
|
||||||
@@ -1,9 +1,8 @@
|
|||||||
package constant
|
package constant
|
||||||
|
|
||||||
const (
|
const (
|
||||||
V2RayTransportTypeHTTP = "http"
|
V2RayTransportTypeHTTP = "http"
|
||||||
V2RayTransportTypeWebsocket = "ws"
|
V2RayTransportTypeWebsocket = "ws"
|
||||||
V2RayTransportTypeQUIC = "quic"
|
V2RayTransportTypeQUIC = "quic"
|
||||||
V2RayTransportTypeGRPC = "grpc"
|
V2RayTransportTypeGRPC = "grpc"
|
||||||
V2RayTransportTypeHTTPUpgrade = "httpupgrade"
|
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -1,82 +1,3 @@
|
|||||||
# :material-alert-decagram: ChangeLog
|
|
||||||
|
|
||||||
#### 1.7.0-beta.3
|
|
||||||
|
|
||||||
* Fix zero TTL was incorrectly reset
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.6.5
|
|
||||||
|
|
||||||
* Fix crash if TUIC inbound authentication failed
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.7.0-beta.2
|
|
||||||
|
|
||||||
* Fix crash if TUIC inbound authentication failed
|
|
||||||
* Update quic-go to v0.40.0
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.6.4
|
|
||||||
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.7.0-beta.1
|
|
||||||
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.6.3
|
|
||||||
|
|
||||||
* iOS/Android: Fix profile auto update
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.7.0-alpha.11
|
|
||||||
|
|
||||||
* iOS/Android: Fix profile auto update
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.7.0-alpha.10
|
|
||||||
|
|
||||||
* Fix tcp-brutal not working with TLS
|
|
||||||
* Fix Android client not closing in some cases
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.6.2
|
|
||||||
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.6.1
|
|
||||||
|
|
||||||
* Our [Android client](/installation/clients/sfa) is now available in the Google Play Store ▶️
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.7.0-alpha.6
|
|
||||||
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.7.0-alpha.4
|
|
||||||
|
|
||||||
* Migrate multiplex and UoT server to inbound **1**
|
|
||||||
* Add TCP Brutal support for multiplex **2**
|
|
||||||
|
|
||||||
**1**:
|
|
||||||
|
|
||||||
Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.
|
|
||||||
|
|
||||||
**2**
|
|
||||||
|
|
||||||
Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see [TCP Brutal](/configuration/shared/tcp-brutal) for details.
|
|
||||||
|
|
||||||
#### 1.7.0-alpha.3
|
|
||||||
|
|
||||||
* Add [HTTPUpgrade V2Ray transport](/configuration/shared/v2ray-transport#HTTPUpgrade) support **1**
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
**1**:
|
|
||||||
|
|
||||||
Introduced in V2Ray 5.10.0.
|
|
||||||
|
|
||||||
The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.
|
|
||||||
|
|
||||||
#### 1.6.0
|
#### 1.6.0
|
||||||
|
|
||||||
* Fixes and improvements
|
* Fixes and improvements
|
||||||
@@ -101,23 +22,6 @@ This update is intended to address the multi-send defects of the old implementat
|
|||||||
Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
|
Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
|
||||||
the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
||||||
|
|
||||||
#### 1.7.0-alpha.2
|
|
||||||
|
|
||||||
* Fix bugs introduced in 1.7.0-alpha.1
|
|
||||||
|
|
||||||
#### 1.7.0-alpha.1
|
|
||||||
|
|
||||||
* Add [exclude route support](/configuration/inbound/tun) for TUN inbound
|
|
||||||
* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen) **1**
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
**1**:
|
|
||||||
|
|
||||||
If enabled, for UDP proxy requests addressed to a domain,
|
|
||||||
the original packet address will be sent in the response instead of the mapped domain.
|
|
||||||
|
|
||||||
This option is used for compatibility with clients that
|
|
||||||
do not support receiving UDP packets with domain addresses, such as Surge.
|
|
||||||
|
|
||||||
#### 1.5.5
|
#### 1.5.5
|
||||||
|
|
||||||
@@ -179,24 +83,6 @@ the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
|||||||
* Update golang.org/x/net to v0.17.0
|
* Update golang.org/x/net to v0.17.0
|
||||||
* Fixes and improvements
|
* Fixes and improvements
|
||||||
|
|
||||||
#### 1.6.0-beta.3
|
|
||||||
|
|
||||||
* Update the legacy Hysteria protocol **1**
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
**1**
|
|
||||||
|
|
||||||
Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
|
|
||||||
the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
|
|
||||||
|
|
||||||
#### 1.6.0-beta.2
|
|
||||||
|
|
||||||
* Add TLS self sign key pair generate command
|
|
||||||
* Update brutal congestion control for Hysteria2
|
|
||||||
* Fix Clash cache crash on arm32 devices
|
|
||||||
* Update golang.org/x/net to v0.17.0
|
|
||||||
* Fixes and improvements
|
|
||||||
|
|
||||||
#### 1.5.3
|
#### 1.5.3
|
||||||
|
|
||||||
* Fix compatibility with Android 14
|
* Fix compatibility with Android 14
|
||||||
|
|||||||
@@ -1,54 +0,0 @@
|
|||||||
# :material-decagram: Features
|
|
||||||
|
|
||||||
#### UI options
|
|
||||||
|
|
||||||
* Display realtime network speed in the notification
|
|
||||||
|
|
||||||
#### Service
|
|
||||||
|
|
||||||
SFA allows you to run sing-box through ForegroundService or VpnService (when TUN is required).
|
|
||||||
|
|
||||||
#### TUN
|
|
||||||
|
|
||||||
SFA provides an unprivileged TUN implementation through Android VpnService.
|
|
||||||
|
|
||||||
| TUN inbound option | Available | Note |
|
|
||||||
|-------------------------------|-----------|--------------------|
|
|
||||||
| `interface_name` | ✖️ | Managed by Android |
|
|
||||||
| `inet4_address` | ✔️ | / |
|
|
||||||
| `inet6_address` | ✔️ | / |
|
|
||||||
| `mtu` | ✔️ | / |
|
|
||||||
| `auto_route` | ✔️ | / |
|
|
||||||
| `strict_route` | ✖️ | Not implemented |
|
|
||||||
| `inet4_route_address` | ✔️ | / |
|
|
||||||
| `inet6_route_address` | ✔️ | / |
|
|
||||||
| `inet4_route_exclude_address` | ✔️ | / |
|
|
||||||
| `inet6_route_exclude_address` | ✔️ | / |
|
|
||||||
| `endpoint_independent_nat` | ✔️ | / |
|
|
||||||
| `stack` | ✔️ | / |
|
|
||||||
| `include_interface` | ✖️ | No permission |
|
|
||||||
| `exclude_interface` | ✖️ | No permission |
|
|
||||||
| `include_uid` | ✖️ | No permission |
|
|
||||||
| `exclude_uid` | ✖️ | No permission |
|
|
||||||
| `include_android_user` | ✖️ | No permission |
|
|
||||||
| `include_package` | ✔️ | / |
|
|
||||||
| `exclude_package` | ✔️ | / |
|
|
||||||
| `platform` | ✔️ | / |
|
|
||||||
|
|
||||||
### Override
|
|
||||||
|
|
||||||
Overrides profile configuration items with platform-specific values.
|
|
||||||
|
|
||||||
#### Per-app proxy
|
|
||||||
|
|
||||||
SFA allows you to select a list of Android apps that require proxying or bypassing in the graphical interface to
|
|
||||||
override the `include_package` and `exclude_package` configuration items.
|
|
||||||
|
|
||||||
In particular, the selector also provides the “China apps” scanning feature, providing Chinese users with an excellent
|
|
||||||
experience to bypass apps that do not require a proxy. Specifically, by scanning China application or SDK
|
|
||||||
characteristics through dex class path and other means, there will be almost no missed reports.
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
* The working directory is located at `/sdcard/Android/data/io.nekohasekai.sfa/files` (External files directory)
|
|
||||||
* Crash logs is located in `$working_directory/stderr.log`
|
|
||||||
@@ -1,18 +0,0 @@
|
|||||||
# :material-android: sing-box for Android
|
|
||||||
|
|
||||||
SFA allows users to manage and run local or remote sing-box configuration files, and provides
|
|
||||||
platform-specific function implementation, such as TUN transparent proxy implementation.
|
|
||||||
|
|
||||||
## :material-graph: Requirements
|
|
||||||
|
|
||||||
* Android 5.0+
|
|
||||||
|
|
||||||
## :material-download: Download
|
|
||||||
|
|
||||||
* [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
|
|
||||||
* [Play Store (Beta)](https://play.google.com/apps/testing/io.nekohasekai.sfa)
|
|
||||||
* [Github Releases](https://github.com/SagerNet/sing-box/releases)
|
|
||||||
|
|
||||||
## :material-source-repository: Source code
|
|
||||||
|
|
||||||
* [Github](https://github.com/SagerNet/sing-box-for-android)
|
|
||||||
@@ -1,42 +0,0 @@
|
|||||||
# :material-decagram: Features
|
|
||||||
|
|
||||||
#### UI options
|
|
||||||
|
|
||||||
* Always On
|
|
||||||
* Include All Networks (Proxy traffic for LAN and cellular services)
|
|
||||||
* (Apple tvOS) Import profile from iPhone/iPad
|
|
||||||
|
|
||||||
#### Service
|
|
||||||
|
|
||||||
SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application Extension or System Extension.
|
|
||||||
|
|
||||||
#### TUN
|
|
||||||
|
|
||||||
SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension.
|
|
||||||
|
|
||||||
| TUN inbound option | Available | Note |
|
|
||||||
|-------------------------------|-----------|-------------------|
|
|
||||||
| `interface_name` | ✖️ | Managed by Darwin |
|
|
||||||
| `inet4_address` | ✔️ | / |
|
|
||||||
| `inet6_address` | ✔️ | / |
|
|
||||||
| `mtu` | ✔️ | / |
|
|
||||||
| `auto_route` | ✔️ | / |
|
|
||||||
| `strict_route` | ✖️ | Not implemented |
|
|
||||||
| `inet4_route_address` | ✔️ | / |
|
|
||||||
| `inet6_route_address` | ✔️ | / |
|
|
||||||
| `inet4_route_exclude_address` | ✔️ | / |
|
|
||||||
| `inet6_route_exclude_address` | ✔️ | / |
|
|
||||||
| `endpoint_independent_nat` | ✔️ | / |
|
|
||||||
| `stack` | ✔️ | / |
|
|
||||||
| `include_interface` | ✖️ | Not implemented |
|
|
||||||
| `exclude_interface` | ✖️ | Not implemented |
|
|
||||||
| `include_uid` | ✖️ | Not implemented |
|
|
||||||
| `exclude_uid` | ✖️ | Not implemented |
|
|
||||||
| `include_android_user` | ✖️ | Not implemented |
|
|
||||||
| `include_package` | ✖️ | Not implemented |
|
|
||||||
| `exclude_package` | ✖️ | Not implemented |
|
|
||||||
| `platform` | ✔️ | / |
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
* Crash logs is located in `Settings` -> `View Service Log`
|
|
||||||
@@ -1,18 +0,0 @@
|
|||||||
# :material-apple: sing-box for Apple platforms
|
|
||||||
|
|
||||||
SFI/SFM/SFT allows users to manage and run local or remote sing-box configuration files, and provides
|
|
||||||
platform-specific function implementation, such as TUN transparent proxy implementation.
|
|
||||||
|
|
||||||
## :material-graph: Requirements
|
|
||||||
|
|
||||||
* iOS 15.0+ / macOS 13.0+ / Apple tvOS 17.0+
|
|
||||||
* An Apple account outside of mainland China
|
|
||||||
|
|
||||||
## :material-download: Download
|
|
||||||
|
|
||||||
* [AppStore](https://apps.apple.com/us/app/sing-box/id6451272673)
|
|
||||||
* [TestFlight (Beta)](https://testflight.apple.com/join/AcqO44FH)
|
|
||||||
|
|
||||||
## :material-source-repository: Source code
|
|
||||||
|
|
||||||
* [Github](https://github.com/SagerNet/sing-box-for-apple)
|
|
||||||
@@ -1,59 +0,0 @@
|
|||||||
# :material-pencil-ruler: General
|
|
||||||
|
|
||||||
Describes and explains the functions implemented uniformly by sing-box graphical clients.
|
|
||||||
|
|
||||||
### Profile
|
|
||||||
|
|
||||||
Profile describes a sing-box configuration file and its state.
|
|
||||||
|
|
||||||
#### Local
|
|
||||||
|
|
||||||
* Local Profile represents a local sing-box configuration with minimal state
|
|
||||||
* The graphical client must provide an editor to modify configuration content
|
|
||||||
|
|
||||||
#### iCloud (on iOS and macOS)
|
|
||||||
|
|
||||||
* iCloud Profile represents a remote sing-box configuration with iCloud as the update source
|
|
||||||
* The configuration file is stored in the sing-box folder under iCloud
|
|
||||||
* The graphical client must provide an editor to modify configuration content
|
|
||||||
|
|
||||||
#### Remote
|
|
||||||
|
|
||||||
* Remote Profile represents a remote sing-box configuration with a URL as the update source.
|
|
||||||
* The graphical client should provide a configuration content viewer
|
|
||||||
* The graphical client must implement automatic profile update (default interval is 60 minutes) and HTTP Basic
|
|
||||||
authorization.
|
|
||||||
|
|
||||||
At the same time, the graphical client must provide support for importing remote profiles
|
|
||||||
through a specific URL Scheme. The URL is defined as follows:
|
|
||||||
|
|
||||||
```
|
|
||||||
sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName
|
|
||||||
```
|
|
||||||
|
|
||||||
### Dashboard
|
|
||||||
|
|
||||||
While the sing-box service is running, the graphical client should provide a Dashboard interface to manage the service.
|
|
||||||
|
|
||||||
#### Status
|
|
||||||
|
|
||||||
Dashboard should display status information such as memory, connection, and traffic.
|
|
||||||
|
|
||||||
#### Mode
|
|
||||||
|
|
||||||
Dashboard should provide a Mode selector for switching when the configuration uses at least two `clash_mode` values.
|
|
||||||
|
|
||||||
#### Groups
|
|
||||||
|
|
||||||
When the configuration includes group outbounds (specifically, Selector or URLTest),
|
|
||||||
the dashboard should provide a Group selector for status display or switching.
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
#### Core
|
|
||||||
|
|
||||||
Graphical clients should provide a Core region:
|
|
||||||
|
|
||||||
* Display the current sing-box version
|
|
||||||
* Provides a button to clean the working directory
|
|
||||||
* Provides a memory limiter switch
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
# :material-cellphone-link: Graphical Clients
|
|
||||||
|
|
||||||
Maintained by Project S to provide a unified experience and platform-specific functionality.
|
|
||||||
|
|
||||||
| Platform | Client |
|
|
||||||
|---------------------------------------|-----------------------------------------|
|
|
||||||
| :material-android: Android | [sing-box for Android](./android) |
|
|
||||||
| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
|
|
||||||
| TODO | / |
|
|
||||||
|
|
||||||
Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core
|
|
||||||
motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN
|
|
||||||
client features, the code is usually of poor quality and contains ads.
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
# :material-cellphone-link: 图形界面客户端
|
|
||||||
|
|
||||||
由 Project S 维护,提供统一的体验与平台特定的功能。
|
|
||||||
|
|
||||||
| 平台 | 客户端 |
|
|
||||||
|---------------------------------------|-----------------------------------------|
|
|
||||||
| :material-android: Android | [sing-box for Android](./android) |
|
|
||||||
| :material-apple: iOS/macOS/Apple tvOS | [sing-box for Apple platforms](./apple) |
|
|
||||||
| TODO | / |
|
|
||||||
|
|
||||||
此处没有列出一些声称使用或以 sing-box 为卖点的第三方项目。此类项目维护者的动机是获得更多用户,即使它们提供友好的商业
|
|
||||||
VPN 客户端功能, 但代码质量很差且包含广告。
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
# :material-security: Privacy policy
|
|
||||||
|
|
||||||
sing-box and official graphics clients do not collect or share personal data,
|
|
||||||
and the data generated by the software is always on your device.
|
|
||||||
@@ -49,7 +49,7 @@ The address of the dns server.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC and HTTP3 transport is not included by default, see [Installation](./#installation).
|
QUIC and HTTP3 transport is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! info ""
|
!!! info ""
|
||||||
|
|
||||||
@@ -57,7 +57,7 @@ The address of the dns server.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
DHCP transport is not included by default, see [Installation](./#installation).
|
DHCP transport is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
| RCode | Description |
|
| RCode | Description |
|
||||||
|-------------------|-----------------------|
|
|-------------------|-----------------------|
|
||||||
|
|||||||
@@ -46,7 +46,7 @@
|
|||||||
|
|
||||||
!!! error ""
|
!!! error ""
|
||||||
|
|
||||||
Clash API is not included by default, see [Installation](./#installation).
|
Clash API is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
#### external_controller
|
#### external_controller
|
||||||
|
|
||||||
@@ -112,7 +112,7 @@ If not empty, `store_selected` will use a separate store keyed by it.
|
|||||||
|
|
||||||
!!! error ""
|
!!! error ""
|
||||||
|
|
||||||
V2Ray API is not included by default, see [Installation](./#installation).
|
V2Ray API is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
#### listen
|
#### listen
|
||||||
|
|
||||||
|
|||||||
@@ -31,7 +31,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC, which is required by hysteria is not included by default, see [Installation](./#installation).
|
QUIC, which is required by hysteria is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Listen Fields
|
### Listen Fields
|
||||||
|
|
||||||
|
|||||||
@@ -4,8 +4,8 @@
|
|||||||
{
|
{
|
||||||
"type": "hysteria2",
|
"type": "hysteria2",
|
||||||
"tag": "hy2-in",
|
"tag": "hy2-in",
|
||||||
...
|
|
||||||
// Listen Fields
|
... // Listen Fields
|
||||||
|
|
||||||
"up_mbps": 100,
|
"up_mbps": 100,
|
||||||
"down_mbps": 100,
|
"down_mbps": 100,
|
||||||
@@ -28,14 +28,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation).
|
QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! warning "Difference from official Hysteria2"
|
|
||||||
|
|
||||||
The official program supports an authentication method called **userpass**,
|
|
||||||
which essentially uses a combination of `<username>:<password>` as the actual password,
|
|
||||||
while sing-box does not provide this alias.
|
|
||||||
To use sing-box with the official program, you need to fill in that combination as the actual password.
|
|
||||||
|
|
||||||
### Listen Fields
|
### Listen Fields
|
||||||
|
|
||||||
|
|||||||
@@ -4,8 +4,8 @@
|
|||||||
{
|
{
|
||||||
"type": "hysteria2",
|
"type": "hysteria2",
|
||||||
"tag": "hy2-in",
|
"tag": "hy2-in",
|
||||||
...
|
|
||||||
// 监听字段
|
... // 监听字段
|
||||||
|
|
||||||
"up_mbps": 100,
|
"up_mbps": 100,
|
||||||
"down_mbps": 100,
|
"down_mbps": 100,
|
||||||
@@ -30,12 +30,6 @@
|
|||||||
|
|
||||||
默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。
|
默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。
|
||||||
|
|
||||||
!!! warning "与官方 Hysteria2 的区别"
|
|
||||||
|
|
||||||
官方程序支持一种名为 **userpass** 的验证方式,
|
|
||||||
本质上上是将用户名与密码的组合 `<username>:<password>` 作为实际上的密码,而 sing-box 不提供此别名。
|
|
||||||
要将 sing-box 与官方程序一起使用, 您需要填写该组合作为实际密码。
|
|
||||||
|
|
||||||
### 监听字段
|
### 监听字段
|
||||||
|
|
||||||
参阅 [监听字段](/zh/configuration/shared/listen/)。
|
参阅 [监听字段](/zh/configuration/shared/listen/)。
|
||||||
@@ -68,7 +62,7 @@ Hysteria 用户
|
|||||||
|
|
||||||
#### ignore_client_bandwidth
|
#### ignore_client_bandwidth
|
||||||
|
|
||||||
命令客户端使用 BBR 拥塞控制算法而不是 Hysteria CC。
|
命令客户端使用 BBR 流量控制算法而不是 Hysteria CC。
|
||||||
|
|
||||||
与 `up_mbps` 和 `down_mbps` 冲突。
|
与 `up_mbps` 和 `down_mbps` 冲突。
|
||||||
|
|
||||||
|
|||||||
@@ -20,7 +20,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
HTTP3 transport is not included by default, see [Installation](./#installation).
|
HTTP3 transport is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Listen Fields
|
### Listen Fields
|
||||||
|
|
||||||
|
|||||||
@@ -8,8 +8,7 @@
|
|||||||
... // Listen Fields
|
... // Listen Fields
|
||||||
|
|
||||||
"method": "2022-blake3-aes-128-gcm",
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
"multiplex": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -24,8 +23,7 @@
|
|||||||
"name": "sekai",
|
"name": "sekai",
|
||||||
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"multiplex": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -43,8 +41,7 @@
|
|||||||
"server_port": 8080,
|
"server_port": 8080,
|
||||||
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"multiplex": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -85,7 +82,3 @@ Both if empty.
|
|||||||
| none | / |
|
| none | / |
|
||||||
| 2022 methods | `sing-box generate rand --base64 <Key Length>` |
|
| 2022 methods | `sing-box generate rand --base64 <Key Length>` |
|
||||||
| other methods | any string |
|
| other methods | any string |
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#inbound) for details.
|
|
||||||
|
|||||||
@@ -8,8 +8,7 @@
|
|||||||
... // 监听字段
|
... // 监听字段
|
||||||
|
|
||||||
"method": "2022-blake3-aes-128-gcm",
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
"multiplex": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -24,8 +23,7 @@
|
|||||||
"name": "sekai",
|
"name": "sekai",
|
||||||
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"multiplex": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -43,8 +41,7 @@
|
|||||||
"server_port": 8080,
|
"server_port": 8080,
|
||||||
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
"password": "PCD2Z4o12bKUoFa3cC97Hw=="
|
||||||
}
|
}
|
||||||
],
|
]
|
||||||
"multiplex": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -84,8 +81,4 @@ See [Listen Fields](/configuration/shared/listen) for details.
|
|||||||
|---------------|------------------------------------------|
|
|---------------|------------------------------------------|
|
||||||
| none | / |
|
| none | / |
|
||||||
| 2022 methods | `sing-box generate rand --base64 <密钥长度>` |
|
| 2022 methods | `sing-box generate rand --base64 <密钥长度>` |
|
||||||
| other methods | 任意字符串 |
|
| other methods | 任意字符串 |
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
|
|
||||||
@@ -24,7 +24,6 @@
|
|||||||
"server_port": 8081
|
"server_port": 8081
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"multiplex": {},
|
|
||||||
"transport": {}
|
"transport": {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -59,10 +58,6 @@ Fallback server configuration for specified ALPN.
|
|||||||
|
|
||||||
If not empty, TLS fallback requests with ALPN not in this table will be rejected.
|
If not empty, TLS fallback requests with ALPN not in this table will be rejected.
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#inbound) for details.
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
||||||
|
|||||||
@@ -24,7 +24,6 @@
|
|||||||
"server_port": 8081
|
"server_port": 8081
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"multiplex": {},
|
|
||||||
"transport": {}
|
"transport": {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -61,10 +60,6 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
|
|||||||
|
|
||||||
如果不为空,ALPN 不在此列表中的 TLS 回退请求将被拒绝。
|
如果不为空,ALPN 不在此列表中的 TLS 回退请求将被拒绝。
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
||||||
@@ -24,7 +24,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC, which is required by TUIC is not included by default, see [Installation](./#installation).
|
QUIC, which is required by TUIC is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Listen Fields
|
### Listen Fields
|
||||||
|
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ TUIC 用户密码
|
|||||||
|
|
||||||
#### congestion_control
|
#### congestion_control
|
||||||
|
|
||||||
QUIC 拥塞控制算法
|
QUIC 流量控制算法
|
||||||
|
|
||||||
可选值: `cubic`, `new_reno`, `bbr`
|
可选值: `cubic`, `new_reno`, `bbr`
|
||||||
|
|
||||||
|
|||||||
@@ -22,12 +22,6 @@
|
|||||||
"::/1",
|
"::/1",
|
||||||
"8000::/1"
|
"8000::/1"
|
||||||
],
|
],
|
||||||
"inet4_route_exclude_address": [
|
|
||||||
"192.168.0.0/16"
|
|
||||||
],
|
|
||||||
"inet6_route_exclude_address": [
|
|
||||||
"fc00::/7"
|
|
||||||
],
|
|
||||||
"endpoint_independent_nat": false,
|
"endpoint_independent_nat": false,
|
||||||
"stack": "system",
|
"stack": "system",
|
||||||
"include_interface": [
|
"include_interface": [
|
||||||
@@ -136,14 +130,6 @@ Use custom routes instead of default when `auto_route` is enabled.
|
|||||||
|
|
||||||
Use custom routes instead of default when `auto_route` is enabled.
|
Use custom routes instead of default when `auto_route` is enabled.
|
||||||
|
|
||||||
#### inet4_route_exclude_address
|
|
||||||
|
|
||||||
Exclude custom routes when `auto_route` is enabled.
|
|
||||||
|
|
||||||
#### inet6_route_exclude_address
|
|
||||||
|
|
||||||
Exclude custom routes when `auto_route` is enabled.
|
|
||||||
|
|
||||||
#### endpoint_independent_nat
|
#### endpoint_independent_nat
|
||||||
|
|
||||||
!!! info ""
|
!!! info ""
|
||||||
@@ -171,7 +157,7 @@ TCP/IP stack.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
gVisor and LWIP stacks is not included by default, see [Installation](./#installation).
|
gVisor and LWIP stacks is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
#### include_interface
|
#### include_interface
|
||||||
|
|
||||||
|
|||||||
@@ -22,12 +22,6 @@
|
|||||||
"::/1",
|
"::/1",
|
||||||
"8000::/1"
|
"8000::/1"
|
||||||
],
|
],
|
||||||
"inet4_route_exclude_address": [
|
|
||||||
"192.168.0.0/16"
|
|
||||||
],
|
|
||||||
"inet6_route_exclude_address": [
|
|
||||||
"fc00::/7"
|
|
||||||
],
|
|
||||||
"endpoint_independent_nat": false,
|
"endpoint_independent_nat": false,
|
||||||
"stack": "system",
|
"stack": "system",
|
||||||
"include_interface": [
|
"include_interface": [
|
||||||
@@ -137,14 +131,6 @@ tun 接口的 IPv6 前缀。
|
|||||||
|
|
||||||
启用 `auto_route` 时使用自定义路由而不是默认路由。
|
启用 `auto_route` 时使用自定义路由而不是默认路由。
|
||||||
|
|
||||||
#### inet4_route_exclude_address
|
|
||||||
|
|
||||||
启用 `auto_route` 时排除自定义路由。
|
|
||||||
|
|
||||||
#### inet6_route_exclude_address
|
|
||||||
|
|
||||||
启用 `auto_route` 时排除自定义路由。
|
|
||||||
|
|
||||||
#### endpoint_independent_nat
|
#### endpoint_independent_nat
|
||||||
|
|
||||||
启用独立于端点的 NAT。
|
启用独立于端点的 NAT。
|
||||||
|
|||||||
@@ -15,7 +15,6 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"multiplex": {},
|
|
||||||
"transport": {}
|
"transport": {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -50,10 +49,6 @@ Available values:
|
|||||||
|
|
||||||
TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
|
TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#inbound) for details.
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
||||||
|
|||||||
@@ -15,7 +15,6 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"multiplex": {},
|
|
||||||
"transport": {}
|
"transport": {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -50,10 +49,6 @@ VLESS 子协议。
|
|||||||
|
|
||||||
TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
|
TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
||||||
|
|||||||
@@ -15,7 +15,6 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"multiplex": {},
|
|
||||||
"transport": {}
|
"transport": {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -45,10 +44,6 @@ VMess users.
|
|||||||
|
|
||||||
TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
|
TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#inbound) for details.
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
||||||
|
|||||||
@@ -15,7 +15,6 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"multiplex": {},
|
|
||||||
"transport": {}
|
"transport": {}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@@ -45,10 +44,6 @@ VMess 用户。
|
|||||||
|
|
||||||
TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
|
TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#inbound)。
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
||||||
|
|||||||
@@ -26,7 +26,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC, which is required by hysteria is not included by default, see [Installation](./#installation).
|
QUIC, which is required by hysteria is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
|
|||||||
@@ -24,15 +24,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC, which is required by Hysteria2 is not included by default, see [Installation](./#installation).
|
QUIC, which is required by Hysteria2 is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! warning "Difference from official Hysteria2"
|
|
||||||
|
|
||||||
The official Hysteria2 supports an authentication method called **userpass**,
|
|
||||||
which essentially uses a combination of `<username>:<password>` as the actual password,
|
|
||||||
while sing-box does not provide this alias.
|
|
||||||
If you are planning to use sing-box with the official program,
|
|
||||||
please note that you will need to fill the combination as the password.
|
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
|
|||||||
@@ -26,12 +26,6 @@
|
|||||||
|
|
||||||
默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。
|
默认安装不包含被 Hysteria2 依赖的 QUIC,参阅 [安装](/zh/#_2)。
|
||||||
|
|
||||||
!!! warning "与官方 Hysteria2 的区别"
|
|
||||||
|
|
||||||
官方程序支持一种名为 **userpass** 的验证方式,
|
|
||||||
本质上上是将用户名与密码的组合 `<username>:<password>` 作为实际上的密码,而 sing-box 不提供此别名。
|
|
||||||
要将 sing-box 与官方程序一起使用, 您需要填写该组合作为实际密码。
|
|
||||||
|
|
||||||
### 字段
|
### 字段
|
||||||
|
|
||||||
#### server
|
#### server
|
||||||
@@ -50,7 +44,7 @@
|
|||||||
|
|
||||||
最大带宽。
|
最大带宽。
|
||||||
|
|
||||||
如果为空,将使用 BBR 拥塞控制算法而不是 Hysteria CC。
|
如果为空,将使用 BBR 流量控制算法而不是 Hysteria CC。
|
||||||
|
|
||||||
#### obfs.type
|
#### obfs.type
|
||||||
|
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ Conflict with `multiplex`.
|
|||||||
|
|
||||||
#### multiplex
|
#### multiplex
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#outbound) for details.
|
Multiplex configuration, see [Multiplex](/configuration/shared/multiplex).
|
||||||
|
|
||||||
### Dial Fields
|
### Dial Fields
|
||||||
|
|
||||||
|
|||||||
@@ -95,7 +95,7 @@ UDP over TCP 配置。
|
|||||||
|
|
||||||
#### multiplex
|
#### multiplex
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
|
多路复用配置, 参阅 [多路复用](/zh/configuration/shared/multiplex)。
|
||||||
|
|
||||||
### 拨号字段
|
### 拨号字段
|
||||||
|
|
||||||
|
|||||||
@@ -25,7 +25,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
ShadowsocksR is not included by default, see [Installation](./#installation).
|
ShadowsocksR is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,7 @@
|
|||||||
|
|
||||||
!!! info ""
|
!!! info ""
|
||||||
|
|
||||||
Embedded tor is not included by default, see [Installation](./#installation).
|
Embedded tor is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#outbound).
|
|||||||
|
|
||||||
#### multiplex
|
#### multiplex
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#outbound) for details.
|
Multiplex configuration, see [Multiplex](/configuration/shared/multiplex).
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#outbound)。
|
|||||||
|
|
||||||
#### multiplex
|
#### multiplex
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
|
多路复用配置, 参阅 [多路复用](/zh/configuration/shared/multiplex)。
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
|
|||||||
@@ -23,7 +23,7 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC, which is required by TUIC is not included by default, see [Installation](./#installation).
|
QUIC, which is required by TUIC is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ TUIC 用户密码
|
|||||||
|
|
||||||
#### congestion_control
|
#### congestion_control
|
||||||
|
|
||||||
QUIC 拥塞控制算法
|
QUIC 流量控制算法
|
||||||
|
|
||||||
可选值: `cubic`, `new_reno`, `bbr`
|
可选值: `cubic`, `new_reno`, `bbr`
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,6 @@
|
|||||||
"network": "tcp",
|
"network": "tcp",
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"packet_encoding": "",
|
"packet_encoding": "",
|
||||||
"multiplex": {},
|
|
||||||
"transport": {},
|
"transport": {},
|
||||||
|
|
||||||
... // Dial Fields
|
... // Dial Fields
|
||||||
@@ -69,10 +68,6 @@ UDP packet encoding, xudp is used by default.
|
|||||||
| packetaddr | Supported by v2ray 5+ |
|
| packetaddr | Supported by v2ray 5+ |
|
||||||
| xudp | Supported by xray |
|
| xudp | Supported by xray |
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#outbound) for details.
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
V2Ray Transport configuration, see [V2Ray Transport](/configuration/shared/v2ray-transport).
|
||||||
|
|||||||
@@ -12,7 +12,6 @@
|
|||||||
"network": "tcp",
|
"network": "tcp",
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"packet_encoding": "",
|
"packet_encoding": "",
|
||||||
"multiplex": {},
|
|
||||||
"transport": {},
|
"transport": {},
|
||||||
|
|
||||||
... // 拨号字段
|
... // 拨号字段
|
||||||
@@ -69,10 +68,6 @@ UDP 包编码,默认使用 xudp。
|
|||||||
| packetaddr | 由 v2ray 5+ 支持 |
|
| packetaddr | 由 v2ray 5+ 支持 |
|
||||||
| xudp | 由 xray 支持 |
|
| xudp | 由 xray 支持 |
|
||||||
|
|
||||||
#### multiplex
|
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
|
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
V2Ray 传输配置,参阅 [V2Ray 传输层](/zh/configuration/shared/v2ray-transport)。
|
||||||
|
|||||||
@@ -15,8 +15,8 @@
|
|||||||
"network": "tcp",
|
"network": "tcp",
|
||||||
"tls": {},
|
"tls": {},
|
||||||
"packet_encoding": "",
|
"packet_encoding": "",
|
||||||
"transport": {},
|
|
||||||
"multiplex": {},
|
"multiplex": {},
|
||||||
|
"transport": {},
|
||||||
|
|
||||||
... // Dial Fields
|
... // Dial Fields
|
||||||
}
|
}
|
||||||
@@ -96,7 +96,7 @@ UDP packet encoding.
|
|||||||
|
|
||||||
#### multiplex
|
#### multiplex
|
||||||
|
|
||||||
See [Multiplex](/configuration/shared/multiplex#outbound) for details.
|
Multiplex configuration, see [Multiplex](/configuration/shared/multiplex).
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
|
|||||||
@@ -96,7 +96,7 @@ UDP 包编码。
|
|||||||
|
|
||||||
#### multiplex
|
#### multiplex
|
||||||
|
|
||||||
参阅 [多路复用](/zh/configuration/shared/multiplex#outbound)。
|
多路复用配置, 参阅 [多路复用](/zh/configuration/shared/multiplex)。
|
||||||
|
|
||||||
#### transport
|
#### transport
|
||||||
|
|
||||||
|
|||||||
@@ -38,11 +38,11 @@
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
WireGuard is not included by default, see [Installation](./#installation).
|
WireGuard is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](./#installation).
|
gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
|
|||||||
@@ -28,7 +28,7 @@
|
|||||||
|
|
||||||
#### final
|
#### final
|
||||||
|
|
||||||
默认出站标签。如果为空,将使用第一个可用于对应协议的出站。
|
默认出站标签。如果未空,将使用第一个可用于对应协议的出站。
|
||||||
|
|
||||||
#### auto_detect_interface
|
#### auto_detect_interface
|
||||||
|
|
||||||
@@ -66,4 +66,4 @@
|
|||||||
|
|
||||||
默认为出站连接设置路由标记。
|
默认为出站连接设置路由标记。
|
||||||
|
|
||||||
如果设置了 `outbound.routing_mark` 设置,则不生效。
|
如果设置了 `outbound.routing_mark` 设置,则不生效。
|
||||||
@@ -7,26 +7,28 @@
|
|||||||
"tcp_fast_open": false,
|
"tcp_fast_open": false,
|
||||||
"tcp_multi_path": false,
|
"tcp_multi_path": false,
|
||||||
"udp_fragment": false,
|
"udp_fragment": false,
|
||||||
"udp_timeout": 300,
|
|
||||||
"detour": "another-in",
|
|
||||||
"sniff": false,
|
"sniff": false,
|
||||||
"sniff_override_destination": false,
|
"sniff_override_destination": false,
|
||||||
"sniff_timeout": "300ms",
|
"sniff_timeout": "300ms",
|
||||||
"domain_strategy": "prefer_ipv6",
|
"domain_strategy": "prefer_ipv6",
|
||||||
"udp_disable_domain_unmapping": false
|
"udp_timeout": 300,
|
||||||
|
"proxy_protocol": false,
|
||||||
|
"proxy_protocol_accept_no_header": false,
|
||||||
|
"detour": "another-in"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Fields
|
### Fields
|
||||||
|
|
||||||
| Field | Available Context |
|
| Field | Available Context |
|
||||||
|--------------------------------|-------------------------------------------------------------------|
|
|-----------------------------------|-------------------------------------------------------------------|
|
||||||
| `listen` | Needs to listen on TCP or UDP. |
|
| `listen` | Needs to listen on TCP or UDP. |
|
||||||
| `listen_port` | Needs to listen on TCP or UDP. |
|
| `listen_port` | Needs to listen on TCP or UDP. |
|
||||||
| `tcp_fast_open` | Needs to listen on TCP. |
|
| `tcp_fast_open` | Needs to listen on TCP. |
|
||||||
| `tcp_multi_path` | Needs to listen on TCP. |
|
| `tcp_multi_path` | Needs to listen on TCP. |
|
||||||
| `udp_timeout` | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
|
| `udp_timeout` | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
|
||||||
| `udp_disable_domain_unmapping` | Needs to listen on UDP and accept domain UDP addresses. |
|
| `proxy_protocol` | Needs to listen on TCP. |
|
||||||
|
| `proxy_protocol_accept_no_header` | When `proxy_protocol` enabled |
|
||||||
|
|
||||||
#### listen
|
#### listen
|
||||||
|
|
||||||
@@ -54,16 +56,6 @@ Enable TCP Multi Path.
|
|||||||
|
|
||||||
Enable UDP fragmentation.
|
Enable UDP fragmentation.
|
||||||
|
|
||||||
#### udp_timeout
|
|
||||||
|
|
||||||
UDP NAT expiration time in seconds, default is 300 (5 minutes).
|
|
||||||
|
|
||||||
#### detour
|
|
||||||
|
|
||||||
If set, connections will be forwarded to the specified inbound.
|
|
||||||
|
|
||||||
Requires target inbound support, see [Injectable](/configuration/inbound/#fields).
|
|
||||||
|
|
||||||
#### sniff
|
#### sniff
|
||||||
|
|
||||||
Enable sniffing.
|
Enable sniffing.
|
||||||
@@ -90,10 +82,20 @@ If set, the requested domain name will be resolved to IP before routing.
|
|||||||
|
|
||||||
If `sniff_override_destination` is in effect, its value will be taken as a fallback.
|
If `sniff_override_destination` is in effect, its value will be taken as a fallback.
|
||||||
|
|
||||||
#### udp_disable_domain_unmapping
|
#### udp_timeout
|
||||||
|
|
||||||
If enabled, for UDP proxy requests addressed to a domain,
|
UDP NAT expiration time in seconds, default is 300 (5 minutes).
|
||||||
the original packet address will be sent in the response instead of the mapped domain.
|
|
||||||
|
|
||||||
This option is used for compatibility with clients that
|
#### proxy_protocol
|
||||||
do not support receiving UDP packets with domain addresses, such as Surge.
|
|
||||||
|
Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header.
|
||||||
|
|
||||||
|
#### proxy_protocol_accept_no_header
|
||||||
|
|
||||||
|
Accept connections without Proxy Protocol header.
|
||||||
|
|
||||||
|
#### detour
|
||||||
|
|
||||||
|
If set, connections will be forwarded to the specified inbound.
|
||||||
|
|
||||||
|
Requires target inbound support, see [Injectable](/configuration/inbound/#fields).
|
||||||
@@ -7,13 +7,14 @@
|
|||||||
"tcp_fast_open": false,
|
"tcp_fast_open": false,
|
||||||
"tcp_multi_path": false,
|
"tcp_multi_path": false,
|
||||||
"udp_fragment": false,
|
"udp_fragment": false,
|
||||||
"udp_timeout": 300,
|
|
||||||
"detour": "another-in",
|
|
||||||
"sniff": false,
|
"sniff": false,
|
||||||
"sniff_override_destination": false,
|
"sniff_override_destination": false,
|
||||||
"sniff_timeout": "300ms",
|
"sniff_timeout": "300ms",
|
||||||
"domain_strategy": "prefer_ipv6",
|
"domain_strategy": "prefer_ipv6",
|
||||||
"udp_disable_domain_unmapping": false
|
"udp_timeout": 300,
|
||||||
|
"proxy_protocol": false,
|
||||||
|
"proxy_protocol_accept_no_header": false,
|
||||||
|
"detour": "another-in"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -25,7 +26,8 @@
|
|||||||
| `tcp_fast_open` | 需要监听 TCP。 |
|
| `tcp_fast_open` | 需要监听 TCP。 |
|
||||||
| `tcp_multi_path` | 需要监听 TCP。 |
|
| `tcp_multi_path` | 需要监听 TCP。 |
|
||||||
| `udp_timeout` | 需要组装 UDP 连接, 当前为 Tun 和 Shadowsocks。 |
|
| `udp_timeout` | 需要组装 UDP 连接, 当前为 Tun 和 Shadowsocks。 |
|
||||||
|
|
| `proxy_protocol` | 需要监听 TCP。 |
|
||||||
|
| `proxy_protocol_accept_no_header` | `proxy_protocol` 启用时 |
|
||||||
|
|
||||||
### 字段
|
### 字段
|
||||||
|
|
||||||
@@ -55,16 +57,6 @@
|
|||||||
|
|
||||||
启用 UDP 分段。
|
启用 UDP 分段。
|
||||||
|
|
||||||
#### udp_timeout
|
|
||||||
|
|
||||||
UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。
|
|
||||||
|
|
||||||
#### detour
|
|
||||||
|
|
||||||
如果设置,连接将被转发到指定的入站。
|
|
||||||
|
|
||||||
需要目标入站支持,参阅 [注入支持](/zh/configuration/inbound/#_3)。
|
|
||||||
|
|
||||||
#### sniff
|
#### sniff
|
||||||
|
|
||||||
启用协议探测。
|
启用协议探测。
|
||||||
@@ -91,8 +83,20 @@ UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。
|
|||||||
|
|
||||||
如果 `sniff_override_destination` 生效,它的值将作为后备。
|
如果 `sniff_override_destination` 生效,它的值将作为后备。
|
||||||
|
|
||||||
#### udp_disable_domain_unmapping
|
#### udp_timeout
|
||||||
|
|
||||||
如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
|
UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。
|
||||||
|
|
||||||
此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。
|
#### proxy_protocol
|
||||||
|
|
||||||
|
解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。
|
||||||
|
|
||||||
|
#### proxy_protocol_accept_no_header
|
||||||
|
|
||||||
|
接受没有代理协议标头的连接。
|
||||||
|
|
||||||
|
#### detour
|
||||||
|
|
||||||
|
如果设置,连接将被转发到指定的入站。
|
||||||
|
|
||||||
|
需要目标入站支持,参阅 [注入支持](/zh/configuration/inbound/#_3)。
|
||||||
@@ -1,14 +1,8 @@
|
|||||||
### Inbound
|
### Server Requirements
|
||||||
|
|
||||||
```json
|
`sing-box` :)
|
||||||
{
|
|
||||||
"enabled": true,
|
|
||||||
"padding": false,
|
|
||||||
"brutal": {}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Outbound
|
### Structure
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@@ -17,27 +11,11 @@
|
|||||||
"max_connections": 4,
|
"max_connections": 4,
|
||||||
"min_streams": 4,
|
"min_streams": 4,
|
||||||
"max_streams": 0,
|
"max_streams": 0,
|
||||||
"padding": false,
|
"padding": false
|
||||||
"brutal": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Fields
|
||||||
### Inbound Fields
|
|
||||||
|
|
||||||
#### enabled
|
|
||||||
|
|
||||||
Enable multiplex support.
|
|
||||||
|
|
||||||
#### padding
|
|
||||||
|
|
||||||
If enabled, non-padded connections will be rejected.
|
|
||||||
|
|
||||||
#### brutal
|
|
||||||
|
|
||||||
See [TCP Brutal](/configuration/shared/tcp-brutal) for details.
|
|
||||||
|
|
||||||
### Outbound Fields
|
|
||||||
|
|
||||||
#### enabled
|
#### enabled
|
||||||
|
|
||||||
@@ -81,6 +59,3 @@ Conflict with `max_connections` and `min_streams`.
|
|||||||
|
|
||||||
Enable padding.
|
Enable padding.
|
||||||
|
|
||||||
#### brutal
|
|
||||||
|
|
||||||
See [TCP Brutal](/configuration/shared/tcp-brutal) for details.
|
|
||||||
|
|||||||
@@ -1,14 +1,8 @@
|
|||||||
### 入站
|
### 服务器要求
|
||||||
|
|
||||||
```json
|
`sing-box` :)
|
||||||
{
|
|
||||||
"enabled": true,
|
|
||||||
"padding": false,
|
|
||||||
"brutal": {}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### 出站
|
### 结构
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@@ -16,27 +10,11 @@
|
|||||||
"protocol": "smux",
|
"protocol": "smux",
|
||||||
"max_connections": 4,
|
"max_connections": 4,
|
||||||
"min_streams": 4,
|
"min_streams": 4,
|
||||||
"max_streams": 0,
|
"max_streams": 0
|
||||||
"padding": false,
|
|
||||||
"brutal": {}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### 入站字段
|
### 字段
|
||||||
|
|
||||||
#### enabled
|
|
||||||
|
|
||||||
启用多路复用支持。
|
|
||||||
|
|
||||||
#### padding
|
|
||||||
|
|
||||||
如果启用,将拒绝非填充连接。
|
|
||||||
|
|
||||||
#### brutal
|
|
||||||
|
|
||||||
参阅 [TCP Brutal](/zh/configuration/shared/tcp-brutal)。
|
|
||||||
|
|
||||||
### 出站字段
|
|
||||||
|
|
||||||
#### enabled
|
#### enabled
|
||||||
|
|
||||||
@@ -80,6 +58,3 @@
|
|||||||
|
|
||||||
启用填充。
|
启用填充。
|
||||||
|
|
||||||
#### brutal
|
|
||||||
|
|
||||||
参阅 [TCP Brutal](/zh/configuration/shared/tcp-brutal)。
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
### Server Requirements
|
|
||||||
|
|
||||||
* Linux
|
|
||||||
* `brutal` congestion control algorithm kernel module installed
|
|
||||||
|
|
||||||
See [tcp-brutal](https://github.com/apernet/tcp-brutal) for details.
|
|
||||||
|
|
||||||
### Structure
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"enabled": true,
|
|
||||||
"up_mbps": 100,
|
|
||||||
"down_mbps": 100
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### Fields
|
|
||||||
|
|
||||||
#### enabled
|
|
||||||
|
|
||||||
Enable TCP Brutal congestion control algorithm。
|
|
||||||
|
|
||||||
#### up_mbps, down_mbps
|
|
||||||
|
|
||||||
==Required==
|
|
||||||
|
|
||||||
Upload and download bandwidth, in Mbps.
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
### 服务器要求
|
|
||||||
|
|
||||||
* Linux
|
|
||||||
* `brutal` 拥塞控制算法内核模块已安装
|
|
||||||
|
|
||||||
参阅 [tcp-brutal](https://github.com/apernet/tcp-brutal)。
|
|
||||||
|
|
||||||
### 结构
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"enabled": true,
|
|
||||||
"up_mbps": 100,
|
|
||||||
"down_mbps": 100
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
### 字段
|
|
||||||
|
|
||||||
#### enabled
|
|
||||||
|
|
||||||
启用 TCP Brutal 拥塞控制算法。
|
|
||||||
|
|
||||||
#### up_mbps, down_mbps
|
|
||||||
|
|
||||||
==必填==
|
|
||||||
|
|
||||||
上传和下载带宽,以 Mbps 为单位。
|
|
||||||
@@ -201,7 +201,7 @@ The path to the server private key, in PEM format.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
uTLS is not included by default, see [Installation](./#installation).
|
uTLS is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! note ""
|
!!! note ""
|
||||||
|
|
||||||
@@ -228,7 +228,7 @@ Chrome fingerprint will be used if empty.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
ECH is not included by default, see [Installation](./#installation).
|
ECH is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
|
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
|
||||||
message.
|
message.
|
||||||
@@ -280,7 +280,7 @@ If empty, load from DNS will be attempted.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
ACME is not included by default, see [Installation](./#installation).
|
ACME is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
#### domain
|
#### domain
|
||||||
|
|
||||||
@@ -359,11 +359,11 @@ See [DNS01 Challenge Fields](/configuration/shared/dns01_challenge) for details.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
reality server is not included by default, see [Installation](./#installation).
|
reality server is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
uTLS, which is required by reality client is not included by default, see [Installation](./#installation).
|
uTLS, which is required by reality client is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
#### handshake
|
#### handshake
|
||||||
|
|
||||||
|
|||||||
@@ -15,7 +15,6 @@ Available transports:
|
|||||||
* WebSocket
|
* WebSocket
|
||||||
* QUIC
|
* QUIC
|
||||||
* gRPC
|
* gRPC
|
||||||
* HTTPUpgrade
|
|
||||||
|
|
||||||
!!! warning "Difference from v2ray-core"
|
!!! warning "Difference from v2ray-core"
|
||||||
|
|
||||||
@@ -131,7 +130,7 @@ It needs to be consistent with the server.
|
|||||||
|
|
||||||
!!! warning ""
|
!!! warning ""
|
||||||
|
|
||||||
QUIC is not included by default, see [Installation](./#installation).
|
QUIC is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
!!! warning "Difference from v2ray-core"
|
!!! warning "Difference from v2ray-core"
|
||||||
|
|
||||||
@@ -142,7 +141,7 @@ It needs to be consistent with the server.
|
|||||||
|
|
||||||
!!! note ""
|
!!! note ""
|
||||||
|
|
||||||
standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](./#installation).
|
standard gRPC has good compatibility but poor performance and is not included by default, see [Installation](/#installation).
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@@ -185,32 +184,3 @@ In standard gRPC client:
|
|||||||
If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, `idle_timeout` and `ping_timeout` will be ignored and no keepalive pings will be sent.
|
If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, `idle_timeout` and `ping_timeout` will be ignored and no keepalive pings will be sent.
|
||||||
|
|
||||||
Disabled by default.
|
Disabled by default.
|
||||||
|
|
||||||
### HTTPUpgrade
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"type": "httpupgrade",
|
|
||||||
"host": "",
|
|
||||||
"path": "",
|
|
||||||
"headers": {}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
#### host
|
|
||||||
|
|
||||||
Host domain.
|
|
||||||
|
|
||||||
The server will verify if not empty.
|
|
||||||
|
|
||||||
#### path
|
|
||||||
|
|
||||||
Path of HTTP request.
|
|
||||||
|
|
||||||
The server will verify if not empty.
|
|
||||||
|
|
||||||
#### headers
|
|
||||||
|
|
||||||
Extra headers of HTTP request.
|
|
||||||
|
|
||||||
The server will write in response if not empty.
|
|
||||||
|
|||||||
@@ -14,7 +14,6 @@ V2Ray Transport 是 v2ray 发明的一组私有协议,并污染了其他协议
|
|||||||
* WebSocket
|
* WebSocket
|
||||||
* QUIC
|
* QUIC
|
||||||
* gRPC
|
* gRPC
|
||||||
* HTTPUpgrade
|
|
||||||
|
|
||||||
!!! warning "与 v2ray-core 的区别"
|
!!! warning "与 v2ray-core 的区别"
|
||||||
|
|
||||||
@@ -184,32 +183,3 @@ gRPC 服务名称。
|
|||||||
如果启用,客户端传输即使没有活动连接也会发送 keepalive ping。如果禁用,则在没有活动连接时,将忽略 `idle_timeout` 和 `ping_timeout`,并且不会发送 keepalive ping。
|
如果启用,客户端传输即使没有活动连接也会发送 keepalive ping。如果禁用,则在没有活动连接时,将忽略 `idle_timeout` 和 `ping_timeout`,并且不会发送 keepalive ping。
|
||||||
|
|
||||||
默认禁用。
|
默认禁用。
|
||||||
|
|
||||||
### HTTPUpgrade
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"type": "httpupgrade",
|
|
||||||
"host": "",
|
|
||||||
"path": "",
|
|
||||||
"headers": {}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
#### host
|
|
||||||
|
|
||||||
主机域名。
|
|
||||||
|
|
||||||
默认服务器将验证。
|
|
||||||
|
|
||||||
#### path
|
|
||||||
|
|
||||||
HTTP 请求路径
|
|
||||||
|
|
||||||
默认服务器将验证。
|
|
||||||
|
|
||||||
#### headers
|
|
||||||
|
|
||||||
HTTP 请求的额外标头。
|
|
||||||
|
|
||||||
默认服务器将写入响应。
|
|
||||||
|
|||||||
50
docs/contributing/environment.md
Normal file
50
docs/contributing/environment.md
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
# Development environment
|
||||||
|
|
||||||
|
#### For the documentation
|
||||||
|
|
||||||
|
##### Setup
|
||||||
|
|
||||||
|
You need to configure python3 and pip first.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
pip install mkdocs-material mkdocs-static-i18n
|
||||||
|
```
|
||||||
|
|
||||||
|
##### Run the site locally
|
||||||
|
|
||||||
|
```shell
|
||||||
|
mkdocs serve
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```shell
|
||||||
|
python3 -m mkdocs serve
|
||||||
|
```
|
||||||
|
|
||||||
|
#### For the project
|
||||||
|
|
||||||
|
By default you have the latest Go installed (currently 1.19), and added `GOPATH/bin` to the PATH environment variable.
|
||||||
|
|
||||||
|
##### Setup
|
||||||
|
|
||||||
|
```shell
|
||||||
|
make fmt_insalll
|
||||||
|
make lint_install
|
||||||
|
```
|
||||||
|
|
||||||
|
This installs the formatting and lint tools, which can be used via `make fmt` and `make lint`.
|
||||||
|
|
||||||
|
For ProtoBuffer changes, you also need `make proto_install` and `make proto`.
|
||||||
|
|
||||||
|
##### Build binary to the project directory
|
||||||
|
|
||||||
|
```shell
|
||||||
|
make
|
||||||
|
```
|
||||||
|
|
||||||
|
##### Install binary to GOPATH/bin
|
||||||
|
|
||||||
|
```shell
|
||||||
|
make install
|
||||||
|
```
|
||||||
17
docs/contributing/index.md
Normal file
17
docs/contributing/index.md
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
# Contributing to sing-box
|
||||||
|
|
||||||
|
An introduction to contributing to the sing-box project.
|
||||||
|
|
||||||
|
The sing-box project welcomes, and depends, on contributions from developers and users in the open source community.
|
||||||
|
Contributions can be made in a number of ways, a few examples are:
|
||||||
|
|
||||||
|
* Code patches via pull requests
|
||||||
|
* Documentation improvements
|
||||||
|
* Bug reports and patch reviews
|
||||||
|
|
||||||
|
### Reporting an Issue?
|
||||||
|
|
||||||
|
Please follow
|
||||||
|
the [issue template](https://github.com/SagerNet/sing-box/issues/new?assignees=&labels=&template=bug_report.yml) to
|
||||||
|
submit bugs. Always include **FULL** log content, especially if you don't understand the code that generates it.
|
||||||
|
|
||||||
67
docs/contributing/sub-projects.md
Normal file
67
docs/contributing/sub-projects.md
Normal file
@@ -0,0 +1,67 @@
|
|||||||
|
The sing-box uses the following projects which also need to be maintained:
|
||||||
|
|
||||||
|
#### sing
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/sing)
|
||||||
|
|
||||||
|
As a base tool library, there are no dependencies other than `golang.org/x/sys`.
|
||||||
|
|
||||||
|
#### sing-dns
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/sing-dns)
|
||||||
|
|
||||||
|
Handles DNS lookups and caching.
|
||||||
|
|
||||||
|
#### sing-tun
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/sing-tun)
|
||||||
|
|
||||||
|
Handle Tun traffic forwarding, configure routing, monitor network and routing.
|
||||||
|
|
||||||
|
This library needs to periodically update its dependency gVisor (according to tags), including checking for changes to
|
||||||
|
the used parts of the code and updating its usage. If you are involved in maintenance, you also need to check that if it
|
||||||
|
works or contains memory leaks.
|
||||||
|
|
||||||
|
#### sing-shadowsocks
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/sing-shadowsocks)
|
||||||
|
|
||||||
|
Provides Shadowsocks client and server
|
||||||
|
|
||||||
|
#### sing-vmess
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/sing-vmess)
|
||||||
|
|
||||||
|
Provides VMess client and server
|
||||||
|
|
||||||
|
#### netlink
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/netlink)
|
||||||
|
|
||||||
|
Fork of `vishvananda/netlink`, with some rule fixes.
|
||||||
|
|
||||||
|
The library needs to be updated with the upstream.
|
||||||
|
|
||||||
|
#### quic-go
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/quic-go)
|
||||||
|
|
||||||
|
Fork of `lucas-clemente/quic-go` and `HyNetwork/quic-go`, contains quic flow control and other fixes used by Hysteria.
|
||||||
|
|
||||||
|
Since the author of Hysteria does not follow the upstream updates in time, and the provided fork needs to use replace,
|
||||||
|
we need to do this.
|
||||||
|
|
||||||
|
The library needs to be updated with the upstream.
|
||||||
|
|
||||||
|
#### smux
|
||||||
|
|
||||||
|
Link: [GitHub repository](https://github.com/SagerNet/smux)
|
||||||
|
|
||||||
|
Fork of `xtaci/smux`
|
||||||
|
|
||||||
|
Modify the code to support the writev it uses internally and unify the buffer pool, which prevents it from allocating
|
||||||
|
64k buffers for per connection and improves performance.
|
||||||
|
|
||||||
|
Upstream doesn't seem to be updated anymore, maybe a replacement is needed.
|
||||||
|
|
||||||
|
Note: while yamux is still actively maintained and better known, it seems to be less performant.
|
||||||
@@ -1,6 +1,4 @@
|
|||||||
# :material-delete-alert: Deprecated Feature List
|
# Deprecated Feature List
|
||||||
|
|
||||||
### 1.6.0
|
|
||||||
|
|
||||||
The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
|
The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
|
||||||
|
|
||||||
|
|||||||
@@ -1,13 +0,0 @@
|
|||||||
# :material-delete-alert: 废弃功能列表
|
|
||||||
|
|
||||||
### 1.6.0
|
|
||||||
|
|
||||||
下列功能已在 1.5.0 中标记为已弃用,并在 1.6.0 中完全删除。
|
|
||||||
|
|
||||||
#### ShadowsocksR
|
|
||||||
|
|
||||||
ShadowsocksR 支持从未默认启用,自从常用的黑产代理销售面板停止使用该协议,继续维护它是没有意义的。
|
|
||||||
|
|
||||||
#### Proxy Protocol
|
|
||||||
|
|
||||||
Proxy Protocol 支持由 Pull Request 添加,存在问题且仅由 HTTP 多路复用器(如 nginx)的后端使用,具有侵入性,对于代理目的毫无意义。
|
|
||||||
52
docs/examples/clash-api.md
Normal file
52
docs/examples/clash-api.md
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"domain": [
|
||||||
|
"clash.razord.top",
|
||||||
|
"yacd.haishan.me"
|
||||||
|
],
|
||||||
|
"server": "local"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"clash_mode": "direct",
|
||||||
|
"server": "local"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "selector",
|
||||||
|
"tag": "default",
|
||||||
|
"outbounds": [
|
||||||
|
"proxy-a",
|
||||||
|
"proxy-b"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"clash_mode": "direct",
|
||||||
|
"outbound": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"domain": [
|
||||||
|
"clash.razord.top",
|
||||||
|
"yacd.haishan.me"
|
||||||
|
],
|
||||||
|
"outbound": "direct"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"final": "default"
|
||||||
|
},
|
||||||
|
"experimental": {
|
||||||
|
"clash_api": {
|
||||||
|
"external_controller": "127.0.0.1:9090",
|
||||||
|
"store_selected": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
65
docs/examples/dns-hijack.md
Normal file
65
docs/examples/dns-hijack.md
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
#### Sniff Mode
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"sniff": true // required
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Port Mode
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"sniff": true // not required
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"port": 53,
|
||||||
|
"outbound": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
65
docs/examples/dns-hijack.zh.md
Normal file
65
docs/examples/dns-hijack.zh.md
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
#### 探测模式
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"sniff": true // 必须
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 端口模式
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"sniff": true // 非必须
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"port": 53,
|
||||||
|
"outbound": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
106
docs/examples/fakeip.md
Normal file
106
docs/examples/fakeip.md
Normal file
@@ -0,0 +1,106 @@
|
|||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"tag": "google",
|
||||||
|
"address": "tls://8.8.8.8"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "local",
|
||||||
|
"address": "223.5.5.5",
|
||||||
|
"detour": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "remote",
|
||||||
|
"address": "fakeip"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "block",
|
||||||
|
"address": "rcode://success"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"geosite": "category-ads-all",
|
||||||
|
"server": "block",
|
||||||
|
"disable_cache": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"outbound": "any",
|
||||||
|
"server": "local"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "cn",
|
||||||
|
"server": "local"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"query_type": [
|
||||||
|
"A",
|
||||||
|
"AAAA"
|
||||||
|
],
|
||||||
|
"server": "remote"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"fakeip": {
|
||||||
|
"enabled": true,
|
||||||
|
"inet4_range": "198.18.0.0/15",
|
||||||
|
"inet6_range": "fc00::/18"
|
||||||
|
},
|
||||||
|
"independent_cache": true,
|
||||||
|
"strategy": "ipv4_only"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"sniff": true,
|
||||||
|
"domain_strategy": "ipv4_only" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"tag": "proxy",
|
||||||
|
"server": "mydomain.com",
|
||||||
|
"server_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "direct",
|
||||||
|
"tag": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "block",
|
||||||
|
"tag": "block"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns-out"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "cn",
|
||||||
|
"geoip": [
|
||||||
|
"private",
|
||||||
|
"cn"
|
||||||
|
],
|
||||||
|
"outbound": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "category-ads-all",
|
||||||
|
"outbound": "block"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
106
docs/examples/fakeip.zh.md
Normal file
106
docs/examples/fakeip.zh.md
Normal file
@@ -0,0 +1,106 @@
|
|||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"tag": "google",
|
||||||
|
"address": "tls://8.8.8.8"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "local",
|
||||||
|
"address": "223.5.5.5",
|
||||||
|
"detour": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "remote",
|
||||||
|
"address": "fakeip"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "block",
|
||||||
|
"address": "rcode://success"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"geosite": "category-ads-all",
|
||||||
|
"server": "block",
|
||||||
|
"disable_cache": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"outbound": "any",
|
||||||
|
"server": "local"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "cn",
|
||||||
|
"server": "local"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"query_type": [
|
||||||
|
"A",
|
||||||
|
"AAAA"
|
||||||
|
],
|
||||||
|
"server": "remote"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"fakeip": {
|
||||||
|
"enabled": true,
|
||||||
|
"inet4_range": "198.18.0.0/15",
|
||||||
|
"inet6_range": "fc00::/18"
|
||||||
|
},
|
||||||
|
"independent_cache": true,
|
||||||
|
"strategy": "ipv4_only"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"sniff": true,
|
||||||
|
"domain_strategy": "ipv4_only" // 如果您想在远程解析域,删除此行 (如果服务器程序不为 sing-box,可能由于错误的行为导致 UDP 无法使用)。
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"tag": "proxy",
|
||||||
|
"server": "mydomain.com",
|
||||||
|
"server_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "direct",
|
||||||
|
"tag": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "block",
|
||||||
|
"tag": "block"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns-out"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "cn",
|
||||||
|
"geoip": [
|
||||||
|
"private",
|
||||||
|
"cn"
|
||||||
|
],
|
||||||
|
"outbound": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "category-ads-all",
|
||||||
|
"outbound": "block"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
11
docs/examples/index.md
Normal file
11
docs/examples/index.md
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
# Examples
|
||||||
|
|
||||||
|
Configuration examples for sing-box.
|
||||||
|
|
||||||
|
* [Linux Server Installation](./linux-server-installation)
|
||||||
|
* [Tun](./tun)
|
||||||
|
* [DNS Hijack](./dns-hijack.md)
|
||||||
|
* [Shadowsocks](./shadowsocks)
|
||||||
|
* [ShadowTLS](./shadowtls)
|
||||||
|
* [Clash API](./clash-api)
|
||||||
|
* [FakeIP](./fakeip)
|
||||||
11
docs/examples/index.zh.md
Normal file
11
docs/examples/index.zh.md
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
# 示例
|
||||||
|
|
||||||
|
sing-box 的配置示例。
|
||||||
|
|
||||||
|
* [Linux 服务器安装](./linux-server-installation)
|
||||||
|
* [Tun](./tun)
|
||||||
|
* [DNS 劫持](./dns-hijack.md)
|
||||||
|
* [Shadowsocks](./shadowsocks)
|
||||||
|
* [ShadowTLS](./shadowtls)
|
||||||
|
* [Clash API](./clash-api)
|
||||||
|
* [FakeIP](./fakeip)
|
||||||
38
docs/examples/linux-server-installation.md
Normal file
38
docs/examples/linux-server-installation.md
Normal file
@@ -0,0 +1,38 @@
|
|||||||
|
#### Requirements
|
||||||
|
|
||||||
|
* Linux & Systemd
|
||||||
|
* Git
|
||||||
|
* C compiler environment
|
||||||
|
|
||||||
|
#### Install
|
||||||
|
|
||||||
|
```shell
|
||||||
|
git clone -b main https://github.com/SagerNet/sing-box
|
||||||
|
cd sing-box
|
||||||
|
./release/local/install_go.sh # skip if you have golang already installed
|
||||||
|
./release/local/install.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Edit configuration file in `/usr/local/etc/sing-box/config.json`
|
||||||
|
|
||||||
|
```shell
|
||||||
|
./release/local/enable.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Update
|
||||||
|
|
||||||
|
```shell
|
||||||
|
./release/local/update.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Other commands
|
||||||
|
|
||||||
|
| Operation | Command |
|
||||||
|
|-----------|-----------------------------------------------|
|
||||||
|
| Start | `sudo systemctl start sing-box` |
|
||||||
|
| Stop | `sudo systemctl stop sing-box` |
|
||||||
|
| Kill | `sudo systemctl kill sing-box` |
|
||||||
|
| Restart | `sudo systemctl restart sing-box` |
|
||||||
|
| Logs | `sudo journalctl -u sing-box --output cat -e` |
|
||||||
|
| New Logs | `sudo journalctl -u sing-box --output cat -f` |
|
||||||
|
| Uninstall | `./release/local/uninstall.sh` |
|
||||||
38
docs/examples/linux-server-installation.zh.md
Normal file
38
docs/examples/linux-server-installation.zh.md
Normal file
@@ -0,0 +1,38 @@
|
|||||||
|
#### 依赖
|
||||||
|
|
||||||
|
* Linux & Systemd
|
||||||
|
* Git
|
||||||
|
* C 编译器环境
|
||||||
|
|
||||||
|
#### 安装
|
||||||
|
|
||||||
|
```shell
|
||||||
|
git clone -b main https://github.com/SagerNet/sing-box
|
||||||
|
cd sing-box
|
||||||
|
./release/local/install_go.sh # 如果已安装 golang 则跳过
|
||||||
|
./release/local/install.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
编辑配置文件 `/usr/local/etc/sing-box/config.json`
|
||||||
|
|
||||||
|
```shell
|
||||||
|
./release/local/enable.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 更新
|
||||||
|
|
||||||
|
```shell
|
||||||
|
./release/local/update.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 其他命令
|
||||||
|
|
||||||
|
| 操作 | 命令 |
|
||||||
|
|------|-----------------------------------------------|
|
||||||
|
| 启动 | `sudo systemctl start sing-box` |
|
||||||
|
| 停止 | `sudo systemctl stop sing-box` |
|
||||||
|
| 强制停止 | `sudo systemctl kill sing-box` |
|
||||||
|
| 重启 | `sudo systemctl restart sing-box` |
|
||||||
|
| 查看日志 | `sudo journalctl -u sing-box --output cat -e` |
|
||||||
|
| 实时日志 | `sudo journalctl -u sing-box --output cat -f` |
|
||||||
|
| 卸载 | `./release/local/uninstall.sh` |
|
||||||
163
docs/examples/shadowsocks.md
Normal file
163
docs/examples/shadowsocks.md
Normal file
@@ -0,0 +1,163 @@
|
|||||||
|
# Shadowsocks
|
||||||
|
|
||||||
|
!!! warning ""
|
||||||
|
|
||||||
|
For censorship bypass usage in China, we recommend using UDP over TCP and disabling UDP on the server.
|
||||||
|
|
||||||
|
## Single User
|
||||||
|
|
||||||
|
#### Server
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 8080,
|
||||||
|
"network": "tcp",
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Client
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 2080
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"server": "127.0.0.1",
|
||||||
|
"server_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||||
|
"udp_over_tcp": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
## Multiple Users
|
||||||
|
|
||||||
|
#### Server
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"name": "sekai",
|
||||||
|
"password": "BXYxVUXJ9NgF7c7KPLQjkg=="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Client
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 2080
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"server": "127.0.0.1",
|
||||||
|
"server_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg=="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
## Relay
|
||||||
|
|
||||||
|
#### Server
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Relay
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 8081,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "BXYxVUXJ9NgF7c7KPLQjkg==",
|
||||||
|
"destinations": [
|
||||||
|
{
|
||||||
|
"name": "my_server",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||||
|
"server": "127.0.0.1",
|
||||||
|
"server_port": 8080
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Client
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 2080
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"server": "127.0.0.1",
|
||||||
|
"server_port": 8081,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==:BXYxVUXJ9NgF7c7KPLQjkg=="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
```
|
||||||
70
docs/examples/shadowtls.md
Normal file
70
docs/examples/shadowtls.md
Normal file
@@ -0,0 +1,70 @@
|
|||||||
|
#### Server
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowtls",
|
||||||
|
"listen": "::",
|
||||||
|
"listen_port": 4443,
|
||||||
|
"version": 3,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"name": "sekai",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"handshake": {
|
||||||
|
"server": "google.com",
|
||||||
|
"server_port": 443
|
||||||
|
},
|
||||||
|
"detour": "shadowsocks-in"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"tag": "shadowsocks-in",
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"network": "tcp",
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Client
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||||
|
"detour": "shadowtls-out",
|
||||||
|
"multiplex": {
|
||||||
|
"enabled": true,
|
||||||
|
"max_connections": 4,
|
||||||
|
"min_streams": 4
|
||||||
|
}
|
||||||
|
// or "udp_over_tcp": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shadowtls",
|
||||||
|
"tag": "shadowtls-out",
|
||||||
|
"server": "127.0.0.1",
|
||||||
|
"server_port": 4443,
|
||||||
|
"version": 3,
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg==",
|
||||||
|
"tls": {
|
||||||
|
"enabled": true,
|
||||||
|
"server_name": "google.com",
|
||||||
|
"utls": {
|
||||||
|
"enabled": true,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
89
docs/examples/tun.md
Normal file
89
docs/examples/tun.md
Normal file
@@ -0,0 +1,89 @@
|
|||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"tag": "google",
|
||||||
|
"address": "tls://8.8.8.8"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "local",
|
||||||
|
"address": "223.5.5.5",
|
||||||
|
"detour": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "block",
|
||||||
|
"address": "rcode://success"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"geosite": "category-ads-all",
|
||||||
|
"server": "block",
|
||||||
|
"disable_cache": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"outbound": "any",
|
||||||
|
"server": "local"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "cn",
|
||||||
|
"server": "local"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"strategy": "ipv4_only"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "tun",
|
||||||
|
"inet4_address": "172.19.0.1/30",
|
||||||
|
"auto_route": true,
|
||||||
|
"strict_route": false,
|
||||||
|
"sniff": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "shadowsocks",
|
||||||
|
"tag": "proxy",
|
||||||
|
"server": "mydomain.com",
|
||||||
|
"server_port": 8080,
|
||||||
|
"method": "2022-blake3-aes-128-gcm",
|
||||||
|
"password": "8JCsPssfgS8tiRwiMlhARg=="
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "direct",
|
||||||
|
"tag": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "block",
|
||||||
|
"tag": "block"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "dns",
|
||||||
|
"tag": "dns-out"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns-out"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "cn",
|
||||||
|
"geoip": [
|
||||||
|
"private",
|
||||||
|
"cn"
|
||||||
|
],
|
||||||
|
"outbound": "direct"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"geosite": "category-ads-all",
|
||||||
|
"outbound": "block"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"auto_detect_interface": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
19
docs/faq/fakeip.md
Normal file
19
docs/faq/fakeip.md
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
# FakeIP
|
||||||
|
|
||||||
|
FakeIP refers to a type of behavior in a program that simultaneously hijacks both DNS and connection requests. It
|
||||||
|
responds to DNS requests with virtual results and restores mapping when accepting connections.
|
||||||
|
|
||||||
|
#### Advantage
|
||||||
|
|
||||||
|
*
|
||||||
|
|
||||||
|
#### Limitation
|
||||||
|
|
||||||
|
* Its mechanism breaks applications that depend on returning correct remote addresses.
|
||||||
|
* Only A and AAAA (IP) requests are supported, which may break applications that rely on other requests.
|
||||||
|
|
||||||
|
#### Recommendation
|
||||||
|
|
||||||
|
* Enable `dns.independent_cache` unless you always resolve FakeIP domains remotely.
|
||||||
|
* If using tun, make sure FakeIP ranges is included in the tun's routes.
|
||||||
|
* Enable `experimental.clash_api.store_fakeip` to persist FakeIP records, or use `dns.rules.rewrite_ttl` to avoid losing records after program restart in DNS cached environments.
|
||||||
18
docs/faq/fakeip.zh.md
Normal file
18
docs/faq/fakeip.zh.md
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
# FakeIP
|
||||||
|
|
||||||
|
FakeIP 是指同时劫持 DNS 和连接请求的程序中的一种行为。它通过虚拟结果响应 DNS 请求,在接受连接时恢复映射。
|
||||||
|
|
||||||
|
#### 优点
|
||||||
|
|
||||||
|
*
|
||||||
|
|
||||||
|
#### 限制
|
||||||
|
|
||||||
|
* 它的机制会破坏依赖于返回正确远程地址的应用程序。
|
||||||
|
* 仅支持 A 和 AAAA(IP)请求,这可能会破坏依赖于其他请求的应用程序。
|
||||||
|
|
||||||
|
#### 建议
|
||||||
|
|
||||||
|
* 启用 `dns.independent_cache` 除非您始终远程解析 FakeIP 域。
|
||||||
|
* 如果使用 tun,请确保 tun 路由中包含 FakeIP 地址范围。
|
||||||
|
* 启用 `experimental.clash_api.store_fakeip` 以持久化 FakeIP 记录,或者使用 `dns.rules.rewrite_ttl` 避免程序重启后在 DNS 被缓存的环境中丢失记录。
|
||||||
58
docs/faq/index.md
Normal file
58
docs/faq/index.md
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
# Frequently Asked Questions (FAQ)
|
||||||
|
|
||||||
|
## Design
|
||||||
|
|
||||||
|
#### Why does sing-box not have feature X?
|
||||||
|
|
||||||
|
Every program contains novel features and omits someone's favorite feature. sing-box is designed with an eye to the
|
||||||
|
needs of performance, lightweight, usability, modularity, and code quality. Your favorite feature may be missing because
|
||||||
|
it doesn't fit, because it compromises performance or design clarity, or because it's a bad idea.
|
||||||
|
|
||||||
|
If it bothers you that sing-box is missing feature X, please forgive us and investigate the features that sing-box does
|
||||||
|
have. You might find that they compensate in interesting ways for the lack of X.
|
||||||
|
|
||||||
|
#### Naive outbound
|
||||||
|
|
||||||
|
NaïveProxy's main function is chromium's network stack, and it makes no sense to implement only its transport protocol.
|
||||||
|
|
||||||
|
#### Protocol combinations
|
||||||
|
|
||||||
|
The "underlying transport" in v2ray-core is actually a combination of a number of proprietary protocols and uses the
|
||||||
|
names of their upstream protocols, resulting in a great deal of Linguistic corruption.
|
||||||
|
|
||||||
|
For example, Trojan with v2ray's proprietary gRPC protocol, called Trojan gRPC by the v2ray community, is not actually a
|
||||||
|
protocol and has no role outside of abusing CDNs.
|
||||||
|
|
||||||
|
## Tun
|
||||||
|
|
||||||
|
#### What is tun?
|
||||||
|
|
||||||
|
tun is a virtual network device in unix systems, and in windows there is wintun developed by WireGuard as an
|
||||||
|
alternative. The tun module of sing-box includes traffic processing, automatic routing, and network device listening,
|
||||||
|
and is mainly used as a transparent proxy.
|
||||||
|
|
||||||
|
#### How is it different from system proxy?
|
||||||
|
|
||||||
|
System proxy usually only supports TCP and is not accepted by all applications, but tun can handle all traffic.
|
||||||
|
|
||||||
|
#### How is it different from traditional transparent proxy?
|
||||||
|
|
||||||
|
They are usually only supported under Linux and require manipulation of firewalls like iptables, while tun only modifies
|
||||||
|
the routing table.
|
||||||
|
|
||||||
|
The tproxy UDP is considered to have poor performance due to the need to create a new connection every write back in
|
||||||
|
v2ray and clash, but it is optimized in sing-box so you can still use it if needed.
|
||||||
|
|
||||||
|
#### How does it handle DNS?
|
||||||
|
|
||||||
|
In traditional transparent proxies, it is usually necessary to manually hijack port 53 to the DNS proxy server, while
|
||||||
|
tun is more flexible.
|
||||||
|
|
||||||
|
sing-box's `auto_route` will hijack all DNS requests except on [macOS and Android](./known-issues#dns).
|
||||||
|
|
||||||
|
You need to manually configure how to handle tun hijacked DNS traffic, see [Hijack DNS](/examples/dns-hijack).
|
||||||
|
|
||||||
|
#### Why I can't use it with other local proxies (e.g. via socks)?
|
||||||
|
|
||||||
|
Tun will hijack all traffic, including other proxy applications. In order to make tun work with other applications, you
|
||||||
|
need to create an inbound to proxy traffic from other applications or make them bypass the route.
|
||||||
50
docs/faq/index.zh.md
Normal file
50
docs/faq/index.zh.md
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
# 常见问题
|
||||||
|
|
||||||
|
## 设计
|
||||||
|
|
||||||
|
#### 为什么 sing-box 没有功能 X?
|
||||||
|
|
||||||
|
每个程序都包含新颖的功能并省略了某人最喜欢的功能。 sing-box 的设计着眼于高性能、轻量、可用性、模块化和代码质量的需求。
|
||||||
|
您最喜欢的功能可能会丢失,因为它不适合,因为它会影响性能或设计清晰度,或者因为它是一个坏主意。
|
||||||
|
|
||||||
|
如果 sing-box 缺少功能 X 让您感到困扰,请原谅我们并调查 sing-box 确实有的功能。 您可能会发现它们以有趣的方式弥补了 X 的缺失。
|
||||||
|
|
||||||
|
#### Naive 出站
|
||||||
|
|
||||||
|
NaïveProxy 的主要功能是 chromium 的网络栈,仅实现它的传输协议是舍本逐末的。
|
||||||
|
|
||||||
|
#### 协议组合
|
||||||
|
|
||||||
|
v2ray-core 中的 "底层传输协议" 实际上是一些专有协议的组合,并使用其上游协议的名称,造成了大量的语言腐败。
|
||||||
|
|
||||||
|
例如,v2ray 社区将 v2ray 专有的 gRPC 协议称为 Trojan gRPC,其实并不是一个 协议,在滥用 CDN 之外没有任何作用。
|
||||||
|
|
||||||
|
## Tun
|
||||||
|
|
||||||
|
#### 什么是 tun?
|
||||||
|
|
||||||
|
tun 是 unix 系统中的虚拟网络设备,在 windows 中有 WireGuard 开发的 wintun 作为替代。
|
||||||
|
sing-box 的 tun 模块包括流量处理、自动路由和网络设备监听,并主要用作透明代理。
|
||||||
|
|
||||||
|
#### 它与系统代理有什么不同?
|
||||||
|
|
||||||
|
系统代理通常只支持 TCP,且不被所有应用程序接受,但 tun 可以处理所有流量。
|
||||||
|
|
||||||
|
#### 它与传统的透明代理有什么不同?
|
||||||
|
|
||||||
|
它们通常仅支持 Linux,并且需要操作防火墙像 iptables,而 tun 仅修改路由表。
|
||||||
|
|
||||||
|
tproxy UDP 被认为性能很差,因为在 v2ray 和 clash 中每次回写都需要创建一个新连接,但 sing-box 进行了优化,因此您仍然可以在需要时使用它。
|
||||||
|
|
||||||
|
#### 它如何处理 DNS?
|
||||||
|
|
||||||
|
在传统的透明代理中,通常需要手动劫持 53 端口到 DNS 代理服务器,而 tun 更灵活。
|
||||||
|
|
||||||
|
sing-box 的 `auto_route` 将劫持所有 DNS 请求,除了 [特殊情况](./known-issues#dns)。
|
||||||
|
|
||||||
|
您需要手动配置以处理 tun 劫持的 DNS 流量,请参阅 [DNS劫持](/zh/examples/dns-hijack)。
|
||||||
|
|
||||||
|
#### 为什么我不能将它与其他本地代理一起使用(例如通过 socks)?
|
||||||
|
|
||||||
|
tun 将劫持所有流量,包括其他代理应用程序。
|
||||||
|
为了使 tun 与其他应用程序一起工作,您需要创建入站以代理来自其他程序的流量或让它们绕过路由。
|
||||||
20
docs/faq/known-issues.md
Normal file
20
docs/faq/known-issues.md
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
#### DNS
|
||||||
|
|
||||||
|
##### on macOS
|
||||||
|
|
||||||
|
`auto-route` cannot automatically hijack DNS requests sent to the LAN, so it's need to manually set DNS to servers on
|
||||||
|
the public internet.
|
||||||
|
|
||||||
|
##### on Android
|
||||||
|
|
||||||
|
`auto-route` cannot automatically hijack DNS requests when Android's `Private DNS` enabled or `strict_route` disabled.
|
||||||
|
|
||||||
|
#### System proxy
|
||||||
|
|
||||||
|
##### on Linux
|
||||||
|
|
||||||
|
Usually only browsers and GNOME applications accept GNOME proxy settings.
|
||||||
|
|
||||||
|
##### on Android
|
||||||
|
|
||||||
|
With the system proxy enabled, some applications will error out (usually from China).
|
||||||
19
docs/faq/known-issues.zh.md
Normal file
19
docs/faq/known-issues.zh.md
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
#### DNS
|
||||||
|
|
||||||
|
##### macOS
|
||||||
|
|
||||||
|
`auto-route` 无法自动劫持发往局域网的 DNS 请求,需要手动设置位于公网的 DNS 服务器。
|
||||||
|
|
||||||
|
##### Android
|
||||||
|
|
||||||
|
`auto-route` 无法自动劫持 DNS 请求如果 `私人 DNS` 开启或 `strict_route` 禁用。
|
||||||
|
|
||||||
|
#### 系统代理
|
||||||
|
|
||||||
|
##### Linux
|
||||||
|
|
||||||
|
通常只有浏览器和 GNOME 应用程序接受 GNOME 代理设置。
|
||||||
|
|
||||||
|
##### Android
|
||||||
|
|
||||||
|
启用系统代理后,某些应用程序会出错(通常来自中国)。
|
||||||
121
docs/features.md
Normal file
121
docs/features.md
Normal file
@@ -0,0 +1,121 @@
|
|||||||
|
#### Server
|
||||||
|
|
||||||
|
| Feature | v2ray-core | clash |
|
||||||
|
|------------------------------------------------------------|------------|-------|
|
||||||
|
| Direct inbound | ✔ | X |
|
||||||
|
| SOCKS4a inbound | ✔ | X |
|
||||||
|
| Mixed (http/socks) inbound | X | ✔ |
|
||||||
|
| Shadowsocks AEAD 2022 single-user/multi-user/relay inbound | X | X |
|
||||||
|
| VMess/Trojan inbound | ✔ | X |
|
||||||
|
| Naive/Hysteria inbound | X | X |
|
||||||
|
| Resolve incoming domain names using custom policy | X | X |
|
||||||
|
| Set system proxy on Windows/Linux/macOS/Android | X | X |
|
||||||
|
| TLS certificate auto reload | X | X |
|
||||||
|
| TLS ACME certificate issuer | X | X |
|
||||||
|
|
||||||
|
#### Client
|
||||||
|
|
||||||
|
| Feature | v2ray-core | clash |
|
||||||
|
|--------------------------------------------------------|------------------------------------|----------|
|
||||||
|
| Set upstream client (proxy chain) | TCP only, and has poor performance | TCP only |
|
||||||
|
| Bind to network interface | Linux only | ✔ |
|
||||||
|
| Custom dns strategy for resolving server address | X | X |
|
||||||
|
| Fast fallback (RFC 6555) support for connect to server | X | X |
|
||||||
|
| SOCKS4/4a outbound | added by me | X |
|
||||||
|
| Shadowsocks AEAD 2022 outbound | X | X |
|
||||||
|
| Shadowsocks UDP over TCP | X | X |
|
||||||
|
| Multiplex (smux/yamux) | mux.cool | X |
|
||||||
|
| Tor/WireGuard/Hysteria outbound | X | X |
|
||||||
|
| Selector outbound and Clash API | X | ✔ |
|
||||||
|
|
||||||
|
#### Sniffing
|
||||||
|
|
||||||
|
| Protocol | v2ray-core | clash-premium |
|
||||||
|
|------------------|-------------|---------------|
|
||||||
|
| HTTP Host | ✔ | X |
|
||||||
|
| QUIC ClientHello | added by me | added by me |
|
||||||
|
| STUN | X | X |
|
||||||
|
|
||||||
|
| Feature | v2ray-core | clash-premium |
|
||||||
|
|-----------------------------------------|---------------------------|---------------|
|
||||||
|
| For routing only | added by me | X |
|
||||||
|
| No performance impact (like TCP splice) | no general splice support | X |
|
||||||
|
| Set separately for each server | ✔ | X |
|
||||||
|
|
||||||
|
#### Routing
|
||||||
|
|
||||||
|
| Feature | v2ray-core | clash-premium |
|
||||||
|
|----------------------------|------------|---------------|
|
||||||
|
| Auto detect interface | X | tun only |
|
||||||
|
| Set default interface name | X | tun only |
|
||||||
|
| Set default firewall mark | X | X |
|
||||||
|
|
||||||
|
#### Routing Rule
|
||||||
|
|
||||||
|
| Rule | v2ray-core | clash |
|
||||||
|
|----------------------|----------------------------|-------|
|
||||||
|
| Inbound | ✔ | X |
|
||||||
|
| IP Version | X | X |
|
||||||
|
| User from inbound | vmess and shadowsocks only | X |
|
||||||
|
| Sniffed protocol | ✔ | X |
|
||||||
|
| GeoSite | ✔ | X |
|
||||||
|
| Process name | X | ✔ |
|
||||||
|
| Android package name | X | X |
|
||||||
|
| Linux user/user id | X | X |
|
||||||
|
| Invert rule | X | X |
|
||||||
|
| Logical rule | X | X |
|
||||||
|
|
||||||
|
#### DNS
|
||||||
|
|
||||||
|
| Feature | v2ray-core | clash |
|
||||||
|
|------------------------------------|-------------|-------|
|
||||||
|
| DNS proxy | A/AAAA only | ✔ |
|
||||||
|
| DNS cache | A/AAAA only | X |
|
||||||
|
| DNS routing | X | X |
|
||||||
|
| DNS Over QUIC | ✔ | X |
|
||||||
|
| DNS Over HTTP3 | X | X |
|
||||||
|
| Fake dns response with custom code | X | X |
|
||||||
|
|
||||||
|
#### Tun
|
||||||
|
|
||||||
|
| Feature | clash-premium |
|
||||||
|
|-------------------------------------------|---------------|
|
||||||
|
| Full IPv6 support | X |
|
||||||
|
| Auto route on Linux/Windows/macOS/Android | ✔ |
|
||||||
|
| Embed windows driver | X |
|
||||||
|
| Custom address/mtu | X |
|
||||||
|
| Limit uid (Linux) in routing | X |
|
||||||
|
| Limit android user in routing | X |
|
||||||
|
| Limit android package in routing | X |
|
||||||
|
|
||||||
|
#### Memory usage
|
||||||
|
|
||||||
|
| GeoSite code | sing-box | v2ray-core |
|
||||||
|
|-------------------|----------|------------|
|
||||||
|
| cn | 17.8M | 140.3M |
|
||||||
|
| cn (Loyalsoldier) | 74.3M | 246.7M |
|
||||||
|
|
||||||
|
#### Benchmark
|
||||||
|
|
||||||
|
##### Shadowsocks
|
||||||
|
|
||||||
|
| / | none | aes-128-gcm | 2022-blake3-aes-128-gcm |
|
||||||
|
|------------------------------------|:---------:|:-----------:|:-----------------------:|
|
||||||
|
| v2ray-core (5.0.7) | 13.0 Gbps | 5.02 Gbps | / |
|
||||||
|
| shadowsocks-rust (v1.15.0-alpha.5) | 10.7 Gbps | / | 9.36 Gbps |
|
||||||
|
| sing-box | 29.0 Gbps | / | 11.8 Gbps |
|
||||||
|
|
||||||
|
##### VMess
|
||||||
|
|
||||||
|
| / | TCP | HTTP | H2 TLS | WebSocket TLS | gRPC TLS |
|
||||||
|
|--------------------|:---------:|:---------:|:---------:|:-------------:|:---------:|
|
||||||
|
| v2ray-core (5.1.0) | 7.86 GBps | 2.86 Gbps | 1.83 Gbps | 2.36 Gbps | 2.43 Gbps |
|
||||||
|
| sing-box | 7.96 Gbps | 8.09 Gbps | 6.11 Gbps | 8.02 Gbps | 6.35 Gbps |
|
||||||
|
|
||||||
|
#### License
|
||||||
|
|
||||||
|
| / | License |
|
||||||
|
|------------|-----------------------------------|
|
||||||
|
| sing-box | GPLv3 or later (Full open-source) |
|
||||||
|
| v2ray-core | MIT (Full open-source) |
|
||||||
|
| clash | GPLv3 |
|
||||||
@@ -2,7 +2,7 @@
|
|||||||
description: Welcome to the wiki page for the sing-box project.
|
description: Welcome to the wiki page for the sing-box project.
|
||||||
---
|
---
|
||||||
|
|
||||||
# :material-home: Home
|
# Home
|
||||||
|
|
||||||
Welcome to the wiki page for the sing-box project.
|
Welcome to the wiki page for the sing-box project.
|
||||||
|
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user