update 2025-08-06 09:41:41
This commit is contained in:
actions-user
parent
f8fae4af0e
commit
36401818a0
@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=25.8.5
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
|
||||
|
||||
@ -1580,6 +1580,9 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
|
||||
queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || '');
|
||||
}
|
||||
}
|
||||
if ((!queryParam.security || queryParam.security == "") && queryParam.sni && queryParam.sni != "") {
|
||||
queryParam.security = "tls";
|
||||
}
|
||||
if (queryParam.security) {
|
||||
if (queryParam.security == "tls") {
|
||||
opt.set(dom_prefix + 'tls', true);
|
||||
|
||||
@ -1751,7 +1751,7 @@ msgid "Fragmentation interval (ms)"
|
||||
msgstr "分片间隔(ms)"
|
||||
|
||||
msgid "Split handshake data into multiple TLS records for better censorship evasion. Low overhead. Recommended to enable first."
|
||||
msgstr 将握手数据拆分为多个 TLS 记录,提升抗封锁能力,几乎不增加延迟,建议优先启用。"
|
||||
msgstr "将握手数据拆分为多个 TLS 记录,提升抗封锁能力,几乎不增加延迟,建议优先启用。"
|
||||
|
||||
msgid "Split handshake into multiple TCP segments. Enhances obfuscation. May increase delay. Use only if needed."
|
||||
msgstr "将 TLS 握手数据分为多个 TCP 包发送,提高伪装性,可能增加延迟,仅在封锁严重时使用。"
|
||||
|
||||
@ -280,7 +280,7 @@ do
|
||||
if node.balancing_node then
|
||||
for k, node in pairs(node.balancing_node) do
|
||||
currentNodes[#currentNodes + 1] = {
|
||||
log = false,
|
||||
log = true,
|
||||
node = node,
|
||||
currentNode = node and uci:get_all(appname, node) or nil,
|
||||
remarks = node,
|
||||
@ -328,7 +328,7 @@ do
|
||||
if node.urltest_node then
|
||||
for k, node in pairs(node.urltest_node) do
|
||||
currentNodes[#currentNodes + 1] = {
|
||||
log = false,
|
||||
log = true,
|
||||
node = node,
|
||||
currentNode = node and uci:get_all(appname, node) or nil,
|
||||
remarks = node,
|
||||
@ -1452,9 +1452,12 @@ local function processData(szType, content, add_mode, add_from)
|
||||
result.address = host_port
|
||||
end
|
||||
result.tls = "0"
|
||||
if (not params.security or params.security == "") and params.sni and params.sni ~= "" then
|
||||
params.security = "tls"
|
||||
end
|
||||
if params.security == "tls" or params.security == "reality" then
|
||||
result.tls = "1"
|
||||
result.tls_serverName = (params.sni and params.sni ~= "") and params.sni or params.host
|
||||
result.tls_serverName = params.sni
|
||||
result.alpn = params.alpn
|
||||
if params.fp and params.fp ~= "" then
|
||||
result.utls = "1"
|
||||
@ -1566,7 +1569,9 @@ local function select_node(nodes, config, parentConfig)
|
||||
if config.currentNode[".name"] then
|
||||
for index, node in pairs(nodes) do
|
||||
if node[".name"] == config.currentNode[".name"] then
|
||||
log('更新【' .. config.remarks .. '】匹配节点:' .. node.remarks)
|
||||
if config.log == nil or config.log == true then
|
||||
log('更新【' .. config.remarks .. '】匹配节点:' .. node.remarks)
|
||||
end
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
@ -1734,6 +1739,9 @@ local function update_node(manual)
|
||||
|
||||
for _, config in pairs(CONFIG) do
|
||||
if config.currentNodes and #config.currentNodes > 0 then
|
||||
if config.remarks and config.currentNodes[1].log ~= false then
|
||||
log('----【' .. config.remarks .. '】----')
|
||||
end
|
||||
for kk, vv in pairs(config.currentNodes) do
|
||||
select_node(nodes, vv, config)
|
||||
end
|
||||
|
||||
@ -9,7 +9,7 @@ PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
|
||||
PKG_SOURCE_VERSION:=v1.19.12
|
||||
PKG_MIRROR_HASH:=de065d6eb33b84b660d3ecaaee3359c991307ab42345c70e82c5ce65c1ae329e
|
||||
PKG_MIRROR_HASH:=9ca38753d1b76268892cbf22e7d0f1348f58c0c6cff7305e87e41ea8193aba55
|
||||
|
||||
PKG_LICENSE:=GPL3.0+
|
||||
PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
|
||||
|
||||
@ -1,28 +1,25 @@
|
||||
# Mixin File
|
||||
# You can set any mihomo profile's config at here, it will mixin to the profile.
|
||||
# Mixin file have lower priority than the LuCI mixin options.
|
||||
#
|
||||
# Mihomo's Wiki: https://wiki.metacubex.one
|
||||
#
|
||||
# For example:
|
||||
#
|
||||
# global-client-fingerprint: chrome # set fingerprint for TLS transport
|
||||
# experimental: # experimental config
|
||||
# quic-go-disable-gso: false # disable quic-go GSO support
|
||||
# quic-go-disable-ecn: false # disable quic-go ECN support
|
||||
# dialer-ip4p-convert: false # IP4P support
|
||||
# proxies: # overwrite proxies
|
||||
# listeners: # overwrite listeners
|
||||
# - name: shadowsocks
|
||||
# type: shadowsocks
|
||||
# listen: "::"
|
||||
# port: 12060
|
||||
# nikki-proxies: # prepend proxies
|
||||
# - name: "PROXY"
|
||||
# type: ss
|
||||
# server: proxy.example.com
|
||||
# port: 443
|
||||
# cipher: chacha20-ietf-poly1305
|
||||
# password: "password"
|
||||
# rules: # overwrite rules
|
||||
# - DOMAIN,google.com,PROXY
|
||||
# - DOMAIN-SUFFIX,google.com,PROXY
|
||||
# - DOMAIN-KEYWORD,google,PROXY
|
||||
# - DOMAIN-REGEX,^google.*com,PROXY
|
||||
# - GEOSITE,google,PROXY
|
||||
# - GEOSITE,cn,DIRECT
|
||||
# - IP-CIDR,8.8.8.8/32,DIRECT,no-resolve
|
||||
# - GEOIP,telegram,DIRECT
|
||||
# - GEOIP,cn,DIRECT
|
||||
# - Match,PROXY
|
||||
# nikki-rules: # prepend rules
|
||||
# - DOMAIN,direct.example.com,DIRECT
|
||||
# - DOMAIN-SUFFIX,proxy.example.com,PROXY
|
||||
@ -139,9 +139,9 @@ start_service() {
|
||||
yq -M -i 'del(.sniffer.sniff)' "$RUN_PROFILE_PATH"
|
||||
fi
|
||||
if [ "$mixin_file_content" = 0 ]; then
|
||||
ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" -
|
||||
ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .proxies = .nikki-proxies + .proxies | del(.nikki-proxies) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" -
|
||||
elif [ "$mixin_file_content" = 1 ]; then
|
||||
ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" "$MIXIN_FILE_PATH" -
|
||||
ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .proxies = .nikki-proxies + .proxies | del(.nikki-proxies) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" "$MIXIN_FILE_PATH" -
|
||||
fi
|
||||
fi
|
||||
# test profile
|
||||
|
||||
@ -23,9 +23,8 @@ PKG_CONFIG_DEPENDS:= \
|
||||
CONFIG_SING_BOX_BUILD_EMBEDDED_TOR \
|
||||
CONFIG_SING_BOX_BUILD_GRPC \
|
||||
CONFIG_SING_BOX_BUILD_GVISOR \
|
||||
CONFIG_SING_BOX_BUILD_LWIP \
|
||||
CONFIG_SING_BOX_BUILD_QUIC \
|
||||
CONFIG_SING_BOX_BUILD_REALITY_SERVER \
|
||||
CONFIG_SING_BOX_BUILD_TAILSCALE \
|
||||
CONFIG_SING_BOX_BUILD_UTLS \
|
||||
CONFIG_SING_BOX_BUILD_V2RAY_API \
|
||||
CONFIG_SING_BOX_BUILD_WIREGUARD
|
||||
@ -51,14 +50,20 @@ define Package/sing-box
|
||||
+ca-bundle \
|
||||
+kmod-inet-diag \
|
||||
+kmod-netlink-diag \
|
||||
+(SING_BOX_BUILD_GVISOR||SING_BOX_BUILD_LWIP):kmod-tun
|
||||
+SING_BOX_BUILD_GVISOR:kmod-tun
|
||||
USERID:=sing-box=5566:sing-box=5566
|
||||
endef
|
||||
|
||||
define Package/sing-box/description
|
||||
Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks,
|
||||
ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
|
||||
endef
|
||||
|
||||
define Package/sing-box/config
|
||||
if PACKAGE_sing-box
|
||||
config SING_BOX_BUILD_ACME
|
||||
bool "Build with ACME TLS certificate issuer support"
|
||||
default y
|
||||
|
||||
config SING_BOX_BUILD_CLASH_API
|
||||
bool "Build with Clash API support"
|
||||
@ -69,6 +74,7 @@ define Package/sing-box/config
|
||||
|
||||
config SING_BOX_BUILD_EMBEDDED_TOR
|
||||
bool "Build with embedded Tor support"
|
||||
depends on BROKEN
|
||||
|
||||
config SING_BOX_BUILD_GRPC
|
||||
bool "Build with standard gPRC support"
|
||||
@ -79,9 +85,6 @@ define Package/sing-box/config
|
||||
bool "Build with gVisor support"
|
||||
default y
|
||||
|
||||
config SING_BOX_BUILD_LWIP
|
||||
bool "Build with LWIP Tun stack support"
|
||||
|
||||
config SING_BOX_BUILD_QUIC
|
||||
bool "Build with QUIC support"
|
||||
default y
|
||||
@ -89,8 +92,9 @@ define Package/sing-box/config
|
||||
Required by HTTP3 DNS transports, Naive inbound,
|
||||
Hysteria inbound / outbound, and v2ray QUIC transport.
|
||||
|
||||
config SING_BOX_BUILD_REALITY_SERVER
|
||||
bool "Build with REALITY TLS server support"
|
||||
config SING_BOX_BUILD_TAILSCALE
|
||||
bool "Build with Tailscale support"
|
||||
default y
|
||||
|
||||
config SING_BOX_BUILD_UTLS
|
||||
bool "Build with uTLS support"
|
||||
@ -112,9 +116,8 @@ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_EMBEDDED_TOR),with_embedded_tor) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_GRPC),with_grpc) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_GVISOR),with_gvisor) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_LWIP),with_lwip) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_QUIC),with_quic) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_REALITY_SERVER),with_reality_server) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_TAILSCALE),with_tailscale) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_UTLS),with_utls) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_V2RAY_API),with_v2ray_api) \
|
||||
$(if $(CONFIG_SING_BOX_BUILD_WIREGUARD),with_wireguard) \
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
|
||||
config sing-box 'main'
|
||||
option enabled '0'
|
||||
option user 'sing-box'
|
||||
option user 'root'
|
||||
option conffile '/etc/sing-box/config.json'
|
||||
option workdir '/usr/share/sing-box'
|
||||
|
||||
# list ifaces 'wan'
|
||||
# list ifaces 'wan6'
|
||||
option log_stderr '1'
|
||||
option log_stdout '0'
|
||||
|
||||
@ -3,19 +3,24 @@
|
||||
USE_PROCD=1
|
||||
START=99
|
||||
|
||||
NAME="sing-box"
|
||||
script=$(readlink "$initscript")
|
||||
NAME="$(basename ${script:-$initscript})"
|
||||
PROG="/usr/bin/sing-box"
|
||||
|
||||
start_service() {
|
||||
config_load "$NAME"
|
||||
|
||||
local enabled user group conffile workdir
|
||||
local enabled user group conffile workdir ifaces
|
||||
local log_stdout log_stderr
|
||||
config_get_bool enabled "main" "enabled" "0"
|
||||
[ "$enabled" -eq "1" ] || return 0
|
||||
|
||||
config_get user "main" "user" "root"
|
||||
config_get conffile "main" "conffile"
|
||||
config_get ifaces "main" "ifaces"
|
||||
config_get workdir "main" "workdir" "/usr/share/sing-box"
|
||||
config_get_bool log_stdout "main" "log_stdout" "0"
|
||||
config_get_bool log_stderr "main" "log_stderr" "1"
|
||||
|
||||
mkdir -p "$workdir"
|
||||
local group="$(id -ng $user)"
|
||||
@ -27,13 +32,24 @@ start_service() {
|
||||
# Use root user if you want to use the TUN mode.
|
||||
procd_set_param user "$user"
|
||||
procd_set_param file "$conffile"
|
||||
procd_set_param stdout 1
|
||||
procd_set_param stderr 1
|
||||
[ -z "$ifaces" ] || procd_set_param netdev $ifaces
|
||||
procd_set_param stdout "$log_stdout"
|
||||
procd_set_param stderr "$log_stderr"
|
||||
procd_set_param limits core="unlimited"
|
||||
procd_set_param limits nofile="1000000 1000000"
|
||||
procd_set_param respawn
|
||||
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
local ifaces
|
||||
config_load "$NAME"
|
||||
config_get ifaces "main" "ifaces"
|
||||
procd_open_trigger
|
||||
for iface in $ifaces; do
|
||||
procd_add_interface_trigger "interface.*.up" $iface /etc/init.d/$NAME restart
|
||||
done
|
||||
procd_close_trigger
|
||||
procd_add_reload_trigger "$NAME"
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user