From 36401818a0b01e182300ecd94ef985e2483d70dd Mon Sep 17 00:00:00 2001 From: actions-user Date: Wed, 6 Aug 2025 09:41:41 +0800 Subject: [PATCH] update 2025-08-06 09:41:41 --- luci-app-passwall/Makefile | 2 +- .../passwall/node_list/link_share_man.htm | 3 +++ luci-app-passwall/po/zh-cn/passwall.po | 2 +- .../root/usr/share/passwall/subscribe.lua | 16 ++++++++--- nikki/Makefile | 2 +- nikki/files/mixin.yaml | 27 +++++++++---------- nikki/files/nikki.init | 4 +-- sing-box/Makefile | 23 +++++++++------- sing-box/files/sing-box.conf | 7 +++-- sing-box/files/sing-box.init | 24 ++++++++++++++--- 10 files changed, 70 insertions(+), 40 deletions(-) diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index 2734a62..c93204a 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=25.8.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \ diff --git a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm index 655253c..586c40d 100644 --- a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm +++ b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm @@ -1580,6 +1580,9 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || ''); } } + if ((!queryParam.security || queryParam.security == "") && queryParam.sni && queryParam.sni != "") { + queryParam.security = "tls"; + } if (queryParam.security) { if (queryParam.security == "tls") { opt.set(dom_prefix + 'tls', true); diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 5a2800e..5a6f8dc 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1751,7 +1751,7 @@ msgid "Fragmentation interval (ms)" msgstr "分片间隔(ms)" msgid "Split handshake data into multiple TLS records for better censorship evasion. Low overhead. Recommended to enable first." -msgstr 将握手数据拆分为多个 TLS 记录,提升抗封锁能力,几乎不增加延迟,建议优先启用。" +msgstr "将握手数据拆分为多个 TLS 记录,提升抗封锁能力,几乎不增加延迟,建议优先启用。" msgid "Split handshake into multiple TCP segments. Enhances obfuscation. May increase delay. Use only if needed." msgstr "将 TLS 握手数据分为多个 TCP 包发送,提高伪装性,可能增加延迟,仅在封锁严重时使用。" diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua index 0bcc4fe..d221863 100755 --- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua +++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua @@ -280,7 +280,7 @@ do if node.balancing_node then for k, node in pairs(node.balancing_node) do currentNodes[#currentNodes + 1] = { - log = false, + log = true, node = node, currentNode = node and uci:get_all(appname, node) or nil, remarks = node, @@ -328,7 +328,7 @@ do if node.urltest_node then for k, node in pairs(node.urltest_node) do currentNodes[#currentNodes + 1] = { - log = false, + log = true, node = node, currentNode = node and uci:get_all(appname, node) or nil, remarks = node, @@ -1452,9 +1452,12 @@ local function processData(szType, content, add_mode, add_from) result.address = host_port end result.tls = "0" + if (not params.security or params.security == "") and params.sni and params.sni ~= "" then + params.security = "tls" + end if params.security == "tls" or params.security == "reality" then result.tls = "1" - result.tls_serverName = (params.sni and params.sni ~= "") and params.sni or params.host + result.tls_serverName = params.sni result.alpn = params.alpn if params.fp and params.fp ~= "" then result.utls = "1" @@ -1566,7 +1569,9 @@ local function select_node(nodes, config, parentConfig) if config.currentNode[".name"] then for index, node in pairs(nodes) do if node[".name"] == config.currentNode[".name"] then - log('更新【' .. config.remarks .. '】匹配节点:' .. node.remarks) + if config.log == nil or config.log == true then + log('更新【' .. config.remarks .. '】匹配节点:' .. node.remarks) + end server = node[".name"] break end @@ -1734,6 +1739,9 @@ local function update_node(manual) for _, config in pairs(CONFIG) do if config.currentNodes and #config.currentNodes > 0 then + if config.remarks and config.currentNodes[1].log ~= false then + log('----【' .. config.remarks .. '】----') + end for kk, vv in pairs(config.currentNodes) do select_node(nodes, vv, config) end diff --git a/nikki/Makefile b/nikki/Makefile index 42ef326..f8510f8 100644 --- a/nikki/Makefile +++ b/nikki/Makefile @@ -9,7 +9,7 @@ PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git PKG_SOURCE_VERSION:=v1.19.12 -PKG_MIRROR_HASH:=de065d6eb33b84b660d3ecaaee3359c991307ab42345c70e82c5ce65c1ae329e +PKG_MIRROR_HASH:=9ca38753d1b76268892cbf22e7d0f1348f58c0c6cff7305e87e41ea8193aba55 PKG_LICENSE:=GPL3.0+ PKG_MAINTAINER:=Joseph Mory diff --git a/nikki/files/mixin.yaml b/nikki/files/mixin.yaml index fc7cec2..5c54710 100644 --- a/nikki/files/mixin.yaml +++ b/nikki/files/mixin.yaml @@ -1,28 +1,25 @@ # Mixin File # You can set any mihomo profile's config at here, it will mixin to the profile. +# Mixin file have lower priority than the LuCI mixin options. +# +# Mihomo's Wiki: https://wiki.metacubex.one # # For example: # -# global-client-fingerprint: chrome # set fingerprint for TLS transport # experimental: # experimental config -# quic-go-disable-gso: false # disable quic-go GSO support -# quic-go-disable-ecn: false # disable quic-go ECN support # dialer-ip4p-convert: false # IP4P support -# proxies: # overwrite proxies +# listeners: # overwrite listeners +# - name: shadowsocks +# type: shadowsocks +# listen: "::" +# port: 12060 +# nikki-proxies: # prepend proxies # - name: "PROXY" # type: ss # server: proxy.example.com # port: 443 # cipher: chacha20-ietf-poly1305 # password: "password" -# rules: # overwrite rules -# - DOMAIN,google.com,PROXY -# - DOMAIN-SUFFIX,google.com,PROXY -# - DOMAIN-KEYWORD,google,PROXY -# - DOMAIN-REGEX,^google.*com,PROXY -# - GEOSITE,google,PROXY -# - GEOSITE,cn,DIRECT -# - IP-CIDR,8.8.8.8/32,DIRECT,no-resolve -# - GEOIP,telegram,DIRECT -# - GEOIP,cn,DIRECT -# - Match,PROXY \ No newline at end of file +# nikki-rules: # prepend rules +# - DOMAIN,direct.example.com,DIRECT +# - DOMAIN-SUFFIX,proxy.example.com,PROXY \ No newline at end of file diff --git a/nikki/files/nikki.init b/nikki/files/nikki.init index c51b662..1cb213e 100644 --- a/nikki/files/nikki.init +++ b/nikki/files/nikki.init @@ -139,9 +139,9 @@ start_service() { yq -M -i 'del(.sniffer.sniff)' "$RUN_PROFILE_PATH" fi if [ "$mixin_file_content" = 0 ]; then - ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" - + ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .proxies = .nikki-proxies + .proxies | del(.nikki-proxies) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" - elif [ "$mixin_file_content" = 1 ]; then - ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" "$MIXIN_FILE_PATH" - + ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .proxies = .nikki-proxies + .proxies | del(.nikki-proxies) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" "$MIXIN_FILE_PATH" - fi fi # test profile diff --git a/sing-box/Makefile b/sing-box/Makefile index 03baae6..a095d9f 100644 --- a/sing-box/Makefile +++ b/sing-box/Makefile @@ -23,9 +23,8 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_SING_BOX_BUILD_EMBEDDED_TOR \ CONFIG_SING_BOX_BUILD_GRPC \ CONFIG_SING_BOX_BUILD_GVISOR \ - CONFIG_SING_BOX_BUILD_LWIP \ CONFIG_SING_BOX_BUILD_QUIC \ - CONFIG_SING_BOX_BUILD_REALITY_SERVER \ + CONFIG_SING_BOX_BUILD_TAILSCALE \ CONFIG_SING_BOX_BUILD_UTLS \ CONFIG_SING_BOX_BUILD_V2RAY_API \ CONFIG_SING_BOX_BUILD_WIREGUARD @@ -51,14 +50,20 @@ define Package/sing-box +ca-bundle \ +kmod-inet-diag \ +kmod-netlink-diag \ - +(SING_BOX_BUILD_GVISOR||SING_BOX_BUILD_LWIP):kmod-tun + +SING_BOX_BUILD_GVISOR:kmod-tun USERID:=sing-box=5566:sing-box=5566 endef +define Package/sing-box/description + Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks, + ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on. +endef + define Package/sing-box/config if PACKAGE_sing-box config SING_BOX_BUILD_ACME bool "Build with ACME TLS certificate issuer support" + default y config SING_BOX_BUILD_CLASH_API bool "Build with Clash API support" @@ -69,6 +74,7 @@ define Package/sing-box/config config SING_BOX_BUILD_EMBEDDED_TOR bool "Build with embedded Tor support" + depends on BROKEN config SING_BOX_BUILD_GRPC bool "Build with standard gPRC support" @@ -79,9 +85,6 @@ define Package/sing-box/config bool "Build with gVisor support" default y - config SING_BOX_BUILD_LWIP - bool "Build with LWIP Tun stack support" - config SING_BOX_BUILD_QUIC bool "Build with QUIC support" default y @@ -89,8 +92,9 @@ define Package/sing-box/config Required by HTTP3 DNS transports, Naive inbound, Hysteria inbound / outbound, and v2ray QUIC transport. - config SING_BOX_BUILD_REALITY_SERVER - bool "Build with REALITY TLS server support" + config SING_BOX_BUILD_TAILSCALE + bool "Build with Tailscale support" + default y config SING_BOX_BUILD_UTLS bool "Build with uTLS support" @@ -112,9 +116,8 @@ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ $(if $(CONFIG_SING_BOX_BUILD_EMBEDDED_TOR),with_embedded_tor) \ $(if $(CONFIG_SING_BOX_BUILD_GRPC),with_grpc) \ $(if $(CONFIG_SING_BOX_BUILD_GVISOR),with_gvisor) \ - $(if $(CONFIG_SING_BOX_BUILD_LWIP),with_lwip) \ $(if $(CONFIG_SING_BOX_BUILD_QUIC),with_quic) \ - $(if $(CONFIG_SING_BOX_BUILD_REALITY_SERVER),with_reality_server) \ + $(if $(CONFIG_SING_BOX_BUILD_TAILSCALE),with_tailscale) \ $(if $(CONFIG_SING_BOX_BUILD_UTLS),with_utls) \ $(if $(CONFIG_SING_BOX_BUILD_V2RAY_API),with_v2ray_api) \ $(if $(CONFIG_SING_BOX_BUILD_WIREGUARD),with_wireguard) \ diff --git a/sing-box/files/sing-box.conf b/sing-box/files/sing-box.conf index c776790..a6489b0 100644 --- a/sing-box/files/sing-box.conf +++ b/sing-box/files/sing-box.conf @@ -1,7 +1,10 @@ config sing-box 'main' option enabled '0' - option user 'sing-box' + option user 'root' option conffile '/etc/sing-box/config.json' option workdir '/usr/share/sing-box' - +# list ifaces 'wan' +# list ifaces 'wan6' + option log_stderr '1' + option log_stdout '0' diff --git a/sing-box/files/sing-box.init b/sing-box/files/sing-box.init index 277c9f2..ecc22b5 100644 --- a/sing-box/files/sing-box.init +++ b/sing-box/files/sing-box.init @@ -3,19 +3,24 @@ USE_PROCD=1 START=99 -NAME="sing-box" +script=$(readlink "$initscript") +NAME="$(basename ${script:-$initscript})" PROG="/usr/bin/sing-box" start_service() { config_load "$NAME" - local enabled user group conffile workdir + local enabled user group conffile workdir ifaces + local log_stdout log_stderr config_get_bool enabled "main" "enabled" "0" [ "$enabled" -eq "1" ] || return 0 config_get user "main" "user" "root" config_get conffile "main" "conffile" + config_get ifaces "main" "ifaces" config_get workdir "main" "workdir" "/usr/share/sing-box" + config_get_bool log_stdout "main" "log_stdout" "0" + config_get_bool log_stderr "main" "log_stderr" "1" mkdir -p "$workdir" local group="$(id -ng $user)" @@ -27,13 +32,24 @@ start_service() { # Use root user if you want to use the TUN mode. procd_set_param user "$user" procd_set_param file "$conffile" - procd_set_param stdout 1 - procd_set_param stderr 1 + [ -z "$ifaces" ] || procd_set_param netdev $ifaces + procd_set_param stdout "$log_stdout" + procd_set_param stderr "$log_stderr" + procd_set_param limits core="unlimited" + procd_set_param limits nofile="1000000 1000000" procd_set_param respawn procd_close_instance } service_triggers() { + local ifaces + config_load "$NAME" + config_get ifaces "main" "ifaces" + procd_open_trigger + for iface in $ifaces; do + procd_add_interface_trigger "interface.*.up" $iface /etc/init.d/$NAME restart + done + procd_close_trigger procd_add_reload_trigger "$NAME" }