update 2025-08-06 09:41:41

luci-app-passwall/Makefile

@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=25.8.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \

luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm

@@ -1580,6 +1580,9 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 					queryParam[decodeURIComponent(params[0])] = decodeURIComponent(params[1] || '');
 				}
 			}
+			if ((!queryParam.security || queryParam.security == "") && queryParam.sni && queryParam.sni != "") {
+				queryParam.security = "tls";
+			}
 			if (queryParam.security) {
 				if (queryParam.security == "tls") {
 					opt.set(dom_prefix + 'tls', true);

luci-app-passwall/po/zh-cn/passwall.po

@@ -1751,7 +1751,7 @@ msgid "Fragmentation interval (ms)"
 msgstr "分片间隔（ms）"
 
 msgid "Split handshake data into multiple TLS records for better censorship evasion. Low overhead. Recommended to enable first."
-msgstr 将握手数据拆分为多个 TLS 记录，提升抗封锁能力，几乎不增加延迟，建议优先启用。"
+msgstr "将握手数据拆分为多个 TLS 记录，提升抗封锁能力，几乎不增加延迟，建议优先启用。"
 
 msgid "Split handshake into multiple TCP segments. Enhances obfuscation. May increase delay. Use only if needed."
 msgstr "将 TLS 握手数据分为多个 TCP 包发送，提高伪装性，可能增加延迟，仅在封锁严重时使用。"

luci-app-passwall/root/usr/share/passwall/subscribe.lua

@@ -280,7 +280,7 @@ do
 			if node.balancing_node then
 				for k, node in pairs(node.balancing_node) do
 					currentNodes[#currentNodes + 1] = {
-						log = false,
+						log = true,
 						node = node,
 						currentNode = node and uci:get_all(appname, node) or nil,
 						remarks = node,
@@ -328,7 +328,7 @@ do
 			if node.urltest_node then
 				for k, node in pairs(node.urltest_node) do
 					currentNodes[#currentNodes + 1] = {
-						log = false,
+						log = true,
 						node = node,
 						currentNode = node and uci:get_all(appname, node) or nil,
 						remarks = node,
@@ -1452,9 +1452,12 @@ local function processData(szType, content, add_mode, add_from)
 				result.address = host_port
 			end
 			result.tls = "0"
+			if (not params.security or params.security == "") and params.sni and params.sni ~= "" then
+				params.security = "tls"
+			end
 			if params.security == "tls" or params.security == "reality" then
 				result.tls = "1"
-				result.tls_serverName = (params.sni and params.sni ~= "") and params.sni or params.host
+				result.tls_serverName = params.sni
 				result.alpn = params.alpn
 				if params.fp and params.fp ~= "" then
 					result.utls = "1"
@@ -1566,7 +1569,9 @@ local function select_node(nodes, config, parentConfig)
 		if config.currentNode[".name"] then
 			for index, node in pairs(nodes) do
 				if node[".name"] == config.currentNode[".name"] then
-					log('更新【' .. config.remarks .. '】匹配节点：' .. node.remarks)
+					if config.log == nil or config.log == true then
+						log('更新【' .. config.remarks .. '】匹配节点：' .. node.remarks)
+					end
 					server = node[".name"]
 					break
 				end
@@ -1734,6 +1739,9 @@ local function update_node(manual)
 
 		for _, config in pairs(CONFIG) do
 			if config.currentNodes and #config.currentNodes > 0 then
+				if config.remarks and config.currentNodes[1].log ~= false then
+					log('----【' .. config.remarks .. '】----')
+				end
 				for kk, vv in pairs(config.currentNodes) do
 					select_node(nodes, vv, config)
 				end

nikki/Makefile

@@ -9,7 +9,7 @@ PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
 PKG_SOURCE_VERSION:=v1.19.12
-PKG_MIRROR_HASH:=de065d6eb33b84b660d3ecaaee3359c991307ab42345c70e82c5ce65c1ae329e
+PKG_MIRROR_HASH:=9ca38753d1b76268892cbf22e7d0f1348f58c0c6cff7305e87e41ea8193aba55
 
 PKG_LICENSE:=GPL3.0+
 PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>

nikki/files/mixin.yaml

@@ -1,28 +1,25 @@
 # Mixin File
 # You can set any mihomo profile's config at here, it will mixin to the profile.
+# Mixin file have lower priority than the LuCI mixin options.
+#
+# Mihomo's Wiki: https://wiki.metacubex.one
 #
 # For example:
 #
-# global-client-fingerprint: chrome # set fingerprint for TLS transport
 # experimental: # experimental config
-#   quic-go-disable-gso: false # disable quic-go GSO support
-#   quic-go-disable-ecn: false # disable quic-go ECN support
 #   dialer-ip4p-convert: false # IP4P support
-# proxies: # overwrite proxies
+# listeners: # overwrite listeners
+#   - name: shadowsocks
+#     type: shadowsocks
+#     listen: "::"
+#     port: 12060
+# nikki-proxies: # prepend proxies
 #   - name: "PROXY"
 #     type: ss
 #     server: proxy.example.com
 #     port: 443
 #     cipher: chacha20-ietf-poly1305
 #     password: "password"
-# rules: # overwrite rules
+# nikki-rules: # prepend rules
-#   - DOMAIN,google.com,PROXY
+#   - DOMAIN,direct.example.com,DIRECT
-#   - DOMAIN-SUFFIX,google.com,PROXY
+#   - DOMAIN-SUFFIX,proxy.example.com,PROXY
-#   - DOMAIN-KEYWORD,google,PROXY
-#   - DOMAIN-REGEX,^google.*com,PROXY
-#   - GEOSITE,google,PROXY
-#   - GEOSITE,cn,DIRECT
-#   - IP-CIDR,8.8.8.8/32,DIRECT,no-resolve
-#   - GEOIP,telegram,DIRECT
-#   - GEOIP,cn,DIRECT
-#   - Match,PROXY

nikki/files/nikki.init

@@ -139,9 +139,9 @@ start_service() {
 			yq -M -i 'del(.sniffer.sniff)' "$RUN_PROFILE_PATH"
 		fi
 		if [ "$mixin_file_content" = 0 ]; then
-			ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" -
+			ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .proxies = .nikki-proxies + .proxies | del(.nikki-proxies) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" -
 		elif [ "$mixin_file_content" = 1 ]; then
-			ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" "$MIXIN_FILE_PATH" -
+			ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .proxies = .nikki-proxies + .proxies | del(.nikki-proxies) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" "$MIXIN_FILE_PATH" -
 		fi
 	fi
 	# test profile

sing-box/Makefile

@@ -23,9 +23,8 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_SING_BOX_BUILD_EMBEDDED_TOR \
 	CONFIG_SING_BOX_BUILD_GRPC \
 	CONFIG_SING_BOX_BUILD_GVISOR \
-	CONFIG_SING_BOX_BUILD_LWIP \
 	CONFIG_SING_BOX_BUILD_QUIC \
-	CONFIG_SING_BOX_BUILD_REALITY_SERVER \
+	CONFIG_SING_BOX_BUILD_TAILSCALE \
 	CONFIG_SING_BOX_BUILD_UTLS \
 	CONFIG_SING_BOX_BUILD_V2RAY_API \
 	CONFIG_SING_BOX_BUILD_WIREGUARD
@@ -51,14 +50,20 @@ define Package/sing-box
     +ca-bundle \
     +kmod-inet-diag \
     +kmod-netlink-diag \
-    +(SING_BOX_BUILD_GVISOR||SING_BOX_BUILD_LWIP):kmod-tun
+    +SING_BOX_BUILD_GVISOR:kmod-tun
   USERID:=sing-box=5566:sing-box=5566
 endef
 
+define Package/sing-box/description
+  Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks,
+  ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
+endef
+
 define Package/sing-box/config
   if PACKAGE_sing-box
     config SING_BOX_BUILD_ACME
     bool "Build with ACME TLS certificate issuer support"
+    default y
 
     config SING_BOX_BUILD_CLASH_API
     bool "Build with Clash API support"
@@ -69,6 +74,7 @@ define Package/sing-box/config
 
     config SING_BOX_BUILD_EMBEDDED_TOR
     bool "Build with embedded Tor support"
+    depends on BROKEN
 
     config SING_BOX_BUILD_GRPC
     bool "Build with standard gPRC support"
@@ -79,9 +85,6 @@ define Package/sing-box/config
     bool "Build with gVisor support"
     default y
 
-    config SING_BOX_BUILD_LWIP
-    bool "Build with LWIP Tun stack support"
-
     config SING_BOX_BUILD_QUIC
     bool "Build with QUIC support"
     default y
@@ -89,8 +92,9 @@ define Package/sing-box/config
       Required by HTTP3 DNS transports, Naive inbound,
       Hysteria inbound / outbound, and v2ray QUIC transport.
 
-    config SING_BOX_BUILD_REALITY_SERVER
+    config SING_BOX_BUILD_TAILSCALE
-    bool "Build with REALITY TLS server support"
+    bool "Build with Tailscale support"
+    default y
 
     config SING_BOX_BUILD_UTLS
     bool "Build with uTLS support"
@@ -112,9 +116,8 @@ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \
 	$(if $(CONFIG_SING_BOX_BUILD_EMBEDDED_TOR),with_embedded_tor) \
 	$(if $(CONFIG_SING_BOX_BUILD_GRPC),with_grpc) \
 	$(if $(CONFIG_SING_BOX_BUILD_GVISOR),with_gvisor) \
-	$(if $(CONFIG_SING_BOX_BUILD_LWIP),with_lwip) \
 	$(if $(CONFIG_SING_BOX_BUILD_QUIC),with_quic) \
-	$(if $(CONFIG_SING_BOX_BUILD_REALITY_SERVER),with_reality_server) \
+	$(if $(CONFIG_SING_BOX_BUILD_TAILSCALE),with_tailscale) \
 	$(if $(CONFIG_SING_BOX_BUILD_UTLS),with_utls) \
 	$(if $(CONFIG_SING_BOX_BUILD_V2RAY_API),with_v2ray_api) \
 	$(if $(CONFIG_SING_BOX_BUILD_WIREGUARD),with_wireguard) \

sing-box/files/sing-box.conf

@@ -1,7 +1,10 @@
 
 config sing-box 'main'
 	option enabled '0'
-	option user 'sing-box'
+	option user 'root'
 	option conffile '/etc/sing-box/config.json'
 	option workdir '/usr/share/sing-box'
-
+#	list ifaces 'wan'
+#	list ifaces 'wan6'
+	option log_stderr '1'
+	option log_stdout '0'

sing-box/files/sing-box.init

@@ -3,19 +3,24 @@
 USE_PROCD=1
 START=99
 
-NAME="sing-box"
+script=$(readlink "$initscript")
+NAME="$(basename ${script:-$initscript})"
 PROG="/usr/bin/sing-box"
 
 start_service() {
 	config_load "$NAME"
 
-	local enabled user group conffile workdir
+	local enabled user group conffile workdir ifaces
+	local log_stdout log_stderr
 	config_get_bool enabled "main" "enabled" "0"
 	[ "$enabled" -eq "1" ] || return 0
 
 	config_get user "main" "user" "root"
 	config_get conffile "main" "conffile"
+	config_get ifaces "main" "ifaces"
 	config_get workdir "main" "workdir" "/usr/share/sing-box"
+	config_get_bool log_stdout "main" "log_stdout" "0"
+	config_get_bool log_stderr "main" "log_stderr" "1"
 
 	mkdir -p "$workdir"
 	local group="$(id -ng $user)"
@@ -27,13 +32,24 @@ start_service() {
 	# Use root user if you want to use the TUN mode.
 	procd_set_param user "$user"
 	procd_set_param file "$conffile"
-	procd_set_param stdout 1
+	[ -z "$ifaces" ] || procd_set_param netdev $ifaces
-	procd_set_param stderr 1
+	procd_set_param stdout "$log_stdout"
+	procd_set_param stderr "$log_stderr"
+	procd_set_param limits core="unlimited"
+	procd_set_param limits nofile="1000000 1000000"
 	procd_set_param respawn
 
 	procd_close_instance
 }
 
 service_triggers() {
+	local ifaces
+	config_load "$NAME"
+	config_get ifaces "main" "ifaces"
+	procd_open_trigger
+	for iface in $ifaces; do
+		procd_add_interface_trigger "interface.*.up" $iface /etc/init.d/$NAME restart
+	done
+	procd_close_trigger
 	procd_add_reload_trigger "$NAME"
 }