From 75e46eea094f2ad2d995908bff3b6baf09655e76 Mon Sep 17 00:00:00 2001 From: actions-user Date: Thu, 21 Aug 2025 09:19:03 +0800 Subject: [PATCH] update 2025-08-21 09:19:03 --- .../luci-static/resources/view/homeproxy/node.js | 9 ++++++--- luci-app-homeproxy/root/etc/init.d/homeproxy | 6 ++++++ nikki/files/ucode/hijack.ut | 12 ++++++++++-- sing-box/Makefile | 4 ++-- 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js index 0a425ae..166866a 100644 --- a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js +++ b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js @@ -126,12 +126,15 @@ function parseShareLink(uri, features) { url = new URL('http://' + uri[1]); let userinfo; - if (url.username && url.password) + if (url.username && url.password) { /* User info encoded with URIComponent */ userinfo = [url.username, decodeURIComponent(url.password)]; - else if (url.username) + } else if (url.username) { /* User info encoded with base64 */ userinfo = hp.decodeBase64Str(decodeURIComponent(url.username)).split(':'); + if (userinfo.length > 1) + userinfo = [userinfo[0], userinfo.slice(1).join(':')] + } if (!hp.shadowsocks_encrypt_methods.includes(userinfo[0])) return null; @@ -140,7 +143,7 @@ function parseShareLink(uri, features) { if (url.search && url.searchParams.get('plugin')) { let plugin_info = url.searchParams.get('plugin').split(';'); plugin = plugin_info[0]; - plugin_opts = plugin_info.slice(1) ? plugin_info.slice(1).join(';') : null; + plugin_opts = (plugin_info.length > 1) ? plugin_info.slice(1).join(';') : null; } config = { diff --git a/luci-app-homeproxy/root/etc/init.d/homeproxy b/luci-app-homeproxy/root/etc/init.d/homeproxy index 9cdbd9f..888bba7 100755 --- a/luci-app-homeproxy/root/etc/init.d/homeproxy +++ b/luci-app-homeproxy/root/etc/init.d/homeproxy @@ -149,6 +149,9 @@ start_service() { procd_set_param command "$PROG" procd_append_param command run --config "$RUN_DIR/sing-box-c.json" + # QUIC-GO GSO is broken on kernel 6.6 currently + uname -r | grep -Eq "^6\.6" && procd_set_param env "QUIC_GO_DISABLE_GSO"="true" + if [ -x "/sbin/ujail" ] && [ "$routing_mode" != "custom" ] && ! grep -Eq '"type": "(wireguard|tun)"' "$RUN_DIR/sing-box-c.json"; then procd_add_jail "sing-box-c" log procfs procd_add_jail_mount "$RUN_DIR/sing-box-c.json" @@ -190,6 +193,9 @@ start_service() { procd_set_param command "$PROG" procd_append_param command run --config "$RUN_DIR/sing-box-s.json" + # QUIC-GO GSO is broken on kernel 6.6 currently + uname -r | grep -Eq "^6\.6" && procd_set_param env "QUIC_GO_DISABLE_GSO"="true" + if [ -x "/sbin/ujail" ]; then procd_add_jail "sing-box-s" log procfs procd_add_jail_mount "$RUN_DIR/sing-box-s.json" diff --git a/nikki/files/ucode/hijack.ut b/nikki/files/ucode/hijack.ut index 15c1487..dde34d6 100644 --- a/nikki/files/ucode/hijack.ut +++ b/nikki/files/ucode/hijack.ut @@ -108,15 +108,15 @@ -%} table inet nikki { + {% if (length(dns_hijack_nfproto) > 0): %} set dns_hijack_nfproto { type nf_proto flags interval - {% if (length(dns_hijack_nfproto) > 0): %} elements = { {{ join(', ', dns_hijack_nfproto) }} } - {% endif %} } + {% endif %} set proxy_nfproto { type nf_proto @@ -421,7 +421,9 @@ table inet nikki { {% elif (cgroups_version == 2): %} socket cgroupv2 level 2 "services/{{ cgroup_name }}" counter return {% endif %} + {% if (length(dns_hijack_nfproto) > 0): %} meta nfproto @dns_hijack_nfproto jump router_dns_hijack + {% endif %} {% if (tcp_mode == 'redirect'): %} fib daddr type { local, broadcast, anycast, multicast } counter return ct direction reply counter return @@ -459,7 +461,9 @@ table inet nikki { meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta l4proto { tcp, udp } ip dscp @bypass_dscp {% if (fake_ip_range): %} ip daddr != {{ fake_ip_range }} {% endif %} counter return meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return + {% if (length(dns_hijack_nfproto) > 0): %} meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return + {% endif %} {% if (tcp_mode == 'tproxy'): %} meta nfproto @proxy_nfproto meta l4proto tcp jump router_tproxy {% elif (tcp_mode == 'tun'): %} @@ -486,7 +490,9 @@ table inet nikki { {% if (lan_proxy): %} chain dstnat { type nat hook prerouting priority dstnat + 1; policy accept; + {% if (length(dns_hijack_nfproto) > 0): %} iifname @lan_inbound_device meta nfproto @dns_hijack_nfproto jump lan_dns_hijack + {% endif %} {% if (tcp_mode == 'redirect'): %} fib daddr type { local, broadcast, anycast, multicast } counter return ct direction reply counter return @@ -519,7 +525,9 @@ table inet nikki { meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta l4proto { tcp, udp } ip dscp @bypass_dscp {% if (fake_ip_range): %} ip daddr != {{ fake_ip_range }} {% endif %} counter return meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return + {% if (length(dns_hijack_nfproto) > 0): %} meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return + {% endif %} {% if (tcp_mode == 'tproxy'): %} iifname @lan_inbound_device meta nfproto @proxy_nfproto meta l4proto tcp jump lan_tproxy {% elif (tcp_mode == 'tun'): %} diff --git a/sing-box/Makefile b/sing-box/Makefile index 496021e..df2caca 100644 --- a/sing-box/Makefile +++ b/sing-box/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.1 +PKG_VERSION:=1.12.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=8c7de6f996c9d3ad363d60b52828dc649a579ae8a5f0b596fc8ff7ea7622908d +PKG_HASH:=95d902c008ed0b414ab29408dc565310fffe435a15753e02d10ca5c8e6837ce5 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE