update 2025-08-21 09:19:03

2025-08-21 09:19:03 +08:00 · 2025-08-21 09:19:03 +08:00 · 75e46eea09
commit 75e46eea09
parent cc9e0b310c
4 changed files with 24 additions and 7 deletions
--- a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js
+++ b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/node.js
@ -126,12 +126,15 @@ function parseShareLink(uri, features) {
 				url = new URL('http://' + uri[1]);

 				let userinfo;
-				if (url.username && url.password)
+				if (url.username && url.password) {
 					/* User info encoded with URIComponent */
 					userinfo = [url.username, decodeURIComponent(url.password)];
-				else if (url.username)
+				} else if (url.username) {
 					/* User info encoded with base64 */
 					userinfo = hp.decodeBase64Str(decodeURIComponent(url.username)).split(':');
+					if (userinfo.length > 1)
+						userinfo = [userinfo[0], userinfo.slice(1).join(':')]
+				}

 				if (!hp.shadowsocks_encrypt_methods.includes(userinfo[0]))
 					return null;
@ -140,7 +143,7 @@ function parseShareLink(uri, features) {
 				if (url.search && url.searchParams.get('plugin')) {
 					let plugin_info = url.searchParams.get('plugin').split(';');
 					plugin = plugin_info[0];
-					plugin_opts = plugin_info.slice(1) ? plugin_info.slice(1).join(';') : null;
+					plugin_opts = (plugin_info.length > 1) ? plugin_info.slice(1).join(';') : null;
 				}

 				config = {
--- a/luci-app-homeproxy/root/etc/init.d/homeproxy
+++ b/luci-app-homeproxy/root/etc/init.d/homeproxy
@ -149,6 +149,9 @@ start_service() {
 		procd_set_param command "$PROG"
 		procd_append_param command run --config "$RUN_DIR/sing-box-c.json"

+		# QUIC-GO GSO is broken on kernel 6.6 currently
+		uname -r | grep -Eq "^6\.6" && procd_set_param env "QUIC_GO_DISABLE_GSO"="true"
+
 		if [ -x "/sbin/ujail" ] && [ "$routing_mode" != "custom" ] && ! grep -Eq '"type": "(wireguard|tun)"' "$RUN_DIR/sing-box-c.json"; then
 			procd_add_jail "sing-box-c" log procfs
 			procd_add_jail_mount "$RUN_DIR/sing-box-c.json"
@ -190,6 +193,9 @@ start_service() {
 		procd_set_param command "$PROG"
 		procd_append_param command run --config "$RUN_DIR/sing-box-s.json"

+		# QUIC-GO GSO is broken on kernel 6.6 currently
+		uname -r | grep -Eq "^6\.6" && procd_set_param env "QUIC_GO_DISABLE_GSO"="true"
+
 		if [ -x "/sbin/ujail" ]; then
 			procd_add_jail "sing-box-s" log procfs
 			procd_add_jail_mount "$RUN_DIR/sing-box-s.json"
--- a/nikki/files/ucode/hijack.ut
+++ b/nikki/files/ucode/hijack.ut
@ -108,15 +108,15 @@
 -%}

 table inet nikki {
+	{% if (length(dns_hijack_nfproto) > 0): %}
 	set dns_hijack_nfproto {
 		type nf_proto
 		flags interval
-		{% if (length(dns_hijack_nfproto) > 0): %}
 		elements = {
 			{{ join(', ', dns_hijack_nfproto) }}
 		}
-		{% endif %}
 	}
+	{% endif %}

 	set proxy_nfproto {
 		type nf_proto
@ -421,7 +421,9 @@ table inet nikki {
 		{% elif (cgroups_version == 2): %}
 		socket cgroupv2 level 2 "services/{{ cgroup_name }}" counter return
 		{% endif %}
+		{% if (length(dns_hijack_nfproto) > 0): %}
 		meta nfproto @dns_hijack_nfproto jump router_dns_hijack
+		{% endif %}
 		{% if (tcp_mode == 'redirect'): %}
 		fib daddr type { local, broadcast, anycast, multicast } counter return
 		ct direction reply counter return
@ -459,7 +461,9 @@ table inet nikki {
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
 		meta l4proto { tcp, udp } ip dscp @bypass_dscp {% if (fake_ip_range): %} ip daddr != {{ fake_ip_range }} {% endif %} counter return
 		meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
+		{% if (length(dns_hijack_nfproto) > 0): %}
 		meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return
+		{% endif %}
 		{% if (tcp_mode == 'tproxy'): %}
 		meta nfproto @proxy_nfproto meta l4proto tcp jump router_tproxy
 		{% elif (tcp_mode == 'tun'): %}
@ -486,7 +490,9 @@ table inet nikki {
 	{% if (lan_proxy): %}
 	chain dstnat {
 		type nat hook prerouting priority dstnat + 1; policy accept;
+		{% if (length(dns_hijack_nfproto) > 0): %}
 		iifname @lan_inbound_device meta nfproto @dns_hijack_nfproto jump lan_dns_hijack
+		{% endif %}
 		{% if (tcp_mode == 'redirect'): %}
 		fib daddr type { local, broadcast, anycast, multicast } counter return
 		ct direction reply counter return
@ -519,7 +525,9 @@ table inet nikki {
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
 		meta l4proto { tcp, udp } ip dscp @bypass_dscp {% if (fake_ip_range): %} ip daddr != {{ fake_ip_range }} {% endif %} counter return
 		meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
+		{% if (length(dns_hijack_nfproto) > 0): %}
 		meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return
+		{% endif %}
 		{% if (tcp_mode == 'tproxy'): %}
 		iifname @lan_inbound_device meta nfproto @proxy_nfproto meta l4proto tcp jump lan_tproxy
 		{% elif (tcp_mode == 'tun'): %}
--- a/sing-box/Makefile
+++ b/sing-box/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=sing-box
-PKG_VERSION:=1.12.1
+PKG_VERSION:=1.12.2
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=8c7de6f996c9d3ad363d60b52828dc649a579ae8a5f0b596fc8ff7ea7622908d
+PKG_HASH:=95d902c008ed0b414ab29408dc565310fffe435a15753e02d10ca5c8e6837ce5

 PKG_LICENSE:=GPL-3.0-or-later
 PKG_LICENSE_FILES:=LICENSE