zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add sing-box

Browse Source
This commit is contained in:
sbwml 2023-09-06 10:59:10 +08:00
parent 714c9178fa
commit 926b43da02
3 changed files with 506 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
sing-box/Makefile Normal file
View File

@ -0,0 +1,156 @@
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=sing-box
PKG_VERSION:=1.4.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=5b8a576639e24640b76f5ee175aa83a54bf9a68f3a6de1650c3067f0f0405e7d
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
PKG_BUILD_FLAGS:=no-mips16
GO_PKG:=github.com/sagernet/sing-box
GO_PKG_BUILD_PKG:=$(GO_PKG)/cmd/sing-box
GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=v$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk
define Package/$(PKG_NAME)
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=The universal proxy platform.
URL:=https://sing-box.sagernet.org
DEPENDS:=$(GO_ARCH_DEPENDS) \
+ca-bundle \
+kmod-inet-diag \
+kmod-netlink-diag \
+kmod-tun
endef
define Package/$(PKG_NAME)/description
Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks,
ShadowsocksR, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
endef
GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=0
define Package/$(PKG_NAME)/config
menu "Customizing build tags"
depends on PACKAGE_sing-box
config SING_BOX_WITH_ACME
bool "Build with ACME TLS certificate issuer support"
default n
config SING_BOX_WITH_CLASH_API
bool "Build with Clash API support (EXPERIMENTAL!!!)"
default y
config SING_BOX_WITH_DHCP
bool "Build with DHCP support"
default y
config SING_BOX_WITH_ECH
bool "Build with TLS ECH extension support"
default n
config SING_BOX_WITH_GRPC
bool "Build with standard gRPC support"
default n
help
sing-box has better performance gun-lite gRPC built-in by default.
This standard gRPC has better compatibility but poor performance.
config SING_BOX_WITH_GVISOR
bool "Build with gVisor support"
default n
config SING_BOX_WITH_QUIC
bool "Build with QUIC support"
default y
help
Required by HTTP3 DNS transports, Naive inbound,
Hysteria inbound / outbound, and v2ray QUIC transport.
config SING_BOX_WITH_REALITY_SERVER
bool "Build with reality TLS server support"
default n
config SING_BOX_WITH_SHADOWSOCKSR
bool "Build with ShadowsockR support"
default n
config SING_BOX_WITH_UTLS
bool "Build with uTLS support"
default y
config SING_BOX_WITH_V2RAY_API
bool "Build with V2Ray API support (EXPERIMENTAL!!!)"
default n
config SING_BOX_WITH_WIREGUARD
bool "Build with WireGuard support"
default y
endmenu
endef
PKG_CONFIG_DEPENDS:= \
CONFIG_SING_BOX_WITH_ACME \
CONFIG_SING_BOX_WITH_CLASH_API \
CONFIG_SING_BOX_WITH_DHCP \
CONFIG_SING_BOX_WITH_ECH \
CONFIG_SING_BOX_WITH_GRPC \
CONFIG_SING_BOX_WITH_GVISOR \
CONFIG_SING_BOX_WITH_QUIC \
CONFIG_SING_BOX_WITH_REALITY_SERVER \
CONFIG_SING_BOX_WITH_SHADOWSOCKSR \
CONFIG_SING_BOX_WITH_UTLS \
CONFIG_SING_BOX_WITH_V2RAY_API \
CONFIG_SING_BOX_WITH_WIREGUARD
GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \
$(if $(CONFIG_SING_BOX_WITH_ACME),with_acme) \
$(if $(CONFIG_SING_BOX_WITH_CLASH_API),with_clash_api) \
$(if $(CONFIG_SING_BOX_WITH_DHCP),with_dhcp) \
$(if $(CONFIG_SING_BOX_WITH_ECH),with_ech) \
$(if $(CONFIG_SING_BOX_WITH_GRPC),with_grpc) \
$(if $(CONFIG_SING_BOX_WITH_GVISOR),with_gvisor) \
$(if $(CONFIG_SING_BOX_WITH_QUIC),with_quic) \
$(if $(CONFIG_SING_BOX_WITH_REALITY_SERVER),with_reality_server) \
$(if $(CONFIG_SING_BOX_WITH_SHADOWSOCKSR),with_shadowsocksr) \
$(if $(CONFIG_SING_BOX_WITH_UTLS),with_utls) \
$(if $(CONFIG_SING_BOX_WITH_V2RAY_API),with_v2ray_api) \
$(if $(CONFIG_SING_BOX_WITH_WIREGUARD),with_wireguard) \
))
define Package/$(PKG_NAME)/conffiles
/etc/sing-box/config.json
endef
define Package/$(PKG_NAME)/install
$(call GoPackage/Package/Install/Bin,$(1))
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box
$(INSTALL_DIR) $(1)/etc/sing-box
$(INSTALL_DATA) ./files/config.json.example $(1)/etc/sing-box/config.json.example
endef
$(eval $(call GoBinPackage,sing-box))
$(eval $(call BuildPackage,sing-box))

296
sing-box/files/config.json.example Normal file
View File

@ -0,0 +1,296 @@
{
"log": {
"disabled": false,
"level": "warn",
"output": "/tmp/sing-box.log",
"timestamp": true
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui": "",
"secret": "********",
"default_mode": "rule",
"store_selected": true,
"cache_file": "cache.db"
}
},
"dns": {
"servers": [
{
"tag": "foreign",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "local",
"address": "tls://1.12.12.12",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"domain": "mydomain.com",
"geosite": "cn",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"ntp": {
"enabled": false,
"server": "ntp.aliyun.com",
"server_port": 123,
"interval": "30m",
"detour": "direct"
},
"inbounds": [
{
"type": "tun",
"tag": "TUN-in",
"interface_name": "sb-tun0",
"inet4_address": "172.19.0.1/30",
"auto_route": false,
"endpoint_independent_nat": true,
"stack": "system",
"sniff": true
},
{
"type": "mixed",
"tag": "SOCKS-in",
"listen": "::",
"listen_port": *****
},
{
"type": "redirect",
"tag": "REDIRECT-in",
"listen": "::",
"listen_port": *****,
"sniff": true
},
{
"type": "tproxy",
"tag": "TPROXY-in",
"listen": "::",
"listen_port": *****,
"sniff": true
},
{
"type": "direct",
"tag": "DNS-in",
"listen": "::",
"listen_port": *****,
"network": "udp",
"sniff": true
},
{
"type": "shadowsocks",
"tag": "SS-in",
"listen": "::",
"listen_port": *****,
"sniff": true,
"method": "2022-blake3-aes-128-gcm",
"password": "bZzjl2DAXUs02L2Sosgu7A==",
"users": [
{
"name": "User1",
"password": "SGEFjWc+VgNGBXe1JhoRfg=="
},
{
"name": "User2",
"password": "XoXhbj4V9cMXfuUXF/C+cg=="
}
]
}
],
"outbounds": [
{
"type": "selector",
"tag": "Proxy-out",
"outbounds": [
"URL-Test",
"direct",
"Shadowsocks-ShadowTLS-out",
"Trojan-GRPC-out",
"Trojan-WebSocket-out",
"Hysteria-out"
],
"default": "URL-Test"
},
{
"type": "urltest",
"tag": "URL-Test",
"outbounds": [
"Shadowsocks-ShadowTLS-out",
"Trojan-GRPC-out",
"Trojan-WebSocket-out",
"Hysteria-out"
],
"url": "https://cp.cloudflare.com",
"interval": "1m",
"tolerance": 50
},
{
"type": "shadowsocks",
"tag": "Shadowsocks-ShadowTLS-out",
"detour": "Shadowsocks-ShadowTLS",
"method": "2022-blake3-aes-128-gcm",
"password": "F7cx1ASHX/eqQwed+pISzw==:CB8sXcYLzf1P5dUizIzYVg==",
"udp_over_tcp": true,
"multiplex": {
"enabled": false,
"max_connections": 4,
"min_streams": 4,
"max_streams": 0
}
},
{
"type": "shadowtls",
"tag": "Shadowsocks-ShadowTLS",
"server": "***.***.***.***",
"server_port": *****,
"version": 3,
"password": "************",
"tls": {
"enabled": true,
"server_name": "something.example.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
},
{
"type": "trojan",
"tag": "Trojan-GRPC-out",
"server": "***.***.***.***",
"server_port": *****,
"password": "************",
"transport": {
"type": "grpc",
"service_name": "************"
},
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yours.example.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
},
{
"type": "trojan",
"tag": "WebSocket-out",
"server": "***.***.***.***",
"server_port": *****,
"password": "************",
"transport": {
"type": "ws",
"path": "/************",
"early_data_header_name": "Sec-WebSocket-Protocol"
},
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yours.example.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
},
"multiplex": {
"enabled": true,
"max_connections": 4,
"min_streams": 4,
"max_streams": 0
}
},
{
"type": "hysteria",
"tag": "Hysteria-out",
"server": "***.***.***.***",
"server_port": *****,
"up_mbps": 100,
"down_mbps": ,
"obfs": "************",
"auth_str": "************",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yours.example.org",
"alpn": [
"h3"
]
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"path": "/tmp/geoip.db",
"download_url": "https://github.com/1715173329/sing-geoip/releases/latest/download/geoip.db",
"download_detour": ""
},
"geosite": {
"path": "/tmp/geosite.db",
"download_url": "https://github.com/1715173329/sing-geosite/releases/latest/download/geosite.db",
"download_detour": ""
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"protocol": "quic",
"outbound": "block"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"geoip": [
"telegram"
],
"outbound": "Trojan-GRPC-out"
},
{
"inbound": [
"SOCKS-in"
],
"outbound": "Proxy-out"
},
{
"geosite": "cn",
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
}
}

54
sing-box/files/sing-box.init Normal file
View File

@ -0,0 +1,54 @@
#!/bin/sh /etc/rc.common
#
# Copyright (C) 2022 by nekohasekai <contact-sagernet@sekai.icu>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
START=99
USE_PROCD=1
##### ONLY CHANGE THIS BLOCK ######
PROG=/usr/bin/sing-box # where is sing-box
RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists
CONF=./config.json # where is the config file, it can be a relative path to $RES_DIR
##### ONLY CHANGE THIS BLOCK ######
start_service() {
procd_open_instance
procd_set_param command $PROG run -D $RES_DIR -c $CONF
procd_set_param user root
procd_set_param limits core="unlimited"
procd_set_param limits nofile="1000000 1000000"
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}"
procd_close_instance
iptables -I FORWARD -o sb-tun+ -j ACCEPT
echo "sing-box is started!"
}
stop_service() {
service_stop $PROG
iptables -D FORWARD -o sb-tun+ -j ACCEPT
echo "sing-box is stopped!"
}
reload_service() {
stop
sleep 2s
echo "sing-box is restarted!"
start
}