zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sing-box: sync from immortalwrt/packages

Browse Source
This commit is contained in:
sbwml 2023-10-04 14:26:07 +08:00
parent 6c0a9491f5
commit e3c04bae81
4 changed files with 142 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

214
sing-box/Makefile
View File

@ -1,7 +1,6 @@
# SPDX-License-Identifier: GPL-3.0-only
# #
# This is free software, licensed under the GNU General Public License v3. # Copyright (C) 2022-2023 ImmortalWrt.org
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
@ -15,141 +14,140 @@ PKG_HASH:=73a230d04bd2b20198b8fed5df674fe6507719044edffcb6c8859ed63cb02faa
PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_CONFIG_DEPENDS:= \
CONFIG_SING_BOX_BUILD_ACME \
CONFIG_SING_BOX_BUILD_CLASH_API \
CONFIG_SING_BOX_BUILD_DHCP \
CONFIG_SING_BOX_BUILD_ECH \
CONFIG_SING_BOX_BUILD_EMBEDDED_TOR \
CONFIG_SING_BOX_BUILD_GRPC \
CONFIG_SING_BOX_BUILD_GVISOR \
CONFIG_SING_BOX_BUILD_LWIP \
CONFIG_SING_BOX_BUILD_QUIC \
CONFIG_SING_BOX_BUILD_REALITY_SERVER \
CONFIG_SING_BOX_BUILD_SHADOWSOCKSR \
CONFIG_SING_BOX_BUILD_UTLS \
CONFIG_SING_BOX_BUILD_V2RAY_API \
CONFIG_SING_BOX_BUILD_WIREGUARD
PKG_BUILD_DEPENDS:=golang/host PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
PKG_BUILD_FLAGS:=no-mips16 PKG_BUILD_FLAGS:=no-mips16
GO_PKG:=github.com/sagernet/sing-box GO_PKG:=github.com/sagernet/sing-box
GO_PKG_BUILD_PKG:=$(GO_PKG)/cmd/sing-box GO_PKG_BUILD_PKG:=$(GO_PKG)/cmd/sing-box
GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=v$(PKG_VERSION) GO_PKG_LDFLAGS_X:=$(GO_PKG)/constant.Version=$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk
define Package/$(PKG_NAME) define Package/sing-box
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network
SUBMENU:=Web Servers/Proxies SUBMENU:=Web Servers/Proxies
TITLE:=The universal proxy platform. TITLE:=The universal proxy platform
URL:=https://sing-box.sagernet.org URL:=https://sing-box.sagernet.org/
DEPENDS:=$(GO_ARCH_DEPENDS) \ DEPENDS:=$(GO_ARCH_DEPENDS) \
+ca-bundle \ +ca-bundle \
+kmod-inet-diag \ +kmod-inet-diag \
+kmod-netlink-diag \ +kmod-netlink-diag \
+kmod-tun +(SING_BOX_BUILD_GVISOR||SING_BOX_BUILD_LWIP):kmod-tun
USERID:=sing-box=5566:sing-box=5566
endef endef
define Package/$(PKG_NAME)/description define Package/sing-box/config
Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks, if PACKAGE_sing-box
ShadowsocksR, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on. config SING_BOX_BUILD_ACME
bool "Build with ACME TLS certificate issuer support"
config SING_BOX_BUILD_CLASH_API
bool "Build with Clash API support"
default y
config SING_BOX_BUILD_DHCP
bool "Build with DHCP support"
config SING_BOX_BUILD_ECH
bool "Build with TLS ECH extension support"
config SING_BOX_BUILD_EMBEDDED_TOR
bool "Build with embedded Tor support"
config SING_BOX_BUILD_GRPC
bool "Build with standard gPRC support"
help
Standard gRPC has good compatibility but poor performance.
config SING_BOX_BUILD_GVISOR
bool "Build with gVisor support"
default y
config SING_BOX_BUILD_LWIP
bool "Build with LWIP Tun stack support"
config SING_BOX_BUILD_QUIC
bool "Build with QUIC support"
default y
help
Required by HTTP3 DNS transports, Naive inbound,
Hysteria inbound / outbound, and v2ray QUIC transport.
config SING_BOX_BUILD_REALITY_SERVER
bool "Build with REALITY TLS server support"
config SING_BOX_BUILD_SHADOWSOCKSR
bool "Build with ShadowsockR support"
default y
help
It will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
config SING_BOX_BUILD_UTLS
bool "Build with uTLS support"
default y
config SING_BOX_BUILD_V2RAY_API
bool "Build with V2Ray API support"
config SING_BOX_BUILD_WIREGUARD
bool "Build with WireGuard support"
default y
endif
endef endef
GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=0
define Package/$(PKG_NAME)/config
menu "Customizing build tags"
depends on PACKAGE_sing-box
config SING_BOX_WITH_ACME
bool "Build with ACME TLS certificate issuer support"
default n
config SING_BOX_WITH_CLASH_API
bool "Build with Clash API support (EXPERIMENTAL!!!)"
default y
config SING_BOX_WITH_DHCP
bool "Build with DHCP support"
default y
config SING_BOX_WITH_ECH
bool "Build with TLS ECH extension support"
default y
config SING_BOX_WITH_GRPC
bool "Build with standard gRPC support"
default n
help
sing-box has better performance gun-lite gRPC built-in by default.
This standard gRPC has better compatibility but poor performance.
config SING_BOX_WITH_GVISOR
bool "Build with gVisor support"
default n
config SING_BOX_WITH_QUIC
bool "Build with QUIC support"
default y
help
Required by HTTP3 DNS transports, Naive inbound,
Hysteria inbound / outbound, and v2ray QUIC transport.
config SING_BOX_WITH_REALITY_SERVER
bool "Build with reality TLS server support"
default n
config SING_BOX_WITH_SHADOWSOCKSR
bool "Build with ShadowsockR support"
default n
config SING_BOX_WITH_UTLS
bool "Build with uTLS support"
default y
config SING_BOX_WITH_V2RAY_API
bool "Build with V2Ray API support (EXPERIMENTAL!!!)"
default n
config SING_BOX_WITH_WIREGUARD
bool "Build with WireGuard support"
default y
endmenu
endef
PKG_CONFIG_DEPENDS:= \
CONFIG_SING_BOX_WITH_ACME \
CONFIG_SING_BOX_WITH_CLASH_API \
CONFIG_SING_BOX_WITH_DHCP \
CONFIG_SING_BOX_WITH_ECH \
CONFIG_SING_BOX_WITH_GRPC \
CONFIG_SING_BOX_WITH_GVISOR \
CONFIG_SING_BOX_WITH_QUIC \
CONFIG_SING_BOX_WITH_REALITY_SERVER \
CONFIG_SING_BOX_WITH_SHADOWSOCKSR \
CONFIG_SING_BOX_WITH_UTLS \
CONFIG_SING_BOX_WITH_V2RAY_API \
CONFIG_SING_BOX_WITH_WIREGUARD
GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \
$(if $(CONFIG_SING_BOX_WITH_ACME),with_acme) \ $(if $(CONFIG_SING_BOX_BUILD_ACME),with_acme) \
$(if $(CONFIG_SING_BOX_WITH_CLASH_API),with_clash_api) \ $(if $(CONFIG_SING_BOX_BUILD_CLASH_API),with_clash_api) \
$(if $(CONFIG_SING_BOX_WITH_DHCP),with_dhcp) \ $(if $(CONFIG_SING_BOX_BUILD_DHCP),with_dhcp) \
$(if $(CONFIG_SING_BOX_WITH_ECH),with_ech) \ $(if $(CONFIG_SING_BOX_BUILD_ECH),with_ech) \
$(if $(CONFIG_SING_BOX_WITH_GRPC),with_grpc) \ $(if $(CONFIG_SING_BOX_BUILD_EMBEDDED_TOR),with_embedded_tor) \
$(if $(CONFIG_SING_BOX_WITH_GVISOR),with_gvisor) \ $(if $(CONFIG_SING_BOX_BUILD_GRPC),with_grpc) \
$(if $(CONFIG_SING_BOX_WITH_QUIC),with_quic) \ $(if $(CONFIG_SING_BOX_BUILD_GVISOR),with_gvisor) \
$(if $(CONFIG_SING_BOX_WITH_REALITY_SERVER),with_reality_server) \ $(if $(CONFIG_SING_BOX_BUILD_LWIP),with_lwip) \
$(if $(CONFIG_SING_BOX_WITH_SHADOWSOCKSR),with_shadowsocksr) \ $(if $(CONFIG_SING_BOX_BUILD_QUIC),with_quic) \
$(if $(CONFIG_SING_BOX_WITH_UTLS),with_utls) \ $(if $(CONFIG_SING_BOX_BUILD_REALITY_SERVER),with_reality_server) \
$(if $(CONFIG_SING_BOX_WITH_V2RAY_API),with_v2ray_api) \ $(if $(CONFIG_SING_BOX_BUILD_SHADOWSOCKSR),with_shadowsocksr) \
$(if $(CONFIG_SING_BOX_WITH_WIREGUARD),with_wireguard) \ $(if $(CONFIG_SING_BOX_BUILD_UTLS),with_utls) \
$(if $(CONFIG_SING_BOX_BUILD_V2RAY_API),with_v2ray_api) \
$(if $(CONFIG_SING_BOX_BUILD_WIREGUARD),with_wireguard) \
)) ))
define Package/$(PKG_NAME)/conffiles define Package/sing-box/conffiles
/etc/sing-box/config.json /etc/config/sing-box
/etc/sing-box/
endef endef
define Package/$(PKG_NAME)/install define Package/sing-box/install
$(call GoPackage/Package/Install/Bin,$(1)) $(call GoPackage/Package/Install/Bin,$(1))
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box
$(INSTALL_DIR) $(1)/etc/sing-box $(INSTALL_DIR) $(1)/etc/sing-box
$(INSTALL_DATA) ./files/config.json.example $(1)/etc/sing-box/config.json.example $(INSTALL_DATA) $(PKG_BUILD_DIR)/release/config/config.json $(1)/etc/sing-box
$(INSTALL_DIR) $(1)/etc/config/
$(INSTALL_CONF) ./files/sing-box.conf $(1)/etc/config/sing-box
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box
endef endef
$(eval $(call GoBinPackage,sing-box)) $(eval $(call GoBinPackage,sing-box))

296
sing-box/files/config.json.example
View File

@ -1,296 +0,0 @@
{
"log": {
"disabled": false,
"level": "warn",
"output": "/tmp/sing-box.log",
"timestamp": true
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui": "",
"secret": "********",
"default_mode": "rule",
"store_selected": true,
"cache_file": "cache.db"
}
},
"dns": {
"servers": [
{
"tag": "foreign",
"address": "https://1.1.1.1/dns-query"
},
{
"tag": "local",
"address": "tls://1.12.12.12",
"detour": "direct"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"domain": "mydomain.com",
"geosite": "cn",
"server": "local"
}
],
"strategy": "ipv4_only"
},
"ntp": {
"enabled": false,
"server": "ntp.aliyun.com",
"server_port": 123,
"interval": "30m",
"detour": "direct"
},
"inbounds": [
{
"type": "tun",
"tag": "TUN-in",
"interface_name": "sb-tun0",
"inet4_address": "172.19.0.1/30",
"auto_route": false,
"endpoint_independent_nat": true,
"stack": "system",
"sniff": true
},
{
"type": "mixed",
"tag": "SOCKS-in",
"listen": "::",
"listen_port": *****
},
{
"type": "redirect",
"tag": "REDIRECT-in",
"listen": "::",
"listen_port": *****,
"sniff": true
},
{
"type": "tproxy",
"tag": "TPROXY-in",
"listen": "::",
"listen_port": *****,
"sniff": true
},
{
"type": "direct",
"tag": "DNS-in",
"listen": "::",
"listen_port": *****,
"network": "udp",
"sniff": true
},
{
"type": "shadowsocks",
"tag": "SS-in",
"listen": "::",
"listen_port": *****,
"sniff": true,
"method": "2022-blake3-aes-128-gcm",
"password": "bZzjl2DAXUs02L2Sosgu7A==",
"users": [
{
"name": "User1",
"password": "SGEFjWc+VgNGBXe1JhoRfg=="
},
{
"name": "User2",
"password": "XoXhbj4V9cMXfuUXF/C+cg=="
}
]
}
],
"outbounds": [
{
"type": "selector",
"tag": "Proxy-out",
"outbounds": [
"URL-Test",
"direct",
"Shadowsocks-ShadowTLS-out",
"Trojan-GRPC-out",
"Trojan-WebSocket-out",
"Hysteria-out"
],
"default": "URL-Test"
},
{
"type": "urltest",
"tag": "URL-Test",
"outbounds": [
"Shadowsocks-ShadowTLS-out",
"Trojan-GRPC-out",
"Trojan-WebSocket-out",
"Hysteria-out"
],
"url": "https://cp.cloudflare.com",
"interval": "1m",
"tolerance": 50
},
{
"type": "shadowsocks",
"tag": "Shadowsocks-ShadowTLS-out",
"detour": "Shadowsocks-ShadowTLS",
"method": "2022-blake3-aes-128-gcm",
"password": "F7cx1ASHX/eqQwed+pISzw==:CB8sXcYLzf1P5dUizIzYVg==",
"udp_over_tcp": true,
"multiplex": {
"enabled": false,
"max_connections": 4,
"min_streams": 4,
"max_streams": 0
}
},
{
"type": "shadowtls",
"tag": "Shadowsocks-ShadowTLS",
"server": "***.***.***.***",
"server_port": *****,
"version": 3,
"password": "************",
"tls": {
"enabled": true,
"server_name": "something.example.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
},
{
"type": "trojan",
"tag": "Trojan-GRPC-out",
"server": "***.***.***.***",
"server_port": *****,
"password": "************",
"transport": {
"type": "grpc",
"service_name": "************"
},
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yours.example.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
}
},
{
"type": "trojan",
"tag": "WebSocket-out",
"server": "***.***.***.***",
"server_port": *****,
"password": "************",
"transport": {
"type": "ws",
"path": "/************",
"early_data_header_name": "Sec-WebSocket-Protocol"
},
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yours.example.org",
"utls": {
"enabled": true,
"fingerprint": "chrome"
}
},
"multiplex": {
"enabled": true,
"max_connections": 4,
"min_streams": 4,
"max_streams": 0
}
},
{
"type": "hysteria",
"tag": "Hysteria-out",
"server": "***.***.***.***",
"server_port": *****,
"up_mbps": 100,
"down_mbps": ,
"obfs": "************",
"auth_str": "************",
"tls": {
"enabled": true,
"disable_sni": false,
"server_name": "yours.example.org",
"alpn": [
"h3"
]
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"geoip": {
"path": "/tmp/geoip.db",
"download_url": "https://github.com/1715173329/sing-geoip/releases/latest/download/geoip.db",
"download_detour": ""
},
"geosite": {
"path": "/tmp/geosite.db",
"download_url": "https://github.com/1715173329/sing-geosite/releases/latest/download/geosite.db",
"download_detour": ""
},
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"protocol": "quic",
"outbound": "block"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"geoip": [
"telegram"
],
"outbound": "Trojan-GRPC-out"
},
{
"inbound": [
"SOCKS-in"
],
"outbound": "Proxy-out"
},
{
"geosite": "cn",
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
"auto_detect_interface": true
}
}

7
sing-box/files/sing-box.conf Normal file
View File

@ -0,0 +1,7 @@
config sing-box 'main'
option enabled '0'
option user 'sing-box'
option conffile '/etc/sing-box/config.json'
option workdir '/usr/share/sing-box'

73
sing-box/files/sing-box.init
View File

@ -1,54 +1,39 @@
#!/bin/sh /etc/rc.common #!/bin/sh /etc/rc.common
#
# Copyright (C) 2022 by nekohasekai <contact-sagernet@sekai.icu>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
START=99
USE_PROCD=1 USE_PROCD=1
START=99
##### ONLY CHANGE THIS BLOCK ###### NAME="sing-box"
PROG=/usr/bin/sing-box # where is sing-box PROG="/usr/bin/sing-box"
RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists
CONF=./config.json # where is the config file, it can be a relative path to $RES_DIR
##### ONLY CHANGE THIS BLOCK ######
start_service() { start_service() {
procd_open_instance config_load "$NAME"
procd_set_param command $PROG run -D $RES_DIR -c $CONF
procd_set_param user root local enabled user group conffile workdir
procd_set_param limits core="unlimited" config_get_bool enabled "main" "enabled" "0"
procd_set_param limits nofile="1000000 1000000" [ "$enabled" -eq "1" ] || return 0
procd_set_param stdout 1
procd_set_param stderr 1 config_get user "main" "user" "root"
procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}" config_get conffile "main" "conffile"
procd_close_instance config_get workdir "main" "workdir" "/usr/share/sing-box"
iptables -I FORWARD -o sb-tun+ -j ACCEPT
echo "sing-box is started!" mkdir -p "$workdir"
local group="$(id -ng $user)"
chown $user:$group "$workdir"
procd_open_instance "$NAME.main"
procd_set_param command "$PROG" run -c "$conffile" -D "$workdir"
# Use root user if you want to use the TUN mode.
procd_set_param user "$user"
procd_set_param file "$conffile"
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param respawn
procd_close_instance
} }
stop_service() { service_triggers() {
service_stop $PROG procd_add_reload_trigger "$NAME"
iptables -D FORWARD -o sb-tun+ -j ACCEPT
echo "sing-box is stopped!"
}
reload_service() {
stop
sleep 2s
echo "sing-box is restarted!"
start
} }