Merge branch 'MetaCubeX:Alpha' into Alpha

MetaCubeX · Jan 9, 2025 · 15c2234 · 15c2234
2 parents 63f7182 + c7661d7
commit 15c2234
Show file tree

Hide file tree

Showing 315 changed files with 10,236 additions and 11,172 deletions.
diff --git a/.github/genReleaseNote.sh b/.github/genReleaseNote.sh
@@ -18,15 +18,15 @@ if [ -z "$version_range" ]; then
 fi
 
 echo "## What's Changed" > release.md
-git log --pretty=format:"* %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md
+git log --pretty=format:"* %h %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md
 echo "" >> release.md
 
 echo "## BUG & Fix" >> release.md
-git log --pretty=format:"* %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md
+git log --pretty=format:"* %h %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md
 echo "" >> release.md
 
 echo "## Maintenance" >> release.md
-git log --pretty=format:"* %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md
+git log --pretty=format:"* %h %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md
 echo "" >> release.md
 
-echo "**Full Changelog**: https://github.com/MetaCubeX/Clash.Meta/compare/$version_range" >> release.md
+echo "**Full Changelog**: https://github.com/MetaCubeX/mihomo/compare/$version_range" >> release.md
diff --git a/.github/mihomo.service b/.github/mihomo.service
@@ -6,8 +6,8 @@ After=network.target NetworkManager.service systemd-networkd.service iwd.service
 Type=simple
 LimitNPROC=500
 LimitNOFILE=1000000
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
 Restart=always
 ExecStartPre=/usr/bin/sleep 2s
 ExecStart=/usr/bin/mihomo -d /etc/mihomo

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,7 @@ WORKDIR /mihomo
 COPY bin/ bin/
 RUN FILE_NAME=`sh file-name.sh` && echo $FILE_NAME && \
     FILE_NAME=`ls bin/ | egrep "$FILE_NAME.gz"|awk NR==1` && echo $FILE_NAME && \
-    mv bin/$FILE_NAME mihomo.gz && gzip -d mihomo.gz && echo "$FILE_NAME" > /mihomo-config/test
+    mv bin/$FILE_NAME mihomo.gz && gzip -d mihomo.gz && chmod +x mihomo && echo "$FILE_NAME" > /mihomo-config/test
 FROM alpine:latest
 LABEL org.opencontainers.image.source="https://github.com/MetaCubeX/mihomo"
 
@@ -23,5 +23,4 @@ VOLUME ["/root/.config/mihomo/"]
 
 COPY --from=builder /mihomo-config/ /root/.config/mihomo/
 COPY --from=builder /mihomo/mihomo /mihomo
-RUN chmod +x /mihomo
 ENTRYPOINT [ "/mihomo" ]
diff --git a/Makefile b/Makefile
@@ -163,7 +163,3 @@ clean:
 CLANG ?= clang-14
 CFLAGS := -O2 -g -Wall -Werror $(CFLAGS)
 
-ebpf: export BPF_CLANG := $(CLANG)
-ebpf: export BPF_CFLAGS := $(CFLAGS)
-ebpf:
-	cd component/ebpf/ && go generate ./...
diff --git a/README.md b/README.md
@@ -98,4 +98,3 @@ API.
 
 This software is released under the GPL-3.0 license.
 
-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FMetaCubeX%2Fmihomo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FMetaCubeX%2Fmihomo?ref=badge_large)
diff --git a/adapter/adapter.go b/adapter/adapter.go
@@ -2,20 +2,24 @@ package adapter
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net"
 	"net/http"
 	"net/netip"
 	"net/url"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/metacubex/mihomo/common/atomic"
 	"github.com/metacubex/mihomo/common/queue"
 	"github.com/metacubex/mihomo/common/utils"
+	"github.com/metacubex/mihomo/component/ca"
 	"github.com/metacubex/mihomo/component/dialer"
 	C "github.com/metacubex/mihomo/constant"
+	"github.com/metacubex/mihomo/log"
 	"github.com/puzpuzpuz/xsync/v3"
 )
 
@@ -37,6 +41,11 @@ type Proxy struct {
 	extra   *xsync.MapOf[string, *internalProxyState]
 }
 
+// Adapter implements C.Proxy
+func (p *Proxy) Adapter() C.ProxyAdapter {
+	return p.ProxyAdapter
+}
+
 // AliveForTestUrl implements C.Proxy
 func (p *Proxy) AliveForTestUrl(url string) bool {
 	if state, ok := p.extra.Load(url); ok {
@@ -154,8 +163,17 @@ func (p *Proxy) MarshalJSON() ([]byte, error) {
 	mapping["alive"] = p.alive.Load()
 	mapping["name"] = p.Name()
 	mapping["udp"] = p.SupportUDP()
-	mapping["xudp"] = p.SupportXUDP()
-	mapping["tfo"] = p.SupportTFO()
+	mapping["uot"] = p.SupportUOT()
+
+	proxyInfo := p.ProxyInfo()
+	mapping["xudp"] = proxyInfo.XUDP
+	mapping["tfo"] = proxyInfo.TFO
+	mapping["mptcp"] = proxyInfo.MPTCP
+	mapping["smux"] = proxyInfo.SMUX
+	mapping["interface"] = proxyInfo.Interface
+	mapping["dialer-proxy"] = proxyInfo.DialerProxy
+	mapping["routing-mark"] = proxyInfo.RoutingMark
+
 	return json.Marshal(mapping)
 }
 
@@ -230,6 +248,7 @@ func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.In
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
+		TLSClientConfig:       ca.GetGlobalTLSConfig(&tls.Config{}),
 	}
 
 	client := http.Client{
@@ -252,10 +271,18 @@ func (p *Proxy) URLTest(ctx context.Context, url string, expectedStatus utils.In
 
 	if unifiedDelay {
 		second := time.Now()
-		resp, err = client.Do(req)
-		if err == nil {
+		var ignoredErr error
+		var secondResp *http.Response
+		secondResp, ignoredErr = client.Do(req)
+		if ignoredErr == nil {
+			resp = secondResp
 			_ = resp.Body.Close()
 			start = second
+		} else {
+			if strings.HasPrefix(url, "http://") {
+				log.Errorln("%s failed to get the second response from %s: %v", p.Name(), url, ignoredErr)
+				log.Warnln("It is recommended to use HTTPS for provider.health-check.url and group.url to ensure better reliability. Due to some proxy providers hijacking test addresses and not being compatible with repeated HEAD requests, using HTTP may result in failed tests.")
+			}
 		}
 	}
 

diff --git a/adapter/inbound/addition.go b/adapter/inbound/addition.go
@@ -47,7 +47,7 @@ func WithDstAddr(addr net.Addr) Addition {
 func WithSrcAddr(addr net.Addr) Addition {
 	return func(metadata *C.Metadata) {
 		m := C.Metadata{}
-		if err := m.SetRemoteAddr(addr);err ==nil{
+		if err := m.SetRemoteAddr(addr); err == nil {
 			metadata.SrcIP = m.DstIP
 			metadata.SrcPort = m.DstPort
 		}
@@ -57,7 +57,7 @@ func WithSrcAddr(addr net.Addr) Addition {
 func WithInAddr(addr net.Addr) Addition {
 	return func(metadata *C.Metadata) {
 		m := C.Metadata{}
-		if err := m.SetRemoteAddr(addr);err ==nil{
+		if err := m.SetRemoteAddr(addr); err == nil {
 			metadata.InIP = m.DstIP
 			metadata.InPort = m.DstPort
 		}
@@ -69,3 +69,5 @@ func WithDSCP(dscp uint8) Addition {
 		metadata.DSCP = dscp
 	}
 }
+
+func Placeholder(metadata *C.Metadata) {}
diff --git a/adapter/inbound/auth.go b/adapter/inbound/auth.go
@@ -34,12 +34,5 @@ func SkipAuthRemoteAddress(addr string) bool {
 }
 
 func skipAuth(addr netip.Addr) bool {
-	if addr.IsValid() {
-		for _, prefix := range skipAuthPrefixes {
-			if prefix.Contains(addr.Unmap()) {
-				return true
-			}
-		}
-	}
-	return false
+	return prefixesContains(skipAuthPrefixes, addr)
 }
diff --git a/adapter/inbound/http.go b/adapter/inbound/http.go
@@ -14,7 +14,7 @@ func NewHTTP(target socks5.Addr, srcConn net.Conn, conn net.Conn, additions ...A
 	metadata.Type = C.HTTP
 	metadata.RawSrcAddr = srcConn.RemoteAddr()
 	metadata.RawDstAddr = srcConn.LocalAddr()
-	ApplyAdditions(metadata, WithSrcAddr(srcConn.RemoteAddr()), WithInAddr(conn.LocalAddr()))
+	ApplyAdditions(metadata, WithSrcAddr(srcConn.RemoteAddr()), WithInAddr(srcConn.LocalAddr()))
 	ApplyAdditions(metadata, additions...)
 	return conn, metadata
 }
diff --git a/adapter/inbound/https.go b/adapter/inbound/https.go
@@ -11,6 +11,8 @@ import (
 func NewHTTPS(request *http.Request, conn net.Conn, additions ...Addition) (net.Conn, *C.Metadata) {
 	metadata := parseHTTPAddr(request)
 	metadata.Type = C.HTTPS
+	metadata.RawSrcAddr = conn.RemoteAddr()
+	metadata.RawDstAddr = conn.LocalAddr()
 	ApplyAdditions(metadata, WithSrcAddr(conn.RemoteAddr()), WithInAddr(conn.LocalAddr()))
 	ApplyAdditions(metadata, additions...)
 	return conn, metadata

diff --git a/adapter/inbound/ipfilter.go b/adapter/inbound/ipfilter.go
@@ -31,27 +31,17 @@ func IsRemoteAddrDisAllowed(addr net.Addr) bool {
 	if err := m.SetRemoteAddr(addr); err != nil {
 		return false
 	}
-	return isAllowed(m.AddrPort().Addr().Unmap()) && !isDisAllowed(m.AddrPort().Addr().Unmap())
+	ipAddr := m.AddrPort().Addr()
+	if ipAddr.IsValid() {
+		return isAllowed(ipAddr) && !isDisAllowed(ipAddr)
+	}
+	return false
 }
 
 func isAllowed(addr netip.Addr) bool {
-	if addr.IsValid() {
-		for _, prefix := range lanAllowedIPs {
-			if prefix.Contains(addr) {
-				return true
-			}
-		}
-	}
-	return false
+	return prefixesContains(lanAllowedIPs, addr)
 }
 
 func isDisAllowed(addr netip.Addr) bool {
-	if addr.IsValid() {
-		for _, prefix := range lanDisAllowedIPs {
-			if prefix.Contains(addr) {
-				return true
-			}
-		}
-	}
-	return false
+	return prefixesContains(lanDisAllowedIPs, addr)
 }
diff --git a/adapter/inbound/listen.go b/adapter/inbound/listen.go
@@ -2,7 +2,12 @@ package inbound
 
 import (
 	"context"
+	"fmt"
 	"net"
+	"net/netip"
+	"sync"
+
+	"github.com/metacubex/mihomo/component/keepalive"
 
 	"github.com/metacubex/tfo-go"
 )
@@ -11,20 +16,68 @@ var (
 	lc = tfo.ListenConfig{
 		DisableTFO: true,
 	}
+	mutex sync.RWMutex
 )
 
 func SetTfo(open bool) {
+	mutex.Lock()
+	defer mutex.Unlock()
 	lc.DisableTFO = !open
 }
 
+func Tfo() bool {
+	mutex.RLock()
+	defer mutex.RUnlock()
+	return !lc.DisableTFO
+}
+
 func SetMPTCP(open bool) {
+	mutex.Lock()
+	defer mutex.Unlock()
 	setMultiPathTCP(&lc.ListenConfig, open)
 }
 
+func MPTCP() bool {
+	mutex.RLock()
+	defer mutex.RUnlock()
+	return getMultiPathTCP(&lc.ListenConfig)
+}
+
 func ListenContext(ctx context.Context, network, address string) (net.Listener, error) {
+	switch network { // like net.Resolver.internetAddrList but filter domain to avoid call net.Resolver.lookupIPAddr
+	case "tcp", "tcp4", "tcp6", "udp", "udp4", "udp6", "ip", "ip4", "ip6":
+		if host, port, err := net.SplitHostPort(address); err == nil {
+			switch host {
+			case "localhost":
+				switch network {
+				case "tcp6", "udp6", "ip6":
+					address = net.JoinHostPort("::1", port)
+				default:
+					address = net.JoinHostPort("127.0.0.1", port)
+				}
+			case "": // internetAddrList can handle this special case
+				break
+			default:
+				if _, err := netip.ParseAddr(host); err != nil { // not ip
+					return nil, fmt.Errorf("invalid network address: %s", address)
+				}
+			}
+		}
+	}
+
+	mutex.RLock()
+	defer mutex.RUnlock()
 	return lc.Listen(ctx, network, address)
 }
 
 func Listen(network, address string) (net.Listener, error) {
 	return ListenContext(context.Background(), network, address)
 }
+
+func init() {
+	keepalive.SetDisableKeepAliveCallback.Register(func(b bool) {
+		mutex.Lock()
+		defer mutex.Unlock()
+		keepalive.SetNetListenConfig(&lc.ListenConfig)
+	})
+}
diff --git a/adapter/inbound/listen_notwindows.go b/adapter/inbound/listen_notwindows.go
@@ -0,0 +1,14 @@
+//go:build !windows
+
+package inbound
+
+import (
+	"net"
+	"os"
+)
+
+const SupportNamedPipe = false
+
+func ListenNamedPipe(path string) (net.Listener, error) {
+	return nil, os.ErrInvalid
+}
diff --git a/adapter/inbound/listen_windows.go b/adapter/inbound/listen_windows.go
@@ -0,0 +1,32 @@
+package inbound
+
+import (
+	"net"
+	"os"
+
+	"github.com/metacubex/wireguard-go/ipc/namedpipe"
+	"golang.org/x/sys/windows"
+)
+
+const SupportNamedPipe = true
+
+// windowsSDDL is the Security Descriptor set on the namedpipe.
+// It provides read/write access to all users and the local system.
+const windowsSDDL = "D:PAI(A;OICI;GWGR;;;BU)(A;OICI;GWGR;;;SY)"
+
+func ListenNamedPipe(path string) (net.Listener, error) {
+	sddl := os.Getenv("LISTEN_NAMEDPIPE_SDDL")
+	if sddl == "" {
+		sddl = windowsSDDL
+	}
+	securityDescriptor, err := windows.SecurityDescriptorFromString(sddl)
+	if err != nil {
+		return nil, err
+	}
+	namedpipeLC := namedpipe.ListenConfig{
+		SecurityDescriptor: securityDescriptor,
+		InputBufferSize:    256 * 1024,
+		OutputBufferSize:   256 * 1024,
+	}
+	return namedpipeLC.Listen(path)
+}
diff --git a/adapter/inbound/mptcp_go120.go b/adapter/inbound/mptcp_go120.go
@@ -8,3 +8,7 @@ const multipathTCPAvailable = false
 
 func setMultiPathTCP(listenConfig *net.ListenConfig, open bool) {
 }
+
+func getMultiPathTCP(listenConfig *net.ListenConfig) bool {
+	return false
+}
diff --git a/adapter/inbound/mptcp_go121.go b/adapter/inbound/mptcp_go121.go
@@ -9,3 +9,7 @@ const multipathTCPAvailable = true
 func setMultiPathTCP(listenConfig *net.ListenConfig, open bool) {
 	listenConfig.SetMultipathTCP(open)
 }
+
+func getMultiPathTCP(listenConfig *net.ListenConfig) bool {
+	return listenConfig.MultipathTCP()
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -98,4 +98,3 @@ API.

		This software is released under the GPL-3.0 license.

		[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FMetaCubeX%2Fmihomo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FMetaCubeX%2Fmihomo?ref=badge_large)