From 5489e2f47bda032bc137c6fba6ce749d7cb8a16d Mon Sep 17 00:00:00 2001 From: Gzxhwq Date: Wed, 19 Oct 2022 15:07:14 +0800 Subject: [PATCH] sing-box: update to 1.1-beta10 (#2152) Update to v1.1-beta10. Add more config example. Sync Makefile changes from ImmortalWrt. --- sing-box/Makefile | 98 +++++++++------- sing-box/files/config.json.example | 172 +++++++++++++++++++++++++++-- 2 files changed, 218 insertions(+), 52 deletions(-) diff --git a/sing-box/Makefile b/sing-box/Makefile index 5be1519..1ce27e3 100644 --- a/sing-box/Makefile +++ b/sing-box/Makefile @@ -6,26 +6,27 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.1-beta9 +PKG_VERSION:=1.1-beta10 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=de8400e50dd73d67f4c699a9ecaffb83fc0735431967680946424249b6d5d958 +PKG_HASH:=f6230c395e63a2e9919230df2f721290ba1380dfc0a9a2ae12c78f961bcd2916 PKG_LICENSE:=GPL-3.0 PKG_LICENSE_FILE:=LICENSE PKG_CONFIG_DEPENDS:= \ - CONFIG_TAG_$(PKG_NAME)_ACME \ - CONFIG_TAG_$(PKG_NAME)_CLASH_API \ - CONFIG_TAG_$(PKG_NAME)_ECH \ - CONFIG_TAG_$(PKG_NAME)_GVISOR \ - CONFIG_TAG_$(PKG_NAME)_GRPC \ - CONFIG_TAG_$(PKG_NAME)_QUIC \ - CONFIG_TAG_$(PKG_NAME)_SHADOWSOCKSR \ - CONFIG_TAG_$(PKG_NAME)_UTLS \ - CONFIG_TAG_$(PKG_NAME)_WIREGUARD + CONFIG_SING_BOX_BUILD_ACME \ + CONFIG_SING_BOX_BUILD_CLASH_API \ + CONFIG_SING_BOX_BUILD_ECH \ + CONFIG_SING_BOX_BUILD_GVISOR \ + CONFIG_SING_BOX_BUILD_GRPC \ + CONFIG_SING_BOX_BUILD_QUIC \ + CONFIG_SING_BOX_BUILD_SHADOWSOCKSR \ + CONFIG_SING_BOX_BUILD_UTLS \ + CONFIG_SING_BOX_BUILD_V2RAY_API \ + CONFIG_SING_BOX_BUILD_WIREGUARD PKG_BUILD_DEPENDS:=golang/host PKG_BUILD_PARALLEL:=1 @@ -44,7 +45,11 @@ define Package/$(PKG_NAME) SUBMENU:=Web Servers/Proxies TITLE:=The universal proxy platform. URL:=https://sing-box.sagernet.org - DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +kmod-tun + DEPENDS:=$(GO_ARCH_DEPENDS) \ + +ca-bundle \ + +kmod-inet-diag \ + +kmod-netlink-diag \ + +kmod-tun endef GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=0 @@ -52,76 +57,87 @@ GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLE define Package/$(PKG_NAME)/config menu "Customizing build tags" - config TAG_$(PKG_NAME)_ACME + config SING_BOX_BUILD_ACME bool "Build with ACME TLS certificate issuer support" default n - config TAG_$(PKG_NAME)_CLASH_API + config SING_BOX_BUILD_CLASH_API bool "Build with Clash API support (EXPERIMENTAL!!!)" default y - config TAG_$(PKG_NAME)_ECH + config SING_BOX_BUILD_ECH bool "Build with TLS ECH extension support" default n - config TAG_$(PKG_NAME)_GRPC + config SING_BOX_BUILD_GRPC bool "Build with standard gRPC support" default n + help + sing-box has better performance gun-lite gRPC built-in by default. + This standard gRPC has better compatibility but poor performance. - config TAG_$(PKG_NAME)_GVISOR + config SING_BOX_BUILD_GVISOR bool "Build with gVisor support" default n - config TAG_$(PKG_NAME)_QUIC + config SING_BOX_BUILD_QUIC bool "Build with QUIC support" default y help Required by HTTP3 DNS transports, Naive inbound, Hysteria inbound / outbound, and v2ray QUIC transport. - config TAG_$(PKG_NAME)_SHADOWSOCKSR + config SING_BOX_BUILD_SHADOWSOCKSR bool "Build with ShadowsockR support" default n - config TAG_$(PKG_NAME)_UTLS + config SING_BOX_BUILD_UTLS bool "Build with uTLS support" default y - config TAG_$(PKG_NAME)_WIREGUARD + config SING_BOX_BUILD_V2RAY_API + bool "Build with V2Ray API support (EXPERIMENTAL!!!)" + default n + + config SING_BOX_BUILD_WIREGUARD bool "Build with WireGuard support" default y endmenu endef -ifneq ($(CONFIG_TAG_$(PKG_NAME)_ACME),) - GO_PKG_TAGS+=with_acme +PKG_BUILD_TAGS:= +ifneq ($(CONFIG_SING_BOX_BUILD_ACME),) + PKG_BUILD_TAGS+=with_acme endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_CLASH_API),) - GO_PKG_TAGS+=with_clash_api +ifneq ($(CONFIG_SING_BOX_BUILD_CLASH_API),) + PKG_BUILD_TAGS+=with_clash_api endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_ECH),) - GO_PKG_TAGS+=with_ech +ifneq ($(CONFIG_SING_BOX_BUILD_ECH),) + PKG_BUILD_TAGS+=with_ech endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_GRPC),) - GO_PKG_TAGS+=with_grpc +ifneq ($(CONFIG_SING_BOX_BUILD_GRPC),) + PKG_BUILD_TAGS+=with_grpc endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_GVISOR),) - GO_PKG_TAGS+=gvisor +ifneq ($(CONFIG_SING_BOX_BUILD_GVISOR),) + PKG_BUILD_TAGS+=with_gvisor endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_QUIC),) - GO_PKG_TAGS+=with_quic +ifneq ($(CONFIG_SING_BOX_BUILD_QUIC),) + PKG_BUILD_TAGS+=with_quic endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_SHADOWSOCKSR),) - GO_PKG_TAGS+=with_shadowsocksr +ifneq ($(CONFIG_SING_BOX_BUILD_SHADOWSOCKSR),) + PKG_BUILD_TAGS+=with_shadowsocksr endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_UTLS),) - GO_PKG_TAGS+=with_utls +ifneq ($(CONFIG_SING_BOX_BUILD_UTLS),) + PKG_BUILD_TAGS+=with_utls endif -ifneq ($(CONFIG_TAG_$(PKG_NAME)_WIREGUARD),) - GO_PKG_TAGS+=with_wireguard +ifneq ($(CONFIG_SING_BOX_BUILD_V2RAY_API),) + PKG_BUILD_TAGS+=with_v2ray_api endif -GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip $(GO_PKG_TAGS))) +ifneq ($(CONFIG_SING_BOX_BUILD_WIREGUARD),) + PKG_BUILD_TAGS+=with_wireguard +endif +GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip $(PKG_BUILD_TAGS))) define Package/$(PKG_NAME)/conffiles /etc/sing-box/config.json @@ -134,7 +150,7 @@ define Package/$(PKG_NAME)/install $(INSTALL_BIN) ./files/sing-box.init $(1)/etc/init.d/sing-box $(INSTALL_DIR) $(1)/etc/sing-box - $(INSTALL_DATA) ./files/config.json.example $(1)/etc/sing-box/config.json + $(INSTALL_DATA) ./files/config.json.example $(1)/etc/sing-box/config.json.example endef define Package/$(PKG_NAME)/postinst diff --git a/sing-box/files/config.json.example b/sing-box/files/config.json.example index d2c9b90..bfad863 100644 --- a/sing-box/files/config.json.example +++ b/sing-box/files/config.json.example @@ -1,4 +1,21 @@ { + "log": { + "disabled": false, + "level": "info", + "output": "/tmp/sing-box.log", + "timestamp": true + }, + "experimental": { + "clash_api": { + "external_controller": "0.0.0.0:9090", + "external_ui": "", + "secret": "********", + "direct_io": true, + "default_mode": "rule", + "store_selected": true, + "cache_file": "cache.db" + } + }, "dns": { "servers": [ { @@ -7,7 +24,7 @@ }, { "tag": "local", - "address": "223.5.5.5", + "address": "tls://1.12.12.12", "detour": "direct" } ], @@ -25,30 +42,151 @@ "type": "tun", "inet4_address": "172.19.0.1/30", "auto_route": true, - "endpoint_independent_nat": false, + "endpoint_independent_nat": true, + "stack": "system", "sniff": true + }, + { + "type": "mixed", + "tag": "SOCKS-in", + "listen": "::", + "listen_port": ***** + }, + { + "type": "shadowsocks", + "tag": "SS-in", + "listen": "::", + "listen_port": *****, + "sniff": true, + "method": "2022-blake3-aes-128-gcm", + "password": "bZzjl2DAXUs02L2Sosgu7A==", + "users": [ + { + "name": "User1", + "password": "SGEFjWc+VgNGBXe1JhoRfg==" + }, + { + "name": "User2", + "password": "XoXhbj4V9cMXfuUXF/C+cg==" + } + ] } ], "outbounds": [ + { + "type": "selector", + "tag": "Proxy-out", + "outbounds": [ + "URL-Test", + "direct", + "Shadowsocks-ShadowTLS-out", + "Trojan-GRPC-out", + "Trojan-WebSocket-out", + "Hysteria-out" + ], + "default": "URL-Test" + }, + { + "type": "urltest", + "tag": "URL-Test", + "outbounds": [ + "Shadowsocks-ShadowTLS-out", + "Trojan-GRPC-out", + "Trojan-WebSocket-out", + "Hysteria-out" + ], + "url": "http://www.gstatic.com/generate_204", + "interval": "1m", + "tolerance": 50 + }, { "type": "shadowsocks", - "detour": "shadowtls-out", + "tag": "Shadowsocks-ShadowTLS-out", + "detour": "Shadowsocks-ShadowTLS", "method": "2022-blake3-aes-128-gcm", - "password": "E0DUv25MROVey0ilkvgfvw==", + "password": "F7cx1ASHX/eqQwed+pISzw==:CB8sXcYLzf1P5dUizIzYVg==", "multiplex": { "enabled": true, "max_connections": 4, - "min_streams": 4 + "min_streams": 4, + "max_streams": 0 } }, { "type": "shadowtls", - "tag": "shadowtls-out", - "server": "88.88.88.88", - "server_port": 8888, + "tag": "Shadowsocks-ShadowTLS", + "server": "***.***.***.***", + "server_port": *****, + "version": 2, + "password": "************", "tls": { "enabled": true, - "server_name": "www.yahoo.com" + "server_name": "something.example.org" + } + }, + { + "type": "trojan", + "tag": "Trojan-GRPC-out", + "server": "***.***.***.***", + "server_port": *****, + "password": "************", + "transport": { + "type": "grpc", + "service_name": "************" + }, + "tls": { + "enabled": true, + "disable_sni": false, + "server_name": "yours.example.org", + "utls": { + "enabled": true, + "fingerprint": "chrome" + } + } + }, + { + "type": "trojan", + "tag": "WebSocket-out", + "server": "***.***.***.***", + "server_port": *****, + "password": "************", + "transport": { + "type": "ws", + "path": "/************", + "early_data_header_name": "Sec-WebSocket-Protocol" + }, + "tls": { + "enabled": true, + "disable_sni": false, + "server_name": "yours.example.org", + "utls": { + "enabled": true, + "fingerprint": "chrome" + } + }, + "multiplex": { + "enabled": true, + "max_connections": 4, + "min_streams": 4, + "max_streams": 0 + } + }, + { + "type": "hysteria", + "tag": "Hysteria-out", + "server": "***.***.***.***", + "server_port": *****, + "up_mbps": 100, + "down_mbps": , + "obfs": "************", + "auth_str": "************", + "tls": { + "enabled": true, + "disable_sni": false, + "server_name": "yours.example.org", + "alpn": [ + "h3" + ] } }, { @@ -66,6 +204,12 @@ ], "route": { "rules": [ + { + "inbound": [ + "SOCKS-in" + ], + "outbound": "Proxy-out" + }, { "protocol": "dns", "outbound": "dns-out" @@ -76,11 +220,17 @@ }, { "geosite": "cn", - "geoip": "cn", + "geoip": [ + "cn", + "private" + ], "outbound": "direct" + }, + { + "protocol": "quic", + "outbound": "block" } ], "auto_detect_interface": true } } -