release: Fix xcode version

documentation: Bump version
documentation: Fix wrong SideStore loopback ip
2025-08-26 03:57:36 +08:00 · 2025-06-23 20:48:37 +08:00 · 2025-06-21 19:43:17 +08:00 · 2025-06-21 19:43:17 +08:00 · 2025-06-21 19:43:13 +08:00 · 2025-06-21 18:37:25 +08:00
13 changed files with 180 additions and 136 deletions
--- a/cmd/internal/build_libbox/main.go
+++ b/cmd/internal/build_libbox/main.go
@ -26,7 +26,7 @@ func init() {
 	flag.BoolVar(&debugEnabled, "debug", false, "enable debug")
 	flag.StringVar(&target, "target", "android", "target platform")
 	flag.StringVar(&platform, "platform", "", "specify platform")
-	flag.BoolVar(&withTailscale, "with-tailscale", false, "build tailscale for iOS and tvOS")
+	flag.BoolVar(&withTailscale, "tailscale", false, "build tailscale for iOS and tvOS")
 }

 func main() {
@ -154,7 +154,7 @@ func buildApple() {
 		"-target", bindTarget,
 		"-libname=box",
 	}
-	if !withTailscale {
+	if withTailscale {
 		args = append(args, "-tags-macos="+strings.Join(memcTags, ","))
 	}

--- a/common/tls/acme.go
+++ b/common/tls/acme.go
@ -5,13 +5,13 @@ package tls
 import (
 	"context"
 	"crypto/tls"
+	"os"
 	"strings"

 	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"

 	"github.com/caddyserver/certmagic"
 	"github.com/libdns/alidns"
@ -37,38 +37,7 @@ func (w *acmeWrapper) Close() error {
 	return nil
 }

-type acmeLogWriter struct {
-	logger logger.Logger
-}
-
-func (w *acmeLogWriter) Write(p []byte) (n int, err error) {
-	logLine := strings.ReplaceAll(string(p), "	", ": ")
-	switch {
-	case strings.HasPrefix(logLine, "error: "):
-		w.logger.Error(logLine[7:])
-	case strings.HasPrefix(logLine, "warn: "):
-		w.logger.Warn(logLine[6:])
-	case strings.HasPrefix(logLine, "info: "):
-		w.logger.Info(logLine[6:])
-	case strings.HasPrefix(logLine, "debug: "):
-		w.logger.Debug(logLine[7:])
-	default:
-		w.logger.Debug(logLine)
-	}
-	return len(p), nil
-}
-
-func (w *acmeLogWriter) Sync() error {
-	return nil
-}
-
-func encoderConfig() zapcore.EncoderConfig {
-	config := zap.NewProductionEncoderConfig()
-	config.TimeKey = zapcore.OmitKey
-	return config
-}
-
-func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
+func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
 	var acmeServer string
 	switch options.Provider {
 	case "", "letsencrypt":
@ -89,15 +58,14 @@ func startACME(ctx context.Context, logger logger.Logger, options option.Inbound
 	} else {
 		storage = certmagic.Default.Storage
 	}
-	zapLogger := zap.New(zapcore.NewCore(
-		zapcore.NewConsoleEncoder(encoderConfig()),
-		&acmeLogWriter{logger: logger},
-		zap.DebugLevel,
-	))
 	config := &certmagic.Config{
 		DefaultServerName: options.DefaultServerName,
 		Storage:           storage,
-		Logger:            zapLogger,
+		Logger: zap.New(zapcore.NewCore(
+			zapcore.NewConsoleEncoder(zap.NewProductionEncoderConfig()),
+			os.Stderr,
+			zap.InfoLevel,
+		)),
 	}
 	acmeConfig := certmagic.ACMEIssuer{
 		CA:                      acmeServer,
@ -107,7 +75,7 @@ func startACME(ctx context.Context, logger logger.Logger, options option.Inbound
 		DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
 		AltHTTPPort:             int(options.AlternativeHTTPPort),
 		AltTLSALPNPort:          int(options.AlternativeTLSPort),
-		Logger:                  zapLogger,
+		Logger:                  config.Logger,
 	}
 	if dnsOptions := options.DNS01Challenge; dnsOptions != nil && dnsOptions.Provider != "" {
 		var solver certmagic.DNS01Solver
@ -135,7 +103,6 @@ func startACME(ctx context.Context, logger logger.Logger, options option.Inbound
 		GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
 			return config, nil
 		},
-		Logger: zapLogger,
 	})
 	config = certmagic.New(cache, *config)
 	var tlsConfig *tls.Config
--- a/common/tls/acme_stub.go
+++ b/common/tls/acme_stub.go
@ -9,9 +9,8 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/sing/common/logger"
 )

-func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
+func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.SimpleLifecycle, error) {
 	return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
 }
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@ -169,7 +169,7 @@ func NewSTDServer(ctx context.Context, logger log.Logger, options option.Inbound
 	var err error
 	if options.ACME != nil && len(options.ACME.Domain) > 0 {
 		//nolint:staticcheck
-		tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME))
+		tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME))
 		if err != nil {
 			return nil, err
 		}
--- a/dns/transport/https.go
+++ b/dns/transport/https.go
@ -122,7 +122,6 @@ func NewHTTPSRaw(
 	var transport *http.Transport
 	if tlsConfig != nil {
 		transport = &http.Transport{
-			IdleConnTimeout:   C.TCPKeepAliveInitial,
 			ForceAttemptHTTP2: true,
 			DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				tcpConn, hErr := dialer.DialContext(ctx, network, serverAddr)
@ -139,7 +138,6 @@ func NewHTTPSRaw(
 		}
 	} else {
 		transport = &http.Transport{
-			IdleConnTimeout: C.TCPKeepAliveInitial,
 			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				return dialer.DialContext(ctx, network, serverAddr)
 			},
--- a/dns/transport/local/resolv_darwin_cgo.go
+++ b/dns/transport/local/resolv_darwin_cgo.go
@ -20,8 +20,7 @@ import (
 )

 func dnsReadConfig(_ context.Context, _ string) *dnsConfig {
-	var state C.res_state
-	if C.res_ninit(state) != 0 {
+	if C.res_init() != 0 {
 		return &dnsConfig{
 			servers:  defaultNS,
 			search:   dnsDefaultSearch(),
@ -34,10 +33,10 @@ func dnsReadConfig(_ context.Context, _ string) *dnsConfig {
 	conf := &dnsConfig{
 		ndots:    1,
 		timeout:  5 * time.Second,
-		attempts: int(state.retry),
+		attempts: int(C._res.retry),
 	}
-	for i := 0; i < int(state.nscount); i++ {
-		ns := state.nsaddr_list[i]
+	for i := 0; i < int(C._res.nscount); i++ {
+		ns := C._res.nsaddr_list[i]
 		addr := C.inet_ntoa(ns.sin_addr)
 		if addr == nil {
 			continue
@ -45,7 +44,7 @@ func dnsReadConfig(_ context.Context, _ string) *dnsConfig {
 		conf.servers = append(conf.servers, C.GoString(addr))
 	}
 	for i := 0; ; i++ {
-		search := state.dnsrch[i]
+		search := C._res.dnsrch[i]
 		if search == nil {
 			break
 		}
--- a/docs/changelog.md
+++ b/docs/changelog.md
@ -2,7 +2,7 @@
 icon: material/alert-decagram
 ---

-#### 1.12.0-beta.29
+#### 1.12.0-beta.28

 * Fixes and improvements

--- a/docs/configuration/endpoint/index.zh.md
+++ b/docs/configuration/endpoint/index.zh.md
@ -25,7 +25,7 @@ icon: material/new-box

 | 类型          | 格式                        |
 |-------------|---------------------------|
-| `wireguard` | [WireGuard](./wireguard/) |
+| `wireguard` | [WireGuard](./wiregaurd/) |
 | `tailscale` | [Tailscale](./tailscale/) |

 #### tag
--- a/docs/configuration/experimental/clash-api.md
+++ b/docs/configuration/experimental/clash-api.md
@ -59,7 +59,7 @@
    {
      "external_controller": "0.0.0.0:9090",
      "external_ui": "dashboard"
-      // "external_ui_download_detour": "direct"
+      // external_ui_download_detour: "direct"
    }
    ```

--- a/docs/configuration/experimental/clash-api.zh.md
+++ b/docs/configuration/experimental/clash-api.zh.md
@ -59,7 +59,7 @@
    {
      "external_controller": "0.0.0.0:9090",
      "external_ui": "dashboard"
-      // "external_ui_download_detour": "direct"
+      // external_ui_download_detour: "direct"
    }
    ```

--- a/docs/manual/proxy/client.md
+++ b/docs/manual/proxy/client.md
@ -94,13 +94,18 @@ flowchart TB
        "servers": [
          {
            "tag": "google",
-            "type": "tls",
-            "server": "8.8.8.8"
+            "address": "tls://8.8.8.8"
          },
          {
            "tag": "local",
-            "type": "udp",
-            "server": "223.5.5.5"
+            "address": "223.5.5.5",
+            "detour": "direct"
+          }
+        ],
+        "rules": [
+          {
+            "outbound": "any",
+            "server": "local"
          }
        ],
        "strategy": "ipv4_only"
@ -110,8 +115,7 @@ flowchart TB
          "type": "tun",
          "inet4_address": "172.19.0.1/30",
          "auto_route": true,
-          // "auto_redirect": true, // On linux
-          "strict_route": true
+          "strict_route": false
        }
      ],
      "outbounds": [
@ -119,23 +123,25 @@ flowchart TB
        {
          "type": "direct",
          "tag": "direct"
+        },
+        {
+          "type": "dns",
+          "tag": "dns-out"
        }
      ],
      "route": {
        "rules": [
-          {
-            "action": "sniff"
-          },
          {
            "protocol": "dns",
-            "action": "hijack-dns"
+            "outbound": "dns-out"
          },
          {
-            "ip_is_private": true,
+            "geoip": [
+              "private"
+            ],
            "outbound": "direct"
          }
        ],
-        "default_domain_resolver": "local",
        "auto_detect_interface": true
      }
    }
@ -149,13 +155,18 @@ flowchart TB
        "servers": [
          {
            "tag": "google",
-            "type": "tls",
-            "server": "8.8.8.8"
+            "address": "tls://8.8.8.8"
          },
          {
            "tag": "local",
-            "type": "udp",
-            "server": "223.5.5.5"
+            "address": "223.5.5.5",
+            "detour": "direct"
+          }
+        ],
+        "rules": [
+          {
+            "outbound": "any",
+            "server": "local"
          }
        ]
      },
@ -165,8 +176,7 @@ flowchart TB
          "inet4_address": "172.19.0.1/30",
          "inet6_address": "fdfe:dcba:9876::1/126",
          "auto_route": true,
-          // "auto_redirect": true, // On linux
-          "strict_route": true
+          "strict_route": false
        }
      ],
      "outbounds": [
@ -174,23 +184,25 @@ flowchart TB
        {
          "type": "direct",
          "tag": "direct"
+        },
+        {
+          "type": "dns",
+          "tag": "dns-out"
        }
      ],
      "route": {
        "rules": [
-          {
-            "action": "sniff"
-          },
          {
            "protocol": "dns",
-            "action": "hijack-dns"
+            "outbound": "dns-out"
          },
          {
-            "ip_is_private": true,
+            "geoip": [
+              "private"
+            ],
            "outbound": "direct"
          }
        ],
-        "default_domain_resolver": "local",
        "auto_detect_interface": true
      }
    }
@ -204,22 +216,23 @@ flowchart TB
        "servers": [
          {
            "tag": "google",
-            "type": "tls",
-            "server": "8.8.8.8"
+            "address": "tls://8.8.8.8"
          },
          {
            "tag": "local",
-            "type": "udp",
-            "server": "223.5.5.5"
+            "address": "223.5.5.5",
+            "detour": "direct"
          },
          {
            "tag": "remote",
-            "type": "fakeip",
-            "inet4_range": "198.18.0.0/15",
-            "inet6_range": "fc00::/18"
+            "address": "fakeip"
          }
        ],
        "rules": [
+          {
+            "outbound": "any",
+            "server": "local"
+          },
          {
            "query_type": [
              "A",
@ -228,6 +241,11 @@ flowchart TB
            "server": "remote"
          }
        ],
+        "fakeip": {
+          "enabled": true,
+          "inet4_range": "198.18.0.0/15",
+          "inet6_range": "fc00::/18"
+        },
        "independent_cache": true
      },
      "inbounds": [
@ -236,7 +254,6 @@ flowchart TB
          "inet4_address": "172.19.0.1/30",
          "inet6_address": "fdfe:dcba:9876::1/126",
          "auto_route": true,
-          // "auto_redirect": true, // On linux
          "strict_route": true
        }
      ],
@ -245,23 +262,25 @@ flowchart TB
        {
          "type": "direct",
          "tag": "direct"
+        },
+        {
+          "type": "dns",
+          "tag": "dns-out"
        }
      ],
      "route": {
        "rules": [
-          {
-            "action": "sniff"
-          },
          {
            "protocol": "dns",
-            "action": "hijack-dns"
+            "outbound": "dns-out"
          },
          {
-            "ip_is_private": true,
+            "geoip": [
+              "private"
+            ],
            "outbound": "direct"
          }
        ],
-        "default_domain_resolver": "local",
        "auto_detect_interface": true
      }
    }
@ -271,6 +290,54 @@ flowchart TB

 === ":material-dns: DNS rules"

+    ```json
+    {
+      "dns": {
+        "servers": [
+          {
+            "tag": "google",
+            "address": "tls://8.8.8.8"
+          },
+          {
+            "tag": "local",
+            "address": "223.5.5.5",
+            "detour": "direct"
+          }
+        ],
+        "rules": [
+          {
+            "outbound": "any",
+            "server": "local"
+          },
+          {
+            "clash_mode": "Direct",
+            "server": "local"
+          },
+          {
+            "clash_mode": "Global",
+            "server": "google"
+          },
+          {
+            "rule_set": "geosite-geolocation-cn",
+            "server": "local"
+          }
+        ]
+      },
+      "route": {
+        "rule_set": [
+          {
+            "type": "remote",
+            "tag": "geosite-geolocation-cn",
+            "format": "binary",
+            "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs"
+          }
+        ]
+      }
+    }
+    ```
+
+=== ":material-dns: DNS rules (Enhanced, but slower) (1.9.0+)"
+
    === ":material-shield-off: With DNS leaks"

        ```json
@ -279,20 +346,35 @@ flowchart TB
            "servers": [
              {
                "tag": "google",
-                "type": "tls",
-                "server": "8.8.8.8"
+                "address": "tls://8.8.8.8"
              },
              {
                "tag": "local",
-                "type": "https",
-                "server": "223.5.5.5"
+                "address": "https://223.5.5.5/dns-query",
+                "detour": "direct"
              }
            ],
            "rules": [
+              {
+                "outbound": "any",
+                "server": "local"
+              },
+              {
+                "clash_mode": "Direct",
+                "server": "local"
+              },
+              {
+                "clash_mode": "Global",
+                "server": "google"
+              },
              {
                "rule_set": "geosite-geolocation-cn",
                "server": "local"
              },
+              {
+                "clash_mode": "Default",
+                "server": "google"
+              },
              {
                "type": "logical",
                "mode": "and",
@ -310,7 +392,6 @@ flowchart TB
            ]
          },
          "route": {
-            "default_domain_resolver": "local",
            "rule_set": [
              {
                "type": "remote",
@ -344,24 +425,35 @@ flowchart TB
        }
        ```

-    === ":material-security: Without DNS leaks, but slower"
-    
+    === ":material-security: Without DNS leaks, but slower (1.9.0-alpha.2+)"
+
        ```json
        {
          "dns": {
            "servers": [
              {
                "tag": "google",
-                "type": "tls",
-                "server": "8.8.8.8"
+                "address": "tls://8.8.8.8"
              },
              {
                "tag": "local",
-                "type": "https",
-                "server": "223.5.5.5"
+                "address": "https://223.5.5.5/dns-query",
+                "detour": "direct"
              }
            ],
            "rules": [
+              {
+                "outbound": "any",
+                "server": "local"
+              },
+              {
+                "clash_mode": "Direct",
+                "server": "local"
+              },
+              {
+                "clash_mode": "Global",
+                "server": "google"
+              },
              {
                "rule_set": "geosite-geolocation-cn",
                "server": "local"
@ -384,7 +476,6 @@ flowchart TB
            ]
          },
          "route": {
-            "default_domain_resolver": "local",
            "rule_set": [
              {
                "type": "remote",
@ -426,13 +517,14 @@ flowchart TB
        {
          "type": "direct",
          "tag": "direct"
+        },
+        {
+          "type": "block",
+          "tag": "block"
        }
      ],
      "route": {
        "rules": [
-          {
-            "action": "sniff"
-          },
          {
            "type": "logical",
            "mode": "or",
@ -444,12 +536,20 @@ flowchart TB
                "port": 53
              }
            ],
-            "action": "hijack-dns"
+            "outbound": "dns"
          },
          {
            "ip_is_private": true,
            "outbound": "direct"
          },
+          {
+            "clash_mode": "Direct",
+            "outbound": "direct"
+          },
+          {
+            "clash_mode": "Global",
+            "outbound": "default"
+          },
          {
            "type": "logical",
            "mode": "or",
@ -465,23 +565,12 @@ flowchart TB
                "protocol": "stun"
              }
            ],
-            "action": "reject"
+            "outbound": "block"
          },
          {
-            "rule_set": "geosite-geolocation-cn",
-            "outbound": "direct"
-          },
-          {
-            "type": "logical",
-            "mode": "and",
-            "rules": [
-              {
-                "rule_set": "geoip-cn"
-              },
-              {
-                "rule_set": "geosite-geolocation-!cn",
-                "invert": true
-              }
+            "rule_set": [
+              "geoip-cn",
+              "geosite-geolocation-cn"
            ],
            "outbound": "direct"
          }
@ -502,4 +591,4 @@ flowchart TB
        ]
      }
    }
-    ```
+    ```
--- a/protocol/vless/inbound.go
+++ b/protocol/vless/inbound.go
@ -205,10 +205,6 @@ func (h *inboundTransportHandler) NewConnectionEx(ctx context.Context, conn net.
 	var metadata adapter.InboundContext
 	metadata.Source = source
 	metadata.Destination = destination
-	//nolint:staticcheck
-	metadata.InboundDetour = h.listener.ListenOptions().Detour
-	//nolint:staticcheck
-	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
 	(*Inbound)(h).NewConnectionEx(ctx, conn, metadata, onClose)
 }
--- a/protocol/vmess/inbound.go
+++ b/protocol/vmess/inbound.go
@ -219,10 +219,6 @@ func (h *inboundTransportHandler) NewConnectionEx(ctx context.Context, conn net.
 	var metadata adapter.InboundContext
 	metadata.Source = source
 	metadata.Destination = destination
-	//nolint:staticcheck
-	metadata.InboundDetour = h.listener.ListenOptions().Detour
-	//nolint:staticcheck
-	metadata.InboundOptions = h.listener.ListenOptions().InboundOptions
 	h.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
 	(*Inbound)(h).NewConnectionEx(ctx, conn, metadata, onClose)
 }
Author	SHA1	Message	Date
世界	e5c6d3c080	release: Fix xcode version	2025-06-23 20:48:37 +08:00
世界	36c095f660	documentation: Bump version	2025-06-21 19:43:17 +08:00
anytinz	71c0ed37b3	documentation: Fix wrong SideStore loopback ip	2025-06-21 19:43:17 +08:00
世界	860df103b4	Revert "release: Add IPA build" After testing, it seems that since extensions are not handled correctly, it cannot be installed by SideStore.	2025-06-21 19:43:13 +08:00
世界	d6c9e0349f	release: Add IPA build	2025-06-21 18:37:25 +08:00
世界	16e05be1be	Add API to dump AdGuard rules	2025-06-21 18:07:32 +08:00
Sukka	259a140453	Improve AdGuard rule-set parser	2025-06-21 18:07:32 +08:00
Restia-Ashbell	54760eeaaa	Add ECH support for uTLS	2025-06-21 18:07:31 +08:00
世界	a870c36d2d	Improve TLS fragments	2025-06-21 18:07:31 +08:00
世界	1054f58751	Add cache support for ssm-api	2025-06-21 18:07:30 +08:00
世界	6981dfe0c0	Fix service will not be closed	2025-06-21 18:07:30 +08:00
世界	719d0d3c31	Add loopback address support for tun	2025-06-21 18:07:29 +08:00
世界	8f5fad3f9d	Fix tproxy listener	2025-06-21 18:07:29 +08:00
世界	c2e9c30efc	Fix systemd package	2025-06-21 18:07:28 +08:00
世界	3da06f0db8	Fix missing home for derp service	2025-06-21 18:07:28 +08:00
Zero Clover	acb5065198	documentation: Fix services	2025-06-21 18:07:28 +08:00
世界	c6a7d8c587	Fix `dns.client_subnet` ignored	2025-06-21 18:07:27 +08:00
世界	a9ff1cbf78	documentation: Minor fixes	2025-06-21 18:07:27 +08:00
世界	94e0d6b4ab	Fix tailscale forward	2025-06-21 18:07:26 +08:00
世界	93c866a900	Minor fixes	2025-06-21 18:07:26 +08:00
世界	40451f8957	Add SSM API service	2025-06-21 18:07:26 +08:00
世界	2a2ca1bef6	Add resolved service and DNS server	2025-06-21 18:07:25 +08:00
世界	e156abb0ab	Add DERP service	2025-06-21 18:07:25 +08:00
世界	94d70a2a97	Add service component type	2025-06-21 18:07:24 +08:00
世界	4b2cda1c76	Fix tproxy tcp control	2025-06-21 18:07:24 +08:00
愚者	6e8e007352	release: Fix build tags for android Signed-off-by: 愚者 <11926619+FansChou@users.noreply.github.com>	2025-06-21 18:07:23 +08:00
世界	d18a35c414	prevent creation of bind and mark controls on unsupported platforms	2025-06-21 18:07:23 +08:00
PuerNya	ea31ebb2a3	documentation: Fix description of reject DNS action behavior	2025-06-21 18:07:22 +08:00
Restia-Ashbell	0951711c08	Fix TLS record fragment	2025-06-21 18:07:22 +08:00
世界	fdd8d3e23e	Add missing `accept_routes` option for Tailscale	2025-06-21 18:07:22 +08:00
世界	53feae6a6e	Add TLS record fragment support	2025-06-21 18:07:21 +08:00
世界	b63eba13ef	Fix set edns0 client subnet	2025-06-21 18:07:21 +08:00
世界	a2c52fb21b	Update minor dependencies	2025-06-21 18:07:21 +08:00
世界	01d06c0d29	Update certmagic and providers	2025-06-21 18:07:20 +08:00
世界	01b11f3d4e	Update protobuf and grpc	2025-06-21 18:07:20 +08:00
世界	567c98dc9e	Add control options for listeners	2025-06-21 18:07:19 +08:00
世界	f8a64a6554	Update quic-go to v0.52.0	2025-06-21 18:07:19 +08:00
世界	5dd021e979	Update utls to v1.7.2	2025-06-21 18:07:19 +08:00
世界	a3f9196fdc	Handle EDNS version downgrade	2025-06-21 18:07:18 +08:00
世界	42102b3fc4	documentation: Fix anytls padding scheme description	2025-06-21 18:07:18 +08:00
安容	c0e5fe78ab	Report invalid DNS address early	2025-06-21 18:07:17 +08:00
世界	ad7bb47bf6	Fix wireguard `listen_port`	2025-06-21 18:07:17 +08:00
世界	58779f99ce	clash-api: Add more meta api	2025-06-21 18:07:16 +08:00
世界	b14782771b	Fix DNS lookup	2025-06-21 18:07:16 +08:00
世界	51816e0cd2	Fix fetch ECH configs	2025-06-21 18:07:16 +08:00
reletor	0b7ea0c6c6	documentation: Minor fixes	2025-06-21 18:07:16 +08:00
caelansar	cac33150d8	Fix callback deletion in UDP transport	2025-06-21 18:07:16 +08:00
世界	31bd6bb5cb	documentation: Try to make the play review happy	2025-06-21 18:07:15 +08:00
世界	7f26d21a28	Fix missing handling of legacy `domain_strategy` options	2025-06-21 18:07:15 +08:00
世界	14a8e87e2f	Improve local DNS server	2025-06-21 18:07:15 +08:00
anytls	38e3766c33	Update anytls Co-authored-by: anytls <anytls>	2025-06-21 18:07:14 +08:00
世界	1be391470a	Fix DNS dialer	2025-06-21 18:07:13 +08:00
世界	560f567881	release: Skip override version for iOS	2025-06-21 18:07:13 +08:00
iikira	53dfdd1ec6	Fix UDP DNS server crash Signed-off-by: iikira <i2@mail.iikira.com>	2025-06-21 18:07:13 +08:00
ReleTor	69fe3b16f1	Fix fetch ECH configs	2025-06-21 18:07:13 +08:00
世界	85d80deec8	Allow direct outbounds without `domain_resolver`	2025-06-21 18:07:12 +08:00
世界	2570b11ea4	Fix Tailscale dialer	2025-06-21 18:07:12 +08:00
dyhkwong	d4d1ea7129	Fix DNS over QUIC stream close	2025-06-21 18:07:12 +08:00
anytls	5852b5ba94	Update anytls Co-authored-by: anytls <anytls>	2025-06-21 18:07:11 +08:00
Rambling2076	655674bb9b	Fix missing `with_tailscale` in Dockerfile Signed-off-by: Rambling2076 <Rambling2076@proton.me>	2025-06-21 18:07:11 +08:00
世界	a55d597212	Fail when default DNS server not found	2025-06-21 18:07:11 +08:00
世界	183aed8253	Update gVisor to 20250319.0	2025-06-21 18:07:10 +08:00
世界	8f1885bef8	Explicitly reject detour to empty direct outbounds	2025-06-21 18:07:10 +08:00
世界	4a13f9828c	Add netns support	2025-06-21 18:07:10 +08:00
世界	659b4988ce	Add wildcard name support for predefined records	2025-06-21 18:07:10 +08:00
世界	de1053f2cf	Remove map usage in options	2025-06-21 18:07:09 +08:00
世界	f7200c72f2	Fix unhandled DNS loop	2025-06-21 18:07:09 +08:00
世界	0febed9b60	Add wildcard-sni support for shadow-tls inbound	2025-06-21 18:07:09 +08:00
k9982874	ba2ad571d3	Add ntp protocol sniffing	2025-06-21 18:07:08 +08:00
世界	36c171aeac	option: Fix marshal legacy DNS options	2025-06-21 18:07:08 +08:00
世界	76630b474a	Make `domain_resolver` optional when only one DNS server is configured	2025-06-21 18:07:08 +08:00
世界	9a0d4e4ec6	Fix DNS lookup context pollution	2025-06-21 18:07:07 +08:00
世界	9eaebb970b	Fix http3 DNS server connecting to wrong address	2025-06-21 18:07:07 +08:00
Restia-Ashbell	8f890bcd9a	documentation: Fix typo	2025-06-21 18:07:06 +08:00
anytls	529c0a1e64	Update sing-anytls Co-authored-by: anytls <anytls>	2025-06-21 18:07:06 +08:00
k9982874	00fd52854b	Fix hosts DNS server	2025-06-21 18:07:06 +08:00
世界	043954df8c	Fix UDP DNS server crash	2025-06-21 18:07:06 +08:00
世界	5acf9344f1	documentation: Fix missing `ip_accept_any` DNS rule option	2025-06-21 18:07:05 +08:00
世界	96f96b5b28	Fix anytls dialer usage	2025-06-21 18:07:05 +08:00
世界	2ad59c6bf1	Move predefined DNS server to rule action	2025-06-21 18:07:05 +08:00
世界	a3bbdaf61e	Fix domain resolver on direct outbound	2025-06-21 18:07:04 +08:00
Zephyruso	344ee5df43	Fix missing AnyTLS display name	2025-06-21 18:07:04 +08:00
anytls	47c35f5e7a	Update sing-anytls Co-authored-by: anytls <anytls>	2025-06-21 18:07:04 +08:00
Estel	7101407b87	documentation: Fix typo Signed-off-by: Estel <callmebedrockdigger@gmail.com>	2025-06-21 18:07:04 +08:00
TargetLocked	79f84b4333	Fix parsing legacy DNS options	2025-06-21 18:07:03 +08:00
世界	b9d37ce9f7	Fix DNS fallback	2025-06-21 18:07:03 +08:00
世界	e73bb73290	documentation: Fix missing hosts DNS server	2025-06-21 18:07:02 +08:00
anytls	f1623edb5a	Add MinIdleSession option to AnyTLS outbound Co-authored-by: anytls <anytls>	2025-06-21 18:07:02 +08:00
ReleTor	f42aba5d46	documentation: Minor fixes	2025-06-21 18:07:02 +08:00
libtry486	67d934a301	documentation: Fix typo fix typo Signed-off-by: libtry486 <89328481+libtry486@users.noreply.github.com>	2025-06-21 18:07:01 +08:00
Alireza Ahmadi	9fbbc0a74e	Fix Outbound deadlock	2025-06-21 18:07:01 +08:00
世界	ec0c882efe	documentation: Fix AnyTLS doc	2025-06-21 18:07:01 +08:00
anytls	167a674b8c	Add AnyTLS protocol	2025-06-21 18:07:00 +08:00
世界	8df3f470a0	Migrate to stdlib ECH support	2025-06-21 18:07:00 +08:00
世界	e338c88a5d	Add fallback local DNS server for iOS	2025-06-21 18:06:59 +08:00
世界	4b28d626b5	Get darwin local DNS server from libresolv	2025-06-21 18:06:59 +08:00
世界	aa9bceecb2	Improve resolve action	2025-06-21 18:06:58 +08:00
世界	f10bce28a3	Add back port hopping to hysteria 1	2025-06-21 18:06:58 +08:00
xchacha20-poly1305	7d4f76abea	Remove single quotes of raw Moziila certs	2025-06-21 18:06:57 +08:00
世界	9e27c304b9	Add Tailscale endpoint	2025-06-21 18:06:56 +08:00
世界	b2cb1a39a6	Build legacy binaries with latest Go	2025-06-21 18:06:56 +08:00
世界	0b790fbabe	documentation: Remove outdated icons	2025-06-21 18:06:55 +08:00
世界	56e6653c6e	documentation: Certificate store	2025-06-21 18:06:55 +08:00
世界	5738174060	documentation: TLS fragment	2025-06-21 18:06:54 +08:00
世界	909893afa9	documentation: Outbound domain resolver	2025-06-21 18:06:54 +08:00
世界	efdf801332	documentation: Refactor DNS	2025-06-21 18:06:54 +08:00
世界	88fa375f7e	Add certificate store	2025-06-21 18:06:53 +08:00
世界	f7797e9d34	Add TLS fragment support	2025-06-21 18:06:53 +08:00
世界	fb7a7239fd	refactor: Outbound domain resolver	2025-06-21 18:06:53 +08:00
世界	bca97c10a4	refactor: DNS	2025-06-21 18:06:45 +08:00