[dependencies] Update golangci/golangci-lint-action action to v8

Signed-off-by: 愚者 <11926619+FansChou@users.noreply.github.com>

.github/workflows/build.yml

@@ -437,28 +437,24 @@ jobs:
             platform: ios
             scheme: SFI
             destination: 'generic/platform=iOS'
-            archive: build/SFI.xcarchive
             upload: SFI/Upload.plist
           - name: macOS
             if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'macOS' }}
             platform: macos
             scheme: SFM
             destination: 'generic/platform=macOS'
-            archive: build/SFM.xcarchive
             upload: SFI/Upload.plist
           - name: tvOS
             if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'tvOS' }}
             platform: tvos
             scheme: SFT
             destination: 'generic/platform=tvOS'
-            archive: build/SFT.xcarchive
             upload: SFI/Upload.plist
           - name: macOS-standalone
             if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'macOS-standalone' }}
             platform: macos
             scheme: SFM.System
             destination: 'generic/platform=macOS'
-            archive: build/SFM.System.xcarchive
             export: SFM.System/Export.plist
             export_path: build/SFM.System
     steps:
@@ -543,6 +539,12 @@ jobs:
           export PATH="$PATH:$(go env GOPATH)/bin"
           go run ./cmd/internal/build_libbox -target apple -platform ${{ matrix.platform }}
           mv Libbox.xcframework clients/apple
+      - name: Build library with tailscale
+        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS')
+        run: |-
+          export PATH="$PATH:$(go env GOPATH)/bin"
+          go run ./cmd/internal/build_libbox -target apple -platform ${{ matrix.platform }} -tailscale
+          mv Libbox.xcframework clients/apple/Libbox.WithTailscale.xcframework
       - name: Update macOS version
         if: matrix.if && matrix.name == 'macOS' && github.event_name == 'workflow_dispatch'
         run: |-
@@ -561,18 +563,71 @@ jobs:
             -scheme "${{ matrix.scheme }}" \
             -configuration Release \
             -destination "${{ matrix.destination }}" \
-            -archivePath "${{ matrix.archive }}" \
+            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
             -allowProvisioningUpdates \
             -authenticationKeyPath $ASC_KEY_PATH \
             -authenticationKeyID $ASC_KEY_ID \
             -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
+      - name: Build with Tailscale
+        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS')
+        run: |-
+          cd clients/apple
+          mv Libbox.xcframework Libbox.WithoutTailscale.xcframework
+          mv Libbox.WithTailscale.xcframework Libbox.xcframework
+          xcodebuild archive \
+            -scheme "${{ matrix.scheme }}" \
+            -configuration Release \
+            -destination "${{ matrix.destination }}" \
+            -archivePath "build/${{ matrix.scheme }}.WithTailscale.xcarchive" \
+            -allowProvisioningUpdates \
+            -authenticationKeyPath $ASC_KEY_PATH \
+            -authenticationKeyID $ASC_KEY_ID \
+            -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
+      - name: Export IPA
+        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS') && github.event_name == 'workflow_dispatch'
+        run: |-
+          pushd clients/apple
+          xcodebuild -exportArchive \
+            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
+            -exportOptionsPlist SFI/Export.plist \
+            -exportPath "build/${{ matrix.scheme }}" \
+            -allowProvisioningUpdates \
+            -authenticationKeyPath $ASC_KEY_PATH \
+            -authenticationKeyID $ASC_KEY_ID \
+            -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
+          cp build/${{ matrix.scheme }}/sing-box.ipa .
+          popd
+          mkdir -p dist
+          cp clients/apple/sing-box.ipa "dist/${{ matrix.scheme }}-${{ needs.calculate_version.outputs.version }}.ipa"
+      - name: Export IPA with Tailscale
+        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS') && github.event_name == 'workflow_dispatch'
+        run: |-
+          pushd clients/apple
+          xcodebuild -exportArchive \
+            -archivePath "build/${{ matrix.scheme }}.WithTailscale.xcarchive" \
+            -exportOptionsPlist SFI/Export.plist \
+            -exportPath "build/${{ matrix.scheme }}.WithTailscale" \
+            -allowProvisioningUpdates \
+            -authenticationKeyPath $ASC_KEY_PATH \
+            -authenticationKeyID $ASC_KEY_ID \
+            -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
+          cp build/${{ matrix.scheme }}.WithTailscale/sing-box.ipa .
+          popd
+          mkdir -p dist
+          cp clients/apple/sing-box.ipa "dist/${{ matrix.scheme }}-${{ needs.calculate_version.outputs.version }}-WithTailscale.ipa"
+      - name: Upload IPA
+        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS') && github.event_name == 'workflow_dispatch'
+        uses: actions/upload-artifact@v4
+        with:
+          name: binary-${{ matrix.name }}-ipa
+          path: 'dist'
       - name: Upload to App Store Connect
         if: matrix.if && matrix.name != 'macOS-standalone' && github.event_name == 'workflow_dispatch'
         run: |-
           go run -v ./cmd/internal/app_store_connect cancel_app_store ${{ matrix.platform }}
           cd clients/apple
           xcodebuild -exportArchive \
-            -archivePath "${{ matrix.archive }}" \
+            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
             -exportOptionsPlist ${{ matrix.upload }} \
             -allowProvisioningUpdates \
             -authenticationKeyPath $ASC_KEY_PATH \
@@ -587,7 +642,7 @@ jobs:
         run: |-
           pushd clients/apple
           xcodebuild -exportArchive \
-          	-archivePath "${{ matrix.archive }}" \
+            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
           	-exportOptionsPlist ${{ matrix.export }} \
           	-exportPath "${{ matrix.export_path }}"
           brew install create-dmg
@@ -600,13 +655,13 @@ jobs:
           		--skip-jenkins \
           	SFM.dmg "${{ matrix.export_path }}/SFM.app"
           xcrun notarytool submit "SFM.dmg" --wait --keychain-profile "notarytool-password"          
-          cd "${{ matrix.archive }}"
+          cd "build/${{ matrix.scheme }}.xcarchive"
           zip -r SFM.dSYMs.zip dSYMs
           popd
 
           mkdir -p dist
           cp clients/apple/SFM.dmg "dist/SFM-${VERSION}-universal.dmg"
-          cp "clients/apple/${{ matrix.archive }}/SFM.dSYMs.zip" "dist/SFM-${VERSION}-universal.dSYMs.zip"
+          cp "clients/apple/build/${{ matrix.scheme }}.xcarchive/SFM.dSYMs.zip" "dist/SFM-${VERSION}-universal.dSYMs.zip"
       - name: Upload image
         if: matrix.if && matrix.name == 'macOS-standalone' && github.event_name == 'workflow_dispatch'
         uses: actions/upload-artifact@v4

Makefile

@@ -108,6 +108,16 @@ upload_ios_app_store:
 	cd ../sing-box-for-apple && \
 	xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
 
+export_ios_ipa:
+	cd ../sing-box-for-apple && \
+	xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Export.plist -allowProvisioningUpdates -exportPath build/SFI && \
+	cp build/SFI/sing-box.ipa dist/SFI.ipa
+
+upload_ios_ipa:
+	cd dist && \
+	cp SFI.ipa "SFI-${VERSION}.ipa" && \
+	ghr --replace --draft --prerelease "v${VERSION}" "SFI-${VERSION}.ipa"
+
 release_ios: build_ios upload_ios_app_store
 
 build_macos:
@@ -175,6 +185,16 @@ upload_tvos_app_store:
 	cd ../sing-box-for-apple && \
 	xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
 
+export_tvos_ipa:
+	cd ../sing-box-for-apple && \
+	xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Export.plist -allowProvisioningUpdates -exportPath build/SFT && \
+	cp build/SFT/sing-box.ipa dist/SFT.ipa
+
+upload_tvos_ipa:
+	cd dist && \
+	cp SFT.ipa "SFT-${VERSION}.ipa" && \
+	ghr --replace --draft --prerelease "v${VERSION}" "SFT-${VERSION}.ipa"
+
 release_tvos: build_tvos upload_tvos_app_store
 
 update_apple_version:

adapter/inbound.go

@@ -57,7 +57,7 @@ type InboundContext struct {
 	Domain       string
 	Client       string
 	SniffContext any
-	PacketSniffError error
+	SniffError   error
 
 	// cache
 

cmd/internal/build_libbox/main.go

@@ -19,12 +19,14 @@ var (
 	debugEnabled  bool
 	target        string
 	platform      string
+	withTailscale bool
 )
 
 func init() {
 	flag.BoolVar(&debugEnabled, "debug", false, "enable debug")
 	flag.StringVar(&target, "target", "android", "target platform")
 	flag.StringVar(&platform, "platform", "", "specify platform")
+	flag.BoolVar(&withTailscale, "tailscale", false, "build tailscale for iOS and tvOS")
 }
 
 func main() {
@@ -151,7 +153,9 @@ func buildApple() {
 		"-v",
 		"-target", bindTarget,
 		"-libname=box",
-		"-tags-macos=" + strings.Join(memcTags, ","),
+	}
+	if withTailscale {
+		args = append(args, "-tags-macos="+strings.Join(memcTags, ","))
 	}
 
 	if !debugEnabled {
@@ -161,6 +165,9 @@ func buildApple() {
 	}
 
 	tags := append(sharedTags, iosTags...)
+	if withTailscale {
+		tags = append(tags, memcTags...)
+	}
 	if debugEnabled {
 		tags = append(tags, debugTags...)
 	}

common/convertor/adguard/convertor.go

@@ -96,7 +96,7 @@ parseLine:
 				}
 				if !ignored {
 					ignoredLines++
-					logger.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", ruleLine)
+					logger.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", originRuleLine)
 					continue parseLine
 				}
 			}
@@ -124,34 +124,35 @@ parseLine:
 			ruleLine = ruleLine[1 : len(ruleLine)-1]
 			if ignoreIPCIDRRegexp(ruleLine) {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule with IPCIDR regexp: ", ruleLine)
+				logger.Debug("ignored unsupported rule with IPCIDR regexp: ", originRuleLine)
 				continue
 			}
 			isRegexp = true
 		} else {
 			if strings.Contains(ruleLine, "://") {
 				ruleLine = common.SubstringAfter(ruleLine, "://")
+				isSuffix = true
 			}
 			if strings.Contains(ruleLine, "/") {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule with path: ", ruleLine)
+				logger.Debug("ignored unsupported rule with path: ", originRuleLine)
 				continue
 			}
 			if strings.Contains(ruleLine, "?") || strings.Contains(ruleLine, "&") {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule with query: ", ruleLine)
+				logger.Debug("ignored unsupported rule with query: ", originRuleLine)
 				continue
 			}
 			if strings.Contains(ruleLine, "[") || strings.Contains(ruleLine, "]") ||
 				strings.Contains(ruleLine, "(") || strings.Contains(ruleLine, ")") ||
 				strings.Contains(ruleLine, "!") || strings.Contains(ruleLine, "#") {
 				ignoredLines++
-				logger.Debug("ignored unsupported cosmetic filter: ", ruleLine)
+				logger.Debug("ignored unsupported cosmetic filter: ", originRuleLine)
 				continue
 			}
 			if strings.Contains(ruleLine, "~") {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule modifier: ", ruleLine)
+				logger.Debug("ignored unsupported rule modifier: ", originRuleLine)
 				continue
 			}
 			var domainCheck string
@@ -170,13 +171,13 @@ parseLine:
 					_, ipErr := parseADGuardIPCIDRLine(ruleLine)
 					if ipErr == nil {
 						ignoredLines++
-						logger.Debug("ignored unsupported rule with IPCIDR: ", ruleLine)
+						logger.Debug("ignored unsupported rule with IPCIDR: ", originRuleLine)
 						continue
 					}
 					if M.ParseSocksaddr(domainCheck).Port != 0 {
-						logger.Debug("ignored unsupported rule with port: ", ruleLine)
+						logger.Debug("ignored unsupported rule with port: ", originRuleLine)
 					} else {
-						logger.Debug("ignored unsupported rule with invalid domain: ", ruleLine)
+						logger.Debug("ignored unsupported rule with invalid domain: ", originRuleLine)
 					}
 					ignoredLines++
 					continue
@@ -407,11 +408,9 @@ func ignoreIPCIDRRegexp(ruleLine string) bool {
 		ruleLine = ruleLine[13:]
 	} else if strings.HasPrefix(ruleLine, "^") {
 		ruleLine = ruleLine[1:]
-	} else {
-		return false
 	}
-	_, parseErr := strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)
+	return common.Error(strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)) == nil ||
-	return parseErr == nil
+		common.Error(strconv.ParseUint(common.SubstringBefore(ruleLine, "."), 10, 8)) == nil
 }
 
 func parseAdGuardHostLine(ruleLine string) (string, error) {

docs/changelog.md

@@ -2,7 +2,7 @@
 icon: material/alert-decagram
 ---
 
-#### 1.12.0-beta.27
+#### 1.12.0-beta.28
 
 * Fixes and improvements
 

docs/clients/apple/index.md

@@ -19,13 +19,21 @@ platform-specific function implementation, such as TUN transparent proxy impleme
 ## :material-download: Download
 
 * [App Store](https://apps.apple.com/app/sing-box-vt/id6673731168)
-* TestFlight (Beta)
+* TestFlight (Beta) **1**
+* [GitHub Releases](https://github.com/SagerNet/sing-box/releases) **2**
+
+**1**:
 
 TestFlight quota is only available to [sponsors](https://github.com/sponsors/nekohasekai)
 (one-time sponsorships are accepted).
 Once you donate, you can get an invitation by join our Telegram group for sponsors from [@yet_another_sponsor_bot](https://t.me/yet_another_sponsor_bot)
 or sending us your Apple ID [via email](mailto:contact@sagernet.org).
 
+**2**:
+
+You can now download compiled IPAs for iOS and tvOS directly from GitHub releases, 
+but you need to purchase the **Apple Developer Program** to install them through AltStore or SideStore.
+
 ## :material-file-download: Download (macOS standalone version)
 
 * [Homebrew Cask](https://formulae.brew.sh/cask/sfm)

docs/configuration/inbound/tun.md

@@ -64,7 +64,7 @@ icon: material/new-box
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
   "loopback_address": [
-    "10.0.7.1"
+    "10.7.0.1"
   ],
   "strict_route": true,
   "route_address": [
@@ -284,7 +284,7 @@ Connection output mark used by `auto_redirect`.
 
 Loopback addresses make TCP connections to the specified address connect to the source address.
 
-Setting option value to `10.0.7.1` achieves the same behavior as SideStore/StosVPN.
+Setting option value to `10.7.0.1` achieves the same behavior as SideStore/StosVPN.
 
 When `auto_redirect` is enabled, the same behavior can be achieved for LAN devices (not just local) as a gateway.
 

docs/configuration/inbound/tun.zh.md

@@ -64,7 +64,7 @@ icon: material/new-box
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
   "loopback_address": [
-    "10.0.7.1"
+    "10.7.0.1"
   ],
   "strict_route": true,
   "route_address": [
@@ -283,7 +283,7 @@ tun 接口的 IPv6 前缀。
 
 环回地址是用于使指向指定地址的 TCP 连接连接到来源地址的。
 
-将选项值设置为 `10.0.7.1` 可实现与 SideStore/StosVPN 相同的行为。
+将选项值设置为 `10.7.0.1` 可实现与 SideStore/StosVPN 相同的行为。
 
 当启用 `auto_redirect` 时，可以作为网关为局域网设备（而不仅仅是本地）实现相同的行为。
 

route/route.go

@@ -501,6 +501,9 @@ func (r *Router) actionSniff(
 	if inputConn != nil {
 		if len(action.StreamSniffers) == 0 && len(action.PacketSniffers) > 0 {
 			return
+		} else if metadata.SniffError != nil && !errors.Is(metadata.SniffError, sniff.ErrNeedMoreData) {
+			r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.SniffError)
+			return
 		}
 		var streamSniffers []sniff.StreamSniffer
 		if len(action.StreamSniffers) > 0 {
@@ -525,6 +528,7 @@ func (r *Router) actionSniff(
 			action.Timeout,
 			streamSniffers...,
 		)
+		metadata.SniffError = err
 		if err == nil {
 			//goland:noinspection GoDeprecation
 			if action.OverrideDestination && M.IsDomainName(metadata.Domain) {
@@ -549,8 +553,8 @@ func (r *Router) actionSniff(
 	} else if inputPacketConn != nil {
 		if len(action.PacketSniffers) == 0 && len(action.StreamSniffers) > 0 {
 			return
-		} else if metadata.PacketSniffError != nil && !errors.Is(metadata.PacketSniffError, sniff.ErrNeedMoreData) {
+		} else if metadata.SniffError != nil && !errors.Is(metadata.SniffError, sniff.ErrNeedMoreData) {
-			r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.PacketSniffError)
+			r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.SniffError)
 			return
 		}
 		var packetSniffers []sniff.PacketSniffer
@@ -598,7 +602,7 @@ func (r *Router) actionSniff(
 					return
 				}
 			} else {
-				if len(packetBuffers) > 0 || metadata.PacketSniffError != nil {
+				if len(packetBuffers) > 0 || metadata.SniffError != nil {
 					err = sniff.PeekPacket(
 						ctx,
 						metadata,
@@ -618,7 +622,7 @@ func (r *Router) actionSniff(
 					Destination: destination,
 				}
 				packetBuffers = append(packetBuffers, packetBuffer)
-				metadata.PacketSniffError = err
+				metadata.SniffError = err
 				if errors.Is(err, sniff.ErrNeedMoreData) {
 					// TODO: replace with generic message when there are more multi-packet protocols
 					r.logger.DebugContext(ctx, "attempt to sniff fragmented QUIC client hello")