[dependencies] Update golangci/golangci-lint-action action to v7

Handle EDNS version downgrade
Add default values for corresponding extensions to the format of rule-sets
2025-08-30 13:58:49 +08:00 · 2025-05-01 05:52:57 +00:00 · 2025-05-01 12:34:34 +08:00 · 2025-05-01 12:34:34 +08:00 · 2025-05-01 12:34:34 +08:00 · 2025-05-01 12:34:34 +08:00
4 changed files with 62 additions and 9 deletions
--- a/common/listener/listener_udp.go
+++ b/common/listener/listener_udp.go
@ -37,6 +37,12 @@ func (l *Listener) ListenUDP() (net.PacketConn, error) {
 	return udpConn, err
 }

+func (l *Listener) DialContext(dialer net.Dialer, ctx context.Context, network string, address string) (net.Conn, error) {
+	return ListenNetworkNamespace[net.Conn](l.listenOptions.NetNs, func() (net.Conn, error) {
+		return dialer.DialContext(ctx, network, address)
+	})
+}
+
 func (l *Listener) ListenPacket(listenConfig net.ListenConfig, ctx context.Context, network string, address string) (net.PacketConn, error) {
 	return ListenNetworkNamespace[net.PacketConn](l.listenOptions.NetNs, func() (net.PacketConn, error) {
 		return listenConfig.ListenPacket(ctx, network, address)
--- a/dns/client.go
+++ b/dns/client.go
@ -232,10 +232,20 @@ func (c *Client) Exchange(ctx context.Context, transport adapter.DNSTransport, m
 			record.Header().Ttl = timeToLive
 		}
 	}
-	response.Id = messageId
 	if !disableCache {
 		c.storeCache(transport, question, response, timeToLive)
 	}
+	response.Id = messageId
+	requestEDNSOpt := message.IsEdns0()
+	responseEDNSOpt := response.IsEdns0()
+	if responseEDNSOpt != nil && (requestEDNSOpt == nil || requestEDNSOpt.Version() < responseEDNSOpt.Version()) {
+		response.Extra = common.Filter(response.Extra, func(it dns.RR) bool {
+			return it.Header().Rrtype != dns.TypeOPT
+		})
+		if requestEDNSOpt != nil {
+			response.SetEdns0(responseEDNSOpt.UDPSize(), responseEDNSOpt.Do())
+		}
+	}
 	logExchangedResponse(c.logger, ctx, response, timeToLive)
 	return response, err
 }
--- a/option/rule_set.go
+++ b/option/rule_set.go
@ -1,6 +1,8 @@
 package option

 import (
+	"net/url"
+	"path/filepath"
 	"reflect"

 	C "github.com/sagernet/sing-box/constant"
@ -27,6 +29,18 @@ type _RuleSet struct {
 type RuleSet _RuleSet

 func (r RuleSet) MarshalJSON() ([]byte, error) {
+	if r.Type != C.RuleSetTypeInline {
+		var defaultFormat string
+		switch r.Type {
+		case C.RuleSetTypeLocal:
+			defaultFormat = ruleSetDefaultFormat(r.LocalOptions.Path)
+		case C.RuleSetTypeRemote:
+			defaultFormat = ruleSetDefaultFormat(r.RemoteOptions.URL)
+		}
+		if r.Format == defaultFormat {
+			r.Format = ""
+		}
+	}
 	var v any
 	switch r.Type {
 	case "", C.RuleSetTypeInline:
@ -62,7 +76,19 @@ func (r *RuleSet) UnmarshalJSON(bytes []byte) error {
 	default:
 		return E.New("unknown rule-set type: " + r.Type)
 	}
+	err = badjson.UnmarshallExcluded(bytes, (*_RuleSet)(r), v)
+	if err != nil {
+		return err
+	}
 	if r.Type != C.RuleSetTypeInline {
+		if r.Format == "" {
+			switch r.Type {
+			case C.RuleSetTypeLocal:
+				r.Format = ruleSetDefaultFormat(r.LocalOptions.Path)
+			case C.RuleSetTypeRemote:
+				r.Format = ruleSetDefaultFormat(r.RemoteOptions.URL)
+			}
+		}
 		switch r.Format {
 		case "":
 			return E.New("missing format")
@ -73,13 +99,23 @@ func (r *RuleSet) UnmarshalJSON(bytes []byte) error {
 	} else {
 		r.Format = ""
 	}
-	err = badjson.UnmarshallExcluded(bytes, (*_RuleSet)(r), v)
-	if err != nil {
-		return err
-	}
 	return nil
 }

+func ruleSetDefaultFormat(path string) string {
+	if pathURL, err := url.Parse(path); err == nil {
+		path = pathURL.Path
+	}
+	switch filepath.Ext(path) {
+	case ".json":
+		return C.RuleSetFormatSource
+	case ".srs":
+		return C.RuleSetFormatBinary
+	default:
+		return ""
+	}
+}
+
 type LocalRuleSet struct {
 	Path string `json:"path,omitempty"`
 }
--- a/protocol/redirect/tproxy.go
+++ b/protocol/redirect/tproxy.go
@ -154,10 +154,11 @@ func (w *tproxyPacketWriter) WritePacket(buffer *buf.Buffer, destination M.Socks
 			return err
 		}
 	}
-	var listenConfig net.ListenConfig
-	listenConfig.Control = control.Append(listenConfig.Control, control.ReuseAddr())
-	listenConfig.Control = control.Append(listenConfig.Control, redir.TProxyWriteBack())
-	packetConn, err := w.listener.ListenPacket(listenConfig, w.ctx, "udp", destination.String())
+	var dialer net.Dialer
+	dialer.LocalAddr = destination.UDPAddr()
+	dialer.Control = control.Append(dialer.Control, control.ReuseAddr())
+	dialer.Control = control.Append(dialer.Control, redir.TProxyWriteBack())
+	packetConn, err := w.listener.DialContext(dialer, w.ctx, "udp", w.source.String())
 	if err != nil {
 		return err
 	}
Author	SHA1	Message	Date
renovate[bot]	8a848963aa	[dependencies] Update golangci/golangci-lint-action action to v7	2025-05-01 05:52:57 +00:00
世界	52390aa929	Handle EDNS version downgrade	2025-05-01 12:34:34 +08:00
世界	371672e356	Add default values for corresponding extensions to the format of rule-sets	2025-05-01 12:34:34 +08:00
世界	bab1141dd3	documentation: Bump version	2025-05-01 12:34:34 +08:00
世界	d7867002c5	documentation: Fix anytls padding scheme description	2025-05-01 12:34:34 +08:00
安容	a8bb3a76e8	Report invalid DNS address early	2025-05-01 12:34:34 +08:00
世界	4bcfbf0ae3	Fix wireguard `listen_port`	2025-05-01 12:34:33 +08:00
世界	34dd12c7b2	clash-api: Add more meta api	2025-05-01 12:34:33 +08:00
世界	1c8fca95e6	Fix DNS lookup	2025-05-01 12:34:33 +08:00
世界	5a32303f91	Fix tailscale sending unexpected stuff	2025-05-01 12:34:33 +08:00
世界	17f41d83f4	Fix fetch ECH configs	2025-05-01 12:34:32 +08:00
reletor	5e0bc79706	documentation: Minor fixes	2025-05-01 12:34:32 +08:00
caelansar	96a33b10c0	Fix callback deletion in UDP transport	2025-05-01 12:34:32 +08:00
世界	204b174191	documentation: Try to make the play review happy	2025-05-01 12:34:31 +08:00
世界	ad79520c02	Fix missing handling of legacy `domain_strategy` options	2025-05-01 12:34:31 +08:00
世界	86377d5996	Improve local DNS server	2025-05-01 12:34:31 +08:00
anytls	56887a3a08	Update anytls Co-authored-by: anytls <anytls>	2025-05-01 12:34:30 +08:00
世界	fcbef874e4	Fix DNS dialer	2025-05-01 12:34:30 +08:00
世界	fdd2d799f8	release: Skip override version for iOS	2025-05-01 12:34:30 +08:00
iikira	fa9dad411e	Fix UDP DNS server crash Signed-off-by: iikira <i2@mail.iikira.com>	2025-05-01 12:34:29 +08:00
ReleTor	4ec222a2ed	Fix fetch ECH configs	2025-05-01 12:34:29 +08:00
世界	9cd7c54750	release: Update Go to 1.24.2	2025-05-01 12:34:29 +08:00
世界	3c70546d5f	Allow direct outbounds without `domain_resolver`	2025-05-01 12:34:28 +08:00
世界	64ee2927d7	Fix Tailscale dialer	2025-05-01 12:34:28 +08:00
dyhkwong	9a3196e320	Fix DNS over QUIC stream close	2025-05-01 12:34:28 +08:00
anytls	046fb6e21c	Update anytls Co-authored-by: anytls <anytls>	2025-05-01 12:34:27 +08:00
Rambling2076	7e21c09f35	Fix missing `with_tailscale` in Dockerfile Signed-off-by: Rambling2076 <Rambling2076@proton.me>	2025-05-01 12:34:27 +08:00
世界	ed14bbee92	Fail when default DNS server not found	2025-05-01 12:34:27 +08:00
世界	7a3ef2b07b	Update gVisor to 20250319.0	2025-05-01 12:34:26 +08:00
世界	786e734a4b	release: Do not build tailscale on iOS and tvOS	2025-05-01 12:34:26 +08:00
世界	aca6e3a1af	Explicitly reject detour to empty direct outbounds	2025-05-01 12:34:26 +08:00
世界	046308ac31	Add netns support	2025-05-01 12:33:38 +08:00
世界	312ef4e5f7	Add wildcard name support for predefined records	2025-05-01 12:30:55 +08:00
世界	45299d7305	Remove map usage in options	2025-05-01 12:30:55 +08:00
世界	d807ee5011	Fix unhandled DNS loop	2025-05-01 12:30:54 +08:00
世界	2a4e5ee729	Add wildcard-sni support for shadow-tls inbound	2025-05-01 12:30:54 +08:00
世界	7bdd80f10a	Fix Tailscale DNS	2025-05-01 12:30:54 +08:00
k9982874	d19d1a677a	Add ntp protocol sniffing	2025-05-01 12:30:54 +08:00
世界	b5e66b9bb9	option: Fix marshal legacy DNS options	2025-05-01 12:30:54 +08:00
世界	e0da41b22d	Make `domain_resolver` optional when only one DNS server is configured	2025-05-01 12:30:54 +08:00
世界	efd08f16b8	Fix DNS lookup context pollution	2025-05-01 12:30:53 +08:00
世界	c65b149103	Fix http3 DNS server connecting to wrong address	2025-05-01 12:30:53 +08:00
Restia-Ashbell	c3b7de77e8	documentation: Fix typo	2025-05-01 12:30:52 +08:00
anytls	56c5f001c1	Update sing-anytls Co-authored-by: anytls <anytls>	2025-05-01 12:30:52 +08:00
k9982874	63c702febd	Fix hosts DNS server	2025-05-01 12:30:52 +08:00
世界	163d689fb0	Fix UDP DNS server crash	2025-05-01 12:30:51 +08:00
世界	9280872c5e	documentation: Fix missing `ip_accept_any` DNS rule option	2025-05-01 12:30:51 +08:00
世界	f504c7bb7c	Fix anytls dialer usage	2025-05-01 12:30:51 +08:00
世界	50362ed07b	Move predefined DNS server to rule action	2025-05-01 12:30:51 +08:00
世界	6012d1ce44	Fix domain resolver on direct outbound	2025-05-01 12:30:50 +08:00
Zephyruso	110eb69384	Fix missing AnyTLS display name	2025-05-01 12:30:50 +08:00
anytls	4f8f5d47cd	Update sing-anytls Co-authored-by: anytls <anytls>	2025-05-01 12:30:50 +08:00
Estel	357d4a8c9d	documentation: Fix typo Signed-off-by: Estel <callmebedrockdigger@gmail.com>	2025-05-01 12:30:49 +08:00
TargetLocked	029a273531	Fix parsing legacy DNS options	2025-05-01 12:30:49 +08:00
世界	02bc695619	Fix DNS fallback	2025-05-01 12:30:48 +08:00
世界	dffbd6861f	documentation: Fix missing hosts DNS server	2025-05-01 12:30:48 +08:00
anytls	9b48db1be4	Add MinIdleSession option to AnyTLS outbound Co-authored-by: anytls <anytls>	2025-05-01 12:30:47 +08:00
ReleTor	cb9ada4ae3	documentation: Minor fixes	2025-05-01 12:30:47 +08:00
libtry486	4e8024ea7d	documentation: Fix typo fix typo Signed-off-by: libtry486 <89328481+libtry486@users.noreply.github.com>	2025-05-01 12:30:47 +08:00
Alireza Ahmadi	c953f8c809	Fix Outbound deadlock	2025-05-01 12:30:46 +08:00
世界	db41803a1a	documentation: Fix AnyTLS doc	2025-05-01 12:30:46 +08:00
anytls	b202589222	Add AnyTLS protocol	2025-05-01 12:30:46 +08:00
世界	16d7d16919	Migrate to stdlib ECH support	2025-05-01 12:30:45 +08:00
世界	07eacfc580	Add fallback local DNS server for iOS	2025-05-01 12:30:45 +08:00
世界	5a37104770	Get darwin local DNS server from libresolv	2025-05-01 12:30:44 +08:00
世界	9ebda6d366	Improve resolve action	2025-05-01 12:30:43 +08:00
世界	56f66ae026	Fix toolchain version	2025-05-01 12:30:43 +08:00
世界	f45ecb3903	Add back port hopping to hysteria 1	2025-05-01 12:30:43 +08:00
世界	b8c68e1896	Update dependencies	2025-05-01 12:30:43 +08:00
xchacha20-poly1305	389479cb85	Remove single quotes of raw Moziila certs	2025-05-01 12:30:42 +08:00
世界	4f2f890dfd	Add Tailscale endpoint	2025-05-01 12:30:41 +08:00
世界	22b31c84e1	Build legacy binaries with latest Go	2025-05-01 12:30:41 +08:00
世界	1e64e92e4e	documentation: Remove outdated icons	2025-05-01 12:30:41 +08:00
世界	a0a40898bf	documentation: Certificate store	2025-05-01 12:30:40 +08:00
世界	7d521ca78f	documentation: TLS fragment	2025-05-01 12:30:40 +08:00
世界	8efb0bab2a	documentation: Outbound domain resolver	2025-05-01 12:30:40 +08:00
世界	8beec8dcc3	documentation: Refactor DNS	2025-05-01 12:30:39 +08:00
世界	4be6c8b180	Add certificate store	2025-05-01 12:30:39 +08:00
世界	abff5b3705	Add TLS fragment support	2025-05-01 12:30:38 +08:00
世界	00562b5340	refactor: Outbound domain resolver	2025-05-01 12:30:38 +08:00
世界	ac844a672f	refactor: DNS	2025-05-01 12:30:38 +08:00
世界	1a43ac8d30	Fix tproxy writeback	2025-05-01 12:27:07 +08:00