[dependencies] Update golangci/golangci-lint-action action to v8

Signed-off-by: 愚者 <11926619+FansChou@users.noreply.github.com>

.github/workflows/build.yml

@@ -437,24 +437,28 @@ jobs:
             platform: ios
             scheme: SFI
             destination: 'generic/platform=iOS'
+            archive: build/SFI.xcarchive
             upload: SFI/Upload.plist
           - name: macOS
             if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'macOS' }}
             platform: macos
             scheme: SFM
             destination: 'generic/platform=macOS'
+            archive: build/SFM.xcarchive
             upload: SFI/Upload.plist
           - name: tvOS
             if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'tvOS' }}
             platform: tvos
             scheme: SFT
             destination: 'generic/platform=tvOS'
+            archive: build/SFT.xcarchive
             upload: SFI/Upload.plist
           - name: macOS-standalone
             if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'macOS-standalone' }}
             platform: macos
             scheme: SFM.System
             destination: 'generic/platform=macOS'
+            archive: build/SFM.System.xcarchive
             export: SFM.System/Export.plist
             export_path: build/SFM.System
     steps:
@@ -539,12 +543,6 @@ jobs:
           export PATH="$PATH:$(go env GOPATH)/bin"
           go run ./cmd/internal/build_libbox -target apple -platform ${{ matrix.platform }}
           mv Libbox.xcframework clients/apple
-      - name: Build library with tailscale
-        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS')
-        run: |-
-          export PATH="$PATH:$(go env GOPATH)/bin"
-          go run ./cmd/internal/build_libbox -target apple -platform ${{ matrix.platform }} -tailscale
-          mv Libbox.xcframework clients/apple/Libbox.WithTailscale.xcframework
       - name: Update macOS version
         if: matrix.if && matrix.name == 'macOS' && github.event_name == 'workflow_dispatch'
         run: |-
@@ -563,71 +561,18 @@ jobs:
             -scheme "${{ matrix.scheme }}" \
             -configuration Release \
             -destination "${{ matrix.destination }}" \
-            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
+            -archivePath "${{ matrix.archive }}" \
             -allowProvisioningUpdates \
             -authenticationKeyPath $ASC_KEY_PATH \
             -authenticationKeyID $ASC_KEY_ID \
             -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
-      - name: Build with Tailscale
-        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS')
-        run: |-
-          cd clients/apple
-          mv Libbox.xcframework Libbox.WithoutTailscale.xcframework
-          mv Libbox.WithTailscale.xcframework Libbox.xcframework
-          xcodebuild archive \
-            -scheme "${{ matrix.scheme }}" \
-            -configuration Release \
-            -destination "${{ matrix.destination }}" \
-            -archivePath "build/${{ matrix.scheme }}.WithTailscale.xcarchive" \
-            -allowProvisioningUpdates \
-            -authenticationKeyPath $ASC_KEY_PATH \
-            -authenticationKeyID $ASC_KEY_ID \
-            -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
-      - name: Export IPA
-        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS') && github.event_name == 'workflow_dispatch'
-        run: |-
-          pushd clients/apple
-          xcodebuild -exportArchive \
-            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
-            -exportOptionsPlist SFI/Export.plist \
-            -exportPath "build/${{ matrix.scheme }}" \
-            -allowProvisioningUpdates \
-            -authenticationKeyPath $ASC_KEY_PATH \
-            -authenticationKeyID $ASC_KEY_ID \
-            -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
-          cp build/${{ matrix.scheme }}/sing-box.ipa .
-          popd
-          mkdir -p dist
-          cp clients/apple/sing-box.ipa "dist/${{ matrix.scheme }}-${{ needs.calculate_version.outputs.version }}.ipa"
-      - name: Export IPA with Tailscale
-        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS') && github.event_name == 'workflow_dispatch'
-        run: |-
-          pushd clients/apple
-          xcodebuild -exportArchive \
-            -archivePath "build/${{ matrix.scheme }}.WithTailscale.xcarchive" \
-            -exportOptionsPlist SFI/Export.plist \
-            -exportPath "build/${{ matrix.scheme }}.WithTailscale" \
-            -allowProvisioningUpdates \
-            -authenticationKeyPath $ASC_KEY_PATH \
-            -authenticationKeyID $ASC_KEY_ID \
-            -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID
-          cp build/${{ matrix.scheme }}.WithTailscale/sing-box.ipa .
-          popd
-          mkdir -p dist
-          cp clients/apple/sing-box.ipa "dist/${{ matrix.scheme }}-${{ needs.calculate_version.outputs.version }}-WithTailscale.ipa"
-      - name: Upload IPA
-        if: matrix.if && (matrix.name == 'iOS' || matrix.name == 'tvOS') && github.event_name == 'workflow_dispatch'
-        uses: actions/upload-artifact@v4
-        with:
-          name: binary-${{ matrix.name }}-ipa
-          path: 'dist'
       - name: Upload to App Store Connect
         if: matrix.if && matrix.name != 'macOS-standalone' && github.event_name == 'workflow_dispatch'
         run: |-
           go run -v ./cmd/internal/app_store_connect cancel_app_store ${{ matrix.platform }}
           cd clients/apple
           xcodebuild -exportArchive \
-            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
+            -archivePath "${{ matrix.archive }}" \
             -exportOptionsPlist ${{ matrix.upload }} \
             -allowProvisioningUpdates \
             -authenticationKeyPath $ASC_KEY_PATH \
@@ -642,7 +587,7 @@ jobs:
         run: |-
           pushd clients/apple
           xcodebuild -exportArchive \
-            -archivePath "build/${{ matrix.scheme }}.xcarchive" \
+          	-archivePath "${{ matrix.archive }}" \
           	-exportOptionsPlist ${{ matrix.export }} \
           	-exportPath "${{ matrix.export_path }}"
           brew install create-dmg
@@ -655,13 +600,13 @@ jobs:
           		--skip-jenkins \
           	SFM.dmg "${{ matrix.export_path }}/SFM.app"
           xcrun notarytool submit "SFM.dmg" --wait --keychain-profile "notarytool-password"          
-          cd "build/${{ matrix.scheme }}.xcarchive"
+          cd "${{ matrix.archive }}"
           zip -r SFM.dSYMs.zip dSYMs
           popd
 
           mkdir -p dist
           cp clients/apple/SFM.dmg "dist/SFM-${VERSION}-universal.dmg"
-          cp "clients/apple/build/${{ matrix.scheme }}.xcarchive/SFM.dSYMs.zip" "dist/SFM-${VERSION}-universal.dSYMs.zip"
+          cp "clients/apple/${{ matrix.archive }}/SFM.dSYMs.zip" "dist/SFM-${VERSION}-universal.dSYMs.zip"
       - name: Upload image
         if: matrix.if && matrix.name == 'macOS-standalone' && github.event_name == 'workflow_dispatch'
         uses: actions/upload-artifact@v4

Makefile

@@ -108,16 +108,6 @@ upload_ios_app_store:
 	cd ../sing-box-for-apple && \
 	xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
 
-export_ios_ipa:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath build/SFI.xcarchive -exportOptionsPlist SFI/Export.plist -allowProvisioningUpdates -exportPath build/SFI && \
-	cp build/SFI/sing-box.ipa dist/SFI.ipa
-
-upload_ios_ipa:
-	cd dist && \
-	cp SFI.ipa "SFI-${VERSION}.ipa" && \
-	ghr --replace --draft --prerelease "v${VERSION}" "SFI-${VERSION}.ipa"
-
 release_ios: build_ios upload_ios_app_store
 
 build_macos:
@@ -185,16 +175,6 @@ upload_tvos_app_store:
 	cd ../sing-box-for-apple && \
 	xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Upload.plist -allowProvisioningUpdates
 
-export_tvos_ipa:
-	cd ../sing-box-for-apple && \
-	xcodebuild -exportArchive -archivePath "build/SFT.xcarchive" -exportOptionsPlist SFI/Export.plist -allowProvisioningUpdates -exportPath build/SFT && \
-	cp build/SFT/sing-box.ipa dist/SFT.ipa
-
-upload_tvos_ipa:
-	cd dist && \
-	cp SFT.ipa "SFT-${VERSION}.ipa" && \
-	ghr --replace --draft --prerelease "v${VERSION}" "SFT-${VERSION}.ipa"
-
 release_tvos: build_tvos upload_tvos_app_store
 
 update_apple_version:

adapter/inbound.go

@@ -57,7 +57,7 @@ type InboundContext struct {
 	Domain           string
 	Client           string
 	SniffContext     any
-	SniffError   error
+	PacketSniffError error
 
 	// cache
 

cmd/internal/build_libbox/main.go

@@ -19,14 +19,12 @@ var (
 	debugEnabled bool
 	target       string
 	platform     string
-	withTailscale bool
 )
 
 func init() {
 	flag.BoolVar(&debugEnabled, "debug", false, "enable debug")
 	flag.StringVar(&target, "target", "android", "target platform")
 	flag.StringVar(&platform, "platform", "", "specify platform")
-	flag.BoolVar(&withTailscale, "tailscale", false, "build tailscale for iOS and tvOS")
 }
 
 func main() {
@@ -153,9 +151,7 @@ func buildApple() {
 		"-v",
 		"-target", bindTarget,
 		"-libname=box",
-	}
-	if withTailscale {
-		args = append(args, "-tags-macos="+strings.Join(memcTags, ","))
+		"-tags-macos=" + strings.Join(memcTags, ","),
 	}
 
 	if !debugEnabled {
@@ -165,9 +161,6 @@ func buildApple() {
 	}
 
 	tags := append(sharedTags, iosTags...)
-	if withTailscale {
-		tags = append(tags, memcTags...)
-	}
 	if debugEnabled {
 		tags = append(tags, debugTags...)
 	}

common/convertor/adguard/convertor.go

@@ -96,7 +96,7 @@ parseLine:
 				}
 				if !ignored {
 					ignoredLines++
-					logger.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", originRuleLine)
+					logger.Debug("ignored unsupported rule with modifier: ", paramParts[0], ": ", ruleLine)
 					continue parseLine
 				}
 			}
@@ -124,35 +124,34 @@ parseLine:
 			ruleLine = ruleLine[1 : len(ruleLine)-1]
 			if ignoreIPCIDRRegexp(ruleLine) {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule with IPCIDR regexp: ", originRuleLine)
+				logger.Debug("ignored unsupported rule with IPCIDR regexp: ", ruleLine)
 				continue
 			}
 			isRegexp = true
 		} else {
 			if strings.Contains(ruleLine, "://") {
 				ruleLine = common.SubstringAfter(ruleLine, "://")
-				isSuffix = true
 			}
 			if strings.Contains(ruleLine, "/") {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule with path: ", originRuleLine)
+				logger.Debug("ignored unsupported rule with path: ", ruleLine)
 				continue
 			}
 			if strings.Contains(ruleLine, "?") || strings.Contains(ruleLine, "&") {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule with query: ", originRuleLine)
+				logger.Debug("ignored unsupported rule with query: ", ruleLine)
 				continue
 			}
 			if strings.Contains(ruleLine, "[") || strings.Contains(ruleLine, "]") ||
 				strings.Contains(ruleLine, "(") || strings.Contains(ruleLine, ")") ||
 				strings.Contains(ruleLine, "!") || strings.Contains(ruleLine, "#") {
 				ignoredLines++
-				logger.Debug("ignored unsupported cosmetic filter: ", originRuleLine)
+				logger.Debug("ignored unsupported cosmetic filter: ", ruleLine)
 				continue
 			}
 			if strings.Contains(ruleLine, "~") {
 				ignoredLines++
-				logger.Debug("ignored unsupported rule modifier: ", originRuleLine)
+				logger.Debug("ignored unsupported rule modifier: ", ruleLine)
 				continue
 			}
 			var domainCheck string
@@ -171,13 +170,13 @@ parseLine:
 					_, ipErr := parseADGuardIPCIDRLine(ruleLine)
 					if ipErr == nil {
 						ignoredLines++
-						logger.Debug("ignored unsupported rule with IPCIDR: ", originRuleLine)
+						logger.Debug("ignored unsupported rule with IPCIDR: ", ruleLine)
 						continue
 					}
 					if M.ParseSocksaddr(domainCheck).Port != 0 {
-						logger.Debug("ignored unsupported rule with port: ", originRuleLine)
+						logger.Debug("ignored unsupported rule with port: ", ruleLine)
 					} else {
-						logger.Debug("ignored unsupported rule with invalid domain: ", originRuleLine)
+						logger.Debug("ignored unsupported rule with invalid domain: ", ruleLine)
 					}
 					ignoredLines++
 					continue
@@ -408,9 +407,11 @@ func ignoreIPCIDRRegexp(ruleLine string) bool {
 		ruleLine = ruleLine[13:]
 	} else if strings.HasPrefix(ruleLine, "^") {
 		ruleLine = ruleLine[1:]
+	} else {
+		return false
 	}
-	return common.Error(strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)) == nil ||
-		common.Error(strconv.ParseUint(common.SubstringBefore(ruleLine, "."), 10, 8)) == nil
+	_, parseErr := strconv.ParseUint(common.SubstringBefore(ruleLine, "\\."), 10, 8)
+	return parseErr == nil
 }
 
 func parseAdGuardHostLine(ruleLine string) (string, error) {

docs/changelog.md

@@ -2,7 +2,7 @@
 icon: material/alert-decagram
 ---
 
-#### 1.12.0-beta.28
+#### 1.12.0-beta.27
 
 * Fixes and improvements
 

docs/clients/apple/index.md

@@ -19,21 +19,13 @@ platform-specific function implementation, such as TUN transparent proxy impleme
 ## :material-download: Download
 
 * [App Store](https://apps.apple.com/app/sing-box-vt/id6673731168)
-* TestFlight (Beta) **1**
-* [GitHub Releases](https://github.com/SagerNet/sing-box/releases) **2**
-
-**1**:
+* TestFlight (Beta)
 
 TestFlight quota is only available to [sponsors](https://github.com/sponsors/nekohasekai)
 (one-time sponsorships are accepted).
 Once you donate, you can get an invitation by join our Telegram group for sponsors from [@yet_another_sponsor_bot](https://t.me/yet_another_sponsor_bot)
 or sending us your Apple ID [via email](mailto:contact@sagernet.org).
 
-**2**:
-
-You can now download compiled IPAs for iOS and tvOS directly from GitHub releases, 
-but you need to purchase the **Apple Developer Program** to install them through AltStore or SideStore.
-
 ## :material-file-download: Download (macOS standalone version)
 
 * [Homebrew Cask](https://formulae.brew.sh/cask/sfm)

docs/configuration/inbound/tun.md

@@ -64,7 +64,7 @@ icon: material/new-box
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
   "loopback_address": [
-    "10.7.0.1"
+    "10.0.7.1"
   ],
   "strict_route": true,
   "route_address": [
@@ -284,7 +284,7 @@ Connection output mark used by `auto_redirect`.
 
 Loopback addresses make TCP connections to the specified address connect to the source address.
 
-Setting option value to `10.7.0.1` achieves the same behavior as SideStore/StosVPN.
+Setting option value to `10.0.7.1` achieves the same behavior as SideStore/StosVPN.
 
 When `auto_redirect` is enabled, the same behavior can be achieved for LAN devices (not just local) as a gateway.
 

docs/configuration/inbound/tun.zh.md

@@ -64,7 +64,7 @@ icon: material/new-box
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
   "loopback_address": [
-    "10.7.0.1"
+    "10.0.7.1"
   ],
   "strict_route": true,
   "route_address": [
@@ -283,7 +283,7 @@ tun 接口的 IPv6 前缀。
 
 环回地址是用于使指向指定地址的 TCP 连接连接到来源地址的。
 
-将选项值设置为 `10.7.0.1` 可实现与 SideStore/StosVPN 相同的行为。
+将选项值设置为 `10.0.7.1` 可实现与 SideStore/StosVPN 相同的行为。
 
 当启用 `auto_redirect` 时，可以作为网关为局域网设备（而不仅仅是本地）实现相同的行为。
 

route/route.go

@@ -501,9 +501,6 @@ func (r *Router) actionSniff(
 	if inputConn != nil {
 		if len(action.StreamSniffers) == 0 && len(action.PacketSniffers) > 0 {
 			return
-		} else if metadata.SniffError != nil && !errors.Is(metadata.SniffError, sniff.ErrNeedMoreData) {
-			r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.SniffError)
-			return
 		}
 		var streamSniffers []sniff.StreamSniffer
 		if len(action.StreamSniffers) > 0 {
@@ -528,7 +525,6 @@ func (r *Router) actionSniff(
 			action.Timeout,
 			streamSniffers...,
 		)
-		metadata.SniffError = err
 		if err == nil {
 			//goland:noinspection GoDeprecation
 			if action.OverrideDestination && M.IsDomainName(metadata.Domain) {
@@ -553,8 +549,8 @@ func (r *Router) actionSniff(
 	} else if inputPacketConn != nil {
 		if len(action.PacketSniffers) == 0 && len(action.StreamSniffers) > 0 {
 			return
-		} else if metadata.SniffError != nil && !errors.Is(metadata.SniffError, sniff.ErrNeedMoreData) {
-			r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.SniffError)
+		} else if metadata.PacketSniffError != nil && !errors.Is(metadata.PacketSniffError, sniff.ErrNeedMoreData) {
+			r.logger.DebugContext(ctx, "packet sniff skipped due to previous error: ", metadata.PacketSniffError)
 			return
 		}
 		var packetSniffers []sniff.PacketSniffer
@@ -602,7 +598,7 @@ func (r *Router) actionSniff(
 					return
 				}
 			} else {
-				if len(packetBuffers) > 0 || metadata.SniffError != nil {
+				if len(packetBuffers) > 0 || metadata.PacketSniffError != nil {
 					err = sniff.PeekPacket(
 						ctx,
 						metadata,
@@ -622,7 +618,7 @@ func (r *Router) actionSniff(
 					Destination: destination,
 				}
 				packetBuffers = append(packetBuffers, packetBuffer)
-				metadata.SniffError = err
+				metadata.PacketSniffError = err
 				if errors.Is(err, sniff.ErrNeedMoreData) {
 					// TODO: replace with generic message when there are more multi-packet protocols
 					r.logger.DebugContext(ctx, "attempt to sniff fragmented QUIC client hello")