Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
103 commits
Select commit Hold shift + click to select a range
179d081
Add MAC and hostname rule items
nekohasekai Mar 3, 2026
3da3820
Add Android support for MAC and hostname rule items
nekohasekai Mar 4, 2026
85b0c78
Add macOS support for MAC and hostname rule items
nekohasekai Mar 6, 2026
880d753
documentation: Update descriptions for neighbor rules
nekohasekai Mar 6, 2026
2c01a63
Refactor ACME support to certificate provider
nekohasekai Mar 23, 2026
d37626e
Add BBR profile and hop interval randomization for Hysteria2
nekohasekai Mar 30, 2026
d4cd859
platform: Add OOM Report & Crash Report
nekohasekai Apr 2, 2026
158cdc0
Also enable certificate store by default on Apple platforms
nekohasekai Apr 7, 2026
9a3dcca
Add evaluate DNS rule action and related rule items
nekohasekai Apr 7, 2026
ea8bf34
platform: Fix set local
nekohasekai Apr 7, 2026
e5a57a3
Fix deprecated warning double-formatting on localized clients
nekohasekai Apr 7, 2026
2d20363
oom-killer: Free memory on pressure notification and use gradual inte…
nekohasekai Apr 7, 2026
fe83054
tools: Network Quality & STUN
nekohasekai Apr 8, 2026
d0c6a43
platform: Fix darwin signal handler
nekohasekai Apr 9, 2026
953981a
tools: Tailscale status
nekohasekai Apr 9, 2026
6b18967
Revert "Also enable certificate store by default on Apple platforms"
nekohasekai Apr 9, 2026
286f99f
Fix rules lock
nekohasekai Apr 9, 2026
fa3d6de
Fix darwin local DNS transport
nekohasekai Apr 10, 2026
863d67b
tools: Tailscale status
nekohasekai Apr 10, 2026
5e02c70
Un-deprecate `ip_accept_any` DNS rule item
nekohasekai Apr 10, 2026
849cdb6
documentation: Fixes
nekohasekai Apr 10, 2026
d70d15f
Add `package_name_regex` route, DNS and headless rule item
nekohasekai Apr 10, 2026
9a04600
platform: Wrap command RPC error returns with E.Cause
nekohasekai Apr 10, 2026
99a28b9
Fix lint errors
nekohasekai Apr 10, 2026
d1ac250
Add cloudflared inbound
nekohasekai Apr 10, 2026
adeea0f
documentation: Fix missing update for `ip_version` and `query_type`
nekohasekai Apr 10, 2026
6bb84ab
Fix stun test
nekohasekai Apr 10, 2026
df5a3e5
Fix darwin cgo DNS again
nekohasekai Apr 10, 2026
d16cb4c
Fix tailscale error
nekohasekai Apr 11, 2026
0525f6c
Add optimistic DNS cache
nekohasekai Apr 11, 2026
21bc7c3
oom-killer: Record report before reset network
nekohasekai Apr 14, 2026
ab2a90d
Refactor: HTTP clients, unified HTTP2/QUIC options, Apple engines
nekohasekai Apr 14, 2026
ac745ed
Standardize hosts path
nekohasekai Apr 15, 2026
44ee81c
Add TLS spoof support
nekohasekai Apr 15, 2026
2581c6c
Fix legacy rule-set download_detour blocked by empty direct check
nekohasekai Apr 15, 2026
aabaa42
Reject pure-IP rule-set references without match_response
nekohasekai Apr 15, 2026
4a93b47
Fix use-after-free of pooled value buffers in bbolt Batch writes
nekohasekai Apr 15, 2026
9dc8d44
Reject IP literal server name with TLS spoof
nekohasekai Apr 16, 2026
45f122b
Fix macOS tlsspoof
nekohasekai Apr 17, 2026
7f690c3
Scope HTTP/2 fallback and HTTP/3 broken state per authority
nekohasekai Apr 17, 2026
79bd896
Defer implicit default HTTP client fallback to first use
nekohasekai Apr 17, 2026
661075f
Strip EDNS padding from upstream DNS responses
nekohasekai Apr 17, 2026
76fd6a5
Fix Apple TLS metadata capture
nekohasekai Apr 18, 2026
4ab34c8
Fix tls-spoof
nekohasekai Apr 17, 2026
8597592
Add search domain support for Tailscale DNS
nekohasekai Apr 20, 2026
d218a15
Log DNS optimistic background refresh outcomes
nekohasekai Apr 21, 2026
24003c6
Fix Tailscale search domain response name mismatch
nekohasekai Apr 21, 2026
2aa9c54
Fix goroutine leak in networkquality tool
nekohasekai Apr 21, 2026
12a4621
Add ACME profile support for IP address certificates
nekohasekai Mar 26, 2026
62052b6
Fix ACME HTTP-01 challenge for IPv6 literal addresses
nekohasekai Apr 21, 2026
d8420eb
platform: Improve oom-killer
nekohasekai Apr 21, 2026
4163bd7
Fix darwin cgo DNS again
nekohasekai Apr 22, 2026
6a54220
Fix stderr deprecated manager
nekohasekai Apr 23, 2026
b40e8c5
Improve UDP batch support
nekohasekai Apr 24, 2026
0807b71
Add Windows TLS engine
nekohasekai Apr 24, 2026
cc238d2
Preserve comments between formatting
nekohasekai Apr 28, 2026
4c9978f
Improve oom-killer
nekohasekai Apr 28, 2026
664db89
ssh: Add cipher, MAC, and key exchange configuration
nekohasekai Apr 28, 2026
c8792e7
dns: Add timeout configuration
nekohasekai Apr 28, 2026
f67f75a
Fix tailscale start dependencies
nekohasekai Apr 28, 2026
f842580
dns: Add neighbor-based hostname resolution to local server
nekohasekai Apr 29, 2026
db08f3f
dns: Add preferred_by rule item
nekohasekai Apr 29, 2026
b9c596f
dns: Add mDNS server
nekohasekai Apr 30, 2026
61c4d2d
Allow customizing TUN DNS mode and hijack interface DNS by default
nekohasekai May 2, 2026
a130000
Add more spoof method
macronut Apr 29, 2026
fd31d8b
Fix reset network
nekohasekai May 5, 2026
0662aa4
Add hysteria2 realm service and support
nekohasekai May 10, 2026
aa290a6
Update hysteria2 realm
nekohasekai May 11, 2026
3eac9fb
Fix TLS server close
nekohasekai May 12, 2026
7a5cc8b
realm: Add stun retry and lazy server start
nekohasekai May 12, 2026
098fd90
Fix hysteria2 realm server
nekohasekai May 12, 2026
b19d4a9
Fix lint errors
nekohasekai May 14, 2026
77282d2
dns: Fix DHCP reset
nekohasekai May 17, 2026
783dde9
Rebase wireguard-go to official
nekohasekai May 17, 2026
9e6999d
Fix shadowtls handshake
nekohasekai May 17, 2026
ebce8cf
cronet: Fix vendor package
nekohasekai May 18, 2026
b8ef5b2
oom-killer: Remove log "OOM draft discarded"
nekohasekai May 19, 2026
8196cc7
route: Refetch rule-set when cache restore fails
nekohasekai May 19, 2026
07c3615
process: Fix panic when package manager is unavailable on Android
nekohasekai May 19, 2026
701f165
tailscale: Revert dialer deprecation and remove control_http_client
nekohasekai May 20, 2026
21291af
tailscale: Fix handle peer DNS query
nekohasekai May 20, 2026
f3109a0
gvisor: Fix dialing to self addresses
nekohasekai May 20, 2026
243cc07
realm: Open separate v4 and v6 packet conns on client
nekohasekai May 20, 2026
bd2085f
Fix tailscale
nekohasekai May 21, 2026
ae375df
tailscale: Add runtime exit node API
nekohasekai May 21, 2026
3b23e5a
tailscale: Expose more peer info fields
nekohasekai May 21, 2026
3d50303
Fix tailscale dns
nekohasekai May 21, 2026
881c850
sing: Fix comment loop
nekohasekai May 22, 2026
4db5ea3
daemon: Add Tailssh
nekohasekai May 25, 2026
45be67c
hysteria2: Add gecko obfs
nekohasekai May 25, 2026
5dee6a9
tools: Fix mising cleanup
nekohasekai May 26, 2026
b2a9c49
tailscale: Add tailssh server
nekohasekai May 28, 2026
4bf449a
tailssh: fix platform SFTP session teardown
nekohasekai Jun 1, 2026
dc110f5
platform: Add tailscale device name and logout
nekohasekai Jun 2, 2026
6b490f5
Fix crash on Apple platforms caused by concurrent libresolv calls
nekohasekai Jun 4, 2026
8a42af3
Bump version
nekohasekai Jun 3, 2026
992b1bb
platform: Add shell support for iOS
nekohasekai Jun 10, 2026
bb3de82
daemon: Split host operations into ManagedService
nekohasekai Jun 11, 2026
9db1cc5
Add sing-box API service
nekohasekai Jun 11, 2026
eb61380
tailscale: Fix auth URL not refreshed after logout
nekohasekai Jun 12, 2026
f93c441
Update Go to 1.25.11
nekohasekai Jun 12, 2026
fa34e6c
Bump version
nekohasekai Jun 12, 2026
4e768f1
Update v2ray-transport.zh.md
OriginVorfeed Jun 13, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion .github/CRONET_GO_VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2faf34666c2cc8234f10f2ab6d4c4d6104d34ae2
b3eec8134aec1387d850e0671dd8531e2e6140b0
2 changes: 1 addition & 1 deletion .github/setup_go_for_macos1013.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

set -euo pipefail

VERSION="1.25.10"
VERSION="1.25.11"
PATCH_COMMITS=(
"afe69d3cec1c6dcf0f1797b20546795730850070"
"1ed289b0cf87dc5aae9c6fe1aa5f200a83412938"
Expand Down
2 changes: 1 addition & 1 deletion .github/setup_go_for_windows7.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

set -euo pipefail

VERSION="1.25.10"
VERSION="1.25.11"
PATCH_COMMITS=(
"466f6c7a29bc098b0d4c987b803c779222894a11"
"1bdabae205052afe1dadb2ad6f1ba612cdbc532a"
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Check input version
if: github.event_name == 'workflow_dispatch'
run: |-
Expand Down Expand Up @@ -124,7 +124,7 @@ jobs:
if: ${{ ! matrix.legacy_win7 }}
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Cache Go for Windows 7
if: matrix.legacy_win7
id: cache-go-for-windows7
Expand Down Expand Up @@ -649,7 +649,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Setup Android NDK
id: setup-ndk
uses: nttld/setup-ndk@v1
Expand Down Expand Up @@ -743,7 +743,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Setup Android NDK
id: setup-ndk
uses: nttld/setup-ndk@v1
Expand Down Expand Up @@ -842,7 +842,7 @@ jobs:
if: matrix.if
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Set tag
if: matrix.if
run: |-
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Clone cronet-go
if: matrix.naive
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Check input version
if: github.event_name == 'workflow_dispatch'
run: |-
Expand Down Expand Up @@ -72,7 +72,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ~1.25.10
go-version: ~1.25.11
- name: Clone cronet-go
if: matrix.naive
run: |
Expand Down
55 changes: 55 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Test

on:
push:
branches:
- stable
- testing
- unstable
paths-ignore:
- '**.md'
- '.github/**'
- '!.github/workflows/test.yml'
pull_request:
branches:
- stable
- testing
- unstable

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}-${{ inputs.build }}
cancel-in-progress: true

jobs:
test:
name: Test
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
- macos-latest
go:
- ~1.24
- ~1.25
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
- name: Set build tags and ldflags
shell: bash
run: |
echo "BUILD_TAGS=$(cat release/DEFAULT_BUILD_TAGS_OTHERS)" >> "$GITHUB_ENV"
echo "LDFLAGS_SHARED=$(cat release/LDFLAGS)" >> "$GITHUB_ENV"
- name: Test (unix)
if: matrix.os != 'windows-latest'
run: go test -v -exec sudo -tags "$BUILD_TAGS" -ldflags "$LDFLAGS_SHARED" ./...
- name: Test (windows)
if: matrix.os == 'windows-latest'
shell: bash
run: go test -v -tags "$BUILD_TAGS" -ldflags "$LDFLAGS_SHARED" ./...
1 change: 0 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ linters:
default: none
enable:
- ineffassign
- paralleltest
- staticcheck
- unused
- modernize
Expand Down
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -264,8 +264,8 @@ lib_apple_new:
$(SING_FFI) generate --config $(LIBBOX_FFI_CONFIG) --platform-type apple

lib_install:
go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.12
go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.12
go install -v github.com/sagernet/gomobile/cmd/gomobile@v0.1.13
go install -v github.com/sagernet/gomobile/cmd/gobind@v0.1.13

docs:
venv/bin/mkdocs serve
Expand Down
1 change: 1 addition & 0 deletions adapter/certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
type CertificateStore interface {
LifecycleService
Pool() *x509.CertPool
ExclusiveAnchors() bool
}

func RootPoolFromContext(ctx context.Context) *x509.CertPool {
Expand Down
21 changes: 21 additions & 0 deletions adapter/certificate/adapter.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package certificate

type Adapter struct {
providerType string
providerTag string
}

func NewAdapter(providerType string, providerTag string) Adapter {
return Adapter{
providerType: providerType,
providerTag: providerTag,
}
}

func (a *Adapter) Type() string {
return a.providerType
}

func (a *Adapter) Tag() string {
return a.providerTag
}
158 changes: 158 additions & 0 deletions adapter/certificate/manager.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
package certificate

import (
"context"
"os"
"sync"
"time"

"github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/common/taskmonitor"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing/common"
E "github.com/sagernet/sing/common/exceptions"
F "github.com/sagernet/sing/common/format"
)

var _ adapter.CertificateProviderManager = (*Manager)(nil)

type Manager struct {
logger log.ContextLogger
registry adapter.CertificateProviderRegistry
access sync.Mutex
started bool
stage adapter.StartStage
providers []adapter.CertificateProviderService
providerByTag map[string]adapter.CertificateProviderService
}

func NewManager(logger log.ContextLogger, registry adapter.CertificateProviderRegistry) *Manager {
return &Manager{
logger: logger,
registry: registry,
providerByTag: make(map[string]adapter.CertificateProviderService),
}
}

func (m *Manager) Start(stage adapter.StartStage) error {
m.access.Lock()
if m.started && m.stage >= stage {
panic("already started")
}
m.started = true
m.stage = stage
providers := m.providers
m.access.Unlock()
for _, provider := range providers {
name := "certificate-provider/" + provider.Type() + "[" + provider.Tag() + "]"
m.logger.Trace(stage, " ", name)
startTime := time.Now()
err := adapter.LegacyStart(provider, stage)
if err != nil {
return E.Cause(err, stage, " ", name)
}
m.logger.Trace(stage, " ", name, " completed (", F.Seconds(time.Since(startTime).Seconds()), "s)")
}
return nil
}

func (m *Manager) Close() error {
m.access.Lock()
defer m.access.Unlock()
if !m.started {
return nil
}
m.started = false
providers := m.providers
m.providers = nil
monitor := taskmonitor.New(m.logger, C.StopTimeout)
var err error
for _, provider := range providers {
name := "certificate-provider/" + provider.Type() + "[" + provider.Tag() + "]"
m.logger.Trace("close ", name)
startTime := time.Now()
monitor.Start("close ", name)
err = E.Append(err, provider.Close(), func(err error) error {
return E.Cause(err, "close ", name)
})
monitor.Finish()
m.logger.Trace("close ", name, " completed (", F.Seconds(time.Since(startTime).Seconds()), "s)")
}
return err
}

func (m *Manager) CertificateProviders() []adapter.CertificateProviderService {
m.access.Lock()
defer m.access.Unlock()
return m.providers
}

func (m *Manager) Get(tag string) (adapter.CertificateProviderService, bool) {
m.access.Lock()
provider, found := m.providerByTag[tag]
m.access.Unlock()
return provider, found
}

func (m *Manager) Remove(tag string) error {
m.access.Lock()
provider, found := m.providerByTag[tag]
if !found {
m.access.Unlock()
return os.ErrInvalid
}
delete(m.providerByTag, tag)
index := common.Index(m.providers, func(it adapter.CertificateProviderService) bool {
return it == provider
})
if index == -1 {
panic("invalid certificate provider index")
}
m.providers = append(m.providers[:index], m.providers[index+1:]...)
started := m.started
m.access.Unlock()
if started {
return provider.Close()
}
return nil
}

func (m *Manager) Create(ctx context.Context, logger log.ContextLogger, tag string, providerType string, options any) error {
provider, err := m.registry.Create(ctx, logger, tag, providerType, options)
if err != nil {
return err
}
m.access.Lock()
defer m.access.Unlock()
if m.started {
name := "certificate-provider/" + provider.Type() + "[" + provider.Tag() + "]"
for _, stage := range adapter.ListStartStages {
m.logger.Trace(stage, " ", name)
startTime := time.Now()
err = adapter.LegacyStart(provider, stage)
if err != nil {
return E.Cause(err, stage, " ", name)
}
m.logger.Trace(stage, " ", name, " completed (", F.Seconds(time.Since(startTime).Seconds()), "s)")
}
}
if existsProvider, loaded := m.providerByTag[tag]; loaded {
if m.started {
err = existsProvider.Close()
if err != nil {
return E.Cause(err, "close certificate-provider/", existsProvider.Type(), "[", existsProvider.Tag(), "]")
}
}
existsIndex := common.Index(m.providers, func(it adapter.CertificateProviderService) bool {
return it == existsProvider
})
if existsIndex == -1 {
panic("invalid certificate provider index")
}
m.providers = append(m.providers[:existsIndex], m.providers[existsIndex+1:]...)
}
m.providers = append(m.providers, provider)
m.providerByTag[tag] = provider
return nil
}
Loading