From d2ae94f20b70a23f82fc74d529bbe4ef3fd43e1d Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Sun, 24 Mar 2024 21:24:50 +0800 Subject: [PATCH 1/6] fix: iface panic https://github.com/MetaCubeX/mihomo/issues/1130 --- component/iface/iface.go | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/component/iface/iface.go b/component/iface/iface.go index dd932b46..2fd36861 100644 --- a/component/iface/iface.go +++ b/component/iface/iface.go @@ -40,16 +40,25 @@ func ResolveInterface(name string) (*Interface, error) { ipNets := make([]netip.Prefix, 0, len(addrs)) for _, addr := range addrs { - ipNet := addr.(*net.IPNet) - ip, _ := netip.AddrFromSlice(ipNet.IP) - - ones, bits := ipNet.Mask.Size() - if bits == 32 { + var pf netip.Prefix + switch addr.(type) { + case *net.IPNet: + ipNet := addr.(*net.IPNet) + ip, _ := netip.AddrFromSlice(ipNet.IP) + ones, bits := ipNet.Mask.Size() + if bits == 32 { + ip = ip.Unmap() + } + pf = netip.PrefixFrom(ip, ones) + case *net.IPAddr: + ipNet := addr.(*net.IPAddr) + ip, _ := netip.AddrFromSlice(ipNet.IP) ip = ip.Unmap() + pf = netip.PrefixFrom(ip, ip.BitLen()) + } + if pf.IsValid() { + ipNets = append(ipNets, pf) } - - pf := netip.PrefixFrom(ip, ones) - ipNets = append(ipNets, pf) } r[iface.Name] = &Interface{ From 5af7f4e847ede794c4db4cbaa0964cba0eb8e5dc Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Sun, 24 Mar 2024 21:31:52 +0800 Subject: [PATCH 2/6] chore: allow config `table-index` for tun https://github.com/MetaCubeX/mihomo/issues/1128 --- config/config.go | 2 ++ hub/route/configs.go | 4 ++++ listener/config/tun.go | 1 + listener/inbound/tun.go | 2 ++ listener/listener.go | 3 ++- listener/sing_tun/server.go | 6 +++++- 6 files changed, 16 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index ca866491..ca179ed0 100644 --- a/config/config.go +++ b/config/config.go @@ -265,6 +265,7 @@ type RawTun struct { EndpointIndependentNat bool `yaml:"endpoint-independent-nat" json:"endpoint_independent_nat,omitempty"` UDPTimeout int64 `yaml:"udp-timeout" json:"udp_timeout,omitempty"` FileDescriptor int `yaml:"file-descriptor" json:"file-descriptor"` + TableIndex int `yaml:"table-index" json:"table-index"` } type RawTuicServer struct { @@ -1448,6 +1449,7 @@ func parseTun(rawTun RawTun, general *General) error { EndpointIndependentNat: rawTun.EndpointIndependentNat, UDPTimeout: rawTun.UDPTimeout, FileDescriptor: rawTun.FileDescriptor, + TableIndex: rawTun.TableIndex, } return nil diff --git a/hub/route/configs.go b/hub/route/configs.go index ec0b464c..653e4351 100644 --- a/hub/route/configs.go +++ b/hub/route/configs.go @@ -91,6 +91,7 @@ type tunSchema struct { EndpointIndependentNat *bool `yaml:"endpoint-independent-nat" json:"endpoint-independent-nat,omitempty"` UDPTimeout *int64 `yaml:"udp-timeout" json:"udp-timeout,omitempty"` FileDescriptor *int `yaml:"file-descriptor" json:"file-descriptor"` + TableIndex *int `yaml:"table-index" json:"table-index"` } type tuicServerSchema struct { @@ -209,6 +210,9 @@ func pointerOrDefaultTun(p *tunSchema, def LC.Tun) LC.Tun { if p.FileDescriptor != nil { def.FileDescriptor = *p.FileDescriptor } + if p.TableIndex != nil { + def.TableIndex = *p.TableIndex + } } return def } diff --git a/listener/config/tun.go b/listener/config/tun.go index 1772c6f5..7467e4a6 100644 --- a/listener/config/tun.go +++ b/listener/config/tun.go @@ -49,4 +49,5 @@ type Tun struct { EndpointIndependentNat bool `yaml:"endpoint-independent-nat" json:"endpoint-independent-nat,omitempty"` UDPTimeout int64 `yaml:"udp-timeout" json:"udp-timeout,omitempty"` FileDescriptor int `yaml:"file-descriptor" json:"file-descriptor"` + TableIndex int `yaml:"table-index" json:"table-index"` } diff --git a/listener/inbound/tun.go b/listener/inbound/tun.go index a1fdebfa..51747c46 100644 --- a/listener/inbound/tun.go +++ b/listener/inbound/tun.go @@ -40,6 +40,7 @@ type TunOption struct { EndpointIndependentNat bool `inbound:"endpoint_independent_nat,omitempty"` UDPTimeout int64 `inbound:"udp_timeout,omitempty"` FileDescriptor int `inbound:"file-descriptor,omitempty"` + TableIndex int `inbound:"table-index,omitempty"` } func (o TunOption) Equal(config C.InboundConfig) bool { @@ -118,6 +119,7 @@ func NewTun(options *TunOption) (*Tun, error) { EndpointIndependentNat: options.EndpointIndependentNat, UDPTimeout: options.UDPTimeout, FileDescriptor: options.FileDescriptor, + TableIndex: options.TableIndex, }, }, nil } diff --git a/listener/listener.go b/listener/listener.go index ac602971..e3506188 100644 --- a/listener/listener.go +++ b/listener/listener.go @@ -823,7 +823,8 @@ func hasTunConfigChange(tunConf *LC.Tun) bool { LastTunConf.StrictRoute != tunConf.StrictRoute || LastTunConf.EndpointIndependentNat != tunConf.EndpointIndependentNat || LastTunConf.UDPTimeout != tunConf.UDPTimeout || - LastTunConf.FileDescriptor != tunConf.FileDescriptor { + LastTunConf.FileDescriptor != tunConf.FileDescriptor || + LastTunConf.TableIndex != tunConf.TableIndex { return true } diff --git a/listener/sing_tun/server.go b/listener/sing_tun/server.go index cc26d37d..96ec1573 100644 --- a/listener/sing_tun/server.go +++ b/listener/sing_tun/server.go @@ -112,6 +112,10 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis } else { udpTimeout = int64(sing.UDPTimeout.Seconds()) } + tableIndex := options.TableIndex + if tableIndex == 0 { + tableIndex = 2022 + } includeUID := uidToRange(options.IncludeUID) if len(options.IncludeUIDRange) > 0 { var err error @@ -225,7 +229,7 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis ExcludePackage: options.ExcludePackage, FileDescriptor: options.FileDescriptor, InterfaceMonitor: defaultInterfaceMonitor, - TableIndex: 2022, + TableIndex: tableIndex, } err = l.buildAndroidRules(&tunOptions) From 288899a47318902802800230d5e35ea7416b52ea Mon Sep 17 00:00:00 2001 From: bobo liu <7552030+fakeboboliu@users.noreply.github.com> Date: Sun, 24 Mar 2024 21:41:05 +0800 Subject: [PATCH 3/6] chore: stylish d2ae94f2 (#1132) --- component/iface/iface.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/component/iface/iface.go b/component/iface/iface.go index 2fd36861..1d0219df 100644 --- a/component/iface/iface.go +++ b/component/iface/iface.go @@ -41,9 +41,8 @@ func ResolveInterface(name string) (*Interface, error) { ipNets := make([]netip.Prefix, 0, len(addrs)) for _, addr := range addrs { var pf netip.Prefix - switch addr.(type) { + switch ipNet := addr.(type) { case *net.IPNet: - ipNet := addr.(*net.IPNet) ip, _ := netip.AddrFromSlice(ipNet.IP) ones, bits := ipNet.Mask.Size() if bits == 32 { @@ -51,7 +50,6 @@ func ResolveInterface(name string) (*Interface, error) { } pf = netip.PrefixFrom(ip, ones) case *net.IPAddr: - ipNet := addr.(*net.IPAddr) ip, _ := netip.AddrFromSlice(ipNet.IP) ip = ip.Unmap() pf = netip.PrefixFrom(ip, ip.BitLen()) From 0b4662e4b7f52f631112d16a69b81e1a49c8fe42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=90=BD=E5=BF=83?= <33619903+Luoxin@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:19:33 +0800 Subject: [PATCH 4/6] fixed: invalid argument to Intn (#1133) --- transport/vmess/http.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/transport/vmess/http.go b/transport/vmess/http.go index 6da9759e..b023fee4 100644 --- a/transport/vmess/http.go +++ b/transport/vmess/http.go @@ -3,6 +3,7 @@ package vmess import ( "bufio" "bytes" + "errors" "fmt" "net" "net/http" @@ -54,6 +55,10 @@ func (hc *httpConn) Write(b []byte) (int, error) { return hc.Conn.Write(b) } + if len(hc.cfg.Path) == 0 { + return -1, errors.New("path is empty") + } + path := hc.cfg.Path[fastrand.Intn(len(hc.cfg.Path))] host := hc.cfg.Host if header := hc.cfg.Headers["Host"]; len(header) != 0 { From 82517e6ba8059339287911af899ffdffca6a4044 Mon Sep 17 00:00:00 2001 From: Larvan2 <78135608+Larvan2@users.noreply.github.com> Date: Wed, 27 Mar 2024 19:34:11 +0800 Subject: [PATCH 5/6] chore: include short commit ID in release note --- .github/genReleaseNote.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/genReleaseNote.sh b/.github/genReleaseNote.sh index 0425061d..ab617fd0 100755 --- a/.github/genReleaseNote.sh +++ b/.github/genReleaseNote.sh @@ -18,15 +18,15 @@ if [ -z "$version_range" ]; then fi echo "## What's Changed" > release.md -git log --pretty=format:"* %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md +git log --pretty=format:"* %h %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md echo "" >> release.md echo "## BUG & Fix" >> release.md -git log --pretty=format:"* %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md +git log --pretty=format:"* %h %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md echo "" >> release.md echo "## Maintenance" >> release.md -git log --pretty=format:"* %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md +git log --pretty=format:"* %h %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md echo "" >> release.md -echo "**Full Changelog**: https://github.com/MetaCubeX/Clash.Meta/compare/$version_range" >> release.md +echo "**Full Changelog**: https://github.com/MetaCubeX/mihomo/compare/$version_range" >> release.md From 06b5121d9eaebad3a8f1ff52cb7fd9d58a321823 Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Thu, 28 Mar 2024 19:26:41 +0800 Subject: [PATCH 6/6] chore: embed ca-certificates.crt --- .github/workflows/build.yml | 6 ++++++ component/ca/ca-certificates.crt | 0 component/ca/config.go | 18 ++++++++++++++++-- 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 component/ca/ca-certificates.crt diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bad84cd1..f9bbbba9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,6 +141,12 @@ jobs: run: | go test ./... + - name: Update UA + run: | + sudo apt-get install ca-certificates + sudo update-ca-certificates + cp -f /etc/ssl/certs/ca-certificates.crt component/ca/ca-certificates.crt + - name: Build core env: GOOS: ${{matrix.jobs.goos}} diff --git a/component/ca/ca-certificates.crt b/component/ca/ca-certificates.crt new file mode 100644 index 00000000..e69de29b diff --git a/component/ca/config.go b/component/ca/config.go index 03fb007c..53cb98ab 100644 --- a/component/ca/config.go +++ b/component/ca/config.go @@ -5,10 +5,12 @@ import ( "crypto/sha256" "crypto/tls" "crypto/x509" + _ "embed" "encoding/hex" "errors" "fmt" "os" + "strconv" "strings" "sync" ) @@ -18,6 +20,11 @@ var globalCertPool *x509.CertPool var mutex sync.RWMutex var errNotMatch = errors.New("certificate fingerprints do not match") +//go:embed ca-certificates.crt +var _CaCertificates []byte +var DisableEmbedCa, _ = strconv.ParseBool(os.Getenv("DISABLE_EMBED_CA")) +var DisableSystemCa, _ = strconv.ParseBool(os.Getenv("DISABLE_SYSTEM_CA")) + func AddCertificate(certificate string) error { mutex.Lock() defer mutex.Unlock() @@ -34,13 +41,20 @@ func AddCertificate(certificate string) error { func initializeCertPool() { var err error - globalCertPool, err = x509.SystemCertPool() - if err != nil { + if DisableSystemCa { globalCertPool = x509.NewCertPool() + } else { + globalCertPool, err = x509.SystemCertPool() + if err != nil { + globalCertPool = x509.NewCertPool() + } } for _, cert := range trustCerts { globalCertPool.AddCert(cert) } + if !DisableEmbedCa { + globalCertPool.AppendCertsFromPEM(_CaCertificates) + } } func ResetCertificate() {