Merge branch 'Alpha' into Meta

2025-04-19 16:50:56 +00:00 · 2024-03-29 19:50:16 +08:00 · 2024-03-29 19:50:16 +08:00 · e27d7c010f
commit e27d7c010f
parent 582e94ff4d 72d0948224
11 changed files with 48 additions and 34 deletions
--- a/.github/genReleaseNote.sh
+++ b/.github/genReleaseNote.sh
@ -18,15 +18,15 @@ if [ -z "$version_range" ]; then
 fi

 echo "## What's Changed" > release.md
-git log --pretty=format:"* %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md
+git log --pretty=format:"* %h %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md
 echo "" >> release.md

 echo "## BUG & Fix" >> release.md
-git log --pretty=format:"* %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md
+git log --pretty=format:"* %h %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md
 echo "" >> release.md

 echo "## Maintenance" >> release.md
-git log --pretty=format:"* %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md
+git log --pretty=format:"* %h %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md
 echo "" >> release.md

-echo "**Full Changelog**: https://github.com/MetaCubeX/Clash.Meta/compare/$version_range" >> release.md
+echo "**Full Changelog**: https://github.com/MetaCubeX/mihomo/compare/$version_range" >> release.md
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -141,6 +141,12 @@ jobs:
      run: |
        go test ./...

+    - name: Update UA
+      run: |
+        sudo apt-get install ca-certificates
+        sudo update-ca-certificates
+        cp -f /etc/ssl/certs/ca-certificates.crt component/ca/ca-certificates.crt
+
    - name: Build core
      env:
        GOOS: ${{matrix.jobs.goos}}
--- a/adapter/outbound/wireguard.go
+++ b/adapter/outbound/wireguard.go
@ -188,7 +188,8 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) {
 	}

 	if len(option.Peers) > 0 {
-		for i, peer := range option.Peers {
+		for i := range option.Peers {
+			peer := &option.Peers[i] // we need modify option here
 			bytes, err := base64.StdEncoding.DecodeString(peer.PublicKey)
 			if err != nil {
 				return nil, E.Cause(err, "decode public key for peer ", i)
--- a/common/atomic/value.go
+++ b/common/atomic/value.go
@ -43,7 +43,7 @@ func (t *TypedValue[T]) Swap(new T) T {
 	if old == nil {
 		return DefaultValue[T]()
 	}
-	return old.(T)
+	return old.(tValue[T]).value
 }

 func (t *TypedValue[T]) CompareAndSwap(old, new T) bool {
--- a/component/ca/ca-certificates.crt
+++ b/component/ca/ca-certificates.crt
--- a/component/ca/config.go
+++ b/component/ca/config.go
@ -5,10 +5,12 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
+	_ "embed"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"os"
+	"strconv"
 	"strings"
 	"sync"
 )
@ -18,6 +20,11 @@ var globalCertPool *x509.CertPool
 var mutex sync.RWMutex
 var errNotMatch = errors.New("certificate fingerprints do not match")

+//go:embed ca-certificates.crt
+var _CaCertificates []byte
+var DisableEmbedCa, _ = strconv.ParseBool(os.Getenv("DISABLE_EMBED_CA"))
+var DisableSystemCa, _ = strconv.ParseBool(os.Getenv("DISABLE_SYSTEM_CA"))
+
 func AddCertificate(certificate string) error {
 	mutex.Lock()
 	defer mutex.Unlock()
@ -34,13 +41,20 @@ func AddCertificate(certificate string) error {

 func initializeCertPool() {
 	var err error
-	globalCertPool, err = x509.SystemCertPool()
-	if err != nil {
+	if DisableSystemCa {
 		globalCertPool = x509.NewCertPool()
+	} else {
+		globalCertPool, err = x509.SystemCertPool()
+		if err != nil {
+			globalCertPool = x509.NewCertPool()
+		}
 	}
 	for _, cert := range trustCerts {
 		globalCertPool.AddCert(cert)
 	}
+	if !DisableEmbedCa {
+		globalCertPool.AppendCertsFromPEM(_CaCertificates)
+	}
 }

 func ResetCertificate() {
--- a/component/resolver/resolver.go
+++ b/component/resolver/resolver.go
@ -213,11 +213,7 @@ func ResolveIP(ctx context.Context, host string) (netip.Addr, error) {
 // ResolveIPv4ProxyServerHost proxies server host only
 func ResolveIPv4ProxyServerHost(ctx context.Context, host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
-		if ip, err := ResolveIPv4WithResolver(ctx, host, ProxyServerHostResolver); err != nil {
-			return ResolveIPv4(ctx, host)
-		} else {
-			return ip, nil
-		}
+		return ResolveIPv4WithResolver(ctx, host, ProxyServerHostResolver)
 	}
 	return ResolveIPv4(ctx, host)
 }
@ -225,11 +221,7 @@ func ResolveIPv4ProxyServerHost(ctx context.Context, host string) (netip.Addr, e
 // ResolveIPv6ProxyServerHost proxies server host only
 func ResolveIPv6ProxyServerHost(ctx context.Context, host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
-		if ip, err := ResolveIPv6WithResolver(ctx, host, ProxyServerHostResolver); err != nil {
-			return ResolveIPv6(ctx, host)
-		} else {
-			return ip, nil
-		}
+		return ResolveIPv6WithResolver(ctx, host, ProxyServerHostResolver)
 	}
 	return ResolveIPv6(ctx, host)
 }
@ -237,11 +229,7 @@ func ResolveIPv6ProxyServerHost(ctx context.Context, host string) (netip.Addr, e
 // ResolveProxyServerHost proxies server host only
 func ResolveProxyServerHost(ctx context.Context, host string) (netip.Addr, error) {
 	if ProxyServerHostResolver != nil {
-		if ip, err := ResolveIPWithResolver(ctx, host, ProxyServerHostResolver); err != nil {
-			return ResolveIP(ctx, host)
-		} else {
-			return ip, err
-		}
+		return ResolveIPWithResolver(ctx, host, ProxyServerHostResolver)
 	}
 	return ResolveIP(ctx, host)
 }
--- a/config/config.go
+++ b/config/config.go
@ -482,6 +482,11 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
 				"www.msftconnecttest.com",
 			},
 		},
+		Experimental: Experimental{
+			// https://github.com/quic-go/quic-go/issues/4178
+			// Quic-go currently cannot automatically fall back on platforms that do not support ecn, so this feature is turned off by default.
+			QUICGoDisableECN: true,
+		},
 		Sniffer: RawSniffer{
 			Enable:          false,
 			Sniffing:        []string{},
@ -916,7 +921,7 @@ func parseRules(rulesConfig []string, proxies map[string]C.Proxy, subRules map[s

 		l := len(rule)

-		if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" || ruleName == "SUB-RULE" {
+		if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" || ruleName == "SUB-RULE" || ruleName == "DOMAIN-REGEX" {
 			target = rule[l-1]
 			payload = strings.Join(rule[1:l-1], ",")
 		} else {
--- a/listener/sing_tun/server.go
+++ b/listener/sing_tun/server.go
@ -173,6 +173,7 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis
 		closed:  false,
 		options: options,
 		handler: handler,
+		tunName: tunName,
 	}
 	defer func() {
 		if err != nil {
@ -279,7 +280,6 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis

 func (l *Listener) FlushDefaultInterface() {
 	if l.options.AutoDetectInterface {
-		targetInterface := dialer.DefaultInterface.Load()
 		for _, destination := range []netip.Addr{netip.IPv4Unspecified(), netip.IPv6Unspecified(), netip.MustParseAddr("1.1.1.1")} {
 			autoDetectInterfaceName := l.defaultInterfaceMonitor.DefaultInterfaceName(destination)
 			if autoDetectInterfaceName == l.tunName {
@ -287,17 +287,16 @@ func (l *Listener) FlushDefaultInterface() {
 			} else if autoDetectInterfaceName == "" || autoDetectInterfaceName == "<nil>" {
 				log.Warnln("[TUN] Auto detect interface by %s get empty name.", destination.String())
 			} else {
-				targetInterface = autoDetectInterfaceName
-				if old := dialer.DefaultInterface.Load(); old != targetInterface {
-					log.Warnln("[TUN] default interface changed by monitor, %s => %s", old, targetInterface)
-
-					dialer.DefaultInterface.Store(targetInterface)
-
+				if old := dialer.DefaultInterface.Swap(autoDetectInterfaceName); old != autoDetectInterfaceName {
+					log.Warnln("[TUN] default interface changed by monitor, %s => %s", old, autoDetectInterfaceName)
 					iface.FlushCache()
 				}
 				return
 			}
 		}
+		if dialer.DefaultInterface.CompareAndSwap("", "<invalid>") {
+			log.Warnln("[TUN] Auto detect interface failed, set '<invalid>' to DefaultInterface to avoid lookback")
+		}
 	}
 }

--- a/rules/provider/classical_strategy.go
+++ b/rules/provider/classical_strategy.go
@ -2,9 +2,10 @@ package provider

 import (
 	"fmt"
+	"strings"
+
 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/log"
-	"strings"
 )

 type classicalStrategy struct {
@ -76,7 +77,7 @@ func ruleParse(ruleRaw string) (string, string, []string) {
 	} else if len(item) == 2 {
 		return item[0], item[1], nil
 	} else if len(item) > 2 {
-		if item[0] == "NOT" || item[0] == "OR" || item[0] == "AND" || item[0] == "SUB-RULE" {
+		if item[0] == "NOT" || item[0] == "OR" || item[0] == "AND" || item[0] == "SUB-RULE" || item[0] == "DOMAIN-REGEX" {
 			return item[0], strings.Join(item[1:len(item)], ","), nil
 		} else {
 			return item[0], item[1], item[2:]
--- a/tunnel/tunnel.go
+++ b/tunnel/tunnel.go
@ -596,7 +596,7 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) {
 	defer configMux.RUnlock()
 	var (
 		resolved             bool
-		attemptProcessLookup = true
+		attemptProcessLookup = metadata.Type != C.INNER
 	)

 	if node, ok := resolver.DefaultHosts.Search(metadata.Host, false); ok {