From 82517e6ba8059339287911af899ffdffca6a4044 Mon Sep 17 00:00:00 2001 From: Larvan2 <78135608+Larvan2@users.noreply.github.com> Date: Wed, 27 Mar 2024 19:34:11 +0800 Subject: [PATCH 1/9] chore: include short commit ID in release note --- .github/genReleaseNote.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/genReleaseNote.sh b/.github/genReleaseNote.sh index 0425061d..ab617fd0 100755 --- a/.github/genReleaseNote.sh +++ b/.github/genReleaseNote.sh @@ -18,15 +18,15 @@ if [ -z "$version_range" ]; then fi echo "## What's Changed" > release.md -git log --pretty=format:"* %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md +git log --pretty=format:"* %h %s by @%an" --grep="^feat" -i $version_range | sort -f | uniq >> release.md echo "" >> release.md echo "## BUG & Fix" >> release.md -git log --pretty=format:"* %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md +git log --pretty=format:"* %h %s by @%an" --grep="^fix" -i $version_range | sort -f | uniq >> release.md echo "" >> release.md echo "## Maintenance" >> release.md -git log --pretty=format:"* %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md +git log --pretty=format:"* %h %s by @%an" --grep="^chore\|^docs\|^refactor" -i $version_range | sort -f | uniq >> release.md echo "" >> release.md -echo "**Full Changelog**: https://github.com/MetaCubeX/Clash.Meta/compare/$version_range" >> release.md +echo "**Full Changelog**: https://github.com/MetaCubeX/mihomo/compare/$version_range" >> release.md From 06b5121d9eaebad3a8f1ff52cb7fd9d58a321823 Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Thu, 28 Mar 2024 19:26:41 +0800 Subject: [PATCH 2/9] chore: embed ca-certificates.crt --- .github/workflows/build.yml | 6 ++++++ component/ca/ca-certificates.crt | 0 component/ca/config.go | 18 ++++++++++++++++-- 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 component/ca/ca-certificates.crt diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bad84cd1..f9bbbba9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,6 +141,12 @@ jobs: run: | go test ./... + - name: Update UA + run: | + sudo apt-get install ca-certificates + sudo update-ca-certificates + cp -f /etc/ssl/certs/ca-certificates.crt component/ca/ca-certificates.crt + - name: Build core env: GOOS: ${{matrix.jobs.goos}} diff --git a/component/ca/ca-certificates.crt b/component/ca/ca-certificates.crt new file mode 100644 index 00000000..e69de29b diff --git a/component/ca/config.go b/component/ca/config.go index 03fb007c..53cb98ab 100644 --- a/component/ca/config.go +++ b/component/ca/config.go @@ -5,10 +5,12 @@ import ( "crypto/sha256" "crypto/tls" "crypto/x509" + _ "embed" "encoding/hex" "errors" "fmt" "os" + "strconv" "strings" "sync" ) @@ -18,6 +20,11 @@ var globalCertPool *x509.CertPool var mutex sync.RWMutex var errNotMatch = errors.New("certificate fingerprints do not match") +//go:embed ca-certificates.crt +var _CaCertificates []byte +var DisableEmbedCa, _ = strconv.ParseBool(os.Getenv("DISABLE_EMBED_CA")) +var DisableSystemCa, _ = strconv.ParseBool(os.Getenv("DISABLE_SYSTEM_CA")) + func AddCertificate(certificate string) error { mutex.Lock() defer mutex.Unlock() @@ -34,13 +41,20 @@ func AddCertificate(certificate string) error { func initializeCertPool() { var err error - globalCertPool, err = x509.SystemCertPool() - if err != nil { + if DisableSystemCa { globalCertPool = x509.NewCertPool() + } else { + globalCertPool, err = x509.SystemCertPool() + if err != nil { + globalCertPool = x509.NewCertPool() + } } for _, cert := range trustCerts { globalCertPool.AddCert(cert) } + if !DisableEmbedCa { + globalCertPool.AppendCertsFromPEM(_CaCertificates) + } } func ResetCertificate() { From 367a287153388aab16a8e2abbc9c8c4946b91eaf Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Thu, 28 Mar 2024 21:49:44 +0800 Subject: [PATCH 3/9] chore: don't lookup process when Type==INNER --- tunnel/tunnel.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go index f8fdcf11..d5a226e9 100644 --- a/tunnel/tunnel.go +++ b/tunnel/tunnel.go @@ -596,7 +596,7 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) { defer configMux.RUnlock() var ( resolved bool - attemptProcessLookup = true + attemptProcessLookup = metadata.Type != C.INNER ) if node, ok := resolver.DefaultHosts.Search(metadata.Host, false); ok { From eae1f05e88365706141bf6c64663e2a16beea4ff Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Thu, 28 Mar 2024 21:57:48 +0800 Subject: [PATCH 4/9] fix: wireguard multi peers public key parse --- adapter/outbound/wireguard.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/adapter/outbound/wireguard.go b/adapter/outbound/wireguard.go index fe1f69fa..1044c8ec 100644 --- a/adapter/outbound/wireguard.go +++ b/adapter/outbound/wireguard.go @@ -188,7 +188,8 @@ func NewWireGuard(option WireGuardOption) (*WireGuard, error) { } if len(option.Peers) > 0 { - for i, peer := range option.Peers { + for i := range option.Peers { + peer := &option.Peers[i] // we need modify option here bytes, err := base64.StdEncoding.DecodeString(peer.PublicKey) if err != nil { return nil, E.Cause(err, "decode public key for peer ", i) From 89d7b8138ac809b9f1385d824b0b657ab79603e8 Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Thu, 28 Mar 2024 23:19:42 +0800 Subject: [PATCH 5/9] chore: turned off ECN by default --- config/config.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/config.go b/config/config.go index ca179ed0..b2c8ec16 100644 --- a/config/config.go +++ b/config/config.go @@ -482,6 +482,11 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) { "www.msftconnecttest.com", }, }, + Experimental: Experimental{ + // https://github.com/quic-go/quic-go/issues/4178 + // Quic-go currently cannot automatically fall back on platforms that do not support ecn, so this feature is turned off by default. + QUICGoDisableECN: true, + }, Sniffer: RawSniffer{ Enable: false, Sniffing: []string{}, From 11f0983e5c3e4d3405c2cb1a9f604299e5b1c5fa Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Thu, 28 Mar 2024 23:33:56 +0800 Subject: [PATCH 6/9] fix: resolve by ProxyServerHostResolver should not retry with DefaultResolver when error occurs --- component/resolver/resolver.go | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/component/resolver/resolver.go b/component/resolver/resolver.go index 8cbc62fa..f9b56e47 100644 --- a/component/resolver/resolver.go +++ b/component/resolver/resolver.go @@ -213,11 +213,7 @@ func ResolveIP(ctx context.Context, host string) (netip.Addr, error) { // ResolveIPv4ProxyServerHost proxies server host only func ResolveIPv4ProxyServerHost(ctx context.Context, host string) (netip.Addr, error) { if ProxyServerHostResolver != nil { - if ip, err := ResolveIPv4WithResolver(ctx, host, ProxyServerHostResolver); err != nil { - return ResolveIPv4(ctx, host) - } else { - return ip, nil - } + return ResolveIPv4WithResolver(ctx, host, ProxyServerHostResolver) } return ResolveIPv4(ctx, host) } @@ -225,11 +221,7 @@ func ResolveIPv4ProxyServerHost(ctx context.Context, host string) (netip.Addr, e // ResolveIPv6ProxyServerHost proxies server host only func ResolveIPv6ProxyServerHost(ctx context.Context, host string) (netip.Addr, error) { if ProxyServerHostResolver != nil { - if ip, err := ResolveIPv6WithResolver(ctx, host, ProxyServerHostResolver); err != nil { - return ResolveIPv6(ctx, host) - } else { - return ip, nil - } + return ResolveIPv6WithResolver(ctx, host, ProxyServerHostResolver) } return ResolveIPv6(ctx, host) } @@ -237,11 +229,7 @@ func ResolveIPv6ProxyServerHost(ctx context.Context, host string) (netip.Addr, e // ResolveProxyServerHost proxies server host only func ResolveProxyServerHost(ctx context.Context, host string) (netip.Addr, error) { if ProxyServerHostResolver != nil { - if ip, err := ResolveIPWithResolver(ctx, host, ProxyServerHostResolver); err != nil { - return ResolveIP(ctx, host) - } else { - return ip, err - } + return ResolveIPWithResolver(ctx, host, ProxyServerHostResolver) } return ResolveIP(ctx, host) } From 914bc8a3e9d6e8fcc83a0589b45af18bb0fc714f Mon Sep 17 00:00:00 2001 From: xishang0128 Date: Fri, 29 Mar 2024 13:43:11 +0800 Subject: [PATCH 7/9] fix: Fix `DOMAIN-REGEX` parsing --- config/config.go | 2 +- rules/provider/classical_strategy.go | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/config/config.go b/config/config.go index b2c8ec16..c7931573 100644 --- a/config/config.go +++ b/config/config.go @@ -921,7 +921,7 @@ func parseRules(rulesConfig []string, proxies map[string]C.Proxy, subRules map[s l := len(rule) - if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" || ruleName == "SUB-RULE" { + if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" || ruleName == "SUB-RULE" || ruleName == "DOMAIN-REGEX" { target = rule[l-1] payload = strings.Join(rule[1:l-1], ",") } else { diff --git a/rules/provider/classical_strategy.go b/rules/provider/classical_strategy.go index f8042164..6a2dccd5 100644 --- a/rules/provider/classical_strategy.go +++ b/rules/provider/classical_strategy.go @@ -2,9 +2,10 @@ package provider import ( "fmt" + "strings" + C "github.com/metacubex/mihomo/constant" "github.com/metacubex/mihomo/log" - "strings" ) type classicalStrategy struct { @@ -76,7 +77,7 @@ func ruleParse(ruleRaw string) (string, string, []string) { } else if len(item) == 2 { return item[0], item[1], nil } else if len(item) > 2 { - if item[0] == "NOT" || item[0] == "OR" || item[0] == "AND" || item[0] == "SUB-RULE" { + if item[0] == "NOT" || item[0] == "OR" || item[0] == "AND" || item[0] == "SUB-RULE" || item[0] == "DOMAIN-REGEX" { return item[0], strings.Join(item[1:len(item)], ","), nil } else { return item[0], item[1], item[2:] From 4542fc09916828b0aaafff3e4178b56e35d67a53 Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Fri, 29 Mar 2024 14:32:43 +0800 Subject: [PATCH 8/9] fix: tun lookback when don't have an activated network --- listener/sing_tun/server.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/listener/sing_tun/server.go b/listener/sing_tun/server.go index 96ec1573..384ff016 100644 --- a/listener/sing_tun/server.go +++ b/listener/sing_tun/server.go @@ -173,6 +173,7 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis closed: false, options: options, handler: handler, + tunName: tunName, } defer func() { if err != nil { @@ -279,7 +280,6 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis func (l *Listener) FlushDefaultInterface() { if l.options.AutoDetectInterface { - targetInterface := dialer.DefaultInterface.Load() for _, destination := range []netip.Addr{netip.IPv4Unspecified(), netip.IPv6Unspecified(), netip.MustParseAddr("1.1.1.1")} { autoDetectInterfaceName := l.defaultInterfaceMonitor.DefaultInterfaceName(destination) if autoDetectInterfaceName == l.tunName { @@ -287,17 +287,16 @@ func (l *Listener) FlushDefaultInterface() { } else if autoDetectInterfaceName == "" || autoDetectInterfaceName == "" { log.Warnln("[TUN] Auto detect interface by %s get empty name.", destination.String()) } else { - targetInterface = autoDetectInterfaceName - if old := dialer.DefaultInterface.Load(); old != targetInterface { - log.Warnln("[TUN] default interface changed by monitor, %s => %s", old, targetInterface) - - dialer.DefaultInterface.Store(targetInterface) - + if old := dialer.DefaultInterface.Swap(autoDetectInterfaceName); old != autoDetectInterfaceName { + log.Warnln("[TUN] default interface changed by monitor, %s => %s", old, autoDetectInterfaceName) iface.FlushCache() } return } } + if dialer.DefaultInterface.CompareAndSwap("", "") { + log.Warnln("[TUN] Auto detect interface failed, set '' to DefaultInterface to avoid lookback") + } } } From 72d094822423af389fb181d2b4570aeb9a336fec Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Fri, 29 Mar 2024 14:43:42 +0800 Subject: [PATCH 9/9] fix: atomic.TypedValue panic --- common/atomic/value.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/atomic/value.go b/common/atomic/value.go index 36623b3e..82d40076 100644 --- a/common/atomic/value.go +++ b/common/atomic/value.go @@ -43,7 +43,7 @@ func (t *TypedValue[T]) Swap(new T) T { if old == nil { return DefaultValue[T]() } - return old.(T) + return old.(tValue[T]).value } func (t *TypedValue[T]) CompareAndSwap(old, new T) bool {