From 6c7fb1dad1ca17e908cc844a4234b33fb7ff7766 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 10 Apr 2026 11:54:47 +0800 Subject: [PATCH] Add `package_name_regex` route, DNS and headless rule item --- cmd/sing-box/cmd_rule_set_compile.go | 5 ++ common/srs/binary.go | 12 ++++ constant/rule.go | 3 +- docs/clients/android/features.md | 1 + docs/clients/apple/features.md | 1 + docs/configuration/dns/rule.md | 12 +++- docs/configuration/dns/rule.zh.md | 12 +++- docs/configuration/route/rule.md | 12 +++- docs/configuration/route/rule.zh.md | 12 +++- docs/configuration/rule-set/headless-rule.md | 13 +++++ .../rule-set/headless-rule.zh.md | 13 +++++ docs/configuration/rule-set/source-format.md | 5 ++ .../rule-set/source-format.zh.md | 5 ++ option/rule.go | 1 + option/rule_dns.go | 1 + option/rule_set.go | 7 ++- route/rule/rule_default.go | 8 +++ route/rule/rule_dns.go | 8 +++ route/rule/rule_headless.go | 8 +++ route/rule/rule_item_package_name_regex.go | 56 +++++++++++++++++++ route/rule/rule_set.go | 2 +- route/rule_conds.go | 4 +- 22 files changed, 190 insertions(+), 11 deletions(-) create mode 100644 route/rule/rule_item_package_name_regex.go diff --git a/cmd/sing-box/cmd_rule_set_compile.go b/cmd/sing-box/cmd_rule_set_compile.go index 73655b12e..e2cbefc7b 100644 --- a/cmd/sing-box/cmd_rule_set_compile.go +++ b/cmd/sing-box/cmd_rule_set_compile.go @@ -82,6 +82,11 @@ func compileRuleSet(sourcePath string) error { } func downgradeRuleSetVersion(version uint8, options option.PlainRuleSet) uint8 { + if version == C.RuleSetVersion5 && !rule.HasHeadlessRule(options.Rules, func(rule option.DefaultHeadlessRule) bool { + return len(rule.PackageNameRegex) > 0 + }) { + version = C.RuleSetVersion4 + } if version == C.RuleSetVersion4 && !rule.HasHeadlessRule(options.Rules, func(rule option.DefaultHeadlessRule) bool { return rule.NetworkInterfaceAddress != nil && rule.NetworkInterfaceAddress.Size() > 0 || len(rule.DefaultInterfaceAddress) > 0 diff --git a/common/srs/binary.go b/common/srs/binary.go index ca12fff09..d5b644ae1 100644 --- a/common/srs/binary.go +++ b/common/srs/binary.go @@ -46,6 +46,7 @@ const ( ruleItemNetworkIsConstrained ruleItemNetworkInterfaceAddress ruleItemDefaultInterfaceAddress + ruleItemPackageNameRegex ruleItemFinal uint8 = 0xFF ) @@ -215,6 +216,8 @@ func readDefaultRule(reader varbin.Reader, recover bool) (rule option.DefaultHea rule.ProcessPathRegex, err = readRuleItemString(reader) case ruleItemPackageName: rule.PackageName, err = readRuleItemString(reader) + case ruleItemPackageNameRegex: + rule.PackageNameRegex, err = readRuleItemString(reader) case ruleItemWIFISSID: rule.WIFISSID, err = readRuleItemString(reader) case ruleItemWIFIBSSID: @@ -394,6 +397,15 @@ func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, gen return err } } + if len(rule.PackageNameRegex) > 0 { + if generateVersion < C.RuleSetVersion5 { + return E.New("`package_name_regex` rule item is only supported in version 5 or later") + } + err = writeRuleItemString(writer, ruleItemPackageNameRegex, rule.PackageNameRegex) + if err != nil { + return err + } + } if len(rule.NetworkType) > 0 { if generateVersion < C.RuleSetVersion3 { return E.New("`network_type` rule item is only supported in version 3 or later") diff --git a/constant/rule.go b/constant/rule.go index 15d71c530..efd4a2d32 100644 --- a/constant/rule.go +++ b/constant/rule.go @@ -23,7 +23,8 @@ const ( RuleSetVersion2 RuleSetVersion3 RuleSetVersion4 - RuleSetVersionCurrent = RuleSetVersion4 + RuleSetVersion5 + RuleSetVersionCurrent = RuleSetVersion5 ) const ( diff --git a/docs/clients/android/features.md b/docs/clients/android/features.md index f7f2caeec..b76a6418e 100644 --- a/docs/clients/android/features.md +++ b/docs/clients/android/features.md @@ -42,6 +42,7 @@ SFA provides an unprivileged TUN implementation through Android VpnService. | `process_path` | :material-close: | No permission | | `process_path_regex` | :material-close: | No permission | | `package_name` | :material-check: | / | +| `package_name_regex` | :material-check: | / | | `user` | :material-close: | Use `package_name` instead | | `user_id` | :material-close: | Use `package_name` instead | | `wifi_ssid` | :material-check: | Fine location permission required | diff --git a/docs/clients/apple/features.md b/docs/clients/apple/features.md index d63851732..e1f3d7ccd 100644 --- a/docs/clients/apple/features.md +++ b/docs/clients/apple/features.md @@ -44,6 +44,7 @@ SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension | `process_path` | :material-close: | No permission | | `process_path_regex` | :material-close: | No permission | | `package_name` | :material-close: | / | +| `package_name_regex` | :material-close: | / | | `user` | :material-close: | No permission | | `user_id` | :material-close: | No permission | | `wifi_ssid` | :material-alert: | Only supported on iOS | diff --git a/docs/configuration/dns/rule.md b/docs/configuration/dns/rule.md index 9281271fd..e35f4d54d 100644 --- a/docs/configuration/dns/rule.md +++ b/docs/configuration/dns/rule.md @@ -11,7 +11,8 @@ icon: material/alert-decagram :material-plus: [response_rcode](#response_rcode) :material-plus: [response_answer](#response_answer) :material-plus: [response_ns](#response_ns) - :material-plus: [response_extra](#response_extra) + :material-plus: [response_extra](#response_extra) + :material-plus: [package_name_regex](#package_name_regex) !!! quote "Changes in sing-box 1.13.0" @@ -129,6 +130,9 @@ icon: material/alert-decagram "package_name": [ "com.termux" ], + "package_name_regex": [ + "^com\\.termux.*" + ], "user": [ "sekai" ], @@ -347,6 +351,12 @@ Match process path using regular expression. Match android package name. +#### package_name_regex + +!!! question "Since sing-box 1.14.0" + +Match android package name using regular expression. + #### user !!! quote "" diff --git a/docs/configuration/dns/rule.zh.md b/docs/configuration/dns/rule.zh.md index dabbe8c25..4ed721ca5 100644 --- a/docs/configuration/dns/rule.zh.md +++ b/docs/configuration/dns/rule.zh.md @@ -11,7 +11,8 @@ icon: material/alert-decagram :material-plus: [response_rcode](#response_rcode) :material-plus: [response_answer](#response_answer) :material-plus: [response_ns](#response_ns) - :material-plus: [response_extra](#response_extra) + :material-plus: [response_extra](#response_extra) + :material-plus: [package_name_regex](#package_name_regex) !!! quote "sing-box 1.13.0 中的更改" @@ -129,6 +130,9 @@ icon: material/alert-decagram "package_name": [ "com.termux" ], + "package_name_regex": [ + "^com\\.termux.*" + ], "user": [ "sekai" ], @@ -347,6 +351,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 匹配 Android 应用包名。 +#### package_name_regex + +!!! question "自 sing-box 1.14.0 起" + +使用正则表达式匹配 Android 应用包名。 + #### user !!! quote "" diff --git a/docs/configuration/route/rule.md b/docs/configuration/route/rule.md index 37e651c92..97bbe3760 100644 --- a/docs/configuration/route/rule.md +++ b/docs/configuration/route/rule.md @@ -5,7 +5,8 @@ icon: material/new-box !!! quote "Changes in sing-box 1.14.0" :material-plus: [source_mac_address](#source_mac_address) - :material-plus: [source_hostname](#source_hostname) + :material-plus: [source_hostname](#source_hostname) + :material-plus: [package_name_regex](#package_name_regex) !!! quote "Changes in sing-box 1.13.0" @@ -129,6 +130,9 @@ icon: material/new-box "package_name": [ "com.termux" ], + "package_name_regex": [ + "^com\\.termux.*" + ], "user": [ "sekai" ], @@ -354,6 +358,12 @@ Match process path using regular expression. Match android package name. +#### package_name_regex + +!!! question "Since sing-box 1.14.0" + +Match android package name using regular expression. + #### user !!! quote "" diff --git a/docs/configuration/route/rule.zh.md b/docs/configuration/route/rule.zh.md index 181a57398..d55b565dd 100644 --- a/docs/configuration/route/rule.zh.md +++ b/docs/configuration/route/rule.zh.md @@ -5,7 +5,8 @@ icon: material/new-box !!! quote "sing-box 1.14.0 中的更改" :material-plus: [source_mac_address](#source_mac_address) - :material-plus: [source_hostname](#source_hostname) + :material-plus: [source_hostname](#source_hostname) + :material-plus: [package_name_regex](#package_name_regex) !!! quote "sing-box 1.13.0 中的更改" @@ -127,6 +128,9 @@ icon: material/new-box "package_name": [ "com.termux" ], + "package_name_regex": [ + "^com\\.termux.*" + ], "user": [ "sekai" ], @@ -352,6 +356,12 @@ icon: material/new-box 匹配 Android 应用包名。 +#### package_name_regex + +!!! question "自 sing-box 1.14.0 起" + +使用正则表达式匹配 Android 应用包名。 + #### user !!! quote "" diff --git a/docs/configuration/rule-set/headless-rule.md b/docs/configuration/rule-set/headless-rule.md index 89cccd394..23f2f5806 100644 --- a/docs/configuration/rule-set/headless-rule.md +++ b/docs/configuration/rule-set/headless-rule.md @@ -2,6 +2,10 @@ icon: material/new-box --- +!!! quote "Changes in sing-box 1.14.0" + + :material-plus: [package_name_regex](#package_name_regex) + !!! quote "Changes in sing-box 1.13.0" :material-plus: [network_interface_address](#network_interface_address) @@ -78,6 +82,9 @@ icon: material/new-box "package_name": [ "com.termux" ], + "package_name_regex": [ + "^com\\.termux.*" + ], "network_type": [ "wifi" ], @@ -205,6 +212,12 @@ Match process path using regular expression. Match android package name. +#### package_name_regex + +!!! question "Since sing-box 1.14.0" + +Match android package name using regular expression. + #### network_type !!! question "Since sing-box 1.11.0" diff --git a/docs/configuration/rule-set/headless-rule.zh.md b/docs/configuration/rule-set/headless-rule.zh.md index f2b88631a..c5ed636c9 100644 --- a/docs/configuration/rule-set/headless-rule.zh.md +++ b/docs/configuration/rule-set/headless-rule.zh.md @@ -2,6 +2,10 @@ icon: material/new-box --- +!!! quote "sing-box 1.14.0 中的更改" + + :material-plus: [package_name_regex](#package_name_regex) + !!! quote "sing-box 1.13.0 中的更改" :material-plus: [network_interface_address](#network_interface_address) @@ -78,6 +82,9 @@ icon: material/new-box "package_name": [ "com.termux" ], + "package_name_regex": [ + "^com\\.termux.*" + ], "network_type": [ "wifi" ], @@ -201,6 +208,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 匹配 Android 应用包名。 +#### package_name_regex + +!!! question "自 sing-box 1.14.0 起" + +使用正则表达式匹配 Android 应用包名。 + #### network_type !!! question "自 sing-box 1.11.0 起" diff --git a/docs/configuration/rule-set/source-format.md b/docs/configuration/rule-set/source-format.md index 47d620b1c..47e0e2455 100644 --- a/docs/configuration/rule-set/source-format.md +++ b/docs/configuration/rule-set/source-format.md @@ -2,6 +2,10 @@ icon: material/new-box --- +!!! quote "Changes in sing-box 1.14.0" + + :material-plus: version `5` + !!! quote "Changes in sing-box 1.13.0" :material-plus: version `4` @@ -41,6 +45,7 @@ Version of rule-set. * 2: sing-box 1.10.0: Optimized memory usages of `domain_suffix` rules in binary rule-sets. * 3: sing-box 1.11.0: Added `network_type`, `network_is_expensive` and `network_is_constrainted` rule items. * 4: sing-box 1.13.0: Added `network_interface_address` and `default_interface_address` rule items. +* 5: sing-box 1.14.0: Added `package_name_regex` rule item. #### rules diff --git a/docs/configuration/rule-set/source-format.zh.md b/docs/configuration/rule-set/source-format.zh.md index 30c0679f6..3f7108647 100644 --- a/docs/configuration/rule-set/source-format.zh.md +++ b/docs/configuration/rule-set/source-format.zh.md @@ -2,6 +2,10 @@ icon: material/new-box --- +!!! quote "sing-box 1.14.0 中的更改" + + :material-plus: version `5` + !!! quote "sing-box 1.13.0 中的更改" :material-plus: version `4` @@ -41,6 +45,7 @@ icon: material/new-box * 2: sing-box 1.10.0: 优化了二进制规则集中 `domain_suffix` 规则的内存使用。 * 3: sing-box 1.11.0: 添加了 `network_type`、 `network_is_expensive` 和 `network_is_constrainted` 规则项。 * 4: sing-box 1.13.0: 添加了 `network_interface_address` 和 `default_interface_address` 规则项。 +* 5: sing-box 1.14.0: 添加了 `package_name_regex` 规则项。 #### rules diff --git a/option/rule.go b/option/rule.go index 9fd943797..5759cf56e 100644 --- a/option/rule.go +++ b/option/rule.go @@ -91,6 +91,7 @@ type RawDefaultRule struct { ProcessPath badoption.Listable[string] `json:"process_path,omitempty"` ProcessPathRegex badoption.Listable[string] `json:"process_path_regex,omitempty"` PackageName badoption.Listable[string] `json:"package_name,omitempty"` + PackageNameRegex badoption.Listable[string] `json:"package_name_regex,omitempty"` User badoption.Listable[string] `json:"user,omitempty"` UserID badoption.Listable[int32] `json:"user_id,omitempty"` ClashMode string `json:"clash_mode,omitempty"` diff --git a/option/rule_dns.go b/option/rule_dns.go index 5582e7df4..74058a654 100644 --- a/option/rule_dns.go +++ b/option/rule_dns.go @@ -88,6 +88,7 @@ type RawDefaultDNSRule struct { ProcessPath badoption.Listable[string] `json:"process_path,omitempty"` ProcessPathRegex badoption.Listable[string] `json:"process_path_regex,omitempty"` PackageName badoption.Listable[string] `json:"package_name,omitempty"` + PackageNameRegex badoption.Listable[string] `json:"package_name_regex,omitempty"` User badoption.Listable[string] `json:"user,omitempty"` UserID badoption.Listable[int32] `json:"user_id,omitempty"` Outbound badoption.Listable[string] `json:"outbound,omitempty"` diff --git a/option/rule_set.go b/option/rule_set.go index b06342280..2ca2529af 100644 --- a/option/rule_set.go +++ b/option/rule_set.go @@ -198,6 +198,7 @@ type DefaultHeadlessRule struct { ProcessPath badoption.Listable[string] `json:"process_path,omitempty"` ProcessPathRegex badoption.Listable[string] `json:"process_path_regex,omitempty"` PackageName badoption.Listable[string] `json:"package_name,omitempty"` + PackageNameRegex badoption.Listable[string] `json:"package_name_regex,omitempty"` NetworkType badoption.Listable[InterfaceType] `json:"network_type,omitempty"` NetworkIsExpensive bool `json:"network_is_expensive,omitempty"` NetworkIsConstrained bool `json:"network_is_constrained,omitempty"` @@ -243,7 +244,7 @@ type PlainRuleSetCompat _PlainRuleSetCompat func (r PlainRuleSetCompat) MarshalJSON() ([]byte, error) { var v any switch r.Version { - case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4: + case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4, C.RuleSetVersion5: v = r.Options default: return nil, E.New("unknown rule-set version: ", r.Version) @@ -258,7 +259,7 @@ func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error { } var v any switch r.Version { - case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4: + case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4, C.RuleSetVersion5: v = &r.Options case 0: return E.New("missing rule-set version") @@ -275,7 +276,7 @@ func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error { func (r PlainRuleSetCompat) Upgrade() (PlainRuleSet, error) { switch r.Version { - case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4: + case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4, C.RuleSetVersion5: default: return PlainRuleSet{}, E.New("unknown rule-set version: " + F.ToString(r.Version)) } diff --git a/route/rule/rule_default.go b/route/rule/rule_default.go index d4de6ff7a..774e1b7c0 100644 --- a/route/rule/rule_default.go +++ b/route/rule/rule_default.go @@ -209,6 +209,14 @@ func NewDefaultRule(ctx context.Context, logger log.ContextLogger, options optio rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } + if len(options.PackageNameRegex) > 0 { + item, err := NewPackageNameRegexItem(options.PackageNameRegex) + if err != nil { + return nil, E.Cause(err, "package_name_regex") + } + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } if len(options.User) > 0 { item := NewUserItem(options.User) rule.items = append(rule.items, item) diff --git a/route/rule/rule_dns.go b/route/rule/rule_dns.go index c406f0674..646f987ed 100644 --- a/route/rule/rule_dns.go +++ b/route/rule/rule_dns.go @@ -251,6 +251,14 @@ func NewDefaultDNSRule(ctx context.Context, logger log.ContextLogger, options op rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } + if len(options.PackageNameRegex) > 0 { + item, err := NewPackageNameRegexItem(options.PackageNameRegex) + if err != nil { + return nil, E.Cause(err, "package_name_regex") + } + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } if len(options.User) > 0 { item := NewUserItem(options.User) rule.items = append(rule.items, item) diff --git a/route/rule/rule_headless.go b/route/rule/rule_headless.go index c5146318b..ab85e0d5f 100644 --- a/route/rule/rule_headless.go +++ b/route/rule/rule_headless.go @@ -153,6 +153,14 @@ func NewDefaultHeadlessRule(ctx context.Context, options option.DefaultHeadlessR rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } + if len(options.PackageNameRegex) > 0 { + item, err := NewPackageNameRegexItem(options.PackageNameRegex) + if err != nil { + return nil, E.Cause(err, "package_name_regex") + } + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } if networkManager != nil { if len(options.NetworkType) > 0 { item := NewNetworkTypeItem(networkManager, common.Map(options.NetworkType, option.InterfaceType.Build)) diff --git a/route/rule/rule_item_package_name_regex.go b/route/rule/rule_item_package_name_regex.go new file mode 100644 index 000000000..9db4504ac --- /dev/null +++ b/route/rule/rule_item_package_name_regex.go @@ -0,0 +1,56 @@ +package rule + +import ( + "regexp" + "strings" + + "github.com/sagernet/sing-box/adapter" + E "github.com/sagernet/sing/common/exceptions" + F "github.com/sagernet/sing/common/format" +) + +var _ RuleItem = (*PackageNameRegexItem)(nil) + +type PackageNameRegexItem struct { + matchers []*regexp.Regexp + description string +} + +func NewPackageNameRegexItem(expressions []string) (*PackageNameRegexItem, error) { + matchers := make([]*regexp.Regexp, 0, len(expressions)) + for i, regex := range expressions { + matcher, err := regexp.Compile(regex) + if err != nil { + return nil, E.Cause(err, "parse expression ", i) + } + matchers = append(matchers, matcher) + } + description := "package_name_regex=" + eLen := len(expressions) + if eLen == 1 { + description += expressions[0] + } else if eLen > 3 { + description += F.ToString("[", strings.Join(expressions[:3], " "), "]") + } else { + description += F.ToString("[", strings.Join(expressions, " "), "]") + } + return &PackageNameRegexItem{matchers, description}, nil +} + +func (r *PackageNameRegexItem) Match(metadata *adapter.InboundContext) bool { + if metadata.ProcessInfo == nil || len(metadata.ProcessInfo.AndroidPackageNames) == 0 { + return false + } + for _, matcher := range r.matchers { + for _, packageName := range metadata.ProcessInfo.AndroidPackageNames { + if matcher.MatchString(packageName) { + return true + } + } + } + return false +} + +func (r *PackageNameRegexItem) String() string { + return r.description +} diff --git a/route/rule/rule_set.go b/route/rule/rule_set.go index d286a7941..7c82b6022 100644 --- a/route/rule/rule_set.go +++ b/route/rule/rule_set.go @@ -60,7 +60,7 @@ func HasHeadlessRule(rules []option.HeadlessRule, cond func(rule option.DefaultH } func isProcessHeadlessRule(rule option.DefaultHeadlessRule) bool { - return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 + return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.PackageNameRegex) > 0 } func isWIFIHeadlessRule(rule option.DefaultHeadlessRule) bool { diff --git a/route/rule_conds.go b/route/rule_conds.go index 22ce94fff..2c6290294 100644 --- a/route/rule_conds.go +++ b/route/rule_conds.go @@ -38,11 +38,11 @@ func hasDNSRule(rules []option.DNSRule, cond func(rule option.DefaultDNSRule) bo } func isProcessRule(rule option.DefaultRule) bool { - return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0 + return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.PackageNameRegex) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0 } func isProcessDNSRule(rule option.DefaultDNSRule) bool { - return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0 + return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.PackageNameRegex) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0 } func isNeighborRule(rule option.DefaultRule) bool {