Add package_name_regex route, DNS and headless rule item

2026-04-11 17:47:20 +10:00 · 2026-04-10 11:54:47 +08:00
parent e0696f5e94
commit 6c7fb1dad1
22 changed files with 190 additions and 11 deletions
--- a/cmd/sing-box/cmd_rule_set_compile.go
+++ b/cmd/sing-box/cmd_rule_set_compile.go
@@ -82,6 +82,11 @@ func compileRuleSet(sourcePath string) error {
 }

 func downgradeRuleSetVersion(version uint8, options option.PlainRuleSet) uint8 {
+	if version == C.RuleSetVersion5 && !rule.HasHeadlessRule(options.Rules, func(rule option.DefaultHeadlessRule) bool {
+		return len(rule.PackageNameRegex) > 0
+	}) {
+		version = C.RuleSetVersion4
+	}
 	if version == C.RuleSetVersion4 && !rule.HasHeadlessRule(options.Rules, func(rule option.DefaultHeadlessRule) bool {
 		return rule.NetworkInterfaceAddress != nil && rule.NetworkInterfaceAddress.Size() > 0 ||
 			len(rule.DefaultInterfaceAddress) > 0
--- a/common/srs/binary.go
+++ b/common/srs/binary.go
@@ -46,6 +46,7 @@ const (
 	ruleItemNetworkIsConstrained
 	ruleItemNetworkInterfaceAddress
 	ruleItemDefaultInterfaceAddress
+	ruleItemPackageNameRegex
 	ruleItemFinal uint8 = 0xFF
 )

@@ -215,6 +216,8 @@ func readDefaultRule(reader varbin.Reader, recover bool) (rule option.DefaultHea
 			rule.ProcessPathRegex, err = readRuleItemString(reader)
 		case ruleItemPackageName:
 			rule.PackageName, err = readRuleItemString(reader)
+		case ruleItemPackageNameRegex:
+			rule.PackageNameRegex, err = readRuleItemString(reader)
 		case ruleItemWIFISSID:
 			rule.WIFISSID, err = readRuleItemString(reader)
 		case ruleItemWIFIBSSID:
@@ -394,6 +397,15 @@ func writeDefaultRule(writer varbin.Writer, rule option.DefaultHeadlessRule, gen
 			return err
 		}
 	}
+	if len(rule.PackageNameRegex) > 0 {
+		if generateVersion < C.RuleSetVersion5 {
+			return E.New("`package_name_regex` rule item is only supported in version 5 or later")
+		}
+		err = writeRuleItemString(writer, ruleItemPackageNameRegex, rule.PackageNameRegex)
+		if err != nil {
+			return err
+		}
+	}
 	if len(rule.NetworkType) > 0 {
 		if generateVersion < C.RuleSetVersion3 {
 			return E.New("`network_type` rule item is only supported in version 3 or later")
--- a/constant/rule.go
+++ b/constant/rule.go
@@ -23,7 +23,8 @@ const (
 	RuleSetVersion2
 	RuleSetVersion3
 	RuleSetVersion4
-	RuleSetVersionCurrent = RuleSetVersion4
+	RuleSetVersion5
+	RuleSetVersionCurrent = RuleSetVersion5
 )

 const (
--- a/docs/clients/android/features.md
+++ b/docs/clients/android/features.md
@@ -42,6 +42,7 @@ SFA provides an unprivileged TUN implementation through Android VpnService.
 | `process_path`        | :material-close: | No permission                     |
 | `process_path_regex`  | :material-close: | No permission                     |
 | `package_name`        | :material-check: | /                                 |
+| `package_name_regex`  | :material-check: | /                                 |
 | `user`                | :material-close: | Use `package_name` instead        |
 | `user_id`             | :material-close: | Use `package_name` instead        |
 | `wifi_ssid`           | :material-check: | Fine location permission required |
--- a/docs/clients/apple/features.md
+++ b/docs/clients/apple/features.md
@@ -44,6 +44,7 @@ SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension
 | `process_path`        | :material-close: | No permission         |
 | `process_path_regex`  | :material-close: | No permission         |
 | `package_name`        | :material-close: | /                     |
+| `package_name_regex`  | :material-close: | /                     |
 | `user`                | :material-close: | No permission         |
 | `user_id`             | :material-close: | No permission         |
 | `wifi_ssid`           | :material-alert: | Only supported on iOS |
--- a/docs/configuration/dns/rule.md
+++ b/docs/configuration/dns/rule.md
@@ -12,6 +12,7 @@ icon: material/alert-decagram
    :material-plus: [response_answer](#response_answer)  
    :material-plus: [response_ns](#response_ns)  
    :material-plus: [response_extra](#response_extra)  
+    :material-plus: [package_name_regex](#package_name_regex)

 !!! quote "Changes in sing-box 1.13.0"

@@ -129,6 +130,9 @@ icon: material/alert-decagram
        "package_name": [
          "com.termux"
        ],
+        "package_name_regex": [
+          "^com\\.termux.*"
+        ],
        "user": [
          "sekai"
        ],
@@ -347,6 +351,12 @@ Match process path using regular expression.

 Match android package name.

+#### package_name_regex
+
+!!! question "Since sing-box 1.14.0"
+
+Match android package name using regular expression.
+
 #### user

 !!! quote ""
--- a/docs/configuration/dns/rule.zh.md
+++ b/docs/configuration/dns/rule.zh.md
@@ -12,6 +12,7 @@ icon: material/alert-decagram
    :material-plus: [response_answer](#response_answer)  
    :material-plus: [response_ns](#response_ns)  
    :material-plus: [response_extra](#response_extra)  
+    :material-plus: [package_name_regex](#package_name_regex)

 !!! quote "sing-box 1.13.0 中的更改"

@@ -129,6 +130,9 @@ icon: material/alert-decagram
        "package_name": [
          "com.termux"
        ],
+        "package_name_regex": [
+          "^com\\.termux.*"
+        ],
        "user": [
          "sekai"
        ],
@@ -347,6 +351,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。

 匹配 Android 应用包名。

+#### package_name_regex
+
+!!! question "自 sing-box 1.14.0 起"
+
+使用正则表达式匹配 Android 应用包名。
+
 #### user

 !!! quote ""
--- a/docs/configuration/route/rule.md
+++ b/docs/configuration/route/rule.md
@@ -6,6 +6,7 @@ icon: material/new-box

    :material-plus: [source_mac_address](#source_mac_address)  
    :material-plus: [source_hostname](#source_hostname)  
+    :material-plus: [package_name_regex](#package_name_regex)

 !!! quote "Changes in sing-box 1.13.0"

@@ -129,6 +130,9 @@ icon: material/new-box
        "package_name": [
          "com.termux"
        ],
+        "package_name_regex": [
+          "^com\\.termux.*"
+        ],
        "user": [
          "sekai"
        ],
@@ -354,6 +358,12 @@ Match process path using regular expression.

 Match android package name.

+#### package_name_regex
+
+!!! question "Since sing-box 1.14.0"
+
+Match android package name using regular expression.
+
 #### user

 !!! quote ""
--- a/docs/configuration/route/rule.zh.md
+++ b/docs/configuration/route/rule.zh.md
@@ -6,6 +6,7 @@ icon: material/new-box

    :material-plus: [source_mac_address](#source_mac_address)  
    :material-plus: [source_hostname](#source_hostname)  
+    :material-plus: [package_name_regex](#package_name_regex)

 !!! quote "sing-box 1.13.0 中的更改"

@@ -127,6 +128,9 @@ icon: material/new-box
        "package_name": [
          "com.termux"
        ],
+        "package_name_regex": [
+          "^com\\.termux.*"
+        ],
        "user": [
          "sekai"
        ],
@@ -352,6 +356,12 @@ icon: material/new-box

 匹配 Android 应用包名。

+#### package_name_regex
+
+!!! question "自 sing-box 1.14.0 起"
+
+使用正则表达式匹配 Android 应用包名。
+
 #### user

 !!! quote ""
--- a/docs/configuration/rule-set/headless-rule.md
+++ b/docs/configuration/rule-set/headless-rule.md
@@ -2,6 +2,10 @@
 icon: material/new-box
 ---

+!!! quote "Changes in sing-box 1.14.0"
+
+    :material-plus: [package_name_regex](#package_name_regex)
+
 !!! quote "Changes in sing-box 1.13.0"

    :material-plus: [network_interface_address](#network_interface_address)  
@@ -78,6 +82,9 @@ icon: material/new-box
      "package_name": [
        "com.termux"
      ],
+      "package_name_regex": [
+        "^com\\.termux.*"
+      ],
      "network_type": [
        "wifi"
      ],
@@ -205,6 +212,12 @@ Match process path using regular expression.

 Match android package name.

+#### package_name_regex
+
+!!! question "Since sing-box 1.14.0"
+
+Match android package name using regular expression.
+
 #### network_type

 !!! question "Since sing-box 1.11.0"
--- a/docs/configuration/rule-set/headless-rule.zh.md
+++ b/docs/configuration/rule-set/headless-rule.zh.md
@@ -2,6 +2,10 @@
 icon: material/new-box
 ---

+!!! quote "sing-box 1.14.0 中的更改"
+
+    :material-plus: [package_name_regex](#package_name_regex)
+
 !!! quote "sing-box 1.13.0 中的更改"

    :material-plus: [network_interface_address](#network_interface_address)  
@@ -78,6 +82,9 @@ icon: material/new-box
      "package_name": [
        "com.termux"
      ],
+      "package_name_regex": [
+        "^com\\.termux.*"
+      ],
      "network_type": [
        "wifi"
      ],
@@ -201,6 +208,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。

 匹配 Android 应用包名。

+#### package_name_regex
+
+!!! question "自 sing-box 1.14.0 起"
+
+使用正则表达式匹配 Android 应用包名。
+
 #### network_type

 !!! question "自 sing-box 1.11.0 起"
--- a/docs/configuration/rule-set/source-format.md
+++ b/docs/configuration/rule-set/source-format.md
@@ -2,6 +2,10 @@
 icon: material/new-box
 ---

+!!! quote "Changes in sing-box 1.14.0"
+
+    :material-plus: version `5`
+
 !!! quote "Changes in sing-box 1.13.0"

    :material-plus: version `4`
@@ -41,6 +45,7 @@ Version of rule-set.
 * 2: sing-box 1.10.0: Optimized memory usages of `domain_suffix` rules in binary rule-sets.
 * 3: sing-box 1.11.0: Added `network_type`, `network_is_expensive` and `network_is_constrainted` rule items.
 * 4: sing-box 1.13.0: Added `network_interface_address` and `default_interface_address` rule items.
+* 5: sing-box 1.14.0: Added `package_name_regex` rule item.

 #### rules

--- a/docs/configuration/rule-set/source-format.zh.md
+++ b/docs/configuration/rule-set/source-format.zh.md
@@ -2,6 +2,10 @@
 icon: material/new-box
 ---

+!!! quote "sing-box 1.14.0 中的更改"
+
+    :material-plus: version `5`
+
 !!! quote "sing-box 1.13.0 中的更改"

    :material-plus: version `4`
@@ -41,6 +45,7 @@ icon: material/new-box
 * 2: sing-box 1.10.0: 优化了二进制规则集中 `domain_suffix` 规则的内存使用。
 * 3: sing-box 1.11.0: 添加了 `network_type`、 `network_is_expensive` 和 `network_is_constrainted` 规则项。
 * 4: sing-box 1.13.0: 添加了 `network_interface_address` 和 `default_interface_address` 规则项。
+* 5: sing-box 1.14.0: 添加了 `package_name_regex` 规则项。

 #### rules

--- a/option/rule.go
+++ b/option/rule.go
@@ -91,6 +91,7 @@ type RawDefaultRule struct {
 	ProcessPath              badoption.Listable[string]                                                  `json:"process_path,omitempty"`
 	ProcessPathRegex         badoption.Listable[string]                                                  `json:"process_path_regex,omitempty"`
 	PackageName              badoption.Listable[string]                                                  `json:"package_name,omitempty"`
+	PackageNameRegex         badoption.Listable[string]                                                  `json:"package_name_regex,omitempty"`
 	User                     badoption.Listable[string]                                                  `json:"user,omitempty"`
 	UserID                   badoption.Listable[int32]                                                   `json:"user_id,omitempty"`
 	ClashMode                string                                                                      `json:"clash_mode,omitempty"`
--- a/option/rule_dns.go
+++ b/option/rule_dns.go
@@ -88,6 +88,7 @@ type RawDefaultDNSRule struct {
 	ProcessPath              badoption.Listable[string]                                                  `json:"process_path,omitempty"`
 	ProcessPathRegex         badoption.Listable[string]                                                  `json:"process_path_regex,omitempty"`
 	PackageName              badoption.Listable[string]                                                  `json:"package_name,omitempty"`
+	PackageNameRegex         badoption.Listable[string]                                                  `json:"package_name_regex,omitempty"`
 	User                     badoption.Listable[string]                                                  `json:"user,omitempty"`
 	UserID                   badoption.Listable[int32]                                                   `json:"user_id,omitempty"`
 	Outbound                 badoption.Listable[string]                                                  `json:"outbound,omitempty"`
--- a/option/rule_set.go
+++ b/option/rule_set.go
@@ -198,6 +198,7 @@ type DefaultHeadlessRule struct {
 	ProcessPath             badoption.Listable[string]                                                  `json:"process_path,omitempty"`
 	ProcessPathRegex        badoption.Listable[string]                                                  `json:"process_path_regex,omitempty"`
 	PackageName             badoption.Listable[string]                                                  `json:"package_name,omitempty"`
+	PackageNameRegex        badoption.Listable[string]                                                  `json:"package_name_regex,omitempty"`
 	NetworkType             badoption.Listable[InterfaceType]                                           `json:"network_type,omitempty"`
 	NetworkIsExpensive      bool                                                                        `json:"network_is_expensive,omitempty"`
 	NetworkIsConstrained    bool                                                                        `json:"network_is_constrained,omitempty"`
@@ -243,7 +244,7 @@ type PlainRuleSetCompat _PlainRuleSetCompat
 func (r PlainRuleSetCompat) MarshalJSON() ([]byte, error) {
 	var v any
 	switch r.Version {
-	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4:
+	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4, C.RuleSetVersion5:
 		v = r.Options
 	default:
 		return nil, E.New("unknown rule-set version: ", r.Version)
@@ -258,7 +259,7 @@ func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error {
 	}
 	var v any
 	switch r.Version {
-	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4:
+	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4, C.RuleSetVersion5:
 		v = &r.Options
 	case 0:
 		return E.New("missing rule-set version")
@@ -275,7 +276,7 @@ func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error {

 func (r PlainRuleSetCompat) Upgrade() (PlainRuleSet, error) {
 	switch r.Version {
-	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4:
+	case C.RuleSetVersion1, C.RuleSetVersion2, C.RuleSetVersion3, C.RuleSetVersion4, C.RuleSetVersion5:
 	default:
 		return PlainRuleSet{}, E.New("unknown rule-set version: " + F.ToString(r.Version))
 	}
--- a/route/rule/rule_default.go
+++ b/route/rule/rule_default.go
@@ -209,6 +209,14 @@ func NewDefaultRule(ctx context.Context, logger log.ContextLogger, options optio
 		rule.items = append(rule.items, item)
 		rule.allItems = append(rule.allItems, item)
 	}
+	if len(options.PackageNameRegex) > 0 {
+		item, err := NewPackageNameRegexItem(options.PackageNameRegex)
+		if err != nil {
+			return nil, E.Cause(err, "package_name_regex")
+		}
+		rule.items = append(rule.items, item)
+		rule.allItems = append(rule.allItems, item)
+	}
 	if len(options.User) > 0 {
 		item := NewUserItem(options.User)
 		rule.items = append(rule.items, item)
--- a/route/rule/rule_dns.go
+++ b/route/rule/rule_dns.go
@@ -251,6 +251,14 @@ func NewDefaultDNSRule(ctx context.Context, logger log.ContextLogger, options op
 		rule.items = append(rule.items, item)
 		rule.allItems = append(rule.allItems, item)
 	}
+	if len(options.PackageNameRegex) > 0 {
+		item, err := NewPackageNameRegexItem(options.PackageNameRegex)
+		if err != nil {
+			return nil, E.Cause(err, "package_name_regex")
+		}
+		rule.items = append(rule.items, item)
+		rule.allItems = append(rule.allItems, item)
+	}
 	if len(options.User) > 0 {
 		item := NewUserItem(options.User)
 		rule.items = append(rule.items, item)
--- a/route/rule/rule_headless.go
+++ b/route/rule/rule_headless.go
@@ -153,6 +153,14 @@ func NewDefaultHeadlessRule(ctx context.Context, options option.DefaultHeadlessR
 		rule.items = append(rule.items, item)
 		rule.allItems = append(rule.allItems, item)
 	}
+	if len(options.PackageNameRegex) > 0 {
+		item, err := NewPackageNameRegexItem(options.PackageNameRegex)
+		if err != nil {
+			return nil, E.Cause(err, "package_name_regex")
+		}
+		rule.items = append(rule.items, item)
+		rule.allItems = append(rule.allItems, item)
+	}
 	if networkManager != nil {
 		if len(options.NetworkType) > 0 {
 			item := NewNetworkTypeItem(networkManager, common.Map(options.NetworkType, option.InterfaceType.Build))
--- a/route/rule/rule_item_package_name_regex.go
+++ b/route/rule/rule_item_package_name_regex.go
@@ -0,0 +1,56 @@
+package rule
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/sagernet/sing-box/adapter"
+	E "github.com/sagernet/sing/common/exceptions"
+	F "github.com/sagernet/sing/common/format"
+)
+
+var _ RuleItem = (*PackageNameRegexItem)(nil)
+
+type PackageNameRegexItem struct {
+	matchers    []*regexp.Regexp
+	description string
+}
+
+func NewPackageNameRegexItem(expressions []string) (*PackageNameRegexItem, error) {
+	matchers := make([]*regexp.Regexp, 0, len(expressions))
+	for i, regex := range expressions {
+		matcher, err := regexp.Compile(regex)
+		if err != nil {
+			return nil, E.Cause(err, "parse expression ", i)
+		}
+		matchers = append(matchers, matcher)
+	}
+	description := "package_name_regex="
+	eLen := len(expressions)
+	if eLen == 1 {
+		description += expressions[0]
+	} else if eLen > 3 {
+		description += F.ToString("[", strings.Join(expressions[:3], " "), "]")
+	} else {
+		description += F.ToString("[", strings.Join(expressions, " "), "]")
+	}
+	return &PackageNameRegexItem{matchers, description}, nil
+}
+
+func (r *PackageNameRegexItem) Match(metadata *adapter.InboundContext) bool {
+	if metadata.ProcessInfo == nil || len(metadata.ProcessInfo.AndroidPackageNames) == 0 {
+		return false
+	}
+	for _, matcher := range r.matchers {
+		for _, packageName := range metadata.ProcessInfo.AndroidPackageNames {
+			if matcher.MatchString(packageName) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func (r *PackageNameRegexItem) String() string {
+	return r.description
+}
--- a/route/rule/rule_set.go
+++ b/route/rule/rule_set.go
@@ -60,7 +60,7 @@ func HasHeadlessRule(rules []option.HeadlessRule, cond func(rule option.DefaultH
 }

 func isProcessHeadlessRule(rule option.DefaultHeadlessRule) bool {
-	return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0
+	return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.PackageNameRegex) > 0
 }

 func isWIFIHeadlessRule(rule option.DefaultHeadlessRule) bool {
--- a/route/rule_conds.go
+++ b/route/rule_conds.go
@@ -38,11 +38,11 @@ func hasDNSRule(rules []option.DNSRule, cond func(rule option.DefaultDNSRule) bo
 }

 func isProcessRule(rule option.DefaultRule) bool {
-	return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0
+	return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.PackageNameRegex) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0
 }

 func isProcessDNSRule(rule option.DefaultDNSRule) bool {
-	return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0
+	return len(rule.ProcessName) > 0 || len(rule.ProcessPath) > 0 || len(rule.ProcessPathRegex) > 0 || len(rule.PackageName) > 0 || len(rule.PackageNameRegex) > 0 || len(rule.User) > 0 || len(rule.UserID) > 0
 }

 func isNeighborRule(rule option.DefaultRule) bool {