documentation: Bump version

Remove invalid code
Fix DHCPv4 listen address
2026-04-16 13:44:41 +10:00 · 2023-09-28 16:02:54 +08:00 · 2023-09-28 15:52:05 +08:00 · 2023-09-27 18:25:23 +08:00 · 2023-09-27 14:16:04 +08:00 · 2023-09-27 14:16:04 +08:00
19 changed files with 146 additions and 83 deletions
--- a/adapter/v2ray.go
+++ b/adapter/v2ray.go
@@ -5,7 +5,6 @@ import (
 	"net"

 	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )

@@ -19,7 +18,6 @@ type V2RayServerTransport interface {
 type V2RayServerTransportHandler interface {
 	N.TCPConnectionHandler
 	E.Handler
-	FallbackConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error
 }

 type V2RayClientTransport interface {
--- a/common/dialer/dialer.go
+++ b/common/dialer/dialer.go
@@ -29,7 +29,12 @@ func New(router adapter.Router, options option.DialerOptions) (N.Dialer, error)
 	}
 	domainStrategy := dns.DomainStrategy(options.DomainStrategy)
 	if domainStrategy != dns.DomainStrategyAsIS || options.Detour == "" {
-		dialer = NewResolveDialer(router, dialer, domainStrategy, time.Duration(options.FallbackDelay))
+		dialer = NewResolveDialer(
+			router,
+			dialer,
+			options.Detour == "" && !options.TCPFastOpen,
+			domainStrategy,
+			time.Duration(options.FallbackDelay))
 	}
 	return dialer, nil
 }
--- a/common/dialer/resolve.go
+++ b/common/dialer/resolve.go
@@ -16,14 +16,16 @@ import (

 type ResolveDialer struct {
 	dialer        N.Dialer
+	parallel      bool
 	router        adapter.Router
 	strategy      dns.DomainStrategy
 	fallbackDelay time.Duration
 }

-func NewResolveDialer(router adapter.Router, dialer N.Dialer, strategy dns.DomainStrategy, fallbackDelay time.Duration) *ResolveDialer {
+func NewResolveDialer(router adapter.Router, dialer N.Dialer, parallel bool, strategy dns.DomainStrategy, fallbackDelay time.Duration) *ResolveDialer {
 	return &ResolveDialer{
 		dialer,
+		parallel,
 		router,
 		strategy,
 		fallbackDelay,
@@ -48,7 +50,11 @@ func (d *ResolveDialer) DialContext(ctx context.Context, network string, destina
 	if err != nil {
 		return nil, err
 	}
-	return N.DialParallel(ctx, d.dialer, network, destination, addresses, d.strategy == dns.DomainStrategyPreferIPv6, d.fallbackDelay)
+	if d.parallel {
+		return N.DialParallel(ctx, d.dialer, network, destination, addresses, d.strategy == dns.DomainStrategyPreferIPv6, d.fallbackDelay)
+	} else {
+		return N.DialSerial(ctx, d.dialer, network, destination, addresses)
+	}
 }

 func (d *ResolveDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,3 +1,86 @@
+#### 1.5.0
+
+* Fixes and improvements
+
+Important changes since 1.4:
+
+* Add TLS [ECH server](/configuration/shared/tls) support
+* Improve TLS TCH client configuration
+* Add TLS ECH key pair generator **1**
+* Add TLS ECH support for QUIC based protocols **2**
+* Add KDE support for the `set_system_proxy` option in HTTP inbound
+* Add Hysteria2 protocol support **3**
+* Add `interrupt_exist_connections` option for `Selector` and `URLTest` outbounds **4**
+* Add DNS01 challenge support for ACME TLS certificate issuer **5**
+* Add `merge` command **6**
+* Mark [Deprecated Features](/deprecated)
+
+**1**:
+
+Command: `sing-box generate ech-keypair <plain_server_name> [--pq-signature-schemes-enabled]`
+
+**2**:
+
+All inbounds and outbounds are supported, including `Naiveproxy`, `Hysteria[/2]`, `TUIC` and `V2ray QUIC transport`.
+
+**3**:
+
+See [Hysteria2 inbound](/configuration/inbound/hysteria2) and [Hysteria2 outbound](/configuration/outbound/hysteria2)
+
+For protocol description, please refer to [https://v2.hysteria.network](https://v2.hysteria.network)
+
+**4**:
+
+Interrupt existing connections when the selected outbound has changed.
+
+Only inbound connections are affected by this setting, internal connections will always be interrupted.
+
+**5**:
+
+Only `Alibaba Cloud DNS` and `Cloudflare` are supported, see [ACME Fields](/configuration/shared/tls#acme-fields)
+and [DNS01 Challenge Fields](/configuration/shared/dns01_challenge).
+
+**6**:
+
+This command also parses path resources that appear in the configuration file and replaces them with embedded
+configuration, such as TLS certificates or SSH private keys.
+
+#### 1.5.0-rc.6
+
+* Fixes and improvements
+
+#### 1.4.6
+
+* Fixes and improvements
+
+#### 1.5.0-rc.5
+
+* Fixed an improper authentication vulnerability in the SOCKS5 inbound
+* Fixes and improvements
+
+**Security Advisory**
+
+This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an
+attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user
+authentication in an insecure environment are advised to update immediately.
+
+此更新修复了 sing-box SOCKS 入站中的一个不正确身份验证漏洞。 该漏洞允许攻击者制作特殊请求来绕过用户身份验证。建议所有将使用用户认证的
+SOCKS 服务器暴露在不安全环境下的用户立更新。
+
+#### 1.4.5
+
+* Fixed an improper authentication vulnerability in the SOCKS5 inbound
+* Fixes and improvements
+
+**Security Advisory**
+
+This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an
+attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user
+authentication in an insecure environment are advised to update immediately.
+
+此更新修复了 sing-box SOCKS 入站中的一个不正确身份验证漏洞。 该漏洞允许攻击者制作特殊请求来绕过用户身份验证。建议所有将使用用户认证的
+SOCKS 服务器暴露在不安全环境下的用户立更新。
+
 #### 1.5.0-rc.3

 * Fixes and improvements
@@ -99,7 +182,7 @@ For protocol description, please refer to [https://v2.hysteria.network](https://

 **1**:

-Command: `sing-box generate ech-keypair <plain_server_name> [-pq-signature-schemes-enabled]`
+Command: `sing-box generate ech-keypair <plain_server_name> [--pq-signature-schemes-enabled]`

 **2**:

--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -233,7 +233,7 @@ Chrome fingerprint will be used if empty.
 ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
 message.

-The ECH key and configuration can be generated by `sing-box generate ech-keypair [-pq-signature-schemes-enabled]`.
+The ECH key and configuration can be generated by `sing-box generate ech-keypair [--pq-signature-schemes-enabled]`.

 #### pq_signature_schemes_enabled

--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@@ -228,7 +228,7 @@ ECH (Encrypted Client Hello) 是一个 TLS 扩展，它允许客户端加密其
 信息。


-ECH 配置和密钥可以通过 `sing-box generate ech-keypair [-pq-signature-schemes-enabled]` 生成。
+ECH 配置和密钥可以通过 `sing-box generate ech-keypair [--pq-signature-schemes-enabled]` 生成。

 #### pq_signature_schemes_enabled

--- a/docs/installation/clients/sfi.zh.md
+++ b/docs/installation/clients/sfi.zh.md
@@ -15,7 +15,7 @@
 #### 注意事项

 * 远程配置文件请求中的 User Agent 为 `SFI/$version ($version_code; sing-box $sing_box_version)`
-* 崩溃日志位于 `设置` -> `查看服务日志`
+* 崩溃日志位于 `Settings` -> `View Service Log`

 #### 隐私政策

--- a/docs/installation/clients/sfm.zh.md
+++ b/docs/installation/clients/sfm.zh.md
@@ -21,7 +21,7 @@
 #### 注意事项

 * 远程配置文件请求中的 User Agent 为 `SFM/$version ($version_code; sing-box $sing_box_version)`
-* 崩溃日志位于 `设置` -> `查看服务日志`
+* 崩溃日志位于 `Settings` -> `View Service Log`

 #### 隐私政策

--- a/go.mod
+++ b/go.mod
@@ -27,14 +27,14 @@ require (
 	github.com/sagernet/gvisor v0.0.0-20230627031050-1ab0276e0dd2
 	github.com/sagernet/quic-go v0.0.0-20230919101909-0cc6c5dcecee
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.2.12-0.20230921162020-494f88c9b8bf
+	github.com/sagernet/sing v0.2.12-0.20230925124400-0531fd63eaba
 	github.com/sagernet/sing-dns v0.1.10-0.20230921024525-fc3e4c051ccd
 	github.com/sagernet/sing-mux v0.1.3
 	github.com/sagernet/sing-quic v0.1.1-0.20230922040527-541e66a4a16d
 	github.com/sagernet/sing-shadowsocks v0.2.5
 	github.com/sagernet/sing-shadowsocks2 v0.1.4
 	github.com/sagernet/sing-shadowtls v0.1.4
-	github.com/sagernet/sing-tun v0.1.13-0.20230922035004-b6d323004edd
+	github.com/sagernet/sing-tun v0.1.13-0.20230926093931-2a0a0ab228fc
 	github.com/sagernet/sing-vmess v0.1.8
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37
 	github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6
@@ -51,12 +51,13 @@ require (
 	golang.org/x/net v0.15.0
 	golang.org/x/sys v0.12.0
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
-	google.golang.org/grpc v1.58.1
+	google.golang.org/grpc v1.58.2
 	google.golang.org/protobuf v1.31.0
 	howett.net/plist v1.0.0
 )

 //replace github.com/sagernet/sing => ../sing
+
 require (
 	github.com/Dreamacro/protobytes v0.0.0-20230617041236-6500a9f4f158 // indirect
 	github.com/ajg/form v1.5.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -114,8 +114,8 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.12-0.20230921162020-494f88c9b8bf h1:O8jjYmCExZbsgmqZEHyn05C/7ZzD0SLTG21QNcYoP2Q=
-github.com/sagernet/sing v0.2.12-0.20230921162020-494f88c9b8bf/go.mod h1:GQ673iPfUnkbK/dIPkfd1Xh1MjOGo36gkl/mkiHY7Jg=
+github.com/sagernet/sing v0.2.12-0.20230925124400-0531fd63eaba h1:RTf3zQGQdlmCNNR92cJDJAnLgbPhsM2sLAQ+aMIuVTQ=
+github.com/sagernet/sing v0.2.12-0.20230925124400-0531fd63eaba/go.mod h1:GQ673iPfUnkbK/dIPkfd1Xh1MjOGo36gkl/mkiHY7Jg=
 github.com/sagernet/sing-dns v0.1.10-0.20230921024525-fc3e4c051ccd h1:czixTtZijtdR4bMQYT/0LZy1x5ouiaDBi742YE0zudU=
 github.com/sagernet/sing-dns v0.1.10-0.20230921024525-fc3e4c051ccd/go.mod h1:y76ieq1uilVg6fe5wJWqM2oKjdrn4q0lY1nwAZ86ok0=
 github.com/sagernet/sing-mux v0.1.3 h1:fAf7PZa2A55mCeh0KKM02f1k2Y4vEmxuZZ/51ahkkLA=
@@ -128,8 +128,8 @@ github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+M
 github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.1.13-0.20230922035004-b6d323004edd h1:R7DOvvQfYMmsdIr43wCQGHregky4/FGcvOEcIuxEt5w=
-github.com/sagernet/sing-tun v0.1.13-0.20230922035004-b6d323004edd/go.mod h1:7IGpNWXuP0TnxkUiGJRJjewFLquTOhLw1RtfNgxzjJI=
+github.com/sagernet/sing-tun v0.1.13-0.20230926093931-2a0a0ab228fc h1:LyN1pNYqU1+f4Ql0xM8oyYCVoSpGZlyyhpS8cr0/7/w=
+github.com/sagernet/sing-tun v0.1.13-0.20230926093931-2a0a0ab228fc/go.mod h1:7IGpNWXuP0TnxkUiGJRJjewFLquTOhLw1RtfNgxzjJI=
 github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc=
 github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
@@ -214,8 +214,8 @@ golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 h1:CawjfCvY
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6/go.mod h1:3rxYc4HtVcSG9gVaTs2GEBdehh+sYPOwKtyUWEOTb80=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:bVf09lpb+OJbByTj913DRJioFFAjf/ZGxEz7MajTp2U=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
-google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58=
-google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I=
+google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
--- a/inbound/trojan.go
+++ b/inbound/trojan.go
@@ -227,10 +227,3 @@ func (t *trojanTransportHandler) NewConnection(ctx context.Context, conn net.Con
 		Destination: metadata.Destination,
 	})
 }
-
-func (t *trojanTransportHandler) FallbackConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	return (*Trojan)(t).fallbackConnection(ctx, conn, adapter.InboundContext{
-		Source:      metadata.Source,
-		Destination: metadata.Destination,
-	})
-}
--- a/inbound/vless.go
+++ b/inbound/vless.go
@@ -189,7 +189,3 @@ func (t *vlessTransportHandler) NewConnection(ctx context.Context, conn net.Conn
 		Destination: metadata.Destination,
 	})
 }
-
-func (t *vlessTransportHandler) FallbackConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	return os.ErrInvalid
-}
--- a/inbound/vmess.go
+++ b/inbound/vmess.go
@@ -198,7 +198,3 @@ func (t *vmessTransportHandler) NewConnection(ctx context.Context, conn net.Conn
 		Destination: metadata.Destination,
 	})
 }
-
-func (t *vmessTransportHandler) FallbackConnection(ctx context.Context, conn net.Conn, metadata M.Metadata) error {
-	return os.ErrInvalid
-}
--- a/test/go.mod
+++ b/test/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/docker/docker v24.0.6+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/gofrs/uuid/v5 v5.0.0
-	github.com/sagernet/sing v0.2.12-0.20230921162020-494f88c9b8bf
+	github.com/sagernet/sing v0.2.12-0.20230925124400-0531fd63eaba
 	github.com/sagernet/sing-quic v0.1.1-0.20230922040527-541e66a4a16d
 	github.com/sagernet/sing-shadowsocks v0.2.5
 	github.com/sagernet/sing-shadowsocks2 v0.1.4
@@ -78,7 +78,7 @@ require (
 	github.com/sagernet/sing-dns v0.1.10-0.20230921024525-fc3e4c051ccd // indirect
 	github.com/sagernet/sing-mux v0.1.3 // indirect
 	github.com/sagernet/sing-shadowtls v0.1.4 // indirect
-	github.com/sagernet/sing-tun v0.1.13-0.20230922035004-b6d323004edd // indirect
+	github.com/sagernet/sing-tun v0.1.13-0.20230926093931-2a0a0ab228fc // indirect
 	github.com/sagernet/sing-vmess v0.1.8 // indirect
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 // indirect
 	github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6 // indirect
@@ -101,7 +101,7 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
-	google.golang.org/grpc v1.58.1 // indirect
+	google.golang.org/grpc v1.58.2 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gotest.tools/v3 v3.4.0 // indirect
--- a/test/go.sum
+++ b/test/go.sum
@@ -129,8 +129,8 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.12-0.20230921162020-494f88c9b8bf h1:O8jjYmCExZbsgmqZEHyn05C/7ZzD0SLTG21QNcYoP2Q=
-github.com/sagernet/sing v0.2.12-0.20230921162020-494f88c9b8bf/go.mod h1:GQ673iPfUnkbK/dIPkfd1Xh1MjOGo36gkl/mkiHY7Jg=
+github.com/sagernet/sing v0.2.12-0.20230925124400-0531fd63eaba h1:RTf3zQGQdlmCNNR92cJDJAnLgbPhsM2sLAQ+aMIuVTQ=
+github.com/sagernet/sing v0.2.12-0.20230925124400-0531fd63eaba/go.mod h1:GQ673iPfUnkbK/dIPkfd1Xh1MjOGo36gkl/mkiHY7Jg=
 github.com/sagernet/sing-dns v0.1.10-0.20230921024525-fc3e4c051ccd h1:czixTtZijtdR4bMQYT/0LZy1x5ouiaDBi742YE0zudU=
 github.com/sagernet/sing-dns v0.1.10-0.20230921024525-fc3e4c051ccd/go.mod h1:y76ieq1uilVg6fe5wJWqM2oKjdrn4q0lY1nwAZ86ok0=
 github.com/sagernet/sing-mux v0.1.3 h1:fAf7PZa2A55mCeh0KKM02f1k2Y4vEmxuZZ/51ahkkLA=
@@ -141,8 +141,8 @@ github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+M
 github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.1.13-0.20230922035004-b6d323004edd h1:R7DOvvQfYMmsdIr43wCQGHregky4/FGcvOEcIuxEt5w=
-github.com/sagernet/sing-tun v0.1.13-0.20230922035004-b6d323004edd/go.mod h1:7IGpNWXuP0TnxkUiGJRJjewFLquTOhLw1RtfNgxzjJI=
+github.com/sagernet/sing-tun v0.1.13-0.20230926093931-2a0a0ab228fc h1:LyN1pNYqU1+f4Ql0xM8oyYCVoSpGZlyyhpS8cr0/7/w=
+github.com/sagernet/sing-tun v0.1.13-0.20230926093931-2a0a0ab228fc/go.mod h1:7IGpNWXuP0TnxkUiGJRJjewFLquTOhLw1RtfNgxzjJI=
 github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc=
 github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
@@ -252,6 +252,7 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
 google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58=
 google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
--- a/transport/dhcp/server.go
+++ b/transport/dhcp/server.go
@@ -6,6 +6,7 @@ import (
 	"net/netip"
 	"net/url"
 	"os"
+	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -176,7 +177,11 @@ func (t *Transport) fetchServers0(ctx context.Context, iface *net.Interface) err
 	var listener net.ListenConfig
 	listener.Control = control.Append(listener.Control, control.BindToInterface(t.router.InterfaceFinder(), iface.Name, iface.Index))
 	listener.Control = control.Append(listener.Control, control.ReuseAddr())
-	packetConn, err := listener.ListenPacket(t.ctx, "udp4", "0.0.0.0:68")
+	listenAddr := "0.0.0.0:68"
+	if runtime.GOOS == "linux" || runtime.GOOS == "android" {
+		listenAddr = "255.255.255.255:68"
+	}
+	packetConn, err := listener.ListenPacket(t.ctx, "udp4", listenAddr)
 	if err != nil {
 		return err
 	}
--- a/transport/v2raygrpclite/server.go
+++ b/transport/v2raygrpclite/server.go
@@ -64,15 +64,15 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 		return
 	}
 	if request.URL.Path != s.path {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
+		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
 		return
 	}
 	if request.Method != http.MethodPost {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad method: ", request.Method))
+		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad method: ", request.Method))
 		return
 	}
 	if ct := request.Header.Get("Content-Type"); !strings.HasPrefix(ct, "application/grpc") {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad content type: ", ct))
+		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad content type: ", ct))
 		return
 	}
 	writer.Header().Set("Content-Type", "application/grpc")
@@ -85,18 +85,11 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	conn.CloseWrapper()
 }

-func (s *Server) fallbackRequest(ctx context.Context, writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
-	conn := v2rayhttp.NewHTTPConn(request.Body, writer)
-	fErr := s.handler.FallbackConnection(ctx, &conn, M.Metadata{})
-	if fErr == nil {
-		return
-	} else if fErr == os.ErrInvalid {
-		fErr = nil
-	}
+func (s *Server) invalidRequest(writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
 	if statusCode > 0 {
 		writer.WriteHeader(statusCode)
 	}
-	s.handler.NewError(request.Context(), E.Cause(E.Errors(err, E.Cause(fErr, "fallback connection")), "process connection from ", request.RemoteAddr))
+	s.handler.NewError(request.Context(), E.Cause(err, "process connection from ", request.RemoteAddr))
 }

 func (s *Server) Serve(listener net.Listener) error {
--- a/transport/v2rayhttp/server.go
+++ b/transport/v2rayhttp/server.go
@@ -85,15 +85,15 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	}
 	host := request.Host
 	if len(s.host) > 0 && !common.Contains(s.host, host) {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusBadRequest, E.New("bad host: ", host))
+		s.invalidRequest(writer, request, http.StatusBadRequest, E.New("bad host: ", host))
 		return
 	}
 	if !strings.HasPrefix(request.URL.Path, s.path) {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
+		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
 		return
 	}
 	if request.Method != s.method {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad method: ", request.Method))
+		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad method: ", request.Method))
 		return
 	}

@@ -113,7 +113,7 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 			requestBody = buf.NewSize(contentLength)
 			_, err := requestBody.ReadFullFrom(request.Body, contentLength)
 			if err != nil {
-				s.fallbackRequest(request.Context(), writer, request, 0, E.Cause(err, "read request"))
+				s.invalidRequest(writer, request, 0, E.Cause(err, "read request"))
 				return
 			}
 		}
@@ -121,14 +121,15 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 		writer.(http.Flusher).Flush()
 		conn, reader, err := h.Hijack()
 		if err != nil {
-			s.fallbackRequest(request.Context(), writer, request, 0, E.Cause(err, "hijack conn"))
+			s.invalidRequest(writer, request, 0, E.Cause(err, "hijack conn"))
 			return
 		}
 		if cacheLen := reader.Reader.Buffered(); cacheLen > 0 {
 			cache := buf.NewSize(cacheLen)
 			_, err = cache.ReadFullFrom(reader.Reader, cacheLen)
 			if err != nil {
-				s.fallbackRequest(request.Context(), writer, request, 0, E.Cause(err, "read cache"))
+				conn.Close()
+				s.invalidRequest(writer, request, 0, E.Cause(err, "read cache"))
 				return
 			}
 			conn = bufio.NewCachedConn(conn, cache)
@@ -148,18 +149,11 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	}
 }

-func (s *Server) fallbackRequest(ctx context.Context, writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
-	conn := NewHTTPConn(request.Body, writer)
-	fErr := s.handler.FallbackConnection(ctx, &conn, M.Metadata{})
-	if fErr == nil {
-		return
-	} else if fErr == os.ErrInvalid {
-		fErr = nil
-	}
+func (s *Server) invalidRequest(writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
 	if statusCode > 0 {
 		writer.WriteHeader(statusCode)
 	}
-	s.handler.NewError(request.Context(), E.Cause(E.Errors(err, E.Cause(fErr, "fallback connection")), "process connection from ", request.RemoteAddr))
+	s.handler.NewError(request.Context(), E.Cause(err, "process connection from ", request.RemoteAddr))
 }

 func (s *Server) Serve(listener net.Listener) error {
--- a/transport/v2raywebsocket/server.go
+++ b/transport/v2raywebsocket/server.go
@@ -12,7 +12,6 @@ import (
 	"github.com/sagernet/sing-box/common/tls"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing-box/transport/v2rayhttp"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
@@ -69,7 +68,7 @@ var upgrader = websocket.Upgrader{
 func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	if s.maxEarlyData == 0 || s.earlyDataHeaderName != "" {
 		if request.URL.Path != s.path {
-			s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
+			s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
 			return
 		}
 	}
@@ -83,7 +82,7 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 			earlyDataStr := request.URL.RequestURI()[len(s.path):]
 			earlyData, err = base64.RawURLEncoding.DecodeString(earlyDataStr)
 		} else {
-			s.fallbackRequest(request.Context(), writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
+			s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
 			return
 		}
 	} else {
@@ -93,12 +92,12 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 		}
 	}
 	if err != nil {
-		s.fallbackRequest(request.Context(), writer, request, http.StatusBadRequest, E.Cause(err, "decode early data"))
+		s.invalidRequest(writer, request, http.StatusBadRequest, E.Cause(err, "decode early data"))
 		return
 	}
 	wsConn, err := upgrader.Upgrade(writer, request, nil)
 	if err != nil {
-		s.fallbackRequest(request.Context(), writer, request, 0, E.Cause(err, "upgrade websocket connection"))
+		s.invalidRequest(writer, request, 0, E.Cause(err, "upgrade websocket connection"))
 		return
 	}
 	var metadata M.Metadata
@@ -110,18 +109,11 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	s.handler.NewConnection(request.Context(), conn, metadata)
 }

-func (s *Server) fallbackRequest(ctx context.Context, writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
-	conn := v2rayhttp.NewHTTPConn(request.Body, writer)
-	fErr := s.handler.FallbackConnection(ctx, &conn, M.Metadata{})
-	if fErr == nil {
-		return
-	} else if fErr == os.ErrInvalid {
-		fErr = nil
-	}
+func (s *Server) invalidRequest(writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
 	if statusCode > 0 {
 		writer.WriteHeader(statusCode)
 	}
-	s.handler.NewError(request.Context(), E.Cause(E.Errors(err, E.Cause(fErr, "fallback connection")), "process connection from ", request.RemoteAddr))
+	s.handler.NewError(request.Context(), E.Cause(err, "process connection from ", request.RemoteAddr))
 }

 func (s *Server) Network() []string {
Author	SHA1	Message	Date
世界	9c4d08c6e1	documentation: Bump version	2023-09-28 16:02:54 +08:00
世界	e26096085e	Remove invalid code	2023-09-28 15:52:05 +08:00
世界	2f1b2199c5	Fix DHCPv4 listen address	2023-09-27 18:25:23 +08:00
世界	af791db01f	documentation: Bump version	2023-09-27 14:16:04 +08:00
世界	abcf030d89	Update dependencies	2023-09-27 14:16:04 +08:00
世界	7840dc73e3	Fix resolve dialer	2023-09-27 13:17:16 +08:00
世界	df9050400e	android: Fix netlink check	2023-09-26 17:41:07 +08:00
世界	fdd38d6cf8	documentation: Bump version	2023-09-25 21:56:32 +08:00
世界	9891fd672f	Reject SOCKS4 unauthenticated request	2023-09-25 21:16:14 +08:00
世界	92a84ee112	Update dependencies	2023-09-25 17:56:21 +08:00