documentation: Bump version

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -46,6 +46,7 @@ body:
       description: If you are using the original command line program, please provide the output of the `sing-box version` command.
       value: |-
         <details>
+
         ```console
         # Replace this line with the output
         ```
@@ -71,6 +72,7 @@ body:
         For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs.
       value: |-
         <details>
+        
         ```console
         # Replace this line with logs
         ```

.github/ISSUE_TEMPLATE/bug_report_zh.yml

@@ -46,6 +46,7 @@ body:
       description: 如果您使用原始命令行程序，请提供 `sing-box version` 命令的输出。
       value: |-
         <details>
+
         ```console
         # 使用输出内容覆盖此行
         ```
@@ -71,6 +72,7 @@ body:
         对于 Android 图形客户端程序，请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。
       value: |-
         <details>
+        
         ```console
         # 使用日志内容覆盖此行
         ```

.github/workflows/debug.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
         with:
           fetch-depth: 0
       - name: Get latest go version
@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -70,7 +70,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -201,7 +201,7 @@ jobs:
       TAGS: with_clash_api,with_quic
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
         with:
           fetch-depth: 0
       - name: Get latest go version

.github/workflows/docker.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - name: Setup Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Setup QEMU for Docker Buildx
@@ -39,6 +39,8 @@ jobs:
         with:
           platforms: linux/386,linux/amd64,linux/arm64,linux/s390x
           target: dist
+          build-args: |
+            BUILDKIT_CONTEXT_KEEP_GIT_DIR=1
           tags: |
             ${{ steps.tag.outputs.latest }}
             ${{ steps.tag.outputs.versioned }}

.github/workflows/lint.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
         with:
           fetch-depth: 0
       - name: Get latest go version

.goreleaser.yaml

@@ -19,10 +19,12 @@ builds:
       - with_ech
       - with_utls
       - with_reality_server
+      - with_acme
       - with_clash_api
     env:
       - CGO_ENABLED=0
     targets:
+      - linux_386
       - linux_amd64_v1
       - linux_amd64_v3
       - linux_arm64
@@ -55,11 +57,12 @@ builds:
       - with_ech
       - with_utls
       - with_reality_server
+      - with_acme
       - with_clash_api
     env:
       - CGO_ENABLED=0
-      - GOROOT=/nix/store/5h8gjl89zx8qxgc572wa3k81zplv8v4z-go-1.20.10/share/go
-    gobinary: /nix/store/5h8gjl89zx8qxgc572wa3k81zplv8v4z-go-1.20.10/bin/go
+      - GOROOT=/nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/share/go
+    gobinary: /nix/store/kg6i737jjqs923jcijnm003h68c1dghj-go-1.20.11/bin/go
     targets:
       - windows_amd64_v1
       - windows_386
@@ -83,6 +86,8 @@ builds:
       - with_wireguard
       - with_ech
       - with_utls
+      - with_reality_server
+      - with_acme
       - with_clash_api
     env:
       - CGO_ENABLED=1
@@ -153,6 +158,7 @@ nfpms:
     formats:
       - deb
       - rpm
+      - archlinux
     priority: extra
     contents:
       - src: release/config/config.json

Dockerfile

@@ -1,23 +1,27 @@
-FROM golang:1.21-alpine AS builder
+FROM --platform=$BUILDPLATFORM golang:1.21-alpine AS builder
 LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
 COPY . /go/src/github.com/sagernet/sing-box
 WORKDIR /go/src/github.com/sagernet/sing-box
+ARG TARGETOS TARGETARCH
 ARG GOPROXY=""
 ENV GOPROXY ${GOPROXY}
 ENV CGO_ENABLED=0
+ENV GOOS=$TARGETOS
+ENV GOARCH=$TARGETARCH
 RUN set -ex \
     && apk add git build-base \
     && export COMMIT=$(git rev-parse --short HEAD) \
     && export VERSION=$(go run ./cmd/internal/read_tag) \
-    && go build -v -trimpath -tags with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_clash_api,with_acme \
+    && go build -v -trimpath -tags \
+        "with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api" \
         -o /go/bin/sing-box \
         -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \
         ./cmd/sing-box
-FROM alpine AS dist
+FROM --platform=$TARGETPLATFORM alpine AS dist
 LABEL maintainer="nekohasekai <contact-git@sekai.icu>"
 RUN set -ex \
     && apk upgrade \
     && apk add bash tzdata ca-certificates \
     && rm -rf /var/cache/apk/*
 COPY --from=builder /go/bin/sing-box /usr/local/bin/sing-box
-ENTRYPOINT ["sing-box"]
+ENTRYPOINT ["sing-box"]

Makefile

@@ -3,7 +3,7 @@ COMMIT = $(shell git rev-parse --short HEAD)
 TAGS_GO118 = with_gvisor,with_dhcp,with_wireguard,with_utls,with_reality_server,with_clash_api
 TAGS_GO120 = with_quic,with_ech
 TAGS ?= $(TAGS_GO118),$(TAGS_GO120)
-TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server,with_shadowsocksr
+TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server
 
 GOHOSTOS = $(shell go env GOHOSTOS)
 GOHOSTARCH = $(shell go env GOHOSTARCH)
@@ -61,7 +61,7 @@ proto_install:
 release:
 	go run ./cmd/internal/build goreleaser release --clean --skip-publish || exit 1
 	mkdir dist/release
-	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/release
+	mv dist/*.tar.gz dist/*.zip dist/*.deb dist/*.rpm dist/*.pkg.tar.zst dist/release
 	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release
 	rm -r dist/release
 
@@ -73,18 +73,21 @@ update_android_version:
 	go run ./cmd/internal/update_android_version
 
 build_android:
-	cd ../sing-box-for-android && ./gradlew :app:assembleRelease && ./gradlew --stop
+	cd ../sing-box-for-android && ./gradlew :app:assemblePlayRelease && ./gradlew --stop
 
 upload_android:
 	mkdir -p dist/release_android
-	cp ../sing-box-for-android/app/build/outputs/apk/release/*.apk dist/release_android
+	cp ../sing-box-for-android/app/build/outputs/apk/play/release/*.apk dist/release_android
 	ghr --replace --draft --prerelease -p 3 "v${VERSION}" dist/release_android
 	rm -rf dist/release_android
 
 release_android: lib_android update_android_version build_android upload_android
 
 publish_android:
-	cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadRelease
+	cd ../sing-box-for-android && ./gradlew :app:publishPlayReleaseBundle
+
+publish_android_appcenter:
+	cd ../sing-box-for-android && ./gradlew :app:appCenterAssembleAndUploadPlayRelease
 
 build_ios:
 	cd ../sing-box-for-apple && \
@@ -149,10 +152,8 @@ update_apple_version:
 	go run ./cmd/internal/update_apple_version
 
 release_apple: lib_ios update_apple_version release_ios release_macos release_tvos release_macos_independent
-	rm -rf dist
 
 release_apple_beta: update_apple_version release_ios release_macos release_tvos
-	rm -rf dist
 
 test:
 	@go test -v ./... && \

box.go

@@ -41,6 +41,7 @@ type Options struct {
 	option.Options
 	Context           context.Context
 	PlatformInterface platform.Interface
+	PlatformLogWriter log.PlatformWriter
 }
 
 func New(options Options) (*Box, error) {
@@ -71,7 +72,7 @@ func New(options Options) (*Box, error) {
 		Observable:     needClashAPI,
 		DefaultWriter:  defaultLogWriter,
 		BaseTime:       createdAt,
-		PlatformWriter: options.PlatformInterface,
+		PlatformWriter: options.PlatformLogWriter,
 	})
 	if err != nil {
 		return nil, E.Cause(err, "create log factory")

cmd/internal/build_shared/tag.go

@@ -17,9 +17,6 @@ func ReadTag() (string, error) {
 	}
 	shortCommit, _ := shell.Exec("git", "rev-parse", "--short", "HEAD").ReadOutput()
 	version := badversion.Parse(currentTagRev[1:])
-	if version.PreReleaseIdentifier == "" {
-		version.Patch++
-	}
 	return version.String() + "-" + shortCommit, nil
 }
 

common/dialer/detour.go

@@ -6,7 +6,6 @@ import (
 	"sync"
 
 	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing/common/bufio/deadline"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
@@ -45,14 +44,7 @@ func (d *DetourDialer) DialContext(ctx context.Context, network string, destinat
 	if err != nil {
 		return nil, err
 	}
-	conn, err := dialer.DialContext(ctx, network, destination)
-	if err != nil {
-		return nil, err
-	}
-	if deadline.NeedAdditionalReadDeadline(conn) {
-		conn = deadline.NewConn(conn)
-	}
-	return conn, nil
+	return dialer.DialContext(ctx, network, destination)
 }
 
 func (d *DetourDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {

constant/v2ray.go

@@ -1,9 +1,8 @@
 package constant
 
 const (
-	V2RayTransportTypeHTTP        = "http"
-	V2RayTransportTypeWebsocket   = "ws"
-	V2RayTransportTypeQUIC        = "quic"
-	V2RayTransportTypeGRPC        = "grpc"
-	V2RayTransportTypeHTTPUpgrade = "httpupgrade"
+	V2RayTransportTypeHTTP      = "http"
+	V2RayTransportTypeWebsocket = "ws"
+	V2RayTransportTypeQUIC      = "quic"
+	V2RayTransportTypeGRPC      = "grpc"
 )

docs/changelog.md

@@ -1,13 +1,25 @@
-#### 1.7.0-alpha.3
+#### 1.6.5
 
-* Add [HTTPUpgrade V2Ray transport](/configuration/shared/v2ray-transport#HTTPUpgrade) support **1**
+* Fix crash if TUIC inbound authentication failed
 * Fixes and improvements
 
-**1**:
+#### 1.6.4
 
-Introduced in V2Ray 5.10.0.
+* Fixes and improvements
 
-The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.
+#### 1.6.3
+
+* iOS/Android: Fix profile auto update
+* Fixes and improvements
+
+#### 1.6.2
+
+* Fixes and improvements
+
+#### 1.6.1
+
+* Our [Android client](/installation/clients/sfa) is now available in the Google Play Store ▶️
+* Fixes and improvements
 
 #### 1.6.0
 
@@ -33,23 +45,6 @@ This update is intended to address the multi-send defects of the old implementat
 Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
 the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
 
-#### 1.7.0-alpha.2
-
-* Fix bugs introduced in 1.7.0-alpha.1
-
-#### 1.7.0-alpha.1
-
-* Add [exclude route support](/configuration/inbound/tun) for TUN inbound
-* Add `udp_disable_domain_unmapping` [inbound listen option](/configuration/shared/listen) **1**
-* Fixes and improvements
-
-**1**:
-
-If enabled, for UDP proxy requests addressed to a domain,
-the original packet address will be sent in the response instead of the mapped domain.
-
-This option is used for compatibility with clients that
-do not support receiving UDP packets with domain addresses, such as Surge.
 
 #### 1.5.5
 
@@ -111,24 +106,6 @@ the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
 * Update golang.org/x/net to v0.17.0
 * Fixes and improvements
 
-#### 1.6.0-beta.3
-
-* Update the legacy Hysteria protocol **1**
-* Fixes and improvements
-
-**1**
-
-Based on discussions with the original author, the brutal CC and QUIC protocol parameters of
-the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2
-
-#### 1.6.0-beta.2
-
-* Add TLS self sign key pair generate command
-* Update brutal congestion control for Hysteria2
-* Fix Clash cache crash on arm32 devices
-* Update golang.org/x/net to v0.17.0
-* Fixes and improvements
-
 #### 1.5.3
 
 * Fix compatibility with Android 14

docs/configuration/inbound/tun.md

@@ -22,12 +22,6 @@
     "::/1",
     "8000::/1"
   ],
-  "inet4_route_exclude_address": [
-    "192.168.0.0/16"
-  ],
-  "inet6_route_exclude_address": [
-    "fc00::/7"
-  ],
   "endpoint_independent_nat": false,
   "stack": "system",
   "include_interface": [
@@ -136,14 +130,6 @@ Use custom routes instead of default when `auto_route` is enabled.
 
 Use custom routes instead of default when `auto_route` is enabled.
 
-#### inet4_route_exclude_address
-
-Exclude custom routes when `auto_route` is enabled.
-
-#### inet6_route_exclude_address
-
-Exclude custom routes when `auto_route` is enabled.
-
 #### endpoint_independent_nat
 
 !!! info ""

docs/configuration/inbound/tun.zh.md

@@ -22,12 +22,6 @@
     "::/1",
     "8000::/1"
   ],
-  "inet4_route_exclude_address": [
-    "192.168.0.0/16"
-  ],
-  "inet6_route_exclude_address": [
-    "fc00::/7"
-  ],
   "endpoint_independent_nat": false,
   "stack": "system",
   "include_interface": [
@@ -137,14 +131,6 @@ tun 接口的 IPv6 前缀。
 
 启用 `auto_route` 时使用自定义路由而不是默认路由。
 
-#### inet4_route_exclude_address
-
-启用 `auto_route` 时排除自定义路由。
-
-#### inet6_route_exclude_address
-
-启用 `auto_route` 时排除自定义路由。
-
 #### endpoint_independent_nat
 
 启用独立于端点的 NAT。

docs/configuration/shared/listen.md

@@ -7,26 +7,28 @@
   "tcp_fast_open": false,
   "tcp_multi_path": false,
   "udp_fragment": false,
-  "udp_timeout": 300,
-  "detour": "another-in",
   "sniff": false,
   "sniff_override_destination": false,
   "sniff_timeout": "300ms",
   "domain_strategy": "prefer_ipv6",
-  "udp_disable_domain_unmapping": false
+  "udp_timeout": 300,
+  "proxy_protocol": false,
+  "proxy_protocol_accept_no_header": false,
+  "detour": "another-in"
 }
 ```
 
 ### Fields
 
-| Field                          | Available Context                                                 |
-|--------------------------------|-------------------------------------------------------------------|
-| `listen`                       | Needs to listen on TCP or UDP.                                    |
-| `listen_port`                  | Needs to listen on TCP or UDP.                                    |
-| `tcp_fast_open`                | Needs to listen on TCP.                                           |
-| `tcp_multi_path`               | Needs to listen on TCP.                                           |
-| `udp_timeout`                  | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
-| `udp_disable_domain_unmapping` | Needs to listen on UDP and accept domain UDP addresses.           |
+| Field                             | Available Context                                                 |
+|-----------------------------------|-------------------------------------------------------------------|
+| `listen`                          | Needs to listen on TCP or UDP.                                    |
+| `listen_port`                     | Needs to listen on TCP or UDP.                                    |
+| `tcp_fast_open`                   | Needs to listen on TCP.                                           |
+| `tcp_multi_path`                  | Needs to listen on TCP.                                           |
+| `udp_timeout`                     | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
+| `proxy_protocol`                  | Needs to listen on TCP.                                           |
+| `proxy_protocol_accept_no_header` | When `proxy_protocol` enabled                                     |
 
 #### listen
 
@@ -54,16 +56,6 @@ Enable TCP Multi Path.
 
 Enable UDP fragmentation.
 
-#### udp_timeout
-
-UDP NAT expiration time in seconds, default is 300 (5 minutes).
-
-#### detour
-
-If set, connections will be forwarded to the specified inbound.
-
-Requires target inbound support, see [Injectable](/configuration/inbound/#fields).
-
 #### sniff
 
 Enable sniffing.
@@ -90,10 +82,20 @@ If set, the requested domain name will be resolved to IP before routing.
 
 If `sniff_override_destination` is in effect, its value will be taken as a fallback.
 
-#### udp_disable_domain_unmapping
+#### udp_timeout
 
-If enabled, for UDP proxy requests addressed to a domain, 
-the original packet address will be sent in the response instead of the mapped domain.
+UDP NAT expiration time in seconds, default is 300 (5 minutes).
 
-This option is used for compatibility with clients that 
-do not support receiving UDP packets with domain addresses, such as Surge.
+#### proxy_protocol
+
+Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header.
+
+#### proxy_protocol_accept_no_header
+
+Accept connections without Proxy Protocol header.
+
+#### detour
+
+If set, connections will be forwarded to the specified inbound.
+
+Requires target inbound support, see [Injectable](/configuration/inbound/#fields).

docs/configuration/shared/listen.zh.md

@@ -7,13 +7,14 @@
   "tcp_fast_open": false,
   "tcp_multi_path": false,
   "udp_fragment": false,
-  "udp_timeout": 300,
-  "detour": "another-in",
   "sniff": false,
   "sniff_override_destination": false,
   "sniff_timeout": "300ms",
   "domain_strategy": "prefer_ipv6",
-  "udp_disable_domain_unmapping": false
+  "udp_timeout": 300,
+  "proxy_protocol": false,
+  "proxy_protocol_accept_no_header": false,
+  "detour": "another-in"
 }
 ```
 
@@ -25,7 +26,8 @@
 | `tcp_fast_open`                   | 需要监听 TCP。                           |
 | `tcp_multi_path`                  | 需要监听 TCP。                           |
 | `udp_timeout`                     | 需要组装 UDP 连接, 当前为 Tun 和 Shadowsocks。 |
-| 
+| `proxy_protocol`                  | 需要监听 TCP。                           |
+| `proxy_protocol_accept_no_header` | `proxy_protocol` 启用时                |
 
 ### 字段
 
@@ -55,16 +57,6 @@
 
 启用 UDP 分段。
 
-#### udp_timeout
-
-UDP NAT 过期时间，以秒为单位，默认为 300（5 分钟）。
-
-#### detour
-
-如果设置，连接将被转发到指定的入站。
-
-需要目标入站支持，参阅 [注入支持](/zh/configuration/inbound/#_3)。
-
 #### sniff
 
 启用协议探测。
@@ -91,8 +83,20 @@ UDP NAT 过期时间，以秒为单位，默认为 300（5 分钟）。
 
 如果 `sniff_override_destination` 生效，它的值将作为后备。
 
-#### udp_disable_domain_unmapping
+#### udp_timeout
 
-如果启用，对于地址为域的 UDP 代理请求，将在响应中发送原始包地址而不是映射的域。
+UDP NAT 过期时间，以秒为单位，默认为 300（5 分钟）。
 
-此选项用于兼容不支持接收带有域地址的 UDP 包的客户端，如 Surge。
+#### proxy_protocol
+
+解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。
+
+#### proxy_protocol_accept_no_header
+
+接受没有代理协议标头的连接。
+
+#### detour
+
+如果设置，连接将被转发到指定的入站。
+
+需要目标入站支持，参阅 [注入支持](/zh/configuration/inbound/#_3)。

docs/configuration/shared/v2ray-transport.md

@@ -15,7 +15,6 @@ Available transports:
 * WebSocket
 * QUIC
 * gRPC
-* HTTPUpgrade
 
 !!! warning "Difference from v2ray-core"
 
@@ -185,32 +184,3 @@ In standard gRPC client:
 If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, `idle_timeout` and `ping_timeout` will be ignored and no keepalive pings will be sent.
 
 Disabled by default.
-
-### HTTPUpgrade
-
-```json
-{
-  "type": "httpupgrade",
-  "host": "",
-  "path": "",
-  "headers": {}
-}
-```
-
-#### host
-
-Host domain.
-
-The server will verify if not empty.
-
-#### path
-
-Path of HTTP request.
-
-The server will verify if not empty.
-
-#### headers
-
-Extra headers of HTTP request.
-
-The server will write in response if not empty.

docs/configuration/shared/v2ray-transport.zh.md

@@ -14,7 +14,6 @@ V2Ray Transport 是 v2ray 发明的一组私有协议，并污染了其他协议
 * WebSocket
 * QUIC
 * gRPC
-* HTTPUpgrade
 
 !!! warning "与 v2ray-core 的区别"
 
@@ -184,32 +183,3 @@ gRPC 服务名称。
 如果启用，客户端传输即使没有活动连接也会发送 keepalive ping。如果禁用，则在没有活动连接时，将忽略 `idle_timeout` 和 `ping_timeout`，并且不会发送 keepalive ping。
 
 默认禁用。
-
-### HTTPUpgrade
-
-```json
-{
-  "type": "httpupgrade",
-  "host": "",
-  "path": "",
-  "headers": {}
-}
-```
-
-#### host
-
-主机域名。
-
-默认服务器将验证。
-
-#### path
-
-HTTP 请求路径
-
-默认服务器将验证。
-
-#### headers
-
-HTTP 请求的额外标头。
-
-默认服务器将写入响应。

docs/installation/clients/sfa.md

@@ -8,7 +8,7 @@ Experimental Android client for sing-box.
 
 #### Download
 
-* [AppCenter](https://install.appcenter.ms/users/nekohasekai/apps/sfa/distribution_groups/publictest)
+* [Play Store](https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
 * [Github Releases](https://github.com/SagerNet/sing-box/releases)
 
 #### Note

experimental/clashapi/api_meta.go

@@ -2,14 +2,12 @@ package clashapi
 
 import (
 	"bytes"
-	"net"
 	"net/http"
 	"time"
 
 	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/experimental/clashapi/trafficontrol"
-	"github.com/sagernet/ws"
-	"github.com/sagernet/ws/wsutil"
+	"github.com/sagernet/websocket"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
@@ -29,16 +27,16 @@ type Memory struct {
 
 func memory(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		var conn net.Conn
-		if r.Header.Get("Upgrade") == "websocket" {
+		var wsConn *websocket.Conn
+		if websocket.IsWebSocketUpgrade(r) {
 			var err error
-			conn, _, _, err = ws.UpgradeHTTP(r, w)
+			wsConn, err = upgrader.Upgrade(w, r, nil)
 			if err != nil {
 				return
 			}
 		}
 
-		if conn == nil {
+		if wsConn == nil {
 			w.Header().Set("Content-Type", "application/json")
 			render.Status(r, http.StatusOK)
 		}
@@ -65,12 +63,13 @@ func memory(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r
 			}); err != nil {
 				break
 			}
-			if conn == nil {
+			if wsConn == nil {
 				_, err = w.Write(buf.Bytes())
 				w.(http.Flusher).Flush()
 			} else {
-				err = wsutil.WriteServerText(conn, buf.Bytes())
+				err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())
 			}
+
 			if err != nil {
 				break
 			}

experimental/clashapi/connections.go

@@ -9,8 +9,7 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/json"
 	"github.com/sagernet/sing-box/experimental/clashapi/trafficontrol"
-	"github.com/sagernet/ws"
-	"github.com/sagernet/ws/wsutil"
+	"github.com/sagernet/websocket"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
@@ -26,13 +25,13 @@ func connectionRouter(router adapter.Router, trafficManager *trafficontrol.Manag
 
 func getConnections(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if r.Header.Get("Upgrade") != "websocket" {
+		if !websocket.IsWebSocketUpgrade(r) {
 			snapshot := trafficManager.Snapshot()
 			render.JSON(w, r, snapshot)
 			return
 		}
 
-		conn, _, _, err := ws.UpgradeHTTP(r, w)
+		conn, err := upgrader.Upgrade(w, r, nil)
 		if err != nil {
 			return
 		}
@@ -57,7 +56,7 @@ func getConnections(trafficManager *trafficontrol.Manager) func(w http.ResponseW
 			if err := json.NewEncoder(buf).Encode(snapshot); err != nil {
 				return err
 			}
-			return wsutil.WriteServerText(conn, buf.Bytes())
+			return conn.WriteMessage(websocket.TextMessage, buf.Bytes())
 		}
 
 		if err = sendSnapshot(); err != nil {

experimental/clashapi/server.go

@@ -25,8 +25,7 @@ import (
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/service"
 	"github.com/sagernet/sing/service/filemanager"
-	"github.com/sagernet/ws"
-	"github.com/sagernet/ws/wsutil"
+	"github.com/sagernet/websocket"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/cors"
@@ -315,7 +314,7 @@ func authentication(serverSecret string) func(next http.Handler) http.Handler {
 			}
 
 			// Browser websocket not support custom header
-			if r.Header.Get("Upgrade") == "websocket" && r.URL.Query().Get("token") != "" {
+			if websocket.IsWebSocketUpgrade(r) && r.URL.Query().Get("token") != "" {
 				token := r.URL.Query().Get("token")
 				if token != serverSecret {
 					render.Status(r, http.StatusUnauthorized)
@@ -352,6 +351,12 @@ func hello(redirect bool) func(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+var upgrader = websocket.Upgrader{
+	CheckOrigin: func(r *http.Request) bool {
+		return true
+	},
+}
+
 type Traffic struct {
 	Up   int64 `json:"up"`
 	Down int64 `json:"down"`
@@ -359,17 +364,16 @@ type Traffic struct {
 
 func traffic(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		var conn net.Conn
-		if r.Header.Get("Upgrade") == "websocket" {
+		var wsConn *websocket.Conn
+		if websocket.IsWebSocketUpgrade(r) {
 			var err error
-			conn, _, _, err = ws.UpgradeHTTP(r, w)
+			wsConn, err = upgrader.Upgrade(w, r, nil)
 			if err != nil {
 				return
 			}
-			defer conn.Close()
 		}
 
-		if conn == nil {
+		if wsConn == nil {
 			w.Header().Set("Content-Type", "application/json")
 			render.Status(r, http.StatusOK)
 		}
@@ -388,11 +392,11 @@ func traffic(trafficManager *trafficontrol.Manager) func(w http.ResponseWriter,
 				break
 			}
 
-			if conn == nil {
+			if wsConn == nil {
 				_, err = w.Write(buf.Bytes())
 				w.(http.Flusher).Flush()
 			} else {
-				err = wsutil.WriteServerText(conn, buf.Bytes())
+				err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())
 			}
 
 			if err != nil {
@@ -428,16 +432,16 @@ func getLogs(logFactory log.ObservableFactory) func(w http.ResponseWriter, r *ht
 		}
 		defer logFactory.UnSubscribe(subscription)
 
-		var conn net.Conn
-		if r.Header.Get("Upgrade") == "websocket" {
-			conn, _, _, err = ws.UpgradeHTTP(r, w)
+		var wsConn *websocket.Conn
+		if websocket.IsWebSocketUpgrade(r) {
+			var err error
+			wsConn, err = upgrader.Upgrade(w, r, nil)
 			if err != nil {
 				return
 			}
-			defer conn.Close()
 		}
 
-		if conn == nil {
+		if wsConn == nil {
 			w.Header().Set("Content-Type", "application/json")
 			render.Status(r, http.StatusOK)
 		}
@@ -461,11 +465,11 @@ func getLogs(logFactory log.ObservableFactory) func(w http.ResponseWriter, r *ht
 			if err != nil {
 				break
 			}
-			if conn == nil {
+			if wsConn == nil {
 				_, err = w.Write(buf.Bytes())
 				w.(http.Flusher).Flush()
 			} else {
-				err = wsutil.WriteServerText(conn, buf.Bytes())
+				err = wsConn.WriteMessage(websocket.TextMessage, buf.Bytes())
 			}
 
 			if err != nil {

experimental/libbox/http.go

@@ -17,8 +17,8 @@ import (
 	"os"
 	"strconv"
 	"sync"
+	"time"
 
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/bufio"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -69,7 +69,7 @@ type httpClient struct {
 
 func NewHTTPClient() HTTPClient {
 	client := new(httpClient)
-	client.client.Timeout = C.TCPTimeout
+	client.client.Timeout = 15 * time.Second
 	client.client.Transport = &client.transport
 	client.transport.TLSClientConfig = &client.tls
 	client.transport.DisableKeepAlives = true
@@ -151,6 +151,9 @@ type httpRequest struct {
 
 func (r *httpRequest) SetURL(link string) (err error) {
 	r.request.URL, err = url.Parse(link)
+	if err != nil {
+		return
+	}
 	if r.request.URL.User != nil {
 		user := r.request.URL.User.Username()
 		password, _ := r.request.URL.User.Password()

experimental/libbox/platform/interface.go

@@ -2,7 +2,6 @@ package platform
 
 import (
 	"context"
-	"io"
 	"net/netip"
 
 	"github.com/sagernet/sing-box/adapter"
@@ -25,7 +24,6 @@ type Interface interface {
 	UnderNetworkExtension() bool
 	ClearDNSCache()
 	process.Searcher
-	io.Writer
 }
 
 type NetworkInterface struct {

experimental/libbox/service.go

@@ -3,6 +3,7 @@ package libbox
 import (
 	"context"
 	"net/netip"
+	"runtime"
 	runtimeDebug "runtime/debug"
 	"syscall"
 
@@ -12,6 +13,7 @@ import (
 	"github.com/sagernet/sing-box/common/urltest"
 	"github.com/sagernet/sing-box/experimental/libbox/internal/procfs"
 	"github.com/sagernet/sing-box/experimental/libbox/platform"
+	"github.com/sagernet/sing-box/log"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-tun"
 	"github.com/sagernet/sing/common"
@@ -44,10 +46,12 @@ func NewService(configContent string, platformInterface PlatformInterface) (*Box
 	ctx = service.ContextWithPtr(ctx, urlTestHistoryStorage)
 	pauseManager := pause.NewDefaultManager(ctx)
 	ctx = pause.ContextWithManager(ctx, pauseManager)
+	platformWrapper := &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()}
 	instance, err := box.New(box.Options{
 		Context:           ctx,
 		Options:           options,
-		PlatformInterface: &platformInterfaceWrapper{iif: platformInterface, useProcFS: platformInterface.UseProcFS()},
+		PlatformInterface: platformWrapper,
+		PlatformLogWriter: platformWrapper,
 	})
 	if err != nil {
 		cancel()
@@ -83,7 +87,10 @@ func (s *BoxService) Wake() {
 	_ = s.instance.Router().ResetNetwork()
 }
 
-var _ platform.Interface = (*platformInterfaceWrapper)(nil)
+var (
+	_ platform.Interface = (*platformInterfaceWrapper)(nil)
+	_ log.PlatformWriter = (*platformInterfaceWrapper)(nil)
+)
 
 type platformInterfaceWrapper struct {
 	iif       PlatformInterface
@@ -115,11 +122,7 @@ func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions
 	if len(options.IncludeAndroidUser) > 0 {
 		return nil, E.New("android: unsupported android_user option")
 	}
-	routeRanges, err := options.BuildAutoRouteRanges()
-	if err != nil {
-		return nil, err
-	}
-	tunFd, err := w.iif.OpenTun(&tunOptions{options, routeRanges, platformOptions})
+	tunFd, err := w.iif.OpenTun(&tunOptions{options, platformOptions})
 	if err != nil {
 		return nil, err
 	}
@@ -135,11 +138,6 @@ func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions
 	return tun.New(*options)
 }
 
-func (w *platformInterfaceWrapper) Write(p []byte) (n int, err error) {
-	w.iif.WriteLog(string(p))
-	return len(p), nil
-}
-
 func (w *platformInterfaceWrapper) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*process.Info, error) {
 	var uid int32
 	if w.useProcFS {
@@ -207,3 +205,11 @@ func (w *platformInterfaceWrapper) UnderNetworkExtension() bool {
 func (w *platformInterfaceWrapper) ClearDNSCache() {
 	w.iif.ClearDNSCache()
 }
+
+func (w *platformInterfaceWrapper) DisableColors() bool {
+	return runtime.GOOS != "android"
+}
+
+func (w *platformInterfaceWrapper) WriteMessage(level log.Level, message string) {
+	w.iif.WriteLog(message)
+}

experimental/libbox/tun.go

@@ -60,7 +60,6 @@ var _ TunOptions = (*tunOptions)(nil)
 
 type tunOptions struct {
 	*tun.Options
-	routeRanges []netip.Prefix
 	option.TunPlatformOptions
 }
 
@@ -92,15 +91,11 @@ func (o *tunOptions) GetStrictRoute() bool {
 }
 
 func (o *tunOptions) GetInet4RouteAddress() RoutePrefixIterator {
-	return mapRoutePrefix(common.Filter(o.routeRanges, func(it netip.Prefix) bool {
-		return it.Addr().Is4()
-	}))
+	return mapRoutePrefix(o.Inet4RouteAddress)
 }
 
 func (o *tunOptions) GetInet6RouteAddress() RoutePrefixIterator {
-	return mapRoutePrefix(common.Filter(o.routeRanges, func(it netip.Prefix) bool {
-		return it.Addr().Is6()
-	}))
+	return mapRoutePrefix(o.Inet6RouteAddress)
 }
 
 func (o *tunOptions) GetIncludePackage() StringIterator {

experimental/v2rayapi/stats_grpc.pb.go

@@ -13,6 +13,12 @@ import (
 // Requires gRPC-Go v1.32.0 or later.
 const _ = grpc.SupportPackageIsVersion7
 
+const (
+	StatsService_GetStats_FullMethodName    = "/experimental.v2rayapi.StatsService/GetStats"
+	StatsService_QueryStats_FullMethodName  = "/experimental.v2rayapi.StatsService/QueryStats"
+	StatsService_GetSysStats_FullMethodName = "/experimental.v2rayapi.StatsService/GetSysStats"
+)
+
 // StatsServiceClient is the client API for StatsService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
@@ -32,7 +38,7 @@ func NewStatsServiceClient(cc grpc.ClientConnInterface) StatsServiceClient {
 
 func (c *statsServiceClient) GetStats(ctx context.Context, in *GetStatsRequest, opts ...grpc.CallOption) (*GetStatsResponse, error) {
 	out := new(GetStatsResponse)
-	err := c.cc.Invoke(ctx, "/experimental.v2rayapi.StatsService/GetStats", in, out, opts...)
+	err := c.cc.Invoke(ctx, StatsService_GetStats_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -41,7 +47,7 @@ func (c *statsServiceClient) GetStats(ctx context.Context, in *GetStatsRequest,
 
 func (c *statsServiceClient) QueryStats(ctx context.Context, in *QueryStatsRequest, opts ...grpc.CallOption) (*QueryStatsResponse, error) {
 	out := new(QueryStatsResponse)
-	err := c.cc.Invoke(ctx, "/experimental.v2rayapi.StatsService/QueryStats", in, out, opts...)
+	err := c.cc.Invoke(ctx, StatsService_QueryStats_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -50,7 +56,7 @@ func (c *statsServiceClient) QueryStats(ctx context.Context, in *QueryStatsReque
 
 func (c *statsServiceClient) GetSysStats(ctx context.Context, in *SysStatsRequest, opts ...grpc.CallOption) (*SysStatsResponse, error) {
 	out := new(SysStatsResponse)
-	err := c.cc.Invoke(ctx, "/experimental.v2rayapi.StatsService/GetSysStats", in, out, opts...)
+	err := c.cc.Invoke(ctx, StatsService_GetSysStats_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -104,7 +110,7 @@ func _StatsService_GetStats_Handler(srv interface{}, ctx context.Context, dec fu
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/experimental.v2rayapi.StatsService/GetStats",
+		FullMethod: StatsService_GetStats_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StatsServiceServer).GetStats(ctx, req.(*GetStatsRequest))
@@ -122,7 +128,7 @@ func _StatsService_QueryStats_Handler(srv interface{}, ctx context.Context, dec
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/experimental.v2rayapi.StatsService/QueryStats",
+		FullMethod: StatsService_QueryStats_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StatsServiceServer).QueryStats(ctx, req.(*QueryStatsRequest))
@@ -140,7 +146,7 @@ func _StatsService_GetSysStats_Handler(srv interface{}, ctx context.Context, dec
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/experimental.v2rayapi.StatsService/GetSysStats",
+		FullMethod: StatsService_GetSysStats_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(StatsServiceServer).GetSysStats(ctx, req.(*SysStatsRequest))

go.mod

@@ -26,27 +26,27 @@ require (
 	github.com/sagernet/gvisor v0.0.0-20230930141345-5fef6f2e17ab
 	github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.2.16-0.20231028125948-afcc9cb766c2
+	github.com/sagernet/sing v0.2.17
 	github.com/sagernet/sing-dns v0.1.10
-	github.com/sagernet/sing-mux v0.1.3
-	github.com/sagernet/sing-quic v0.1.3-0.20231026034240-fa3d997246b6
+	github.com/sagernet/sing-mux v0.1.4
+	github.com/sagernet/sing-quic v0.1.4-0.20231111111624-370e6abf6769
 	github.com/sagernet/sing-shadowsocks v0.2.5
 	github.com/sagernet/sing-shadowsocks2 v0.1.4
 	github.com/sagernet/sing-shadowtls v0.1.4
-	github.com/sagernet/sing-tun v0.1.17-0.20231030120513-2e85725657c1
+	github.com/sagernet/sing-tun v0.1.20-0.20231114091624-78e0dfa18fab
 	github.com/sagernet/sing-vmess v0.1.8
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37
 	github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6
 	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2
+	github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e
 	github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f
-	github.com/sagernet/ws v0.0.0-20231030053741-7d481eb31bed
-	github.com/spf13/cobra v1.7.0
+	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.26.0
 	go4.org/netipx v0.0.0-20230824141953-6213f710f925
-	golang.org/x/crypto v0.14.0
-	golang.org/x/net v0.17.0
-	golang.org/x/sys v0.13.0
+	golang.org/x/crypto v0.15.0
+	golang.org/x/net v0.18.0
+	golang.org/x/sys v0.14.0
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
@@ -61,8 +61,6 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/gobwas/httphead v0.1.0 // indirect
-	github.com/gobwas/pool v0.2.1 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
@@ -88,7 +86,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect

go.sum

@@ -11,7 +11,7 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg=
 github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cretz/bine v0.1.0/go.mod h1:6PF6fWAvYtwjRGkAuDEJeWNOv3a2hUouSP/yRYXmvHw=
 github.com/cretz/bine v0.2.0 h1:8GiDRGlTgz+o8H9DSnsl+5MeBK4HsExxgl6WgzOCuZo=
 github.com/cretz/bine v0.2.0/go.mod h1:WU4o9QR9wWp8AVKtTM1XD5vUHkEqnf2vVSo6dBqbetI=
@@ -31,10 +31,6 @@ github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
-github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
-github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
-github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gofrs/uuid/v5 v5.0.0 h1:p544++a97kEL+svbcFbCQVM9KFu0Yo25UoISXGNNH9M=
 github.com/gofrs/uuid/v5 v5.0.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -114,22 +110,22 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.16-0.20231028125948-afcc9cb766c2 h1:PW18IgRodvppd09d4mewYM3Hedu3PtFERN8yOqkTVk0=
-github.com/sagernet/sing v0.2.16-0.20231028125948-afcc9cb766c2/go.mod h1:AhNEHu0GXrpqkuzvTwvC8+j2cQUU/dh+zLEmq4C99pg=
+github.com/sagernet/sing v0.2.17 h1:vMPKb3MV0Aa5ws4dCJkRI8XEjrsUcDn810czd0FwmzI=
+github.com/sagernet/sing v0.2.17/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo=
 github.com/sagernet/sing-dns v0.1.10 h1:iIU7nRBlUYj+fF2TaktGIvRiTFFrHwSMedLQsvlTZCI=
 github.com/sagernet/sing-dns v0.1.10/go.mod h1:vtUimtf7Nq9EdvD5WTpfCr69KL1M7bcgOVKiYBiAY/c=
-github.com/sagernet/sing-mux v0.1.3 h1:fAf7PZa2A55mCeh0KKM02f1k2Y4vEmxuZZ/51ahkkLA=
-github.com/sagernet/sing-mux v0.1.3/go.mod h1:wGeIeiiFLx4HUM5LAg65wrNZ/X1muOimqK0PEhNbPi0=
-github.com/sagernet/sing-quic v0.1.3-0.20231026034240-fa3d997246b6 h1:w+TUbIZKZFSdf/AUa/y33kY9xaLeNGz/tBNcNhqpqfg=
-github.com/sagernet/sing-quic v0.1.3-0.20231026034240-fa3d997246b6/go.mod h1:1M7xP4802K9Kz6BQ7LlA7UeCapWvWlH1Htmk2bAqkWc=
+github.com/sagernet/sing-mux v0.1.4 h1:BPNPOQr6HkXG3iY/BrfvUKUl+A7gYsGKVSxvoR3PO50=
+github.com/sagernet/sing-mux v0.1.4/go.mod h1:dKvcu/sb3fZ88uGv9vzAqUej6J4W+pHu5GqjRuFwAWs=
+github.com/sagernet/sing-quic v0.1.4-0.20231111111624-370e6abf6769 h1:V84NPJKirL/oDkvUh9Dor2gMZ+TTNHK3jcedqRkgcQA=
+github.com/sagernet/sing-quic v0.1.4-0.20231111111624-370e6abf6769/go.mod h1:iggBfFE2ojS2yYQU8Hnrkm029RsHPdYYIKWqeCI64HE=
 github.com/sagernet/sing-shadowsocks v0.2.5 h1:qxIttos4xu6ii7MTVJYA8EFQR7Q3KG6xMqmLJIFtBaY=
 github.com/sagernet/sing-shadowsocks v0.2.5/go.mod h1:MGWGkcU2xW2G2mfArT9/QqpVLOGU+dBaahZCtPHdt7A=
 github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+MUhpQnAux728=
 github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.1.17-0.20231030120513-2e85725657c1 h1:QxC+myHDZ0BnkIEqXE0lWUzfYEVlhhQdSCo7mOMm7x4=
-github.com/sagernet/sing-tun v0.1.17-0.20231030120513-2e85725657c1/go.mod h1:4ACZp3C6TDSy1rsMrfwtSyLrKPtm9Wm2eKHwhYIojbU=
+github.com/sagernet/sing-tun v0.1.20-0.20231114091624-78e0dfa18fab h1:WTM++II47WUmMgOXMCTUo3E5083I4oII4wd8/Gnsbds=
+github.com/sagernet/sing-tun v0.1.20-0.20231114091624-78e0dfa18fab/go.mod h1:YA4MqRgYbO+igD07xt5WyRLjmwcXD5oRFy2itQbUVK0=
 github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc=
 github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
@@ -138,14 +134,14 @@ github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6 h1:Px+hN4Vzgx+iCGV
 github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6/go.mod h1:zovq6vTvEM6ECiqE3Eeb9rpIylPpamPcmrJ9tv0Bt0M=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
+github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+VpWamge6o56j2RWk4omF6uLKKxMmcWvs=
+github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY=
 github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f h1:Kvo8w8Y9lzFGB/7z09MJ3TR99TFtfI/IuY87Ygcycho=
 github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f/go.mod h1:mySs0abhpc/gLlvhoq7HP1RzOaRmIXVeZGCh++zoApk=
-github.com/sagernet/ws v0.0.0-20231030053741-7d481eb31bed h1:90a510OeE9siSJoYsI8nSjPmA+u5ROMDts/ZkdNsuXY=
-github.com/sagernet/ws v0.0.0-20231030053741-7d481eb31bed/go.mod h1:LtfoSK3+NG57tvnVEHgcuBW9ujgE8enPSgzgwStwCAA=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -173,16 +169,16 @@ go4.org/netipx v0.0.0-20230824141953-6213f710f925 h1:eeQDDVKFkx0g4Hyy8pHgmZaK0Eq
 go4.org/netipx v0.0.0-20230824141953-6213f710f925/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
 golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
+golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
 golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
 golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -193,15 +189,14 @@ golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

inbound/tun.go

@@ -71,25 +71,23 @@ func NewTun(ctx context.Context, router adapter.Router, logger log.ContextLogger
 		logger:         logger,
 		inboundOptions: options.InboundOptions,
 		tunOptions: tun.Options{
-			Name:                     options.InterfaceName,
-			MTU:                      tunMTU,
-			Inet4Address:             options.Inet4Address,
-			Inet6Address:             options.Inet6Address,
-			AutoRoute:                options.AutoRoute,
-			StrictRoute:              options.StrictRoute,
-			IncludeInterface:         options.IncludeInterface,
-			ExcludeInterface:         options.ExcludeInterface,
-			Inet4RouteAddress:        options.Inet4RouteAddress,
-			Inet6RouteAddress:        options.Inet6RouteAddress,
-			Inet4RouteExcludeAddress: options.Inet4RouteExcludeAddress,
-			Inet6RouteExcludeAddress: options.Inet6RouteExcludeAddress,
-			IncludeUID:               includeUID,
-			ExcludeUID:               excludeUID,
-			IncludeAndroidUser:       options.IncludeAndroidUser,
-			IncludePackage:           options.IncludePackage,
-			ExcludePackage:           options.ExcludePackage,
-			InterfaceMonitor:         router.InterfaceMonitor(),
-			TableIndex:               2022,
+			Name:               options.InterfaceName,
+			MTU:                tunMTU,
+			Inet4Address:       options.Inet4Address,
+			Inet6Address:       options.Inet6Address,
+			AutoRoute:          options.AutoRoute,
+			StrictRoute:        options.StrictRoute,
+			IncludeInterface:   options.IncludeInterface,
+			ExcludeInterface:   options.ExcludeInterface,
+			Inet4RouteAddress:  options.Inet4RouteAddress,
+			Inet6RouteAddress:  options.Inet6RouteAddress,
+			IncludeUID:         includeUID,
+			ExcludeUID:         excludeUID,
+			IncludeAndroidUser: options.IncludeAndroidUser,
+			IncludePackage:     options.IncludePackage,
+			ExcludePackage:     options.ExcludePackage,
+			InterfaceMonitor:   router.InterfaceMonitor(),
+			TableIndex:         2022,
 		},
 		endpointIndependentNat: options.EndpointIndependentNat,
 		udpTimeout:             udpTimeout,

log/default.go

@@ -16,11 +16,11 @@ type simpleFactory struct {
 	formatter         Formatter
 	platformFormatter Formatter
 	writer            io.Writer
-	platformWriter    io.Writer
+	platformWriter    PlatformWriter
 	level             Level
 }
 
-func NewFactory(formatter Formatter, writer io.Writer, platformWriter io.Writer) Factory {
+func NewFactory(formatter Formatter, writer io.Writer, platformWriter PlatformWriter) Factory {
 	return &simpleFactory{
 		formatter: formatter,
 		platformFormatter: Formatter{
@@ -76,7 +76,7 @@ func (l *simpleLogger) Log(ctx context.Context, level Level, args []any) {
 		os.Exit(1)
 	}
 	if l.platformWriter != nil {
-		l.platformWriter.Write([]byte(l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime)))
+		l.platformWriter.WriteMessage(level, l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime))
 	}
 }
 

log/log.go

@@ -42,7 +42,7 @@ type Options struct {
 	Observable     bool
 	DefaultWriter  io.Writer
 	BaseTime       time.Time
-	PlatformWriter io.Writer
+	PlatformWriter PlatformWriter
 }
 
 func New(options Options) (Factory, error) {

log/observable.go

@@ -6,7 +6,6 @@ import (
 	"os"
 	"time"
 
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/observable"
@@ -18,18 +17,17 @@ type observableFactory struct {
 	formatter         Formatter
 	platformFormatter Formatter
 	writer            io.Writer
-	platformWriter    io.Writer
+	platformWriter    PlatformWriter
 	level             Level
 	subscriber        *observable.Subscriber[Entry]
 	observer          *observable.Observer[Entry]
 }
 
-func NewObservableFactory(formatter Formatter, writer io.Writer, platformWriter io.Writer) ObservableFactory {
+func NewObservableFactory(formatter Formatter, writer io.Writer, platformWriter PlatformWriter) ObservableFactory {
 	factory := &observableFactory{
 		formatter: formatter,
 		platformFormatter: Formatter{
 			BaseTime:         formatter.BaseTime,
-			DisableColors:    C.IsDarwin || C.IsIos,
 			DisableLineBreak: true,
 		},
 		writer:         writer,
@@ -37,6 +35,9 @@ func NewObservableFactory(formatter Formatter, writer io.Writer, platformWriter
 		level:          LevelTrace,
 		subscriber:     observable.NewSubscriber[Entry](128),
 	}
+	if platformWriter != nil {
+		factory.platformFormatter.DisableColors = platformWriter.DisableColors()
+	}
 	factory.observer = observable.NewObserver[Entry](factory.subscriber, 64)
 	return factory
 }
@@ -94,7 +95,7 @@ func (l *observableLogger) Log(ctx context.Context, level Level, args []any) {
 	}
 	l.subscriber.Emit(Entry{level, messageSimple})
 	if l.platformWriter != nil {
-		l.platformWriter.Write([]byte(l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime)))
+		l.platformWriter.WriteMessage(level, l.platformFormatter.Format(ctx, level, l.tag, F.ToString(args...), nowTime))
 	}
 }
 

log/platform.go

@@ -0,0 +1,6 @@
+package log
+
+type PlatformWriter interface {
+	DisableColors() bool
+	WriteMessage(level Level, message string)
+}

option/inbound.go

@@ -120,11 +120,10 @@ func (h *Inbound) UnmarshalJSON(bytes []byte) error {
 }
 
 type InboundOptions struct {
-	SniffEnabled              bool           `json:"sniff,omitempty"`
-	SniffOverrideDestination  bool           `json:"sniff_override_destination,omitempty"`
-	SniffTimeout              Duration       `json:"sniff_timeout,omitempty"`
-	DomainStrategy            DomainStrategy `json:"domain_strategy,omitempty"`
-	UDPDisableDomainUnmapping bool           `json:"udp_disable_domain_unmapping,omitempty"`
+	SniffEnabled             bool           `json:"sniff,omitempty"`
+	SniffOverrideDestination bool           `json:"sniff_override_destination,omitempty"`
+	SniffTimeout             Duration       `json:"sniff_timeout,omitempty"`
+	DomainStrategy           DomainStrategy `json:"domain_strategy,omitempty"`
 }
 
 type ListenOptions struct {

option/tun.go

@@ -3,28 +3,26 @@ package option
 import "net/netip"
 
 type TunInboundOptions struct {
-	InterfaceName            string                 `json:"interface_name,omitempty"`
-	MTU                      uint32                 `json:"mtu,omitempty"`
-	Inet4Address             Listable[netip.Prefix] `json:"inet4_address,omitempty"`
-	Inet6Address             Listable[netip.Prefix] `json:"inet6_address,omitempty"`
-	AutoRoute                bool                   `json:"auto_route,omitempty"`
-	StrictRoute              bool                   `json:"strict_route,omitempty"`
-	Inet4RouteAddress        Listable[netip.Prefix] `json:"inet4_route_address,omitempty"`
-	Inet6RouteAddress        Listable[netip.Prefix] `json:"inet6_route_address,omitempty"`
-	Inet4RouteExcludeAddress Listable[netip.Prefix] `json:"inet4_route_exclude_address,omitempty"`
-	Inet6RouteExcludeAddress Listable[netip.Prefix] `json:"inet6_route_exclude_address,omitempty"`
-	IncludeInterface         Listable[string]       `json:"include_interface,omitempty"`
-	ExcludeInterface         Listable[string]       `json:"exclude_interface,omitempty"`
-	IncludeUID               Listable[uint32]       `json:"include_uid,omitempty"`
-	IncludeUIDRange          Listable[string]       `json:"include_uid_range,omitempty"`
-	ExcludeUID               Listable[uint32]       `json:"exclude_uid,omitempty"`
-	ExcludeUIDRange          Listable[string]       `json:"exclude_uid_range,omitempty"`
-	IncludeAndroidUser       Listable[int]          `json:"include_android_user,omitempty"`
-	IncludePackage           Listable[string]       `json:"include_package,omitempty"`
-	ExcludePackage           Listable[string]       `json:"exclude_package,omitempty"`
-	EndpointIndependentNat   bool                   `json:"endpoint_independent_nat,omitempty"`
-	UDPTimeout               int64                  `json:"udp_timeout,omitempty"`
-	Stack                    string                 `json:"stack,omitempty"`
-	Platform                 *TunPlatformOptions    `json:"platform,omitempty"`
+	InterfaceName          string                 `json:"interface_name,omitempty"`
+	MTU                    uint32                 `json:"mtu,omitempty"`
+	Inet4Address           Listable[netip.Prefix] `json:"inet4_address,omitempty"`
+	Inet6Address           Listable[netip.Prefix] `json:"inet6_address,omitempty"`
+	AutoRoute              bool                   `json:"auto_route,omitempty"`
+	StrictRoute            bool                   `json:"strict_route,omitempty"`
+	Inet4RouteAddress      Listable[netip.Prefix] `json:"inet4_route_address,omitempty"`
+	Inet6RouteAddress      Listable[netip.Prefix] `json:"inet6_route_address,omitempty"`
+	IncludeInterface       Listable[string]       `json:"include_interface,omitempty"`
+	ExcludeInterface       Listable[string]       `json:"exclude_interface,omitempty"`
+	IncludeUID             Listable[uint32]       `json:"include_uid,omitempty"`
+	IncludeUIDRange        Listable[string]       `json:"include_uid_range,omitempty"`
+	ExcludeUID             Listable[uint32]       `json:"exclude_uid,omitempty"`
+	ExcludeUIDRange        Listable[string]       `json:"exclude_uid_range,omitempty"`
+	IncludeAndroidUser     Listable[int]          `json:"include_android_user,omitempty"`
+	IncludePackage         Listable[string]       `json:"include_package,omitempty"`
+	ExcludePackage         Listable[string]       `json:"exclude_package,omitempty"`
+	EndpointIndependentNat bool                   `json:"endpoint_independent_nat,omitempty"`
+	UDPTimeout             int64                  `json:"udp_timeout,omitempty"`
+	Stack                  string                 `json:"stack,omitempty"`
+	Platform               *TunPlatformOptions    `json:"platform,omitempty"`
 	InboundOptions
 }

option/v2ray_transport.go

@@ -7,12 +7,11 @@ import (
 )
 
 type _V2RayTransportOptions struct {
-	Type               string                  `json:"type,omitempty"`
-	HTTPOptions        V2RayHTTPOptions        `json:"-"`
-	WebsocketOptions   V2RayWebsocketOptions   `json:"-"`
-	QUICOptions        V2RayQUICOptions        `json:"-"`
-	GRPCOptions        V2RayGRPCOptions        `json:"-"`
-	HTTPUpgradeOptions V2RayHTTPUpgradeOptions `json:"-"`
+	Type             string                `json:"type,omitempty"`
+	HTTPOptions      V2RayHTTPOptions      `json:"-"`
+	WebsocketOptions V2RayWebsocketOptions `json:"-"`
+	QUICOptions      V2RayQUICOptions      `json:"-"`
+	GRPCOptions      V2RayGRPCOptions      `json:"-"`
 }
 
 type V2RayTransportOptions _V2RayTransportOptions
@@ -30,8 +29,6 @@ func (o V2RayTransportOptions) MarshalJSON() ([]byte, error) {
 		v = o.QUICOptions
 	case C.V2RayTransportTypeGRPC:
 		v = o.GRPCOptions
-	case C.V2RayTransportTypeHTTPUpgrade:
-		v = o.HTTPUpgradeOptions
 	default:
 		return nil, E.New("unknown transport type: " + o.Type)
 	}
@@ -53,8 +50,6 @@ func (o *V2RayTransportOptions) UnmarshalJSON(bytes []byte) error {
 		v = &o.QUICOptions
 	case C.V2RayTransportTypeGRPC:
 		v = &o.GRPCOptions
-	case C.V2RayTransportTypeHTTPUpgrade:
-		v = &o.HTTPUpgradeOptions
 	default:
 		return E.New("unknown transport type: " + o.Type)
 	}
@@ -90,9 +85,3 @@ type V2RayGRPCOptions struct {
 	PermitWithoutStream bool     `json:"permit_without_stream,omitempty"`
 	ForceLite           bool     `json:"-"` // for test
 }
-
-type V2RayHTTPUpgradeOptions struct {
-	Host    string     `json:"host,omitempty"`
-	Path    string     `json:"path,omitempty"`
-	Headers HTTPHeader `json:"headers,omitempty"`
-}

outbound/default.go

@@ -71,6 +71,7 @@ func NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata a
 	}
 	err = N.ReportHandshakeSuccess(conn)
 	if err != nil {
+		outConn.Close()
 		return err
 	}
 	return CopyEarlyConn(ctx, conn, outConn)
@@ -97,6 +98,7 @@ func NewDirectConnection(ctx context.Context, router adapter.Router, this N.Dial
 	}
 	err = N.ReportHandshakeSuccess(conn)
 	if err != nil {
+		outConn.Close()
 		return err
 	}
 	return CopyEarlyConn(ctx, conn, outConn)
@@ -117,17 +119,14 @@ func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn,
 	}
 	err = N.ReportHandshakeSuccess(conn)
 	if err != nil {
+		outConn.Close()
 		return err
 	}
 	if destinationAddress.IsValid() {
 		if metadata.Destination.IsFqdn() {
-			if metadata.InboundOptions.UDPDisableDomainUnmapping {
-				outConn = bufio.NewUnidirectionalNATPacketConn(bufio.NewPacketConn(outConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
-			} else {
-				outConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
-			}
+			outConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
 		}
-		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
+		if natConn, loaded := common.Cast[*bufio.NATPacketConn](conn); loaded {
 			natConn.UpdateDestination(destinationAddress)
 		}
 	}
@@ -164,13 +163,14 @@ func NewDirectPacketConnection(ctx context.Context, router adapter.Router, this
 	}
 	err = N.ReportHandshakeSuccess(conn)
 	if err != nil {
+		outConn.Close()
 		return err
 	}
 	if destinationAddress.IsValid() {
 		if metadata.Destination.IsFqdn() {
 			outConn = bufio.NewNATPacketConn(bufio.NewPacketConn(outConn), M.SocksaddrFrom(destinationAddress, metadata.Destination.Port), metadata.Destination)
 		}
-		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
+		if natConn, loaded := common.Cast[*bufio.NATPacketConn](conn); loaded {
 			natConn.UpdateDestination(destinationAddress)
 		}
 	}
@@ -192,6 +192,7 @@ func CopyEarlyConn(ctx context.Context, conn net.Conn, serverConn net.Conn) erro
 			_, err := serverConn.Write(payload.Bytes())
 			payload.Release()
 			if err != nil {
+				serverConn.Close()
 				return err
 			}
 			return bufio.CopyConn(ctx, conn, serverConn)
@@ -203,22 +204,26 @@ func CopyEarlyConn(ctx context.Context, conn net.Conn, serverConn net.Conn) erro
 		if err != os.ErrInvalid {
 			if err != nil {
 				payload.Release()
+				serverConn.Close()
 				return err
 			}
 			_, err = payload.ReadOnceFrom(conn)
 			if err != nil && !E.IsTimeout(err) {
 				payload.Release()
+				serverConn.Close()
 				return E.Cause(err, "read payload")
 			}
 			err = conn.SetReadDeadline(time.Time{})
 			if err != nil {
 				payload.Release()
+				serverConn.Close()
 				return err
 			}
 		}
 		_, err = serverConn.Write(payload.Bytes())
 		payload.Release()
 		if err != nil {
+			serverConn.Close()
 			return N.ReportHandshakeFailure(conn, err)
 		}
 	}

route/router_geo_resources.go

@@ -157,12 +157,6 @@ func (r *Router) downloadGeoIPDatabase(savePath string) error {
 		filemanager.MkdirAll(r.ctx, parentDir, 0o755)
 	}
 
-	saveFile, err := filemanager.Create(r.ctx, savePath)
-	if err != nil {
-		return E.Cause(err, "open output file: ", downloadURL)
-	}
-	defer saveFile.Close()
-
 	httpClient := &http.Client{
 		Transport: &http.Transport{
 			ForceAttemptHTTP2:   true,
@@ -182,7 +176,16 @@ func (r *Router) downloadGeoIPDatabase(savePath string) error {
 		return err
 	}
 	defer response.Body.Close()
+
+	saveFile, err := filemanager.Create(r.ctx, savePath)
+	if err != nil {
+		return E.Cause(err, "open output file: ", downloadURL)
+	}
 	_, err = io.Copy(saveFile, response.Body)
+	saveFile.Close()
+	if err != nil {
+		filemanager.Remove(r.ctx, savePath)
+	}
 	return err
 }
 
@@ -209,12 +212,6 @@ func (r *Router) downloadGeositeDatabase(savePath string) error {
 		filemanager.MkdirAll(r.ctx, parentDir, 0o755)
 	}
 
-	saveFile, err := filemanager.Create(r.ctx, savePath)
-	if err != nil {
-		return E.Cause(err, "open output file: ", downloadURL)
-	}
-	defer saveFile.Close()
-
 	httpClient := &http.Client{
 		Transport: &http.Transport{
 			ForceAttemptHTTP2:   true,
@@ -234,7 +231,16 @@ func (r *Router) downloadGeositeDatabase(savePath string) error {
 		return err
 	}
 	defer response.Body.Close()
+
+	saveFile, err := filemanager.Create(r.ctx, savePath)
+	if err != nil {
+		return E.Cause(err, "open output file: ", downloadURL)
+	}
 	_, err = io.Copy(saveFile, response.Body)
+	saveFile.Close()
+	if err != nil {
+		filemanager.Remove(r.ctx, savePath)
+	}
 	return err
 }
 

test/go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/docker/go-connections v0.4.0
 	github.com/gofrs/uuid/v5 v5.0.0
 	github.com/sagernet/quic-go v0.0.0-20231008035953-32727fef9460
-	github.com/sagernet/sing v0.2.16-0.20231028125948-afcc9cb766c2
+	github.com/sagernet/sing v0.2.16-0.20231021090846-8002db54c028
 	github.com/sagernet/sing-dns v0.1.10
 	github.com/sagernet/sing-quic v0.1.3-0.20231026034240-fa3d997246b6
 	github.com/sagernet/sing-shadowsocks v0.2.5
@@ -40,8 +40,6 @@ require (
 	github.com/go-chi/render v1.0.3 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/gobwas/httphead v0.1.0 // indirect
-	github.com/gobwas/pool v0.2.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
@@ -77,13 +75,13 @@ require (
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 // indirect
 	github.com/sagernet/sing-mux v0.1.3 // indirect
 	github.com/sagernet/sing-shadowtls v0.1.4 // indirect
-	github.com/sagernet/sing-tun v0.1.17-0.20231030120513-2e85725657c1 // indirect
+	github.com/sagernet/sing-tun v0.1.17-0.20231026060825-efd9884154a6 // indirect
 	github.com/sagernet/sing-vmess v0.1.8 // indirect
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 // indirect
 	github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6 // indirect
 	github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 // indirect
+	github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e // indirect
 	github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f // indirect
-	github.com/sagernet/ws v0.0.0-20231030053741-7d481eb31bed // indirect
 	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect
 	github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect

test/go.sum

@@ -43,10 +43,6 @@ github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
-github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
-github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
-github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gofrs/uuid/v5 v5.0.0 h1:p544++a97kEL+svbcFbCQVM9KFu0Yo25UoISXGNNH9M=
 github.com/gofrs/uuid/v5 v5.0.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -131,8 +127,8 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.16-0.20231028125948-afcc9cb766c2 h1:PW18IgRodvppd09d4mewYM3Hedu3PtFERN8yOqkTVk0=
-github.com/sagernet/sing v0.2.16-0.20231028125948-afcc9cb766c2/go.mod h1:AhNEHu0GXrpqkuzvTwvC8+j2cQUU/dh+zLEmq4C99pg=
+github.com/sagernet/sing v0.2.16-0.20231021090846-8002db54c028 h1:6GbQt7SC9y5Imrq5jDMbXDSaNiMhJ8KBjhjtQRuqQvE=
+github.com/sagernet/sing v0.2.16-0.20231021090846-8002db54c028/go.mod h1:AhNEHu0GXrpqkuzvTwvC8+j2cQUU/dh+zLEmq4C99pg=
 github.com/sagernet/sing-dns v0.1.10 h1:iIU7nRBlUYj+fF2TaktGIvRiTFFrHwSMedLQsvlTZCI=
 github.com/sagernet/sing-dns v0.1.10/go.mod h1:vtUimtf7Nq9EdvD5WTpfCr69KL1M7bcgOVKiYBiAY/c=
 github.com/sagernet/sing-mux v0.1.3 h1:fAf7PZa2A55mCeh0KKM02f1k2Y4vEmxuZZ/51ahkkLA=
@@ -145,8 +141,8 @@ github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+M
 github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.1.17-0.20231030120513-2e85725657c1 h1:QxC+myHDZ0BnkIEqXE0lWUzfYEVlhhQdSCo7mOMm7x4=
-github.com/sagernet/sing-tun v0.1.17-0.20231030120513-2e85725657c1/go.mod h1:4ACZp3C6TDSy1rsMrfwtSyLrKPtm9Wm2eKHwhYIojbU=
+github.com/sagernet/sing-tun v0.1.17-0.20231026060825-efd9884154a6 h1:4yEXBqQoUgXj7qPSLD6lr+z9/KfsvixO9JUA2i5xnM8=
+github.com/sagernet/sing-tun v0.1.17-0.20231026060825-efd9884154a6/go.mod h1:w2+S+uWE94E/pQWSDdDdMIjwAEb645kuGPunr6ZllUg=
 github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc=
 github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
@@ -155,10 +151,10 @@ github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6 h1:Px+hN4Vzgx+iCGV
 github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6/go.mod h1:zovq6vTvEM6ECiqE3Eeb9rpIylPpamPcmrJ9tv0Bt0M=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2 h1:kDUqhc9Vsk5HJuhfIATJ8oQwBmpOZJuozQG7Vk88lL4=
 github.com/sagernet/utls v0.0.0-20230309024959-6732c2ab36f2/go.mod h1:JKQMZq/O2qnZjdrt+B57olmfgEmLtY9iiSIEYtWvoSM=
+github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+VpWamge6o56j2RWk4omF6uLKKxMmcWvs=
+github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY=
 github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f h1:Kvo8w8Y9lzFGB/7z09MJ3TR99TFtfI/IuY87Ygcycho=
 github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f/go.mod h1:mySs0abhpc/gLlvhoq7HP1RzOaRmIXVeZGCh++zoApk=
-github.com/sagernet/ws v0.0.0-20231030053741-7d481eb31bed h1:90a510OeE9siSJoYsI8nSjPmA+u5ROMDts/ZkdNsuXY=
-github.com/sagernet/ws v0.0.0-20231030053741-7d481eb31bed/go.mod h1:LtfoSK3+NG57tvnVEHgcuBW9ujgE8enPSgzgwStwCAA=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
 github.com/spyzhov/ajson v0.9.0 h1:tF46gJGOenYVj+k9K1U1XpCxVWhmiyY5PsVCAs1+OJ0=
@@ -226,7 +222,6 @@ golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=

test/v2ray_httpupgrade_test.go

@@ -1,16 +0,0 @@
-package main
-
-import (
-	"testing"
-
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/option"
-)
-
-func TestV2RayHTTPUpgrade(t *testing.T) {
-	t.Run("self", func(t *testing.T) {
-		testV2RayTransportSelf(t, &option.V2RayTransportOptions{
-			Type: C.V2RayTransportTypeHTTPUpgrade,
-		})
-	})
-}

transport/trojan/mux.go

@@ -17,7 +17,7 @@ func HandleMuxConnection(ctx context.Context, conn net.Conn, metadata M.Metadata
 		return err
 	}
 	var group task.Group
-	group.Append0(func(ctx context.Context) error {
+	group.Append0(func(_ context.Context) error {
 		var stream net.Conn
 		for {
 			stream, err = session.AcceptStream()

transport/v2ray/transport.go

@@ -8,7 +8,6 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	"github.com/sagernet/sing-box/transport/v2rayhttp"
-	"github.com/sagernet/sing-box/transport/v2rayhttpupgrade"
 	"github.com/sagernet/sing-box/transport/v2raywebsocket"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
@@ -36,8 +35,6 @@ func NewServerTransport(ctx context.Context, options option.V2RayTransportOption
 		return NewQUICServer(ctx, options.QUICOptions, tlsConfig, handler)
 	case C.V2RayTransportTypeGRPC:
 		return NewGRPCServer(ctx, options.GRPCOptions, tlsConfig, handler)
-	case C.V2RayTransportTypeHTTPUpgrade:
-		return v2rayhttpupgrade.NewServer(ctx, options.HTTPUpgradeOptions, tlsConfig, handler)
 	default:
 		return nil, E.New("unknown transport type: " + options.Type)
 	}
@@ -53,14 +50,13 @@ func NewClientTransport(ctx context.Context, dialer N.Dialer, serverAddr M.Socks
 	case C.V2RayTransportTypeGRPC:
 		return NewGRPCClient(ctx, dialer, serverAddr, options.GRPCOptions, tlsConfig)
 	case C.V2RayTransportTypeWebsocket:
-		return v2raywebsocket.NewClient(ctx, dialer, serverAddr, options.WebsocketOptions, tlsConfig)
+		return v2raywebsocket.NewClient(ctx, dialer, serverAddr, options.WebsocketOptions, tlsConfig), nil
 	case C.V2RayTransportTypeQUIC:
 		if tlsConfig == nil {
 			return nil, C.ErrTLSRequired
 		}
 		return NewQUICClient(ctx, dialer, serverAddr, options.QUICOptions, tlsConfig)
-	case C.V2RayTransportTypeHTTPUpgrade:
-		return v2rayhttpupgrade.NewClient(ctx, dialer, serverAddr, options.HTTPUpgradeOptions, tlsConfig)
+
 	default:
 		return nil, E.New("unknown transport type: " + options.Type)
 	}

transport/v2raygrpc/stream_grpc.pb.go

@@ -13,6 +13,10 @@ import (
 // Requires gRPC-Go v1.32.0 or later.
 const _ = grpc.SupportPackageIsVersion7
 
+const (
+	GunService_Tun_FullMethodName = "/transport.v2raygrpc.GunService/Tun"
+)
+
 // GunServiceClient is the client API for GunService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
@@ -29,7 +33,7 @@ func NewGunServiceClient(cc grpc.ClientConnInterface) GunServiceClient {
 }
 
 func (c *gunServiceClient) Tun(ctx context.Context, opts ...grpc.CallOption) (GunService_TunClient, error) {
-	stream, err := c.cc.NewStream(ctx, &GunService_ServiceDesc.Streams[0], "/transport.v2raygrpc.GunService/Tun", opts...)
+	stream, err := c.cc.NewStream(ctx, &GunService_ServiceDesc.Streams[0], GunService_Tun_FullMethodName, opts...)
 	if err != nil {
 		return nil, err
 	}

transport/v2raygrpclite/client.go

@@ -100,7 +100,7 @@ func (c *Client) DialContext(ctx context.Context) (net.Conn, error) {
 			conn.setup(nil, err)
 		} else if response.StatusCode != 200 {
 			response.Body.Close()
-			conn.setup(nil, E.New("unexpected status: ", response.Status))
+			conn.setup(nil, E.New("unexpected status: ", response.StatusCode, " ", response.Status))
 		} else {
 			conn.setup(response.Body, nil)
 		}

transport/v2raygrpclite/server.go

@@ -35,6 +35,10 @@ type Server struct {
 	path         string
 }
 
+func (s *Server) Network() []string {
+	return []string{N.NetworkTCP}
+}
+
 func NewServer(ctx context.Context, options option.V2RayGRPCOptions, tlsConfig tls.ServerConfig, handler adapter.V2RayServerTransportHandler) (*Server, error) {
 	server := &Server{
 		tlsConfig: tlsConfig,
@@ -88,10 +92,6 @@ func (s *Server) invalidRequest(writer http.ResponseWriter, request *http.Reques
 	s.handler.NewError(request.Context(), E.Cause(err, "process connection from ", request.RemoteAddr))
 }
 
-func (s *Server) Network() []string {
-	return []string{N.NetworkTCP}
-}
-
 func (s *Server) Serve(listener net.Listener) error {
 	if s.tlsConfig != nil {
 		if !common.Contains(s.tlsConfig.NextProtos(), http2.NextProtoTLS) {

transport/v2rayhttp/client.go

@@ -81,7 +81,7 @@ func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, opt
 	uri.Path = options.Path
 	err := sHTTP.URLSetPath(&uri, options.Path)
 	if err != nil {
-		return nil, E.New("parse path: " + err.Error())
+		return nil, E.New("failed to set path: " + err.Error())
 	}
 	client.url = &uri
 	return client, nil
@@ -143,7 +143,7 @@ func (c *Client) dialHTTP2(ctx context.Context) (net.Conn, error) {
 			conn.Setup(nil, err)
 		} else if response.StatusCode != 200 {
 			response.Body.Close()
-			conn.Setup(nil, E.New("unexpected status: ", response.Status))
+			conn.Setup(nil, E.New("unexpected status: ", response.StatusCode, " ", response.Status))
 		} else {
 			conn.Setup(response.Body, nil)
 		}

transport/v2rayhttp/server.go

@@ -40,6 +40,10 @@ type Server struct {
 	headers    http.Header
 }
 
+func (s *Server) Network() []string {
+	return []string{N.NetworkTCP}
+}
+
 func NewServer(ctx context.Context, options option.V2RayHTTPOptions, tlsConfig tls.ServerConfig, handler adapter.V2RayServerTransportHandler) (*Server, error) {
 	server := &Server{
 		ctx:       ctx,
@@ -149,10 +153,6 @@ func (s *Server) invalidRequest(writer http.ResponseWriter, request *http.Reques
 	s.handler.NewError(request.Context(), E.Cause(err, "process connection from ", request.RemoteAddr))
 }
 
-func (s *Server) Network() []string {
-	return []string{N.NetworkTCP}
-}
-
 func (s *Server) Serve(listener net.Listener) error {
 	if s.tlsConfig != nil {
 		if len(s.tlsConfig.NextProtos()) == 0 {

transport/v2rayhttpupgrade/client.go

@@ -1,118 +0,0 @@
-package v2rayhttpupgrade
-
-import (
-	std_bufio "bufio"
-	"context"
-	"net"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/tls"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/bufio"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	sHTTP "github.com/sagernet/sing/protocol/http"
-)
-
-var _ adapter.V2RayClientTransport = (*Client)(nil)
-
-type Client struct {
-	dialer     N.Dialer
-	tlsConfig  tls.Config
-	serverAddr M.Socksaddr
-	requestURL url.URL
-	headers    http.Header
-	host       string
-}
-
-func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, options option.V2RayHTTPUpgradeOptions, tlsConfig tls.Config) (*Client, error) {
-	if tlsConfig != nil {
-		if len(tlsConfig.NextProtos()) == 0 {
-			tlsConfig.SetNextProtos([]string{"http/1.1"})
-		}
-	}
-	var host string
-	if options.Host != "" {
-		host = options.Host
-	} else if tlsConfig != nil && tlsConfig.ServerName() != "" {
-		host = tlsConfig.ServerName()
-	} else {
-		host = serverAddr.String()
-	}
-	var requestURL url.URL
-	if tlsConfig == nil {
-		requestURL.Scheme = "http"
-	} else {
-		requestURL.Scheme = "https"
-	}
-	requestURL.Host = serverAddr.String()
-	requestURL.Path = options.Path
-	err := sHTTP.URLSetPath(&requestURL, options.Path)
-	if err != nil {
-		return nil, E.Cause(err, "parse path")
-	}
-	if !strings.HasPrefix(requestURL.Path, "/") {
-		requestURL.Path = "/" + requestURL.Path
-	}
-	headers := make(http.Header)
-	for key, value := range options.Headers {
-		headers[key] = value
-	}
-	return &Client{
-		dialer:     dialer,
-		tlsConfig:  tlsConfig,
-		serverAddr: serverAddr,
-		requestURL: requestURL,
-		headers:    headers,
-		host:       host,
-	}, nil
-}
-
-func (c *Client) DialContext(ctx context.Context) (net.Conn, error) {
-	conn, err := c.dialer.DialContext(ctx, N.NetworkTCP, c.serverAddr)
-	if err != nil {
-		return nil, err
-	}
-	if c.tlsConfig != nil {
-		conn, err = tls.ClientHandshake(ctx, conn, c.tlsConfig)
-		if err != nil {
-			return nil, err
-		}
-	}
-	request := &http.Request{
-		Method: http.MethodGet,
-		URL:    &c.requestURL,
-		Header: c.headers.Clone(),
-		Host:   c.host,
-	}
-	request.Header.Set("Connection", "Upgrade")
-	request.Header.Set("Upgrade", "websocket")
-	err = request.Write(conn)
-	if err != nil {
-		return nil, err
-	}
-	bufReader := std_bufio.NewReader(conn)
-	response, err := http.ReadResponse(bufReader, request)
-	if err != nil {
-		return nil, err
-	}
-	if response.StatusCode != 101 ||
-		!strings.EqualFold(response.Header.Get("Connection"), "upgrade") ||
-		!strings.EqualFold(response.Header.Get("Upgrade"), "websocket") {
-		return nil, E.New("unexpected status: ", response.Status)
-	}
-	if bufReader.Buffered() > 0 {
-		buffer := buf.NewSize(bufReader.Buffered())
-		_, err = buffer.ReadFullFrom(bufReader, buffer.Len())
-		if err != nil {
-			return nil, err
-		}
-		conn = bufio.NewCachedConn(conn, buffer)
-	}
-	return conn, nil
-}

transport/v2rayhttpupgrade/server.go

@@ -1,137 +0,0 @@
-package v2rayhttpupgrade
-
-import (
-	"context"
-	"net"
-	"net/http"
-	"os"
-	"strings"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/tls"
-	C "github.com/sagernet/sing-box/constant"
-	"github.com/sagernet/sing-box/option"
-	"github.com/sagernet/sing/common"
-	E "github.com/sagernet/sing/common/exceptions"
-	M "github.com/sagernet/sing/common/metadata"
-	N "github.com/sagernet/sing/common/network"
-	aTLS "github.com/sagernet/sing/common/tls"
-	sHttp "github.com/sagernet/sing/protocol/http"
-)
-
-var _ adapter.V2RayServerTransport = (*Server)(nil)
-
-type Server struct {
-	ctx        context.Context
-	tlsConfig  tls.ServerConfig
-	handler    adapter.V2RayServerTransportHandler
-	httpServer *http.Server
-	host       string
-	path       string
-	headers    http.Header
-}
-
-func NewServer(ctx context.Context, options option.V2RayHTTPUpgradeOptions, tlsConfig tls.ServerConfig, handler adapter.V2RayServerTransportHandler) (*Server, error) {
-	server := &Server{
-		ctx:       ctx,
-		tlsConfig: tlsConfig,
-		handler:   handler,
-		host:      options.Host,
-		path:      options.Path,
-		headers:   options.Headers.Build(),
-	}
-	if !strings.HasPrefix(server.path, "/") {
-		server.path = "/" + server.path
-	}
-	server.httpServer = &http.Server{
-		Handler:           server,
-		ReadHeaderTimeout: C.TCPTimeout,
-		MaxHeaderBytes:    http.DefaultMaxHeaderBytes,
-		BaseContext: func(net.Listener) context.Context {
-			return ctx
-		},
-		TLSNextProto: make(map[string]func(*http.Server, *tls.STDConn, http.Handler)),
-	}
-	return server, nil
-}
-
-func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
-	host := request.Host
-	if len(s.host) > 0 && host != s.host {
-		s.invalidRequest(writer, request, http.StatusBadRequest, E.New("bad host: ", host))
-		return
-	}
-	if !strings.HasPrefix(request.URL.Path, s.path) {
-		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad path: ", request.URL.Path))
-		return
-	}
-	if request.Method != http.MethodGet {
-		s.invalidRequest(writer, request, http.StatusNotFound, E.New("bad method: ", request.Method))
-		return
-	}
-	if !strings.EqualFold(request.Header.Get("Connection"), "upgrade") {
-		s.invalidRequest(writer, request, http.StatusNotFound, E.New("not a upgrade request"))
-		return
-	}
-	if !strings.EqualFold(request.Header.Get("Upgrade"), "websocket") {
-		s.invalidRequest(writer, request, http.StatusNotFound, E.New("not a websocket request"))
-		return
-	}
-	if request.Header.Get("Sec-WebSocket-Key") != "" {
-		s.invalidRequest(writer, request, http.StatusNotFound, E.New("real websocket request received"))
-		return
-	}
-	hijacker, canHijack := writer.(http.Hijacker)
-	if !canHijack {
-		s.invalidRequest(writer, request, http.StatusInternalServerError, E.New("invalid connection, maybe HTTP/2"))
-		return
-	}
-	conn, _, err := hijacker.Hijack()
-	if err != nil {
-		s.invalidRequest(writer, request, http.StatusInternalServerError, E.Cause(err, "hijack failed"))
-		return
-	}
-	response := &http.Response{
-		StatusCode: 101,
-		Header:     s.headers.Clone(),
-	}
-	response.Header.Set("Connection", "upgrade")
-	response.Header.Set("Upgrade", "websocket")
-	err = response.Write(conn)
-	if err != nil {
-		s.invalidRequest(writer, request, http.StatusInternalServerError, E.Cause(err, "write response failed"))
-		return
-	}
-	var metadata M.Metadata
-	metadata.Source = sHttp.SourceAddress(request)
-	s.handler.NewConnection(request.Context(), conn, metadata)
-}
-
-func (s *Server) invalidRequest(writer http.ResponseWriter, request *http.Request, statusCode int, err error) {
-	if statusCode > 0 {
-		writer.WriteHeader(statusCode)
-	}
-	s.handler.NewError(request.Context(), E.Cause(err, "process connection from ", request.RemoteAddr))
-}
-
-func (s *Server) Network() []string {
-	return []string{N.NetworkTCP}
-}
-
-func (s *Server) Serve(listener net.Listener) error {
-	if s.tlsConfig != nil {
-		if len(s.tlsConfig.NextProtos()) == 0 {
-			s.tlsConfig.SetNextProtos([]string{"http/1.1"})
-		}
-		listener = aTLS.NewListener(listener, s.tlsConfig)
-	}
-	return s.httpServer.Serve(listener)
-}
-
-func (s *Server) ServePacket(listener net.PacketConn) error {
-	return os.ErrInvalid
-}
-
-func (s *Server) Close() error {
-	return common.Close(common.PtrOrNil(s.httpServer))
-}

transport/v2raywebsocket/client.go

@@ -5,37 +5,58 @@ import (
 	"net"
 	"net/http"
 	"net/url"
-	"strings"
 	"time"
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/common/tls"
-	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/option"
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	sHTTP "github.com/sagernet/sing/protocol/http"
-	"github.com/sagernet/ws"
+	"github.com/sagernet/websocket"
 )
 
 var _ adapter.V2RayClientTransport = (*Client)(nil)
 
 type Client struct {
-	dialer              N.Dialer
-	tlsConfig           tls.Config
-	serverAddr          M.Socksaddr
+	dialer              *websocket.Dialer
 	requestURL          url.URL
+	requestURLString    string
 	headers             http.Header
 	maxEarlyData        uint32
 	earlyDataHeaderName string
 }
 
-func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, options option.V2RayWebsocketOptions, tlsConfig tls.Config) (*Client, error) {
+func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, options option.V2RayWebsocketOptions, tlsConfig tls.Config) adapter.V2RayClientTransport {
+	wsDialer := &websocket.Dialer{
+		ReadBufferSize:   4 * 1024,
+		WriteBufferSize:  4 * 1024,
+		HandshakeTimeout: time.Second * 8,
+	}
 	if tlsConfig != nil {
 		if len(tlsConfig.NextProtos()) == 0 {
 			tlsConfig.SetNextProtos([]string{"http/1.1"})
 		}
+		wsDialer.NetDialTLSContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
+			conn, err := dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
+			if err != nil {
+				return nil, err
+			}
+			tlsConn, err := tls.ClientHandshake(ctx, conn, tlsConfig)
+			if err != nil {
+				return nil, err
+			}
+			return &deadConn{tlsConn}, nil
+		}
+	} else {
+		wsDialer.NetDialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
+			conn, err := dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
+			if err != nil {
+				return nil, err
+			}
+			return &deadConn{conn}, nil
+		}
 	}
 	var requestURL url.URL
 	if tlsConfig == nil {
@@ -47,59 +68,37 @@ func NewClient(ctx context.Context, dialer N.Dialer, serverAddr M.Socksaddr, opt
 	requestURL.Path = options.Path
 	err := sHTTP.URLSetPath(&requestURL, options.Path)
 	if err != nil {
-		return nil, E.Cause(err, "parse path")
-	}
-	if !strings.HasPrefix(requestURL.Path, "/") {
-		requestURL.Path = "/" + requestURL.Path
+		return nil
 	}
 	headers := make(http.Header)
 	for key, value := range options.Headers {
 		headers[key] = value
 	}
 	return &Client{
-		dialer,
-		tlsConfig,
-		serverAddr,
+		wsDialer,
 		requestURL,
+		requestURL.String(),
 		headers,
 		options.MaxEarlyData,
 		options.EarlyDataHeaderName,
-	}, nil
-}
-
-func (c *Client) dialContext(ctx context.Context, requestURL *url.URL, headers http.Header) (*WebsocketConn, error) {
-	conn, err := c.dialer.DialContext(ctx, N.NetworkTCP, c.serverAddr)
-	if err != nil {
-		return nil, err
 	}
-	if c.tlsConfig != nil {
-		conn, err = tls.ClientHandshake(ctx, conn, c.tlsConfig)
-		if err != nil {
-			return nil, err
-		}
-	}
-	conn.SetDeadline(time.Now().Add(C.TCPTimeout))
-	var protocols []string
-	if protocolHeader := headers.Get("Sec-WebSocket-Protocol"); protocolHeader != "" {
-		protocols = []string{protocolHeader}
-		headers.Del("Sec-WebSocket-Protocol")
-	}
-	reader, _, err := ws.Dialer{Header: ws.HandshakeHeaderHTTP(headers), Protocols: protocols}.Upgrade(conn, requestURL)
-	conn.SetDeadline(time.Time{})
-	if err != nil {
-		return nil, err
-	}
-	return NewConn(conn, reader, nil, ws.StateClientSide), nil
 }
 
 func (c *Client) DialContext(ctx context.Context) (net.Conn, error) {
 	if c.maxEarlyData <= 0 {
-		conn, err := c.dialContext(ctx, &c.requestURL, c.headers)
-		if err != nil {
-			return nil, err
+		conn, response, err := c.dialer.DialContext(ctx, c.requestURLString, c.headers)
+		if err == nil {
+			return &WebsocketConn{Conn: conn, Writer: NewWriter(conn, false)}, nil
 		}
-		return conn, nil
+		return nil, wrapDialError(response, err)
 	} else {
 		return &EarlyWebsocketConn{Client: c, ctx: ctx, create: make(chan struct{})}, nil
 	}
 }
+
+func wrapDialError(response *http.Response, err error) error {
+	if response == nil {
+		return err
+	}
+	return E.Extend(err, "HTTP ", response.StatusCode, " ", response.Status)
+}

transport/v2raywebsocket/conn.go

@@ -1,11 +1,11 @@
 package v2raywebsocket
 
 import (
-	"bufio"
 	"context"
 	"encoding/base64"
 	"io"
 	"net"
+	"net/http"
 	"os"
 	"sync"
 	"time"
@@ -13,96 +13,50 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
-	"github.com/sagernet/sing/common/debug"
 	E "github.com/sagernet/sing/common/exceptions"
-	"github.com/sagernet/ws"
-	"github.com/sagernet/ws/wsutil"
+	"github.com/sagernet/websocket"
 )
 
 type WebsocketConn struct {
-	net.Conn
+	*websocket.Conn
 	*Writer
-	state          ws.State
-	reader         *wsutil.Reader
-	controlHandler wsutil.FrameHandlerFunc
-	remoteAddr     net.Addr
+	remoteAddr net.Addr
+	reader     io.Reader
 }
 
-func NewConn(conn net.Conn, br *bufio.Reader, remoteAddr net.Addr, state ws.State) *WebsocketConn {
-	controlHandler := wsutil.ControlFrameHandler(conn, state)
-	var reader io.Reader
-	if br != nil && br.Buffered() > 0 {
-		reader = br
-	} else {
-		reader = conn
-	}
+func NewServerConn(wsConn *websocket.Conn, remoteAddr net.Addr) *WebsocketConn {
 	return &WebsocketConn{
-		Conn:  conn,
-		state: state,
-		reader: &wsutil.Reader{
-			Source:          reader,
-			State:           state,
-			SkipHeaderCheck: !debug.Enabled,
-			OnIntermediate:  controlHandler,
-		},
-		controlHandler: controlHandler,
-		remoteAddr:     remoteAddr,
-		Writer:         NewWriter(conn, state),
+		Conn:       wsConn,
+		remoteAddr: remoteAddr,
+		Writer:     NewWriter(wsConn, true),
 	}
 }
 
 func (c *WebsocketConn) Close() error {
-	c.Conn.SetWriteDeadline(time.Now().Add(C.TCPTimeout))
-	frame := ws.NewCloseFrame(ws.NewCloseFrameBody(
-		ws.StatusNormalClosure, "",
-	))
-	if c.state == ws.StateClientSide {
-		frame = ws.MaskFrameInPlace(frame)
+	err := c.WriteControl(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""), time.Now().Add(C.TCPTimeout))
+	if err != nil {
+		return c.Conn.Close()
 	}
-	ws.WriteFrame(c.Conn, frame)
-	c.Conn.Close()
 	return nil
 }
 
 func (c *WebsocketConn) Read(b []byte) (n int, err error) {
-	var header ws.Header
 	for {
+		if c.reader == nil {
+			_, c.reader, err = c.NextReader()
+			if err != nil {
+				err = wrapError(err)
+				return
+			}
+		}
 		n, err = c.reader.Read(b)
-		if n > 0 {
-			err = nil
-			return
-		}
-		if !E.IsMulti(err, io.EOF, wsutil.ErrNoFrameAdvance) {
-			return
-		}
-		header, err = c.reader.NextFrame()
-		if err != nil {
-			return
-		}
-		if header.OpCode.IsControl() {
-			err = c.controlHandler(header, c.reader)
-			if err != nil {
-				return
-			}
+		if E.IsMulti(err, io.EOF) {
+			c.reader = nil
 			continue
 		}
-		if header.OpCode&ws.OpBinary == 0 {
-			err = c.reader.Discard()
-			if err != nil {
-				return
-			}
-			continue
-		}
-	}
-}
-
-func (c *WebsocketConn) Write(p []byte) (n int, err error) {
-	err = wsutil.WriteMessage(c.Conn, c.state, ws.OpBinary, p)
-	if err != nil {
+		err = wrapError(err)
 		return
 	}
-	n = len(p)
-	return
 }
 
 func (c *WebsocketConn) RemoteAddr() net.Addr {
@@ -129,7 +83,11 @@ func (c *WebsocketConn) NeedAdditionalReadDeadline() bool {
 }
 
 func (c *WebsocketConn) Upstream() any {
-	return c.Conn
+	return c.Conn.NetConn()
+}
+
+func (c *WebsocketConn) UpstreamWriter() any {
+	return c.Writer
 }
 
 type EarlyWebsocketConn struct {
@@ -155,7 +113,8 @@ func (c *EarlyWebsocketConn) writeRequest(content []byte) error {
 	var (
 		earlyData []byte
 		lateData  []byte
-		conn      *WebsocketConn
+		conn      *websocket.Conn
+		response  *http.Response
 		err       error
 	)
 	if len(content) > int(c.maxEarlyData) {
@@ -169,16 +128,19 @@ func (c *EarlyWebsocketConn) writeRequest(content []byte) error {
 		if c.earlyDataHeaderName == "" {
 			requestURL := c.requestURL
 			requestURL.Path += earlyDataString
-			conn, err = c.dialContext(c.ctx, &requestURL, c.headers)
+			conn, response, err = c.dialer.DialContext(c.ctx, requestURL.String(), c.headers)
 		} else {
 			headers := c.headers.Clone()
 			headers.Set(c.earlyDataHeaderName, earlyDataString)
-			conn, err = c.dialContext(c.ctx, &c.requestURL, headers)
+			conn, response, err = c.dialer.DialContext(c.ctx, c.requestURLString, headers)
 		}
 	} else {
-		conn, err = c.dialContext(c.ctx, &c.requestURL, c.headers)
+		conn, response, err = c.dialer.DialContext(c.ctx, c.requestURLString, c.headers)
 	}
-	c.conn = conn
+	if err != nil {
+		return wrapDialError(response, err)
+	}
+	c.conn = &WebsocketConn{Conn: conn, Writer: NewWriter(conn, false)}
 	if len(lateData) > 0 {
 		_, err = c.conn.Write(lateData)
 	}
@@ -191,6 +153,9 @@ func (c *EarlyWebsocketConn) Write(b []byte) (n int, err error) {
 	}
 	c.access.Lock()
 	defer c.access.Unlock()
+	if c.err != nil {
+		return 0, c.err
+	}
 	if c.conn != nil {
 		return c.conn.Write(b)
 	}
@@ -212,6 +177,9 @@ func (c *EarlyWebsocketConn) WriteBuffer(buffer *buf.Buffer) error {
 	if c.conn != nil {
 		return c.conn.WriteBuffer(buffer)
 	}
+	if c.err != nil {
+		return c.err
+	}
 	err := c.writeRequest(buffer.Bytes())
 	c.err = err
 	close(c.create)
@@ -262,3 +230,13 @@ func (c *EarlyWebsocketConn) Upstream() any {
 func (c *EarlyWebsocketConn) LazyHeadroom() bool {
 	return c.conn == nil
 }
+
+func wrapError(err error) error {
+	if websocket.IsCloseError(err, websocket.CloseNormalClosure) {
+		return io.EOF
+	}
+	if websocket.IsCloseError(err, websocket.CloseAbnormalClosure) {
+		return net.ErrClosed
+	}
+	return err
+}

transport/v2raywebsocket/mask.go

@@ -0,0 +1,6 @@
+package v2raywebsocket
+
+import _ "unsafe"
+
+//go:linkname maskBytes github.com/sagernet/websocket.maskBytes
+func maskBytes(key [4]byte, pos int, b []byte) int

transport/v2raywebsocket/server.go

@@ -20,7 +20,7 @@ import (
 	N "github.com/sagernet/sing/common/network"
 	aTLS "github.com/sagernet/sing/common/tls"
 	sHttp "github.com/sagernet/sing/protocol/http"
-	"github.com/sagernet/ws"
+	"github.com/sagernet/websocket"
 )
 
 var _ adapter.V2RayServerTransport = (*Server)(nil)
@@ -58,6 +58,13 @@ func NewServer(ctx context.Context, options option.V2RayWebsocketOptions, tlsCon
 	return server, nil
 }
 
+var upgrader = websocket.Upgrader{
+	HandshakeTimeout: C.TCPTimeout,
+	CheckOrigin: func(r *http.Request) bool {
+		return true
+	},
+}
+
 func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	if s.maxEarlyData == 0 || s.earlyDataHeaderName != "" {
 		if request.URL.Path != s.path {
@@ -88,14 +95,14 @@ func (s *Server) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 		s.invalidRequest(writer, request, http.StatusBadRequest, E.Cause(err, "decode early data"))
 		return
 	}
-	wsConn, reader, _, err := ws.UpgradeHTTP(request, writer)
+	wsConn, err := upgrader.Upgrade(writer, request, nil)
 	if err != nil {
 		s.invalidRequest(writer, request, 0, E.Cause(err, "upgrade websocket connection"))
 		return
 	}
 	var metadata M.Metadata
 	metadata.Source = sHttp.SourceAddress(request)
-	conn = NewConn(wsConn, reader.Reader, metadata.Source.TCPAddr(), ws.StateServerSide)
+	conn = NewServerConn(wsConn, metadata.Source.TCPAddr())
 	if len(earlyData) > 0 {
 		conn = bufio.NewCachedConn(conn, buf.As(earlyData))
 	}

transport/v2raywebsocket/writer.go

@@ -2,27 +2,36 @@ package v2raywebsocket
 
 import (
 	"encoding/binary"
-	"io"
 	"math/rand"
 
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/bufio"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/ws"
+	"github.com/sagernet/websocket"
 )
 
 type Writer struct {
+	*websocket.Conn
 	writer   N.ExtendedWriter
 	isServer bool
 }
 
-func NewWriter(writer io.Writer, state ws.State) *Writer {
+func NewWriter(conn *websocket.Conn, isServer bool) *Writer {
 	return &Writer{
-		bufio.NewExtendedWriter(writer),
-		state == ws.StateServerSide,
+		conn,
+		bufio.NewExtendedWriter(conn.NetConn()),
+		isServer,
 	}
 }
 
+func (w *Writer) Write(p []byte) (n int, err error) {
+	err = w.Conn.WriteMessage(websocket.BinaryMessage, p)
+	if err != nil {
+		return
+	}
+	return len(p), nil
+}
+
 func (w *Writer) WriteBuffer(buffer *buf.Buffer) error {
 	var payloadBitLength int
 	dataLen := buffer.Len()
@@ -43,7 +52,7 @@ func (w *Writer) WriteBuffer(buffer *buf.Buffer) error {
 	}
 
 	header := buffer.ExtendHeader(headerLen)
-	header[0] = byte(ws.OpBinary) | 0x80
+	header[0] = websocket.BinaryMessage | 1<<7
 	if w.isServer {
 		header[1] = 0
 	} else {
@@ -63,12 +72,16 @@ func (w *Writer) WriteBuffer(buffer *buf.Buffer) error {
 	if !w.isServer {
 		maskKey := rand.Uint32()
 		binary.BigEndian.PutUint32(header[1+payloadBitLength:], maskKey)
-		ws.Cipher(data, *(*[4]byte)(header[1+payloadBitLength:]), 0)
+		maskBytes(*(*[4]byte)(header[1+payloadBitLength:]), 0, data)
 	}
 
 	return w.writer.WriteBuffer(buffer)
 }
 
+func (w *Writer) Upstream() any {
+	return w.Conn.NetConn()
+}
+
 func (w *Writer) FrontHeadroom() int {
 	return 14
 }