diff --git a/box/clash/note.txt b/box/clash/README.md similarity index 100% rename from box/clash/note.txt rename to box/clash/README.md diff --git a/box/scripts/box.iptables b/box/scripts/box.iptables index 21900c5b..c35a0406 100755 --- a/box/scripts/box.iptables +++ b/box/scripts/box.iptables @@ -79,7 +79,7 @@ bin_alive() { log Error "please check ${bin_name}.log for more information." log Error "killing stale pid $PID" for bin in "${bin_list[@]}"; do - killall -15 "${bin}" >/dev/null 2>&1 || busybox pkill -15 "${bin}" >/dev/null 2>&1 + killall -15 "${bin}" >/dev/null 2>&1 || busybox pkill -15 "${bin}" >/dev/null 2>&1 done cleanup_iptables [ -f "${box_pid}" ] && rm -f "${box_pid}" @@ -146,6 +146,7 @@ intranet=( 240.0.0.0/4 255.0.0.0/4 255.255.255.0/24 + # 255.255.255.255/32 ) intranet+=($(ip address | busybox awk '/inet / && !/127\.0\.0\.1/ {print $2}')) @@ -534,9 +535,9 @@ start_tproxy() { # Disable QUIC if [ "${quic}" = "disable" ]; then - ${iptables} -A OUTPUT -p udp --dport 443 -j REJECT - ${iptables} -A OUTPUT -p udp --dport 80 -j REJECT - # ${iptables} -A OUTPUT -p udp -m multiport --dport 443,80 -j REJECT + # ${iptables} -A OUTPUT -p udp --dport 443 -j REJECT + # ${iptables} -A OUTPUT -p udp --dport 80 -j REJECT + ${iptables} -A OUTPUT -p udp -m multiport --dport 443,80 -j REJECT [ "${iptables}" = "iptables -w 64" ] && log Warning "Disabling QUIC" fi @@ -603,7 +604,7 @@ stop_tproxy() { ${iptables} -t mangle -X DIVERT # flush QUIC - # ${iptables} -D OUTPUT -p udp -m multiport --dport 443,80 -j REJECT + ${iptables} -D OUTPUT -p udp -m multiport --dport 443,80 -j REJECT ${iptables} -D OUTPUT -p udp --dport 443 -j REJECT ${iptables} -D OUTPUT -p udp --dport 80 -j REJECT @@ -638,8 +639,8 @@ stop_tproxy() { cleanup_iptables() { for iptables in "iptables -w 64" "ip6tables -w 64"; do iptables="${iptables}" && { - stop_tproxy stop_redirect + stop_tproxy forward -D } >> /dev/null 2>&1 done diff --git a/box/scripts/box.service b/box/scripts/box.service index f7a84d6e..1a6bd381 100755 --- a/box/scripts/box.service +++ b/box/scripts/box.service @@ -104,7 +104,7 @@ box_permission() { fi log Error "Kernel <${bin_name}> is missing." log Error "Please download the <${bin_name}> kernel and place it in the ${bin_dir}/ directory." - log Debug "exec: su -c /data/adb/box/scripts/box.tool upcore" + log Debug "exec: su -c /data/adb/box/scripts/box.tool upkernel" exit 1 fi } @@ -320,8 +320,8 @@ box_run_bin() { case "${bin_name}" in sing-box) prepare_singbox - if ${bin_path} check -D "${box_dir}/${bin_name}" --config-directory "${box_dir}/${bin_name}" > "${box_run}/${bin_name}.log" 2>&1; then - nohup busybox setuidgid "${box_user_group}" "${bin_path}" run -D "${box_dir}/${bin_name}" --config-directory "${box_dir}/${bin_name}" > "${bin_log}" 2>&1 & + if ${bin_path} check -D "${box_dir}/${bin_name}" -C "${box_dir}/${bin_name}" > "${box_run}/${bin_name}.log" 2>&1; then + nohup busybox setuidgid "${box_user_group}" taskset "${mask_cpuset}" "${bin_path}" run -D "${box_dir}/${bin_name}" -C "${box_dir}/${bin_name}" > "${bin_log}" 2>&1 & PID=$! echo -n $PID > "${box_pid}" sleep 1 @@ -334,7 +334,7 @@ box_run_bin() { clash) prepare_clash if ${bin_path} -t -d "${box_dir}/${bin_name}" -f "${clash_config}" > "${box_run}/${bin_name}.log" 2>&1; then - nohup busybox setuidgid "${box_user_group}" "${bin_path}" -d "${box_dir}/${bin_name}" -f "${clash_config}" > "${bin_log}" 2>&1 & + nohup busybox setuidgid "${box_user_group}" taskset "${mask_cpuset}" "${bin_path}" -d "${box_dir}/${bin_name}" -f "${clash_config}" > "${bin_log}" 2>&1 & PID=$! echo -n $PID > "${box_pid}" sleep 1 @@ -365,7 +365,7 @@ box_run_bin() { # run xray export XRAY_LOCATION_ASSET="${box_dir}/${bin_name}" if ${bin_path} -test -confdir "${box_dir}/${bin_name}" > "${box_run}/${bin_name}.log" 2>&1; then - nohup busybox setuidgid "${box_user_group}" "${bin_path}" run -confdir "${box_dir}/${bin_name}" > "${bin_log}" 2>&1 & + nohup busybox setuidgid "${box_user_group}" taskset "${mask_cpuset}" "${bin_path}" run -confdir "${box_dir}/${bin_name}" > "${bin_log}" 2>&1 & PID=$! echo -n $PID > "${box_pid}" sleep 1 @@ -395,7 +395,7 @@ box_run_bin() { # run v2ray export V2RAY_LOCATION_ASSET="${box_dir}/${bin_name}" if ${bin_path} test -d "${box_dir}/${bin_name}" > "${box_run}/${bin_name}.log" 2>&1; then - nohup busybox setuidgid "${box_user_group}" "${bin_path}" run -d "${box_dir}/${bin_name}" > "${bin_log}" 2>&1 & + nohup busybox setuidgid "${box_user_group}" taskset "${mask_cpuset}" "${bin_path}" run -d "${box_dir}/${bin_name}" > "${bin_log}" 2>&1 & PID=$! echo -n $PID > "${box_pid}" sleep 1 @@ -413,17 +413,25 @@ box_run_bin() { } box_cgroup() { - if [ "${cgroup_memory}" = "true" ]; then - if ${scripts_dir}/box.tool cgroup; then - log Info "cgroup limit: ${cgroup_memory_limit}." + set_cgroup_config() { + local cgroup_attr="$1" + local cgroup_value="$2" + + if [ "${cgroup_value}" = "true" ]; then + if ${scripts_dir}/box.tool "${cgroup_attr}"; then + true + else + log_warning "failed to enable ${cgroup_attr} for ${bin_name}." + log_warning "cgroups ${cgroup_attr} is turned off" + sed -i -E "/cgroup_${cgroup_attr}/ s/(true)/false/" "${settings}" + fi else - log Warning "failed to enable cgroup for ${bin_name}." - log Warning "cgroups is turned off" - sed -i -E "/cgroup_memory/ s/(true)/false/" "${settings}" + log_info "${bin_name} cgroup_${cgroup_attr}: ${cgroup_value}" fi - else - log Info "${bin_name} cgroup: disabled." - fi + } + set_cgroup_config "memcg" "${cgroup_memcg}" + set_cgroup_config "cpuset" "${cgroup_cpuset}" + set_cgroup_config "blkio" "${cgroup_blkio}" } # Function to display the usage of a binary @@ -459,11 +467,21 @@ box_bin_status() { # Get the CPU usage of the binary cpu=$(ps -p $PID -o %cpu | busybox awk 'NR==2{print $1}' 2> /dev/null) + + cpus_allowed=$(grep Cpus_allowed_list /proc/$PID/status | busybox awk '{ print $2" "$3 }') + cpuset=$(ps -p $PID -o cpu | busybox awk 'NR==2{print $1}' 2> /dev/null) + if [ -n "${cpu}" ]; then log Info "${bin_name} CPU usage: ${cpu}%" else log Info "${bin_name} CPU usage: not available" fi + if [ -n "${cpuset}" ]; then + log Info "${bin_name} list of allowed CPUs : ${cpus_allowed}" + log Info "${bin_name} Which CPU running on : ${cpuset}" + else + log Info "${bin_name} Which CPU running on : not available" + fi # Check battery temperature temperature_celsius=$(($(cat /sys/class/power_supply/battery/temp) / 10)) @@ -563,7 +581,12 @@ start_box() { box_run_bin box_cgroup # $bin_name detected port - if [ "${port_detect}" = "true" ]; then "${scripts_dir}/box.tool" port; else log Info "${bin_name} skipped port detection."; fi + if [ "${port_detect}" = "true" ]; then + ${scripts_dir}/box.tool port + else + log Info "${bin_name} skipped port detection." + fi + count=0 while [ $count -le 10 ]; do sleep 0.17 @@ -597,14 +620,15 @@ stop_box() { if [ -f "${box_pid}" ]; then rm -f "${box_pid}" fi - log Warning "${bin_name} service is stopped." + log Warning "${bin_name} shutting down, service is stopped." log Warning "${bin_name} disconnected." [ -t 1 ] && echo -e "${white}--------------------------------------------${normal}" else log Warning "${bin_name} Not stopped; may still be shutting down or failed to shut down." force_stop fi - sed -Ei "s/^description=(\[.*][[:space:]]*)?/description=[ ⏲ $current_time | ✘ $bin_name service is stopped !!! ] /g" "$PROPFILE" + + sed -Ei "s/^description=(\[.*][[:space:]]*)?/description=[ ⏲ $current_time | ✘ $bin_name shutting down, service is stopped !!! ] /g" "$PROPFILE" } stop_cron() { @@ -666,7 +690,7 @@ case "$1" in esac box_bin_status else - log Warning "${bin_name} service is stopped." + log Warning "${bin_name} shutting down, service is stopped." fi ;; cron) diff --git a/box/scripts/box.tool b/box/scripts/box.tool index 8f23aba0..8b295bd6 100755 --- a/box/scripts/box.tool +++ b/box/scripts/box.tool @@ -174,18 +174,14 @@ upcurl() { [ -f "${bin_dir}/curl" ] && cp "${bin_dir}/curl" "${bin_dir}/backup/curl.bak" >/dev/null 2>&1 local latest_version=$(busybox wget --no-check-certificate -qO- "https://api.github.com/repos/stunnel/static-curl/releases" | grep "tag_name" | grep -o "[0-9.]*" | head -1) - [ -z "${latest_version}" ] && latest_version="8.3.0" + [ -z "${latest_version}" ] && latest_version="8.4.0" - local file_name="curl-static-${arch}-${latest_version}.tar.xz" - local download_link="https://github.com/stunnel/static-curl/releases/download/${latest_version}/${file_name}" + local download_link="https://github.com/stunnel/static-curl/releases/download/${latest_version}/curl-static-${arch}-${latest_version}.tar.xz" log Debug "Download ${download_link}" upfile "${bin_dir}/curl.tar.xz" "${download_link}" - local tar_command="tar" - ! command -v tar &>/dev/null && tar_command="busybox tar" - - if ! ${tar_command} -xf "${bin_dir}/curl.tar.xz" -C "${bin_dir}" >&2; then + if ! busybox tar -xJf "${bin_dir}/curl.tar.xz" -C "${bin_dir}" >&2; then log Error "Failed to extract ${bin_dir}/curl.tar.xz" >&2 cp "${bin_dir}/backup/curl.bak" "${bin_dir}/curl" >/dev/null 2>&1 && log Info "Restored curl" || return 1 fi @@ -348,9 +344,9 @@ upkernel() { file_kernel="${bin_name}-${arch}" case "${bin_name}" in "sing-box") - # set download link and get the latest version api_url="https://api.github.com/repos/SagerNet/sing-box/releases" url_down="https://github.com/SagerNet/sing-box/releases" + latest_version=$(busybox wget --no-check-certificate -qO- "${api_url}" | grep "tag_name" | grep -o "v[0-9].*" | head -1 | cut -d'"' -f1) download_link="${url_down}/download/${latest_version}/sing-box-${latest_version#v}-${platform}-${arch}.tar.gz" log Debug "download ${download_link}" @@ -361,6 +357,7 @@ upkernel() { if [ "${clash_option}" = "meta" ]; then # set download link download_link="https://github.com/MetaCubeX/Clash.Meta/releases" + if [ "${clash_meta_stable}" = "enable" ]; then latest_version=$(wget --no-check-certificate -qO- "https://api.github.com/repos/MetaCubeX/Clash.Meta/releases" | grep "tag_name" | grep -o "v[0-9.]*" | head -1) tag="$latest_version" @@ -387,6 +384,7 @@ upkernel() { api_url="https://api.github.com/repos/$(if [ "${bin_name}" = "xray" ]; then echo "XTLS/Xray-core/releases"; else echo "v2fly/v2ray-core/releases"; fi)" # set download link and get the latest version latest_version=$(busybox wget --no-check-certificate -qO- ${api_url} | grep "tag_name" | grep -o "v[0-9.]*" | head -1) + case $(uname -m) in "i386") download_file="$bin-linux-32.zip" ;; "x86_64") download_file="$bin-linux-64.zip" ;; @@ -433,7 +431,6 @@ xkernel() { if ! command -v tar >/dev/null 2>&1; then tar_command="busybox tar" fi - if ${tar_command} -xf "${box_dir}/${file_kernel}.tar.gz" -C "${bin_dir}" >&2; then mv "${bin_dir}/sing-box-${latest_version#v}-${platform}-${arch}/sing-box" "${bin_dir}/${bin_name}" if [ -f "${box_pid}" ]; then @@ -445,7 +442,6 @@ xkernel() { else log Error "Failed to extract ${box_dir}/${file_kernel}.tar.gz." fi - [ -d "${bin_dir}/sing-box-${latest_version#v}-${platform}-${arch}" ] && \ rm -r "${bin_dir}/sing-box-${latest_version#v}-${platform}-${arch}" ;; @@ -541,7 +537,7 @@ port_detection() { # write ports while read -r port; do sleep 0.5 - [ -t 1 ] && (echo -n "${red}${port}|$normal") || (echo -n "${port}|" | tee -a "${box_log}" >> /dev/null 2>&1) + [ -t 1 ] && (echo -n "${red}${port} $normal") || (echo -n "${port} " | tee -a "${box_log}" >> /dev/null 2>&1) done <<< "${ports}" # Add a newline to the output if running in terminal [ -t 1 ] && echo -e "\033[1;31m""\033[0m" || echo "" >> "${box_log}" 2>&1 @@ -554,23 +550,55 @@ port_detection() { fi } -# Function to limit cgroup memory -cgroup_limit() { - # Check if the cgroup memory limit has been set. - if [ -z "${cgroup_memory_limit}" ]; then - log Warning "cgroup_memory_limit is not set" +# Function to limit cgroup memcg +cgroup_blkio() { + # Check if the cgroup blkio path is set and exists. + if [ -z "${blkio_path}" ]; then + local blkio_path=$(mount | grep cgroup | busybox awk '/blkio/{print $3}' | head -1) + if [ -z "${blkio_path}" ]; then + log Warning "blkio_path: is not set and could not be found" + return 1 + fi + else + log Warning "leave the blkio_path: field empty to obtain the path." + return 1 + fi + + # Check if box_pid is set and exists. + if [ ! -f "${box_pid}" ]; then + log Warning "${box_pid} does not exist" return 1 fi - # Check if the cgroup memory path is set and exists. - if [ -z "${cgroup_memory_path}" ]; then - local cgroup_memory_path=$(mount | grep cgroup | busybox awk '/memory/{print $3}' | head -1) - if [ -z "${cgroup_memory_path}" ]; then - log Warning "cgroup_memory_path is not set and could not be found" + local PID=$(<"${box_pid}" 2>/dev/null) + if [ -d "${blkio_path}/background" ]; then + if [ ! -z "$PID" ]; then + # log Info "${bin_name} blkio: background" + echo "$PID" >> "${blkio_path}/background/cgroup.procs" \ + && log Info "add $PID to ${blkio_path}/background/cgroup.procs" + fi + else + return 1 + fi + return 0 +} + +cgroup_memcg() { + # Check if the cgroup memcg limit has been set. + if [ -z "${memcg_limit}" ]; then + log Warning "memcg_limit: is not set" + return 1 + fi + + # Check if the cgroup memcg path is set and exists. + if [ -z "${memcg_path}" ]; then + local memcg_path=$(mount | grep cgroup | busybox awk '/memory/{print $3}' | head -1) + if [ -z "${memcg_path}" ]; then + log Warning "memcg_path: is not set and could not be found" return 1 fi else - log Warning "Leave the 'cgroup_memory_path' field empty to obtain the path." + log Warning "leave the memcg_path: field empty to obtain the path." return 1 fi @@ -583,15 +611,48 @@ cgroup_limit() { # Create cgroup directory and move process to cgroup. bin_name=${bin_name} # local bin_name=$(basename "$0") - mkdir -p "${cgroup_memory_path}/${bin_name}" + mkdir -p "${memcg_path}/${bin_name}" local PID=$(<"${box_pid}" 2>/dev/null) if [ ! -z "$PID" ]; then - echo "$PID" > "${cgroup_memory_path}/${bin_name}/cgroup.procs" \ - && log Info "Moved process $PID to ${cgroup_memory_path}/${bin_name}/cgroup.procs" - # Set memory limit for cgroups. - echo "${cgroup_memory_limit}" > "${cgroup_memory_path}/${bin_name}/memory.limit_in_bytes" \ - && log Info "Set memory limit to ${cgroup_memory_limit} for ${cgroup_memory_path}/${bin_name}/memory.limit_in_bytes" + # Set memcg limit for cgroups. + echo "${memcg_limit}" > "${memcg_path}/${bin_name}/memory.limit_in_bytes" \ + && log Info "${bin_name} memcg limit: ${memcg_limit}" + + echo "$PID" > "${memcg_path}/${bin_name}/cgroup.procs" \ + && log Info "add $PID to ${memcg_path}/${bin_name}/cgroup.procs" + else + return 1 + fi + return 0 +} + +cgroup_cpuset() { + # Check if the cgroup cpuset path is set and exists. + if [ -z "${cpuset_path}" ]; then + cpuset_path=$(mount | grep cgroup | busybox awk '/cpuset/{print $3}' | head -1) + if [ -z "${cpuset_path}" ]; then + log Warning "cpuset_path: is not set and could not be found" + return 1 + fi + else + log Warning "leave the cpuset_path: field empty to obtain the path." + return 1 + fi + + # Check if box_pid is set and exists. + if [ ! -f "${box_pid}" ]; then + log Warning "${box_pid} does not exist" + return 1 + fi + + local PID=$(<"${box_pid}" 2>/dev/null) + if [ -d "${cpuset_path}/top-app" ]; then + if [ ! -z "$PID" ]; then + # log Info "${bin_name} cpuset: $(cat ${cpuset_path}/top-app/cpus)" + echo "$PID" >> "${cpuset_path}/top-app/cgroup.procs" \ + && log Info "add $PID to ${cpuset_path}/top-app/cgroup.procs" + fi else return 1 fi @@ -602,8 +663,22 @@ case "$1" in check) check ;; - cgroup) - cgroup_limit + memcg|cpuset|blkio) + # leave it blank by default, it will fill in auto, + case "$1" in + memcg) + memcg_path="" + cgroup_memcg + ;; + cpuset) + cpuset_path="" + cgroup_cpuset + ;; + blkio) + blkio_path="" + cgroup_blkio + ;; + esac ;; geosub) upsubs @@ -659,6 +734,6 @@ case "$1" in ;; *) echo "${red}$0 $1 no found${normal}" - echo "${yellow}usage${normal}: ${green}$0${normal} {${yellow}check|cgroup|geosub|geox|subs|upkernel|upyacd|upyq|upcurl|port|reload|all${normal}}" + echo "${yellow}usage${normal}: ${green}$0${normal} {${yellow}check|memcg|cpuset|blkio|geosub|geox|subs|upkernel|upyacd|upyq|upcurl|port|reload|all${normal}}" ;; esac \ No newline at end of file diff --git a/box/settings.ini b/box/settings.ini index 427982bb..8902db6f 100755 --- a/box/settings.ini +++ b/box/settings.ini @@ -46,14 +46,21 @@ packages_list=() gid_list=() # Display AP info by typing "ifconfig" in terminal -ap_list=( "ap+" "wlan+" "rndis+" ) +ap_list=( "ap+" "wlan+" "rndis+" "swlan+" ) # Ignore AP in the out list ignore_out_list=() # Set cgroup to limit memory usage -cgroup_memory="false" -cgroup_memory_limit="20M" -cgroup_memory_path="" +cgroup_memcg="false" +memcg_limit="25M" + +# Set cgroup to cpuset usage +cgroup_cpuset="false" +# 0f=0-3 / f0=4-7 / ff=0-7, recommended default: ff +mask_cpuset="ff" + +# Set cgroup to blkio usage +cgroup_blkio="false" # Set box directory variables box_dir="/data/adb/box" @@ -131,7 +138,7 @@ log() { # "cmd: Failure calling service activity: Failed transaction" if run through Magisk/KernelSu Manager, # this is normal if run in terminal/termux open_dashboard_on_start="false" -ip_port=$(if [ "${bin_name}" = "clash" ]; then busybox awk '/external-controller:/ {print $2}' "${clash_config}"; else find /data/adb/box/sing-box/ -type f -name "*.json" -exec busybox awk -F':' '/experimental/,/\}/' {} \; | sed -n 's/.*"external_controller": "\(.*\)",/\1/p'; fi;) +ip_port=$(if [ "${bin_name}" = "clash" ]; then busybox awk '/external-controller:/ {print $2}' "${clash_config}"; else find /data/adb/box/sing-box/ -maxdepth 1 -type f -name "*.json" -exec busybox awk -F':' '/experimental/,/\}/' {} \; | sed -n 's/.*"external_controller": "\(.*\)",/\1/p'; fi;) secret="" open_dashboard() { if [[ "${bin_name}" == @(clash|sing-box) ]]; then diff --git a/box/sing-box/README.md b/box/sing-box/README.md new file mode 100644 index 00000000..c04b6187 --- /dev/null +++ b/box/sing-box/README.md @@ -0,0 +1,10 @@ + +######################## +# example configuration and wiki # +######################## + +# http://sing-box.sagernet.org/configuration/ +# https://gist.github.com/CHIZI-0618/fc3495cd15b3ab3d53c77872ebece8ae +# https://gist.github.com/CHIZI-0618/fc3495cd15b3ab3d53c77872ebece8ae +# https://github.com/yaotthaha/sing-box-pub/tree/dev-yaott#ruleprovider-支持 +# https://gist.github.com/CHIZI-0618/fc3495cd15b3ab3d53c77872ebece8ae \ No newline at end of file diff --git a/box/sing-box/config.json b/box/sing-box/config.json index e0636ce6..76995f47 100755 --- a/box/sing-box/config.json +++ b/box/sing-box/config.json @@ -1,98 +1,127 @@ { - "log": { - "disabled": false, - "timestamp": false, - "level": "panic" - }, - "dns": { - "servers": [ - { - "tag": "sing", - "address": "8.8.8.8", - "detour": "PROXY" - }, - { - "tag": "rcode", - "address": "rcode://success" - } - ], - "rules": [ - { - "outbound": "any", - "domain_suffix": [ - "googlesyndication.com" - ], - "domain": [ - "github.com" - ], - "server": "sing" - }, - { - "geosite": "category-ads-all", - "server": "rcode" - } - ] - }, - "inbounds": [ - { - "type": "tproxy", - "tag": "tproxy-in", - "listen": "::", - "listen_port": 9898, - "sniff": true, - "sniff_override_destination": true - } + "log": { + "disabled": false, + "level": "panic", + "output": "/data/adb/box/run/sing-box.log", + "timestamp": true + }, + "dns": { + "servers": [ + { + "tag": "AdGuard", + "address": "94.140.14.14" + }, + { + "tag": "local", + "address": "", + "detour": "direct" + }, + { + "tag": "rcode", + "address": "rcode://success" + } ], - "outbounds": [ - { - "outbounds": [ - "direct" - ], - "tag": "PROXY", - "type": "selector" - }, - { - "tag": "direct", - "type": "direct" - }, - { - "tag": "block", - "type": "block" - }, - { - "tag": "dns-out", - "type": "dns" - } - ], - "route": { - "final": "PROXY", + "rules": [ + { + "outbound": "any", + "server": "local", + "disable_cache": true + }, + { + "type": "logical", + "mode": "and", "rules": [ - { - "port": 53, - "outbound": "dns-out" - }, - { - "domain_suffix": [ - "googlesyndication.com" - ], - "domain": [ - "github.com" - ], - "outbound": "PROXY" - }, - { - "geosite": "category-ads-all", - "outbound": "block" - } + { + "network": "udp", + "port": 443, + "geosite": "youtube" + } ], - "find_process": false, - "auto_detect_interface": true + "server": "rcode" + } + ], + "strategy": "prefer_ipv4" + }, + "inbounds": [ + { + "type": "tproxy", + "tag": "tproxy-in", + "listen": "::", + "listen_port": 9898, + "sniff": true, + "sniff_override_destination": false + } + ], + "outbounds": [ + { + "tag": "default", + "type": "selector", + "default": "", + "outbounds": [ + "direct", + "block" + ] + }, + { + "type": "dns", + "tag": "dns" }, - "experimental": { - "clash_api": { - "external_controller": "127.0.0.1:9090", - "external_ui": "./dashboard", - "store_selected": true - } + { + "type": "direct", + "tag": "direct" + }, + { + "type": "block", + "tag": "block" + } + ], + "route": { + "rules": [ + { + "port": 53, + "outbound": "dns" + }, + { + "domain_regex": [ + "^.*adtival.network$", + "^.*googlesyndication.com$" + ], + "outbound": "default" + }, + { + "ip_cidr": [ + "0.0.0.0/8", + "100.64.0.0/10", + "127.0.0.0/8", + "192.168.0.0/16", + "::/128", + "::1/128", + "fe80::/10" + ], + "skip_resolve": true, + "outbound": "block" + }, + { + "type": "logical", + "mode": "and", + "rules": [ + { + "network": "udp", + "port": 443, + "geosite": "youtube" + } + ], + "outbound": "block" + } + ], + "final": "default" + }, + "experimental": { + "clash_api": { + "external_controller": "127.0.0.1:9090", + "external_ui": "dashboard", + "cache_file": "cache.db", + "store_selected": true } + } } \ No newline at end of file diff --git a/box/sing-box/note.txt b/box/sing-box/note.txt deleted file mode 100644 index 568d913c..00000000 --- a/box/sing-box/note.txt +++ /dev/null @@ -1,7 +0,0 @@ - -######################## -# example configuration and wiki # -######################## - -# https://gist.github.com/CHIZI-0618/fc3495cd15b3ab3d53c77872ebece8ae -# http://sing-box.sagernet.org/configuration/ \ No newline at end of file