From 668d354771e92f20e8ed5d7684e3d578f4ba45a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Thu, 15 Sep 2022 12:20:38 +0800 Subject: [PATCH] Make gVisor optional --- .goreleaser.yaml | 1 + Dockerfile | 2 +- Makefile | 4 ++-- docs/configuration/inbound/tun.md | 14 +++++++------- docs/configuration/inbound/tun.zh.md | 20 ++++++++++---------- docs/configuration/outbound/wireguard.md | 8 +++++++- docs/configuration/outbound/wireguard.zh.md | 6 ++++++ docs/index.md | 2 +- docs/index.zh.md | 10 +++++----- go.mod | 4 ++-- go.sum | 8 ++++---- outbound/wireguard.go | 3 ++- release/local/debug.sh | 2 +- release/local/install.sh | 2 +- release/local/reinstall.sh | 2 +- transport/wireguard/device_stack.go | 2 +- transport/wireguard/device_stack_stub.go | 2 +- 17 files changed, 53 insertions(+), 39 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index b5778f03..66162a57 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -11,6 +11,7 @@ builds: ldflags: - -s -w -buildid= tags: + - with_gvisor - with_quic - with_wireguard - with_clash_api diff --git a/Dockerfile b/Dockerfile index f85c47f1..e93c43c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ENV CGO_ENABLED=0 RUN set -ex \ && apk add git build-base \ && export COMMIT=$(git rev-parse --short HEAD) \ - && go build -v -trimpath -tags 'no_gvisor,with_quic,with_wireguard,with_acme' \ + && go build -v -trimpath -tags with_quic,with_wireguard,with_acme \ -o /go/bin/sing-box \ -ldflags "-s -w -buildid=" \ ./cmd/sing-box diff --git a/Makefile b/Makefile index 3f4dd9fc..df5ee6e2 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ NAME = sing-box COMMIT = $(shell git rev-parse --short HEAD) -TAGS ?= with_quic,with_wireguard,with_clash_api +TAGS ?= with_gvisor,with_quic,with_wireguard,with_clash_api PARAMS = -v -trimpath -tags '$(TAGS)' -ldflags '-s -w -buildid=' MAIN = ./cmd/sing-box @@ -62,7 +62,7 @@ test: @go test -v . && \ cd test && \ go mod tidy && \ - go test -v -tags with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_shadowsocksr . + go test -v -tags with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_shadowsocksr . clean: rm -rf bin dist diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index 9d58922f..27afe10a 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -16,7 +16,7 @@ "auto_route": true, "strict_route": true, "endpoint_independent_nat": false, - "stack": "gvisor", + "stack": "system", "include_uid": [ 0 ], @@ -112,15 +112,15 @@ UDP NAT expiration time in seconds, default is 300 (5 minutes). TCP/IP stack. -| Stack | Description | Status | -|------------------|--------------------------------------------------------------------------------|-------------------| -| gVisor (default) | Based on [google/gvisor](https://github.com/google/gvisor) | recommended | - | system | Less compatibility and sometimes better performance. | recommended | -| LWIP | Based on [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived | +| Stack | Description | Status | +|------------------|----------------------------------------------------------------------------------|-------------------| +| system (default) | Sometimes better performance | recommended | +| gVisor | Better compatibility, based on [google/gvisor](https://github.com/google/gvisor) | recommended | +| LWIP | Based on [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived | !!! warning "" - The LWIP stack is not included by default, see [Installation](/#installation). + gVisor and LWIP stacks is not included by default, see [Installation](/#installation). #### include_uid diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index 80b4a7c4..fcac5635 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -16,7 +16,7 @@ "auto_route": true, "strict_route": true, "endpoint_independent_nat": false, - "stack": "gvisor", + "stack": "system", "include_uid": [ 0 ], @@ -107,15 +107,15 @@ UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 TCP/IP 栈。 -| 栈 | 描述 | 状态 | -|------------------|--------------------------------------------------------------------------|-------| -| gVisor (default) | 基于 [google/gvisor](https://github.com/google/gvisor) | 推荐 | -| system | 兼容性较差,有时性能更好。 | 推荐 | -| LWIP | 基于 [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 | +| 栈 | 描述 | 状态 | +|-------------|--------------------------------------------------------------------------|-------| +| system (默认) | 有时性能更好 | 推荐 | +| gVisor | 兼容性较好,基于 [google/gvisor](https://github.com/google/gvisor) | 推荐 | +| LWIP | 基于 [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 | !!! warning "" - 默认安装不包含 LWIP 栈,请参阅 [安装](/zh/#_2)。 + 默认安装不包含 gVisor 和 LWIP 栈,请参阅 [安装](/zh/#_2)。 #### include_uid @@ -145,10 +145,10 @@ TCP/IP 栈。 限制被路由的 Android 用户。 -| 常用用户 | ID | +| 常用用户 | ID | |--|-----| -| 您 | 0 | -| 工作资料 | 10 | +| 您 | 0 | +| 工作资料 | 10 | #### include_package diff --git a/docs/configuration/outbound/wireguard.md b/docs/configuration/outbound/wireguard.md index ca6abf58..bb9c6a36 100644 --- a/docs/configuration/outbound/wireguard.md +++ b/docs/configuration/outbound/wireguard.md @@ -26,6 +26,10 @@ WireGuard is not included by default, see [Installation](/#installation). +!!! warning "" + + gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation). + ### Fields #### server @@ -44,7 +48,9 @@ The server port. Use system tun support. -Requires privileges and cannot conflict with system interfaces. +Requires privilege and cannot conflict with system interfaces. + +Forced if gVisor not included in the build. #### interface_name diff --git a/docs/configuration/outbound/wireguard.zh.md b/docs/configuration/outbound/wireguard.zh.md index e7b0c627..a7a18d4e 100644 --- a/docs/configuration/outbound/wireguard.zh.md +++ b/docs/configuration/outbound/wireguard.zh.md @@ -26,6 +26,10 @@ 默认安装不包含 WireGuard, 参阅 [安装](/zh/#_2)。 +!!! warning "" + + 默认安装不包含被非特权 WireGuard 需要的 gVisor, 参阅 [安装](/zh/#_2)。 + ### 字段 #### server @@ -46,6 +50,8 @@ 需要特权且不能与系统接口冲突。 +如果 gVisor 未包含在构建中,则强制执行。 + #### interface_name 启用 `system_interface` 时的自定义设备名称。 diff --git a/docs/index.md b/docs/index.md index 4659212e..cdd425e7 100644 --- a/docs/index.md +++ b/docs/index.md @@ -32,7 +32,7 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat | `with_utls` | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](./configuration/shared/tls#utls). | | `with_acme` | Build with ACME TLS certificate issuer support, see [TLS](./configuration/shared/tls). | | `with_clash_api` | Build with Clash API support, see [Experimental](./configuration/experimental#clash-api-fields). | -| `no_gvisor` | Build without gVisor Tun stack support, see [Tun inbound](./configuration/inbound/tun#stack). | +| `with_gvisor` | Build with gVisor support, see [Tun inbound](./configuration/inbound/tun#stack) and [WireGuard outbound](./configuration/outbound/wireguard#system_interface). | | `with_embedded_tor` (CGO required) | Build with embedded Tor support, see [Tor outbound](./configuration/outbound/tor). | | `with_lwip` (CGO required) | Build with LWIP Tun stack support, see [Tun inbound](./configuration/inbound/tun#stack). | diff --git a/docs/index.zh.md b/docs/index.zh.md index 6e9b6f98..a54e4511 100644 --- a/docs/index.zh.md +++ b/docs/index.zh.md @@ -25,14 +25,14 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat | 构建标志 | 描述 | |------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `with_quic` | 启用 QUIC 支持,参阅 [QUIC 和 HTTP3 DNS 传输层](./configuration/dns/server),[Naive 入站](./configuration/inbound/naive),[Hysteria 入站](./configuration/inbound/hysteria),[Hysteria 出站](./configuration/outbound/hysteria) 和 [V2Ray 传输层#QUIC](./configuration/shared/v2ray-transport#quic)。 | -| `with_grpc` | 启用标准 gRPC 支持,参阅 [V2Ray 传输层#gRPC](./configuration/shared/v2ray-transport#grpc)。 | +| `with_grpc` | 启用标准 gRPCuTLS](https://github.com/refraction-networking/utls) 支持, 参阅 [TLS](./configuration/shared/tls#utls)。 | +| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](./configuration/shared/tls)。 | +| `with_clash_api` | 启用 Clash api 支 支持,参阅 [V2Ray 传输层#gRPC](./configuration/shared/v2ray-transport#grpc)。 | | `with_wireguard` | 启用 WireGuard 支持,参阅 [WireGuard 出站](./configuration/outbound/wireguard)。 | | `with_shadowsocksr` | 启用 ShadowsocksR 支持,参阅 [ShadowsocksR 出站](./configuration/outbound/shadowsocksr)。 | | `with_ech` | 启用 TLS ECH 扩展支持,参阅 [TLS](./configuration/shared/tls#ech)。 | -| `with_utls` | 启用 [uTLS](https://github.com/refraction-networking/utls) 支持, 参阅 [TLS](./configuration/shared/tls#utls)。 | -| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](./configuration/shared/tls)。 | -| `with_clash_api` | 启用 Clash api 支持,参阅 [实验性](./configuration/experimental#clash-api-fields)。 | -| `no_gvisor` | 禁用 gVisor Tun 栈支持,参阅 [Tun 入站](./configuration/inbound/tun#stack)。 | +| `with_utls` | 启用 [持,参阅 [实验性](./configuration/experimental#clash-api-fields)。 | +| `with_gvisor` | 启用 gVisor 支持,参阅 [Tun 入站](./configuration/inbound/tun#stack) 和 [WireGuard 出站](./configuration/outbound/wireguard#system_interface)。 | | `with_embedded_tor` (需要 CGO) | 启用 嵌入式 Tor 支持,参阅 [Tor 出站](./configuration/outbound/tor)。 | | `with_lwip` (需要 CGO) | 启用 LWIP Tun 栈支持,参阅 [Tun 入站](./configuration/inbound/tun#stack)。 | diff --git a/go.mod b/go.mod index c25d7fe9..60d36b70 100644 --- a/go.mod +++ b/go.mod @@ -23,10 +23,10 @@ require ( github.com/pires/go-proxyproto v0.6.2 github.com/refraction-networking/utls v1.1.2 github.com/sagernet/quic-go v0.0.0-20220818150011-de611ab3e2bb - github.com/sagernet/sing v0.0.0-20220914045234-93cc53b60cee + github.com/sagernet/sing v0.0.0-20220915031330-38f39bc0c690 github.com/sagernet/sing-dns v0.0.0-20220913115644-aebff1dfbba8 github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 - github.com/sagernet/sing-tun v0.0.0-20220914100102-057dd738a7f7 + github.com/sagernet/sing-tun v0.0.0-20220915032336-60b1da576469 github.com/sagernet/sing-vmess v0.0.0-20220913015714-c4ab86d40e12 github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195 github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e diff --git a/go.sum b/go.sum index 93e386ac..09eb6c41 100644 --- a/go.sum +++ b/go.sum @@ -145,14 +145,14 @@ github.com/sagernet/quic-go v0.0.0-20220818150011-de611ab3e2bb h1:wc0yQ+SBn4TaTY github.com/sagernet/quic-go v0.0.0-20220818150011-de611ab3e2bb/go.mod h1:MIccjRKnPTjWwAOpl+AUGWOkzyTd9tERytudxu+1ra4= github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= -github.com/sagernet/sing v0.0.0-20220914045234-93cc53b60cee h1:+3w7+QWnhWi3Qz7+Xcais8zViHRUPIkmxq3eYZm/zvk= -github.com/sagernet/sing v0.0.0-20220914045234-93cc53b60cee/go.mod h1:x3NHUeJBQwV75L51zwmLKQdLtRvR+M4PmXkfQtU1vIY= +github.com/sagernet/sing v0.0.0-20220915031330-38f39bc0c690 h1:pvaLdkDmsGN2K46vf8rorAhYGFvKPuQNzcofuy3aXXg= +github.com/sagernet/sing v0.0.0-20220915031330-38f39bc0c690/go.mod h1:x3NHUeJBQwV75L51zwmLKQdLtRvR+M4PmXkfQtU1vIY= github.com/sagernet/sing-dns v0.0.0-20220913115644-aebff1dfbba8 h1:Iyfl+Rm5jcDvXuy/jpOBI3eu35ujci50tkqYHHwwg+8= github.com/sagernet/sing-dns v0.0.0-20220913115644-aebff1dfbba8/go.mod h1:bPVnJ5gJ0WmUfN1bJP9Cis0ab8SSByx6JVzyLJjDMwA= github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 h1:JJfDeYYhWunvtxsU/mOVNTmFQmnzGx9dY034qG6G3g4= github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6/go.mod h1:EX3RbZvrwAkPI2nuGa78T2iQXmrkT+/VQtskjou42xM= -github.com/sagernet/sing-tun v0.0.0-20220914100102-057dd738a7f7 h1:zdvFDYMz8s0e9UmOxMk0wNGOKh64KfeWpx8UAbJJI60= -github.com/sagernet/sing-tun v0.0.0-20220914100102-057dd738a7f7/go.mod h1:5AhPUv9jWDQ3pv3Mj78SL/1TSjhoaj6WNASxRKLqXqM= +github.com/sagernet/sing-tun v0.0.0-20220915032336-60b1da576469 h1:tvGUJsOqxZ3ofAY9undQfQ+JCWvmIwLpIOC+XaBFO88= +github.com/sagernet/sing-tun v0.0.0-20220915032336-60b1da576469/go.mod h1:5AhPUv9jWDQ3pv3Mj78SL/1TSjhoaj6WNASxRKLqXqM= github.com/sagernet/sing-vmess v0.0.0-20220913015714-c4ab86d40e12 h1:4HYGbTDDemgBVTmaspXbkgjJlXc3hYVjNxSddJndq8Y= github.com/sagernet/sing-vmess v0.0.0-20220913015714-c4ab86d40e12/go.mod h1:u66Vv7NHXJWfeAmhh7JuJp/cwxmuQlM56QoZ7B7Mmd0= github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195 h1:5VBIbVw9q7aKbrFdT83mjkyvQ+VaRsQ6yflTepfln38= diff --git a/outbound/wireguard.go b/outbound/wireguard.go index be7d61f5..ef74f535 100644 --- a/outbound/wireguard.go +++ b/outbound/wireguard.go @@ -16,6 +16,7 @@ import ( "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" "github.com/sagernet/sing-box/transport/wireguard" + "github.com/sagernet/sing-tun" "github.com/sagernet/sing/common" "github.com/sagernet/sing/common/debug" E "github.com/sagernet/sing/common/exceptions" @@ -98,7 +99,7 @@ func NewWireGuard(ctx context.Context, router adapter.Router, logger log.Context } var wireTunDevice wireguard.Device var err error - if !options.SystemInterface { + if !options.SystemInterface && tun.WithGVisor { wireTunDevice, err = wireguard.NewStackDevice(localPrefixes, mtu) } else { wireTunDevice, err = wireguard.NewSystemDevice(router, options.InterfaceName, localPrefixes, mtu) diff --git a/release/local/debug.sh b/release/local/debug.sh index 664d7926..d6bd3057 100755 --- a/release/local/debug.sh +++ b/release/local/debug.sh @@ -13,7 +13,7 @@ pushd $PROJECT git fetch git reset FETCH_HEAD --hard git clean -fdx -go install -v -trimpath -ldflags "-s -w -buildid=" -tags no_gvisor,with_quic,with_acme,debug ./cmd/sing-box +go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_acme,debug ./cmd/sing-box popd sudo systemctl stop sing-box diff --git a/release/local/install.sh b/release/local/install.sh index bd3f7f0f..24e9d006 100755 --- a/release/local/install.sh +++ b/release/local/install.sh @@ -10,7 +10,7 @@ DIR=$(dirname "$0") PROJECT=$DIR/../.. pushd $PROJECT -go install -v -trimpath -ldflags "-s -w -buildid=" -tags no_gvisor,with_quic,with_wireguard,with_acme ./cmd/sing-box +go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_wireguard,with_acme ./cmd/sing-box popd sudo cp $(go env GOPATH)/bin/sing-box /usr/local/bin/ diff --git a/release/local/reinstall.sh b/release/local/reinstall.sh index a9ae7af4..4854dab0 100755 --- a/release/local/reinstall.sh +++ b/release/local/reinstall.sh @@ -10,7 +10,7 @@ DIR=$(dirname "$0") PROJECT=$DIR/../.. pushd $PROJECT -go install -v -trimpath -ldflags "-s -w -buildid=" -tags no_gvisor,with_quic,with_wireguard,with_acme ./cmd/sing-box +go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_wireguard,with_acme ./cmd/sing-box popd sudo systemctl stop sing-box diff --git a/transport/wireguard/device_stack.go b/transport/wireguard/device_stack.go index c7bd4519..e7b54e6a 100644 --- a/transport/wireguard/device_stack.go +++ b/transport/wireguard/device_stack.go @@ -1,4 +1,4 @@ -//go:build !no_gvisor +//go:build with_gvisor package wireguard diff --git a/transport/wireguard/device_stack_stub.go b/transport/wireguard/device_stack_stub.go index cc6d273c..b383ab38 100644 --- a/transport/wireguard/device_stack_stub.go +++ b/transport/wireguard/device_stack_stub.go @@ -1,4 +1,4 @@ -//go:build no_gvisor +//go:build !with_gvisor package wireguard