mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-22 00:21:30 +00:00
Make gVisor optional
This commit is contained in:
parent
ad14719b14
commit
668d354771
|
@ -11,6 +11,7 @@ builds:
|
|||
ldflags:
|
||||
- -s -w -buildid=
|
||||
tags:
|
||||
- with_gvisor
|
||||
- with_quic
|
||||
- with_wireguard
|
||||
- with_clash_api
|
||||
|
|
|
@ -8,7 +8,7 @@ ENV CGO_ENABLED=0
|
|||
RUN set -ex \
|
||||
&& apk add git build-base \
|
||||
&& export COMMIT=$(git rev-parse --short HEAD) \
|
||||
&& go build -v -trimpath -tags 'no_gvisor,with_quic,with_wireguard,with_acme' \
|
||||
&& go build -v -trimpath -tags with_quic,with_wireguard,with_acme \
|
||||
-o /go/bin/sing-box \
|
||||
-ldflags "-s -w -buildid=" \
|
||||
./cmd/sing-box
|
||||
|
|
4
Makefile
4
Makefile
|
@ -1,6 +1,6 @@
|
|||
NAME = sing-box
|
||||
COMMIT = $(shell git rev-parse --short HEAD)
|
||||
TAGS ?= with_quic,with_wireguard,with_clash_api
|
||||
TAGS ?= with_gvisor,with_quic,with_wireguard,with_clash_api
|
||||
PARAMS = -v -trimpath -tags '$(TAGS)' -ldflags '-s -w -buildid='
|
||||
MAIN = ./cmd/sing-box
|
||||
|
||||
|
@ -62,7 +62,7 @@ test:
|
|||
@go test -v . && \
|
||||
cd test && \
|
||||
go mod tidy && \
|
||||
go test -v -tags with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_shadowsocksr .
|
||||
go test -v -tags with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_shadowsocksr .
|
||||
|
||||
clean:
|
||||
rm -rf bin dist
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
"auto_route": true,
|
||||
"strict_route": true,
|
||||
"endpoint_independent_nat": false,
|
||||
"stack": "gvisor",
|
||||
"stack": "system",
|
||||
"include_uid": [
|
||||
0
|
||||
],
|
||||
|
@ -112,15 +112,15 @@ UDP NAT expiration time in seconds, default is 300 (5 minutes).
|
|||
|
||||
TCP/IP stack.
|
||||
|
||||
| Stack | Description | Status |
|
||||
|------------------|--------------------------------------------------------------------------------|-------------------|
|
||||
| gVisor (default) | Based on [google/gvisor](https://github.com/google/gvisor) | recommended |
|
||||
| system | Less compatibility and sometimes better performance. | recommended |
|
||||
| LWIP | Based on [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived |
|
||||
| Stack | Description | Status |
|
||||
|------------------|----------------------------------------------------------------------------------|-------------------|
|
||||
| system (default) | Sometimes better performance | recommended |
|
||||
| gVisor | Better compatibility, based on [google/gvisor](https://github.com/google/gvisor) | recommended |
|
||||
| LWIP | Based on [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived |
|
||||
|
||||
!!! warning ""
|
||||
|
||||
The LWIP stack is not included by default, see [Installation](/#installation).
|
||||
gVisor and LWIP stacks is not included by default, see [Installation](/#installation).
|
||||
|
||||
#### include_uid
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
"auto_route": true,
|
||||
"strict_route": true,
|
||||
"endpoint_independent_nat": false,
|
||||
"stack": "gvisor",
|
||||
"stack": "system",
|
||||
"include_uid": [
|
||||
0
|
||||
],
|
||||
|
@ -107,15 +107,15 @@ UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。
|
|||
|
||||
TCP/IP 栈。
|
||||
|
||||
| 栈 | 描述 | 状态 |
|
||||
|------------------|--------------------------------------------------------------------------|-------|
|
||||
| gVisor (default) | 基于 [google/gvisor](https://github.com/google/gvisor) | 推荐 |
|
||||
| system | 兼容性较差,有时性能更好。 | 推荐 |
|
||||
| LWIP | 基于 [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 |
|
||||
| 栈 | 描述 | 状态 |
|
||||
|-------------|--------------------------------------------------------------------------|-------|
|
||||
| system (默认) | 有时性能更好 | 推荐 |
|
||||
| gVisor | 兼容性较好,基于 [google/gvisor](https://github.com/google/gvisor) | 推荐 |
|
||||
| LWIP | 基于 [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 |
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包含 LWIP 栈,请参阅 [安装](/zh/#_2)。
|
||||
默认安装不包含 gVisor 和 LWIP 栈,请参阅 [安装](/zh/#_2)。
|
||||
|
||||
#### include_uid
|
||||
|
||||
|
@ -145,10 +145,10 @@ TCP/IP 栈。
|
|||
|
||||
限制被路由的 Android 用户。
|
||||
|
||||
| 常用用户 | ID |
|
||||
| 常用用户 | ID |
|
||||
|--|-----|
|
||||
| 您 | 0 |
|
||||
| 工作资料 | 10 |
|
||||
| 您 | 0 |
|
||||
| 工作资料 | 10 |
|
||||
|
||||
#### include_package
|
||||
|
||||
|
|
|
@ -26,6 +26,10 @@
|
|||
|
||||
WireGuard is not included by default, see [Installation](/#installation).
|
||||
|
||||
!!! warning ""
|
||||
|
||||
gVisor, which is required by the unprivileged WireGuard is not included by default, see [Installation](/#installation).
|
||||
|
||||
### Fields
|
||||
|
||||
#### server
|
||||
|
@ -44,7 +48,9 @@ The server port.
|
|||
|
||||
Use system tun support.
|
||||
|
||||
Requires privileges and cannot conflict with system interfaces.
|
||||
Requires privilege and cannot conflict with system interfaces.
|
||||
|
||||
Forced if gVisor not included in the build.
|
||||
|
||||
#### interface_name
|
||||
|
||||
|
|
|
@ -26,6 +26,10 @@
|
|||
|
||||
默认安装不包含 WireGuard, 参阅 [安装](/zh/#_2)。
|
||||
|
||||
!!! warning ""
|
||||
|
||||
默认安装不包含被非特权 WireGuard 需要的 gVisor, 参阅 [安装](/zh/#_2)。
|
||||
|
||||
### 字段
|
||||
|
||||
#### server
|
||||
|
@ -46,6 +50,8 @@
|
|||
|
||||
需要特权且不能与系统接口冲突。
|
||||
|
||||
如果 gVisor 未包含在构建中,则强制执行。
|
||||
|
||||
#### interface_name
|
||||
|
||||
启用 `system_interface` 时的自定义设备名称。
|
||||
|
|
|
@ -32,7 +32,7 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat
|
|||
| `with_utls` | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](./configuration/shared/tls#utls). |
|
||||
| `with_acme` | Build with ACME TLS certificate issuer support, see [TLS](./configuration/shared/tls). |
|
||||
| `with_clash_api` | Build with Clash API support, see [Experimental](./configuration/experimental#clash-api-fields). |
|
||||
| `no_gvisor` | Build without gVisor Tun stack support, see [Tun inbound](./configuration/inbound/tun#stack). |
|
||||
| `with_gvisor` | Build with gVisor support, see [Tun inbound](./configuration/inbound/tun#stack) and [WireGuard outbound](./configuration/outbound/wireguard#system_interface). |
|
||||
| `with_embedded_tor` (CGO required) | Build with embedded Tor support, see [Tor outbound](./configuration/outbound/tor). |
|
||||
| `with_lwip` (CGO required) | Build with LWIP Tun stack support, see [Tun inbound](./configuration/inbound/tun#stack). |
|
||||
|
||||
|
|
|
@ -25,14 +25,14 @@ go install -v -tags with_clash_api github.com/sagernet/sing-box/cmd/sing-box@lat
|
|||
| 构建标志 | 描述 |
|
||||
|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `with_quic` | 启用 QUIC 支持,参阅 [QUIC 和 HTTP3 DNS 传输层](./configuration/dns/server),[Naive 入站](./configuration/inbound/naive),[Hysteria 入站](./configuration/inbound/hysteria),[Hysteria 出站](./configuration/outbound/hysteria) 和 [V2Ray 传输层#QUIC](./configuration/shared/v2ray-transport#quic)。 |
|
||||
| `with_grpc` | 启用标准 gRPC 支持,参阅 [V2Ray 传输层#gRPC](./configuration/shared/v2ray-transport#grpc)。 |
|
||||
| `with_grpc` | 启用标准 gRPCuTLS](https://github.com/refraction-networking/utls) 支持, 参阅 [TLS](./configuration/shared/tls#utls)。 |
|
||||
| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](./configuration/shared/tls)。 |
|
||||
| `with_clash_api` | 启用 Clash api 支 支持,参阅 [V2Ray 传输层#gRPC](./configuration/shared/v2ray-transport#grpc)。 |
|
||||
| `with_wireguard` | 启用 WireGuard 支持,参阅 [WireGuard 出站](./configuration/outbound/wireguard)。 |
|
||||
| `with_shadowsocksr` | 启用 ShadowsocksR 支持,参阅 [ShadowsocksR 出站](./configuration/outbound/shadowsocksr)。 |
|
||||
| `with_ech` | 启用 TLS ECH 扩展支持,参阅 [TLS](./configuration/shared/tls#ech)。 |
|
||||
| `with_utls` | 启用 [uTLS](https://github.com/refraction-networking/utls) 支持, 参阅 [TLS](./configuration/shared/tls#utls)。 |
|
||||
| `with_acme` | 启用 ACME TLS 证书签发支持,参阅 [TLS](./configuration/shared/tls)。 |
|
||||
| `with_clash_api` | 启用 Clash api 支持,参阅 [实验性](./configuration/experimental#clash-api-fields)。 |
|
||||
| `no_gvisor` | 禁用 gVisor Tun 栈支持,参阅 [Tun 入站](./configuration/inbound/tun#stack)。 |
|
||||
| `with_utls` | 启用 [持,参阅 [实验性](./configuration/experimental#clash-api-fields)。 |
|
||||
| `with_gvisor` | 启用 gVisor 支持,参阅 [Tun 入站](./configuration/inbound/tun#stack) 和 [WireGuard 出站](./configuration/outbound/wireguard#system_interface)。 |
|
||||
| `with_embedded_tor` (需要 CGO) | 启用 嵌入式 Tor 支持,参阅 [Tor 出站](./configuration/outbound/tor)。 |
|
||||
| `with_lwip` (需要 CGO) | 启用 LWIP Tun 栈支持,参阅 [Tun 入站](./configuration/inbound/tun#stack)。 |
|
||||
|
||||
|
|
4
go.mod
4
go.mod
|
@ -23,10 +23,10 @@ require (
|
|||
github.com/pires/go-proxyproto v0.6.2
|
||||
github.com/refraction-networking/utls v1.1.2
|
||||
github.com/sagernet/quic-go v0.0.0-20220818150011-de611ab3e2bb
|
||||
github.com/sagernet/sing v0.0.0-20220914045234-93cc53b60cee
|
||||
github.com/sagernet/sing v0.0.0-20220915031330-38f39bc0c690
|
||||
github.com/sagernet/sing-dns v0.0.0-20220913115644-aebff1dfbba8
|
||||
github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6
|
||||
github.com/sagernet/sing-tun v0.0.0-20220914100102-057dd738a7f7
|
||||
github.com/sagernet/sing-tun v0.0.0-20220915032336-60b1da576469
|
||||
github.com/sagernet/sing-vmess v0.0.0-20220913015714-c4ab86d40e12
|
||||
github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195
|
||||
github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e
|
||||
|
|
8
go.sum
8
go.sum
|
@ -145,14 +145,14 @@ github.com/sagernet/quic-go v0.0.0-20220818150011-de611ab3e2bb h1:wc0yQ+SBn4TaTY
|
|||
github.com/sagernet/quic-go v0.0.0-20220818150011-de611ab3e2bb/go.mod h1:MIccjRKnPTjWwAOpl+AUGWOkzyTd9tERytudxu+1ra4=
|
||||
github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
|
||||
github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
|
||||
github.com/sagernet/sing v0.0.0-20220914045234-93cc53b60cee h1:+3w7+QWnhWi3Qz7+Xcais8zViHRUPIkmxq3eYZm/zvk=
|
||||
github.com/sagernet/sing v0.0.0-20220914045234-93cc53b60cee/go.mod h1:x3NHUeJBQwV75L51zwmLKQdLtRvR+M4PmXkfQtU1vIY=
|
||||
github.com/sagernet/sing v0.0.0-20220915031330-38f39bc0c690 h1:pvaLdkDmsGN2K46vf8rorAhYGFvKPuQNzcofuy3aXXg=
|
||||
github.com/sagernet/sing v0.0.0-20220915031330-38f39bc0c690/go.mod h1:x3NHUeJBQwV75L51zwmLKQdLtRvR+M4PmXkfQtU1vIY=
|
||||
github.com/sagernet/sing-dns v0.0.0-20220913115644-aebff1dfbba8 h1:Iyfl+Rm5jcDvXuy/jpOBI3eu35ujci50tkqYHHwwg+8=
|
||||
github.com/sagernet/sing-dns v0.0.0-20220913115644-aebff1dfbba8/go.mod h1:bPVnJ5gJ0WmUfN1bJP9Cis0ab8SSByx6JVzyLJjDMwA=
|
||||
github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 h1:JJfDeYYhWunvtxsU/mOVNTmFQmnzGx9dY034qG6G3g4=
|
||||
github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6/go.mod h1:EX3RbZvrwAkPI2nuGa78T2iQXmrkT+/VQtskjou42xM=
|
||||
github.com/sagernet/sing-tun v0.0.0-20220914100102-057dd738a7f7 h1:zdvFDYMz8s0e9UmOxMk0wNGOKh64KfeWpx8UAbJJI60=
|
||||
github.com/sagernet/sing-tun v0.0.0-20220914100102-057dd738a7f7/go.mod h1:5AhPUv9jWDQ3pv3Mj78SL/1TSjhoaj6WNASxRKLqXqM=
|
||||
github.com/sagernet/sing-tun v0.0.0-20220915032336-60b1da576469 h1:tvGUJsOqxZ3ofAY9undQfQ+JCWvmIwLpIOC+XaBFO88=
|
||||
github.com/sagernet/sing-tun v0.0.0-20220915032336-60b1da576469/go.mod h1:5AhPUv9jWDQ3pv3Mj78SL/1TSjhoaj6WNASxRKLqXqM=
|
||||
github.com/sagernet/sing-vmess v0.0.0-20220913015714-c4ab86d40e12 h1:4HYGbTDDemgBVTmaspXbkgjJlXc3hYVjNxSddJndq8Y=
|
||||
github.com/sagernet/sing-vmess v0.0.0-20220913015714-c4ab86d40e12/go.mod h1:u66Vv7NHXJWfeAmhh7JuJp/cwxmuQlM56QoZ7B7Mmd0=
|
||||
github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195 h1:5VBIbVw9q7aKbrFdT83mjkyvQ+VaRsQ6yflTepfln38=
|
||||
|
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/sagernet/sing-box/log"
|
||||
"github.com/sagernet/sing-box/option"
|
||||
"github.com/sagernet/sing-box/transport/wireguard"
|
||||
"github.com/sagernet/sing-tun"
|
||||
"github.com/sagernet/sing/common"
|
||||
"github.com/sagernet/sing/common/debug"
|
||||
E "github.com/sagernet/sing/common/exceptions"
|
||||
|
@ -98,7 +99,7 @@ func NewWireGuard(ctx context.Context, router adapter.Router, logger log.Context
|
|||
}
|
||||
var wireTunDevice wireguard.Device
|
||||
var err error
|
||||
if !options.SystemInterface {
|
||||
if !options.SystemInterface && tun.WithGVisor {
|
||||
wireTunDevice, err = wireguard.NewStackDevice(localPrefixes, mtu)
|
||||
} else {
|
||||
wireTunDevice, err = wireguard.NewSystemDevice(router, options.InterfaceName, localPrefixes, mtu)
|
||||
|
|
|
@ -13,7 +13,7 @@ pushd $PROJECT
|
|||
git fetch
|
||||
git reset FETCH_HEAD --hard
|
||||
git clean -fdx
|
||||
go install -v -trimpath -ldflags "-s -w -buildid=" -tags no_gvisor,with_quic,with_acme,debug ./cmd/sing-box
|
||||
go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_acme,debug ./cmd/sing-box
|
||||
popd
|
||||
|
||||
sudo systemctl stop sing-box
|
||||
|
|
|
@ -10,7 +10,7 @@ DIR=$(dirname "$0")
|
|||
PROJECT=$DIR/../..
|
||||
|
||||
pushd $PROJECT
|
||||
go install -v -trimpath -ldflags "-s -w -buildid=" -tags no_gvisor,with_quic,with_wireguard,with_acme ./cmd/sing-box
|
||||
go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_wireguard,with_acme ./cmd/sing-box
|
||||
popd
|
||||
|
||||
sudo cp $(go env GOPATH)/bin/sing-box /usr/local/bin/
|
||||
|
|
|
@ -10,7 +10,7 @@ DIR=$(dirname "$0")
|
|||
PROJECT=$DIR/../..
|
||||
|
||||
pushd $PROJECT
|
||||
go install -v -trimpath -ldflags "-s -w -buildid=" -tags no_gvisor,with_quic,with_wireguard,with_acme ./cmd/sing-box
|
||||
go install -v -trimpath -ldflags "-s -w -buildid=" -tags with_quic,with_wireguard,with_acme ./cmd/sing-box
|
||||
popd
|
||||
|
||||
sudo systemctl stop sing-box
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
//go:build !no_gvisor
|
||||
//go:build with_gvisor
|
||||
|
||||
package wireguard
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
//go:build no_gvisor
|
||||
//go:build !with_gvisor
|
||||
|
||||
package wireguard
|
||||
|
||||
|
|
Loading…
Reference in a new issue