1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
This commit is contained in:
Ycarus (Yannick Chabanois) 2023-09-29 14:58:47 +02:00
parent a816b09134
commit ee1ffa2bd8
7 changed files with 3280 additions and 0 deletions

68
xray-core/Makefile Normal file
View file

@ -0,0 +1,68 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=xray-core
PKG_VERSION:=1.8.5
PKG_RELEASE:=1
PKG_LICENSE:=MPLv2
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Yannick Chabanois <contact@openmptcprouter.com>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/XTLS/Xray-core.git
PKG_SOURCE_VERSION:=585d5ba7c8b64f6da60837546a70bbcfd2350c64
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
GO_PKG:=github.com/XTLS/Xray-core
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/openmptcprouter/golang/golang-package.mk
define Package/$(PKG_NAME)
SECTION:=Custom
CATEGORY:=Extra packages
TITLE:=Xray-core
DEPENDS:=$(GO_ARCH_DEPENDS)
PROVIDES:=xray-core
endef
define Package/$(PKG_NAME)/description
Xray-core bare bones binary (compiled without cgo)
endef
define Package/$(PKG_NAME)/config
menu "Xray Configuration"
depends on PACKAGE_$(PKG_NAME)
config PACKAGE_XRAY_ENABLE_GOPROXY_IO
bool "Use goproxy.io to speed up module fetching (recommended for some network situations)"
default n
endmenu
endef
USE_GOPROXY:=
ifdef CONFIG_PACKAGE_XRAY_ENABLE_GOPROXY_IO
USE_GOPROXY:=GOPROXY=https://goproxy.io,direct
endif
MAKE_PATH:=$(GO_PKG_WORK_DIR_NAME)/build/src/$(GO_PKG)
MAKE_VARS += $(GO_PKG_VARS)
#define Build/Patch
# $(CP) $(PKG_BUILD_DIR)/../Xray-core-$(PKG_VERSION)/* $(PKG_BUILD_DIR)
# $(Build/Patch/Default)
#endef
define Build/Compile
cd $(PKG_BUILD_DIR); $(GO_PKG_VARS) $(USE_GOPROXY) CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o $(PKG_INSTALL_DIR)/bin/xray ./main;
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/xray $(1)/usr/bin/xray
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

View file

@ -0,0 +1,2 @@
#!/bin/sh
/etc/init.d/xray rules_up

2282
xray-core/files/etc/init.d/xray Executable file

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,202 @@
#!/bin/sh
if [ -z "$(uci -q get xray.main)" ]; then
touch /etc/config/xray
uci batch <<-EOF
set xray.main=xray
set xray.main.xray_file='/usr/bin/xray'
set xray.main.mem_percentage='0'
set xray.main.loglevel='error'
set xray.main.access_log='/dev/null'
set xray.main.error_log='/dev/null'
set xray.main.enabled='0'
set xray.main.outbounds='omrout'
set xray.main.inbounds='omr'
add_list xray.main.inbounds='omrtest'
set xray.main_dns=dns
set xray.main_dns.hosts='example.com|127.0.0.1'
set xray.main_dns.enabled='0'
set xray.main_policy=policy
set xray.main_policy.enabled='1'
set xray.main_policy.levels='policy_level_0'
set xray.policy_level_0=policy_level
set xray.policy_level_0.level='0'
set xray.policy_level_0.handshake='4'
set xray.policy_level_0.conn_idle='1200'
set xray.policy_level_0.uplink_only='0'
set xray.policy_level_0.downlink_only='0'
set xray.policy_level_0.buffer_size='512'
set xray.main_transparent_proxy=transparent_proxy
set xray.main_transparent_proxy.proxy_mode='default'
set xray.main_transparent_proxy.apnic_delegated_mirror='apnic'
set xray.main_transparent_proxy.gfwlist_mirror='github'
set xray.main_transparent_proxy.redirect_udp='0'
set xray.main_transparent_proxy.redirect_port='1897'
set xray.omrout=outbound
set xray.omrout.tag='omrout_tunnel'
set xray.omrout.protocol='vless'
set xray.omrout.s_vmess_address=''
set xray.omrout.s_vmess_port='65230'
set xray.omrout.s_vmess_user_id=''
set xray.omrout.s_vmess_user_security='none'
set xray.omrout.s_vmess_user_alter_id='0'
set xray.omrout.s_vless_address=''
set xray.omrout.s_vless_port='65228'
set xray.omrout.s_vless_user_id=''
set xray.omrout.s_vless_user_security='none'
set xray.omrout.s_vless_user_encryption='none'
set xray.omrout.s_vless_user_alter_id='0'
set xray.omrout.s_trojan_address=''
set xray.omrout.s_trojan_port='65229'
set xray.omrout.s_trojan_user_id=''
set xray.omrout.s_trojan_user_security='none'
set xray.omrout.s_trojan_user_encryption='none'
set xray.omrout.s_trojan_user_alter_id='0'
set xray.omrout.s_socks_address=''
set xray.omrout.s_socks_port='65231'
set xray.omrout.s_socks_user_id=''
set xray.omrout.s_socks_user_security='none'
set xray.omrout.s_socks_user_encryption='none'
set xray.omrout.s_socks_user_alter_id='0'
set xray.omrout.ss_network='tcp'
set xray.omrout.ss_security='tls'
set xray.omrout.ss_tls_allow_insecure='1'
set xray.omrout.ss_tls_disable_system_root='1'
set xray.omrout.ss_tls_cert_usage='verify'
set xray.omrout.ss_tls_cert_file='/etc/luci-uploads/client.crt'
set xray.omrout.ss_tls_key_file='/etc/luci-uploads/client.key'
set xray.omrout.s_shadowsocks_port='65252'
set xray.omrout.mux_concurrency='8'
set xray.omr=inbound
set xray.omr.tag='omrtunnel'
set xray.omr.listen='0.0.0.0'
set xray.omr.port='1897'
set xray.omr.protocol='dokodemo-door'
set xray.omr.s_dokodemo_door_network='tcp'
add_list xray.omr.s_dokodemo_door_network='udp'
set xray.omr.ss_sockopt_tproxy='redirect'
set xray.omr.ss_sockopt_tcp_fast_open='1'
set xray.omr.ss_sockopt_mptcp='1'
set xray.omr.s_dokodemo_door_follow_redirect='1'
set xray.omr6=inbound
set xray.omr6.tag='omrtunnel6'
set xray.omr6.listen='::'
set xray.omr6.port='1898'
set xray.omr6.protocol='dokodemo-door'
set xray.omr6.s_dokodemo_door_network='tcp'
add_list xray.omr6.s_dokodemo_door_network='udp'
set xray.omr6.ss_sockopt_tproxy='tproxy'
set xray.omr6.ss_sockopt_tcp_fast_open='1'
set xray.omr6.s_dokodemo_door_follow_redirect='1'
set xray.omrtest=inbound
set xray.omrtest.port='1111'
set xray.omrtest.protocol='socks'
set xray.omrtest.listen='127.0.0.1'
set xray.omrtest.s_socks_auth='noauth'
set xray.omrtest.s_socks_udp='1'
set xray.omrtest.s_socks_ip='127.0.0.1'
set xray.omrtest.s_socks_userlevel='0'
commit xray
EOF
fi
uci -q batch <<-EOF >/dev/null
set xray.omr.listen='0.0.0.0'
commit xray
EOF
if [ "$(uci -q get firewall.xray)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.xray=include
set firewall.xray.path=/etc/firewall.xray-rules
set firewall.xray.reload=0
commit firewall
EOF
fi
if [ "$(uci -q get firewall.xray.path)" != "/etc/firewall.xray-rules" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.xray.path=/etc/firewall.xray-rules
commit firewall
EOF
fi
if [ "$(uci -q get xray.main_reverse.bridges | grep omrbridge)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set xray.main_reverse=reverse
set xray.main_reverse.enabled=1
set xray.main_reverse.bridges='omrbridge|omr.lan'
commit xray
EOF
fi
if [ "$(uci -q get xray.omrrouting)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set xray.omrexit=outbound
set xray.omrexit.protocol='freedom'
set xray.omrexit.tag='out'
add_list xray.main.outbounds=omrexit
set xray.omrrouting=routing_rule
set xray.omrrouting.type='field'
set xray.omrrouting.inbound_tag='omrbridge'
set xray.omrrouting.outbound_tag='omrout_tunnel'
set xray.omrrouting.domain='full:omr.lan'
set xray.omrroutingo=routing_rule
set xray.omrroutingo.type='field'
set xray.omrroutingo.inbound_tag='omrbridge'
set xray.omrroutingo.outbound_tag='out'
set xray.main_routing=routing
set xray.main_routing.enabled=1
set xray.main_routing.rules='omrrouting'
add_list xray.main_routing.rules='omrroutingo'
commit xray
EOF
fi
if [ "$(uci -q get xray.main.error_log)" != "/dev/null" ]; then
uci -q batch <<-EOF >/dev/null
set xray.main.error_log='/dev/null'
commit xray
EOF
fi
#if [ "$(uci -q get xray.main.mem_percentage)" = "0" ]; then
# uci -q batch <<-EOF >/dev/null
# set xray.main.mem_percentage='80'
# commit xray
# EOF
#fi
if [ "$(uci -q get xray.policy_level_0.conn_idle)" = "2400" ]; then
uci -q batch <<-EOF >/dev/null
set xray.policy_level_0.conn_idle='1200'
commit xray
EOF
fi
if [ "$(uci -q get xray.omrout.s_vmess_port)" = "65228" ]; then
uci -q batch <<-EOF >/dev/null
set xray.omrout.s_vmess_port='65230'
commit xray
EOF
fi
if [ "$(uci -q get xray.omrout.s_trojan_port)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set xray.omrout.s_trojan_address=''
set xray.omrout.s_trojan_port='65229'
set xray.omrout.s_trojan_user_id=''
set xray.omrout.s_trojan_user_security='none'
set xray.omrout.s_trojan_user_encryption='none'
set xray.omrout.s_trojan_user_alter_id='0'
commit xray
EOF
fi
if [ "$(uci -q get xray.omrout.s_socks_port)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set xray.omrout.s_socks_address=''
set xray.omrout.s_socks_port='65231'
set xray.omrout.s_socks_user_id=''
set xray.omrout.s_socks_user_security='none'
set xray.omrout.s_socks_user_encryption='none'
set xray.omrout.s_socks_user_alter_id='0'
commit xray
EOF
fi
exit 0

View file

@ -0,0 +1,319 @@
#!/bin/sh -e
#
# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
#
# The design idea was derived from ss-rules by Jian Chang <aa65535@live.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
if [ -f /usr/sbin/iptables-legacy ]; then
IPTABLES="/usr/sbin/iptables-legacy"
IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore"
IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
else
IPTABLES="/usr/sbin/iptables"
IPTABLESRESTORE="/usr/sbin/iptables-restore"
IPTABLESSAVE="/usr/sbin/iptables-save"
fi
xr_rules_usage() {
cat >&2 <<EOF
Usage: xray-rules [options]
-h, --help Show this help message then exit
-f, --flush Flush rules, ipset then exit
-l <port> Local port number of ss-redir with TCP mode
-L <port> Local port number of ss-redir with UDP mode
-s <ips> List of ip addresses of remote shadowsocks server
--ifnames Only apply rules on packets from these ifnames
--src-bypass <ips|cidr>
--src-forward <ips|cidr>
--src-checkdst <ips|cidr>
--src-default <bypass|forward|checkdst>
Packets will have their src ip checked in order against
bypass, forward, checkdst list and will bypass, forward
through, or continue to have their dst ip checked
respectively on the first match. Otherwise, --src-default
decide the default action
--dst-bypass <ips|cidr>
--dst-forward <ips|cidr>
--dst-bypass-file <file>
--dst-forward-file <file>
--dst-default <bypass|forward>
Same as with their --src-xx equivalent
--dst-forward-recentrst
Forward those packets whose destinations have recently
sent to us multiple tcp-rst packets
--local-default <bypass|forward|checkdst>
Default action for local out TCP traffic
The following ipsets will be created by ss-rules. They are also intended to be
populated by other programs like dnsmasq with ipset support
ss_rules_src_bypass
ss_rules_src_forward
ss_rules_src_checkdst
ss_rules_dst_bypass
ss_rules_dst_bypass_all
ss_rules_dst_forward
EOF
}
o_dst_bypass_="
0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.31.196.0/24
192.52.193.0/24
192.88.99.0/24
192.168.0.0/16
192.175.48.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4
255.255.255.255
"
o_src_default=bypass
o_dst_default=bypass
o_local_default=bypass
__errmsg() {
echo "xray-rules: $*" >&2
}
xr_rules_parse_args() {
while [ "$#" -gt 0 ]; do
case "$1" in
-h|--help) xr_rules_usage; exit 0;;
-f|--flush) xr_rules_flush; exit 0;;
-l) o_redir_tcp_port="$2"; shift 2;;
-L) o_redir_udp_port="$2"; shift 2;;
-s) o_remote_servers="$2"; shift 2;;
--ifnames) o_ifnames="$2"; shift 2;;
--ipt-extra) o_ipt_extra="$2"; shift 2;;
--src-default) o_src_default="$2"; shift 2;;
--dst-default) o_dst_default="$2"; shift 2;;
--local-default) o_local_default="$2"; shift 2;;
--src-bypass) o_src_bypass="$2"; shift 2;;
--src-forward) o_src_forward="$2"; shift 2;;
--src-checkdst) o_src_checkdst="$2"; shift 2;;
--dst-bypass) o_dst_bypass="$2"; shift 2;;
--dst-bypass_all) o_dst_bypass_all="$2"; shift 2;;
--dst-forward) o_dst_forward="$2"; shift 2;;
--dst-forward-recentrst) o_dst_forward_recentrst=1; shift 1;;
--dst-bypass-file) o_dst_bypass_file="$2"; shift 2;;
--dst-forward-file) o_dst_forward_file="$2"; shift 2;;
--rule-name) rule="$2"; shift 2;;
*) __errmsg "unknown option $1"; return 1;;
esac
done
if [ -z "$o_redir_tcp_port" -a -z "$o_redir_udp_port" ]; then
__errmsg "Requires at least -l or -L option"
return 1
fi
if [ -n "$o_dst_forward_recentrst" ] && ! $IPTABLES -w -m recent -h >/dev/null; then
__errmsg "Please install iptables-mod-conntrack-extra with opkg"
return 1
fi
o_remote_servers="$(for s in $o_remote_servers; do resolveip -4 "$s"; done)"
}
xr_rules_flush() {
local setname
$IPTABLESSAVE --counters 2>/dev/null | grep -v xr_ | $IPTABLESRESTORE --counters
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
ip route flush table 100 || true
for setname in $(ipset -n list | grep "ssr_${rule}"); do
ipset destroy "$setname" 2>/dev/null || true
done
}
xr_rules_ipset_init() {
ipset --exist restore <<-EOF
create ssr_${rule}_src_bypass hash:net hashsize 64
create ssr_${rule}_src_forward hash:net hashsize 64
create ssr_${rule}_src_checkdst hash:net hashsize 64
create ss_rules_dst_bypass_all hash:net hashsize 64
create ssr_${rule}_dst_bypass hash:net hashsize 64
create ssr_${rule}_dst_bypass_ hash:net hashsize 64
create ssr_${rule}_dst_forward hash:net hashsize 64
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
$(xr_rules_ipset_mkadd ssr_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
$(xr_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
$(xr_rules_ipset_mkadd ssr_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
$(xr_rules_ipset_mkadd ssr_${rule}_src_bypass "$o_src_bypass")
$(xr_rules_ipset_mkadd ssr_${rule}_src_forward "$o_src_forward")
$(xr_rules_ipset_mkadd ssr_${rule}_src_checkdst "$o_src_checkdst")
$(xr_rules_ipset_mkadd ssr_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
EOF
}
xr_rules_ipset_mkadd() {
local setname="$1"; shift
local i
for i in $*; do
echo "add $setname $i"
done
}
xr_rules_iptchains_init() {
xr_rules_iptchains_init_mark
xr_rules_iptchains_init_tcp
xr_rules_iptchains_init_udp
}
xr_rules_iptchains_init_mark() {
if [ "$($IPTABLES -w -t mangle -L PREROUTING | grep ss_rules_dst_bypass_all)" = "" ]; then
$IPTABLESRESTORE --noflush <<-EOF
*mangle
-A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
COMMIT
EOF
fi
}
xr_rules_iptchains_init_tcp() {
local local_target
[ -n "$o_redir_tcp_port" ] || return 0
xr_rules_iptchains_init_ nat tcp
case "$o_local_default" in
checkdst) local_target=xr_${rule}_dst ;;
forward) local_target=xr_${rule}_forward ;;
bypass|*) return 0;;
esac
$IPTABLESRESTORE --noflush <<-EOF
*nat
:xr_${rule}_local_out -
-I OUTPUT 1 -p tcp -j xr_${rule}_local_out
-A xr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
-A xr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A xr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
-A xr_${rule}_local_out -m mark --mark 0x539 -j RETURN
-A xr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
COMMIT
EOF
}
xr_rules_iptchains_init_udp() {
[ -n "$o_redir_udp_port" ] || return 0
xr_rules_iptchains_init_ mangle udp
}
xr_rules_iptchains_init_() {
local table="$1"
local proto="$2"
local forward_rules
local src_default_target dst_default_target
local recentrst_mangle_rules recentrst_addset_rules
case "$proto" in
tcp)
forward_rules="-A xr_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
if [ -n "$o_dst_forward_recentrst" ]; then
recentrst_mangle_rules="
*mangle
-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name xr_recentrst --set --rsource
COMMIT
"
recentrst_addset_rules="
-A xr_${rule}_dst -m recent --name xr_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
-A xr_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j xr_${rule}_forward
"
fi
;;
udp)
ip rule add fwmark 1 lookup 100 || true
ip route add local default dev lo table 100 || true
forward_rules="-A xr_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
;;
esac
case "$o_src_default" in
forward) src_default_target=xr_${rule}_forward ;;
checkdst) src_default_target=xr_${rule}_dst ;;
bypass|*) src_default_target=RETURN ;;
esac
case "$o_dst_default" in
forward) dst_default_target=xr_${rule}_forward ;;
bypass|*) dst_default_target=RETURN ;;
esac
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IPTABLESRESTORE --noflush
*$table
:xr_${rule}_pre_src -
:xr_${rule}_src -
:xr_${rule}_dst -
:xr_${rule}_forward -
$(xr_rules_iptchains_mkprerules "$proto")
-A xr_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
-A xr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
-A xr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A xr_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
-A xr_${rule}_pre_src -m mark --mark 0x539 -j RETURN
-A xr_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A xr_${rule}_dst -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
-A xr_${rule}_pre_src -p $proto $o_ipt_extra -j xr_${rule}_src
-A xr_${rule}_src -m set --match-set ssr_${rule}_src_bypass src -j RETURN
-A xr_${rule}_src -m set --match-set ssr_${rule}_src_forward src -j xr_${rule}_forward
-A xr_${rule}_src -m set --match-set ssr_${rule}_src_checkdst src -j xr_${rule}_dst
-A xr_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
-A xr_${rule}_dst -m set --match-set ssr_${rule}_dst_forward dst -j xr_${rule}_forward
$recentrst_addset_rules
-A xr_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
$forward_rules
COMMIT
$recentrst_mangle_rules
EOF
}
xr_rules_iptchains_mkprerules() {
local proto="$1"
if [ -z "$o_ifnames" ]; then
echo "-A PREROUTING -p $proto -j xr_${rule}_pre_src"
else
echo $o_ifnames \
| tr ' ' '\n' \
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j xr_${rule}_pre_src/"
fi
}
xr_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "$IPTABLES -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$($IPTABLESSAVE 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "$IPTABLES -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
}
xr_rules_parse_args "$@"
#xr_rules_flush
xr_rules_ipset_init
xr_rules_iptchains_init
xr_rules_fw_drop

View file

@ -0,0 +1,310 @@
#!/bin/sh -e
#
# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
#
# The design idea was derived from ss-rules by Jian Chang <aa65535@live.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
if [ -f /usr/sbin/iptables-legacy ]; then
IP6TABLES="/usr/sbin/ip6tables-legacy"
IP6TABLESRESTORE="/usr/sbin/ip6tables-legacy-restore"
IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save"
else
IP6TABLES="/usr/sbin/ip6tables"
IP6TABLESRESTORE="/usr/sbin/ip6tables-restore"
IP6TABLESSAVE="/usr/sbin/ip6tables-save"
fi
xray_rules6_usage() {
cat >&2 <<EOF
Usage: xray-rules6 [options]
-h, --help Show this help message then exit
-f, --flush Flush rules, ipset then exit
-l <port> Local port number of ss-redir with TCP mode
-L <port> Local port number of ss-redir with UDP mode
-s <ips> List of ip addresses of remote shadowsocks server
--ifnames Only apply rules on packets from these ifnames
--src-bypass <ips|cidr>
--src-forward <ips|cidr>
--src-checkdst <ips|cidr>
--src-default <bypass|forward|checkdst>
Packets will have their src ip checked in order against
bypass, forward, checkdst list and will bypass, forward
through, or continue to have their dst ip checked
respectively on the first match. Otherwise, --src-default
decide the default action
--dst-bypass <ips|cidr>
--dst-forward <ips|cidr>
--dst-bypass-file <file>
--dst-forward-file <file>
--dst-default <bypass|forward>
Same as with their --src-xx equivalent
--dst-forward-recentrst
Forward those packets whose destinations have recently
sent to us multiple tcp-rst packets
--local-default <bypass|forward|checkdst>
Default action for local out TCP traffic
The following ipsets will be created by xray-rules. They are also intended to be
populated by other programs like dnsmasq with ipset support
xray_rules6_src_bypass
xray_rules6_src_forward
xray_rules6_src_checkdst
xray_rules6_dst_bypass
xray_rules6_dst_forward
EOF
}
o_dst_bypass_="
fe80::/10
fd00::/8
::1
"
o_src_default=bypass
o_dst_default=bypass
o_local_default=bypass
__errmsg() {
echo "xray-rules6: $*" >&2
}
xray_rules6_parse_args() {
while [ "$#" -gt 0 ]; do
case "$1" in
-h|--help) xray_rules6_usage; exit 0;;
-f|--flush) xray_rules6_flush; exit 0;;
-l) o_redir_tcp_port="$2"; shift 2;;
-L) o_redir_udp_port="$2"; shift 2;;
-s) o_remote_servers="$2"; shift 2;;
--ifnames) o_ifnames="$2"; shift 2;;
--ipt-extra) o_ipt_extra="$2"; shift 2;;
--src-default) o_src_default="$2"; shift 2;;
--dst-default) o_dst_default="$2"; shift 2;;
--local-default) o_local_default="$2"; shift 2;;
--src-bypass) o_src_bypass="$2"; shift 2;;
--src-forward) o_src_forward="$2"; shift 2;;
--src-checkdst) o_src_checkdst="$2"; shift 2;;
--dst-bypass) o_dst_bypass="$2"; shift 2;;
--dst-bypass_all) o_dst_bypass_all="$2"; shift 2;;
--dst-forward) o_dst_forward="$2"; shift 2;;
--dst-forward-recentrst) o_dst_forward_recentrst=1; shift 1;;
--dst-bypass-file) o_dst_bypass_file="$2"; shift 2;;
--dst-forward-file) o_dst_forward_file="$2"; shift 2;;
--rule-name) rule="$2"; shift 2;;
*) __errmsg "unknown option $1"; return 1;;
esac
done
if [ -z "$o_redir_tcp_port" -a -z "$o_redir_udp_port" ]; then
__errmsg "Requires at least -l or -L option"
return 1
fi
if [ -n "$o_dst_forward_recentrst" ] && ! $IP6TABLES -w -m recent -h >/dev/null; then
__errmsg "Please install ip6tables-mod-conntrack-extra with opkg"
return 1
fi
o_remote_servers="$(for s in $o_remote_servers; do resolveip -6 "$s"; done)"
}
xray_rules6_flush() {
local setname
$IP6TABLESSAVE --counters 2>/dev/null | grep -v xr6_ | $IP6TABLESRESTORE --counters
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
ip -f inet6 route flush table 100 || true
for setname in $(ipset -n list | grep "ssr6_${rule}"); do
ipset destroy "$setname" 2>/dev/null || true
done
}
xray_rules6_ipset_init() {
ipset --exist restore <<-EOF
create ssr6_${rule}_src_bypass hash:net family inet6 hashsize 64
create ssr6_${rule}_src_forward hash:net family inet6 hashsize 64
create ssr6_${rule}_src_checkdst hash:net family inet6 hashsize 64
create ssr6_${rule}_dst_bypass hash:net family inet6 hashsize 64
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
create ssr6_${rule}_dst_bypass_ hash:net family inet6 hashsize 64
create ssr6_${rule}_dst_forward hash:net family inet6 hashsize 64
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
$(xray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
$(xray_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
$(xray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
$(xray_rules6_ipset_mkadd ssr6_${rule}_src_bypass "$o_src_bypass")
$(xray_rules6_ipset_mkadd ssr6_${rule}_src_forward "$o_src_forward")
$(xray_rules6_ipset_mkadd ssr6_${rule}_src_checkdst "$o_src_checkdst")
$(xray_rules6_ipset_mkadd ssr6_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
EOF
}
xray_rules6_ipset_mkadd() {
local setname="$1"; shift
local i
for i in $*; do
echo "add $setname $i"
done
}
xray_rules6_iptchains_init() {
xray_rules6_iptchains_init_mark
xray_rules6_iptchains_init_tcp
xray_rules6_iptchains_init_udp
}
xray_rules6_iptchains_init_mark() {
$IP6TABLESRESTORE --noflush <<-EOF
*mangle
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
COMMIT
EOF
}
xray_rules6_iptchains_init_tcp() {
local local_target
[ -n "$o_redir_tcp_port" ] || return 0
#xray_rules6_iptchains_init_ nat tcp
xray_rules6_iptchains_init_ mangle tcp
case "$o_local_default" in
checkdst) local_target=xr6_${rule}_dst ;;
forward) local_target=xr6_${rule}_forward ;;
bypass|*) return 0;;
esac
# echo "tcp mangle"
# $IP6TABLESRESTORE --noflush <<-EOF
# *mangle
# :xr6_${rule}_local_out -
# -I OUTPUT 1 -p tcp -j xr6_${rule}_local_out
# -A xr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
# -A xr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
# -A xr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
# -A xr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
# -A xr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
# COMMIT
# EOF
# echo "done"
}
xray_rules6_iptchains_init_udp() {
[ -n "$o_redir_udp_port" ] || return 0
xray_rules6_iptchains_init_ mangle udp
}
xray_rules6_iptchains_init_() {
local table="$1"
local proto="$2"
local forward_rules
local src_default_target dst_default_target
local recentrst_mangle_rules recentrst_addset_rules
case "$proto" in
tcp)
#forward_rules="-A xr6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
forward_rules="-A xr6_${rule}_forward -p tcp -j TPROXY --on-port $o_redir_tcp_port --tproxy-mark 0x01/0x01"
if [ -n "$o_dst_forward_recentrst" ]; then
recentrst_mangle_rules="
*mangle
-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name ss_rules6_recentrst --set --rsource
COMMIT
"
recentrst_addset_rules="
-A xr6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist
-A xr6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j xr6_${rule}_forward
"
fi
;;
udp)
ip -f inet6 rule add fwmark 1 lookup 100 || true
ip -f inet6 route add local default dev lo table 100 || true
forward_rules="
-A xr6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01
-A xr6_${rule}_forward -p tcp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01
"
;;
esac
case "$o_src_default" in
forward) src_default_target=xr6_${rule}_forward ;;
checkdst) src_default_target=xr6_${rule}_dst ;;
bypass|*) src_default_target=RETURN ;;
esac
case "$o_dst_default" in
forward) dst_default_target=xr6_${rule}_forward ;;
bypass|*) dst_default_target=RETURN ;;
esac
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IP6TABLESRESTORE --noflush
*$table
:xr6_${rule}_pre_src -
:xr6_${rule}_src -
:xr6_${rule}_dst -
:xr6_${rule}_forward -
$(xray_rules6_iptchains_mkprerules "udp")
$(xray_rules6_iptchains_mkprerules "tcp")
-A xr6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN
-A xr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
-A xr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
-A xr6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
-A xr6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
-A xr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
-A xr6_${rule}_dst -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
-A xr6_${rule}_pre_src -p tcp $o_ipt_extra -j xr6_${rule}_src
-A xr6_${rule}_pre_src -p udp $o_ipt_extra -j xr6_${rule}_src
-A xr6_${rule}_src -m set --match-set ssr6_${rule}_src_bypass src -j RETURN
-A xr6_${rule}_src -m set --match-set ssr6_${rule}_src_forward src -j xr6_${rule}_forward
-A xr6_${rule}_src -m set --match-set ssr6_${rule}_src_checkdst src -j xr6_${rule}_dst
-A xr6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
-A xr6_${rule}_dst -m set --match-set ssr6_${rule}_dst_forward dst -j xr6_${rule}_forward
$recentrst_addset_rules
-A xr6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
$forward_rules
COMMIT
$recentrst_mangle_rules
EOF
}
xray_rules6_iptchains_mkprerules() {
local proto="$1"
if [ -z "$o_ifnames" ]; then
echo "-A PREROUTING -p $proto -j xr6_${rule}_pre_src"
else
echo $o_ifnames \
| tr ' ' '\n' \
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j xr6_${rule}_pre_src/"
fi
}
xray_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "$IP6TABLES -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "$IP6TABLES -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
}
xray_rules6_parse_args "$@"
xray_rules6_flush
xray_rules6_ipset_init
xray_rules6_iptchains_init
xray_rules6_fw_drop

View file

@ -0,0 +1,97 @@
diff -aurN xray-core-1.8.5.old/go.mod xray-core-1.8.5/go.mod
--- a/go.mod 2023-09-18 16:14:12.554956393 +0200
+++ b/go.mod 2023-09-18 16:16:56.304259547 +0200
@@ -12,13 +12,13 @@
github.com/pires/go-proxyproto v0.7.0
github.com/quic-go/quic-go v0.38.1
github.com/refraction-networking/utls v1.4.3
- github.com/sagernet/sing v0.2.9
+ github.com/sagernet/sing v0.2.10-0.20230807080248-4db0062caa0a
github.com/sagernet/sing-shadowsocks v0.2.4
- github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c
github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb
github.com/stretchr/testify v1.8.4
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e
github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6
+ github.com/xtls/wireguard-go v0.0.0-20230303120718-56f003b3a66e
go4.org/netipx v0.0.0-20230824141953-6213f710f925
golang.org/x/crypto v0.12.0
golang.org/x/net v0.14.0
@@ -47,7 +47,7 @@
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/quic-go/qtls-go1-20 v0.3.3 // indirect
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
- go.uber.org/atomic v1.11.0 // indirect
+ go.uber.org/atomic v1.10.0 // indirect
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/text v0.12.0 // indirect
diff -aurN xray-core-1.8.5.old/go.sum xray-core-1.8.5/go.sum
--- a/go.sum 2023-09-18 16:14:12.554956393 +0200
+++ b/go.sum 2023-09-18 16:16:56.304259547 +0200
@@ -123,12 +123,10 @@
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/sagernet/sing v0.2.9 h1:3wsTz+JG5Wzy65eZnh6AuCrD2QqcRF6Iq6f7ttmJsAo=
-github.com/sagernet/sing v0.2.9/go.mod h1:Ta8nHnDLAwqySzKhGoKk4ZIB+vJ3GTKj7UPrWYvM+4w=
+github.com/sagernet/sing v0.2.10-0.20230807080248-4db0062caa0a h1:b89t6Mjgk4rJ5lrNMnCzy1/J116XkhgdB3YNd9FHyF4=
+github.com/sagernet/sing v0.2.10-0.20230807080248-4db0062caa0a/go.mod h1:9uOZwWkhT2Z2WldolLxX34s+1svAX4i4vvz5hy8u1MA=
github.com/sagernet/sing-shadowsocks v0.2.4 h1:s/CqXlvFAZhlIoHWUwPw5CoNnQ9Ibki9pckjuugtVfY=
github.com/sagernet/sing-shadowsocks v0.2.4/go.mod h1:80fNKP0wnqlu85GZXV1H1vDPC/2t+dQbFggOw4XuFUM=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c h1:vK2wyt9aWYHHvNLWniwijBu/n4pySypiKRhN32u/JGo=
-github.com/sagernet/wireguard-go v0.0.0-20221116151939-c99467f53f2c/go.mod h1:euOmN6O5kk9dQmgSS8Df4psAl3TCjxOz0NW60EWkSaI=
github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb h1:XfLJSPIOUX+osiMraVgIrMR27uMXnRJWGm1+GL8/63U=
github.com/seiflotfy/cuckoofilter v0.0.0-20220411075957-e3b120b3f5fb/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
@@ -168,10 +166,12 @@
github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6 h1:T+YCYGfFdzyaKTDCdZn/hEiKvsw6yUfd+e4hze0rCUw=
github.com/xtls/reality v0.0.0-20230828171259-e426190d57f6/go.mod h1:rkuAY1S9F8eI8gDiPDYvACE8e2uwkyg8qoOTuwWov7Y=
+github.com/xtls/wireguard-go v0.0.0-20230303120718-56f003b3a66e h1:Y0CxNt+TeOhFUS2J/EF6osq9RukduvGYUNk2xPdKW60=
+github.com/xtls/wireguard-go v0.0.0-20230303120718-56f003b3a66e/go.mod h1:XFvPXP1gUqy/12j+KbdShku+YWiZJjaYLEAn4ZXaRGU=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
-go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
-go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
go4.org/netipx v0.0.0-20230824141953-6213f710f925 h1:eeQDDVKFkx0g4Hyy8pHgmZaK0EqB4SD6rvKbUdN3ziQ=
go4.org/netipx v0.0.0-20230824141953-6213f710f925/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
diff -aurN xray-core-1.8.5.old/proxy/wireguard/bind.go xray-core-1.8.5/proxy/wireguard/bind.go
--- a/proxy/wireguard/bind.go 2023-09-18 16:14:12.562956262 +0200
+++ b/proxy/wireguard/bind.go 2023-09-18 16:15:43.597456179 +0200
@@ -9,7 +9,7 @@
"strconv"
"sync"
- "github.com/sagernet/wireguard-go/conn"
+ "github.com/xtls/wireguard-go/conn"
xnet "github.com/xtls/xray-core/common/net"
"github.com/xtls/xray-core/features/dns"
"github.com/xtls/xray-core/transport/internet"
diff -aurN xray-core-1.8.5.old/proxy/wireguard/tun.go xray-core-1.8.5/proxy/wireguard/tun.go
--- a/proxy/wireguard/tun.go 2023-09-18 16:14:12.562956262 +0200
+++ b/proxy/wireguard/tun.go 2023-09-18 16:15:52.413310983 +0200
@@ -12,7 +12,7 @@
"net/netip"
"os"
- "github.com/sagernet/wireguard-go/tun"
+ "github.com/xtls/wireguard-go/tun"
"github.com/xtls/xray-core/features/dns"
"gvisor.dev/gvisor/pkg/buffer"
"gvisor.dev/gvisor/pkg/tcpip"
diff -aurN xray-core-1.8.5.old/proxy/wireguard/wireguard.go xray-core-1.8.5/proxy/wireguard/wireguard.go
--- a/proxy/wireguard/wireguard.go 2023-09-18 16:14:12.562956262 +0200
+++ b/proxy/wireguard/wireguard.go 2023-09-18 16:16:01.109167878 +0200
@@ -27,7 +27,7 @@
"net/netip"
"strings"
- "github.com/sagernet/wireguard-go/device"
+ "github.com/xtls/wireguard-go/device"
"github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/buf"
"github.com/xtls/xray-core/common/log"