Add rule-set

option/experimental.go

@@ -23,16 +23,16 @@ type ClashAPIOptions struct {
 	DefaultMode              string   `json:"default_mode,omitempty"`
 	ModeList                 []string `json:"-"`
 
+	// Deprecated: migrated to global cache file
+	CacheFile string `json:"cache_file,omitempty"`
+	// Deprecated: migrated to global cache file
+	CacheID string `json:"cache_id,omitempty"`
 	// Deprecated: migrated to global cache file
 	StoreMode bool `json:"store_mode,omitempty"`
 	// Deprecated: migrated to global cache file
 	StoreSelected bool `json:"store_selected,omitempty"`
 	// Deprecated: migrated to global cache file
 	StoreFakeIP bool `json:"store_fakeip,omitempty"`
-	// Deprecated: migrated to global cache file
-	CacheFile string `json:"cache_file,omitempty"`
-	// Deprecated: migrated to global cache file
-	CacheID string `json:"cache_id,omitempty"`
 }
 
 type V2RayAPIOptions struct {

option/route.go

@@ -4,6 +4,7 @@ type RouteOptions struct {
 	GeoIP               *GeoIPOptions   `json:"geoip,omitempty"`
 	Geosite             *GeositeOptions `json:"geosite,omitempty"`
 	Rules               []Rule          `json:"rules,omitempty"`
+	RuleSet             []RuleSet       `json:"rule_set,omitempty"`
 	Final               string          `json:"final,omitempty"`
 	FindProcess         bool            `json:"find_process,omitempty"`
 	AutoDetectInterface bool            `json:"auto_detect_interface,omitempty"`

option/rule.go

@@ -65,34 +65,36 @@ func (r Rule) IsValid() bool {
 }
 
 type DefaultRule struct {
-	Inbound         Listable[string] `json:"inbound,omitempty"`
-	IPVersion       int              `json:"ip_version,omitempty"`
-	Network         Listable[string] `json:"network,omitempty"`
-	AuthUser        Listable[string] `json:"auth_user,omitempty"`
-	Protocol        Listable[string] `json:"protocol,omitempty"`
-	Domain          Listable[string] `json:"domain,omitempty"`
-	DomainSuffix    Listable[string] `json:"domain_suffix,omitempty"`
-	DomainKeyword   Listable[string] `json:"domain_keyword,omitempty"`
-	DomainRegex     Listable[string] `json:"domain_regex,omitempty"`
-	Geosite         Listable[string] `json:"geosite,omitempty"`
-	SourceGeoIP     Listable[string] `json:"source_geoip,omitempty"`
-	GeoIP           Listable[string] `json:"geoip,omitempty"`
-	SourceIPCIDR    Listable[string] `json:"source_ip_cidr,omitempty"`
-	IPCIDR          Listable[string] `json:"ip_cidr,omitempty"`
-	SourcePort      Listable[uint16] `json:"source_port,omitempty"`
-	SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
-	Port            Listable[uint16] `json:"port,omitempty"`
-	PortRange       Listable[string] `json:"port_range,omitempty"`
-	ProcessName     Listable[string] `json:"process_name,omitempty"`
-	ProcessPath     Listable[string] `json:"process_path,omitempty"`
-	PackageName     Listable[string] `json:"package_name,omitempty"`
-	User            Listable[string] `json:"user,omitempty"`
-	UserID          Listable[int32]  `json:"user_id,omitempty"`
-	ClashMode       string           `json:"clash_mode,omitempty"`
-	WIFISSID        Listable[string] `json:"wifi_ssid,omitempty"`
-	WIFIBSSID       Listable[string] `json:"wifi_bssid,omitempty"`
-	Invert          bool             `json:"invert,omitempty"`
-	Outbound        string           `json:"outbound,omitempty"`
+	Inbound                  Listable[string] `json:"inbound,omitempty"`
+	IPVersion                int              `json:"ip_version,omitempty"`
+	Network                  Listable[string] `json:"network,omitempty"`
+	AuthUser                 Listable[string] `json:"auth_user,omitempty"`
+	Protocol                 Listable[string] `json:"protocol,omitempty"`
+	Domain                   Listable[string] `json:"domain,omitempty"`
+	DomainSuffix             Listable[string] `json:"domain_suffix,omitempty"`
+	DomainKeyword            Listable[string] `json:"domain_keyword,omitempty"`
+	DomainRegex              Listable[string] `json:"domain_regex,omitempty"`
+	Geosite                  Listable[string] `json:"geosite,omitempty"`
+	SourceGeoIP              Listable[string] `json:"source_geoip,omitempty"`
+	GeoIP                    Listable[string] `json:"geoip,omitempty"`
+	SourceIPCIDR             Listable[string] `json:"source_ip_cidr,omitempty"`
+	IPCIDR                   Listable[string] `json:"ip_cidr,omitempty"`
+	SourcePort               Listable[uint16] `json:"source_port,omitempty"`
+	SourcePortRange          Listable[string] `json:"source_port_range,omitempty"`
+	Port                     Listable[uint16] `json:"port,omitempty"`
+	PortRange                Listable[string] `json:"port_range,omitempty"`
+	ProcessName              Listable[string] `json:"process_name,omitempty"`
+	ProcessPath              Listable[string] `json:"process_path,omitempty"`
+	PackageName              Listable[string] `json:"package_name,omitempty"`
+	User                     Listable[string] `json:"user,omitempty"`
+	UserID                   Listable[int32]  `json:"user_id,omitempty"`
+	ClashMode                string           `json:"clash_mode,omitempty"`
+	WIFISSID                 Listable[string] `json:"wifi_ssid,omitempty"`
+	WIFIBSSID                Listable[string] `json:"wifi_bssid,omitempty"`
+	RuleSet                  Listable[string] `json:"rule_set,omitempty"`
+	RuleSetIPCIDRMatchSource bool             `json:"rule_set_ipcidr_match_source,omitempty"`
+	Invert                   bool             `json:"invert,omitempty"`
+	Outbound                 string           `json:"outbound,omitempty"`
 }
 
 func (r DefaultRule) IsValid() bool {

option/rule_dns.go

@@ -91,6 +91,7 @@ type DefaultDNSRule struct {
 	ClashMode       string                 `json:"clash_mode,omitempty"`
 	WIFISSID        Listable[string]       `json:"wifi_ssid,omitempty"`
 	WIFIBSSID       Listable[string]       `json:"wifi_bssid,omitempty"`
+	RuleSet         Listable[string]       `json:"rule_set,omitempty"`
 	Invert          bool                   `json:"invert,omitempty"`
 	Server          string                 `json:"server,omitempty"`
 	DisableCache    bool                   `json:"disable_cache,omitempty"`

option/rule_set.go

@@ -0,0 +1,230 @@
+package option
+
+import (
+	"reflect"
+
+	"github.com/sagernet/sing-box/common/json"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/domain"
+	E "github.com/sagernet/sing/common/exceptions"
+	F "github.com/sagernet/sing/common/format"
+
+	"go4.org/netipx"
+)
+
+type _RuleSet struct {
+	Type          string        `json:"type"`
+	Tag           string        `json:"tag"`
+	Format        string        `json:"format"`
+	LocalOptions  LocalRuleSet  `json:"-"`
+	RemoteOptions RemoteRuleSet `json:"-"`
+}
+
+type RuleSet _RuleSet
+
+func (r RuleSet) MarshalJSON() ([]byte, error) {
+	var v any
+	switch r.Type {
+	case C.RuleSetTypeLocal:
+		v = r.LocalOptions
+	case C.RuleSetTypeRemote:
+		v = r.RemoteOptions
+	default:
+		return nil, E.New("unknown rule set type: " + r.Type)
+	}
+	return MarshallObjects((_RuleSet)(r), v)
+}
+
+func (r *RuleSet) UnmarshalJSON(bytes []byte) error {
+	err := json.Unmarshal(bytes, (*_RuleSet)(r))
+	if err != nil {
+		return err
+	}
+	if r.Tag == "" {
+		return E.New("missing tag")
+	}
+	switch r.Format {
+	case "":
+		return E.New("missing format")
+	case C.RuleSetFormatSource, C.RuleSetFormatBinary:
+	default:
+		return E.New("unknown rule set format: " + r.Format)
+	}
+	var v any
+	switch r.Type {
+	case C.RuleSetTypeLocal:
+		v = &r.LocalOptions
+	case C.RuleSetTypeRemote:
+		v = &r.RemoteOptions
+	case "":
+		return E.New("missing type")
+	default:
+		return E.New("unknown rule set type: " + r.Type)
+	}
+	err = UnmarshallExcluded(bytes, (*_RuleSet)(r), v)
+	if err != nil {
+		return E.Cause(err, "rule set")
+	}
+	return nil
+}
+
+type LocalRuleSet struct {
+	Path string `json:"path,omitempty"`
+}
+
+type RemoteRuleSet struct {
+	URL            string   `json:"url"`
+	DownloadDetour string   `json:"download_detour,omitempty"`
+	UpdateInterval Duration `json:"update_interval,omitempty"`
+}
+
+type _HeadlessRule struct {
+	Type           string              `json:"type,omitempty"`
+	DefaultOptions DefaultHeadlessRule `json:"-"`
+	LogicalOptions LogicalHeadlessRule `json:"-"`
+}
+
+type HeadlessRule _HeadlessRule
+
+func (r HeadlessRule) MarshalJSON() ([]byte, error) {
+	var v any
+	switch r.Type {
+	case C.RuleTypeDefault:
+		r.Type = ""
+		v = r.DefaultOptions
+	case C.RuleTypeLogical:
+		v = r.LogicalOptions
+	default:
+		return nil, E.New("unknown rule type: " + r.Type)
+	}
+	return MarshallObjects((_HeadlessRule)(r), v)
+}
+
+func (r *HeadlessRule) UnmarshalJSON(bytes []byte) error {
+	err := json.Unmarshal(bytes, (*_HeadlessRule)(r))
+	if err != nil {
+		return err
+	}
+	var v any
+	switch r.Type {
+	case "", C.RuleTypeDefault:
+		r.Type = C.RuleTypeDefault
+		v = &r.DefaultOptions
+	case C.RuleTypeLogical:
+		v = &r.LogicalOptions
+	default:
+		return E.New("unknown rule type: " + r.Type)
+	}
+	err = UnmarshallExcluded(bytes, (*_HeadlessRule)(r), v)
+	if err != nil {
+		return E.Cause(err, "route rule-set rule")
+	}
+	return nil
+}
+
+func (r HeadlessRule) IsValid() bool {
+	switch r.Type {
+	case C.RuleTypeDefault, "":
+		return r.DefaultOptions.IsValid()
+	case C.RuleTypeLogical:
+		return r.LogicalOptions.IsValid()
+	default:
+		panic("unknown rule type: " + r.Type)
+	}
+}
+
+type DefaultHeadlessRule struct {
+	QueryType       Listable[DNSQueryType] `json:"query_type,omitempty"`
+	Network         Listable[string]       `json:"network,omitempty"`
+	Domain          Listable[string]       `json:"domain,omitempty"`
+	DomainSuffix    Listable[string]       `json:"domain_suffix,omitempty"`
+	DomainKeyword   Listable[string]       `json:"domain_keyword,omitempty"`
+	DomainRegex     Listable[string]       `json:"domain_regex,omitempty"`
+	SourceIPCIDR    Listable[string]       `json:"source_ip_cidr,omitempty"`
+	IPCIDR          Listable[string]       `json:"ip_cidr,omitempty"`
+	SourcePort      Listable[uint16]       `json:"source_port,omitempty"`
+	SourcePortRange Listable[string]       `json:"source_port_range,omitempty"`
+	Port            Listable[uint16]       `json:"port,omitempty"`
+	PortRange       Listable[string]       `json:"port_range,omitempty"`
+	ProcessName     Listable[string]       `json:"process_name,omitempty"`
+	ProcessPath     Listable[string]       `json:"process_path,omitempty"`
+	PackageName     Listable[string]       `json:"package_name,omitempty"`
+	WIFISSID        Listable[string]       `json:"wifi_ssid,omitempty"`
+	WIFIBSSID       Listable[string]       `json:"wifi_bssid,omitempty"`
+	Invert          bool                   `json:"invert,omitempty"`
+
+	DomainMatcher *domain.Matcher `json:"-"`
+	SourceIPSet   *netipx.IPSet   `json:"-"`
+	IPSet         *netipx.IPSet   `json:"-"`
+}
+
+func (r DefaultHeadlessRule) IsValid() bool {
+	var defaultValue DefaultHeadlessRule
+	defaultValue.Invert = r.Invert
+	return !reflect.DeepEqual(r, defaultValue)
+}
+
+type LogicalHeadlessRule struct {
+	Mode   string         `json:"mode"`
+	Rules  []HeadlessRule `json:"rules,omitempty"`
+	Invert bool           `json:"invert,omitempty"`
+}
+
+func (r LogicalHeadlessRule) IsValid() bool {
+	return len(r.Rules) > 0 && common.All(r.Rules, HeadlessRule.IsValid)
+}
+
+type _PlainRuleSetCompat struct {
+	Version int          `json:"version"`
+	Options PlainRuleSet `json:"-"`
+}
+
+type PlainRuleSetCompat _PlainRuleSetCompat
+
+func (r PlainRuleSetCompat) MarshalJSON() ([]byte, error) {
+	var v any
+	switch r.Version {
+	case C.RuleSetVersion1:
+		v = r.Options
+	default:
+		return nil, E.New("unknown rule set version: ", r.Version)
+	}
+	return MarshallObjects((_PlainRuleSetCompat)(r), v)
+}
+
+func (r *PlainRuleSetCompat) UnmarshalJSON(bytes []byte) error {
+	err := json.Unmarshal(bytes, (*_PlainRuleSetCompat)(r))
+	if err != nil {
+		return err
+	}
+	var v any
+	switch r.Version {
+	case C.RuleSetVersion1:
+		v = &r.Options
+	case 0:
+		return E.New("missing rule set version")
+	default:
+		return E.New("unknown rule set version: ", r.Version)
+	}
+	err = UnmarshallExcluded(bytes, (*_PlainRuleSetCompat)(r), v)
+	if err != nil {
+		return E.Cause(err, "rule set")
+	}
+	return nil
+}
+
+func (r PlainRuleSetCompat) Upgrade() PlainRuleSet {
+	var result PlainRuleSet
+	switch r.Version {
+	case C.RuleSetVersion1:
+		result = r.Options
+	default:
+		panic("unknown rule set version: " + F.ToString(r.Version))
+	}
+	return result
+}
+
+type PlainRuleSet struct {
+	Rules []HeadlessRule `json:"rules,omitempty"`
+}

option/time_unit.go

@@ -0,0 +1,226 @@
+package option
+
+import (
+	"errors"
+	"time"
+)
+
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+const durationDay = 24 * time.Hour
+
+var unitMap = map[string]uint64{
+	"ns": uint64(time.Nanosecond),
+	"us": uint64(time.Microsecond),
+	"µs": uint64(time.Microsecond), // U+00B5 = micro symbol
+	"μs": uint64(time.Microsecond), // U+03BC = Greek letter mu
+	"ms": uint64(time.Millisecond),
+	"s":  uint64(time.Second),
+	"m":  uint64(time.Minute),
+	"h":  uint64(time.Hour),
+	"d":  uint64(durationDay),
+}
+
+// ParseDuration parses a duration string.
+// A duration string is a possibly signed sequence of
+// decimal numbers, each with optional fraction and a unit suffix,
+// such as "300ms", "-1.5h" or "2h45m".
+// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+func ParseDuration(s string) (Duration, error) {
+	// [-+]?([0-9]*(\.[0-9]*)?[a-z]+)+
+	orig := s
+	var d uint64
+	neg := false
+
+	// Consume [-+]?
+	if s != "" {
+		c := s[0]
+		if c == '-' || c == '+' {
+			neg = c == '-'
+			s = s[1:]
+		}
+	}
+	// Special case: if all that is left is "0", this is zero.
+	if s == "0" {
+		return 0, nil
+	}
+	if s == "" {
+		return 0, errors.New("time: invalid duration " + quote(orig))
+	}
+	for s != "" {
+		var (
+			v, f  uint64      // integers before, after decimal point
+			scale float64 = 1 // value = v + f/scale
+		)
+
+		var err error
+
+		// The next character must be [0-9.]
+		if !(s[0] == '.' || '0' <= s[0] && s[0] <= '9') {
+			return 0, errors.New("time: invalid duration " + quote(orig))
+		}
+		// Consume [0-9]*
+		pl := len(s)
+		v, s, err = leadingInt(s)
+		if err != nil {
+			return 0, errors.New("time: invalid duration " + quote(orig))
+		}
+		pre := pl != len(s) // whether we consumed anything before a period
+
+		// Consume (\.[0-9]*)?
+		post := false
+		if s != "" && s[0] == '.' {
+			s = s[1:]
+			pl := len(s)
+			f, scale, s = leadingFraction(s)
+			post = pl != len(s)
+		}
+		if !pre && !post {
+			// no digits (e.g. ".s" or "-.s")
+			return 0, errors.New("time: invalid duration " + quote(orig))
+		}
+
+		// Consume unit.
+		i := 0
+		for ; i < len(s); i++ {
+			c := s[i]
+			if c == '.' || '0' <= c && c <= '9' {
+				break
+			}
+		}
+		if i == 0 {
+			return 0, errors.New("time: missing unit in duration " + quote(orig))
+		}
+		u := s[:i]
+		s = s[i:]
+		unit, ok := unitMap[u]
+		if !ok {
+			return 0, errors.New("time: unknown unit " + quote(u) + " in duration " + quote(orig))
+		}
+		if v > 1<<63/unit {
+			// overflow
+			return 0, errors.New("time: invalid duration " + quote(orig))
+		}
+		v *= unit
+		if f > 0 {
+			// float64 is needed to be nanosecond accurate for fractions of hours.
+			// v >= 0 && (f*unit/scale) <= 3.6e+12 (ns/h, h is the largest unit)
+			v += uint64(float64(f) * (float64(unit) / scale))
+			if v > 1<<63 {
+				// overflow
+				return 0, errors.New("time: invalid duration " + quote(orig))
+			}
+		}
+		d += v
+		if d > 1<<63 {
+			return 0, errors.New("time: invalid duration " + quote(orig))
+		}
+	}
+	if neg {
+		return -Duration(d), nil
+	}
+	if d > 1<<63-1 {
+		return 0, errors.New("time: invalid duration " + quote(orig))
+	}
+	return Duration(d), nil
+}
+
+var errLeadingInt = errors.New("time: bad [0-9]*") // never printed
+
+// leadingInt consumes the leading [0-9]* from s.
+func leadingInt[bytes []byte | string](s bytes) (x uint64, rem bytes, err error) {
+	i := 0
+	for ; i < len(s); i++ {
+		c := s[i]
+		if c < '0' || c > '9' {
+			break
+		}
+		if x > 1<<63/10 {
+			// overflow
+			return 0, rem, errLeadingInt
+		}
+		x = x*10 + uint64(c) - '0'
+		if x > 1<<63 {
+			// overflow
+			return 0, rem, errLeadingInt
+		}
+	}
+	return x, s[i:], nil
+}
+
+// leadingFraction consumes the leading [0-9]* from s.
+// It is used only for fractions, so does not return an error on overflow,
+// it just stops accumulating precision.
+func leadingFraction(s string) (x uint64, scale float64, rem string) {
+	i := 0
+	scale = 1
+	overflow := false
+	for ; i < len(s); i++ {
+		c := s[i]
+		if c < '0' || c > '9' {
+			break
+		}
+		if overflow {
+			continue
+		}
+		if x > (1<<63-1)/10 {
+			// It's possible for overflow to give a positive number, so take care.
+			overflow = true
+			continue
+		}
+		y := x*10 + uint64(c) - '0'
+		if y > 1<<63 {
+			overflow = true
+			continue
+		}
+		x = y
+		scale *= 10
+	}
+	return x, scale, s[i:]
+}
+
+// These are borrowed from unicode/utf8 and strconv and replicate behavior in
+// that package, since we can't take a dependency on either.
+const (
+	lowerhex  = "0123456789abcdef"
+	runeSelf  = 0x80
+	runeError = '\uFFFD'
+)
+
+func quote(s string) string {
+	buf := make([]byte, 1, len(s)+2) // slice will be at least len(s) + quotes
+	buf[0] = '"'
+	for i, c := range s {
+		if c >= runeSelf || c < ' ' {
+			// This means you are asking us to parse a time.Duration or
+			// time.Location with unprintable or non-ASCII characters in it.
+			// We don't expect to hit this case very often. We could try to
+			// reproduce strconv.Quote's behavior with full fidelity but
+			// given how rarely we expect to hit these edge cases, speed and
+			// conciseness are better.
+			var width int
+			if c == runeError {
+				width = 1
+				if i+2 < len(s) && s[i:i+3] == string(runeError) {
+					width = 3
+				}
+			} else {
+				width = len(string(c))
+			}
+			for j := 0; j < width; j++ {
+				buf = append(buf, `\x`...)
+				buf = append(buf, lowerhex[s[i+j]>>4])
+				buf = append(buf, lowerhex[s[i+j]&0xF])
+			}
+		} else {
+			if c == '"' || c == '\\' {
+				buf = append(buf, '\\')
+			}
+			buf = append(buf, string(c)...)
+		}
+	}
+	buf = append(buf, '"')
+	return string(buf)
+}

option/types.go

@@ -164,7 +164,7 @@ func (d *Duration) UnmarshalJSON(bytes []byte) error {
 	if err != nil {
 		return err
 	}
-	duration, err := time.ParseDuration(value)
+	duration, err := ParseDuration(value)
 	if err != nil {
 		return err
 	}
@@ -174,6 +174,14 @@ func (d *Duration) UnmarshalJSON(bytes []byte) error {
 
 type DNSQueryType uint16
 
+func (t DNSQueryType) String() string {
+	typeName, loaded := mDNS.TypeToString[uint16(t)]
+	if loaded {
+		return typeName
+	}
+	return F.ToString(uint16(t))
+}
+
 func (t DNSQueryType) MarshalJSON() ([]byte, error) {
 	typeName, loaded := mDNS.TypeToString[uint16(t)]
 	if loaded {