dreamacro / clash Goto Github PK

View Code? Open in Web Editor NEW

49.0K 49.0K 6.6K 2.07 MB

A rule-based tunnel in Go.

License: GNU General Public License v3.0

Go 99.23% Makefile 0.65% Dockerfile 0.13%

clash golang rule-based tunnel

clash's People

Contributors

Stargazers

Watchers

Forkers

fossabot zyggit superben2010 leeccong pobizhe chinaphp alexwwang beyondkmp arronyin mscorp afboyxiyang mid-summer lroolle carry168 lucali2014 maxwellwhy oldbigbomb w1r2p1 luckypoem product-think2049 shammishailaj happy-ferret haibuhao pyuqetq usaweili nicholaswan naier1860 withlin gruebel jn7163 wxlg1117 flyarong q158073378252010 changx wlaotou codecollect forging2012 15d23 chengguangnan u20024804 4funs iwkoo jiopia sixplussix nizvoo ak76cs guorouda prog012 lzbgt linecode h0-lab neveroldmilk sxlxnyw devhttps itplanes hhy5277 spencerx funstuff ksharpdabu wsyh-he jaelyen raingather harriks qishiqing shaunstanislauslau liuchenx seo007 kid424 jerryismy felix021 yandd xswvfr lxmwq cjhgo scriptsboy sandradeblois1 taotao120 arsolon gujjucoin aniarm xiaocall jokaye dajjxxn songchenwen 8choi moonshining wepoiuopijsdfnxcvl shangzongyu awesome-nfv redhandsome demoanddemo majst01 xyalan comzyh isgasho silvernoo tonyle9 asushugo vihaitai congjiujiu

clash's Issues

Feature request: KCP support

Just like the title described.Thanks for your excellent work.

协议名称以及vmess混淆支持

shadowsocks的chacha20-ietf-poly1305加密，是否对应clash的AEAD_CHACHA20_POLY1305？
vmess是否支持混淆http？如果是，如何设置？如果不是希望增加支持。

感谢软件作者 @Dreamacro ，可以让我们用一个客户端整合两个主流的科学上网工具，希望越来越好。

Typo: "A rule-based tunnel on Go." should be "A rule-based tunnel in Go."

GEOIP 准确率不是很高啊，是否考虑支持 ipip.net?

我比较讨厌很长的配置，所以我基于国家来做分流，达到就近节点代理的目的。
但我测试访问 www.google.com 时，解析到 IP 216.58.200.228，IP 物理位置应该是在**，但是 GEOIP 的结果是美国。

ipip.net 很早之前就能查到大部分 google 的正确物理位置，它们的免费版精度也完全符合需求，官网地址 https://www.ipip.net/product/client.html （需注册才能下载）

官方提供的 golang sdk https://github.com/ipipdotnet/ipdb-go

所以是否考虑支持 ipip.net 免费离线库呢？

socks5 协议测速不显示

如题，�socks5 协议进行 speed test 时无显示，实际使用没有问题。
优先级比较低，有空的时候辛苦排期进行修复。

感谢您开发的软件。

关于配置文件路径

希望修改为优先读取软件目录下, 该目录下没有配置文件再读取 $HOME 下的.

这样方便把软件放到 U 盘带着走.

能否支持 RULE-SET

https://nssurge.zendesk.com/hc/zh-cn/articles/360010038714-Surge-Mac-3-Release-Note

类似 Surge 3 的这种支持外部规则集

please support ssR and kcp in vmess

please support ssR and kcp in vmess
I want to unblock Netflix, but my vpn is only for ssr or kcp in vmess.
Would you plan to add these?

我司的网站需要VPN拨入才能访问，使用Clash后网站可以打开，邮箱无法连接imap和smtp

操作系统：macOS
我司的网站需要VPN拨入才能访问，使用Clash后网站可以打开，邮箱无法连接imap和smtp
查看日志发现网页访问有日志信息，但是Apple Mail访问就没有日志信息

Feature Request: 简化局域网规则

请问除了使用IP-CIDR一条一条的添加外，还有什么更简单的方法可以返回局域网流量吗？

Can't open software in windows

I have a go environment and the environment variables are set.

关于 http/https proxy 的问题

看到 readme 中写到有支持，但是在配置文件里加入的时候发现不支持，config/config.go 中也没有看到解析相关配置的代码

Safari 搜索栏有时无响应

Google Duckduckgo 都出现过，输入搜索内容回车后无响应，一小时能遇到两三次。

已经观察了几天，使用 ss-x-ng 完全没有问题。

我这边还有一些错误日志，不知道是否相关

2018/09/02 20:50:25:484  [warning] Proxy connect error: dial tcp 127.0.0.1:4300: connect: connection refused
2018/09/02 20:50:25:488  [warning] Proxy connect error: dial tcp 127.0.0.1:4300: connect: connection refused
2018/09/02 20:50:25:492  [warning] Proxy connect error: dial tcp 127.0.0.1:4300: connect: connection refused
2018/09/02 21:11:58:830  [warning] Proxy connect error: dial tcp 172.217.160.82:443: connect: operation timed out
2018/09/02 21:11:58:831  [warning] Proxy connect error: dial tcp 172.217.160.114:443: connect: operation timed out

macOS Siri&App Store issue

some app can't be download. There are listed as follow:
https://itunes.apple.com/cn/app/spark-love-your-email-again/id1176895641?l=en&mt=12
https://itunes.apple.com/cn/app/toolbox-for-keynote-templates/id582635628?l=en&mt=12
https://itunes.apple.com/cn/app/autodesk-sketchbook/id863486266?l=en&mt=12

I was told: Unexpected Error.We could not complete your purchase.

Even if I change my config to only "FINAL,,DIRECT", it still doesn't work.

Siri would response connection error.

规则区分大小写

发现域名大写就不能被识别了,可以考虑自动转换成小写，或在日志中给出提示

https://github.com/Fndroid/clash_for_windows_pkg/issues/18#issue-381843080

Custom DNS support

support system DNS (/etc/resolv.conf)
a part of the enhanced mode

Mojave Beta6 检察系统更新失败&Siri问题依旧

断开代理后均恢复

Should we use a specify order to rules?

unc (t *Tunnel) configMonitor(signal chan<- struct{}) {
	sub := cfg.Instance().Subscribe()
	signal <- struct{}{}
	for elm := range sub {
		event := elm.(*cfg.Event)
		switch event.Type {
		case "proxies":
			proxies := event.Payload.(map[string]C.Proxy)
			t.configLock.Lock()
			t.proxies = proxies
			t.configLock.Unlock()
		case "rules":
			rules := event.Payload.([]C.Rule)
			t.configLock.Lock()
			t.rules = rules
			t.configLock.Unlock()
		case "mode":
			t.mode = event.Payload.(cfg.Mode)
		case "log-level":
			t.logLevel = event.Payload.(C.LogLevel)
		}
	}
}

here just convert to list ,But if the contents are

  - 'IP-CIDR,172.16.0.0/12,DIRECT,no-resolve'
  - 'IP-CIDR,100.64.0.0/10,DIRECT,no-resolve'
  - 'IP-CIDR,10.0.0.0/8,DIRECT,no-resolve'
  - 'FINAL,,DIRECT'
  - 'DOMAIN-SUFFIX,xxx.com,yyy'

When I visit xxx.com It will match the FINAL rule.

maybe we can specify a order to every match type? then we when read the files, we sort them.

DOMAIN-SUFFIX 1
DOMAIN-KEYWORD 2
IP-CIDR 3
FINAL 4

可能会影响某些dns解析

使用clashx，mojave10.14
开启clashx后，dns解析超时，关闭后可以正常解析。更换114dns后问题解决。
已知有问题的的dns：123.123.123.123（北京联通默认dns）
目前已知网站
huaban.com
chinacdc.com

Support shadowsocks behind http proxy or other proxy, make proxy could be joined into a chain

My company urge us connect to outside network behind a http proxy.
Could clash support proxy chain which would let shadowsocks send its TCP connect through a http proxy.

ipip.net 访问时出现错误日志

网站能正常打开，但是有错误日志：
[warning] Proxy connect error: dial tcp: lookup xpxjhw6j24w8s6md.skt.ipip.net: no such host

Please implement tcp_freebsd.go

I had to copy tcp_freebsd.go -> tcp_freebsd.go and apply the following patch:

+++ proxy/redir/tcp_freebsd.go
@@ -38,7 +38,8 @@ func parserPacket(conn net.Conn) (socks.
 func getorigdst(fd uintptr) (socks.Addr, error) {
        raw := syscall.RawSockaddrInet4{}
        siz := unsafe.Sizeof(raw)
-       if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
+       _, _, err := syscall.Syscall6(syscall.SYS_GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0);
+       if err != 0 {
                return nil, err
        }

Traffic API 区分不同的流量

版本：0.9.1
当前的Traffic API返回的流量统计只有全局流量统计，用户很难判断当前应用流量是走了proxy group还是direct。
希望开发者可以为流量统计添加对应的分组，类似：

{
    "group": [
        {"name":"direct", "up":0, "down":0},
        {"name":"proxyA", "up":0, "down":0},
        {"name":"proxyB", "up":0, "down":0}
    ]
 }

Homebrew support??

Is it possible publish clash to homebrew??

uncompleted clash support on vmess+ws+tls protocol

Problem (Phenomenon) :

If you have a server utilized vmess+ws+tls and set headers parameter in wsSettings section in the server side configuration, the clash would not work properly to connect to this server, in other word, the hand request would be refused by the remote. This problem is not platform specific 'cuz I met them on all three OS platforms, which means whatever clash client (clash core, clashx or clash for win) you use, the problem exists.

Reason (A hypothesis):

In clash local configuration file, there is no place to set headers parameter according to the sample file, neither user-agent nor connectionReuse.

Expectation:

Fully support project-v core features on vmess+ws+tls configuration in clash core if the hypothesis is accepted.

vmess+ws support

It would be great if vmess+ws can be supported in the upcoming version.

托福网站无法打开

网站 https://toefl.etest.net.cn
进入点击中文版时，无法正常打开。
中文版链接本来应为“https://toefl.etest.net.cn/cn”
但开启代理时就会跳转到“https://toefl.etest.net.cnhttp//toefl.etest.net.cn/cn”
开启代理时直接访问中文版链接 https://toefl.etest.net.cn/cn 正常

日志如下

2018/08/15 19:22:40:624 [info] toefl.etest.net.cn match DomainSuffix using DIRECT
2018/08/15 19:22:47:628 [info] toefl.etest.net.cnhttp match FINAL using Proxy

截图如下

socks5 auth support

- { name: "socks", type: socks5, server: server, port: 443, user: 'username', pass: 'password', tls: true, skip-cert-verify: true }

like this?

经过clash代理的ssh无法正常连接，直连正常

如题，我在xshell里设置了clash的http端口和socks端口，均无法正常建立ssh连接。

远程服务器直连正常，所以不是ssh的问题。
代理选择该节点能够正常访问谷歌等网站，且同一个节点使用v2rayn能够正常建立ssh连接，排除节点问题。
另外，通过规则后直连的远程主机能够正常建立ssh连接，通过规则后需要代理的主机则无法建立ssh连接。
使用的是clash for windows 0.4.4，核心使用的是最新dev版本的clash。

Openwrt-x86上运行报错

配置文件dns的fallback字段配置为8.8.4.4，运行出错，提示

panic: runtime error: index out of range

goroutine 75 [running]:
github.com/Dreamacro/clash/dns.(*Resolver).resolveIP(0xc00005cc80, 0xc00018d320, 0xc00015cdd8, 0xc00005cc80, 0xc00015cda0)
	/home/travis/gopath/src/github.com/Dreamacro/clash/dns/client.go:135 +0x2b7
github.com/Dreamacro/clash/dns.(*Resolver).Exchange(0xc00005cc80, 0xc00018d320, 0x0, 0x0, 0x0)
	/home/travis/gopath/src/github.com/Dreamacro/clash/dns/client.go:77 +0x1eb
github.com/Dreamacro/clash/dns.(*Server).ServeDNS(0xc0001543a0, 0x8f8920, 0xc000189b00, 0xc00018d320)
	/home/travis/gopath/src/github.com/Dreamacro/clash/dns/server.go:20 +0x3d
github.com/miekg/dns.(*Server).serveDNS(0xc00001e600, 0xc000189b00)
	/home/travis/gopath/pkg/mod/github.com/miekg/[email protected]/server.go:688 +0x2c1
github.com/miekg/dns.(*Server).serve(0xc00001e600, 0xc000189b00)
	/home/travis/gopath/pkg/mod/github.com/miekg/[email protected]/server.go:573 +0x2d8
github.com/miekg/dns.(*Server).worker(0xc00001e600, 0xc000189b00)
	/home/travis/gopath/pkg/mod/github.com/miekg/[email protected]/server.go:244 +0x4d
created by github.com/miekg/dns.(*Server).spawnWorker
	/home/travis/gopath/pkg/mod/github.com/miekg/[email protected]/server.go:284 +0x86

注释掉fallback字段后正常

Feature request: transparent proxy redirector

thanks :)

https://github.com/ginuerzh/gost/blob/62d92d953a8db5029640992f83d98455a5069259/redirect.go

切换线路浏览器需要重启才能更新

切换到其他线路后浏览器还是使用旧的IP

clashX 的 set as system proxy 选项重新开启无效

重启 clashX app 有效
重启浏览器有效

系统：macOS Mojave
浏览器 Safari, Chrome

support PATCH method for CORS

Since we now have PATCH /configs, could we have PATCH added to the CORS allowed method list?

Currently in v0.10.0, I can see:

# partial of hub/route/server.go
	cors := cors.New(cors.Options{
		AllowedOrigins: []string{"*"},
		AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
		AllowedHeaders: []string{"Content-Type", "Authorization"},
		MaxAge:         300,
	})

Windows下-d参数不能使用绝对路径

参数后的路径似乎会被拼接到当前目录下

请问 IP-CIDR,192.168.5.1/24 这样的规则无法生效是咋回事

日志里根本无法匹配

运行报错

./clash-linux
INFO[0000] Can't find MMDB, start download
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x784846]

goroutine 1 [running]:
github.com/Dreamacro/clash/config.parseDNS(0x0, 0xc00019c3c0, 0x4, 0x4)
/home/travis/gopath/src/github.com/Dreamacro/clash/config/config.go:391 +0x26
github.com/Dreamacro/clash/config.Parse(0xc00027e000, 0x24, 0x19, 0x887bb3, 0xa)
/home/travis/gopath/src/github.com/Dreamacro/clash/config/config.go:133 +0x142
github.com/Dreamacro/clash/hub/executor.ParseWithPath(0xc00027e000, 0x24, 0x24, 0x8f0340, 0x10)
/home/travis/gopath/src/github.com/Dreamacro/clash/hub/executor/executor.go:20 +0x35
github.com/Dreamacro/clash/hub/executor.Parse(0x10, 0x10, 0x8)
/home/travis/gopath/src/github.com/Dreamacro/clash/hub/executor/executor.go:15 +0x45
github.com/Dreamacro/clash/hub.Parse(0xc000020220, 0x19)
/home/travis/gopath/src/github.com/Dreamacro/clash/hub/hub.go:10 +0x26
main.main()
/home/travis/gopath/src/github.com/Dreamacro/clash/main.go:39 +0x8b

系统:deepin15.8
请问这错误是软件自身问题还是与系统有关，该如何解决？

Documentations for REST API

I'm developing a proxy tool for GNU/Linux based on Clash, which would call the REST API.

Currently, I could know about the API by reading source codes, but it will be better if there're some documentations.

Restful API fetch 跨域失败

Clash 版本：v0.8.1
平台： macOS 10.14

当开启 secret 后使用 fetch 请求 /configs 时需要预检请求 OPTIONS ，该请求未返回 Access-Control-Allow-Origin 头导致跨域失败。

fetch 请求

fetch 代码

但是使用 xhr 请求却成功返回了相应的跨域头

xhr 代码

能否在Proxy Group中写 direct 规则

有些国内域名希望可以选择是代理还是直连

windows chrome 使用 switchyomega 插件时内存上涨导致标签页崩溃

这问题已经在这里讨论过
https://github.com/Fndroid/clash_for_windows_pkg/issues/11
最后发现是reject规则导致页面崩溃

Docker for Mac上，DNS在主机上没法访问

在macOS上，使用docker启动clash，dns无法访问，命令是

docker run -d --name=clash --restart=always -p 7890:7890 -p 7891:7891 -p 7892:7892 -p 53:53/udp -v /Users/t.l/Google\ 云端硬盘/Services/clash/config.yml:/root/.config/clash/config.yml dreamacro/clash

clash 的 http 代理功能和部分 PHP 实现不兼容

以下代码在 privoxy 和 Brup Suite 提供的 HTTP代理下均可正常工作 (将 clash socks 设为上级代理)
但是在 clash 提供的 HTTP代理下，clash疑似会卡到连接超时为止。

<?php

$fileUrl = 'http://repo.packagist.org/packages.json';

$options = array (
  'http' => 
  array (
    'follow_location' => 0,
    'max_redirects' => 20,
    'proxy' => 'tcp://127.0.0.1:8888',
    'request_fulluri' => true,
    'protocol_version' => 1.1,
    'header' => 
    array (
      0 => 'Accept-Encoding: gzip',
      1 => 'Connection: close',
      2 => 'User-Agent: Composer/source (Windows NT; 10.0; PHP 7.2.12)',
    ),
    'ignore_errors' => true,
  )
);

$context = stream_context_create($options);

$result = file_get_contents($fileUrl, false, $context);

echo zlib_decode($result);

自定义规则部分去掉减号

自定义规则的部分，开头有个横线。我知道这是yaml的语法规则，但是从ss/surge等应用导入规则就会太麻烦了，多了甚至只能用脚本处理。能否也支持没有横线开头的配置文件，直接粘贴过来就能用了，对通用性来说很有必要。

规则支持从文件读取

比如domain proxy 这种的规则，有可能是非常多的，如果全写在默认的配置文件中，显得有点太重了，维护不够方便。希望能像SpechtLite那样，支持从文件中读取规则

	type configSchema struct {
	Port *int `json:"port"`
	SocksPort *int `json:"socket-port"`
	RedirPort *int `json:"redir-port"`
	AllowLan *bool `json:"allow-lan"`
	Mode *T.Mode `json:"mode"`
	LogLevel *log.LogLevel `json:"log-level"`
	}

	func patchConfigs(w http.ResponseWriter, r *http.Request) {
	general := &configSchema{}
	if err := render.DecodeJSON(r.Body, general); err != nil {
	render.Status(r, http.StatusBadRequest)
	render.JSON(w, r, ErrBadRequest)
	return
	}