Shikong/Clash.Meta
1
0
Fork 0
mirror of https://gitclone.com/github.com/MetaCubeX/Clash.Meta synced 2024-11-15 13:41:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,153 Commits 1 Branch 71 Tags 35 MiB
Go 90.3%
C 9.3%
Makefile 0.2%
80764217c2
Go to file
Skyxim 80764217c2 feat: add domain list for sniffer, reverse force logic 
when force is false, if domain in the list, will force replace
when force is true, if sniff domain in the list, will skip it
2022-04-16 08:21:31 +08:00
.github/workflows Revert "Add docker workflow" 2022-04-07 10:24:23 +08:00
adapter feat: support http headers 2022-04-14 13:07:39 +08:00
common Refactor: queue use generics 2022-04-12 18:44:13 +08:00
component feat: add domain list for sniffer, reverse force logic 2022-04-16 08:21:31 +08:00
config feat: add domain list for sniffer, reverse force logic 2022-04-16 08:21:31 +08:00
constant Update metadata.go 2022-04-10 00:47:22 +08:00
context feat: sniffer support 2022-04-09 22:30:36 +08:00
dns chore: update dependencies 2022-04-13 02:32:55 +08:00
docs Update: README.md logo and badges 2018-06-23 00:44:28 +08:00
hub feat: add domain list for sniffer, reverse force logic 2022-04-16 08:21:31 +08:00
listener Chore: adjust ipstack 2022-04-13 02:20:53 +08:00
log 1.fix module package 2022-03-18 02:35:15 +08:00
rule chore:merge & adjust code 2022-04-12 20:20:04 +08:00
test Merge remote-tracking branch 'Pro-Plus/with-tun' into Alpha 2022-03-30 13:15:45 +08:00
transport fix: trojan fail may panic 2022-04-12 18:43:55 +08:00
tunnel feat: add domain list for sniffer, reverse force logic 2022-04-16 08:21:31 +08:00
.gitignore modify gitignore 2022-01-21 22:39:00 +08:00
.golangci.yaml Fix: retry create TUN on Windows 2022-03-20 21:27:33 +08:00
Dockerfile Revert "Add docker workflow" 2022-04-07 10:24:23 +08:00
go.mod chore: update dependencies 2022-04-13 02:32:55 +08:00
go.sum chore: update dependencies 2022-04-13 02:32:55 +08:00
LICENSE License: use GPL 3.0 2019-10-18 11:12:35 +08:00
main.go Merge remote-tracking branch 'Pro-Plus/with-tun' into Alpha 2022-03-30 13:15:45 +08:00
Makefile [SKIP CI] 2022-03-23 13:23:34 +08:00
Meta.png [readme] 2021-12-09 17:54:53 +08:00
README.md Fix systemd service 2022-03-29 14:50:12 +08:00

README.md

Meta Kennel
Meta Kernel

Another Clash Kernel.

Features

  • Local HTTP/HTTPS/SOCKS server with authentication support
  • VMess, Shadowsocks, Trojan, Snell protocol support for remote connections
  • Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.
  • Rules based off domains, GEOIP, IPCIDR or Process to forward packets to different nodes
  • Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select node based off latency
  • Remote providers, allowing users to get node lists remotely instead of hardcoding in config
  • Netfilter TCP redirecting. Deploy Clash on your Internet gateway with iptables.
  • Comprehensive HTTP RESTful API controller

Getting Started

Documentations are now moved to GitHub Wiki.

Advanced usage for this branch

DNS configuration

Support geosite with fallback-filter.

Restore Redir remote resolution.

Support resolve ip with a Proxy Tunnel.

proxy-groups:

  - name: DNS
    type: url-test
    use:
      - HK
    url: http://cp.cloudflare.com
    interval: 180
    lazy: true

dns:
  enable: true
  use-hosts: true
  ipv6: false
  enhanced-mode: redir-host
  fake-ip-range: 198.18.0.1/16
  listen: 127.0.0.1:6868
  default-nameserver:
    - 119.29.29.29
    - 114.114.114.114
  nameserver:
    - https://doh.pub/dns-query
    - tls://223.5.5.5:853
  fallback:
    - 'https://1.0.0.1/dns-query#DNS'  # append the proxy adapter name or group name to the end of DNS URL with '#' prefix.
    - 'tls://8.8.4.4:853#DNS'
  fallback-filter:
    geoip: false
    geosite:
      - gfw  # `geosite` filter only use fallback server to resolve ip, prevent DNS leaks to unsafe DNS providers.
    domain:
      - +.example.com
    ipcidr:
      - 0.0.0.0/32

TUN configuration

Supports macOS, Linux and Windows.

Built-in Wintun driver.

# Enable the TUN listener
tun:
  enable: true
  stack: gvisor #  only gvisor
  dns-hijack: 
    - 0.0.0.0:53 # additional dns server listen on TUN
  auto-route: true # auto set global route

Rules configuration

  • Support rule GEOSITE.
  • Support rule-providers RULE-SET.
  • Support multiport condition for rule SRC-PORT and DST-PORT.
  • Support network condition for all rules.
  • Support source IPCIDR condition for all rules, just append to the end.
  • The GEOSITE databases via https://github.com/Loyalsoldier/v2ray-rules-dat.
rules:

  # network(tcp/udp) condition for all rules
  - DOMAIN-SUFFIX,bilibili.com,DIRECT,tcp
  - DOMAIN-SUFFIX,bilibili.com,REJECT,udp
    
  # multiport condition for rules SRC-PORT and DST-PORT
  - DST-PORT,123/136/137-139,DIRECT,udp
  
  # rule GEOSITE
  - GEOSITE,category-ads-all,REJECT
  - GEOSITE,icloud@cn,DIRECT
  - GEOSITE,apple@cn,DIRECT
  - GEOSITE,apple-cn,DIRECT
  - GEOSITE,microsoft@cn,DIRECT
  - GEOSITE,facebook,PROXY
  - GEOSITE,youtube,PROXY
  - GEOSITE,geolocation-cn,DIRECT
  - GEOSITE,geolocation-!cn,PROXY
    
  # source IPCIDR condition for all rules in gateway proxy
  #- GEOSITE,geolocation-!cn,REJECT,192.168.1.88/32,192.168.1.99/32

  - GEOIP,telegram,PROXY,no-resolve
  - GEOIP,private,DIRECT,no-resolve
  - GEOIP,cn,DIRECT
  
  - MATCH,PROXY

Proxies configuration

Active health detection urltest / fallback (based on tcp handshake, multiple failures within a limited time will actively trigger health detection to use the node)

Support Policy Group Filter

proxy-groups:

  - name: 🚀 HK Group
    type: select
    use:
      - ALL
    filter: 'HK'

  - name: 🚀 US Group
    type: select
    use:
      - ALL
    filter: 'US'

proxy-providers:
  ALL:
    type: http
    url: "xxxxx"
    interval: 3600
    path: "xxxxx"
    health-check:
      enable: true
      interval: 600
      url: http://www.gstatic.com/generate_204

Support outbound transport protocol VLESS.

The XTLS support (TCP/UDP) transport by the XRAY-CORE.

proxies:
  - name: "vless"
    type: vless
    server: server
    port: 443
    uuid: uuid
    servername: example.com # AKA SNI
    # flow: xtls-rprx-direct # xtls-rprx-origin  # enable XTLS
    # skip-cert-verify: true
    
  - name: "vless-ws"
    type: vless
    server: server
    port: 443
    uuid: uuid
    tls: true
    udp: true
    network: ws
    servername: example.com # priority over wss host
    # skip-cert-verify: true
    ws-opts:
      path: /path
      headers: { Host: example.com, Edge: "12a00c4.fm.huawei.com:82897" }

  - name: "vless-grpc"
    type: vless
    server: server
    port: 443
    uuid: uuid
    tls: true
    udp: true
    network: grpc
    servername: example.com # priority over wss host
    # skip-cert-verify: true
    grpc-opts: 
      grpc-service-name: grpcname

IPTABLES configuration

Work on Linux OS who's supported iptables

# Enable the TPROXY listener
tproxy-port: 9898

iptables:
  enable: true # default is false
  inbound-interface: eth0 # detect the inbound interface, default is 'lo'

General installation guide for Linux

  • Create user given name clash-meta

  • Download and decompress pre-built binaries from releases

  • Rename executable file to Clash-Meta and move to /usr/local/bin/

  • Create folder /etc/Clash-Meta/ as working directory

Run Meta Kernel by user clash-meta as a daemon.

Create the systemd configuration file at /etc/systemd/system/Clash-Meta.service:

[Unit]
Description=Clash-Meta Daemon, Another Clash Kernel.
After=network.target NetworkManager.service systemd-networkd.service iwd.service

[Service]
Type=simple
User=clash-meta
Group=clash-meta
LimitNPROC=500
LimitNOFILE=1000000
CapabilityBoundingSet=cap_net_admin
AmbientCapabilities=cap_net_admin
Restart=always
ExecStartPre=/usr/bin/sleep 1s
ExecStart=/usr/local/bin/Clash-Meta -d /etc/Clash-Meta

[Install]
WantedBy=multi-user.target

Launch clashd on system startup with:

$ systemctl enable Clash-Meta

Launch clashd immediately with:

$ systemctl start Clash-Meta

Display Process name

Clash add field Process to Metadata and prepare to get process name for Restful API GET /connections.

To display process name in GUI please use Dashboard For Meta.

img.png

Development

If you want to build an application that uses clash as a library, check out the the GitHub Wiki

Credits

License

This software is released under the GPL-3.0 license.

FOSSA Status