A simple Python Pydantic model for Honkai: Star Rail parsed data from the Mihomo API.
Find a file
2021-07-27 02:38:41 +08:00
.github Fix: fix yaml syntax 2021-07-03 22:41:31 +08:00
adapter Style: code style 2021-07-09 02:19:43 +08:00
common Refactor: plain http proxy (#1443) 2021-06-15 17:13:40 +08:00
component Code: refresh code 2021-07-01 22:49:29 +08:00
config Merge from remote branch 2021-07-07 03:53:32 +08:00
constant Merge from remote branch 2021-07-07 03:53:32 +08:00
context Refactor: plain http proxy (#1443) 2021-06-15 17:13:40 +08:00
dns Feature: support multiport condition for rule SRC-PORT and DST-PORT 2021-07-06 15:07:05 +08:00
docs Update: README.md logo and badges 2018-06-23 00:44:28 +08:00
hub Style: code style 2021-07-09 02:19:43 +08:00
listener Fix: error var name 2021-07-27 02:38:41 +08:00
log Code: refresh code 2021-07-01 22:49:29 +08:00
rule Style: code style 2021-07-09 02:19:43 +08:00
test Style: code style 2021-06-10 14:05:56 +08:00
transport Feature: add xtls support for VLESS 2021-07-06 23:55:34 +08:00
tunnel Merge from remote branch 2021-07-07 03:53:32 +08:00
.gitignore Optimization: socks UDP & fix typo (#261) 2019-08-12 14:01:32 +08:00
Dockerfile Chore: standardized Dockerfile label (#1191) 2021-01-20 16:08:24 +08:00
go.mod Feature: add xtls support for VLESS 2021-07-06 23:55:34 +08:00
go.sum Feature: add xtls support for VLESS 2021-07-06 23:55:34 +08:00
LICENSE License: use GPL 3.0 2019-10-18 11:12:35 +08:00
main.go Code: refresh code 2021-07-01 22:49:29 +08:00
Makefile Code: refresh code 2021-07-01 22:49:29 +08:00
README.md Style: code style 2021-07-09 02:19:43 +08:00

Clash
Clash

A rule-based tunnel in Go.

Github Actions

Features

  • Local HTTP/HTTPS/SOCKS server with authentication support
  • VMess, Shadowsocks, Trojan, Snell protocol support for remote connections
  • Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.
  • Rules based off domains, GEOIP, IP CIDR or ports to forward packets to different nodes
  • Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select node based off latency
  • Remote providers, allowing users to get node lists remotely instead of hardcoding in config
  • Netfilter TCP redirecting. Deploy Clash on your Internet gateway with iptables.
  • Comprehensive HTTP RESTful API controller

Getting Started

Documentations are now moved to GitHub Wiki.

Advanced usage for this fork branch

TUN configuration

Support macOS,Linux and Windows.

For Windows, you should download the Wintun driver and copy wintun.dll into the System32 directory.

# Enable the TUN listener
tun:
  enable: true
  stack: system # system or gvisor
  dns-listen: 0.0.0.0:53 # additional dns server listen on TUN
  auto-route: true # auto set global route

Rules configuration

  • Support rule GEOSITE.
  • Support multiport condition for rule SRC-PORT and DST-PORT.
  • Support not match condition for rule GEOIP.
  • Support network condition for all rules.

The GEOSITE and GEOIP databases via https://github.com/Loyalsoldier/v2ray-rules-dat.

rules:
  # network condition for rules
  - DOMAIN-SUFFIX,bilibili.com,DIRECT,tcp
  - DOMAIN-SUFFIX,bilibili.com,REJECT,udp
    
  # multiport condition for rules SRC-PORT and DST-PORT
  - DST-PORT,123/136/137-139,DIRECT,udp
  
  # rule GEOSITE
  - GEOSITE,category-ads-all,REJECT
  - GEOSITE,icloud@cn,DIRECT
  - GEOSITE,apple@cn,DIRECT
  - GEOSITE,apple-cn,DIRECT
  - GEOSITE,microsoft@cn,DIRECT
  - GEOSITE,facebook,PROXY
  - GEOSITE,youtube,PROXY
  - GEOSITE,geolocation-cn,DIRECT
  - GEOSITE,gfw,PROXY
  - GEOSITE,greatfire,PROXY
  #- GEOSITE,geolocation-!cn,PROXY

  - GEOIP,telegram,PROXY,no-resolve
  - GEOIP,private,DIRECT,no-resolve
  - GEOIP,cn,DIRECT
    
  # Not match condition for rule GEOIP
  #- GEOIP,!cn,PROXY

  - MATCH,PROXY

Proxies configuration

Support outbound transport protocol VLESS.

The XTLS only support TCP transport by the XRAY-CORE.

proxies:
  - name: "vless-tcp"
    type: vless
    server: server
    port: 443
    uuid: uuid
    network: tcp
    servername: example.com # AKA SNI
    # udp: true
    # flow: xtls-rprx-direct # xtls-rprx-origin  # enable XTLS
    # skip-cert-verify: true
    
  - name: "vless-ws"
    type: vless
    server: server
    port: 443
    uuid: uuid
    udp: true
    network: ws
    servername: example.com # priority over wss host
    # skip-cert-verify: true
    ws-path: /path
    ws-headers:
      Host: example.com

  - name: "vless-h2"
    type: vless
    server: server
    port: 443
    uuid: uuid
    network: h2
    servername: example.com
    # skip-cert-verify: true
    h2-opts:
      host:
        - http.example.com
        - http-alt.example.com
      path: /

  - name: "vless-http"
    type: vless
    server: server
    port: 443
    uuid: uuid
    # udp: true
    network: http
    servername: example.com
    # skip-cert-verify: true
    http-opts:
      method: "GET"
      path:
        - '/'
        - '/video'
      headers:
        Connection:
          - keep-alive

  - name: vless-grpc
    server: server
    port: 443
    type: vless
    uuid: uuid
    network: grpc
    servername: example.com
    # skip-cert-verify: true
    grpc-opts:
      grpc-service-name: "example"

IPTABLES auto-configuration

Only work on Linux OS who support iptables, Clash will auto-configuration iptables for tproxy listener when tproxy-port value isn't zero.

If TPROXY is enabled, the TUN must be disabled.

# Enable the TPROXY listener
tproxy-port: 9898
# Disable the TUN listener
tun:
  enable: false

Create user given name clash.

Run Clash by user clash as a daemon.

Create the systemd configuration file at /etc/systemd/system/clash.service:

[Unit]
Description=Clash daemon, A rule-based proxy in Go.
After=network.target

[Service]
Type=simple
User=clash
Group=clash
CapabilityBoundingSet=cap_net_admin
AmbientCapabilities=cap_net_admin
Restart=always
ExecStart=/usr/local/bin/clash -d /etc/clash

[Install]
WantedBy=multi-user.target

Launch clashd on system startup with:

$ systemctl enable clash

Launch clashd immediately with:

$ systemctl start clash

Display Process name

Add field Process to Metadata and prepare to get process name for Restful API GET /connections.

To display process name in GUI please use https://yaling888.github.io/yacd/.

Premium Release

Release

Development

If you want to build an application that uses clash as a library, check out the the GitHub Wiki

Credits

License

This software is released under the GPL-3.0 license.

FOSSA Status

TODO

  • Complementing the necessary rule operators
  • Redir proxy
  • UDP support
  • Connection manager