test: Singbox内核定期释放TCP会话列表内存

test: Singbox内核删除用户时尝试关闭该用户所有TCP会话
fix docker build
2026-02-04 12:40:11 +00:00 · 2025-03-06 15:57:56 +09:00 · 2025-03-05 19:54:06 +09:00 · 2025-03-04 21:53:05 +09:00 · 2025-03-04 21:28:24 +09:00 · 2025-03-04 19:08:18 +08:00
11 changed files with 211 additions and 59 deletions
--- a/.github/workflows/Publish
+++ b/.github/workflows/Publish
@@ -1,4 +1,5 @@
 name: Publish Docker image
+
 on:
  workflow_dispatch:
  release:
@@ -6,6 +7,7 @@ on:
  pull_request:
    branches:
      - 'dev_new'
+
 env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository_owner }}/v2bx
@@ -20,40 +22,51 @@ jobs:
          - linux/amd64
          - linux/arm64
    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV  
+
      - name: Checkout
        uses: actions/checkout@v4
+      
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Build and push by digest
        id: build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
-          context: .
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.meta.outputs.labels }}
          outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
+
      - name: Export digest
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
-          touch "/tmp/digests/${digest#sha256:}"          
+          echo "${digest#sha256:}" > "/tmp/digests/${digest#sha256:}"
+  
      - name: Upload digest
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: digests
+          name: digests-${{ env.PLATFORM_PAIR }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1
@@ -64,31 +77,37 @@ jobs:
      - build
    steps:
      - name: Download digests
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
        with:
-          name: digests
          path: /tmp/digests
+          pattern: digests-*
+          merge-multiple: true
+     
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
+          
      - name: Create manifest list and push
-        working-directory: /tmp/digests
        run: |
-          ls -al
-          echo docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) 
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+          cd /tmp/digests
+          tags=$(echo '${{ steps.meta.outputs.json }}' | jq -cr '.tags | map("-t " + .) | join(" ")')
+          images=$(printf "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s " $(find . -type f -exec cat {} \;))
+          echo "Creating manifest with tags: $tags"
+          echo "Using images: $images"
+          docker buildx imagetools create $tags $images
+          
      - name: Inspect image
        run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,14 +10,14 @@ on:
      - "**/*.go"
      - "go.mod"
      - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/release.yml"
  pull_request:
    types: [opened, synchronize, reopened]
    paths:
      - "**/*.go"
      - "go.mod"
      - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/release.yml"
  release:
    types: [published]

--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # Build go
-FROM golang:1.23.2-alpine AS builder
+FROM golang:1.24.1-alpine AS builder
 WORKDIR /app
 COPY . .
 ENV CGO_ENABLED=0
--- a/core/hy2/config.go
+++ b/core/hy2/config.go
@@ -18,6 +18,8 @@ import (
 	"github.com/apernet/hysteria/extras/v2/masq"
 	"github.com/apernet/hysteria/extras/v2/obfs"
 	"github.com/apernet/hysteria/extras/v2/outbounds"
+	"github.com/apernet/hysteria/extras/v2/sniff"
+	eUtils "github.com/apernet/hysteria/extras/v2/utils"
 	"go.uber.org/zap"
 )

@@ -161,6 +163,29 @@ func (n *Hysteria2node) getBandwidthConfig(info *panel.NodeInfo) *server.Bandwid
 	return band
 }

+func (n *Hysteria2node) getRequestHook(c *serverConfig) (server.RequestHook, error) {
+	if c.Sniff.Enable {
+		s := &sniff.Sniffer{
+			Timeout:       c.Sniff.Timeout,
+			RewriteDomain: c.Sniff.RewriteDomain,
+		}
+		if c.Sniff.TCPPorts != "" {
+			s.TCPPorts = eUtils.ParsePortUnion(c.Sniff.TCPPorts)
+			if s.TCPPorts == nil {
+				return nil, fmt.Errorf("sniff.tcpPorts: invalid port union")
+			}
+		}
+		if c.Sniff.UDPPorts != "" {
+			s.UDPPorts = eUtils.ParsePortUnion(c.Sniff.UDPPorts)
+			if s.UDPPorts == nil {
+				return nil, fmt.Errorf("sniff.udpPorts: invalid port union")
+			}
+		}
+		return s, nil
+	}
+	return nil, nil
+}
+
 func (n *Hysteria2node) getOutboundConfig(c *serverConfig) (server.Outbound, error) {
 	// Resolver, ACL, actual outbound are all implemented through the Outbound interface.
 	// Depending on the config, we build a chain like this:
@@ -368,6 +393,10 @@ func (n *Hysteria2node) getHyConfig(info *panel.NodeInfo, config *conf.Options,
 	if err != nil {
 		return nil, err
 	}
+	sniff, err := n.getRequestHook(c)
+	if err != nil {
+		return nil, err
+	}
 	Outbound, err := n.getOutboundConfig(c)
 	if err != nil {
 		return nil, err
@@ -380,6 +409,7 @@ func (n *Hysteria2node) getHyConfig(info *panel.NodeInfo, config *conf.Options,
 		TLSConfig:             *tls,
 		QUICConfig:            *quic,
 		Conn:                  conn,
+		RequestHook:           sniff,
 		Outbound:              Outbound,
 		BandwidthConfig:       *n.getBandwidthConfig(info),
 		IgnoreClientBandwidth: info.Hysteria2.Ignore_Client_Bandwidth,
--- a/core/hy2/serverConfig.go
+++ b/core/hy2/serverConfig.go
@@ -17,10 +17,12 @@ type serverConfig struct {
 	QUIC                  serverConfigQUIC            `mapstructure:"quic"`
 	Bandwidth             serverConfigBandwidth       `mapstructure:"bandwidth"`
 	IgnoreClientBandwidth bool                        `mapstructure:"ignoreClientBandwidth"`
+	SpeedTest             bool                        `mapstructure:"speedTest"`
 	DisableUDP            bool                        `mapstructure:"disableUDP"`
 	UDPIdleTimeout        time.Duration               `mapstructure:"udpIdleTimeout"`
 	Auth                  serverConfigAuth            `mapstructure:"auth"`
 	Resolver              serverConfigResolver        `mapstructure:"resolver"`
+	Sniff                 serverConfigSniff           `mapstructure:"sniff"`
 	ACL                   serverConfigACL             `mapstructure:"acl"`
 	Outbounds             []serverConfigOutboundEntry `mapstructure:"outbounds"`
 	TrafficStats          serverConfigTrafficStats    `mapstructure:"trafficStats"`
@@ -112,6 +114,14 @@ type serverConfigResolver struct {
 	HTTPS serverConfigResolverHTTPS `mapstructure:"https"`
 }

+type serverConfigSniff struct {
+	Enable        bool          `mapstructure:"enable"`
+	Timeout       time.Duration `mapstructure:"timeout"`
+	RewriteDomain bool          `mapstructure:"rewriteDomain"`
+	TCPPorts      string        `mapstructure:"tcpPorts"`
+	UDPPorts      string        `mapstructure:"udpPorts"`
+}
+
 type serverConfigACL struct {
 	File              string        `mapstructure:"file"`
 	Inline            []string      `mapstructure:"inline"`
--- a/core/sing/hook.go
+++ b/core/sing/hook.go
@@ -5,9 +5,11 @@ import (
 	"fmt"
 	"net"
 	"sync"
+	"time"

 	"github.com/InazumaV/V2bX/common/format"
 	"github.com/InazumaV/V2bX/common/rate"
+	"github.com/InazumaV/V2bX/common/task"

 	"github.com/InazumaV/V2bX/limiter"

@@ -19,8 +21,15 @@ import (

 var _ adapter.ConnectionTracker = (*HookServer)(nil)

+type ConnEntry struct {
+	Conn      net.Conn
+	Timestamp time.Time
+}
+
 type HookServer struct {
-	counter sync.Map
+	counter  sync.Map //map[string]*counter.TrafficCounter
+	userconn sync.Map //map[string][]*ConnEntry
+	Cleanup  *task.Task
 }

 func (h *HookServer) ModeList() []string {
@@ -29,7 +38,12 @@ func (h *HookServer) ModeList() []string {

 func NewHookServer() *HookServer {
 	server := &HookServer{
-		counter: sync.Map{},
+		counter:  sync.Map{},
+		userconn: sync.Map{},
+	}
+	server.Cleanup = &task.Task{
+		Interval: 5 * time.Minute,
+		Execute:  server.CleanupOldConnections,
 	}
 	return server
 }
@@ -40,8 +54,9 @@ func (h *HookServer) RoutedConnection(_ context.Context, conn net.Conn, m adapte
 		log.Warn("get limiter for ", m.Inbound, " error: ", err)
 		return conn
 	}
+	taguuid := format.UserTag(m.Inbound, m.User)
 	ip := m.Source.Addr.String()
-	if b, r := l.CheckLimit(format.UserTag(m.Inbound, m.User), ip, true, true); r {
+	if b, r := l.CheckLimit(taguuid, ip, true, true); r {
 		conn.Close()
 		log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")
 		return conn
@@ -70,13 +85,31 @@ func (h *HookServer) RoutedConnection(_ context.Context, conn net.Conn, m adapte
 			}
 		}
 	}
-	if c, ok := h.counter.Load(m.Inbound); ok {
-		return counter.NewConnCounter(conn, c.(*counter.TrafficCounter).GetCounter(m.User))
+	var t *counter.TrafficCounter
+	if c, ok := h.counter.Load(m.Inbound); !ok {
+		t = counter.NewTrafficCounter()
+		h.counter.Store(m.Inbound, t)
 	} else {
-		c := counter.NewTrafficCounter()
-		h.counter.Store(m.Inbound, c)
-		return counter.NewConnCounter(conn, c.GetCounter(m.User))
+		t = c.(*counter.TrafficCounter)
 	}
+
+	conn = counter.NewConnCounter(conn, t.GetCounter(m.User))
+	entry := &ConnEntry{
+		Conn:      conn,
+		Timestamp: time.Now(),
+	}
+	if conns, exist := h.userconn.Load(taguuid); exist {
+		if connList, ok := conns.([]*ConnEntry); ok {
+			h.userconn.Store(taguuid, append(connList, entry))
+		} else {
+			h.userconn.Delete(taguuid)
+			h.userconn.Store(taguuid, []*ConnEntry{entry})
+		}
+	} else {
+		h.userconn.Store(taguuid, []*ConnEntry{entry})
+	}
+
+	return conn
 }

 func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn, m adapter.InboundContext, _ adapter.Rule, _ adapter.Outbound) N.PacketConn {
@@ -86,7 +119,8 @@ func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn
 		return conn
 	}
 	ip := m.Source.Addr.String()
-	if b, r := l.CheckLimit(format.UserTag(m.Inbound, m.User), ip, false, false); r {
+	taguuid := format.UserTag(m.Inbound, m.User)
+	if b, r := l.CheckLimit(taguuid, ip, false, false); r {
 		conn.Close()
 		log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")
 		return conn
@@ -115,11 +149,63 @@ func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn
 			}
 		}
 	}
-	if c, ok := h.counter.Load(m.Inbound); ok {
-		return counter.NewPacketConnCounter(conn, c.(*counter.TrafficCounter).GetCounter(m.User))
+	var t *counter.TrafficCounter
+	if c, ok := h.counter.Load(m.Inbound); !ok {
+		t = counter.NewTrafficCounter()
+		h.counter.Store(m.Inbound, t)
 	} else {
-		c := counter.NewTrafficCounter()
-		h.counter.Store(m.Inbound, c)
-		return counter.NewPacketConnCounter(conn, c.GetCounter(m.User))
+		t = c.(*counter.TrafficCounter)
 	}
+	conn = counter.NewPacketConnCounter(conn, t.GetCounter(m.User))
+	return conn
+}
+
+func (h *HookServer) CloseConnections(tag string, uuids []string) error {
+	for _, uuid := range uuids {
+		taguuid := format.UserTag(tag, uuid)
+		v, ok := h.userconn.Load(taguuid)
+		if !ok {
+			continue
+		}
+		connList, ok := v.([]*ConnEntry)
+		if !ok {
+			h.userconn.Delete(taguuid)
+			continue
+		}
+
+		for _, entry := range connList {
+			err := entry.Conn.Close()
+			if err != nil {
+				log.Error("close conn error: ", err)
+			}
+		}
+		h.userconn.Delete(taguuid)
+	}
+	return nil
+}
+
+func (h *HookServer) CleanupOldConnections() error {
+	expiredTime := time.Now().Add(-time.Minute * 30)
+	h.userconn.Range(func(key, value interface{}) bool {
+		connList, ok := value.([]*ConnEntry)
+		if !ok {
+			h.userconn.Delete(key)
+			return true
+		}
+
+		var activeConns []*ConnEntry
+		for _, entry := range connList {
+			if entry.Timestamp.After(expiredTime) {
+				activeConns = append(activeConns, entry)
+			}
+		}
+
+		if len(activeConns) == 0 {
+			h.userconn.Delete(key)
+		} else {
+			h.userconn.Store(key, activeConns)
+		}
+		return true
+	})
+	return nil
 }
--- a/core/sing/sing.go
+++ b/core/sing/sing.go
@@ -83,6 +83,7 @@ func New(c *conf.CoreConfig) (vCore.Core, error) {
 }

 func (b *Sing) Start() error {
+	b.hookServer.Cleanup.Start(false)
 	return b.box.Start()
 }

--- a/core/sing/user.go
+++ b/core/sing/user.go
@@ -138,5 +138,9 @@ func (b *Sing) DelUsers(users []panel.UserInfo, tag string, info *panel.NodeInfo
 	if err != nil {
 		return err
 	}
+	err = b.hookServer.CloseConnections(tag, uuids)
+	if err != nil {
+		return err
+	}
 	return nil
 }
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
 module github.com/InazumaV/V2bX

-go 1.23
+go 1.24

-toolchain go1.23.2
+toolchain go1.24.0

 require (
 	github.com/apernet/hysteria/core/v2 v2.6.1
@@ -20,9 +20,9 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
-	github.com/xtls/xray-core v1.8.25-0.20250207135752-1d9e6bc2f376
+	github.com/xtls/xray-core v1.8.25-0.20250303153022-e15dff94b5bd
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.32.0
+	golang.org/x/crypto v0.35.0
 	golang.org/x/sys v0.30.0
 	google.golang.org/protobuf v1.36.5
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
@@ -110,7 +110,7 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
@@ -189,7 +189,7 @@ require (
 	github.com/pquerna/otp v1.4.0 // indirect
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/quic-go/qtls-go1-20 v0.4.1 // indirect
-	github.com/quic-go/quic-go v0.49.0 // indirect
+	github.com/quic-go/quic-go v0.50.0 // indirect
 	github.com/refraction-networking/utls v1.6.7 // indirect
 	github.com/regfish/regfish-dnsapi-go v0.1.1 // indirect
 	github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
@@ -265,10 +265,10 @@ require (
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
 	golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
 	golang.org/x/time v0.8.0 // indirect
 	golang.org/x/tools v0.28.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
@@ -283,7 +283,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gvisor.dev/gvisor v0.0.0-20240320123526-dc6abceb7ff0 // indirect
-	lukechampine.com/blake3 v1.3.0 // indirect
+	lukechampine.com/blake3 v1.4.0 // indirect
 )

 //replace github.com/sagernet/sing-box v1.12.0 => /root/sing-box_mod
--- a/go.sum
+++ b/go.sum
@@ -412,8 +412,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
@@ -825,8 +825,8 @@ github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
 github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
 github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs=
 github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.49.0 h1:w5iJHXwHxs1QxyBv1EHKuC50GX5to8mJAxvtnttJp94=
-github.com/quic-go/quic-go v0.49.0/go.mod h1:s2wDnmCdooUQBmQfpUSTCYBl1/D4FcqbULMMkASvR6s=
+github.com/quic-go/quic-go v0.50.0 h1:3H/ld1pa3CYhkcc20TPIyG1bNsdhn9qZBGN3b9/UyUo=
+github.com/quic-go/quic-go v0.50.0/go.mod h1:Vim6OmUvlYdwBhXP9ZVrtGmCMWa3wEqhq3NgYrI8b4E=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
@@ -1032,8 +1032,8 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xtls/reality v0.0.0-20240909153216-e26ae2305463 h1:g1Cj7d+my6k/HHxLAyxPwyX8i7FGRr6ulBDMkBzg2BM=
 github.com/xtls/reality v0.0.0-20240909153216-e26ae2305463/go.mod h1:BjIOLmkEEtAgloAiVUcYj0Mt+YU00JARZw8AEU0IwAg=
-github.com/xtls/xray-core v1.8.25-0.20250207135752-1d9e6bc2f376 h1:SPt2MsGu7GBdpWH5dY+c/NrHk5GtJm3vTqTMIH6X3qs=
-github.com/xtls/xray-core v1.8.25-0.20250207135752-1d9e6bc2f376/go.mod h1:3CIiFGvfTn/V7FKXz8j79ynHkf6QcTFOWLuQgfEQi2U=
+github.com/xtls/xray-core v1.8.25-0.20250303153022-e15dff94b5bd h1:xzZCYhdr1pL1kZe7GysAMuVNtlzXqsQKTFbc1xvR+bI=
+github.com/xtls/xray-core v1.8.25-0.20250303153022-e15dff94b5bd/go.mod h1:0n4A2nJD1yZlxuXexV5rJODKcJJo8zpbTFcESVg8fgM=
 github.com/yandex-cloud/go-genproto v0.0.0-20241220122821-aeb3b05efd1c h1:Rnr+lDYXVkP+3eT8/d68iq4G/UeIhyCQk+HKa8toTvg=
 github.com/yandex-cloud/go-genproto v0.0.0-20241220122821-aeb3b05efd1c/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo=
 github.com/yandex-cloud/go-sdk v0.0.0-20241220131134-2393e243c134 h1:qmpz0Kvr9GAng8LAhRcKIpY71CEAcL3EBkftVlsP5Cw=
@@ -1128,8 +1128,8 @@ golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIi
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1225,8 +1225,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1340,8 +1340,8 @@ golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1358,8 +1358,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1585,8 +1585,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE=
-lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
+lukechampine.com/blake3 v1.4.0 h1:xDbKOZCVbnZsfzM6mHSYcGRHZ3YrLDzqz8XnV4uaD5w=
+lukechampine.com/blake3 v1.4.0/go.mod h1:MQJNQCTnR+kwOP/JEZSxj3MaQjp80FOFSNMMHXcSeX0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/limiter/limiter.go
+++ b/limiter/limiter.go
@@ -37,7 +37,7 @@ type Limiter struct {
 	ProtocolRules []string
 	SpeedLimit    int
 	UserOnlineIP  *sync.Map      // Key: Name, value: {Key: Ip, value: Uid}
-	OldUserOnline *sync.Map 	 // Key: Ip, value: Uid
+	OldUserOnline *sync.Map      // Key: Ip, value: Uid
 	UUIDtoUID     map[string]int // Key: UUID, value: Uid
 	UserLimitInfo *sync.Map      // Key: Uid value: UserLimitInfo
 	ConnLimiter   *ConnLimiter   // Key: Uid value: ConnLimiter
@@ -164,6 +164,8 @@ func (l *Limiter) CheckLimit(taguuid string, ip string, isTcp bool, noSSUDP bool
 		} else {
 			userLimit = determineSpeedLimit(u.SpeedLimit, u.DynamicSpeedLimit)
 		}
+	} else {
+		return nil, true
 	}
 	if noSSUDP {
 		// Store online user for device limit
@@ -181,8 +183,8 @@ func (l *Limiter) CheckLimit(taguuid string, ip string, isTcp bool, noSSUDP bool
 						return nil, true
 					}
 				}
-			}	
-		} else if v, ok := l.OldUserOnline.Load(ip); ok{
+			}
+		} else if v, ok := l.OldUserOnline.Load(ip); ok {
 			if v.(int) == uid {
 				l.OldUserOnline.Delete(ip)
 			}
Author	SHA1	Message	Date
wyx2685	0b155bbf89	test: Singbox内核定期释放TCP会话列表内存	2025-03-06 15:57:56 +09:00
wyx2685	1c8c17b067	test: Singbox内核删除用户时尝试关闭该用户所有TCP会话	2025-03-05 19:54:06 +09:00
wyx2685	61606646b9	fix docker build	2025-03-04 21:53:05 +09:00
wyx2685	e2904ad126	fix workflow	2025-03-04 21:28:24 +09:00
wyx2685	903aef1fb5	Update Dockerfile	2025-03-04 19:08:18 +08:00
wyx2685	2c43704090	update xray-core v25.3.3	2025-03-04 05:05:02 +09:00
wyx2685	d71df3a0df	hy2内核支持sniff设置	2025-03-02 23:19:27 +09:00
wyx2685	96baa0a99c	fix docker workflows	2025-02-20 21:02:37 +09:00