test: Singbox内核定期释放TCP会话列表内存

.github/workflows/Publish Docker image.yml

@@ -1,4 +1,5 @@
 name: Publish Docker image
+
 on:
   workflow_dispatch:
   release:
@@ -6,6 +7,7 @@ on:
   pull_request:
     branches:
       - 'dev_new'
+
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository_owner }}/v2bx
@@ -20,40 +22,51 @@ jobs:
           - linux/amd64
           - linux/arm64
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV  
+
       - name: Checkout
         uses: actions/checkout@v4
+      
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and push by digest
         id: build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
-          context: .
           platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
           outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
+
       - name: Export digest
         run: |
           mkdir -p /tmp/digests
           digest="${{ steps.build.outputs.digest }}"
-          touch "/tmp/digests/${digest#sha256:}"          
+          echo "${digest#sha256:}" > "/tmp/digests/${digest#sha256:}"
+  
       - name: Upload digest
-        uses: actions/upload-artifact@v4.0.0
+        uses: actions/upload-artifact@v4
         with:
-          name: digests-${{ matrix.platform }}
+          name: digests-${{ env.PLATFORM_PAIR }}
           path: /tmp/digests/*
           if-no-files-found: error
           retention-days: 1
@@ -64,31 +77,37 @@ jobs:
       - build
     steps:
       - name: Download digests
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: digests
           path: /tmp/digests
+          pattern: digests-*
+          merge-multiple: true
+     
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+          
       - name: Create manifest list and push
-        working-directory: /tmp/digests
         run: |
-          ls -al
-          echo docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) 
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+          cd /tmp/digests
+          tags=$(echo '${{ steps.meta.outputs.json }}' | jq -cr '.tags | map("-t " + .) | join(" ")')
+          images=$(printf "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s " $(find . -type f -exec cat {} \;))
+          echo "Creating manifest with tags: $tags"
+          echo "Using images: $images"
+          docker buildx imagetools create $tags $images
+          
       - name: Inspect image
         run: |
           docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

.github/workflows/release.yml

@@ -10,14 +10,14 @@ on:
       - "**/*.go"
       - "go.mod"
       - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/release.yml"
   pull_request:
     types: [opened, synchronize, reopened]
     paths:
       - "**/*.go"
       - "go.mod"
       - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/release.yml"
   release:
     types: [published]
 

Dockerfile

@@ -1,5 +1,5 @@
 # Build go
-FROM golang:1.23.2-alpine AS builder
+FROM golang:1.24.1-alpine AS builder
 WORKDIR /app
 COPY . .
 ENV CGO_ENABLED=0

core/sing/hook.go

@@ -5,9 +5,11 @@ import (
 	"fmt"
 	"net"
 	"sync"
+	"time"
 
 	"github.com/InazumaV/V2bX/common/format"
 	"github.com/InazumaV/V2bX/common/rate"
+	"github.com/InazumaV/V2bX/common/task"
 
 	"github.com/InazumaV/V2bX/limiter"
 
@@ -19,8 +21,15 @@ import (
 
 var _ adapter.ConnectionTracker = (*HookServer)(nil)
 
+type ConnEntry struct {
+	Conn      net.Conn
+	Timestamp time.Time
+}
+
 type HookServer struct {
-	counter sync.Map
+	counter  sync.Map //map[string]*counter.TrafficCounter
+	userconn sync.Map //map[string][]*ConnEntry
+	Cleanup  *task.Task
 }
 
 func (h *HookServer) ModeList() []string {
@@ -30,6 +39,11 @@ func (h *HookServer) ModeList() []string {
 func NewHookServer() *HookServer {
 	server := &HookServer{
 		counter:  sync.Map{},
+		userconn: sync.Map{},
+	}
+	server.Cleanup = &task.Task{
+		Interval: 5 * time.Minute,
+		Execute:  server.CleanupOldConnections,
 	}
 	return server
 }
@@ -40,8 +54,9 @@ func (h *HookServer) RoutedConnection(_ context.Context, conn net.Conn, m adapte
 		log.Warn("get limiter for ", m.Inbound, " error: ", err)
 		return conn
 	}
+	taguuid := format.UserTag(m.Inbound, m.User)
 	ip := m.Source.Addr.String()
-	if b, r := l.CheckLimit(format.UserTag(m.Inbound, m.User), ip, true, true); r {
+	if b, r := l.CheckLimit(taguuid, ip, true, true); r {
 		conn.Close()
 		log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")
 		return conn
@@ -70,13 +85,31 @@ func (h *HookServer) RoutedConnection(_ context.Context, conn net.Conn, m adapte
 			}
 		}
 	}
-	if c, ok := h.counter.Load(m.Inbound); ok {
-		return counter.NewConnCounter(conn, c.(*counter.TrafficCounter).GetCounter(m.User))
+	var t *counter.TrafficCounter
+	if c, ok := h.counter.Load(m.Inbound); !ok {
+		t = counter.NewTrafficCounter()
+		h.counter.Store(m.Inbound, t)
 	} else {
-		c := counter.NewTrafficCounter()
-		h.counter.Store(m.Inbound, c)
-		return counter.NewConnCounter(conn, c.GetCounter(m.User))
+		t = c.(*counter.TrafficCounter)
 	}
+
+	conn = counter.NewConnCounter(conn, t.GetCounter(m.User))
+	entry := &ConnEntry{
+		Conn:      conn,
+		Timestamp: time.Now(),
+	}
+	if conns, exist := h.userconn.Load(taguuid); exist {
+		if connList, ok := conns.([]*ConnEntry); ok {
+			h.userconn.Store(taguuid, append(connList, entry))
+		} else {
+			h.userconn.Delete(taguuid)
+			h.userconn.Store(taguuid, []*ConnEntry{entry})
+		}
+	} else {
+		h.userconn.Store(taguuid, []*ConnEntry{entry})
+	}
+
+	return conn
 }
 
 func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn, m adapter.InboundContext, _ adapter.Rule, _ adapter.Outbound) N.PacketConn {
@@ -86,7 +119,8 @@ func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn
 		return conn
 	}
 	ip := m.Source.Addr.String()
-	if b, r := l.CheckLimit(format.UserTag(m.Inbound, m.User), ip, false, false); r {
+	taguuid := format.UserTag(m.Inbound, m.User)
+	if b, r := l.CheckLimit(taguuid, ip, false, false); r {
 		conn.Close()
 		log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")
 		return conn
@@ -115,11 +149,63 @@ func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn
 			}
 		}
 	}
-	if c, ok := h.counter.Load(m.Inbound); ok {
-		return counter.NewPacketConnCounter(conn, c.(*counter.TrafficCounter).GetCounter(m.User))
+	var t *counter.TrafficCounter
+	if c, ok := h.counter.Load(m.Inbound); !ok {
+		t = counter.NewTrafficCounter()
+		h.counter.Store(m.Inbound, t)
 	} else {
-		c := counter.NewTrafficCounter()
-		h.counter.Store(m.Inbound, c)
-		return counter.NewPacketConnCounter(conn, c.GetCounter(m.User))
+		t = c.(*counter.TrafficCounter)
 	}
+	conn = counter.NewPacketConnCounter(conn, t.GetCounter(m.User))
+	return conn
+}
+
+func (h *HookServer) CloseConnections(tag string, uuids []string) error {
+	for _, uuid := range uuids {
+		taguuid := format.UserTag(tag, uuid)
+		v, ok := h.userconn.Load(taguuid)
+		if !ok {
+			continue
+		}
+		connList, ok := v.([]*ConnEntry)
+		if !ok {
+			h.userconn.Delete(taguuid)
+			continue
+		}
+
+		for _, entry := range connList {
+			err := entry.Conn.Close()
+			if err != nil {
+				log.Error("close conn error: ", err)
+			}
+		}
+		h.userconn.Delete(taguuid)
+	}
+	return nil
+}
+
+func (h *HookServer) CleanupOldConnections() error {
+	expiredTime := time.Now().Add(-time.Minute * 30)
+	h.userconn.Range(func(key, value interface{}) bool {
+		connList, ok := value.([]*ConnEntry)
+		if !ok {
+			h.userconn.Delete(key)
+			return true
+		}
+
+		var activeConns []*ConnEntry
+		for _, entry := range connList {
+			if entry.Timestamp.After(expiredTime) {
+				activeConns = append(activeConns, entry)
+			}
+		}
+
+		if len(activeConns) == 0 {
+			h.userconn.Delete(key)
+		} else {
+			h.userconn.Store(key, activeConns)
+		}
+		return true
+	})
+	return nil
 }

core/sing/sing.go

@@ -83,6 +83,7 @@ func New(c *conf.CoreConfig) (vCore.Core, error) {
 }
 
 func (b *Sing) Start() error {
+	b.hookServer.Cleanup.Start(false)
 	return b.box.Start()
 }
 

core/sing/user.go

@@ -138,5 +138,9 @@ func (b *Sing) DelUsers(users []panel.UserInfo, tag string, info *panel.NodeInfo
 	if err != nil {
 		return err
 	}
+	err = b.hookServer.CloseConnections(tag, uuids)
+	if err != nil {
+		return err
+	}
 	return nil
 }

limiter/limiter.go

@@ -164,6 +164,8 @@ func (l *Limiter) CheckLimit(taguuid string, ip string, isTcp bool, noSSUDP bool
 		} else {
 			userLimit = determineSpeedLimit(u.SpeedLimit, u.DynamicSpeedLimit)
 		}
+	} else {
+		return nil, true
 	}
 	if noSSUDP {
 		// Store online user for device limit