From 315ecc25883533278958d9da2713e5fe56b91af9 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Sun, 21 Jun 2026 02:34:57 +0200 Subject: [PATCH] fix(inbound): persist streamSettings for tunnel so sockopt saves normalizeStreamSettings cleared StreamSettings for any protocol outside its whitelist, and tunnel was missing. The frontend sent sockopt correctly but the backend wiped it on every add/update. Tunnel relies on sockopt (notably sockopt.tproxy for TProxy/redirect mode), so add it to the whitelist. --- internal/web/service/inbound.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/internal/web/service/inbound.go b/internal/web/service/inbound.go index 5deadda4d..fd00cea63 100644 --- a/internal/web/service/inbound.go +++ b/internal/web/service/inbound.go @@ -424,8 +424,10 @@ func (s *InboundService) getAllEmailSubIDs() (map[string]string, error) { } // normalizeStreamSettings clears StreamSettings for protocols that don't use it. -// Only vmess, vless, trojan, shadowsocks, hysteria, and wireguard protocols use -// streamSettings (wireguard for finalmask UDP masks and sockopt on its listener). +// Only vmess, vless, trojan, shadowsocks, hysteria, wireguard, and tunnel +// protocols use streamSettings (wireguard for finalmask UDP masks and sockopt on +// its listener; tunnel for sockopt, notably sockopt.tproxy for its TProxy/redirect +// mode). func (s *InboundService) normalizeStreamSettings(inbound *model.Inbound) { protocolsWithStream := map[model.Protocol]bool{ model.VMESS: true, @@ -434,6 +436,7 @@ func (s *InboundService) normalizeStreamSettings(inbound *model.Inbound) { model.Shadowsocks: true, model.Hysteria: true, model.WireGuard: true, + model.Tunnel: true, } if !protocolsWithStream[inbound.Protocol] {