Add documentation for strict_route

This commit is contained in:
世界 2022-08-26 23:52:17 +08:00
parent e46427c7fc
commit 0289586880
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
4 changed files with 24 additions and 3 deletions

View file

@ -15,6 +15,7 @@
"inet6_address": "fdfe:dcba:9876::1/128", "inet6_address": "fdfe:dcba:9876::1/128",
"mtu": 1500, "mtu": 1500,
"auto_route": true, "auto_route": true,
"strict_route": true,
"endpoint_independent_nat": false, "endpoint_independent_nat": false,
"udp_timeout": 300, "udp_timeout": 300,
"stack": "gvisor", "stack": "gvisor",
@ -86,6 +87,16 @@ Set the default route to the Tun.
To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface` To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface`
#### strict_route
Enforce strict routing rules in Linux when `auto_route` is enabled:
* Let unsupported network unreachable
* Route all connections to tun
It prevents address leaks and makes DNS hijacking work on Android and Linux with systemd-resolved, but your device will
not be accessible by others.
#### endpoint_independent_nat #### endpoint_independent_nat
Enable endpoint-independent NAT. Enable endpoint-independent NAT.

View file

@ -15,6 +15,7 @@
"inet6_address": "fdfe:dcba:9876::1/128", "inet6_address": "fdfe:dcba:9876::1/128",
"mtu": 1500, "mtu": 1500,
"auto_route": true, "auto_route": true,
"strict_route": true,
"endpoint_independent_nat": false, "endpoint_independent_nat": false,
"udp_timeout": 300, "udp_timeout": 300,
"stack": "gvisor", "stack": "gvisor",
@ -86,6 +87,15 @@ tun 接口的 IPv6 前缀。
为避免流量环回,请设置 `route.auto_detect_interface``route.default_interface``outbound.bind_interface` 为避免流量环回,请设置 `route.auto_detect_interface``route.default_interface``outbound.bind_interface`
#### strict_route
在 Linux 中启用 `auto_route` 时执行严格的路由规则。
* 让不支持的网络无法到达
* 将所有连接路由到 tun
它可以防止地址泄漏,并使 DNS 劫持在 Android 和使用 systemd-resolved 的 Linux 上工作,但你的设备将无法其他设备被访问。
#### endpoint_independent_nat #### endpoint_independent_nat
启用独立于端点的 NAT。 启用独立于端点的 NAT。

2
go.mod
View file

@ -23,7 +23,7 @@ require (
github.com/sagernet/sing v0.0.0-20220826124916-d4ba8fdfac88 github.com/sagernet/sing v0.0.0-20220826124916-d4ba8fdfac88
github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666 github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666
github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6
github.com/sagernet/sing-tun v0.0.0-20220826134511-3661aafce489 github.com/sagernet/sing-tun v0.0.0-20220827013030-e01ce3a8a70e
github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4 github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4
github.com/sagernet/smux v0.0.0-20220812084127-e2d085ee3939 github.com/sagernet/smux v0.0.0-20220812084127-e2d085ee3939
github.com/spf13/cobra v1.5.0 github.com/spf13/cobra v1.5.0

4
go.sum
View file

@ -148,8 +148,8 @@ github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666 h1:XUTocA/Ek0dFx
github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666/go.mod h1:eDyH7AJmqBGjZQdQmpZIzlbTREudZuWDExMuGKgjRVM= github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666/go.mod h1:eDyH7AJmqBGjZQdQmpZIzlbTREudZuWDExMuGKgjRVM=
github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 h1:JJfDeYYhWunvtxsU/mOVNTmFQmnzGx9dY034qG6G3g4= github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 h1:JJfDeYYhWunvtxsU/mOVNTmFQmnzGx9dY034qG6G3g4=
github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6/go.mod h1:EX3RbZvrwAkPI2nuGa78T2iQXmrkT+/VQtskjou42xM= github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6/go.mod h1:EX3RbZvrwAkPI2nuGa78T2iQXmrkT+/VQtskjou42xM=
github.com/sagernet/sing-tun v0.0.0-20220826134511-3661aafce489 h1:tPZUuDv9N4vM8t91dshQQoO+ubtlEwRmGPwlshEV+fY= github.com/sagernet/sing-tun v0.0.0-20220827013030-e01ce3a8a70e h1:7GGZfIhbTAiUmVsWVLEccrKbwsgocUaJDJ859RVFNTA=
github.com/sagernet/sing-tun v0.0.0-20220826134511-3661aafce489/go.mod h1:B9BsLZmK01+9Dzhl634lM6YU80aTqOZ2yyrOzhA/Bto= github.com/sagernet/sing-tun v0.0.0-20220827013030-e01ce3a8a70e/go.mod h1:B9BsLZmK01+9Dzhl634lM6YU80aTqOZ2yyrOzhA/Bto=
github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4 h1:2hLETh97+S4WnfMR27XyC7QVU1SH7FTNoCznP229YJU= github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4 h1:2hLETh97+S4WnfMR27XyC7QVU1SH7FTNoCznP229YJU=
github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4/go.mod h1:82O6gzbxLha/W/jxSVQbsqf2lVdRTjMIgyLug0lpJps= github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4/go.mod h1:82O6gzbxLha/W/jxSVQbsqf2lVdRTjMIgyLug0lpJps=
github.com/sagernet/smux v0.0.0-20220812084127-e2d085ee3939 h1:pB1Dh1NbwVrLhQhotr4O4Hs3yhiBzmg3AvnUyYjL4x4= github.com/sagernet/smux v0.0.0-20220812084127-e2d085ee3939 h1:pB1Dh1NbwVrLhQhotr4O4Hs3yhiBzmg3AvnUyYjL4x4=