mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-22 00:21:30 +00:00
documentation: Add rule action
This commit is contained in:
parent
0fab6470c0
commit
491c70bc09
|
@ -2,6 +2,14 @@
|
||||||
icon: material/new-box
|
icon: material/new-box
|
||||||
---
|
---
|
||||||
|
|
||||||
|
!!! quote "Changes in sing-box 1.11.0"
|
||||||
|
|
||||||
|
:material-plus: [action](#action)
|
||||||
|
:material-alert: [server](#server)
|
||||||
|
:material-alert: [disable_cache](#disable_cache)
|
||||||
|
:material-alert: [rewrite_ttl](#rewrite_ttl)
|
||||||
|
:material-alert: [client_subnet](#client_subnet)
|
||||||
|
|
||||||
!!! quote "Changes in sing-box 1.10.0"
|
!!! quote "Changes in sing-box 1.10.0"
|
||||||
|
|
||||||
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
||||||
|
@ -14,7 +22,7 @@ icon: material/new-box
|
||||||
:material-plus: [geoip](#geoip)
|
:material-plus: [geoip](#geoip)
|
||||||
:material-plus: [ip_cidr](#ip_cidr)
|
:material-plus: [ip_cidr](#ip_cidr)
|
||||||
:material-plus: [ip_is_private](#ip_is_private)
|
:material-plus: [ip_is_private](#ip_is_private)
|
||||||
:material-plus: [client_subnet](#client_subnet)
|
:material-plus: [client_subnet](#client_subnet)
|
||||||
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
||||||
|
|
||||||
!!! quote "Changes in sing-box 1.8.0"
|
!!! quote "Changes in sing-box 1.8.0"
|
||||||
|
@ -135,19 +143,15 @@ icon: material/new-box
|
||||||
"outbound": [
|
"outbound": [
|
||||||
"direct"
|
"direct"
|
||||||
],
|
],
|
||||||
"server": "local",
|
"action": "route",
|
||||||
"disable_cache": false,
|
"server": "local"
|
||||||
"rewrite_ttl": 100,
|
|
||||||
"client_subnet": "127.0.0.1/24"
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "logical",
|
"type": "logical",
|
||||||
"mode": "and",
|
"mode": "and",
|
||||||
"rules": [],
|
"rules": [],
|
||||||
"server": "local",
|
"action": "route",
|
||||||
"disable_cache": false,
|
"server": "local"
|
||||||
"rewrite_ttl": 100,
|
|
||||||
"client_subnet": "127.0.0.1/24"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -354,29 +358,35 @@ Match outbound.
|
||||||
|
|
||||||
`any` can be used as a value to match any outbound.
|
`any` can be used as a value to match any outbound.
|
||||||
|
|
||||||
#### server
|
#### action
|
||||||
|
|
||||||
==Required==
|
==Required==
|
||||||
|
|
||||||
Tag of the target dns server.
|
See [DNS Rule Actions](../rule_action/) for details.
|
||||||
|
|
||||||
|
#### server
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Moved to [DNS Rule Action](../rule_action#route).
|
||||||
|
|
||||||
#### disable_cache
|
#### disable_cache
|
||||||
|
|
||||||
Disable cache and save cache in this query.
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Moved to [DNS Rule Action](../rule_action#route).
|
||||||
|
|
||||||
#### rewrite_ttl
|
#### rewrite_ttl
|
||||||
|
|
||||||
Rewrite TTL in DNS responses.
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Moved to [DNS Rule Action](../rule_action#route).
|
||||||
|
|
||||||
#### client_subnet
|
#### client_subnet
|
||||||
|
|
||||||
!!! question "Since sing-box 1.9.0"
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
|
Moved to [DNS Rule Action](../rule_action#route).
|
||||||
|
|
||||||
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
|
|
||||||
|
|
||||||
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
|
|
||||||
|
|
||||||
### Address Filter Fields
|
### Address Filter Fields
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ icon: material/new-box
|
||||||
:material-plus: [geoip](#geoip)
|
:material-plus: [geoip](#geoip)
|
||||||
:material-plus: [ip_cidr](#ip_cidr)
|
:material-plus: [ip_cidr](#ip_cidr)
|
||||||
:material-plus: [ip_is_private](#ip_is_private)
|
:material-plus: [ip_is_private](#ip_is_private)
|
||||||
:material-plus: [client_subnet](#client_subnet)
|
:material-plus: [client_subnet](#client_subnet)
|
||||||
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
||||||
|
|
||||||
!!! quote "sing-box 1.8.0 中的更改"
|
!!! quote "sing-box 1.8.0 中的更改"
|
||||||
|
|
85
docs/configuration/dns/rule_action.md
Normal file
85
docs/configuration/dns/rule_action.md
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
---
|
||||||
|
icon: material/new-box
|
||||||
|
---
|
||||||
|
|
||||||
|
# DNS Rule Action
|
||||||
|
|
||||||
|
!!! question "Since sing-box 1.11.0"
|
||||||
|
|
||||||
|
### route
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route", // default
|
||||||
|
"server": "",
|
||||||
|
|
||||||
|
// for compatibility
|
||||||
|
"disable_cache": false,
|
||||||
|
"rewrite_ttl": 0,
|
||||||
|
"client_subnet": null
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`route` inherits the classic rule behavior of routing DNS requests to the specified server.
|
||||||
|
|
||||||
|
#### server
|
||||||
|
|
||||||
|
==Required==
|
||||||
|
|
||||||
|
Tag of target server.
|
||||||
|
|
||||||
|
#### disable_cache/rewrite_ttl/client_subnet
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Legacy route options is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
|
||||||
|
|
||||||
|
### route-options
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route-options",
|
||||||
|
"disable_cache": false,
|
||||||
|
"rewrite_ttl": null,
|
||||||
|
"client_subnet": null
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### disable_cache
|
||||||
|
|
||||||
|
Disable cache and save cache in this query.
|
||||||
|
|
||||||
|
#### rewrite_ttl
|
||||||
|
|
||||||
|
Rewrite TTL in DNS responses.
|
||||||
|
|
||||||
|
#### client_subnet
|
||||||
|
|
||||||
|
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
|
||||||
|
|
||||||
|
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
|
||||||
|
|
||||||
|
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
|
||||||
|
|
||||||
|
### reject
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "reject",
|
||||||
|
"method": "default", // default
|
||||||
|
"no_drop": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`reject` reject DNS requests.
|
||||||
|
|
||||||
|
#### method
|
||||||
|
|
||||||
|
- `default`: Reply with NXDOMAIN.
|
||||||
|
- `drop`: Drop the request.
|
||||||
|
|
||||||
|
#### no_drop
|
||||||
|
|
||||||
|
If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
|
||||||
|
|
||||||
|
Not available when `method` is set to drop.
|
86
docs/configuration/dns/rule_action.zh.md
Normal file
86
docs/configuration/dns/rule_action.zh.md
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
---
|
||||||
|
icon: material/new-box
|
||||||
|
---
|
||||||
|
|
||||||
|
# DNS 规则动作
|
||||||
|
|
||||||
|
!!! question "自 sing-box 1.11.0 起"
|
||||||
|
|
||||||
|
### route
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route", // 默认
|
||||||
|
"server": "",
|
||||||
|
|
||||||
|
// 兼容性
|
||||||
|
"disable_cache": false,
|
||||||
|
"rewrite_ttl": 0,
|
||||||
|
"client_subnet": null
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`route` 继承了将 DNS 请求 路由到指定服务器的经典规则动作。
|
||||||
|
|
||||||
|
#### server
|
||||||
|
|
||||||
|
==必填==
|
||||||
|
|
||||||
|
目标 DNS 服务器的标签。
|
||||||
|
|
||||||
|
#### disable_cache/rewrite_ttl/client_subnet
|
||||||
|
|
||||||
|
!!! failure "自 sing-box 1.11.0 起"
|
||||||
|
|
||||||
|
旧的路由选项已弃用,且将在 sing-box 1.12.0 中移除,参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
|
||||||
|
|
||||||
|
### route-options
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route-options",
|
||||||
|
"disable_cache": false,
|
||||||
|
"rewrite_ttl": null,
|
||||||
|
"client_subnet": null
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
#### disable_cache
|
||||||
|
|
||||||
|
在此查询中禁用缓存。
|
||||||
|
|
||||||
|
#### rewrite_ttl
|
||||||
|
|
||||||
|
重写 DNS 回应中的 TTL。
|
||||||
|
|
||||||
|
#### client_subnet
|
||||||
|
|
||||||
|
默认情况下,将带有指定 IP 前缀的 `edns0-subnet` OPT 附加记录附加到每个查询。
|
||||||
|
|
||||||
|
如果值是 IP 地址而不是前缀,则会自动附加 `/32` 或 `/128`。
|
||||||
|
|
||||||
|
将覆盖 `dns.client_subnet` 与 `servers.[].client_subnet`。
|
||||||
|
|
||||||
|
### reject
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "reject",
|
||||||
|
"method": "default", // default
|
||||||
|
"no_drop": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`reject` 拒绝 DNS 请求。
|
||||||
|
|
||||||
|
#### method
|
||||||
|
|
||||||
|
- `default`: 返回 NXDOMAIN。
|
||||||
|
- `drop`: 丢弃请求。
|
||||||
|
|
||||||
|
#### no_drop
|
||||||
|
|
||||||
|
如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`。
|
||||||
|
|
||||||
|
当 `method` 设为 `drop` 时不可用。
|
|
@ -1,8 +1,14 @@
|
||||||
`block` outbound closes all incoming requests.
|
---
|
||||||
|
icon: material/delete-clock
|
||||||
|
---
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
|
||||||
|
|
||||||
### Structure
|
### Structure
|
||||||
|
|
||||||
```json
|
```json F
|
||||||
{
|
{
|
||||||
"type": "block",
|
"type": "block",
|
||||||
"tag": "block"
|
"tag": "block"
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
---
|
||||||
|
icon: material/delete-clock
|
||||||
|
---
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
|
||||||
|
|
||||||
`block` 出站关闭所有传入请求。
|
`block` 出站关闭所有传入请求。
|
||||||
|
|
||||||
### 结构
|
### 结构
|
||||||
|
@ -11,4 +19,4 @@
|
||||||
|
|
||||||
### 字段
|
### 字段
|
||||||
|
|
||||||
无字段。
|
无字段。
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
---
|
||||||
|
icon: material/delete-clock
|
||||||
|
---
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
|
||||||
|
|
||||||
`dns` outbound is a internal DNS server.
|
`dns` outbound is a internal DNS server.
|
||||||
|
|
||||||
### Structure
|
### Structure
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
---
|
||||||
|
icon: material/delete-clock
|
||||||
|
---
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除, 参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
|
||||||
|
|
||||||
`dns` 出站是一个内部 DNS 服务器。
|
`dns` 出站是一个内部 DNS 服务器。
|
||||||
|
|
||||||
### 结构
|
### 结构
|
||||||
|
|
|
@ -1,7 +1,12 @@
|
||||||
---
|
---
|
||||||
icon: material/alert-decagram
|
icon: material/new-box
|
||||||
---
|
---
|
||||||
|
|
||||||
|
!!! quote "Changes in sing-box 1.11.0"
|
||||||
|
|
||||||
|
:material-plus: [action](#action)
|
||||||
|
:material-alert: [outbound](#outbound)
|
||||||
|
|
||||||
!!! quote "Changes in sing-box 1.10.0"
|
!!! quote "Changes in sing-box 1.10.0"
|
||||||
|
|
||||||
:material-plus: [client](#client)
|
:material-plus: [client](#client)
|
||||||
|
@ -129,6 +134,7 @@ icon: material/alert-decagram
|
||||||
"rule_set_ipcidr_match_source": false,
|
"rule_set_ipcidr_match_source": false,
|
||||||
"rule_set_ip_cidr_match_source": false,
|
"rule_set_ip_cidr_match_source": false,
|
||||||
"invert": false,
|
"invert": false,
|
||||||
|
"action": "route",
|
||||||
"outbound": "direct"
|
"outbound": "direct"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -136,6 +142,7 @@ icon: material/alert-decagram
|
||||||
"mode": "and",
|
"mode": "and",
|
||||||
"rules": [],
|
"rules": [],
|
||||||
"invert": false,
|
"invert": false,
|
||||||
|
"action": "route",
|
||||||
"outbound": "direct"
|
"outbound": "direct"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -357,11 +364,17 @@ Make `ip_cidr` in rule-sets match the source IP.
|
||||||
|
|
||||||
Invert match result.
|
Invert match result.
|
||||||
|
|
||||||
#### outbound
|
#### action
|
||||||
|
|
||||||
==Required==
|
==Required==
|
||||||
|
|
||||||
Tag of the target outbound.
|
See [Rule Actions](../rule_action/) for details.
|
||||||
|
|
||||||
|
#### outbound
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Moved to [Rule Action](../rule_action#route).
|
||||||
|
|
||||||
### Logical Fields
|
### Logical Fields
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,12 @@
|
||||||
---
|
---
|
||||||
icon: material/alert-decagram
|
icon: material/new-box
|
||||||
---
|
---
|
||||||
|
|
||||||
|
!!! quote "sing-box 1.11.0 中的更改"
|
||||||
|
|
||||||
|
:material-plus: [action](#action)
|
||||||
|
:material-alert: [outbound](#outbound)
|
||||||
|
|
||||||
!!! quote "sing-box 1.10.0 中的更改"
|
!!! quote "sing-box 1.10.0 中的更改"
|
||||||
|
|
||||||
:material-plus: [client](#client)
|
:material-plus: [client](#client)
|
||||||
|
@ -127,6 +132,7 @@ icon: material/alert-decagram
|
||||||
"rule_set_ipcidr_match_source": false,
|
"rule_set_ipcidr_match_source": false,
|
||||||
"rule_set_ip_cidr_match_source": false,
|
"rule_set_ip_cidr_match_source": false,
|
||||||
"invert": false,
|
"invert": false,
|
||||||
|
"action": "route",
|
||||||
"outbound": "direct"
|
"outbound": "direct"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -134,6 +140,7 @@ icon: material/alert-decagram
|
||||||
"mode": "and",
|
"mode": "and",
|
||||||
"rules": [],
|
"rules": [],
|
||||||
"invert": false,
|
"invert": false,
|
||||||
|
"action": "route",
|
||||||
"outbound": "direct"
|
"outbound": "direct"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -355,11 +362,17 @@ icon: material/alert-decagram
|
||||||
|
|
||||||
反选匹配结果。
|
反选匹配结果。
|
||||||
|
|
||||||
#### outbound
|
#### action
|
||||||
|
|
||||||
==必填==
|
==必填==
|
||||||
|
|
||||||
目标出站的标签。
|
参阅 [规则行动](../rule_action/)。
|
||||||
|
|
||||||
|
#### outbound
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
已移动到 [规则行动](../rule_action#route).
|
||||||
|
|
||||||
### 逻辑字段
|
### 逻辑字段
|
||||||
|
|
||||||
|
|
139
docs/configuration/route/rule_action.md
Normal file
139
docs/configuration/route/rule_action.md
Normal file
|
@ -0,0 +1,139 @@
|
||||||
|
---
|
||||||
|
icon: material/new-box
|
||||||
|
---
|
||||||
|
|
||||||
|
# Rule Action
|
||||||
|
|
||||||
|
!!! question "Since sing-box 1.11.0"
|
||||||
|
|
||||||
|
## Final actions
|
||||||
|
|
||||||
|
### route
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route", // default
|
||||||
|
"outbound": ""
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`route` inherits the classic rule behavior of routing connection to the specified outbound.
|
||||||
|
|
||||||
|
#### outbound
|
||||||
|
|
||||||
|
==Required==
|
||||||
|
|
||||||
|
Tag of target outbound.
|
||||||
|
|
||||||
|
### route-options
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route-options",
|
||||||
|
"udp_disable_domain_unmapping": false,
|
||||||
|
"udp_connect": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`route-options` set options for routing.
|
||||||
|
|
||||||
|
#### udp_disable_domain_unmapping
|
||||||
|
|
||||||
|
If enabled, for UDP proxy requests addressed to a domain,
|
||||||
|
the original packet address will be sent in the response instead of the mapped domain.
|
||||||
|
|
||||||
|
This option is used for compatibility with clients that
|
||||||
|
do not support receiving UDP packets with domain addresses, such as Surge.
|
||||||
|
|
||||||
|
#### udp_connect
|
||||||
|
|
||||||
|
If enabled, attempts to connect UDP connection to the destination instead of listen.
|
||||||
|
|
||||||
|
### reject
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "reject",
|
||||||
|
"method": "default", // default
|
||||||
|
"no_drop": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`reject` reject connections
|
||||||
|
|
||||||
|
The specified method is used for reject tun connections if `sniff` action has not been performed yet.
|
||||||
|
|
||||||
|
For non-tun connections and already established connections, will just be closed.
|
||||||
|
|
||||||
|
#### method
|
||||||
|
|
||||||
|
- `default`: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets.
|
||||||
|
- `drop`: Drop packets.
|
||||||
|
|
||||||
|
#### no_drop
|
||||||
|
|
||||||
|
If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
|
||||||
|
|
||||||
|
Not available when `method` is set to drop.
|
||||||
|
|
||||||
|
### hijack-dns
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "hijack-dns"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`hijack-dns` hijack DNS requests to the sing-box DNS module.
|
||||||
|
|
||||||
|
## Non-final actions
|
||||||
|
|
||||||
|
### sniff
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "sniff",
|
||||||
|
"sniffer": [],
|
||||||
|
"timeout": ""
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`sniff` performs protocol sniffing on connections.
|
||||||
|
|
||||||
|
For deprecated `inbound.sniff` options, it is considered to `sniff()` performed before routing.
|
||||||
|
|
||||||
|
#### sniffer
|
||||||
|
|
||||||
|
Enabled sniffers.
|
||||||
|
|
||||||
|
All sniffers enabled by default.
|
||||||
|
|
||||||
|
Available protocol values an be found on in [Protocol Sniff](../sniff/)
|
||||||
|
|
||||||
|
#### timeout
|
||||||
|
|
||||||
|
Timeout for sniffing.
|
||||||
|
|
||||||
|
`300ms` is used by default.
|
||||||
|
|
||||||
|
### resolve
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "resolve",
|
||||||
|
"strategy": "",
|
||||||
|
"server": ""
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`resolve` resolve request destination from domain to IP addresses.
|
||||||
|
|
||||||
|
#### strategy
|
||||||
|
|
||||||
|
DNS resolution strategy, available values are: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`.
|
||||||
|
|
||||||
|
`dns.strategy` will be used by default.
|
||||||
|
|
||||||
|
#### server
|
||||||
|
|
||||||
|
Specifies DNS server tag to use instead of selecting through DNS routing.
|
136
docs/configuration/route/rule_action.zh.md
Normal file
136
docs/configuration/route/rule_action.zh.md
Normal file
|
@ -0,0 +1,136 @@
|
||||||
|
---
|
||||||
|
icon: material/new-box
|
||||||
|
---
|
||||||
|
|
||||||
|
# 规则动作
|
||||||
|
|
||||||
|
!!! question "自 sing-box 1.11.0 起"
|
||||||
|
|
||||||
|
## 最终动作
|
||||||
|
|
||||||
|
### route
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route", // 默认
|
||||||
|
"outbound": "",
|
||||||
|
"udp_disable_domain_unmapping": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`route` 继承了将连接路由到指定出站的经典规则动作。
|
||||||
|
|
||||||
|
#### outbound
|
||||||
|
|
||||||
|
==必填==
|
||||||
|
|
||||||
|
目标出站的标签。
|
||||||
|
|
||||||
|
### route-options
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "route-options",
|
||||||
|
"udp_disable_domain_unmapping": false,
|
||||||
|
"udp_connect": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### udp_disable_domain_unmapping
|
||||||
|
|
||||||
|
如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
|
||||||
|
|
||||||
|
此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。
|
||||||
|
|
||||||
|
#### udp_connect
|
||||||
|
|
||||||
|
如果启用,将尝试将 UDP 连接 connect 到目标而不是 listen。
|
||||||
|
|
||||||
|
### reject
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "reject",
|
||||||
|
"method": "default", // 默认
|
||||||
|
"no_drop": false
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`reject` 拒绝连接。
|
||||||
|
|
||||||
|
如果尚未执行 `sniff` 操作,则将使用指定方法拒绝 tun 连接。
|
||||||
|
|
||||||
|
对于非 tun 连接和已建立的连接,将直接关闭。
|
||||||
|
|
||||||
|
#### method
|
||||||
|
|
||||||
|
- `default`: 对于 TCP 连接回复 RST,对于 UDP 包回复 ICMP 端口不可达。
|
||||||
|
- `drop`: 丢弃数据包。
|
||||||
|
|
||||||
|
#### no_drop
|
||||||
|
|
||||||
|
如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`。
|
||||||
|
|
||||||
|
当 `method` 设为 `drop` 时不可用。
|
||||||
|
|
||||||
|
### hijack-dns
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "hijack-dns"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`hijack-dns` 劫持 DNS 请求至 sing-box DNS 模块。
|
||||||
|
|
||||||
|
## 非最终动作
|
||||||
|
|
||||||
|
### sniff
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "sniff",
|
||||||
|
"sniffer": [],
|
||||||
|
"timeout": ""
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`sniff` 对连接执行协议嗅探。
|
||||||
|
|
||||||
|
对于已弃用的 `inbound.sniff` 选项,被视为在路由之前执行的 `sniff`。
|
||||||
|
|
||||||
|
#### sniffer
|
||||||
|
|
||||||
|
启用的探测器。
|
||||||
|
|
||||||
|
默认启用所有探测器。
|
||||||
|
|
||||||
|
可用的协议值可以在 [协议嗅探](../sniff/) 中找到。
|
||||||
|
|
||||||
|
#### timeout
|
||||||
|
|
||||||
|
探测超时时间。
|
||||||
|
|
||||||
|
默认使用 300ms。
|
||||||
|
|
||||||
|
### resolve
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"action": "resolve",
|
||||||
|
"strategy": "",
|
||||||
|
"server": ""
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
`resolve` 将请求的目标从域名解析为 IP 地址。
|
||||||
|
|
||||||
|
#### strategy
|
||||||
|
|
||||||
|
DNS 解析策略,可用值有:`prefer_ipv4`、`prefer_ipv6`、`ipv4_only`、`ipv6_only`。
|
||||||
|
|
||||||
|
默认使用 `dns.strategy`。
|
||||||
|
|
||||||
|
#### server
|
||||||
|
|
||||||
|
指定要使用的 DNS 服务器的标签,而不是通过 DNS 路由进行选择。
|
|
@ -1,3 +1,15 @@
|
||||||
|
---
|
||||||
|
icon: material/delete-clock
|
||||||
|
---
|
||||||
|
|
||||||
|
!!! quote "Changes in sing-box 1.11.0"
|
||||||
|
|
||||||
|
:material-delete-clock: [sniff](#sniff)
|
||||||
|
:material-delete-clock: [sniff_override_destination](#sniff_override_destination)
|
||||||
|
:material-delete-clock: [sniff_timeout](#sniff_timeout)
|
||||||
|
:material-delete-clock: [domain_strategy](#domain_strategy)
|
||||||
|
:material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping)
|
||||||
|
|
||||||
### Structure
|
### Structure
|
||||||
|
|
||||||
```json
|
```json
|
||||||
|
@ -68,24 +80,40 @@ Requires target inbound support, see [Injectable](/configuration/inbound/#fields
|
||||||
|
|
||||||
#### sniff
|
#### sniff
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
Enable sniffing.
|
Enable sniffing.
|
||||||
|
|
||||||
See [Protocol Sniff](/configuration/route/sniff/) for details.
|
See [Protocol Sniff](/configuration/route/sniff/) for details.
|
||||||
|
|
||||||
#### sniff_override_destination
|
#### sniff_override_destination
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Inbound fields are deprecated and will be removed in sing-box 1.13.0.
|
||||||
|
|
||||||
Override the connection destination address with the sniffed domain.
|
Override the connection destination address with the sniffed domain.
|
||||||
|
|
||||||
If the domain name is invalid (like tor), this will not work.
|
If the domain name is invalid (like tor), this will not work.
|
||||||
|
|
||||||
#### sniff_timeout
|
#### sniff_timeout
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
Timeout for sniffing.
|
Timeout for sniffing.
|
||||||
|
|
||||||
300ms is used by default.
|
`300ms` is used by default.
|
||||||
|
|
||||||
#### domain_strategy
|
#### domain_strategy
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
|
One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
|
||||||
|
|
||||||
If set, the requested domain name will be resolved to IP before routing.
|
If set, the requested domain name will be resolved to IP before routing.
|
||||||
|
@ -94,6 +122,10 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb
|
||||||
|
|
||||||
#### udp_disable_domain_unmapping
|
#### udp_disable_domain_unmapping
|
||||||
|
|
||||||
|
!!! failure "Deprecated in sing-box 1.11.0"
|
||||||
|
|
||||||
|
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
If enabled, for UDP proxy requests addressed to a domain,
|
If enabled, for UDP proxy requests addressed to a domain,
|
||||||
the original packet address will be sent in the response instead of the mapped domain.
|
the original packet address will be sent in the response instead of the mapped domain.
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
---
|
||||||
|
icon: material/delete-clock
|
||||||
|
---
|
||||||
|
|
||||||
|
!!! quote "sing-box 1.11.0 中的更改"
|
||||||
|
|
||||||
|
:material-delete-clock: [sniff](#sniff)
|
||||||
|
:material-delete-clock: [sniff_override_destination](#sniff_override_destination)
|
||||||
|
:material-delete-clock: [sniff_timeout](#sniff_timeout)
|
||||||
|
:material-delete-clock: [domain_strategy](#domain_strategy)
|
||||||
|
:material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping)
|
||||||
|
|
||||||
### 结构
|
### 结构
|
||||||
|
|
||||||
```json
|
```json
|
||||||
|
@ -69,24 +81,40 @@ UDP NAT 过期时间,以秒为单位。
|
||||||
|
|
||||||
#### sniff
|
#### sniff
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
启用协议探测。
|
启用协议探测。
|
||||||
|
|
||||||
参阅 [协议探测](/zh/configuration/route/sniff/)
|
参阅 [协议探测](/zh/configuration/route/sniff/)
|
||||||
|
|
||||||
#### sniff_override_destination
|
#### sniff_override_destination
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
入站字段已废弃且将在 sing-box 1.12.0 中被移除。
|
||||||
|
|
||||||
用探测出的域名覆盖连接目标地址。
|
用探测出的域名覆盖连接目标地址。
|
||||||
|
|
||||||
如果域名无效(如 Tor),将不生效。
|
如果域名无效(如 Tor),将不生效。
|
||||||
|
|
||||||
#### sniff_timeout
|
#### sniff_timeout
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
探测超时时间。
|
探测超时时间。
|
||||||
|
|
||||||
默认使用 300ms。
|
默认使用 300ms。
|
||||||
|
|
||||||
#### domain_strategy
|
#### domain_strategy
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`。
|
可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`。
|
||||||
|
|
||||||
如果设置,请求的域名将在路由之前解析为 IP。
|
如果设置,请求的域名将在路由之前解析为 IP。
|
||||||
|
@ -95,6 +123,10 @@ UDP NAT 过期时间,以秒为单位。
|
||||||
|
|
||||||
#### udp_disable_domain_unmapping
|
#### udp_disable_domain_unmapping
|
||||||
|
|
||||||
|
!!! failure "已在 sing-box 1.11.0 废弃"
|
||||||
|
|
||||||
|
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
|
如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
|
||||||
|
|
||||||
此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。
|
此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。
|
||||||
|
|
|
@ -4,6 +4,32 @@ icon: material/delete-alert
|
||||||
|
|
||||||
# Deprecated Feature List
|
# Deprecated Feature List
|
||||||
|
|
||||||
|
## 1.11.0
|
||||||
|
|
||||||
|
#### Legacy special outbounds
|
||||||
|
|
||||||
|
Legacy special outbounds (`block` / `dns`) are deprecated
|
||||||
|
and can be replaced by rule actions,
|
||||||
|
check [Migration](../migration/#migrate-legacy-special-outbounds-to-rule-actions).
|
||||||
|
|
||||||
|
Old fields will be removed in sing-box 1.13.0.
|
||||||
|
|
||||||
|
#### Legacy inbound fields
|
||||||
|
|
||||||
|
Legacy inbound fields (`inbound.<sniff/domain_strategy/...>` are deprecated
|
||||||
|
and can be replaced by rule actions,
|
||||||
|
check [Migration](../migration/#migrate-legacy-inbound-fields-to-rule-actions).
|
||||||
|
|
||||||
|
Old fields will be removed in sing-box 1.13.0.
|
||||||
|
|
||||||
|
#### Legacy DNS route options
|
||||||
|
|
||||||
|
Legacy DNS route options (`disable_cache`, `rewrite_ttl`, `client_subnet`) are deprecated
|
||||||
|
and can be replaced by rule actions,
|
||||||
|
check [Migration](../migration/#migrate-legacy-dns-route-options-to-rule-actions).
|
||||||
|
|
||||||
|
Old fields will be removed in sing-box 1.12.0.
|
||||||
|
|
||||||
## 1.10.0
|
## 1.10.0
|
||||||
|
|
||||||
#### TUN address fields are merged
|
#### TUN address fields are merged
|
||||||
|
@ -12,7 +38,7 @@ icon: material/delete-alert
|
||||||
`inet4_route_address` and `inet6_route_address` are merged into `route_address`,
|
`inet4_route_address` and `inet6_route_address` are merged into `route_address`,
|
||||||
`inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
|
`inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
|
||||||
|
|
||||||
Old fields are deprecated and will be removed in sing-box 1.12.0.
|
Old fields will be removed in sing-box 1.12.0.
|
||||||
|
|
||||||
#### Match source rule items are renamed
|
#### Match source rule items are renamed
|
||||||
|
|
||||||
|
@ -32,7 +58,7 @@ check [Migration](/migration/#migrate-cache-file-from-clash-api-to-independent-o
|
||||||
|
|
||||||
#### GeoIP
|
#### GeoIP
|
||||||
|
|
||||||
GeoIP is deprecated and may be removed in sing-box 1.12.0.
|
GeoIP is deprecated and will be removed in sing-box 1.12.0.
|
||||||
|
|
||||||
The maxmind GeoIP National Database, as an IP classification database,
|
The maxmind GeoIP National Database, as an IP classification database,
|
||||||
is not entirely suitable for traffic bypassing,
|
is not entirely suitable for traffic bypassing,
|
||||||
|
|
|
@ -4,6 +4,29 @@ icon: material/delete-alert
|
||||||
|
|
||||||
# 废弃功能列表
|
# 废弃功能列表
|
||||||
|
|
||||||
|
## 1.11.0
|
||||||
|
|
||||||
|
#### 旧的特殊出站
|
||||||
|
|
||||||
|
旧的特殊出站(`block` / `dns`)已废弃且可以通过规则动作替代,
|
||||||
|
参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions)。
|
||||||
|
|
||||||
|
旧字段将在 sing-box 1.13.0 中被移除。
|
||||||
|
|
||||||
|
#### 旧的入站字段
|
||||||
|
|
||||||
|
旧的入站字段(`inbound.<sniff/domain_strategy/...>`)已废弃且可以通过规则动作替代,
|
||||||
|
参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions)。
|
||||||
|
|
||||||
|
旧字段将在 sing-box 1.13.0 中被移除。
|
||||||
|
|
||||||
|
#### 旧的 DNS 路由参数
|
||||||
|
|
||||||
|
旧的 DNS 路由参数(`disable_cache`、`rewrite_ttl`、`client_subnet`)已废弃且可以通过规则动作替代,
|
||||||
|
参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions)。
|
||||||
|
|
||||||
|
旧字段将在 sing-box 1.12.0 中被移除。
|
||||||
|
|
||||||
## 1.10.0
|
## 1.10.0
|
||||||
|
|
||||||
#### Match source 规则项已重命名
|
#### Match source 规则项已重命名
|
||||||
|
@ -17,7 +40,7 @@ icon: material/delete-alert
|
||||||
`inet4_route_address` 和 `inet6_route_address` 已合并为 `route_address`,
|
`inet4_route_address` 和 `inet6_route_address` 已合并为 `route_address`,
|
||||||
`inet4_route_exclude_address` 和 `inet6_route_exclude_address` 已合并为 `route_exclude_address`。
|
`inet4_route_exclude_address` 和 `inet6_route_exclude_address` 已合并为 `route_exclude_address`。
|
||||||
|
|
||||||
旧字段已废弃,且将在 sing-box 1.11.0 中被移除。
|
旧字段将在 sing-box 1.11.0 中被移除。
|
||||||
|
|
||||||
#### 移除对 go1.18 和 go1.19 的支持
|
#### 移除对 go1.18 和 go1.19 的支持
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,212 @@
|
||||||
icon: material/arrange-bring-forward
|
icon: material/arrange-bring-forward
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## 1.11.0
|
||||||
|
|
||||||
|
### Migrate legacy special outbounds to rule actions
|
||||||
|
|
||||||
|
Legacy special outbounds are deprecated and can be replaced by rule actions.
|
||||||
|
|
||||||
|
!!! info "References"
|
||||||
|
|
||||||
|
[Rule Action](/configuration/route/rule_action/) /
|
||||||
|
[Block](/configuration/outbound/block/) /
|
||||||
|
[DNS](/configuration/outbound/dns)
|
||||||
|
|
||||||
|
=== "Block"
|
||||||
|
|
||||||
|
=== ":material-card-remove: Deprecated"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "block",
|
||||||
|
"tag": "block"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"outbound": "block"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: New"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"action": "reject"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "DNS"
|
||||||
|
|
||||||
|
=== ":material-card-remove: Deprecated"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbound": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"sniff": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"tag": "dns",
|
||||||
|
"type": "dns"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: New"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"action": "sniff"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"action": "hijack-dns"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Migrate legacy inbound fields to rule actions
|
||||||
|
|
||||||
|
Inbound fields are deprecated and can be replaced by rule actions.
|
||||||
|
|
||||||
|
!!! info "References"
|
||||||
|
|
||||||
|
[Listen Fields](/configuration/inbound/listen/) /
|
||||||
|
[Rule](/configuration/route/rule/) /
|
||||||
|
[Rule Action](/configuration/route/rule_action/) /
|
||||||
|
[DNS Rule](/configuration/dns/rule/) /
|
||||||
|
[DNS Rule Action](/configuration/dns/rule_action/)
|
||||||
|
|
||||||
|
=== ":material-card-remove: Deprecated"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"sniff": true,
|
||||||
|
"sniff_timeout": "1s",
|
||||||
|
"domain_strategy": "prefer_ipv4"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: New"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"tag": "in"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"inbound": "in",
|
||||||
|
"action": "resolve",
|
||||||
|
"strategy": "prefer_ipv4"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"inbound": "in",
|
||||||
|
"action": "sniff",
|
||||||
|
"timeout": "1s"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Migrate legacy DNS route options to rule actions
|
||||||
|
|
||||||
|
Legacy DNS route options are deprecated and can be replaced by rule actions.
|
||||||
|
|
||||||
|
!!! info "References"
|
||||||
|
|
||||||
|
[DNS Rule](/configuration/dns/rule/) /
|
||||||
|
[DNS Rule Action](/configuration/dns/rule_action/)
|
||||||
|
|
||||||
|
=== ":material-card-remove: Deprecated"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"server": "local",
|
||||||
|
"disable_cache": true,
|
||||||
|
"rewrite_ttl": 600,
|
||||||
|
"client_subnet": "1.1.1.1/24"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: New"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"action": "route-options",
|
||||||
|
"disable_cache": true,
|
||||||
|
"rewrite_ttl": 600,
|
||||||
|
"client_subnet": "1.1.1.1/24"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"server": "local"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## 1.10.0
|
## 1.10.0
|
||||||
|
|
||||||
### TUN address fields are merged
|
### TUN address fields are merged
|
||||||
|
@ -10,8 +216,6 @@ icon: material/arrange-bring-forward
|
||||||
`inet4_route_address` and `inet6_route_address` are merged into `route_address`,
|
`inet4_route_address` and `inet6_route_address` are merged into `route_address`,
|
||||||
`inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
|
`inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
|
||||||
|
|
||||||
Old fields are deprecated and will be removed in sing-box 1.11.0.
|
|
||||||
|
|
||||||
!!! info "References"
|
!!! info "References"
|
||||||
|
|
||||||
[TUN](/configuration/inbound/tun/)
|
[TUN](/configuration/inbound/tun/)
|
||||||
|
|
|
@ -2,6 +2,212 @@
|
||||||
icon: material/arrange-bring-forward
|
icon: material/arrange-bring-forward
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## 1.11.0
|
||||||
|
|
||||||
|
### 迁移旧的特殊出站到规则动作
|
||||||
|
|
||||||
|
旧的特殊出站已被弃用,且可以被规则动作替代。
|
||||||
|
|
||||||
|
!!! info "参考"
|
||||||
|
|
||||||
|
[规则动作](/zh/configuration/route/rule_action/) /
|
||||||
|
[Block](/zh/configuration/outbound/block/) /
|
||||||
|
[DNS](/zh/configuration/outbound/dns)
|
||||||
|
|
||||||
|
=== "Block"
|
||||||
|
|
||||||
|
=== ":material-card-remove: 弃用的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"type": "block",
|
||||||
|
"tag": "block"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"outbound": "block"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: 新的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"action": "reject"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "DNS"
|
||||||
|
|
||||||
|
=== ":material-card-remove: 弃用的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbound": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"sniff": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"tag": "dns",
|
||||||
|
"type": "dns"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"outbound": "dns"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: 新的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"action": "sniff"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"protocol": "dns",
|
||||||
|
"action": "hijack-dns"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### 迁移旧的入站字段到规则动作
|
||||||
|
|
||||||
|
入站选项已被弃用,且可以被规则动作替代。
|
||||||
|
|
||||||
|
!!! info "参考"
|
||||||
|
|
||||||
|
[监听字段](/zh/configuration/shared/listen/) /
|
||||||
|
[规则](/zh/configuration/route/rule/) /
|
||||||
|
[规则动作](/zh/configuration/route/rule_action/) /
|
||||||
|
[DNS 规则](/zh/configuration/dns/rule/) /
|
||||||
|
[DNS 规则动作](/zh/configuration/dns/rule_action/)
|
||||||
|
|
||||||
|
=== ":material-card-remove: 弃用的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"sniff": true,
|
||||||
|
"sniff_timeout": "1s",
|
||||||
|
"domain_strategy": "prefer_ipv4"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: New"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "mixed",
|
||||||
|
"tag": "in"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"route": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
"inbound": "in",
|
||||||
|
"action": "resolve",
|
||||||
|
"strategy": "prefer_ipv4"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"inbound": "in",
|
||||||
|
"action": "sniff",
|
||||||
|
"timeout": "1s"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### 迁移旧的 DNS 路由选项到规则动作
|
||||||
|
|
||||||
|
旧的 DNS 路由选项已被弃用,且可以被规则动作替代。
|
||||||
|
|
||||||
|
!!! info "参考"
|
||||||
|
|
||||||
|
[DNS 规则](/zh/configuration/dns/rule/) /
|
||||||
|
[DNS 规则动作](/zh/configuration/dns/rule_action/)
|
||||||
|
|
||||||
|
=== ":material-card-remove: 弃用的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"server": "local",
|
||||||
|
"disable_cache": true,
|
||||||
|
"rewrite_ttl": 600,
|
||||||
|
"client_subnet": "1.1.1.1/24"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
=== ":material-card-multiple: 新的"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"dns": {
|
||||||
|
"rules": [
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"action": "route-options",
|
||||||
|
"disable_cache": true,
|
||||||
|
"rewrite_ttl": 600,
|
||||||
|
"client_subnet": "1.1.1.1/24"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
...,
|
||||||
|
|
||||||
|
"server": "local"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
## 1.10.0
|
## 1.10.0
|
||||||
|
|
||||||
### TUN 地址字段已合并
|
### TUN 地址字段已合并
|
||||||
|
|
|
@ -82,6 +82,7 @@ nav:
|
||||||
- configuration/dns/index.md
|
- configuration/dns/index.md
|
||||||
- DNS Server: configuration/dns/server.md
|
- DNS Server: configuration/dns/server.md
|
||||||
- DNS Rule: configuration/dns/rule.md
|
- DNS Rule: configuration/dns/rule.md
|
||||||
|
- DNS Rule Action: configuration/dns/rule_action.md
|
||||||
- FakeIP: configuration/dns/fakeip.md
|
- FakeIP: configuration/dns/fakeip.md
|
||||||
- NTP:
|
- NTP:
|
||||||
- configuration/ntp/index.md
|
- configuration/ntp/index.md
|
||||||
|
@ -90,6 +91,7 @@ nav:
|
||||||
- GeoIP: configuration/route/geoip.md
|
- GeoIP: configuration/route/geoip.md
|
||||||
- Geosite: configuration/route/geosite.md
|
- Geosite: configuration/route/geosite.md
|
||||||
- Route Rule: configuration/route/rule.md
|
- Route Rule: configuration/route/rule.md
|
||||||
|
- Rule Action: configuration/route/rule_action.md
|
||||||
- Protocol Sniff: configuration/route/sniff.md
|
- Protocol Sniff: configuration/route/sniff.md
|
||||||
- Rule Set:
|
- Rule Set:
|
||||||
- configuration/rule-set/index.md
|
- configuration/rule-set/index.md
|
||||||
|
@ -218,9 +220,11 @@ plugins:
|
||||||
Log: 日志
|
Log: 日志
|
||||||
DNS Server: DNS 服务器
|
DNS Server: DNS 服务器
|
||||||
DNS Rule: DNS 规则
|
DNS Rule: DNS 规则
|
||||||
|
DNS Rule Action: DNS 规则动作
|
||||||
|
|
||||||
Route: 路由
|
Route: 路由
|
||||||
Route Rule: 路由规则
|
Route Rule: 路由规则
|
||||||
|
Rule Action: 规则动作
|
||||||
Protocol Sniff: 协议探测
|
Protocol Sniff: 协议探测
|
||||||
|
|
||||||
Rule Set: 规则集
|
Rule Set: 规则集
|
||||||
|
|
|
@ -34,7 +34,7 @@ func (h *Inbound) UnmarshalJSONContext(ctx context.Context, content []byte) erro
|
||||||
}
|
}
|
||||||
registry := service.FromContext[InboundOptionsRegistry](ctx)
|
registry := service.FromContext[InboundOptionsRegistry](ctx)
|
||||||
if registry == nil {
|
if registry == nil {
|
||||||
return E.New("missing inbound options registry in context")
|
return E.New("missing Inbound fields registry in context")
|
||||||
}
|
}
|
||||||
options, loaded := registry.CreateOptions(h.Type)
|
options, loaded := registry.CreateOptions(h.Type)
|
||||||
if !loaded {
|
if !loaded {
|
||||||
|
|
|
@ -148,9 +148,6 @@ func (r *RouteActionOptions) UnmarshalJSON(data []byte) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if r.Outbound == "" {
|
|
||||||
return E.New("missing outbound")
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,9 +186,6 @@ func (r *DNSRouteActionOptions) UnmarshalJSONContext(ctx context.Context, data [
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if r.Server == "" {
|
|
||||||
return E.New("missing server")
|
|
||||||
}
|
|
||||||
if r.DisableCache || r.RewriteTTL != nil || r.ClientSubnet != nil {
|
if r.DisableCache || r.RewriteTTL != nil || r.ClientSubnet != nil {
|
||||||
deprecated.Report(ctx, deprecated.OptionLegacyDNSRouteOptions)
|
deprecated.Report(ctx, deprecated.OptionLegacyDNSRouteOptions)
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,7 +76,7 @@ func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata ad
|
||||||
metadata.Network = N.NetworkTCP
|
metadata.Network = N.NetworkTCP
|
||||||
switch metadata.Destination.Fqdn {
|
switch metadata.Destination.Fqdn {
|
||||||
case mux.Destination.Fqdn:
|
case mux.Destination.Fqdn:
|
||||||
return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in inbound options instead.")
|
return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in Inbound fields instead.")
|
||||||
case vmess.MuxDestination.Fqdn:
|
case vmess.MuxDestination.Fqdn:
|
||||||
return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.")
|
return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.")
|
||||||
case uot.MagicAddress:
|
case uot.MagicAddress:
|
||||||
|
|
Loading…
Reference in a new issue