From 71d1879bd6c4c1868a25e4be6d6897febc23861d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Wed, 21 Feb 2024 14:27:55 +0800 Subject: [PATCH] Fix missing `rule_set_ipcidr_match_source` item in DNS rules --- docs/configuration/dns/rule.md | 8 +++ docs/configuration/dns/rule.zh.md | 8 +++ docs/configuration/route/rule.md | 1 + docs/configuration/route/rule.zh.md | 1 + docs/configuration/rule-set/headless-rule.md | 2 +- option/rule_dns.go | 73 ++++++++++---------- route/rule_dns.go | 4 +- route/rule_item_rule_set.go | 5 +- 8 files changed, 62 insertions(+), 40 deletions(-) diff --git a/docs/configuration/dns/rule.md b/docs/configuration/dns/rule.md index 84b9b669..40dce7fd 100644 --- a/docs/configuration/dns/rule.md +++ b/docs/configuration/dns/rule.md @@ -8,6 +8,7 @@ icon: material/new-box :material-plus: [ip_cidr](#ip_cidr) :material-plus: [ip_is_private](#ip_is_private) :material-plus: [client_subnet](#client_subnet) + :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) !!! quote "Changes in sing-box 1.8.0" @@ -116,6 +117,7 @@ icon: material/new-box "geoip-cn", "geosite-cn" ], + "rule_set_ipcidr_match_source": false, "invert": false, "outbound": [ "direct" @@ -303,6 +305,12 @@ Match WiFi BSSID. Match [Rule Set](/configuration/route/#rule_set). +#### rule_set_ipcidr_match_source + +!!! question "Since sing-box 1.9.0" + +Make `ipcidr` in rule sets match the source IP. + #### invert Invert match result. diff --git a/docs/configuration/dns/rule.zh.md b/docs/configuration/dns/rule.zh.md index c7977bc1..f27aac9a 100644 --- a/docs/configuration/dns/rule.zh.md +++ b/docs/configuration/dns/rule.zh.md @@ -8,6 +8,7 @@ icon: material/new-box :material-plus: [ip_cidr](#ip_cidr) :material-plus: [ip_is_private](#ip_is_private) :material-plus: [client_subnet](#client_subnet) + :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) !!! quote "sing-box 1.8.0 中的更改" @@ -116,6 +117,7 @@ icon: material/new-box "geoip-cn", "geosite-cn" ], + "rule_set_ipcidr_match_source": false, "invert": false, "outbound": [ "direct" @@ -301,6 +303,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。 匹配[规则集](/zh/configuration/route/#rule_set)。 +#### rule_set_ipcidr_match_source + +!!! question "自 sing-box 1.9.0 起" + +使规则集中的 `ipcidr` 规则匹配源 IP。 + #### invert 反选匹配结果。 diff --git a/docs/configuration/route/rule.md b/docs/configuration/route/rule.md index b21bf658..be9ee4cc 100644 --- a/docs/configuration/route/rule.md +++ b/docs/configuration/route/rule.md @@ -105,6 +105,7 @@ "geoip-cn", "geosite-cn" ], + "rule_set_ipcidr_match_source": false, "invert": false, "outbound": "direct" }, diff --git a/docs/configuration/route/rule.zh.md b/docs/configuration/route/rule.zh.md index 3f8b4715..881f97b0 100644 --- a/docs/configuration/route/rule.zh.md +++ b/docs/configuration/route/rule.zh.md @@ -103,6 +103,7 @@ "geoip-cn", "geosite-cn" ], + "rule_set_ipcidr_match_source": false, "invert": false, "outbound": "direct" }, diff --git a/docs/configuration/rule-set/headless-rule.md b/docs/configuration/rule-set/headless-rule.md index 99984899..9109841f 100644 --- a/docs/configuration/rule-set/headless-rule.md +++ b/docs/configuration/rule-set/headless-rule.md @@ -124,7 +124,7 @@ Match source IP CIDR. !!! info "" - `ip_cidr` is an alias for `source_ip_cidr` when the Rule Set is used in DNS rules or `rule_set_ipcidr_match_source` enabled in route rules. + `ip_cidr` is an alias for `source_ip_cidr` when `rule_set_ipcidr_match_source` enabled in route/DNS rules. Match IP CIDR. diff --git a/option/rule_dns.go b/option/rule_dns.go index dc5e5c2b..ababea41 100644 --- a/option/rule_dns.go +++ b/option/rule_dns.go @@ -65,42 +65,43 @@ func (r DNSRule) IsValid() bool { } type DefaultDNSRule struct { - Inbound Listable[string] `json:"inbound,omitempty"` - IPVersion int `json:"ip_version,omitempty"` - QueryType Listable[DNSQueryType] `json:"query_type,omitempty"` - Network Listable[string] `json:"network,omitempty"` - AuthUser Listable[string] `json:"auth_user,omitempty"` - Protocol Listable[string] `json:"protocol,omitempty"` - Domain Listable[string] `json:"domain,omitempty"` - DomainSuffix Listable[string] `json:"domain_suffix,omitempty"` - DomainKeyword Listable[string] `json:"domain_keyword,omitempty"` - DomainRegex Listable[string] `json:"domain_regex,omitempty"` - Geosite Listable[string] `json:"geosite,omitempty"` - SourceGeoIP Listable[string] `json:"source_geoip,omitempty"` - GeoIP Listable[string] `json:"geoip,omitempty"` - IPCIDR Listable[string] `json:"ip_cidr,omitempty"` - IPIsPrivate bool `json:"ip_is_private,omitempty"` - SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"` - SourceIPIsPrivate bool `json:"source_ip_is_private,omitempty"` - SourcePort Listable[uint16] `json:"source_port,omitempty"` - SourcePortRange Listable[string] `json:"source_port_range,omitempty"` - Port Listable[uint16] `json:"port,omitempty"` - PortRange Listable[string] `json:"port_range,omitempty"` - ProcessName Listable[string] `json:"process_name,omitempty"` - ProcessPath Listable[string] `json:"process_path,omitempty"` - PackageName Listable[string] `json:"package_name,omitempty"` - User Listable[string] `json:"user,omitempty"` - UserID Listable[int32] `json:"user_id,omitempty"` - Outbound Listable[string] `json:"outbound,omitempty"` - ClashMode string `json:"clash_mode,omitempty"` - WIFISSID Listable[string] `json:"wifi_ssid,omitempty"` - WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"` - RuleSet Listable[string] `json:"rule_set,omitempty"` - Invert bool `json:"invert,omitempty"` - Server string `json:"server,omitempty"` - DisableCache bool `json:"disable_cache,omitempty"` - RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"` - ClientSubnet *ListenAddress `json:"client_subnet,omitempty"` + Inbound Listable[string] `json:"inbound,omitempty"` + IPVersion int `json:"ip_version,omitempty"` + QueryType Listable[DNSQueryType] `json:"query_type,omitempty"` + Network Listable[string] `json:"network,omitempty"` + AuthUser Listable[string] `json:"auth_user,omitempty"` + Protocol Listable[string] `json:"protocol,omitempty"` + Domain Listable[string] `json:"domain,omitempty"` + DomainSuffix Listable[string] `json:"domain_suffix,omitempty"` + DomainKeyword Listable[string] `json:"domain_keyword,omitempty"` + DomainRegex Listable[string] `json:"domain_regex,omitempty"` + Geosite Listable[string] `json:"geosite,omitempty"` + SourceGeoIP Listable[string] `json:"source_geoip,omitempty"` + GeoIP Listable[string] `json:"geoip,omitempty"` + IPCIDR Listable[string] `json:"ip_cidr,omitempty"` + IPIsPrivate bool `json:"ip_is_private,omitempty"` + SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"` + SourceIPIsPrivate bool `json:"source_ip_is_private,omitempty"` + SourcePort Listable[uint16] `json:"source_port,omitempty"` + SourcePortRange Listable[string] `json:"source_port_range,omitempty"` + Port Listable[uint16] `json:"port,omitempty"` + PortRange Listable[string] `json:"port_range,omitempty"` + ProcessName Listable[string] `json:"process_name,omitempty"` + ProcessPath Listable[string] `json:"process_path,omitempty"` + PackageName Listable[string] `json:"package_name,omitempty"` + User Listable[string] `json:"user,omitempty"` + UserID Listable[int32] `json:"user_id,omitempty"` + Outbound Listable[string] `json:"outbound,omitempty"` + ClashMode string `json:"clash_mode,omitempty"` + WIFISSID Listable[string] `json:"wifi_ssid,omitempty"` + WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"` + RuleSet Listable[string] `json:"rule_set,omitempty"` + RuleSetIPCIDRMatchSource bool `json:"rule_set_ipcidr_match_source,omitempty"` + Invert bool `json:"invert,omitempty"` + Server string `json:"server,omitempty"` + DisableCache bool `json:"disable_cache,omitempty"` + RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"` + ClientSubnet *ListenAddress `json:"client_subnet,omitempty"` } func (r DefaultDNSRule) IsValid() bool { diff --git a/route/rule_dns.go b/route/rule_dns.go index 760ff910..7501349f 100644 --- a/route/rule_dns.go +++ b/route/rule_dns.go @@ -219,7 +219,7 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options rule.allItems = append(rule.allItems, item) } if len(options.RuleSet) > 0 { - item := NewRuleSetItem(router, options.RuleSet, false) + item := NewRuleSetItem(router, options.RuleSet, options.RuleSetIPCIDRMatchSource) rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } @@ -247,7 +247,7 @@ func (r *DefaultDNSRule) WithAddressLimit() bool { if !isRuleSet { continue } - if ruleSet.ContainsIPCIDRRule() { + if ruleSet.ContainsDestinationIPCIDRRule() { return true } } diff --git a/route/rule_item_rule_set.go b/route/rule_item_rule_set.go index 8354e421..482a9c7b 100644 --- a/route/rule_item_rule_set.go +++ b/route/rule_item_rule_set.go @@ -47,7 +47,10 @@ func (r *RuleSetItem) Match(metadata *adapter.InboundContext) bool { return false } -func (r *RuleSetItem) ContainsIPCIDRRule() bool { +func (r *RuleSetItem) ContainsDestinationIPCIDRRule() bool { + if r.ipcidrMatchSource { + return false + } return common.Any(r.setList, func(ruleSet adapter.RuleSet) bool { return ruleSet.Metadata().ContainsIPCIDRRule })