black-internet-days-ahead/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2024-11-25 10:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update documentation

Browse source
This commit is contained in:
世界 2022-09-09 15:40:35 +08:00
parent aa7e85caa7
commit 8d044232af
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
12 changed files with 180 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
constant/version.go
View file

@ -1,6 +1,6 @@
package constant package constant
var ( var (
Version = "1.0.1" Version = "1.1-beta1"
Commit = "" Commit = ""
) )

43
docs/changelog.md
View file

@ -1,3 +1,46 @@
#### 1.1-beta1
* Add support for use with android VPNService **1**
* Add tun support for WireGuard outbound **2**
* Add system tun stack **3**
* Add comment filter for config **4**
* Add option for allow optional proxy protocol header
* Add half close for smux
* Set UDP DF by default **5**
* Set default tun mtu to 9000
* Update gVisor to 20220905.0
*1*:
In previous versions, Android VPN would not work with tun enabled.
The usage of tun over VPN and VPN over tun is now supported, see [Tun Inbound](/configuration/inbound/tun#auto_route).
*2*:
In previous releases, WireGuard outbound support was backed by the lower performance gVisor virtual interface.
It achieves the same performance as wireguard-go by providing automatic system interface support.
*3*:
It does not depend on gVisor and has better performance in some cases.
It is less compatible and may not be available in some environments.
*4*:
Annotated json configuration files are now supported.
*5*:
UDP fragmentation is now blocked by default.
Including shadowsocks-libev, shadowsocks-rust and quic-go all disable segmentation by default.
See [Dial Fields](/configuration/shared/dial#udp_fragment)
and [Listen Fields](/configuration/shared/listen#udp_fragment).
#### 1.0.1 #### 1.0.1
* Fix match 4in6 address in ip_cidr * Fix match 4in6 address in ip_cidr

19
docs/configuration/inbound/tun.md
View file

@ -12,7 +12,7 @@
"interface_name": "tun0", "interface_name": "tun0",
"inet4_address": "172.19.0.1/30", "inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/128", "inet6_address": "fdfe:dcba:9876::1/128",
"mtu": 1500, "mtu": 9000,
"auto_route": true, "auto_route": true,
"strict_route": true, "strict_route": true,
"endpoint_independent_nat": false, "endpoint_independent_nat": false,
@ -80,6 +80,10 @@ Set the default route to the Tun.
To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface` To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface`
!!! note "Use with Android VPN"
By default, VPN takes precedence over tun. To make tun go through VPN, enable `route.override_android_vpn`.
#### strict_route #### strict_route
Enforce strict routing rules in Linux when `auto_route` is enabled: Enforce strict routing rules in Linux when `auto_route` is enabled:
@ -92,6 +96,10 @@ not be accessible by others.
#### endpoint_independent_nat #### endpoint_independent_nat
!!! info ""
This item is only available on the gvisor stack, other stacks are endpoint-independent NAT by default.
Enable endpoint-independent NAT. Enable endpoint-independent NAT.
Performance may degrade slightly, so it is not recommended to enable on when it is not needed. Performance may degrade slightly, so it is not recommended to enable on when it is not needed.
@ -104,10 +112,11 @@ UDP NAT expiration time in seconds, default is 300 (5 minutes).
TCP/IP stack. TCP/IP stack.
| Stack | Upstream | Status | | Stack | Description | Status |
|------------------|-----------------------------------------------------------------------|-------------------| |------------------|--------------------------------------------------------------------------------|-------------------|
| gVisor (default) | [google/gvisor](https://github.com/google/gvisor) | recommended | | gVisor (default) | Based on [google/gvisor](https://github.com/google/gvisor) | recommended |
| LWIP | [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived | | system | Less compatibility and sometimes better performance. | recommended |
| LWIP | Based on [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived |
!!! warning "" !!! warning ""

15
docs/configuration/inbound/tun.zh.md
View file

@ -12,7 +12,7 @@
"interface_name": "tun0", "interface_name": "tun0",
"inet4_address": "172.19.0.1/30", "inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/128", "inet6_address": "fdfe:dcba:9876::1/128",
"mtu": 1500, "mtu": 9000,
"auto_route": true, "auto_route": true,
"strict_route": true, "strict_route": true,
"endpoint_independent_nat": false, "endpoint_independent_nat": false,
@ -80,6 +80,10 @@ tun 接口的 IPv6 前缀。
为避免流量环回,请设置 `route.auto_detect_interface``route.default_interface``outbound.bind_interface` 为避免流量环回,请设置 `route.auto_detect_interface``route.default_interface``outbound.bind_interface`
!!! note "与 Android VPN 一起使用"
VPN 默认优先于 tun。要使 tun 经过 VPN启用 `route.override_android_vpn`
#### strict_route #### strict_route
在 Linux 中启用 `auto_route` 时执行严格的路由规则。 在 Linux 中启用 `auto_route` 时执行严格的路由规则。
@ -103,10 +107,11 @@ UDP NAT 过期时间,以秒为单位,默认为 3005 分钟)。
TCP/IP 栈。 TCP/IP 栈。
| 栈 | 上游 | 状态 | | 栈 | 描述 | 状态 |
|------------------|-----------------------------------------------------------------------|-------| |------------------|--------------------------------------------------------------------------|-------|
| gVisor (default) | [google/gvisor](https://github.com/google/gvisor) | 推荐 | | gVisor (default) | 基于 [google/gvisor](https://github.com/google/gvisor) | 推荐 |
| LWIP | [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 | | system | 兼容性较差,有时性能更好。 | 推荐 |
| LWIP | 基于 [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 |
!!! warning "" !!! warning ""

12
docs/configuration/outbound/wireguard.md
View file

@ -7,6 +7,8 @@
"server": "127.0.0.1", "server": "127.0.0.1",
"server_port": 1080, "server_port": 1080,
"system_interface": false,
"interface_name": "wg0",
"local_address": [ "local_address": [
"10.0.0.2/32" "10.0.0.2/32"
], ],
@ -38,6 +40,16 @@ The server address.
The server port. The server port.
#### system_interface
Use system tun support.
Requires privileges and cannot conflict with system interfaces.
#### interface_name
Custom device name when `system_interface` enabled.
#### local_address #### local_address
==Required== ==Required==

12
docs/configuration/outbound/wireguard.zh.md
View file

@ -7,6 +7,8 @@
"server": "127.0.0.1", "server": "127.0.0.1",
"server_port": 1080, "server_port": 1080,
"system_interface": false,
"interface_name": "wg0",
"local_address": [ "local_address": [
"10.0.0.2/32" "10.0.0.2/32"
], ],
@ -38,6 +40,16 @@
服务器端口。 服务器端口。
#### system_interface
使用系统 tun 支持。
需要特权且不能与系统接口冲突。
#### interface_name
启用 `system_interface` 时的自定义设备名称。
#### local_address #### local_address
==必填== ==必填==

13
docs/configuration/route/index.md
View file

@ -10,6 +10,7 @@
"rules": [], "rules": [],
"final": "", "final": "",
"auto_detect_interface": false, "auto_detect_interface": false,
"override_android_vpn": false,
"default_interface": "en0", "default_interface": "en0",
"default_mark": 233 "default_mark": 233
} }
@ -34,17 +35,25 @@ Default outbound tag. the first outbound will be used if empty.
Only supported on Linux, Windows and macOS. Only supported on Linux, Windows and macOS.
Bind outbound connections to the default NIC by default to prevent routing loops under Tun. Bind outbound connections to the default NIC by default to prevent routing loops under tun.
Takes no effect if `outbound.bind_interface` is set. Takes no effect if `outbound.bind_interface` is set.
#### override_android_vpn
!!! error ""
Only supported on Android.
Accept Android VPN as upstream NIC when `auto_detect_interface` enabled.
#### default_interface #### default_interface
!!! error "" !!! error ""
Only supported on Linux, Windows and macOS. Only supported on Linux, Windows and macOS.
Bind outbound connections to the specified NIC by default to prevent routing loops under Tun. Bind outbound connections to the specified NIC by default to prevent routing loops under tun.
Takes no effect if `auto_detect_interface` is set. Takes no effect if `auto_detect_interface` is set.

13
docs/configuration/route/index.zh.md
View file

@ -10,6 +10,7 @@
"rules": [], "rules": [],
"final": "", "final": "",
"auto_detect_interface": false, "auto_detect_interface": false,
"override_android_vpn": false,
"default_interface": "en0", "default_interface": "en0",
"default_mark": 233 "default_mark": 233
} }
@ -34,17 +35,25 @@
仅支持 Linux、Windows 和 macOS。 仅支持 Linux、Windows 和 macOS。
默认将出站连接绑定到默认网卡,以防止在 Tun 下出现路由环路。 默认将出站连接绑定到默认网卡,以防止在 tun 下出现路由环路。
如果设置了 `outbound.bind_interface` 设置,则不生效。 如果设置了 `outbound.bind_interface` 设置,则不生效。
#### override_android_vpn
!!! error ""
仅支持 Android。
启用 `auto_detect_interface` 时接受 Android VPN 作为上游网卡。
#### default_interface #### default_interface
!!! error "" !!! error ""
仅支持 Linux、Windows 和 macOS。 仅支持 Linux、Windows 和 macOS。
默认将出站连接绑定到指定网卡,以防止在 Tun 下出现路由环路。 默认将出站连接绑定到指定网卡,以防止在 tun 下出现路由环路。
如果设置了 `auto_detect_interface` 设置,则不生效。 如果设置了 `auto_detect_interface` 设置,则不生效。

15
docs/configuration/shared/dial.md
View file

@ -9,6 +9,7 @@
"reuse_addr": false, "reuse_addr": false,
"connect_timeout": "5s", "connect_timeout": "5s",
"tcp_fast_open": false, "tcp_fast_open": false,
"udp_fragment": false,
"domain_strategy": "prefer_ipv6", "domain_strategy": "prefer_ipv6",
"fallback_delay": "300ms" "fallback_delay": "300ms"
} }
@ -16,9 +17,9 @@
### Fields ### Fields
| Field | Available Context | | Field | Available Context |
|-----------------------------------------------------------------------------------|-------------------| |---------------------------------------------------------------------------------------------------------------------|-------------------|
| `bind_interface` /`bind_address` /`routing_mark` /`reuse_addr` /`connect_timeout` | `detour` not set | | `bind_interface` /`bind_address` /`routing_mark` /`reuse_addr` / `tcp_fast_open`/ `udp_fragment` /`connect_timeout` | `detour` not set |
#### detour #### detour
@ -44,6 +45,14 @@ Set netfilter routing mark.
Reuse listener address. Reuse listener address.
#### tcp_fast_open
Enable TCP Fast Open.
#### udp_fragment
Enable UDP fragmentation.
#### connect_timeout #### connect_timeout
Connect timeout, in golang's Duration format. Connect timeout, in golang's Duration format.

14
docs/configuration/shared/dial.zh.md
View file

@ -9,6 +9,7 @@
"reuse_addr": false, "reuse_addr": false,
"connect_timeout": "5s", "connect_timeout": "5s",
"tcp_fast_open": false, "tcp_fast_open": false,
"udp_fragment": false,
"domain_strategy": "prefer_ipv6", "domain_strategy": "prefer_ipv6",
"fallback_delay": "300ms" "fallback_delay": "300ms"
} }
@ -16,6 +17,11 @@
### 字段 ### 字段
| 字段 | 可用上下文 |
|---------------------------------------------------------------------------------------------------------------------|--------------|
| `bind_interface` /`bind_address` /`routing_mark` /`reuse_addr` / `tcp_fast_open`/ `udp_fragment` /`connect_timeout` | `detour` 未设置 |
#### detour #### detour
上游出站的标签。 上游出站的标签。
@ -42,6 +48,14 @@
重用监听地址。 重用监听地址。
#### tcp_fast_open
启用 TCP Fast Open。
#### udp_fragment
启用 UDP 分段。
#### connect_timeout #### connect_timeout
连接超时,采用 golang 的 Duration 格式。 连接超时,采用 golang 的 Duration 格式。

27
docs/configuration/shared/listen.md
View file

@ -5,24 +5,27 @@
"listen": "::", "listen": "::",
"listen_port": 5353, "listen_port": 5353,
"tcp_fast_open": false, "tcp_fast_open": false,
"udp_fragment": false,
"sniff": false, "sniff": false,
"sniff_override_destination": false, "sniff_override_destination": false,
"domain_strategy": "prefer_ipv6", "domain_strategy": "prefer_ipv6",
"udp_timeout": 300, "udp_timeout": 300,
"proxy_protocol": false, "proxy_protocol": false,
"proxy_protocol_accept_no_header": false,
"detour": "another-in" "detour": "another-in"
} }
``` ```
### Fields ### Fields
| Field | Available Context | | Field | Available Context |
|------------------|-------------------------------------------------------------------| |-----------------------------------|-------------------------------------------------------------------|
| `listen` | Needs to listen on TCP or UDP. | | `listen` | Needs to listen on TCP or UDP. |
| `listen_port` | Needs to listen on TCP or UDP. | | `listen_port` | Needs to listen on TCP or UDP. |
| `tcp_fast_open` | Needs to listen on TCP. | | `tcp_fast_open` | Needs to listen on TCP. |
| `udp_timeout` | Needs to assemble UDP connections, currently Tun and Shadowsocks. | | `udp_timeout` | Needs to assemble UDP connections, currently Tun and Shadowsocks. |
| `proxy_protocol` | Needs to listen on TCP. | | `proxy_protocol` | Needs to listen on TCP. |
| `proxy_protocol_accept_no_header` | When `proxy_protocol` enabled |
#### listen #### listen
@ -36,7 +39,11 @@ Listen port.
#### tcp_fast_open #### tcp_fast_open
Enable tcp fast open for listener. Enable TCP Fast Open.
#### udp_fragment
Enable UDP fragmentation.
#### sniff #### sniff
@ -66,6 +73,10 @@ UDP NAT expiration time in seconds, default is 300 (5 minutes).
Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header. Parse [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) in the connection header.
#### proxy_protocol_accept_no_header
Accept connections without Proxy Protocol header.
#### detour #### detour
If set, connections will be forwarded to the specified inbound. If set, connections will be forwarded to the specified inbound.

29
docs/configuration/shared/listen.zh.md
View file

@ -5,21 +5,26 @@
"listen": "::", "listen": "::",
"listen_port": 5353, "listen_port": 5353,
"tcp_fast_open": false, "tcp_fast_open": false,
"udp_fragment": false,
"sniff": false, "sniff": false,
"sniff_override_destination": false, "sniff_override_destination": false,
"domain_strategy": "prefer_ipv6", "domain_strategy": "prefer_ipv6",
"udp_timeout": 300, "udp_timeout": 300,
"proxy_protocol": false,
"proxy_protocol_accept_no_header": false,
"detour": "another-in" "detour": "another-in"
} }
``` ```
| 字段 | 可用上下文 |
|------------------|-------------------------------------| | 字段 | 可用上下文 |
| `listen` | 需要监听 TCP 或 UDP。 | |-----------------------------------|-------------------------------------|
| `listen_port` | 需要监听 TCP 或 UDP。 | | `listen` | 需要监听 TCP 或 UDP。 |
| `tcp_fast_open` | 需要监听 TCP。 | | `listen_port` | 需要监听 TCP 或 UDP。 |
| `udp_timeout` | 需要组装 UDP 连接, 当前为 Tun 和 Shadowsocks。 | | `tcp_fast_open` | 需要监听 TCP。 |
| `proxy_protocol` | 需要监听 TCP。 | | `udp_timeout` | 需要组装 UDP 连接, 当前为 Tun 和 Shadowsocks。 |
| `proxy_protocol` | 需要监听 TCP。 |
| `proxy_protocol_accept_no_header` | `proxy_protocol` 启用时 |
### 字段 ### 字段
@ -35,7 +40,11 @@
#### tcp_fast_open #### tcp_fast_open
为监听器启用 TCP 快速打开。 启用 TCP Fast Open。
#### udp_fragment
启用 UDP 分段。
#### sniff #### sniff
@ -65,6 +74,10 @@ UDP NAT 过期时间,以秒为单位,默认为 3005 分钟)。
解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。 解析连接头中的 [代理协议](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)。
#### proxy_protocol_accept_no_header
接受没有代理协议标头的连接。
#### detour #### detour
如果设置,连接将被转发到指定的入站。 如果设置,连接将被转发到指定的入站。