From ed75e4498924ef51136749309730e48a291b474a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Wed, 6 Nov 2024 19:02:55 +0800 Subject: [PATCH] documentation: Add rule action --- docs/configuration/dns/rule.md | 48 +++-- docs/configuration/dns/rule.zh.md | 2 +- docs/configuration/dns/rule_action.md | 85 +++++++++ docs/configuration/dns/rule_action.zh.md | 86 +++++++++ docs/configuration/outbound/block.md | 10 +- docs/configuration/outbound/block.zh.md | 10 +- docs/configuration/outbound/dns.md | 8 + docs/configuration/outbound/dns.zh.md | 8 + docs/configuration/route/rule.md | 19 +- docs/configuration/route/rule.zh.md | 19 +- docs/configuration/route/rule_action.md | 139 ++++++++++++++ docs/configuration/route/rule_action.zh.md | 136 ++++++++++++++ docs/configuration/shared/listen.md | 34 +++- docs/configuration/shared/listen.zh.md | 32 ++++ docs/deprecated.md | 30 ++- docs/deprecated.zh.md | 25 ++- docs/migration.md | 208 ++++++++++++++++++++- docs/migration.zh.md | 206 ++++++++++++++++++++ mkdocs.yml | 4 + option/inbound.go | 2 +- option/rule_action.go | 6 - route/route.go | 2 +- 22 files changed, 1076 insertions(+), 43 deletions(-) create mode 100644 docs/configuration/dns/rule_action.md create mode 100644 docs/configuration/dns/rule_action.zh.md create mode 100644 docs/configuration/route/rule_action.md create mode 100644 docs/configuration/route/rule_action.zh.md diff --git a/docs/configuration/dns/rule.md b/docs/configuration/dns/rule.md index 715c3b7f..5cb24e81 100644 --- a/docs/configuration/dns/rule.md +++ b/docs/configuration/dns/rule.md @@ -2,6 +2,14 @@ icon: material/new-box --- +!!! quote "Changes in sing-box 1.11.0" + + :material-plus: [action](#action) + :material-alert: [server](#server) + :material-alert: [disable_cache](#disable_cache) + :material-alert: [rewrite_ttl](#rewrite_ttl) + :material-alert: [client_subnet](#client_subnet) + !!! quote "Changes in sing-box 1.10.0" :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) @@ -14,7 +22,7 @@ icon: material/new-box :material-plus: [geoip](#geoip) :material-plus: [ip_cidr](#ip_cidr) :material-plus: [ip_is_private](#ip_is_private) - :material-plus: [client_subnet](#client_subnet) + :material-plus: [client_subnet](#client_subnet) :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) !!! quote "Changes in sing-box 1.8.0" @@ -135,19 +143,15 @@ icon: material/new-box "outbound": [ "direct" ], - "server": "local", - "disable_cache": false, - "rewrite_ttl": 100, - "client_subnet": "127.0.0.1/24" + "action": "route", + "server": "local" }, { "type": "logical", "mode": "and", "rules": [], - "server": "local", - "disable_cache": false, - "rewrite_ttl": 100, - "client_subnet": "127.0.0.1/24" + "action": "route", + "server": "local" } ] } @@ -354,29 +358,35 @@ Match outbound. `any` can be used as a value to match any outbound. -#### server +#### action ==Required== -Tag of the target dns server. +See [DNS Rule Actions](../rule_action/) for details. + +#### server + +!!! failure "Deprecated in sing-box 1.11.0" + + Moved to [DNS Rule Action](../rule_action#route). #### disable_cache -Disable cache and save cache in this query. +!!! failure "Deprecated in sing-box 1.11.0" + + Moved to [DNS Rule Action](../rule_action#route). #### rewrite_ttl -Rewrite TTL in DNS responses. +!!! failure "Deprecated in sing-box 1.11.0" + + Moved to [DNS Rule Action](../rule_action#route). #### client_subnet -!!! question "Since sing-box 1.9.0" +!!! failure "Deprecated in sing-box 1.11.0" -Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default. - -If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically. - -Will overrides `dns.client_subnet` and `servers.[].client_subnet`. + Moved to [DNS Rule Action](../rule_action#route). ### Address Filter Fields diff --git a/docs/configuration/dns/rule.zh.md b/docs/configuration/dns/rule.zh.md index b484cbed..205b01ae 100644 --- a/docs/configuration/dns/rule.zh.md +++ b/docs/configuration/dns/rule.zh.md @@ -14,7 +14,7 @@ icon: material/new-box :material-plus: [geoip](#geoip) :material-plus: [ip_cidr](#ip_cidr) :material-plus: [ip_is_private](#ip_is_private) - :material-plus: [client_subnet](#client_subnet) + :material-plus: [client_subnet](#client_subnet) :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) !!! quote "sing-box 1.8.0 中的更改" diff --git a/docs/configuration/dns/rule_action.md b/docs/configuration/dns/rule_action.md new file mode 100644 index 00000000..8943b653 --- /dev/null +++ b/docs/configuration/dns/rule_action.md @@ -0,0 +1,85 @@ +--- +icon: material/new-box +--- + +# DNS Rule Action + +!!! question "Since sing-box 1.11.0" + +### route + +```json +{ + "action": "route", // default + "server": "", + + // for compatibility + "disable_cache": false, + "rewrite_ttl": 0, + "client_subnet": null +} +``` + +`route` inherits the classic rule behavior of routing DNS requests to the specified server. + +#### server + +==Required== + +Tag of target server. + +#### disable_cache/rewrite_ttl/client_subnet + +!!! failure "Deprecated in sing-box 1.11.0" + + Legacy route options is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-legacy-dns-route-options-to-rule-actions). + +### route-options + +```json +{ + "action": "route-options", + "disable_cache": false, + "rewrite_ttl": null, + "client_subnet": null +} +``` + +#### disable_cache + +Disable cache and save cache in this query. + +#### rewrite_ttl + +Rewrite TTL in DNS responses. + +#### client_subnet + +Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default. + +If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically. + +Will overrides `dns.client_subnet` and `servers.[].client_subnet`. + +### reject + +```json +{ + "action": "reject", + "method": "default", // default + "no_drop": false +} +``` + +`reject` reject DNS requests. + +#### method + +- `default`: Reply with NXDOMAIN. +- `drop`: Drop the request. + +#### no_drop + +If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s. + +Not available when `method` is set to drop. diff --git a/docs/configuration/dns/rule_action.zh.md b/docs/configuration/dns/rule_action.zh.md new file mode 100644 index 00000000..8a9dc07e --- /dev/null +++ b/docs/configuration/dns/rule_action.zh.md @@ -0,0 +1,86 @@ +--- +icon: material/new-box +--- + +# DNS 规则动作 + +!!! question "自 sing-box 1.11.0 起" + +### route + +```json +{ + "action": "route", // 默认 + "server": "", + + // 兼容性 + "disable_cache": false, + "rewrite_ttl": 0, + "client_subnet": null +} +``` + +`route` 继承了将 DNS 请求 路由到指定服务器的经典规则动作。 + +#### server + +==必填== + +目标 DNS 服务器的标签。 + +#### disable_cache/rewrite_ttl/client_subnet + +!!! failure "自 sing-box 1.11.0 起" + + 旧的路由选项已弃用,且将在 sing-box 1.12.0 中移除,参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions). + +### route-options + +```json +{ + "action": "route-options", + "disable_cache": false, + "rewrite_ttl": null, + "client_subnet": null +} +``` + + +#### disable_cache + +在此查询中禁用缓存。 + +#### rewrite_ttl + +重写 DNS 回应中的 TTL。 + +#### client_subnet + +默认情况下,将带有指定 IP 前缀的 `edns0-subnet` OPT 附加记录附加到每个查询。 + +如果值是 IP 地址而不是前缀,则会自动附加 `/32` 或 `/128`。 + +将覆盖 `dns.client_subnet` 与 `servers.[].client_subnet`。 + +### reject + +```json +{ + "action": "reject", + "method": "default", // default + "no_drop": false +} +``` + +`reject` 拒绝 DNS 请求。 + +#### method + +- `default`: 返回 NXDOMAIN。 +- `drop`: 丢弃请求。 + +#### no_drop + +如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`。 + +当 `method` 设为 `drop` 时不可用。 diff --git a/docs/configuration/outbound/block.md b/docs/configuration/outbound/block.md index e27a4b3e..f29120cc 100644 --- a/docs/configuration/outbound/block.md +++ b/docs/configuration/outbound/block.md @@ -1,8 +1,14 @@ -`block` outbound closes all incoming requests. +--- +icon: material/delete-clock +--- + +!!! failure "Deprecated in sing-box 1.11.0" + + Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions). ### Structure -```json +```json F { "type": "block", "tag": "block" diff --git a/docs/configuration/outbound/block.zh.md b/docs/configuration/outbound/block.zh.md index bc0762e3..822478ce 100644 --- a/docs/configuration/outbound/block.zh.md +++ b/docs/configuration/outbound/block.zh.md @@ -1,3 +1,11 @@ +--- +icon: material/delete-clock +--- + +!!! failure "已在 sing-box 1.11.0 废弃" + + 旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions). + `block` 出站关闭所有传入请求。 ### 结构 @@ -11,4 +19,4 @@ ### 字段 -无字段。 \ No newline at end of file +无字段。 diff --git a/docs/configuration/outbound/dns.md b/docs/configuration/outbound/dns.md index 1f8c5477..d7336041 100644 --- a/docs/configuration/outbound/dns.md +++ b/docs/configuration/outbound/dns.md @@ -1,3 +1,11 @@ +--- +icon: material/delete-clock +--- + +!!! failure "Deprecated in sing-box 1.11.0" + + Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions). + `dns` outbound is a internal DNS server. ### Structure diff --git a/docs/configuration/outbound/dns.zh.md b/docs/configuration/outbound/dns.zh.md index 67538f6e..3db2fefb 100644 --- a/docs/configuration/outbound/dns.zh.md +++ b/docs/configuration/outbound/dns.zh.md @@ -1,3 +1,11 @@ +--- +icon: material/delete-clock +--- + +!!! failure "已在 sing-box 1.11.0 废弃" + + 旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除, 参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions). + `dns` 出站是一个内部 DNS 服务器。 ### 结构 diff --git a/docs/configuration/route/rule.md b/docs/configuration/route/rule.md index 5e86560c..fe40d565 100644 --- a/docs/configuration/route/rule.md +++ b/docs/configuration/route/rule.md @@ -1,7 +1,12 @@ --- -icon: material/alert-decagram +icon: material/new-box --- +!!! quote "Changes in sing-box 1.11.0" + + :material-plus: [action](#action) + :material-alert: [outbound](#outbound) + !!! quote "Changes in sing-box 1.10.0" :material-plus: [client](#client) @@ -129,6 +134,7 @@ icon: material/alert-decagram "rule_set_ipcidr_match_source": false, "rule_set_ip_cidr_match_source": false, "invert": false, + "action": "route", "outbound": "direct" }, { @@ -136,6 +142,7 @@ icon: material/alert-decagram "mode": "and", "rules": [], "invert": false, + "action": "route", "outbound": "direct" } ] @@ -357,11 +364,17 @@ Make `ip_cidr` in rule-sets match the source IP. Invert match result. -#### outbound +#### action ==Required== -Tag of the target outbound. +See [Rule Actions](../rule_action/) for details. + +#### outbound + +!!! failure "Deprecated in sing-box 1.11.0" + + Moved to [Rule Action](../rule_action#route). ### Logical Fields diff --git a/docs/configuration/route/rule.zh.md b/docs/configuration/route/rule.zh.md index a93ce5e5..316339f6 100644 --- a/docs/configuration/route/rule.zh.md +++ b/docs/configuration/route/rule.zh.md @@ -1,7 +1,12 @@ --- -icon: material/alert-decagram +icon: material/new-box --- +!!! quote "sing-box 1.11.0 中的更改" + + :material-plus: [action](#action) + :material-alert: [outbound](#outbound) + !!! quote "sing-box 1.10.0 中的更改" :material-plus: [client](#client) @@ -127,6 +132,7 @@ icon: material/alert-decagram "rule_set_ipcidr_match_source": false, "rule_set_ip_cidr_match_source": false, "invert": false, + "action": "route", "outbound": "direct" }, { @@ -134,6 +140,7 @@ icon: material/alert-decagram "mode": "and", "rules": [], "invert": false, + "action": "route", "outbound": "direct" } ] @@ -355,11 +362,17 @@ icon: material/alert-decagram 反选匹配结果。 -#### outbound +#### action ==必填== -目标出站的标签。 +参阅 [规则行动](../rule_action/)。 + +#### outbound + +!!! failure "已在 sing-box 1.11.0 废弃" + + 已移动到 [规则行动](../rule_action#route). ### 逻辑字段 diff --git a/docs/configuration/route/rule_action.md b/docs/configuration/route/rule_action.md new file mode 100644 index 00000000..843d7563 --- /dev/null +++ b/docs/configuration/route/rule_action.md @@ -0,0 +1,139 @@ +--- +icon: material/new-box +--- + +# Rule Action + +!!! question "Since sing-box 1.11.0" + +## Final actions + +### route + +```json +{ + "action": "route", // default + "outbound": "" +} +``` + +`route` inherits the classic rule behavior of routing connection to the specified outbound. + +#### outbound + +==Required== + +Tag of target outbound. + +### route-options + +```json +{ + "action": "route-options", + "udp_disable_domain_unmapping": false, + "udp_connect": false +} +``` + +`route-options` set options for routing. + +#### udp_disable_domain_unmapping + +If enabled, for UDP proxy requests addressed to a domain, +the original packet address will be sent in the response instead of the mapped domain. + +This option is used for compatibility with clients that +do not support receiving UDP packets with domain addresses, such as Surge. + +#### udp_connect + +If enabled, attempts to connect UDP connection to the destination instead of listen. + +### reject + +```json +{ + "action": "reject", + "method": "default", // default + "no_drop": false +} +``` + +`reject` reject connections + +The specified method is used for reject tun connections if `sniff` action has not been performed yet. + +For non-tun connections and already established connections, will just be closed. + +#### method + +- `default`: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets. +- `drop`: Drop packets. + +#### no_drop + +If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s. + +Not available when `method` is set to drop. + +### hijack-dns + +```json +{ + "action": "hijack-dns" +} +``` + +`hijack-dns` hijack DNS requests to the sing-box DNS module. + +## Non-final actions + +### sniff + +```json +{ + "action": "sniff", + "sniffer": [], + "timeout": "" +} +``` + +`sniff` performs protocol sniffing on connections. + +For deprecated `inbound.sniff` options, it is considered to `sniff()` performed before routing. + +#### sniffer + +Enabled sniffers. + +All sniffers enabled by default. + +Available protocol values an be found on in [Protocol Sniff](../sniff/) + +#### timeout + +Timeout for sniffing. + +`300ms` is used by default. + +### resolve + +```json +{ + "action": "resolve", + "strategy": "", + "server": "" +} +``` + +`resolve` resolve request destination from domain to IP addresses. + +#### strategy + +DNS resolution strategy, available values are: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`. + +`dns.strategy` will be used by default. + +#### server + +Specifies DNS server tag to use instead of selecting through DNS routing. diff --git a/docs/configuration/route/rule_action.zh.md b/docs/configuration/route/rule_action.zh.md new file mode 100644 index 00000000..ae16d85f --- /dev/null +++ b/docs/configuration/route/rule_action.zh.md @@ -0,0 +1,136 @@ +--- +icon: material/new-box +--- + +# 规则动作 + +!!! question "自 sing-box 1.11.0 起" + +## 最终动作 + +### route + +```json +{ + "action": "route", // 默认 + "outbound": "", + "udp_disable_domain_unmapping": false +} +``` + +`route` 继承了将连接路由到指定出站的经典规则动作。 + +#### outbound + +==必填== + +目标出站的标签。 + +### route-options + +```json +{ + "action": "route-options", + "udp_disable_domain_unmapping": false, + "udp_connect": false +} +``` + +#### udp_disable_domain_unmapping + +如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。 + +此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。 + +#### udp_connect + +如果启用,将尝试将 UDP 连接 connect 到目标而不是 listen。 + +### reject + +```json +{ + "action": "reject", + "method": "default", // 默认 + "no_drop": false +} +``` + +`reject` 拒绝连接。 + +如果尚未执行 `sniff` 操作,则将使用指定方法拒绝 tun 连接。 + +对于非 tun 连接和已建立的连接,将直接关闭。 + +#### method + +- `default`: 对于 TCP 连接回复 RST,对于 UDP 包回复 ICMP 端口不可达。 +- `drop`: 丢弃数据包。 + +#### no_drop + +如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`。 + +当 `method` 设为 `drop` 时不可用。 + +### hijack-dns + +```json +{ + "action": "hijack-dns" +} +``` + +`hijack-dns` 劫持 DNS 请求至 sing-box DNS 模块。 + +## 非最终动作 + +### sniff + +```json +{ + "action": "sniff", + "sniffer": [], + "timeout": "" +} +``` + +`sniff` 对连接执行协议嗅探。 + +对于已弃用的 `inbound.sniff` 选项,被视为在路由之前执行的 `sniff`。 + +#### sniffer + +启用的探测器。 + +默认启用所有探测器。 + +可用的协议值可以在 [协议嗅探](../sniff/) 中找到。 + +#### timeout + +探测超时时间。 + +默认使用 300ms。 + +### resolve + +```json +{ + "action": "resolve", + "strategy": "", + "server": "" +} +``` + +`resolve` 将请求的目标从域名解析为 IP 地址。 + +#### strategy + +DNS 解析策略,可用值有:`prefer_ipv4`、`prefer_ipv6`、`ipv4_only`、`ipv6_only`。 + +默认使用 `dns.strategy`。 + +#### server + +指定要使用的 DNS 服务器的标签,而不是通过 DNS 路由进行选择。 diff --git a/docs/configuration/shared/listen.md b/docs/configuration/shared/listen.md index ae3ed6a4..fa6a05b9 100644 --- a/docs/configuration/shared/listen.md +++ b/docs/configuration/shared/listen.md @@ -1,3 +1,15 @@ +--- +icon: material/delete-clock +--- + +!!! quote "Changes in sing-box 1.11.0" + + :material-delete-clock: [sniff](#sniff) + :material-delete-clock: [sniff_override_destination](#sniff_override_destination) + :material-delete-clock: [sniff_timeout](#sniff_timeout) + :material-delete-clock: [domain_strategy](#domain_strategy) + :material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping) + ### Structure ```json @@ -68,24 +80,40 @@ Requires target inbound support, see [Injectable](/configuration/inbound/#fields #### sniff +!!! failure "Deprecated in sing-box 1.11.0" + + Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + Enable sniffing. See [Protocol Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination +!!! failure "Deprecated in sing-box 1.11.0" + + Inbound fields are deprecated and will be removed in sing-box 1.13.0. + Override the connection destination address with the sniffed domain. If the domain name is invalid (like tor), this will not work. #### sniff_timeout +!!! failure "Deprecated in sing-box 1.11.0" + + Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + Timeout for sniffing. -300ms is used by default. +`300ms` is used by default. #### domain_strategy +!!! failure "Deprecated in sing-box 1.11.0" + + Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`. If set, the requested domain name will be resolved to IP before routing. @@ -94,6 +122,10 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb #### udp_disable_domain_unmapping +!!! failure "Deprecated in sing-box 1.11.0" + + Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain. diff --git a/docs/configuration/shared/listen.zh.md b/docs/configuration/shared/listen.zh.md index 398c98c5..3b472c4d 100644 --- a/docs/configuration/shared/listen.zh.md +++ b/docs/configuration/shared/listen.zh.md @@ -1,3 +1,15 @@ +--- +icon: material/delete-clock +--- + +!!! quote "sing-box 1.11.0 中的更改" + + :material-delete-clock: [sniff](#sniff) + :material-delete-clock: [sniff_override_destination](#sniff_override_destination) + :material-delete-clock: [sniff_timeout](#sniff_timeout) + :material-delete-clock: [domain_strategy](#domain_strategy) + :material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping) + ### 结构 ```json @@ -69,24 +81,40 @@ UDP NAT 过期时间,以秒为单位。 #### sniff +!!! failure "已在 sing-box 1.11.0 废弃" + + 入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + 启用协议探测。 参阅 [协议探测](/zh/configuration/route/sniff/) #### sniff_override_destination +!!! failure "已在 sing-box 1.11.0 废弃" + + 入站字段已废弃且将在 sing-box 1.12.0 中被移除。 + 用探测出的域名覆盖连接目标地址。 如果域名无效(如 Tor),将不生效。 #### sniff_timeout +!!! failure "已在 sing-box 1.11.0 废弃" + + 入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + 探测超时时间。 默认使用 300ms。 #### domain_strategy +!!! failure "已在 sing-box 1.11.0 废弃" + + 入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + 可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`。 如果设置,请求的域名将在路由之前解析为 IP。 @@ -95,6 +123,10 @@ UDP NAT 过期时间,以秒为单位。 #### udp_disable_domain_unmapping +!!! failure "已在 sing-box 1.11.0 废弃" + + 入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions). + 如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。 此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。 diff --git a/docs/deprecated.md b/docs/deprecated.md index 604806f0..f057319a 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -4,6 +4,32 @@ icon: material/delete-alert # Deprecated Feature List +## 1.11.0 + +#### Legacy special outbounds + +Legacy special outbounds (`block` / `dns`) are deprecated +and can be replaced by rule actions, +check [Migration](../migration/#migrate-legacy-special-outbounds-to-rule-actions). + +Old fields will be removed in sing-box 1.13.0. + +#### Legacy inbound fields + +Legacy inbound fields (`inbound.` are deprecated +and can be replaced by rule actions, +check [Migration](../migration/#migrate-legacy-inbound-fields-to-rule-actions). + +Old fields will be removed in sing-box 1.13.0. + +#### Legacy DNS route options + +Legacy DNS route options (`disable_cache`, `rewrite_ttl`, `client_subnet`) are deprecated +and can be replaced by rule actions, +check [Migration](../migration/#migrate-legacy-dns-route-options-to-rule-actions). + +Old fields will be removed in sing-box 1.12.0. + ## 1.10.0 #### TUN address fields are merged @@ -12,7 +38,7 @@ icon: material/delete-alert `inet4_route_address` and `inet6_route_address` are merged into `route_address`, `inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`. -Old fields are deprecated and will be removed in sing-box 1.12.0. +Old fields will be removed in sing-box 1.12.0. #### Match source rule items are renamed @@ -32,7 +58,7 @@ check [Migration](/migration/#migrate-cache-file-from-clash-api-to-independent-o #### GeoIP -GeoIP is deprecated and may be removed in sing-box 1.12.0. +GeoIP is deprecated and will be removed in sing-box 1.12.0. The maxmind GeoIP National Database, as an IP classification database, is not entirely suitable for traffic bypassing, diff --git a/docs/deprecated.zh.md b/docs/deprecated.zh.md index 64e155d1..2f7b28f7 100644 --- a/docs/deprecated.zh.md +++ b/docs/deprecated.zh.md @@ -4,6 +4,29 @@ icon: material/delete-alert # 废弃功能列表 +## 1.11.0 + +#### 旧的特殊出站 + +旧的特殊出站(`block` / `dns`)已废弃且可以通过规则动作替代, +参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions)。 + +旧字段将在 sing-box 1.13.0 中被移除。 + +#### 旧的入站字段 + +旧的入站字段(`inbound.`)已废弃且可以通过规则动作替代, +参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions)。 + +旧字段将在 sing-box 1.13.0 中被移除。 + +#### 旧的 DNS 路由参数 + +旧的 DNS 路由参数(`disable_cache`、`rewrite_ttl`、`client_subnet`)已废弃且可以通过规则动作替代, +参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions)。 + +旧字段将在 sing-box 1.12.0 中被移除。 + ## 1.10.0 #### Match source 规则项已重命名 @@ -17,7 +40,7 @@ icon: material/delete-alert `inet4_route_address` 和 `inet6_route_address` 已合并为 `route_address`, `inet4_route_exclude_address` 和 `inet6_route_exclude_address` 已合并为 `route_exclude_address`。 -旧字段已废弃,且将在 sing-box 1.11.0 中被移除。 +旧字段将在 sing-box 1.11.0 中被移除。 #### 移除对 go1.18 和 go1.19 的支持 diff --git a/docs/migration.md b/docs/migration.md index 71b61692..9207db5b 100644 --- a/docs/migration.md +++ b/docs/migration.md @@ -2,6 +2,212 @@ icon: material/arrange-bring-forward --- +## 1.11.0 + +### Migrate legacy special outbounds to rule actions + +Legacy special outbounds are deprecated and can be replaced by rule actions. + +!!! info "References" + + [Rule Action](/configuration/route/rule_action/) / + [Block](/configuration/outbound/block/) / + [DNS](/configuration/outbound/dns) + +=== "Block" + + === ":material-card-remove: Deprecated" + + ```json + { + "outbounds": [ + { + "type": "block", + "tag": "block" + } + ], + "route": { + "rules": [ + { + ..., + + "outbound": "block" + } + ] + } + } + ``` + + === ":material-card-multiple: New" + + ```json + { + "route": { + "rules": [ + { + ..., + + "action": "reject" + } + ] + } + } + ``` + +=== "DNS" + + === ":material-card-remove: Deprecated" + + ```json + { + "inbound": [ + { + ..., + + "sniff": true + } + ], + "outbounds": [ + { + "tag": "dns", + "type": "dns" + } + ], + "route": { + "rules": [ + { + "protocol": "dns", + "outbound": "dns" + } + ] + } + } + ``` + + === ":material-card-multiple: New" + + ```json + { + "route": { + "rules": [ + { + "action": "sniff" + }, + { + "protocol": "dns", + "action": "hijack-dns" + } + ] + } + } + ``` + +### Migrate legacy inbound fields to rule actions + +Inbound fields are deprecated and can be replaced by rule actions. + +!!! info "References" + + [Listen Fields](/configuration/inbound/listen/) / + [Rule](/configuration/route/rule/) / + [Rule Action](/configuration/route/rule_action/) / + [DNS Rule](/configuration/dns/rule/) / + [DNS Rule Action](/configuration/dns/rule_action/) + +=== ":material-card-remove: Deprecated" + + ```json + { + "inbounds": [ + { + "type": "mixed", + "sniff": true, + "sniff_timeout": "1s", + "domain_strategy": "prefer_ipv4" + } + ] + } + ``` + +=== ":material-card-multiple: New" + + ```json + { + "inbounds": [ + { + "type": "mixed", + "tag": "in" + } + ], + "route": { + "rules": [ + { + "inbound": "in", + "action": "resolve", + "strategy": "prefer_ipv4" + }, + { + "inbound": "in", + "action": "sniff", + "timeout": "1s" + } + ] + } + } + ``` + +### Migrate legacy DNS route options to rule actions + +Legacy DNS route options are deprecated and can be replaced by rule actions. + +!!! info "References" + + [DNS Rule](/configuration/dns/rule/) / + [DNS Rule Action](/configuration/dns/rule_action/) + +=== ":material-card-remove: Deprecated" + + ```json + { + "dns": { + "rules": [ + { + ..., + + "server": "local", + "disable_cache": true, + "rewrite_ttl": 600, + "client_subnet": "1.1.1.1/24" + } + ] + } + } + ``` + +=== ":material-card-multiple: New" + + ```json + { + "dns": { + "rules": [ + { + ..., + + "action": "route-options", + "disable_cache": true, + "rewrite_ttl": 600, + "client_subnet": "1.1.1.1/24" + }, + { + ..., + + "server": "local" + } + ] + } + } + ``` + ## 1.10.0 ### TUN address fields are merged @@ -10,8 +216,6 @@ icon: material/arrange-bring-forward `inet4_route_address` and `inet6_route_address` are merged into `route_address`, `inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`. -Old fields are deprecated and will be removed in sing-box 1.11.0. - !!! info "References" [TUN](/configuration/inbound/tun/) diff --git a/docs/migration.zh.md b/docs/migration.zh.md index 62fbe9ed..f51860f7 100644 --- a/docs/migration.zh.md +++ b/docs/migration.zh.md @@ -2,6 +2,212 @@ icon: material/arrange-bring-forward --- +## 1.11.0 + +### 迁移旧的特殊出站到规则动作 + +旧的特殊出站已被弃用,且可以被规则动作替代。 + +!!! info "参考" + + [规则动作](/zh/configuration/route/rule_action/) / + [Block](/zh/configuration/outbound/block/) / + [DNS](/zh/configuration/outbound/dns) + +=== "Block" + + === ":material-card-remove: 弃用的" + + ```json + { + "outbounds": [ + { + "type": "block", + "tag": "block" + } + ], + "route": { + "rules": [ + { + ..., + + "outbound": "block" + } + ] + } + } + ``` + + === ":material-card-multiple: 新的" + + ```json + { + "route": { + "rules": [ + { + ..., + + "action": "reject" + } + ] + } + } + ``` + +=== "DNS" + + === ":material-card-remove: 弃用的" + + ```json + { + "inbound": [ + { + ..., + + "sniff": true + } + ], + "outbounds": [ + { + "tag": "dns", + "type": "dns" + } + ], + "route": { + "rules": [ + { + "protocol": "dns", + "outbound": "dns" + } + ] + } + } + ``` + + === ":material-card-multiple: 新的" + + ```json + { + "route": { + "rules": [ + { + "action": "sniff" + }, + { + "protocol": "dns", + "action": "hijack-dns" + } + ] + } + } + ``` + +### 迁移旧的入站字段到规则动作 + +入站选项已被弃用,且可以被规则动作替代。 + +!!! info "参考" + + [监听字段](/zh/configuration/shared/listen/) / + [规则](/zh/configuration/route/rule/) / + [规则动作](/zh/configuration/route/rule_action/) / + [DNS 规则](/zh/configuration/dns/rule/) / + [DNS 规则动作](/zh/configuration/dns/rule_action/) + +=== ":material-card-remove: 弃用的" + + ```json + { + "inbounds": [ + { + "type": "mixed", + "sniff": true, + "sniff_timeout": "1s", + "domain_strategy": "prefer_ipv4" + } + ] + } + ``` + +=== ":material-card-multiple: New" + + ```json + { + "inbounds": [ + { + "type": "mixed", + "tag": "in" + } + ], + "route": { + "rules": [ + { + "inbound": "in", + "action": "resolve", + "strategy": "prefer_ipv4" + }, + { + "inbound": "in", + "action": "sniff", + "timeout": "1s" + } + ] + } + } + ``` + +### 迁移旧的 DNS 路由选项到规则动作 + +旧的 DNS 路由选项已被弃用,且可以被规则动作替代。 + +!!! info "参考" + + [DNS 规则](/zh/configuration/dns/rule/) / + [DNS 规则动作](/zh/configuration/dns/rule_action/) + +=== ":material-card-remove: 弃用的" + + ```json + { + "dns": { + "rules": [ + { + ..., + + "server": "local", + "disable_cache": true, + "rewrite_ttl": 600, + "client_subnet": "1.1.1.1/24" + } + ] + } + } + ``` + +=== ":material-card-multiple: 新的" + + ```json + { + "dns": { + "rules": [ + { + ..., + + "action": "route-options", + "disable_cache": true, + "rewrite_ttl": 600, + "client_subnet": "1.1.1.1/24" + }, + { + ..., + + "server": "local" + } + ] + } + } + ``` + ## 1.10.0 ### TUN 地址字段已合并 diff --git a/mkdocs.yml b/mkdocs.yml index d5cdcee4..66e8a2e9 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -82,6 +82,7 @@ nav: - configuration/dns/index.md - DNS Server: configuration/dns/server.md - DNS Rule: configuration/dns/rule.md + - DNS Rule Action: configuration/dns/rule_action.md - FakeIP: configuration/dns/fakeip.md - NTP: - configuration/ntp/index.md @@ -90,6 +91,7 @@ nav: - GeoIP: configuration/route/geoip.md - Geosite: configuration/route/geosite.md - Route Rule: configuration/route/rule.md + - Rule Action: configuration/route/rule_action.md - Protocol Sniff: configuration/route/sniff.md - Rule Set: - configuration/rule-set/index.md @@ -218,9 +220,11 @@ plugins: Log: 日志 DNS Server: DNS 服务器 DNS Rule: DNS 规则 + DNS Rule Action: DNS 规则动作 Route: 路由 Route Rule: 路由规则 + Rule Action: 规则动作 Protocol Sniff: 协议探测 Rule Set: 规则集 diff --git a/option/inbound.go b/option/inbound.go index a67719fa..2cc15989 100644 --- a/option/inbound.go +++ b/option/inbound.go @@ -34,7 +34,7 @@ func (h *Inbound) UnmarshalJSONContext(ctx context.Context, content []byte) erro } registry := service.FromContext[InboundOptionsRegistry](ctx) if registry == nil { - return E.New("missing inbound options registry in context") + return E.New("missing Inbound fields registry in context") } options, loaded := registry.CreateOptions(h.Type) if !loaded { diff --git a/option/rule_action.go b/option/rule_action.go index 7a76391c..3b4e8edb 100644 --- a/option/rule_action.go +++ b/option/rule_action.go @@ -148,9 +148,6 @@ func (r *RouteActionOptions) UnmarshalJSON(data []byte) error { if err != nil { return err } - if r.Outbound == "" { - return E.New("missing outbound") - } return nil } @@ -189,9 +186,6 @@ func (r *DNSRouteActionOptions) UnmarshalJSONContext(ctx context.Context, data [ if err != nil { return err } - if r.Server == "" { - return E.New("missing server") - } if r.DisableCache || r.RewriteTTL != nil || r.ClientSubnet != nil { deprecated.Report(ctx, deprecated.OptionLegacyDNSRouteOptions) } diff --git a/route/route.go b/route/route.go index 854fa4f1..91d7f3c9 100644 --- a/route/route.go +++ b/route/route.go @@ -76,7 +76,7 @@ func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata ad metadata.Network = N.NetworkTCP switch metadata.Destination.Fqdn { case mux.Destination.Fqdn: - return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in inbound options instead.") + return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in Inbound fields instead.") case vmess.MuxDestination.Fqdn: return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.") case uot.MagicAddress: