sing-box/search/search_index.json
2024-11-25 14:23:46 +08:00

1 line
568 KiB
JSON

{"config":{"lang":["en","zh"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":"<p>Welcome to the wiki page for the sing-box project.</p> <p>The universal proxy platform.</p>"},{"location":"#license","title":"License","text":"<pre><code>Copyright (C) 2022 by nekohasekai &lt;contact-sagernet@sekai.icu&gt;\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.\n\nIn addition, no derivative work may use the name or imply association\nwith this application without prior consent.\n</code></pre>"},{"location":"changelog/","title":"Change Log","text":""},{"location":"changelog/#1110-alpha24","title":"1.11.0-alpha.24","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1110-alpha22","title":"1.11.0-alpha.22","text":"<ul> <li>Add UDP timeout route option 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See Rule Action.</p>"},{"location":"changelog/#1110-alpha20","title":"1.11.0-alpha.20","text":"<ul> <li>Add UDP GSO support for WireGuard</li> <li>Make GSO adaptive 1</li> </ul> <p>1:</p> <p>For WireGuard outbound and endpoint, GSO will be automatically enabled when available, see WireGuard Outbound.</p> <p>For TUN, GSO has been removed, see Deprecated.</p>"},{"location":"changelog/#1110-alpha19","title":"1.11.0-alpha.19","text":"<ul> <li>Upgrade WireGuard outbound to endpoint 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>The new WireGuard endpoint combines inbound and outbound capabilities, and the old outbound will be removed in sing-box 1.13.0.</p> <p>See Endpoint, WireGuard Endpoint and Migrate WireGuard outbound fields to route options.</p>"},{"location":"changelog/#1102","title":"1.10.2","text":"<ul> <li>Add deprecated warnings</li> <li>Fix proxying websocket connections in HTTP/mixed inbounds</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1110-alpha18","title":"1.11.0-alpha.18","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1110-alpha16","title":"1.11.0-alpha.16","text":"<ul> <li>Add <code>cache_capacity</code> DNS option 1</li> <li>Add <code>override_address</code> and <code>override_port</code> route options 2</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See DNS.</p> <p>2:</p> <p>See Rule Action and Migrate destination override fields to route options.</p>"},{"location":"changelog/#1110-alpha15","title":"1.11.0-alpha.15","text":"<ul> <li>Improve multi network dialing 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>New options allow you to configure the network strategy flexibly.</p> <p>See Dial Fields, Rule Action and Route.</p>"},{"location":"changelog/#1110-alpha14","title":"1.11.0-alpha.14","text":"<ul> <li>Add multi network dialing 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Similar to Surge's strategy.</p> <p>New options allow you to connect using multiple network interfaces, prefer or only use one type of interface, and configure a timeout to fallback to other interfaces.</p> <p>See Dial Fields, Rule Action and Route.</p>"},{"location":"changelog/#1110-alpha13","title":"1.11.0-alpha.13","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1110-alpha12","title":"1.11.0-alpha.12","text":"<ul> <li>Merge route options to route actions 1</li> <li>Add <code>network_type</code>, <code>network_is_expensive</code> and <code>network_is_constrainted</code> rule items 2</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Route options in DNS route actions will no longer be considered deprecated, see DNS Route Action.</p> <p>Also, now <code>udp_disable_domain_unmapping</code> and <code>udp_connect</code> can also be configured in route action, see Route Action.</p> <p>2:</p> <p>When using in graphical clients, new routing rule items allow you to match on network type (WIFI, cellular, etc.), whether the network is expensive, and whether Low Data Mode is enabled.</p> <p>See Route Rule, DNS Route Rule and Headless Rule.</p>"},{"location":"changelog/#1110-alpha9","title":"1.11.0-alpha.9","text":"<ul> <li>Improve tun compatibility 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>When <code>gvisor</code> tun stack is enabled, even if the request passes routing, if the outbound connection establishment fails, the connection still does not need to be established and a TCP RST is replied.</p>"},{"location":"changelog/#1110-alpha7","title":"1.11.0-alpha.7","text":"<ul> <li>Introducing rule actions 1</li> </ul> <p>1:</p> <p>New rule actions replace legacy inbound fields and special outbound fields, and can be used for pre-matching 2.</p> <p>See Rule, Rule Action, DNS Rule and DNS Rule Action.</p> <p>For migration, see Migrate legacy special outbounds to rule actions, Migrate legacy inbound fields to rule actions and Migrate legacy DNS route options to rule actions.</p> <p>2:</p> <p>Similar to Surge's pre-matching.</p> <p>Specifically, new rule actions allow you to reject connections with TCP RST (for TCP connections) and ICMP port unreachable (for UDP packets) before connection established to improve tun's compatibility.</p> <p>See Rule Action.</p>"},{"location":"changelog/#1110-alpha6","title":"1.11.0-alpha.6","text":"<ul> <li>Update quic-go to v0.48.1</li> <li>Set gateway for tun correctly</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1110-alpha2","title":"1.11.0-alpha.2","text":"<ul> <li>Add warnings for usage of deprecated features</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1110-alpha1","title":"1.11.0-alpha.1","text":"<ul> <li>Update quic-go to v0.48.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1101","title":"1.10.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100","title":"1.10.0","text":"<p>Important changes since 1.9:</p> <ul> <li>Introducing auto-redirect 1</li> <li>Add AdGuard DNS Filter support 2</li> <li>TUN address fields are merged 3</li> <li>Add custom options for <code>auto-route</code> and <code>auto-redirect</code> 4</li> <li>Drop support for go1.18 and go1.19 5</li> <li>Add tailing comma support in JSON configuration</li> <li>Improve sniffers 6</li> <li>Add new <code>inline</code> rule-set type 7</li> <li>Add access control options for Clash API 8</li> <li>Add <code>rule_set_ip_cidr_accept_empty</code> DNS address filter rule item 9</li> <li>Add auto reload support for local rule-set</li> <li>Update fsnotify usages 10</li> <li>Add IP address support for <code>rule-set match</code> command</li> <li>Add <code>rule-set decompile</code> command</li> <li>Add <code>process_path_regex</code> rule item</li> <li>Update uTLS to v1.6.7 11</li> <li>Optimize memory usages of rule-sets 12</li> </ul> <p>1:</p> <p>The new auto-redirect feature allows TUN to automatically configure connection redirection to improve proxy performance.</p> <p>When auto-redirect is enabled, new route address set options will allow you to automatically configure destination IP CIDR rules from a specified rule set to the firewall.</p> <p>Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).</p> <p>See TUN.</p> <p>2:</p> <p>The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.</p> <p>See AdGuard DNS Filter.</p> <p>3:</p> <p>See Migration.</p> <p>4:</p> <p>See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.</p> <p>5:</p> <p>Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.</p> <p>6:</p> <p>BitTorrent, DTLS, RDP, SSH sniffers are added.</p> <p>Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).</p> <p>7:</p> <p>The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.</p> <p>8:</p> <p>With new access control options, not only can you allow Clash dashboards to access the Clash API on your local network, you can also manually limit the websites that can access the API instead of allowing everyone.</p> <p>See Clash API.</p> <p>9:</p> <p>See DNS Rule.</p> <p>10:</p> <p>sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. <code>mv</code>).</p> <p>This affects all path options that support reload, including <code>tls.certificate_path</code>, <code>tls.key_path</code>, <code>tls.ech.key_path</code> and <code>rule_set.path</code>.</p> <p>11:</p> <p>Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.</p> <p>12:</p> <p>See Source Format.</p>"},{"location":"changelog/#197","title":"1.9.7","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-beta11","title":"1.10.0-beta.11","text":"<ul> <li>Update uTLS to v1.6.7 1</li> </ul> <p>1:</p> <p>Some legacy chrome fingerprints have been removed and will fallback to chrome, see utls.</p>"},{"location":"changelog/#1100-beta10","title":"1.10.0-beta.10","text":"<ul> <li>Add <code>process_path_regex</code> rule item</li> <li>Fixes and improvements</li> </ul> <p>The macOS standalone versions of sing-box (&gt;=1.9.5/&lt;1.10.0-beta.11) now silently fail and require manual granting of the Full Disk Access permission to system extension to start, probably due to Apple's changed security policy. We will prompt users about this in feature versions.</p>"},{"location":"changelog/#196","title":"1.9.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#195","title":"1.9.5","text":"<ul> <li>Update quic-go to v0.47.0</li> <li>Fix direct dialer not resolving domain</li> <li>Fix no error return when empty DNS cache retrieved</li> <li>Fix build with go1.23</li> <li>Fix stream sniffer</li> <li>Fix bad redirect in clash-api</li> <li>Fix wireguard events chan leak</li> <li>Fix cached conn eats up read deadlines</li> <li>Fix disconnected interface selected as default in windows</li> <li>Update Bundle Identifiers for Apple platform clients 1</li> </ul> <p>1:</p> <p>See Migration.</p> <p>We are still working on getting all sing-box apps back on the App Store, which should be completed within a week (SFI on the App Store and others on TestFlight are already available).</p>"},{"location":"changelog/#1100-beta8","title":"1.10.0-beta.8","text":"<ul> <li>Fixes and improvements</li> </ul> <p>With the help of a netizen, we are in the process of getting sing-box apps back on the App Store, which should be completed within a month (TestFlight is already available).</p>"},{"location":"changelog/#1100-beta7","title":"1.10.0-beta.7","text":"<ul> <li>Update quic-go to v0.47.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-beta6","title":"1.10.0-beta.6","text":"<ul> <li>Add RDP sniffer</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-beta5","title":"1.10.0-beta.5","text":"<ul> <li>Add PNA support for Clash API</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-beta3","title":"1.10.0-beta.3","text":"<ul> <li>Add SSH sniffer</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-beta2","title":"1.10.0-beta.2","text":"<ul> <li>Build with go1.23</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#194","title":"1.9.4","text":"<ul> <li>Update quic-go to v0.46.0</li> <li>Update Hysteria2 BBR congestion control</li> <li>Filter HTTPS ipv4hint/ipv6hint with domain strategy</li> <li>Fix crash on Android when using process rules</li> <li>Fix non-IP queries accepted by address filter rules</li> <li>Fix UDP server for shadowsocks AEAD multi-user inbounds</li> <li>Fix default next protos for v2ray QUIC transport</li> <li>Fix default end value of port range configuration options</li> <li>Fix reset v2ray transports</li> <li>Fix panic caused by rule-set generation of duplicate keys for <code>domain_suffix</code></li> <li>Fix UDP connnection leak when sniffing</li> <li>Fixes and improvements</li> </ul> <p>Due to problems with our Apple developer account, sing-box apps on Apple platforms are temporarily unavailable for download or update. If your company or organization is willing to help us return to the App Store, please contact us.</p>"},{"location":"changelog/#1100-alpha29","title":"1.10.0-alpha.29","text":"<ul> <li>Update quic-go to v0.46.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha25","title":"1.10.0-alpha.25","text":"<ul> <li>Add AdGuard DNS Filter support 1</li> </ul> <p>1:</p> <p>The new feature allows you to use AdGuard DNS Filter lists in a sing-box without AdGuard Home.</p> <p>See AdGuard DNS Filter.</p>"},{"location":"changelog/#1100-alpha23","title":"1.10.0-alpha.23","text":"<ul> <li>Add Chromium support for QUIC sniffer</li> <li>Add client type detect support for QUIC sniffer 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Now the QUIC sniffer can correctly extract the server name from Chromium requests and can identify common QUIC clients, including Chromium, Safari, Firefox, quic-go (including uquic disguised as Chrome).</p> <p>See Protocol Sniff and Route Rule.</p>"},{"location":"changelog/#1100-alpha22","title":"1.10.0-alpha.22","text":"<ul> <li>Optimize memory usages of rule-sets 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See Source Format.</p>"},{"location":"changelog/#1100-alpha20","title":"1.10.0-alpha.20","text":"<ul> <li>Add DTLS sniffer</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha19","title":"1.10.0-alpha.19","text":"<ul> <li>Add <code>rule-set decompile</code> command</li> <li>Add IP address support for <code>rule-set match</code> command</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha18","title":"1.10.0-alpha.18","text":"<ul> <li>Add new <code>inline</code> rule-set type 1</li> <li>Add auto reload support for local rule-set</li> <li>Update fsnotify usages 2</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>The new rule-set type inline (which also becomes the default type) allows you to write headless rules directly without creating a rule-set file.</p> <p>2:</p> <p>sing-box now uses fsnotify correctly and will not cancel watching if the target file is deleted or recreated via rename (e.g. <code>mv</code>).</p> <p>This affects all path options that support reload, including <code>tls.certificate_path</code>, <code>tls.key_path</code>, <code>tls.ech.key_path</code> and <code>rule_set.path</code>.</p>"},{"location":"changelog/#1100-alpha17","title":"1.10.0-alpha.17","text":"<ul> <li>Some chaotic changes 1</li> <li><code>rule_set_ipcidr_match_source</code> rule items are renamed 2</li> <li>Add <code>rule_set_ip_cidr_accept_empty</code> DNS address filter rule item 3</li> <li>Update quic-go to v0.45.1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Something may be broken, please actively report problems with this version.</p> <p>2:</p> <p><code>rule_set_ipcidr_match_source</code> route and DNS rule items are renamed to <code>rule_set_ip_cidr_match_source</code> and will be remove in sing-box 1.11.0.</p> <p>3:</p> <p>See DNS Rule.</p>"},{"location":"changelog/#1100-alpha16","title":"1.10.0-alpha.16","text":"<ul> <li>Add custom options for <code>auto-route</code> and <code>auto-redirect</code> 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See iproute2_table_index, iproute2_rule_index, auto_redirect_input_mark and auto_redirect_output_mark.</p>"},{"location":"changelog/#1100-alpha13","title":"1.10.0-alpha.13","text":"<ul> <li>TUN address fields are merged 1</li> <li>Add route address set support for auto-redirect 2</li> </ul> <p>1:</p> <p>See Migration.</p> <p>2:</p> <p>The new feature will allow you to configure the destination IP CIDR rules in the specified rule-sets to the firewall automatically.</p> <p>Specified or unspecified destinations will bypass the sing-box routes to get better performance (for example, keep hardware offloading of direct traffics on the router).</p> <p>See route_address_set and route_exclude_address_set.</p>"},{"location":"changelog/#1100-alpha12","title":"1.10.0-alpha.12","text":"<ul> <li>Fix auto-redirect not configuring nftables forward chain correctly</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#193","title":"1.9.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha10","title":"1.10.0-alpha.10","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#192","title":"1.9.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha8","title":"1.10.0-alpha.8","text":"<ul> <li>Drop support for go1.18 and go1.19 1</li> <li>Update quic-go to v0.45.0</li> <li>Update Hysteria2 BBR congestion control</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.</p>"},{"location":"changelog/#191","title":"1.9.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha7","title":"1.10.0-alpha.7","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1100-alpha5","title":"1.10.0-alpha.5","text":"<ul> <li>Improve auto-redirect 1</li> </ul> <p>1:</p> <p>nftables support and DNS hijacking has been added.</p> <p>Tun inbounds with <code>auto_route</code> and <code>auto_redirect</code> now works as expected on routers without intervention.</p>"},{"location":"changelog/#1100-alpha4","title":"1.10.0-alpha.4","text":"<ul> <li>Fix auto-redirect 1</li> <li>Improve auto-route on linux 2</li> </ul> <p>1:</p> <p>Tun inbounds with <code>auto_route</code> and <code>auto_redirect</code> now works as expected on routers.</p> <p>2:</p> <p>Tun inbounds with <code>auto_route</code> and <code>strict_route</code> now works as expected on routers and servers, but the usages of exclude_interface need to be updated.</p>"},{"location":"changelog/#1100-alpha2","title":"1.10.0-alpha.2","text":"<ul> <li>Move auto-redirect to Tun 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Linux support are added.</p> <p>See Tun.</p>"},{"location":"changelog/#1100-alpha1","title":"1.10.0-alpha.1","text":"<ul> <li>Add tailing comma support in JSON configuration</li> <li>Add simple auto-redirect for Android 1</li> <li>Add BitTorrent sniffer 2</li> </ul> <p>1:</p> <p>It allows you to use redirect inbound in the sing-box Android client and automatically configures IPv4 TCP redirection via su.</p> <p>This may alleviate the symptoms of some OCD patients who think that redirect can effectively save power compared to the system HTTP Proxy.</p> <p>See Redirect.</p> <p>2:</p> <p>See Protocol Sniff.</p>"},{"location":"changelog/#190","title":"1.9.0","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Important changes since 1.8:</p> <ul> <li><code>domain_suffix</code> behavior update 1</li> <li><code>process_path</code> format update on Windows 2</li> <li>Add address filter DNS rule items 3</li> <li>Add support for <code>client-subnet</code> DNS options 4</li> <li>Add rejected DNS response cache support 5</li> <li>Add <code>bypass_domain</code> and <code>search_domain</code> platform HTTP proxy options 6</li> <li>Fix missing <code>rule_set_ipcidr_match_source</code> item in DNS rules 7</li> <li>Handle Windows power events</li> <li>Always disable cache for fake-ip DNS transport if <code>dns.independent_cache</code> disabled</li> <li>Improve DNS truncate behavior</li> <li>Update Hysteria protocol</li> <li>Update quic-go to v0.43.1</li> <li>Update gVisor to 20240422.0</li> <li>Mitigating TunnelVision attacks 8</li> </ul> <p>1:</p> <p>See Migration.</p> <p>2:</p> <p>See Migration.</p> <p>3:</p> <p>The new DNS feature allows you to more precisely bypass Chinese websites via DNS leaks. Do not use plain local DNS if using this method.</p> <p>See Address Filter Fields.</p> <p>Client example updated.</p> <p>4:</p> <p>See DNS, DNS Server and DNS Rules.</p> <p>Since this feature makes the scenario mentioned in <code>alpha.1</code> no longer leak DNS requests, the Client example has been updated.</p> <p>5:</p> <p>The new feature allows you to cache the check results of Address filter DNS rule items until expiration.</p> <p>6:</p> <p>See TUN inbound.</p> <p>7:</p> <p>See DNS Rule.</p> <p>8:</p> <p>See TunnelVision.</p>"},{"location":"changelog/#190-rc22","title":"1.9.0-rc.22","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-rc20","title":"1.9.0-rc.20","text":"<ul> <li>Prioritize <code>*_route_address</code> in linux auto-route</li> <li>Fix <code>*_route_address</code> in darwin auto-route</li> </ul>"},{"location":"changelog/#1814","title":"1.8.14","text":"<ul> <li>Fix hysteria2 panic</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-rc18","title":"1.9.0-rc.18","text":"<ul> <li>Add custom prefix support in EDNS0 client subnet options</li> <li>Fix hysteria2 crash</li> <li>Fix <code>store_rdrc</code> corrupted</li> <li>Update quic-go to v0.43.1</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-rc16","title":"1.9.0-rc.16","text":"<ul> <li>Mitigating TunnelVision attacks 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See TunnelVision.</p>"},{"location":"changelog/#190-rc15","title":"1.9.0-rc.15","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1813","title":"1.8.13","text":"<ul> <li>Fix fake-ip mapping</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-rc14","title":"1.9.0-rc.14","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-rc13","title":"1.9.0-rc.13","text":"<ul> <li>Update Hysteria protocol</li> <li>Update quic-go to v0.43.0</li> <li>Update gVisor to 20240422.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1812","title":"1.8.12","text":"<ul> <li>Now we have official APT and DNF repositories 1</li> <li>Fix packet MTU for QUIC protocols</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Including stable and beta versions, see https://sing-box.sagernet.org/installation/package-manager/</p>"},{"location":"changelog/#190-rc11","title":"1.9.0-rc.11","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1811","title":"1.8.11","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#1810","title":"1.8.10","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-beta17","title":"1.9.0-beta.17","text":"<ul> <li>Update <code>quic-go</code> to v0.42.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-beta16","title":"1.9.0-beta.16","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Our Testflight distribution has been temporarily blocked by Apple (possibly due to too many beta versions) and you cannot join the test, install or update the sing-box beta app right now. Please wait patiently for processing.</p>"},{"location":"changelog/#190-beta14","title":"1.9.0-beta.14","text":"<ul> <li>Update gVisor to 20240212.0-65-g71212d503</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#189","title":"1.8.9","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#188","title":"1.8.8","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-beta7","title":"1.9.0-beta.7","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-beta6","title":"1.9.0-beta.6","text":"<ul> <li>Fix address filter DNS rule items 1</li> <li>Fix DNS outbound responding with wrong data</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Fixed an issue where address filter DNS rule was incorrectly rejected under certain circumstances. If you have enabled <code>store_rdrc</code> to save results, consider clearing the cache file.</p>"},{"location":"changelog/#187","title":"1.8.7","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha15","title":"1.9.0-alpha.15","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha14","title":"1.9.0-alpha.14","text":"<ul> <li>Improve DNS truncate behavior</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha13","title":"1.9.0-alpha.13","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#186","title":"1.8.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha12","title":"1.9.0-alpha.12","text":"<ul> <li>Handle Windows power events</li> <li>Always disable cache for fake-ip DNS transport if <code>dns.independent_cache</code> disabled</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha11","title":"1.9.0-alpha.11","text":"<ul> <li>Fix missing <code>rule_set_ipcidr_match_source</code> item in DNS rules 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See DNS Rule.</p>"},{"location":"changelog/#190-alpha10","title":"1.9.0-alpha.10","text":"<ul> <li>Add <code>bypass_domain</code> and <code>search_domain</code> platform HTTP proxy options 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See TUN inbound.</p>"},{"location":"changelog/#190-alpha8","title":"1.9.0-alpha.8","text":"<ul> <li>Add rejected DNS response cache support 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>The new feature allows you to cache the check results of Address filter DNS rule items until expiration.</p>"},{"location":"changelog/#190-alpha7","title":"1.9.0-alpha.7","text":"<ul> <li>Update gVisor to 20240206.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha6","title":"1.9.0-alpha.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha3","title":"1.9.0-alpha.3","text":"<ul> <li>Update <code>quic-go</code> to v0.41.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#190-alpha2","title":"1.9.0-alpha.2","text":"<ul> <li>Add support for <code>client-subnet</code> DNS options 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See DNS, DNS Server and DNS Rules.</p> <p>Since this feature makes the scenario mentioned in <code>alpha.1</code> no longer leak DNS requests, the Client example has been updated.</p>"},{"location":"changelog/#190-alpha1","title":"1.9.0-alpha.1","text":"<ul> <li><code>domain_suffix</code> behavior update 1</li> <li><code>process_path</code> format update on Windows 2</li> <li>Add address filter DNS rule items 3</li> </ul> <p>1:</p> <p>See Migration.</p> <p>2:</p> <p>See Migration.</p> <p>3:</p> <p>The new DNS feature allows you to more precisely bypass Chinese websites via DNS leaks. Do not use plain local DNS if using this method.</p> <p>See Address Filter Fields.</p> <p>Client example updated.</p>"},{"location":"changelog/#185","title":"1.8.5","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#184","title":"1.8.4","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#182","title":"1.8.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#181","title":"1.8.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180","title":"1.8.0","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Important changes since 1.7:</p> <ul> <li>Migrate cache file from Clash API to independent options 1</li> <li>Introducing rule-set 2</li> <li>Add <code>sing-box geoip</code>, <code>sing-box geosite</code> and <code>sing-box rule-set</code> commands 3</li> <li>Allow nested logical rules 4</li> <li>Independent <code>source_ip_is_private</code> and <code>ip_is_private</code> rules 5</li> <li>Add context to JSON decode error message 6</li> <li>Reject internal fake-ip queries 7</li> <li>Add GSO support for TUN and WireGuard system interface 8</li> <li>Add <code>idle_timeout</code> for URLTest outbound 9</li> <li>Add simple loopback detect</li> <li>Optimize memory usage of idle connections</li> <li>Update uTLS to 1.5.4 10</li> <li>Update dependencies 11</li> </ul> <p>1:</p> <p>See Cache File and Migration.</p> <p>2:</p> <p>rule-set is independent collections of rules that can be compiled into binaries to improve performance. Compared to legacy GeoIP and Geosite resources, it can include more types of rules, load faster, use less memory, and update automatically.</p> <p>See Route#rule_set, Route Rule, DNS Rule, rule-set, Source Format and Headless Rule.</p> <p>For GEO resources migration, see Migrate GeoIP to rule-sets and Migrate Geosite to rule-sets.</p> <p>3:</p> <p>New commands manage GeoIP, Geosite and rule-set resources, and help you migrate GEO resources to rule-sets.</p> <p>4:</p> <p>Logical rules in route rules, DNS rules, and the new headless rule now allow nesting of logical rules.</p> <p>5:</p> <p>The <code>private</code> GeoIP country never existed and was actually implemented inside V2Ray. Since GeoIP was deprecated, we made this rule independent, see Migration.</p> <p>6:</p> <p>JSON parse errors will now include the current key path. Only takes effect when compiled with Go 1.21+.</p> <p>7:</p> <p>All internal DNS queries now skip DNS rules with <code>server</code> type <code>fakeip</code>, and the default DNS server can no longer be <code>fakeip</code>.</p> <p>This change is intended to break incorrect usage and essentially requires no action.</p> <p>8:</p> <p>See TUN inbound and WireGuard outbound.</p> <p>9:</p> <p>When URLTest is idle for a certain period of time, the scheduled delay test will be paused.</p> <p>10:</p> <p>Added some new fingerprints. Also, starting with this release, uTLS requires at least Go 1.20.</p> <p>11:</p> <p>Updated <code>cloudflare-tls</code>, <code>gomobile</code>, <code>smux</code>, <code>tfo-go</code> and <code>wireguard-go</code> to latest, <code>quic-go</code> to <code>0.40.1</code> and <code>gvisor</code> to <code>20231204.0</code></p>"},{"location":"changelog/#180-rc11","title":"1.8.0-rc.11","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#178","title":"1.7.8","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-rc10","title":"1.8.0-rc.10","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#177","title":"1.7.7","text":"<ul> <li>Fix V2Ray transport <code>path</code> validation behavior 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See V2Ray transport.</p>"},{"location":"changelog/#180-rc7","title":"1.8.0-rc.7","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-rc3","title":"1.8.0-rc.3","text":"<ul> <li>Fix V2Ray transport <code>path</code> validation behavior 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See V2Ray transport.</p>"},{"location":"changelog/#176","title":"1.7.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-rc1","title":"1.8.0-rc.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-beta9","title":"1.8.0-beta.9","text":"<ul> <li>Add simple loopback detect</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#175","title":"1.7.5","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-alpha17","title":"1.8.0-alpha.17","text":"<ul> <li>Add GSO support for TUN and WireGuard system interface 1</li> <li>Update uTLS to 1.5.4 2</li> <li>Update dependencies 3</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See TUN inbound and WireGuard outbound.</p> <p>2:</p> <p>Added some new fingerprints. Also, starting with this release, uTLS requires at least Go 1.20.</p> <p>3:</p> <p>Updated <code>cloudflare-tls</code>, <code>gomobile</code>, <code>smux</code>, <code>tfo-go</code> and <code>wireguard-go</code> to latest, and <code>gvisor</code> to <code>20231204.0</code></p> <p>This may break something, good luck!</p>"},{"location":"changelog/#174","title":"1.7.4","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Due to the long waiting time, this version is no longer waiting for approval by the Apple App Store, so updates to Apple Platforms will be delayed.</p>"},{"location":"changelog/#180-alpha16","title":"1.8.0-alpha.16","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-alpha15","title":"1.8.0-alpha.15","text":"<ul> <li>Some chaotic changes 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Designed to optimize memory usage of idle connections, may take effect on the following protocols:</p> Protocol TCP UDP HTTP proxy server / SOCKS5 Shadowsocks none/AEAD/AEAD2022 Trojan / TUIC/Hysteria/Hysteria2 Multiplex Plain TLS (Trojan/VLESS without extra sub-protocols) / Other protocols <p>At the same time, everything existing may be broken, please actively report problems with this version.</p>"},{"location":"changelog/#180-alpha13","title":"1.8.0-alpha.13","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-alpha10","title":"1.8.0-alpha.10","text":"<ul> <li>Add <code>idle_timeout</code> for URLTest outbound 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>When URLTest is idle for a certain period of time, the scheduled delay test will be paused.</p>"},{"location":"changelog/#172","title":"1.7.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-alpha8","title":"1.8.0-alpha.8","text":"<ul> <li>Add context to JSON decode error message 1</li> <li>Reject internal fake-ip queries 2</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>JSON parse errors will now include the current key path. Only takes effect when compiled with Go 1.21+.</p> <p>2:</p> <p>All internal DNS queries now skip DNS rules with <code>server</code> type <code>fakeip</code>, and the default DNS server can no longer be <code>fakeip</code>.</p> <p>This change is intended to break incorrect usage and essentially requires no action.</p>"},{"location":"changelog/#180-alpha7","title":"1.8.0-alpha.7","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#171","title":"1.7.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#180-alpha6","title":"1.8.0-alpha.6","text":"<ul> <li>Fix rule-set matching logic 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Now the rules in the <code>rule_set</code> rule item can be logically considered to be merged into the rule using rule-sets, rather than completely following the AND logic.</p>"},{"location":"changelog/#180-alpha5","title":"1.8.0-alpha.5","text":"<ul> <li>Parallel rule-set initialization</li> <li>Independent <code>source_ip_is_private</code> and <code>ip_is_private</code> rules 1</li> </ul> <p>1:</p> <p>The <code>private</code> GeoIP country never existed and was actually implemented inside V2Ray. Since GeoIP was deprecated, we made this rule independent, see Migration.</p>"},{"location":"changelog/#180-alpha1","title":"1.8.0-alpha.1","text":"<ul> <li>Migrate cache file from Clash API to independent options 1</li> <li>Introducing rule-set 2</li> <li>Add <code>sing-box geoip</code>, <code>sing-box geosite</code> and <code>sing-box rule-set</code> commands 3</li> <li>Allow nested logical rules 4</li> </ul> <p>1:</p> <p>See Cache File and Migration.</p> <p>2:</p> <p>rule-set is independent collections of rules that can be compiled into binaries to improve performance. Compared to legacy GeoIP and Geosite resources, it can include more types of rules, load faster, use less memory, and update automatically.</p> <p>See Route#rule_set, Route Rule, DNS Rule, rule-set, Source Format and Headless Rule.</p> <p>For GEO resources migration, see Migrate GeoIP to rule-sets and Migrate Geosite to rule-sets.</p> <p>3:</p> <p>New commands manage GeoIP, Geosite and rule-set resources, and help you migrate GEO resources to rule-sets.</p> <p>4:</p> <p>Logical rules in route rules, DNS rules, and the new headless rule now allow nesting of logical rules.</p>"},{"location":"changelog/#170","title":"1.7.0","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Important changes since 1.6:</p> <ul> <li>Add exclude route support for TUN inbound</li> <li>Add <code>udp_disable_domain_unmapping</code> inbound listen option 1</li> <li>Add HTTPUpgrade V2Ray transport support 2</li> <li>Migrate multiplex and UoT server to inbound 3</li> <li>Add TCP Brutal support for multiplex 4</li> <li>Add <code>wifi_ssid</code> and <code>wifi_bssid</code> route and DNS rules 5</li> <li>Update quic-go to v0.40.0</li> <li>Update gVisor to 20231113.0</li> </ul> <p>1:</p> <p>If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.</p> <p>This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.</p> <p>2:</p> <p>Introduced in V2Ray 5.10.0.</p> <p>The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.</p> <p>3:</p> <p>Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.</p> <p>4</p> <p>Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see TCP Brutal for details.</p> <p>5:</p> <p>Only supported in graphical clients on Android and Apple platforms.</p>"},{"location":"changelog/#170-rc3","title":"1.7.0-rc.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#167","title":"1.6.7","text":"<ul> <li>macOS: Add button for uninstall SystemExtension in the standalone graphical client</li> <li>Fix missing UDP user context on TUIC/Hysteria2 inbounds</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-rc2","title":"1.7.0-rc.2","text":"<ul> <li>Fix missing UDP user context on TUIC/Hysteria2 inbounds</li> <li>macOS: Add button for uninstall SystemExtension in the standalone graphical client</li> </ul>"},{"location":"changelog/#166","title":"1.6.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-rc1","title":"1.7.0-rc.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-beta5","title":"1.7.0-beta.5","text":"<ul> <li>Update gVisor to 20231113.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-beta4","title":"1.7.0-beta.4","text":"<ul> <li>Add <code>wifi_ssid</code> and <code>wifi_bssid</code> route and DNS rules 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Only supported in graphical clients on Android and Apple platforms.</p>"},{"location":"changelog/#170-beta3","title":"1.7.0-beta.3","text":"<ul> <li>Fix zero TTL was incorrectly reset</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#165","title":"1.6.5","text":"<ul> <li>Fix crash if TUIC inbound authentication failed</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-beta2","title":"1.7.0-beta.2","text":"<ul> <li>Fix crash if TUIC inbound authentication failed</li> <li>Update quic-go to v0.40.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#164","title":"1.6.4","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-beta1","title":"1.7.0-beta.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#163","title":"1.6.3","text":"<ul> <li>iOS/Android: Fix profile auto update</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-alpha11","title":"1.7.0-alpha.11","text":"<ul> <li>iOS/Android: Fix profile auto update</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-alpha10","title":"1.7.0-alpha.10","text":"<ul> <li>Fix tcp-brutal not working with TLS</li> <li>Fix Android client not closing in some cases</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#162","title":"1.6.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#161","title":"1.6.1","text":"<ul> <li>Our Android client is now available in the Google Play Store \u25b6\ufe0f</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-alpha6","title":"1.7.0-alpha.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#170-alpha4","title":"1.7.0-alpha.4","text":"<ul> <li>Migrate multiplex and UoT server to inbound 1</li> <li>Add TCP Brutal support for multiplex 2</li> </ul> <p>1:</p> <p>Starting in 1.7.0, multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.</p> <p>2</p> <p>Hysteria Brutal Congestion Control Algorithm in TCP. A kernel module needs to be installed on the Linux server, see TCP Brutal for details.</p>"},{"location":"changelog/#170-alpha3","title":"1.7.0-alpha.3","text":"<ul> <li>Add HTTPUpgrade V2Ray transport support 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Introduced in V2Ray 5.10.0.</p> <p>The new HTTPUpgrade transport has better performance than WebSocket and is better suited for CDN abuse.</p>"},{"location":"changelog/#160","title":"1.6.0","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Important changes since 1.5:</p> <ul> <li>Our Apple tvOS client is now available in the App Store \ud83c\udf4e</li> <li>Update BBR congestion control for TUIC and Hysteria2 1</li> <li>Update brutal congestion control for Hysteria2</li> <li>Add <code>brutal_debug</code> option for Hysteria2</li> <li>Update legacy Hysteria protocol 2</li> <li>Add TLS self sign key pair generate command</li> <li>Remove Deprecated Features by agreement</li> </ul> <p>1:</p> <p>None of the existing Golang BBR congestion control implementations have been reviewed or unit tested. This update is intended to address the multi-send defects of the old implementation and may introduce new issues.</p> <p>2</p> <p>Based on discussions with the original author, the brutal CC and QUIC protocol parameters of the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2</p>"},{"location":"changelog/#170-alpha2","title":"1.7.0-alpha.2","text":"<ul> <li>Fix bugs introduced in 1.7.0-alpha.1</li> </ul>"},{"location":"changelog/#170-alpha1","title":"1.7.0-alpha.1","text":"<ul> <li>Add exclude route support for TUN inbound</li> <li>Add <code>udp_disable_domain_unmapping</code> inbound listen option 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.</p> <p>This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.</p>"},{"location":"changelog/#155","title":"1.5.5","text":"<ul> <li>Fix IPv6 <code>auto_route</code> for Linux 1</li> <li>Add legacy builds for old Windows and macOS systems 2</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>When <code>auto_route</code> is enabled and <code>strict_route</code> is disabled, the device can now be reached from external IPv6 addresses.</p> <p>2:</p> <p>Built using Go 1.20, the last version that will run on Windows 7, 8, Server 2008, Server 2012 and macOS 10.13 High Sierra, 10.14 Mojave.</p>"},{"location":"changelog/#160-rc4","title":"1.6.0-rc.4","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-rc1","title":"1.6.0-rc.1","text":"<ul> <li>Add legacy builds for old Windows and macOS systems 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Built using Go 1.20, the last version that will run on Windows 7, 8, Server 2008, Server 2012 and macOS 10.13 High Sierra, 10.14 Mojave.</p>"},{"location":"changelog/#160-beta4","title":"1.6.0-beta.4","text":"<ul> <li>Fix IPv6 <code>auto_route</code> for Linux 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>When <code>auto_route</code> is enabled and <code>strict_route</code> is disabled, the device can now be reached from external IPv6 addresses.</p>"},{"location":"changelog/#154","title":"1.5.4","text":"<ul> <li>Fix Clash cache crash on arm32 devices</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-beta3","title":"1.6.0-beta.3","text":"<ul> <li>Update the legacy Hysteria protocol 1</li> <li>Fixes and improvements</li> </ul> <p>1</p> <p>Based on discussions with the original author, the brutal CC and QUIC protocol parameters of the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2</p>"},{"location":"changelog/#160-beta2","title":"1.6.0-beta.2","text":"<ul> <li>Add TLS self sign key pair generate command</li> <li>Update brutal congestion control for Hysteria2</li> <li>Fix Clash cache crash on arm32 devices</li> <li>Update golang.org/x/net to v0.17.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-beta3_1","title":"1.6.0-beta.3","text":"<ul> <li>Update the legacy Hysteria protocol 1</li> <li>Fixes and improvements</li> </ul> <p>1</p> <p>Based on discussions with the original author, the brutal CC and QUIC protocol parameters of the old protocol (Hysteria 1) have been updated to be consistent with Hysteria 2</p>"},{"location":"changelog/#160-beta2_1","title":"1.6.0-beta.2","text":"<ul> <li>Add TLS self sign key pair generate command</li> <li>Update brutal congestion control for Hysteria2</li> <li>Fix Clash cache crash on arm32 devices</li> <li>Update golang.org/x/net to v0.17.0</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#153","title":"1.5.3","text":"<ul> <li>Fix compatibility with Android 14</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-beta1","title":"1.6.0-beta.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-alpha5","title":"1.6.0-alpha.5","text":"<ul> <li>Fix compatibility with Android 14</li> <li>Update BBR congestion control for TUIC and Hysteria2 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>None of the existing Golang BBR congestion control implementations have been reviewed or unit tested. This update is intended to fix a memory leak flaw in the new implementation introduced in 1.6.0-alpha.1 and may introduce new issues.</p>"},{"location":"changelog/#160-alpha4","title":"1.6.0-alpha.4","text":"<ul> <li>Add <code>brutal_debug</code> option for Hysteria2</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#152","title":"1.5.2","text":"<ul> <li>Our Apple tvOS client is now available in the App Store \ud83c\udf4e</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-alpha3","title":"1.6.0-alpha.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-alpha2","title":"1.6.0-alpha.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#151","title":"1.5.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#160-alpha1","title":"1.6.0-alpha.1","text":"<ul> <li>Update BBR congestion control for TUIC and Hysteria2 1</li> <li>Update quic-go to v0.39.0</li> <li>Update gVisor to 20230814.0</li> <li>Remove Deprecated Features by agreement</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>None of the existing Golang BBR congestion control implementations have been reviewed or unit tested. This update is intended to address the multi-send defects of the old implementation and may introduce new issues.</p>"},{"location":"changelog/#150","title":"1.5.0","text":"<ul> <li>Fixes and improvements</li> </ul> <p>Important changes since 1.4:</p> <ul> <li>Add TLS ECH server support</li> <li>Improve TLS TCH client configuration</li> <li>Add TLS ECH key pair generator 1</li> <li>Add TLS ECH support for QUIC based protocols 2</li> <li>Add KDE support for the <code>set_system_proxy</code> option in HTTP inbound</li> <li>Add Hysteria2 protocol support 3</li> <li>Add <code>interrupt_exist_connections</code> option for <code>Selector</code> and <code>URLTest</code> outbounds 4</li> <li>Add DNS01 challenge support for ACME TLS certificate issuer 5</li> <li>Add <code>merge</code> command 6</li> <li>Mark Deprecated Features</li> </ul> <p>1:</p> <p>Command: <code>sing-box generate ech-keypair &lt;plain_server_name&gt; [--pq-signature-schemes-enabled]</code></p> <p>2:</p> <p>All inbounds and outbounds are supported, including <code>Naiveproxy</code>, <code>Hysteria[/2]</code>, <code>TUIC</code> and <code>V2ray QUIC transport</code>.</p> <p>3:</p> <p>See Hysteria2 inbound and Hysteria2 outbound</p> <p>For protocol description, please refer to https://v2.hysteria.network</p> <p>4:</p> <p>Interrupt existing connections when the selected outbound has changed.</p> <p>Only inbound connections are affected by this setting, internal connections will always be interrupted.</p> <p>5:</p> <p>Only <code>Alibaba Cloud DNS</code> and <code>Cloudflare</code> are supported, see ACME Fields and DNS01 Challenge Fields.</p> <p>6:</p> <p>This command also parses path resources that appear in the configuration file and replaces them with embedded configuration, such as TLS certificates or SSH private keys.</p>"},{"location":"changelog/#150-rc6","title":"1.5.0-rc.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#146","title":"1.4.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#150-rc5","title":"1.5.0-rc.5","text":"<ul> <li>Fixed an improper authentication vulnerability in the SOCKS5 inbound</li> <li>Fixes and improvements</li> </ul> <p>Security Advisory</p> <p>This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user authentication in an insecure environment are advised to update immediately.</p> <p>\u6b64\u66f4\u65b0\u4fee\u590d\u4e86 sing-box SOCKS \u5165\u7ad9\u4e2d\u7684\u4e00\u4e2a\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002 \u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5236\u4f5c\u7279\u6b8a\u8bf7\u6c42\u6765\u7ed5\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u3002\u5efa\u8bae\u6240\u6709\u5c06\u4f7f\u7528\u7528\u6237\u8ba4\u8bc1\u7684 SOCKS \u670d\u52a1\u5668\u66b4\u9732\u5728\u4e0d\u5b89\u5168\u73af\u5883\u4e0b\u7684\u7528\u6237\u7acb\u66f4\u65b0\u3002</p>"},{"location":"changelog/#145","title":"1.4.5","text":"<ul> <li>Fixed an improper authentication vulnerability in the SOCKS5 inbound</li> <li>Fixes and improvements</li> </ul> <p>Security Advisory</p> <p>This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user authentication in an insecure environment are advised to update immediately.</p> <p>\u6b64\u66f4\u65b0\u4fee\u590d\u4e86 sing-box SOCKS \u5165\u7ad9\u4e2d\u7684\u4e00\u4e2a\u4e0d\u6b63\u786e\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u3002 \u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u5236\u4f5c\u7279\u6b8a\u8bf7\u6c42\u6765\u7ed5\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u3002\u5efa\u8bae\u6240\u6709\u5c06\u4f7f\u7528\u7528\u6237\u8ba4\u8bc1\u7684 SOCKS \u670d\u52a1\u5668\u66b4\u9732\u5728\u4e0d\u5b89\u5168\u73af\u5883\u4e0b\u7684\u7528\u6237\u7acb\u66f4\u65b0\u3002</p>"},{"location":"changelog/#150-rc3","title":"1.5.0-rc.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#150-beta12","title":"1.5.0-beta.12","text":"<ul> <li>Add <code>merge</code> command 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>This command also parses path resources that appear in the configuration file and replaces them with embedded configuration, such as TLS certificates or SSH private keys.</p> <pre><code>Merge configurations\n\nUsage:\n sing-box merge [output] [flags]\n\nFlags:\n -h, --help help for merge\n\nGlobal Flags:\n -c, --config stringArray set configuration file path\n -C, --config-directory stringArray set configuration directory path\n -D, --directory string set working directory\n --disable-color disable color output\n</code></pre>"},{"location":"changelog/#150-beta11","title":"1.5.0-beta.11","text":"<ul> <li>Add DNS01 challenge support for ACME TLS certificate issuer 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Only <code>Alibaba Cloud DNS</code> and <code>Cloudflare</code> are supported, see ACME Fields and DNS01 Challenge Fields.</p>"},{"location":"changelog/#150-beta10","title":"1.5.0-beta.10","text":"<ul> <li>Add <code>interrupt_exist_connections</code> option for <code>Selector</code> and <code>URLTest</code> outbounds 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Interrupt existing connections when the selected outbound has changed.</p> <p>Only inbound connections are affected by this setting, internal connections will always be interrupted.</p>"},{"location":"changelog/#143","title":"1.4.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#150-beta8","title":"1.5.0-beta.8","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#142","title":"1.4.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#150-beta6","title":"1.5.0-beta.6","text":"<ul> <li>Fix compatibility issues with official Hysteria2 server and client</li> <li>Fixes and improvements</li> <li>Mark deprecated features</li> </ul>"},{"location":"changelog/#150-beta3","title":"1.5.0-beta.3","text":"<ul> <li>Fixes and improvements</li> <li>Updated Hysteria2 documentation 1</li> </ul> <p>1:</p> <p>Added notes indicating compatibility issues with the official Hysteria2 server and client when using <code>fastOpen=false</code> or UDP MTU &gt;= 1200.</p>"},{"location":"changelog/#150-beta2","title":"1.5.0-beta.2","text":"<ul> <li>Add hysteria2 protocol support 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See Hysteria2 inbound and Hysteria2 outbound</p> <p>For protocol description, please refer to https://v2.hysteria.network</p>"},{"location":"changelog/#150-beta1","title":"1.5.0-beta.1","text":"<ul> <li>Add TLS ECH server support</li> <li>Improve TLS TCH client configuration</li> <li>Add TLS ECH key pair generator 1</li> <li>Add TLS ECH support for QUIC based protocols 2</li> <li>Add KDE support for the <code>set_system_proxy</code> option in HTTP inbound</li> </ul> <p>1:</p> <p>Command: <code>sing-box generate ech-keypair &lt;plain_server_name&gt; [--pq-signature-schemes-enabled]</code></p> <p>2:</p> <p>All inbounds and outbounds are supported, including <code>Naiveproxy</code>, <code>Hysteria</code>, <code>TUIC</code> and <code>V2ray QUIC transport</code>.</p>"},{"location":"changelog/#141","title":"1.4.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#140","title":"1.4.0","text":"<ul> <li>Fix bugs and update dependencies</li> </ul> <p>Important changes since 1.3:</p> <ul> <li>Add TUIC support 1</li> <li>Add <code>udp_over_stream</code> option for TUIC client 2</li> <li>Add MultiPath TCP support 3</li> <li>Add <code>include_interface</code> and <code>exclude_interface</code> options for tun inbound</li> <li>Pause recurring tasks when no network or device idle</li> <li>Improve Android and Apple platform clients</li> </ul> <p>1:</p> <p>See TUIC inbound and TUIC outbound</p> <p>2:</p> <p>This is the TUIC port of the UDP over TCP protocol, designed to provide a QUIC stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or another program compatible with the protocol as a server.</p> <p>This mode has no positive effect in a proper UDP proxy scenario and should only be applied to relay streaming UDP traffic (basically QUIC streams).</p> <p>3:</p> <p>Requires sing-box to be compiled with Go 1.21.</p>"},{"location":"changelog/#140-rc3","title":"1.4.0-rc.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#140-rc2","title":"1.4.0-rc.2","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#140-rc1","title":"1.4.0-rc.1","text":"<ul> <li>Fix TUIC UDP</li> </ul>"},{"location":"changelog/#140-beta6","title":"1.4.0-beta.6","text":"<ul> <li>Add <code>udp_over_stream</code> option for TUIC client 1</li> <li>Add <code>include_interface</code> and <code>exclude_interface</code> options for tun inbound</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>This is the TUIC port of the UDP over TCP protocol, designed to provide a QUIC stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or another program compatible with the protocol as a server.</p> <p>This mode has no positive effect in a proper UDP proxy scenario and should only be applied to relay streaming UDP traffic (basically QUIC streams).</p>"},{"location":"changelog/#140-beta5","title":"1.4.0-beta.5","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#140-beta4","title":"1.4.0-beta.4","text":"<ul> <li>Graphical clients: Persistence group expansion state</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#140-beta3","title":"1.4.0-beta.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#140-beta2","title":"1.4.0-beta.2","text":"<ul> <li>Add MultiPath TCP support 1</li> <li>Drop QUIC support for Go 1.18 and 1.19 due to upstream changes</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Requires sing-box to be compiled with Go 1.21.</p>"},{"location":"changelog/#140-beta1","title":"1.4.0-beta.1","text":"<ul> <li>Add TUIC support 1</li> <li>Pause recurring tasks when no network or device idle</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>See TUIC inbound and TUIC outbound</p>"},{"location":"changelog/#136","title":"1.3.6","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#135","title":"1.3.5","text":"<ul> <li>Fixes and improvements</li> <li>Introducing our Apple tvOS client applications 1</li> <li>Add per app proxy and app installed/updated trigger support for Android client</li> <li>Add profile sharing support for Android/iOS/macOS clients</li> </ul> <p>1:</p> <p>Due to the requirement of tvOS 17, the app cannot be submitted to the App Store for the time being, and can only be downloaded through TestFlight.</p>"},{"location":"changelog/#134","title":"1.3.4","text":"<ul> <li>Fixes and improvements</li> <li>We're now on the App Store, always free! It should be noted that due to stricter and slower review, the release of Store versions will be delayed.</li> <li>We've made a standalone version of the macOS client (the original Application Extension relies on App Store distribution), which you can download as SFM-version-universal.zip in the release artifacts.</li> </ul>"},{"location":"changelog/#133","title":"1.3.3","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#131-rc1","title":"1.3.1-rc.1","text":"<ul> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#131-beta3","title":"1.3.1-beta.3","text":"<ul> <li>Introducing our new iOS and macOS client applications **1 **</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>The old testflight link and app are no longer valid.</p>"},{"location":"changelog/#131-beta2","title":"1.3.1-beta.2","text":"<ul> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#131-beta1","title":"1.3.1-beta.1","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#130","title":"1.3.0","text":"<ul> <li>Fix bugs and update dependencies</li> </ul> <p>Important changes since 1.2:</p> <ul> <li>Add FakeIP support 1</li> <li>Improve multiplex 2</li> <li>Add DNS reverse mapping support</li> <li>Add <code>rewrite_ttl</code> DNS rule action</li> <li>Add <code>store_fakeip</code> Clash API option</li> <li>Add multi-peer support for WireGuard outbound</li> <li>Add loopback detect</li> <li>Add Clash.Meta API compatibility for Clash API</li> <li>Download Yacd-meta by default if the specified Clash <code>external_ui</code> directory is empty</li> <li>Add path and headers option for HTTP outbound</li> <li>Perform URLTest recheck after network changes</li> <li>Fix <code>system</code> tun stack for ios</li> <li>Fix network monitor for android/ios</li> <li>Update VLESS and XUDP protocol</li> <li>Make splice work with traffic statistics systems like Clash API</li> <li>Significantly reduces memory usage of idle connections</li> <li>Improve DNS caching</li> <li>Add <code>independent_cache</code> option for DNS</li> <li>Reimplemented shadowsocks client</li> <li>Add multiplex support for VLESS outbound</li> <li>Automatically add Windows firewall rules in order for the system tun stack to work</li> <li>Fix TLS 1.2 support for shadow-tls client</li> <li>Add <code>cache_id</code> option for Clash cache file</li> <li>Fix <code>local</code> DNS transport for Android</li> </ul> <p>1:</p> <p>See FAQ for more information.</p> <p>2:</p> <p>Added new <code>h2mux</code> multiplex protocol and <code>padding</code> multiplex option, see Multiplex.</p>"},{"location":"changelog/#13-rc2","title":"1.3-rc2","text":"<ul> <li>Fix <code>local</code> DNS transport for Android</li> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#13-rc1","title":"1.3-rc1","text":"<ul> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#13-beta14","title":"1.3-beta14","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#13-beta13","title":"1.3-beta13","text":"<ul> <li>Fix resolving fakeip domains 1</li> <li>Deprecate L3 routing</li> <li>Fix bugs and update dependencies</li> </ul> <p>1:</p> <p>If the destination address of the connection is obtained from fakeip, dns rules with server type fakeip will be skipped.</p>"},{"location":"changelog/#13-beta12","title":"1.3-beta12","text":"<ul> <li>Automatically add Windows firewall rules in order for the system tun stack to work</li> <li>Fix TLS 1.2 support for shadow-tls client</li> <li>Add <code>cache_id</code> option for Clash cache file</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#13-beta11","title":"1.3-beta11","text":"<ul> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#13-beta10","title":"1.3-beta10","text":"<ul> <li>Improve direct copy 1</li> <li>Improve DNS caching</li> <li>Add <code>independent_cache</code> option for DNS</li> <li>Reimplemented shadowsocks client 2</li> <li>Add multiplex support for VLESS outbound</li> <li>Set TCP keepalive for WireGuard gVisor TCP connections</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <ul> <li>Make splice work with traffic statistics systems like Clash API</li> <li>Significantly reduces memory usage of idle connections</li> </ul> <p>2:</p> <p>Improved performance and reduced memory usage.</p>"},{"location":"changelog/#13-beta9","title":"1.3-beta9","text":"<ul> <li>Improve multiplex 1</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <p>Added new <code>h2mux</code> multiplex protocol and <code>padding</code> multiplex option, see Multiplex.</p>"},{"location":"changelog/#126","title":"1.2.6","text":"<ul> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#13-beta8","title":"1.3-beta8","text":"<ul> <li>Fix <code>system</code> tun stack for ios</li> <li>Fix network monitor for android/ios</li> <li>Update VLESS and XUDP protocol 1</li> <li>Fixes and improvements</li> </ul> <p>*1:</p> <p>This is an incompatible update for XUDP in VLESS if vision flow is enabled.</p>"},{"location":"changelog/#13-beta7","title":"1.3-beta7","text":"<ul> <li>Add <code>path</code> and <code>headers</code> options for HTTP outbound</li> <li>Add multi-user support for Shadowsocks legacy AEAD inbound</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#124","title":"1.2.4","text":"<ul> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#13-beta6","title":"1.3-beta6","text":"<ul> <li>Fix WireGuard reconnect</li> <li>Perform URLTest recheck after network changes</li> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#13-beta5","title":"1.3-beta5","text":"<ul> <li>Add Clash.Meta API compatibility for Clash API</li> <li>Download Yacd-meta by default if the specified Clash <code>external_ui</code> directory is empty</li> <li>Add path and headers option for HTTP outbound</li> <li>Fixes and improvements</li> </ul>"},{"location":"changelog/#13-beta4","title":"1.3-beta4","text":"<ul> <li>Fix bugs</li> </ul>"},{"location":"changelog/#13-beta2","title":"1.3-beta2","text":"<ul> <li>Download clash-dashboard if the specified Clash <code>external_ui</code> directory is empty</li> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#13-beta1","title":"1.3-beta1","text":"<ul> <li>Add DNS reverse mapping support</li> <li>Add L3 routing support 1</li> <li>Add <code>rewrite_ttl</code> DNS rule action</li> <li>Add FakeIP support 2</li> <li>Add <code>store_fakeip</code> Clash API option</li> <li>Add multi-peer support for WireGuard outbound</li> <li>Add loopback detect</li> </ul> <p>1:</p> <p>It can currently be used to route connections directly to WireGuard or block connections at the IP layer.</p> <p>2:</p> <p>See FAQ for more information.</p>"},{"location":"changelog/#123","title":"1.2.3","text":"<ul> <li>Introducing our new Android client application</li> <li>Improve UDP domain destination NAT</li> <li>Update reality protocol</li> <li>Fix TTL calculation for DNS response</li> <li>Fix v2ray HTTP transport compatibility</li> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#122","title":"1.2.2","text":"<ul> <li>Accept <code>any</code> outbound in dns rule 1</li> <li>Fix bugs and update dependencies</li> </ul> <p>1:</p> <p>Now you can use the <code>any</code> outbound rule to match server address queries instead of filling in all server domains to <code>domain</code> rule.</p>"},{"location":"changelog/#121","title":"1.2.1","text":"<ul> <li>Fix missing default host in v2ray http transport`s request</li> <li>Flush DNS cache for macOS when tun start/close</li> <li>Fix tun's DNS hijacking compatibility with systemd-resolved</li> </ul>"},{"location":"changelog/#120","title":"1.2.0","text":"<ul> <li>Fix bugs and update dependencies</li> </ul> <p>Important changes since 1.1:</p> <ul> <li>Introducing our new iOS client application</li> <li>Introducing UDP over TCP protocol version 2</li> <li>Add platform options for tun inbound</li> <li>Add ShadowTLS protocol v3</li> <li>Add VLESS server and vision support</li> <li>Add reality TLS support</li> <li>Add NTP service</li> <li>Add DHCP DNS server support</li> <li>Add SSH host key validation support</li> <li>Add query_type DNS rule item</li> <li>Add fallback support for v2ray transport</li> <li>Add custom TLS server support for http based v2ray transports</li> <li>Add health check support for http-based v2ray transports</li> <li>Add multiple configuration support</li> </ul>"},{"location":"changelog/#12-rc1","title":"1.2-rc1","text":"<ul> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#12-beta10","title":"1.2-beta10","text":"<ul> <li>Add multiple configuration support 1</li> <li>Fix bugs and update dependencies</li> </ul> <p>1:</p> <p>Now you can pass the parameter <code>--config</code> or <code>-c</code> multiple times, or use the new parameter <code>--config-directory</code> or <code>-C</code> to load all configuration files in a directory.</p> <p>Loaded configuration files are sorted by name. If you want to control the merge order, add a numeric prefix to the file name.</p>"},{"location":"changelog/#117","title":"1.1.7","text":"<ul> <li>Improve the stability of the VMESS server</li> <li>Fix <code>auto_detect_interface</code> incorrectly identifying the default interface on Windows</li> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#12-beta9","title":"1.2-beta9","text":"<ul> <li>Introducing the UDP over TCP protocol version 2</li> <li>Add health check support for http-based v2ray transports</li> <li>Remove length limit on short_id for reality TLS config</li> <li>Fix bugs and update dependencies</li> </ul>"},{"location":"changelog/#12-beta8","title":"1.2-beta8","text":"<ul> <li>Update reality and uTLS libraries</li> <li>Fix <code>auto_detect_interface</code> incorrectly identifying the default interface on Windows</li> </ul>"},{"location":"changelog/#12-beta7","title":"1.2-beta7","text":"<ul> <li>Fix the compatibility issue between VLESS's vision sub-protocol and the Xray-core client</li> <li>Improve the stability of the VMESS server</li> </ul>"},{"location":"changelog/#12-beta6","title":"1.2-beta6","text":"<ul> <li>Introducing our new iOS client application</li> <li>Add platform options for tun inbound</li> <li>Add custom TLS server support for http based v2ray transports</li> <li>Add generate commands</li> <li>Enable XUDP by default in VLESS</li> <li>Update reality server</li> <li>Update vision protocol</li> <li>Fixed user flow in vless server</li> <li>Bug fixes</li> <li>Update dependencies</li> </ul>"},{"location":"changelog/#12-beta5","title":"1.2-beta5","text":"<ul> <li>Add VLESS server and vision support</li> <li>Add reality TLS support</li> <li>Fix match private address</li> </ul>"},{"location":"changelog/#116","title":"1.1.6","text":"<ul> <li>Improve vmess request</li> <li>Fix ipv6 redirect on Linux</li> <li>Fix match geoip private</li> <li>Fix parse hysteria UDP message</li> <li>Fix socks connect response</li> <li>Disable vmess header protection if transport enabled</li> <li>Update QUIC v2 version number and initial salt</li> </ul>"},{"location":"changelog/#12-beta4","title":"1.2-beta4","text":"<ul> <li>Add NTP service</li> <li>Add Add multiple server names and multi-user support for shadowtls</li> <li>Add strict mode support for shadowtls v3</li> <li>Add uTLS support for shadowtls v3</li> </ul>"},{"location":"changelog/#12-beta3","title":"1.2-beta3","text":"<ul> <li>Update QUIC v2 version number and initial salt</li> <li>Fix shadowtls v3 implementation</li> </ul>"},{"location":"changelog/#12-beta2","title":"1.2-beta2","text":"<ul> <li>Add ShadowTLS protocol v3</li> <li>Add fallback support for v2ray transport</li> <li>Fix parse hysteria UDP message</li> <li>Fix socks connect response</li> <li>Disable vmess header protection if transport enabled</li> </ul>"},{"location":"changelog/#12-beta1","title":"1.2-beta1","text":"<ul> <li>Add DHCP DNS server support</li> <li>Add SSH host key validation support</li> <li>Add query_type DNS rule item</li> <li>Add v2ray user stats api</li> <li>Add new clash DNS query api</li> <li>Improve vmess request</li> <li>Fix ipv6 redirect on Linux</li> <li>Fix match geoip private</li> </ul>"},{"location":"changelog/#115","title":"1.1.5","text":"<ul> <li>Add Go 1.20 support</li> <li>Fix inbound default DF value</li> <li>Fix auth_user route for naive inbound</li> <li>Fix gRPC lite header</li> <li>Ignore domain case in route rules</li> </ul>"},{"location":"changelog/#114","title":"1.1.4","text":"<ul> <li>Fix DNS log</li> <li>Fix write to h2 conn after closed</li> <li>Fix create UDP DNS transport from plain IPv6 address</li> </ul>"},{"location":"changelog/#112","title":"1.1.2","text":"<ul> <li>Fix http proxy auth</li> <li>Fix user from stream packet conn</li> <li>Fix DNS response TTL</li> <li>Fix override packet conn</li> <li>Skip override system proxy bypass list</li> <li>Improve DNS log</li> </ul>"},{"location":"changelog/#111","title":"1.1.1","text":"<ul> <li>Fix acme config</li> <li>Fix vmess packet conn</li> <li>Suppress quic-go set DF error</li> </ul>"},{"location":"changelog/#11","title":"1.1","text":"<ul> <li>Fix close clash cache</li> </ul> <p>Important changes since 1.0:</p> <ul> <li>Add support for use with android VPNService</li> <li>Add tun support for WireGuard outbound</li> <li>Add system tun stack</li> <li>Add comment filter for config</li> <li>Add option for allow optional proxy protocol header</li> <li>Add Clash mode and persistence support</li> <li>Add TLS ECH and uTLS support for outbound TLS options</li> <li>Add internal simple-obfs and v2ray-plugin</li> <li>Add ShadowsocksR outbound</li> <li>Add VLESS outbound and XUDP</li> <li>Skip wait for hysteria tcp handshake response</li> <li>Add v2ray mux support for all inbound</li> <li>Add XUDP support for VMess</li> <li>Improve websocket writer</li> <li>Refine tproxy write back</li> <li>Fix DNS leak caused by Windows' ordinary multihomed DNS resolution behavior</li> <li>Add sniff_timeout listen option</li> <li>Add custom route support for tun</li> <li>Add option for custom wireguard reserved bytes</li> <li>Split bind_address into ipv4 and ipv6</li> <li>Add ShadowTLS v1 and v2 support</li> </ul>"},{"location":"changelog/#11-rc1","title":"1.1-rc1","text":"<ul> <li>Fix TLS config for h2 server</li> <li>Fix crash when input bad method in shadowsocks multi-user inbound</li> <li>Fix listen UDP</li> <li>Fix check invalid packet on macOS</li> </ul>"},{"location":"changelog/#11-beta18","title":"1.1-beta18","text":"<ul> <li>Enhance defense against active probe for shadowtls server 1</li> </ul> <p>1:</p> <p>The <code>fallback_after</code> option has been removed.</p>"},{"location":"changelog/#11-beta17","title":"1.1-beta17","text":"<ul> <li>Fix shadowtls server 1</li> </ul> <p>1:</p> <p>Added fallback_after option.</p>"},{"location":"changelog/#107","title":"1.0.7","text":"<ul> <li>Add support for new x/h2 deadline</li> <li>Fix copy pipe</li> <li>Fix decrypt xplus packet</li> <li>Fix macOS Ventura process name match</li> <li>Fix smux keepalive</li> <li>Fix vmess request buffer</li> <li>Fix h2c transport</li> <li>Fix tor geoip</li> <li>Fix udp connect for mux client</li> <li>Fix default dns transport strategy</li> </ul>"},{"location":"changelog/#11-beta16","title":"1.1-beta16","text":"<ul> <li>Improve shadowtls server</li> <li>Fix default dns transport strategy</li> <li>Update uTLS to v1.2.0</li> </ul>"},{"location":"changelog/#11-beta15","title":"1.1-beta15","text":"<ul> <li>Add support for new x/h2 deadline</li> <li>Fix udp connect for mux client</li> <li>Fix dns buffer</li> <li>Fix quic dns retry</li> <li>Fix create TLS config</li> <li>Fix websocket alpn</li> <li>Fix tor geoip</li> </ul>"},{"location":"changelog/#11-beta14","title":"1.1-beta14","text":"<ul> <li>Add multi-user support for hysteria inbound 1</li> <li>Add custom tls client support for std grpc</li> <li>Fix smux keep alive</li> <li>Fix vmess request buffer</li> <li>Fix default local DNS server behavior</li> <li>Fix h2c transport</li> </ul> <p>1:</p> <p>The <code>auth</code> and <code>auth_str</code> fields have been replaced by the <code>users</code> field.</p>"},{"location":"changelog/#11-beta13","title":"1.1-beta13","text":"<ul> <li>Add custom worker count option for WireGuard outbound</li> <li>Split bind_address into ipv4 and ipv6</li> <li>Move WFP manipulation to strict route</li> <li>Fix WireGuard outbound panic when close</li> <li>Fix macOS Ventura process name match</li> <li>Fix QUIC connection migration by @HyNetwork</li> <li>Fix handling QUIC client SNI by @HyNetwork</li> </ul>"},{"location":"changelog/#11-beta12","title":"1.1-beta12","text":"<ul> <li>Fix uTLS config</li> <li>Update quic-go to v0.30.0</li> <li>Update cloudflare-tls to go1.18.7</li> </ul>"},{"location":"changelog/#11-beta11","title":"1.1-beta11","text":"<ul> <li>Add option for custom wireguard reserved bytes</li> <li>Fix shadowtls v2</li> <li>Fix h3 dns transport</li> <li>Fix copy pipe</li> <li>Fix decrypt xplus packet</li> <li>Fix v2ray api</li> <li>Suppress no network error</li> <li>Improve local dns transport</li> </ul>"},{"location":"changelog/#11-beta10","title":"1.1-beta10","text":"<ul> <li>Add sniff_timeout listen option</li> <li>Add custom route support for tun 1</li> <li>Fix interface monitor</li> <li>Fix websocket headroom</li> <li>Fix uTLS handshake</li> <li>Fix ssh outbound</li> <li>Fix sniff fragmented quic client hello</li> <li>Fix DF for hysteria</li> <li>Fix naive overflow</li> <li>Check destination before udp connect</li> <li>Update uTLS to v1.1.5</li> <li>Update tfo-go to v2.0.2</li> <li>Update fsnotify to v1.6.0</li> <li>Update grpc to v1.50.1</li> </ul> <p>1:</p> <p>The <code>strict_route</code> on windows is removed.</p>"},{"location":"changelog/#106","title":"1.0.6","text":"<ul> <li>Fix ssh outbound</li> <li>Fix sniff fragmented quic client hello</li> <li>Fix naive overflow</li> <li>Check destination before udp connect</li> </ul>"},{"location":"changelog/#11-beta9","title":"1.1-beta9","text":"<ul> <li>Fix windows route 1</li> <li>Add v2ray statistics api</li> <li>Add ShadowTLS v2 support 2</li> <li>Fixes and improvements</li> </ul> <p>1:</p> <ul> <li>Fix DNS leak caused by Windows' ordinary multihomed DNS resolution behavior</li> <li>Flush Windows DNS cache when start/close</li> </ul> <p>2:</p> <p>See ShadowTLS inbound and ShadowTLS outbound</p>"},{"location":"changelog/#11-beta8","title":"1.1-beta8","text":"<ul> <li>Fix leaks on close</li> <li>Improve websocket writer</li> <li>Refine tproxy write back</li> <li>Refine 4in6 processing</li> <li>Fix shadowsocks plugins</li> <li>Fix missing source address from transport connection</li> <li>Fix fqdn socks5 outbound connection</li> <li>Fix read source address from grpc-go</li> </ul>"},{"location":"changelog/#105","title":"1.0.5","text":"<ul> <li>Fix missing source address from transport connection</li> <li>Fix fqdn socks5 outbound connection</li> <li>Fix read source address from grpc-go</li> </ul>"},{"location":"changelog/#11-beta7","title":"1.1-beta7","text":"<ul> <li>Add v2ray mux and XUDP support for VMess inbound</li> <li>Add XUDP support for VMess outbound</li> <li>Disable DF on direct outbound by default</li> <li>Fix bugs in 1.1-beta6</li> </ul>"},{"location":"changelog/#11-beta6","title":"1.1-beta6","text":"<ul> <li>Add URLTest outbound</li> <li>Fix bugs in 1.1-beta5</li> </ul>"},{"location":"changelog/#11-beta5","title":"1.1-beta5","text":"<ul> <li>Print tags in version command</li> <li>Redirect clash hello to external ui</li> <li>Move shadowsocksr implementation to clash</li> <li>Make gVisor optional 1</li> <li>Refactor to miekg/dns</li> <li>Refactor bind control</li> <li>Fix build on go1.18</li> <li>Fix clash store-selected</li> <li>Fix close grpc conn</li> <li>Fix port rule match logic</li> <li>Fix clash api proxy type</li> </ul> <p>1:</p> <p>The build tag <code>no_gvisor</code> is replaced by <code>with_gvisor</code>.</p> <p>The default tun stack is changed to system.</p>"},{"location":"changelog/#104","title":"1.0.4","text":"<ul> <li>Fix close grpc conn</li> <li>Fix port rule match logic</li> <li>Fix clash api proxy type</li> </ul>"},{"location":"changelog/#11-beta4","title":"1.1-beta4","text":"<ul> <li>Add internal simple-obfs and v2ray-plugin Shadowsocks plugins</li> <li>Add ShadowsocksR outbound</li> <li>Add VLESS outbound and XUDP</li> <li>Skip wait for hysteria tcp handshake response</li> <li>Fix socks4 client</li> <li>Fix hysteria inbound</li> <li>Fix concurrent write</li> </ul>"},{"location":"changelog/#103","title":"1.0.3","text":"<ul> <li>Fix socks4 client</li> <li>Fix hysteria inbound</li> <li>Fix concurrent write</li> </ul>"},{"location":"changelog/#11-beta3","title":"1.1-beta3","text":"<ul> <li>Fix using custom TLS client in http2 client</li> <li>Fix bugs in 1.1-beta2</li> </ul>"},{"location":"changelog/#11-beta2","title":"1.1-beta2","text":"<ul> <li>Add Clash mode and persistence support 1</li> <li>Add TLS ECH and uTLS support for outbound TLS options 2</li> <li>Fix socks4 request</li> <li>Fix processing empty dns result</li> </ul> <p>1:</p> <p>Switching modes using the Clash API, and <code>store-selected</code> are now supported, see Experimental.</p> <p>2:</p> <p>ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message, see TLS#ECH.</p> <p>uTLS is a fork of \"crypto/tls\", which provides ClientHello fingerprinting resistance, see TLS#uTLS.</p>"},{"location":"changelog/#102","title":"1.0.2","text":"<ul> <li>Fix socks4 request</li> <li>Fix processing empty dns result</li> </ul>"},{"location":"changelog/#11-beta1","title":"1.1-beta1","text":"<ul> <li>Add support for use with android VPNService 1</li> <li>Add tun support for WireGuard outbound 2</li> <li>Add system tun stack 3</li> <li>Add comment filter for config 4</li> <li>Add option for allow optional proxy protocol header</li> <li>Add half close for smux</li> <li>Set UDP DF by default 5</li> <li>Set default tun mtu to 9000</li> <li>Update gVisor to 20220905.0</li> </ul> <p>1:</p> <p>In previous versions, Android VPN would not work with tun enabled.</p> <p>The usage of tun over VPN and VPN over tun is now supported, see Tun Inbound.</p> <p>2:</p> <p>In previous releases, WireGuard outbound support was backed by the lower performance gVisor virtual interface.</p> <p>It achieves the same performance as wireguard-go by providing automatic system interface support.</p> <p>3:</p> <p>It does not depend on gVisor and has better performance in some cases.</p> <p>It is less compatible and may not be available in some environments.</p> <p>4:</p> <p>Annotated json configuration files are now supported.</p> <p>5:</p> <p>UDP fragmentation is now blocked by default.</p> <p>Including shadowsocks-libev, shadowsocks-rust and quic-go all disable segmentation by default.</p> <p>See Dial Fields and Listen Fields.</p>"},{"location":"changelog/#101","title":"1.0.1","text":"<ul> <li>Fix match 4in6 address in ip_cidr</li> <li>Fix clash api log level format error</li> <li>Fix clash api unknown proxy type</li> </ul>"},{"location":"changelog/#10","title":"1.0","text":"<ul> <li>Fix wireguard reconnect</li> <li>Fix naive inbound</li> <li>Fix json format error message</li> <li>Fix processing vmess termination signal</li> <li>Fix hysteria stream error</li> <li>Fix listener close when proxyproto failed</li> </ul>"},{"location":"changelog/#10-rc1","title":"1.0-rc1","text":"<ul> <li>Fix write log timestamp</li> <li>Fix write zero</li> <li>Fix dial parallel in direct outbound</li> <li>Fix write trojan udp</li> <li>Fix DNS routing</li> <li>Add attribute support for geosite</li> <li>Update documentation for Dial Fields</li> </ul>"},{"location":"changelog/#10-beta3","title":"1.0-beta3","text":"<ul> <li>Add chained inbound support</li> <li>Add process_path rule item</li> <li>Add macOS redirect support</li> <li>Add ShadowTLS Inbound, Outbound and Examples</li> <li>Fix search android package in non-owner users</li> <li>Fix socksaddr type condition</li> <li>Fix smux session status</li> <li>Refactor inbound and outbound documentation</li> <li>Minor fixes</li> </ul>"},{"location":"changelog/#10-beta2","title":"1.0-beta2","text":"<ul> <li>Add strict_route option for Tun inbound</li> <li>Add packetaddr support for VMess outbound</li> <li>Add better performing alternative gRPC implementation</li> <li>Add docker image</li> <li>Fix sniff override destination</li> </ul>"},{"location":"changelog/#10-beta1","title":"1.0-beta1","text":"<ul> <li>Initial release</li> </ul>"},{"location":"changelog/#20220826","title":"2022/08/26","text":"<ul> <li>Fix ipv6 route on linux</li> <li>Fix read DNS message</li> </ul>"},{"location":"changelog/#20220825","title":"2022/08/25","text":"<ul> <li>Let vmess use zero instead of auto if TLS enabled</li> <li>Add trojan fallback for ALPN</li> <li>Improve ip_cidr rule</li> <li>Fix format bind_address</li> <li>Fix http proxy with compressed response</li> <li>Fix route connections</li> </ul>"},{"location":"changelog/#20220824","title":"2022/08/24","text":"<ul> <li>Fix naive padding</li> <li>Fix unix search path</li> <li>Fix close non-duplex connections</li> <li>Add ACME EAB support</li> <li>Fix early close on windows and catch any</li> <li>Initial zh-CN document translation</li> </ul>"},{"location":"changelog/#20220823","title":"2022/08/23","text":"<ul> <li>Add V2Ray Transport support for VMess and Trojan</li> <li>Allow plain http request in Naive inbound (It can now be used with nginx)</li> <li>Add proxy protocol support</li> <li>Free memory after start</li> <li>Parse X-Forward-For in HTTP requests</li> <li>Handle SIGHUP signal</li> </ul>"},{"location":"changelog/#20220822","title":"2022/08/22","text":"<ul> <li>Add strategy setting for each DNS server</li> <li>Add bind address to outbound options</li> </ul>"},{"location":"changelog/#20220821","title":"2022/08/21","text":"<ul> <li>Add Tor outbound</li> <li>Add SSH outbound</li> </ul>"},{"location":"changelog/#20220820","title":"2022/08/20","text":"<ul> <li>Attempt to unwrap ip-in-fqdn socksaddr</li> <li>Fix read packages in android 12</li> <li>Fix route on some android devices</li> <li>Improve linux process searcher</li> <li>Fix write socks5 username password auth request</li> <li>Skip bind connection with private destination to interface</li> <li>Add Trojan connection fallback</li> </ul>"},{"location":"changelog/#20220819","title":"2022/08/19","text":"<ul> <li>Add Hysteria Inbound and Outbund</li> <li>Add ACME TLS certificate issuer</li> <li>Allow read config from stdin (-c stdin)</li> <li>Update gVisor to 20220815.0</li> </ul>"},{"location":"changelog/#20220818","title":"2022/08/18","text":"<ul> <li>Fix find process with lwip stack</li> <li>Fix crash on shadowsocks server</li> <li>Fix crash on darwin tun</li> <li>Fix write log to file</li> </ul>"},{"location":"changelog/#20220817","title":"2022/08/17","text":"<ul> <li>Improve async dns transports</li> </ul>"},{"location":"changelog/#20220816","title":"2022/08/16","text":"<ul> <li>Add ip_version (route/dns) rule item</li> <li>Add WireGuard outbound</li> </ul>"},{"location":"changelog/#20220815","title":"2022/08/15","text":"<ul> <li>Add uid, android user and package rules support in Tun routing.</li> </ul>"},{"location":"changelog/#20220813","title":"2022/08/13","text":"<ul> <li>Fix dns concurrent write</li> </ul>"},{"location":"changelog/#20220812","title":"2022/08/12","text":"<ul> <li>Performance improvements</li> <li>Add UoT option for SOCKS outbound</li> </ul>"},{"location":"changelog/#20220811","title":"2022/08/11","text":"<ul> <li>Add UoT option for Shadowsocks outbound, UoT support for all inbounds</li> </ul>"},{"location":"changelog/#20220810","title":"2022/08/10","text":"<ul> <li>Add full-featured Naive inbound</li> <li>Fix default dns server option #9 by iKirby</li> </ul>"},{"location":"changelog/#20220809","title":"2022/08/09","text":"<p>No changelog before.</p>"},{"location":"deprecated/","title":"Deprecated Feature List","text":""},{"location":"deprecated/#1110","title":"1.11.0","text":""},{"location":"deprecated/#legacy-special-outbounds","title":"Legacy special outbounds","text":"<p>Legacy special outbounds (<code>block</code> / <code>dns</code>) are deprecated and can be replaced by rule actions, check Migration.</p> <p>Old fields will be removed in sing-box 1.13.0.</p>"},{"location":"deprecated/#legacy-inbound-fields","title":"Legacy inbound fields","text":"<p>Legacy inbound fields \uff08<code>inbound.&lt;sniff/domain_strategy/...&gt;</code> are deprecated and can be replaced by rule actions, check Migration.</p> <p>Old fields will be removed in sing-box 1.13.0.</p>"},{"location":"deprecated/#destination-override-fields-in-direct-outbound","title":"Destination override fields in direct outbound","text":"<p>Destination override fields (<code>override_address</code> / <code>override_port</code>) in direct outbound are deprecated and can be replaced by rule actions, check Migration.</p>"},{"location":"deprecated/#wireguard-outbound","title":"WireGuard outbound","text":"<p>WireGuard outbound is deprecated and can be replaced by endpoint, check Migration.</p> <p>Old outbound will be removed in sing-box 1.13.0.</p>"},{"location":"deprecated/#gso-option-in-tun","title":"GSO option in TUN","text":"<p>GSO has no advantages for transparent proxy scenarios, is deprecated and no longer works in TUN.</p> <p>Old fields will be removed in sing-box 1.13.0.</p>"},{"location":"deprecated/#1100","title":"1.10.0","text":""},{"location":"deprecated/#tun-address-fields-are-merged","title":"TUN address fields are merged","text":"<p><code>inet4_address</code> and <code>inet6_address</code> are merged into <code>address</code>, <code>inet4_route_address</code> and <code>inet6_route_address</code> are merged into <code>route_address</code>, <code>inet4_route_exclude_address</code> and <code>inet6_route_exclude_address</code> are merged into <code>route_exclude_address</code>.</p> <p>Old fields will be removed in sing-box 1.12.0.</p>"},{"location":"deprecated/#match-source-rule-items-are-renamed","title":"Match source rule items are renamed","text":"<p><code>rule_set_ipcidr_match_source</code> route and DNS rule items are renamed to <code>rule_set_ip_cidr_match_source</code> and will be remove in sing-box 1.11.0.</p>"},{"location":"deprecated/#drop-support-for-go118-and-go119","title":"Drop support for go1.18 and go1.19","text":"<p>Due to maintenance difficulties, sing-box 1.10.0 requires at least Go 1.20 to compile.</p>"},{"location":"deprecated/#180","title":"1.8.0","text":""},{"location":"deprecated/#cache-file-and-related-features-in-clash-api","title":"Cache file and related features in Clash API","text":"<p><code>cache_file</code> and related features in Clash API is migrated to independent <code>cache_file</code> options, check Migration.</p>"},{"location":"deprecated/#geoip","title":"GeoIP","text":"<p>GeoIP is deprecated and will be removed in sing-box 1.12.0.</p> <p>The maxmind GeoIP National Database, as an IP classification database, is not entirely suitable for traffic bypassing, and all existing implementations suffer from high memory usage and difficult management.</p> <p>sing-box 1.8.0 introduces rule-set, which can completely replace GeoIP, check Migration.</p>"},{"location":"deprecated/#geosite","title":"Geosite","text":"<p>Geosite is deprecated and will be removed in sing-box 1.12.0.</p> <p>Geosite, the <code>domain-list-community</code> project maintained by V2Ray as an early traffic bypassing solution, suffers from a number of problems, including lack of maintenance, inaccurate rules, and difficult management.</p> <p>sing-box 1.8.0 introduces rule-set, which can completely replace Geosite, check Migration.</p>"},{"location":"deprecated/#160","title":"1.6.0","text":"<p>The following features will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.</p>"},{"location":"deprecated/#shadowsocksr","title":"ShadowsocksR","text":"<p>ShadowsocksR support has never been enabled by default, since the most commonly used proxy sales panel in the illegal industry stopped using this protocol, it does not make sense to continue to maintain it.</p>"},{"location":"deprecated/#proxy-protocol","title":"Proxy Protocol","text":"<p>Proxy Protocol is added by Pull Request, has problems, is only used by the backend of HTTP multiplexers such as nginx, is intrusive, and is meaningless for proxy purposes.</p>"},{"location":"migration/","title":"Migration","text":""},{"location":"migration/#1110","title":"1.11.0","text":""},{"location":"migration/#migrate-legacy-special-outbounds-to-rule-actions","title":"Migrate legacy special outbounds to rule actions","text":"<p>Legacy special outbounds are deprecated and can be replaced by rule actions.</p> <p>References</p> <p>Rule Action / Block / DNS</p> BlockDNS Deprecated New <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"block\",\n \"tag\": \"block\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n ...,\n\n \"outbound\": \"block\"\n }\n ]\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n ...,\n\n \"action\": \"reject\"\n }\n ]\n }\n}\n</code></pre> Deprecated New <pre><code>{\n \"inbound\": [\n {\n ...,\n\n \"sniff\": true\n }\n ],\n \"outbounds\": [\n {\n \"tag\": \"dns\",\n \"type\": \"dns\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"protocol\": \"dns\",\n \"outbound\": \"dns\"\n }\n ]\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"action\": \"sniff\"\n },\n {\n \"protocol\": \"dns\",\n \"action\": \"hijack-dns\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"migration/#migrate-legacy-inbound-fields-to-rule-actions","title":"Migrate legacy inbound fields to rule actions","text":"<p>Inbound fields are deprecated and can be replaced by rule actions.</p> <p>References</p> <p>Listen Fields / Rule / Rule Action / DNS Rule / DNS Rule Action</p> Deprecated New <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"mixed\",\n \"sniff\": true,\n \"sniff_timeout\": \"1s\",\n \"domain_strategy\": \"prefer_ipv4\"\n }\n ]\n}\n</code></pre> <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"mixed\",\n \"tag\": \"in\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"inbound\": \"in\",\n \"action\": \"resolve\",\n \"strategy\": \"prefer_ipv4\"\n },\n {\n \"inbound\": \"in\",\n \"action\": \"sniff\",\n \"timeout\": \"1s\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"migration/#migrate-destination-override-fields-to-route-options","title":"Migrate destination override fields to route options","text":"<p>Destination override fields in direct outbound are deprecated and can be replaced by route options.</p> <p>References</p> <p>Rule Action / Direct</p> Deprecated New <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"direct\",\n \"override_address\": \"1.1.1.1\",\n \"override_port\": 443\n }\n ]\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"action\": \"route-options\", // or route\n \"override_address\": \"1.1.1.1\",\n \"override_port\": 443\n }\n ]\n }\n</code></pre>"},{"location":"migration/#migrate-wireguard-outbound-to-endpoint","title":"Migrate WireGuard outbound to endpoint","text":"<p>WireGuard outbound is deprecated and can be replaced by endpoint.</p> <p>References</p> <p>Endpoint / WireGuard Endpoint / WireGuard Outbound</p> Deprecated New <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"wireguard\",\n \"tag\": \"wg-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 10001,\n \"system_interface\": true,\n \"gso\": true,\n \"interface_name\": \"wg0\",\n \"local_address\": [\n \"10.0.0.1/32\"\n ],\n \"private_key\": \"&lt;private_key&gt;\",\n \"peer_public_key\": \"&lt;peer_public_key&gt;\",\n \"pre_shared_key\": \"&lt;pre_shared_key&gt;\",\n \"reserved\": [0, 0, 0],\n \"mtu\": 1408\n }\n ]\n}\n</code></pre> <pre><code>{\n \"endpoints\": [\n {\n \"type\": \"wireguard\",\n \"tag\": \"wg-ep\",\n \"system\": true,\n \"name\": \"wg0\",\n \"mtu\": 1408,\n \"address\": [\n \"10.0.0.2/32\"\n ],\n \"private_key\": \"&lt;private_key&gt;\",\n \"listen_port\": 10000,\n \"peers\": [\n {\n \"address\": \"127.0.0.1\",\n \"port\": 10001,\n \"public_key\": \"&lt;peer_public_key&gt;\",\n \"pre_shared_key\": \"&lt;pre_shared_key&gt;\",\n \"allowed_ips\": [\n \"0.0.0.0/0\"\n ],\n \"persistent_keepalive_interval\": 30,\n \"reserved\": [0, 0, 0]\n }\n ]\n }\n ]\n}\n</code></pre>"},{"location":"migration/#1100","title":"1.10.0","text":""},{"location":"migration/#tun-address-fields-are-merged","title":"TUN address fields are merged","text":"<p><code>inet4_address</code> and <code>inet6_address</code> are merged into <code>address</code>, <code>inet4_route_address</code> and <code>inet6_route_address</code> are merged into <code>route_address</code>, <code>inet4_route_exclude_address</code> and <code>inet6_route_exclude_address</code> are merged into <code>route_exclude_address</code>.</p> <p>References</p> <p>TUN</p> Deprecated New <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"inet4_address\": \"172.19.0.1/30\",\n \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n \"inet4_route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\"\n ],\n \"inet6_route_address\": [\n \"::/1\",\n \"8000::/1\"\n ],\n \"inet4_route_exclude_address\": [\n \"192.168.0.0/16\"\n ],\n \"inet6_route_exclude_address\": [\n \"fc00::/7\"\n ]\n }\n ]\n}\n</code></pre> <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"address\": [\n \"172.19.0.1/30\",\n \"fdfe:dcba:9876::1/126\"\n ],\n \"route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\",\n \"::/1\",\n \"8000::/1\"\n ],\n \"route_exclude_address\": [\n \"192.168.0.0/16\",\n \"fc00::/7\"\n ]\n }\n ]\n}\n</code></pre>"},{"location":"migration/#195","title":"1.9.5","text":""},{"location":"migration/#bundle-identifier-updates-in-apple-platform-clients","title":"Bundle Identifier updates in Apple platform clients","text":"<p>Due to problems with our old Apple developer account, we can only change Bundle Identifiers to re-list sing-box apps, which means the data will not be automatically inherited.</p> <p>For iOS, you need to back up your old data yourself (if you still have access to it); for tvOS, you need to re-import profiles from your iPhone or iPad or create it manually; for macOS, you can migrate the data folder using the following command:</p> <pre><code>cd ~/Library/Group\\ Containers &amp;&amp; \\ \n mv group.io.nekohasekai.sfa group.io.nekohasekai.sfavt\n</code></pre>"},{"location":"migration/#190","title":"1.9.0","text":""},{"location":"migration/#domain_suffix-behavior-update","title":"<code>domain_suffix</code> behavior update","text":"<p>For historical reasons, sing-box's <code>domain_suffix</code> rule matches literal prefixes instead of the same as other projects.</p> <p>sing-box 1.9.0 modifies the behavior of <code>domain_suffix</code>: If the rule value is prefixed with <code>.</code>, the behavior is unchanged, otherwise it matches <code>(domain|.+\\.domain)</code> instead.</p>"},{"location":"migration/#process_path-format-update-on-windows","title":"<code>process_path</code> format update on Windows","text":"<p>The <code>process_path</code> rule of sing-box is inherited from Clash, the original code uses the local system's path format (e.g. <code>\\Device\\HarddiskVolume1\\folder\\program.exe</code>), but when the device has multiple disks, the HarddiskVolume serial number is not stable.</p> <p>sing-box 1.9.0 make QueryFullProcessImageNameW output a Win32 path (such as <code>C:\\folder\\program.exe</code>), which will disrupt the existing <code>process_path</code> use cases in Windows.</p>"},{"location":"migration/#180","title":"1.8.0","text":""},{"location":"migration/#migrate-cache-file-from-clash-api-to-independent-options","title":"Migrate cache file from Clash API to independent options","text":"<p>References</p> <p>Clash API / Cache File</p> Deprecated New <pre><code>{\n \"experimental\": {\n \"clash_api\": {\n \"cache_file\": \"cache.db\", // default value\n \"cahce_id\": \"my_profile2\",\n \"store_mode\": true,\n \"store_selected\": true,\n \"store_fakeip\": true\n }\n }\n}\n</code></pre> <pre><code>{\n \"experimental\" : {\n \"cache_file\": {\n \"enabled\": true,\n \"path\": \"cache.db\", // default value\n \"cache_id\": \"my_profile2\",\n \"store_fakeip\": true\n }\n }\n}\n</code></pre>"},{"location":"migration/#migrate-geoip-to-rule-sets","title":"Migrate GeoIP to rule-sets","text":"<p>References</p> <p>GeoIP / Route / Route Rule / DNS Rule / rule-set</p> <p>Tip</p> <p><code>sing-box geoip</code> commands can help you convert custom GeoIP into rule-sets.</p> Deprecated New <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"geoip\": \"private\",\n \"outbound\": \"direct\"\n },\n {\n \"geoip\": \"cn\",\n \"outbound\": \"direct\"\n },\n {\n \"source_geoip\": \"cn\",\n \"outbound\": \"block\"\n }\n ],\n \"geoip\": {\n \"download_detour\": \"proxy\"\n }\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"ip_is_private\": true,\n \"outbound\": \"direct\"\n },\n {\n \"rule_set\": \"geoip-cn\",\n \"outbound\": \"direct\"\n },\n {\n \"rule_set\": \"geoip-us\",\n \"rule_set_ipcidr_match_source\": true,\n \"outbound\": \"block\"\n }\n ],\n \"rule_set\": [\n {\n \"tag\": \"geoip-cn\",\n \"type\": \"remote\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\",\n \"download_detour\": \"proxy\"\n },\n {\n \"tag\": \"geoip-us\",\n \"type\": \"remote\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-us.srs\",\n \"download_detour\": \"proxy\"\n }\n ]\n },\n \"experimental\": {\n \"cache_file\": {\n \"enabled\": true // required to save rule-set cache\n }\n }\n}\n</code></pre>"},{"location":"migration/#migrate-geosite-to-rule-sets","title":"Migrate Geosite to rule-sets","text":"<p>References</p> <p>Geosite / Route / Route Rule / DNS Rule / rule-set</p> <p>Tip</p> <p><code>sing-box geosite</code> commands can help you convert custom Geosite into rule-sets.</p> Deprecated New <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"geosite\": \"cn\",\n \"outbound\": \"direct\"\n }\n ],\n \"geosite\": {\n \"download_detour\": \"proxy\"\n }\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"rule_set\": \"geosite-cn\",\n \"outbound\": \"direct\"\n }\n ],\n \"rule_set\": [\n {\n \"tag\": \"geosite-cn\",\n \"type\": \"remote\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs\",\n \"download_detour\": \"proxy\"\n }\n ]\n },\n \"experimental\": {\n \"cache_file\": {\n \"enabled\": true // required to save rule-set cache\n }\n }\n}\n</code></pre>"},{"location":"sponsors/","title":"Sponsors","text":"<p>Do you or your friends use sing-box?</p> <p>You can help keep the project bug-free and feature rich by sponsoring the project maintainer via GitHub Sponsors.</p> <p></p>"},{"location":"sponsors/#special-sponsors","title":"Special Sponsors","text":"<p>Viral Tech, Inc.</p> <p>Helping us re-list sing-box apps on the Apple Store.</p> <p></p> <p>Free license for the amazing IDEs.</p>"},{"location":"support/","title":"Support","text":"Channel Link GitHub Issues https://github.com/SagerNet/sing-box/issues Telegram notification channel https://t.me/yapnc Telegram user group https://t.me/yapug Email contact@sagernet.org"},{"location":"clients/","title":"Graphical Clients","text":"<p>Maintained by Project S to provide a unified experience and platform-specific functionality.</p> Platform Client Android sing-box for Android iOS/macOS/Apple tvOS sing-box for Apple platforms Desktop Working in progress <p>Some third-party projects that claim to use sing-box or use sing-box as a selling point are not listed here. The core motivation of the maintainers of such projects is to acquire more users, and even though they provide friendly VPN client features, the code is usually of poor quality and contains ads.</p>"},{"location":"clients/general/","title":"General","text":"<p>Describes and explains the functions implemented uniformly by sing-box graphical clients.</p>"},{"location":"clients/general/#profile","title":"Profile","text":"<p>Profile describes a sing-box configuration file and its state.</p>"},{"location":"clients/general/#local","title":"Local","text":"<ul> <li>Local Profile represents a local sing-box configuration with minimal state</li> <li>The graphical client must provide an editor to modify configuration content</li> </ul>"},{"location":"clients/general/#icloud-on-ios-and-macos","title":"iCloud (on iOS and macOS)","text":"<ul> <li>iCloud Profile represents a remote sing-box configuration with iCloud as the update source</li> <li>The configuration file is stored in the sing-box folder under iCloud</li> <li>The graphical client must provide an editor to modify configuration content</li> </ul>"},{"location":"clients/general/#remote","title":"Remote","text":"<ul> <li>Remote Profile represents a remote sing-box configuration with a URL as the update source.</li> <li>The graphical client should provide a configuration content viewer</li> <li>The graphical client must implement automatic profile update (default interval is 60 minutes) and HTTP Basic authorization.</li> </ul> <p>At the same time, the graphical client must provide support for importing remote profiles through a specific URL Scheme. The URL is defined as follows:</p> <pre><code>sing-box://import-remote-profile?url=urlEncodedURL#urlEncodedName\n</code></pre>"},{"location":"clients/general/#dashboard","title":"Dashboard","text":"<p>While the sing-box service is running, the graphical client should provide a Dashboard interface to manage the service.</p>"},{"location":"clients/general/#status","title":"Status","text":"<p>Dashboard should display status information such as memory, connection, and traffic.</p>"},{"location":"clients/general/#mode","title":"Mode","text":"<p>Dashboard should provide a Mode selector for switching when the configuration uses at least two <code>clash_mode</code> values.</p>"},{"location":"clients/general/#groups","title":"Groups","text":"<p>When the configuration includes group outbounds (specifically, Selector or URLTest), the dashboard should provide a Group selector for status display or switching.</p>"},{"location":"clients/general/#chore","title":"Chore","text":""},{"location":"clients/general/#core","title":"Core","text":"<p>Graphical clients should provide a Core region:</p> <ul> <li>Display the current sing-box version</li> <li>Provides a button to clean the working directory</li> <li>Provides a memory limiter switch</li> </ul>"},{"location":"clients/privacy/","title":"Privacy policy","text":"<p>sing-box and official graphics clients do not collect or share personal data, and the data generated by the software is always on your device.</p>"},{"location":"clients/privacy/#android","title":"Android","text":"<p>If your configuration contains <code>wifi_ssid</code> or <code>wifi_bssid</code> routing rules, sing-box uses the location permission in the background to get information about the connected Wi-Fi network to make them work.</p>"},{"location":"clients/android/","title":"sing-box for Android","text":"<p>SFA allows users to manage and run local or remote sing-box configuration files, and provides platform-specific function implementation, such as TUN transparent proxy implementation.</p>"},{"location":"clients/android/#requirements","title":"Requirements","text":"<ul> <li>Android 5.0+</li> </ul>"},{"location":"clients/android/#download","title":"Download","text":"<ul> <li>Play Store</li> <li>Play Store (Beta)</li> <li>GitHub Releases</li> <li>F-Droid (Unified signature via reproducible builds)</li> </ul>"},{"location":"clients/android/#source-code","title":"Source code","text":"<ul> <li>GitHub</li> </ul>"},{"location":"clients/android/features/","title":"Features","text":""},{"location":"clients/android/features/#ui-options","title":"UI options","text":"<ul> <li>Display realtime network speed in the notification</li> </ul>"},{"location":"clients/android/features/#service","title":"Service","text":"<p>SFA allows you to run sing-box through ForegroundService or VpnService (when TUN is required).</p>"},{"location":"clients/android/features/#tun","title":"TUN","text":"<p>SFA provides an unprivileged TUN implementation through Android VpnService.</p> TUN inbound option Available Note <code>interface_name</code> Managed by Android <code>inet4_address</code> / <code>inet6_address</code> / <code>mtu</code> / <code>gso</code> No permission <code>auto_route</code> / <code>strict_route</code> Not implemented <code>inet4_route_address</code> / <code>inet6_route_address</code> / <code>inet4_route_exclude_address</code> / <code>inet6_route_exclude_address</code> / <code>endpoint_independent_nat</code> / <code>stack</code> / <code>include_interface</code> No permission <code>exclude_interface</code> No permission <code>include_uid</code> No permission <code>exclude_uid</code> No permission <code>include_android_user</code> No permission <code>include_package</code> / <code>exclude_package</code> / <code>platform</code> / Route/DNS rule option Available Note <code>process_name</code> No permission <code>process_path</code> No permission <code>process_path_regex</code> No permission <code>package_name</code> / <code>user</code> Use <code>package_name</code> instead <code>user_id</code> Use <code>package_name</code> instead <code>wifi_ssid</code> Fine location permission required <code>wifi_bssid</code> Fine location permission required"},{"location":"clients/android/features/#override","title":"Override","text":"<p>Overrides profile configuration items with platform-specific values.</p>"},{"location":"clients/android/features/#per-app-proxy","title":"Per-app proxy","text":"<p>SFA allows you to select a list of Android apps that require proxying or bypassing in the graphical interface to override the <code>include_package</code> and <code>exclude_package</code> configuration items.</p> <p>In particular, the selector also provides the \u201cChina apps\u201d scanning feature, providing Chinese users with an excellent experience to bypass apps that do not require a proxy. Specifically, by scanning China application or SDK characteristics through dex class path and other means, there will be almost no missed reports.</p>"},{"location":"clients/android/features/#chore","title":"Chore","text":"<ul> <li>The working directory is located at <code>/sdcard/Android/data/io.nekohasekai.sfa/files</code> (External files directory)</li> <li>Crash logs is located in <code>$working_directory/stderr.log</code></li> </ul>"},{"location":"clients/apple/","title":"sing-box for Apple platforms","text":"<p>SFI/SFM/SFT allows users to manage and run local or remote sing-box configuration files, and provides platform-specific function implementation, such as TUN transparent proxy implementation.</p>"},{"location":"clients/apple/#requirements","title":"Requirements","text":"<ul> <li>iOS 15.0+ / macOS 13.0+ / Apple tvOS 17.0+</li> <li>An Apple account outside of mainland China</li> </ul>"},{"location":"clients/apple/#download","title":"Download","text":"<ul> <li>App Store</li> <li>TestFlight (Beta)</li> </ul> <p>TestFlight quota is only available to sponsors (one-time sponsorships are accepted). Once you donate, you can get an invitation by join our Telegram group for sponsors from @yet_another_sponsor_bot or sending us your Apple ID via email.</p>"},{"location":"clients/apple/#download-macos-standalone-version","title":"Download (macOS standalone version)","text":"<ul> <li>Homebrew Cask</li> </ul> <pre><code>brew install sfm\n</code></pre> <ul> <li>GitHub Releases</li> </ul>"},{"location":"clients/apple/#source-code","title":"Source code","text":"<ul> <li>GitHub</li> </ul>"},{"location":"clients/apple/features/","title":"Features","text":""},{"location":"clients/apple/features/#ui-options","title":"UI options","text":"<ul> <li>Always On</li> <li>Include All Networks (Proxy traffic for LAN and cellular services)</li> <li>(Apple tvOS) Import profile from iPhone/iPad</li> </ul>"},{"location":"clients/apple/features/#service","title":"Service","text":"<p>SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application Extension or System Extension.</p>"},{"location":"clients/apple/features/#tun","title":"TUN","text":"<p>SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension.</p> TUN inbound option Available Note <code>interface_name</code> \ufe0f Managed by Darwin <code>inet4_address</code> / <code>inet6_address</code> / <code>mtu</code> / <code>gso</code> Not implemented <code>auto_route</code> / <code>strict_route</code> \ufe0f Not implemented <code>inet4_route_address</code> / <code>inet6_route_address</code> / <code>inet4_route_exclude_address</code> / <code>inet6_route_exclude_address</code> / <code>endpoint_independent_nat</code> / <code>stack</code> / <code>include_interface</code> \ufe0f Not implemented <code>exclude_interface</code> \ufe0f Not implemented <code>include_uid</code> \ufe0f Not implemented <code>exclude_uid</code> \ufe0f Not implemented <code>include_android_user</code> \ufe0f Not implemented <code>include_package</code> \ufe0f Not implemented <code>exclude_package</code> \ufe0f Not implemented <code>platform</code> / Route/DNS rule option Available Note <code>process_name</code> No permission <code>process_path</code> No permission <code>process_path_regex</code> No permission <code>package_name</code> / <code>user</code> No permission <code>user_id</code> No permission <code>wifi_ssid</code> Only supported on iOS <code>wifi_bssid</code> Only supported on iOS"},{"location":"clients/apple/features/#chore","title":"Chore","text":"<ul> <li>Crash logs is located in <code>Settings</code> -&gt; <code>View Service Log</code></li> </ul>"},{"location":"configuration/","title":"Introduction","text":"<p>sing-box uses JSON for configuration files.</p>"},{"location":"configuration/#structure","title":"Structure","text":"<pre><code>{\n \"log\": {},\n \"dns\": {},\n \"ntp\": {},\n \"endpoints\": [],\n \"inbounds\": [],\n \"outbounds\": [],\n \"route\": {},\n \"experimental\": {}\n}\n</code></pre>"},{"location":"configuration/#fields","title":"Fields","text":"Key Format <code>log</code> Log <code>dns</code> DNS <code>ntp</code> NTP <code>endpoints</code> Endpoint <code>inbounds</code> Inbound <code>outbounds</code> Outbound <code>route</code> Route <code>experimental</code> Experimental"},{"location":"configuration/#check","title":"Check","text":"<pre><code>sing-box check\n</code></pre>"},{"location":"configuration/#format","title":"Format","text":"<pre><code>sing-box format -w -c config.json -D config_directory\n</code></pre>"},{"location":"configuration/#merge","title":"Merge","text":"<pre><code>sing-box merge output.json -c config.json -D config_directory\n</code></pre>"},{"location":"configuration/dns/","title":"Index","text":"<p>Changes in sing-box 1.11.0</p> <p> cache_capacity</p>"},{"location":"configuration/dns/#dns","title":"DNS","text":""},{"location":"configuration/dns/#structure","title":"Structure","text":"<pre><code>{\n \"dns\": {\n \"servers\": [],\n \"rules\": [],\n \"final\": \"\",\n \"strategy\": \"\",\n \"disable_cache\": false,\n \"disable_expire\": false,\n \"independent_cache\": false,\n \"cache_capacity\": 0,\n \"reverse_mapping\": false,\n \"client_subnet\": \"\",\n \"fakeip\": {}\n }\n}\n</code></pre>"},{"location":"configuration/dns/#fields","title":"Fields","text":"Key Format <code>server</code> List of DNS Server <code>rules</code> List of DNS Rule <code>fakeip</code> FakeIP"},{"location":"configuration/dns/#final","title":"final","text":"<p>Default dns server tag.</p> <p>The first server will be used if empty.</p>"},{"location":"configuration/dns/#strategy","title":"strategy","text":"<p>Default domain strategy for resolving the domain names.</p> <p>One of <code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>.</p> <p>Take no effect if <code>server.strategy</code> is set.</p>"},{"location":"configuration/dns/#disable_cache","title":"disable_cache","text":"<p>Disable dns cache.</p>"},{"location":"configuration/dns/#disable_expire","title":"disable_expire","text":"<p>Disable dns cache expire.</p>"},{"location":"configuration/dns/#independent_cache","title":"independent_cache","text":"<p>Make each DNS server's cache independent for special purposes. If enabled, will slightly degrade performance.</p>"},{"location":"configuration/dns/#cache_capacity","title":"cache_capacity","text":"<p>Since sing-box 1.11.0</p> <p>LRU cache capacity.</p> <p>Value less than 1024 will be ignored.</p>"},{"location":"configuration/dns/#reverse_mapping","title":"reverse_mapping","text":"<p>Stores a reverse mapping of IP addresses after responding to a DNS query in order to provide domain names when routing.</p> <p>Since this process relies on the act of resolving domain names by an application before making a request, it can be problematic in environments such as macOS, where DNS is proxied and cached by the system.</p>"},{"location":"configuration/dns/#client_subnet","title":"client_subnet","text":"<p>Since sing-box 1.9.0</p> <p>Append a <code>edns0-subnet</code> OPT extra record with the specified IP prefix to every query by default.</p> <p>If value is an IP address instead of prefix, <code>/32</code> or <code>/128</code> will be appended automatically.</p> <p>Can be overrides by <code>servers.[].client_subnet</code> or <code>rules.[].client_subnet</code>.</p>"},{"location":"configuration/dns/fakeip/","title":"FakeIP","text":""},{"location":"configuration/dns/fakeip/#structure","title":"Structure","text":"<pre><code>{\n \"enabled\": true,\n \"inet4_range\": \"198.18.0.0/15\",\n \"inet6_range\": \"fc00::/18\"\n}\n</code></pre>"},{"location":"configuration/dns/fakeip/#fields","title":"Fields","text":""},{"location":"configuration/dns/fakeip/#enabled","title":"enabled","text":"<p>Enable FakeIP service.</p>"},{"location":"configuration/dns/fakeip/#inet4_range","title":"inet4_range","text":"<p>IPv4 address range for FakeIP.</p>"},{"location":"configuration/dns/fakeip/#inet6_address","title":"inet6_address","text":"<p>IPv6 address range for FakeIP.</p>"},{"location":"configuration/dns/rule/","title":"DNS Rule","text":"<p>Changes in sing-box 1.11.0</p> <p> action server disable_cache rewrite_ttl client_subnet network_type network_is_expensive network_is_constrained</p> <p>Changes in sing-box 1.10.0</p> <p> rule_set_ipcidr_match_source rule_set_ip_cidr_match_source rule_set_ip_cidr_accept_empty process_path_regex</p> <p>Changes in sing-box 1.9.0</p> <p> geoip ip_cidr ip_is_private client_subnet rule_set_ipcidr_match_source</p> <p>Changes in sing-box 1.8.0</p> <p> rule_set source_ip_is_private geoip geosite</p>"},{"location":"configuration/dns/rule/#structure","title":"Structure","text":"<pre><code>{\n \"dns\": {\n \"rules\": [\n {\n \"inbound\": [\n \"mixed-in\"\n ],\n \"ip_version\": 6,\n \"query_type\": [\n \"A\",\n \"HTTPS\",\n 32768\n ],\n \"network\": \"tcp\",\n \"auth_user\": [\n \"usera\",\n \"userb\"\n ],\n \"protocol\": [\n \"tls\",\n \"http\",\n \"quic\"\n ],\n \"domain\": [\n \"test.com\"\n ],\n \"domain_suffix\": [\n \".cn\"\n ],\n \"domain_keyword\": [\n \"test\"\n ],\n \"domain_regex\": [\n \"^stun\\\\..+\"\n ],\n \"geosite\": [\n \"cn\"\n ],\n \"source_geoip\": [\n \"private\"\n ],\n \"geoip\": [\n \"cn\"\n ],\n \"source_ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"source_ip_is_private\": false,\n \"ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"ip_is_private\": false,\n \"source_port\": [\n 12345\n ],\n \"source_port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"port\": [\n 80,\n 443\n ],\n \"port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"process_name\": [\n \"curl\"\n ],\n \"process_path\": [\n \"/usr/bin/curl\"\n ],\n \"process_path_regex\": [\n \"^/usr/bin/.+\"\n ],\n \"package_name\": [\n \"com.termux\"\n ],\n \"user\": [\n \"sekai\"\n ],\n \"user_id\": [\n 1000\n ],\n \"clash_mode\": \"direct\",\n \"network_type\": [\n \"wifi\"\n ],\n \"network_is_expensive\": false,\n \"network_is_constrained\": false,\n \"wifi_ssid\": [\n \"My WIFI\"\n ],\n \"wifi_bssid\": [\n \"00:00:00:00:00:00\"\n ],\n \"rule_set\": [\n \"geoip-cn\",\n \"geosite-cn\"\n ],\n // deprecated\n \"rule_set_ipcidr_match_source\": false,\n \"rule_set_ip_cidr_match_source\": false,\n \"rule_set_ip_cidr_accept_empty\": false,\n \"invert\": false,\n \"outbound\": [\n \"direct\"\n ],\n \"action\": \"route\",\n \"server\": \"local\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [],\n \"action\": \"route\",\n \"server\": \"local\"\n }\n ]\n }\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/dns/rule/#default-fields","title":"Default Fields","text":"<p>The default rule uses the following matching logic: (<code>domain</code> || <code>domain_suffix</code> || <code>domain_keyword</code> || <code>domain_regex</code> || <code>geosite</code>) &amp;&amp; (<code>port</code> || <code>port_range</code>) &amp;&amp; (<code>source_geoip</code> || <code>source_ip_cidr</code> \uff5c\uff5c <code>source_ip_is_private</code>) &amp;&amp; (<code>source_port</code> || <code>source_port_range</code>) &amp;&amp; <code>other fields</code></p> <p>Additionally, included rule-sets can be considered merged rather than as a single rule sub-item.</p>"},{"location":"configuration/dns/rule/#inbound","title":"inbound","text":"<p>Tags of Inbound.</p>"},{"location":"configuration/dns/rule/#ip_version","title":"ip_version","text":"<p>4 (A DNS query) or 6 (AAAA DNS query).</p> <p>Not limited if empty.</p>"},{"location":"configuration/dns/rule/#query_type","title":"query_type","text":"<p>DNS query type. Values can be integers or type name strings.</p>"},{"location":"configuration/dns/rule/#network","title":"network","text":"<p><code>tcp</code> or <code>udp</code>.</p>"},{"location":"configuration/dns/rule/#auth_user","title":"auth_user","text":"<p>Username, see each inbound for details.</p>"},{"location":"configuration/dns/rule/#protocol","title":"protocol","text":"<p>Sniffed protocol, see Sniff for details.</p>"},{"location":"configuration/dns/rule/#domain","title":"domain","text":"<p>Match full domain.</p>"},{"location":"configuration/dns/rule/#domain_suffix","title":"domain_suffix","text":"<p>Match domain suffix.</p>"},{"location":"configuration/dns/rule/#domain_keyword","title":"domain_keyword","text":"<p>Match domain using keyword.</p>"},{"location":"configuration/dns/rule/#domain_regex","title":"domain_regex","text":"<p>Match domain using regular expression.</p>"},{"location":"configuration/dns/rule/#geosite","title":"geosite","text":"<p>Deprecated in sing-box 1.8.0</p> <p>Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.</p> <p>Match geosite.</p>"},{"location":"configuration/dns/rule/#source_geoip","title":"source_geoip","text":"<p>Deprecated in sing-box 1.8.0</p> <p>GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.</p> <p>Match source geoip.</p>"},{"location":"configuration/dns/rule/#source_ip_cidr","title":"source_ip_cidr","text":"<p>Match source IP CIDR.</p>"},{"location":"configuration/dns/rule/#source_ip_is_private","title":"source_ip_is_private","text":"<p>Since sing-box 1.8.0</p> <p>Match non-public source IP.</p>"},{"location":"configuration/dns/rule/#source_port","title":"source_port","text":"<p>Match source port.</p>"},{"location":"configuration/dns/rule/#source_port_range","title":"source_port_range","text":"<p>Match source port range.</p>"},{"location":"configuration/dns/rule/#port","title":"port","text":"<p>Match port.</p>"},{"location":"configuration/dns/rule/#port_range","title":"port_range","text":"<p>Match port range.</p>"},{"location":"configuration/dns/rule/#process_name","title":"process_name","text":"<p>Only supported on Linux, Windows, and macOS.</p> <p>Match process name.</p>"},{"location":"configuration/dns/rule/#process_path","title":"process_path","text":"<p>Only supported on Linux, Windows, and macOS.</p> <p>Match process path.</p>"},{"location":"configuration/dns/rule/#process_path_regex","title":"process_path_regex","text":"<p>Since sing-box 1.10.0</p> <p>Only supported on Linux, Windows, and macOS.</p> <p>Match process path using regular expression.</p>"},{"location":"configuration/dns/rule/#package_name","title":"package_name","text":"<p>Match android package name.</p>"},{"location":"configuration/dns/rule/#user","title":"user","text":"<p>Only supported on Linux.</p> <p>Match user name.</p>"},{"location":"configuration/dns/rule/#user_id","title":"user_id","text":"<p>Only supported on Linux.</p> <p>Match user id.</p>"},{"location":"configuration/dns/rule/#clash_mode","title":"clash_mode","text":"<p>Match Clash mode.</p>"},{"location":"configuration/dns/rule/#network_type","title":"network_type","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match network type.</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code> and <code>other</code>.</p>"},{"location":"configuration/dns/rule/#network_is_expensive","title":"network_is_expensive","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).</p>"},{"location":"configuration/dns/rule/#network_is_constrained","title":"network_is_constrained","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Apple platforms.</p> <p>Match if network is in Low Data Mode.</p>"},{"location":"configuration/dns/rule/#wifi_ssid","title":"wifi_ssid","text":"<p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match WiFi SSID.</p>"},{"location":"configuration/dns/rule/#wifi_bssid","title":"wifi_bssid","text":"<p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match WiFi BSSID.</p>"},{"location":"configuration/dns/rule/#rule_set","title":"rule_set","text":"<p>Since sing-box 1.8.0</p> <p>Match rule-set.</p>"},{"location":"configuration/dns/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"<p>Since sing-box 1.9.0</p> <p>Deprecated in sing-box 1.10.0</p> <p><code>rule_set_ipcidr_match_source</code> is renamed to <code>rule_set_ip_cidr_match_source</code> and will be remove in sing-box 1.11.0.</p> <p>Make <code>ip_cidr</code> rule items in rule-sets match the source IP.</p>"},{"location":"configuration/dns/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"<p>Since sing-box 1.10.0</p> <p>Make <code>ip_cidr</code> rule items in rule-sets match the source IP.</p>"},{"location":"configuration/dns/rule/#invert","title":"invert","text":"<p>Invert match result.</p>"},{"location":"configuration/dns/rule/#outbound","title":"outbound","text":"<p>Match outbound.</p> <p><code>any</code> can be used as a value to match any outbound.</p>"},{"location":"configuration/dns/rule/#action","title":"action","text":"<p>Required</p> <p>See DNS Rule Actions for details.</p>"},{"location":"configuration/dns/rule/#server","title":"server","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Moved to DNS Rule Action.</p>"},{"location":"configuration/dns/rule/#disable_cache","title":"disable_cache","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Moved to DNS Rule Action.</p>"},{"location":"configuration/dns/rule/#rewrite_ttl","title":"rewrite_ttl","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Moved to DNS Rule Action.</p>"},{"location":"configuration/dns/rule/#client_subnet","title":"client_subnet","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Moved to DNS Rule Action.</p>"},{"location":"configuration/dns/rule/#address-filter-fields","title":"Address Filter Fields","text":"<p>Only takes effect for address requests (A/AAAA/HTTPS). When the query results do not match the address filtering rule items, the current rule will be skipped.</p> <p><code>ip_cidr</code> items in included rule-sets also takes effect as an address filtering field.</p> <p>Enable <code>experimental.cache_file.store_rdrc</code> to cache results.</p>"},{"location":"configuration/dns/rule/#geoip","title":"geoip","text":"<p>Since sing-box 1.9.0</p> <p>Match GeoIP with query response.</p>"},{"location":"configuration/dns/rule/#ip_cidr","title":"ip_cidr","text":"<p>Since sing-box 1.9.0</p> <p>Match IP CIDR with query response.</p>"},{"location":"configuration/dns/rule/#ip_is_private","title":"ip_is_private","text":"<p>Since sing-box 1.9.0</p> <p>Match private IP with query response.</p>"},{"location":"configuration/dns/rule/#rule_set_ip_cidr_accept_empty","title":"rule_set_ip_cidr_accept_empty","text":"<p>Since sing-box 1.10.0</p> <p>Make <code>ip_cidr</code> rules in rule-sets accept empty query response.</p>"},{"location":"configuration/dns/rule/#logical-fields","title":"Logical Fields","text":""},{"location":"configuration/dns/rule/#type","title":"type","text":"<p><code>logical</code></p>"},{"location":"configuration/dns/rule/#mode","title":"mode","text":"<p><code>and</code> or <code>or</code></p>"},{"location":"configuration/dns/rule/#rules","title":"rules","text":"<p>Included rules.</p>"},{"location":"configuration/dns/rule_action/","title":"DNS Rule Action","text":"<p>Since sing-box 1.11.0</p>"},{"location":"configuration/dns/rule_action/#route","title":"route","text":"<pre><code>{\n \"action\": \"route\", // default\n \"server\": \"\",\n \"disable_cache\": false,\n \"rewrite_ttl\": 0,\n \"client_subnet\": null\n}\n</code></pre> <p><code>route</code> inherits the classic rule behavior of routing DNS requests to the specified server.</p>"},{"location":"configuration/dns/rule_action/#server","title":"server","text":"<p>Required</p> <p>Tag of target server.</p>"},{"location":"configuration/dns/rule_action/#disable_cache","title":"disable_cache","text":"<p>Disable cache and save cache in this query.</p>"},{"location":"configuration/dns/rule_action/#rewrite_ttl","title":"rewrite_ttl","text":"<p>Rewrite TTL in DNS responses.</p>"},{"location":"configuration/dns/rule_action/#client_subnet","title":"client_subnet","text":"<p>Append a <code>edns0-subnet</code> OPT extra record with the specified IP prefix to every query by default.</p> <p>If value is an IP address instead of prefix, <code>/32</code> or <code>/128</code> will be appended automatically.</p> <p>Will overrides <code>dns.client_subnet</code> and <code>servers.[].client_subnet</code>.</p>"},{"location":"configuration/dns/rule_action/#route-options","title":"route-options","text":"<pre><code>{\n \"action\": \"route-options\",\n \"disable_cache\": false,\n \"rewrite_ttl\": null,\n \"client_subnet\": null\n}\n</code></pre> <p><code>route-options</code> set options for routing.</p>"},{"location":"configuration/dns/rule_action/#reject","title":"reject","text":"<pre><code>{\n \"action\": \"reject\",\n \"method\": \"default\", // default\n \"no_drop\": false\n}\n</code></pre> <p><code>reject</code> reject DNS requests.</p>"},{"location":"configuration/dns/rule_action/#method","title":"method","text":"<ul> <li><code>default</code>: Reply with NXDOMAIN.</li> <li><code>drop</code>: Drop the request.</li> </ul>"},{"location":"configuration/dns/rule_action/#no_drop","title":"no_drop","text":"<p>If not enabled, <code>method</code> will be temporarily overwritten to <code>drop</code> after 50 triggers in 30s.</p> <p>Not available when <code>method</code> is set to drop.</p>"},{"location":"configuration/dns/server/","title":"DNS Server","text":"<p>Changes in sing-box 1.9.0</p> <p> client_subnet</p>"},{"location":"configuration/dns/server/#structure","title":"Structure","text":"<pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"\",\n \"address\": \"\",\n \"address_resolver\": \"\",\n \"address_strategy\": \"\",\n \"strategy\": \"\",\n \"detour\": \"\",\n \"client_subnet\": \"\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"configuration/dns/server/#fields","title":"Fields","text":""},{"location":"configuration/dns/server/#tag","title":"tag","text":"<p>The tag of the dns server.</p>"},{"location":"configuration/dns/server/#address","title":"address","text":"<p>Required</p> <p>The address of the dns server.</p> Protocol Format <code>System</code> <code>local</code> <code>TCP</code> <code>tcp://1.0.0.1</code> <code>UDP</code> <code>8.8.8.8</code> <code>udp://8.8.4.4</code> <code>TLS</code> <code>tls://dns.google</code> <code>HTTPS</code> <code>https://1.1.1.1/dns-query</code> <code>QUIC</code> <code>quic://dns.adguard.com</code> <code>HTTP3</code> <code>h3://8.8.8.8/dns-query</code> <code>RCode</code> <code>rcode://refused</code> <code>DHCP</code> <code>dhcp://auto</code> or <code>dhcp://en0</code> FakeIP <code>fakeip</code> <p>To ensure that Android system DNS is in effect, rather than Go's built-in default resolver, enable CGO at compile time.</p> <p>the RCode transport is often used to block queries. Use with rules and the <code>disable_cache</code> rule option.</p> RCode Description <code>success</code> <code>No error</code> <code>format_error</code> <code>Format error</code> <code>server_failure</code> <code>Server failure</code> <code>name_error</code> <code>Non-existent domain</code> <code>not_implemented</code> <code>Not implemented</code> <code>refused</code> <code>Query refused</code>"},{"location":"configuration/dns/server/#address_resolver","title":"address_resolver","text":"<p>Required if address contains domain</p> <p>Tag of a another server to resolve the domain name in the address.</p>"},{"location":"configuration/dns/server/#address_strategy","title":"address_strategy","text":"<p>The domain strategy for resolving the domain name in the address.</p> <p>One of <code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>.</p> <p><code>dns.strategy</code> will be used if empty.</p>"},{"location":"configuration/dns/server/#strategy","title":"strategy","text":"<p>Default domain strategy for resolving the domain names.</p> <p>One of <code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>.</p> <p>Take no effect if overridden by other settings.</p>"},{"location":"configuration/dns/server/#detour","title":"detour","text":"<p>Tag of an outbound for connecting to the dns server.</p> <p>Default outbound will be used if empty.</p>"},{"location":"configuration/dns/server/#client_subnet","title":"client_subnet","text":"<p>Since sing-box 1.9.0</p> <p>Append a <code>edns0-subnet</code> OPT extra record with the specified IP prefix to every query by default.</p> <p>If value is an IP address instead of prefix, <code>/32</code> or <code>/128</code> will be appended automatically.</p> <p>Can be overrides by <code>rules.[].client_subnet</code>.</p> <p>Will overrides <code>dns.client_subnet</code>.</p>"},{"location":"configuration/endpoint/","title":"Index","text":"<p>Since sing-box 1.11.0</p>"},{"location":"configuration/endpoint/#endpoint","title":"Endpoint","text":"<p>Endpoint is protocols that has both inbound and outbound behavior.</p>"},{"location":"configuration/endpoint/#structure","title":"Structure","text":"<pre><code>{\n \"endpoints\": [\n {\n \"type\": \"\",\n \"tag\": \"\"\n }\n ]\n}\n</code></pre>"},{"location":"configuration/endpoint/#fields","title":"Fields","text":"Type Format <code>wireguard</code> WireGuard"},{"location":"configuration/endpoint/#tag","title":"tag","text":"<p>The tag of the endpoint.</p>"},{"location":"configuration/endpoint/wireguard/","title":"WireGuard","text":"<p>Since sing-box 1.11.0</p>"},{"location":"configuration/endpoint/wireguard/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"wireguard\",\n \"tag\": \"wg-ep\",\n\n \"system\": false,\n \"name\": \"\",\n \"mtu\": 1408,\n \"address\": [],\n \"private_key\": \"\",\n \"listen_port\": 10000,\n \"peers\": [\n {\n \"address\": \"127.0.0.1\",\n \"port\": 10001,\n \"public_key\": \"\",\n \"pre_shared_key\": \"\",\n \"allowed_ips\": [],\n \"persistent_keepalive_interval\": 0,\n \"reserved\": [0, 0, 0]\n }\n ],\n \"udp_timeout\": \"\",\n \"workers\": 0,\n\n ... // Dial Fields\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/endpoint/wireguard/#fields","title":"Fields","text":""},{"location":"configuration/endpoint/wireguard/#system","title":"system","text":"<p>Use system interface.</p> <p>Requires privilege and cannot conflict with exists system interfaces.</p>"},{"location":"configuration/endpoint/wireguard/#name","title":"name","text":"<p>Custom interface name for system interface.</p>"},{"location":"configuration/endpoint/wireguard/#mtu","title":"mtu","text":"<p>WireGuard MTU.</p> <p><code>1408</code> will be used by default.</p>"},{"location":"configuration/endpoint/wireguard/#address","title":"address","text":"<p>Required</p> <p>List of IP (v4 or v6) address prefixes to be assigned to the interface.</p>"},{"location":"configuration/endpoint/wireguard/#private_key","title":"private_key","text":"<p>Required</p> <p>WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:</p> <pre><code>wg genkey\necho \"private key\" || wg pubkey\n</code></pre> <p>or <code>sing-box generate wg-keypair</code>.</p>"},{"location":"configuration/endpoint/wireguard/#peers","title":"peers","text":"<p>Required</p> <p>List of WireGuard peers.</p>"},{"location":"configuration/endpoint/wireguard/#peersaddress","title":"peers.address","text":"<p>WireGuard peer address.</p>"},{"location":"configuration/endpoint/wireguard/#peersport","title":"peers.port","text":"<p>WireGuard peer port.</p>"},{"location":"configuration/endpoint/wireguard/#peerspublic_key","title":"peers.public_key","text":"<p>Required</p> <p>WireGuard peer public key.</p>"},{"location":"configuration/endpoint/wireguard/#peerspre_shared_key","title":"peers.pre_shared_key","text":"<p>WireGuard peer pre-shared key.</p>"},{"location":"configuration/endpoint/wireguard/#peersallowed_ips","title":"peers.allowed_ips","text":"<p>Required</p> <p>WireGuard allowed IPs.</p>"},{"location":"configuration/endpoint/wireguard/#peerspersistent_keepalive_interval","title":"peers.persistent_keepalive_interval","text":"<p>WireGuard persistent keepalive interval, in seconds.</p> <p>Disabled by default.</p>"},{"location":"configuration/endpoint/wireguard/#peersreserved","title":"peers.reserved","text":"<p>WireGuard reserved field bytes.</p>"},{"location":"configuration/endpoint/wireguard/#udp_timeout","title":"udp_timeout","text":"<p>UDP NAT expiration time.</p> <p><code>5m</code> will be used by default.</p>"},{"location":"configuration/endpoint/wireguard/#workers","title":"workers","text":"<p>WireGuard worker count.</p> <p>CPU count is used by default.</p>"},{"location":"configuration/endpoint/wireguard/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/experimental/","title":"Experimental","text":"<p>Changes in sing-box 1.8.0</p> <p> cache_file clash_api</p>"},{"location":"configuration/experimental/#structure","title":"Structure","text":"<pre><code>{\n \"experimental\": {\n \"cache_file\": {},\n \"clash_api\": {},\n \"v2ray_api\": {}\n }\n}\n</code></pre>"},{"location":"configuration/experimental/#fields","title":"Fields","text":"Key Format <code>cache_file</code> Cache File <code>clash_api</code> Clash API <code>v2ray_api</code> V2Ray API"},{"location":"configuration/experimental/cache-file/","title":"Cache File","text":"<p>Since sing-box 1.8.0</p> <p>Changes in sing-box 1.9.0</p> <p> store_rdrc rdrc_timeout </p>"},{"location":"configuration/experimental/cache-file/#structure","title":"Structure","text":"<pre><code>{\n \"enabled\": true,\n \"path\": \"\",\n \"cache_id\": \"\",\n \"store_fakeip\": false,\n \"store_rdrc\": false,\n \"rdrc_timeout\": \"\"\n}\n</code></pre>"},{"location":"configuration/experimental/cache-file/#fields","title":"Fields","text":""},{"location":"configuration/experimental/cache-file/#enabled","title":"enabled","text":"<p>Enable cache file.</p>"},{"location":"configuration/experimental/cache-file/#path","title":"path","text":"<p>Path to the cache file.</p> <p><code>cache.db</code> will be used if empty.</p>"},{"location":"configuration/experimental/cache-file/#cache_id","title":"cache_id","text":"<p>Identifier in the cache file</p> <p>If not empty, configuration specified data will use a separate store keyed by it.</p>"},{"location":"configuration/experimental/cache-file/#store_fakeip","title":"store_fakeip","text":"<p>Store fakeip in the cache file</p>"},{"location":"configuration/experimental/cache-file/#store_rdrc","title":"store_rdrc","text":"<p>Store rejected DNS response cache in the cache file</p> <p>The check results of Address filter DNS rule items will be cached until expiration.</p>"},{"location":"configuration/experimental/cache-file/#rdrc_timeout","title":"rdrc_timeout","text":"<p>Timeout of rejected DNS response cache.</p> <p><code>7d</code> is used by default.</p>"},{"location":"configuration/experimental/clash-api/","title":"Clash API","text":"<p>Changes in sing-box 1.10.0</p> <p> access_control_allow_origin access_control_allow_private_network</p> <p>Changes in sing-box 1.8.0</p> <p> store_mode store_selected store_fakeip cache_file cache_id</p>"},{"location":"configuration/experimental/clash-api/#structure","title":"Structure","text":"StructureExample (online)Example (download) <pre><code>{\n \"external_controller\": \"127.0.0.1:9090\",\n \"external_ui\": \"\",\n \"external_ui_download_url\": \"\",\n \"external_ui_download_detour\": \"\",\n \"secret\": \"\",\n \"default_mode\": \"\",\n \"access_control_allow_origin\": [],\n \"access_control_allow_private_network\": false,\n\n // Deprecated\n\n \"store_mode\": false,\n \"store_selected\": false,\n \"store_fakeip\": false,\n \"cache_file\": \"\",\n \"cache_id\": \"\"\n}\n</code></pre> <p>Since sing-box 1.10.0</p> <pre><code>{\n \"external_controller\": \"127.0.0.1:9090\",\n \"access_control_allow_origin\": [\n \"http://127.0.0.1\",\n \"http://yacd.haishan.me\"\n ],\n \"access_control_allow_private_network\": true\n}\n</code></pre> <p>Since sing-box 1.10.0</p> <pre><code>{\n \"external_controller\": \"0.0.0.0:9090\",\n \"external_ui\": \"dashboard\"\n // external_ui_download_detour: \"direct\"\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/experimental/clash-api/#fields","title":"Fields","text":""},{"location":"configuration/experimental/clash-api/#external_controller","title":"external_controller","text":"<p>RESTful web API listening address. Clash API will be disabled if empty.</p>"},{"location":"configuration/experimental/clash-api/#external_ui","title":"external_ui","text":"<p>A relative path to the configuration directory or an absolute path to a directory in which you put some static web resource. sing-box will then serve it at <code>http://{{external-controller}}/ui</code>.</p>"},{"location":"configuration/experimental/clash-api/#external_ui_download_url","title":"external_ui_download_url","text":"<p>ZIP download URL for the external UI, will be used if the specified <code>external_ui</code> directory is empty.</p> <p><code>https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip</code> will be used if empty.</p>"},{"location":"configuration/experimental/clash-api/#external_ui_download_detour","title":"external_ui_download_detour","text":"<p>The tag of the outbound to download the external UI.</p> <p>Default outbound will be used if empty.</p>"},{"location":"configuration/experimental/clash-api/#secret","title":"secret","text":"<p>Secret for the RESTful API (optional) Authenticate by spedifying HTTP header <code>Authorization: Bearer ${secret}</code> ALWAYS set a secret if RESTful API is listening on 0.0.0.0</p>"},{"location":"configuration/experimental/clash-api/#default_mode","title":"default_mode","text":"<p>Default mode in clash, <code>Rule</code> will be used if empty.</p> <p>This setting has no direct effect, but can be used in routing and DNS rules via the <code>clash_mode</code> rule item.</p>"},{"location":"configuration/experimental/clash-api/#access_control_allow_origin","title":"access_control_allow_origin","text":"<p>Since sing-box 1.10.0</p> <p>CORS allowed origins, <code>*</code> will be used if empty.</p> <p>To access the Clash API on a private network from a public website, you must explicitly specify it in <code>access_control_allow_origin</code> instead of using <code>*</code>.</p>"},{"location":"configuration/experimental/clash-api/#access_control_allow_private_network","title":"access_control_allow_private_network","text":"<p>Since sing-box 1.10.0</p> <p>Allow access from private network.</p> <p>To access the Clash API on a private network from a public website, <code>access_control_allow_private_network</code> must be enabled.</p>"},{"location":"configuration/experimental/clash-api/#store_mode","title":"store_mode","text":"<p>Deprecated in sing-box 1.8.0</p> <p><code>store_mode</code> is deprecated in Clash API and enabled by default if <code>cache_file.enabled</code>.</p> <p>Store Clash mode in cache file.</p>"},{"location":"configuration/experimental/clash-api/#store_selected","title":"store_selected","text":"<p>Deprecated in sing-box 1.8.0</p> <p><code>store_selected</code> is deprecated in Clash API and enabled by default if <code>cache_file.enabled</code>.</p> <p>The tag must be set for target outbounds.</p> <p>Store selected outbound for the <code>Selector</code> outbound in cache file.</p>"},{"location":"configuration/experimental/clash-api/#store_fakeip","title":"store_fakeip","text":"<p>Deprecated in sing-box 1.8.0</p> <p><code>store_selected</code> is deprecated in Clash API and migrated to <code>cache_file.store_fakeip</code>.</p> <p>Store fakeip in cache file.</p>"},{"location":"configuration/experimental/clash-api/#cache_file","title":"cache_file","text":"<p>Deprecated in sing-box 1.8.0</p> <p><code>cache_file</code> is deprecated in Clash API and migrated to <code>cache_file.enabled</code> and <code>cache_file.path</code>.</p> <p>Cache file path, <code>cache.db</code> will be used if empty.</p>"},{"location":"configuration/experimental/clash-api/#cache_id","title":"cache_id","text":"<p>Deprecated in sing-box 1.8.0</p> <p><code>cache_id</code> is deprecated in Clash API and migrated to <code>cache_file.cache_id</code>.</p> <p>Identifier in cache file.</p> <p>If not empty, configuration specified data will use a separate store keyed by it.</p>"},{"location":"configuration/experimental/v2ray-api/","title":"V2Ray API","text":"<p>V2Ray API is not included by default, see Installation.</p>"},{"location":"configuration/experimental/v2ray-api/#structure","title":"Structure","text":"<pre><code>{\n \"listen\": \"127.0.0.1:8080\",\n \"stats\": {\n \"enabled\": true,\n \"inbounds\": [\n \"socks-in\"\n ],\n \"outbounds\": [\n \"proxy\",\n \"direct\"\n ],\n \"users\": [\n \"sekai\"\n ]\n }\n}\n</code></pre>"},{"location":"configuration/experimental/v2ray-api/#fields","title":"Fields","text":""},{"location":"configuration/experimental/v2ray-api/#listen","title":"listen","text":"<p>gRPC API listening address. V2Ray API will be disabled if empty.</p>"},{"location":"configuration/experimental/v2ray-api/#stats","title":"stats","text":"<p>Traffic statistics service settings.</p>"},{"location":"configuration/experimental/v2ray-api/#statsenabled","title":"stats.enabled","text":"<p>Enable statistics service.</p>"},{"location":"configuration/experimental/v2ray-api/#statsinbounds","title":"stats.inbounds","text":"<p>Inbound list to count traffic.</p>"},{"location":"configuration/experimental/v2ray-api/#statsoutbounds","title":"stats.outbounds","text":"<p>Outbound list to count traffic.</p>"},{"location":"configuration/experimental/v2ray-api/#statsusers","title":"stats.users","text":"<p>User list to count traffic.</p>"},{"location":"configuration/inbound/","title":"Inbound","text":""},{"location":"configuration/inbound/#structure","title":"Structure","text":"<pre><code>{\n \"inbounds\": [\n {\n \"type\": \"\",\n \"tag\": \"\"\n }\n ]\n}\n</code></pre>"},{"location":"configuration/inbound/#fields","title":"Fields","text":"Type Format Injectable <code>direct</code> Direct <code>mixed</code> Mixed TCP <code>socks</code> SOCKS TCP <code>http</code> HTTP TCP <code>shadowsocks</code> Shadowsocks TCP <code>vmess</code> VMess TCP <code>trojan</code> Trojan TCP <code>naive</code> Naive <code>hysteria</code> Hysteria <code>shadowtls</code> ShadowTLS TCP <code>tuic</code> TUIC <code>hysteria2</code> Hysteria2 <code>vless</code> VLESS TCP <code>tun</code> Tun <code>redirect</code> Redirect <code>tproxy</code> TProxy"},{"location":"configuration/inbound/#tag","title":"tag","text":"<p>The tag of the inbound.</p>"},{"location":"configuration/inbound/direct/","title":"Direct","text":"<p><code>direct</code> inbound is a tunnel server.</p>"},{"location":"configuration/inbound/direct/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"direct\",\n \"tag\": \"direct-in\",\n\n ... // Listen Fields\n\n \"network\": \"udp\",\n \"override_address\": \"1.0.0.1\",\n \"override_port\": 53\n}\n</code></pre>"},{"location":"configuration/inbound/direct/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/direct/#fields","title":"Fields","text":""},{"location":"configuration/inbound/direct/#network","title":"network","text":"<p>Listen network, one of <code>tcp</code> <code>udp</code>.</p> <p>Both if empty.</p>"},{"location":"configuration/inbound/direct/#override_address","title":"override_address","text":"<p>Override the connection destination address.</p>"},{"location":"configuration/inbound/direct/#override_port","title":"override_port","text":"<p>Override the connection destination port.</p>"},{"location":"configuration/inbound/http/","title":"HTTP","text":""},{"location":"configuration/inbound/http/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"http\",\n \"tag\": \"http-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"username\": \"admin\",\n \"password\": \"admin\"\n }\n ],\n \"tls\": {},\n \"set_system_proxy\": false\n}\n</code></pre>"},{"location":"configuration/inbound/http/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/http/#fields","title":"Fields","text":""},{"location":"configuration/inbound/http/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/http/#users","title":"users","text":"<p>HTTP users.</p> <p>No authentication required if empty.</p>"},{"location":"configuration/inbound/http/#set_system_proxy","title":"set_system_proxy","text":"<p>Only supported on Linux, Android, Windows, and macOS.</p> <p>To work on Android and Apple platforms without privileges, use tun.platform.http_proxy instead.</p> <p>Automatically set system proxy configuration when start and clean up when stop.</p>"},{"location":"configuration/inbound/hysteria/","title":"Hysteria","text":""},{"location":"configuration/inbound/hysteria/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"hysteria\",\n \"tag\": \"hysteria-in\",\n\n ... // Listen Fields\n\n \"up\": \"100 Mbps\",\n \"up_mbps\": 100,\n \"down\": \"100 Mbps\",\n \"down_mbps\": 100,\n \"obfs\": \"fuck me till the daylight\",\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"auth\": \"\",\n \"auth_str\": \"password\"\n }\n ],\n\n \"recv_window_conn\": 0,\n \"recv_window_client\": 0,\n \"max_conn_client\": 0,\n \"disable_mtu_discovery\": false,\n \"tls\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/hysteria/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/hysteria/#fields","title":"Fields","text":""},{"location":"configuration/inbound/hysteria/#up-down","title":"up, down","text":"<p>Required</p> <p>Format: <code>[Integer] [Unit]</code> e.g. <code>100 Mbps, 640 KBps, 2 Gbps</code></p> <p>Supported units (case sensitive, b = bits, B = bytes, 8b=1B):</p> <pre><code>bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n</code></pre>"},{"location":"configuration/inbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>Required</p> <p><code>up, down</code> in Mbps.</p>"},{"location":"configuration/inbound/hysteria/#obfs","title":"obfs","text":"<p>Obfuscated password.</p>"},{"location":"configuration/inbound/hysteria/#users","title":"users","text":"<p>Hysteria users</p>"},{"location":"configuration/inbound/hysteria/#usersauth","title":"users.auth","text":"<p>Authentication password, in base64.</p>"},{"location":"configuration/inbound/hysteria/#usersauth_str","title":"users.auth_str","text":"<p>Authentication password.</p>"},{"location":"configuration/inbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"<p>The QUIC stream-level flow control window for receiving data.</p> <p><code>15728640 (15 MB/s)</code> will be used if empty.</p>"},{"location":"configuration/inbound/hysteria/#recv_window_client","title":"recv_window_client","text":"<p>The QUIC connection-level flow control window for receiving data.</p> <p><code>67108864 (64 MB/s)</code> will be used if empty.</p>"},{"location":"configuration/inbound/hysteria/#max_conn_client","title":"max_conn_client","text":"<p>The maximum number of QUIC concurrent bidirectional streams that a peer is allowed to open.</p> <p><code>1024</code> will be used if empty.</p>"},{"location":"configuration/inbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"<p>Disables Path MTU Discovery (RFC 8899). Packets will then be at most 1252 (IPv4) / 1232 (IPv6) bytes in size.</p> <p>Force enabled on for systems other than Linux and Windows (according to upstream).</p>"},{"location":"configuration/inbound/hysteria/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/hysteria2/","title":"Hysteria2","text":""},{"location":"configuration/inbound/hysteria2/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"hysteria2\",\n \"tag\": \"hy2-in\",\n ...\n // Listen Fields\n\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"obfs\": {\n \"type\": \"salamander\",\n \"password\": \"cry_me_a_r1ver\"\n },\n \"users\": [\n {\n \"name\": \"tobyxdd\",\n \"password\": \"goofy_ahh_password\"\n }\n ],\n \"ignore_client_bandwidth\": false,\n \"tls\": {},\n \"masquerade\": \"\",\n \"brutal_debug\": false\n}\n</code></pre> <p>Difference from official Hysteria2</p> <p>The official program supports an authentication method called userpass, which essentially uses a combination of <code>&lt;username&gt;:&lt;password&gt;</code> as the actual password, while sing-box does not provide this alias. To use sing-box with the official program, you need to fill in that combination as the actual password.</p>"},{"location":"configuration/inbound/hysteria2/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/hysteria2/#fields","title":"Fields","text":""},{"location":"configuration/inbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>Max bandwidth, in Mbps.</p> <p>Not limited if empty.</p> <p>Conflict with <code>ignore_client_bandwidth</code>.</p>"},{"location":"configuration/inbound/hysteria2/#obfstype","title":"obfs.type","text":"<p>QUIC traffic obfuscator type, only available with <code>salamander</code>.</p> <p>Disabled if empty.</p>"},{"location":"configuration/inbound/hysteria2/#obfspassword","title":"obfs.password","text":"<p>QUIC traffic obfuscator password.</p>"},{"location":"configuration/inbound/hysteria2/#users","title":"users","text":"<p>Hysteria2 users</p>"},{"location":"configuration/inbound/hysteria2/#userspassword","title":"users.password","text":"<p>Authentication password</p>"},{"location":"configuration/inbound/hysteria2/#ignore_client_bandwidth","title":"ignore_client_bandwidth","text":"<p>Commands the client to use the BBR flow control algorithm instead of Hysteria CC.</p> <p>Conflict with <code>up_mbps</code> and <code>down_mbps</code>.</p>"},{"location":"configuration/inbound/hysteria2/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/hysteria2/#masquerade","title":"masquerade","text":"<p>HTTP3 server behavior when authentication fails.</p> Scheme Example Description <code>file</code> <code>file:///var/www</code> As a file server <code>http/https</code> <code>http://127.0.0.1:8080</code> As a reverse proxy <p>A 404 page will be returned if empty.</p>"},{"location":"configuration/inbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"<p>Enable debug information logging for Hysteria Brutal CC.</p>"},{"location":"configuration/inbound/mixed/","title":"Mixed","text":"<p><code>mixed</code> inbound is a socks4, socks4a, socks5 and http server.</p>"},{"location":"configuration/inbound/mixed/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"mixed\",\n \"tag\": \"mixed-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"username\": \"admin\",\n \"password\": \"admin\"\n }\n ],\n \"set_system_proxy\": false\n}\n</code></pre>"},{"location":"configuration/inbound/mixed/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/mixed/#fields","title":"Fields","text":""},{"location":"configuration/inbound/mixed/#users","title":"users","text":"<p>SOCKS and HTTP users.</p> <p>No authentication required if empty.</p>"},{"location":"configuration/inbound/mixed/#set_system_proxy","title":"set_system_proxy","text":"<p>Only supported on Linux, Android, Windows, and macOS.</p> <p>To work on Android and Apple platforms without privileges, use tun.platform.http_proxy instead.</p> <p>Automatically set system proxy configuration when start and clean up when stop.</p>"},{"location":"configuration/inbound/naive/","title":"Naive","text":""},{"location":"configuration/inbound/naive/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"naive\",\n \"tag\": \"naive-in\",\n \"network\": \"udp\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"username\": \"sekai\",\n \"password\": \"password\"\n }\n ],\n \"tls\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/naive/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/naive/#fields","title":"Fields","text":""},{"location":"configuration/inbound/naive/#network","title":"network","text":"<p>Listen network, one of <code>tcp</code> <code>udp</code>.</p> <p>Both if empty.</p>"},{"location":"configuration/inbound/naive/#users","title":"users","text":"<p>Required</p> <p>Naive users.</p>"},{"location":"configuration/inbound/naive/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/redirect/","title":"Redirect","text":"<p>Only supported on Linux and macOS.</p>"},{"location":"configuration/inbound/redirect/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"redirect\",\n \"tag\": \"redirect-in\",\n\n ... // Listen Fields\n}\n</code></pre>"},{"location":"configuration/inbound/redirect/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/shadowsocks/","title":"Shadowsocks","text":""},{"location":"configuration/inbound/shadowsocks/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"shadowsocks\",\n \"tag\": \"ss-in\",\n\n ... // Listen Fields\n\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"multiplex\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/shadowsocks/#multi-user-structure","title":"Multi-User Structure","text":"<pre><code>{\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n }\n ],\n \"multiplex\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/shadowsocks/#relay-structure","title":"Relay Structure","text":"<pre><code>{\n \"type\": \"shadowsocks\",\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"destinations\": [\n {\n \"name\": \"test\",\n \"server\": \"example.com\",\n \"server_port\": 8080,\n \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n }\n ],\n \"multiplex\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/shadowsocks/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/shadowsocks/#fields","title":"Fields","text":""},{"location":"configuration/inbound/shadowsocks/#network","title":"network","text":"<p>Listen network, one of <code>tcp</code> <code>udp</code>.</p> <p>Both if empty.</p>"},{"location":"configuration/inbound/shadowsocks/#method","title":"method","text":"<p>Required</p> Method Key Length 2022-blake3-aes-128-gcm 16 2022-blake3-aes-256-gcm 32 2022-blake3-chacha20-poly1305 32 none / aes-128-gcm / aes-192-gcm / aes-256-gcm / chacha20-ietf-poly1305 / xchacha20-ietf-poly1305 /"},{"location":"configuration/inbound/shadowsocks/#password","title":"password","text":"<p>Required</p> Method Password Format none / 2022 methods <code>sing-box generate rand --base64 &lt;Key Length&gt;</code> other methods any string"},{"location":"configuration/inbound/shadowsocks/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/inbound/shadowtls/","title":"ShadowTLS","text":""},{"location":"configuration/inbound/shadowtls/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"shadowtls\",\n \"tag\": \"st-in\",\n\n ... // Listen Fields\n\n \"version\": 3,\n \"password\": \"fuck me till the daylight\",\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n }\n ],\n \"handshake\": {\n \"server\": \"google.com\",\n \"server_port\": 443,\n\n ... // Dial Fields\n },\n \"handshake_for_server_name\": {\n \"example.com\": {\n \"server\": \"example.com\",\n \"server_port\": 443,\n\n ... // Dial Fields\n }\n },\n \"strict_mode\": false\n}\n</code></pre>"},{"location":"configuration/inbound/shadowtls/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/shadowtls/#fields","title":"Fields","text":""},{"location":"configuration/inbound/shadowtls/#version","title":"version","text":"<p>ShadowTLS protocol version.</p> Value Protocol Version <code>1</code> (default) ShadowTLS v1 <code>2</code> ShadowTLS v2 <code>3</code> ShadowTLS v3"},{"location":"configuration/inbound/shadowtls/#password","title":"password","text":"<p>ShadowTLS password.</p> <p>Only available in the ShadowTLS protocol 2.</p>"},{"location":"configuration/inbound/shadowtls/#users","title":"users","text":"<p>ShadowTLS users.</p> <p>Only available in the ShadowTLS protocol 3.</p>"},{"location":"configuration/inbound/shadowtls/#handshake","title":"handshake","text":"<p>Required</p> <p>Handshake server address and Dial Fields.</p>"},{"location":"configuration/inbound/shadowtls/#handshake_for_server_name","title":"handshake_for_server_name","text":"<p>Handshake server address and Dial Fields for specific server name.</p> <p>Only available in the ShadowTLS protocol 2/3.</p>"},{"location":"configuration/inbound/shadowtls/#strict_mode","title":"strict_mode","text":"<p>ShadowTLS strict mode.</p> <p>Only available in the ShadowTLS protocol 3.</p>"},{"location":"configuration/inbound/socks/","title":"SOCKS","text":"<p><code>socks</code> inbound is a socks4, socks4a, socks5 server.</p>"},{"location":"configuration/inbound/socks/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"socks\",\n \"tag\": \"socks-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"username\": \"admin\",\n \"password\": \"admin\"\n }\n ]\n}\n</code></pre>"},{"location":"configuration/inbound/socks/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/socks/#fields","title":"Fields","text":""},{"location":"configuration/inbound/socks/#users","title":"users","text":"<p>SOCKS users.</p> <p>No authentication required if empty.</p>"},{"location":"configuration/inbound/tproxy/","title":"TProxy","text":"<p>Only supported on Linux.</p>"},{"location":"configuration/inbound/tproxy/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"tproxy\",\n \"tag\": \"tproxy-in\",\n\n ... // Listen Fields\n\n \"network\": \"udp\"\n}\n</code></pre>"},{"location":"configuration/inbound/tproxy/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/tproxy/#fields","title":"Fields","text":""},{"location":"configuration/inbound/tproxy/#network","title":"network","text":"<p>Listen network, one of <code>tcp</code> <code>udp</code>.</p> <p>Both if empty.</p>"},{"location":"configuration/inbound/trojan/","title":"Trojan","text":""},{"location":"configuration/inbound/trojan/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"trojan\",\n \"tag\": \"trojan-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n }\n ],\n \"tls\": {},\n \"fallback\": {\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080\n },\n \"fallback_for_alpn\": {\n \"http/1.1\": {\n \"server\": \"127.0.0.1\",\n \"server_port\": 8081\n }\n },\n \"multiplex\": {},\n \"transport\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/trojan/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/trojan/#fields","title":"Fields","text":""},{"location":"configuration/inbound/trojan/#users","title":"users","text":"<p>Required</p> <p>Trojan users.</p>"},{"location":"configuration/inbound/trojan/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/trojan/#fallback","title":"fallback","text":"<p>There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature.</p> <p>Fallback server configuration. Disabled if <code>fallback</code> and <code>fallback_for_alpn</code> are empty.</p>"},{"location":"configuration/inbound/trojan/#fallback_for_alpn","title":"fallback_for_alpn","text":"<p>Fallback server configuration for specified ALPN.</p> <p>If not empty, TLS fallback requests with ALPN not in this table will be rejected.</p>"},{"location":"configuration/inbound/trojan/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/inbound/trojan/#transport","title":"transport","text":"<p>V2Ray Transport configuration, see V2Ray Transport.</p>"},{"location":"configuration/inbound/tuic/","title":"TUIC","text":""},{"location":"configuration/inbound/tuic/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"tuic\",\n \"tag\": \"tuic-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"uuid\": \"059032A9-7D40-4A96-9BB1-36823D848068\",\n \"password\": \"hello\"\n }\n ],\n \"congestion_control\": \"cubic\",\n \"auth_timeout\": \"3s\",\n \"zero_rtt_handshake\": false,\n \"heartbeat\": \"10s\",\n \"tls\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/tuic/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/tuic/#fields","title":"Fields","text":""},{"location":"configuration/inbound/tuic/#users","title":"users","text":"<p>TUIC users</p>"},{"location":"configuration/inbound/tuic/#usersuuid","title":"users.uuid","text":"<p>Required</p> <p>TUIC user uuid</p>"},{"location":"configuration/inbound/tuic/#userspassword","title":"users.password","text":"<p>TUIC user password</p>"},{"location":"configuration/inbound/tuic/#congestion_control","title":"congestion_control","text":"<p>QUIC congestion control algorithm</p> <p>One of: <code>cubic</code>, <code>new_reno</code>, <code>bbr</code></p> <p><code>cubic</code> is used by default.</p>"},{"location":"configuration/inbound/tuic/#auth_timeout","title":"auth_timeout","text":"<p>How long the server should wait for the client to send the authentication command</p> <p><code>3s</code> is used by default.</p>"},{"location":"configuration/inbound/tuic/#zero_rtt_handshake","title":"zero_rtt_handshake","text":"<p>Enable 0-RTT QUIC connection handshake on the client side This is not impacting much on the performance, as the protocol is fully multiplexed </p> <p>Disabling this is highly recommended, as it is vulnerable to replay attacks. See Attack of the clones</p>"},{"location":"configuration/inbound/tuic/#heartbeat","title":"heartbeat","text":"<p>Interval for sending heartbeat packets for keeping the connection alive</p> <p><code>10s</code> is used by default.</p>"},{"location":"configuration/inbound/tuic/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/tun/","title":"Tun","text":"<p>Changes in sing-box 1.11.0</p> <p> gso</p> <p>Changes in sing-box 1.10.0</p> <p> address inet4_address inet6_address route_address inet4_route_address inet6_route_address route_exclude_address inet4_route_exclude_address inet6_route_exclude_address iproute2_table_index iproute2_rule_index auto_redirect auto_redirect_input_mark auto_redirect_output_mark route_address_set route_exclude_address_set</p> <p>Changes in sing-box 1.9.0</p> <p> platform.http_proxy.bypass_domain platform.http_proxy.match_domain </p> <p>Changes in sing-box 1.8.0</p> <p> gso stack</p> <p>Only supported on Linux, Windows and macOS.</p>"},{"location":"configuration/inbound/tun/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"tun\",\n \"tag\": \"tun-in\",\n \"interface_name\": \"tun0\",\n \"address\": [\n \"172.18.0.1/30\",\n \"fdfe:dcba:9876::1/126\"\n ],\n \"mtu\": 9000,\n \"auto_route\": true,\n \"iproute2_table_index\": 2022,\n \"iproute2_rule_index\": 9000,\n \"auto_redirect\": false,\n \"auto_redirect_input_mark\": \"0x2023\",\n \"auto_redirect_output_mark\": \"0x2024\",\n \"strict_route\": true,\n \"route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\",\n \"::/1\",\n \"8000::/1\"\n ],\n\n \"route_exclude_address\": [\n \"192.168.0.0/16\",\n \"fc00::/7\"\n ],\n \"route_address_set\": [\n \"geoip-cloudflare\"\n ],\n \"route_exclude_address_set\": [\n \"geoip-cn\"\n ],\n \"endpoint_independent_nat\": false,\n \"udp_timeout\": \"5m\",\n \"stack\": \"system\",\n \"include_interface\": [\n \"lan0\"\n ],\n \"exclude_interface\": [\n \"lan1\"\n ],\n \"include_uid\": [\n 0\n ],\n \"include_uid_range\": [\n \"1000-99999\"\n ],\n \"exclude_uid\": [\n 1000\n ],\n \"exclude_uid_range\": [\n \"1000-99999\"\n ],\n \"include_android_user\": [\n 0,\n 10\n ],\n \"include_package\": [\n \"com.android.chrome\"\n ],\n \"exclude_package\": [\n \"com.android.captiveportallogin\"\n ],\n \"platform\": {\n \"http_proxy\": {\n \"enabled\": false,\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"bypass_domain\": [],\n \"match_domain\": []\n }\n },\n\n // Deprecated\n \"gso\": false,\n \"inet4_address\": [\n \"172.19.0.1/30\"\n ],\n \"inet6_address\": [\n \"fdfe:dcba:9876::1/126\"\n ],\n \"inet4_route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\"\n ],\n \"inet6_route_address\": [\n \"::/1\",\n \"8000::/1\"\n ],\n \"inet4_route_exclude_address\": [\n \"192.168.0.0/16\"\n ],\n \"inet6_route_exclude_address\": [\n \"fc00::/7\"\n ],\n\n ... // Listen Fields\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p> <p>If tun is running in non-privileged mode, addresses and MTU will not be configured automatically, please make sure the settings are accurate.</p>"},{"location":"configuration/inbound/tun/#fields","title":"Fields","text":""},{"location":"configuration/inbound/tun/#interface_name","title":"interface_name","text":"<p>Virtual device name, automatically selected if empty.</p>"},{"location":"configuration/inbound/tun/#address","title":"address","text":"<p>Since sing-box 1.10.0</p> <p>IPv4 and IPv6 prefix for the tun interface.</p>"},{"location":"configuration/inbound/tun/#inet4_address","title":"inet4_address","text":"<p>Deprecated in sing-box 1.10.0</p> <p><code>inet4_address</code> is merged to <code>address</code> and will be removed in sing-box 1.12.0.</p> <p>IPv4 prefix for the tun interface.</p>"},{"location":"configuration/inbound/tun/#inet6_address","title":"inet6_address","text":"<p>Deprecated in sing-box 1.10.0</p> <p><code>inet6_address</code> is merged to <code>address</code> and will be removed in sing-box 1.12.0.</p> <p>IPv6 prefix for the tun interface.</p>"},{"location":"configuration/inbound/tun/#mtu","title":"mtu","text":"<p>The maximum transmission unit.</p>"},{"location":"configuration/inbound/tun/#gso","title":"gso","text":"<p>Deprecated in sing-box 1.11.0</p> <p>GSO has no advantages for transparent proxy scenarios, is deprecated and no longer works, and will be removed in sing-box 1.12.0.</p> <p>Since sing-box 1.8.0</p> <p>Only supported on Linux with <code>auto_route</code> enabled.</p> <p>Enable generic segmentation offload.</p>"},{"location":"configuration/inbound/tun/#auto_route","title":"auto_route","text":"<p>Set the default route to the Tun.</p> <p>To avoid traffic loopback, set <code>route.auto_detect_interface</code> or <code>route.default_interface</code> or <code>outbound.bind_interface</code></p> <p>Use with Android VPN</p> <p>By default, VPN takes precedence over tun. To make tun go through VPN, enable <code>route.override_android_vpn</code>.</p>"},{"location":"configuration/inbound/tun/#iproute2_table_index","title":"iproute2_table_index","text":"<p>Since sing-box 1.10.0</p> <p>Linux iproute2 table index generated by <code>auto_route</code>.</p> <p><code>2022</code> is used by default.</p>"},{"location":"configuration/inbound/tun/#iproute2_rule_index","title":"iproute2_rule_index","text":"<p>Since sing-box 1.10.0</p> <p>Linux iproute2 rule start index generated by <code>auto_route</code>.</p> <p><code>9000</code> is used by default.</p>"},{"location":"configuration/inbound/tun/#auto_redirect","title":"auto_redirect","text":"<p>Since sing-box 1.10.0</p> <p>Only supported on Linux with <code>auto_route</code> enabled.</p> <p>Automatically configure iptables/nftables to redirect connections.</p> <p>In Android\uff1a</p> <p>Only local IPv4 connections are forwarded. To share your VPN connection over hotspot or repeater, use VPNHotspot.</p> <p>In Linux:</p> <p><code>auto_route</code> with <code>auto_redirect</code> works as expected on routers without intervention.</p>"},{"location":"configuration/inbound/tun/#auto_redirect_input_mark","title":"auto_redirect_input_mark","text":"<p>Since sing-box 1.10.0</p> <p>Connection input mark used by <code>route_address_set</code> and <code>route_exclude_address_set</code>.</p> <p><code>0x2023</code> is used by default.</p>"},{"location":"configuration/inbound/tun/#auto_redirect_output_mark","title":"auto_redirect_output_mark","text":"<p>Since sing-box 1.10.0</p> <p>Connection output mark used by <code>route_address_set</code> and <code>route_exclude_address_set</code>.</p> <p><code>0x2024</code> is used by default.</p>"},{"location":"configuration/inbound/tun/#strict_route","title":"strict_route","text":"<p>Enforce strict routing rules when <code>auto_route</code> is enabled:</p> <p>In Linux:</p> <ul> <li>Let unsupported network unreachable</li> <li>Make ICMP traffic route to tun instead of upstream interfaces</li> <li>Route all connections to tun</li> </ul> <p>It prevents IP address leaks and makes DNS hijacking work on Android.</p> <p>In Windows:</p> <ul> <li>Add firewall rules to prevent DNS leak caused by Windows' ordinary multihomed DNS resolution behavior</li> </ul> <p>It may prevent some applications (such as VirtualBox) from working properly in certain situations.</p>"},{"location":"configuration/inbound/tun/#route_address","title":"route_address","text":"<p>Since sing-box 1.10.0</p> <p>Use custom routes instead of default when <code>auto_route</code> is enabled.</p>"},{"location":"configuration/inbound/tun/#inet4_route_address","title":"inet4_route_address","text":"<p>Deprecated in sing-box 1.10.0</p> <p><code>inet4_route_address</code> is deprecated and will be removed in sing-box 1.12.0, please use route_address instead.</p> <p>Use custom routes instead of default when <code>auto_route</code> is enabled.</p>"},{"location":"configuration/inbound/tun/#inet6_route_address","title":"inet6_route_address","text":"<p>Deprecated in sing-box 1.10.0</p> <p><code>inet6_route_address</code> is deprecated and will be removed in sing-box 1.12.0, please use route_address instead.</p> <p>Use custom routes instead of default when <code>auto_route</code> is enabled.</p>"},{"location":"configuration/inbound/tun/#route_exclude_address","title":"route_exclude_address","text":"<p>Since sing-box 1.10.0</p> <p>Exclude custom routes when <code>auto_route</code> is enabled.</p>"},{"location":"configuration/inbound/tun/#inet4_route_exclude_address","title":"inet4_route_exclude_address","text":"<p>Deprecated in sing-box 1.10.0</p> <p><code>inet4_route_exclude_address</code> is deprecated and will be removed in sing-box 1.12.0, please use route_exclude_address instead.</p> <p>Exclude custom routes when <code>auto_route</code> is enabled.</p>"},{"location":"configuration/inbound/tun/#inet6_route_exclude_address","title":"inet6_route_exclude_address","text":"<p>Deprecated in sing-box 1.10.0</p> <p><code>inet6_route_exclude_address</code> is deprecated and will be removed in sing-box 1.12.0, please use route_exclude_address instead.</p> <p>Exclude custom routes when <code>auto_route</code> is enabled.</p>"},{"location":"configuration/inbound/tun/#route_address_set","title":"route_address_set","text":"<p>Since sing-box 1.10.0</p> <p>Only supported on Linux with nftables and requires <code>auto_route</code> and <code>auto_redirect</code> enabled.</p> <p>Add the destination IP CIDR rules in the specified rule-sets to the firewall. Unmatched traffic will bypass the sing-box routes.</p> <p>Conflict with <code>route.default_mark</code> and <code>[dialOptions].routing_mark</code>.</p>"},{"location":"configuration/inbound/tun/#route_exclude_address_set","title":"route_exclude_address_set","text":"<p>Since sing-box 1.10.0</p> <p>Only supported on Linux with nftables and requires <code>auto_route</code> and <code>auto_redirect</code> enabled.</p> <p>Add the destination IP CIDR rules in the specified rule-sets to the firewall. Matched traffic will bypass the sing-box routes.</p> <p>Conflict with <code>route.default_mark</code> and <code>[dialOptions].routing_mark</code>.</p>"},{"location":"configuration/inbound/tun/#endpoint_independent_nat","title":"endpoint_independent_nat","text":"<p>This item is only available on the gvisor stack, other stacks are endpoint-independent NAT by default.</p> <p>Enable endpoint-independent NAT.</p> <p>Performance may degrade slightly, so it is not recommended to enable on when it is not needed.</p>"},{"location":"configuration/inbound/tun/#udp_timeout","title":"udp_timeout","text":"<p>UDP NAT expiration time.</p> <p><code>5m</code> will be used by default.</p>"},{"location":"configuration/inbound/tun/#stack","title":"stack","text":"<p>Changes in sing-box 1.8.0</p> <p> The legacy LWIP stack has been deprecated and removed.</p> <p>TCP/IP stack.</p> Stack Description <code>system</code> Perform L3 to L4 translation using the system network stack <code>gvisor</code> Perform L3 to L4 translation using gVisor's virtual network stack <code>mixed</code> Mixed <code>system</code> TCP stack and <code>gvisor</code> UDP stack <p>Defaults to the <code>mixed</code> stack if the gVisor build tag is enabled, otherwise defaults to the <code>system</code> stack.</p>"},{"location":"configuration/inbound/tun/#include_interface","title":"include_interface","text":"<p>Interface rules are only supported on Linux and require auto_route.</p> <p>Limit interfaces in route. Not limited by default.</p> <p>Conflict with <code>exclude_interface</code>.</p>"},{"location":"configuration/inbound/tun/#exclude_interface","title":"exclude_interface","text":"<p>When <code>strict_route</code> enabled, return traffic to excluded interfaces will not be automatically excluded, so add them as well (example: <code>br-lan</code> and <code>pppoe-wan</code>).</p> <p>Exclude interfaces in route.</p> <p>Conflict with <code>include_interface</code>.</p>"},{"location":"configuration/inbound/tun/#include_uid","title":"include_uid","text":"<p>UID rules are only supported on Linux and require auto_route.</p> <p>Limit users in route. Not limited by default.</p>"},{"location":"configuration/inbound/tun/#include_uid_range","title":"include_uid_range","text":"<p>Limit users in route, but in range.</p>"},{"location":"configuration/inbound/tun/#exclude_uid","title":"exclude_uid","text":"<p>Exclude users in route.</p>"},{"location":"configuration/inbound/tun/#exclude_uid_range","title":"exclude_uid_range","text":"<p>Exclude users in route, but in range.</p>"},{"location":"configuration/inbound/tun/#include_android_user","title":"include_android_user","text":"<p>Android user and package rules are only supported on Android and require auto_route.</p> <p>Limit android users in route.</p> Common user ID Main 0 Work Profile 10"},{"location":"configuration/inbound/tun/#include_package","title":"include_package","text":"<p>Limit android packages in route.</p>"},{"location":"configuration/inbound/tun/#exclude_package","title":"exclude_package","text":"<p>Exclude android packages in route.</p>"},{"location":"configuration/inbound/tun/#platform","title":"platform","text":"<p>Platform-specific settings, provided by client applications.</p>"},{"location":"configuration/inbound/tun/#platformhttp_proxy","title":"platform.http_proxy","text":"<p>System HTTP proxy settings.</p>"},{"location":"configuration/inbound/tun/#platformhttp_proxyenabled","title":"platform.http_proxy.enabled","text":"<p>Enable system HTTP proxy.</p>"},{"location":"configuration/inbound/tun/#platformhttp_proxyserver","title":"platform.http_proxy.server","text":"<p>Required</p> <p>HTTP proxy server address.</p>"},{"location":"configuration/inbound/tun/#platformhttp_proxyserver_port","title":"platform.http_proxy.server_port","text":"<p>Required</p> <p>HTTP proxy server port.</p>"},{"location":"configuration/inbound/tun/#platformhttp_proxybypass_domain","title":"platform.http_proxy.bypass_domain","text":"<p>On Apple platforms, <code>bypass_domain</code> items matches hostname suffixes.</p> <p>Hostnames that bypass the HTTP proxy.</p>"},{"location":"configuration/inbound/tun/#platformhttp_proxymatch_domain","title":"platform.http_proxy.match_domain","text":"<p>Only supported in graphical clients on Apple platforms.</p> <p>Hostnames that use the HTTP proxy.</p>"},{"location":"configuration/inbound/tun/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/vless/","title":"VLESS","text":""},{"location":"configuration/inbound/vless/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"vless\",\n \"tag\": \"vless-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"flow\": \"\"\n }\n ],\n \"tls\": {},\n \"multiplex\": {},\n \"transport\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/vless/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/vless/#fields","title":"Fields","text":""},{"location":"configuration/inbound/vless/#users","title":"users","text":"<p>Required</p> <p>VLESS users.</p>"},{"location":"configuration/inbound/vless/#usersuuid","title":"users.uuid","text":"<p>Required</p> <p>VLESS user id.</p>"},{"location":"configuration/inbound/vless/#usersflow","title":"users.flow","text":"<p>VLESS Sub-protocol.</p> <p>Available values:</p> <ul> <li><code>xtls-rprx-vision</code></li> </ul>"},{"location":"configuration/inbound/vless/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/vless/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/inbound/vless/#transport","title":"transport","text":"<p>V2Ray Transport configuration, see V2Ray Transport.</p>"},{"location":"configuration/inbound/vmess/","title":"VMess","text":""},{"location":"configuration/inbound/vmess/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"vmess\",\n \"tag\": \"vmess-in\",\n\n ... // Listen Fields\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"alterId\": 0\n }\n ],\n \"tls\": {},\n \"multiplex\": {},\n \"transport\": {}\n}\n</code></pre>"},{"location":"configuration/inbound/vmess/#listen-fields","title":"Listen Fields","text":"<p>See Listen Fields for details.</p>"},{"location":"configuration/inbound/vmess/#fields","title":"Fields","text":""},{"location":"configuration/inbound/vmess/#users","title":"users","text":"<p>Required</p> <p>VMess users.</p> Alter ID Description 0 Disable legacy protocol &gt; 0 Enable legacy protocol <p>Legacy protocol support (VMess MD5 Authentication) is provided for compatibility purposes only, use of alterId &gt; 1 is not recommended.</p>"},{"location":"configuration/inbound/vmess/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/inbound/vmess/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/inbound/vmess/#transport","title":"transport","text":"<p>V2Ray Transport configuration, see V2Ray Transport.</p>"},{"location":"configuration/log/","title":"Log","text":""},{"location":"configuration/log/#structure","title":"Structure","text":"<pre><code>{\n \"log\": {\n \"disabled\": false,\n \"level\": \"info\",\n \"output\": \"box.log\",\n \"timestamp\": true\n }\n}\n</code></pre>"},{"location":"configuration/log/#fields","title":"Fields","text":""},{"location":"configuration/log/#disabled","title":"disabled","text":"<p>Disable logging, no output after start.</p>"},{"location":"configuration/log/#level","title":"level","text":"<p>Log level. One of: <code>trace</code> <code>debug</code> <code>info</code> <code>warn</code> <code>error</code> <code>fatal</code> <code>panic</code>.</p>"},{"location":"configuration/log/#output","title":"output","text":"<p>Output file path. Will not write log to console after enable.</p>"},{"location":"configuration/log/#timestamp","title":"timestamp","text":"<p>Add time to each line.</p>"},{"location":"configuration/ntp/","title":"NTP","text":"<p>Built-in NTP client service.</p> <p>If enabled, it will provide time for protocols like TLS/Shadowsocks/VMess, which is useful for environments where time synchronization is not possible.</p>"},{"location":"configuration/ntp/#structure","title":"Structure","text":"<pre><code>{\n \"ntp\": {\n \"enabled\": false,\n \"server\": \"time.apple.com\",\n \"server_port\": 123,\n \"interval\": \"30m\",\n\n ... // Dial Fields\n }\n}\n</code></pre>"},{"location":"configuration/ntp/#fields","title":"Fields","text":""},{"location":"configuration/ntp/#enabled","title":"enabled","text":"<p>Enable NTP service.</p>"},{"location":"configuration/ntp/#server","title":"server","text":"<p>Required</p> <p>NTP server address.</p>"},{"location":"configuration/ntp/#server_port","title":"server_port","text":"<p>NTP server port.</p> <p>123 is used by default.</p>"},{"location":"configuration/ntp/#interval","title":"interval","text":"<p>Time synchronization interval.</p> <p>30 minutes is used by default.</p>"},{"location":"configuration/ntp/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/","title":"Outbound","text":""},{"location":"configuration/outbound/#structure","title":"Structure","text":"<pre><code>{\n \"outbounds\": [\n {\n \"type\": \"\",\n \"tag\": \"\"\n }\n ]\n}\n</code></pre>"},{"location":"configuration/outbound/#fields","title":"Fields","text":"Type Format <code>direct</code> Direct <code>block</code> Block <code>socks</code> SOCKS <code>http</code> HTTP <code>shadowsocks</code> Shadowsocks <code>vmess</code> VMess <code>trojan</code> Trojan <code>wireguard</code> Wireguard <code>hysteria</code> Hysteria <code>vless</code> VLESS <code>shadowtls</code> ShadowTLS <code>tuic</code> TUIC <code>hysteria2</code> Hysteria2 <code>tor</code> Tor <code>ssh</code> SSH <code>dns</code> DNS <code>selector</code> Selector <code>urltest</code> URLTest"},{"location":"configuration/outbound/#tag","title":"tag","text":"<p>The tag of the outbound.</p>"},{"location":"configuration/outbound/#features","title":"Features","text":""},{"location":"configuration/outbound/#outbounds-that-support-ip-connection","title":"Outbounds that support IP connection","text":"<ul> <li><code>WireGuard</code></li> </ul>"},{"location":"configuration/outbound/block/","title":"Block","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check Migration. </p>"},{"location":"configuration/outbound/block/#structure","title":"Structure","text":"<p><code>json F { \"type\": \"block\", \"tag\": \"block\" }</code></p>"},{"location":"configuration/outbound/block/#fields","title":"Fields","text":"<p>No fields.</p>"},{"location":"configuration/outbound/direct/","title":"Direct","text":"<p>Changes in sing-box 1.11.0</p> <p> override_address override_port</p> <p><code>direct</code> outbound send requests directly.</p>"},{"location":"configuration/outbound/direct/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"direct\",\n \"tag\": \"direct-out\",\n\n \"override_address\": \"1.0.0.1\",\n \"override_port\": 53,\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/direct/#fields","title":"Fields","text":""},{"location":"configuration/outbound/direct/#override_address","title":"override_address","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Destination override fields are deprecated in sing-box 1.11.0 and will be removed in sing-box 1.13.0, see Migration.</p> <p>Override the connection destination address.</p>"},{"location":"configuration/outbound/direct/#override_port","title":"override_port","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Destination override fields are deprecated in sing-box 1.11.0 and will be removed in sing-box 1.13.0, see Migration.</p> <p>Override the connection destination port.</p> <p>Protocol value can be <code>1</code> or <code>2</code>.</p>"},{"location":"configuration/outbound/direct/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/dns/","title":"DNS","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check Migration.</p> <p><code>dns</code> outbound is a internal DNS server.</p>"},{"location":"configuration/outbound/dns/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"dns\",\n \"tag\": \"dns-out\"\n}\n</code></pre> <p>There are no outbound connections by the DNS outbound, all requests are handled internally.</p>"},{"location":"configuration/outbound/dns/#fields","title":"Fields","text":"<p>No fields.</p>"},{"location":"configuration/outbound/http/","title":"HTTP","text":"<p><code>http</code> outbound is a HTTP CONNECT proxy client.</p>"},{"location":"configuration/outbound/http/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"http\",\n \"tag\": \"http-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"username\": \"sekai\",\n \"password\": \"admin\",\n \"path\": \"\",\n \"headers\": {},\n \"tls\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/http/#fields","title":"Fields","text":""},{"location":"configuration/outbound/http/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/http/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/http/#username","title":"username","text":"<p>Basic authorization username.</p>"},{"location":"configuration/outbound/http/#password","title":"password","text":"<p>Basic authorization password.</p>"},{"location":"configuration/outbound/http/#path","title":"path","text":"<p>Path of HTTP request.</p>"},{"location":"configuration/outbound/http/#headers","title":"headers","text":"<p>Extra headers of HTTP request.</p>"},{"location":"configuration/outbound/http/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/http/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/hysteria/","title":"Hysteria","text":""},{"location":"configuration/outbound/hysteria/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"hysteria\",\n \"tag\": \"hysteria-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"up\": \"100 Mbps\",\n \"up_mbps\": 100,\n \"down\": \"100 Mbps\",\n \"down_mbps\": 100,\n \"obfs\": \"fuck me till the daylight\",\n \"auth\": \"\",\n \"auth_str\": \"password\",\n \"recv_window_conn\": 0,\n \"recv_window\": 0,\n \"disable_mtu_discovery\": false,\n \"network\": \"tcp\",\n \"tls\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/hysteria/#fields","title":"Fields","text":""},{"location":"configuration/outbound/hysteria/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/hysteria/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/hysteria/#up-down","title":"up, down","text":"<p>Required</p> <p>Format: <code>[Integer] [Unit]</code> e.g. <code>100 Mbps, 640 KBps, 2 Gbps</code></p> <p>Supported units (case sensitive, b = bits, B = bytes, 8b=1B):</p> <pre><code>bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n</code></pre>"},{"location":"configuration/outbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>Required</p> <p><code>up, down</code> in Mbps.</p>"},{"location":"configuration/outbound/hysteria/#obfs","title":"obfs","text":"<p>Obfuscated password.</p>"},{"location":"configuration/outbound/hysteria/#auth","title":"auth","text":"<p>Authentication password, in base64.</p>"},{"location":"configuration/outbound/hysteria/#auth_str","title":"auth_str","text":"<p>Authentication password.</p>"},{"location":"configuration/outbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"<p>The QUIC stream-level flow control window for receiving data.</p> <p><code>15728640 (15 MB/s)</code> will be used if empty.</p>"},{"location":"configuration/outbound/hysteria/#recv_window","title":"recv_window","text":"<p>The QUIC connection-level flow control window for receiving data.</p> <p><code>67108864 (64 MB/s)</code> will be used if empty.</p>"},{"location":"configuration/outbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"<p>Disables Path MTU Discovery (RFC 8899). Packets will then be at most 1252 (IPv4) / 1232 (IPv6) bytes in size.</p> <p>Force enabled on for systems other than Linux and Windows (according to upstream).</p>"},{"location":"configuration/outbound/hysteria/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/hysteria/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/hysteria/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/hysteria2/","title":"Hysteria2","text":""},{"location":"configuration/outbound/hysteria2/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"hysteria2\",\n \"tag\": \"hy2-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"obfs\": {\n \"type\": \"salamander\",\n \"password\": \"cry_me_a_r1ver\"\n },\n \"password\": \"goofy_ahh_password\",\n \"network\": \"tcp\",\n \"tls\": {},\n \"brutal_debug\": false,\n\n ... // Dial Fields\n}\n</code></pre> <p>Difference from official Hysteria2</p> <p>The official Hysteria2 supports an authentication method called userpass, which essentially uses a combination of <code>&lt;username&gt;:&lt;password&gt;</code> as the actual password, while sing-box does not provide this alias. If you are planning to use sing-box with the official program, please note that you will need to fill the combination as the password.</p>"},{"location":"configuration/outbound/hysteria2/#fields","title":"Fields","text":""},{"location":"configuration/outbound/hysteria2/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/hysteria2/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>Max bandwidth, in Mbps.</p> <p>If empty, the BBR congestion control algorithm will be used instead of Hysteria CC.</p>"},{"location":"configuration/outbound/hysteria2/#obfstype","title":"obfs.type","text":"<p>QUIC traffic obfuscator type, only available with <code>salamander</code>.</p> <p>Disabled if empty.</p>"},{"location":"configuration/outbound/hysteria2/#obfspassword","title":"obfs.password","text":"<p>QUIC traffic obfuscator password.</p>"},{"location":"configuration/outbound/hysteria2/#password","title":"password","text":"<p>Authentication password.</p>"},{"location":"configuration/outbound/hysteria2/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/hysteria2/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"<p>Enable debug information logging for Hysteria Brutal CC.</p>"},{"location":"configuration/outbound/hysteria2/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/selector/","title":"Selector","text":""},{"location":"configuration/outbound/selector/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"selector\",\n \"tag\": \"select\",\n\n \"outbounds\": [\n \"proxy-a\",\n \"proxy-b\",\n \"proxy-c\"\n ],\n \"default\": \"proxy-c\",\n \"interrupt_exist_connections\": false\n}\n</code></pre> <p>The selector can only be controlled through the Clash API currently.</p>"},{"location":"configuration/outbound/selector/#fields","title":"Fields","text":""},{"location":"configuration/outbound/selector/#outbounds","title":"outbounds","text":"<p>Required</p> <p>List of outbound tags to select.</p>"},{"location":"configuration/outbound/selector/#default","title":"default","text":"<p>The default outbound tag. The first outbound will be used if empty.</p>"},{"location":"configuration/outbound/selector/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"<p>Interrupt existing connections when the selected outbound has changed.</p> <p>Only inbound connections are affected by this setting, internal connections will always be interrupted.</p>"},{"location":"configuration/outbound/shadowsocks/","title":"Shadowsocks","text":""},{"location":"configuration/outbound/shadowsocks/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"shadowsocks\",\n \"tag\": \"ss-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"plugin\": \"\",\n \"plugin_opts\": \"\",\n \"network\": \"udp\",\n \"udp_over_tcp\": false | {},\n \"multiplex\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/shadowsocks/#fields","title":"Fields","text":""},{"location":"configuration/outbound/shadowsocks/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/shadowsocks/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/shadowsocks/#method","title":"method","text":"<p>Required</p> <p>Encryption methods:</p> <ul> <li><code>2022-blake3-aes-128-gcm</code></li> <li><code>2022-blake3-aes-256-gcm</code></li> <li><code>2022-blake3-chacha20-poly1305</code></li> <li><code>none</code></li> <li><code>aes-128-gcm</code></li> <li><code>aes-192-gcm</code></li> <li><code>aes-256-gcm</code></li> <li><code>chacha20-ietf-poly1305</code></li> <li><code>xchacha20-ietf-poly1305</code></li> </ul> <p>Legacy encryption methods:</p> <ul> <li><code>aes-128-ctr</code></li> <li><code>aes-192-ctr</code></li> <li><code>aes-256-ctr</code></li> <li><code>aes-128-cfb</code></li> <li><code>aes-192-cfb</code></li> <li><code>aes-256-cfb</code></li> <li><code>rc4-md5</code></li> <li><code>chacha20-ietf</code></li> <li><code>xchacha20</code></li> </ul>"},{"location":"configuration/outbound/shadowsocks/#password","title":"password","text":"<p>Required</p> <p>The shadowsocks password.</p>"},{"location":"configuration/outbound/shadowsocks/#plugin","title":"plugin","text":"<p>Shadowsocks SIP003 plugin, implemented in internal.</p> <p>Only <code>obfs-local</code> and <code>v2ray-plugin</code> are supported.</p>"},{"location":"configuration/outbound/shadowsocks/#plugin_opts","title":"plugin_opts","text":"<p>Shadowsocks SIP003 plugin options.</p>"},{"location":"configuration/outbound/shadowsocks/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/shadowsocks/#udp_over_tcp","title":"udp_over_tcp","text":"<p>UDP over TCP configuration.</p> <p>See UDP Over TCP for details.</p> <p>Conflict with <code>multiplex</code>.</p>"},{"location":"configuration/outbound/shadowsocks/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/outbound/shadowsocks/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/shadowtls/","title":"ShadowTLS","text":""},{"location":"configuration/outbound/shadowtls/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"shadowtls\",\n \"tag\": \"st-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"version\": 3,\n \"password\": \"fuck me till the daylight\",\n \"tls\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/shadowtls/#fields","title":"Fields","text":""},{"location":"configuration/outbound/shadowtls/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/shadowtls/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/shadowtls/#version","title":"version","text":"<p>ShadowTLS protocol version.</p> Value Protocol Version <code>1</code> (default) ShadowTLS v1 <code>2</code> ShadowTLS v2 <code>3</code> ShadowTLS v3"},{"location":"configuration/outbound/shadowtls/#password","title":"password","text":"<p>Set password.</p> <p>Only available in the ShadowTLS v2/v3 protocol.</p>"},{"location":"configuration/outbound/shadowtls/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/shadowtls/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/socks/","title":"SOCKS","text":"<p><code>socks</code> outbound is a socks4/socks4a/socks5 client.</p>"},{"location":"configuration/outbound/socks/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"socks\",\n \"tag\": \"socks-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"version\": \"5\",\n \"username\": \"sekai\",\n \"password\": \"admin\",\n \"network\": \"udp\",\n \"udp_over_tcp\": false | {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/socks/#fields","title":"Fields","text":""},{"location":"configuration/outbound/socks/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/socks/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/socks/#version","title":"version","text":"<p>The SOCKS version, one of <code>4</code> <code>4a</code> <code>5</code>.</p> <p>SOCKS5 used by default.</p>"},{"location":"configuration/outbound/socks/#username","title":"username","text":"<p>SOCKS username.</p>"},{"location":"configuration/outbound/socks/#password","title":"password","text":"<p>SOCKS5 password.</p>"},{"location":"configuration/outbound/socks/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/socks/#udp_over_tcp","title":"udp_over_tcp","text":"<p>UDP over TCP protocol settings.</p> <p>See UDP Over TCP for details.</p>"},{"location":"configuration/outbound/socks/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/ssh/","title":"SSH","text":""},{"location":"configuration/outbound/ssh/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"ssh\",\n \"tag\": \"ssh-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 22,\n \"user\": \"root\",\n \"password\": \"admin\",\n \"private_key\": \"\",\n \"private_key_path\": \"$HOME/.ssh/id_rsa\",\n \"private_key_passphrase\": \"\",\n \"host_key\": [\n \"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH...\"\n ],\n \"host_key_algorithms\": [],\n \"client_version\": \"SSH-2.0-OpenSSH_7.4p1\",\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/ssh/#fields","title":"Fields","text":""},{"location":"configuration/outbound/ssh/#server","title":"server","text":"<p>Required</p> <p>Server address.</p>"},{"location":"configuration/outbound/ssh/#server_port","title":"server_port","text":"<p>Server port. 22 will be used if empty.</p>"},{"location":"configuration/outbound/ssh/#user","title":"user","text":"<p>SSH user, root will be used if empty.</p>"},{"location":"configuration/outbound/ssh/#password","title":"password","text":"<p>Password.</p>"},{"location":"configuration/outbound/ssh/#private_key","title":"private_key","text":"<p>Private key.</p>"},{"location":"configuration/outbound/ssh/#private_key_path","title":"private_key_path","text":"<p>Private key path.</p>"},{"location":"configuration/outbound/ssh/#private_key_passphrase","title":"private_key_passphrase","text":"<p>Private key passphrase.</p>"},{"location":"configuration/outbound/ssh/#host_key","title":"host_key","text":"<p>Host key. Accept any if empty.</p>"},{"location":"configuration/outbound/ssh/#host_key_algorithms","title":"host_key_algorithms","text":"<p>Host key algorithms.</p>"},{"location":"configuration/outbound/ssh/#client_version","title":"client_version","text":"<p>Client version. Random version will be used if empty.</p>"},{"location":"configuration/outbound/ssh/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/tor/","title":"Tor","text":""},{"location":"configuration/outbound/tor/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"tor\",\n \"tag\": \"tor-out\",\n\n \"executable_path\": \"/usr/bin/tor\",\n \"extra_args\": [],\n \"data_directory\": \"$HOME/.cache/tor\",\n \"torrc\": {\n \"ClientOnly\": 1\n },\n\n ... // Dial Fields\n}\n</code></pre> <p>Embedded Tor is not included by default, see Installation.</p>"},{"location":"configuration/outbound/tor/#fields","title":"Fields","text":""},{"location":"configuration/outbound/tor/#executable_path","title":"executable_path","text":"<p>The path to the Tor executable.</p> <p>Embedded Tor will be ignored if set.</p>"},{"location":"configuration/outbound/tor/#extra_args","title":"extra_args","text":"<p>List of extra arguments passed to the Tor instance when started.</p>"},{"location":"configuration/outbound/tor/#data_directory","title":"data_directory","text":"<p>Recommended</p> <p>The data directory of Tor.</p> <p>Each start will be very slow if not specified.</p>"},{"location":"configuration/outbound/tor/#torrc","title":"torrc","text":"<p>Map of torrc options.</p> <p>See tor(1) for details.</p>"},{"location":"configuration/outbound/tor/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/trojan/","title":"Trojan","text":""},{"location":"configuration/outbound/trojan/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"trojan\",\n \"tag\": \"trojan-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"network\": \"tcp\",\n \"tls\": {},\n \"multiplex\": {},\n \"transport\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/trojan/#fields","title":"Fields","text":""},{"location":"configuration/outbound/trojan/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/trojan/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/trojan/#password","title":"password","text":"<p>Required</p> <p>The Trojan password.</p>"},{"location":"configuration/outbound/trojan/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/trojan/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/trojan/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/outbound/trojan/#transport","title":"transport","text":"<p>V2Ray Transport configuration, see V2Ray Transport.</p>"},{"location":"configuration/outbound/trojan/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/tuic/","title":"TUIC","text":""},{"location":"configuration/outbound/tuic/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"tuic\",\n \"tag\": \"tuic-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"uuid\": \"2DD61D93-75D8-4DA4-AC0E-6AECE7EAC365\",\n \"password\": \"hello\",\n \"congestion_control\": \"cubic\",\n \"udp_relay_mode\": \"native\",\n \"udp_over_stream\": false,\n \"zero_rtt_handshake\": false,\n \"heartbeat\": \"10s\",\n \"network\": \"tcp\",\n \"tls\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/tuic/#fields","title":"Fields","text":""},{"location":"configuration/outbound/tuic/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/tuic/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/tuic/#uuid","title":"uuid","text":"<p>Required</p> <p>TUIC user uuid</p>"},{"location":"configuration/outbound/tuic/#password","title":"password","text":"<p>TUIC user password</p>"},{"location":"configuration/outbound/tuic/#congestion_control","title":"congestion_control","text":"<p>QUIC congestion control algorithm</p> <p>One of: <code>cubic</code>, <code>new_reno</code>, <code>bbr</code></p> <p><code>cubic</code> is used by default.</p>"},{"location":"configuration/outbound/tuic/#udp_relay_mode","title":"udp_relay_mode","text":"<p>UDP packet relay mode</p> Mode Description native native UDP characteristics quic lossless UDP relay using QUIC streams, additional overhead is introduced <p><code>native</code> is used by default.</p> <p>Conflict with <code>udp_over_stream</code>.</p>"},{"location":"configuration/outbound/tuic/#udp_over_stream","title":"udp_over_stream","text":"<p>This is the TUIC port of the UDP over TCP protocol, designed to provide a QUIC stream based UDP relay mode that TUIC does not provide. Since it is an add-on protocol, you will need to use sing-box or another program compatible with the protocol as a server.</p> <p>This mode has no positive effect in a proper UDP proxy scenario and should only be applied to relay streaming UDP traffic (basically QUIC streams).</p> <p>Conflict with <code>udp_relay_mode</code>.</p>"},{"location":"configuration/outbound/tuic/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/tuic/#tls","title":"tls","text":"<p>Required</p> <p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/tuic/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/urltest/","title":"URLTest","text":""},{"location":"configuration/outbound/urltest/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"urltest\",\n \"tag\": \"auto\",\n\n \"outbounds\": [\n \"proxy-a\",\n \"proxy-b\",\n \"proxy-c\"\n ],\n \"url\": \"\",\n \"interval\": \"\",\n \"tolerance\": 0,\n \"idle_timeout\": \"\",\n \"interrupt_exist_connections\": false\n}\n</code></pre>"},{"location":"configuration/outbound/urltest/#fields","title":"Fields","text":""},{"location":"configuration/outbound/urltest/#outbounds","title":"outbounds","text":"<p>Required</p> <p>List of outbound tags to test.</p>"},{"location":"configuration/outbound/urltest/#url","title":"url","text":"<p>The URL to test. <code>https://www.gstatic.com/generate_204</code> will be used if empty.</p>"},{"location":"configuration/outbound/urltest/#interval","title":"interval","text":"<p>The test interval. <code>3m</code> will be used if empty.</p>"},{"location":"configuration/outbound/urltest/#tolerance","title":"tolerance","text":"<p>The test tolerance in milliseconds. <code>50</code> will be used if empty.</p>"},{"location":"configuration/outbound/urltest/#idle_timeout","title":"idle_timeout","text":"<p>The idle timeout. <code>30m</code> will be used if empty.</p>"},{"location":"configuration/outbound/urltest/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"<p>Interrupt existing connections when the selected outbound has changed.</p> <p>Only inbound connections are affected by this setting, internal connections will always be interrupted.</p>"},{"location":"configuration/outbound/vless/","title":"VLESS","text":""},{"location":"configuration/outbound/vless/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"vless\",\n \"tag\": \"vless-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"flow\": \"xtls-rprx-vision\",\n \"network\": \"tcp\",\n \"tls\": {},\n \"packet_encoding\": \"\",\n \"multiplex\": {},\n \"transport\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/vless/#fields","title":"Fields","text":""},{"location":"configuration/outbound/vless/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/vless/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/vless/#uuid","title":"uuid","text":"<p>Required</p> <p>VLESS user id.</p>"},{"location":"configuration/outbound/vless/#flow","title":"flow","text":"<p>VLESS Sub-protocol.</p> <p>Available values:</p> <ul> <li><code>xtls-rprx-vision</code></li> </ul>"},{"location":"configuration/outbound/vless/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/vless/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/vless/#packet_encoding","title":"packet_encoding","text":"<p>UDP packet encoding, xudp is used by default.</p> Encoding Description (none) Disabled packetaddr Supported by v2ray 5+ xudp Supported by xray"},{"location":"configuration/outbound/vless/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/outbound/vless/#transport","title":"transport","text":"<p>V2Ray Transport configuration, see V2Ray Transport.</p>"},{"location":"configuration/outbound/vless/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/vmess/","title":"VMess","text":""},{"location":"configuration/outbound/vmess/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"vmess\",\n \"tag\": \"vmess-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"security\": \"auto\",\n \"alter_id\": 0,\n \"global_padding\": false,\n \"authenticated_length\": true,\n \"network\": \"tcp\",\n \"tls\": {},\n \"packet_encoding\": \"\",\n \"transport\": {},\n \"multiplex\": {},\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/vmess/#fields","title":"Fields","text":""},{"location":"configuration/outbound/vmess/#server","title":"server","text":"<p>Required</p> <p>The server address.</p>"},{"location":"configuration/outbound/vmess/#server_port","title":"server_port","text":"<p>Required</p> <p>The server port.</p>"},{"location":"configuration/outbound/vmess/#uuid","title":"uuid","text":"<p>Required</p> <p>The VMess user id.</p>"},{"location":"configuration/outbound/vmess/#security","title":"security","text":"<p>Encryption methods:</p> <ul> <li><code>auto</code></li> <li><code>none</code></li> <li><code>zero</code></li> <li><code>aes-128-gcm</code></li> <li><code>chacha20-poly1305</code></li> </ul> <p>Legacy encryption methods:</p> <ul> <li><code>aes-128-ctr</code></li> </ul>"},{"location":"configuration/outbound/vmess/#alter_id","title":"alter_id","text":"Alter ID Description 0 Use AEAD protocol 1 Use legacy protocol &gt; 1 Unused, same as 1"},{"location":"configuration/outbound/vmess/#global_padding","title":"global_padding","text":"<p>Protocol parameter. Will waste traffic randomly if enabled (enabled by default in v2ray and cannot be disabled).</p>"},{"location":"configuration/outbound/vmess/#authenticated_length","title":"authenticated_length","text":"<p>Protocol parameter. Enable length block encryption.</p>"},{"location":"configuration/outbound/vmess/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/vmess/#tls","title":"tls","text":"<p>TLS configuration, see TLS.</p>"},{"location":"configuration/outbound/vmess/#packet_encoding","title":"packet_encoding","text":"<p>UDP packet encoding.</p> Encoding Description (none) Disabled packetaddr Supported by v2ray 5+ xudp Supported by xray"},{"location":"configuration/outbound/vmess/#multiplex","title":"multiplex","text":"<p>See Multiplex for details.</p>"},{"location":"configuration/outbound/vmess/#transport","title":"transport","text":"<p>V2Ray Transport configuration, see V2Ray Transport.</p>"},{"location":"configuration/outbound/vmess/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/outbound/wireguard/","title":"WireGuard","text":"<p>Deprecated in sing-box 1.11.0</p> <p>WireGuard outbound is deprecated and will be removed in sing-box 1.13.0, check Migration.</p> <p>Changes in sing-box 1.11.0</p> <p> gso</p> <p>Changes in sing-box 1.8.0</p> <p> gso </p>"},{"location":"configuration/outbound/wireguard/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"wireguard\",\n \"tag\": \"wireguard-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"system_interface\": false,\n \"interface_name\": \"wg0\",\n \"local_address\": [\n \"10.0.0.1/32\"\n ],\n \"private_key\": \"YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=\",\n \"peers\": [\n {\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"public_key\": \"Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=\",\n \"pre_shared_key\": \"31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=\",\n \"allowed_ips\": [\n \"0.0.0.0/0\"\n ],\n \"reserved\": [0, 0, 0]\n }\n ],\n \"peer_public_key\": \"Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=\",\n \"pre_shared_key\": \"31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=\",\n \"reserved\": [0, 0, 0],\n \"workers\": 4,\n \"mtu\": 1408,\n \"network\": \"tcp\",\n\n // Deprecated\n\n \"gso\": false,\n\n ... // Dial Fields\n}\n</code></pre>"},{"location":"configuration/outbound/wireguard/#fields","title":"Fields","text":""},{"location":"configuration/outbound/wireguard/#server","title":"server","text":"<p>Required if multi-peer disabled</p> <p>The server address.</p>"},{"location":"configuration/outbound/wireguard/#server_port","title":"server_port","text":"<p>Required if multi-peer disabled</p> <p>The server port.</p>"},{"location":"configuration/outbound/wireguard/#system_interface","title":"system_interface","text":"<p>Use system interface.</p> <p>Requires privilege and cannot conflict with exists system interfaces.</p> <p>Forced if gVisor not included in the build.</p>"},{"location":"configuration/outbound/wireguard/#interface_name","title":"interface_name","text":"<p>Custom interface name for system interface.</p>"},{"location":"configuration/outbound/wireguard/#gso","title":"gso","text":"<p>Deprecated in sing-box 1.11.0</p> <p>GSO will be automatically enabled when available since sing-box 1.11.0.</p> <p>Since sing-box 1.8.0</p> <p>Only supported on Linux.</p> <p>Try to enable generic segmentation offload.</p>"},{"location":"configuration/outbound/wireguard/#local_address","title":"local_address","text":"<p>Required</p> <p>List of IP (v4 or v6) address prefixes to be assigned to the interface.</p>"},{"location":"configuration/outbound/wireguard/#private_key","title":"private_key","text":"<p>Required</p> <p>WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:</p> <pre><code>wg genkey\necho \"private key\" || wg pubkey\n</code></pre>"},{"location":"configuration/outbound/wireguard/#peers","title":"peers","text":"<p>Multi-peer support. </p> <p>If enabled, <code>server, server_port, peer_public_key, pre_shared_key</code> will be ignored.</p>"},{"location":"configuration/outbound/wireguard/#peersallowed_ips","title":"peers.allowed_ips","text":"<p>WireGuard allowed IPs.</p>"},{"location":"configuration/outbound/wireguard/#peersreserved","title":"peers.reserved","text":"<p>WireGuard reserved field bytes.</p> <p><code>$outbound.reserved</code> will be used if empty.</p>"},{"location":"configuration/outbound/wireguard/#peer_public_key","title":"peer_public_key","text":"<p>Required if multi-peer disabled</p> <p>WireGuard peer public key.</p>"},{"location":"configuration/outbound/wireguard/#pre_shared_key","title":"pre_shared_key","text":"<p>WireGuard pre-shared key.</p>"},{"location":"configuration/outbound/wireguard/#reserved","title":"reserved","text":"<p>WireGuard reserved field bytes.</p>"},{"location":"configuration/outbound/wireguard/#workers","title":"workers","text":"<p>WireGuard worker count.</p> <p>CPU count is used by default.</p>"},{"location":"configuration/outbound/wireguard/#mtu","title":"mtu","text":"<p>WireGuard MTU.</p> <p>1408 will be used if empty.</p>"},{"location":"configuration/outbound/wireguard/#network","title":"network","text":"<p>Enabled network</p> <p>One of <code>tcp</code> <code>udp</code>.</p> <p>Both is enabled by default.</p>"},{"location":"configuration/outbound/wireguard/#dial-fields","title":"Dial Fields","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/route/","title":"Route","text":"<p>Changes in sing-box 1.11.0</p> <p> default_network_strategy default_network_type default_fallback_network_type default_fallback_delay</p> <p>Changes in sing-box 1.8.0</p> <p> rule_set geoip geosite</p>"},{"location":"configuration/route/#structure","title":"Structure","text":"<pre><code>{\n \"route\": {\n \"geoip\": {},\n \"geosite\": {},\n \"rules\": [],\n \"rule_set\": [],\n \"final\": \"\",\n \"auto_detect_interface\": false,\n \"override_android_vpn\": false,\n \"default_interface\": \"\",\n \"default_mark\": 0,\n \"default_network_strategy\": \"\",\n \"default_network_type\": [],\n \"default_fallback_network_type\": [],\n \"default_fallback_delay\": \"\"\n }\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/route/#fields","title":"Fields","text":""},{"location":"configuration/route/#rules","title":"rules","text":"<p>List of Route Rule</p>"},{"location":"configuration/route/#rule_set","title":"rule_set","text":"<p>Since sing-box 1.8.0</p> <p>List of rule-set</p>"},{"location":"configuration/route/#final","title":"final","text":"<p>Default outbound tag. the first outbound will be used if empty.</p>"},{"location":"configuration/route/#auto_detect_interface","title":"auto_detect_interface","text":"<p>Only supported on Linux, Windows and macOS.</p> <p>Bind outbound connections to the default NIC by default to prevent routing loops under tun.</p> <p>Takes no effect if <code>outbound.bind_interface</code> is set.</p>"},{"location":"configuration/route/#override_android_vpn","title":"override_android_vpn","text":"<p>Only supported on Android.</p> <p>Accept Android VPN as upstream NIC when <code>auto_detect_interface</code> enabled.</p>"},{"location":"configuration/route/#default_interface","title":"default_interface","text":"<p>Only supported on Linux, Windows and macOS.</p> <p>Bind outbound connections to the specified NIC by default to prevent routing loops under tun.</p> <p>Takes no effect if <code>auto_detect_interface</code> is set.</p>"},{"location":"configuration/route/#default_mark","title":"default_mark","text":"<p>Only supported on Linux.</p> <p>Set routing mark by default.</p> <p>Takes no effect if <code>outbound.routing_mark</code> is set.</p>"},{"location":"configuration/route/#default_network_strategy","title":"default_network_strategy","text":"<p>Since sing-box 1.11.0</p> <p>See Dial Fields for details.</p> <p>Takes no effect if <code>outbound.bind_interface</code>, <code>outbound.inet4_bind_address</code> or <code>outbound.inet6_bind_address</code> is set.</p> <p>Can be overrides by <code>outbound.network_strategy</code>.</p> <p>Conflicts with <code>default_interface</code>.</p>"},{"location":"configuration/route/#default_network_type","title":"default_network_type","text":"<p>Since sing-box 1.11.0</p> <p>See Dial Fields for details.</p>"},{"location":"configuration/route/#default_fallback_network_type","title":"default_fallback_network_type","text":"<p>Since sing-box 1.11.0</p> <p>See Dial Fields for details.</p>"},{"location":"configuration/route/#default_fallback_delay","title":"default_fallback_delay","text":"<p>Since sing-box 1.11.0</p> <p>See Dial Fields for details.</p>"},{"location":"configuration/route/geoip/","title":"GeoIP","text":"<p>Deprecated in sing-box 1.8.0</p> <p>GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.</p>"},{"location":"configuration/route/geoip/#structure","title":"Structure","text":"<pre><code>{\n \"route\": {\n \"geoip\": {\n \"path\": \"\",\n \"download_url\": \"\",\n \"download_detour\": \"\"\n }\n }\n}\n</code></pre>"},{"location":"configuration/route/geoip/#fields","title":"Fields","text":""},{"location":"configuration/route/geoip/#path","title":"path","text":"<p>The path to the sing-geoip database.</p> <p><code>geoip.db</code> will be used if empty.</p>"},{"location":"configuration/route/geoip/#download_url","title":"download_url","text":"<p>The download URL of the sing-geoip database.</p> <p>Default is <code>https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db</code>.</p>"},{"location":"configuration/route/geoip/#download_detour","title":"download_detour","text":"<p>The tag of the outbound to download the database.</p> <p>Default outbound will be used if empty.</p>"},{"location":"configuration/route/geosite/","title":"Geosite","text":"<p>Deprecated in sing-box 1.8.0</p> <p>Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.</p>"},{"location":"configuration/route/geosite/#structure","title":"Structure","text":"<pre><code>{\n \"route\": {\n \"geosite\": {\n \"path\": \"\",\n \"download_url\": \"\",\n \"download_detour\": \"\"\n }\n }\n}\n</code></pre>"},{"location":"configuration/route/geosite/#fields","title":"Fields","text":""},{"location":"configuration/route/geosite/#path","title":"path","text":"<p>The path to the sing-geosite database.</p> <p><code>geosite.db</code> will be used if empty.</p>"},{"location":"configuration/route/geosite/#download_url","title":"download_url","text":"<p>The download URL of the sing-geoip database.</p> <p>Default is <code>https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db</code>.</p>"},{"location":"configuration/route/geosite/#download_detour","title":"download_detour","text":"<p>The tag of the outbound to download the database.</p> <p>Default outbound will be used if empty.</p>"},{"location":"configuration/route/rule/","title":"Route Rule","text":"<p>Changes in sing-box 1.11.0</p> <p> action outbound network_type network_is_expensive network_is_constrained</p> <p>Changes in sing-box 1.10.0</p> <p> client rule_set_ipcidr_match_source rule_set_ip_cidr_match_source process_path_regex</p> <p>Changes in sing-box 1.8.0</p> <p> rule_set rule_set_ipcidr_match_source source_ip_is_private ip_is_private source_geoip geoip geosite</p>"},{"location":"configuration/route/rule/#structure","title":"Structure","text":"<pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"inbound\": [\n \"mixed-in\"\n ],\n \"ip_version\": 6,\n \"network\": [\n \"tcp\"\n ],\n \"auth_user\": [\n \"usera\",\n \"userb\"\n ],\n \"protocol\": [\n \"tls\",\n \"http\",\n \"quic\"\n ],\n \"client\": [\n \"chromium\",\n \"safari\",\n \"firefox\",\n \"quic-go\"\n ],\n \"domain\": [\n \"test.com\"\n ],\n \"domain_suffix\": [\n \".cn\"\n ],\n \"domain_keyword\": [\n \"test\"\n ],\n \"domain_regex\": [\n \"^stun\\\\..+\"\n ],\n \"geosite\": [\n \"cn\"\n ],\n \"source_geoip\": [\n \"private\"\n ],\n \"geoip\": [\n \"cn\"\n ],\n \"source_ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"source_ip_is_private\": false,\n \"ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"ip_is_private\": false,\n \"source_port\": [\n 12345\n ],\n \"source_port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"port\": [\n 80,\n 443\n ],\n \"port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"process_name\": [\n \"curl\"\n ],\n \"process_path\": [\n \"/usr/bin/curl\"\n ],\n \"process_path_regex\": [\n \"^/usr/bin/.+\"\n ],\n \"package_name\": [\n \"com.termux\"\n ],\n \"user\": [\n \"sekai\"\n ],\n \"user_id\": [\n 1000\n ],\n \"clash_mode\": \"direct\",\n \"network_type\": [\n \"wifi\"\n ],\n \"network_is_expensive\": false,\n \"network_is_constrained\": false,\n \"wifi_ssid\": [\n \"My WIFI\"\n ],\n \"wifi_bssid\": [\n \"00:00:00:00:00:00\"\n ],\n \"rule_set\": [\n \"geoip-cn\",\n \"geosite-cn\"\n ],\n // deprecated\n \"rule_set_ipcidr_match_source\": false,\n \"rule_set_ip_cidr_match_source\": false,\n \"invert\": false,\n \"action\": \"route\",\n \"outbound\": \"direct\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [],\n \"invert\": false,\n \"action\": \"route\",\n \"outbound\": \"direct\"\n }\n ]\n }\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/route/rule/#default-fields","title":"Default Fields","text":"<p>The default rule uses the following matching logic: (<code>domain</code> || <code>domain_suffix</code> || <code>domain_keyword</code> || <code>domain_regex</code> || <code>geosite</code> || <code>geoip</code> || <code>ip_cidr</code> || <code>ip_is_private</code>) &amp;&amp; (<code>port</code> || <code>port_range</code>) &amp;&amp; (<code>source_geoip</code> || <code>source_ip_cidr</code> || <code>source_ip_is_private</code>) &amp;&amp; (<code>source_port</code> || <code>source_port_range</code>) &amp;&amp; <code>other fields</code></p> <p>Additionally, included rule-sets can be considered merged rather than as a single rule sub-item.</p>"},{"location":"configuration/route/rule/#inbound","title":"inbound","text":"<p>Tags of Inbound.</p>"},{"location":"configuration/route/rule/#ip_version","title":"ip_version","text":"<p>4 or 6.</p> <p>Not limited if empty.</p>"},{"location":"configuration/route/rule/#auth_user","title":"auth_user","text":"<p>Username, see each inbound for details.</p>"},{"location":"configuration/route/rule/#protocol","title":"protocol","text":"<p>Sniffed protocol, see Protocol Sniff for details.</p>"},{"location":"configuration/route/rule/#client","title":"client","text":"<p>Since sing-box 1.10.0</p> <p>Sniffed client type, see Protocol Sniff for details.</p>"},{"location":"configuration/route/rule/#network","title":"network","text":"<p><code>tcp</code> or <code>udp</code>.</p>"},{"location":"configuration/route/rule/#domain","title":"domain","text":"<p>Match full domain.</p>"},{"location":"configuration/route/rule/#domain_suffix","title":"domain_suffix","text":"<p>Match domain suffix.</p>"},{"location":"configuration/route/rule/#domain_keyword","title":"domain_keyword","text":"<p>Match domain using keyword.</p>"},{"location":"configuration/route/rule/#domain_regex","title":"domain_regex","text":"<p>Match domain using regular expression.</p>"},{"location":"configuration/route/rule/#geosite","title":"geosite","text":"<p>Deprecated in sing-box 1.8.0</p> <p>Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.</p> <p>Match geosite.</p>"},{"location":"configuration/route/rule/#source_geoip","title":"source_geoip","text":"<p>Deprecated in sing-box 1.8.0</p> <p>GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.</p> <p>Match source geoip.</p>"},{"location":"configuration/route/rule/#geoip","title":"geoip","text":"<p>Deprecated in sing-box 1.8.0</p> <p>GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.</p> <p>Match geoip.</p>"},{"location":"configuration/route/rule/#source_ip_cidr","title":"source_ip_cidr","text":"<p>Match source IP CIDR.</p>"},{"location":"configuration/route/rule/#ip_is_private","title":"ip_is_private","text":"<p>Since sing-box 1.8.0</p> <p>Match non-public IP.</p>"},{"location":"configuration/route/rule/#ip_cidr","title":"ip_cidr","text":"<p>Match IP CIDR.</p>"},{"location":"configuration/route/rule/#source_ip_is_private","title":"source_ip_is_private","text":"<p>Since sing-box 1.8.0</p> <p>Match non-public source IP.</p>"},{"location":"configuration/route/rule/#source_port","title":"source_port","text":"<p>Match source port.</p>"},{"location":"configuration/route/rule/#source_port_range","title":"source_port_range","text":"<p>Match source port range.</p>"},{"location":"configuration/route/rule/#port","title":"port","text":"<p>Match port.</p>"},{"location":"configuration/route/rule/#port_range","title":"port_range","text":"<p>Match port range.</p>"},{"location":"configuration/route/rule/#process_name","title":"process_name","text":"<p>Only supported on Linux, Windows, and macOS.</p> <p>Match process name.</p>"},{"location":"configuration/route/rule/#process_path","title":"process_path","text":"<p>Only supported on Linux, Windows, and macOS.</p> <p>Match process path.</p>"},{"location":"configuration/route/rule/#process_path_regex","title":"process_path_regex","text":"<p>Since sing-box 1.10.0</p> <p>Only supported on Linux, Windows, and macOS.</p> <p>Match process path using regular expression.</p>"},{"location":"configuration/route/rule/#package_name","title":"package_name","text":"<p>Match android package name.</p>"},{"location":"configuration/route/rule/#user","title":"user","text":"<p>Only supported on Linux.</p> <p>Match user name.</p>"},{"location":"configuration/route/rule/#user_id","title":"user_id","text":"<p>Only supported on Linux.</p> <p>Match user id.</p>"},{"location":"configuration/route/rule/#clash_mode","title":"clash_mode","text":"<p>Match Clash mode.</p>"},{"location":"configuration/route/rule/#network_type","title":"network_type","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match network type.</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code> and <code>other</code>.</p>"},{"location":"configuration/route/rule/#network_is_expensive","title":"network_is_expensive","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).</p>"},{"location":"configuration/route/rule/#network_is_constrained","title":"network_is_constrained","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Apple platforms.</p> <p>Match if network is in Low Data Mode.</p>"},{"location":"configuration/route/rule/#wifi_ssid","title":"wifi_ssid","text":"<p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match WiFi SSID.</p>"},{"location":"configuration/route/rule/#wifi_bssid","title":"wifi_bssid","text":"<p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match WiFi BSSID.</p>"},{"location":"configuration/route/rule/#rule_set","title":"rule_set","text":"<p>Since sing-box 1.8.0</p> <p>Match rule-set.</p>"},{"location":"configuration/route/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"<p>Since sing-box 1.8.0</p> <p>Deprecated in sing-box 1.10.0</p> <p><code>rule_set_ipcidr_match_source</code> is renamed to <code>rule_set_ip_cidr_match_source</code> and will be remove in sing-box 1.11.0.</p> <p>Make <code>ip_cidr</code> in rule-sets match the source IP.</p>"},{"location":"configuration/route/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"<p>Since sing-box 1.10.0</p> <p>Make <code>ip_cidr</code> in rule-sets match the source IP.</p>"},{"location":"configuration/route/rule/#invert","title":"invert","text":"<p>Invert match result.</p>"},{"location":"configuration/route/rule/#action","title":"action","text":"<p>Required</p> <p>See Rule Actions for details.</p>"},{"location":"configuration/route/rule/#outbound","title":"outbound","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Moved to Rule Action.</p>"},{"location":"configuration/route/rule/#logical-fields","title":"Logical Fields","text":""},{"location":"configuration/route/rule/#type","title":"type","text":"<p><code>logical</code></p>"},{"location":"configuration/route/rule/#mode","title":"mode","text":"<p>Required</p> <p><code>and</code> or <code>or</code></p>"},{"location":"configuration/route/rule/#rules","title":"rules","text":"<p>Required</p> <p>Included rules.</p>"},{"location":"configuration/route/rule_action/","title":"Rule Action","text":""},{"location":"configuration/route/rule_action/#final-actions","title":"Final actions","text":""},{"location":"configuration/route/rule_action/#route","title":"route","text":"<pre><code>{\n \"action\": \"route\", // default\n \"outbound\": \"\",\n\n ... // route-options Fields\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p> <p><code>route</code> inherits the classic rule behavior of routing connection to the specified outbound.</p>"},{"location":"configuration/route/rule_action/#outbound","title":"outbound","text":"<p>Required</p> <p>Tag of target outbound.</p>"},{"location":"configuration/route/rule_action/#route-options-fields","title":"route-options Fields","text":"<p>See <code>route-options</code> fields below.</p>"},{"location":"configuration/route/rule_action/#route-options","title":"route-options","text":"<pre><code>{\n \"action\": \"route-options\",\n \"override_address\": \"\",\n \"override_port\": 0,\n \"network_strategy\": \"\",\n \"fallback_delay\": \"\",\n \"udp_disable_domain_unmapping\": false,\n \"udp_connect\": false,\n \"udp_timeout\": \"\"\n}\n</code></pre> <p><code>route-options</code> set options for routing.</p>"},{"location":"configuration/route/rule_action/#override_address","title":"override_address","text":"<p>Override the connection destination address.</p>"},{"location":"configuration/route/rule_action/#override_port","title":"override_port","text":"<p>Override the connection destination port.</p>"},{"location":"configuration/route/rule_action/#network_strategy","title":"network_strategy","text":"<p>See Dial Fields for details.</p> <p>Only take effect if outbound is direct without <code>outbound.bind_interface</code>, <code>outbound.inet4_bind_address</code> and <code>outbound.inet6_bind_address</code> set.</p>"},{"location":"configuration/route/rule_action/#network_type","title":"network_type","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/route/rule_action/#fallback_network_type","title":"fallback_network_type","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/route/rule_action/#fallback_delay","title":"fallback_delay","text":"<p>See Dial Fields for details.</p>"},{"location":"configuration/route/rule_action/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"<p>If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.</p> <p>This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.</p>"},{"location":"configuration/route/rule_action/#udp_connect","title":"udp_connect","text":"<p>If enabled, attempts to connect UDP connection to the destination instead of listen.</p>"},{"location":"configuration/route/rule_action/#udp_timeout","title":"udp_timeout","text":"<p>Timeout for UDP connections.</p> <p>Setting a larger value than the UDP timeout in inbounds will have no effect.</p> <p>Default value for protocol sniffed connections:</p> Timeout Protocol <code>10s</code> <code>dns</code>, <code>ntp</code>, <code>stun</code> <code>30s</code> <code>quic</code>, <code>dtls</code> <p>If no protocol is sniffed, the following ports will be recognized as protocols by default:</p> Port Protocol 53 <code>dns</code> 123 <code>ntp</code> 443 <code>quic</code> 3478 <code>stun</code>"},{"location":"configuration/route/rule_action/#reject","title":"reject","text":"<pre><code>{\n \"action\": \"reject\",\n \"method\": \"default\", // default\n \"no_drop\": false\n}\n</code></pre> <p><code>reject</code> reject connections</p> <p>The specified method is used for reject tun connections if <code>sniff</code> action has not been performed yet.</p> <p>For non-tun connections and already established connections, will just be closed.</p>"},{"location":"configuration/route/rule_action/#method","title":"method","text":"<ul> <li><code>default</code>: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets.</li> <li><code>drop</code>: Drop packets.</li> </ul>"},{"location":"configuration/route/rule_action/#no_drop","title":"no_drop","text":"<p>If not enabled, <code>method</code> will be temporarily overwritten to <code>drop</code> after 50 triggers in 30s.</p> <p>Not available when <code>method</code> is set to drop.</p>"},{"location":"configuration/route/rule_action/#hijack-dns","title":"hijack-dns","text":"<pre><code>{\n \"action\": \"hijack-dns\"\n}\n</code></pre> <p><code>hijack-dns</code> hijack DNS requests to the sing-box DNS module.</p>"},{"location":"configuration/route/rule_action/#non-final-actions","title":"Non-final actions","text":""},{"location":"configuration/route/rule_action/#sniff","title":"sniff","text":"<pre><code>{\n \"action\": \"sniff\",\n \"sniffer\": [],\n \"timeout\": \"\"\n}\n</code></pre> <p><code>sniff</code> performs protocol sniffing on connections.</p> <p>For deprecated <code>inbound.sniff</code> options, it is considered to <code>sniff()</code> performed before routing.</p>"},{"location":"configuration/route/rule_action/#sniffer","title":"sniffer","text":"<p>Enabled sniffers.</p> <p>All sniffers enabled by default.</p> <p>Available protocol values an be found on in Protocol Sniff</p>"},{"location":"configuration/route/rule_action/#timeout","title":"timeout","text":"<p>Timeout for sniffing.</p> <p><code>300ms</code> is used by default.</p>"},{"location":"configuration/route/rule_action/#resolve","title":"resolve","text":"<pre><code>{\n \"action\": \"resolve\",\n \"strategy\": \"\",\n \"server\": \"\"\n}\n</code></pre> <p><code>resolve</code> resolve request destination from domain to IP addresses.</p>"},{"location":"configuration/route/rule_action/#strategy","title":"strategy","text":"<p>DNS resolution strategy, available values are: <code>prefer_ipv4</code>, <code>prefer_ipv6</code>, <code>ipv4_only</code>, <code>ipv6_only</code>.</p> <p><code>dns.strategy</code> will be used by default.</p>"},{"location":"configuration/route/rule_action/#server","title":"server","text":"<p>Specifies DNS server tag to use instead of selecting through DNS routing.</p>"},{"location":"configuration/route/sniff/","title":"Protocol Sniff","text":"<p>Changes in sing-box 1.10.0</p> <p> QUIC client type detect support for QUIC Chromium support for QUIC BitTorrent support DTLS support SSH support RDP support</p> <p>If enabled in the inbound, the protocol and domain name (if present) of by the connection can be sniffed.</p>"},{"location":"configuration/route/sniff/#supported-protocols","title":"Supported Protocols","text":"Network Protocol Domain Name Client TCP <code>http</code> Host / TCP <code>tls</code> Server Name / UDP <code>quic</code> Server Name QUIC Client Type UDP <code>stun</code> / / TCP/UDP <code>dns</code> / / TCP/UDP <code>bittorrent</code> / / UDP <code>dtls</code> / / TCP <code>ssh</code> / SSH Client Name TCP <code>rdp</code> / / QUIC Client Type Chromium/Cronet <code>chrimium</code> Safari/Apple Network API <code>safari</code> Firefox / uquic firefox <code>firefox</code> quic-go / uquic chrome <code>quic-go</code>"},{"location":"configuration/rule-set/","title":"Index","text":"<p>Changes in sing-box 1.10.0</p> <p> <code>type: inline</code></p>"},{"location":"configuration/rule-set/#rule-set","title":"rule-set","text":"<p>Since sing-box 1.8.0</p>"},{"location":"configuration/rule-set/#structure","title":"Structure","text":"InlineLocal FileRemote File <p>Since sing-box 1.10.0</p> <pre><code>{\n \"type\": \"inline\", // optional\n \"tag\": \"\",\n \"rules\": []\n}\n</code></pre> <pre><code>{\n \"type\": \"local\",\n \"tag\": \"\",\n \"format\": \"source\", // or binary\n \"path\": \"\"\n}\n</code></pre> <p>Remote rule-set will be cached if <code>experimental.cache_file.enabled</code>.</p> <pre><code>{\n \"type\": \"remote\",\n \"tag\": \"\",\n \"format\": \"source\", // or binary\n \"url\": \"\",\n \"download_detour\": \"\", // optional\n \"update_interval\": \"\" // optional\n}\n</code></pre>"},{"location":"configuration/rule-set/#fields","title":"Fields","text":""},{"location":"configuration/rule-set/#type","title":"type","text":"<p>Required</p> <p>Type of rule-set, <code>local</code> or <code>remote</code>.</p>"},{"location":"configuration/rule-set/#tag","title":"tag","text":"<p>Required</p> <p>Tag of rule-set.</p>"},{"location":"configuration/rule-set/#inline-fields","title":"Inline Fields","text":"<p>Since sing-box 1.10.0</p>"},{"location":"configuration/rule-set/#rules","title":"rules","text":"<p>Required</p> <p>List of Headless Rule.</p>"},{"location":"configuration/rule-set/#local-or-remote-fields","title":"Local or Remote Fields","text":""},{"location":"configuration/rule-set/#format","title":"format","text":"<p>Required</p> <p>Format of rule-set file, <code>source</code> or <code>binary</code>.</p>"},{"location":"configuration/rule-set/#local-fields","title":"Local Fields","text":""},{"location":"configuration/rule-set/#path","title":"path","text":"<p>Required</p> <p>Will be automatically reloaded if file modified since sing-box 1.10.0.</p> <p>File path of rule-set.</p>"},{"location":"configuration/rule-set/#remote-fields","title":"Remote Fields","text":""},{"location":"configuration/rule-set/#url","title":"url","text":"<p>Required</p> <p>Download URL of rule-set.</p>"},{"location":"configuration/rule-set/#download_detour","title":"download_detour","text":"<p>Tag of the outbound to download rule-set.</p> <p>Default outbound will be used if empty.</p>"},{"location":"configuration/rule-set/#update_interval","title":"update_interval","text":"<p>Update interval of rule-set.</p> <p><code>1d</code> will be used if empty.</p>"},{"location":"configuration/rule-set/adguard/","title":"AdGuard DNS Filer","text":"<p>Since sing-box 1.10.0</p> <p>sing-box supports some rule-set formats from other projects which cannot be fully translated to sing-box, currently only AdGuard DNS Filter.</p> <p>These formats are not directly supported as source formats, instead you need to convert them to binary rule-set.</p>"},{"location":"configuration/rule-set/adguard/#convert","title":"Convert","text":"<p>Use <code>sing-box rule-set convert --type adguard [--output &lt;file-name&gt;.srs] &lt;file-name&gt;.txt</code> to convert to binary rule-set.</p>"},{"location":"configuration/rule-set/adguard/#performance","title":"Performance","text":"<p>AdGuard keeps all rules in memory and matches them sequentially, while sing-box chooses high performance and smaller memory usage. As a trade-off, you cannot know which rule item is matched.</p>"},{"location":"configuration/rule-set/adguard/#compatibility","title":"Compatibility","text":"<p>Almost all rules in AdGuardSDNSFilter and rules in rule-sets listed in adguard-filter-list are supported.</p>"},{"location":"configuration/rule-set/adguard/#supported-formats","title":"Supported formats","text":""},{"location":"configuration/rule-set/adguard/#adguard-filter","title":"AdGuard Filter","text":""},{"location":"configuration/rule-set/adguard/#basic-rule-syntax","title":"Basic rule syntax","text":"Syntax Supported <code>@@</code> <code>\\|\\|</code> <code>\\|</code> <code>^</code> <code>*</code>"},{"location":"configuration/rule-set/adguard/#host-syntax","title":"Host syntax","text":"Syntax Example Supported Scheme <code>https://</code> Ignored Domain Host <code>example.org</code> IP Host <code>1.1.1.1</code>, <code>10.0.0.</code> Regexp <code>/regexp/</code> Port <code>example.org:80</code> Path <code>example.org/path/ad.js</code>"},{"location":"configuration/rule-set/adguard/#modifier-syntax","title":"Modifier syntax","text":"Modifier Supported <code>$important</code> <code>$dnsrewrite=0.0.0.0</code> Ignored Any other modifiers"},{"location":"configuration/rule-set/adguard/#hosts","title":"Hosts","text":"<p>Only items with <code>0.0.0.0</code> IP addresses will be accepted.</p>"},{"location":"configuration/rule-set/adguard/#simple","title":"Simple","text":"<p>When all rule lines are valid domains, they are treated as simple line-by-line domain rules which, like hosts, only match the exact same domain.</p>"},{"location":"configuration/rule-set/headless-rule/","title":"Headless Rule","text":"<p>Changes in sing-box 1.11.0</p> <p> network_type network_is_expensive network_is_constrained</p>"},{"location":"configuration/rule-set/headless-rule/#structure","title":"Structure","text":"<p>Since sing-box 1.8.0</p> <pre><code>{\n \"rules\": [\n {\n \"query_type\": [\n \"A\",\n \"HTTPS\",\n 32768\n ],\n \"network\": [\n \"tcp\"\n ],\n \"domain\": [\n \"test.com\"\n ],\n \"domain_suffix\": [\n \".cn\"\n ],\n \"domain_keyword\": [\n \"test\"\n ],\n \"domain_regex\": [\n \"^stun\\\\..+\"\n ],\n \"source_ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"source_port\": [\n 12345\n ],\n \"source_port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"port\": [\n 80,\n 443\n ],\n \"port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"process_name\": [\n \"curl\"\n ],\n \"process_path\": [\n \"/usr/bin/curl\"\n ],\n \"process_path_regex\": [\n \"^/usr/bin/.+\"\n ],\n \"package_name\": [\n \"com.termux\"\n ],\n \"network_type\": [\n \"wifi\"\n ],\n \"network_is_expensive\": false,\n \"network_is_constrained\": false,\n \"wifi_ssid\": [\n \"My WIFI\"\n ],\n \"wifi_bssid\": [\n \"00:00:00:00:00:00\"\n ],\n \"invert\": false\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [],\n \"invert\": false\n }\n ]\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/rule-set/headless-rule/#default-fields","title":"Default Fields","text":"<p>The default rule uses the following matching logic: (<code>domain</code> || <code>domain_suffix</code> || <code>domain_keyword</code> || <code>domain_regex</code> || <code>ip_cidr</code>) &amp;&amp; (<code>port</code> || <code>port_range</code>) &amp;&amp; (<code>source_port</code> || <code>source_port_range</code>) &amp;&amp; <code>other fields</code></p>"},{"location":"configuration/rule-set/headless-rule/#query_type","title":"query_type","text":"<p>DNS query type. Values can be integers or type name strings.</p>"},{"location":"configuration/rule-set/headless-rule/#network","title":"network","text":"<p><code>tcp</code> or <code>udp</code>.</p>"},{"location":"configuration/rule-set/headless-rule/#domain","title":"domain","text":"<p>Match full domain.</p>"},{"location":"configuration/rule-set/headless-rule/#domain_suffix","title":"domain_suffix","text":"<p>Match domain suffix.</p>"},{"location":"configuration/rule-set/headless-rule/#domain_keyword","title":"domain_keyword","text":"<p>Match domain using keyword.</p>"},{"location":"configuration/rule-set/headless-rule/#domain_regex","title":"domain_regex","text":"<p>Match domain using regular expression.</p>"},{"location":"configuration/rule-set/headless-rule/#source_ip_cidr","title":"source_ip_cidr","text":"<p>Match source IP CIDR.</p>"},{"location":"configuration/rule-set/headless-rule/#ip_cidr","title":"ip_cidr","text":"<p><code>ip_cidr</code> is an alias for <code>source_ip_cidr</code> when <code>rule_set_ipcidr_match_source</code> enabled in route/DNS rules.</p> <p>Match IP CIDR.</p>"},{"location":"configuration/rule-set/headless-rule/#source_port","title":"source_port","text":"<p>Match source port.</p>"},{"location":"configuration/rule-set/headless-rule/#source_port_range","title":"source_port_range","text":"<p>Match source port range.</p>"},{"location":"configuration/rule-set/headless-rule/#port","title":"port","text":"<p>Match port.</p>"},{"location":"configuration/rule-set/headless-rule/#port_range","title":"port_range","text":"<p>Match port range.</p>"},{"location":"configuration/rule-set/headless-rule/#process_name","title":"process_name","text":"<p>Only supported on Linux, Windows, and macOS.</p> <p>Match process name.</p>"},{"location":"configuration/rule-set/headless-rule/#process_path","title":"process_path","text":"<p>Only supported on Linux, Windows, and macOS.</p> <p>Match process path.</p>"},{"location":"configuration/rule-set/headless-rule/#process_path_regex","title":"process_path_regex","text":"<p>Since sing-box 1.10.0</p> <p>Only supported on Linux, Windows, and macOS.</p> <p>Match process path using regular expression.</p>"},{"location":"configuration/rule-set/headless-rule/#package_name","title":"package_name","text":"<p>Match android package name.</p>"},{"location":"configuration/rule-set/headless-rule/#network_type","title":"network_type","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match network type.</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code> and <code>other</code>.</p>"},{"location":"configuration/rule-set/headless-rule/#network_is_expensive","title":"network_is_expensive","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).</p>"},{"location":"configuration/rule-set/headless-rule/#network_is_constrained","title":"network_is_constrained","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Apple platforms.</p> <p>Match if network is in Low Data Mode.</p>"},{"location":"configuration/rule-set/headless-rule/#wifi_ssid","title":"wifi_ssid","text":"<p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match WiFi SSID.</p>"},{"location":"configuration/rule-set/headless-rule/#wifi_bssid","title":"wifi_bssid","text":"<p>Only supported in graphical clients on Android and Apple platforms.</p> <p>Match WiFi BSSID.</p>"},{"location":"configuration/rule-set/headless-rule/#invert","title":"invert","text":"<p>Invert match result.</p>"},{"location":"configuration/rule-set/headless-rule/#logical-fields","title":"Logical Fields","text":""},{"location":"configuration/rule-set/headless-rule/#type","title":"type","text":"<p><code>logical</code></p>"},{"location":"configuration/rule-set/headless-rule/#mode","title":"mode","text":"<p>Required</p> <p><code>and</code> or <code>or</code></p>"},{"location":"configuration/rule-set/headless-rule/#rules","title":"rules","text":"<p>Required</p> <p>Included rules.</p>"},{"location":"configuration/rule-set/source-format/","title":"Source Format","text":"<p>Changes in sing-box 1.11.0</p> <p> version <code>3</code></p> <p>Changes in sing-box 1.10.0</p> <p> version <code>2</code></p> <p>Since sing-box 1.8.0</p>"},{"location":"configuration/rule-set/source-format/#structure","title":"Structure","text":"<pre><code>{\n \"version\": 3,\n \"rules\": []\n}\n</code></pre>"},{"location":"configuration/rule-set/source-format/#compile","title":"Compile","text":"<p>Use <code>sing-box rule-set compile [--output &lt;file-name&gt;.srs] &lt;file-name&gt;.json</code> to compile source to binary rule-set.</p>"},{"location":"configuration/rule-set/source-format/#fields","title":"Fields","text":""},{"location":"configuration/rule-set/source-format/#version","title":"version","text":"<p>Required</p> <p>Version of rule-set.</p> <ul> <li>1: sing-box 1.8.0: Initial rule-set version.</li> <li>2: sing-box 1.10.0: Optimized memory usages of <code>domain_suffix</code> rules in binary rule-sets.</li> <li>3: sing-box 1.11.0: Added <code>network_type</code>, <code>network_is_expensive</code> and <code>network_is_constrainted</code> rule items.</li> </ul>"},{"location":"configuration/rule-set/source-format/#rules","title":"rules","text":"<p>Required</p> <p>List of Headless Rule.</p>"},{"location":"configuration/shared/dial/","title":"Dial Fields","text":"<p>Changes in sing-box 1.11.0</p> <p> network_strategy fallback_delay network_type fallback_network_type</p>"},{"location":"configuration/shared/dial/#structure","title":"Structure","text":"<pre><code>{\n \"detour\": \"upstream-out\",\n \"bind_interface\": \"en0\",\n \"inet4_bind_address\": \"0.0.0.0\",\n \"inet6_bind_address\": \"::\",\n \"routing_mark\": 1234,\n \"reuse_addr\": false,\n \"connect_timeout\": \"5s\",\n \"tcp_fast_open\": false,\n \"tcp_multi_path\": false,\n \"udp_fragment\": false,\n \"domain_strategy\": \"prefer_ipv6\",\n \"network_strategy\": \"default\",\n \"network_type\": [],\n \"fallback_network_type\": [],\n \"fallback_delay\": \"300ms\"\n}\n</code></pre> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/shared/dial/#fields","title":"Fields","text":""},{"location":"configuration/shared/dial/#detour","title":"detour","text":"<p>The tag of the upstream outbound.</p> <p>If enabled, all other fields will be ignored.</p>"},{"location":"configuration/shared/dial/#bind_interface","title":"bind_interface","text":"<p>The network interface to bind to.</p>"},{"location":"configuration/shared/dial/#inet4_bind_address","title":"inet4_bind_address","text":"<p>The IPv4 address to bind to.</p>"},{"location":"configuration/shared/dial/#inet6_bind_address","title":"inet6_bind_address","text":"<p>The IPv6 address to bind to.</p>"},{"location":"configuration/shared/dial/#routing_mark","title":"routing_mark","text":"<p>Only supported on Linux.</p> <p>Set netfilter routing mark.</p>"},{"location":"configuration/shared/dial/#reuse_addr","title":"reuse_addr","text":"<p>Reuse listener address.</p>"},{"location":"configuration/shared/dial/#tcp_fast_open","title":"tcp_fast_open","text":"<p>Enable TCP Fast Open.</p>"},{"location":"configuration/shared/dial/#tcp_multi_path","title":"tcp_multi_path","text":"<p>Go 1.21 required.</p> <p>Enable TCP Multi Path.</p>"},{"location":"configuration/shared/dial/#udp_fragment","title":"udp_fragment","text":"<p>Enable UDP fragmentation.</p>"},{"location":"configuration/shared/dial/#connect_timeout","title":"connect_timeout","text":"<p>Connect timeout, in golang's Duration format.</p> <p>A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as \"300ms\", \"-1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"\u00b5s\"), \"ms\", \"s\", \"m\", \"h\".</p>"},{"location":"configuration/shared/dial/#domain_strategy","title":"domain_strategy","text":"<p>Available values: <code>prefer_ipv4</code>, <code>prefer_ipv6</code>, <code>ipv4_only</code>, <code>ipv6_only</code>.</p> <p>If set, the requested domain name will be resolved to IP before connect.</p> Outbound Effected domains Fallback Value <code>direct</code> Domain in request Take <code>inbound.domain_strategy</code> if not set others Domain in server address /"},{"location":"configuration/shared/dial/#network_strategy","title":"network_strategy","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms with <code>auto_detect_interface</code> enabled.</p> <p>Strategy for selecting network interfaces.</p> <p>Available values:</p> <ul> <li><code>default</code> (default): Connect to default network or networks specified in <code>network_type</code> sequentially.</li> <li><code>hybrid</code>: Connect to all networks or networks specified in <code>network_type</code> concurrently.</li> <li><code>fallback</code>: Connect to default network or preferred networks specified in <code>network_type</code> concurrently, and try fallback networks when unavailable or timeout.</li> </ul> <p>For fallback, when preferred interfaces fails or times out, it will enter a 15s fast fallback state (Connect to all preferred and fallback networks concurrently), and exit immediately if preferred networks recover.</p> <p>Conflicts with <code>bind_interface</code>, <code>inet4_bind_address</code> and <code>inet6_bind_address</code>.</p>"},{"location":"configuration/shared/dial/#network_type","title":"network_type","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms with <code>auto_detect_interface</code> enabled.</p> <p>Network types to use when using <code>default</code> or <code>hybrid</code> network strategy or preferred network types to use when using <code>fallback</code> network strategy.</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code>, <code>other</code>.</p> <p>Device's default network is used by default.</p>"},{"location":"configuration/shared/dial/#fallback_network_type","title":"fallback_network_type","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms with <code>auto_detect_interface</code> enabled.</p> <p>Fallback network types when preferred networks are unavailable or timeout when using <code>fallback</code> network strategy.</p> <p>All other networks expect preferred are used by default.</p>"},{"location":"configuration/shared/dial/#fallback_delay","title":"fallback_delay","text":"<p>Since sing-box 1.11.0</p> <p>Only supported in graphical clients on Android and Apple platforms with <code>auto_detect_interface</code> enabled.</p> <p>The length of time to wait before spawning a RFC 6555 Fast Fallback connection.</p> <p>For <code>domain_strategy</code>, is the amount of time to wait for connection to succeed before assuming that IPv4/IPv6 is misconfigured and falling back to other type of addresses.</p> <p>For <code>network_strategy</code>, is the amount of time to wait for connection to succeed before falling back to other interfaces.</p> <p>Only take effect when <code>domain_strategy</code> or <code>network_strategy</code> is set.</p> <p><code>300ms</code> is used by default.</p>"},{"location":"configuration/shared/dns01_challenge/","title":"DNS01 Challenge Fields","text":""},{"location":"configuration/shared/dns01_challenge/#structure","title":"Structure","text":"<pre><code>{\n \"provider\": \"\",\n\n ... // Provider Fields\n}\n</code></pre>"},{"location":"configuration/shared/dns01_challenge/#provider-fields","title":"Provider Fields","text":""},{"location":"configuration/shared/dns01_challenge/#alibaba-cloud-dns","title":"Alibaba Cloud DNS","text":"<pre><code>{\n \"provider\": \"alidns\",\n \"access_key_id\": \"\",\n \"access_key_secret\": \"\",\n \"region_id\": \"\"\n}\n</code></pre>"},{"location":"configuration/shared/dns01_challenge/#cloudflare","title":"Cloudflare","text":"<pre><code>{\n \"provider\": \"cloudflare\",\n \"api_token\": \"\"\n}\n</code></pre>"},{"location":"configuration/shared/listen/","title":"Listen Fields","text":"<p>Changes in sing-box 1.11.0</p> <p> sniff sniff_override_destination sniff_timeout domain_strategy udp_disable_domain_unmapping</p>"},{"location":"configuration/shared/listen/#structure","title":"Structure","text":"<pre><code>{\n \"listen\": \"::\",\n \"listen_port\": 5353,\n \"tcp_fast_open\": false,\n \"tcp_multi_path\": false,\n \"udp_fragment\": false,\n \"udp_timeout\": \"5m\",\n \"detour\": \"another-in\",\n \"sniff\": false,\n \"sniff_override_destination\": false,\n \"sniff_timeout\": \"300ms\",\n \"domain_strategy\": \"prefer_ipv6\",\n \"udp_disable_domain_unmapping\": false\n}\n</code></pre>"},{"location":"configuration/shared/listen/#fields","title":"Fields","text":"Field Available Context <code>listen</code> Needs to listen on TCP or UDP. <code>listen_port</code> Needs to listen on TCP or UDP. <code>tcp_fast_open</code> Needs to listen on TCP. <code>tcp_multi_path</code> Needs to listen on TCP. <code>udp_timeout</code> Needs to assemble UDP connections. <code>udp_disable_domain_unmapping</code> Needs to listen on UDP and accept domain UDP addresses."},{"location":"configuration/shared/listen/#listen","title":"listen","text":"<p>Required</p> <p>Listen address.</p>"},{"location":"configuration/shared/listen/#listen_port","title":"listen_port","text":"<p>Listen port.</p>"},{"location":"configuration/shared/listen/#tcp_fast_open","title":"tcp_fast_open","text":"<p>Enable TCP Fast Open.</p>"},{"location":"configuration/shared/listen/#tcp_multi_path","title":"tcp_multi_path","text":"<p>Go 1.21 required.</p> <p>Enable TCP Multi Path.</p>"},{"location":"configuration/shared/listen/#udp_fragment","title":"udp_fragment","text":"<p>Enable UDP fragmentation.</p>"},{"location":"configuration/shared/listen/#udp_timeout","title":"udp_timeout","text":"<p>UDP NAT expiration time.</p> <p><code>5m</code> will be used by default.</p>"},{"location":"configuration/shared/listen/#detour","title":"detour","text":"<p>If set, connections will be forwarded to the specified inbound.</p> <p>Requires target inbound support, see Injectable.</p>"},{"location":"configuration/shared/listen/#sniff","title":"sniff","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.</p> <p>Enable sniffing.</p> <p>See Protocol Sniff for details.</p>"},{"location":"configuration/shared/listen/#sniff_override_destination","title":"sniff_override_destination","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Inbound fields are deprecated and will be removed in sing-box 1.13.0.</p> <p>Override the connection destination address with the sniffed domain.</p> <p>If the domain name is invalid (like tor), this will not work.</p>"},{"location":"configuration/shared/listen/#sniff_timeout","title":"sniff_timeout","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.</p> <p>Timeout for sniffing.</p> <p><code>300ms</code> is used by default.</p>"},{"location":"configuration/shared/listen/#domain_strategy","title":"domain_strategy","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.</p> <p>One of <code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>.</p> <p>If set, the requested domain name will be resolved to IP before routing.</p> <p>If <code>sniff_override_destination</code> is in effect, its value will be taken as a fallback.</p>"},{"location":"configuration/shared/listen/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"<p>Deprecated in sing-box 1.11.0</p> <p>Inbound fields are deprecated and will be removed in sing-box 1.13.0, check Migration.</p> <p>If enabled, for UDP proxy requests addressed to a domain, the original packet address will be sent in the response instead of the mapped domain.</p> <p>This option is used for compatibility with clients that do not support receiving UDP packets with domain addresses, such as Surge.</p>"},{"location":"configuration/shared/multiplex/","title":"Multiplex","text":""},{"location":"configuration/shared/multiplex/#inbound","title":"Inbound","text":"<pre><code>{\n \"enabled\": true,\n \"padding\": false,\n \"brutal\": {}\n}\n</code></pre>"},{"location":"configuration/shared/multiplex/#outbound","title":"Outbound","text":"<pre><code>{\n \"enabled\": true,\n \"protocol\": \"smux\",\n \"max_connections\": 4,\n \"min_streams\": 4,\n \"max_streams\": 0,\n \"padding\": false,\n \"brutal\": {}\n}\n</code></pre>"},{"location":"configuration/shared/multiplex/#inbound-fields","title":"Inbound Fields","text":""},{"location":"configuration/shared/multiplex/#enabled","title":"enabled","text":"<p>Enable multiplex support.</p>"},{"location":"configuration/shared/multiplex/#padding","title":"padding","text":"<p>If enabled, non-padded connections will be rejected.</p>"},{"location":"configuration/shared/multiplex/#brutal","title":"brutal","text":"<p>See TCP Brutal for details.</p>"},{"location":"configuration/shared/multiplex/#outbound-fields","title":"Outbound Fields","text":""},{"location":"configuration/shared/multiplex/#enabled_1","title":"enabled","text":"<p>Enable multiplex.</p>"},{"location":"configuration/shared/multiplex/#protocol","title":"protocol","text":"<p>Multiplex protocol.</p> Protocol Description smux https://github.com/xtaci/smux yamux https://github.com/hashicorp/yamux h2mux https://golang.org/x/net/http2 <p>h2mux is used by default.</p>"},{"location":"configuration/shared/multiplex/#max_connections","title":"max_connections","text":"<p>Maximum connections.</p> <p>Conflict with <code>max_streams</code>.</p>"},{"location":"configuration/shared/multiplex/#min_streams","title":"min_streams","text":"<p>Minimum multiplexed streams in a connection before opening a new connection.</p> <p>Conflict with <code>max_streams</code>.</p>"},{"location":"configuration/shared/multiplex/#max_streams","title":"max_streams","text":"<p>Maximum multiplexed streams in a connection before opening a new connection.</p> <p>Conflict with <code>max_connections</code> and <code>min_streams</code>.</p>"},{"location":"configuration/shared/multiplex/#padding_1","title":"padding","text":"<p>Info</p> <p>Requires sing-box server version 1.3-beta9 or later.</p> <p>Enable padding.</p>"},{"location":"configuration/shared/multiplex/#brutal_1","title":"brutal","text":"<p>See TCP Brutal for details.</p>"},{"location":"configuration/shared/tcp-brutal/","title":"TCP Brutal","text":""},{"location":"configuration/shared/tcp-brutal/#server-requirements","title":"Server Requirements","text":"<ul> <li>Linux</li> <li><code>brutal</code> congestion control algorithm kernel module installed</li> </ul> <p>See tcp-brutal for details.</p>"},{"location":"configuration/shared/tcp-brutal/#structure","title":"Structure","text":"<pre><code>{\n \"enabled\": true,\n \"up_mbps\": 100,\n \"down_mbps\": 100\n}\n</code></pre>"},{"location":"configuration/shared/tcp-brutal/#fields","title":"Fields","text":""},{"location":"configuration/shared/tcp-brutal/#enabled","title":"enabled","text":"<p>Enable TCP Brutal congestion control algorithm\u3002</p>"},{"location":"configuration/shared/tcp-brutal/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>Required</p> <p>Upload and download bandwidth, in Mbps.</p>"},{"location":"configuration/shared/tls/","title":"TLS","text":"<p>Changes in sing-box 1.10.0</p> <p> utls </p>"},{"location":"configuration/shared/tls/#inbound","title":"Inbound","text":"<pre><code>{\n \"enabled\": true,\n \"server_name\": \"\",\n \"alpn\": [],\n \"min_version\": \"\",\n \"max_version\": \"\",\n \"cipher_suites\": [],\n \"certificate\": [],\n \"certificate_path\": \"\",\n \"key\": [],\n \"key_path\": \"\",\n \"acme\": {\n \"domain\": [],\n \"data_directory\": \"\",\n \"default_server_name\": \"\",\n \"email\": \"\",\n \"provider\": \"\",\n \"disable_http_challenge\": false,\n \"disable_tls_alpn_challenge\": false,\n \"alternative_http_port\": 0,\n \"alternative_tls_port\": 0,\n \"external_account\": {\n \"key_id\": \"\",\n \"mac_key\": \"\"\n },\n \"dns01_challenge\": {}\n },\n \"ech\": {\n \"enabled\": false,\n \"pq_signature_schemes_enabled\": false,\n \"dynamic_record_sizing_disabled\": false,\n \"key\": [],\n \"key_path\": \"\"\n },\n \"reality\": {\n \"enabled\": false,\n \"handshake\": {\n \"server\": \"google.com\",\n \"server_port\": 443,\n\n ... // Dial Fields\n },\n \"private_key\": \"UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc\",\n \"short_id\": [\n \"0123456789abcdef\"\n ],\n \"max_time_difference\": \"1m\"\n }\n}\n</code></pre>"},{"location":"configuration/shared/tls/#outbound","title":"Outbound","text":"<pre><code>{\n \"enabled\": true,\n \"disable_sni\": false,\n \"server_name\": \"\",\n \"insecure\": false,\n \"alpn\": [],\n \"min_version\": \"\",\n \"max_version\": \"\",\n \"cipher_suites\": [],\n \"certificate\": \"\",\n \"certificate_path\": \"\",\n \"ech\": {\n \"enabled\": false,\n \"pq_signature_schemes_enabled\": false,\n \"dynamic_record_sizing_disabled\": false,\n \"config\": [],\n \"config_path\": \"\"\n },\n \"utls\": {\n \"enabled\": false,\n \"fingerprint\": \"\"\n },\n \"reality\": {\n \"enabled\": false,\n \"public_key\": \"jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0\",\n \"short_id\": \"0123456789abcdef\"\n }\n}\n</code></pre> <p>TLS version values:</p> <ul> <li><code>1.0</code></li> <li><code>1.1</code></li> <li><code>1.2</code></li> <li><code>1.3</code></li> </ul> <p>Cipher suite values:</p> <ul> <li><code>TLS_RSA_WITH_AES_128_CBC_SHA</code></li> <li><code>TLS_RSA_WITH_AES_256_CBC_SHA</code></li> <li><code>TLS_RSA_WITH_AES_128_GCM_SHA256</code></li> <li><code>TLS_RSA_WITH_AES_256_GCM_SHA384</code></li> <li><code>TLS_AES_128_GCM_SHA256</code></li> <li><code>TLS_AES_256_GCM_SHA384</code></li> <li><code>TLS_CHACHA20_POLY1305_SHA256</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</code></li> <li><code>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</code></li> </ul> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/shared/tls/#fields","title":"Fields","text":""},{"location":"configuration/shared/tls/#enabled","title":"enabled","text":"<p>Enable TLS.</p>"},{"location":"configuration/shared/tls/#disable_sni","title":"disable_sni","text":"<p>Client only</p> <p>Do not send server name in ClientHello.</p>"},{"location":"configuration/shared/tls/#server_name","title":"server_name","text":"<p>Used to verify the hostname on the returned certificates unless insecure is given.</p> <p>It is also included in the client's handshake to support virtual hosting unless it is an IP address.</p>"},{"location":"configuration/shared/tls/#insecure","title":"insecure","text":"<p>Client only</p> <p>Accepts any server certificate.</p>"},{"location":"configuration/shared/tls/#alpn","title":"alpn","text":"<p>List of supported application level protocols, in order of preference.</p> <p>If both peers support ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol.</p> <p>See Application-Layer Protocol Negotiation.</p>"},{"location":"configuration/shared/tls/#min_version","title":"min_version","text":"<p>The minimum TLS version that is acceptable.</p> <p>By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server.</p>"},{"location":"configuration/shared/tls/#max_version","title":"max_version","text":"<p>The maximum TLS version that is acceptable.</p> <p>By default, the maximum version is currently TLS 1.3.</p>"},{"location":"configuration/shared/tls/#cipher_suites","title":"cipher_suites","text":"<p>A list of enabled TLS 1.0\u20131.2 cipher suites. The order of the list is ignored. Note that TLS 1.3 cipher suites are not configurable.</p> <p>If empty, a safe default list is used. The default cipher suites might change over time.</p>"},{"location":"configuration/shared/tls/#certificate","title":"certificate","text":"<p>The server certificate line array, in PEM format.</p>"},{"location":"configuration/shared/tls/#certificate_path","title":"certificate_path","text":"<p>Will be automatically reloaded if file modified.</p> <p>The path to the server certificate, in PEM format.</p>"},{"location":"configuration/shared/tls/#key","title":"key","text":"<p>Server only</p> <p>The server private key line array, in PEM format.</p>"},{"location":"configuration/shared/tls/#key_path","title":"key_path","text":"<p>Server only</p> <p>Will be automatically reloaded if file modified.</p> <p>The path to the server private key, in PEM format.</p>"},{"location":"configuration/shared/tls/#custom-tls-support","title":"Custom TLS support","text":"<p>QUIC support</p> <p>Only ECH is supported in QUIC.</p>"},{"location":"configuration/shared/tls/#utls","title":"utls","text":"<p>Client only</p> <p>There is no evidence that GFW detects and blocks servers based on TLS client fingerprinting, and using an imperfect emulation that has not been security reviewed could pose security risks.</p> <p>uTLS is a fork of \"crypto/tls\", which provides ClientHello fingerprinting resistance.</p> <p>Available fingerprint values:</p> <p>Removed since sing-box 1.10.0</p> <p>Some legacy chrome fingerprints have been removed and will fallback to chrome:</p> <p> chrome_psk chrome_psk_shuffle chrome_padding_psk_shuffle chrome_pq chrome_pq_psk</p> <ul> <li>chrome</li> <li>firefox</li> <li>edge</li> <li>safari</li> <li>360</li> <li>qq</li> <li>ios</li> <li>android</li> <li>random</li> <li>randomized</li> </ul> <p>Chrome fingerprint will be used if empty.</p>"},{"location":"configuration/shared/tls/#ech-fields","title":"ECH Fields","text":"<p>ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message.</p> <p>The ECH key and configuration can be generated by <code>sing-box generate ech-keypair [--pq-signature-schemes-enabled]</code>.</p>"},{"location":"configuration/shared/tls/#pq_signature_schemes_enabled","title":"pq_signature_schemes_enabled","text":"<p>Enable support for post-quantum peer certificate signature schemes.</p> <p>It is recommended to match the parameters of <code>sing-box generate ech-keypair</code>.</p>"},{"location":"configuration/shared/tls/#dynamic_record_sizing_disabled","title":"dynamic_record_sizing_disabled","text":"<p>Disables adaptive sizing of TLS records.</p> <p>When true, the largest possible TLS record size is always used. When false, the size of TLS records may be adjusted in an attempt to improve latency.</p>"},{"location":"configuration/shared/tls/#key_1","title":"key","text":"<p>Server only</p> <p>ECH key line array, in PEM format.</p>"},{"location":"configuration/shared/tls/#key_path_1","title":"key_path","text":"<p>Server only</p> <p>Will be automatically reloaded if file modified.</p> <p>The path to ECH key, in PEM format.</p>"},{"location":"configuration/shared/tls/#config","title":"config","text":"<p>Client only</p> <p>ECH configuration line array, in PEM format.</p> <p>If empty, load from DNS will be attempted.</p>"},{"location":"configuration/shared/tls/#config_path","title":"config_path","text":"<p>Client only</p> <p>The path to ECH configuration, in PEM format.</p> <p>If empty, load from DNS will be attempted.</p>"},{"location":"configuration/shared/tls/#acme-fields","title":"ACME Fields","text":""},{"location":"configuration/shared/tls/#domain","title":"domain","text":"<p>List of domain.</p> <p>ACME will be disabled if empty.</p>"},{"location":"configuration/shared/tls/#data_directory","title":"data_directory","text":"<p>The directory to store ACME data.</p> <p><code>$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic</code> will be used if empty.</p>"},{"location":"configuration/shared/tls/#default_server_name","title":"default_server_name","text":"<p>Server name to use when choosing a certificate if the ClientHello's ServerName field is empty.</p>"},{"location":"configuration/shared/tls/#email","title":"email","text":"<p>The email address to use when creating or selecting an existing ACME server account</p>"},{"location":"configuration/shared/tls/#provider","title":"provider","text":"<p>The ACME CA provider to use.</p> Value Provider <code>letsencrypt (default)</code> Let's Encrypt <code>zerossl</code> ZeroSSL <code>https://...</code> Custom"},{"location":"configuration/shared/tls/#disable_http_challenge","title":"disable_http_challenge","text":"<p>Disable all HTTP challenges.</p>"},{"location":"configuration/shared/tls/#disable_tls_alpn_challenge","title":"disable_tls_alpn_challenge","text":"<p>Disable all TLS-ALPN challenges</p>"},{"location":"configuration/shared/tls/#alternative_http_port","title":"alternative_http_port","text":"<p>The alternate port to use for the ACME HTTP challenge; if non-empty, this port will be used instead of 80 to spin up a listener for the HTTP challenge.</p>"},{"location":"configuration/shared/tls/#alternative_tls_port","title":"alternative_tls_port","text":"<p>The alternate port to use for the ACME TLS-ALPN challenge; the system must forward 443 to this port for challenge to succeed.</p>"},{"location":"configuration/shared/tls/#external_account","title":"external_account","text":"<p>EAB (External Account Binding) contains information necessary to bind or map an ACME account to some other account known by the CA.</p> <p>External account bindings are \"used to associate an ACME account with an existing account in a non-ACME system, such as a CA customer database.</p> <p>To enable ACME account binding, the CA operating the ACME server needs to provide the ACME client with a MAC key and a key identifier, using some mechanism outside of ACME. \u00a77.3.4</p>"},{"location":"configuration/shared/tls/#external_accountkey_id","title":"external_account.key_id","text":"<p>The key identifier.</p>"},{"location":"configuration/shared/tls/#external_accountmac_key","title":"external_account.mac_key","text":"<p>The MAC key.</p>"},{"location":"configuration/shared/tls/#dns01_challenge","title":"dns01_challenge","text":"<p>ACME DNS01 challenge field. If configured, other challenge methods will be disabled.</p> <p>See DNS01 Challenge Fields for details.</p>"},{"location":"configuration/shared/tls/#reality-fields","title":"Reality Fields","text":""},{"location":"configuration/shared/tls/#handshake","title":"handshake","text":"<p>Server only</p> <p>Required</p> <p>Handshake server address and Dial Fields.</p>"},{"location":"configuration/shared/tls/#private_key","title":"private_key","text":"<p>Server only</p> <p>Required</p> <p>Private key, generated by <code>sing-box generate reality-keypair</code>.</p>"},{"location":"configuration/shared/tls/#public_key","title":"public_key","text":"<p>Client only</p> <p>Required</p> <p>Public key, generated by <code>sing-box generate reality-keypair</code>.</p>"},{"location":"configuration/shared/tls/#short_id","title":"short_id","text":"<p>Required</p> <p>A hexadecimal string with zero to eight digits.</p>"},{"location":"configuration/shared/tls/#max_time_difference","title":"max_time_difference","text":"<p>Server only</p> <p>The maximum time difference between the server and the client.</p> <p>Check disabled if empty.</p>"},{"location":"configuration/shared/udp-over-tcp/","title":"UDP over TCP","text":"<p>It's a proprietary protocol created by SagerNet, not part of shadowsocks.</p> <p>The UDP over TCP protocol is used to transmit UDP packets in TCP.</p>"},{"location":"configuration/shared/udp-over-tcp/#structure","title":"Structure","text":"<pre><code>{\n \"enabled\": true,\n \"version\": 2\n}\n</code></pre> <p>The structure can be replaced with a boolean value when the version is not specified.</p>"},{"location":"configuration/shared/udp-over-tcp/#fields","title":"Fields","text":""},{"location":"configuration/shared/udp-over-tcp/#enabled","title":"enabled","text":"<p>Enable the UDP over TCP protocol.</p>"},{"location":"configuration/shared/udp-over-tcp/#version","title":"version","text":"<p>The protocol version, <code>1</code> or <code>2</code>.</p> <p>2 is used by default.</p>"},{"location":"configuration/shared/udp-over-tcp/#application-support","title":"Application support","text":"Project UoT v1 UoT v2 sing-box v0 (2022/08/11) v1.2-beta9 Xray-core v1.5.7 (2022/06/05) f57ec13 (Not released) Clash.Meta v1.12.0 (2022/07/02) 8cb67b6 (Not released) Shadowrocket v2.2.12 (2022/08/13) /"},{"location":"configuration/shared/udp-over-tcp/#protocol-details","title":"Protocol details","text":""},{"location":"configuration/shared/udp-over-tcp/#protocol-version-1","title":"Protocol version 1","text":"<p>The client requests the magic address to the upper layer proxy protocol to indicate the request: <code>sp.udp-over-tcp.arpa</code></p>"},{"location":"configuration/shared/udp-over-tcp/#stream-format","title":"Stream format","text":"ATYP address port length data u8 variable u16be u16be variable <p>ATYP / address / port: Uses the SOCKS address format.</p>"},{"location":"configuration/shared/udp-over-tcp/#protocol-version-2","title":"Protocol version 2","text":"<p>Protocol version 2 uses a new magic address: <code>sp.v2.udp-over-tcp.arpa</code></p>"},{"location":"configuration/shared/udp-over-tcp/#request-format","title":"Request format","text":"isConnect ATYP address port u8 u8 variable u16be <p>isConnect: Set to 1 to indicates that the stream uses the connect format, 0 to disable.</p> <p>ATYP / address / port: Request destination, uses the SOCKS address format.</p>"},{"location":"configuration/shared/udp-over-tcp/#connect-stream-format","title":"Connect stream format","text":"length data u16be variable"},{"location":"configuration/shared/udp-over-tcp/#non-connect-stream-format","title":"Non-connect stream format","text":"<p>As the same as the stream format in protocol version 1.</p>"},{"location":"configuration/shared/v2ray-transport/","title":"V2Ray Transport","text":"<p>V2Ray Transport is a set of private protocols invented by v2ray, and has contaminated the names of other protocols, such as <code>trojan-grpc</code> in clash.</p>"},{"location":"configuration/shared/v2ray-transport/#structure","title":"Structure","text":"<pre><code>{\n \"type\": \"\"\n}\n</code></pre> <p>Available transports:</p> <ul> <li>HTTP</li> <li>WebSocket</li> <li>QUIC</li> <li>gRPC</li> <li>HTTPUpgrade</li> </ul> <p>Difference from v2ray-core</p> <ul> <li>No TCP transport, plain HTTP is merged into the HTTP transport.</li> <li>No mKCP transport.</li> <li>No DomainSocket transport.</li> </ul> <p>You can ignore the JSON Array [] tag when the content is only one item</p>"},{"location":"configuration/shared/v2ray-transport/#http","title":"HTTP","text":"<pre><code>{\n \"type\": \"http\",\n \"host\": [],\n \"path\": \"\",\n \"method\": \"\",\n \"headers\": {},\n \"idle_timeout\": \"15s\",\n \"ping_timeout\": \"15s\"\n}\n</code></pre> <p>Difference from v2ray-core</p> <p>TLS is not enforced. If TLS is not configured, plain HTTP 1.1 is used.</p>"},{"location":"configuration/shared/v2ray-transport/#host","title":"host","text":"<p>List of host domain.</p> <p>The client will choose randomly and the server will verify if not empty.</p>"},{"location":"configuration/shared/v2ray-transport/#path","title":"path","text":"<p>Warning</p> <p>V2Ray's documentation says that the path between the server and the client must be consistent, but the actual code allows the client to add any suffix to the path. sing-box uses the same behavior as V2Ray, but note that the behavior does not exist in <code>WebSocket</code> and <code>HTTPUpgrade</code> transport.</p> <p>Path of HTTP request.</p> <p>The server will verify.</p>"},{"location":"configuration/shared/v2ray-transport/#method","title":"method","text":"<p>Method of HTTP request.</p> <p>The server will verify if not empty.</p>"},{"location":"configuration/shared/v2ray-transport/#headers","title":"headers","text":"<p>Extra headers of HTTP request.</p> <p>The server will write in response if not empty.</p>"},{"location":"configuration/shared/v2ray-transport/#idle_timeout","title":"idle_timeout","text":"<p>In HTTP2 server:</p> <p>Specifies the time until idle clients should be closed with a GOAWAY frame. PING frames are not considered as activity.</p> <p>In HTTP2 client:</p> <p>Specifies the period of time after which a health check will be performed using a ping frame if no frames have been received on the connection.Please note that a ping response is considered a received frame, so if there is no other traffic on the connection, the health check will be executed every interval. If the value is zero, no health check will be performed.</p> <p>Zero is used by default.</p>"},{"location":"configuration/shared/v2ray-transport/#ping_timeout","title":"ping_timeout","text":"<p>In HTTP2 client:</p> <p>Specifies the timeout duration after sending a PING frame, within which a response must be received. If a response to the PING frame is not received within the specified timeout duration, the connection will be closed. The default timeout duration is 15 seconds.</p>"},{"location":"configuration/shared/v2ray-transport/#websocket","title":"WebSocket","text":"<pre><code>{\n \"type\": \"ws\",\n \"path\": \"\",\n \"headers\": {},\n \"max_early_data\": 0,\n \"early_data_header_name\": \"\"\n}\n</code></pre>"},{"location":"configuration/shared/v2ray-transport/#path_1","title":"path","text":"<p>Path of HTTP request.</p> <p>The server will verify.</p>"},{"location":"configuration/shared/v2ray-transport/#headers_1","title":"headers","text":"<p>Extra headers of HTTP request.</p> <p>The server will write in response if not empty.</p>"},{"location":"configuration/shared/v2ray-transport/#max_early_data","title":"max_early_data","text":"<p>Allowed payload size is in the request. Enabled if not zero.</p>"},{"location":"configuration/shared/v2ray-transport/#early_data_header_name","title":"early_data_header_name","text":"<p>Early data is sent in path instead of header by default.</p> <p>To be compatible with Xray-core, set this to <code>Sec-WebSocket-Protocol</code>.</p> <p>It needs to be consistent with the server.</p>"},{"location":"configuration/shared/v2ray-transport/#quic","title":"QUIC","text":"<pre><code>{\n \"type\": \"quic\"\n}\n</code></pre> <p>Difference from v2ray-core</p> <p>No additional encryption support: It's basically duplicate encryption. And Xray-core is not compatible with v2ray-core in here.</p>"},{"location":"configuration/shared/v2ray-transport/#grpc","title":"gRPC","text":"<p>standard gRPC has good compatibility but poor performance and is not included by default, see Installation.</p> <pre><code>{\n \"type\": \"grpc\",\n \"service_name\": \"TunService\",\n \"idle_timeout\": \"15s\",\n \"ping_timeout\": \"15s\",\n \"permit_without_stream\": false\n}\n</code></pre>"},{"location":"configuration/shared/v2ray-transport/#service_name","title":"service_name","text":"<p>Service name of gRPC.</p>"},{"location":"configuration/shared/v2ray-transport/#idle_timeout_1","title":"idle_timeout","text":"<p>In standard gRPC server/client:</p> <p>If the transport doesn't see any activity after a duration of this time, it pings the client to check if the connection is still active.</p> <p>In default gRPC server/client:</p> <p>It has the same behavior as the corresponding setting in HTTP transport.</p>"},{"location":"configuration/shared/v2ray-transport/#ping_timeout_1","title":"ping_timeout","text":"<p>In standard gRPC server/client:</p> <p>The timeout that after performing a keepalive check, the client will wait for activity. If no activity is detected, the connection will be closed.</p> <p>In default gRPC server/client:</p> <p>It has the same behavior as the corresponding setting in HTTP transport.</p>"},{"location":"configuration/shared/v2ray-transport/#permit_without_stream","title":"permit_without_stream","text":"<p>In standard gRPC client:</p> <p>If enabled, the client transport sends keepalive pings even with no active connections. If disabled, when there are no active connections, <code>idle_timeout</code> and <code>ping_timeout</code> will be ignored and no keepalive pings will be sent.</p> <p>Disabled by default.</p>"},{"location":"configuration/shared/v2ray-transport/#httpupgrade","title":"HTTPUpgrade","text":"<pre><code>{\n \"type\": \"httpupgrade\",\n \"host\": \"\",\n \"path\": \"\",\n \"headers\": {}\n}\n</code></pre>"},{"location":"configuration/shared/v2ray-transport/#host_1","title":"host","text":"<p>Host domain.</p> <p>The server will verify if not empty.</p>"},{"location":"configuration/shared/v2ray-transport/#path_2","title":"path","text":"<p>Path of HTTP request.</p> <p>The server will verify.</p>"},{"location":"configuration/shared/v2ray-transport/#headers_2","title":"headers","text":"<p>Extra headers of HTTP request.</p> <p>The server will write in response if not empty.</p>"},{"location":"installation/build-from-source/","title":"Build from source","text":""},{"location":"installation/build-from-source/#requirements","title":"Requirements","text":""},{"location":"installation/build-from-source/#sing-box-110","title":"sing-box 1.10","text":"<ul> <li>Go 1.20.0 - ~</li> <li>Go 1.20.0 - ~ with tag <code>with_quic</code>, or <code>with_utls</code> enabled</li> <li>Go 1.21.0 - ~ with tag <code>with_ech</code> enabled</li> </ul>"},{"location":"installation/build-from-source/#sing-box-19","title":"sing-box 1.9","text":"<ul> <li>Go 1.18.5 - 1.22.x</li> <li>Go 1.20.0 - 1.22.x with tag <code>with_quic</code>, or <code>with_utls</code> enabled</li> <li>Go 1.21.0 - 1.22.x with tag <code>with_ech</code> enabled</li> </ul> <p>You can download and install Go from: https://go.dev/doc/install, latest version is recommended.</p>"},{"location":"installation/build-from-source/#simple-build","title":"Simple Build","text":"<pre><code>make\n</code></pre> <p>Or build and install binary to <code>$GOBIN</code>:</p> <pre><code>make install\n</code></pre>"},{"location":"installation/build-from-source/#custom-build","title":"Custom Build","text":"<pre><code>TAGS=\"tag_a tag_b\" make\n</code></pre> <p>or</p> <pre><code>go build -tags \"tag_a tag_b\" ./cmd/sing-box\n</code></pre>"},{"location":"installation/build-from-source/#build-tags","title":"Build Tags","text":"Build Tag Enabled by default Description <code>with_quic</code> Build with QUIC support, see QUIC and HTTP3 DNS transports, Naive inbound, Hysteria Inbound, Hysteria Outbound and V2Ray Transport#QUIC. <code>with_grpc</code> \ufe0f Build with standard gRPC support, see V2Ray Transport#gRPC. <code>with_dhcp</code> Build with DHCP support, see DHCP DNS transport. <code>with_wireguard</code> Build with WireGuard support, see WireGuard outbound. <code>with_ech</code> Build with TLS ECH extension support for TLS outbound, see TLS. <code>with_utls</code> Build with uTLS support for TLS outbound, see TLS. <code>with_reality_server</code> Build with reality TLS server support, see TLS. <code>with_acme</code> Build with ACME TLS certificate issuer support, see TLS. <code>with_clash_api</code> Build with Clash API support, see Experimental. <code>with_v2ray_api</code> \ufe0f Build with V2Ray API support, see Experimental. <code>with_gvisor</code> Build with gVisor support, see Tun inbound and WireGuard outbound. <code>with_embedded_tor</code> (CGO required) \ufe0f Build with embedded Tor support, see Tor outbound. <p>It is not recommended to change the default build tag list unless you really know what you are adding.</p>"},{"location":"installation/docker/","title":"Docker","text":""},{"location":"installation/docker/#command","title":"Command","text":"<pre><code>docker run -d \\\n -v /etc/sing-box:/etc/sing-box/ \\\n --name=sing-box \\\n --restart=always \\\n ghcr.io/sagernet/sing-box \\\n -D /var/lib/sing-box \\\n -C /etc/sing-box/ run\n</code></pre>"},{"location":"installation/docker/#compose","title":"Compose","text":"<pre><code>version: \"3.8\"\nservices:\n sing-box:\n image: ghcr.io/sagernet/sing-box\n container_name: sing-box\n restart: always\n volumes:\n - /etc/sing-box:/etc/sing-box/\n command: -D /var/lib/sing-box -C /etc/sing-box/ run\n</code></pre>"},{"location":"installation/package-manager/","title":"Package Manager","text":""},{"location":"installation/package-manager/#repository-installation","title":"Repository Installation","text":"Debian / APT Redhat / DNF <pre><code>sudo curl -fsSL https://sing-box.app/gpg.key -o /etc/apt/keyrings/sagernet.asc\nsudo chmod a+r /etc/apt/keyrings/sagernet.asc\necho \"deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/sagernet.asc] https://deb.sagernet.org/ * *\" | \\\n sudo tee /etc/apt/sources.list.d/sagernet.list &gt; /dev/null\nsudo apt-get update\nsudo apt-get install sing-box # or sing-box-beta\n</code></pre> <p><pre><code>sudo dnf -y install dnf-plugins-core\nsudo dnf config-manager --add-repo https://sing-box.app/sing-box.repo\nsudo dnf install sing-box # or sing-box-beta\n</code></pre> (This applies to any distribution that uses <code>dnf</code> as the package manager: Fedora, CentOS, even OpenSUSE with DNF installed.)</p>"},{"location":"installation/package-manager/#manual-installation","title":"Manual Installation","text":"Debian / DEB Redhat / RPM Archlinux / PKG <pre><code>bash &lt;(curl -fsSL https://sing-box.app/deb-install.sh)\n</code></pre> <p><pre><code>bash &lt;(curl -fsSL https://sing-box.app/rpm-install.sh)\n</code></pre> (This applies to any distribution that uses <code>rpm</code> and <code>systemd</code>. Because of how <code>rpm</code> defines dependencies, if it installs, it probably works.)</p> <pre><code>bash &lt;(curl -fsSL https://sing-box.app/arch-install.sh)\n</code></pre>"},{"location":"installation/package-manager/#managed-installation","title":"Managed Installation","text":"Linux macOS Windows Android FreeBSD Type Platform Command Link AUR Arch Linux <code>? -S sing-box</code> nixpkgs NixOS <code>nix-env -iA nixos.sing-box</code> Homebrew macOS / Linux <code>brew install sing-box</code> APK Alpine <code>apk add sing-box</code> DEB AOSC <code>apt install sing-box</code> Type Platform Command Link Homebrew macOS <code>brew install sing-box</code> Type Platform Command Link Scoop Windows <code>scoop install sing-box</code> Chocolatey Windows <code>choco install sing-box</code> winget Windows <code>winget install sing-box</code> Type Platform Command Link Termux Android <code>pkg add sing-box</code> Type Platform Command Link FreshPorts FreeBSD <code>pkg install sing-box</code>"},{"location":"installation/package-manager/#problematic-sources","title":"Problematic Sources","text":"Type Platform Link Promblem(s) DEB AOSC aosc-os-abbs Problematic build tag list modification Homebrew / homebrew-core Problematic build tag list modification Termux Android termux-packages Problematic build tag list modification FreshPorts FreeBSD FreeBSD ports Old Go (go1.20) <p>If you are a user of them, please report issues to them:</p> <ol> <li>Please do not modify release build tags without full understanding of the related functionality: enabling non-default labels may result in decreased performance; the lack of default labels may cause user confusion.</li> <li>sing-box supports compiling with some older Go versions, but it is not recommended (especially versions that are no longer supported by Go).</li> </ol>"},{"location":"installation/package-manager/#service-management","title":"Service Management","text":"<p>For Linux systems with systemd, usually the installation already includes a sing-box service, you can manage the service using the following command:</p> Operation Command Enable <code>sudo systemctl enable sing-box</code> Disable <code>sudo systemctl disable sing-box</code> Start <code>sudo systemctl start sing-box</code> Stop <code>sudo systemctl stop sing-box</code> Kill <code>sudo systemctl kill sing-box</code> Restart <code>sudo systemctl restart sing-box</code> Logs <code>sudo journalctl -u sing-box --output cat -e</code> New Logs <code>sudo journalctl -u sing-box --output cat -f</code>"},{"location":"manual/misc/tunnelvision/","title":"TunnelVision","text":"<p>TunnelVision is an attack that uses DHCP option 121 to set higher priority routes so that traffic does not go through the VPN.</p> <p>Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661</p>"},{"location":"manual/misc/tunnelvision/#status","title":"Status","text":""},{"location":"manual/misc/tunnelvision/#android","title":"Android","text":"<p>Android does not handle DHCP option 121 and is not affected.</p>"},{"location":"manual/misc/tunnelvision/#apple-platforms","title":"Apple platforms","text":"<p>Update sing-box graphical client to <code>1.9.0-rc.16</code> or newer, then enable <code>includeAllNetworks</code> in <code>Settings</code> \u2014 <code>Packet Tunnel</code> and you will be unaffected.</p> <p>Note: when <code>includeAllNetworks</code> is enabled, the default TUN stack is changed to <code>gvisor</code>, and the <code>system</code> and <code>mixed</code> stacks are not available.</p>"},{"location":"manual/misc/tunnelvision/#linux","title":"Linux","text":"<p>Update sing-box to <code>1.9.0-rc.16</code> or newer, rules generated by <code>auto-route</code> are unaffected.</p>"},{"location":"manual/misc/tunnelvision/#windows","title":"Windows","text":"<p>No solution yet.</p>"},{"location":"manual/misc/tunnelvision/#workarounds","title":"Workarounds","text":"<ul> <li>Don't connect to untrusted networks</li> <li>Relay untrusted network through another device</li> <li>Just ignore it</li> </ul>"},{"location":"manual/proxy/client/","title":"Client","text":""},{"location":"manual/proxy/client/#introduction","title":"Introduction","text":"<p>For a long time, the modern usage and principles of proxy clients for graphical operating systems have not been clearly described. However, we can categorize them into three types: system proxy, firewall redirection, and virtual interface.</p>"},{"location":"manual/proxy/client/#system-proxy","title":"System Proxy","text":"<p>Almost all graphical environments support system-level proxies, which are essentially ordinary HTTP proxies that only support TCP.</p> Operating System / Desktop Environment System Proxy Application Support Windows macOS GNOME/KDE Android ROOT or adb (permission) is required Android/iOS (with sing-box graphical client) via <code>tun.platform.http_proxy</code> <p>As one of the most well-known proxy methods, it has many shortcomings: many TCP clients that are not based on HTTP do not check and use the system proxy. Moreover, UDP and ICMP traffics bypass the proxy.</p> <pre><code>flowchart LR\n dns[DNS query] -- Is HTTP request? --&gt; proxy[HTTP proxy]\n dns --&gt; leak[Leak]\n tcp[TCP connection] -- Is HTTP request? --&gt; proxy\n tcp -- Check and use HTTP CONNECT? --&gt; proxy\n tcp --&gt; leak\n udp[UDP packet] --&gt; leak</code></pre>"},{"location":"manual/proxy/client/#firewall-redirection","title":"Firewall Redirection","text":"<p>This type of usage typically relies on the firewall or hook interface provided by the operating system, such as Windows\u2019 WFP, Linux\u2019s redirect, TProxy and eBPF, and macOS\u2019s pf. Although it is intrusive and cumbersome to configure, it remains popular within the community of amateur proxy open source projects like V2Ray, due to the low technical requirements it imposes on the software.</p>"},{"location":"manual/proxy/client/#virtual-interface","title":"Virtual Interface","text":"<p>All L2/L3 proxies (seriously defined VPNs, such as OpenVPN, WireGuard) are based on virtual network interfaces, which is also the only way for all L4 proxies to work as VPNs on mobile platforms like Android, iOS.</p> <p>The sing-box inherits and develops clash-premium\u2019s TUN inbound (L3 to L4 conversion) as the most reasonable method for performing transparent proxying.</p> <pre><code>flowchart TB\n packet[IP Packet]\n packet --&gt; windows[Windows / macOS]\n packet --&gt; linux[Linux]\n tun[TUN interface]\n windows -. route .-&gt; tun\n linux -. iproute2 route/rule .-&gt; tun\n tun --&gt; gvisor[gVisor TUN stack]\n tun --&gt; system[system TUN stack]\n assemble([L3 to L4 assemble])\n gvisor --&gt; assemble\n system --&gt; assemble\n assemble --&gt; conn[TCP and UDP connections]\n conn --&gt; router[sing-box Router]\n router --&gt; direct[Direct outbound]\n router --&gt; proxy[Proxy outbounds]\n router -- DNS hijack --&gt; dns_out[DNS outbound]\n dns_out --&gt; dns_router[DNS router]\n dns_router --&gt; router\n direct --&gt; adi([auto detect interface])\n proxy --&gt; adi\n adi --&gt; default[Default network interface in the system]\n default --&gt; destination[Destination server]\n default --&gt; proxy_server[Proxy server]\n proxy_server --&gt; destination</code></pre>"},{"location":"manual/proxy/client/#examples","title":"Examples","text":""},{"location":"manual/proxy/client/#basic-tun-usage-for-chinese-users","title":"Basic TUN usage for Chinese users","text":"IPv4 only IPv4 &amp; IPv6 FakeIP <pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"google\",\n \"address\": \"tls://8.8.8.8\"\n },\n {\n \"tag\": \"local\",\n \"address\": \"223.5.5.5\",\n \"detour\": \"direct\"\n }\n ],\n \"rules\": [\n {\n \"outbound\": \"any\",\n \"server\": \"local\"\n }\n ],\n \"strategy\": \"ipv4_only\"\n },\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"inet4_address\": \"172.19.0.1/30\",\n \"auto_route\": true,\n \"strict_route\": false\n }\n ],\n \"outbounds\": [\n // ...\n {\n \"type\": \"direct\",\n \"tag\": \"direct\"\n },\n {\n \"type\": \"dns\",\n \"tag\": \"dns-out\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"protocol\": \"dns\",\n \"outbound\": \"dns-out\"\n },\n {\n \"geoip\": [\n \"private\"\n ],\n \"outbound\": \"direct\"\n }\n ],\n \"auto_detect_interface\": true\n }\n}\n</code></pre> <pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"google\",\n \"address\": \"tls://8.8.8.8\"\n },\n {\n \"tag\": \"local\",\n \"address\": \"223.5.5.5\",\n \"detour\": \"direct\"\n }\n ],\n \"rules\": [\n {\n \"outbound\": \"any\",\n \"server\": \"local\"\n }\n ]\n },\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"inet4_address\": \"172.19.0.1/30\",\n \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n \"auto_route\": true,\n \"strict_route\": false\n }\n ],\n \"outbounds\": [\n // ...\n {\n \"type\": \"direct\",\n \"tag\": \"direct\"\n },\n {\n \"type\": \"dns\",\n \"tag\": \"dns-out\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"protocol\": \"dns\",\n \"outbound\": \"dns-out\"\n },\n {\n \"geoip\": [\n \"private\"\n ],\n \"outbound\": \"direct\"\n }\n ],\n \"auto_detect_interface\": true\n }\n}\n</code></pre> <pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"google\",\n \"address\": \"tls://8.8.8.8\"\n },\n {\n \"tag\": \"local\",\n \"address\": \"223.5.5.5\",\n \"detour\": \"direct\"\n },\n {\n \"tag\": \"remote\",\n \"address\": \"fakeip\"\n }\n ],\n \"rules\": [\n {\n \"outbound\": \"any\",\n \"server\": \"local\"\n },\n {\n \"query_type\": [\n \"A\",\n \"AAAA\"\n ],\n \"server\": \"remote\"\n }\n ],\n \"fakeip\": {\n \"enabled\": true,\n \"inet4_range\": \"198.18.0.0/15\",\n \"inet6_range\": \"fc00::/18\"\n },\n \"independent_cache\": true\n },\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"inet4_address\": \"172.19.0.1/30\",\n \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n \"auto_route\": true,\n \"strict_route\": true\n }\n ],\n \"outbounds\": [\n // ...\n {\n \"type\": \"direct\",\n \"tag\": \"direct\"\n },\n {\n \"type\": \"dns\",\n \"tag\": \"dns-out\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"protocol\": \"dns\",\n \"outbound\": \"dns-out\"\n },\n {\n \"geoip\": [\n \"private\"\n ],\n \"outbound\": \"direct\"\n }\n ],\n \"auto_detect_interface\": true\n }\n}\n</code></pre>"},{"location":"manual/proxy/client/#traffic-bypass-usage-for-chinese-users","title":"Traffic bypass usage for Chinese users","text":"DNS rules DNS rules (Enhanced, but slower) (1.9.0+) Route rules <pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"google\",\n \"address\": \"tls://8.8.8.8\"\n },\n {\n \"tag\": \"local\",\n \"address\": \"223.5.5.5\",\n \"detour\": \"direct\"\n }\n ],\n \"rules\": [\n {\n \"outbound\": \"any\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Direct\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Global\",\n \"server\": \"google\"\n },\n {\n \"rule_set\": \"geosite-geolocation-cn\",\n \"server\": \"local\"\n }\n ]\n },\n \"route\": {\n \"rule_set\": [\n {\n \"type\": \"remote\",\n \"tag\": \"geosite-geolocation-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n }\n ]\n }\n}\n</code></pre> With DNS leaks Without DNS leaks, but slower (1.9.0-alpha.2+) <pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"google\",\n \"address\": \"tls://8.8.8.8\"\n },\n {\n \"tag\": \"local\",\n \"address\": \"https://223.5.5.5/dns-query\",\n \"detour\": \"direct\"\n }\n ],\n \"rules\": [\n {\n \"outbound\": \"any\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Direct\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Global\",\n \"server\": \"google\"\n },\n {\n \"rule_set\": \"geosite-geolocation-cn\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Default\",\n \"server\": \"google\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [\n {\n \"rule_set\": \"geosite-geolocation-!cn\",\n \"invert\": true\n },\n {\n \"rule_set\": \"geoip-cn\"\n }\n ],\n \"server\": \"local\"\n }\n ]\n },\n \"route\": {\n \"rule_set\": [\n {\n \"type\": \"remote\",\n \"tag\": \"geosite-geolocation-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n },\n {\n \"type\": \"remote\",\n \"tag\": \"geosite-geolocation-!cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs\"\n },\n {\n \"type\": \"remote\",\n \"tag\": \"geoip-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\"\n }\n ]\n },\n \"experimental\": {\n \"cache_file\": {\n \"enabled\": true,\n \"store_rdrc\": true\n },\n \"clash_api\": {\n \"default_mode\": \"Enhanced\"\n }\n }\n}\n</code></pre> <pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"google\",\n \"address\": \"tls://8.8.8.8\"\n },\n {\n \"tag\": \"local\",\n \"address\": \"https://223.5.5.5/dns-query\",\n \"detour\": \"direct\"\n }\n ],\n \"rules\": [\n {\n \"outbound\": \"any\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Direct\",\n \"server\": \"local\"\n },\n {\n \"clash_mode\": \"Global\",\n \"server\": \"google\"\n },\n {\n \"rule_set\": \"geosite-geolocation-cn\",\n \"server\": \"local\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [\n {\n \"rule_set\": \"geosite-geolocation-!cn\",\n \"invert\": true\n },\n {\n \"rule_set\": \"geoip-cn\"\n }\n ],\n \"server\": \"google\",\n \"client_subnet\": \"114.114.114.114/24\" // Any China client IP address\n }\n ]\n },\n \"route\": {\n \"rule_set\": [\n {\n \"type\": \"remote\",\n \"tag\": \"geosite-geolocation-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n },\n {\n \"type\": \"remote\",\n \"tag\": \"geosite-geolocation-!cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs\"\n },\n {\n \"type\": \"remote\",\n \"tag\": \"geoip-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\"\n }\n ]\n },\n \"experimental\": {\n \"cache_file\": {\n \"enabled\": true,\n \"store_rdrc\": true\n },\n \"clash_api\": {\n \"default_mode\": \"Enhanced\"\n }\n }\n}\n</code></pre> <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"direct\",\n \"tag\": \"direct\"\n },\n {\n \"type\": \"block\",\n \"tag\": \"block\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"type\": \"logical\",\n \"mode\": \"or\",\n \"rules\": [\n {\n \"protocol\": \"dns\"\n },\n {\n \"port\": 53\n }\n ],\n \"outbound\": \"dns\"\n },\n {\n \"ip_is_private\": true,\n \"outbound\": \"direct\"\n },\n {\n \"clash_mode\": \"Direct\",\n \"outbound\": \"direct\"\n },\n {\n \"clash_mode\": \"Global\",\n \"outbound\": \"default\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"or\",\n \"rules\": [\n {\n \"port\": 853\n },\n {\n \"network\": \"udp\",\n \"port\": 443\n },\n {\n \"protocol\": \"stun\"\n }\n ],\n \"outbound\": \"block\"\n },\n {\n \"rule_set\": [\n \"geoip-cn\",\n \"geosite-geolocation-cn\"\n ],\n \"outbound\": \"direct\"\n }\n ],\n \"rule_set\": [\n {\n \"type\": \"remote\",\n \"tag\": \"geoip-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\"\n },\n {\n \"type\": \"remote\",\n \"tag\": \"geosite-geolocation-cn\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"manual/proxy/server/","title":"Server","text":"<p>To use sing-box as a proxy protocol server, you pretty much only need to configure the inbound for that protocol.</p> <p>The Proxy Protocol menu below contains descriptions and configuration examples of recommended protocols for bypassing GFW.</p>"},{"location":"manual/proxy-protocol/hysteria2/","title":"Hysteria 2","text":"<p>Hysteria 2 is a simple, Chinese-made protocol based on QUIC. The selling point is Brutal, a congestion control algorithm that tries to achieve a user-defined bandwidth despite packet loss.</p> <p>Warning</p> <p>Even though GFW rarely blocks UDP-based proxies, such protocols actually have far more obvious characteristics than TCP based proxies.</p> Specification Resists passive detection Resists active probes hysteria.network"},{"location":"manual/proxy-protocol/hysteria2/#password-generator","title":"Password Generator","text":"Generate Password Action <code><code> Refresh"},{"location":"manual/proxy-protocol/hysteria2/#difference-from-official-hysteria","title":"Difference from official Hysteria","text":"<p>The official program supports an authentication method called userpass, which essentially uses a combination of <code>&lt;username&gt;:&lt;password&gt;</code> as the actual password, while sing-box does not provide this alias. To use sing-box with the official program, you need to fill in that combination as the actual password.</p>"},{"location":"manual/proxy-protocol/hysteria2/#server-example","title":"Server Example","text":"<p>Replace <code>up_mbps</code> and <code>down_mbps</code> values with the actual bandwidth of your server.</p> With local certificate With ACME With ACME and Cloudflare API <pre><code> {\n \"inbounds\": [\n {\n \"type\": \"hysteria2\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"&lt;password&gt;\"\n }\n ],\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"key_path\": \"/path/to/key.pem\",\n \"certificate_path\": \"/path/to/certificate.pem\"\n }\n }\n ]\n}\n</code></pre> <pre><code> {\n \"inbounds\": [\n {\n \"type\": \"hysteria2\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"&lt;password&gt;\"\n }\n ],\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"acme\": {\n \"domain\": \"example.org\",\n \"email\": \"admin@example.org\"\n }\n }\n }\n ]\n}\n</code></pre> <pre><code> {\n \"inbounds\": [\n {\n \"type\": \"hysteria2\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"&lt;password&gt;\"\n }\n ],\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"acme\": {\n \"domain\": \"example.org\",\n \"email\": \"admin@example.org\",\n \"dns01_challenge\": {\n \"provider\": \"cloudflare\",\n \"api_token\": \"my_token\"\n }\n }\n }\n }\n ]\n}\n</code></pre>"},{"location":"manual/proxy-protocol/hysteria2/#client-example","title":"Client Example","text":"<p>Replace <code>up_mbps</code> and <code>down_mbps</code> values with the actual bandwidth of your client.</p> With valid certificate With self-sign certificate Ignore certificate verification <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"hysteria2\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"password\": \"&lt;password&gt;\",\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\"\n }\n }\n ]\n}\n</code></pre> <p>Tip</p> <p>Use <code>sing-box merge</code> command to merge configuration and certificate into one file.</p> <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"hysteria2\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"password\": \"&lt;password&gt;\",\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"certificate_path\": \"/path/to/certificate.pem\"\n }\n }\n ]\n}\n</code></pre> <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"hysteria2\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"password\": \"&lt;password&gt;\",\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"insecure\": true\n }\n }\n ]\n}\n</code></pre>"},{"location":"manual/proxy-protocol/shadowsocks/","title":"Shadowsocks","text":"<p>Shadowsocks is the most well-known Chinese-made proxy protocol. It exists in multiple versions, but only AEAD 2022 ciphers over TCP with multiplexing is recommended.</p> Ciphers Specification Cryptographically sound Resists passive detection Resists active probes Stream Ciphers shadowsocks.org AEAD shadowsocks.org AEAD 2022 shadowsocks.org <p>(We strongly recommend using multiplexing to send UDP traffic over TCP, because doing otherwise is vulnerable to passive detection.)</p>"},{"location":"manual/proxy-protocol/shadowsocks/#password-generator","title":"Password Generator","text":"For <code>2022-blake3-aes-128-gcm</code> cipher For other ciphers Action <code><code> <code><code> Refresh"},{"location":"manual/proxy-protocol/shadowsocks/#server-example","title":"Server Example","text":"Single-user Multi-user <pre><code> {\n \"inbounds\": [\n {\n \"type\": \"shadowsocks\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"network\": \"tcp\",\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"&lt;password&gt;\",\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre> <pre><code> {\n \"inbounds\": [\n {\n \"type\": \"shadowsocks\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"network\": \"tcp\",\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"&lt;server_password&gt;\",\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"&lt;user_password&gt;\"\n }\n ],\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre>"},{"location":"manual/proxy-protocol/shadowsocks/#client-example","title":"Client Example","text":"Single-user Multi-user <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"shadowsocks\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"&lt;pasword&gt;\",\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre> <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"shadowsocks\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"&lt;server_pasword&gt;:&lt;user_password&gt;\",\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre>"},{"location":"manual/proxy-protocol/trojan/","title":"Trojan","text":"<p>Torjan is the most commonly used TLS proxy made in China. It can be used in various combinations, but only the combination of uTLS and multiplexing is recommended.</p> Protocol and implementation combination Specification Resists passive detection Resists active probes Origin / trojan-gfw trojan-gfw.github.io Basic Go implementation / with privates transport by V2Ray No formal definition with uTLS enabled No formal definition"},{"location":"manual/proxy-protocol/trojan/#password-generator","title":"Password Generator","text":"Generate Password Action <code><code> Refresh"},{"location":"manual/proxy-protocol/trojan/#server-example","title":"Server Example","text":"With local certificate With ACME With ACME and Cloudflare API <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"trojan\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"users\": [\n {\n \"name\": \"example\",\n \"password\": \"password\"\n }\n ],\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"key_path\": \"/path/to/key.pem\",\n \"certificate_path\": \"/path/to/certificate.pem\"\n },\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre> <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"trojan\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"users\": [\n {\n \"name\": \"example\",\n \"password\": \"password\"\n }\n ],\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"acme\": {\n \"domain\": \"example.org\",\n \"email\": \"admin@example.org\"\n }\n },\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre> <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"trojan\",\n \"listen\": \"::\",\n \"listen_port\": 8080,\n \"users\": [\n {\n \"name\": \"example\",\n \"password\": \"password\"\n }\n ],\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"acme\": {\n \"domain\": \"example.org\",\n \"email\": \"admin@example.org\",\n \"dns01_challenge\": {\n \"provider\": \"cloudflare\",\n \"api_token\": \"my_token\"\n }\n }\n },\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre>"},{"location":"manual/proxy-protocol/trojan/#client-example","title":"Client Example","text":"With valid certificate With self-sign certificate Ignore certificate verification <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"trojan\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"password\": \"password\",\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"utls\": {\n \"enabled\": true,\n \"fingerprint\": \"firefox\"\n }\n },\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre> <p>Tip</p> <p>Use <code>sing-box merge</code> command to merge configuration and certificate into one file.</p> <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"trojan\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"password\": \"password\",\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"certificate_path\": \"/path/to/certificate.pem\",\n \"utls\": {\n \"enabled\": true,\n \"fingerprint\": \"firefox\"\n }\n },\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre> <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"trojan\",\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"password\": \"password\",\n \"tls\": {\n \"enabled\": true,\n \"server_name\": \"example.org\",\n \"insecure\": true,\n \"utls\": {\n \"enabled\": true,\n \"fingerprint\": \"firefox\"\n }\n },\n \"multiplex\": {\n \"enabled\": true\n }\n }\n ]\n}\n</code></pre>"},{"location":"zh/","title":"\u5f00\u59cb","text":"<p>\u6b22\u8fce\u6765\u5230\u8be5 sing-box \u9879\u76ee\u7684\u6587\u6863\u9875\u3002</p> <p>\u901a\u7528\u4ee3\u7406\u5e73\u53f0\u3002</p>"},{"location":"zh/#_2","title":"\u6388\u6743","text":"<pre><code>Copyright (C) 2022 by nekohasekai &lt;contact-sagernet@sekai.icu&gt;\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.\n\nIn addition, no derivative work may use the name or imply association\nwith this application without prior consent.\n</code></pre>"},{"location":"zh/changelog/","title":"\u66f4\u65b0\u65e5\u5fd7","text":""},{"location":"zh/deprecated/","title":"\u5e9f\u5f03\u529f\u80fd\u5217\u8868","text":""},{"location":"zh/deprecated/#_2","title":"\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9","text":"<p>\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\uff08<code>block</code> / <code>dns</code>\uff09\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#_3","title":"\u65e7\u7684\u5165\u7ad9\u5b57\u6bb5","text":"<p>\u65e7\u7684\u5165\u7ad9\u5b57\u6bb5\uff08<code>inbound.&lt;sniff/domain_strategy/...&gt;</code>\uff09\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#direct","title":"direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5","text":"<p>direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5\uff08<code>override_address</code> / <code>override_port</code>\uff09\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#wireguard","title":"WireGuard \u51fa\u7ad9","text":"<p>WireGuard \u51fa\u7ad9\u5df2\u5e9f\u5f03\u4e14\u53ef\u4ee5\u901a\u8fc7\u7aef\u70b9\u66ff\u4ee3\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u65e7\u51fa\u7ad9\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#tun-gso","title":"TUN \u7684 GSO \u5b57\u6bb5","text":"<p>GSO \u5bf9\u900f\u660e\u4ee3\u7406\u573a\u666f\u6ca1\u6709\u4f18\u52bf\uff0c\u5df2\u5e9f\u5f03\u4e14\u5728 TUN \u4e2d\u4e0d\u518d\u8d77\u4f5c\u7528\u3002</p> <p>\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#match-source","title":"Match source \u89c4\u5219\u9879\u5df2\u91cd\u547d\u540d","text":"<p><code>rule_set_ipcidr_match_source</code> \u8def\u7531\u548c DNS \u89c4\u5219\u9879\u5df2\u88ab\u91cd\u547d\u540d\u4e3a <code>rule_set_ip_cidr_match_source</code> \u4e14\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#tun","title":"TUN \u5730\u5740\u5b57\u6bb5\u5df2\u5408\u5e76","text":"<p><code>inet4_address</code> \u548c <code>inet6_address</code> \u5df2\u5408\u5e76\u4e3a <code>address</code>\uff0c <code>inet4_route_address</code> \u548c <code>inet6_route_address</code> \u5df2\u5408\u5e76\u4e3a <code>route_address</code>\uff0c <code>inet4_route_exclude_address</code> \u548c <code>inet6_route_exclude_address</code> \u5df2\u5408\u5e76\u4e3a <code>route_exclude_address</code>\u3002</p> <p>\u65e7\u5b57\u6bb5\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002</p>"},{"location":"zh/deprecated/#go118-go119","title":"\u79fb\u9664\u5bf9 go1.18 \u548c go1.19 \u7684\u652f\u6301","text":"<p>\u7531\u4e8e\u7ef4\u62a4\u56f0\u96be\uff0csing-box 1.10.0 \u8981\u6c42\u81f3\u5c11 Go 1.20 \u624d\u80fd\u7f16\u8bd1\u3002</p>"},{"location":"zh/deprecated/#clash-api-cache-file","title":"Clash API \u4e2d\u7684 Cache file \u53ca\u76f8\u5173\u529f\u80fd","text":"<p>Clash API \u4e2d\u7684 <code>cache_file</code> \u53ca\u76f8\u5173\u529f\u80fd\u5df2\u5e9f\u5f03\u4e14\u5df2\u8fc1\u79fb\u5230\u72ec\u7acb\u7684 <code>cache_file</code> \u8bbe\u7f6e\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p>"},{"location":"zh/deprecated/#geoip","title":"GeoIP","text":"<p>GeoIP \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>maxmind GeoIP \u56fd\u5bb6\u6570\u636e\u5e93\u4f5c\u4e3a IP \u5206\u7c7b\u6570\u636e\u5e93\uff0c\u4e0d\u5b8c\u5168\u9002\u5408\u6d41\u91cf\u7ed5\u8fc7\uff0c \u4e14\u73b0\u6709\u7684\u5b9e\u73b0\u5747\u5b58\u5728\u5185\u5b58\u4f7f\u7528\u5927\u4e0e\u7ba1\u7406\u56f0\u96be\u7684\u95ee\u9898\u3002</p> <p>sing-box 1.8.0 \u5f15\u5165\u4e86\u89c4\u5219\u96c6\uff0c \u53ef\u4ee5\u5b8c\u5168\u66ff\u4ee3 GeoIP\uff0c \u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p>"},{"location":"zh/deprecated/#geosite","title":"Geosite","text":"<p>Geosite \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>Geosite\uff0c\u5373\u7531 V2Ray \u7ef4\u62a4\u7684 domain-list-community \u9879\u76ee\uff0c\u4f5c\u4e3a\u65e9\u671f\u6d41\u91cf\u7ed5\u8fc7\u89e3\u51b3\u65b9\u6848\uff0c \u5b58\u5728\u7740\u5305\u62ec\u7f3a\u5c11\u7ef4\u62a4\u3001\u89c4\u5219\u4e0d\u51c6\u786e\u548c\u7ba1\u7406\u56f0\u96be\u5185\u7684\u5927\u91cf\u95ee\u9898\u3002</p> <p>sing-box 1.8.0 \u5f15\u5165\u4e86\u89c4\u5219\u96c6\uff0c \u53ef\u4ee5\u5b8c\u5168\u66ff\u4ee3 Geosite\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p>"},{"location":"zh/deprecated/#160","title":"1.6.0","text":"<p>\u4e0b\u5217\u529f\u80fd\u5df2\u5728 1.5.0 \u4e2d\u6807\u8bb0\u4e3a\u5df2\u5f03\u7528\uff0c\u5e76\u5728 1.6.0 \u4e2d\u5b8c\u5168\u5220\u9664\u3002</p>"},{"location":"zh/deprecated/#shadowsocksr","title":"ShadowsocksR","text":"<p>ShadowsocksR \u652f\u6301\u4ece\u672a\u9ed8\u8ba4\u542f\u7528\uff0c\u81ea\u4ece\u5e38\u7528\u7684\u9ed1\u4ea7\u4ee3\u7406\u9500\u552e\u9762\u677f\u505c\u6b62\u4f7f\u7528\u8be5\u534f\u8bae\uff0c\u7ee7\u7eed\u7ef4\u62a4\u5b83\u662f\u6ca1\u6709\u610f\u4e49\u7684\u3002</p>"},{"location":"zh/deprecated/#proxy-protocol","title":"Proxy Protocol","text":"<p>Proxy Protocol \u652f\u6301\u7531 Pull Request \u6dfb\u52a0\uff0c\u5b58\u5728\u95ee\u9898\u4e14\u4ec5\u7531 HTTP \u591a\u8def\u590d\u7528\u5668\uff08\u5982 nginx\uff09\u7684\u540e\u7aef\u4f7f\u7528\uff0c\u5177\u6709\u4fb5\u5165\u6027\uff0c\u5bf9\u4e8e\u4ee3\u7406\u76ee\u7684\u6beb\u65e0\u610f\u4e49\u3002</p>"},{"location":"zh/migration/","title":"\u8fc1\u79fb\u6307\u5357","text":""},{"location":"zh/migration/#_1","title":"\u8fc1\u79fb\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5230\u89c4\u5219\u52a8\u4f5c","text":"<p>\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u53ef\u4ee5\u88ab\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\u3002</p> <p>\u53c2\u8003</p> <p>\u89c4\u5219\u52a8\u4f5c / Block / DNS</p> BlockDNS \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"block\",\n \"tag\": \"block\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n ...,\n\n \"outbound\": \"block\"\n }\n ]\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n ...,\n\n \"action\": \"reject\"\n }\n ]\n }\n}\n</code></pre> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"inbound\": [\n {\n ...,\n\n \"sniff\": true\n }\n ],\n \"outbounds\": [\n {\n \"tag\": \"dns\",\n \"type\": \"dns\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"protocol\": \"dns\",\n \"outbound\": \"dns\"\n }\n ]\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"action\": \"sniff\"\n },\n {\n \"protocol\": \"dns\",\n \"action\": \"hijack-dns\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"zh/migration/#_2","title":"\u8fc1\u79fb\u65e7\u7684\u5165\u7ad9\u5b57\u6bb5\u5230\u89c4\u5219\u52a8\u4f5c","text":"<p>\u5165\u7ad9\u9009\u9879\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u53ef\u4ee5\u88ab\u89c4\u5219\u52a8\u4f5c\u66ff\u4ee3\u3002</p> <p>\u53c2\u8003</p> <p>\u76d1\u542c\u5b57\u6bb5 / \u89c4\u5219 / \u89c4\u5219\u52a8\u4f5c / DNS \u89c4\u5219 / DNS \u89c4\u5219\u52a8\u4f5c</p> \u5f03\u7528\u7684 New <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"mixed\",\n \"sniff\": true,\n \"sniff_timeout\": \"1s\",\n \"domain_strategy\": \"prefer_ipv4\"\n }\n ]\n}\n</code></pre> <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"mixed\",\n \"tag\": \"in\"\n }\n ],\n \"route\": {\n \"rules\": [\n {\n \"inbound\": \"in\",\n \"action\": \"resolve\",\n \"strategy\": \"prefer_ipv4\"\n },\n {\n \"inbound\": \"in\",\n \"action\": \"sniff\",\n \"timeout\": \"1s\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"zh/migration/#direct","title":"\u8fc1\u79fb direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5\u5230\u8def\u7531\u5b57\u6bb5","text":"<p>direct \u51fa\u7ad9\u4e2d\u7684\u76ee\u6807\u5730\u5740\u8986\u76d6\u5b57\u6bb5\u5df2\u5e9f\u5f03\uff0c\u4e14\u53ef\u4ee5\u88ab\u8def\u7531\u5b57\u6bb5\u66ff\u4ee3\u3002</p> <p>\u53c2\u8003</p> <p>Rule Action / Direct</p> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"direct\",\n \"override_address\": \"1.1.1.1\",\n \"override_port\": 443\n }\n ]\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"action\": \"route-options\", // \u6216 route\n \"override_address\": \"1.1.1.1\",\n \"override_port\": 443\n }\n ]\n }\n}\n</code></pre>"},{"location":"zh/migration/#wireguard","title":"\u8fc1\u79fb WireGuard \u51fa\u7ad9\u5230\u7aef\u70b9","text":"<p>WireGuard \u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u53ef\u4ee5\u88ab\u7aef\u70b9\u66ff\u4ee3\u3002</p> <p>\u53c2\u8003</p> <p>\u7aef\u70b9 / WireGuard \u7aef\u70b9 / WireGuard \u51fa\u7ad9</p> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"outbounds\": [\n {\n \"type\": \"wireguard\",\n \"tag\": \"wg-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 10001,\n \"system_interface\": true,\n \"gso\": true,\n \"interface_name\": \"wg0\",\n \"local_address\": [\n \"10.0.0.1/32\"\n ],\n \"private_key\": \"&lt;private_key&gt;\",\n \"peer_public_key\": \"&lt;peer_public_key&gt;\",\n \"pre_shared_key\": \"&lt;pre_shared_key&gt;\",\n \"reserved\": [0, 0, 0],\n \"mtu\": 1408\n }\n ]\n}\n</code></pre> <pre><code>{\n \"endpoints\": [\n {\n \"type\": \"wireguard\",\n \"tag\": \"wg-ep\",\n \"system\": true,\n \"name\": \"wg0\",\n \"mtu\": 1408,\n \"address\": [\n \"10.0.0.2/32\"\n ],\n \"private_key\": \"&lt;private_key&gt;\",\n \"listen_port\": 10000,\n \"peers\": [\n {\n \"address\": \"127.0.0.1\",\n \"port\": 10001,\n \"public_key\": \"&lt;peer_public_key&gt;\",\n \"pre_shared_key\": \"&lt;pre_shared_key&gt;\",\n \"allowed_ips\": [\n \"0.0.0.0/0\"\n ],\n \"persistent_keepalive_interval\": 30,\n \"reserved\": [0, 0, 0]\n }\n ]\n }\n ]\n}\n</code></pre>"},{"location":"zh/migration/#tun","title":"TUN \u5730\u5740\u5b57\u6bb5\u5df2\u5408\u5e76","text":"<p><code>inet4_address</code> \u548c <code>inet6_address</code> \u5df2\u5408\u5e76\u4e3a <code>address</code>\uff0c <code>inet4_route_address</code> \u548c <code>inet6_route_address</code> \u5df2\u5408\u5e76\u4e3a <code>route_address</code>\uff0c <code>inet4_route_exclude_address</code> \u548c <code>inet6_route_exclude_address</code> \u5df2\u5408\u5e76\u4e3a <code>route_exclude_address</code>\u3002</p> <p>\u53c2\u8003</p> <p>TUN</p> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"inet4_address\": \"172.19.0.1/30\",\n \"inet6_address\": \"fdfe:dcba:9876::1/126\",\n \"inet4_route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\"\n ],\n \"inet6_route_address\": [\n \"::/1\",\n \"8000::/1\"\n ],\n \"inet4_route_exclude_address\": [\n \"192.168.0.0/16\"\n ],\n \"inet6_route_exclude_address\": [\n \"fc00::/7\"\n ]\n }\n ]\n}\n</code></pre> <pre><code>{\n \"inbounds\": [\n {\n \"type\": \"tun\",\n \"address\": [\n \"172.19.0.1/30\",\n \"fdfe:dcba:9876::1/126\"\n ],\n \"route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\",\n \"::/1\",\n \"8000::/1\"\n ],\n \"route_exclude_address\": [\n \"192.168.0.0/16\",\n \"fc00::/7\"\n ]\n }\n ]\n}\n</code></pre>"},{"location":"zh/migration/#apple-bundle-identifier","title":"Apple \u5e73\u53f0\u5ba2\u6237\u7aef\u7684 Bundle Identifier \u66f4\u65b0","text":"<p>\u7531\u4e8e\u6211\u4eec\u65e7\u7684\u82f9\u679c\u5f00\u53d1\u8005\u8d26\u6237\u5b58\u5728\u95ee\u9898\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7\u66f4\u65b0 Bundle Identifiers \u6765\u91cd\u65b0\u4e0a\u67b6 sing-box \u5e94\u7528\uff0c \u8fd9\u610f\u5473\u7740\u6570\u636e\u4e0d\u4f1a\u81ea\u52a8\u7ee7\u627f\u3002</p> <p>\u5bf9\u4e8e iOS\uff0c\u60a8\u9700\u8981\u81ea\u884c\u5907\u4efd\u65e7\u7684\u6570\u636e\uff08\u5982\u679c\u60a8\u4ecd\u7136\u53ef\u4ee5\u8bbf\u95ee\uff09\uff1b \u5bf9\u4e8e Apple tvOS\uff0c\u60a8\u9700\u8981\u4ece iPhone \u6216 iPad \u91cd\u65b0\u5bfc\u5165\u914d\u7f6e\u6216\u8005\u624b\u52a8\u521b\u5efa\uff1b \u5bf9\u4e8e macOS\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u8fc1\u79fb\u6570\u636e\u6587\u4ef6\u5939\uff1a</p> <pre><code>cd ~/Library/Group\\ Containers &amp;&amp; \\ \n mv group.io.nekohasekai.sfa group.io.nekohasekai.sfavt\n</code></pre>"},{"location":"zh/migration/#domain_suffix","title":"<code>domain_suffix</code> \u884c\u4e3a\u66f4\u65b0","text":"<p>\u7531\u4e8e\u5386\u53f2\u539f\u56e0\uff0csing-box \u7684 <code>domain_suffix</code> \u89c4\u5219\u5339\u914d\u5b57\u9762\u524d\u7f00\uff0c\u800c\u4e0d\u4e0e\u5176\u4ed6\u9879\u76ee\u76f8\u540c\u3002</p> <p>sing-box 1.9.0 \u4fee\u6539\u4e86 <code>domain_suffix</code> \u7684\u884c\u4e3a\uff1a\u5982\u679c\u89c4\u5219\u503c\u4ee5 <code>.</code> \u4e3a\u524d\u7f00\u5219\u884c\u4e3a\u4e0d\u53d8\uff0c\u5426\u5219\u6539\u4e3a\u5339\u914d <code>(domain|.+\\.domain)</code>\u3002</p>"},{"location":"zh/migration/#windows-process_path","title":"\u5bf9 Windows \u4e0a <code>process_path</code> \u683c\u5f0f\u7684\u66f4\u65b0","text":"<p>sing-box \u7684 <code>process_path</code> \u89c4\u5219\u7ee7\u627f\u81eaClash\uff0c \u539f\u59cb\u4ee3\u7801\u4f7f\u7528\u672c\u5730\u7cfb\u7edf\u7684\u8def\u5f84\u683c\u5f0f\uff08\u4f8b\u5982 <code>\\Device\\HarddiskVolume1\\folder\\program.exe</code>\uff09\uff0c \u4f46\u662f\u5f53\u8bbe\u5907\u6709\u591a\u4e2a\u786c\u76d8\u65f6\uff0c\u8be5 HarddiskVolume \u7cfb\u5217\u53f7\u5e76\u4e0d\u7a33\u5b9a\u3002</p> <p>sing-box 1.9.0 \u4f7f QueryFullProcessImageNameW \u8f93\u51fa Win32 \u8def\u5f84\uff08\u5982 <code>C:\\folder\\program.exe</code>\uff09\uff0c \u8fd9\u5c06\u4f1a\u7834\u574f\u73b0\u6709\u7684 Windows <code>process_path</code> \u7528\u4f8b\u3002</p>"},{"location":"zh/migration/#clash-api","title":"\u5c06\u7f13\u5b58\u6587\u4ef6\u4ece Clash API \u8fc1\u79fb\u5230\u72ec\u7acb\u9009\u9879","text":"<p>\u53c2\u8003</p> <p>Clash API / Cache File</p> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"experimental\": {\n \"clash_api\": {\n \"cache_file\": \"cache.db\", // \u9ed8\u8ba4\u503c\n \"cahce_id\": \"my_profile2\",\n \"store_mode\": true,\n \"store_selected\": true,\n \"store_fakeip\": true\n }\n }\n}\n</code></pre> <pre><code>{\n \"experimental\" : {\n \"cache_file\": {\n \"enabled\": true,\n \"path\": \"cache.db\", // \u9ed8\u8ba4\u503c\n \"cache_id\": \"my_profile2\",\n \"store_fakeip\": true\n }\n }\n}\n</code></pre>"},{"location":"zh/migration/#geoip","title":"\u8fc1\u79fb GeoIP \u5230\u89c4\u5219\u96c6","text":"<p>\u53c2\u8003</p> <p>GeoIP / \u8def\u7531 / \u8def\u7531\u89c4\u5219 / DNS \u89c4\u5219 / \u89c4\u5219\u96c6</p> <p>Tip</p> <p><code>sing-box geoip</code> \u547d\u4ee4\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c06\u81ea\u5b9a\u4e49 GeoIP \u8f6c\u6362\u4e3a\u89c4\u5219\u96c6\u3002</p> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"geoip\": \"private\",\n \"outbound\": \"direct\"\n },\n {\n \"geoip\": \"cn\",\n \"outbound\": \"direct\"\n },\n {\n \"source_geoip\": \"cn\",\n \"outbound\": \"block\"\n }\n ],\n \"geoip\": {\n \"download_detour\": \"proxy\"\n }\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"ip_is_private\": true,\n \"outbound\": \"direct\"\n },\n {\n \"rule_set\": \"geoip-cn\",\n \"outbound\": \"direct\"\n },\n {\n \"rule_set\": \"geoip-us\",\n \"rule_set_ipcidr_match_source\": true,\n \"outbound\": \"block\"\n }\n ],\n \"rule_set\": [\n {\n \"tag\": \"geoip-cn\",\n \"type\": \"remote\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs\",\n \"download_detour\": \"proxy\"\n },\n {\n \"tag\": \"geoip-us\",\n \"type\": \"remote\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-us.srs\",\n \"download_detour\": \"proxy\"\n }\n ]\n },\n \"experimental\": {\n \"cache_file\": {\n \"enabled\": true // required to save rule-set cache\n }\n }\n}\n</code></pre>"},{"location":"zh/migration/#geosite","title":"\u8fc1\u79fb Geosite \u5230\u89c4\u5219\u96c6","text":"<p>\u53c2\u8003</p> <p>Geosite / \u8def\u7531 / \u8def\u7531\u89c4\u5219 / DNS \u89c4\u5219 / \u89c4\u5219\u96c6</p> <p>Tip</p> <p><code>sing-box geosite</code> \u547d\u4ee4\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c06\u81ea\u5b9a\u4e49 Geosite \u8f6c\u6362\u4e3a\u89c4\u5219\u96c6\u3002</p> \u5f03\u7528\u7684 \u65b0\u7684 <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"geosite\": \"cn\",\n \"outbound\": \"direct\"\n }\n ],\n \"geosite\": {\n \"download_detour\": \"proxy\"\n }\n }\n}\n</code></pre> <pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"rule_set\": \"geosite-cn\",\n \"outbound\": \"direct\"\n }\n ],\n \"rule_set\": [\n {\n \"tag\": \"geosite-cn\",\n \"type\": \"remote\",\n \"format\": \"binary\",\n \"url\": \"https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-cn.srs\",\n \"download_detour\": \"proxy\"\n }\n ]\n },\n \"experimental\": {\n \"cache_file\": {\n \"enabled\": true // required to save rule-set cache\n }\n }\n}\n</code></pre>"},{"location":"zh/support/","title":"\u652f\u6301","text":"\u901a\u9053 \u94fe\u63a5 GitHub Issues https://github.com/SagerNet/sing-box/issues Telegram \u901a\u77e5\u9891\u9053 https://t.me/yapnc Telegram \u7528\u6237\u7ec4 https://t.me/yapug \u90ae\u4ef6 contact@sagernet.org"},{"location":"zh/clients/","title":"\u56fe\u5f62\u754c\u9762\u5ba2\u6237\u7aef","text":"<p>\u7531 Project S \u7ef4\u62a4\uff0c\u63d0\u4f9b\u7edf\u4e00\u7684\u4f53\u9a8c\u4e0e\u5e73\u53f0\u7279\u5b9a\u7684\u529f\u80fd\u3002</p> \u5e73\u53f0 \u5ba2\u6237\u7aef Android sing-box for Android iOS/macOS/Apple tvOS sing-box for Apple platforms Desktop \u65bd\u5de5\u4e2d <p>\u6b64\u5904\u6ca1\u6709\u5217\u51fa\u4e00\u4e9b\u58f0\u79f0\u4f7f\u7528\u6216\u4ee5 sing-box \u4e3a\u5356\u70b9\u7684\u7b2c\u4e09\u65b9\u9879\u76ee\u3002\u6b64\u7c7b\u9879\u76ee\u7ef4\u62a4\u8005\u7684\u52a8\u673a\u662f\u83b7\u5f97\u66f4\u591a\u7528\u6237\uff0c\u5373\u4f7f\u5b83\u4eec\u63d0\u4f9b\u53cb\u597d\u7684\u5546\u4e1a VPN \u5ba2\u6237\u7aef\u529f\u80fd\uff0c \u4f46\u4ee3\u7801\u8d28\u91cf\u5f88\u5dee\u4e14\u5305\u542b\u5e7f\u544a\u3002</p>"},{"location":"zh/configuration/","title":"\u5f15\u8a00","text":"<p>sing-box \u4f7f\u7528 JSON \u4f5c\u4e3a\u914d\u7f6e\u6587\u4ef6\u683c\u5f0f\u3002</p>"},{"location":"zh/configuration/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"log\": {},\n \"dns\": {},\n \"endpoints\": [],\n \"inbounds\": [],\n \"outbounds\": [],\n \"route\": {},\n \"experimental\": {}\n}\n</code></pre>"},{"location":"zh/configuration/#_3","title":"\u5b57\u6bb5","text":"Key Format <code>log</code> \u65e5\u5fd7 <code>dns</code> DNS <code>endpoints</code> \u7aef\u70b9 <code>inbounds</code> \u5165\u7ad9 <code>outbounds</code> \u51fa\u7ad9 <code>route</code> \u8def\u7531 <code>experimental</code> \u5b9e\u9a8c\u6027"},{"location":"zh/configuration/#_4","title":"\u68c0\u67e5","text":"<pre><code>sing-box check\n</code></pre>"},{"location":"zh/configuration/#_5","title":"\u683c\u5f0f\u5316","text":"<pre><code>sing-box format -w -c config.json -D config_directory\n</code></pre>"},{"location":"zh/configuration/#_6","title":"\u5408\u5e76","text":"<pre><code>sing-box merge output.json -c config.json -D config_directory\n</code></pre>"},{"location":"zh/configuration/dns/","title":"Index","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> cache_capacity</p>"},{"location":"zh/configuration/dns/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"dns\": {\n \"servers\": [],\n \"rules\": [],\n \"final\": \"\",\n \"strategy\": \"\",\n \"disable_cache\": false,\n \"disable_expire\": false,\n \"independent_cache\": false,\n \"cache_capacity\": 0,\n \"reverse_mapping\": false,\n \"client_subnet\": \"\",\n \"fakeip\": {}\n }\n}\n</code></pre>"},{"location":"zh/configuration/dns/#_2","title":"\u5b57\u6bb5","text":"\u952e \u683c\u5f0f <code>server</code> \u4e00\u7ec4 DNS \u670d\u52a1\u5668 <code>rules</code> \u4e00\u7ec4 DNS \u89c4\u5219"},{"location":"zh/configuration/dns/#final","title":"final","text":"<p>\u9ed8\u8ba4 DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528\u7b2c\u4e00\u4e2a\u670d\u52a1\u5668\u3002</p>"},{"location":"zh/configuration/dns/#strategy","title":"strategy","text":"<p>\u9ed8\u8ba4\u89e3\u6790\u57df\u540d\u7b56\u7565\u3002</p> <p>\u53ef\u9009\u503c: <code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\u4e86 <code>server.strategy</code>\uff0c\u5219\u4e0d\u751f\u6548\u3002</p>"},{"location":"zh/configuration/dns/#disable_cache","title":"disable_cache","text":"<p>\u7981\u7528 DNS \u7f13\u5b58\u3002</p>"},{"location":"zh/configuration/dns/#disable_expire","title":"disable_expire","text":"<p>\u7981\u7528 DNS \u7f13\u5b58\u8fc7\u671f\u3002</p>"},{"location":"zh/configuration/dns/#independent_cache","title":"independent_cache","text":"<p>\u4f7f\u6bcf\u4e2a DNS \u670d\u52a1\u5668\u7684\u7f13\u5b58\u72ec\u7acb\uff0c\u4ee5\u6ee1\u8db3\u7279\u6b8a\u76ee\u7684\u3002\u5982\u679c\u542f\u7528\uff0c\u5c06\u8f7b\u5fae\u964d\u4f4e\u6027\u80fd\u3002</p>"},{"location":"zh/configuration/dns/#cache_capacity","title":"cache_capacity","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>LRU \u7f13\u5b58\u5bb9\u91cf\u3002</p> <p>\u5c0f\u4e8e 1024 \u7684\u503c\u5c06\u88ab\u5ffd\u7565\u3002</p>"},{"location":"zh/configuration/dns/#reverse_mapping","title":"reverse_mapping","text":"<p>\u5728\u54cd\u5e94 DNS \u67e5\u8be2\u540e\u5b58\u50a8 IP \u5730\u5740\u7684\u53cd\u5411\u6620\u5c04\u4ee5\u4e3a\u8def\u7531\u76ee\u7684\u63d0\u4f9b\u57df\u540d\u3002</p> <p>\u7531\u4e8e\u6b64\u8fc7\u7a0b\u4f9d\u8d56\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5728\u53d1\u51fa\u8bf7\u6c42\u4e4b\u524d\u89e3\u6790\u57df\u540d\u7684\u884c\u4e3a\uff0c\u56e0\u6b64\u5728 macOS \u7b49 DNS \u7531\u7cfb\u7edf\u4ee3\u7406\u548c\u7f13\u5b58\u7684\u73af\u5883\u4e2d\u53ef\u80fd\u4f1a\u51fa\u73b0\u95ee\u9898\u3002</p>"},{"location":"zh/configuration/dns/#client_subnet","title":"client_subnet","text":"<p>\u81ea sing-box 1.9.0 \u8d77</p> <p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u5e26\u6709\u6307\u5b9a IP \u524d\u7f00\u7684 <code>edns0-subnet</code> OPT \u9644\u52a0\u8bb0\u5f55\u9644\u52a0\u5230\u6bcf\u4e2a\u67e5\u8be2\u3002</p> <p>\u5982\u679c\u503c\u662f IP \u5730\u5740\u800c\u4e0d\u662f\u524d\u7f00\uff0c\u5219\u4f1a\u81ea\u52a8\u9644\u52a0 <code>/32</code> \u6216 <code>/128</code>\u3002</p> <p>\u53ef\u4ee5\u88ab <code>servers.[].client_subnet</code> \u6216 <code>rules.[].client_subnet</code> \u8986\u76d6\u3002</p>"},{"location":"zh/configuration/dns/#fakeip","title":"fakeip","text":"<p>FakeIP \u8bbe\u7f6e\u3002</p>"},{"location":"zh/configuration/dns/fakeip/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"enabled\": true,\n \"inet4_range\": \"198.18.0.0/15\",\n \"inet6_range\": \"fc00::/18\"\n}\n</code></pre>"},{"location":"zh/configuration/dns/fakeip/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/dns/fakeip/#enabled","title":"enabled","text":"<p>\u542f\u7528 FakeIP \u670d\u52a1\u3002</p>"},{"location":"zh/configuration/dns/fakeip/#inet4_range","title":"inet4_range","text":"<p>\u7528\u4e8e FakeIP \u7684 IPv4 \u5730\u5740\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/dns/fakeip/#inet6_range","title":"inet6_range","text":"<p>\u7528\u4e8e FakeIP \u7684 IPv6 \u5730\u5740\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/dns/rule/","title":"DNS \u89c4\u5219","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> action server disable_cache rewrite_ttl client_subnet network_type network_is_expensive network_is_constrained</p> <p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> rule_set_ipcidr_match_source rule_set_ip_cidr_match_source rule_set_ip_cidr_accept_empty process_path_regex</p> <p>sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539</p> <p> geoip ip_cidr ip_is_private client_subnet rule_set_ipcidr_match_source</p> <p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> rule_set source_ip_is_private geoip geosite</p>"},{"location":"zh/configuration/dns/rule/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"dns\": {\n \"rules\": [\n {\n \"inbound\": [\n \"mixed-in\"\n ],\n \"ip_version\": 6,\n \"query_type\": [\n \"A\",\n \"HTTPS\",\n 32768\n ],\n \"network\": \"tcp\",\n \"auth_user\": [\n \"usera\",\n \"userb\"\n ],\n \"protocol\": [\n \"tls\",\n \"http\",\n \"quic\"\n ],\n \"domain\": [\n \"test.com\"\n ],\n \"domain_suffix\": [\n \".cn\"\n ],\n \"domain_keyword\": [\n \"test\"\n ],\n \"domain_regex\": [\n \"^stun\\\\..+\"\n ],\n \"geosite\": [\n \"cn\"\n ],\n \"source_geoip\": [\n \"private\"\n ],\n \"geoip\": [\n \"cn\"\n ],\n \"source_ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"source_ip_is_private\": false,\n \"ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"ip_is_private\": false,\n \"source_port\": [\n 12345\n ],\n \"source_port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"port\": [\n 80,\n 443\n ],\n \"port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"process_name\": [\n \"curl\"\n ],\n \"process_path\": [\n \"/usr/bin/curl\"\n ],\n \"process_path_regex\": [\n \"^/usr/bin/.+\"\n ],\n \"package_name\": [\n \"com.termux\"\n ],\n \"user\": [\n \"sekai\"\n ],\n \"user_id\": [\n 1000\n ],\n \"clash_mode\": \"direct\",\n \"network_type\": [\n \"wifi\"\n ],\n \"network_is_expensive\": false,\n \"network_is_constrained\": false,\n \"wifi_ssid\": [\n \"My WIFI\"\n ],\n \"wifi_bssid\": [\n \"00:00:00:00:00:00\"\n ],\n \"rule_set\": [\n \"geoip-cn\",\n \"geosite-cn\"\n ],\n // \u5df2\u5f03\u7528\n \"rule_set_ipcidr_match_source\": false,\n \"rule_set_ip_cidr_match_source\": false,\n \"rule_set_ip_cidr_accept_empty\": false,\n \"invert\": false,\n \"outbound\": [\n \"direct\"\n ],\n \"action\": \"route\",\n \"server\": \"local\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [],\n \"action\": \"route\",\n \"server\": \"local\"\n }\n ]\n }\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p>"},{"location":"zh/configuration/dns/rule/#_2","title":"\u9ed8\u8ba4\u5b57\u6bb5","text":"<p>\u9ed8\u8ba4\u89c4\u5219\u4f7f\u7528\u4ee5\u4e0b\u5339\u914d\u903b\u8f91: (<code>domain</code> || <code>domain_suffix</code> || <code>domain_keyword</code> || <code>domain_regex</code> || <code>geosite</code>) &amp;&amp; (<code>port</code> || <code>port_range</code>) &amp;&amp; (<code>source_geoip</code> || <code>source_ip_cidr</code> || <code>source_ip_is_private</code>) &amp;&amp; (<code>source_port</code> || <code>source_port_range</code>) &amp;&amp; <code>other fields</code></p> <p>\u53e6\u5916\uff0c\u5f15\u7528\u7684\u89c4\u5219\u96c6\u53ef\u89c6\u4e3a\u88ab\u5408\u5e76\uff0c\u800c\u4e0d\u662f\u4f5c\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684\u89c4\u5219\u5b50\u9879\u3002</p>"},{"location":"zh/configuration/dns/rule/#inbound","title":"inbound","text":"<p>\u5165\u7ad9 \u6807\u7b7e.</p>"},{"location":"zh/configuration/dns/rule/#ip_version","title":"ip_version","text":"<p>4 (A DNS \u67e5\u8be2) \u6216 6 (AAAA DNS \u67e5\u8be2)\u3002</p> <p>\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002</p>"},{"location":"zh/configuration/dns/rule/#query_type","title":"query_type","text":"<p>DNS \u67e5\u8be2\u7c7b\u578b\u3002\u503c\u53ef\u4ee5\u4e3a\u6574\u6570\u6216\u8005\u7c7b\u578b\u540d\u79f0\u5b57\u7b26\u4e32\u3002</p>"},{"location":"zh/configuration/dns/rule/#network","title":"network","text":"<p><code>tcp</code> \u6216 <code>udp</code>\u3002</p>"},{"location":"zh/configuration/dns/rule/#auth_user","title":"auth_user","text":"<p>\u8ba4\u8bc1\u7528\u6237\u540d\uff0c\u53c2\u9605\u5165\u7ad9\u8bbe\u7f6e\u3002</p>"},{"location":"zh/configuration/dns/rule/#protocol","title":"protocol","text":"<p>\u63a2\u6d4b\u5230\u7684\u534f\u8bae, \u53c2\u9605 \u534f\u8bae\u63a2\u6d4b\u3002</p>"},{"location":"zh/configuration/dns/rule/#domain","title":"domain","text":"<p>\u5339\u914d\u5b8c\u6574\u57df\u540d\u3002</p>"},{"location":"zh/configuration/dns/rule/#domain_suffix","title":"domain_suffix","text":"<p>\u5339\u914d\u57df\u540d\u540e\u7f00\u3002</p>"},{"location":"zh/configuration/dns/rule/#domain_keyword","title":"domain_keyword","text":"<p>\u5339\u914d\u57df\u540d\u5173\u952e\u5b57\u3002</p>"},{"location":"zh/configuration/dns/rule/#domain_regex","title":"domain_regex","text":"<p>\u5339\u914d\u57df\u540d\u6b63\u5219\u8868\u8fbe\u5f0f\u3002</p>"},{"location":"zh/configuration/dns/rule/#geosite","title":"geosite","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>Geosite \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u5339\u914d Geosite\u3002</p>"},{"location":"zh/configuration/dns/rule/#source_geoip","title":"source_geoip","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>GeoIP \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u5339\u914d\u6e90 GeoIP\u3002</p>"},{"location":"zh/configuration/dns/rule/#source_ip_cidr","title":"source_ip_cidr","text":"<p>\u5339\u914d\u6e90 IP CIDR\u3002</p>"},{"location":"zh/configuration/dns/rule/#source_ip_is_private","title":"source_ip_is_private","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u5339\u914d\u975e\u516c\u5f00\u6e90 IP\u3002</p>"},{"location":"zh/configuration/dns/rule/#source_port","title":"source_port","text":"<p>\u5339\u914d\u6e90\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/dns/rule/#source_port_range","title":"source_port_range","text":"<p>\u5339\u914d\u6e90\u7aef\u53e3\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/dns/rule/#port","title":"port","text":"<p>\u5339\u914d\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/dns/rule/#port_range","title":"port_range","text":"<p>\u5339\u914d\u7aef\u53e3\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/dns/rule/#process_name","title":"process_name","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u5339\u914d\u8fdb\u7a0b\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/dns/rule/#process_path","title":"process_path","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/dns/rule/#process_path_regex","title":"process_path_regex","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/dns/rule/#package_name","title":"package_name","text":"<p>\u5339\u914d Android \u5e94\u7528\u5305\u540d\u3002</p>"},{"location":"zh/configuration/dns/rule/#user","title":"user","text":"<p>\u4ec5\u652f\u6301 Linux\u3002</p> <p>\u5339\u914d\u7528\u6237\u540d\u3002</p>"},{"location":"zh/configuration/dns/rule/#user_id","title":"user_id","text":"<p>\u4ec5\u652f\u6301 Linux\u3002</p> <p>\u5339\u914d\u7528\u6237 ID\u3002</p>"},{"location":"zh/configuration/dns/rule/#clash_mode","title":"clash_mode","text":"<p>\u5339\u914d Clash \u6a21\u5f0f\u3002</p>"},{"location":"zh/configuration/dns/rule/#network_type","title":"network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u7f51\u7edc\u7c7b\u578b\u3002</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code> and <code>other</code>.</p>"},{"location":"zh/configuration/dns/rule/#network_is_expensive","title":"network_is_expensive","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u5982\u679c\u7f51\u7edc\u88ab\u89c6\u4e3a\u8ba1\u8d39 (\u5728 Android) \u6216\u88ab\u89c6\u4e3a\u6602\u8d35\uff0c \u50cf\u8702\u7a9d\u7f51\u7edc\u6216\u4e2a\u4eba\u70ed\u70b9 (\u5728 Apple \u5e73\u53f0)\u3002</p>"},{"location":"zh/configuration/dns/rule/#network_is_constrained","title":"network_is_constrained","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u5982\u679c\u7f51\u7edc\u5728\u4f4e\u6570\u636e\u6a21\u5f0f\u4e0b\u3002</p>"},{"location":"zh/configuration/dns/rule/#wifi_ssid","title":"wifi_ssid","text":"<p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d WiFi SSID\u3002</p>"},{"location":"zh/configuration/dns/rule/#wifi_bssid","title":"wifi_bssid","text":"<p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d WiFi BSSID\u3002</p>"},{"location":"zh/configuration/dns/rule/#rule_set","title":"rule_set","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u5339\u914d\u89c4\u5219\u96c6\u3002</p>"},{"location":"zh/configuration/dns/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"<p>\u81ea sing-box 1.9.0 \u8d77</p> <p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>rule_set_ipcidr_match_source</code> \u5df2\u91cd\u547d\u540d\u4e3a <code>rule_set_ip_cidr_match_source</code> \u4e14\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 <code>ip_cidr</code> \u89c4\u5219\u5339\u914d\u6e90 IP\u3002</p>"},{"location":"zh/configuration/dns/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 <code>ip_cidr</code> \u89c4\u5219\u5339\u914d\u6e90 IP\u3002</p>"},{"location":"zh/configuration/dns/rule/#invert","title":"invert","text":"<p>\u53cd\u9009\u5339\u914d\u7ed3\u679c\u3002</p>"},{"location":"zh/configuration/dns/rule/#outbound","title":"outbound","text":"<p>\u5339\u914d\u51fa\u7ad9\u3002</p> <p><code>any</code> \u53ef\u4f5c\u4e3a\u503c\u7528\u4e8e\u5339\u914d\u4efb\u610f\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/dns/rule/#action","title":"action","text":"<p>\u5fc5\u586b</p> <p>\u53c2\u9605 \u89c4\u5219\u52a8\u4f5c\u3002</p>"},{"location":"zh/configuration/dns/rule/#server","title":"server","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.</p>"},{"location":"zh/configuration/dns/rule/#disable_cache","title":"disable_cache","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.</p>"},{"location":"zh/configuration/dns/rule/#rewrite_ttl","title":"rewrite_ttl","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.</p>"},{"location":"zh/configuration/dns/rule/#client_subnet","title":"client_subnet","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5df2\u79fb\u52a8\u5230 DNS \u89c4\u5219\u52a8\u4f5c.</p>"},{"location":"zh/configuration/dns/rule/#_3","title":"\u5730\u5740\u7b5b\u9009\u5b57\u6bb5","text":"<p>\u4ec5\u5bf9\u5730\u5740\u8bf7\u6c42 (A/AAAA/HTTPS) \u751f\u6548\u3002 \u5f53\u67e5\u8be2\u7ed3\u679c\u4e0e\u5730\u5740\u7b5b\u9009\u89c4\u5219\u9879\u4e0d\u5339\u914d\u65f6\uff0c\u5c06\u8df3\u8fc7\u5f53\u524d\u89c4\u5219\u3002</p> <p>\u5f15\u7528\u7684\u89c4\u5219\u96c6\u4e2d\u7684 <code>ip_cidr</code> \u9879\u4e5f\u4f5c\u4e3a\u5730\u5740\u7b5b\u9009\u5b57\u6bb5\u751f\u6548\u3002</p> <p>\u542f\u7528 <code>experimental.cache_file.store_rdrc</code> \u4ee5\u7f13\u5b58\u7ed3\u679c\u3002</p>"},{"location":"zh/configuration/dns/rule/#geoip","title":"geoip","text":"<p>\u81ea sing-box 1.9.0 \u8d77</p> <p>\u4e0e\u67e5\u8be2\u54cd\u5e94\u5339\u914d GeoIP\u3002</p>"},{"location":"zh/configuration/dns/rule/#ip_cidr","title":"ip_cidr","text":"<p>\u81ea sing-box 1.9.0 \u8d77</p> <p>\u4e0e\u67e5\u8be2\u54cd\u5e94\u5339\u914d IP CIDR\u3002</p>"},{"location":"zh/configuration/dns/rule/#ip_is_private","title":"ip_is_private","text":"<p>\u81ea sing-box 1.9.0 \u8d77</p> <p>\u4e0e\u67e5\u8be2\u54cd\u5e94\u5339\u914d\u975e\u516c\u5f00 IP\u3002</p>"},{"location":"zh/configuration/dns/rule/#rule_set_ip_cidr_accept_empty","title":"rule_set_ip_cidr_accept_empty","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 <code>ip_cidr</code> \u89c4\u5219\u63a5\u53d7\u7a7a\u67e5\u8be2\u54cd\u5e94\u3002</p>"},{"location":"zh/configuration/dns/rule/#_4","title":"\u903b\u8f91\u5b57\u6bb5","text":""},{"location":"zh/configuration/dns/rule/#mode","title":"mode","text":"<p>\u5fc5\u586b</p> <p><code>and</code> \u6216 <code>or</code></p>"},{"location":"zh/configuration/dns/rule/#rules","title":"rules","text":"<p>\u5fc5\u586b</p> <p>\u5305\u62ec\u7684\u89c4\u5219\u3002</p>"},{"location":"zh/configuration/dns/rule_action/","title":"DNS \u89c4\u5219\u52a8\u4f5c","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p>"},{"location":"zh/configuration/dns/rule_action/#route","title":"route","text":"<pre><code>{\n \"action\": \"route\", // \u9ed8\u8ba4\n \"server\": \"\",\n\n // \u517c\u5bb9\u6027\n \"disable_cache\": false,\n \"rewrite_ttl\": 0,\n \"client_subnet\": null\n}\n</code></pre> <p><code>route</code> \u7ee7\u627f\u4e86\u5c06 DNS \u8bf7\u6c42 \u8def\u7531\u5230\u6307\u5b9a\u670d\u52a1\u5668\u7684\u7ecf\u5178\u89c4\u5219\u52a8\u4f5c\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u76ee\u6807 DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#disable_cache","title":"disable_cache","text":"<p>\u5728\u6b64\u67e5\u8be2\u4e2d\u7981\u7528\u7f13\u5b58\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#rewrite_ttl","title":"rewrite_ttl","text":"<p>\u91cd\u5199 DNS \u56de\u5e94\u4e2d\u7684 TTL\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#client_subnet","title":"client_subnet","text":"<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u5e26\u6709\u6307\u5b9a IP \u524d\u7f00\u7684 <code>edns0-subnet</code> OPT \u9644\u52a0\u8bb0\u5f55\u9644\u52a0\u5230\u6bcf\u4e2a\u67e5\u8be2\u3002</p> <p>\u5982\u679c\u503c\u662f IP \u5730\u5740\u800c\u4e0d\u662f\u524d\u7f00\uff0c\u5219\u4f1a\u81ea\u52a8\u9644\u52a0 <code>/32</code> \u6216 <code>/128</code>\u3002</p> <p>\u5c06\u8986\u76d6 <code>dns.client_subnet</code> \u4e0e <code>servers.[].client_subnet</code>\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#route-options","title":"route-options","text":"<pre><code>{\n \"action\": \"route-options\",\n \"disable_cache\": false,\n \"rewrite_ttl\": null,\n \"client_subnet\": null\n}\n</code></pre> <p><code>route-options</code> \u4e3a\u8def\u7531\u8bbe\u7f6e\u9009\u9879\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#reject","title":"reject","text":"<pre><code>{\n \"action\": \"reject\",\n \"method\": \"default\", // default\n \"no_drop\": false\n}\n</code></pre> <p><code>reject</code> \u62d2\u7edd DNS \u8bf7\u6c42\u3002</p>"},{"location":"zh/configuration/dns/rule_action/#method","title":"method","text":"<ul> <li><code>default</code>: \u8fd4\u56de NXDOMAIN\u3002</li> <li><code>drop</code>: \u4e22\u5f03\u8bf7\u6c42\u3002</li> </ul>"},{"location":"zh/configuration/dns/rule_action/#no_drop","title":"no_drop","text":"<p>\u5982\u679c\u672a\u542f\u7528\uff0c\u5219 30 \u79d2\u5185\u89e6\u53d1 50 \u6b21\u540e\uff0c<code>method</code> \u5c06\u88ab\u6682\u65f6\u8986\u76d6\u4e3a <code>drop</code>\u3002</p> <p>\u5f53 <code>method</code> \u8bbe\u4e3a <code>drop</code> \u65f6\u4e0d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/dns/server/","title":"DNS \u670d\u52a1\u5668","text":"<p>sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539</p> <p> client_subnet</p>"},{"location":"zh/configuration/dns/server/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"dns\": {\n \"servers\": [\n {\n \"tag\": \"\",\n \"address\": \"\",\n \"address_resolver\": \"\",\n \"address_strategy\": \"\",\n \"strategy\": \"\",\n \"detour\": \"\",\n \"client_subnet\": \"\"\n }\n ]\n }\n}\n</code></pre>"},{"location":"zh/configuration/dns/server/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/dns/server/#tag","title":"tag","text":"<p>DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/dns/server/#address","title":"address","text":"<p>\u5fc5\u586b</p> <p>DNS \u670d\u52a1\u5668\u7684\u5730\u5740\u3002</p> \u534f\u8bae \u683c\u5f0f <code>System</code> <code>local</code> <code>TCP</code> <code>tcp://1.0.0.1</code> <code>UDP</code> <code>8.8.8.8</code> <code>udp://8.8.4.4</code> <code>TLS</code> <code>tls://dns.google</code> <code>HTTPS</code> <code>https://1.1.1.1/dns-query</code> <code>QUIC</code> <code>quic://dns.adguard.com</code> <code>HTTP3</code> <code>h3://8.8.8.8/dns-query</code> <code>RCode</code> <code>rcode://refused</code> <code>DHCP</code> <code>dhcp://auto</code> \u6216 <code>dhcp://en0</code> FakeIP <code>fakeip</code> <p>\u4e3a\u4e86\u786e\u4fdd Android \u7cfb\u7edf DNS \u751f\u6548\uff0c\u800c\u4e0d\u662f Go \u7684\u5185\u7f6e\u9ed8\u8ba4\u89e3\u6790\u5668\uff0c\u8bf7\u5728\u7f16\u8bd1\u65f6\u542f\u7528 CGO\u3002</p> <p>RCode \u4f20\u8f93\u5c42\u4f20\u8f93\u5c42\u5e38\u7528\u4e8e\u5c4f\u853d\u8bf7\u6c42. \u4e0e DNS \u89c4\u5219\u548c <code>disable_cache</code> \u89c4\u5219\u9009\u9879\u4e00\u8d77\u4f7f\u7528\u3002</p> RCode \u63cf\u8ff0 <code>success</code> <code>\u65e0\u9519\u8bef</code> <code>format_error</code> <code>\u8bf7\u6c42\u683c\u5f0f\u9519\u8bef</code> <code>server_failure</code> <code>\u670d\u52a1\u5668\u51fa\u9519</code> <code>name_error</code> <code>\u57df\u540d\u4e0d\u5b58\u5728</code> <code>not_implemented</code> <code>\u529f\u80fd\u672a\u5b9e\u73b0</code> <code>refused</code> <code>\u8bf7\u6c42\u88ab\u62d2\u7edd</code>"},{"location":"zh/configuration/dns/server/#address_resolver","title":"address_resolver","text":"<p>\u5982\u679c\u670d\u52a1\u5668\u5730\u5740\u5305\u62ec\u57df\u540d\u5219\u5fc5\u987b</p> <p>\u7528\u4e8e\u89e3\u6790\u672c DNS \u670d\u52a1\u5668\u7684\u57df\u540d\u7684\u53e6\u4e00\u4e2a DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/dns/server/#address_strategy","title":"address_strategy","text":"<p>\u7528\u4e8e\u89e3\u6790\u672c DNS \u670d\u52a1\u5668\u7684\u57df\u540d\u7684\u7b56\u7565\u3002</p> <p>\u53ef\u9009\u9879\uff1a<code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>dns.strategy</code>\u3002</p>"},{"location":"zh/configuration/dns/server/#strategy","title":"strategy","text":"<p>\u9ed8\u8ba4\u89e3\u6790\u7b56\u7565\u3002</p> <p>\u53ef\u9009\u9879\uff1a<code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>\u3002</p> <p>\u5982\u679c\u88ab\u5176\u4ed6\u8bbe\u7f6e\u8986\u76d6\u5219\u4e0d\u751f\u6548\u3002</p>"},{"location":"zh/configuration/dns/server/#detour","title":"detour","text":"<p>\u7528\u4e8e\u8fde\u63a5\u5230 DNS \u670d\u52a1\u5668\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/dns/server/#client_subnet","title":"client_subnet","text":"<p>\u81ea sing-box 1.9.0 \u8d77</p> <p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u5e26\u6709\u6307\u5b9a IP \u524d\u7f00\u7684 <code>edns0-subnet</code> OPT \u9644\u52a0\u8bb0\u5f55\u9644\u52a0\u5230\u6bcf\u4e2a\u67e5\u8be2\u3002</p> <p>\u5982\u679c\u503c\u662f IP \u5730\u5740\u800c\u4e0d\u662f\u524d\u7f00\uff0c\u5219\u4f1a\u81ea\u52a8\u9644\u52a0 <code>/32</code> \u6216 <code>/128</code>\u3002</p> <p>\u53ef\u4ee5\u88ab <code>rules.[].client_subnet</code> \u8986\u76d6\u3002</p> <p>\u5c06\u8986\u76d6 <code>dns.client_subnet</code>\u3002</p>"},{"location":"zh/configuration/endpoint/","title":"Index","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p>"},{"location":"zh/configuration/endpoint/#_1","title":"\u7aef\u70b9","text":"<p>\u7aef\u70b9\u662f\u5177\u6709\u5165\u7ad9\u548c\u51fa\u7ad9\u884c\u4e3a\u7684\u534f\u8bae\u3002</p>"},{"location":"zh/configuration/endpoint/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"endpoints\": [\n {\n \"type\": \"\",\n \"tag\": \"\"\n }\n ]\n}\n</code></pre>"},{"location":"zh/configuration/endpoint/#_3","title":"\u5b57\u6bb5","text":"\u7c7b\u578b \u683c\u5f0f <code>wireguard</code> WireGuard"},{"location":"zh/configuration/endpoint/#tag","title":"tag","text":"<p>\u7aef\u70b9\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/","title":"WireGuard","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p>"},{"location":"zh/configuration/endpoint/wireguard/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"wireguard\",\n \"tag\": \"wg-ep\",\n\n \"system\": false,\n \"name\": \"\",\n \"mtu\": 1408,\n \"address\": [],\n \"private_key\": \"\",\n \"listen_port\": 10000,\n \"peers\": [\n {\n \"address\": \"127.0.0.1\",\n \"port\": 10001,\n \"public_key\": \"\",\n \"pre_shared_key\": \"\",\n \"allowed_ips\": [],\n \"persistent_keepalive_interval\": 0,\n \"reserved\": [0, 0, 0]\n }\n ],\n \"udp_timeout\": \"\",\n \"workers\": 0,\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p>"},{"location":"zh/configuration/endpoint/wireguard/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/endpoint/wireguard/#system_interface","title":"system_interface","text":"<p>\u4f7f\u7528\u7cfb\u7edf\u8bbe\u5907\u3002</p> <p>\u9700\u8981\u7279\u6743\u4e14\u4e0d\u80fd\u4e0e\u5df2\u6709\u7cfb\u7edf\u63a5\u53e3\u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#name","title":"name","text":"<p>\u4e3a\u7cfb\u7edf\u63a5\u53e3\u81ea\u5b9a\u4e49\u8bbe\u5907\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#mtu","title":"mtu","text":"<p>WireGuard MTU\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 1408\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#address","title":"address","text":"<p>\u5fc5\u586b</p> <p>\u63a5\u53e3\u7684 IPv4/IPv6 \u5730\u5740\u6216\u5730\u5740\u6bb5\u7684\u5217\u8868\u60a8\u3002</p> <p>\u8981\u5206\u914d\u7ed9\u63a5\u53e3\u7684 IP\uff08v4 \u6216 v6\uff09\u5730\u5740\u6bb5\u5217\u8868\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#private_key","title":"private_key","text":"<p>\u5fc5\u586b</p> <p>WireGuard \u9700\u8981 base64 \u7f16\u7801\u7684\u516c\u94a5\u548c\u79c1\u94a5\u3002 \u8fd9\u4e9b\u53ef\u4ee5\u4f7f\u7528 wg(8) \u5b9e\u7528\u7a0b\u5e8f\u751f\u6210\uff1a</p> <pre><code>wg genkey\necho \"private key\" || wg pubkey\n</code></pre> <p>\u6216 <code>sing-box generate wg-keypair</code>.</p>"},{"location":"zh/configuration/endpoint/wireguard/#peers","title":"peers","text":"<p>\u5fc5\u586b</p> <p>WireGuard \u5bf9\u7b49\u65b9\u7684\u5217\u8868\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peersaddress","title":"peers.address","text":"<p>\u5bf9\u7b49\u65b9\u7684 IP \u5730\u5740\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peersport","title":"peers.port","text":"<p>\u5bf9\u7b49\u65b9\u7684 WireGuard \u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peerspublic_key","title":"peers.public_key","text":"<p>\u5fc5\u586b</p> <p>\u5bf9\u7b49\u65b9\u7684 WireGuard \u516c\u94a5\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peerspre_shared_key","title":"peers.pre_shared_key","text":"<p>\u5bf9\u7b49\u65b9\u7684\u9884\u5171\u4eab\u5bc6\u94a5\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peersallowed_ips","title":"peers.allowed_ips","text":"<p>\u5fc5\u586b</p> <p>\u5bf9\u7b49\u65b9\u7684\u5141\u8bb8 IP \u5730\u5740\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peerspersistent_keepalive_interval","title":"peers.persistent_keepalive_interval","text":"<p>\u5bf9\u7b49\u65b9\u7684\u6301\u4e45\u6027\u4fdd\u6301\u6d3b\u52a8\u95f4\u9694\uff0c\u4ee5\u79d2\u4e3a\u5355\u4f4d\u3002</p> <p>\u9ed8\u8ba4\u7981\u7528\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#peersreserved","title":"peers.reserved","text":"<p>\u5bf9\u7b49\u65b9\u7684\u4fdd\u7559\u5b57\u6bb5\u5b57\u8282\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#udp_timeout","title":"udp_timeout","text":"<p>UDP NAT \u8fc7\u671f\u65f6\u95f4\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>5m</code>\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#workers","title":"workers","text":"<p>WireGuard worker \u6570\u91cf\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 CPU \u6570\u91cf\u3002</p>"},{"location":"zh/configuration/endpoint/wireguard/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/experimental/","title":"\u5b9e\u9a8c\u6027","text":"<p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> cache_file clash_api</p>"},{"location":"zh/configuration/experimental/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"experimental\": {\n \"cache_file\": {},\n \"clash_api\": {},\n \"v2ray_api\": {}\n }\n}\n</code></pre>"},{"location":"zh/configuration/experimental/#_3","title":"\u5b57\u6bb5","text":"\u952e \u683c\u5f0f <code>cache_file</code> \u7f13\u5b58\u6587\u4ef6 <code>clash_api</code> Clash API <code>v2ray_api</code> V2Ray API"},{"location":"zh/configuration/experimental/cache-file/","title":"\u7f13\u5b58\u6587\u4ef6","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539</p> <p> store_rdrc rdrc_timeout </p>"},{"location":"zh/configuration/experimental/cache-file/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"enabled\": true,\n \"path\": \"\",\n \"cache_id\": \"\",\n \"store_fakeip\": false,\n \"store_rdrc\": false,\n \"rdrc_timeout\": \"\"\n}\n</code></pre>"},{"location":"zh/configuration/experimental/cache-file/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/experimental/cache-file/#enabled","title":"enabled","text":"<p>\u542f\u7528\u7f13\u5b58\u6587\u4ef6\u3002</p>"},{"location":"zh/configuration/experimental/cache-file/#path","title":"path","text":"<p>\u7f13\u5b58\u6587\u4ef6\u8def\u5f84\uff0c\u9ed8\u8ba4\u4f7f\u7528<code>cache.db</code>\u3002</p>"},{"location":"zh/configuration/experimental/cache-file/#cache_id","title":"cache_id","text":"<p>\u7f13\u5b58\u6587\u4ef6\u4e2d\u7684\u6807\u8bc6\u7b26\u3002</p> <p>\u5982\u679c\u4e0d\u4e3a\u7a7a\uff0c\u914d\u7f6e\u7279\u5b9a\u7684\u6570\u636e\u5c06\u4f7f\u7528\u7531\u5176\u952e\u63a7\u7684\u5355\u72ec\u5b58\u50a8\u3002</p>"},{"location":"zh/configuration/experimental/cache-file/#store_fakeip","title":"store_fakeip","text":"<p>\u5c06 fakeip \u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002</p>"},{"location":"zh/configuration/experimental/cache-file/#store_rdrc","title":"store_rdrc","text":"<p>\u5c06\u62d2\u7edd\u7684 DNS \u54cd\u5e94\u7f13\u5b58\u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002</p> <p>\u5730\u5740\u7b5b\u9009 DNS \u89c4\u5219\u9879 \u7684\u68c0\u67e5\u7ed3\u679c\u5c06\u88ab\u7f13\u5b58\u81f3\u8fc7\u671f\u3002</p>"},{"location":"zh/configuration/experimental/cache-file/#rdrc_timeout","title":"rdrc_timeout","text":"<p>\u62d2\u7edd\u7684 DNS \u54cd\u5e94\u7f13\u5b58\u8d85\u65f6\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>7d</code>\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/","title":"Clash API","text":"<p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> access_control_allow_origin access_control_allow_private_network</p> <p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> store_mode store_selected store_fakeip cache_file cache_id</p>"},{"location":"zh/configuration/experimental/clash-api/#_1","title":"\u7ed3\u6784","text":"\u7ed3\u6784\u793a\u4f8b (\u5728\u7ebf)\u793a\u4f8b (\u4e0b\u8f7d) <pre><code>{\n \"external_controller\": \"127.0.0.1:9090\",\n \"external_ui\": \"\",\n \"external_ui_download_url\": \"\",\n \"external_ui_download_detour\": \"\",\n \"secret\": \"\",\n \"default_mode\": \"\",\n \"access_control_allow_origin\": [],\n \"access_control_allow_private_network\": false,\n\n // Deprecated\n\n \"store_mode\": false,\n \"store_selected\": false,\n \"store_fakeip\": false,\n \"cache_file\": \"\",\n \"cache_id\": \"\"\n}\n</code></pre> <p>\u81ea sing-box 1.10.0 \u8d77</p> <pre><code>{\n \"external_controller\": \"127.0.0.1:9090\",\n \"access_control_allow_origin\": [\n \"http://127.0.0.1\",\n \"http://yacd.haishan.me\"\n ],\n \"access_control_allow_private_network\": true\n}\n</code></pre> <p>\u81ea sing-box 1.10.0 \u8d77</p> <pre><code>{\n \"external_controller\": \"0.0.0.0:9090\",\n \"external_ui\": \"dashboard\"\n // external_ui_download_detour: \"direct\"\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p>"},{"location":"zh/configuration/experimental/clash-api/#external_controller","title":"external_controller","text":"<p>RESTful web API \u76d1\u542c\u5730\u5740\u3002\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u7981\u7528 Clash API\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#external_ui","title":"external_ui","text":"<p>\u5230\u9759\u6001\u7f51\u9875\u8d44\u6e90\u76ee\u5f55\u7684\u76f8\u5bf9\u8def\u5f84\u6216\u7edd\u5bf9\u8def\u5f84\u3002sing-box \u4f1a\u5728 <code>http://{{external-controller}}/ui</code> \u4e0b\u63d0\u4f9b\u5b83\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#external_ui_download_url","title":"external_ui_download_url","text":"<p>\u9759\u6001\u7f51\u9875\u8d44\u6e90\u7684 ZIP \u4e0b\u8f7d URL\uff0c\u5982\u679c\u6307\u5b9a\u7684 <code>external_ui</code> \u76ee\u5f55\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip</code>\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#external_ui_download_detour","title":"external_ui_download_detour","text":"<p>\u7528\u4e8e\u4e0b\u8f7d\u9759\u6001\u7f51\u9875\u8d44\u6e90\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#secret","title":"secret","text":"<p>RESTful API \u7684\u5bc6\u94a5\uff08\u53ef\u9009\uff09 \u901a\u8fc7\u6307\u5b9a HTTP \u6807\u5934 <code>Authorization: Bearer ${secret}</code> \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u5982\u679c RESTful API \u6b63\u5728\u76d1\u542c 0.0.0.0\uff0c\u8bf7\u59cb\u7ec8\u8bbe\u7f6e\u4e00\u4e2a\u5bc6\u94a5\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#default_mode","title":"default_mode","text":"<p>Clash \u4e2d\u7684\u9ed8\u8ba4\u6a21\u5f0f\uff0c\u9ed8\u8ba4\u4f7f\u7528 <code>Rule</code>\u3002</p> <p>\u6b64\u8bbe\u7f6e\u6ca1\u6709\u76f4\u63a5\u5f71\u54cd\uff0c\u4f46\u53ef\u4ee5\u901a\u8fc7 <code>clash_mode</code> \u89c4\u5219\u9879\u5728\u8def\u7531\u548c DNS \u89c4\u5219\u4e2d\u4f7f\u7528\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#access_control_allow_origin","title":"access_control_allow_origin","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u5141\u8bb8\u7684 CORS \u6765\u6e90\uff0c\u9ed8\u8ba4\u4f7f\u7528 <code>*</code>\u3002</p> <p>\u8981\u4ece\u516c\u5171\u7f51\u7ad9\u8bbf\u95ee\u79c1\u6709\u7f51\u7edc\u4e0a\u7684 Clash API\uff0c\u5fc5\u987b\u5728 <code>access_control_allow_origin</code> \u4e2d\u660e\u786e\u6307\u5b9a\u5b83\u800c\u4e0d\u662f\u4f7f\u7528 <code>*</code>\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#access_control_allow_private_network","title":"access_control_allow_private_network","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u5141\u8bb8\u4ece\u79c1\u6709\u7f51\u7edc\u8bbf\u95ee\u3002</p> <p>\u8981\u4ece\u516c\u5171\u7f51\u7ad9\u8bbf\u95ee\u79c1\u6709\u7f51\u7edc\u4e0a\u7684 Clash API\uff0c\u5fc5\u987b\u542f\u7528 <code>access_control_allow_private_network</code>\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#store_mode","title":"store_mode","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p><code>store_mode</code> \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u9ed8\u8ba4\u542f\u7528\u5f53 <code>cache_file.enabled</code>\u3002</p> <p>\u5c06 Clash \u6a21\u5f0f\u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#store_selected","title":"store_selected","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p><code>store_selected</code> \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u9ed8\u8ba4\u542f\u7528\u5f53 <code>cache_file.enabled</code>\u3002</p> <p>\u5fc5\u987b\u4e3a\u76ee\u6807\u51fa\u7ad9\u8bbe\u7f6e\u6807\u7b7e\u3002</p> <p>\u5c06 <code>Selector</code> \u4e2d\u51fa\u7ad9\u7684\u9009\u5b9a\u7684\u76ee\u6807\u51fa\u7ad9\u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#store_fakeip","title":"store_fakeip","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p><code>store_selected</code> \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u5df2\u8fc1\u79fb\u5230 <code>cache_file.store_fakeip</code>\u3002</p> <p>\u5c06 fakeip \u5b58\u50a8\u5728\u7f13\u5b58\u6587\u4ef6\u4e2d\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#cache_file","title":"cache_file","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p><code>cache_file</code> \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u5df2\u8fc1\u79fb\u5230 <code>cache_file.enabled</code> \u548c <code>cache_file.path</code>\u3002</p> <p>\u7f13\u5b58\u6587\u4ef6\u8def\u5f84\uff0c\u9ed8\u8ba4\u4f7f\u7528<code>cache.db</code>\u3002</p>"},{"location":"zh/configuration/experimental/clash-api/#cache_id","title":"cache_id","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p><code>cache_id</code> \u5df2\u5728 Clash API \u4e2d\u5e9f\u5f03\uff0c\u4e14\u5df2\u8fc1\u79fb\u5230 <code>cache_file.cache_id</code>\u3002</p> <p>\u7f13\u5b58 ID\u3002</p> <p>\u5982\u679c\u4e0d\u4e3a\u7a7a\uff0c\u914d\u7f6e\u7279\u5b9a\u7684\u6570\u636e\u5c06\u4f7f\u7528\u7531\u5176\u952e\u63a7\u7684\u5355\u72ec\u5b58\u50a8\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/","title":"V2Ray API","text":"<p>\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u542b V2Ray API\uff0c\u53c2\u9605 \u5b89\u88c5\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"listen\": \"127.0.0.1:8080\",\n \"stats\": {\n \"enabled\": true,\n \"inbounds\": [\n \"socks-in\"\n ],\n \"outbounds\": [\n \"proxy\",\n \"direct\"\n ],\n \"users\": [\n \"sekai\"\n ]\n }\n}\n</code></pre>"},{"location":"zh/configuration/experimental/v2ray-api/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/experimental/v2ray-api/#listen","title":"listen","text":"<p>gRPC API \u76d1\u542c\u5730\u5740\u3002\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u7981\u7528 V2Ray API\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/#stats","title":"stats","text":"<p>\u6d41\u91cf\u7edf\u8ba1\u670d\u52a1\u8bbe\u7f6e\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/#statsenabled","title":"stats.enabled","text":"<p>\u542f\u7528\u7edf\u8ba1\u670d\u52a1\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/#statsinbounds","title":"stats.inbounds","text":"<p>\u7edf\u8ba1\u6d41\u91cf\u7684\u5165\u7ad9\u5217\u8868\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/#statsoutbounds","title":"stats.outbounds","text":"<p>\u7edf\u8ba1\u6d41\u91cf\u7684\u51fa\u7ad9\u5217\u8868\u3002</p>"},{"location":"zh/configuration/experimental/v2ray-api/#statsusers","title":"stats.users","text":"<p>\u7edf\u8ba1\u6d41\u91cf\u7684\u7528\u6237\u5217\u8868\u3002</p>"},{"location":"zh/configuration/inbound/","title":"\u5165\u7ad9","text":""},{"location":"zh/configuration/inbound/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"inbounds\": [\n {\n \"type\": \"\",\n \"tag\": \"\"\n }\n ]\n}\n</code></pre>"},{"location":"zh/configuration/inbound/#_3","title":"\u5b57\u6bb5","text":"\u7c7b\u578b \u683c\u5f0f \u6ce8\u5165\u652f\u6301 <code>direct</code> Direct <code>mixed</code> Mixed TCP <code>socks</code> SOCKS TCP <code>http</code> HTTP TCP <code>shadowsocks</code> Shadowsocks TCP <code>vmess</code> VMess TCP <code>trojan</code> Trojan TCP <code>naive</code> Naive <code>hysteria</code> Hysteria <code>shadowtls</code> ShadowTLS TCP <code>tuic</code> TUIC <code>hysteria2</code> Hysteria2 <code>vless</code> VLESS TCP <code>tun</code> Tun <code>redirect</code> Redirect <code>tproxy</code> TProxy"},{"location":"zh/configuration/inbound/#tag","title":"tag","text":"<p>\u5165\u7ad9\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/inbound/direct/","title":"Direct","text":"<p><code>direct</code> \u5165\u7ad9\u662f\u4e00\u4e2a\u96a7\u9053\u670d\u52a1\u5668\u3002</p>"},{"location":"zh/configuration/inbound/direct/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"direct\",\n \"tag\": \"direct-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"network\": \"udp\",\n \"override_address\": \"1.0.0.1\",\n \"override_port\": 53\n}\n</code></pre>"},{"location":"zh/configuration/inbound/direct/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/direct/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/direct/#network","title":"network","text":"<p>\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0c<code>tcp</code> <code>udp</code> \u4e4b\u4e00\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/inbound/direct/#override_address","title":"override_address","text":"<p>\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u5730\u5740\u3002</p>"},{"location":"zh/configuration/inbound/direct/#override_port","title":"override_port","text":"<p>\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/inbound/http/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"http\",\n \"tag\": \"http-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"username\": \"admin\",\n \"password\": \"admin\"\n }\n ],\n \"tls\": {},\n \"set_system_proxy\": false\n}\n</code></pre>"},{"location":"zh/configuration/inbound/http/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/http/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/http/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/http/#users","title":"users","text":"<p>HTTP \u7528\u6237</p> <p>\u5982\u679c\u4e3a\u7a7a\u5219\u4e0d\u9700\u8981\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/inbound/http/#set_system_proxy","title":"set_system_proxy","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Android\u3001Windows \u548c macOS\u3002</p> <p>\u8981\u5728\u65e0\u7279\u6743\u7684 Android \u548c iOS \u4e0a\u5de5\u4f5c\uff0c\u8bf7\u6539\u7528 tun.platform.http_proxy\u3002</p> <p>\u542f\u52a8\u65f6\u81ea\u52a8\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\uff0c\u505c\u6b62\u65f6\u81ea\u52a8\u6e05\u7406\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"hysteria\",\n \"tag\": \"hysteria-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"up\": \"100 Mbps\",\n \"up_mbps\": 100,\n \"down\": \"100 Mbps\",\n \"down_mbps\": 100,\n \"obfs\": \"fuck me till the daylight\",\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"auth\": \"\",\n \"auth_str\": \"password\"\n }\n ],\n\n \"recv_window_conn\": 0,\n \"recv_window_client\": 0,\n \"max_conn_client\": 0,\n \"disable_mtu_discovery\": false,\n \"tls\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/hysteria/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/hysteria/#up-down","title":"up, down","text":"<p>\u5fc5\u586b</p> <p>\u683c\u5f0f: <code>[Integer] [Unit]</code> \u4f8b\u5982\uff1a <code>100 Mbps, 640 KBps, 2 Gbps</code></p> <p>\u652f\u6301\u7684\u5355\u4f4d (\u5927\u5c0f\u5199\u654f\u611f, b = bits, B = bytes, 8b=1B)\uff1a</p> <pre><code>bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n</code></pre>"},{"location":"zh/configuration/inbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>\u5fc5\u586b</p> <p>\u4ee5 Mbps \u4e3a\u5355\u4f4d\u7684 <code>up, down</code>\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#obfs","title":"obfs","text":"<p>\u6df7\u6dc6\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#users","title":"users","text":"<p>Hysteria \u7528\u6237</p>"},{"location":"zh/configuration/inbound/hysteria/#usersauth","title":"users.auth","text":"<p>base64 \u7f16\u7801\u7684\u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#usersauth_str","title":"users.auth_str","text":"<p>\u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"<p>\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u6d41\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002</p> <p>\u9ed8\u8ba4 <code>15728640 (15 MB/s)</code>\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#recv_window_client","title":"recv_window_client","text":"<p>\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u8fde\u63a5\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002</p> <p>\u9ed8\u8ba4 <code>67108864 (64 MB/s)</code>\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#max_conn_client","title":"max_conn_client","text":"<p>\u5141\u8bb8\u5bf9\u7b49\u70b9\u6253\u5f00\u7684 QUIC \u5e76\u53d1\u53cc\u5411\u6d41\u7684\u6700\u5927\u6570\u91cf\u3002</p> <p>\u9ed8\u8ba4 <code>1024</code>\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"<p>\u7981\u7528\u8def\u5f84 MTU \u53d1\u73b0 (RFC 8899)\u3002 \u6570\u636e\u5305\u7684\u5927\u5c0f\u6700\u591a\u4e3a 1252 (IPv4) / 1232 (IPv6) \u5b57\u8282\u3002</p> <p>\u5f3a\u5236\u4e3a Linux \u548c Windows \u4ee5\u5916\u7684\u7cfb\u7edf\u542f\u7528\uff08\u6839\u636e\u4e0a\u6e38\uff09\u3002</p>"},{"location":"zh/configuration/inbound/hysteria/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"hysteria2\",\n \"tag\": \"hy2-in\",\n ...\n // \u76d1\u542c\u5b57\u6bb5\n\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"obfs\": {\n \"type\": \"salamander\",\n \"password\": \"cry_me_a_r1ver\"\n },\n \"users\": [\n {\n \"name\": \"tobyxdd\",\n \"password\": \"goofy_ahh_password\"\n }\n ],\n \"ignore_client_bandwidth\": false,\n \"tls\": {},\n \"masquerade\": \"\",\n \"brutal_debug\": false\n}\n</code></pre> <p>\u4e0e\u5b98\u65b9 Hysteria2 \u7684\u533a\u522b</p> <p>\u5b98\u65b9\u7a0b\u5e8f\u652f\u6301\u4e00\u79cd\u540d\u4e3a userpass \u7684\u9a8c\u8bc1\u65b9\u5f0f\uff0c \u672c\u8d28\u4e0a\u4e0a\u662f\u5c06\u7528\u6237\u540d\u4e0e\u5bc6\u7801\u7684\u7ec4\u5408 <code>&lt;username&gt;:&lt;password&gt;</code> \u4f5c\u4e3a\u5b9e\u9645\u4e0a\u7684\u5bc6\u7801\uff0c\u800c sing-box \u4e0d\u63d0\u4f9b\u6b64\u522b\u540d\u3002 \u8981\u5c06 sing-box \u4e0e\u5b98\u65b9\u7a0b\u5e8f\u4e00\u8d77\u4f7f\u7528\uff0c \u60a8\u9700\u8981\u586b\u5199\u8be5\u7ec4\u5408\u4f5c\u4e3a\u5b9e\u9645\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>\u652f\u6301\u7684\u901f\u7387\uff0c\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002</p> <p>\u4e0e <code>ignore_client_bandwidth</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#obfstype","title":"obfs.type","text":"<p>QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u7c7b\u578b\uff0c\u4ec5\u53ef\u8bbe\u4e3a <code>salamander</code>\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\u5219\u7981\u7528\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#obfspassword","title":"obfs.password","text":"<p>QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u5bc6\u7801.</p>"},{"location":"zh/configuration/inbound/hysteria2/#users","title":"users","text":"<p>Hysteria \u7528\u6237</p>"},{"location":"zh/configuration/inbound/hysteria2/#userspassword","title":"users.password","text":"<p>\u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#ignore_client_bandwidth","title":"ignore_client_bandwidth","text":"<p>\u547d\u4ee4\u5ba2\u6237\u7aef\u4f7f\u7528 BBR \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u800c\u4e0d\u662f Hysteria CC\u3002</p> <p>\u4e0e <code>up_mbps</code> \u548c <code>down_mbps</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#masquerade","title":"masquerade","text":"<p>HTTP3 \u670d\u52a1\u5668\u8ba4\u8bc1\u5931\u8d25\u65f6\u7684\u884c\u4e3a\u3002</p> Scheme \u793a\u4f8b \u63cf\u8ff0 <code>file</code> <code>file:///var/www</code> \u4f5c\u4e3a\u6587\u4ef6\u670d\u52a1\u5668 <code>http/https</code> <code>http://127.0.0.1:8080</code> \u4f5c\u4e3a\u53cd\u5411\u4ee3\u7406 <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u8fd4\u56de 404 \u9875\u3002</p>"},{"location":"zh/configuration/inbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"<p>\u542f\u7528 Hysteria Brutal CC \u7684\u8c03\u8bd5\u4fe1\u606f\u65e5\u5fd7\u8bb0\u5f55\u3002</p>"},{"location":"zh/configuration/inbound/mixed/","title":"Mixed","text":"<p><code>mixed</code> \u5165\u7ad9\u662f\u4e00\u4e2a socks4, socks4a, socks5 \u548c http \u670d\u52a1\u5668.</p>"},{"location":"zh/configuration/inbound/mixed/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"mixed\",\n \"tag\": \"mixed-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"username\": \"admin\",\n \"password\": \"admin\"\n }\n ],\n \"set_system_proxy\": false\n}\n</code></pre>"},{"location":"zh/configuration/inbound/mixed/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/mixed/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/mixed/#users","title":"users","text":"<p>SOCKS \u548c HTTP \u7528\u6237</p> <p>\u5982\u679c\u4e3a\u7a7a\u5219\u4e0d\u9700\u8981\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/inbound/mixed/#set_system_proxy","title":"set_system_proxy","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Android\u3001Windows \u548c macOS\u3002</p> <p>\u8981\u5728\u65e0\u7279\u6743\u7684 Android \u548c iOS \u4e0a\u5de5\u4f5c\uff0c\u8bf7\u6539\u7528 tun.platform.http_proxy\u3002</p> <p>\u542f\u52a8\u65f6\u81ea\u52a8\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\uff0c\u505c\u6b62\u65f6\u81ea\u52a8\u6e05\u7406\u3002</p>"},{"location":"zh/configuration/inbound/naive/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"naive\",\n \"tag\": \"naive-in\",\n \"network\": \"udp\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"username\": \"sekai\",\n \"password\": \"password\"\n }\n ],\n \"tls\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/naive/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/naive/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/naive/#network","title":"network","text":"<p>\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0c<code>tcp</code> <code>udp</code> \u4e4b\u4e00\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/inbound/naive/#users","title":"users","text":"<p>\u5fc5\u586b</p> <p>Naive \u7528\u6237\u3002</p>"},{"location":"zh/configuration/inbound/naive/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/redirect/","title":"Redirect","text":"<p>\u4ec5\u652f\u6301 Linux \u548c macOS\u3002</p>"},{"location":"zh/configuration/inbound/redirect/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"redirect\",\n \"tag\": \"redirect-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/inbound/redirect/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/shadowsocks/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"shadowsocks\",\n \"tag\": \"ss-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"multiplex\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/shadowsocks/#_2","title":"\u591a\u7528\u6237\u7ed3\u6784","text":"<pre><code>{\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n }\n ],\n \"multiplex\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/shadowsocks/#_3","title":"\u4e2d\u8f6c\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"shadowsocks\",\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"destinations\": [\n {\n \"name\": \"test\",\n \"server\": \"example.com\",\n \"server_port\": 8080,\n \"password\": \"PCD2Z4o12bKUoFa3cC97Hw==\"\n }\n ],\n \"multiplex\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/shadowsocks/#_4","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/shadowsocks/#network","title":"network","text":"<p>\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0c<code>tcp</code> <code>udp</code> \u4e4b\u4e00\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/inbound/shadowsocks/#method","title":"method","text":"<p>\u5fc5\u586b</p> \u65b9\u6cd5 \u5bc6\u94a5\u957f\u5ea6 2022-blake3-aes-128-gcm 16 2022-blake3-aes-256-gcm 32 2022-blake3-chacha20-poly1305 32 none / aes-128-gcm / aes-192-gcm / aes-256-gcm / chacha20-ietf-poly1305 / xchacha20-ietf-poly1305 /"},{"location":"zh/configuration/inbound/shadowsocks/#password","title":"password","text":"<p>\u5fc5\u586b</p> \u65b9\u6cd5 \u5bc6\u7801\u683c\u5f0f none / 2022 methods <code>sing-box generate rand --base64 &lt;\u5bc6\u94a5\u957f\u5ea6&gt;</code> other methods \u4efb\u610f\u5b57\u7b26\u4e32"},{"location":"zh/configuration/inbound/shadowsocks/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/inbound/shadowtls/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"shadowtls\",\n \"tag\": \"st-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"version\": 3,\n \"password\": \"fuck me till the daylight\",\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n }\n ],\n \"handshake\": {\n \"server\": \"google.com\",\n \"server_port\": 443,\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n },\n \"handshake_for_server_name\": {\n \"example.com\": {\n \"server\": \"example.com\",\n \"server_port\": 443,\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n }\n },\n \"strict_mode\": false\n}\n</code></pre>"},{"location":"zh/configuration/inbound/shadowtls/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/shadowtls/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/shadowtls/#version","title":"version","text":"<p>ShadowTLS \u534f\u8bae\u7248\u672c\u3002</p> \u503c \u534f\u8bae\u7248\u672c <code>1</code> (default) ShadowTLS v1 <code>2</code> ShadowTLS v2 <code>3</code> ShadowTLS v3"},{"location":"zh/configuration/inbound/shadowtls/#password","title":"password","text":"<p>ShadowTLS \u5bc6\u7801\u3002</p> <p>\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 2 \u4e2d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/inbound/shadowtls/#users","title":"users","text":"<p>ShadowTLS \u7528\u6237\u3002</p> <p>\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 3 \u4e2d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/inbound/shadowtls/#handshake","title":"handshake","text":"<p>\u5fc5\u586b</p> <p>\u63e1\u624b\u670d\u52a1\u5668\u5730\u5740\u548c \u62e8\u53f7\u53c2\u6570\u3002</p>"},{"location":"zh/configuration/inbound/shadowtls/#handshake_for_server_name","title":"handshake_for_server_name","text":"<p>\u5fc5\u586b</p> <p>\u5bf9\u4e8e\u7279\u5b9a\u670d\u52a1\u5668\u540d\u79f0\u7684\u63e1\u624b\u670d\u52a1\u5668\u5730\u5740\u548c \u62e8\u53f7\u53c2\u6570\u3002</p> <p>\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 2/3 \u4e2d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/inbound/shadowtls/#strict_mode","title":"strict_mode","text":"<p>ShadowTLS \u4e25\u683c\u6a21\u5f0f\u3002</p> <p>\u4ec5\u5728 ShadowTLS \u534f\u8bae\u7248\u672c 3 \u4e2d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/inbound/socks/","title":"SOCKS","text":"<p><code>socks</code> \u5165\u7ad9\u662f\u4e00\u4e2a socks4, socks4a \u548c socks5 \u670d\u52a1\u5668.</p>"},{"location":"zh/configuration/inbound/socks/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"socks\",\n \"tag\": \"socks-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"username\": \"admin\",\n \"password\": \"admin\"\n }\n ]\n}\n</code></pre>"},{"location":"zh/configuration/inbound/socks/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/socks/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/socks/#users","title":"users","text":"<p>SOCKS \u7528\u6237</p> <p>\u5982\u679c\u4e3a\u7a7a\u5219\u4e0d\u9700\u8981\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/inbound/tproxy/","title":"TProxy","text":"<p>\u4ec5\u652f\u6301 Linux\u3002</p>"},{"location":"zh/configuration/inbound/tproxy/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"tproxy\",\n \"tag\": \"tproxy-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"network\": \"udp\"\n}\n</code></pre>"},{"location":"zh/configuration/inbound/tproxy/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/tproxy/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/tproxy/#network","title":"network","text":"<p>\u76d1\u542c\u7684\u7f51\u7edc\u534f\u8bae\uff0c<code>tcp</code> <code>udp</code> \u4e4b\u4e00\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"trojan\",\n \"tag\": \"trojan-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\"\n }\n ],\n \"tls\": {},\n \"fallback\": {\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080\n },\n \"fallback_for_alpn\": {\n \"http/1.1\": {\n \"server\": \"127.0.0.1\",\n \"server_port\": 8081\n }\n },\n \"multiplex\": {},\n \"transport\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/trojan/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/trojan/#users","title":"users","text":"<p>\u5fc5\u586b</p> <p>Trojan \u7528\u6237\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#tls","title":"tls","text":"<p>\u5982\u679c\u542f\u7528 HTTP3 \u5219\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#fallback","title":"fallback","text":"<p>\u6ca1\u6709\u8bc1\u636e\u8868\u660e GFW \u57fa\u4e8e HTTP \u54cd\u5e94\u68c0\u6d4b\u5e76\u963b\u6b62 Trojan \u670d\u52a1\u5668\uff0c\u5e76\u4e14\u5728\u670d\u52a1\u5668\u4e0a\u6253\u5f00\u6807\u51c6 http/s \u7aef\u53e3\u662f\u4e00\u4e2a\u66f4\u5927\u7684\u7279\u5f81\u3002</p> <p>\u56de\u9000\u670d\u52a1\u5668\u914d\u7f6e\u3002\u5982\u679c <code>fallback</code> \u548c <code>fallback_for_alpn</code> \u4e3a\u7a7a\uff0c\u5219\u7981\u7528\u56de\u9000\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#fallback_for_alpn","title":"fallback_for_alpn","text":"<p>\u4e3a ALPN \u6307\u5b9a\u56de\u9000\u670d\u52a1\u5668\u914d\u7f6e\u3002</p> <p>\u5982\u679c\u4e0d\u4e3a\u7a7a\uff0cALPN \u4e0d\u5728\u6b64\u5217\u8868\u4e2d\u7684 TLS \u56de\u9000\u8bf7\u6c42\u5c06\u88ab\u62d2\u7edd\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/inbound/trojan/#transport","title":"transport","text":"<p>V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002</p>"},{"location":"zh/configuration/inbound/tuic/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"tuic\",\n \"tag\": \"tuic-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"uuid\": \"059032A9-7D40-4A96-9BB1-36823D848068\",\n \"password\": \"hello\"\n }\n ],\n \"congestion_control\": \"cubic\",\n \"auth_timeout\": \"3s\",\n \"zero_rtt_handshake\": false,\n \"heartbeat\": \"10s\",\n \"tls\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/tuic/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/tuic/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/tuic/#users","title":"users","text":"<p>TUIC \u7528\u6237</p>"},{"location":"zh/configuration/inbound/tuic/#usersuuid","title":"users.uuid","text":"<p>\u5fc5\u586b</p> <p>TUIC \u7528\u6237 UUID</p>"},{"location":"zh/configuration/inbound/tuic/#userspassword","title":"users.password","text":"<p>TUIC \u7528\u6237\u5bc6\u7801</p>"},{"location":"zh/configuration/inbound/tuic/#congestion_control","title":"congestion_control","text":"<p>QUIC \u62e5\u585e\u63a7\u5236\u7b97\u6cd5</p> <p>\u53ef\u9009\u503c: <code>cubic</code>, <code>new_reno</code>, <code>bbr</code></p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>cubic</code>\u3002</p>"},{"location":"zh/configuration/inbound/tuic/#auth_timeout","title":"auth_timeout","text":"<p>\u670d\u52a1\u5668\u7b49\u5f85\u5ba2\u6237\u7aef\u53d1\u9001\u8ba4\u8bc1\u547d\u4ee4\u7684\u65f6\u95f4</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>3s</code>\u3002</p>"},{"location":"zh/configuration/inbound/tuic/#zero_rtt_handshake","title":"zero_rtt_handshake","text":"<p>\u5728\u5ba2\u6237\u7aef\u542f\u7528 0-RTT QUIC \u8fde\u63a5\u63e1\u624b \u8fd9\u5bf9\u6027\u80fd\u5f71\u54cd\u4e0d\u5927\uff0c\u56e0\u4e3a\u534f\u8bae\u662f\u5b8c\u5168\u590d\u7528\u7684</p> <p>\u5f3a\u70c8\u5efa\u8bae\u7981\u7528\u6b64\u529f\u80fd\uff0c\u56e0\u4e3a\u5b83\u5bb9\u6613\u53d7\u5230\u91cd\u653e\u653b\u51fb\u3002 \u8bf7\u53c2\u9605 Attack of the clones</p>"},{"location":"zh/configuration/inbound/tuic/#heartbeat","title":"heartbeat","text":"<p>\u53d1\u9001\u5fc3\u8df3\u5305\u4ee5\u4fdd\u6301\u8fde\u63a5\u5b58\u6d3b\u7684\u65f6\u95f4\u95f4\u9694</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>10s</code>\u3002</p>"},{"location":"zh/configuration/inbound/tuic/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/tun/","title":"Tun","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> gso</p> <p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> address inet4_address inet6_address route_address inet4_route_address inet6_route_address route_exclude_address inet4_route_exclude_address inet6_route_exclude_address iproute2_table_index iproute2_rule_index auto_redirect auto_redirect_input_mark auto_redirect_output_mark route_address_set route_exclude_address_set</p> <p>sing-box 1.9.0 \u4e2d\u7684\u66f4\u6539</p> <p> platform.http_proxy.bypass_domain platform.http_proxy.match_domain </p> <p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> gso stack</p> <p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002</p>"},{"location":"zh/configuration/inbound/tun/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"tun\",\n \"tag\": \"tun-in\",\n \"interface_name\": \"tun0\",\n \"address\": [\n \"172.18.0.1/30\",\n \"fdfe:dcba:9876::1/126\"\n ],\n \"mtu\": 9000,\n \"auto_route\": true,\n \"iproute2_table_index\": 2022,\n \"iproute2_rule_index\": 9000,\n \"auto_redirect\": false,\n \"auto_redirect_input_mark\": \"0x2023\",\n \"auto_redirect_output_mark\": \"0x2024\",\n \"strict_route\": true,\n \"route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\",\n \"::/1\",\n \"8000::/1\"\n ],\n\n \"route_exclude_address\": [\n \"192.168.0.0/16\",\n \"fc00::/7\"\n ],\n \"route_address_set\": [\n \"geoip-cloudflare\"\n ],\n \"route_exclude_address_set\": [\n \"geoip-cn\"\n ],\n \"endpoint_independent_nat\": false,\n \"udp_timeout\": \"5m\",\n \"stack\": \"system\",\n \"include_interface\": [\n \"lan0\"\n ],\n \"exclude_interface\": [\n \"lan1\"\n ],\n \"include_uid\": [\n 0\n ],\n \"include_uid_range\": [\n \"1000-99999\"\n ],\n \"exclude_uid\": [\n 1000\n ],\n \"exclude_uid_range\": [\n \"1000-99999\"\n ],\n \"include_android_user\": [\n 0,\n 10\n ],\n \"include_package\": [\n \"com.android.chrome\"\n ],\n \"exclude_package\": [\n \"com.android.captiveportallogin\"\n ],\n \"platform\": {\n \"http_proxy\": {\n \"enabled\": false,\n \"server\": \"127.0.0.1\",\n \"server_port\": 8080,\n \"bypass_domain\": [],\n \"match_domain\": []\n }\n },\n\n // \u5df2\u5f03\u7528\n \"gso\": false,\n \"inet4_address\": [\n \"172.19.0.1/30\"\n ],\n \"inet6_address\": [\n \"fdfe:dcba:9876::1/126\"\n ],\n \"inet4_route_address\": [\n \"0.0.0.0/1\",\n \"128.0.0.0/1\"\n ],\n \"inet6_route_address\": [\n \"::/1\",\n \"8000::/1\"\n ],\n \"inet4_route_exclude_address\": [\n \"192.168.0.0/16\"\n ],\n \"inet6_route_exclude_address\": [\n \"fc00::/7\"\n ],\n\n ... // \u76d1\u542c\u5b57\u6bb5\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002</p> <p>\u5982\u679c tun \u5728\u975e\u7279\u6743\u6a21\u5f0f\u4e0b\u8fd0\u884c\uff0c\u5730\u5740\u548c MTU \u5c06\u4e0d\u4f1a\u81ea\u52a8\u914d\u7f6e\uff0c\u8bf7\u786e\u4fdd\u8bbe\u7f6e\u6b63\u786e\u3002</p>"},{"location":"zh/configuration/inbound/tun/#tun","title":"Tun \u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/tun/#interface_name","title":"interface_name","text":"<p>\u865a\u62df\u8bbe\u5907\u540d\u79f0\uff0c\u9ed8\u8ba4\u81ea\u52a8\u9009\u62e9\u3002</p>"},{"location":"zh/configuration/inbound/tun/#address","title":"address","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u5fc5\u586b</p> <p>tun \u63a5\u53e3\u7684 IPv4 \u548c IPv6 \u524d\u7f00\u3002</p>"},{"location":"zh/configuration/inbound/tun/#inet4_address","title":"inet4_address","text":"<p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>inet4_address</code> \u5df2\u5408\u5e76\u5230 <code>address</code> \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u5fc5\u586b</p> <p>tun \u63a5\u53e3\u7684 IPv4 \u524d\u7f00\u3002</p>"},{"location":"zh/configuration/inbound/tun/#inet6_address","title":"inet6_address","text":"<p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>inet6_address</code> \u5df2\u5408\u5e76\u5230 <code>address</code> \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>tun \u63a5\u53e3\u7684 IPv6 \u524d\u7f00\u3002</p>"},{"location":"zh/configuration/inbound/tun/#mtu","title":"mtu","text":"<p>\u6700\u5927\u4f20\u8f93\u5355\u5143\u3002</p>"},{"location":"zh/configuration/inbound/tun/#gso","title":"gso","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>GSO \u5bf9\u4e8e\u900f\u660e\u4ee3\u7406\u573a\u666f\u6ca1\u6709\u4f18\u52bf\uff0c\u5df2\u5e9f\u5f03\u548c\u4e0d\u518d\u751f\u6548\uff0c\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\u3002</p> <p>\u542f\u7528\u901a\u7528\u5206\u6bb5\u5378\u8f7d\u3002</p>"},{"location":"zh/configuration/inbound/tun/#auto_route","title":"auto_route","text":"<p>\u8bbe\u7f6e\u5230 Tun \u7684\u9ed8\u8ba4\u8def\u7531\u3002</p> <p>\u4e3a\u907f\u514d\u6d41\u91cf\u73af\u56de\uff0c\u8bf7\u8bbe\u7f6e <code>route.auto_detect_interface</code> \u6216 <code>route.default_interface</code> \u6216 <code>outbound.bind_interface</code>\u3002</p> <p>\u4e0e Android VPN \u4e00\u8d77\u4f7f\u7528</p> <p>VPN \u9ed8\u8ba4\u4f18\u5148\u4e8e tun\u3002\u8981\u4f7f tun \u7ecf\u8fc7 VPN\uff0c\u542f\u7528 <code>route.override_android_vpn</code>\u3002</p>"},{"location":"zh/configuration/inbound/tun/#iproute2_table_index","title":"iproute2_table_index","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p><code>auto_route</code> \u751f\u6210\u7684 iproute2 \u8def\u7531\u8868\u7d22\u5f15\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>2022</code>\u3002</p>"},{"location":"zh/configuration/inbound/tun/#iproute2_rule_index","title":"iproute2_rule_index","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p><code>auto_route</code> \u751f\u6210\u7684 iproute2 \u89c4\u5219\u8d77\u59cb\u7d22\u5f15\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>9000</code>\u3002</p>"},{"location":"zh/configuration/inbound/tun/#auto_redirect","title":"auto_redirect","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\uff0c\u4e14\u9700\u8981 <code>auto_route</code> \u5df2\u542f\u7528\u3002 </p> <p>\u81ea\u52a8\u914d\u7f6e iptables/nftables \u4ee5\u91cd\u5b9a\u5411\u8fde\u63a5\u3002</p> <p>\u5728 Android \u4e2d\uff1a</p> <p>\u4ec5\u8f6c\u53d1\u672c\u5730 IPv4 \u8fde\u63a5\u3002 \u8981\u901a\u8fc7\u70ed\u70b9\u6216\u4e2d\u7ee7\u5171\u4eab\u60a8\u7684 VPN \u8fde\u63a5\uff0c\u8bf7\u4f7f\u7528 VPNHotspot\u3002</p> <p>\u5728 Linux \u4e2d:</p> <p>\u5e26\u6709 <code>auto_redirect</code>\u7684 <code>auto_route</code> \u53ef\u4ee5\u5728\u8def\u7531\u5668\u4e0a\u6309\u9884\u671f\u5de5\u4f5c\uff0c\u65e0\u9700\u5e72\u9884\u3002</p>"},{"location":"zh/configuration/inbound/tun/#auto_redirect_input_mark","title":"auto_redirect_input_mark","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p><code>route_address_set</code> \u548c <code>route_exclude_address_set</code> \u4f7f\u7528\u7684\u8fde\u63a5\u8f93\u5165\u6807\u8bb0\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>0x2023</code>\u3002</p>"},{"location":"zh/configuration/inbound/tun/#auto_redirect_output_mark","title":"auto_redirect_output_mark","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p><code>route_address_set</code> \u548c <code>route_exclude_address_set</code> \u4f7f\u7528\u7684\u8fde\u63a5\u8f93\u51fa\u6807\u8bb0\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>0x2024</code>\u3002</p>"},{"location":"zh/configuration/inbound/tun/#strict_route","title":"strict_route","text":"<p>\u542f\u7528 <code>auto_route</code> \u65f6\u6267\u884c\u4e25\u683c\u7684\u8def\u7531\u89c4\u5219\u3002</p> <p>\u5728 Linux \u4e2d:</p> <ul> <li>\u8ba9\u4e0d\u652f\u6301\u7684\u7f51\u7edc\u65e0\u6cd5\u5230\u8fbe</li> <li>\u4f7f ICMP \u6d41\u91cf\u8def\u7531\u5230 tun \u800c\u4e0d\u662f\u4e0a\u6e38\u63a5\u53e3</li> <li>\u5c06\u6240\u6709\u8fde\u63a5\u8def\u7531\u5230 tun</li> </ul> <p>\u5b83\u53ef\u4ee5\u9632\u6b62 IP \u5730\u5740\u6cc4\u6f0f\uff0c\u5e76\u4f7f DNS \u52ab\u6301\u5728 Android \u4e0a\u5de5\u4f5c\u3002</p> <p>\u5728 Windows \u4e2d:</p> <ul> <li>\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u4ee5\u963b\u6b62 Windows \u7684 \u666e\u901a\u591a\u5bbf\u4e3b DNS \u89e3\u6790\u884c\u4e3a \u9020\u6210\u7684 DNS \u6cc4\u9732</li> </ul> <p>\u5b83\u53ef\u80fd\u4f1a\u4f7f\u67d0\u4e9b\u5e94\u7528\u7a0b\u5e8f\uff08\u5982 VirtualBox\uff09\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\u3002</p>"},{"location":"zh/configuration/inbound/tun/#route_address","title":"route_address","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u8bbe\u7f6e\u5230 Tun \u7684\u81ea\u5b9a\u4e49\u8def\u7531\u3002</p>"},{"location":"zh/configuration/inbound/tun/#inet4_route_address","title":"inet4_route_address","text":"<p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>inet4_route_address</code> \u5df2\u5408\u5e76\u5230 <code>route_address</code> \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u542f\u7528 <code>auto_route</code> \u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u8def\u7531\u800c\u4e0d\u662f\u9ed8\u8ba4\u8def\u7531\u3002</p>"},{"location":"zh/configuration/inbound/tun/#inet6_route_address","title":"inet6_route_address","text":"<p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>inet6_route_address</code> \u5df2\u5408\u5e76\u5230 <code>route_address</code> \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u542f\u7528 <code>auto_route</code> \u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u8def\u7531\u800c\u4e0d\u662f\u9ed8\u8ba4\u8def\u7531\u3002</p>"},{"location":"zh/configuration/inbound/tun/#route_exclude_address","title":"route_exclude_address","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u8bbe\u7f6e\u5230 Tun \u7684\u6392\u9664\u81ea\u5b9a\u4e49\u8def\u7531\u3002</p>"},{"location":"zh/configuration/inbound/tun/#inet4_route_exclude_address","title":"inet4_route_exclude_address","text":"<p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>inet4_route_exclude_address</code> \u5df2\u5408\u5e76\u5230 <code>route_exclude_address</code> \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u542f\u7528 <code>auto_route</code> \u65f6\u6392\u9664\u81ea\u5b9a\u4e49\u8def\u7531\u3002</p>"},{"location":"zh/configuration/inbound/tun/#inet6_route_exclude_address","title":"inet6_route_exclude_address","text":"<p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>inet6_route_exclude_address</code> \u5df2\u5408\u5e76\u5230 <code>route_exclude_address</code> \u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u542f\u7528 <code>auto_route</code> \u65f6\u6392\u9664\u81ea\u5b9a\u4e49\u8def\u7531\u3002</p>"},{"location":"zh/configuration/inbound/tun/#route_address_set","title":"route_address_set","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\uff0c\u4e14\u9700\u8981 nftables\uff0c<code>auto_route</code> \u548c <code>auto_redirect</code> \u5df2\u542f\u7528\u3002 </p> <p>\u5c06\u6307\u5b9a\u89c4\u5219\u96c6\u4e2d\u7684\u76ee\u6807 IP CIDR \u89c4\u5219\u6dfb\u52a0\u5230\u9632\u706b\u5899\u3002 \u4e0d\u5339\u914d\u7684\u6d41\u91cf\u5c06\u7ed5\u8fc7 sing-box \u8def\u7531\u3002</p> <p>\u4e0e <code>route.default_mark</code> \u548c <code>[dialOptions].routing_mark</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/inbound/tun/#route_exclude_address_set","title":"route_exclude_address_set","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\uff0c\u4e14\u9700\u8981 nftables\uff0c<code>auto_route</code> \u548c <code>auto_redirect</code> \u5df2\u542f\u7528\u3002</p> <p>\u5c06\u6307\u5b9a\u89c4\u5219\u96c6\u4e2d\u7684\u76ee\u6807 IP CIDR \u89c4\u5219\u6dfb\u52a0\u5230\u9632\u706b\u5899\u3002 \u5339\u914d\u7684\u6d41\u91cf\u5c06\u7ed5\u8fc7 sing-box \u8def\u7531\u3002</p> <p>\u4e0e <code>route.default_mark</code> \u548c <code>[dialOptions].routing_mark</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/inbound/tun/#endpoint_independent_nat","title":"endpoint_independent_nat","text":"<p>\u542f\u7528\u72ec\u7acb\u4e8e\u7aef\u70b9\u7684 NAT\u3002</p> <p>\u6027\u80fd\u53ef\u80fd\u4f1a\u7565\u6709\u4e0b\u964d\uff0c\u6240\u4ee5\u4e0d\u5efa\u8bae\u5728\u4e0d\u9700\u8981\u7684\u65f6\u5019\u5f00\u542f\u3002</p>"},{"location":"zh/configuration/inbound/tun/#udp_timeout","title":"udp_timeout","text":"<p>UDP NAT \u8fc7\u671f\u65f6\u95f4\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>5m</code>\u3002</p>"},{"location":"zh/configuration/inbound/tun/#stack","title":"stack","text":"<p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> \u65e7\u7684 LWIP \u6808\u5df2\u88ab\u5f03\u7528\u5e76\u79fb\u9664\u3002</p> <p>TCP/IP \u6808\u3002</p> \u6808 \u63cf\u8ff0 system \u57fa\u4e8e\u7cfb\u7edf\u7f51\u7edc\u6808\u6267\u884c L3 \u5230 L4 \u8f6c\u6362 gVisor \u57fa\u4e8e gVisor \u865a\u62df\u7f51\u7edc\u6808\u6267\u884c L3 \u5230 L4 \u8f6c\u6362 mixed \u6df7\u5408 <code>system</code> TCP \u6808\u4e0e <code>gvisor</code> UDP \u6808 <p>\u9ed8\u8ba4\u4f7f\u7528 <code>mixed</code> \u6808\u5982\u679c gVisor \u6784\u5efa\u6807\u8bb0\u5df2\u542f\u7528\uff0c\u5426\u5219\u9ed8\u8ba4\u4f7f\u7528 <code>system</code> \u6808\u3002</p>"},{"location":"zh/configuration/inbound/tun/#include_interface","title":"include_interface","text":"<p>\u63a5\u53e3\u89c4\u5219\u4ec5\u5728 Linux \u4e0b\u88ab\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 <code>auto_route</code>\u3002</p> <p>\u9650\u5236\u88ab\u8def\u7531\u7684\u63a5\u53e3\u3002\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002</p> <p>\u4e0e <code>exclude_interface</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/inbound/tun/#exclude_interface","title":"exclude_interface","text":"<p>\u5f53 <code>strict_route</code> \u542f\u7528\uff0c\u5230\u88ab\u6392\u9664\u63a5\u53e3\u7684\u56de\u7a0b\u6d41\u91cf\u5c06\u4e0d\u4f1a\u88ab\u81ea\u52a8\u6392\u9664\uff0c\u56e0\u6b64\u4e5f\u8981\u6dfb\u52a0\u5b83\u4eec\uff08\u4f8b\uff1a<code>br-lan</code> \u4e0e <code>pppoe-wan</code>\uff09\u3002</p> <p>\u6392\u9664\u8def\u7531\u7684\u63a5\u53e3\u3002</p> <p>\u4e0e <code>include_interface</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/inbound/tun/#include_uid","title":"include_uid","text":"<p>UID \u89c4\u5219\u4ec5\u5728 Linux \u4e0b\u88ab\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 <code>auto_route</code>\u3002</p> <p>\u9650\u5236\u88ab\u8def\u7531\u7684\u7528\u6237\u3002\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002</p>"},{"location":"zh/configuration/inbound/tun/#include_uid_range","title":"include_uid_range","text":"<p>\u9650\u5236\u88ab\u8def\u7531\u7684\u7528\u6237\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/inbound/tun/#exclude_uid","title":"exclude_uid","text":"<p>\u6392\u9664\u8def\u7531\u7684\u7528\u6237\u3002</p>"},{"location":"zh/configuration/inbound/tun/#exclude_uid_range","title":"exclude_uid_range","text":"<p>\u6392\u9664\u8def\u7531\u7684\u7528\u6237\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/inbound/tun/#include_android_user","title":"include_android_user","text":"<p>Android \u7528\u6237\u548c\u5e94\u7528\u89c4\u5219\u4ec5\u5728 Android \u4e0b\u88ab\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 <code>auto_route</code>\u3002</p> <p>\u9650\u5236\u88ab\u8def\u7531\u7684 Android \u7528\u6237\u3002</p> \u5e38\u7528\u7528\u6237 ID \u60a8 0 \u5de5\u4f5c\u8d44\u6599 10"},{"location":"zh/configuration/inbound/tun/#include_package","title":"include_package","text":"<p>\u9650\u5236\u88ab\u8def\u7531\u7684 Android \u5e94\u7528\u5305\u540d\u3002</p>"},{"location":"zh/configuration/inbound/tun/#exclude_package","title":"exclude_package","text":"<p>\u6392\u9664\u8def\u7531\u7684 Android \u5e94\u7528\u5305\u540d\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platform","title":"platform","text":"<p>\u5e73\u53f0\u7279\u5b9a\u7684\u8bbe\u7f6e\uff0c\u7531\u5ba2\u6237\u7aef\u5e94\u7528\u63d0\u4f9b\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxy","title":"platform.http_proxy","text":"<p>\u7cfb\u7edf HTTP \u4ee3\u7406\u8bbe\u7f6e\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxyenabled","title":"platform.http_proxy.enabled","text":"<p>\u542f\u7528\u7cfb\u7edf HTTP \u4ee3\u7406\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxyserver","title":"platform.http_proxy.server","text":"<p>\u5fc5\u586b</p> <p>\u7cfb\u7edf HTTP \u4ee3\u7406\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxyserver_port","title":"platform.http_proxy.server_port","text":"<p>\u5fc5\u586b</p> <p>\u7cfb\u7edf HTTP \u4ee3\u7406\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxybypass_domain","title":"platform.http_proxy.bypass_domain","text":"<p>\u5728 Apple \u5e73\u53f0\uff0c<code>bypass_domain</code> \u9879\u5339\u914d\u4e3b\u673a\u540d \u540e\u7f00.</p> <p>\u7ed5\u8fc7\u4ee3\u7406\u7684\u4e3b\u673a\u540d\u5217\u8868\u3002</p>"},{"location":"zh/configuration/inbound/tun/#platformhttp_proxymatch_domain","title":"platform.http_proxy.match_domain","text":"<p>\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u4ee3\u7406\u7684\u4e3b\u673a\u540d\u5217\u8868\u3002</p>"},{"location":"zh/configuration/inbound/tun/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/vless/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"vless\",\n \"tag\": \"vless-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"flow\": \"\"\n }\n ],\n \"tls\": {},\n \"multiplex\": {},\n \"transport\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/vless/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/vless/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/vless/#users","title":"users","text":"<p>\u5fc5\u586b</p> <p>VLESS \u7528\u6237\u3002</p>"},{"location":"zh/configuration/inbound/vless/#usersuuid","title":"users.uuid","text":"<p>\u5fc5\u586b</p> <p>VLESS \u7528\u6237 ID\u3002</p>"},{"location":"zh/configuration/inbound/vless/#usersflow","title":"users.flow","text":"<p>VLESS \u5b50\u534f\u8bae\u3002</p> <p>\u53ef\u7528\u503c\uff1a</p> <ul> <li><code>xtls-rprx-vision</code></li> </ul>"},{"location":"zh/configuration/inbound/vless/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/vless/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/inbound/vless/#transport","title":"transport","text":"<p>V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002</p>"},{"location":"zh/configuration/inbound/vmess/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"vmess\",\n \"tag\": \"vmess-in\",\n\n ... // \u76d1\u542c\u5b57\u6bb5\n\n \"users\": [\n {\n \"name\": \"sekai\",\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"alterId\": 0\n }\n ],\n \"tls\": {},\n \"multiplex\": {},\n \"transport\": {}\n}\n</code></pre>"},{"location":"zh/configuration/inbound/vmess/#_2","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u76d1\u542c\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/inbound/vmess/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/inbound/vmess/#users","title":"users","text":"<p>\u5fc5\u586b</p> <p>VMess \u7528\u6237\u3002</p> Alter ID \u63cf\u8ff0 0 \u7981\u7528\u65e7\u534f\u8bae &gt; 0 \u542f\u7528\u65e7\u534f\u8bae <p>\u63d0\u4f9b\u65e7\u534f\u8bae\u652f\u6301\uff08VMess MD5 \u8eab\u4efd\u9a8c\u8bc1\uff09\u4ec5\u51fa\u4e8e\u517c\u5bb9\u6027\u76ee\u7684\uff0c\u4e0d\u5efa\u8bae\u4f7f\u7528 alterId &gt; 1\u3002</p>"},{"location":"zh/configuration/inbound/vmess/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/inbound/vmess/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/inbound/vmess/#transport","title":"transport","text":"<p>V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002</p>"},{"location":"zh/configuration/log/","title":"\u65e5\u5fd7","text":""},{"location":"zh/configuration/log/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"log\": {\n \"disabled\": false,\n \"level\": \"info\",\n \"output\": \"box.log\",\n \"timestamp\": true\n }\n}\n</code></pre>"},{"location":"zh/configuration/log/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/log/#disabled","title":"disabled","text":"<p>\u7981\u7528\u65e5\u5fd7\uff0c\u542f\u52a8\u540e\u4e0d\u8f93\u51fa\u65e5\u5fd7\u3002</p>"},{"location":"zh/configuration/log/#level","title":"level","text":"<p>\u65e5\u5fd7\u7b49\u7ea7\uff0c\u53ef\u9009\u503c\uff1a<code>trace</code> <code>debug</code> <code>info</code> <code>warn</code> <code>error</code> <code>fatal</code> <code>panic</code>\u3002</p>"},{"location":"zh/configuration/log/#output","title":"output","text":"<p>\u8f93\u51fa\u6587\u4ef6\u8def\u5f84\uff0c\u542f\u52a8\u540e\u5c06\u4e0d\u8f93\u51fa\u5230\u63a7\u5236\u53f0\u3002</p>"},{"location":"zh/configuration/log/#timestamp","title":"timestamp","text":"<p>\u6dfb\u52a0\u65f6\u95f4\u5230\u6bcf\u884c\u3002</p>"},{"location":"zh/configuration/ntp/","title":"NTP","text":"<p>\u5185\u5efa\u7684 NTP \u5ba2\u6237\u7aef\u670d\u52a1\u3002</p> <p>\u5982\u679c\u542f\u7528\uff0c\u5b83\u5c06\u4e3a\u50cf TLS/Shadowsocks/VMess \u8fd9\u6837\u7684\u534f\u8bae\u63d0\u4f9b\u65f6\u95f4\uff0c\u8fd9\u5bf9\u4e8e\u65e0\u6cd5\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\u7684\u73af\u5883\u5f88\u6709\u7528\u3002</p>"},{"location":"zh/configuration/ntp/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"ntp\": {\n \"enabled\": false,\n \"server\": \"time.apple.com\",\n \"server_port\": 123,\n \"interval\": \"30m\",\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n }\n}\n</code></pre>"},{"location":"zh/configuration/ntp/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/ntp/#enabled","title":"enabled","text":"<p>\u542f\u7528 NTP \u670d\u52a1\u3002</p>"},{"location":"zh/configuration/ntp/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>NTP \u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/ntp/#server_port","title":"server_port","text":"<p>NTP \u670d\u52a1\u5668\u7aef\u53e3\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 123\u3002</p>"},{"location":"zh/configuration/ntp/#interval","title":"interval","text":"<p>\u65f6\u95f4\u540c\u6b65\u95f4\u9694\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 30 \u5206\u949f\u3002</p>"},{"location":"zh/configuration/ntp/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/","title":"\u51fa\u7ad9","text":""},{"location":"zh/configuration/outbound/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"outbounds\": [\n {\n \"type\": \"\",\n \"tag\": \"\"\n }\n ]\n}\n</code></pre>"},{"location":"zh/configuration/outbound/#_3","title":"\u5b57\u6bb5","text":"\u7c7b\u578b \u683c\u5f0f <code>direct</code> Direct <code>block</code> Block <code>socks</code> SOCKS <code>http</code> HTTP <code>shadowsocks</code> Shadowsocks <code>vmess</code> VMess <code>trojan</code> Trojan <code>wireguard</code> Wireguard <code>hysteria</code> Hysteria <code>vless</code> VLESS <code>shadowtls</code> ShadowTLS <code>tuic</code> TUIC <code>hysteria2</code> Hysteria2 <code>tor</code> Tor <code>ssh</code> SSH <code>dns</code> DNS <code>selector</code> Selector <code>urltest</code> URLTest"},{"location":"zh/configuration/outbound/#tag","title":"tag","text":"<p>\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/outbound/#_4","title":"\u7279\u6027","text":""},{"location":"zh/configuration/outbound/#ip","title":"\u652f\u6301 IP \u8fde\u63a5\u7684\u51fa\u7ad9","text":"<ul> <li><code>WireGuard</code></li> </ul>"},{"location":"zh/configuration/outbound/block/","title":"Block","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357. </p> <p><code>block</code> \u51fa\u7ad9\u5173\u95ed\u6240\u6709\u4f20\u5165\u8bf7\u6c42\u3002</p>"},{"location":"zh/configuration/outbound/block/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"block\",\n \"tag\": \"block\"\n}\n</code></pre>"},{"location":"zh/configuration/outbound/block/#_2","title":"\u5b57\u6bb5","text":"<p>\u65e0\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/direct/","title":"Direct","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> override_address override_port</p> <p><code>direct</code> \u51fa\u7ad9\u76f4\u63a5\u53d1\u9001\u8bf7\u6c42\u3002</p>"},{"location":"zh/configuration/outbound/direct/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"direct\",\n \"tag\": \"direct-out\",\n\n \"override_address\": \"1.0.0.1\",\n \"override_port\": 53,\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/direct/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/direct/#override_address","title":"override_address","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u76ee\u6807\u8986\u76d6\u5b57\u6bb5\u5728 sing-box 1.11.0 \u4e2d\u5df2\u5e9f\u5f03\uff0c\u5e76\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/direct/#override_port","title":"override_port","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u76ee\u6807\u8986\u76d6\u5b57\u6bb5\u5728 sing-box 1.11.0 \u4e2d\u5df2\u5e9f\u5f03\uff0c\u5e76\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/direct/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/dns/","title":"DNS","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u65e7\u7684\u7279\u6b8a\u51fa\u7ad9\u5df2\u88ab\u5f03\u7528\uff0c\u4e14\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664, \u53c2\u9605 \u8fc1\u79fb\u6307\u5357. </p> <p><code>dns</code> \u51fa\u7ad9\u662f\u4e00\u4e2a\u5185\u90e8 DNS \u670d\u52a1\u5668\u3002</p>"},{"location":"zh/configuration/outbound/dns/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"dns\",\n \"tag\": \"dns-out\"\n}\n</code></pre> <p>DNS \u51fa\u7ad9\u6ca1\u6709\u51fa\u7ad9\u8fde\u63a5\uff0c\u6240\u6709\u8bf7\u6c42\u5747\u5728\u5185\u90e8\u5904\u7406\u3002</p>"},{"location":"zh/configuration/outbound/dns/#_2","title":"\u5b57\u6bb5","text":"<p>\u65e0\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/http/","title":"HTTP","text":"<p><code>http</code> \u51fa\u7ad9\u662f\u4e00\u4e2a HTTP CONNECT \u4ee3\u7406\u5ba2\u6237\u7aef</p>"},{"location":"zh/configuration/outbound/http/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"http\",\n \"tag\": \"http-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"username\": \"sekai\",\n \"password\": \"admin\",\n \"path\": \"\",\n \"headers\": {},\n \"tls\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/http/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/http/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/http/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/http/#username","title":"username","text":"<p>Basic \u8ba4\u8bc1\u7528\u6237\u540d\u3002</p>"},{"location":"zh/configuration/outbound/http/#password","title":"password","text":"<p>Basic \u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/http/#path","title":"path","text":"<p>HTTP \u8bf7\u6c42\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/outbound/http/#headers","title":"headers","text":"<p>HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934\u3002</p>"},{"location":"zh/configuration/outbound/http/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/http/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"hysteria\",\n \"tag\": \"hysteria-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"up\": \"100 Mbps\",\n \"up_mbps\": 100,\n \"down\": \"100 Mbps\",\n \"down_mbps\": 100,\n \"obfs\": \"fuck me till the daylight\",\n \"auth\": \"\",\n \"auth_str\": \"password\",\n \"recv_window_conn\": 0,\n \"recv_window\": 0,\n \"disable_mtu_discovery\": false,\n \"network\": \"tcp\",\n \"tls\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/hysteria/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/hysteria/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#up-down","title":"up, down","text":"<p>\u5fc5\u586b</p> <p>\u683c\u5f0f\uff1a <code>[Integer] [Unit]</code> \u4f8b\u5982\uff1a <code>100 Mbps, 640 KBps, 2 Gbps</code></p> <p>\u652f\u6301\u7684\u5355\u4f4d (\u5927\u5c0f\u5199\u654f\u611f, b = bits, B = bytes, 8b=1B)\uff1a</p> <pre><code>bps (bits per second)\nBps (bytes per second)\nKbps (kilobits per second)\nKBps (kilobytes per second)\nMbps (megabits per second)\nMBps (megabytes per second)\nGbps (gigabits per second)\nGBps (gigabytes per second)\nTbps (terabits per second)\nTBps (terabytes per second)\n</code></pre>"},{"location":"zh/configuration/outbound/hysteria/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>\u5fc5\u586b</p> <p>\u4ee5 Mbps \u4e3a\u5355\u4f4d\u7684 <code>up, down</code>\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#obfs","title":"obfs","text":"<p>\u6df7\u6dc6\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#auth","title":"auth","text":"<p>base64 \u7f16\u7801\u7684\u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#auth_str","title":"auth_str","text":"<p>\u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#recv_window_conn","title":"recv_window_conn","text":"<p>\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u6d41\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002</p> <p>\u9ed8\u8ba4 <code>15728640 (15 MB/s)</code>\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#recv_window","title":"recv_window","text":"<p>\u7528\u4e8e\u63a5\u6536\u6570\u636e\u7684 QUIC \u8fde\u63a5\u7ea7\u6d41\u63a7\u5236\u7a97\u53e3\u3002</p> <p>\u9ed8\u8ba4 <code>67108864 (64 MB/s)</code>\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#disable_mtu_discovery","title":"disable_mtu_discovery","text":"<p>\u7981\u7528\u8def\u5f84 MTU \u53d1\u73b0 (RFC 8899)\u3002 \u6570\u636e\u5305\u7684\u5927\u5c0f\u6700\u591a\u4e3a 1252 (IPv4) / 1232 (IPv6) \u5b57\u8282\u3002</p> <p>\u5f3a\u5236\u4e3a Linux \u548c Windows \u4ee5\u5916\u7684\u7cfb\u7edf\u542f\u7528\uff08\u6839\u636e\u4e0a\u6e38\uff09\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/hysteria/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"hysteria2\",\n \"tag\": \"hy2-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"up_mbps\": 100,\n \"down_mbps\": 100,\n \"obfs\": {\n \"type\": \"salamander\",\n \"password\": \"cry_me_a_r1ver\"\n },\n \"password\": \"goofy_ahh_password\",\n \"network\": \"tcp\",\n \"tls\": {},\n \"brutal_debug\": false,\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre> <p>\u4e0e\u5b98\u65b9 Hysteria2 \u7684\u533a\u522b</p> <p>\u5b98\u65b9\u7a0b\u5e8f\u652f\u6301\u4e00\u79cd\u540d\u4e3a userpass \u7684\u9a8c\u8bc1\u65b9\u5f0f\uff0c \u672c\u8d28\u4e0a\u4e0a\u662f\u5c06\u7528\u6237\u540d\u4e0e\u5bc6\u7801\u7684\u7ec4\u5408 <code>&lt;username&gt;:&lt;password&gt;</code> \u4f5c\u4e3a\u5b9e\u9645\u4e0a\u7684\u5bc6\u7801\uff0c\u800c sing-box \u4e0d\u63d0\u4f9b\u6b64\u522b\u540d\u3002 \u8981\u5c06 sing-box \u4e0e\u5b98\u65b9\u7a0b\u5e8f\u4e00\u8d77\u4f7f\u7528\uff0c \u60a8\u9700\u8981\u586b\u5199\u8be5\u7ec4\u5408\u4f5c\u4e3a\u5b9e\u9645\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/hysteria2/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>\u6700\u5927\u5e26\u5bbd\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528 BBR \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u800c\u4e0d\u662f Hysteria CC\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#obfstype","title":"obfs.type","text":"<p>QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u7c7b\u578b\uff0c\u4ec5\u53ef\u8bbe\u4e3a <code>salamander</code>\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\u5219\u7981\u7528\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#obfspassword","title":"obfs.password","text":"<p>QUIC \u6d41\u91cf\u6df7\u6dc6\u5668\u5bc6\u7801.</p>"},{"location":"zh/configuration/outbound/hysteria2/#password","title":"password","text":"<p>\u8ba4\u8bc1\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#brutal_debug","title":"brutal_debug","text":"<p>\u542f\u7528 Hysteria Brutal CC \u7684\u8c03\u8bd5\u4fe1\u606f\u65e5\u5fd7\u8bb0\u5f55\u3002</p>"},{"location":"zh/configuration/outbound/hysteria2/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/selector/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"selector\",\n \"tag\": \"select\",\n\n \"outbounds\": [\n \"proxy-a\",\n \"proxy-b\",\n \"proxy-c\"\n ],\n \"default\": \"proxy-c\",\n \"interrupt_exist_connections\": false\n}\n</code></pre> <p>\u9009\u62e9\u5668\u76ee\u524d\u53ea\u80fd\u901a\u8fc7 Clash API \u6765\u63a7\u5236\u3002</p>"},{"location":"zh/configuration/outbound/selector/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/selector/#outbounds","title":"outbounds","text":"<p>\u5fc5\u586b</p> <p>\u7528\u4e8e\u9009\u62e9\u7684\u51fa\u7ad9\u6807\u7b7e\u5217\u8868\u3002</p>"},{"location":"zh/configuration/outbound/selector/#default","title":"default","text":"<p>\u9ed8\u8ba4\u7684\u51fa\u7ad9\u6807\u7b7e\u3002\u9ed8\u8ba4\u4f7f\u7528\u7b2c\u4e00\u4e2a\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/outbound/selector/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"<p>\u5f53\u9009\u5b9a\u7684\u51fa\u7ad9\u53d1\u751f\u66f4\u6539\u65f6\uff0c\u4e2d\u65ad\u73b0\u6709\u8fde\u63a5\u3002</p> <p>\u4ec5\u5165\u7ad9\u8fde\u63a5\u53d7\u6b64\u8bbe\u7f6e\u5f71\u54cd\uff0c\u5185\u90e8\u8fde\u63a5\u5c06\u59cb\u7ec8\u88ab\u4e2d\u65ad\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"shadowsocks\",\n \"tag\": \"ss-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"method\": \"2022-blake3-aes-128-gcm\",\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"plugin\": \"\",\n \"plugin_opts\": \"\",\n \"network\": \"udp\",\n \"udp_over_tcp\": false | {},\n \"multiplex\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/shadowsocks/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/shadowsocks/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#method","title":"method","text":"<p>\u5fc5\u586b</p> <p>\u52a0\u5bc6\u65b9\u6cd5\uff1a</p> <ul> <li><code>2022-blake3-aes-128-gcm</code></li> <li><code>2022-blake3-aes-256-gcm</code></li> <li><code>2022-blake3-chacha20-poly1305</code></li> <li><code>none</code></li> <li><code>aes-128-gcm</code></li> <li><code>aes-192-gcm</code></li> <li><code>aes-256-gcm</code></li> <li><code>chacha20-ietf-poly1305</code></li> <li><code>xchacha20-ietf-poly1305</code></li> </ul> <p>\u65e7\u52a0\u5bc6\u65b9\u6cd5\uff1a</p> <ul> <li><code>aes-128-ctr</code></li> <li><code>aes-192-ctr</code></li> <li><code>aes-256-ctr</code></li> <li><code>aes-128-cfb</code></li> <li><code>aes-192-cfb</code></li> <li><code>aes-256-cfb</code></li> <li><code>rc4-md5</code></li> <li><code>chacha20-ietf</code></li> <li><code>xchacha20</code></li> </ul>"},{"location":"zh/configuration/outbound/shadowsocks/#password","title":"password","text":"<p>\u5fc5\u586b</p> <p>Shadowsocks \u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#plugin","title":"plugin","text":"<p>Shadowsocks SIP003 \u63d2\u4ef6\uff0c\u7531\u5185\u90e8\u5b9e\u73b0\u3002</p> <p>\u4ec5\u652f\u6301 <code>obfs-local</code> \u548c <code>v2ray-plugin</code>\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#plugin_opts","title":"plugin_opts","text":"<p>Shadowsocks SIP003 \u63d2\u4ef6\u53c2\u6570\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#udp_over_tcp","title":"udp_over_tcp","text":"<p>UDP over TCP \u914d\u7f6e\u3002</p> <p>\u53c2\u9605 UDP Over TCP\u3002</p> <p>\u4e0e <code>multiplex</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/outbound/shadowsocks/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/shadowtls/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"shadowtls\",\n \"tag\": \"st-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"version\": 3,\n \"password\": \"fuck me till the daylight\",\n \"tls\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/shadowtls/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/shadowtls/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/shadowtls/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/shadowtls/#version","title":"version","text":"<p>ShadowTLS \u534f\u8bae\u7248\u672c\u3002</p> \u503c \u534f\u8bae\u7248\u672c <code>1</code> (default) ShadowTLS v1 <code>2</code> ShadowTLS v2 <code>3</code> ShadowTLS v3"},{"location":"zh/configuration/outbound/shadowtls/#password","title":"password","text":"<p>\u8bbe\u7f6e\u5bc6\u7801\u3002</p> <p>\u4ec5\u5728 ShadowTLS v2/v3 \u534f\u8bae\u4e2d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/outbound/shadowtls/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/shadowtls/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/socks/","title":"SOCKS","text":"<p><code>socks</code> \u51fa\u7ad9\u662f socks4/socks4a/socks5 \u5ba2\u6237\u7aef</p>"},{"location":"zh/configuration/outbound/socks/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"socks\",\n \"tag\": \"socks-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"version\": \"5\",\n \"username\": \"sekai\",\n \"password\": \"admin\",\n \"network\": \"udp\",\n \"udp_over_tcp\": false | {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/socks/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/socks/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/socks/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/socks/#version","title":"version","text":"<p>SOCKS \u7248\u672c, \u53ef\u4e3a <code>4</code> <code>4a</code> <code>5</code>.</p> <p>\u9ed8\u8ba4\u4f7f\u7528 SOCKS5\u3002</p>"},{"location":"zh/configuration/outbound/socks/#username","title":"username","text":"<p>SOCKS \u7528\u6237\u540d\u3002</p>"},{"location":"zh/configuration/outbound/socks/#password","title":"password","text":"<p>SOCKS5 \u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/socks/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/socks/#udp_over_tcp","title":"udp_over_tcp","text":"<p>UDP over TCP \u914d\u7f6e\u3002</p> <p>\u53c2\u9605 UDP Over TCP\u3002</p>"},{"location":"zh/configuration/outbound/socks/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"ssh\",\n \"tag\": \"ssh-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 22,\n \"user\": \"root\",\n \"password\": \"admin\",\n \"private_key\": \"\",\n \"private_key_path\": \"$HOME/.ssh/id_rsa\",\n \"private_key_passphrase\": \"\",\n \"host_key\": [\n \"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH...\"\n ],\n \"host_key_algorithms\": [],\n \"client_version\": \"SSH-2.0-OpenSSH_7.4p1\",\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/ssh/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/ssh/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#server_port","title":"server_port","text":"<p>\u670d\u52a1\u5668\u7aef\u53e3\uff0c\u9ed8\u8ba4\u4f7f\u7528 22\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#user","title":"user","text":"<p>SSH \u7528\u6237, \u9ed8\u8ba4\u4f7f\u7528 root\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#password","title":"password","text":"<p>\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#private_key","title":"private_key","text":"<p>\u5bc6\u94a5\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#private_key_path","title":"private_key_path","text":"<p>\u5bc6\u94a5\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#private_key_passphrase","title":"private_key_passphrase","text":"<p>\u5bc6\u94a5\u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#host_key","title":"host_key","text":"<p>\u4e3b\u673a\u5bc6\u94a5\uff0c\u7559\u7a7a\u63a5\u53d7\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#host_key_algorithms","title":"host_key_algorithms","text":"<p>\u4e3b\u673a\u5bc6\u94a5\u7b97\u6cd5\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#client_version","title":"client_version","text":"<p>\u5ba2\u6237\u7aef\u7248\u672c\uff0c\u9ed8\u8ba4\u4f7f\u7528\u968f\u673a\u503c\u3002</p>"},{"location":"zh/configuration/outbound/ssh/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/tor/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"tor\",\n \"tag\": \"tor-out\",\n\n \"executable_path\": \"/usr/bin/tor\",\n \"extra_args\": [],\n \"data_directory\": \"$HOME/.cache/tor\",\n \"torrc\": {\n \"ClientOnly\": 1\n },\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre> <p>\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u542b\u5d4c\u5165\u5f0f Tor, \u53c2\u9605 \u5b89\u88c5\u3002</p>"},{"location":"zh/configuration/outbound/tor/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/tor/#executable_path","title":"executable_path","text":"<p>Tor \u53ef\u6267\u884c\u6587\u4ef6\u8def\u5f84</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u5c06\u8986\u76d6\u5d4c\u5165\u5f0f Tor\u3002</p>"},{"location":"zh/configuration/outbound/tor/#extra_args","title":"extra_args","text":"<p>\u542f\u52a8 Tor \u65f6\u4f20\u9012\u7684\u9644\u52a0\u53c2\u6570\u5217\u8868\u3002</p>"},{"location":"zh/configuration/outbound/tor/#data_directory","title":"data_directory","text":"<p>\u63a8\u8350</p> <p>Tor \u7684\u6570\u636e\u76ee\u5f55\u3002</p> <p>\u5982\u672a\u8bbe\u7f6e\uff0c\u6bcf\u6b21\u542f\u52a8\u90fd\u9700\u8981\u957f\u65f6\u95f4\u3002</p>"},{"location":"zh/configuration/outbound/tor/#torrc","title":"torrc","text":"<p>torrc \u53c2\u6570\u8868\u3002</p> <p>\u53c2\u9605 tor(1)\u3002</p>"},{"location":"zh/configuration/outbound/tor/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"trojan\",\n \"tag\": \"trojan-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"password\": \"8JCsPssfgS8tiRwiMlhARg==\",\n \"network\": \"tcp\",\n \"tls\": {},\n \"multiplex\": {},\n \"transport\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/trojan/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/trojan/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#password","title":"password","text":"<p>\u5fc5\u586b</p> <p>Trojan \u5bc6\u7801\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#transport","title":"transport","text":"<p>V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002</p>"},{"location":"zh/configuration/outbound/trojan/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"tuic\",\n \"tag\": \"tuic-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"uuid\": \"2DD61D93-75D8-4DA4-AC0E-6AECE7EAC365\",\n \"password\": \"hello\",\n \"congestion_control\": \"cubic\",\n \"udp_relay_mode\": \"native\",\n \"udp_over_stream\": false,\n \"zero_rtt_handshake\": false,\n \"heartbeat\": \"10s\",\n \"network\": \"tcp\",\n \"tls\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/tuic/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/tuic/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#uuid","title":"uuid","text":"<p>\u5fc5\u586b</p> <p>TUIC \u7528\u6237 UUID</p>"},{"location":"zh/configuration/outbound/tuic/#password","title":"password","text":"<p>TUIC \u7528\u6237\u5bc6\u7801</p>"},{"location":"zh/configuration/outbound/tuic/#congestion_control","title":"congestion_control","text":"<p>QUIC \u62e5\u585e\u63a7\u5236\u7b97\u6cd5</p> <p>\u53ef\u9009\u503c: <code>cubic</code>, <code>new_reno</code>, <code>bbr</code></p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>cubic</code>\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#udp_relay_mode","title":"udp_relay_mode","text":"<p>UDP \u5305\u4e2d\u7ee7\u6a21\u5f0f</p> \u6a21\u5f0f \u63cf\u8ff0 native \u539f\u751f UDP quic \u4f7f\u7528 QUIC \u6d41\u7684\u65e0\u635f UDP \u4e2d\u7ee7\uff0c\u5f15\u5165\u4e86\u989d\u5916\u7684\u5f00\u9500 <p>\u4e0e <code>udp_over_stream</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#udp_over_stream","title":"udp_over_stream","text":"<p>\u8fd9\u662f TUIC \u7684 UDP over TCP \u534f\u8bae \u79fb\u690d\uff0c \u65e8\u5728\u63d0\u4f9b TUIC \u4e0d\u63d0\u4f9b\u7684 \u57fa\u4e8e QUIC \u6d41\u7684 UDP \u4e2d\u7ee7\u6a21\u5f0f\u3002 \u7531\u4e8e\u5b83\u662f\u4e00\u4e2a\u9644\u52a0\u534f\u8bae\uff0c\u56e0\u6b64\u60a8\u9700\u8981\u4f7f\u7528 sing-box \u6216\u5176\u4ed6\u517c\u5bb9\u7684\u7a0b\u5e8f\u4f5c\u4e3a\u670d\u52a1\u5668\u3002</p> <p>\u6b64\u6a21\u5f0f\u5728\u6b63\u786e\u7684 UDP \u4ee3\u7406\u573a\u666f\u4e2d\u6ca1\u6709\u4efb\u4f55\u79ef\u6781\u4f5c\u7528\uff0c\u4ec5\u9002\u7528\u4e8e\u4e2d\u7ee7\u6d41\u5f0f UDP \u6d41\u91cf\uff08\u57fa\u672c\u4e0a\u662f QUIC \u6d41\uff09\u3002</p> <p>\u4e0e <code>udp_relay_mode</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#zero_rtt_handshake","title":"zero_rtt_handshake","text":"<p>\u5728\u5ba2\u6237\u7aef\u542f\u7528 0-RTT QUIC \u8fde\u63a5\u63e1\u624b \u8fd9\u5bf9\u6027\u80fd\u5f71\u54cd\u4e0d\u5927\uff0c\u56e0\u4e3a\u534f\u8bae\u662f\u5b8c\u5168\u590d\u7528\u7684</p> <p>\u5f3a\u70c8\u5efa\u8bae\u7981\u7528\u6b64\u529f\u80fd\uff0c\u56e0\u4e3a\u5b83\u5bb9\u6613\u53d7\u5230\u91cd\u653e\u653b\u51fb\u3002 \u8bf7\u53c2\u9605 Attack of the clones</p>"},{"location":"zh/configuration/outbound/tuic/#heartbeat","title":"heartbeat","text":"<p>\u53d1\u9001\u5fc3\u8df3\u5305\u4ee5\u4fdd\u6301\u8fde\u63a5\u5b58\u6d3b\u7684\u65f6\u95f4\u95f4\u9694</p>"},{"location":"zh/configuration/outbound/tuic/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#tls","title":"tls","text":"<p>\u5fc5\u586b</p> <p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/tuic/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/urltest/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"urltest\",\n \"tag\": \"auto\",\n\n \"outbounds\": [\n \"proxy-a\",\n \"proxy-b\",\n \"proxy-c\"\n ],\n \"url\": \"\",\n \"interval\": \"\",\n \"tolerance\": 50,\n \"idle_timeout\": \"\",\n \"interrupt_exist_connections\": false\n}\n</code></pre>"},{"location":"zh/configuration/outbound/urltest/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/urltest/#outbounds","title":"outbounds","text":"<p>\u5fc5\u586b</p> <p>\u7528\u4e8e\u6d4b\u8bd5\u7684\u51fa\u7ad9\u6807\u7b7e\u5217\u8868\u3002</p>"},{"location":"zh/configuration/outbound/urltest/#url","title":"url","text":"<p>\u7528\u4e8e\u6d4b\u8bd5\u7684\u94fe\u63a5\u3002\u9ed8\u8ba4\u4f7f\u7528 <code>https://www.gstatic.com/generate_204</code>\u3002</p>"},{"location":"zh/configuration/outbound/urltest/#interval","title":"interval","text":"<p>\u6d4b\u8bd5\u95f4\u9694\u3002 \u9ed8\u8ba4\u4f7f\u7528 <code>3m</code>\u3002</p>"},{"location":"zh/configuration/outbound/urltest/#tolerance","title":"tolerance","text":"<p>\u4ee5\u6beb\u79d2\u4e3a\u5355\u4f4d\u7684\u6d4b\u8bd5\u5bb9\u5dee\u3002 \u9ed8\u8ba4\u4f7f\u7528 <code>50</code>\u3002</p>"},{"location":"zh/configuration/outbound/urltest/#idle_timeout","title":"idle_timeout","text":"<p>\u7a7a\u95f2\u8d85\u65f6\u3002\u9ed8\u8ba4\u4f7f\u7528 <code>30m</code>\u3002</p>"},{"location":"zh/configuration/outbound/urltest/#interrupt_exist_connections","title":"interrupt_exist_connections","text":"<p>\u5f53\u9009\u5b9a\u7684\u51fa\u7ad9\u53d1\u751f\u66f4\u6539\u65f6\uff0c\u4e2d\u65ad\u73b0\u6709\u8fde\u63a5\u3002</p> <p>\u4ec5\u5165\u7ad9\u8fde\u63a5\u53d7\u6b64\u8bbe\u7f6e\u5f71\u54cd\uff0c\u5185\u90e8\u8fde\u63a5\u5c06\u59cb\u7ec8\u88ab\u4e2d\u65ad\u3002</p>"},{"location":"zh/configuration/outbound/vless/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"vless\",\n \"tag\": \"vless-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"flow\": \"xtls-rprx-vision\",\n \"network\": \"tcp\",\n \"tls\": {},\n \"packet_encoding\": \"\",\n \"multiplex\": {},\n \"transport\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/vless/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/vless/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/vless/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/vless/#uuid","title":"uuid","text":"<p>\u5fc5\u586b</p> <p>VLESS \u7528\u6237 ID\u3002</p>"},{"location":"zh/configuration/outbound/vless/#flow","title":"flow","text":"<p>VLESS \u5b50\u534f\u8bae\u3002</p> <p>\u53ef\u7528\u503c\uff1a</p> <ul> <li><code>xtls-rprx-vision</code></li> </ul>"},{"location":"zh/configuration/outbound/vless/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/vless/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/vless/#packet_encoding","title":"packet_encoding","text":"<p>UDP \u5305\u7f16\u7801\uff0c\u9ed8\u8ba4\u4f7f\u7528 xudp\u3002</p> \u7f16\u7801 \u63cf\u8ff0 (\u7a7a) \u7981\u7528 packetaddr \u7531 v2ray 5+ \u652f\u6301 xudp \u7531 xray \u652f\u6301"},{"location":"zh/configuration/outbound/vless/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/outbound/vless/#transport","title":"transport","text":"<p>V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002</p>"},{"location":"zh/configuration/outbound/vless/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"vmess\",\n \"tag\": \"vmess-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"uuid\": \"bf000d23-0752-40b4-affe-68f7707a9661\",\n \"security\": \"auto\",\n \"alter_id\": 0,\n \"global_padding\": false,\n \"authenticated_length\": true,\n \"network\": \"tcp\",\n \"tls\": {},\n \"packet_encoding\": \"\",\n \"multiplex\": {},\n \"transport\": {},\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/vmess/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/vmess/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#uuid","title":"uuid","text":"<p>\u5fc5\u586b</p> <p>VMess \u7528\u6237 ID\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#security","title":"security","text":"<p>\u52a0\u5bc6\u65b9\u6cd5\uff1a</p> <ul> <li><code>auto</code></li> <li><code>none</code></li> <li><code>zero</code></li> <li><code>aes-128-gcm</code></li> <li><code>chacha20-poly1305</code></li> </ul> <p>\u65e7\u52a0\u5bc6\u65b9\u6cd5\uff1a</p> <ul> <li><code>aes-128-ctr</code></li> </ul>"},{"location":"zh/configuration/outbound/vmess/#alter_id","title":"alter_id","text":"Alter ID \u63cf\u8ff0 0 \u7981\u7528\u65e7\u534f\u8bae 1 \u542f\u7528\u65e7\u534f\u8bae &gt; 1 \u672a\u4f7f\u7528, \u884c\u4e3a\u540c 1"},{"location":"zh/configuration/outbound/vmess/#global_padding","title":"global_padding","text":"<p>\u534f\u8bae\u53c2\u6570\u3002 \u5982\u679c\u542f\u7528\u4f1a\u968f\u673a\u6d6a\u8d39\u6d41\u91cf\uff08\u5728 v2ray \u4e2d\u9ed8\u8ba4\u542f\u7528\u5e76\u4e14\u65e0\u6cd5\u7981\u7528\uff09\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#authenticated_length","title":"authenticated_length","text":"<p>\u534f\u8bae\u53c2\u6570\u3002\u542f\u7528\u957f\u5ea6\u5757\u52a0\u5bc6\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae\u3002</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#tls","title":"tls","text":"<p>TLS \u914d\u7f6e, \u53c2\u9605 TLS\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#packet_encoding","title":"packet_encoding","text":"<p>UDP \u5305\u7f16\u7801\u3002</p> \u7f16\u7801 \u63cf\u8ff0 (\u7a7a) \u7981\u7528 packetaddr \u7531 v2ray 5+ \u652f\u6301 xudp \u7531 xray \u652f\u6301"},{"location":"zh/configuration/outbound/vmess/#multiplex","title":"multiplex","text":"<p>\u53c2\u9605 \u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#transport","title":"transport","text":"<p>V2Ray \u4f20\u8f93\u914d\u7f6e\uff0c\u53c2\u9605 V2Ray \u4f20\u8f93\u5c42\u3002</p>"},{"location":"zh/configuration/outbound/vmess/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/","title":"WireGuard","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>WireGuard \u51fa\u7ad9\u5df2\u88ab\u542f\u7528\uff0c\u4e14\u5c06\u5728 sing-box 1.13.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> gso</p> <p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> gso </p>"},{"location":"zh/configuration/outbound/wireguard/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"wireguard\",\n \"tag\": \"wireguard-out\",\n\n \"server\": \"127.0.0.1\",\n \"server_port\": 1080,\n \"system_interface\": false,\n \"interface_name\": \"wg0\",\n \"local_address\": [\n \"10.0.0.1/32\"\n ],\n \"private_key\": \"YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=\",\n \"peer_public_key\": \"Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=\",\n \"pre_shared_key\": \"31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=\",\n \"reserved\": [0, 0, 0],\n \"workers\": 4,\n \"mtu\": 1408,\n \"network\": \"tcp\",\n\n // \u5e9f\u5f03\u7684\n\n \"gso\": false,\n\n ... // \u62e8\u53f7\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/outbound/wireguard/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/outbound/wireguard/#server","title":"server","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u5730\u5740\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#server_port","title":"server_port","text":"<p>\u5fc5\u586b</p> <p>\u670d\u52a1\u5668\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#system_interface","title":"system_interface","text":"<p>\u4f7f\u7528\u7cfb\u7edf\u8bbe\u5907\u3002</p> <p>\u9700\u8981\u7279\u6743\u4e14\u4e0d\u80fd\u4e0e\u5df2\u6709\u7cfb\u7edf\u63a5\u53e3\u51b2\u7a81\u3002</p> <p>\u5982\u679c gVisor \u672a\u5305\u542b\u5728\u6784\u5efa\u4e2d\uff0c\u5219\u5f3a\u5236\u6267\u884c\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#interface_name","title":"interface_name","text":"<p>\u4e3a\u7cfb\u7edf\u63a5\u53e3\u81ea\u5b9a\u4e49\u8bbe\u5907\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#gso","title":"gso","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u81ea sing-box 1.11.0 \u8d77\uff0cGSO \u5c06\u53ef\u7528\u65f6\u81ea\u52a8\u542f\u7528\u3002</p> <p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\u3002</p> <p>\u5c1d\u8bd5\u542f\u7528\u901a\u7528\u5206\u6bb5\u5378\u8f7d\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#local_address","title":"local_address","text":"<p>\u5fc5\u586b</p> <p>\u63a5\u53e3\u7684 IPv4/IPv6 \u5730\u5740\u6216\u5730\u5740\u6bb5\u7684\u5217\u8868\u60a8\u3002</p> <p>\u8981\u5206\u914d\u7ed9\u63a5\u53e3\u7684 IP\uff08v4 \u6216 v6\uff09\u5730\u5740\u6bb5\u5217\u8868\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#private_key","title":"private_key","text":"<p>\u5fc5\u586b</p> <p>WireGuard \u9700\u8981 base64 \u7f16\u7801\u7684\u516c\u94a5\u548c\u79c1\u94a5\u3002 \u8fd9\u4e9b\u53ef\u4ee5\u4f7f\u7528 wg(8) \u5b9e\u7528\u7a0b\u5e8f\u751f\u6210\uff1a</p> <pre><code>wg genkey\necho \"private key\" || wg pubkey\n</code></pre>"},{"location":"zh/configuration/outbound/wireguard/#peer_public_key","title":"peer_public_key","text":"<p>\u5fc5\u586b</p> <p>WireGuard \u5bf9\u7b49\u516c\u94a5\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#pre_shared_key","title":"pre_shared_key","text":"<p>WireGuard \u9884\u5171\u4eab\u5bc6\u94a5\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#reserved","title":"reserved","text":"<p>WireGuard \u4fdd\u7559\u5b57\u6bb5\u5b57\u8282\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#workers","title":"workers","text":"<p>WireGuard worker \u6570\u91cf\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 CPU \u6570\u91cf\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#mtu","title":"mtu","text":"<p>WireGuard MTU\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 1408\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#network","title":"network","text":"<p>\u542f\u7528\u7684\u7f51\u7edc\u534f\u8bae</p> <p><code>tcp</code> \u6216 <code>udp</code>\u3002</p> <p>\u9ed8\u8ba4\u6240\u6709\u3002</p>"},{"location":"zh/configuration/outbound/wireguard/#_3","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/","title":"\u8def\u7531","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> network_strategy default_network_type default_fallback_network_type default_fallback_delay</p> <p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> rule_set geoip geosite</p>"},{"location":"zh/configuration/route/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"route\": {\n \"geoip\": {},\n \"geosite\": {},\n \"rules\": [],\n \"rule_set\": [],\n \"final\": \"\",\n \"auto_detect_interface\": false,\n \"override_android_vpn\": false,\n \"default_interface\": \"\",\n \"default_mark\": 0,\n \"default_network_strategy\": \"\",\n \"default_fallback_delay\": \"\"\n }\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p>"},{"location":"zh/configuration/route/#_3","title":"\u5b57\u6bb5","text":"\u952e \u683c\u5f0f <code>geoip</code> GeoIP <code>geosite</code> Geosite"},{"location":"zh/configuration/route/#rule","title":"rule","text":"<p>\u4e00\u7ec4 \u8def\u7531\u89c4\u5219 \u3002</p>"},{"location":"zh/configuration/route/#rule_set","title":"rule_set","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u4e00\u7ec4 \u89c4\u5219\u96c6\u3002</p>"},{"location":"zh/configuration/route/#final","title":"final","text":"<p>\u9ed8\u8ba4\u51fa\u7ad9\u6807\u7b7e\u3002\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u7b2c\u4e00\u4e2a\u53ef\u7528\u4e8e\u5bf9\u5e94\u534f\u8bae\u7684\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/route/#auto_detect_interface","title":"auto_detect_interface","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002</p> <p>\u9ed8\u8ba4\u5c06\u51fa\u7ad9\u8fde\u63a5\u7ed1\u5b9a\u5230\u9ed8\u8ba4\u7f51\u5361\uff0c\u4ee5\u9632\u6b62\u5728 tun \u4e0b\u51fa\u73b0\u8def\u7531\u73af\u8def\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\u4e86 <code>outbound.bind_interface</code> \u8bbe\u7f6e\uff0c\u5219\u4e0d\u751f\u6548\u3002</p>"},{"location":"zh/configuration/route/#override_android_vpn","title":"override_android_vpn","text":"<p>\u4ec5\u652f\u6301 Android\u3002</p> <p>\u542f\u7528 <code>auto_detect_interface</code> \u65f6\u63a5\u53d7 Android VPN \u4f5c\u4e3a\u4e0a\u6e38\u7f51\u5361\u3002</p>"},{"location":"zh/configuration/route/#default_interface","title":"default_interface","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002</p> <p>\u9ed8\u8ba4\u5c06\u51fa\u7ad9\u8fde\u63a5\u7ed1\u5b9a\u5230\u6307\u5b9a\u7f51\u5361\uff0c\u4ee5\u9632\u6b62\u5728 tun \u4e0b\u51fa\u73b0\u8def\u7531\u73af\u8def\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\u4e86 <code>auto_detect_interface</code> \u8bbe\u7f6e\uff0c\u5219\u4e0d\u751f\u6548\u3002</p>"},{"location":"zh/configuration/route/#default_mark","title":"default_mark","text":"<p>\u4ec5\u652f\u6301 Linux\u3002</p> <p>\u9ed8\u8ba4\u4e3a\u51fa\u7ad9\u8fde\u63a5\u8bbe\u7f6e\u8def\u7531\u6807\u8bb0\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\u4e86 <code>outbound.routing_mark</code> \u8bbe\u7f6e\uff0c\u5219\u4e0d\u751f\u6548\u3002</p>"},{"location":"zh/configuration/route/#network_strategy","title":"network_strategy","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p> <p>\u5f53 <code>outbound.bind_interface</code>, <code>outbound.inet4_bind_address</code> \u6216 <code>outbound.inet6_bind_address</code> \u5df2\u8bbe\u7f6e\u65f6\u4e0d\u751f\u6548\u3002</p> <p>\u53ef\u4ee5\u88ab <code>outbound.network_strategy</code> \u8986\u76d6\u3002</p> <p>\u4e0e <code>default_interface</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/route/#default_network_type","title":"default_network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/#default_fallback_network_type","title":"default_fallback_network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/#default_fallback_delay","title":"default_fallback_delay","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/geoip/","title":"GeoIP","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>GeoIP \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p>"},{"location":"zh/configuration/route/geoip/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"route\": {\n \"geoip\": {\n \"path\": \"\",\n \"download_url\": \"\",\n \"download_detour\": \"\"\n }\n }\n}\n</code></pre>"},{"location":"zh/configuration/route/geoip/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/route/geoip/#path","title":"path","text":"<p>\u6307\u5b9a GeoIP \u8d44\u6e90\u7684\u8def\u5f84\u3002</p> <p>\u9ed8\u8ba4 <code>geoip.db</code>\u3002</p>"},{"location":"zh/configuration/route/geoip/#download_url","title":"download_url","text":"<p>\u6307\u5b9a GeoIP \u8d44\u6e90\u7684\u4e0b\u8f7d\u94fe\u63a5\u3002</p> <p>\u9ed8\u8ba4\u4e3a <code>https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db</code>\u3002</p>"},{"location":"zh/configuration/route/geoip/#download_detour","title":"download_detour","text":"<p>\u7528\u4e8e\u4e0b\u8f7d GeoIP \u8d44\u6e90\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/route/geosite/","title":"Geosite","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>Geosite \u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p>"},{"location":"zh/configuration/route/geosite/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"route\": {\n \"geosite\": {\n \"path\": \"\",\n \"download_url\": \"\",\n \"download_detour\": \"\"\n }\n }\n}\n</code></pre>"},{"location":"zh/configuration/route/geosite/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/route/geosite/#path","title":"path","text":"<p>\u6307\u5b9a GeoSite \u8d44\u6e90\u7684\u8def\u5f84\u3002</p> <p>\u9ed8\u8ba4 <code>geosite.db</code>\u3002</p>"},{"location":"zh/configuration/route/geosite/#download_url","title":"download_url","text":"<p>\u6307\u5b9a GeoSite \u8d44\u6e90\u7684\u4e0b\u8f7d\u94fe\u63a5\u3002</p> <p>\u9ed8\u8ba4\u4e3a <code>https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db</code>\u3002</p>"},{"location":"zh/configuration/route/geosite/#download_detour","title":"download_detour","text":"<p>\u7528\u4e8e\u4e0b\u8f7d GeoSite \u8d44\u6e90\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/route/rule/","title":"\u8def\u7531\u89c4\u5219","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> action outbound network_type network_is_expensive network_is_constrained</p> <p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> client rule_set_ipcidr_match_source process_path_regex</p> <p>sing-box 1.8.0 \u4e2d\u7684\u66f4\u6539</p> <p> rule_set rule_set_ipcidr_match_source source_ip_is_private ip_is_private source_geoip geoip geosite</p>"},{"location":"zh/configuration/route/rule/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"route\": {\n \"rules\": [\n {\n \"inbound\": [\n \"mixed-in\"\n ],\n \"ip_version\": 6,\n \"network\": [\n \"tcp\"\n ],\n \"auth_user\": [\n \"usera\",\n \"userb\"\n ],\n \"protocol\": [\n \"tls\",\n \"http\",\n \"quic\"\n ],\n \"client\": [\n \"chromium\",\n \"safari\",\n \"firefox\",\n \"quic-go\"\n ],\n \"domain\": [\n \"test.com\"\n ],\n \"domain_suffix\": [\n \".cn\"\n ],\n \"domain_keyword\": [\n \"test\"\n ],\n \"domain_regex\": [\n \"^stun\\\\..+\"\n ],\n \"geosite\": [\n \"cn\"\n ],\n \"source_geoip\": [\n \"private\"\n ],\n \"geoip\": [\n \"cn\"\n ],\n \"source_ip_cidr\": [\n \"10.0.0.0/24\"\n ],\n \"source_ip_is_private\": false,\n \"ip_cidr\": [\n \"10.0.0.0/24\"\n ],\n \"ip_is_private\": false,\n \"source_port\": [\n 12345\n ],\n \"source_port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"port\": [\n 80,\n 443\n ],\n \"port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"process_name\": [\n \"curl\"\n ],\n \"process_path\": [\n \"/usr/bin/curl\"\n ],\n \"process_path_regex\": [\n \"^/usr/bin/.+\"\n ],\n \"package_name\": [\n \"com.termux\"\n ],\n \"user\": [\n \"sekai\"\n ],\n \"user_id\": [\n 1000\n ],\n \"clash_mode\": \"direct\",\n \"network_type\": [\n \"wifi\"\n ],\n \"network_is_expensive\": false,\n \"network_is_constrained\": false,\n \"wifi_ssid\": [\n \"My WIFI\"\n ],\n \"wifi_bssid\": [\n \"00:00:00:00:00:00\"\n ],\n \"rule_set\": [\n \"geoip-cn\",\n \"geosite-cn\"\n ],\n // \u5df2\u5f03\u7528\n \"rule_set_ipcidr_match_source\": false,\n \"rule_set_ip_cidr_match_source\": false,\n \"invert\": false,\n \"action\": \"route\",\n \"outbound\": \"direct\"\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [],\n \"invert\": false,\n \"action\": \"route\",\n \"outbound\": \"direct\"\n }\n ]\n }\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/route/rule/#_2","title":"\u9ed8\u8ba4\u5b57\u6bb5","text":"<p>\u9ed8\u8ba4\u89c4\u5219\u4f7f\u7528\u4ee5\u4e0b\u5339\u914d\u903b\u8f91: (<code>domain</code> || <code>domain_suffix</code> || <code>domain_keyword</code> || <code>domain_regex</code> || <code>geosite</code> || <code>geoip</code> || <code>ip_cidr</code> || <code>ip_is_private</code>) &amp;&amp; (<code>port</code> || <code>port_range</code>) &amp;&amp; (<code>source_geoip</code> || <code>source_ip_cidr</code> || <code>source_ip_is_private</code>) &amp;&amp; (<code>source_port</code> || <code>source_port_range</code>) &amp;&amp; <code>other fields</code></p> <p>\u53e6\u5916\uff0c\u5f15\u7528\u7684\u89c4\u5219\u96c6\u53ef\u89c6\u4e3a\u88ab\u5408\u5e76\uff0c\u800c\u4e0d\u662f\u4f5c\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684\u89c4\u5219\u5b50\u9879\u3002</p>"},{"location":"zh/configuration/route/rule/#inbound","title":"inbound","text":"<p>\u5165\u7ad9 \u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/route/rule/#ip_version","title":"ip_version","text":"<p>4 \u6216 6\u3002</p> <p>\u9ed8\u8ba4\u4e0d\u9650\u5236\u3002</p>"},{"location":"zh/configuration/route/rule/#auth_user","title":"auth_user","text":"<p>\u8ba4\u8bc1\u7528\u6237\u540d\uff0c\u53c2\u9605\u5165\u7ad9\u8bbe\u7f6e\u3002</p>"},{"location":"zh/configuration/route/rule/#protocol","title":"protocol","text":"<p>\u63a2\u6d4b\u5230\u7684\u534f\u8bae, \u53c2\u9605 \u534f\u8bae\u63a2\u6d4b\u3002</p>"},{"location":"zh/configuration/route/rule/#client","title":"client","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u63a2\u6d4b\u5230\u7684\u5ba2\u6237\u7aef\u7c7b\u578b, \u53c2\u9605 \u534f\u8bae\u63a2\u6d4b\u3002</p>"},{"location":"zh/configuration/route/rule/#network","title":"network","text":"<p><code>tcp</code> \u6216 <code>udp</code>\u3002</p>"},{"location":"zh/configuration/route/rule/#domain","title":"domain","text":"<p>\u5339\u914d\u5b8c\u6574\u57df\u540d\u3002</p>"},{"location":"zh/configuration/route/rule/#domain_suffix","title":"domain_suffix","text":"<p>\u5339\u914d\u57df\u540d\u540e\u7f00\u3002</p>"},{"location":"zh/configuration/route/rule/#domain_keyword","title":"domain_keyword","text":"<p>\u5339\u914d\u57df\u540d\u5173\u952e\u5b57\u3002</p>"},{"location":"zh/configuration/route/rule/#domain_regex","title":"domain_regex","text":"<p>\u5339\u914d\u57df\u540d\u6b63\u5219\u8868\u8fbe\u5f0f\u3002</p>"},{"location":"zh/configuration/route/rule/#geosite","title":"geosite","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>Geosite \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u5339\u914d Geosite\u3002</p>"},{"location":"zh/configuration/route/rule/#source_geoip","title":"source_geoip","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>GeoIP \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u5339\u914d\u6e90 GeoIP\u3002</p>"},{"location":"zh/configuration/route/rule/#geoip","title":"geoip","text":"<p>\u5df2\u5728 sing-box 1.8.0 \u5e9f\u5f03</p> <p>GeoIP \u5df2\u5e9f\u5f03\u4e14\u53ef\u80fd\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357\u3002</p> <p>\u5339\u914d GeoIP\u3002</p>"},{"location":"zh/configuration/route/rule/#source_ip_cidr","title":"source_ip_cidr","text":"<p>\u5339\u914d\u6e90 IP CIDR\u3002</p>"},{"location":"zh/configuration/route/rule/#source_ip_is_private","title":"source_ip_is_private","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u5339\u914d\u975e\u516c\u5f00\u6e90 IP\u3002</p>"},{"location":"zh/configuration/route/rule/#ip_cidr","title":"ip_cidr","text":"<p>\u5339\u914d IP CIDR\u3002</p>"},{"location":"zh/configuration/route/rule/#ip_is_private","title":"ip_is_private","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u5339\u914d\u975e\u516c\u5f00 IP\u3002</p>"},{"location":"zh/configuration/route/rule/#source_port","title":"source_port","text":"<p>\u5339\u914d\u6e90\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/route/rule/#source_port_range","title":"source_port_range","text":"<p>\u5339\u914d\u6e90\u7aef\u53e3\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/route/rule/#port","title":"port","text":"<p>\u5339\u914d\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/route/rule/#port_range","title":"port_range","text":"<p>\u5339\u914d\u7aef\u53e3\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/route/rule/#process_name","title":"process_name","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002</p> <p>\u5339\u914d\u8fdb\u7a0b\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/route/rule/#process_path","title":"process_path","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/route/rule/#process_path_regex","title":"process_path_regex","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/route/rule/#package_name","title":"package_name","text":"<p>\u5339\u914d Android \u5e94\u7528\u5305\u540d\u3002</p>"},{"location":"zh/configuration/route/rule/#user","title":"user","text":"<p>\u4ec5\u652f\u6301 Linux.</p> <p>\u5339\u914d\u7528\u6237\u540d\u3002</p>"},{"location":"zh/configuration/route/rule/#user_id","title":"user_id","text":"<p>\u4ec5\u652f\u6301 Linux.</p> <p>\u5339\u914d\u7528\u6237 ID\u3002</p>"},{"location":"zh/configuration/route/rule/#clash_mode","title":"clash_mode","text":"<p>\u5339\u914d Clash \u6a21\u5f0f\u3002</p>"},{"location":"zh/configuration/route/rule/#network_type","title":"network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u7f51\u7edc\u7c7b\u578b\u3002</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code> and <code>other</code>.</p>"},{"location":"zh/configuration/route/rule/#network_is_expensive","title":"network_is_expensive","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u5982\u679c\u7f51\u7edc\u88ab\u89c6\u4e3a\u8ba1\u8d39 (\u5728 Android) \u6216\u88ab\u89c6\u4e3a\u6602\u8d35\uff0c \u50cf\u8702\u7a9d\u7f51\u7edc\u6216\u4e2a\u4eba\u70ed\u70b9 (\u5728 Apple \u5e73\u53f0)\u3002</p>"},{"location":"zh/configuration/route/rule/#network_is_constrained","title":"network_is_constrained","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u5982\u679c\u7f51\u7edc\u5728\u4f4e\u6570\u636e\u6a21\u5f0f\u4e0b\u3002</p>"},{"location":"zh/configuration/route/rule/#wifi_ssid","title":"wifi_ssid","text":"<p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d WiFi SSID\u3002</p>"},{"location":"zh/configuration/route/rule/#wifi_bssid","title":"wifi_bssid","text":"<p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d WiFi BSSID\u3002</p>"},{"location":"zh/configuration/route/rule/#rule_set","title":"rule_set","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u5339\u914d\u89c4\u5219\u96c6\u3002</p>"},{"location":"zh/configuration/route/rule/#rule_set_ipcidr_match_source","title":"rule_set_ipcidr_match_source","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <p>\u5df2\u5728 sing-box 1.10.0 \u5e9f\u5f03</p> <p><code>rule_set_ipcidr_match_source</code> \u5df2\u91cd\u547d\u540d\u4e3a <code>rule_set_ip_cidr_match_source</code> \u4e14\u5c06\u5728 sing-box 1.11.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 <code>ip_cidr</code> \u89c4\u5219\u5339\u914d\u6e90 IP\u3002</p>"},{"location":"zh/configuration/route/rule/#rule_set_ip_cidr_match_source","title":"rule_set_ip_cidr_match_source","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4f7f\u89c4\u5219\u96c6\u4e2d\u7684 <code>ip_cidr</code> \u89c4\u5219\u5339\u914d\u6e90 IP\u3002</p>"},{"location":"zh/configuration/route/rule/#invert","title":"invert","text":"<p>\u53cd\u9009\u5339\u914d\u7ed3\u679c\u3002</p>"},{"location":"zh/configuration/route/rule/#action","title":"action","text":"<p>\u5fc5\u586b</p> <p>\u53c2\u9605 \u89c4\u5219\u52a8\u4f5c\u3002</p>"},{"location":"zh/configuration/route/rule/#outbound","title":"outbound","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5df2\u79fb\u52a8\u5230 \u89c4\u5219\u52a8\u4f5c.</p>"},{"location":"zh/configuration/route/rule/#_3","title":"\u903b\u8f91\u5b57\u6bb5","text":""},{"location":"zh/configuration/route/rule/#mode","title":"mode","text":"<p>\u5fc5\u586b</p> <p><code>and</code> \u6216 <code>or</code></p>"},{"location":"zh/configuration/route/rule/#rules","title":"rules","text":"<p>\u5fc5\u586b</p> <p>\u5305\u62ec\u7684\u89c4\u5219\u3002</p>"},{"location":"zh/configuration/route/rule_action/","title":"\u89c4\u5219\u52a8\u4f5c","text":""},{"location":"zh/configuration/route/rule_action/#_1","title":"\u6700\u7ec8\u52a8\u4f5c","text":""},{"location":"zh/configuration/route/rule_action/#route","title":"route","text":"<pre><code>{\n \"action\": \"route\", // \u9ed8\u8ba4\n \"outbound\": \"\",\n\n ... // route-options \u5b57\u6bb5\n}\n</code></pre> <p><code>route</code> \u7ee7\u627f\u4e86\u5c06\u8fde\u63a5\u8def\u7531\u5230\u6307\u5b9a\u51fa\u7ad9\u7684\u7ecf\u5178\u89c4\u5219\u52a8\u4f5c\u3002</p>"},{"location":"zh/configuration/route/rule_action/#outbound","title":"outbound","text":"<p>\u5fc5\u586b</p> <p>\u76ee\u6807\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/route/rule_action/#route-options","title":"route-options \u5b57\u6bb5","text":"<p>\u53c2\u9605\u4e0b\u65b9\u7684 <code>route-options</code> \u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/rule_action/#route-options_1","title":"route-options","text":"<pre><code>{\n \"action\": \"route-options\",\n \"override_address\": \"\",\n \"override_port\": 0,\n \"network_strategy\": \"\",\n \"fallback_delay\": \"\",\n \"udp_disable_domain_unmapping\": false,\n \"udp_connect\": false,\n \"udp_timeout\": \"\"\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p> <p><code>route-options</code> \u4e3a\u8def\u7531\u8bbe\u7f6e\u9009\u9879\u3002</p>"},{"location":"zh/configuration/route/rule_action/#override_address","title":"override_address","text":"<p>\u8986\u76d6\u76ee\u6807\u5730\u5740\u3002</p>"},{"location":"zh/configuration/route/rule_action/#override_port","title":"override_port","text":"<p>\u8986\u76d6\u76ee\u6807\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/route/rule_action/#network_strategy","title":"network_strategy","text":"<p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p> <p>\u4ec5\u5f53\u51fa\u7ad9\u4e3a <code>direct</code> \u4e14 <code>outbound.bind_interface</code>, <code>outbound.inet4_bind_address</code> \u4e14 <code>outbound.inet6_bind_address</code> \u672a\u8bbe\u7f6e\u65f6\u751f\u6548\u3002</p>"},{"location":"zh/configuration/route/rule_action/#network_type","title":"network_type","text":"<p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/rule_action/#fallback_network_type","title":"fallback_network_type","text":"<p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/rule_action/#fallback_delay","title":"fallback_delay","text":"<p>\u8be6\u60c5\u53c2\u9605 \u62e8\u53f7\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/route/rule_action/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"<p>\u5982\u679c\u542f\u7528\uff0c\u5bf9\u4e8e\u5730\u5740\u4e3a\u57df\u7684 UDP \u4ee3\u7406\u8bf7\u6c42\uff0c\u5c06\u5728\u54cd\u5e94\u4e2d\u53d1\u9001\u539f\u59cb\u5305\u5730\u5740\u800c\u4e0d\u662f\u6620\u5c04\u7684\u57df\u3002</p> <p>\u6b64\u9009\u9879\u7528\u4e8e\u517c\u5bb9\u4e0d\u652f\u6301\u63a5\u6536\u5e26\u6709\u57df\u5730\u5740\u7684 UDP \u5305\u7684\u5ba2\u6237\u7aef\uff0c\u5982 Surge\u3002</p>"},{"location":"zh/configuration/route/rule_action/#udp_connect","title":"udp_connect","text":"<p>\u5982\u679c\u542f\u7528\uff0c\u5c06\u5c1d\u8bd5\u5c06 UDP \u8fde\u63a5 connect \u5230\u76ee\u6807\u800c\u4e0d\u662f listen\u3002</p>"},{"location":"zh/configuration/route/rule_action/#udp_timeout","title":"udp_timeout","text":"<p>UDP \u8fde\u63a5\u8d85\u65f6\u65f6\u95f4\u3002</p> <p>\u8bbe\u7f6e\u6bd4\u5165\u7ad9 UDP \u8d85\u65f6\u66f4\u5927\u7684\u503c\u5c06\u65e0\u6548\u3002</p> <p>\u5df2\u63a2\u6d4b\u534f\u8bae\u8fde\u63a5\u7684\u9ed8\u8ba4\u503c\uff1a</p> \u8d85\u65f6 \u534f\u8bae <code>10s</code> <code>dns</code>, <code>ntp</code>, <code>stun</code> <code>30s</code> <code>quic</code>, <code>dtls</code> <p>\u5982\u679c\u6ca1\u6709\u63a2\u6d4b\u5230\u534f\u8bae\uff0c\u4ee5\u4e0b\u7aef\u53e3\u5c06\u9ed8\u8ba4\u8bc6\u522b\u4e3a\u534f\u8bae\uff1a</p> \u7aef\u53e3 \u534f\u8bae 53 <code>dns</code> 123 <code>ntp</code> 443 <code>quic</code> 3478 <code>stun</code>"},{"location":"zh/configuration/route/rule_action/#reject","title":"reject","text":"<pre><code>{\n \"action\": \"reject\",\n \"method\": \"default\", // \u9ed8\u8ba4\n \"no_drop\": false\n}\n</code></pre> <p><code>reject</code> \u62d2\u7edd\u8fde\u63a5\u3002</p> <p>\u5982\u679c\u5c1a\u672a\u6267\u884c <code>sniff</code> \u64cd\u4f5c\uff0c\u5219\u5c06\u4f7f\u7528\u6307\u5b9a\u65b9\u6cd5\u62d2\u7edd tun \u8fde\u63a5\u3002</p> <p>\u5bf9\u4e8e\u975e tun \u8fde\u63a5\u548c\u5df2\u5efa\u7acb\u7684\u8fde\u63a5\uff0c\u5c06\u76f4\u63a5\u5173\u95ed\u3002</p>"},{"location":"zh/configuration/route/rule_action/#method","title":"method","text":"<ul> <li><code>default</code>: \u5bf9\u4e8e TCP \u8fde\u63a5\u56de\u590d RST\uff0c\u5bf9\u4e8e UDP \u5305\u56de\u590d ICMP \u7aef\u53e3\u4e0d\u53ef\u8fbe\u3002</li> <li><code>drop</code>: \u4e22\u5f03\u6570\u636e\u5305\u3002</li> </ul>"},{"location":"zh/configuration/route/rule_action/#no_drop","title":"no_drop","text":"<p>\u5982\u679c\u672a\u542f\u7528\uff0c\u5219 30 \u79d2\u5185\u89e6\u53d1 50 \u6b21\u540e\uff0c<code>method</code> \u5c06\u88ab\u6682\u65f6\u8986\u76d6\u4e3a <code>drop</code>\u3002</p> <p>\u5f53 <code>method</code> \u8bbe\u4e3a <code>drop</code> \u65f6\u4e0d\u53ef\u7528\u3002</p>"},{"location":"zh/configuration/route/rule_action/#hijack-dns","title":"hijack-dns","text":"<pre><code>{\n \"action\": \"hijack-dns\"\n}\n</code></pre> <p><code>hijack-dns</code> \u52ab\u6301 DNS \u8bf7\u6c42\u81f3 sing-box DNS \u6a21\u5757\u3002</p>"},{"location":"zh/configuration/route/rule_action/#_2","title":"\u975e\u6700\u7ec8\u52a8\u4f5c","text":""},{"location":"zh/configuration/route/rule_action/#sniff","title":"sniff","text":"<pre><code>{\n \"action\": \"sniff\",\n \"sniffer\": [],\n \"timeout\": \"\"\n}\n</code></pre> <p><code>sniff</code> \u5bf9\u8fde\u63a5\u6267\u884c\u534f\u8bae\u55c5\u63a2\u3002</p> <p>\u5bf9\u4e8e\u5df2\u5f03\u7528\u7684 <code>inbound.sniff</code> \u9009\u9879\uff0c\u88ab\u89c6\u4e3a\u5728\u8def\u7531\u4e4b\u524d\u6267\u884c\u7684 <code>sniff</code>\u3002</p>"},{"location":"zh/configuration/route/rule_action/#sniffer","title":"sniffer","text":"<p>\u542f\u7528\u7684\u63a2\u6d4b\u5668\u3002</p> <p>\u9ed8\u8ba4\u542f\u7528\u6240\u6709\u63a2\u6d4b\u5668\u3002</p> <p>\u53ef\u7528\u7684\u534f\u8bae\u503c\u53ef\u4ee5\u5728 \u534f\u8bae\u55c5\u63a2 \u4e2d\u627e\u5230\u3002</p>"},{"location":"zh/configuration/route/rule_action/#timeout","title":"timeout","text":"<p>\u63a2\u6d4b\u8d85\u65f6\u65f6\u95f4\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 300ms\u3002</p>"},{"location":"zh/configuration/route/rule_action/#resolve","title":"resolve","text":"<pre><code>{\n \"action\": \"resolve\",\n \"strategy\": \"\",\n \"server\": \"\"\n}\n</code></pre> <p><code>resolve</code> \u5c06\u8bf7\u6c42\u7684\u76ee\u6807\u4ece\u57df\u540d\u89e3\u6790\u4e3a IP \u5730\u5740\u3002</p>"},{"location":"zh/configuration/route/rule_action/#strategy","title":"strategy","text":"<p>DNS \u89e3\u6790\u7b56\u7565\uff0c\u53ef\u7528\u503c\u6709\uff1a<code>prefer_ipv4</code>\u3001<code>prefer_ipv6</code>\u3001<code>ipv4_only</code>\u3001<code>ipv6_only</code>\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>dns.strategy</code>\u3002</p>"},{"location":"zh/configuration/route/rule_action/#server","title":"server","text":"<p>\u6307\u5b9a\u8981\u4f7f\u7528\u7684 DNS \u670d\u52a1\u5668\u7684\u6807\u7b7e\uff0c\u800c\u4e0d\u662f\u901a\u8fc7 DNS \u8def\u7531\u8fdb\u884c\u9009\u62e9\u3002</p>"},{"location":"zh/configuration/route/sniff/","title":"\u534f\u8bae\u63a2\u6d4b","text":"<p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> QUIC \u7684 \u5ba2\u6237\u7aef\u7c7b\u578b\u63a2\u6d4b\u652f\u6301 QUIC \u7684 Chromium \u652f\u6301 BitTorrent \u652f\u6301 DTLS \u652f\u6301 SSH \u652f\u6301 RDP \u652f\u6301</p> <p>\u5982\u679c\u5728\u5165\u7ad9\u4e2d\u542f\u7528\uff0c\u5219\u53ef\u4ee5\u55c5\u63a2\u8fde\u63a5\u7684\u534f\u8bae\u548c\u57df\u540d\uff08\u5982\u679c\u5b58\u5728\uff09\u3002</p>"},{"location":"zh/configuration/route/sniff/#_1","title":"\u652f\u6301\u7684\u534f\u8bae","text":"\u7f51\u7edc \u534f\u8bae \u57df\u540d \u5ba2\u6237\u7aef TCP <code>http</code> Host / TCP <code>tls</code> Server Name / UDP <code>quic</code> Server Name QUIC \u5ba2\u6237\u7aef\u7c7b\u578b UDP <code>stun</code> / / TCP/UDP <code>dns</code> / / TCP/UDP <code>bittorrent</code> / / UDP <code>dtls</code> / / TCP <code>ssh</code> / SSH \u5ba2\u6237\u7aef\u540d\u79f0 TCP <code>rdp</code> / / QUIC \u5ba2\u6237\u7aef \u7c7b\u578b Chromium/Cronet <code>chrimium</code> Safari/Apple Network API <code>safari</code> Firefox / uquic firefox <code>firefox</code> quic-go / uquic chrome <code>quic-go</code>"},{"location":"zh/configuration/rule-set/","title":"Index","text":"<p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> <code>type: inline</code></p>"},{"location":"zh/configuration/rule-set/#_1","title":"\u89c4\u5219\u96c6","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p>"},{"location":"zh/configuration/rule-set/#_2","title":"\u7ed3\u6784","text":"\u5185\u8054\u672c\u5730\u6587\u4ef6\u8fdc\u7a0b\u6587\u4ef6 <p>\u81ea sing-box 1.10.0 \u8d77</p> <pre><code>{\n \"type\": \"inline\", // \u53ef\u9009\n \"tag\": \"\",\n \"rules\": []\n}\n</code></pre> <pre><code>{\n \"type\": \"local\",\n \"tag\": \"\",\n \"format\": \"source\", // or binary\n \"path\": \"\"\n}\n</code></pre> <p>\u8fdc\u7a0b\u89c4\u5219\u96c6\u5c06\u88ab\u7f13\u5b58\u5982\u679c <code>experimental.cache_file.enabled</code> \u5df2\u542f\u7528\u3002</p> <pre><code>{\n \"type\": \"remote\",\n \"tag\": \"\",\n \"format\": \"source\", // or binary\n \"url\": \"\",\n \"download_detour\": \"\", // \u53ef\u9009\n \"update_interval\": \"\" // \u53ef\u9009\n}\n</code></pre>"},{"location":"zh/configuration/rule-set/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#type","title":"type","text":"<p>\u5fc5\u586b</p> <p>\u89c4\u5219\u96c6\u7c7b\u578b\uff0c <code>local</code> \u6216 <code>remote</code>\u3002</p>"},{"location":"zh/configuration/rule-set/#tag","title":"tag","text":"<p>\u5fc5\u586b</p> <p>\u89c4\u5219\u96c6\u7684\u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/rule-set/#_4","title":"\u5185\u8054\u5b57\u6bb5","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p>"},{"location":"zh/configuration/rule-set/#rules","title":"rules","text":"<p>\u5fc5\u586b</p> <p>\u4e00\u7ec4 \u65e0\u5934\u89c4\u5219.</p>"},{"location":"zh/configuration/rule-set/#_5","title":"\u672c\u5730\u6216\u8fdc\u7a0b\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#format","title":"format","text":"<p>\u5fc5\u586b</p> <p>\u89c4\u5219\u96c6\u683c\u5f0f\uff0c <code>source</code> \u6216 <code>binary</code>\u3002</p>"},{"location":"zh/configuration/rule-set/#_6","title":"\u672c\u5730\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#path","title":"path","text":"<p>\u5fc5\u586b</p> <p>\u81ea sing-box 1.10.0 \u8d77\uff0c\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002</p> <p>\u89c4\u5219\u96c6\u7684\u6587\u4ef6\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/rule-set/#_7","title":"\u8fdc\u7a0b\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/#url","title":"url","text":"<p>\u5fc5\u586b</p> <p>\u89c4\u5219\u96c6\u7684\u4e0b\u8f7d URL\u3002</p>"},{"location":"zh/configuration/rule-set/#download_detour","title":"download_detour","text":"<p>\u7528\u4e8e\u4e0b\u8f7d\u89c4\u5219\u96c6\u7684\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u4f7f\u7528\u9ed8\u8ba4\u51fa\u7ad9\u3002</p>"},{"location":"zh/configuration/rule-set/#update_interval","title":"update_interval","text":"<p>\u89c4\u5219\u96c6\u7684\u66f4\u65b0\u95f4\u9694\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>1d</code>\u3002</p>"},{"location":"zh/configuration/rule-set/adguard/","title":"AdGuard DNS Filer","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>sing-box \u652f\u6301\u5176\u4ed6\u9879\u76ee\u7684\u4e00\u4e9b\u89c4\u5219\u96c6\u683c\u5f0f\uff0c\u8fd9\u4e9b\u683c\u5f0f\u65e0\u6cd5\u5b8c\u5168\u8f6c\u6362\u4e3a sing-box\uff0c \u76ee\u524d\u53ea\u6709 AdGuard DNS Filter\u3002</p> <p>\u8fd9\u4e9b\u683c\u5f0f\u4e0d\u76f4\u63a5\u4f5c\u4e3a\u6e90\u683c\u5f0f\u652f\u6301\uff0c \u800c\u662f\u9700\u8981\u5c06\u5b83\u4eec\u8f6c\u6362\u4e3a\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u3002</p>"},{"location":"zh/configuration/rule-set/adguard/#_1","title":"\u8f6c\u6362","text":"<p>\u4f7f\u7528 <code>sing-box rule-set convert --type adguard [--output &lt;file-name&gt;.srs] &lt;file-name&gt;.txt</code> \u4ee5\u8f6c\u6362\u4e3a\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u3002</p>"},{"location":"zh/configuration/rule-set/adguard/#_2","title":"\u6027\u80fd","text":"<p>AdGuard \u5c06\u6240\u6709\u89c4\u5219\u4fdd\u5b58\u5728\u5185\u5b58\u4e2d\u5e76\u6309\u987a\u5e8f\u5339\u914d\uff0c \u800c sing-box \u9009\u62e9\u9ad8\u6027\u80fd\u548c\u8f83\u5c0f\u7684\u5185\u5b58\u4f7f\u7528\u91cf\u3002 \u4f5c\u4e3a\u6743\u8861\uff0c\u60a8\u65e0\u6cd5\u77e5\u9053\u5339\u914d\u4e86\u54ea\u4e2a\u89c4\u5219\u9879\u3002</p>"},{"location":"zh/configuration/rule-set/adguard/#_3","title":"\u517c\u5bb9\u6027","text":"<p>AdGuardSDNSFilter \u4e2d\u7684\u51e0\u4e4e\u6240\u6709\u89c4\u5219\u4ee5\u53ca adguard-filter-list \u4e2d\u5217\u51fa\u7684\u89c4\u5219\u96c6\u4e2d\u7684\u89c4\u5219\u5747\u53d7\u652f\u6301\u3002</p>"},{"location":"zh/configuration/rule-set/adguard/#_4","title":"\u652f\u6301\u7684\u683c\u5f0f","text":""},{"location":"zh/configuration/rule-set/adguard/#_5","title":"\u57fa\u672c\u89c4\u5219\u8bed\u6cd5","text":"\u8bed\u6cd5 \u652f\u6301 <code>@@</code> <code>\\|\\|</code> <code>\\|</code> <code>^</code> <code>*</code>"},{"location":"zh/configuration/rule-set/adguard/#_6","title":"\u4e3b\u673a\u8bed\u6cd5","text":"\u8bed\u6cd5 \u793a\u4f8b \u652f\u6301 Scheme <code>https://</code> Ignored Domain Host <code>example.org</code> IP Host <code>1.1.1.1</code>, <code>10.0.0.</code> Regexp <code>/regexp/</code> Port <code>example.org:80</code> Path <code>example.org/path/ad.js</code>"},{"location":"zh/configuration/rule-set/adguard/#_7","title":"\u63cf\u8ff0\u7b26\u8bed\u6cd5","text":"\u63cf\u8ff0\u7b26 \u652f\u6301 <code>$important</code> <code>$dnsrewrite=0.0.0.0</code> Ignored \u4efb\u4f55\u5176\u4ed6\u63cf\u8ff0\u7b26"},{"location":"zh/configuration/rule-set/adguard/#hosts","title":"Hosts","text":"<p>\u53ea\u6709 IP \u5730\u5740\u4e3a <code>0.0.0.0</code> \u7684\u6761\u76ee\u5c06\u88ab\u63a5\u53d7\u3002</p>"},{"location":"zh/configuration/rule-set/adguard/#_8","title":"\u7b80\u6613","text":"<p>\u5f53\u6240\u6709\u884c\u90fd\u662f\u6709\u6548\u57df\u65f6\uff0c\u5b83\u4eec\u88ab\u89c6\u4e3a\u7b80\u5355\u7684\u9010\u884c\u57df\u89c4\u5219\uff0c \u4e0e hosts \u4e00\u6837\uff0c\u53ea\u5339\u914d\u5b8c\u5168\u76f8\u540c\u7684\u57df\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/","title":"\u65e0\u5934\u89c4\u5219","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> network_type network_is_expensive network_is_constrained</p>"},{"location":"zh/configuration/rule-set/headless-rule/#_1","title":"\u7ed3\u6784","text":"<p>\u81ea sing-box 1.8.0 \u8d77</p> <pre><code>{\n \"rules\": [\n {\n \"query_type\": [\n \"A\",\n \"HTTPS\",\n 32768\n ],\n \"network\": [\n \"tcp\"\n ],\n \"domain\": [\n \"test.com\"\n ],\n \"domain_suffix\": [\n \".cn\"\n ],\n \"domain_keyword\": [\n \"test\"\n ],\n \"domain_regex\": [\n \"^stun\\\\..+\"\n ],\n \"source_ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"ip_cidr\": [\n \"10.0.0.0/24\",\n \"192.168.0.1\"\n ],\n \"source_port\": [\n 12345\n ],\n \"source_port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"port\": [\n 80,\n 443\n ],\n \"port_range\": [\n \"1000:2000\",\n \":3000\",\n \"4000:\"\n ],\n \"process_name\": [\n \"curl\"\n ],\n \"process_path\": [\n \"/usr/bin/curl\"\n ],\n \"process_path_regex\": [\n \"^/usr/bin/.+\"\n ],\n \"package_name\": [\n \"com.termux\"\n ],\n \"network_type\": [\n \"wifi\"\n ],\n \"network_is_expensive\": false,\n \"network_is_constrained\": false,\n \"wifi_ssid\": [\n \"My WIFI\"\n ],\n \"wifi_bssid\": [\n \"00:00:00:00:00:00\"\n ],\n \"invert\": false\n },\n {\n \"type\": \"logical\",\n \"mode\": \"and\",\n \"rules\": [],\n \"invert\": false\n }\n ]\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#default-fields","title":"Default Fields","text":"<p>\u9ed8\u8ba4\u89c4\u5219\u4f7f\u7528\u4ee5\u4e0b\u5339\u914d\u903b\u8f91: (<code>domain</code> || <code>domain_suffix</code> || <code>domain_keyword</code> || <code>domain_regex</code> || <code>ip_cidr</code>) &amp;&amp; (<code>port</code> || <code>port_range</code>) &amp;&amp; (<code>source_port</code> || <code>source_port_range</code>) &amp;&amp; <code>other fields</code></p>"},{"location":"zh/configuration/rule-set/headless-rule/#query_type","title":"query_type","text":"<p>DNS \u67e5\u8be2\u7c7b\u578b\u3002\u503c\u53ef\u4ee5\u4e3a\u6574\u6570\u6216\u8005\u7c7b\u578b\u540d\u79f0\u5b57\u7b26\u4e32\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#network","title":"network","text":"<p><code>tcp</code> \u6216 <code>udp</code>\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#domain","title":"domain","text":"<p>\u5339\u914d\u5b8c\u6574\u57df\u540d\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#domain_suffix","title":"domain_suffix","text":"<p>\u5339\u914d\u57df\u540d\u540e\u7f00\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#domain_keyword","title":"domain_keyword","text":"<p>\u5339\u914d\u57df\u540d\u5173\u952e\u5b57\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#domain_regex","title":"domain_regex","text":"<p>\u5339\u914d\u57df\u540d\u6b63\u5219\u8868\u8fbe\u5f0f\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#source_ip_cidr","title":"source_ip_cidr","text":"<p>\u5339\u914d\u6e90 IP CIDR\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#ip_cidr","title":"ip_cidr","text":"<p>\u5339\u914d IP CIDR\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#source_port","title":"source_port","text":"<p>\u5339\u914d\u6e90\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#source_port_range","title":"source_port_range","text":"<p>\u5339\u914d\u6e90\u7aef\u53e3\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#port","title":"port","text":"<p>\u5339\u914d\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#port_range","title":"port_range","text":"<p>\u5339\u914d\u7aef\u53e3\u8303\u56f4\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#process_name","title":"process_name","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS\u3002</p> <p>\u5339\u914d\u8fdb\u7a0b\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#process_path","title":"process_path","text":"<p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#process_path_regex","title":"process_path_regex","text":"<p>\u81ea sing-box 1.10.0 \u8d77</p> <p>\u4ec5\u652f\u6301 Linux\u3001Windows \u548c macOS.</p> <p>\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u8fdb\u7a0b\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#package_name","title":"package_name","text":"<p>\u5339\u914d Android \u5e94\u7528\u5305\u540d\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#network_type","title":"network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u7f51\u7edc\u7c7b\u578b\u3002</p> <p>Available values: <code>wifi</code>, <code>cellular</code>, <code>ethernet</code> and <code>other</code>.</p>"},{"location":"zh/configuration/rule-set/headless-rule/#network_is_expensive","title":"network_is_expensive","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u5982\u679c\u7f51\u7edc\u88ab\u89c6\u4e3a\u8ba1\u8d39 (\u5728 Android) \u6216\u88ab\u89c6\u4e3a\u6602\u8d35\uff0c \u50cf\u8702\u7a9d\u7f51\u7edc\u6216\u4e2a\u4eba\u70ed\u70b9 (\u5728 Apple \u5e73\u53f0)\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#network_is_constrained","title":"network_is_constrained","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d\u5982\u679c\u7f51\u7edc\u5728\u4f4e\u6570\u636e\u6a21\u5f0f\u4e0b\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#wifi_ssid","title":"wifi_ssid","text":"<p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p> <p>\u5339\u914d WiFi SSID\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#wifi_bssid","title":"wifi_bssid","text":"<p>\u4ec5\u5728 Android \u4e0e Apple \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#invert","title":"invert","text":"<p>\u53cd\u9009\u5339\u914d\u7ed3\u679c\u3002</p>"},{"location":"zh/configuration/rule-set/headless-rule/#_2","title":"\u903b\u8f91\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/headless-rule/#mode","title":"mode","text":"<p>\u5fc5\u586b</p> <p><code>and</code> \u6216 <code>or</code></p>"},{"location":"zh/configuration/rule-set/headless-rule/#rules","title":"rules","text":"<p>\u5fc5\u586b</p> <p>\u5305\u62ec\u7684\u89c4\u5219\u3002</p>"},{"location":"zh/configuration/rule-set/source-format/","title":"\u6e90\u6587\u4ef6\u683c\u5f0f","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> version <code>3</code></p> <p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> version <code>2</code></p> <p>\u81ea sing-box 1.8.0 \u8d77</p>"},{"location":"zh/configuration/rule-set/source-format/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"version\": 3,\n \"rules\": []\n}\n</code></pre>"},{"location":"zh/configuration/rule-set/source-format/#_2","title":"\u7f16\u8bd1","text":"<p>\u4f7f\u7528 <code>sing-box rule-set compile [--output &lt;file-name&gt;.srs] &lt;file-name&gt;.json</code> \u4ee5\u7f16\u8bd1\u6e90\u6587\u4ef6\u4e3a\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u3002</p>"},{"location":"zh/configuration/rule-set/source-format/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/rule-set/source-format/#version","title":"version","text":"<p>\u5fc5\u586b</p> <p>\u89c4\u5219\u96c6\u7248\u672c\u3002</p> <ul> <li>1: sing-box 1.8.0: \u521d\u59cb\u89c4\u5219\u96c6\u7248\u672c\u3002</li> <li>2: sing-box 1.10.0: \u4f18\u5316\u4e86\u4e8c\u8fdb\u5236\u89c4\u5219\u96c6\u4e2d <code>domain_suffix</code> \u89c4\u5219\u7684\u5185\u5b58\u4f7f\u7528\u3002</li> <li>3: sing-box 1.11.0: \u6dfb\u52a0\u4e86 <code>network_type</code>\u3001 <code>network_is_expensive</code> \u548c <code>network_is_constrainted</code> \u89c4\u5219\u9879\u3002</li> </ul>"},{"location":"zh/configuration/rule-set/source-format/#rules","title":"rules","text":"<p>\u5fc5\u586b</p> <p>\u4e00\u7ec4 \u65e0\u5934\u89c4\u5219.</p>"},{"location":"zh/configuration/shared/dial/","title":"\u62e8\u53f7\u5b57\u6bb5","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> network_strategy fallback_delay network_type fallback_network_type</p>"},{"location":"zh/configuration/shared/dial/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"detour\": \"upstream-out\",\n \"bind_interface\": \"en0\",\n \"inet4_bind_address\": \"0.0.0.0\",\n \"inet6_bind_address\": \"::\",\n \"routing_mark\": 1234,\n \"reuse_addr\": false,\n \"connect_timeout\": \"5s\",\n \"tcp_fast_open\": false,\n \"tcp_multi_path\": false,\n \"udp_fragment\": false,\n \"domain_strategy\": \"prefer_ipv6\",\n \"network_strategy\": \"\",\n \"network_type\": [],\n \"fallback_network_type\": [],\n \"fallback_delay\": \"300ms\"\n}\n</code></pre> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p>"},{"location":"zh/configuration/shared/dial/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/dial/#detour","title":"detour","text":"<p>\u4e0a\u6e38\u51fa\u7ad9\u7684\u6807\u7b7e\u3002</p> <p>\u542f\u7528\u65f6\uff0c\u5176\u4ed6\u62e8\u53f7\u5b57\u6bb5\u5c06\u88ab\u5ffd\u7565\u3002</p>"},{"location":"zh/configuration/shared/dial/#bind_interface","title":"bind_interface","text":"<p>\u8981\u7ed1\u5b9a\u5230\u7684\u7f51\u7edc\u63a5\u53e3\u3002</p>"},{"location":"zh/configuration/shared/dial/#inet4_bind_address","title":"inet4_bind_address","text":"<p>\u8981\u7ed1\u5b9a\u7684 IPv4 \u5730\u5740\u3002</p>"},{"location":"zh/configuration/shared/dial/#inet6_bind_address","title":"inet6_bind_address","text":"<p>\u8981\u7ed1\u5b9a\u7684 IPv6 \u5730\u5740\u3002</p>"},{"location":"zh/configuration/shared/dial/#routing_mark","title":"routing_mark","text":"<p>\u4ec5\u652f\u6301 Linux\u3002</p> <p>\u8bbe\u7f6e netfilter \u8def\u7531\u6807\u8bb0\u3002</p>"},{"location":"zh/configuration/shared/dial/#reuse_addr","title":"reuse_addr","text":"<p>\u91cd\u7528\u76d1\u542c\u5730\u5740\u3002</p>"},{"location":"zh/configuration/shared/dial/#tcp_fast_open","title":"tcp_fast_open","text":"<p>\u542f\u7528 TCP Fast Open\u3002</p>"},{"location":"zh/configuration/shared/dial/#tcp_multi_path","title":"tcp_multi_path","text":"<p>\u9700\u8981 Go 1.21\u3002</p> <p>\u542f\u7528 TCP Multi Path\u3002</p>"},{"location":"zh/configuration/shared/dial/#udp_fragment","title":"udp_fragment","text":"<p>\u542f\u7528 UDP \u5206\u6bb5\u3002</p>"},{"location":"zh/configuration/shared/dial/#connect_timeout","title":"connect_timeout","text":"<p>\u8fde\u63a5\u8d85\u65f6\uff0c\u91c7\u7528 golang \u7684 Duration \u683c\u5f0f\u3002</p> <p>\u6301\u7eed\u65f6\u95f4\u5b57\u7b26\u4e32\u662f\u4e00\u4e2a\u53ef\u80fd\u6709\u7b26\u53f7\u7684\u5e8f\u5217\u5341\u8fdb\u5236\u6570\uff0c\u6bcf\u4e2a\u90fd\u6709\u53ef\u9009\u7684\u5206\u6570\u548c\u5355\u4f4d\u540e\u7f00\uff0c \u4f8b\u5982 \"300ms\"\u3001\"-1.5h\" \u6216 \"2h45m\"\u3002 \u6709\u6548\u65f6\u95f4\u5355\u4f4d\u4e3a \"ns\"\u3001\"us\"\uff08\u6216 \"\u00b5s\"\uff09\u3001\"ms\"\u3001\"s\"\u3001\"m\"\u3001\"h\"\u3002</p>"},{"location":"zh/configuration/shared/dial/#domain_strategy","title":"domain_strategy","text":"<p>\u53ef\u9009\u503c\uff1a<code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u57df\u540d\u5c06\u5728\u8bf7\u6c42\u53d1\u51fa\u4e4b\u524d\u89e3\u6790\u4e3a IP\u3002</p> \u51fa\u7ad9 \u53d7\u5f71\u54cd\u7684\u57df\u540d \u9ed8\u8ba4\u56de\u9000\u503c <code>direct</code> \u8bf7\u6c42\u4e2d\u7684\u57df\u540d <code>inbound.domain_strategy</code> others \u670d\u52a1\u5668\u5730\u5740\u4e2d\u7684\u57df\u540d /"},{"location":"zh/configuration/shared/dial/#network_strategy","title":"network_strategy","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e iOS \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 <code>route.auto_detect_interface</code>\u3002</p> <p>\u7528\u4e8e\u9009\u62e9\u7f51\u7edc\u63a5\u53e3\u7684\u7b56\u7565\u3002</p> <p>\u53ef\u7528\u503c\uff1a</p> <ul> <li><code>default</code>\uff08\u9ed8\u8ba4\u503c\uff09\uff1a\u6309\u987a\u5e8f\u8fde\u63a5\u9ed8\u8ba4\u7f51\u7edc\u6216 <code>network_type</code> \u4e2d\u6307\u5b9a\u7684\u7f51\u7edc\u3002</li> <li><code>hybrid</code>\uff1a\u540c\u65f6\u8fde\u63a5\u6240\u6709\u7f51\u7edc\u6216 <code>network_type</code> \u4e2d\u6307\u5b9a\u7684\u7f51\u7edc\u3002</li> <li><code>fallback</code>\uff1a\u540c\u65f6\u8fde\u63a5\u9ed8\u8ba4\u7f51\u7edc\u6216 <code>network_type</code> \u4e2d\u6307\u5b9a\u7684\u9996\u9009\u7f51\u7edc\uff0c\u5f53\u4e0d\u53ef\u7528\u6216\u8d85\u65f6\u65f6\u5c1d\u8bd5\u56de\u9000\u7f51\u7edc\u3002</li> </ul> <p>\u5bf9\u4e8e\u56de\u9000\u6a21\u5f0f\uff0c\u5f53\u9996\u9009\u63a5\u53e3\u5931\u8d25\u6216\u8d85\u65f6\u65f6\uff0c \u5c06\u8fdb\u516515\u79d2\u7684\u5feb\u901f\u56de\u9000\u72b6\u6001\uff08\u540c\u65f6\u8fde\u63a5\u6240\u6709\u9996\u9009\u548c\u56de\u9000\u7f51\u7edc\uff09\uff0c \u5982\u679c\u9996\u9009\u7f51\u7edc\u6062\u590d\uff0c\u5219\u7acb\u5373\u9000\u51fa\u3002</p> <p>\u4e0e <code>bind_interface</code>, <code>bind_inet4_address</code> \u548c <code>bind_inet6_address</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/shared/dial/#network_type","title":"network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e iOS \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 <code>route.auto_detect_interface</code>\u3002</p> <p>\u5f53\u4f7f\u7528 <code>default</code> \u6216 <code>hybrid</code> \u7f51\u7edc\u7b56\u7565\u65f6\u8981\u4f7f\u7528\u7684\u7f51\u7edc\u7c7b\u578b\uff0c\u6216\u5f53\u4f7f\u7528 <code>fallback</code> \u7f51\u7edc\u7b56\u7565\u65f6\u8981\u4f7f\u7528\u7684\u9996\u9009\u7f51\u7edc\u7c7b\u578b\u3002</p> <p>\u53ef\u7528\u503c\uff1a<code>wifi</code>, <code>cellular</code>, <code>ethernet</code>, <code>other</code>\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528\u8bbe\u5907\u9ed8\u8ba4\u7f51\u7edc\u3002</p>"},{"location":"zh/configuration/shared/dial/#fallback_network_type","title":"fallback_network_type","text":"<p>\u81ea sing-box 1.11.0 \u8d77</p> <p>\u4ec5\u5728 Android \u4e0e iOS \u5e73\u53f0\u56fe\u5f62\u5ba2\u6237\u7aef\u4e2d\u652f\u6301\uff0c\u5e76\u4e14\u9700\u8981 <code>route.auto_detect_interface</code>\u3002</p> <p>\u5f53\u4f7f\u7528 <code>fallback</code> \u7f51\u7edc\u7b56\u7565\u65f6\uff0c\u5728\u9996\u9009\u7f51\u7edc\u4e0d\u53ef\u7528\u6216\u8d85\u65f6\u7684\u60c5\u51b5\u4e0b\u8981\u4f7f\u7528\u7684\u56de\u9000\u7f51\u7edc\u7c7b\u578b\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528\u9664\u9996\u9009\u7f51\u7edc\u5916\u7684\u6240\u6709\u5176\u4ed6\u7f51\u7edc\u3002</p>"},{"location":"zh/configuration/shared/dial/#fallback_delay","title":"fallback_delay","text":"<p>\u5728\u751f\u6210 RFC 6555 \u5feb\u901f\u56de\u9000\u8fde\u63a5\u4e4b\u524d\u7b49\u5f85\u7684\u65f6\u95f4\u957f\u5ea6\u3002</p> <p>\u5bf9\u4e8e <code>domain_strategy</code>\uff0c\u662f\u5728\u5047\u8bbe\u4e4b\u524d\u7b49\u5f85 IPv6 \u6210\u529f\u7684\u65f6\u95f4\u91cf\u5982\u679c\u8bbe\u7f6e\u4e86 \"prefer_ipv4\"\uff0c\u5219 IPv6 \u914d\u7f6e\u9519\u8bef\u5e76\u56de\u9000\u5230 IPv4\u3002</p> <p>\u5bf9\u4e8e <code>network_strategy</code>\uff0c\u5bf9\u4e8e <code>network_strategy</code>\uff0c\u662f\u5728\u56de\u9000\u5230\u5176\u4ed6\u63a5\u53e3\u4e4b\u524d\u7b49\u5f85\u8fde\u63a5\u6210\u529f\u7684\u65f6\u95f4\u3002</p> <p>\u4ec5\u5f53 <code>domain_strategy</code> \u6216 <code>network_strategy</code> \u5df2\u8bbe\u7f6e\u65f6\u751f\u6548\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>300ms</code>\u3002</p>"},{"location":"zh/configuration/shared/dns01_challenge/","title":"DNS01 \u9a8c\u8bc1\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/dns01_challenge/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"provider\": \"\",\n\n ... // \u63d0\u4f9b\u5546\u5b57\u6bb5\n}\n</code></pre>"},{"location":"zh/configuration/shared/dns01_challenge/#_2","title":"\u63d0\u4f9b\u5546\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/listen/","title":"\u76d1\u542c\u5b57\u6bb5","text":"<p>sing-box 1.11.0 \u4e2d\u7684\u66f4\u6539</p> <p> sniff sniff_override_destination sniff_timeout domain_strategy udp_disable_domain_unmapping</p>"},{"location":"zh/configuration/shared/listen/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"listen\": \"::\",\n \"listen_port\": 5353,\n \"tcp_fast_open\": false,\n \"tcp_multi_path\": false,\n \"udp_fragment\": false,\n \"udp_timeout\": \"5m\",\n \"detour\": \"another-in\",\n \"sniff\": false,\n \"sniff_override_destination\": false,\n \"sniff_timeout\": \"300ms\",\n \"domain_strategy\": \"prefer_ipv6\",\n \"udp_disable_domain_unmapping\": false\n}\n</code></pre> \u5b57\u6bb5 \u53ef\u7528\u4e0a\u4e0b\u6587 <code>listen</code> \u9700\u8981\u76d1\u542c TCP \u6216 UDP\u3002 <code>listen_port</code> \u9700\u8981\u76d1\u542c TCP \u6216 UDP\u3002 <code>tcp_fast_open</code> \u9700\u8981\u76d1\u542c TCP\u3002 <code>tcp_multi_path</code> \u9700\u8981\u76d1\u542c TCP\u3002 <code>udp_timeout</code> \u9700\u8981\u7ec4\u88c5 UDP \u8fde\u63a5\u3002"},{"location":"zh/configuration/shared/listen/#_2","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/listen/#listen","title":"listen","text":"<p>\u5fc5\u586b</p> <p>\u76d1\u542c\u5730\u5740\u3002</p>"},{"location":"zh/configuration/shared/listen/#listen_port","title":"listen_port","text":"<p>\u76d1\u542c\u7aef\u53e3\u3002</p>"},{"location":"zh/configuration/shared/listen/#tcp_fast_open","title":"tcp_fast_open","text":"<p>\u542f\u7528 TCP Fast Open\u3002</p>"},{"location":"zh/configuration/shared/listen/#tcp_multi_path","title":"tcp_multi_path","text":"<p>\u9700\u8981 Go 1.21\u3002</p> <p>\u542f\u7528 TCP Multi Path\u3002</p>"},{"location":"zh/configuration/shared/listen/#udp_fragment","title":"udp_fragment","text":"<p>\u542f\u7528 UDP \u5206\u6bb5\u3002</p>"},{"location":"zh/configuration/shared/listen/#udp_timeout","title":"udp_timeout","text":"<p>UDP NAT \u8fc7\u671f\u65f6\u95f4\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>5m</code>\u3002</p>"},{"location":"zh/configuration/shared/listen/#detour","title":"detour","text":"<p>\u5982\u679c\u8bbe\u7f6e\uff0c\u8fde\u63a5\u5c06\u88ab\u8f6c\u53d1\u5230\u6307\u5b9a\u7684\u5165\u7ad9\u3002</p> <p>\u9700\u8981\u76ee\u6807\u5165\u7ad9\u652f\u6301\uff0c\u53c2\u9605 \u6ce8\u5165\u652f\u6301\u3002</p>"},{"location":"zh/configuration/shared/listen/#sniff","title":"sniff","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.</p> <p>\u542f\u7528\u534f\u8bae\u63a2\u6d4b\u3002</p> <p>\u53c2\u9605 \u534f\u8bae\u63a2\u6d4b</p>"},{"location":"zh/configuration/shared/listen/#sniff_override_destination","title":"sniff_override_destination","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\u3002</p> <p>\u7528\u63a2\u6d4b\u51fa\u7684\u57df\u540d\u8986\u76d6\u8fde\u63a5\u76ee\u6807\u5730\u5740\u3002</p> <p>\u5982\u679c\u57df\u540d\u65e0\u6548\uff08\u5982 Tor\uff09\uff0c\u5c06\u4e0d\u751f\u6548\u3002</p>"},{"location":"zh/configuration/shared/listen/#sniff_timeout","title":"sniff_timeout","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.</p> <p>\u63a2\u6d4b\u8d85\u65f6\u65f6\u95f4\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 300ms\u3002</p>"},{"location":"zh/configuration/shared/listen/#domain_strategy","title":"domain_strategy","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.</p> <p>\u53ef\u9009\u503c\uff1a <code>prefer_ipv4</code> <code>prefer_ipv6</code> <code>ipv4_only</code> <code>ipv6_only</code>\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u8bf7\u6c42\u7684\u57df\u540d\u5c06\u5728\u8def\u7531\u4e4b\u524d\u89e3\u6790\u4e3a IP\u3002</p> <p>\u5982\u679c <code>sniff_override_destination</code> \u751f\u6548\uff0c\u5b83\u7684\u503c\u5c06\u4f5c\u4e3a\u540e\u5907\u3002</p>"},{"location":"zh/configuration/shared/listen/#udp_disable_domain_unmapping","title":"udp_disable_domain_unmapping","text":"<p>\u5df2\u5728 sing-box 1.11.0 \u5e9f\u5f03</p> <p>\u5165\u7ad9\u5b57\u6bb5\u5df2\u5e9f\u5f03\u4e14\u5c06\u5728 sing-box 1.12.0 \u4e2d\u88ab\u79fb\u9664\uff0c\u53c2\u9605 \u8fc1\u79fb\u6307\u5357.</p> <p>\u5982\u679c\u542f\u7528\uff0c\u5bf9\u4e8e\u5730\u5740\u4e3a\u57df\u7684 UDP \u4ee3\u7406\u8bf7\u6c42\uff0c\u5c06\u5728\u54cd\u5e94\u4e2d\u53d1\u9001\u539f\u59cb\u5305\u5730\u5740\u800c\u4e0d\u662f\u6620\u5c04\u7684\u57df\u3002</p> <p>\u6b64\u9009\u9879\u7528\u4e8e\u517c\u5bb9\u4e0d\u652f\u6301\u63a5\u6536\u5e26\u6709\u57df\u5730\u5740\u7684 UDP \u5305\u7684\u5ba2\u6237\u7aef\uff0c\u5982 Surge\u3002</p>"},{"location":"zh/configuration/shared/multiplex/","title":"\u591a\u8def\u590d\u7528","text":""},{"location":"zh/configuration/shared/multiplex/#_1","title":"\u5165\u7ad9","text":"<pre><code>{\n \"enabled\": true,\n \"padding\": false,\n \"brutal\": {}\n}\n</code></pre>"},{"location":"zh/configuration/shared/multiplex/#_2","title":"\u51fa\u7ad9","text":"<pre><code>{\n \"enabled\": true,\n \"protocol\": \"smux\",\n \"max_connections\": 4,\n \"min_streams\": 4,\n \"max_streams\": 0,\n \"padding\": false,\n \"brutal\": {}\n}\n</code></pre>"},{"location":"zh/configuration/shared/multiplex/#_3","title":"\u5165\u7ad9\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/multiplex/#enabled","title":"enabled","text":"<p>\u542f\u7528\u591a\u8def\u590d\u7528\u652f\u6301\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#padding","title":"padding","text":"<p>\u5982\u679c\u542f\u7528\uff0c\u5c06\u62d2\u7edd\u975e\u586b\u5145\u8fde\u63a5\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#brutal","title":"brutal","text":"<p>\u53c2\u9605 TCP Brutal\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#_4","title":"\u51fa\u7ad9\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/multiplex/#enabled_1","title":"enabled","text":"<p>\u542f\u7528\u591a\u8def\u590d\u7528\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#protocol","title":"protocol","text":"<p>\u591a\u8def\u590d\u7528\u534f\u8bae</p> \u534f\u8bae \u63cf\u8ff0 smux https://github.com/xtaci/smux yamux https://github.com/hashicorp/yamux h2mux https://golang.org/x/net/http2 <p>\u9ed8\u8ba4\u4f7f\u7528 h2mux\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#max_connections","title":"max_connections","text":"<p>\u6700\u5927\u8fde\u63a5\u6570\u91cf\u3002</p> <p>\u4e0e <code>max_streams</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#min_streams","title":"min_streams","text":"<p>\u5728\u6253\u5f00\u65b0\u8fde\u63a5\u4e4b\u524d\uff0c\u8fde\u63a5\u4e2d\u7684\u6700\u5c0f\u591a\u8def\u590d\u7528\u6d41\u6570\u91cf\u3002</p> <p>\u4e0e <code>max_streams</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#max_streams","title":"max_streams","text":"<p>\u5728\u6253\u5f00\u65b0\u8fde\u63a5\u4e4b\u524d\uff0c\u8fde\u63a5\u4e2d\u7684\u6700\u5927\u591a\u8def\u590d\u7528\u6d41\u6570\u91cf\u3002</p> <p>\u4e0e <code>max_connections</code> \u548c <code>min_streams</code> \u51b2\u7a81\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#padding_1","title":"padding","text":"<p>Info</p> <p>\u9700\u8981 sing-box \u670d\u52a1\u5668\u7248\u672c 1.3-beta9 \u6216\u66f4\u9ad8\u3002</p> <p>\u542f\u7528\u586b\u5145\u3002</p>"},{"location":"zh/configuration/shared/multiplex/#brutal_1","title":"brutal","text":"<p>\u53c2\u9605 TCP Brutal\u3002</p>"},{"location":"zh/configuration/shared/tcp-brutal/#_1","title":"\u670d\u52a1\u5668\u8981\u6c42","text":"<ul> <li>Linux</li> <li><code>brutal</code> \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u5185\u6838\u6a21\u5757\u5df2\u5b89\u88c5</li> </ul> <p>\u53c2\u9605 tcp-brutal\u3002</p>"},{"location":"zh/configuration/shared/tcp-brutal/#_2","title":"\u7ed3\u6784","text":"<pre><code>{\n \"enabled\": true,\n \"up_mbps\": 100,\n \"down_mbps\": 100\n}\n</code></pre>"},{"location":"zh/configuration/shared/tcp-brutal/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tcp-brutal/#enabled","title":"enabled","text":"<p>\u542f\u7528 TCP Brutal \u62e5\u585e\u63a7\u5236\u7b97\u6cd5\u3002</p>"},{"location":"zh/configuration/shared/tcp-brutal/#up_mbps-down_mbps","title":"up_mbps, down_mbps","text":"<p>\u5fc5\u586b</p> <p>\u4e0a\u4f20\u548c\u4e0b\u8f7d\u5e26\u5bbd\uff0c\u4ee5 Mbps \u4e3a\u5355\u4f4d\u3002</p>"},{"location":"zh/configuration/shared/tls/","title":"TLS","text":"<p>sing-box 1.10.0 \u4e2d\u7684\u66f4\u6539</p> <p> utls </p>"},{"location":"zh/configuration/shared/tls/#_1","title":"\u5165\u7ad9","text":"<pre><code>{\n \"enabled\": true,\n \"server_name\": \"\",\n \"alpn\": [],\n \"min_version\": \"\",\n \"max_version\": \"\",\n \"cipher_suites\": [],\n \"certificate\": [],\n \"certificate_path\": \"\",\n \"key\": [],\n \"key_path\": \"\",\n \"acme\": {\n \"domain\": [],\n \"data_directory\": \"\",\n \"default_server_name\": \"\",\n \"email\": \"\",\n \"provider\": \"\",\n \"disable_http_challenge\": false,\n \"disable_tls_alpn_challenge\": false,\n \"alternative_http_port\": 0,\n \"alternative_tls_port\": 0,\n \"external_account\": {\n \"key_id\": \"\",\n \"mac_key\": \"\"\n },\n \"dns01_challenge\": {}\n },\n \"ech\": {\n \"enabled\": false,\n \"pq_signature_schemes_enabled\": false,\n \"dynamic_record_sizing_disabled\": false,\n \"key\": [],\n \"key_path\": \"\"\n },\n \"reality\": {\n \"enabled\": false,\n \"handshake\": {\n \"server\": \"google.com\",\n \"server_port\": 443,\n ...\n // \u62e8\u53f7\u5b57\u6bb5\n },\n \"private_key\": \"UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc\",\n \"short_id\": [\n \"0123456789abcdef\"\n ],\n \"max_time_difference\": \"1m\"\n }\n}\n</code></pre>"},{"location":"zh/configuration/shared/tls/#_2","title":"\u51fa\u7ad9","text":"<pre><code>{\n \"enabled\": true,\n \"disable_sni\": false,\n \"server_name\": \"\",\n \"insecure\": false,\n \"alpn\": [],\n \"min_version\": \"\",\n \"max_version\": \"\",\n \"cipher_suites\": [],\n \"certificate\": [],\n \"certificate_path\": \"\",\n \"ech\": {\n \"enabled\": false,\n \"pq_signature_schemes_enabled\": false,\n \"dynamic_record_sizing_disabled\": false,\n \"config\": [],\n \"config_path\": \"\"\n },\n \"utls\": {\n \"enabled\": false,\n \"fingerprint\": \"\"\n },\n \"reality\": {\n \"enabled\": false,\n \"public_key\": \"jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0\",\n \"short_id\": \"0123456789abcdef\"\n }\n}\n</code></pre> <p>TLS \u7248\u672c\u503c\uff1a</p> <ul> <li><code>1.0</code></li> <li><code>1.1</code></li> <li><code>1.2</code></li> <li><code>1.3</code></li> </ul> <p>\u5bc6\u7801\u5957\u4ef6\u503c\uff1a</p> <ul> <li><code>TLS_RSA_WITH_AES_128_CBC_SHA</code></li> <li><code>TLS_RSA_WITH_AES_256_CBC_SHA</code></li> <li><code>TLS_RSA_WITH_AES_128_GCM_SHA256</code></li> <li><code>TLS_RSA_WITH_AES_256_GCM_SHA384</code></li> <li><code>TLS_AES_128_GCM_SHA256</code></li> <li><code>TLS_AES_256_GCM_SHA384</code></li> <li><code>TLS_CHACHA20_POLY1305_SHA256</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</code></li> <li><code>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</code></li> <li><code>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</code></li> <li><code>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</code></li> </ul> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e</p>"},{"location":"zh/configuration/shared/tls/#_3","title":"\u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tls/#enabled","title":"enabled","text":"<p>\u542f\u7528 TLS</p>"},{"location":"zh/configuration/shared/tls/#disable_sni","title":"disable_sni","text":"<p>\u4ec5\u5ba2\u6237\u7aef</p> <p>\u4e0d\u8981\u5728 ClientHello \u4e2d\u53d1\u9001\u670d\u52a1\u5668\u540d\u79f0.</p>"},{"location":"zh/configuration/shared/tls/#server_name","title":"server_name","text":"<p>\u7528\u4e8e\u9a8c\u8bc1\u8fd4\u56de\u8bc1\u4e66\u4e0a\u7684\u4e3b\u673a\u540d\uff0c\u9664\u975e\u8bbe\u7f6e\u4e0d\u5b89\u5168\u3002</p> <p>\u5b83\u8fd8\u5305\u542b\u5728 ClientHello \u4e2d\u4ee5\u652f\u6301\u865a\u62df\u4e3b\u673a\uff0c\u9664\u975e\u5b83\u662f IP \u5730\u5740\u3002</p>"},{"location":"zh/configuration/shared/tls/#insecure","title":"insecure","text":"<p>\u4ec5\u5ba2\u6237\u7aef</p> <p>\u63a5\u53d7\u4efb\u4f55\u670d\u52a1\u5668\u8bc1\u4e66\u3002</p>"},{"location":"zh/configuration/shared/tls/#alpn","title":"alpn","text":"<p>\u652f\u6301\u7684\u5e94\u7528\u5c42\u534f\u8bae\u534f\u5546\u5217\u8868\uff0c\u6309\u4f18\u5148\u987a\u5e8f\u6392\u5217\u3002</p> <p>\u5982\u679c\u4e24\u4e2a\u5bf9\u7b49\u70b9\u90fd\u652f\u6301 ALPN\uff0c\u5219\u9009\u62e9\u7684\u534f\u8bae\u5c06\u662f\u6b64\u5217\u8868\u4e2d\u7684\u4e00\u4e2a\uff0c\u5982\u679c\u6ca1\u6709\u76f8\u4e92\u652f\u6301\u7684\u534f\u8bae\u5219\u8fde\u63a5\u5c06\u5931\u8d25\u3002</p> <p>\u53c2\u9605 Application-Layer Protocol Negotiation\u3002</p>"},{"location":"zh/configuration/shared/tls/#min_version","title":"min_version","text":"<p>\u53ef\u63a5\u53d7\u7684\u6700\u4f4e TLS \u7248\u672c\u3002</p> <p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u524d\u4f7f\u7528 TLS 1.2 \u4f5c\u4e3a\u5ba2\u6237\u7aef\u7684\u6700\u4f4e\u8981\u6c42\u3002\u4f5c\u4e3a\u670d\u52a1\u5668\u65f6\u4f7f\u7528 TLS 1.0\u3002</p>"},{"location":"zh/configuration/shared/tls/#max_version","title":"max_version","text":"<p>\u53ef\u63a5\u53d7\u7684\u6700\u5927 TLS \u7248\u672c\u3002</p> <p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u524d\u6700\u9ad8\u7248\u672c\u4e3a TLS 1.3\u3002</p>"},{"location":"zh/configuration/shared/tls/#cipher_suites","title":"cipher_suites","text":"<p>\u542f\u7528\u7684 TLS 1.0-1.2\u5bc6\u7801\u5957\u4ef6\u7684\u5217\u8868\u3002\u5217\u8868\u7684\u987a\u5e8f\u88ab\u5ffd\u7565\u3002\u8bf7\u6ce8\u610f\uff0cTLS 1.3 \u7684\u5bc6\u7801\u5957\u4ef6\u662f\u4e0d\u53ef\u914d\u7f6e\u7684\u3002</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5219\u4f7f\u7528\u5b89\u5168\u7684\u9ed8\u8ba4\u5217\u8868\u3002\u9ed8\u8ba4\u5bc6\u7801\u5957\u4ef6\u53ef\u80fd\u4f1a\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u800c\u6539\u53d8\u3002</p>"},{"location":"zh/configuration/shared/tls/#certificate","title":"certificate","text":"<p>\u670d\u52a1\u5668 PEM \u8bc1\u4e66\u884c\u6570\u7ec4\u3002</p>"},{"location":"zh/configuration/shared/tls/#certificate_path","title":"certificate_path","text":"<p>\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002</p> <p>\u670d\u52a1\u5668 PEM \u8bc1\u4e66\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/shared/tls/#key","title":"key","text":"<p>\u4ec5\u670d\u52a1\u5668</p> <p>\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002</p> <p>\u670d\u52a1\u5668 PEM \u79c1\u94a5\u884c\u6570\u7ec4\u3002</p>"},{"location":"zh/configuration/shared/tls/#key_path","title":"key_path","text":"<p>\u4ec5\u670d\u52a1\u5668</p> <p>\u670d\u52a1\u5668 PEM \u79c1\u94a5\u8def\u5f84\u3002</p>"},{"location":"zh/configuration/shared/tls/#utls","title":"utls","text":"<p>\u4ec5\u5ba2\u6237\u7aef</p> <p>\u6ca1\u6709\u8bc1\u636e\u8868\u660e GFW \u6839\u636e TLS \u5ba2\u6237\u7aef\u6307\u7eb9\u68c0\u6d4b\u5e76\u963b\u6b62\u670d\u52a1\u5668\uff0c\u5e76\u4e14\uff0c\u4f7f\u7528\u4e00\u4e2a\u672a\u7ecf\u5b89\u5168\u5ba1\u67e5\u7684\u4e0d\u5b8c\u7f8e\u6a21\u62df\u53ef\u80fd\u5e26\u6765\u5b89\u5168\u9690\u60a3\u3002</p> <p>uTLS \u662f \"crypto/tls\" \u7684\u4e00\u4e2a\u5206\u652f\uff0c\u5b83\u63d0\u4f9b\u4e86 ClientHello \u6307\u7eb9\u8bc6\u522b\u963b\u529b\u3002</p> <p>\u53ef\u7528\u7684\u6307\u7eb9\u503c\uff1a</p> <p>\u5df2\u5728 sing-box 1.10.0 \u79fb\u9664</p> <p>\u4e00\u4e9b\u65e7 chrome \u6307\u7eb9\u5df2\u88ab\u5220\u9664\uff0c\u5e76\u5c06\u4f1a\u9000\u5230 chrome\uff1a</p> <p> chrome_psk chrome_psk_shuffle chrome_padding_psk_shuffle chrome_pq chrome_pq_psk</p> <ul> <li>chrome</li> <li>firefox</li> <li>edge</li> <li>safari</li> <li>360</li> <li>qq</li> <li>ios</li> <li>android</li> <li>random</li> <li>randomized</li> </ul> <p>\u9ed8\u8ba4\u4f7f\u7528 chrome \u6307\u7eb9\u3002</p>"},{"location":"zh/configuration/shared/tls/#ech","title":"ECH \u5b57\u6bb5","text":"<p>ECH (Encrypted Client Hello) \u662f\u4e00\u4e2a TLS \u6269\u5c55\uff0c\u5b83\u5141\u8bb8\u5ba2\u6237\u7aef\u52a0\u5bc6\u5176 ClientHello \u7684\u7b2c\u4e00\u90e8\u5206 \u4fe1\u606f\u3002</p> <p>ECH \u914d\u7f6e\u548c\u5bc6\u94a5\u53ef\u4ee5\u901a\u8fc7 <code>sing-box generate ech-keypair [--pq-signature-schemes-enabled]</code> \u751f\u6210\u3002</p>"},{"location":"zh/configuration/shared/tls/#pq_signature_schemes_enabled","title":"pq_signature_schemes_enabled","text":"<p>\u542f\u7528\u5bf9\u540e\u91cf\u5b50\u5bf9\u7b49\u8bc1\u4e66\u7b7e\u540d\u65b9\u6848\u7684\u652f\u6301\u3002</p> <p>\u5efa\u8bae\u5339\u914d <code>sing-box generate ech-keypair</code> \u7684\u53c2\u6570\u3002</p>"},{"location":"zh/configuration/shared/tls/#dynamic_record_sizing_disabled","title":"dynamic_record_sizing_disabled","text":"<p>\u7981\u7528 TLS \u8bb0\u5f55\u7684\u81ea\u9002\u5e94\u5927\u5c0f\u8c03\u6574\u3002</p> <p>\u5982\u679c\u4e3a true\uff0c\u5219\u59cb\u7ec8\u4f7f\u7528\u6700\u5927\u53ef\u80fd\u7684 TLS \u8bb0\u5f55\u5927\u5c0f\u3002 \u5982\u679c\u4e3a false\uff0c\u5219\u53ef\u80fd\u4f1a\u8c03\u6574 TLS \u8bb0\u5f55\u7684\u5927\u5c0f\u4ee5\u5c1d\u8bd5\u6539\u5584\u5ef6\u8fdf\u3002</p>"},{"location":"zh/configuration/shared/tls/#key_1","title":"key","text":"<p>\u4ec5\u670d\u52a1\u5668</p> <p>ECH PEM \u5bc6\u94a5\u884c\u6570\u7ec4</p>"},{"location":"zh/configuration/shared/tls/#key_path_1","title":"key_path","text":"<p>\u4ec5\u670d\u52a1\u5668</p> <p>\u6587\u4ef6\u66f4\u6539\u65f6\u5c06\u81ea\u52a8\u91cd\u65b0\u52a0\u8f7d\u3002</p> <p>ECH PEM \u5bc6\u94a5\u8def\u5f84</p>"},{"location":"zh/configuration/shared/tls/#config","title":"config","text":"<p>\u4ec5\u5ba2\u6237\u7aef</p> <p>ECH PEM \u914d\u7f6e\u884c\u6570\u7ec4</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u5c1d\u8bd5\u4ece DNS \u52a0\u8f7d\u3002</p>"},{"location":"zh/configuration/shared/tls/#config_path","title":"config_path","text":"<p>\u4ec5\u5ba2\u6237\u7aef</p> <p>ECH PEM \u914d\u7f6e\u8def\u5f84</p> <p>\u5982\u679c\u4e3a\u7a7a\uff0c\u5c06\u5c1d\u8bd5\u4ece DNS \u52a0\u8f7d\u3002</p>"},{"location":"zh/configuration/shared/tls/#acme","title":"ACME \u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tls/#domain","title":"domain","text":"<p>\u4e00\u7ec4\u57df\u540d\u3002</p> <p>\u9ed8\u8ba4\u7981\u7528 ACME\u3002</p>"},{"location":"zh/configuration/shared/tls/#data_directory","title":"data_directory","text":"<p>ACME \u6570\u636e\u76ee\u5f55\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528 <code>$XDG_DATA_HOME/certmagic|$HOME/.local/share/certmagic</code>\u3002</p>"},{"location":"zh/configuration/shared/tls/#default_server_name","title":"default_server_name","text":"<p>\u5982\u679c ClientHello \u7684 ServerName \u5b57\u6bb5\u4e3a\u7a7a\uff0c\u5219\u9009\u62e9\u8bc1\u4e66\u65f6\u8981\u4f7f\u7528\u7684\u670d\u52a1\u5668\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/shared/tls/#email","title":"email","text":"<p>\u521b\u5efa\u6216\u9009\u62e9\u73b0\u6709 ACME \u670d\u52a1\u5668\u5e10\u6237\u65f6\u4f7f\u7528\u7684\u7535\u5b50\u90ae\u4ef6\u5730\u5740\u3002</p>"},{"location":"zh/configuration/shared/tls/#provider","title":"provider","text":"<p>\u8981\u4f7f\u7528\u7684 ACME CA \u4f9b\u5e94\u5546\u3002</p> \u503c \u4f9b\u5e94\u5546 <code>letsencrypt (\u9ed8\u8ba4)</code> Let's Encrypt <code>zerossl</code> ZeroSSL <code>https://...</code> \u81ea\u5b9a\u4e49"},{"location":"zh/configuration/shared/tls/#disable_http_challenge","title":"disable_http_challenge","text":"<p>\u7981\u7528\u6240\u6709 HTTP \u8d28\u8be2\u3002</p>"},{"location":"zh/configuration/shared/tls/#disable_tls_alpn_challenge","title":"disable_tls_alpn_challenge","text":"<p>\u7981\u7528\u6240\u6709 TLS-ALPN \u8d28\u8be2\u3002</p>"},{"location":"zh/configuration/shared/tls/#alternative_http_port","title":"alternative_http_port","text":"<p>\u7528\u4e8e ACME HTTP \u8d28\u8be2\u7684\u5907\u7528\u7aef\u53e3\uff1b\u5982\u679c\u975e\u7a7a\uff0c\u5c06\u4f7f\u7528\u6b64\u7aef\u53e3\u800c\u4e0d\u662f 80 \u6765\u542f\u52a8 HTTP \u8d28\u8be2\u7684\u4fa6\u542c\u5668\u3002</p>"},{"location":"zh/configuration/shared/tls/#alternative_tls_port","title":"alternative_tls_port","text":"<p>\u7528\u4e8e ACME TLS-ALPN \u8d28\u8be2\u7684\u5907\u7528\u7aef\u53e3\uff1b \u7cfb\u7edf\u5fc5\u987b\u5c06 443 \u8f6c\u53d1\u5230\u6b64\u7aef\u53e3\u4ee5\u4f7f\u8d28\u8be2\u6210\u529f\u3002</p>"},{"location":"zh/configuration/shared/tls/#external_account","title":"external_account","text":"<p>EAB\uff08\u5916\u90e8\u5e10\u6237\u7ed1\u5b9a\uff09\u5305\u542b\u5c06 ACME \u5e10\u6237\u7ed1\u5b9a\u6216\u6620\u5c04\u5230\u5176\u4ed6\u5df2\u77e5\u5e10\u6237\u6240\u9700\u7684\u4fe1\u606f\u7531 CA\u3002</p> <p>\u5916\u90e8\u5e10\u6237\u7ed1\u5b9a\u201c\u7528\u4e8e\u5c06 ACME \u5e10\u6237\u4e0e\u975e ACME \u7cfb\u7edf\u4e2d\u7684\u73b0\u6709\u5e10\u6237\u76f8\u5173\u8054\uff0c\u4f8b\u5982 CA \u5ba2\u6237\u6570\u636e\u5e93\u3002</p> <p>\u4e3a\u4e86\u542f\u7528 ACME \u5e10\u6237\u7ed1\u5b9a\uff0c\u8fd0\u884c ACME \u670d\u52a1\u5668\u7684 CA \u9700\u8981\u5411 ACME \u5ba2\u6237\u7aef\u63d0\u4f9b MAC \u5bc6\u94a5\u548c\u5bc6\u94a5\u6807\u8bc6\u7b26\uff0c\u4f7f\u7528 ACME \u4e4b\u5916\u7684\u4e00\u4e9b\u673a\u5236\u3002 \u00a77.3.4</p>"},{"location":"zh/configuration/shared/tls/#external_accountkey_id","title":"external_account.key_id","text":"<p>\u5bc6\u94a5\u6807\u8bc6\u7b26\u3002</p>"},{"location":"zh/configuration/shared/tls/#external_accountmac_key","title":"external_account.mac_key","text":"<p>MAC \u5bc6\u94a5\u3002</p>"},{"location":"zh/configuration/shared/tls/#dns01_challenge","title":"dns01_challenge","text":"<p>ACME DNS01 \u9a8c\u8bc1\u5b57\u6bb5\u3002\u5982\u679c\u914d\u7f6e\uff0c\u5c06\u7981\u7528\u5176\u4ed6\u9a8c\u8bc1\u65b9\u6cd5\u3002</p> <p>\u53c2\u9605 DNS01 \u9a8c\u8bc1\u5b57\u6bb5\u3002</p>"},{"location":"zh/configuration/shared/tls/#reality","title":"Reality \u5b57\u6bb5","text":""},{"location":"zh/configuration/shared/tls/#handshake","title":"handshake","text":"<p>\u4ec5\u670d\u52a1\u5668</p> <p>\u5fc5\u586b</p> <p>\u63e1\u624b\u670d\u52a1\u5668\u5730\u5740\u548c \u62e8\u53f7\u53c2\u6570\u3002</p>"},{"location":"zh/configuration/shared/tls/#private_key","title":"private_key","text":"<p>\u4ec5\u670d\u52a1\u5668</p> <p>\u5fc5\u586b</p> <p>\u79c1\u94a5\uff0c\u7531 <code>sing-box generate reality-keypair</code> \u751f\u6210\u3002</p>"},{"location":"zh/configuration/shared/tls/#public_key","title":"public_key","text":"<p>\u4ec5\u5ba2\u6237\u7aef</p> <p>\u5fc5\u586b</p> <p>\u516c\u94a5\uff0c\u7531 <code>sing-box generate reality-keypair</code> \u751f\u6210\u3002</p>"},{"location":"zh/configuration/shared/tls/#short_id","title":"short_id","text":"<p>\u5fc5\u586b</p> <p>\u4e00\u4e2a\u96f6\u5230\u516b\u4f4d\u7684\u5341\u516d\u8fdb\u5236\u5b57\u7b26\u4e32\u3002</p>"},{"location":"zh/configuration/shared/tls/#max_time_difference","title":"max_time_difference","text":"<p>\u670d\u52a1\u5668\u4e0e\u548c\u5ba2\u6237\u7aef\u4e4b\u95f4\u5141\u8bb8\u7684\u6700\u5927\u65f6\u95f4\u5dee\u3002</p> <p>\u9ed8\u8ba4\u7981\u7528\u68c0\u67e5\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/","title":"V2Ray \u4f20\u8f93\u5c42","text":"<p>V2Ray Transport \u662f v2ray \u53d1\u660e\u7684\u4e00\u7ec4\u79c1\u6709\u534f\u8bae\uff0c\u5e76\u6c61\u67d3\u4e86\u5176\u4ed6\u534f\u8bae\u7684\u540d\u79f0\uff0c\u5982 clash \u4e2d\u7684 <code>trojan-grpc</code>\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#_1","title":"\u7ed3\u6784","text":"<pre><code>{\n \"type\": \"\"\n}\n</code></pre> <p>\u53ef\u7528\u7684\u4f20\u8f93\u534f\u8bae\uff1a</p> <ul> <li>HTTP</li> <li>WebSocket</li> <li>QUIC</li> <li>gRPC</li> <li>HTTPUpgrade</li> </ul> <p>\u4e0e v2ray-core \u7684\u533a\u522b</p> <ul> <li>\u6ca1\u6709 TCP \u4f20\u8f93\u5c42, \u7eaf HTTP \u5df2\u5408\u5e76\u5230 HTTP \u4f20\u8f93\u5c42\u3002</li> <li>\u6ca1\u6709 mKCP \u4f20\u8f93\u5c42\u3002</li> <li>\u6ca1\u6709 DomainSocket \u4f20\u8f93\u5c42\u3002</li> </ul> <p>\u5f53\u5185\u5bb9\u53ea\u6709\u4e00\u9879\u65f6\uff0c\u53ef\u4ee5\u5ffd\u7565 JSON \u6570\u7ec4 [] \u6807\u7b7e\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#http","title":"HTTP","text":"<pre><code>{\n \"type\": \"http\",\n \"host\": [],\n \"path\": \"\",\n \"method\": \"\",\n \"headers\": {},\n \"idle_timeout\": \"15s\",\n \"ping_timeout\": \"15s\"\n}\n</code></pre> <p>\u4e0e v2ray-core \u7684\u533a\u522b</p> <p>\u4e0d\u5f3a\u5236\u6267\u884c TLS\u3002\u5982\u679c\u672a\u914d\u7f6e TLS\uff0c\u5c06\u4f7f\u7528\u7eaf HTTP 1.1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#host","title":"host","text":"<p>\u4e3b\u673a\u57df\u540d\u5217\u8868\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u5ba2\u6237\u7aef\u5c06\u968f\u673a\u9009\u62e9\uff0c\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#path","title":"path","text":"<p>Warning</p> <p>V2Ray \u6587\u6863\u79f0\u670d\u52a1\u7aef\u548c\u5ba2\u6237\u7aef\u7684\u8def\u5f84\u5fc5\u987b\u4e00\u81f4\uff0c\u4f46\u5b9e\u9645\u4ee3\u7801\u5141\u8bb8\u5ba2\u6237\u7aef\u5411\u8def\u5f84\u6dfb\u52a0\u4efb\u4f55\u540e\u7f00\u3002 sing-box \u4f7f\u7528\u4e0e V2Ray \u76f8\u540c\u7684\u884c\u4e3a\uff0c\u4f46\u8bf7\u6ce8\u610f\uff0c\u8be5\u884c\u4e3a\u5728 <code>WebSocket</code> \u548c <code>HTTPUpgrade</code> \u4f20\u8f93\u5c42\u4e2d\u4e0d\u5b58\u5728\u3002</p> <p>HTTP \u8bf7\u6c42\u8def\u5f84</p> <p>\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#method","title":"method","text":"<p>HTTP \u8bf7\u6c42\u65b9\u6cd5</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#headers","title":"headers","text":"<p>HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u5199\u5165\u54cd\u5e94\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#idle_timeout","title":"idle_timeout","text":"<p>\u5728 HTTP2 \u670d\u52a1\u5668\u4e2d\uff1a</p> <p>\u6307\u5b9a\u95f2\u7f6e\u5ba2\u6237\u7aef\u5e94\u5728\u591a\u957f\u65f6\u95f4\u5185\u4f7f\u7528 GOAWAY \u5e27\u5173\u95ed\u3002PING \u5e27\u4e0d\u88ab\u89c6\u4e3a\u6d3b\u52a8\u3002</p> <p>\u5728 HTTP2 \u5ba2\u6237\u7aef\u4e2d\uff1a</p> <p>\u5982\u679c\u8fde\u63a5\u4e0a\u6ca1\u6709\u6536\u5230\u4efb\u4f55\u5e27\uff0c\u6307\u5b9a\u4e00\u6bb5\u65f6\u95f4\u540e\u5c06\u4f7f\u7528 PING \u5e27\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cPING \u54cd\u5e94\u88ab\u89c6\u4e3a\u5df2\u63a5\u6536\u7684\u5e27\uff0c\u56e0\u6b64\u5982\u679c\u8fde\u63a5\u4e0a\u6ca1\u6709\u5176\u4ed6\u6d41\u91cf\uff0c\u5219\u5065\u5eb7\u68c0\u67e5\u5c06\u5728\u6bcf\u4e2a\u95f4\u9694\u6267\u884c\u4e00\u6b21\u3002\u5982\u679c\u503c\u4e3a\u96f6\uff0c\u5219\u4e0d\u4f1a\u6267\u884c\u5065\u5eb7\u68c0\u67e5\u3002</p> <p>\u9ed8\u8ba4\u4f7f\u7528\u96f6\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#ping_timeout","title":"ping_timeout","text":"<p>\u5728 HTTP2 \u5ba2\u6237\u7aef\u4e2d\uff1a</p> <p>\u6307\u5b9a\u53d1\u9001 PING \u5e27\u540e\uff0c\u5728\u6307\u5b9a\u7684\u8d85\u65f6\u65f6\u95f4\u5185\u5fc5\u987b\u63a5\u6536\u5230\u54cd\u5e94\u3002\u5982\u679c\u5728\u6307\u5b9a\u7684\u8d85\u65f6\u65f6\u95f4\u5185\u6ca1\u6709\u6536\u5230 PING \u5e27\u7684\u54cd\u5e94\uff0c\u5219\u8fde\u63a5\u5c06\u5173\u95ed\u3002\u9ed8\u8ba4\u8d85\u65f6\u6301\u7eed\u65f6\u95f4\u4e3a 15 \u79d2\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#path_1","title":"path","text":"<p>HTTP \u8bf7\u6c42\u8def\u5f84</p> <p>\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#headers_1","title":"headers","text":"<p>HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u5199\u5165\u54cd\u5e94\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#max_early_data","title":"max_early_data","text":"<p>\u8bf7\u6c42\u4e2d\u5141\u8bb8\u7684\u6700\u5927\u6709\u6548\u8d1f\u8f7d\u5927\u5c0f\u3002\u9ed8\u8ba4\u542f\u7528\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#early_data_header_name","title":"early_data_header_name","text":"<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u65e9\u671f\u6570\u636e\u5728\u8def\u5f84\u800c\u4e0d\u662f\u6807\u5934\u4e2d\u53d1\u9001\u3002</p> <p>\u8981\u4e0e Xray-core \u517c\u5bb9\uff0c\u8bf7\u5c06\u5176\u8bbe\u7f6e\u4e3a <code>Sec-WebSocket-Protocol</code>\u3002</p> <p>\u5b83\u9700\u8981\u4e0e\u670d\u52a1\u5668\u4fdd\u6301\u4e00\u81f4\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#quic","title":"QUIC","text":"<pre><code>{\n \"type\": \"quic\"\n}\n</code></pre> <p>\u4e0e v2ray-core \u7684\u533a\u522b</p> <p>\u6ca1\u6709\u989d\u5916\u7684\u52a0\u5bc6\u652f\u6301\uff1a \u5b83\u57fa\u672c\u4e0a\u662f\u91cd\u590d\u52a0\u5bc6\u3002 \u5e76\u4e14 Xray-core \u5728\u8fd9\u91cc\u4e0e v2ray-core \u4e0d\u517c\u5bb9\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#grpc","title":"gRPC","text":"<p>\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u542b\u6807\u51c6 gRPC (\u517c\u5bb9\u6027\u597d\uff0c\u4f46\u6027\u80fd\u8f83\u5dee), \u53c2\u9605 \u5b89\u88c5\u3002</p> <pre><code>{\n \"type\": \"grpc\",\n \"service_name\": \"TunService\",\n \"idle_timeout\": \"15s\",\n \"ping_timeout\": \"15s\",\n \"permit_without_stream\": false\n}\n</code></pre>"},{"location":"zh/configuration/shared/v2ray-transport/#service_name","title":"service_name","text":"<p>gRPC \u670d\u52a1\u540d\u79f0\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#idle_timeout_1","title":"idle_timeout","text":"<p>\u5728\u6807\u51c6 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a</p> <p>\u5982\u679c\u4f20\u8f93\u5728\u6b64\u65f6\u95f4\u6bb5\u540e\u6ca1\u6709\u770b\u5230\u4efb\u4f55\u6d3b\u52a8\uff0c\u5b83\u4f1a\u5411\u5ba2\u6237\u7aef\u53d1\u9001 ping \u8bf7\u6c42\u4ee5\u68c0\u67e5\u8fde\u63a5\u662f\u5426\u4ecd\u7136\u6d3b\u52a8\u3002</p> <p>\u5728\u9ed8\u8ba4 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a</p> <p>\u5b83\u7684\u884c\u4e3a\u4e0e HTTP \u4f20\u8f93\u5c42\u4e2d\u7684\u76f8\u5e94\u8bbe\u7f6e\u76f8\u540c\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#ping_timeout_1","title":"ping_timeout","text":"<p>\u5728\u6807\u51c6 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a</p> <p>\u7ecf\u8fc7\u4e00\u6bb5\u65f6\u95f4\u4e4b\u540e\uff0c\u5ba2\u6237\u7aef\u5c06\u6267\u884c keepalive \u68c0\u67e5\u5e76\u7b49\u5f85\u6d3b\u52a8\u3002\u5982\u679c\u6ca1\u6709\u68c0\u6d4b\u5230\u4efb\u4f55\u6d3b\u52a8\uff0c\u5219\u4f1a\u5173\u95ed\u8fde\u63a5\u3002</p> <p>\u5728\u9ed8\u8ba4 gRPC \u670d\u52a1\u5668/\u5ba2\u6237\u7aef\uff1a</p> <p>\u5b83\u7684\u884c\u4e3a\u4e0e HTTP \u4f20\u8f93\u5c42\u4e2d\u7684\u76f8\u5e94\u8bbe\u7f6e\u76f8\u540c\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#permit_without_stream","title":"permit_without_stream","text":"<p>\u5728\u6807\u51c6 gRPC \u5ba2\u6237\u7aef\uff1a</p> <p>\u5982\u679c\u542f\u7528\uff0c\u5ba2\u6237\u7aef\u4f20\u8f93\u5373\u4f7f\u6ca1\u6709\u6d3b\u52a8\u8fde\u63a5\u4e5f\u4f1a\u53d1\u9001 keepalive ping\u3002\u5982\u679c\u7981\u7528\uff0c\u5219\u5728\u6ca1\u6709\u6d3b\u52a8\u8fde\u63a5\u65f6\uff0c\u5c06\u5ffd\u7565 <code>idle_timeout</code> \u548c <code>ping_timeout</code>\uff0c\u5e76\u4e14\u4e0d\u4f1a\u53d1\u9001 keepalive ping\u3002</p> <p>\u9ed8\u8ba4\u7981\u7528\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#host_1","title":"host","text":"<p>\u4e3b\u673a\u57df\u540d\u3002</p> <p>\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#path_2","title":"path","text":"<p>HTTP \u8bf7\u6c42\u8def\u5f84</p> <p>\u670d\u52a1\u5668\u5c06\u9a8c\u8bc1\u3002</p>"},{"location":"zh/configuration/shared/v2ray-transport/#headers_2","title":"headers","text":"<p>HTTP \u8bf7\u6c42\u7684\u989d\u5916\u6807\u5934\u3002</p> <p>\u5982\u679c\u8bbe\u7f6e\uff0c\u670d\u52a1\u5668\u5c06\u5199\u5165\u54cd\u5e94\u3002</p>"},{"location":"zh/installation/build-from-source/","title":"\u4ece\u6e90\u4ee3\u7801\u6784\u5efa","text":""},{"location":"zh/installation/build-from-source/#_2","title":"\u8981\u6c42","text":""},{"location":"zh/installation/build-from-source/#sing-box-19","title":"sing-box 1.9","text":"<ul> <li>Go 1.18.5 - 1.22.x</li> <li>Go 1.20.0 - 1.22.x with tag <code>with_quic</code>, or <code>with_utls</code> enabled</li> <li>Go 1.21.0 - 1.22.x with tag <code>with_ech</code> enabled</li> </ul> <p>\u60a8\u53ef\u4ee5\u4ece https://go.dev/doc/install \u4e0b\u8f7d\u5e76\u5b89\u88c5 Go\uff0c\u63a8\u8350\u4f7f\u7528\u6700\u65b0\u7248\u672c\u3002</p>"},{"location":"zh/installation/build-from-source/#_3","title":"\u5feb\u901f\u5f00\u59cb","text":"<pre><code>make\n</code></pre> <p>\u6216\u8005\u6784\u5efa\u4e8c\u8fdb\u5236\u6587\u4ef6\u5e76\u5c06\u5176\u5b89\u88c5\u5230 <code>$GOBIN</code>\uff1a</p> <pre><code>make install\n</code></pre>"},{"location":"zh/installation/build-from-source/#_4","title":"\u81ea\u5b9a\u4e49\u6784\u5efa","text":"<pre><code>TAGS=\"tag_a tag_b\" make\n</code></pre> <p>or</p> <pre><code>go build -tags \"tag_a tag_b\" ./cmd/sing-box\n</code></pre>"},{"location":"zh/installation/build-from-source/#_5","title":"\u6784\u5efa\u6807\u8bb0","text":"\u6784\u5efa\u6807\u8bb0 \u9ed8\u8ba4\u542f\u52a8 \u8bf4\u660e <code>with_quic</code> Build with QUIC support, see QUIC and HTTP3 DNS transports, Naive inbound, Hysteria Inbound, Hysteria Outbound and V2Ray Transport#QUIC. <code>with_grpc</code> \ufe0f Build with standard gRPC support, see V2Ray Transport#gRPC. <code>with_dhcp</code> Build with DHCP support, see DHCP DNS transport. <code>with_wireguard</code> Build with WireGuard support, see WireGuard outbound. <code>with_ech</code> Build with TLS ECH extension support for TLS outbound, see TLS. <code>with_utls</code> Build with uTLS support for TLS outbound, see TLS. <code>with_reality_server</code> Build with reality TLS server support, see TLS. <code>with_acme</code> Build with ACME TLS certificate issuer support, see TLS. <code>with_clash_api</code> Build with Clash API support, see Experimental. <code>with_v2ray_api</code> \ufe0f Build with V2Ray API support, see Experimental. <code>with_gvisor</code> Build with gVisor support, see Tun inbound and WireGuard outbound. <code>with_embedded_tor</code> (CGO required) \ufe0f Build with embedded Tor support, see Tor outbound. <p>\u9664\u975e\u60a8\u786e\u5b9e\u77e5\u9053\u60a8\u6b63\u5728\u542f\u7528\u4ec0\u4e48\uff0c\u5426\u5219\u4e0d\u5efa\u8bae\u66f4\u6539\u9ed8\u8ba4\u6784\u5efa\u6807\u7b7e\u5217\u8868\u3002</p>"},{"location":"zh/installation/docker/#_1","title":"\u547d\u4ee4","text":"<pre><code>docker run -d \\\n -v /etc/sing-box:/etc/sing-box/ \\\n --name=sing-box \\\n --restart=always \\\n ghcr.io/sagernet/sing-box \\\n -D /var/lib/sing-box \\\n -C /etc/sing-box/ run\n</code></pre>"},{"location":"zh/installation/package-manager/","title":"\u5305\u7ba1\u7406\u5668","text":""},{"location":"zh/installation/package-manager/#_2","title":"\u4ed3\u5e93\u5b89\u88c5","text":"Debian / APT Redhat / DNF <pre><code>sudo curl -fsSL https://sing-box.app/gpg.key -o /etc/apt/keyrings/sagernet.asc\nsudo chmod a+r /etc/apt/keyrings/sagernet.asc\necho \"deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/sagernet.asc] https://deb.sagernet.org/ * *\" | \\\n sudo tee /etc/apt/sources.list.d/sagernet.list &gt; /dev/null\nsudo apt-get update\nsudo apt-get install sing-box # or sing-box-beta\n</code></pre> <p><pre><code>sudo dnf -y install dnf-plugins-core\nsudo dnf config-manager --add-repo https://sing-box.app/sing-box.repo\nsudo dnf install sing-box # or sing-box-beta\n</code></pre> \uff08\u8fd9\u9002\u7528\u4e8e\u4efb\u4f55\u4f7f\u7528 <code>dnf</code> \u4f5c\u4e3a\u5305\u7ba1\u7406\u5668\u7684\u53d1\u884c\u7248\uff1aFedora\u3001CentOS\uff0c\u751a\u81f3\u5b89\u88c5\u4e86 DNF \u7684 OpenSUSE\u3002\uff09</p>"},{"location":"zh/installation/package-manager/#_3","title":"\u624b\u52a8\u5b89\u88c5","text":"Debian / DEB Redhat / RPM Archlinux / PKG <pre><code>bash &lt;(curl -fsSL https://sing-box.app/deb-install.sh)\n</code></pre> <p><pre><code>bash &lt;(curl -fsSL https://sing-box.app/rpm-install.sh)\n</code></pre> \uff08\u8fd9\u9002\u7528\u4e8e\u4efb\u4f55\u4f7f\u7528 <code>rpm</code> \u548c <code>systemd</code> \u7684\u53d1\u884c\u7248\u3002\u7531\u4e8e <code>rpm</code> \u5b9a\u4e49\u4f9d\u8d56\u5173\u7cfb\u7684\u65b9\u5f0f\uff0c\u5982\u679c\u5b89\u88c5\u6210\u529f\uff0c\u5c31\u591a\u534a\u80fd\u7528\u3002\uff09</p> <pre><code>bash &lt;(curl -fsSL https://sing-box.app/arch-install.sh)\n</code></pre>"},{"location":"zh/installation/package-manager/#_4","title":"\u6258\u7ba1\u5b89\u88c5","text":"Linux macOS Windows Android FreeBSD \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 AUR Arch Linux <code>? -S sing-box</code> nixpkgs NixOS <code>nix-env -iA nixos.sing-box</code> Homebrew macOS / Linux <code>brew install sing-box</code> APK Alpine <code>apk add sing-box</code> DEB AOSC <code>apt install sing-box</code> \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 Homebrew macOS <code>brew install sing-box</code> \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 Scoop Windows <code>scoop install sing-box</code> Chocolatey Windows <code>choco install sing-box</code> winget Windows <code>winget install sing-box</code> \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 Termux Android <code>pkg add sing-box</code> \u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u547d\u4ee4 FreshPorts FreeBSD <code>pkg install sing-box</code>"},{"location":"zh/installation/package-manager/#_5","title":"\u5b58\u5728\u95ee\u9898\u7684\u6e90","text":"\u7c7b\u578b \u5e73\u53f0 \u94fe\u63a5 \u539f\u56e0 DEB AOSC aosc-os-abbs \u5b58\u5728\u95ee\u9898\u7684\u6784\u5efa\u6807\u5fd7\u5217\u8868\u4fee\u6539 Homebrew / homebrew-core \u5b58\u5728\u95ee\u9898\u7684\u6784\u5efa\u6807\u5fd7\u5217\u8868\u4fee\u6539 Termux Android termux-packages \u5b58\u5728\u95ee\u9898\u7684\u6784\u5efa\u6807\u5fd7\u5217\u8868\u4fee\u6539 FreshPorts FreeBSD FreeBSD ports \u592a\u65e7\u7684 Go (go1.20) <p>\u5982\u679c\u60a8\u662f\u5176\u7528\u6237\uff0c\u8bf7\u5411\u4ed6\u4eec\u62a5\u544a\u95ee\u9898\uff1a</p> <ol> <li>\u5728\u672a\u5b8c\u5168\u4e86\u89e3\u76f8\u5173\u529f\u80fd\u7684\u60c5\u51b5\u4e0b\uff0c\u8bf7\u52ff\u4fee\u6539\u53d1\u5e03\u7248\u672c\u6807\u7b7e\uff1a\u542f\u7528\u975e\u9ed8\u8ba4\u6807\u7b7e\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6027\u80fd\u4e0b\u964d\uff1b\u7f3a\u5c11\u9ed8\u8ba4\u6807\u7b7e\u53ef\u80fd\u4f1a\u5f15\u8d77\u7528\u6237\u6df7\u6dc6\u3002</li> <li>sing-box \u652f\u6301\u4f7f\u7528\u4e00\u4e9b\u8f83\u65e7\u7684 Go \u7248\u672c\u8fdb\u884c\u7f16\u8bd1\uff0c\u4f46\u4e0d\u63a8\u8350\u4f7f\u7528\uff08\u7279\u522b\u662f\u5df2\u4e0d\u518d\u53d7 Go \u652f\u6301\u7684\u7248\u672c\uff09\u3002</li> </ol>"},{"location":"zh/installation/package-manager/#_6","title":"\u670d\u52a1\u7ba1\u7406","text":"<p>\u5bf9\u4e8e\u5e26\u6709 systemd \u7684 Linux \u7cfb\u7edf\uff0c\u901a\u5e38\u5b89\u88c5\u5df2\u7ecf\u5305\u542b sing-box \u670d\u52a1\uff0c \u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u7ba1\u7406\u670d\u52a1\uff1a</p> \u884c\u52a8 \u547d\u4ee4 \u542f\u7528 <code>sudo systemctl enable sing-box</code> \u7981\u7528 <code>sudo systemctl disable sing-box</code> \u542f\u52a8 <code>sudo systemctl start sing-box</code> \u505c\u6b62 <code>sudo systemctl stop sing-box</code> \u5f3a\u884c\u505c\u6b62 <code>sudo systemctl kill sing-box</code> \u91cd\u65b0\u542f\u52a8 <code>sudo systemctl restart sing-box</code> \u67e5\u770b\u65e5\u5fd7 <code>sudo journalctl -u sing-box --output cat -e</code> \u5b9e\u65f6\u65e5\u5fd7 <code>sudo journalctl -u sing-box --output cat -f</code>"}]}