Austin/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2024-11-16 00:42:21 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

documentation: Add rule action

Browse Source
This commit is contained in:
世界 2024-11-06 19:02:55 +08:00
parent b8613de673
commit 44560f0c20
No known key found for this signature in database
GPG Key ID: CD109927C34A63C4
22 changed files with 1076 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
docs/configuration/dns/rule.md
View File

@ -2,6 +2,14 @@
icon: material/new-box
---
!!! quote "Changes in sing-box 1.11.0"
:material-plus: [action](#action)
:material-alert: [server](#server)
:material-alert: [disable_cache](#disable_cache)
:material-alert: [rewrite_ttl](#rewrite_ttl)
:material-alert: [client_subnet](#client_subnet)
!!! quote "Changes in sing-box 1.10.0"
:material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
@ -135,19 +143,15 @@ icon: material/new-box
"outbound": [
"direct"
],
"server": "local",
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1/24"
"action": "route",
"server": "local"
},
{
"type": "logical",
"mode": "and",
"rules": [],
"server": "local",
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1/24"
"action": "route",
"server": "local"
}
]
}
@ -354,29 +358,35 @@ Match outbound.
`any` can be used as a value to match any outbound.
#### server
#### action
==Required==
Tag of the target dns server.
See [DNS Rule Actions](../rule_action/) for details.
#### server
!!! failure "Deprecated in sing-box 1.11.0"
Moved to [DNS Rule Action](../rule_action#route).
#### disable_cache
Disable cache and save cache in this query.
!!! failure "Deprecated in sing-box 1.11.0"
Moved to [DNS Rule Action](../rule_action#route).
#### rewrite_ttl
Rewrite TTL in DNS responses.
!!! failure "Deprecated in sing-box 1.11.0"
Moved to [DNS Rule Action](../rule_action#route).
#### client_subnet
!!! question "Since sing-box 1.9.0"
!!! failure "Deprecated in sing-box 1.11.0"
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
Moved to [DNS Rule Action](../rule_action#route).
### Address Filter Fields

85
docs/configuration/dns/rule_action.md Normal file
View File

@ -0,0 +1,85 @@
---
icon: material/new-box
---
# DNS Rule Action
!!! question "Since sing-box 1.11.0"
### route
```json
{
"action": "route", // default
"server": "",
// for compatibility
"disable_cache": false,
"rewrite_ttl": 0,
"client_subnet": null
}
```
`route` inherits the classic rule behavior of routing DNS requests to the specified server.
#### server
==Required==
Tag of target server.
#### disable_cache/rewrite_ttl/client_subnet
!!! failure "Deprecated in sing-box 1.11.0"
Legacy route options is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
### route-options
```json
{
"action": "route-options",
"disable_cache": false,
"rewrite_ttl": null,
"client_subnet": null
}
```
#### disable_cache
Disable cache and save cache in this query.
#### rewrite_ttl
Rewrite TTL in DNS responses.
#### client_subnet
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
### reject
```json
{
"action": "reject",
"method": "default", // default
"no_drop": false
}
```
`reject` reject DNS requests.
#### method
- `default`: Reply with NXDOMAIN.
- `drop`: Drop the request.
#### no_drop
If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
Not available when `method` is set to drop.

86
docs/configuration/dns/rule_action.zh.md Normal file
View File

@ -0,0 +1,86 @@
---
icon: material/new-box
---
# DNS 规则动作
!!! question "自 sing-box 1.11.0 起"
### route
```json
{
"action": "route", // 默认
"server": "",
// 兼容性
"disable_cache": false,
"rewrite_ttl": 0,
"client_subnet": null
}
```
`route` 继承了将 DNS 请求 路由到指定服务器的经典规则动作。
#### server
==必填==
目标 DNS 服务器的标签。
#### disable_cache/rewrite_ttl/client_subnet
!!! failure "自 sing-box 1.11.0 起"
旧的路由选项已弃用,且将在 sing-box 1.12.0 中移除,参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
### route-options
```json
{
"action": "route-options",
"disable_cache": false,
"rewrite_ttl": null,
"client_subnet": null
}
```
#### disable_cache
在此查询中禁用缓存。
#### rewrite_ttl
重写 DNS 回应中的 TTL。
#### client_subnet
默认情况下,将带有指定 IP 前缀的 `edns0-subnet` OPT 附加记录附加到每个查询。
如果值是 IP 地址而不是前缀,则会自动附加 `/32``/128`
将覆盖 `dns.client_subnet``servers.[].client_subnet`
### reject
```json
{
"action": "reject",
"method": "default", // default
"no_drop": false
}
```
`reject` 拒绝 DNS 请求。
#### method
- `default`: 返回 NXDOMAIN。
- `drop`: 丢弃请求。
#### no_drop
如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`
`method` 设为 `drop` 时不可用。

10
docs/configuration/outbound/block.md
View File

@ -1,8 +1,14 @@
`block` outbound closes all incoming requests.
---
icon: material/delete-clock
---
!!! failure "Deprecated in sing-box 1.11.0"
Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
### Structure
```json
```json F
{
"type": "block",
"tag": "block"

8
docs/configuration/outbound/block.zh.md
View File

@ -1,3 +1,11 @@
---
icon: material/delete-clock
---
!!! failure "已在 sing-box 1.11.0 废弃"
旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
`block` 出站关闭所有传入请求。
### 结构

8
docs/configuration/outbound/dns.md
View File

@ -1,3 +1,11 @@
---
icon: material/delete-clock
---
!!! failure "Deprecated in sing-box 1.11.0"
Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
`dns` outbound is a internal DNS server.
### Structure

8
docs/configuration/outbound/dns.zh.md
View File

@ -1,3 +1,11 @@
---
icon: material/delete-clock
---
!!! failure "已在 sing-box 1.11.0 废弃"
旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除, 参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
`dns` 出站是一个内部 DNS 服务器。
### 结构

19
docs/configuration/route/rule.md
View File

@ -1,7 +1,12 @@
---
icon: material/alert-decagram
icon: material/new-box
---
!!! quote "Changes in sing-box 1.11.0"
:material-plus: [action](#action)
:material-alert: [outbound](#outbound)
!!! quote "Changes in sing-box 1.10.0"
:material-plus: [client](#client)
@ -129,6 +134,7 @@ icon: material/alert-decagram
"rule_set_ipcidr_match_source": false,
"rule_set_ip_cidr_match_source": false,
"invert": false,
"action": "route",
"outbound": "direct"
},
{
@ -136,6 +142,7 @@ icon: material/alert-decagram
"mode": "and",
"rules": [],
"invert": false,
"action": "route",
"outbound": "direct"
}
]
@ -357,11 +364,17 @@ Make `ip_cidr` in rule-sets match the source IP.
Invert match result.
#### outbound
#### action
==Required==
Tag of the target outbound.
See [Rule Actions](../rule_action/) for details.
#### outbound
!!! failure "Deprecated in sing-box 1.11.0"
Moved to [Rule Action](../rule_action#route).
### Logical Fields

19
docs/configuration/route/rule.zh.md
View File

@ -1,7 +1,12 @@
---
icon: material/alert-decagram
icon: material/new-box
---
!!! quote "sing-box 1.11.0 中的更改"
:material-plus: [action](#action)
:material-alert: [outbound](#outbound)
!!! quote "sing-box 1.10.0 中的更改"
:material-plus: [client](#client)
@ -127,6 +132,7 @@ icon: material/alert-decagram
"rule_set_ipcidr_match_source": false,
"rule_set_ip_cidr_match_source": false,
"invert": false,
"action": "route",
"outbound": "direct"
},
{
@ -134,6 +140,7 @@ icon: material/alert-decagram
"mode": "and",
"rules": [],
"invert": false,
"action": "route",
"outbound": "direct"
}
]
@ -355,11 +362,17 @@ icon: material/alert-decagram
反选匹配结果。
#### outbound
#### action
==必填==
目标出站的标签。
参阅 [规则行动](../rule_action/)。
#### outbound
!!! failure "已在 sing-box 1.11.0 废弃"
已移动到 [规则行动](../rule_action#route).
### 逻辑字段

139
docs/configuration/route/rule_action.md Normal file
View File

@ -0,0 +1,139 @@
---
icon: material/new-box
---
# Rule Action
!!! question "Since sing-box 1.11.0"
## Final actions
### route
```json
{
"action": "route", // default
"outbound": ""
}
```
`route` inherits the classic rule behavior of routing connection to the specified outbound.
#### outbound
==Required==
Tag of target outbound.
### route-options
```json
{
"action": "route-options",
"udp_disable_domain_unmapping": false,
"udp_connect": false
}
```
`route-options` set options for routing.
#### udp_disable_domain_unmapping
If enabled, for UDP proxy requests addressed to a domain,
the original packet address will be sent in the response instead of the mapped domain.
This option is used for compatibility with clients that
do not support receiving UDP packets with domain addresses, such as Surge.
#### udp_connect
If enabled, attempts to connect UDP connection to the destination instead of listen.
### reject
```json
{
"action": "reject",
"method": "default", // default
"no_drop": false
}
```
`reject` reject connections
The specified method is used for reject tun connections if `sniff` action has not been performed yet.
For non-tun connections and already established connections, will just be closed.
#### method
- `default`: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets.
- `drop`: Drop packets.
#### no_drop
If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
Not available when `method` is set to drop.
### hijack-dns
```json
{
"action": "hijack-dns"
}
```
`hijack-dns` hijack DNS requests to the sing-box DNS module.
## Non-final actions
### sniff
```json
{
"action": "sniff",
"sniffer": [],
"timeout": ""
}
```
`sniff` performs protocol sniffing on connections.
For deprecated `inbound.sniff` options, it is considered to `sniff()` performed before routing.
#### sniffer
Enabled sniffers.
All sniffers enabled by default.
Available protocol values an be found on in [Protocol Sniff](../sniff/)
#### timeout
Timeout for sniffing.
`300ms` is used by default.
### resolve
```json
{
"action": "resolve",
"strategy": "",
"server": ""
}
```
`resolve` resolve request destination from domain to IP addresses.
#### strategy
DNS resolution strategy, available values are: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`.
`dns.strategy` will be used by default.
#### server
Specifies DNS server tag to use instead of selecting through DNS routing.

136
docs/configuration/route/rule_action.zh.md Normal file
View File

@ -0,0 +1,136 @@
---
icon: material/new-box
---
# 规则动作
!!! question "自 sing-box 1.11.0 起"
## 最终动作
### route
```json
{
"action": "route", // 默认
"outbound": "",
"udp_disable_domain_unmapping": false
}
```
`route` 继承了将连接路由到指定出站的经典规则动作。
#### outbound
==必填==
目标出站的标签。
### route-options
```json
{
"action": "route-options",
"udp_disable_domain_unmapping": false,
"udp_connect": false
}
```
#### udp_disable_domain_unmapping
如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。
#### udp_connect
如果启用,将尝试将 UDP 连接 connect 到目标而不是 listen。
### reject
```json
{
"action": "reject",
"method": "default", // 默认
"no_drop": false
}
```
`reject` 拒绝连接。
如果尚未执行 `sniff` 操作,则将使用指定方法拒绝 tun 连接。
对于非 tun 连接和已建立的连接,将直接关闭。
#### method
- `default`: 对于 TCP 连接回复 RST对于 UDP 包回复 ICMP 端口不可达。
- `drop`: 丢弃数据包。
#### no_drop
如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`
`method` 设为 `drop` 时不可用。
### hijack-dns
```json
{
"action": "hijack-dns"
}
```
`hijack-dns` 劫持 DNS 请求至 sing-box DNS 模块。
## 非最终动作
### sniff
```json
{
"action": "sniff",
"sniffer": [],
"timeout": ""
}
```
`sniff` 对连接执行协议嗅探。
对于已弃用的 `inbound.sniff` 选项,被视为在路由之前执行的 `sniff`
#### sniffer
启用的探测器。
默认启用所有探测器。
可用的协议值可以在 [协议嗅探](../sniff/) 中找到。
#### timeout
探测超时时间。
默认使用 300ms。
### resolve
```json
{
"action": "resolve",
"strategy": "",
"server": ""
}
```
`resolve` 将请求的目标从域名解析为 IP 地址。
#### strategy
DNS 解析策略,可用值有:`prefer_ipv4`、`prefer_ipv6`、`ipv4_only`、`ipv6_only`。
默认使用 `dns.strategy`
#### server
指定要使用的 DNS 服务器的标签,而不是通过 DNS 路由进行选择。

34
docs/configuration/shared/listen.md
View File

@ -1,3 +1,15 @@
---
icon: material/delete-clock
---
!!! quote "Changes in sing-box 1.11.0"
:material-delete-clock: [sniff](#sniff)
:material-delete-clock: [sniff_override_destination](#sniff_override_destination)
:material-delete-clock: [sniff_timeout](#sniff_timeout)
:material-delete-clock: [domain_strategy](#domain_strategy)
:material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping)
### Structure
```json
@ -68,24 +80,40 @@ Requires target inbound support, see [Injectable](/configuration/inbound/#fields
#### sniff
!!! failure "Deprecated in sing-box 1.11.0"
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
Enable sniffing.
See [Protocol Sniff](/configuration/route/sniff/) for details.
#### sniff_override_destination
!!! failure "Deprecated in sing-box 1.11.0"
Inbound fields are deprecated and will be removed in sing-box 1.13.0.
Override the connection destination address with the sniffed domain.
If the domain name is invalid (like tor), this will not work.
#### sniff_timeout
!!! failure "Deprecated in sing-box 1.11.0"
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
Timeout for sniffing.
300ms is used by default.
`300ms` is used by default.
#### domain_strategy
!!! failure "Deprecated in sing-box 1.11.0"
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
If set, the requested domain name will be resolved to IP before routing.
@ -94,6 +122,10 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb
#### udp_disable_domain_unmapping
!!! failure "Deprecated in sing-box 1.11.0"
Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
If enabled, for UDP proxy requests addressed to a domain,
the original packet address will be sent in the response instead of the mapped domain.

32
docs/configuration/shared/listen.zh.md
View File

@ -1,3 +1,15 @@
---
icon: material/delete-clock
---
!!! quote "sing-box 1.11.0 中的更改"
:material-delete-clock: [sniff](#sniff)
:material-delete-clock: [sniff_override_destination](#sniff_override_destination)
:material-delete-clock: [sniff_timeout](#sniff_timeout)
:material-delete-clock: [domain_strategy](#domain_strategy)
:material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping)
### 结构
```json
@ -69,24 +81,40 @@ UDP NAT 过期时间,以秒为单位。
#### sniff
!!! failure "已在 sing-box 1.11.0 废弃"
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
启用协议探测。
参阅 [协议探测](/zh/configuration/route/sniff/)
#### sniff_override_destination
!!! failure "已在 sing-box 1.11.0 废弃"
入站字段已废弃且将在 sing-box 1.12.0 中被移除。
用探测出的域名覆盖连接目标地址。
如果域名无效(如 Tor将不生效。
#### sniff_timeout
!!! failure "已在 sing-box 1.11.0 废弃"
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
探测超时时间。
默认使用 300ms。
#### domain_strategy
!!! failure "已在 sing-box 1.11.0 废弃"
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`
如果设置,请求的域名将在路由之前解析为 IP。
@ -95,6 +123,10 @@ UDP NAT 过期时间,以秒为单位。
#### udp_disable_domain_unmapping
!!! failure "已在 sing-box 1.11.0 废弃"
入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。

30
docs/deprecated.md
View File

@ -4,6 +4,32 @@ icon: material/delete-alert
# Deprecated Feature List
## 1.11.0
#### Legacy special outbounds
Legacy special outbounds (`block` / `dns`) are deprecated
and can be replaced by rule actions,
check [Migration](../migration/#migrate-legacy-special-outbounds-to-rule-actions).
Old fields will be removed in sing-box 1.13.0.
#### Legacy inbound fields
Legacy inbound fields `inbound.<sniff/domain_strategy/...>` are deprecated
and can be replaced by rule actions,
check [Migration](../migration/#migrate-legacy-inbound-fields-to-rule-actions).
Old fields will be removed in sing-box 1.13.0.
#### Legacy DNS route options
Legacy DNS route options (`disable_cache`, `rewrite_ttl`, `client_subnet`) are deprecated
and can be replaced by rule actions,
check [Migration](../migration/#migrate-legacy-dns-route-options-to-rule-actions).
Old fields will be removed in sing-box 1.12.0.
## 1.10.0
#### TUN address fields are merged
@ -12,7 +38,7 @@ icon: material/delete-alert
`inet4_route_address` and `inet6_route_address` are merged into `route_address`,
`inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
Old fields are deprecated and will be removed in sing-box 1.12.0.
Old fields will be removed in sing-box 1.12.0.
#### Match source rule items are renamed
@ -32,7 +58,7 @@ check [Migration](/migration/#migrate-cache-file-from-clash-api-to-independent-o
#### GeoIP
GeoIP is deprecated and may be removed in sing-box 1.12.0.
GeoIP is deprecated and will be removed in sing-box 1.12.0.
The maxmind GeoIP National Database, as an IP classification database,
is not entirely suitable for traffic bypassing,

25
docs/deprecated.zh.md
View File

@ -4,6 +4,29 @@ icon: material/delete-alert
# 废弃功能列表
## 1.11.0
#### 旧的特殊出站
旧的特殊出站(`block` / `dns`)已废弃且可以通过规则动作替代,
参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions)。
旧字段将在 sing-box 1.13.0 中被移除。
#### 旧的入站字段
旧的入站字段(`inbound.<sniff/domain_strategy/...>`)已废弃且可以通过规则动作替代,
参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions)。
旧字段将在 sing-box 1.13.0 中被移除。
#### 旧的 DNS 路由参数
旧的 DNS 路由参数(`disable_cache`、`rewrite_ttl`、`client_subnet`)已废弃且可以通过规则动作替代,
参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions)。
旧字段将在 sing-box 1.12.0 中被移除。
## 1.10.0
#### Match source 规则项已重命名
@ -17,7 +40,7 @@ icon: material/delete-alert
`inet4_route_address``inet6_route_address` 已合并为 `route_address`
`inet4_route_exclude_address``inet6_route_exclude_address` 已合并为 `route_exclude_address`
旧字段已废弃,且将在 sing-box 1.11.0 中被移除。
旧字段将在 sing-box 1.11.0 中被移除。
#### 移除对 go1.18 和 go1.19 的支持

208
docs/migration.md
View File

@ -2,6 +2,212 @@
icon: material/arrange-bring-forward
---
## 1.11.0
### Migrate legacy special outbounds to rule actions
Legacy special outbounds are deprecated and can be replaced by rule actions.
!!! info "References"
[Rule Action](/configuration/route/rule_action/) /
[Block](/configuration/outbound/block/) /
[DNS](/configuration/outbound/dns)
=== "Block"
=== ":material-card-remove: Deprecated"
```json
{
"outbounds": [
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
...,
"outbound": "block"
}
]
}
}
```
=== ":material-card-multiple: New"
```json
{
"route": {
"rules": [
{
...,
"action": "reject"
}
]
}
}
```
=== "DNS"
=== ":material-card-remove: Deprecated"
```json
{
"inbound": [
{
...,
"sniff": true
}
],
"outbounds": [
{
"tag": "dns",
"type": "dns"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns"
}
]
}
}
```
=== ":material-card-multiple: New"
```json
{
"route": {
"rules": [
{
"action": "sniff"
},
{
"protocol": "dns",
"action": "hijack-dns"
}
]
}
}
```
### Migrate legacy inbound fields to rule actions
Inbound fields are deprecated and can be replaced by rule actions.
!!! info "References"
[Listen Fields](/configuration/inbound/listen/) /
[Rule](/configuration/route/rule/) /
[Rule Action](/configuration/route/rule_action/) /
[DNS Rule](/configuration/dns/rule/) /
[DNS Rule Action](/configuration/dns/rule_action/)
=== ":material-card-remove: Deprecated"
```json
{
"inbounds": [
{
"type": "mixed",
"sniff": true,
"sniff_timeout": "1s",
"domain_strategy": "prefer_ipv4"
}
]
}
```
=== ":material-card-multiple: New"
```json
{
"inbounds": [
{
"type": "mixed",
"tag": "in"
}
],
"route": {
"rules": [
{
"inbound": "in",
"action": "resolve",
"strategy": "prefer_ipv4"
},
{
"inbound": "in",
"action": "sniff",
"timeout": "1s"
}
]
}
}
```
### Migrate legacy DNS route options to rule actions
Legacy DNS route options are deprecated and can be replaced by rule actions.
!!! info "References"
[DNS Rule](/configuration/dns/rule/) /
[DNS Rule Action](/configuration/dns/rule_action/)
=== ":material-card-remove: Deprecated"
```json
{
"dns": {
"rules": [
{
...,
"server": "local",
"disable_cache": true,
"rewrite_ttl": 600,
"client_subnet": "1.1.1.1/24"
}
]
}
}
```
=== ":material-card-multiple: New"
```json
{
"dns": {
"rules": [
{
...,
"action": "route-options",
"disable_cache": true,
"rewrite_ttl": 600,
"client_subnet": "1.1.1.1/24"
},
{
...,
"server": "local"
}
]
}
}
```
## 1.10.0
### TUN address fields are merged
@ -10,8 +216,6 @@ icon: material/arrange-bring-forward
`inet4_route_address` and `inet6_route_address` are merged into `route_address`,
`inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
Old fields are deprecated and will be removed in sing-box 1.11.0.
!!! info "References"
[TUN](/configuration/inbound/tun/)

206
docs/migration.zh.md
View File

@ -2,6 +2,212 @@
icon: material/arrange-bring-forward
---
## 1.11.0
### 迁移旧的特殊出站到规则动作
旧的特殊出站已被弃用,且可以被规则动作替代。
!!! info "参考"
[规则动作](/zh/configuration/route/rule_action/) /
[Block](/zh/configuration/outbound/block/) /
[DNS](/zh/configuration/outbound/dns)
=== "Block"
=== ":material-card-remove: 弃用的"
```json
{
"outbounds": [
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
...,
"outbound": "block"
}
]
}
}
```
=== ":material-card-multiple: 新的"
```json
{
"route": {
"rules": [
{
...,
"action": "reject"
}
]
}
}
```
=== "DNS"
=== ":material-card-remove: 弃用的"
```json
{
"inbound": [
{
...,
"sniff": true
}
],
"outbounds": [
{
"tag": "dns",
"type": "dns"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns"
}
]
}
}
```
=== ":material-card-multiple: 新的"
```json
{
"route": {
"rules": [
{
"action": "sniff"
},
{
"protocol": "dns",
"action": "hijack-dns"
}
]
}
}
```
### 迁移旧的入站字段到规则动作
入站选项已被弃用,且可以被规则动作替代。
!!! info "参考"
[监听字段](/zh/configuration/shared/listen/) /
[规则](/zh/configuration/route/rule/) /
[规则动作](/zh/configuration/route/rule_action/) /
[DNS 规则](/zh/configuration/dns/rule/) /
[DNS 规则动作](/zh/configuration/dns/rule_action/)
=== ":material-card-remove: 弃用的"
```json
{
"inbounds": [
{
"type": "mixed",
"sniff": true,
"sniff_timeout": "1s",
"domain_strategy": "prefer_ipv4"
}
]
}
```
=== ":material-card-multiple: New"
```json
{
"inbounds": [
{
"type": "mixed",
"tag": "in"
}
],
"route": {
"rules": [
{
"inbound": "in",
"action": "resolve",
"strategy": "prefer_ipv4"
},
{
"inbound": "in",
"action": "sniff",
"timeout": "1s"
}
]
}
}
```
### 迁移旧的 DNS 路由选项到规则动作
旧的 DNS 路由选项已被弃用,且可以被规则动作替代。
!!! info "参考"
[DNS 规则](/zh/configuration/dns/rule/) /
[DNS 规则动作](/zh/configuration/dns/rule_action/)
=== ":material-card-remove: 弃用的"
```json
{
"dns": {
"rules": [
{
...,
"server": "local",
"disable_cache": true,
"rewrite_ttl": 600,
"client_subnet": "1.1.1.1/24"
}
]
}
}
```
=== ":material-card-multiple: 新的"
```json
{
"dns": {
"rules": [
{
...,
"action": "route-options",
"disable_cache": true,
"rewrite_ttl": 600,
"client_subnet": "1.1.1.1/24"
},
{
...,
"server": "local"
}
]
}
}
```
## 1.10.0
### TUN 地址字段已合并

4
mkdocs.yml
View File

@ -82,6 +82,7 @@ nav:
- configuration/dns/index.md
- DNS Server: configuration/dns/server.md
- DNS Rule: configuration/dns/rule.md
- DNS Rule Action: configuration/dns/rule_action.md
- FakeIP: configuration/dns/fakeip.md
- NTP:
- configuration/ntp/index.md
@ -90,6 +91,7 @@ nav:
- GeoIP: configuration/route/geoip.md
- Geosite: configuration/route/geosite.md
- Route Rule: configuration/route/rule.md
- Rule Action: configuration/route/rule_action.md
- Protocol Sniff: configuration/route/sniff.md
- Rule Set:
- configuration/rule-set/index.md
@ -218,9 +220,11 @@ plugins:
Log: 日志
DNS Server: DNS 服务器
DNS Rule: DNS 规则
DNS Rule Action: DNS 规则动作
Route: 路由
Route Rule: 路由规则
Rule Action: 规则动作
Protocol Sniff: 协议探测
Rule Set: 规则集

2
option/inbound.go
View File

@ -34,7 +34,7 @@ func (h *Inbound) UnmarshalJSONContext(ctx context.Context, content []byte) erro
}
registry := service.FromContext[InboundOptionsRegistry](ctx)
if registry == nil {
return E.New("missing inbound options registry in context")
return E.New("missing Inbound fields registry in context")
}
options, loaded := registry.CreateOptions(h.Type)
if !loaded {

6
option/rule_action.go
View File

@ -148,9 +148,6 @@ func (r *RouteActionOptions) UnmarshalJSON(data []byte) error {
if err != nil {
return err
}
if r.Outbound == "" {
return E.New("missing outbound")
}
return nil
}
@ -189,9 +186,6 @@ func (r *DNSRouteActionOptions) UnmarshalJSONContext(ctx context.Context, data [
if err != nil {
return err
}
if r.Server == "" {
return E.New("missing server")
}
if r.DisableCache || r.RewriteTTL != nil || r.ClientSubnet != nil {
deprecated.Report(ctx, deprecated.OptionLegacyDNSRouteOptions)
}

2
route/route.go
View File

@ -76,7 +76,7 @@ func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata ad
metadata.Network = N.NetworkTCP
switch metadata.Destination.Fqdn {
case mux.Destination.Fqdn:
return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in inbound options instead.")
return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in Inbound fields instead.")
case vmess.MuxDestination.Fqdn:
return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.")
case uot.MagicAddress: