forked from mirror/serenity
Improve DNS and inbound rules
This commit is contained in:
parent
6f86247909
commit
7c48260661
@ -8,12 +8,13 @@
|
|||||||
|
|
||||||
"log": {},
|
"log": {},
|
||||||
"domain_strategy": "",
|
"domain_strategy": "",
|
||||||
|
"domain_strategy_local": "",
|
||||||
"disable_traffic_bypass": false,
|
"disable_traffic_bypass": false,
|
||||||
"disable_rule_set": false,
|
"disable_rule_set": false,
|
||||||
"remote_resolve": false,
|
"remote_resolve": false,
|
||||||
// DNS
|
// DNS
|
||||||
|
|
||||||
"dns_default": "",
|
"dns": "",
|
||||||
"dns_local": "",
|
"dns_local": "",
|
||||||
"enable_fakeip": false,
|
"enable_fakeip": false,
|
||||||
"pre_dns_rules": [],
|
"pre_dns_rules": [],
|
||||||
@ -47,7 +48,6 @@
|
|||||||
"custom_urltest": {},
|
"custom_urltest": {},
|
||||||
// Route
|
// Route
|
||||||
|
|
||||||
"disable_default_rules": false,
|
|
||||||
"pre_rules": [],
|
"pre_rules": [],
|
||||||
"custom_rules": [],
|
"custom_rules": [],
|
||||||
"enable_jsdelivr": false,
|
"enable_jsdelivr": false,
|
||||||
@ -96,6 +96,15 @@ If `*_only` enabled, TUN and DNS will be configured to disable the other network
|
|||||||
|
|
||||||
Note that if want `prefer_*` to take effect on transparent proxy requests, set `enable_fakeip`.
|
Note that if want `prefer_*` to take effect on transparent proxy requests, set `enable_fakeip`.
|
||||||
|
|
||||||
|
`ipv4_only` is used by default when `enable_fakeip` disabled,
|
||||||
|
`prefer_ipv4` is used by default when `enable_fakeip` enabled.
|
||||||
|
|
||||||
|
#### domain_strategy_local
|
||||||
|
|
||||||
|
Local sing-box domain strategy.
|
||||||
|
|
||||||
|
`prefer_ipv4` is used by default.
|
||||||
|
|
||||||
#### disable_rule_set
|
#### disable_rule_set
|
||||||
|
|
||||||
Use `geoip` and `geosite` for traffic bypassing instead of rule sets.
|
Use `geoip` and `geosite` for traffic bypassing instead of rule sets.
|
||||||
@ -108,7 +117,7 @@ Disable traffic bypass for Chinese DNS queries and connections.
|
|||||||
|
|
||||||
Don't generate `doamin_strategy` options for inbounds.
|
Don't generate `doamin_strategy` options for inbounds.
|
||||||
|
|
||||||
#### dns_default
|
#### dns
|
||||||
|
|
||||||
Default DNS server.
|
Default DNS server.
|
||||||
|
|
||||||
@ -222,10 +231,6 @@ Custom [Selector](https://sing-box.sagernet.org/configuration/outbound/selector/
|
|||||||
|
|
||||||
Custom [URLTest](https://sing-box.sagernet.org/configuration/outbound/urltest/) outbound template.
|
Custom [URLTest](https://sing-box.sagernet.org/configuration/outbound/urltest/) outbound template.
|
||||||
|
|
||||||
#### disable_default_rules
|
|
||||||
|
|
||||||
Don't generate some useful rules.
|
|
||||||
|
|
||||||
#### pre_rules
|
#### pre_rules
|
||||||
|
|
||||||
List of [Rule](https://sing-box.sagernet.org/configuration/route/rule/).
|
List of [Rule](https://sing-box.sagernet.org/configuration/route/rule/).
|
||||||
|
@ -16,12 +16,13 @@ type _Template struct {
|
|||||||
|
|
||||||
Log *option.LogOptions `json:"log,omitempty"`
|
Log *option.LogOptions `json:"log,omitempty"`
|
||||||
DomainStrategy option.DomainStrategy `json:"domain_strategy,omitempty"`
|
DomainStrategy option.DomainStrategy `json:"domain_strategy,omitempty"`
|
||||||
|
DomainStrategyLocal option.DomainStrategy `json:"domain_strategy_local,omitempty"`
|
||||||
DisableTrafficBypass bool `json:"disable_traffic_bypass,omitempty"`
|
DisableTrafficBypass bool `json:"disable_traffic_bypass,omitempty"`
|
||||||
DisableRuleSet bool `json:"disable_rule_set,omitempty"`
|
DisableRuleSet bool `json:"disable_rule_set,omitempty"`
|
||||||
RemoteResolve bool `json:"remote_resolve,omitempty"`
|
RemoteResolve bool `json:"remote_resolve,omitempty"`
|
||||||
|
|
||||||
// DNS
|
// DNS
|
||||||
DNSDefault string `json:"dns_default,omitempty"`
|
DNS string `json:"dns,omitempty"`
|
||||||
DNSLocal string `json:"dns_local,omitempty"`
|
DNSLocal string `json:"dns_local,omitempty"`
|
||||||
EnableFakeIP bool `json:"enable_fakeip,omitempty"`
|
EnableFakeIP bool `json:"enable_fakeip,omitempty"`
|
||||||
DisableDNSLeak bool `json:"disable_dns_leak,omitempty"`
|
DisableDNSLeak bool `json:"disable_dns_leak,omitempty"`
|
||||||
@ -124,7 +125,7 @@ type GitHubRuleSetOptions struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (t Template) DisableIPv6() bool {
|
func (t Template) DisableIPv6() bool {
|
||||||
return t.DomainStrategy == option.DomainStrategy(dns.DomainStrategyUseIPv4)
|
return t.DomainStrategy == option.DomainStrategy(dns.DomainStrategyUseIPv4) && t.DomainStrategyLocal == option.DomainStrategy(dns.DomainStrategyUseIPv4)
|
||||||
}
|
}
|
||||||
|
|
||||||
type ExtraGroup struct {
|
type ExtraGroup struct {
|
||||||
|
@ -1,10 +1,13 @@
|
|||||||
package filter
|
package filter
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"net/netip"
|
||||||
|
|
||||||
"github.com/sagernet/serenity/common/metadata"
|
"github.com/sagernet/serenity/common/metadata"
|
||||||
"github.com/sagernet/serenity/common/semver"
|
"github.com/sagernet/serenity/common/semver"
|
||||||
C "github.com/sagernet/sing-box/constant"
|
C "github.com/sagernet/sing-box/constant"
|
||||||
"github.com/sagernet/sing-box/option"
|
"github.com/sagernet/sing-box/option"
|
||||||
|
"github.com/sagernet/sing/common"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -21,6 +24,36 @@ func filter1100(metadata metadata.Metadata, options *option.Options) {
|
|||||||
inbound.TunOptions.AutoRedirect = false
|
inbound.TunOptions.AutoRedirect = false
|
||||||
inbound.TunOptions.RouteAddressSet = nil
|
inbound.TunOptions.RouteAddressSet = nil
|
||||||
inbound.TunOptions.RouteExcludeAddressSet = nil
|
inbound.TunOptions.RouteExcludeAddressSet = nil
|
||||||
|
//nolint:staticcheck
|
||||||
|
//goland:noinspection GoDeprecation
|
||||||
|
if len(inbound.TunOptions.Address) > 0 {
|
||||||
|
inbound.TunOptions.Inet4Address = append(inbound.TunOptions.Inet4Address, common.Filter(inbound.TunOptions.Address, func(it netip.Prefix) bool {
|
||||||
|
return it.Addr().Is4()
|
||||||
|
})...)
|
||||||
|
inbound.TunOptions.Inet6Address = append(inbound.TunOptions.Inet6Address, common.Filter(inbound.TunOptions.Address, func(it netip.Prefix) bool {
|
||||||
|
return it.Addr().Is6()
|
||||||
|
})...)
|
||||||
|
}
|
||||||
|
//nolint:staticcheck
|
||||||
|
//goland:noinspection GoDeprecation
|
||||||
|
if len(inbound.TunOptions.RouteAddress) > 0 {
|
||||||
|
inbound.TunOptions.Inet4RouteAddress = append(inbound.TunOptions.Inet4RouteAddress, common.Filter(inbound.TunOptions.RouteAddress, func(it netip.Prefix) bool {
|
||||||
|
return it.Addr().Is4()
|
||||||
|
})...)
|
||||||
|
inbound.TunOptions.Inet6RouteAddress = append(inbound.TunOptions.Inet6RouteAddress, common.Filter(inbound.TunOptions.RouteAddress, func(it netip.Prefix) bool {
|
||||||
|
return it.Addr().Is6()
|
||||||
|
})...)
|
||||||
|
}
|
||||||
|
//nolint:staticcheck
|
||||||
|
//goland:noinspection GoDeprecation
|
||||||
|
if len(inbound.TunOptions.RouteExcludeAddress) > 0 {
|
||||||
|
inbound.TunOptions.Inet4RouteExcludeAddress = append(inbound.TunOptions.Inet4RouteExcludeAddress, common.Filter(inbound.TunOptions.RouteExcludeAddress, func(it netip.Prefix) bool {
|
||||||
|
return it.Addr().Is4()
|
||||||
|
})...)
|
||||||
|
inbound.TunOptions.Inet6RouteExcludeAddress = append(inbound.TunOptions.Inet6RouteExcludeAddress, common.Filter(inbound.TunOptions.RouteExcludeAddress, func(it netip.Prefix) bool {
|
||||||
|
return it.Addr().Is6()
|
||||||
|
})...)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
newInbounds = append(newInbounds, inbound)
|
newInbounds = append(newInbounds, inbound)
|
||||||
}
|
}
|
||||||
|
@ -70,6 +70,8 @@ func filter170(metadata metadata.Metadata, options *option.Options) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:staticcheck
|
||||||
|
//goland:noinspection GoDeprecation
|
||||||
func filter170Tun(options option.TunInboundOptions) option.TunInboundOptions {
|
func filter170Tun(options option.TunInboundOptions) option.TunInboundOptions {
|
||||||
options.Inet4RouteExcludeAddress = nil
|
options.Inet4RouteExcludeAddress = nil
|
||||||
options.Inet6RouteExcludeAddress = nil
|
options.Inet6RouteExcludeAddress = nil
|
||||||
|
@ -16,11 +16,24 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error {
|
func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error {
|
||||||
var domainStrategy option.DomainStrategy
|
var (
|
||||||
|
domainStrategy option.DomainStrategy
|
||||||
|
domainStrategyLocal option.DomainStrategy
|
||||||
|
)
|
||||||
if t.DomainStrategy != option.DomainStrategy(dns.DomainStrategyAsIS) {
|
if t.DomainStrategy != option.DomainStrategy(dns.DomainStrategyAsIS) {
|
||||||
domainStrategy = t.DomainStrategy
|
domainStrategy = t.DomainStrategy
|
||||||
} else {
|
} else if t.EnableFakeIP {
|
||||||
domainStrategy = option.DomainStrategy(dns.DomainStrategyPreferIPv4)
|
domainStrategy = option.DomainStrategy(dns.DomainStrategyPreferIPv4)
|
||||||
|
} else {
|
||||||
|
domainStrategy = option.DomainStrategy(dns.DomainStrategyUseIPv4)
|
||||||
|
}
|
||||||
|
if t.DomainStrategyLocal != option.DomainStrategy(dns.DomainStrategyAsIS) {
|
||||||
|
domainStrategyLocal = t.DomainStrategyLocal
|
||||||
|
} else {
|
||||||
|
domainStrategyLocal = option.DomainStrategy(dns.DomainStrategyPreferIPv4)
|
||||||
|
}
|
||||||
|
if domainStrategyLocal == domainStrategy {
|
||||||
|
domainStrategyLocal = 0
|
||||||
}
|
}
|
||||||
options.DNS = &option.DNSOptions{
|
options.DNS = &option.DNSOptions{
|
||||||
ReverseMapping: !t.DisableTrafficBypass && metadata.Platform != M.PlatformUnknown && !metadata.Platform.IsApple(),
|
ReverseMapping: !t.DisableTrafficBypass && metadata.Platform != M.PlatformUnknown && !metadata.Platform.IsApple(),
|
||||||
@ -29,7 +42,7 @@ func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error
|
|||||||
IndependentCache: t.EnableFakeIP,
|
IndependentCache: t.EnableFakeIP,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
dnsDefault := t.DNSDefault
|
dnsDefault := t.DNS
|
||||||
if dnsDefault == "" {
|
if dnsDefault == "" {
|
||||||
dnsDefault = DefaultDNS
|
dnsDefault = DefaultDNS
|
||||||
}
|
}
|
||||||
@ -55,14 +68,16 @@ func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error
|
|||||||
)
|
)
|
||||||
if t.DisableTrafficBypass {
|
if t.DisableTrafficBypass {
|
||||||
localDNSOptions = option.DNSServerOptions{
|
localDNSOptions = option.DNSServerOptions{
|
||||||
Tag: DNSLocalTag,
|
Tag: DNSLocalTag,
|
||||||
Address: "local",
|
Address: "local",
|
||||||
|
Strategy: domainStrategyLocal,
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
localDNSOptions = option.DNSServerOptions{
|
localDNSOptions = option.DNSServerOptions{
|
||||||
Tag: DNSLocalTag,
|
Tag: DNSLocalTag,
|
||||||
Address: dnsLocal,
|
Address: dnsLocal,
|
||||||
Detour: directTag,
|
Detour: directTag,
|
||||||
|
Strategy: domainStrategyLocal,
|
||||||
}
|
}
|
||||||
if dnsLocalUrl, err := url.Parse(dnsLocal); err == nil && BM.IsDomainName(dnsLocalUrl.Hostname()) {
|
if dnsLocalUrl, err := url.Parse(dnsLocal); err == nil && BM.IsDomainName(dnsLocalUrl.Hostname()) {
|
||||||
localDNSOptions.AddressResolver = DNSLocalSetupTag
|
localDNSOptions.AddressResolver = DNSLocalSetupTag
|
||||||
@ -72,8 +87,9 @@ func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error
|
|||||||
options.DNS.Servers = append(options.DNS.Servers, localDNSOptions)
|
options.DNS.Servers = append(options.DNS.Servers, localDNSOptions)
|
||||||
if localDNSIsDomain {
|
if localDNSIsDomain {
|
||||||
options.DNS.Servers = append(options.DNS.Servers, option.DNSServerOptions{
|
options.DNS.Servers = append(options.DNS.Servers, option.DNSServerOptions{
|
||||||
Tag: DNSLocalSetupTag,
|
Tag: DNSLocalSetupTag,
|
||||||
Address: "local",
|
Address: "local",
|
||||||
|
Strategy: domainStrategyLocal,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
if t.EnableFakeIP {
|
if t.EnableFakeIP {
|
||||||
|
@ -32,17 +32,15 @@ func (t *Template) renderInbounds(metadata M.Metadata, options *option.Options)
|
|||||||
disableTun := t.DisableTUN && !metadata.Platform.TunOnly()
|
disableTun := t.DisableTUN && !metadata.Platform.TunOnly()
|
||||||
if !disableTun {
|
if !disableTun {
|
||||||
options.Route.AutoDetectInterface = true
|
options.Route.AutoDetectInterface = true
|
||||||
|
address := []netip.Prefix{netip.MustParsePrefix("172.19.0.1/30")}
|
||||||
var inet6Address []netip.Prefix
|
|
||||||
if !t.DisableIPv6() {
|
if !t.DisableIPv6() {
|
||||||
inet6Address = []netip.Prefix{netip.MustParsePrefix("fdfe:dcba:9876::1/126")}
|
address = append(address, netip.MustParsePrefix("fdfe:dcba:9876::1/126"))
|
||||||
}
|
}
|
||||||
tunInbound := option.Inbound{
|
tunInbound := option.Inbound{
|
||||||
Type: C.TypeTun,
|
Type: C.TypeTun,
|
||||||
TunOptions: option.TunInboundOptions{
|
TunOptions: option.TunInboundOptions{
|
||||||
Inet4Address: []netip.Prefix{netip.MustParsePrefix("172.19.0.1/30")},
|
AutoRoute: true,
|
||||||
Inet6Address: inet6Address,
|
Address: address,
|
||||||
AutoRoute: true,
|
|
||||||
InboundOptions: option.InboundOptions{
|
InboundOptions: option.InboundOptions{
|
||||||
SniffEnabled: needSniff,
|
SniffEnabled: needSniff,
|
||||||
},
|
},
|
||||||
@ -50,7 +48,7 @@ func (t *Template) renderInbounds(metadata M.Metadata, options *option.Options)
|
|||||||
}
|
}
|
||||||
if autoRedirect {
|
if autoRedirect {
|
||||||
tunInbound.TunOptions.AutoRedirect = true
|
tunInbound.TunOptions.AutoRedirect = true
|
||||||
if !t.DisableTrafficBypass {
|
if !t.DisableTrafficBypass && metadata.Platform == "" {
|
||||||
tunInbound.TunOptions.RouteExcludeAddressSet = []string{"geoip-cn"}
|
tunInbound.TunOptions.RouteExcludeAddressSet = []string{"geoip-cn"}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user