Improve DNS and inbound rules

This commit is contained in:
世界 2024-06-18 18:34:22 +08:00
parent 6f86247909
commit 7c48260661
No known key found for this signature in database
GPG Key ID: CD109927C34A63C4
6 changed files with 81 additions and 26 deletions

View File

@ -8,12 +8,13 @@
"log": {}, "log": {},
"domain_strategy": "", "domain_strategy": "",
"domain_strategy_local": "",
"disable_traffic_bypass": false, "disable_traffic_bypass": false,
"disable_rule_set": false, "disable_rule_set": false,
"remote_resolve": false, "remote_resolve": false,
// DNS // DNS
"dns_default": "", "dns": "",
"dns_local": "", "dns_local": "",
"enable_fakeip": false, "enable_fakeip": false,
"pre_dns_rules": [], "pre_dns_rules": [],
@ -47,7 +48,6 @@
"custom_urltest": {}, "custom_urltest": {},
// Route // Route
"disable_default_rules": false,
"pre_rules": [], "pre_rules": [],
"custom_rules": [], "custom_rules": [],
"enable_jsdelivr": false, "enable_jsdelivr": false,
@ -96,6 +96,15 @@ If `*_only` enabled, TUN and DNS will be configured to disable the other network
Note that if want `prefer_*` to take effect on transparent proxy requests, set `enable_fakeip`. Note that if want `prefer_*` to take effect on transparent proxy requests, set `enable_fakeip`.
`ipv4_only` is used by default when `enable_fakeip` disabled,
`prefer_ipv4` is used by default when `enable_fakeip` enabled.
#### domain_strategy_local
Local sing-box domain strategy.
`prefer_ipv4` is used by default.
#### disable_rule_set #### disable_rule_set
Use `geoip` and `geosite` for traffic bypassing instead of rule sets. Use `geoip` and `geosite` for traffic bypassing instead of rule sets.
@ -108,7 +117,7 @@ Disable traffic bypass for Chinese DNS queries and connections.
Don't generate `doamin_strategy` options for inbounds. Don't generate `doamin_strategy` options for inbounds.
#### dns_default #### dns
Default DNS server. Default DNS server.
@ -222,10 +231,6 @@ Custom [Selector](https://sing-box.sagernet.org/configuration/outbound/selector/
Custom [URLTest](https://sing-box.sagernet.org/configuration/outbound/urltest/) outbound template. Custom [URLTest](https://sing-box.sagernet.org/configuration/outbound/urltest/) outbound template.
#### disable_default_rules
Don't generate some useful rules.
#### pre_rules #### pre_rules
List of [Rule](https://sing-box.sagernet.org/configuration/route/rule/). List of [Rule](https://sing-box.sagernet.org/configuration/route/rule/).

View File

@ -16,12 +16,13 @@ type _Template struct {
Log *option.LogOptions `json:"log,omitempty"` Log *option.LogOptions `json:"log,omitempty"`
DomainStrategy option.DomainStrategy `json:"domain_strategy,omitempty"` DomainStrategy option.DomainStrategy `json:"domain_strategy,omitempty"`
DomainStrategyLocal option.DomainStrategy `json:"domain_strategy_local,omitempty"`
DisableTrafficBypass bool `json:"disable_traffic_bypass,omitempty"` DisableTrafficBypass bool `json:"disable_traffic_bypass,omitempty"`
DisableRuleSet bool `json:"disable_rule_set,omitempty"` DisableRuleSet bool `json:"disable_rule_set,omitempty"`
RemoteResolve bool `json:"remote_resolve,omitempty"` RemoteResolve bool `json:"remote_resolve,omitempty"`
// DNS // DNS
DNSDefault string `json:"dns_default,omitempty"` DNS string `json:"dns,omitempty"`
DNSLocal string `json:"dns_local,omitempty"` DNSLocal string `json:"dns_local,omitempty"`
EnableFakeIP bool `json:"enable_fakeip,omitempty"` EnableFakeIP bool `json:"enable_fakeip,omitempty"`
DisableDNSLeak bool `json:"disable_dns_leak,omitempty"` DisableDNSLeak bool `json:"disable_dns_leak,omitempty"`
@ -124,7 +125,7 @@ type GitHubRuleSetOptions struct {
} }
func (t Template) DisableIPv6() bool { func (t Template) DisableIPv6() bool {
return t.DomainStrategy == option.DomainStrategy(dns.DomainStrategyUseIPv4) return t.DomainStrategy == option.DomainStrategy(dns.DomainStrategyUseIPv4) && t.DomainStrategyLocal == option.DomainStrategy(dns.DomainStrategyUseIPv4)
} }
type ExtraGroup struct { type ExtraGroup struct {

View File

@ -1,10 +1,13 @@
package filter package filter
import ( import (
"net/netip"
"github.com/sagernet/serenity/common/metadata" "github.com/sagernet/serenity/common/metadata"
"github.com/sagernet/serenity/common/semver" "github.com/sagernet/serenity/common/semver"
C "github.com/sagernet/sing-box/constant" C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/option" "github.com/sagernet/sing-box/option"
"github.com/sagernet/sing/common"
) )
func init() { func init() {
@ -21,6 +24,36 @@ func filter1100(metadata metadata.Metadata, options *option.Options) {
inbound.TunOptions.AutoRedirect = false inbound.TunOptions.AutoRedirect = false
inbound.TunOptions.RouteAddressSet = nil inbound.TunOptions.RouteAddressSet = nil
inbound.TunOptions.RouteExcludeAddressSet = nil inbound.TunOptions.RouteExcludeAddressSet = nil
//nolint:staticcheck
//goland:noinspection GoDeprecation
if len(inbound.TunOptions.Address) > 0 {
inbound.TunOptions.Inet4Address = append(inbound.TunOptions.Inet4Address, common.Filter(inbound.TunOptions.Address, func(it netip.Prefix) bool {
return it.Addr().Is4()
})...)
inbound.TunOptions.Inet6Address = append(inbound.TunOptions.Inet6Address, common.Filter(inbound.TunOptions.Address, func(it netip.Prefix) bool {
return it.Addr().Is6()
})...)
}
//nolint:staticcheck
//goland:noinspection GoDeprecation
if len(inbound.TunOptions.RouteAddress) > 0 {
inbound.TunOptions.Inet4RouteAddress = append(inbound.TunOptions.Inet4RouteAddress, common.Filter(inbound.TunOptions.RouteAddress, func(it netip.Prefix) bool {
return it.Addr().Is4()
})...)
inbound.TunOptions.Inet6RouteAddress = append(inbound.TunOptions.Inet6RouteAddress, common.Filter(inbound.TunOptions.RouteAddress, func(it netip.Prefix) bool {
return it.Addr().Is6()
})...)
}
//nolint:staticcheck
//goland:noinspection GoDeprecation
if len(inbound.TunOptions.RouteExcludeAddress) > 0 {
inbound.TunOptions.Inet4RouteExcludeAddress = append(inbound.TunOptions.Inet4RouteExcludeAddress, common.Filter(inbound.TunOptions.RouteExcludeAddress, func(it netip.Prefix) bool {
return it.Addr().Is4()
})...)
inbound.TunOptions.Inet6RouteExcludeAddress = append(inbound.TunOptions.Inet6RouteExcludeAddress, common.Filter(inbound.TunOptions.RouteExcludeAddress, func(it netip.Prefix) bool {
return it.Addr().Is6()
})...)
}
} }
newInbounds = append(newInbounds, inbound) newInbounds = append(newInbounds, inbound)
} }

View File

@ -70,6 +70,8 @@ func filter170(metadata metadata.Metadata, options *option.Options) {
} }
} }
//nolint:staticcheck
//goland:noinspection GoDeprecation
func filter170Tun(options option.TunInboundOptions) option.TunInboundOptions { func filter170Tun(options option.TunInboundOptions) option.TunInboundOptions {
options.Inet4RouteExcludeAddress = nil options.Inet4RouteExcludeAddress = nil
options.Inet6RouteExcludeAddress = nil options.Inet6RouteExcludeAddress = nil

View File

@ -16,11 +16,24 @@ import (
) )
func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error { func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error {
var domainStrategy option.DomainStrategy var (
domainStrategy option.DomainStrategy
domainStrategyLocal option.DomainStrategy
)
if t.DomainStrategy != option.DomainStrategy(dns.DomainStrategyAsIS) { if t.DomainStrategy != option.DomainStrategy(dns.DomainStrategyAsIS) {
domainStrategy = t.DomainStrategy domainStrategy = t.DomainStrategy
} else { } else if t.EnableFakeIP {
domainStrategy = option.DomainStrategy(dns.DomainStrategyPreferIPv4) domainStrategy = option.DomainStrategy(dns.DomainStrategyPreferIPv4)
} else {
domainStrategy = option.DomainStrategy(dns.DomainStrategyUseIPv4)
}
if t.DomainStrategyLocal != option.DomainStrategy(dns.DomainStrategyAsIS) {
domainStrategyLocal = t.DomainStrategyLocal
} else {
domainStrategyLocal = option.DomainStrategy(dns.DomainStrategyPreferIPv4)
}
if domainStrategyLocal == domainStrategy {
domainStrategyLocal = 0
} }
options.DNS = &option.DNSOptions{ options.DNS = &option.DNSOptions{
ReverseMapping: !t.DisableTrafficBypass && metadata.Platform != M.PlatformUnknown && !metadata.Platform.IsApple(), ReverseMapping: !t.DisableTrafficBypass && metadata.Platform != M.PlatformUnknown && !metadata.Platform.IsApple(),
@ -29,7 +42,7 @@ func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error
IndependentCache: t.EnableFakeIP, IndependentCache: t.EnableFakeIP,
}, },
} }
dnsDefault := t.DNSDefault dnsDefault := t.DNS
if dnsDefault == "" { if dnsDefault == "" {
dnsDefault = DefaultDNS dnsDefault = DefaultDNS
} }
@ -55,14 +68,16 @@ func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error
) )
if t.DisableTrafficBypass { if t.DisableTrafficBypass {
localDNSOptions = option.DNSServerOptions{ localDNSOptions = option.DNSServerOptions{
Tag: DNSLocalTag, Tag: DNSLocalTag,
Address: "local", Address: "local",
Strategy: domainStrategyLocal,
} }
} else { } else {
localDNSOptions = option.DNSServerOptions{ localDNSOptions = option.DNSServerOptions{
Tag: DNSLocalTag, Tag: DNSLocalTag,
Address: dnsLocal, Address: dnsLocal,
Detour: directTag, Detour: directTag,
Strategy: domainStrategyLocal,
} }
if dnsLocalUrl, err := url.Parse(dnsLocal); err == nil && BM.IsDomainName(dnsLocalUrl.Hostname()) { if dnsLocalUrl, err := url.Parse(dnsLocal); err == nil && BM.IsDomainName(dnsLocalUrl.Hostname()) {
localDNSOptions.AddressResolver = DNSLocalSetupTag localDNSOptions.AddressResolver = DNSLocalSetupTag
@ -72,8 +87,9 @@ func (t *Template) renderDNS(metadata M.Metadata, options *option.Options) error
options.DNS.Servers = append(options.DNS.Servers, localDNSOptions) options.DNS.Servers = append(options.DNS.Servers, localDNSOptions)
if localDNSIsDomain { if localDNSIsDomain {
options.DNS.Servers = append(options.DNS.Servers, option.DNSServerOptions{ options.DNS.Servers = append(options.DNS.Servers, option.DNSServerOptions{
Tag: DNSLocalSetupTag, Tag: DNSLocalSetupTag,
Address: "local", Address: "local",
Strategy: domainStrategyLocal,
}) })
} }
if t.EnableFakeIP { if t.EnableFakeIP {

View File

@ -32,17 +32,15 @@ func (t *Template) renderInbounds(metadata M.Metadata, options *option.Options)
disableTun := t.DisableTUN && !metadata.Platform.TunOnly() disableTun := t.DisableTUN && !metadata.Platform.TunOnly()
if !disableTun { if !disableTun {
options.Route.AutoDetectInterface = true options.Route.AutoDetectInterface = true
address := []netip.Prefix{netip.MustParsePrefix("172.19.0.1/30")}
var inet6Address []netip.Prefix
if !t.DisableIPv6() { if !t.DisableIPv6() {
inet6Address = []netip.Prefix{netip.MustParsePrefix("fdfe:dcba:9876::1/126")} address = append(address, netip.MustParsePrefix("fdfe:dcba:9876::1/126"))
} }
tunInbound := option.Inbound{ tunInbound := option.Inbound{
Type: C.TypeTun, Type: C.TypeTun,
TunOptions: option.TunInboundOptions{ TunOptions: option.TunInboundOptions{
Inet4Address: []netip.Prefix{netip.MustParsePrefix("172.19.0.1/30")}, AutoRoute: true,
Inet6Address: inet6Address, Address: address,
AutoRoute: true,
InboundOptions: option.InboundOptions{ InboundOptions: option.InboundOptions{
SniffEnabled: needSniff, SniffEnabled: needSniff,
}, },
@ -50,7 +48,7 @@ func (t *Template) renderInbounds(metadata M.Metadata, options *option.Options)
} }
if autoRedirect { if autoRedirect {
tunInbound.TunOptions.AutoRedirect = true tunInbound.TunOptions.AutoRedirect = true
if !t.DisableTrafficBypass { if !t.DisableTrafficBypass && metadata.Platform == "" {
tunInbound.TunOptions.RouteExcludeAddressSet = []string{"geoip-cn"} tunInbound.TunOptions.RouteExcludeAddressSet = []string{"geoip-cn"}
} }
} }