From 0289586880a36430197721e938e59058e931df79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 26 Aug 2022 23:52:17 +0800 Subject: [PATCH] Add documentation for strict_route --- docs/configuration/inbound/tun.md | 11 +++++++++++ docs/configuration/inbound/tun.zh.md | 10 ++++++++++ go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index 7cbb3a4d..64bf5e3b 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -15,6 +15,7 @@ "inet6_address": "fdfe:dcba:9876::1/128", "mtu": 1500, "auto_route": true, + "strict_route": true, "endpoint_independent_nat": false, "udp_timeout": 300, "stack": "gvisor", @@ -86,6 +87,16 @@ Set the default route to the Tun. To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface` +#### strict_route + +Enforce strict routing rules in Linux when `auto_route` is enabled: + +* Let unsupported network unreachable +* Route all connections to tun + +It prevents address leaks and makes DNS hijacking work on Android and Linux with systemd-resolved, but your device will +not be accessible by others. + #### endpoint_independent_nat Enable endpoint-independent NAT. diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index 9883d159..e1257195 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -15,6 +15,7 @@ "inet6_address": "fdfe:dcba:9876::1/128", "mtu": 1500, "auto_route": true, + "strict_route": true, "endpoint_independent_nat": false, "udp_timeout": 300, "stack": "gvisor", @@ -86,6 +87,15 @@ tun 接口的 IPv6 前缀。 为避免流量环回,请设置 `route.auto_detect_interface` 或 `route.default_interface` 或 `outbound.bind_interface`。 +#### strict_route + +在 Linux 中启用 `auto_route` 时执行严格的路由规则。 + +* 让不支持的网络无法到达 +* 将所有连接路由到 tun + +它可以防止地址泄漏,并使 DNS 劫持在 Android 和使用 systemd-resolved 的 Linux 上工作,但你的设备将无法其他设备被访问。 + #### endpoint_independent_nat 启用独立于端点的 NAT。 diff --git a/go.mod b/go.mod index 61f1e75c..661c49fa 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/sagernet/sing v0.0.0-20220826124916-d4ba8fdfac88 github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666 github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 - github.com/sagernet/sing-tun v0.0.0-20220826134511-3661aafce489 + github.com/sagernet/sing-tun v0.0.0-20220827013030-e01ce3a8a70e github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4 github.com/sagernet/smux v0.0.0-20220812084127-e2d085ee3939 github.com/spf13/cobra v1.5.0 diff --git a/go.sum b/go.sum index c3c172d3..84af5781 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666 h1:XUTocA/Ek0dFx github.com/sagernet/sing-dns v0.0.0-20220822023312-3e086b06d666/go.mod h1:eDyH7AJmqBGjZQdQmpZIzlbTREudZuWDExMuGKgjRVM= github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6 h1:JJfDeYYhWunvtxsU/mOVNTmFQmnzGx9dY034qG6G3g4= github.com/sagernet/sing-shadowsocks v0.0.0-20220819002358-7461bb09a8f6/go.mod h1:EX3RbZvrwAkPI2nuGa78T2iQXmrkT+/VQtskjou42xM= -github.com/sagernet/sing-tun v0.0.0-20220826134511-3661aafce489 h1:tPZUuDv9N4vM8t91dshQQoO+ubtlEwRmGPwlshEV+fY= -github.com/sagernet/sing-tun v0.0.0-20220826134511-3661aafce489/go.mod h1:B9BsLZmK01+9Dzhl634lM6YU80aTqOZ2yyrOzhA/Bto= +github.com/sagernet/sing-tun v0.0.0-20220827013030-e01ce3a8a70e h1:7GGZfIhbTAiUmVsWVLEccrKbwsgocUaJDJ859RVFNTA= +github.com/sagernet/sing-tun v0.0.0-20220827013030-e01ce3a8a70e/go.mod h1:B9BsLZmK01+9Dzhl634lM6YU80aTqOZ2yyrOzhA/Bto= github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4 h1:2hLETh97+S4WnfMR27XyC7QVU1SH7FTNoCznP229YJU= github.com/sagernet/sing-vmess v0.0.0-20220811135656-4f3f07acf9c4/go.mod h1:82O6gzbxLha/W/jxSVQbsqf2lVdRTjMIgyLug0lpJps= github.com/sagernet/smux v0.0.0-20220812084127-e2d085ee3939 h1:pB1Dh1NbwVrLhQhotr4O4Hs3yhiBzmg3AvnUyYjL4x4=