chunyu/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-06-13 21:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Independent source_ip_is_private and ip_is_private rules

Browse Source
This commit is contained in:
世界 2023-11-30 15:58:00 +08:00
parent cbe2848d8f
commit 9cbbb16145
No known key found for this signature in database
GPG Key ID: CD109927C34A63C4
10 changed files with 149 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configuration/dns/rule.md
View File

@ -5,6 +5,7 @@ icon: material/alert-decagram
!!! quote "Changes in sing-box 1.8.0" !!! quote "Changes in sing-box 1.8.0"
:material-plus: [rule_set](#rule_set) :material-plus: [rule_set](#rule_set)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-delete-clock: [geoip](#geoip) :material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite) :material-delete-clock: [geosite](#geosite)
@ -56,6 +57,7 @@ icon: material/alert-decagram
"10.0.0.0/24", "10.0.0.0/24",
"192.168.0.1" "192.168.0.1"
], ],
"source_ip_is_private": false,
"source_port": [ "source_port": [
12345 12345
], ],
@ -198,6 +200,12 @@ Match source geoip.
Match source IP CIDR. Match source IP CIDR.
#### source_ip_is_private
!!! question "Since sing-box 1.8.0"
Match non-public source IP.
#### source_port #### source_port
Match source port. Match source port.

8
docs/configuration/dns/rule.zh.md
View File

@ -5,6 +5,7 @@ icon: material/alert-decagram
!!! quote "sing-box 1.8.0 中的更改" !!! quote "sing-box 1.8.0 中的更改"
:material-plus: [rule_set](#rule_set) :material-plus: [rule_set](#rule_set)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-delete-clock: [geoip](#geoip) :material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite) :material-delete-clock: [geosite](#geosite)
@ -55,6 +56,7 @@ icon: material/alert-decagram
"source_ip_cidr": [ "source_ip_cidr": [
"10.0.0.0/24" "10.0.0.0/24"
], ],
"source_ip_is_private": false,
"source_port": [ "source_port": [
12345 12345
], ],
@ -195,6 +197,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
匹配源 IP CIDR。 匹配源 IP CIDR。
#### source_ip_is_private
!!! question "自 sing-box 1.8.0 起"
匹配非公开源 IP。
#### source_port #### source_port
匹配源端口。 匹配源端口。

16
docs/configuration/route/rule.md
View File

@ -6,6 +6,8 @@ icon: material/alert-decagram
:material-plus: [rule_set](#rule_set) :material-plus: [rule_set](#rule_set)
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-plus: [ip_is_private](#ip_is_private)
:material-delete-clock: [source_geoip](#source_geoip) :material-delete-clock: [source_geoip](#source_geoip)
:material-delete-clock: [geoip](#geoip) :material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite) :material-delete-clock: [geosite](#geosite)
@ -58,10 +60,12 @@ icon: material/alert-decagram
"10.0.0.0/24", "10.0.0.0/24",
"192.168.0.1" "192.168.0.1"
], ],
"source_ip_is_private": false,
"ip_cidr": [ "ip_cidr": [
"10.0.0.0/24", "10.0.0.0/24",
"192.168.0.1" "192.168.0.1"
], ],
"ip_is_private": false,
"source_port": [ "source_port": [
12345 12345
], ],
@ -202,10 +206,22 @@ Match geoip.
Match source IP CIDR. Match source IP CIDR.
#### ip_is_private
!!! question "Since sing-box 1.8.0"
Match non-public IP.
#### ip_cidr #### ip_cidr
Match IP CIDR. Match IP CIDR.
#### source_ip_is_private
!!! question "Since sing-box 1.8.0"
Match non-public source IP.
#### source_port #### source_port
Match source port. Match source port.

16
docs/configuration/route/rule.zh.md
View File

@ -6,6 +6,8 @@ icon: material/alert-decagram
:material-plus: [rule_set](#rule_set) :material-plus: [rule_set](#rule_set)
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-plus: [ip_is_private](#ip_is_private)
:material-delete-clock: [source_geoip](#source_geoip) :material-delete-clock: [source_geoip](#source_geoip)
:material-delete-clock: [geoip](#geoip) :material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite) :material-delete-clock: [geosite](#geosite)
@ -57,9 +59,11 @@ icon: material/alert-decagram
"source_ip_cidr": [ "source_ip_cidr": [
"10.0.0.0/24" "10.0.0.0/24"
], ],
"source_ip_is_private": false,
"ip_cidr": [ "ip_cidr": [
"10.0.0.0/24" "10.0.0.0/24"
], ],
"ip_is_private": false,
"source_port": [ "source_port": [
12345 12345
], ],
@ -200,10 +204,22 @@ icon: material/alert-decagram
匹配源 IP CIDR。 匹配源 IP CIDR。
#### source_ip_is_private
!!! question "自 sing-box 1.8.0 起"
匹配非公开源 IP。
#### ip_cidr #### ip_cidr
匹配 IP CIDR。 匹配 IP CIDR。
#### ip_is_private
!!! question "自 sing-box 1.8.0 起"
匹配非公开 IP。
#### source_port #### source_port
匹配源端口。 匹配源端口。

8
docs/migration.md
View File

@ -68,6 +68,10 @@ icon: material/arrange-bring-forward
{ {
"route": { "route": {
"rules": [ "rules": [
{
"geoip": "private",
"outbound": "direct"
},
{ {
"geoip": "cn", "geoip": "cn",
"outbound": "direct" "outbound": "direct"
@ -90,6 +94,10 @@ icon: material/arrange-bring-forward
{ {
"route": { "route": {
"rules": [ "rules": [
{
"ip_is_private": true,
"outbound": "direct"
},
{ {
"rule_set": "geoip-cn", "rule_set": "geoip-cn",
"outbound": "direct" "outbound": "direct"

2
option/rule.go
View File

@ -78,7 +78,9 @@ type DefaultRule struct {
SourceGeoIP Listable[string] `json:"source_geoip,omitempty"` SourceGeoIP Listable[string] `json:"source_geoip,omitempty"`
GeoIP Listable[string] `json:"geoip,omitempty"` GeoIP Listable[string] `json:"geoip,omitempty"`
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"` SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
SourceIPIsPrivate bool `json:"source_ip_is_private,omitempty"`
IPCIDR Listable[string] `json:"ip_cidr,omitempty"` IPCIDR Listable[string] `json:"ip_cidr,omitempty"`
IPIsPrivate bool `json:"ip_is_private,omitempty"`
SourcePort Listable[uint16] `json:"source_port,omitempty"` SourcePort Listable[uint16] `json:"source_port,omitempty"`
SourcePortRange Listable[string] `json:"source_port_range,omitempty"` SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
Port Listable[uint16] `json:"port,omitempty"` Port Listable[uint16] `json:"port,omitempty"`

63
option/rule_dns.go
View File

@ -65,37 +65,38 @@ func (r DNSRule) IsValid() bool {
} }
type DefaultDNSRule struct { type DefaultDNSRule struct {
Inbound Listable[string] `json:"inbound,omitempty"` Inbound Listable[string] `json:"inbound,omitempty"`
IPVersion int `json:"ip_version,omitempty"` IPVersion int `json:"ip_version,omitempty"`
QueryType Listable[DNSQueryType] `json:"query_type,omitempty"` QueryType Listable[DNSQueryType] `json:"query_type,omitempty"`
Network Listable[string] `json:"network,omitempty"` Network Listable[string] `json:"network,omitempty"`
AuthUser Listable[string] `json:"auth_user,omitempty"` AuthUser Listable[string] `json:"auth_user,omitempty"`
Protocol Listable[string] `json:"protocol,omitempty"` Protocol Listable[string] `json:"protocol,omitempty"`
Domain Listable[string] `json:"domain,omitempty"` Domain Listable[string] `json:"domain,omitempty"`
DomainSuffix Listable[string] `json:"domain_suffix,omitempty"` DomainSuffix Listable[string] `json:"domain_suffix,omitempty"`
DomainKeyword Listable[string] `json:"domain_keyword,omitempty"` DomainKeyword Listable[string] `json:"domain_keyword,omitempty"`
DomainRegex Listable[string] `json:"domain_regex,omitempty"` DomainRegex Listable[string] `json:"domain_regex,omitempty"`
Geosite Listable[string] `json:"geosite,omitempty"` Geosite Listable[string] `json:"geosite,omitempty"`
SourceGeoIP Listable[string] `json:"source_geoip,omitempty"` SourceGeoIP Listable[string] `json:"source_geoip,omitempty"`
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"` SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
SourcePort Listable[uint16] `json:"source_port,omitempty"` SourceIPIsPrivate bool `json:"source_ip_is_private,omitempty"`
SourcePortRange Listable[string] `json:"source_port_range,omitempty"` SourcePort Listable[uint16] `json:"source_port,omitempty"`
Port Listable[uint16] `json:"port,omitempty"` SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
PortRange Listable[string] `json:"port_range,omitempty"` Port Listable[uint16] `json:"port,omitempty"`
ProcessName Listable[string] `json:"process_name,omitempty"` PortRange Listable[string] `json:"port_range,omitempty"`
ProcessPath Listable[string] `json:"process_path,omitempty"` ProcessName Listable[string] `json:"process_name,omitempty"`
PackageName Listable[string] `json:"package_name,omitempty"` ProcessPath Listable[string] `json:"process_path,omitempty"`
User Listable[string] `json:"user,omitempty"` PackageName Listable[string] `json:"package_name,omitempty"`
UserID Listable[int32] `json:"user_id,omitempty"` User Listable[string] `json:"user,omitempty"`
Outbound Listable[string] `json:"outbound,omitempty"` UserID Listable[int32] `json:"user_id,omitempty"`
ClashMode string `json:"clash_mode,omitempty"` Outbound Listable[string] `json:"outbound,omitempty"`
WIFISSID Listable[string] `json:"wifi_ssid,omitempty"` ClashMode string `json:"clash_mode,omitempty"`
WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"` WIFISSID Listable[string] `json:"wifi_ssid,omitempty"`
RuleSet Listable[string] `json:"rule_set,omitempty"` WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"`
Invert bool `json:"invert,omitempty"` RuleSet Listable[string] `json:"rule_set,omitempty"`
Server string `json:"server,omitempty"` Invert bool `json:"invert,omitempty"`
DisableCache bool `json:"disable_cache,omitempty"` Server string `json:"server,omitempty"`
RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"` DisableCache bool `json:"disable_cache,omitempty"`
RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"`
} }
func (r DefaultDNSRule) IsValid() bool { func (r DefaultDNSRule) IsValid() bool {

10
route/rule_default.go
View File

@ -120,6 +120,11 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt
rule.sourceAddressItems = append(rule.sourceAddressItems, item) rule.sourceAddressItems = append(rule.sourceAddressItems, item)
rule.allItems = append(rule.allItems, item) rule.allItems = append(rule.allItems, item)
} }
if options.SourceIPIsPrivate {
item := NewIPIsPrivateItem(true)
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
rule.allItems = append(rule.allItems, item)
}
if len(options.IPCIDR) > 0 { if len(options.IPCIDR) > 0 {
item, err := NewIPCIDRItem(false, options.IPCIDR) item, err := NewIPCIDRItem(false, options.IPCIDR)
if err != nil { if err != nil {
@ -128,6 +133,11 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt
rule.destinationAddressItems = append(rule.destinationAddressItems, item) rule.destinationAddressItems = append(rule.destinationAddressItems, item)
rule.allItems = append(rule.allItems, item) rule.allItems = append(rule.allItems, item)
} }
if options.IPIsPrivate {
item := NewIPIsPrivateItem(false)
rule.destinationAddressItems = append(rule.destinationAddressItems, item)
rule.allItems = append(rule.allItems, item)
}
if len(options.SourcePort) > 0 { if len(options.SourcePort) > 0 {
item := NewPortItem(true, options.SourcePort) item := NewPortItem(true, options.SourcePort)
rule.sourcePortItems = append(rule.sourcePortItems, item) rule.sourcePortItems = append(rule.sourcePortItems, item)

5
route/rule_dns.go
View File

@ -119,6 +119,11 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options
rule.sourceAddressItems = append(rule.sourceAddressItems, item) rule.sourceAddressItems = append(rule.sourceAddressItems, item)
rule.allItems = append(rule.allItems, item) rule.allItems = append(rule.allItems, item)
} }
if options.SourceIPIsPrivate {
item := NewIPIsPrivateItem(true)
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
rule.allItems = append(rule.allItems, item)
}
if len(options.SourcePort) > 0 { if len(options.SourcePort) > 0 {
item := NewPortItem(true, options.SourcePort) item := NewPortItem(true, options.SourcePort)
rule.sourcePortItems = append(rule.sourcePortItems, item) rule.sourcePortItems = append(rule.sourcePortItems, item)

44
route/rule_item_ip_is_private.go Normal file
View File

@ -0,0 +1,44 @@
package route
import (
"net/netip"
"github.com/sagernet/sing-box/adapter"
N "github.com/sagernet/sing/common/network"
)
var _ RuleItem = (*IPIsPrivateItem)(nil)
type IPIsPrivateItem struct {
isSource bool
}
func NewIPIsPrivateItem(isSource bool) *IPIsPrivateItem {
return &IPIsPrivateItem{isSource}
}
func (r *IPIsPrivateItem) Match(metadata *adapter.InboundContext) bool {
var destination netip.Addr
if r.isSource {
destination = metadata.Source.Addr
} else {
destination = metadata.Destination.Addr
}
if destination.IsValid() && !N.IsPublicAddr(destination) {
return true
}
for _, destinationAddress := range metadata.DestinationAddresses {
if !N.IsPublicAddr(destinationAddress) {
return true
}
}
return false
}
func (r *IPIsPrivateItem) String() string {
if r.isSource {
return "source_ip_is_private=true"
} else {
return "ip_is_private=true"
}
}