From d4fa0ed3491e58d417be5044163b00687f669781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Wed, 2 Apr 2025 13:44:39 +0800 Subject: [PATCH] Improve auto redirect --- docs/configuration/inbound/tun.md | 16 ++++++++++++---- docs/configuration/inbound/tun.zh.md | 16 +++++++++++----- go.mod | 2 +- go.sum | 4 ++-- protocol/tun/inbound.go | 2 +- 5 files changed, 27 insertions(+), 13 deletions(-) diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index b6bf5c75..fbad1d0a 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -211,6 +211,10 @@ Set the default route to the Tun. By default, VPN takes precedence over tun. To make tun go through VPN, enable `route.override_android_vpn`. +!!! note "Also enable `auto_redirect`" + + `auto_redirect` is always recommended on Linux, it provides better routing, higher performance (better than tproxy), and avoids conflicts with Docker bridge networks. + #### iproute2_table_index !!! question "Since sing-box 1.10.0" @@ -237,6 +241,10 @@ Linux iproute2 rule start index generated by `auto_route`. Automatically configure iptables/nftables to redirect connections. +Auto redirect is always recommended on Linux, it provides better routing, +higher performance (better than tproxy), +and avoids conflicts with Docker bridge networks. + *In Android*: Only local IPv4 connections are forwarded. To share your VPN connection over hotspot or repeater, @@ -246,11 +254,13 @@ use [VPNHotspot](https://github.com/Mygod/VPNHotspot). `auto_route` with `auto_redirect` works as expected on routers **without intervention**. +Conflict with `route.default_mark` and `[dialOptions].routing_mark`. + #### auto_redirect_input_mark !!! question "Since sing-box 1.10.0" -Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`. +Connection input mark used by `auto_redirect`. `0x2023` is used by default. @@ -258,7 +268,7 @@ Connection input mark used by `route[_exclude]_address_set` with `auto_redirect` !!! question "Since sing-box 1.10.0" -Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`. +Connection output mark used by `auto_redirect`. `0x2024` is used by default. @@ -367,8 +377,6 @@ Exclude custom routes when `auto_route` is enabled. Add the destination IP CIDR rules in the specified rule-sets to the firewall. Matched traffic will bypass the sing-box routes. - - Conflict with `route.default_mark` and `[dialOptions].routing_mark`. === "Without `auto_redirect` enabled" diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index c9bd844d..e0e90cb8 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -215,6 +215,10 @@ tun 接口的 IPv6 前缀。 VPN 默认优先于 tun。要使 tun 经过 VPN,启用 `route.override_android_vpn`。 +!!! note "也启用 `auto_redirect`" + + 在 Linux 上始终推荐使用 `auto_redirect`,它提供更好的路由, 更高的性能(优于 tproxy), 并避免与 Docker 桥接网络冲突。 + #### iproute2_table_index !!! question "自 sing-box 1.10.0 起" @@ -241,19 +245,23 @@ tun 接口的 IPv6 前缀。 自动配置 iptables/nftables 以重定向连接。 +在 Linux 上始终推荐使用 auto redirect,它提供更好的路由, 更高的性能(优于 tproxy), 并避免与 Docker 桥接网络冲突。 + *在 Android 中*: 仅转发本地 IPv4 连接。 要通过热点或中继共享您的 VPN 连接,请使用 [VPNHotspot](https://github.com/Mygod/VPNHotspot)。 *在 Linux 中*: -带有 `auto_redirect `的 `auto_route` 可以在路由器上按预期工作,**无需干预**。 +带有 `auto_redirect` 的 `auto_route` 在路由器上**无需干预**即可按预期工作。 + +与 `route.default_mark` 和 `[dialOptions].routing_mark` 冲突。 #### auto_redirect_input_mark !!! question "自 sing-box 1.10.0 起" -`route_address_set` 和 `route_exclude_address_set` 使用的连接输入标记。 +`auto_redriect` 使用的连接输入标记。 默认使用 `0x2023`。 @@ -261,7 +269,7 @@ tun 接口的 IPv6 前缀。 !!! question "自 sing-box 1.10.0 起" -`route_address_set` 和 `route_exclude_address_set` 使用的连接输出标记。 +`auto_redriect` 使用的连接输出标记。 默认使用 `0x2024`。 @@ -341,8 +349,6 @@ tun 接口的 IPv6 前缀。 将指定规则集中的目标 IP CIDR 规则添加到防火墙。 不匹配的流量将绕过 sing-box 路由。 - - 与 `route.default_mark` 和 `[dialOptions].routing_mark` 冲突。 === "`auto_redirect` 未启用" diff --git a/go.mod b/go.mod index 3c1ab644..3fef31c3 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( github.com/sagernet/sing-shadowsocks v0.2.7 github.com/sagernet/sing-shadowsocks2 v0.2.0 github.com/sagernet/sing-shadowtls v0.2.0 - github.com/sagernet/sing-tun v0.6.1 + github.com/sagernet/sing-tun v0.6.4 github.com/sagernet/sing-vmess v0.2.0 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 github.com/sagernet/utls v1.6.7 diff --git a/go.sum b/go.sum index 7aa82f74..27d3a156 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wK github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ= github.com/sagernet/sing-shadowtls v0.2.0 h1:cLKe4OAOFwuhmAIuPLj//CIL7Q9js+pIDardhJ+/osk= github.com/sagernet/sing-shadowtls v0.2.0/go.mod h1:agU+Fw5X+xnWVyRHyFthoZCX3MfWKCFPm4JUf+1oaxo= -github.com/sagernet/sing-tun v0.6.1 h1:4l0+gnEKcGjlWfUVTD+W0BRApqIny/lU2ZliurE+VMo= -github.com/sagernet/sing-tun v0.6.1/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE= +github.com/sagernet/sing-tun v0.6.4 h1:3Iew6UtAf1+mucVeHKNhAEQI5xmq3CUCbGptUbjebts= +github.com/sagernet/sing-tun v0.6.4/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE= github.com/sagernet/sing-vmess v0.2.0 h1:pCMGUXN2k7RpikQV65/rtXtDHzb190foTfF9IGTMZrI= github.com/sagernet/sing-vmess v0.2.0/go.mod h1:jDAZ0A0St1zVRkyvhAPRySOFfhC+4SQtO5VYyeFotgA= github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ= diff --git a/protocol/tun/inbound.go b/protocol/tun/inbound.go index 00cc0561..70f78c0a 100644 --- a/protocol/tun/inbound.go +++ b/protocol/tun/inbound.go @@ -245,7 +245,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo if err != nil { return nil, E.Cause(err, "initialize auto-redirect") } - if !C.IsAndroid && (len(inbound.routeRuleSet) > 0 || len(inbound.routeExcludeRuleSet) > 0) { + if !C.IsAndroid { inbound.tunOptions.AutoRedirectMarkMode = true err = networkManager.RegisterAutoRedirectOutputMark(inbound.tunOptions.AutoRedirectOutputMark) if err != nil {