documentation: Bump version

Fix Tailscale dialer
Fix DNS over QUIC stream close
2025-06-13 21:54:13 +08:00 · 2025-03-29 23:13:09 +08:00 · 2025-03-29 23:12:15 +08:00 · 2025-03-29 23:12:15 +08:00 · 2025-03-29 23:12:14 +08:00 · 2025-03-29 23:12:14 +08:00
10 changed files with 20 additions and 65 deletions
--- a/common/dialer/dialer.go
+++ b/common/dialer/dialer.go
@ -24,7 +24,6 @@ type Options struct {
 	ResolverOnDetour bool
 	NewDialer        bool
 	LegacyDNSDialer  bool
-	DirectOutbound   bool
 }

 // TODO: merge with NewWithOptions
@ -109,7 +108,7 @@ func NewWithOptions(options Options) (N.Dialer, error) {
 				dnsQueryOptions.Transport = dnsTransport.Default()
 			} else if options.NewDialer {
 				return nil, E.New("missing domain resolver for domain server address")
-			} else if !options.DirectOutbound {
+			} else {
 				deprecated.Report(options.Context, deprecated.OptionMissingDomainResolver)
 			}
 		}
--- a/common/sniff/dns.go
+++ b/common/sniff/dns.go
@ -11,6 +11,7 @@ import (
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing/common"
 	"github.com/sagernet/sing/common/buf"
+	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/task"

 	mDNS "github.com/miekg/dns"
@ -46,6 +47,9 @@ func DomainNameQuery(ctx context.Context, metadata *adapter.InboundContext, pack
 	if err != nil {
 		return err
 	}
+	if len(msg.Question) == 0 || msg.Question[0].Qclass != mDNS.ClassINET || !M.IsDomainName(msg.Question[0].Name) {
+		return os.ErrInvalid
+	}
 	metadata.Protocol = C.ProtocolDNS
 	return nil
 }
--- a/common/sniff/dns_test.go
+++ b/common/sniff/dns_test.go
@ -1,23 +0,0 @@
-package sniff_test
-
-import (
-	"context"
-	"encoding/hex"
-	"testing"
-
-	"github.com/sagernet/sing-box/adapter"
-	"github.com/sagernet/sing-box/common/sniff"
-	C "github.com/sagernet/sing-box/constant"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestSniffDNS(t *testing.T) {
-	t.Parallel()
-	query, err := hex.DecodeString("740701000001000000000000012a06676f6f676c6503636f6d0000010001")
-	require.NoError(t, err)
-	var metadata adapter.InboundContext
-	err = sniff.DomainNameQuery(context.TODO(), &metadata, query)
-	require.NoError(t, err)
-	require.Equal(t, C.ProtocolDNS, metadata.Protocol)
-}
--- a/docs/changelog.md
+++ b/docs/changelog.md
@ -2,16 +2,10 @@
 icon: material/alert-decagram
 ---

-#### 1.12.0-beta.1
+#### 1.12.0-alpha.23

-* Improve `auto_redirect` **1**
 * Fixes and improvements

-**1**:
-
-Now `auto_redirect` fixes compatibility issues between tun and Docker bridge networks,
-see [Tun](/configuration/inbound/tun/#auto_redirect).
-
 ### 1.11.6

 * Fixes and improvements
--- a/docs/configuration/inbound/tun.md
+++ b/docs/configuration/inbound/tun.md
@ -211,10 +211,6 @@ Set the default route to the Tun.

    By default, VPN takes precedence over tun. To make tun go through VPN, enable `route.override_android_vpn`.

-!!! note "Also enable `auto_redirect`"
-
-    `auto_redirect` is always recommended on Linux, it provides better routing, higher performance (better than tproxy), and avoids conflicts with Docker bridge networks.
-
 #### iproute2_table_index

 !!! question "Since sing-box 1.10.0"
@ -241,10 +237,6 @@ Linux iproute2 rule start index generated by `auto_route`.

 Automatically configure iptables/nftables to redirect connections.

-Auto redirect is always recommended on Linux, it provides better routing,
-higher performance (better than tproxy),
-and avoids conflicts with Docker bridge networks.
-
 *In Android*：

 Only local IPv4 connections are forwarded. To share your VPN connection over hotspot or repeater,
@ -254,13 +246,11 @@ use [VPNHotspot](https://github.com/Mygod/VPNHotspot).

 `auto_route` with `auto_redirect` works as expected on routers **without intervention**.

-Conflict with `route.default_mark` and `[dialOptions].routing_mark`.
-
 #### auto_redirect_input_mark

 !!! question "Since sing-box 1.10.0"

-Connection input mark used by `auto_redirect`.
+Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`.

 `0x2023` is used by default.

@ -268,7 +258,7 @@ Connection input mark used by `auto_redirect`.

 !!! question "Since sing-box 1.10.0"

-Connection output mark used by `auto_redirect`.
+Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`.

 `0x2024` is used by default.

@ -378,6 +368,8 @@ Exclude custom routes when `auto_route` is enabled.
    Add the destination IP CIDR rules in the specified rule-sets to the firewall.
    Matched traffic will bypass the sing-box routes.
    
+    Conflict with `route.default_mark` and `[dialOptions].routing_mark`.
+
 === "Without `auto_redirect` enabled"

    !!! question "Since sing-box 1.11.0"
--- a/docs/configuration/inbound/tun.zh.md
+++ b/docs/configuration/inbound/tun.zh.md
@ -215,10 +215,6 @@ tun 接口的 IPv6 前缀。

    VPN 默认优先于 tun。要使 tun 经过 VPN，启用 `route.override_android_vpn`。

-!!! note "也启用 `auto_redirect`"
-
-  在 Linux 上始终推荐使用 `auto_redirect`，它提供更好的路由， 更高的性能（优于 tproxy）， 并避免与 Docker 桥接网络冲突。
-
 #### iproute2_table_index

 !!! question "自 sing-box 1.10.0 起"
@ -245,23 +241,19 @@ tun 接口的 IPv6 前缀。

 自动配置 iptables/nftables 以重定向连接。

-在 Linux 上始终推荐使用 auto redirect，它提供更好的路由， 更高的性能（优于 tproxy）， 并避免与 Docker 桥接网络冲突。
-
 *在 Android 中*：

 仅转发本地 IPv4 连接。 要通过热点或中继共享您的 VPN 连接，请使用 [VPNHotspot](https://github.com/Mygod/VPNHotspot)。

 *在 Linux 中*:

-带有 `auto_redirect` 的 `auto_route` 在路由器上**无需干预**即可按预期工作。
-
-与 `route.default_mark` 和 `[dialOptions].routing_mark` 冲突。
+带有 `auto_redirect `的 `auto_route` 可以在路由器上按预期工作，**无需干预**。

 #### auto_redirect_input_mark

 !!! question "自 sing-box 1.10.0 起"

-`auto_redriect` 使用的连接输入标记。
+`route_address_set` 和 `route_exclude_address_set` 使用的连接输入标记。

 默认使用 `0x2023`。

@ -269,7 +261,7 @@ tun 接口的 IPv6 前缀。

 !!! question "自 sing-box 1.10.0 起"

-`auto_redriect` 使用的连接输出标记。
+`route_address_set` 和 `route_exclude_address_set` 使用的连接输出标记。

 默认使用 `0x2024`。

@ -350,6 +342,8 @@ tun 接口的 IPv6 前缀。
    将指定规则集中的目标 IP CIDR 规则添加到防火墙。
    不匹配的流量将绕过 sing-box 路由。
    
+    与 `route.default_mark` 和 `[dialOptions].routing_mark` 冲突。
+
 === "`auto_redirect` 未启用"

    !!! question "自 sing-box 1.11.0 起"
--- a/go.mod
+++ b/go.mod
@ -32,7 +32,7 @@ require (
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.2.1-0.20250316154757-6f9e732e5056
-	github.com/sagernet/sing-tun v0.6.2
+	github.com/sagernet/sing-tun v0.6.2-0.20250319123703-35b5747b44ec
 	github.com/sagernet/sing-vmess v0.2.0
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
 	github.com/sagernet/tailscale v1.80.3-mod.2
--- a/go.sum
+++ b/go.sum
@ -190,8 +190,8 @@ github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wK
 github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250316154757-6f9e732e5056 h1:GFNJQAHhSXqAfxAw1wDG/QWbdpGH5Na3k8qUynqWnEA=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250316154757-6f9e732e5056/go.mod h1:HyacBPIFiKihJQR8LQp56FM4hBtd/7MZXnRxxQIOPsc=
-github.com/sagernet/sing-tun v0.6.2 h1:SoylB/8dA6bRWoUhi4GbFb4WkKL0SMCpmYcvumPndo0=
-github.com/sagernet/sing-tun v0.6.2/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
+github.com/sagernet/sing-tun v0.6.2-0.20250319123703-35b5747b44ec h1:9/OYGb9qDmUFIhqd3S+3eni62EKRQR1rSmRH18baA/M=
+github.com/sagernet/sing-tun v0.6.2-0.20250319123703-35b5747b44ec/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
 github.com/sagernet/sing-vmess v0.2.0 h1:pCMGUXN2k7RpikQV65/rtXtDHzb190foTfF9IGTMZrI=
 github.com/sagernet/sing-vmess v0.2.0/go.mod h1:jDAZ0A0St1zVRkyvhAPRySOFfhC+4SQtO5VYyeFotgA=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=
--- a/protocol/direct/outbound.go
+++ b/protocol/direct/outbound.go
@ -48,12 +48,7 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 	if options.Detour != "" {
 		return nil, E.New("`detour` is not supported in direct context")
 	}
-	outboundDialer, err := dialer.NewWithOptions(dialer.Options{
-		Context:        ctx,
-		Options:        options.DialerOptions,
-		RemoteIsDomain: true,
-		DirectOutbound: true,
-	})
+	outboundDialer, err := dialer.New(ctx, options.DialerOptions, true)
 	if err != nil {
 		return nil, err
 	}
--- a/protocol/tun/inbound.go
+++ b/protocol/tun/inbound.go
@ -245,7 +245,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		if err != nil {
 			return nil, E.Cause(err, "initialize auto-redirect")
 		}
-		if !C.IsAndroid {
+		if !C.IsAndroid && (len(inbound.routeRuleSet) > 0 || len(inbound.routeExcludeRuleSet) > 0) {
 			inbound.tunOptions.AutoRedirectMarkMode = true
 			err = networkManager.RegisterAutoRedirectOutputMark(inbound.tunOptions.AutoRedirectOutputMark)
 			if err != nil {
Author	SHA1	Message	Date
世界	2b18fc4886	documentation: Bump version	2025-03-29 23:13:09 +08:00
世界	73862ac6bf	Fix Tailscale dialer	2025-03-29 23:12:15 +08:00
dyhkwong	c22210da47	Fix DNS over QUIC stream close	2025-03-29 23:12:15 +08:00
anytls	886e379e62	Update anytls Co-authored-by: anytls <anytls>	2025-03-29 23:12:14 +08:00
Rambling2076	5c793629fe	Fix missing `with_tailscale` in Dockerfile Signed-off-by: Rambling2076 <Rambling2076@proton.me>	2025-03-29 23:12:14 +08:00
世界	8b3cab3379	Fail when default DNS server not found	2025-03-29 23:12:14 +08:00
世界	235c4c7a96	Update gVisor to 20250319.0	2025-03-29 23:12:13 +08:00
世界	9bfb76168a	release: Do not build tailscale on iOS and tvOS	2025-03-29 23:12:13 +08:00
世界	fa5a74ec01	Explicitly reject detour to empty direct outbounds	2025-03-29 23:12:12 +08:00
世界	db9f8e8c52	Ignore UDP offload error	2025-03-29 23:12:12 +08:00
世界	680c5e5c28	Add netns support	2025-03-29 23:12:11 +08:00
世界	15a459d7be	Add wildcard name support for predefined records	2025-03-29 23:12:11 +08:00
世界	55eee56da9	Remove map usage in options	2025-03-29 23:12:11 +08:00
世界	eab82bd3df	Fix unhandled DNS loop	2025-03-29 23:12:10 +08:00
世界	1ea1c49c95	Add wildcard-sni support for shadow-tls inbound	2025-03-29 23:12:10 +08:00
世界	80e7df911c	Fix Tailscale DNS	2025-03-29 23:12:10 +08:00
k9982874	a2cac25b23	Add ntp protocol sniffing	2025-03-29 23:12:10 +08:00
世界	a24679fb56	option: Fix marshal legacy DNS options	2025-03-29 23:12:10 +08:00
世界	06f25876b3	Make `domain_resolver` optional when only one DNS server is configured	2025-03-29 23:12:10 +08:00
世界	f46df03695	Fix DNS lookup context pollution	2025-03-29 23:12:10 +08:00
世界	f76f091096	Fix http3 DNS server connecting to wrong address	2025-03-29 23:12:09 +08:00
Restia-Ashbell	9e8debd4c9	documentation: Fix typo	2025-03-29 23:12:09 +08:00
anytls	90d2cc9043	Update sing-anytls Co-authored-by: anytls <anytls>	2025-03-29 23:12:08 +08:00
k9982874	bdf86c2552	Fix hosts DNS server	2025-03-29 23:12:08 +08:00
世界	4dcc1812c6	Fix UDP DNS server crash	2025-03-29 23:12:08 +08:00
世界	648692977d	documentation: Fix missing `ip_accept_any` DNS rule option	2025-03-29 23:12:08 +08:00
世界	6e7650b59a	Fix anytls dialer usage	2025-03-29 23:12:08 +08:00
世界	99379ce244	Move predefined DNS server to rule action	2025-03-29 23:12:08 +08:00
世界	4a75aa1818	Fix domain resolver on direct outbound	2025-03-29 23:12:08 +08:00
Zephyruso	1825629331	Fix missing AnyTLS display name	2025-03-29 23:12:07 +08:00
anytls	15c9b6f72f	Update sing-anytls Co-authored-by: anytls <anytls>	2025-03-29 23:12:07 +08:00
Estel	fa769014fc	documentation: Fix typo Signed-off-by: Estel <callmebedrockdigger@gmail.com>	2025-03-29 23:12:06 +08:00
TargetLocked	731ed4c06d	Fix parsing legacy DNS options	2025-03-29 23:12:06 +08:00
世界	c19c6afc76	Fix DNS fallback	2025-03-29 23:12:05 +08:00
世界	331edbacff	documentation: Fix missing hosts DNS server	2025-03-29 23:12:05 +08:00
anytls	e7ad8d294d	Add MinIdleSession option to AnyTLS outbound Co-authored-by: anytls <anytls>	2025-03-29 23:12:05 +08:00
ReleTor	1f67c9984c	documentation: Minor fixes	2025-03-29 23:12:05 +08:00
libtry486	7750a86555	documentation: Fix typo fix typo Signed-off-by: libtry486 <89328481+libtry486@users.noreply.github.com>	2025-03-29 23:12:04 +08:00
Alireza Ahmadi	f7724231e3	Fix Outbound deadlock	2025-03-29 23:12:04 +08:00
世界	09d45fc7cc	documentation: Fix AnyTLS doc	2025-03-29 23:12:04 +08:00
anytls	c2a81243bf	Add AnyTLS protocol	2025-03-29 23:12:03 +08:00
世界	7799b89e8d	Migrate to stdlib ECH support	2025-03-29 23:12:02 +08:00
世界	6b88de19d2	Add fallback local DNS server for iOS	2025-03-29 23:12:02 +08:00
世界	7347b930ea	Get darwin local DNS server from libresolv	2025-03-29 23:12:02 +08:00
世界	a3daf39877	Improve resolve action	2025-03-29 23:12:02 +08:00
世界	75fcb2468f	Fix toolchain version	2025-03-29 23:12:02 +08:00
世界	c15f844727	Add back port hopping to hysteria 1	2025-03-29 23:12:02 +08:00
世界	023ac1c536	Update dependencies	2025-03-29 23:12:01 +08:00
xchacha20-poly1305	bfd1ba1ad6	Remove single quotes of raw Moziila certs	2025-03-29 23:12:00 +08:00
世界	b9a99796d0	Add Tailscale endpoint	2025-03-29 23:12:00 +08:00
世界	334844b4f1	Build legacy binaries with latest Go	2025-03-29 23:12:00 +08:00
世界	d40083a859	documentation: Remove outdated icons	2025-03-29 23:11:59 +08:00
世界	ae41e33b68	documentation: Certificate store	2025-03-29 23:11:59 +08:00
世界	ef63985738	documentation: TLS fragment	2025-03-29 23:11:58 +08:00
世界	8823d7f8d9	documentation: Outbound domain resolver	2025-03-29 23:11:58 +08:00
世界	690f4ab965	documentation: Refactor DNS	2025-03-29 23:11:58 +08:00
世界	d401a6f631	Add certificate store	2025-03-29 23:11:57 +08:00
世界	2179afad5e	Add TLS fragment support	2025-03-29 23:11:57 +08:00
世界	24941ad54c	refactor: Outbound domain resolver	2025-03-29 23:11:56 +08:00
世界	552123a9f1	refactor: DNS	2025-03-29 23:11:56 +08:00