Improve auto redirect

2025-04-04 04:17:36 +03:00 · 2025-04-02 16:16:16 +08:00 · 2025-04-02 16:16:16 +08:00 · 4f98009a15
commit 4f98009a15
parent 0d54aee584
5 changed files with 27 additions and 13 deletions
--- a/docs/configuration/inbound/tun.md
+++ b/docs/configuration/inbound/tun.md
@ -211,6 +211,10 @@ Set the default route to the Tun.

    By default, VPN takes precedence over tun. To make tun go through VPN, enable `route.override_android_vpn`.

+!!! note "Also enable `auto_redirect`"
+
+    `auto_redirect` is always recommended on Linux, it provides better routing, higher performance (better than tproxy), and avoids conflicts with Docker bridge networks.
+
 #### iproute2_table_index

 !!! question "Since sing-box 1.10.0"
@ -237,6 +241,10 @@ Linux iproute2 rule start index generated by `auto_route`.

 Automatically configure iptables/nftables to redirect connections.

+Auto redirect is always recommended on Linux, it provides better routing,
+higher performance (better than tproxy),
+and avoids conflicts with Docker bridge networks.
+
 *In Android*：

 Only local IPv4 connections are forwarded. To share your VPN connection over hotspot or repeater,
@ -246,11 +254,13 @@ use [VPNHotspot](https://github.com/Mygod/VPNHotspot).

 `auto_route` with `auto_redirect` works as expected on routers **without intervention**.

+Conflict with `route.default_mark` and `[dialOptions].routing_mark`.
+
 #### auto_redirect_input_mark

 !!! question "Since sing-box 1.10.0"

-Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`.
+Connection input mark used by `auto_redirect`.

 `0x2023` is used by default.

@ -258,7 +268,7 @@ Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`

 !!! question "Since sing-box 1.10.0"

-Connection input mark used by `route[_exclude]_address_set` with `auto_redirect`.
+Connection output mark used by `auto_redirect`.

 `0x2024` is used by default.

@ -367,8 +377,6 @@ Exclude custom routes when `auto_route` is enabled.

    Add the destination IP CIDR rules in the specified rule-sets to the firewall.
    Matched traffic will bypass the sing-box routes.
-    
-    Conflict with `route.default_mark` and `[dialOptions].routing_mark`.

 === "Without `auto_redirect` enabled"

--- a/docs/configuration/inbound/tun.zh.md
+++ b/docs/configuration/inbound/tun.zh.md
@ -215,6 +215,10 @@ tun 接口的 IPv6 前缀。

    VPN 默认优先于 tun。要使 tun 经过 VPN，启用 `route.override_android_vpn`。

+!!! note "也启用 `auto_redirect`"
+
+  在 Linux 上始终推荐使用 `auto_redirect`，它提供更好的路由， 更高的性能（优于 tproxy）， 并避免与 Docker 桥接网络冲突。
+
 #### iproute2_table_index

 !!! question "自 sing-box 1.10.0 起"
@ -241,19 +245,23 @@ tun 接口的 IPv6 前缀。

 自动配置 iptables/nftables 以重定向连接。

+在 Linux 上始终推荐使用 auto redirect，它提供更好的路由， 更高的性能（优于 tproxy）， 并避免与 Docker 桥接网络冲突。
+
 *在 Android 中*：

 仅转发本地 IPv4 连接。 要通过热点或中继共享您的 VPN 连接，请使用 [VPNHotspot](https://github.com/Mygod/VPNHotspot)。

 *在 Linux 中*:

-带有 `auto_redirect `的 `auto_route` 可以在路由器上按预期工作，**无需干预**。
+带有 `auto_redirect` 的 `auto_route` 在路由器上**无需干预**即可按预期工作。
+
+与 `route.default_mark` 和 `[dialOptions].routing_mark` 冲突。

 #### auto_redirect_input_mark

 !!! question "自 sing-box 1.10.0 起"

-`route_address_set` 和 `route_exclude_address_set` 使用的连接输入标记。
+`auto_redriect` 使用的连接输入标记。

 默认使用 `0x2023`。

@ -261,7 +269,7 @@ tun 接口的 IPv6 前缀。

 !!! question "自 sing-box 1.10.0 起"

-`route_address_set` 和 `route_exclude_address_set` 使用的连接输出标记。
+`auto_redriect` 使用的连接输出标记。

 默认使用 `0x2024`。

@ -341,8 +349,6 @@ tun 接口的 IPv6 前缀。
    
    将指定规则集中的目标 IP CIDR 规则添加到防火墙。
    不匹配的流量将绕过 sing-box 路由。
-    
-    与 `route.default_mark` 和 `[dialOptions].routing_mark` 冲突。

 === "`auto_redirect` 未启用"

--- a/go.mod
+++ b/go.mod
@ -33,7 +33,7 @@ require (
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.2.0
-	github.com/sagernet/sing-tun v0.6.1
+	github.com/sagernet/sing-tun v0.6.2
 	github.com/sagernet/sing-vmess v0.2.0
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
 	github.com/sagernet/utls v1.6.7
--- a/go.sum
+++ b/go.sum
@ -133,8 +133,8 @@ github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wK
 github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.0 h1:cLKe4OAOFwuhmAIuPLj//CIL7Q9js+pIDardhJ+/osk=
 github.com/sagernet/sing-shadowtls v0.2.0/go.mod h1:agU+Fw5X+xnWVyRHyFthoZCX3MfWKCFPm4JUf+1oaxo=
-github.com/sagernet/sing-tun v0.6.1 h1:4l0+gnEKcGjlWfUVTD+W0BRApqIny/lU2ZliurE+VMo=
-github.com/sagernet/sing-tun v0.6.1/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
+github.com/sagernet/sing-tun v0.6.2 h1:SoylB/8dA6bRWoUhi4GbFb4WkKL0SMCpmYcvumPndo0=
+github.com/sagernet/sing-tun v0.6.2/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
 github.com/sagernet/sing-vmess v0.2.0 h1:pCMGUXN2k7RpikQV65/rtXtDHzb190foTfF9IGTMZrI=
 github.com/sagernet/sing-vmess v0.2.0/go.mod h1:jDAZ0A0St1zVRkyvhAPRySOFfhC+4SQtO5VYyeFotgA=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=
--- a/protocol/tun/inbound.go
+++ b/protocol/tun/inbound.go
@ -245,7 +245,7 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		if err != nil {
 			return nil, E.Cause(err, "initialize auto-redirect")
 		}
-		if !C.IsAndroid /*&& (len(inbound.routeRuleSet) > 0 || len(inbound.routeExcludeRuleSet) > 0) */ {
+		if !C.IsAndroid {
 			inbound.tunOptions.AutoRedirectMarkMode = true
 			err = networkManager.RegisterAutoRedirectOutputMark(inbound.tunOptions.AutoRedirectOutputMark)
 			if err != nil {