xishang0128
commented
1 month ago @MNDIA It is clear that you may not have reviewed the document. Please refer to this link.
Closed MNDIA closed 1 month ago
xishang0128
commented
1 month ago @MNDIA It is clear that you may not have reviewed the document. Please refer to this link.
MNDIA
commented
1 month ago Taking the this config as an example, we can see that the design logic for rules is: Application rules Collection -> Application -> Country Location -> proxy
rules:
- RULE-SET,private_ip,直连,no-resolve
- RULE-SET,github_domain,Github
- RULE-SET,twitter_domain,Twitter
- RULE-SET,youtube_domain,YouTube
- RULE-SET,google_domain,Google
- RULE-SET,telegram_domain,Telegram
- RULE-SET,netflix_domain,NETFLIX
- RULE-SET,bilibili_domain,哔哩哔哩
- RULE-SET,bahamut_domain,巴哈姆特
- RULE-SET,spotify_domain,Spotify
- RULE-SET,cn_domain,国内
- RULE-SET,geolocation-!cn,其他
- RULE-SET,google_ip,Google
- RULE-SET,netflix_ip,NETFLIX
- RULE-SET,telegram_ip,Telegram
- RULE-SET,twitter_ip,Twitter
- RULE-SET,cn_ip,国内
- MATCH,其他If the applications all use the no-udp [country->proxy]. According to"如请求为 udp,而代理节点没有 udp 支持,则会继续向下匹配",This will require an additional insurance policy for each rule. It is also need to ensure that the manually selected proxy-group and its corresponding group-insurance are the same pair of matching proxies.
rules:
- RULE-SET,private_ip,直连,no-resolve
- RULE-SET,github_domain,Github
- RULE-SET,github_domain,Githubinsurance
- RULE-SET,twitter_domain,Twitter
- RULE-SET,twitter_domain,Twitterinsurance
- RULE-SET,youtube_domain,YouTube
- RULE-SET,youtube_domain,YouTubeinsurance
- RULE-SET,google_domain,Google
- RULE-SET,google_domain,Googleinsurance
- RULE-SET,telegram_domain,Telegram
- RULE-SET,telegram_domain,Telegraminsurance
- RULE-SET,netflix_domain,NETFLIX
- RULE-SET,netflix_domain,NETFLIXinsurance
- RULE-SET,bilibili_domain,哔哩哔哩
- RULE-SET,bilibili_domain,哔哩哔哩insurance
- RULE-SET,bahamut_domain,巴哈姆特
- RULE-SET,bahamut_domain,巴哈姆特insurance
- RULE-SET,spotify_domain,Spotify
- RULE-SET,spotify_domain,Spotifyinsurance
- RULE-SET,cn_domain,国内
- RULE-SET,cn_domain,国内insurance
- RULE-SET,geolocation-!cn,其他
- RULE-SET,geolocation-!cn,其他insurance
- RULE-SET,google_ip,Google
- RULE-SET,google_ip,Googleinsurance
- RULE-SET,netflix_ip,NETFLIX
- RULE-SET,netflix_ip,NETFLIXinsurance
- RULE-SET,telegram_ip,Telegram
- RULE-SET,telegram_ip,Telegraminsurance
- RULE-SET,twitter_ip,Twitter
- RULE-SET,twitter_ip,Twitterinsurance
- RULE-SET,cn_ip,国内
- RULE-SET,cn_ip,国内insurance
- MATCH,其他
- MATCH,其他insurance "没有 udp 支持,则会继续向下匹配"can solve this problem temporarily, but it is very tedious, and we even need to select the corresponding proxy-groups-insurance to proxy-groups when using. UDP redirect is binding correspond to a proxy, proxy in the runtime is selected to change, to write the corresponding insurance in the dead rules for “向下匹配”, the result of rules arrangement is multiplied
The above is the worst case situation. If application->country location->proxy all use the same proxy, and don't think about insurance for each match, then a uniform match at the end of the line will suffice.
Does MATCH work twice correctly?
......
- MATCH,其他 # [A proxy that may not support udp]
- MATCH,其他insurance # [A proxy that must support udp]Does MATCH work twice correctly?
Match can be used twice; you can use reject at the end to prevent a direct UDP connection
MNDIA
commented
1 month ago In short, in order to use udp for geo-located tcp nodes that don't have udp, logically, the udp node one-to-one belongs to the tcp node. This needs dialer-udp or UoT. Downward matching applies to one-to-many: omit udp global pickup or global disable
UoT is a secondary feature that can be solved indirectly by using ports sent to other UoT agents. mihomo only recommends: omit udp global pickup or global disable, currently
Verify steps
Description
问题如何影响到你? Need a fallback policy for [proxies known no-udp] to allow udp to another [proxy with udp] 实现什么功能? Add a type of proxy-group to separate udp and tcp streams to two different [proxies/proxy-groups]
There are two [proxies/proxy-groups], one does not support udp "US1-NoUDP", one supports udp "US1-Normal", they should be treated as a type of [proxy-group] "US1". When "US1" is selected by the parent proxy-group(select), tcp enters the proxy US1-NoUDP, udp enters the proxy US1-Normal.
Another better realization
目前 Mihomo Core 的行为是什麽? The logic ability to distinguish between udp and tcp only exists in /rules/#network
The ability to switch nodes exists only in proxy-groups/select/
Rules are dead and cannot be dynamically selected as sub-rulefs The proxy-group is live, but cannot contain sub-rules Cannot fulfill both: Being able to be dynamically selected and having logical processing ability
It's similar
but the father-son relationship is reversed. It is a live node from a dead sub-rule. Requirement is to select dead sub-rules from live nodes:
The whole process with tcp and udp streaming logic cannot be able to be selected as a proxy. Logical processing only exists in the rules without selected function. Existing functionality doesn't do that "Being able to be dynamically selected and having logical processing ability"
Possible Solution