muink
commented
3 months ago 发下配置看看
source 接受 source-format 的 json文件
binary 接受 sing-box rule-set compile [--output <file-name>.srs] <file-name>.json 后的 srs文件
Closed p-w-p closed 3 months ago
muink
commented
3 months ago 发下配置看看
source 接受 source-format 的 json文件
binary 接受 sing-box rule-set compile [--output <file-name>.srs] <file-name>.json 后的 srs文件
p-w-p
commented
3 months ago 发下配置看看 source 接受 source-format 的 json文件 binary 接受
sing-box rule-set compile [--output <file-name>.srs] <file-name>.json后的 srs文件
测试可以启动的binary https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/gfw.srs 测试无法启动的source https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/gfw.json
顺带提一下路由规则那边也用到了名称为sitegfw的规则集,那边工作正常但放到DNS规则里无法分流 XD
muink
commented
3 months ago 这两个文件, 内容是一致的 我猜测单纯是 gfw.json 还没下载下来 进一步检查请提供配置文件 而且说实话, remote 不推荐用 json, 即便是压缩成单行的 json, 还是要比 srs 大一倍
p-w-p
commented
3 months ago 这两个文件, 内容是一致的 我猜测单纯是 gfw.json 还没下载下来 进一步检查请提供配置文件
等了三四分钟都还是启动不了喔,不太像是没下载完的样子(尝试json是打算看看能不能解决DNS分流的问题XD)
/tmp/run/homeproxy/sing-box-c.json里面对应部分 "dns": { "servers": [ { "tag": "cfg-Google-dns", "address": "tls://dns.google", "address_resolver": "default-dns", "detour": "cfg-d7376bc253c6e71aa20d95fc75521ea7-out" }, { "tag": "cfg-AliDNS-dns", "address": "tls://dns.alidns.com", "address_resolver": "default-dns", "detour": "direct-out" } ], "rules": [ { "rule_set": [ "cfg-sitegfw-rule" ], "outbound": [ "cfg-d7376bc253c6e71aa20d95fc75521ea7-out" ], "server": "cfg-Google-dns" } ], "disable_cache": false, "disable_expire": false, "independent_cache": false, "final": "cfg-AliDNS-dns" }
"rule_set": [ { "type": "remote", "tag": "cfg-sitegfw-rule", "format": "binary", "url": "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/gfw.srs", "download_detour": "cfg-d7376bc253c6e71aa20d95fc75521ea7-out" }, { "type": "remote", "tag": "cfg-iptelegram-rule", "format": "binary", "url": "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geoip/telegram.srs", "download_detour": "cfg-d7376bc253c6e71aa20d95fc75521ea7-out" } ],
/etc/config/homeproxy里面对应部分 config homeproxy 'dns' option dns_strategy 'prefer_ipv4' option default_server 'AliDNS' config ruleset 'sitegfw' option label 'sitegfw' option enabled '1' option type 'remote' option format 'binary' option url 'https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/gfw.srs' option outbound 'Node1'
config ruleset 'iptelegram' option label 'iptelegram' option enabled '1' option type 'remote' option format 'binary' option url 'https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geoip/telegram.srs' option outbound 'Node1'
config dns_server 'Google' option label 'Google' option enabled '1' option address 'tls://dns.google' option outbound 'Node1' option address_resolver 'default-dns'
config dns_server 'AliDNS' option label 'AliDNS' option enabled '1' option address 'tls://dns.alidns.com' option address_resolver 'default-dns' option outbound 'direct-out'
config dns_rule 'gfwsite' option label 'gfwsite' option enabled '1' option mode 'default' list rule_set 'sitegfw' list outbound 'Node1' option server 'Google'
config routing_rule 'gfw' option label 'gfw' option enabled '1' option mode 'default' list protocol 'http' list protocol 'tls' list protocol 'quic' option source_ip_is_private '0' option ip_is_private '0' list rule_set 'sitegfw' option rule_set_ipcidr_match_source '0' option outbound 'Node1'
config routing_rule 'telegram' option label 'telegram' option enabled '1' option mode 'default' option source_ip_is_private '0' option ip_is_private '0' list rule_set 'iptelegram' option rule_set_ipcidr_match_source '0' option outbound 'Node1'
p-w-p
commented
3 months ago
outbound 用法错了, 删掉即可 outbound 什么情况下用, 参考这个 issues
确实是这个问题,感谢大佬😍 倒是还有个奇怪的问题,dns设置为tls://dns.google的时候会报ERROR dns: exchange failed for google.com. IN A: io: read/write on closed pipe,但改成tls://8.8.8.8的时候又正常。在使用tls://dns.google时地址解析器设置WAN下发或者AliDNS都不行,大佬能猜测下大概是什么原因不😭 dns.google会命中sitegfw这条ruleset,不知是否有影响?
muink
commented
3 months ago 你建个8888的server 用于解析tls://dns.google的server试试看
p-w-p
commented
3 months ago 你建个8888的server 用于解析tls://dns.google的server试试看
新建了个用于解析dns的上游并把dns.alidns.com和dns.google的都切了过去,发现上游那边只收到了dns.alidns.com的请求记录并没有dns.google的请求记录,难不成又是死循环🤦♂️
如题,ruleset使用binary时可以运行,使用source时无法启动。
同时HomeProxy日志与sing-box 客户端日志都没有输出任何错误信息。
在ruleset使用binary启动的情况下,即使配置了DNS规则也无法正常生效,全部请求走默认DNS。
麻烦各位大佬们帮忙看看:D
Cc @muink